From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-7.9 required=3.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,MAILING_LIST_MULTI,SPF_HELO_NONE, SPF_PASS,USER_AGENT_SANE_1 autolearn=no autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 2379AC47083 for ; Thu, 3 Jun 2021 03:07:57 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id F32E5613B8 for ; Thu, 3 Jun 2021 03:07:56 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S229629AbhFCDJk (ORCPT ); Wed, 2 Jun 2021 23:09:40 -0400 Received: from mail.kernel.org ([198.145.29.99]:52320 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229541AbhFCDJj (ORCPT ); Wed, 2 Jun 2021 23:09:39 -0400 Received: by mail.kernel.org (Postfix) with ESMTPSA id 304BF613F2; Thu, 3 Jun 2021 03:07:53 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1622689675; bh=NkB4QL7iqQMZQPhSZsQKDdEvp47UO6zsVNxvnyMI1JU=; h=Date:From:To:Cc:Subject:References:In-Reply-To:From; b=L+ulzMVwggK5/7YfsAnW44PvoD9DN2fkHaGKGRcWB7H+rFw/yH5X6Xuw/JKRc3qdz EDuqfSLZCqkx4qV+UuynixpK/PB5MjkLMfh5NZykJvhZRoKIY78c3PPc+Sfe6zIDWJ Z5WAI9yl7ySgwCyai4xgeastGU4F1BiMBgqsKO8T57wS9lXinXyseN5iHSzn9NaIWY Bmi5Ivr7czbNz9FJ/CqQifgluqgSIcIACkmKHJXTXWzAGuuC8EaDHPtU2If/tEaD+w gos6Hfh95pW7m2XHRup0m7Haa2cnXD1NQ4Jqa5yOS0nH8TgpkslEQGHTHXbL3dPLGL 7POuo5VoWn2Bw== Date: Thu, 3 Jun 2021 11:07:50 +0800 From: Peter Chen To: Alexandru Elisei Cc: balbi@kernel.org, Greg Kroah-Hartman , p.zabel@pengutronix.de, linux-usb@vger.kernel.org, Linux Kernel Mailing List , arm-mail-list , sanm@codeaurora.org Subject: Re: [BUG] usb: dwc3: Kernel NULL pointer dereference in dwc3_remove() Message-ID: <20210603030750.GA29274@nchen> References: MIME-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Disposition: inline Content-Transfer-Encoding: 8bit In-Reply-To: User-Agent: Mutt/1.9.4 (2018-02-28) Precedence: bulk List-ID: X-Mailing-List: linux-usb@vger.kernel.org On 21-06-01 12:02:34, Alexandru Elisei wrote: > I've been seeing the following panic when shutting down my rockpro64: > > [   21.459064] xhci-hcd xhci-hcd.0.auto: USB bus 5 deregistered > [   21.683077] Unable to handle kernel NULL pointer dereference at virtual address > 00000000000000a0 > [   21.683858] Mem abort info: > [   21.684104]   ESR = 0x96000004 > [   21.684375]   EC = 0x25: DABT (current EL), IL = 32 bits > [   21.684841]   SET = 0, FnV = 0 > [   21.685111]   EA = 0, S1PTW = 0 > [   21.685389] Data abort info: > [   21.685644]   ISV = 0, ISS = 0x00000004 > [   21.686024]   CM = 0, WnR = 0 > [   21.686288] user pgtable: 4k pages, 48-bit VAs, pgdp=000000000757a000 > [   21.686853] [00000000000000a0] pgd=0000000000000000, p4d=0000000000000000 > [   21.687452] Internal error: Oops: 96000004EEMPT SMP > [   21.687941] Modules linked in: > [   21.688214] CPU: 4 PID: 1 Comm: shutdown Not tainted > 5.12.0-rc7-00262-g568262bf5492 #33 > [   21.688915] Hardware name: Pine64 RockPro64 v2.0 (DT) > [   21.689357] pstate: 60000005 (nZCv daif -PAN -UAO -TCO BTYPE=--) > [   21.689884] pc : down_read_interruptible+0xec/0x200 > [   21.690321] lr : simple_recursive_removal+0x48/0x280 > [   21.690761] sp : ffff800011f4b940 > [   21.691053] x29: ffff800011f4b940 x28: ffff000000809b40 > [   21.691522] x27: ffff000000809b98 x26: ffff8000114f5170 > [   21.691990] x25: 00000000000000a0 x24: ffff800011e84030 > [   21.692459] x23: 0000000000000080 x22: 0000000000000000 > [   21.692927] x21: ffff800011ecaa5c x20: ffff800011ecaa60 > [   21.693395] x19: ffff000000809b40 x18: ffffffffffffffff > [   21.693863] x17: 0000000000000000 x16: 0000000000000000 > [   21.694331] x15: ffff800091f4ba6d x14: 0000000000000004 > [   21.694799] x13: 0000000000000000 x12: 0000000000000020 > [   21.695267] x11: 0101010101010101 x10: 7f7f7f7f7f7f7f7f > [   21.695735] x9 : 6f6c746364716e62 x8 : 7f7f7f7f7f7f7f7f > [   21.696203] x7 : fefefeff6364626d x6 : 0000000000001bd8 > [   21.696671] x5 : 0000000000000000 x4 : 0000000000000000 > [   21.697138] x3 : 00000000000000a0 x2 : 0000000000000001 > [   21.697606] x1 : 0000000000000000 x0 : 00000000000000a0 > [   21.698075] Call trace: > [   21.698291]  down_read_interruptible+0xec/0x200 > [   21.698690]  debugfs_remove+0x60/0x84 > [   21.699016]  dwc3_debugfs_exit+0x1c/0x6c > [   21.699363]  dwc3_remove+0x34/0x1a0 > [   21.699672]  platform_remove+0x28/0x60 > [   21.700005]  __device_release_driver+0x188/0x230 > [   21.700414]  device_release_driver+0x2c/0x44 > [   21.700791]  bus_remove_device+0x124/0x130 > [   21.701154]  device_del+0x168/0x420 > [   21.701462]  platform_device_del.part.0+0x1c/0x90 > [   21.701877]  platform_device_unregister+0x28/0x44 > [   21.702291]  of_platform_device_destroy+0xe8/0x100 > [   21.702716]  device_for_each_child_reverse+0x64/0xb4 > [   21.703153]  of_platform_depopulate+0x40/0x84 > [   21.703538]  __dwc3_of_simple_teardown+0x20/0xd4 > [   21.703945]  dwc3_of_simple_shutdown+0x14/0x20 > [   21.704337]  platform_shutdown+0x28/0x40 > [   21.704683]  device_shutdown+0x158/0x330 > [   21.705029]  kernel_power_off+0x38/0x7c > [   21.705372]  __do_sys_reboot+0x16c/0x2a0 > [   21.705719]  __arm64_sys_reboot+0x28/0x34 > [   21.706074]  el0_svc_common.constprop.0+0x60/0x120 > [   21.706499]  do_el0_svc+0x28/0x94 > [   21.706794]  el0_svc+0x2c/0x54 > [   21.707067]  el0_sync_handler+0xa4/0x130 > [   21.707414]  el0_sync+0x170/0x180 > [   21.707711] Code: c8047c62 35ffff84 17fffe5f f9800071 (c85ffc60) > [   21.708250] ---[ end trace 5ae08147542eb468 ]--- > [   21.708667] Kernel panic - not syncing: Attempted to kill init! exitcode=0x0000000b > [   21.709456] Kernel Offset: disabled > [   21.709762] CPU features: 0x00240022,2100600c > [   21.710146] Memory Limit: 2048 MB > [   21.710443] ---[ end Kernel panic - not syncing: Attempted to kill init! > exitcode=0x0000000b ]--- > I find down_read_interruptible is called at sys_perf_event_open, could you find the relationship between remove debugfs and perf event functions? -- Thanks, Peter Chen From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-5.9 required=3.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS, USER_AGENT_SANE_1 autolearn=no autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id E11D1C47083 for ; Thu, 3 Jun 2021 03:11:48 +0000 (UTC) Received: from bombadil.infradead.org (bombadil.infradead.org [198.137.202.133]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPS id A032460C3E for ; Thu, 3 Jun 2021 03:11:48 +0000 (UTC) DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org A032460C3E Authentication-Results: mail.kernel.org; dmarc=fail (p=none dis=none) header.from=kernel.org Authentication-Results: mail.kernel.org; spf=none smtp.mailfrom=linux-arm-kernel-bounces+linux-arm-kernel=archiver.kernel.org@lists.infradead.org DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=bombadil.20210309; h=Sender: Content-Transfer-Encoding:Content-Type:List-Subscribe:List-Help:List-Post: List-Archive:List-Unsubscribe:List-Id:In-Reply-To:MIME-Version:References: Message-ID:Subject:Cc:To:From:Date:Reply-To:Content-ID:Content-Description: Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID: List-Owner; bh=+dyBlFBXIZITXWGDP2nk0AL06s3f7X3ZHqLKnpGd9uo=; b=WcMBdXqMldJVxC c7J8xeQEWz9RtoeQ/rxBcGtt+E5L0dKS3e63n2YxaBaZpTO+V1LEZt21XZbP8siqi5fVFH500Q/ha evTiXBn82tRVJ1upSYVyfhtmneXSlcdMGtwDOTEiJCxTm6wBemTE/B51Q2wUu7ZEuxuMcTzrjBxE9 WK3+m+pGv/mEHGjBczDkxggRq6P0m3IybQfzj4j1rExb+ZyXX7cvs6x9XXvjQd+nZ+foyxuAxdwF+ ppNzMj/T97NNlJtU8sBdDr7JEZ0ADdHR7kB7mnS8i2K5b/P7fX0Rb0aeBOVJHOYjUITyDR0JplbyN kVdRLcafqqLjZwR1Y3Kw==; Received: from localhost ([::1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.94.2 #2 (Red Hat Linux)) id 1lodiC-006uNd-KY; Thu, 03 Jun 2021 03:08:00 +0000 Received: from mail.kernel.org ([198.145.29.99]) by bombadil.infradead.org with esmtps (Exim 4.94.2 #2 (Red Hat Linux)) id 1lodi8-006uMs-K7 for linux-arm-kernel@lists.infradead.org; Thu, 03 Jun 2021 03:07:58 +0000 Received: by mail.kernel.org (Postfix) with ESMTPSA id 304BF613F2; Thu, 3 Jun 2021 03:07:53 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1622689675; bh=NkB4QL7iqQMZQPhSZsQKDdEvp47UO6zsVNxvnyMI1JU=; h=Date:From:To:Cc:Subject:References:In-Reply-To:From; b=L+ulzMVwggK5/7YfsAnW44PvoD9DN2fkHaGKGRcWB7H+rFw/yH5X6Xuw/JKRc3qdz EDuqfSLZCqkx4qV+UuynixpK/PB5MjkLMfh5NZykJvhZRoKIY78c3PPc+Sfe6zIDWJ Z5WAI9yl7ySgwCyai4xgeastGU4F1BiMBgqsKO8T57wS9lXinXyseN5iHSzn9NaIWY Bmi5Ivr7czbNz9FJ/CqQifgluqgSIcIACkmKHJXTXWzAGuuC8EaDHPtU2If/tEaD+w gos6Hfh95pW7m2XHRup0m7Haa2cnXD1NQ4Jqa5yOS0nH8TgpkslEQGHTHXbL3dPLGL 7POuo5VoWn2Bw== Date: Thu, 3 Jun 2021 11:07:50 +0800 From: Peter Chen To: Alexandru Elisei Cc: balbi@kernel.org, Greg Kroah-Hartman , p.zabel@pengutronix.de, linux-usb@vger.kernel.org, Linux Kernel Mailing List , arm-mail-list , sanm@codeaurora.org Subject: Re: [BUG] usb: dwc3: Kernel NULL pointer dereference in dwc3_remove() Message-ID: <20210603030750.GA29274@nchen> References: MIME-Version: 1.0 Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.9.4 (2018-02-28) X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20210602_200756_721465_0F17221B X-CRM114-Status: UNSURE ( 9.45 ) X-CRM114-Notice: Please train this message. X-BeenThere: linux-arm-kernel@lists.infradead.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable Sender: "linux-arm-kernel" Errors-To: linux-arm-kernel-bounces+linux-arm-kernel=archiver.kernel.org@lists.infradead.org On 21-06-01 12:02:34, Alexandru Elisei wrote: > I've been seeing the following panic when shutting down my rockpro64: > = > [=A0=A0 21.459064] xhci-hcd xhci-hcd.0.auto: USB bus 5 deregistered > [=A0=A0 21.683077] Unable to handle kernel NULL pointer dereference at vi= rtual address > 00000000000000a0 > [=A0=A0 21.683858] Mem abort info: > [=A0=A0 21.684104]=A0=A0 ESR =3D 0x96000004 > [=A0=A0 21.684375]=A0=A0 EC =3D 0x25: DABT (current EL), IL =3D 32 bits > [=A0=A0 21.684841]=A0=A0 SET =3D 0, FnV =3D 0 > [=A0=A0 21.685111]=A0=A0 EA =3D 0, S1PTW =3D 0 > [=A0=A0 21.685389] Data abort info: > [=A0=A0 21.685644]=A0=A0 ISV =3D 0, ISS =3D 0x00000004 > [=A0=A0 21.686024]=A0=A0 CM =3D 0, WnR =3D 0 > [=A0=A0 21.686288] user pgtable: 4k pages, 48-bit VAs, pgdp=3D00000000075= 7a000 > [=A0=A0 21.686853] [00000000000000a0] pgd=3D0000000000000000, p4d=3D00000= 00000000000 > [=A0=A0 21.687452] Internal error: Oops: 96000004EEMPT SMP > [=A0=A0 21.687941] Modules linked in: > [=A0=A0 21.688214] CPU: 4 PID: 1 Comm: shutdown Not tainted > 5.12.0-rc7-00262-g568262bf5492 #33 > [=A0=A0 21.688915] Hardware name: Pine64 RockPro64 v2.0 (DT) > [=A0=A0 21.689357] pstate: 60000005 (nZCv daif -PAN -UAO -TCO BTYPE=3D--) > [=A0=A0 21.689884] pc : down_read_interruptible+0xec/0x200 > [=A0=A0 21.690321] lr : simple_recursive_removal+0x48/0x280 > [=A0=A0 21.690761] sp : ffff800011f4b940 > [=A0=A0 21.691053] x29: ffff800011f4b940 x28: ffff000000809b40 > [=A0=A0 21.691522] x27: ffff000000809b98 x26: ffff8000114f5170 > [=A0=A0 21.691990] x25: 00000000000000a0 x24: ffff800011e84030 > [=A0=A0 21.692459] x23: 0000000000000080 x22: 0000000000000000 > [=A0=A0 21.692927] x21: ffff800011ecaa5c x20: ffff800011ecaa60 > [=A0=A0 21.693395] x19: ffff000000809b40 x18: ffffffffffffffff > [=A0=A0 21.693863] x17: 0000000000000000 x16: 0000000000000000 > [=A0=A0 21.694331] x15: ffff800091f4ba6d x14: 0000000000000004 > [=A0=A0 21.694799] x13: 0000000000000000 x12: 0000000000000020 > [=A0=A0 21.695267] x11: 0101010101010101 x10: 7f7f7f7f7f7f7f7f > [=A0=A0 21.695735] x9 : 6f6c746364716e62 x8 : 7f7f7f7f7f7f7f7f > [=A0=A0 21.696203] x7 : fefefeff6364626d x6 : 0000000000001bd8 > [=A0=A0 21.696671] x5 : 0000000000000000 x4 : 0000000000000000 > [=A0=A0 21.697138] x3 : 00000000000000a0 x2 : 0000000000000001 > [=A0=A0 21.697606] x1 : 0000000000000000 x0 : 00000000000000a0 > [=A0=A0 21.698075] Call trace: > [=A0=A0 21.698291]=A0 down_read_interruptible+0xec/0x200 > [=A0=A0 21.698690]=A0 debugfs_remove+0x60/0x84 > [=A0=A0 21.699016]=A0 dwc3_debugfs_exit+0x1c/0x6c > [=A0=A0 21.699363]=A0 dwc3_remove+0x34/0x1a0 > [=A0=A0 21.699672]=A0 platform_remove+0x28/0x60 > [=A0=A0 21.700005]=A0 __device_release_driver+0x188/0x230 > [=A0=A0 21.700414]=A0 device_release_driver+0x2c/0x44 > [=A0=A0 21.700791]=A0 bus_remove_device+0x124/0x130 > [=A0=A0 21.701154]=A0 device_del+0x168/0x420 > [=A0=A0 21.701462]=A0 platform_device_del.part.0+0x1c/0x90 > [=A0=A0 21.701877]=A0 platform_device_unregister+0x28/0x44 > [=A0=A0 21.702291]=A0 of_platform_device_destroy+0xe8/0x100 > [=A0=A0 21.702716]=A0 device_for_each_child_reverse+0x64/0xb4 > [=A0=A0 21.703153]=A0 of_platform_depopulate+0x40/0x84 > [=A0=A0 21.703538]=A0 __dwc3_of_simple_teardown+0x20/0xd4 > [=A0=A0 21.703945]=A0 dwc3_of_simple_shutdown+0x14/0x20 > [=A0=A0 21.704337]=A0 platform_shutdown+0x28/0x40 > [=A0=A0 21.704683]=A0 device_shutdown+0x158/0x330 > [=A0=A0 21.705029]=A0 kernel_power_off+0x38/0x7c > [=A0=A0 21.705372]=A0 __do_sys_reboot+0x16c/0x2a0 > [=A0=A0 21.705719]=A0 __arm64_sys_reboot+0x28/0x34 > [=A0=A0 21.706074]=A0 el0_svc_common.constprop.0+0x60/0x120 > [=A0=A0 21.706499]=A0 do_el0_svc+0x28/0x94 > [=A0=A0 21.706794]=A0 el0_svc+0x2c/0x54 > [=A0=A0 21.707067]=A0 el0_sync_handler+0xa4/0x130 > [=A0=A0 21.707414]=A0 el0_sync+0x170/0x180 > [=A0=A0 21.707711] Code: c8047c62 35ffff84 17fffe5f f9800071 (c85ffc60) > [=A0=A0 21.708250] ---[ end trace 5ae08147542eb468 ]--- > [=A0=A0 21.708667] Kernel panic - not syncing: Attempted to kill init! ex= itcode=3D0x0000000b > [=A0=A0 21.709456] Kernel Offset: disabled > [=A0=A0 21.709762] CPU features: 0x00240022,2100600c > [=A0=A0 21.710146] Memory Limit: 2048 MB > [=A0=A0 21.710443] ---[ end Kernel panic - not syncing: Attempted to kill= init! > exitcode=3D0x0000000b ]--- > = I find down_read_interruptible is called at sys_perf_event_open, could you = find the relationship between remove debugfs and perf event functions? -- = Thanks, Peter Chen _______________________________________________ linux-arm-kernel mailing list linux-arm-kernel@lists.infradead.org http://lists.infradead.org/mailman/listinfo/linux-arm-kernel