Issue 901377 link

Starred by 2 users

Issue metadata

Status:	Fixed
Owner:	groeck@chromium.org
Closed:	Nov 7
Cc:	█ yuzhao@chromium.org
Components:	OS>Kernel
EstimatedDays:	----
NextAction:	----
OS:	Chrome
Pri:	2
Type:	Bug
merge-merged-chromeos-3.18 Kernel-3.14 merge-merged-chromeos-3.14

Crash in smsc75xx_deferred_multicast_write

Project Member Reported by groeck@chromium.org, Nov 2

Issue description

Observed in CQ run.

[  802.491692] smsc95xx 2-1.1:1.0 eth1: hardware isn't capable of remote wakeup
[  802.883339] smsc75xx 3-1:1.0 eth0: unregister 'smsc75xx' usb-ff580000.usb-1, smsc75xx USB 2.0 Gigabit Ethernet
[  802.939052] usb  (unregistered net_device): Failed to write reg index 0x0000002c: -19
[  802.939071] usb  (unregistered net_device): Error writing DP_ADDR
[  802.939084] usb  (unregistered net_device): Failed to write reg index 0x00000060: -19
[  802.939100] usb  (unregistered net_device): Error writing RFE_CRL
[  802.939124] Unable to handle kernel NULL pointer dereference at virtual address 0000004c
[  802.939137] pgd = c0003000
[  802.939145] [0000004c] *pgd=80000000004003, *pmd=00000000
[  802.939164] Internal error: Oops: 206 [#1] PREEMPT SMP ARM
[  802.939176] Modules linked in: rfcomm cmac i2c_dev uinput smsc95xx bridge smsc75xx stp llc mwifiex_sdio usbnet uvcvideo iio_trig_sysfs videobuf2_vmalloc btmrvl_sdio btmrvl bluetooth mwifiex zram ipt_MASQUERADE cros_ec_accel kfifo_buf xt_mark fuse snd_seq_dummy cfg80211 ip6table_filter ip6_tables snd_seq_midi snd_seq_midi_event snd_rawmidi snd_seq snd_seq_device joydev
[  802.939309] CPU: 2 PID: 99 Comm: kworker/2:1 Not tainted 3.14.0 #1
[  802.939333] Workqueue: events smsc75xx_deferred_multicast_write [smsc75xx]
[  802.939348] task: ed8d8000 ti: eda0e000 task.ti: eda0e000
[  802.939367] PC is at mutex_lock+0x1c/0x58
[  802.939380] LR is at smsc75xx_deferred_multicast_write+0x3c/0x1a0 [smsc75xx]
[  802.939394] pc : [<c08203c0>]    lr : [<bf2d728c>]    psr: 600b0013
[  802.939394] sp : eda0fe88  ip : eda0fea0  fp : eda0fe9c
[  802.939411] r10: ed96ff80  r9 : ee7c7100  r8 : 00000000
[  802.939420] r7 : da28dbc0  r6 : 0000004c  r5 : c1008448  r4 : 0000004c
[  802.939431] r3 : bd94362e  r2 : 00000000  r1 : ee7c3bd0  r0 : 0000004c
[  802.939442] Flags: nZCv  IRQs on  FIQs on  Mode SVC_32  ISA ARM  Segment kernel
[  802.939456] Control: 30c5387d  Table: 23992a00  DAC: bfb4a337
[  802.939472] 
[  802.939472] PC: 0xc0820340:
[  802.939482] 0340  e1530009 03a03000 05843000 e3c5503f e1a00007 e595300c e584301c eb000450
[  802.939519] 0360  e5953004 e2433001 e5853004 e3530000 1a000003 e5953000 e3130002 0a000000
[  802.939556] 0380  ebfff7b2 e51b2030 e5963000 e1520003 0a000000 ebe80d40 e24bd028 e89daff0
[  802.939596] 03a0  c1008448 e1a0c00d e92dd818 e24cb004 e52de004 e8bd4000 e1a04000 f57ff05b
[  802.939632] 03c0  e1903f9f e2433001 e1802f93 e3320000 1afffffa f57ff05b e3530000 aa000000
[  802.939668] 03e0  ebffff58 e1a0300d e3c33d7f e3c3303f e593300c e584301c e89da818 e1a0c00d
[  802.939702] 0400  e92dd9f0 e24cb004 e24dd01c e52de004 e8bd4000 e59f30ac e3e06102 e3a08002
[  802.939742] 0420  e24b1038 e1a04000 e2800014 e5932000 e1a05003 e50b2028 e1a0200d e3c22d7f
[  802.939780] 
[  802.939780] SP: 0xeda0fe08:
[  802.939792] fe08  eda0fe34 eda0fe18 c0556e38 bd94362e eda0fe3c c08203c0 600b0013 ffffffff
[  802.939833] fe28  eda0fe74 00000000 eda0fe9c eda0fe40 c020b498 c0200194 0000004c ee7c3bd0
[  802.939876] fe48  00000000 bd94362e 0000004c c1008448 0000004c da28dbc0 00000000 ee7c7100
[  802.939915] fe68  ed96ff80 eda0fe9c eda0fea0 eda0fe88 bf2d728c c08203c0 600b0013 ffffffff
[  802.939950] fe88  bd94362e da28df00 eda0fecc eda0fea0 bf2d728c c08203b0 eda0fecc bd94362e
[  802.939985] fea8  da28dbc0 ee7c3b40 eda0e010 c10521c8 00000000 ee7c7100 eda0ff0c eda0fed0
[  802.940022] fec8  c023f47c bf2d725c eda0e000 ed96ff80 ee7c3b40 00000000 ee7c3b40 ed96ff80
[  802.940060] fee8  ee7c3b40 ed96ff98 ee7c3b40 eda0e000 eda0e010 ee7c3b60 eda0ff44 eda0ff10
[  802.940096] 
[  802.940096] IP: 0xeda0fe20:
[  802.940109] fe20  600b0013 ffffffff eda0fe74 00000000 eda0fe9c eda0fe40 c020b498 c0200194
[  802.940148] fe40  0000004c ee7c3bd0 00000000 bd94362e 0000004c c1008448 0000004c da28dbc0
[  802.940188] fe60  00000000 ee7c7100 ed96ff80 eda0fe9c eda0fea0 eda0fe88 bf2d728c c08203c0
[  802.940230] fe80  600b0013 ffffffff bd94362e da28df00 eda0fecc eda0fea0 bf2d728c c08203b0
[  802.940269] fea0  eda0fecc bd94362e da28dbc0 ee7c3b40 eda0e010 c10521c8 00000000 ee7c7100
[  802.940303] fec0  eda0ff0c eda0fed0 c023f47c bf2d725c eda0e000 ed96ff80 ee7c3b40 00000000
[  802.940339] fee0  ee7c3b40 ed96ff80 ee7c3b40 ed96ff98 ee7c3b40 eda0e000 eda0e010 ee7c3b60
[  802.940374] ff00  eda0ff44 eda0ff10 c023fb38 c023f1bc 00000000 ed96ff80 c023f8d0 ed9778c0
[  802.940407] 
[  802.940407] FP: 0xeda0fe1c:
[  802.940417] fe1c  c08203c0 600b0013 ffffffff eda0fe74 00000000 eda0fe9c eda0fe40 c020b498
[  802.940451] fe3c  c0200194 0000004c ee7c3bd0 00000000 bd94362e 0000004c c1008448 0000004c
[  802.940480] fe5c  da28dbc0 00000000 ee7c7100 ed96ff80 eda0fe9c eda0fea0 eda0fe88 bf2d728c
[  802.940508] fe7c  c08203c0 600b0013 ffffffff bd94362e da28df00 eda0fecc eda0fea0 bf2d728c
[  802.940538] fe9c  c08203b0 eda0fecc bd94362e da28dbc0 ee7c3b40 eda0e010 c10521c8 00000000
[  802.940573] febc  ee7c7100 eda0ff0c eda0fed0 c023f47c bf2d725c eda0e000 ed96ff80 ee7c3b40
[  802.940605] fedc  00000000 ee7c3b40 ed96ff80 ee7c3b40 ed96ff98 ee7c3b40 eda0e000 eda0e010
[  802.940637] fefc  ee7c3b60 eda0ff44 eda0ff10 c023fb38 c023f1bc 00000000 ed96ff80 c023f8d0
[  802.940670] 
[  802.940670] R1: 0xee7c3b50:
[  802.940678] 3b50  00000002 00000000 00000004 00000000 ee7c3b60 ee7c3b60 00000003 00000002
[  802.940708] 3b70  e3aba800 ebdc6f80 00000000 00200200 00000c00 ee142001 c023d25c ee7c3b40
[  802.940741] 3b90  ffffffff ffffffff 00000000 00000000 00000000 00000000 00000000 00000000
[  802.940771] 3bb0  00200200 0000c44a ee142000 c023ecc0 ee7c3b40 ffffffff ffffffff 00000000
[  802.940802] 3bd0  00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000
[  802.940834] 3bf0  00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000
[  802.940868] 3c10  00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000
[  802.940901] 3c30  00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000
[  802.940933] 
[  802.940933] R5: 0xc10083c8:
[  802.940944] 83c8  c41ad32f 0ec67274 cfcdd6f2 051177a9 5b749545 91a8341e 6e7e1c4c a4a2bd17
[  802.940978] 83e8  fac75ffb 301bfea0 f1105a26 3bccfb7d 65a91991 af75b8ca 9b044835 51d8e96e
[  802.941011] 8408  0fbd0b82 c561aad9 046a0e5f ceb6af04 90d34de8 5a0fecb3 a5d9c4e1 6f0565ba
[  802.941046] 8428  31608756 fbbc260d 3ab7828b f06b23d0 ae0ec13c 64d26067 00000100 00000001
[  802.941082] 8448  bd94362e 00000009 003fb8d7 00000000 00000000 00000000 00000000 00000000
[  802.941115] 8468  00000000 00000000 00000000 00000000 c0218efc c0218f34 90f00000 c0218adc
[  802.941147] 8488  c0218a90 00000012 ffffffff 00000000 00000000 00000000 0000000f 0000000f
[  802.941180] 84a8  0000000f 0000000f 00000000 00000000 ee0a4100 ee0a4200 ee0a4300 ee004a00
[  802.941211] 
[  802.941211] R7: 0xda28db40:
[  802.941219] db40  da28df00 00001c0a 00000020 00000000 00000000 00000000 40000000 00000000
[  802.941249] db60  00000000 00000000 80000000 00000000 00000000 00000000 00000000 00000000
[  802.941278] db80  00000000 00000000 00000000 00000001 00000000 dead4ead ffffffff ffffffff
[  802.941310] dba0  da28dba0 da28dba0 00000000 00000000 00120012 dead4ead ffffffff ffffffff
[  802.941341] dbc0  00000080 da28dbc4 da28dbc4 bf2d7250 00000000 00000000 00000000 00000000
[  802.941373] dbe0  00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000
[  802.941406] dc00  da28d600 00000000 00000000 00000000 ec648900 00000000 00000000 ffffffff
[  802.941439] dc20  ffffffff 00000000 00000000 000000d8 00000000 00000000 00000000 00000000
[  802.941472] 
[  802.941472] R9: 0xee7c7080:
[  802.941483] 7080  00160000 00000000 00000000 00000000 00000000 00000000 00000000 00000000
[  802.941521] 70a0  00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000
[  802.941560] 70c0  00000000 00000000 00000000 00000000 c07120c4 edbb6800 00000000 00000000
[  802.941595] 70e0  00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000
[  802.941633] 7100  ee7c3b40 ee0a4100 00000000 ffffffff 00000002 00000001 00000000 00000000
[  802.941673] 7120  00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000
[  802.941706] 7140  00000000 00000000 00000000 00000000 00000001 00000100 ee7c7158 ee7c7158
[  802.941741] 7160  ee7be160 ee7d0160 ee7c7168 ee7c7168 ffffffe0 ee7c7174 ee7c7174 c024003c
[  802.941772] 
[  802.941772] R10: 0xed96ff00:
[  802.941781] ff00  f0000d51 0000416d 00000002 00000000 00000000 00000000 00000000 00000000
[  802.941813] ff20  c0a12ac0 c0a12a40 ee171800 ee171580 00000000 00000000 00000001 00000000
[  802.941844] ff40  00000000 ed96ff44 ed96ff44 00000000 dead4ead ffffffff ffffffff 3566660c
[  802.941873] ff60  30303038 73752e30 00000062 00000000 00000000 00000000 00000000 00000000
[  802.941905] ff80  00000000 ee7c3c70 da28dbc0 bf2d7250 ee7c7100 00000000 ed96ff98 ed96ff98
[  802.941934] ffa0  ed8d8000 ee7c3b40 0000c447 00000001 00000001 00000000 00000000 00000000
[  802.941965] ffc0  00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000
[  802.941997] ffe0  00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000
[  802.942031] Process kworker/2:1 (pid: 99, stack limit = 0xeda0e250)
[  802.942043] Stack: (0xeda0fe88 to 0xeda10000)
[  802.942057] fe80:                   bd94362e da28df00 eda0fecc eda0fea0 bf2d728c c08203b0
[  802.942074] fea0: eda0fecc bd94362e da28dbc0 ee7c3b40 eda0e010 c10521c8 00000000 ee7c7100
[  802.942093] fec0: eda0ff0c eda0fed0 c023f47c bf2d725c eda0e000 ed96ff80 ee7c3b40 00000000
[  802.942109] fee0: ee7c3b40 ed96ff80 ee7c3b40 ed96ff98 ee7c3b40 eda0e000 eda0e010 ee7c3b60
[  802.942124] ff00: eda0ff44 eda0ff10 c023fb38 c023f1bc 00000000 ed96ff80 c023f8d0 ed9778c0
[  802.942141] ff20: 00000000 ed96ff80 c023f8d0 00000000 00000000 00000000 eda0ffac eda0ff48
[  802.942158] ff40: c02457d4 c023f8dc 00000000 c101e528 ed96ff80 00000000 00000000 dead4ead
[  802.942174] ff60: ffffffff ffffffff eda0ff68 eda0ff68 00000000 00000000 dead4ead ffffffff
[  802.942187] ff80: ffffffff eda0ff84 eda0ff84 bd94362e ed9778c0 c02456f0 00000000 00000000
[  802.942202] ffa0: 00000000 eda0ffb0 c02064f8 c02456fc 00000000 00000000 00000000 00000000
[  802.942217] ffc0: 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000
[  802.942232] ffe0: 00000000 00000000 00000000 00000000 00000013 00000000 00000000 00000000
[  802.942263] [<c08203c0>] (mutex_lock) from [<bf2d728c>] (smsc75xx_deferred_multicast_write+0x3c/0x1a0 [smsc75xx])
[  802.942299] [<bf2d728c>] (smsc75xx_deferred_multicast_write [smsc75xx]) from [<c023f47c>] (process_one_work+0x2cc/0x460)
[  802.942321] [<c023f47c>] (process_one_work) from [<c023fb38>] (worker_thread+0x268/0x38c)
[  802.942338] [<c023fb38>] (worker_thread) from [<c02457d4>] (kthread+0xe4/0xfc)
[  802.942357] [<c02457d4>] (kthread) from [<c02064f8>] (ret_from_fork+0x14/0x20)
[  802.942374] Code: e52de004 e8bd4000 e1a04000 f57ff05b (e1903f9f) 
[  802.942780] ---[ end trace a843ec2d9198520b ]---
[  802.944890] Kernel panic - not syncing: Fatal exception
[  802.944906] CPU0: stopping
[  802.944918] CPU: 0 PID: 4980 Comm: sleep Tainted: G      D      3.14.0 #1
[  802.944942] [<c020e51c>] (unwind_backtrace) from [<c020a90c>] (show_stack+0x20/0x24)
[  802.944959] [<c020a90c>] (show_stack) from [<c081c574>] (dump_stack+0x7c/0xc0)
[  802.944974] [<c081c574>] (dump_stack) from [<c020cc2c>] (handle_IPI+0xdc/0x1c8)
[  802.944986] [<c020cc2c>] (handle_IPI) from [<c02003ac>] (gic_handle_irq+0x64/0x6c)
[  802.944999] [<c02003ac>] (gic_handle_irq) from [<c020b6c0>] (__irq_usr+0x40/0x60)
[  802.945008] Exception stack(0xec675fb0 to 0xec675ff8)
[  802.945017] 5fa0:                                     00000002 00000061 00000063 6162696c
[  802.945030] 5fc0: 00000000 a8d2860c 8ff9ac08 00000009 00000000 00000001 a8eb1bdc 00000002
[  802.945041] 5fe0: ffffffff be96dae0 a8ef57ad a8ef57b4 200f0030 ffffffff
[  802.945051] CPU1: stopping
[  802.945062] CPU: 1 PID: 4978 Comm: shill Tainted: G      D      3.14.0 #1
[  802.945079] [<c020e51c>] (unwind_backtrace) from [<c020a90c>] (show_stack+0x20/0x24)
[  802.945094] [<c020a90c>] (show_stack) from [<c081c574>] (dump_stack+0x7c/0xc0)
[  802.945108] [<c081c574>] (dump_stack) from [<c020cc2c>] (handle_IPI+0xdc/0x1c8)
[  802.945121] [<c020cc2c>] (handle_IPI) from [<c02003ac>] (gic_handle_irq+0x64/0x6c)
[  802.945132] [<c02003ac>] (gic_handle_irq) from [<c020b500>] (__irq_svc+0x40/0x70)
[  802.945141] Exception stack(0xe3affcb8 to 0xe3affd00)
[  802.945150] fca0:                                                       eadc98bc 0000003b
[  802.945163] fcc0: eecb3410 00000001 eecb3400 eaee8b28 00000000 0000003b 00000000 00000d10
[  802.945175] fce0: ec717988 e3affd1c fffffffa e3affd00 0000003f c02e54a4 60000113 ffffffff
[  802.945190] [<c020b500>] (__irq_svc) from [<c02e54a4>] (find_get_page_flags+0x8c/0xdc)
[  802.945205] [<c02e54a4>] (find_get_page_flags) from [<c02e72fc>] (filemap_fault+0x8c/0x3e4)
[  802.945221] [<c02e72fc>] (filemap_fault) from [<c03abd90>] (ext4_filemap_fault+0x3c/0x50)
[  802.945236] [<c03abd90>] (ext4_filemap_fault) from [<c030a584>] (__do_fault+0xc0/0x4f8)
[  802.945249] [<c030a584>] (__do_fault) from [<c030ee6c>] (handle_mm_fault+0x5ac/0xb1c)
[  802.945263] [<c030ee6c>] (handle_mm_fault) from [<c02152a8>] (do_page_fault+0x13c/0x3a8)
[  802.945275] [<c02152a8>] (do_page_fault) from [<c02001d0>] (do_DataAbort+0x48/0xc4)
[  802.945288] [<c02001d0>] (do_DataAbort) from [<c020b678>] (__dabt_usr+0x38/0x40)
[  802.945297] Exception stack(0xe3afffb0 to 0xe3affff8)
[  802.945307] ffa0:                                     b44f2c4c 00000000 00000068 b44f2c4c
[  802.945319] ffc0: b44f3000 b44f2cbc bee5aec0 bee5af88 b44f2cbc b44f2c4c 00000002 bee5b0fc
[  802.945331] ffe0: 00000000 bee5ae80 b4da976d b4db85f0 20000010 ffffffff
[  802.945340] CPU3: stopping
[  802.945351] CPU: 3 PID: 1602 Comm: Media Tainted: G      D      3.14.0 #1
[  802.945368] [<c020e51c>] (unwind_backtrace) from [<c020a90c>] (show_stack+0x20/0x24)
[  802.945383] [<c020a90c>] (show_stack) from [<c081c574>] (dump_stack+0x7c/0xc0)
[  802.945396] [<c081c574>] (dump_stack) from [<c020cc2c>] (handle_IPI+0xdc/0x1c8)
[  802.945408] [<c020cc2c>] (handle_IPI) from [<c02003ac>] (gic_handle_irq+0x64/0x6c)
[  802.945420] [<c02003ac>] (gic_handle_irq) from [<c020b6c0>] (__irq_usr+0x40/0x60)
[  802.945429] Exception stack(0xe0797fb0 to 0xe0797ff8)
[  802.945438] 7fa0:                                     00004002 fffff9fa 00000000 0000000e
[  802.945450] 7fc0: 0000005b 9e57013a 0000f9fa 9e56e500 00004002 0000000e 00002000 9e56f9ba
[  802.945462] 7fe0: 00008000 9e56e480 00002000 0a540302 200b0030 ffffffff

The root cause is possibly that error handling is not properly implemented on device probe, and that some deferred action is taken on a failed device.

ramoops
61.5 KB View Download

Comment 1 by groeck@chromium.org, Nov 2

Cc: yuzhao@chromium.org
Owner: groeck@chromium.org
Status: Started (was: Untriaged)

f7b2a56e1f3d ("net/usb: cancel pending work when unbinding smsc75xx"). Already fixed in chromeos-4.14 and chromeos-4.4. See b:115920877 and CL:1252551.

Project Member

Comment 2 by bugdroid1@chromium.org, Nov 7

Labels: merge-merged-chromeos-3.14

The following revision refers to this bug:
  https://chromium.googlesource.com/chromiumos/third_party/kernel/+/f0650793f3cd2dd0547f02c54be4f895cab379f9

commit f0650793f3cd2dd0547f02c54be4f895cab379f9
Author: Yu Zhao <yuzhao@google.com>
Date: Wed Nov 07 14:34:59 2018

FROMGIT: net/usb: cancel pending work when unbinding smsc75xx

Cancel pending work before freeing smsc75xx private data structure
during binding. This fixes the following crash in the driver:

BUG: unable to handle kernel NULL pointer dereference at 0000000000000050
IP: mutex_lock+0x2b/0x3f
<snipped>
Workqueue: events smsc75xx_deferred_multicast_write [smsc75xx]
task: ffff8caa83e85700 task.stack: ffff948b80518000
RIP: 0010:mutex_lock+0x2b/0x3f
<snipped>
Call Trace:
 smsc75xx_deferred_multicast_write+0x40/0x1af [smsc75xx]
 process_one_work+0x18d/0x2fc
 worker_thread+0x1a2/0x269
 ? pr_cont_work+0x58/0x58
 kthread+0xfa/0x10a
 ? pr_cont_work+0x58/0x58
 ? rcu_read_unlock_sched_notrace+0x48/0x48
 ret_from_fork+0x22/0x40

Signed-off-by: Yu Zhao <yuzhao@google.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
(cherry picked from commit f7b2a56e1f3dcbdb4cf09b2b63e859ffe0e09df8
 git://git.kernel.org/pub/scm/linux/kernel/git/davem/net.git)

BUG=b:115920877,  chromium:901377 
TEST=Built and booted.

Change-Id: If1a6ff9d92b88a84efe855e0dfdaa2ba2db452b3
Reviewed-on: https://chromium-review.googlesource.com/c/1252551
Reviewed-by: Yu Zhao <yuzhao@chromium.org>
Commit-Queue: Yu Zhao <yuzhao@chromium.org>
Tested-by: Yu Zhao <yuzhao@chromium.org>
Trybot-Ready: Yu Zhao <yuzhao@chromium.org>
(cherry picked from commit df841c63b4efe4095d2f8fbd66cb4819cde32b02)
Reviewed-on: https://chromium-review.googlesource.com/1315681
Commit-Ready: Guenter Roeck <groeck@chromium.org>
Tested-by: Guenter Roeck <groeck@chromium.org>
Reviewed-by: Grant Grundler <grundler@chromium.org>
Reviewed-by: Daniel Kurtz <djkurtz@chromium.org>

[modify] https://crrev.com/f0650793f3cd2dd0547f02c54be4f895cab379f9/drivers/net/usb/smsc75xx.c

Project Member

Comment 3 by bugdroid1@chromium.org, Nov 7

Labels: merge-merged-chromeos-3.18

The following revision refers to this bug:
  https://chromium.googlesource.com/chromiumos/third_party/kernel/+/085165ef8d1575a819bab84189b55ac04afea6ff

commit 085165ef8d1575a819bab84189b55ac04afea6ff
Author: Yu Zhao <yuzhao@google.com>
Date: Wed Nov 07 14:34:25 2018

FROMGIT: net/usb: cancel pending work when unbinding smsc75xx

Cancel pending work before freeing smsc75xx private data structure
during binding. This fixes the following crash in the driver:

BUG: unable to handle kernel NULL pointer dereference at 0000000000000050
IP: mutex_lock+0x2b/0x3f
<snipped>
Workqueue: events smsc75xx_deferred_multicast_write [smsc75xx]
task: ffff8caa83e85700 task.stack: ffff948b80518000
RIP: 0010:mutex_lock+0x2b/0x3f
<snipped>
Call Trace:
 smsc75xx_deferred_multicast_write+0x40/0x1af [smsc75xx]
 process_one_work+0x18d/0x2fc
 worker_thread+0x1a2/0x269
 ? pr_cont_work+0x58/0x58
 kthread+0xfa/0x10a
 ? pr_cont_work+0x58/0x58
 ? rcu_read_unlock_sched_notrace+0x48/0x48
 ret_from_fork+0x22/0x40

Signed-off-by: Yu Zhao <yuzhao@google.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
(cherry picked from commit f7b2a56e1f3dcbdb4cf09b2b63e859ffe0e09df8
 git://git.kernel.org/pub/scm/linux/kernel/git/davem/net.git)

BUG=b:115920877,  chromium:901377 
TEST=Built and booted.

Change-Id: If1a6ff9d92b88a84efe855e0dfdaa2ba2db452b3
Reviewed-on: https://chromium-review.googlesource.com/c/1252551
Reviewed-by: Yu Zhao <yuzhao@chromium.org>
Commit-Queue: Yu Zhao <yuzhao@chromium.org>
Tested-by: Yu Zhao <yuzhao@chromium.org>
Trybot-Ready: Yu Zhao <yuzhao@chromium.org>
(cherry picked from commit df841c63b4efe4095d2f8fbd66cb4819cde32b02)
Reviewed-on: https://chromium-review.googlesource.com/1315680
Commit-Ready: Guenter Roeck <groeck@chromium.org>
Tested-by: Guenter Roeck <groeck@chromium.org>
Reviewed-by: Grant Grundler <grundler@chromium.org>
Reviewed-by: Daniel Kurtz <djkurtz@chromium.org>

[modify] https://crrev.com/085165ef8d1575a819bab84189b55ac04afea6ff/drivers/net/usb/smsc75xx.c

Comment 4 by groeck@chromium.org, Nov 7

Status: Fixed (was: Started)

►

Issue 901377 link

Issue metadata

Crash in smsc75xx_deferred_multicast_write

Issue description

Comment 1 by groeck@chromium.org, Nov 2

Comment 1 Deleted

Comment 2 by bugdroid1@chromium.org, Nov 7

Comment 2 Deleted

Comment 3 by bugdroid1@chromium.org, Nov 7

Comment 3 Deleted

Comment 4 by groeck@chromium.org, Nov 7

Comment 4 Deleted

Sign in to add a comment