Bug#917206: linux-image-4.9.0-8-amd64: NULL ptr dereference in xhci_hub_control [xhci_hcd] with USB Mass Storage (Kingston)

To: 917206@bugs.debian.org
Cc: Cyril Brulebois <kibi@debian.org>, control@bugs.debian.org
Subject: Bug#917206: linux-image-4.9.0-8-amd64: NULL ptr dereference in xhci_hub_control [xhci_hcd] with USB Mass Storage (Kingston)
From: Christoph Pfister <christophpfister@gmail.com>
Date: Wed, 2 Jan 2019 12:29:02 +0100
Message-id: <[🔎] CAL7owaAi=Hbk=GrF4+Dt9ujfFBAZrsfPiwLJ9NmzithmN2uzvg@mail.gmail.com>
Reply-to: Christoph Pfister <christophpfister@gmail.com>, 917206@bugs.debian.org
References: <154561441369.32643.4166612758974725682.reportbug@armor.home>

found 917206 4.9.130-2
thanks

tl;dr: This is a regression introduced in Debian 9.6
(linux/4.9.130-2); it is caused by [1] and fixed by [2]. Please fix :)

I'm taking the liberty to hijack this bug because I'm experiencing the
same issue [3] when powering off a usb3 hdd. The oops is easy to
reproduce; I've tested the following versions of
linux-image-4.9.0-8-amd64:

- 4.9.110-3+deb9u6: works
- 4.9.130-2 (current stretch): affected
- 4.9.135-1 (stretch-proposed-updates): affected
- 4.9.130-2 + manually applying [2]: works

Thanks,

Christoph


[1] https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/drivers/usb/host?h=linux-4.9.y&id=2679c2231bc3fb260f74e1faf7d6810427b1fc6e

[2] https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/drivers/usb/host?h=linux-4.9.y&id=52f305530ab6e5915b5e5ee0cb9525df42f2b691

[3]

kernel: usb 7-2: USB disconnect, device number 4
kernel: BUG: unable to handle kernel NULL pointer dereference at
000000000000001c
kernel: IP: [<ffffffffc022c373>] xhci_hub_control+0x1a13/0x1c50 [xhci_hcd]
kernel: PGD 0
kernel:
kernel: Oops: 0000 [#1] SMP
kernel: Modules linked in: cpufreq_powersave cpufreq_userspace
cpufreq_conservative nf_conntrack_ipv6 nf_defrag_ipv6 ip6table_filter
ip6_tables nf_conntrack_ipv4 nf_defrag_ipv4 xt_conntrack nf_conntrack
iptable_filter edac_mce_amd edac_core kvm_amd
kernel:  glue_helper lrw gf128mul ablk_helper cryptd ahci libahci
xhci_pci xhci_hcd i2c_piix4 ohci_hcd libata ehci_pci ehci_hcd scsi_mod
usbcore usb_common r8169 mii
kernel: CPU: 0 PID: 138 Comm: kworker/0:3 Not tainted 4.9.0-8-amd64 #1
Debian 4.9.130-2
kernel: Hardware name: Gigabyte Technology Co., Ltd. To be filled by
O.E.M./F2A88XM-HD3, BIOS F7 07/09/2014
kernel: Workqueue: usb_hub_wq hub_event [usbcore]
kernel: task: ffff8e3435468100 task.stack: ffffae9040928000
kernel: RIP: 0010:[<ffffffffc022c373>]  [<ffffffffc022c373>]
xhci_hub_control+0x1a13/0x1c50 [xhci_hcd]
kernel: RSP: 0018:ffffae904092ba90  EFLAGS: 00010086
kernel: RAX: ffff8e3435552000 RBX: ffff8e34354dc000 RCX: 0000000000000000
kernel: RDX: 0000000000000060 RSI: 0000000000001261 RDI: ffff8e34354ba284
kernel: RBP: 00000000ffffffed R08: 0000000000000008 R09: 0000000000000001
kernel: R10: 0000000000000001 R11: 0000000000000212 R12: 0000000000000001
kernel: R13: ffff8e34354ba000 R14: ffff8e34354ba284 R15: 0000000000000002
kernel: FS:  0000000000000000(0000) GS:ffff8e343ec00000(0000)
knlGS:0000000000000000
kernel: CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
kernel: CR2: 000000000000001c CR3: 00000001365a4000 CR4: 00000000000406f0
kernel: Stack:
kernel:  000000ff90625600 c6542f7200000005 0000000000000002 ffff8e3400000000
kernel:  0000000000000005 0000000000000000 ffff8e34354ba238 ffffffff907e0000
kernel:  ffff8e343ac00302 000000004092bba0 ffff8e3435d28e40 ffff8e3435610000
kernel: Call Trace:
kernel:  [<ffffffff907e0000>] ? mempolicy_nodemask_intersects+0x10/0x70
kernel:  [<ffffffff90854246>] ? ep_poll_callback+0x106/0x230
kernel:  [<ffffffffc00ce86a>] ? usb_hcd_submit_urb+0x2aa/0xaf0 [usbcore]
kernel:  [<ffffffff906e7664>] ? lock_timer_base+0x74/0x90
kernel:  [<ffffffff906e74ea>] ? __internal_add_timer+0x1a/0x50
kernel:  [<ffffffff906e9e70>] ? add_timer+0x110/0x270
kernel:  [<ffffffffc00d0aed>] ? usb_start_wait_urb+0x6d/0x170 [usbcore]
kernel:  [<ffffffffc00d5572>] ? usb_release_interface_cache+0x32/0x50 [usbcore]
kernel:  [<ffffffffc00d0ccd>] ? usb_control_msg+0xdd/0x140 [usbcore]
kernel:  [<ffffffff90a7e340>] ? device_release+0x30/0x90
kernel:  [<ffffffffc00c3c54>] ? set_port_feature+0x44/0x50 [usbcore]
kernel:  [<ffffffffc00c5579>] ? hub_port_disable+0xc9/0x140 [usbcore]
kernel:  [<ffffffffc00ca4eb>] ? hub_event+0xd8b/0x15c0 [usbcore]
kernel:  [<ffffffff90c190a4>] ? __switch_to_asm+0x34/0x70
kernel:  [<ffffffff90c190b0>] ? __switch_to_asm+0x40/0x70
kernel:  [<ffffffff9069421a>] ? process_one_work+0x18a/0x420
kernel:  [<ffffffff906944fd>] ? worker_thread+0x4d/0x490
kernel:  [<ffffffff906944b0>] ? process_one_work+0x420/0x420
kernel:  [<ffffffff9069a569>] ? kthread+0xd9/0xf0
kernel:  [<ffffffff9069a490>] ? kthread_park+0x60/0x60
kernel:  [<ffffffff90c19124>] ? ret_from_fork+0x44/0x70
kernel: Code: e9 49 f8 ff ff 45 31 e4 eb 11 49 83 c4 01 49 81 fc 00 01
00 00 0f 84 c3 f2 ff ff 4b 8b 84 e5 08 04 00 00 48 85 c0 74 e2 48 8b
08 <83> 79 1c 04 40 0f 96 c6 83 bb a0 00 00 00 3f 0f 9f c1 40 38 ce
kernel: RIP  [<ffffffffc022c373>] xhci_hub_control+0x1a13/0x1c50 [xhci_hcd]
kernel:  RSP <ffffae904092ba90>
kernel: CR2: 000000000000001c
kernel: ---[ end trace 8be8c1ab53920c10 ]---

Reply to:

Follow-Ups:
- Processed: Re: linux-image-4.9.0-8-amd64: NULL ptr dereference in xhci_hub_control [xhci_hcd] with USB Mass Storage (Kingston)
  - From: "Debian Bug Tracking System" <owner@bugs.debian.org>
- Bug#917206: linux-image-4.9.0-8-amd64: NULL ptr dereference in xhci_hub_control [xhci_hcd] with USB Mass Storage (Kingston)
  - From: Salvatore Bonaccorso <carnil@debian.org>

Prev by Date: [PATCH v2] deb-pkg: generate correct build dependencies
Next by Date: Processed: Re: linux-image-4.9.0-8-amd64: NULL ptr dereference in xhci_hub_control [xhci_hcd] with USB Mass Storage (Kingston)
Previous by thread: Re: [PATCH v2] deb-pkg: generate correct build dependencies
Next by thread: Processed: Re: linux-image-4.9.0-8-amd64: NULL ptr dereference in xhci_hub_control [xhci_hcd] with USB Mass Storage (Kingston)
Index(es):
- Date
- Thread