This is originally raised as Debian bug but the more I investigate
it seems to trace back to 4.14.x xhci.
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=892647 (see also
message #29)
Call trace:
<IRQ>
xhci_giveback_urb_in_irq.isra.43+0x7f/0xe0 [xhci_hcd]
xhci_td_cleanup+0xe7/0x170 [xhci_hcd]
xhci_irq+0xd81/0x1fe0 [xhci_hcd]
__handle_irq_event_percpu+0x7b/0x180
handle_irq_event_percpu+0x30/0x80
handle_irq_event+0x3c/0x60
handle_edge_irq+0x86/0x1d0
handle_irq+0x19/0x30
do_IRQ+0x41/0xc0
common_interrupt+0x98/0x98
</IRQ>
My vote is trying to trace things on:
https://github.com/torvalds/linux/blob/master/drivers/usb/host/xhci-ring.c#L631
mainly two first calls not in any statement
- xhci_urb_free_priv()
- usb_hcd_unlink_urb_from_ep()
It occurs at least three separate endcoms:
BUG: unable to handle kernel NULL pointer dereference at
00000000000000e5
IP: kfree+0x13/0xe0
or:
list_del corruption. prev->next should be ffff99e5cea8ca20, but was
ffff99e5cea8d420
or:
BUG: unable to handle kernel NULL pointer dereference at
0000000000000118
IP: usb_hcd_giveback_urb+0xf/0x110 [usbcore]
PGD 0 P4D 0
My original workaround assumption was this may relate to USB power
management
but after having no impact to this with the following I would assume it
false assumption:
- remove distro's laptop-mode-tools
- boot with usbcore.autosuspend=-1
Any help to find a discrete reproduce method or a working workaround
would be appreciated.
--
Juho Tykkälä
--
To unsubscribe from this list: send the line "unsubscribe linux-usb" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
