panic when detaching usb device from OTG port, #93
Comments
|
hi, can you see if this still happens? |
|
Fixed indeed. Yay! |
amery
pushed a commit
that referenced
this issue
Jan 11, 2013
[ Upstream commit 6bc96d0 ] Fixes: [ 15.470311] WARNING: at /local/scratch/ianc/devel/kernels/linux/fs/sysfs/file.c:498 sysfs_attr_ns+0x95/0xa0() [ 15.470326] sysfs: kobject eth0 without dirent [ 15.470333] Modules linked in: [ 15.470342] Pid: 12, comm: xenwatch Not tainted 3.4.0-x86_32p-xenU #93 and [ 9.150554] BUG: unable to handle kernel paging request at 2b359000 [ 9.150577] IP: [<c1279561>] linkwatch_do_dev+0x81/0xc0 [ 9.150592] *pdpt = 000000002c3c9027 *pde = 0000000000000000 [ 9.150604] Oops: 0002 [#1] SMP [ 9.150613] Modules linked in: This is http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=675190 Reported-by: George Shuklin <george.shuklin@gmail.com> Signed-off-by: Ian Campbell <ian.campbell@citrix.com> Tested-by: William Dauchy <wdauchy@gmail.com> Cc: stable@kernel.org Cc: 675190@bugs.debian.org Signed-off-by: David S. Miller <davem@davemloft.net> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
amery
pushed a commit
that referenced
this issue
Nov 12, 2013
Turn it into (for example): [ 0.073380] x86: Booting SMP configuration: [ 0.074005] .... node #0, CPUs: #1 #2 #3 #4 #5 #6 #7 [ 0.603005] .... node #1, CPUs: #8 #9 #10 #11 #12 #13 #14 #15 [ 1.200005] .... node #2, CPUs: #16 #17 #18 #19 #20 #21 #22 #23 [ 1.796005] .... node #3, CPUs: #24 #25 #26 #27 #28 #29 #30 #31 [ 2.393005] .... node #4, CPUs: #32 #33 #34 #35 #36 #37 #38 #39 [ 2.996005] .... node #5, CPUs: #40 #41 #42 #43 #44 #45 #46 #47 [ 3.600005] .... node #6, CPUs: #48 #49 #50 #51 #52 #53 #54 #55 [ 4.202005] .... node #7, CPUs: #56 #57 #58 #59 #60 #61 #62 #63 [ 4.811005] .... node #8, CPUs: #64 #65 #66 #67 #68 #69 #70 #71 [ 5.421006] .... node #9, CPUs: #72 #73 #74 #75 #76 #77 #78 #79 [ 6.032005] .... node #10, CPUs: #80 #81 #82 #83 #84 #85 #86 #87 [ 6.648006] .... node #11, CPUs: #88 #89 #90 #91 #92 #93 #94 #95 [ 7.262005] .... node #12, CPUs: #96 #97 #98 #99 #100 #101 #102 #103 [ 7.865005] .... node #13, CPUs: #104 #105 #106 #107 #108 #109 #110 #111 [ 8.466005] .... node #14, CPUs: #112 #113 #114 #115 #116 #117 #118 #119 [ 9.073006] .... node #15, CPUs: #120 #121 #122 #123 #124 #125 #126 #127 [ 9.679901] x86: Booted up 16 nodes, 128 CPUs and drop useless elements. Change num_digits() to hpa's division-avoiding, cell-phone-typed version which he went at great lengths and pains to submit on a Saturday evening. Signed-off-by: Borislav Petkov <bp@suse.de> Cc: huawei.libin@huawei.com Cc: wangyijing@huawei.com Cc: fenghua.yu@intel.com Cc: guohanjun@huawei.com Cc: paul.gortmaker@windriver.com Cc: Linus Torvalds <torvalds@linux-foundation.org> Cc: Andrew Morton <akpm@linux-foundation.org> Cc: Peter Zijlstra <a.p.zijlstra@chello.nl> Cc: Thomas Gleixner <tglx@linutronix.de> Link: http://lkml.kernel.org/r/20130930095624.GB16383@pd.tnic Signed-off-by: Ingo Molnar <mingo@kernel.org>
amery
pushed a commit
that referenced
this issue
Jan 16, 2014
When the kernel is compiled with: CONFIG_HIGH_RES_TIMERS=no CONFIG_HZ_PERIODIC=yes CONFIG_DEBUG_ATOMIC_SLEEP=yes The following WARN appears: WARNING: CPU: 1 PID: 0 at linux/kernel/mutex.c:856 mutex_trylock+0x70/0x1fc() DEBUG_LOCKS_WARN_ON(in_interrupt()) Modules linked in: CPU: 1 PID: 0 Comm: swapper/1 Not tainted 3.12.0-xilinx-dirty #93 [<c0014a78>] (unwind_backtrace+0x0/0x11c) from [<c0011b6c>] (show_stack+0x10/0x14) [<c0011b6c>] (show_stack+0x10/0x14) from [<c039120c>] (dump_stack+0x7c/0xc0) [<c039120c>] (dump_stack+0x7c/0xc0) from [<c001fda4>] (warn_slowpath_common+0x60/0x84) [<c001fda4>] (warn_slowpath_common+0x60/0x84) from [<c001fe48>] (warn_slowpath_fmt+0x2c/0x3c) [<c001fe48>] (warn_slowpath_fmt+0x2c/0x3c) from [<c0392658>] (mutex_trylock+0x70/0x1fc) [<c0392658>] (mutex_trylock+0x70/0x1fc) from [<c02dfc08>] (clk_prepare_lock+0xc/0xe4) [<c02dfc08>] (clk_prepare_lock+0xc/0xe4) from [<c02e099c>] (clk_get_rate+0xc/0x44) [<c02e099c>] (clk_get_rate+0xc/0x44) from [<c02d0394>] (ttc_set_mode+0x34/0x78) [<c02d0394>] (ttc_set_mode+0x34/0x78) from [<c005f794>] (clockevents_set_mode+0x28/0x5c) [<c005f794>] (clockevents_set_mode+0x28/0x5c) from [<c00607fc>] (tick_broadcast_on_off+0x190/0x1c0) [<c00607fc>] (tick_broadcast_on_off+0x190/0x1c0) from [<c005f168>] (clockevents_notify+0x58/0x1ac) [<c005f168>] (clockevents_notify+0x58/0x1ac) from [<c02b99dc>] (cpuidle_setup_broadcast_timer+0x20/0x24) [<c02b99dc>] (cpuidle_setup_broadcast_timer+0x20/0x24) from [<c006cd04>] (generic_smp_call_function_single_interrupt+0) [<c006cd04>] (generic_smp_call_function_single_interrupt+0xe0/0x130) from [<c00138c8>] (handle_IPI+0x88/0x118) [<c00138c8>] (handle_IPI+0x88/0x118) from [<c0008504>] (gic_handle_irq+0x58/0x60) [<c0008504>] (gic_handle_irq+0x58/0x60) from [<c0012644>] (__irq_svc+0x44/0x78) Exception stack(0xef099fa0 to 0xef099fe8) 9fa0: 00000001 ef092100 00000000 ef092100 ef098000 00000015 c0399f2c c0579d74 9fc0: 0000406a 413fc090 00000000 00000000 00000000 ef099fe8 c00666ec c000f46c 9fe0: 20000113 ffffffff [<c0012644>] (__irq_svc+0x44/0x78) from [<c000f46c>] (arch_cpu_idle+0x34/0x3c) [<c000f46c>] (arch_cpu_idle+0x34/0x3c) from [<c0053980>] (cpu_startup_entry+0xa8/0x10c) [<c0053980>] (cpu_startup_entry+0xa8/0x10c) from [<000085a4>] (0x85a4) We are in an interrupt context (IPI) and we are calling clk_get_rate in the set_mode function which in turn ends up by getting a mutex... Even if that does not hang, it is a potential kernel deadlock. It is not allowed to call clk_get_rate() from interrupt context. To avoid such calls the timer input frequency is stored in the driver's data struct which makes it accessible to the driver in any context. [dlezcano] completed the changelog with the WARN trace and added a more detailed description. Tested on zync zc702. Acked-by: Daniel Lezcano <daniel.lezcano@linaro.org> Tested-by: Daniel Lezcano <daniel.lezcano@linaro.org> Signed-off-by: Soren Brinkmann <soren.brinkmann@xilinx.com> Signed-off-by: Daniel Lezcano <daniel.lezcano@linaro.org>
turl
referenced
this issue
in allwinner-dev-team/linux-allwinner
Jan 28, 2014
Unbanked GPIO irq setup code was overwriting chip_data leading to the following oops on request_irq() Unable to handle kernel paging request at virtual address febfffff pgd = c22dc000 [febfffff] *pgd=00000000 Internal error: Oops: 801 [#1] PREEMPT Modules linked in: mcu(+) edmak irqk cmemk CPU: 0 Not tainted (3.0.0-rc7+ torvalds#93) PC is at irq_gc_mask_set_bit+0x68/0x7c LR is at vprintk+0x22c/0x484 pc : [<c0080c0c>] lr : [<c00457e0>] psr: 60000093 sp : c33e3ba0 ip : c33e3af0 fp : c33e3bc4 r10: c04555bc r9 : c33d4340 r8 : 60000013 r7 : 0000002d r6 : c04555bc r5 : fec67010 r4 : 00000000 r3 : c04734c8 r2 : fec00000 r1 : ffffffff r0 : 00000026 Flags: nZCv IRQs off FIQs on Mode SVC_32 ISA ARM Segment user Control: 0005317f Table: 822dc000 DAC: 00000015 Process modprobe (pid: 526, stack limit = 0xc33e2270) Stack: (0xc33e3ba0 to 0xc33e4000) 3ba0: 00000000 c007d3d4 c33e3bcc c04555bc c04555bc c33d4340 c33e3bdc c33e3bc8 3bc0: c007f5f8 c0080bb4 00000000 c04555bc c33e3bf4 c33e3be0 c007f654 c007f5c0 3be0: 00000000 c04555bc c33e3c24 c33e3bf8 c007e6e8 c007f618 c01f2284 c0350af8 3c00: c0405214 bf016c98 00000001 00000000 c33dc008 0000002d c33e3c54 c33e3c28 3c20: c007e888 c007e408 00000001 c23ef880 c33dc000 00000000 c33dc080 c25caa00 3c40: c0487498 bf017078 c33e3c94 c33e3c58 bf016b44 c007e7d4 bf017078 c33dc008 3c60: c25caa08 c33dc008 c33e3c84 bf017484 c25caa00 c25caa00 c01f5f48 c25caa08 3c80: c0496d60 bf017484 c33e3ca4 c33e3c98 c022a698 bf01692c c33e3cd4 c33e3ca8 3ca0: c01f5d88 c022a688 00000000 bf017484 c25caa00 c25caa00 c01f5f48 c25caa08 3cc0: c0496d60 00000000 c33e3cec c33e3cd8 c01f5f8c c01f5d10 00000000 c33e3cf0 3ce0: c33e3d14 c33e3cf0 c01f5210 c01f5f58 c303cb48 c25ecf94 c25caa00 c25caa00 3d00: c25caa34 c33e3dd8 c33e3d34 c33e3d18 c01f6044 c01f51b8 c0496d3c c25caa00 3d20: c044e918 c33e3dd8 c33e3d44 c33e3d38 c01f4ff4 c01f5fcc c33e3d94 c33e3d48 3d40: c01f3d10 c01f4fd8 00000000 c044e918 00000000 00000000 c01f52c0 c034d570 3d60: c33e3d84 c33e3d70 c022bf84 c25caa00 00000000 c044e918 c33e3dd8 c25c2e00 3d80: c0496d60 bf01763c c33e3db4 c33e3d98 c022b1a0 c01f384c c25caa00 c33e3dd8 3da0: 00000000 c33e3dd8 c33e3dd4 c33e3db8 c022b27c c022b0e8 00000000 bf01763c 3dc0: c0451c80 c33e3dd8 c33e3e34 c33e3dd8 bf016f60 c022b210 5f75636d 746e6f63 3de0: 006c6f72 00000000 00000000 00000000 00000000 00000000 00000000 bf0174bc 3e00: 00000000 00989680 00000000 00000020 c0451c80 c0451c80 bf0174dc c01f5eb0 3e20: c33f0f00 bf0174dc c33e3e44 c33e3e38 c01f72f4 bf016e2c c33e3e74 c33e3e48 3e40: c01f5d88 c01f72e4 00000000 c0451c80 c0451cb4 bf0174dc c01f5eb0 c33f0f00 3e60: c0473100 00000000 c33e3e94 c33e3e78 c01f5f44 c01f5d10 00000000 c33e3e98 3e80: bf0174dc c01f5eb0 c33e3ebc c33e3e98 c01f5534 c01f5ec0 c303c038 c3061c30 3ea0: 00003cd8 00098258 bf0174dc c0462ac c33e3ecc c33e3ec0 c01f5bec c01f54dc 3ec0: c33e3efc c33e3ed0 c01f4d30 c01f5bdc bf0173a0 c33e2000 00003cd8 00098258 3ee0: bf0174dc c33e2000 c00301a4 bf019000 c33e3f1c c33e3f00 c01f6588 c01f4c8c 3f00: 00003cd8 00098258 00000000 c33e2000 c33e3f2c c33e3f20 c01f777c c01f6524 3f20: c33e3f3c c33e3f30 bf019014 c01f7740 c33e3f7c c33e3f40 c002f3ec bf019010 3f40: 00000000 00003cd8 00098258 bf017518 00000000 00003cd8 00098258 bf017518 3f60: 00000000 c00301a4 c33e2000 00000000 c33e3fa4 c33e3f80 c007b934 c002f3c4 3f80: c00b307c c00b2f48 00003cd8 00000000 00000003 00000080 00000000 c33e3fa8 3fa0: c0030020 c007b8b8 00003cd8 00000000 00098288 00003cd8 00098258 00098240 3fc0: 00003cd8 00000000 00000003 00000080 00098008 00098028 00098288 00000001 3fe0: be892998 be892988 00013d7c 40178740 60000010 00098288 09089041 00200845 Backtrace: [<c0080ba4>] (irq_gc_mask_set_bit+0x0/0x7c) from [<c007f5f8>] (irq_enable+0x48/0x58) r6:c33d4340 r5:c04555bc r4:c04555bc [<c007f5b0>] (irq_enable+0x0/0x58) from [<c007f654>] (irq_startup+0x4c/0x54) r5:c04555bc r4:00000000 [<c007f608>] (irq_startup+0x0/0x54) from [<c007e6e8>] (__setup_irq+0x2f0/0x3cc) r5:c04555bc r4:00000000 [<c007e3f8>] (__setup_irq+0x0/0x3cc) from [<c007e888>] (request_threaded_irq+0xc4/0x110) r8:0000002d r7:c33dc008 r6:00000000 r5:00000001 r4:bf016c98 [<c007e7c4>] (request_threaded_irq+0x0/0x110) from [<bf016b44>] (mcu_spi_probe+0x228/0x37c [mcu]) [<bf01691c>] (mcu_spi_probe+0x0/0x37c [mcu]) from [<c022a698>] (spi_drv_probe+0x20/0x24) [<c022a678>] (spi_drv_probe+0x0/0x24) from [<c01f5d88>] (driver_probe_device+0x88/0x1b0) [<c01f5d00>] (driver_probe_device+0x0/0x1b0) from [<c01f5f8c>] (__device_attach+0x44/0x48) [<c01f5f48>] (__device_attach+0x0/0x48) from [<c01f5210>] (bus_for_each_drv+0x68/0x94) r5:c33e3cf0 r4:00000000 [<c01f51a8>] (bus_for_each_drv+0x0/0x94) from [<c01f6044>] (device_attach+0x88/0xa0) r7:c33e3dd8 r6:c25caa34 r5:c25caa00 r4:c25caa00 [<c01f5fbc>] (device_attach+0x0/0xa0) from [<c01f4ff4>] (bus_probe_device+0x2c/0x4c) r7:c33e3dd8 r6:c044e918 r5:c25caa00 r4:c0496d3c [<c01f4fc8>] (bus_probe_device+0x0/0x4c) from [<c01f3d10>] (device_add+0x4d4/0x648) [<c01f383c>] (device_add+0x0/0x648) from [<c022b1a0>] (spi_add_device+0xc8/0x128) [<c022b0d8>] (spi_add_device+0x0/0x128) from [<c022b27c>] (spi_new_device+0x7c/0xb4) r7:c33e3dd8 r6:00000000 r5:c33e3dd8 r4:c25caa00 [<c022b200>] (spi_new_device+0x0/0xb4) from [<bf016f60>] (mcu_probe+0x144/0x224 [mcu]) r7:c33e3dd8 r6:c0451c80 r5:bf01763c r4:00000000 [<bf016e1c>] (mcu_probe+0x0/0x224 [mcu]) from [<c01f72f4>] (platform_drv_probe+0x20/0x24) [<c01f72d4>] (platform_drv_probe+0x0/0x24) from [<c01f5d88>] (driver_probe_device+0x88/0x1b0) [<c01f5d00>] (driver_probe_device+0x0/0x1b0) from [<c01f5f44>] (__driver_attach+0x94/0x98) [<c01f5eb0>] (__driver_attach+0x0/0x98) from [<c01f5534>] (bus_for_each_dev+0x68/0x94) r7:c01f5eb0 r6:bf0174dc r5:c33e3e98 r4:00000000 [<c01f54cc>] (bus_for_each_dev+0x0/0x94) from [<c01f5bec>] (driver_attach+0x20/0x28) r7:c0462ac8 r6:bf0174dc r5:00098258 r4:00003cd8 [<c01f5bcc>] (driver_attach+0x0/0x28) from [<c01f4d30>] (bus_add_driver+0xb4/0x258) [<c01f4c7c>] (bus_add_driver+0x0/0x258) from [<c01f6588>] (driver_register+0x74/0x158) [<c01f6514>] (driver_register+0x0/0x158) from [<c01f777c>] (platform_driver_register+0x4c/0x60) r7:c33e2000 r6:00000000 r5:00098258 r4:00003cd8 [<c01f7730>] (platform_driver_register+0x0/0x60) from [<bf019014>] (mcu_init+0x14/0x20 [mcu]) [<bf019000>] (mcu_init+0x0/0x20 [mcu]) from [<c002f3ec>] (do_one_initcall+0x38/0x170) [<c002f3b4>] (do_one_initcall+0x0/0x170) from [<c007b934>] (sys_init_module+0x8c/0x1a4) [<c007b8a8>] (sys_init_module+0x0/0x1a4) from [<c0030020>] (ret_fast_syscall+0x0/0x2c) r7:00000080 r6:00000003 r5:00000000 r4:00003cd8 Code: e1844003 e585400c e596300c e5932064 (e7814002) Fix the issue. Cc: <stable@vger.kernel.org> # v3.0.x+ Reported-by: Jon Povey <Jon.Povey@racelogic.co.uk> Signed-off-by: Sekhar Nori <nsekhar@ti.com> Signed-off-by: Grant Likely <grant.likely@secretlab.ca>
hramrach
pushed a commit
to hramrach/linux-sunxi
that referenced
this issue
May 4, 2015
Whenever the check for a send in progress introduced in commit 521e054 (btrfs: protect snapshots from deleting during send) is hit, we return without unlocking inode->i_mutex. This is easy to see with lockdep enabled: [ +0.000059] ================================================ [ +0.000028] [ BUG: lock held when returning to user space! ] [ +0.000029] 4.0.0-rc5-00096-g3c435c1 linux-sunxi#93 Not tainted [ +0.000026] ------------------------------------------------ [ +0.000029] btrfs/211 is leaving the kernel with locks still held! [ +0.000029] 1 lock held by btrfs/211: [ +0.000023] #0: (&type->i_mutex_dir_key){+.+.+.}, at: [<ffffffff8135b8df>] btrfs_ioctl_snap_destroy+0x2df/0x7a0 Make sure we unlock it in the error path. Reviewed-by: Filipe Manana <fdmanana@suse.com> Reviewed-by: David Sterba <dsterba@suse.cz> Cc: stable@vger.kernel.org Signed-off-by: Omar Sandoval <osandov@osandov.com> Signed-off-by: Chris Mason <clm@fb.com>
codekipper
pushed a commit
to codekipper/linux-sunxi
that referenced
this issue
Feb 25, 2017
WARNING: Missing a blank line after declarations linux-sunxi#93: FILE: mm/z3fold.c:172: + struct page *page = virt_to_page(zhdr); + if (!list_empty(&zhdr->buddy)) total: 0 errors, 1 warnings, 261 lines checked NOTE: For some of the reported defects, checkpatch may be able to mechanically convert to the typical style using --fix or --fix-inplace. ./patches/z3fold-add-kref-refcounting.patch has style problems, please review. NOTE: If any of the errors are false positives, please report them to the maintainer, see CHECKPATCH in MAINTAINERS. Please run checkpatch prior to sending patches Cc: Vitaly Wool <vitalywool@gmail.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
amery
pushed a commit
that referenced
this issue
Mar 31, 2017
[ Upstream commit 909e26d ] Whenever the check for a send in progress introduced in commit 521e054 (btrfs: protect snapshots from deleting during send) is hit, we return without unlocking inode->i_mutex. This is easy to see with lockdep enabled: [ +0.000059] ================================================ [ +0.000028] [ BUG: lock held when returning to user space! ] [ +0.000029] 4.0.0-rc5-00096-g3c435c1 #93 Not tainted [ +0.000026] ------------------------------------------------ [ +0.000029] btrfs/211 is leaving the kernel with locks still held! [ +0.000029] 1 lock held by btrfs/211: [ +0.000023] #0: (&type->i_mutex_dir_key){+.+.+.}, at: [<ffffffff8135b8df>] btrfs_ioctl_snap_destroy+0x2df/0x7a0 Make sure we unlock it in the error path. Reviewed-by: Filipe Manana <fdmanana@suse.com> Reviewed-by: David Sterba <dsterba@suse.cz> Cc: stable@vger.kernel.org Signed-off-by: Omar Sandoval <osandov@osandov.com> Signed-off-by: Chris Mason <clm@fb.com> Signed-off-by: Sasha Levin <sasha.levin@oracle.com>
wens
pushed a commit
that referenced
this issue
Jun 8, 2017
split __bpf_prog_run() interpreter into stack allocation and execution parts. The code section shrinks which helps interpreter performance in some cases. text data bss dec hex filename 26350 10328 624 37302 91b6 kernel/bpf/core.o.before 25777 10328 624 36729 8f79 kernel/bpf/core.o.after Very short programs got slower (due to extra function call): Before: test_bpf: #89 ALU64_ADD_K: 1 + 2 = 3 jited:0 7 PASS test_bpf: #90 ALU64_ADD_K: 3 + 0 = 3 jited:0 8 PASS test_bpf: #91 ALU64_ADD_K: 1 + 2147483646 = 2147483647 jited:0 7 PASS test_bpf: #92 ALU64_ADD_K: 4294967294 + 2 = 4294967296 jited:0 11 PASS test_bpf: #93 ALU64_ADD_K: 2147483646 + -2147483647 = -1 jited:0 7 PASS After: test_bpf: #89 ALU64_ADD_K: 1 + 2 = 3 jited:0 11 PASS test_bpf: #90 ALU64_ADD_K: 3 + 0 = 3 jited:0 11 PASS test_bpf: #91 ALU64_ADD_K: 1 + 2147483646 = 2147483647 jited:0 11 PASS test_bpf: #92 ALU64_ADD_K: 4294967294 + 2 = 4294967296 jited:0 14 PASS test_bpf: #93 ALU64_ADD_K: 2147483646 + -2147483647 = -1 jited:0 10 PASS Longer programs got faster: Before: test_bpf: #266 BPF_MAXINSNS: Ctx heavy transformations jited:0 20286 20513 PASS test_bpf: #267 BPF_MAXINSNS: Call heavy transformations jited:0 31853 31768 PASS test_bpf: #268 BPF_MAXINSNS: Jump heavy test jited:0 9815 PASS test_bpf: #269 BPF_MAXINSNS: Very long jump backwards jited:0 6 PASS test_bpf: #270 BPF_MAXINSNS: Edge hopping nuthouse jited:0 13959 PASS test_bpf: #271 BPF_MAXINSNS: Jump, gap, jump, ... jited:0 210 PASS test_bpf: #272 BPF_MAXINSNS: ld_abs+get_processor_id jited:0 21724 PASS test_bpf: #273 BPF_MAXINSNS: ld_abs+vlan_push/pop jited:0 19118 PASS After: test_bpf: #266 BPF_MAXINSNS: Ctx heavy transformations jited:0 19008 18827 PASS test_bpf: #267 BPF_MAXINSNS: Call heavy transformations jited:0 29238 28450 PASS test_bpf: #268 BPF_MAXINSNS: Jump heavy test jited:0 9485 PASS test_bpf: #269 BPF_MAXINSNS: Very long jump backwards jited:0 12 PASS test_bpf: #270 BPF_MAXINSNS: Edge hopping nuthouse jited:0 13257 PASS test_bpf: #271 BPF_MAXINSNS: Jump, gap, jump, ... jited:0 213 PASS test_bpf: #272 BPF_MAXINSNS: ld_abs+get_processor_id jited:0 19389 PASS test_bpf: #273 BPF_MAXINSNS: ld_abs+vlan_push/pop jited:0 19583 PASS For real world production programs the difference is noise. This patch is first step towards reducing interpreter stack consumption. Signed-off-by: Alexei Starovoitov <ast@kernel.org> Acked-by: Daniel Borkmann <daniel@iogearbox.net> Signed-off-by: David S. Miller <davem@davemloft.net>
amery
pushed a commit
that referenced
this issue
Oct 10, 2018
In rawv6_send_hdrinc(), in order to avoid an extra dst_hold(), we directly assign the dst to skb and set passed in dst to NULL to avoid double free. However, in error case, we free skb and then do stats update with the dst pointer passed in. This causes use-after-free on the dst. Fix it by taking rcu read lock right before dst could get released to make sure dst does not get freed until the stats update is done. Note: we don't have this issue in ipv4 cause dst is not used for stats update in v4. Syzkaller reported following crash: BUG: KASAN: use-after-free in rawv6_send_hdrinc net/ipv6/raw.c:692 [inline] BUG: KASAN: use-after-free in rawv6_sendmsg+0x4421/0x4630 net/ipv6/raw.c:921 Read of size 8 at addr ffff8801d95ba730 by task syz-executor0/32088 CPU: 1 PID: 32088 Comm: syz-executor0 Not tainted 4.19.0-rc2+ #93 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:77 [inline] dump_stack+0x1c4/0x2b4 lib/dump_stack.c:113 print_address_description.cold.8+0x9/0x1ff mm/kasan/report.c:256 kasan_report_error mm/kasan/report.c:354 [inline] kasan_report.cold.9+0x242/0x309 mm/kasan/report.c:412 __asan_report_load8_noabort+0x14/0x20 mm/kasan/report.c:433 rawv6_send_hdrinc net/ipv6/raw.c:692 [inline] rawv6_sendmsg+0x4421/0x4630 net/ipv6/raw.c:921 inet_sendmsg+0x1a1/0x690 net/ipv4/af_inet.c:798 sock_sendmsg_nosec net/socket.c:621 [inline] sock_sendmsg+0xd5/0x120 net/socket.c:631 ___sys_sendmsg+0x7fd/0x930 net/socket.c:2114 __sys_sendmsg+0x11d/0x280 net/socket.c:2152 __do_sys_sendmsg net/socket.c:2161 [inline] __se_sys_sendmsg net/socket.c:2159 [inline] __x64_sys_sendmsg+0x78/0xb0 net/socket.c:2159 do_syscall_64+0x1b9/0x820 arch/x86/entry/common.c:290 entry_SYSCALL_64_after_hwframe+0x49/0xbe RIP: 0033:0x457099 Code: fd b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 RSP: 002b:00007f83756edc78 EFLAGS: 00000246 ORIG_RAX: 000000000000002e RAX: ffffffffffffffda RBX: 00007f83756ee6d4 RCX: 0000000000457099 RDX: 0000000000000000 RSI: 0000000020003840 RDI: 0000000000000004 RBP: 00000000009300a0 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff R13: 00000000004d4b30 R14: 00000000004c90b1 R15: 0000000000000000 Allocated by task 32088: save_stack+0x43/0xd0 mm/kasan/kasan.c:448 set_track mm/kasan/kasan.c:460 [inline] kasan_kmalloc+0xc7/0xe0 mm/kasan/kasan.c:553 kasan_slab_alloc+0x12/0x20 mm/kasan/kasan.c:490 kmem_cache_alloc+0x12e/0x730 mm/slab.c:3554 dst_alloc+0xbb/0x1d0 net/core/dst.c:105 ip6_dst_alloc+0x35/0xa0 net/ipv6/route.c:353 ip6_rt_cache_alloc+0x247/0x7b0 net/ipv6/route.c:1186 ip6_pol_route+0x8f8/0xd90 net/ipv6/route.c:1895 ip6_pol_route_output+0x54/0x70 net/ipv6/route.c:2093 fib6_rule_lookup+0x277/0x860 net/ipv6/fib6_rules.c:122 ip6_route_output_flags+0x2c5/0x350 net/ipv6/route.c:2121 ip6_route_output include/net/ip6_route.h:88 [inline] ip6_dst_lookup_tail+0xe27/0x1d60 net/ipv6/ip6_output.c:951 ip6_dst_lookup_flow+0xc8/0x270 net/ipv6/ip6_output.c:1079 rawv6_sendmsg+0x12d9/0x4630 net/ipv6/raw.c:905 inet_sendmsg+0x1a1/0x690 net/ipv4/af_inet.c:798 sock_sendmsg_nosec net/socket.c:621 [inline] sock_sendmsg+0xd5/0x120 net/socket.c:631 ___sys_sendmsg+0x7fd/0x930 net/socket.c:2114 __sys_sendmsg+0x11d/0x280 net/socket.c:2152 __do_sys_sendmsg net/socket.c:2161 [inline] __se_sys_sendmsg net/socket.c:2159 [inline] __x64_sys_sendmsg+0x78/0xb0 net/socket.c:2159 do_syscall_64+0x1b9/0x820 arch/x86/entry/common.c:290 entry_SYSCALL_64_after_hwframe+0x49/0xbe Freed by task 5356: save_stack+0x43/0xd0 mm/kasan/kasan.c:448 set_track mm/kasan/kasan.c:460 [inline] __kasan_slab_free+0x102/0x150 mm/kasan/kasan.c:521 kasan_slab_free+0xe/0x10 mm/kasan/kasan.c:528 __cache_free mm/slab.c:3498 [inline] kmem_cache_free+0x83/0x290 mm/slab.c:3756 dst_destroy+0x267/0x3c0 net/core/dst.c:141 dst_destroy_rcu+0x16/0x19 net/core/dst.c:154 __rcu_reclaim kernel/rcu/rcu.h:236 [inline] rcu_do_batch kernel/rcu/tree.c:2576 [inline] invoke_rcu_callbacks kernel/rcu/tree.c:2880 [inline] __rcu_process_callbacks kernel/rcu/tree.c:2847 [inline] rcu_process_callbacks+0xf23/0x2670 kernel/rcu/tree.c:2864 __do_softirq+0x30b/0xad8 kernel/softirq.c:292 Fixes: 1789a64 ("raw: avoid two atomics in xmit") Signed-off-by: Wei Wang <weiwan@google.com> Signed-off-by: Eric Dumazet <edumazet@google.com> Signed-off-by: David S. Miller <davem@davemloft.net>
repojohnray
pushed a commit
to repojohnray/linux-sunxi-4.7.y
that referenced
this issue
Oct 18, 2018
[ Upstream commit a688caa ] In rawv6_send_hdrinc(), in order to avoid an extra dst_hold(), we directly assign the dst to skb and set passed in dst to NULL to avoid double free. However, in error case, we free skb and then do stats update with the dst pointer passed in. This causes use-after-free on the dst. Fix it by taking rcu read lock right before dst could get released to make sure dst does not get freed until the stats update is done. Note: we don't have this issue in ipv4 cause dst is not used for stats update in v4. Syzkaller reported following crash: BUG: KASAN: use-after-free in rawv6_send_hdrinc net/ipv6/raw.c:692 [inline] BUG: KASAN: use-after-free in rawv6_sendmsg+0x4421/0x4630 net/ipv6/raw.c:921 Read of size 8 at addr ffff8801d95ba730 by task syz-executor0/32088 CPU: 1 PID: 32088 Comm: syz-executor0 Not tainted 4.19.0-rc2+ linux-sunxi#93 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:77 [inline] dump_stack+0x1c4/0x2b4 lib/dump_stack.c:113 print_address_description.cold.8+0x9/0x1ff mm/kasan/report.c:256 kasan_report_error mm/kasan/report.c:354 [inline] kasan_report.cold.9+0x242/0x309 mm/kasan/report.c:412 __asan_report_load8_noabort+0x14/0x20 mm/kasan/report.c:433 rawv6_send_hdrinc net/ipv6/raw.c:692 [inline] rawv6_sendmsg+0x4421/0x4630 net/ipv6/raw.c:921 inet_sendmsg+0x1a1/0x690 net/ipv4/af_inet.c:798 sock_sendmsg_nosec net/socket.c:621 [inline] sock_sendmsg+0xd5/0x120 net/socket.c:631 ___sys_sendmsg+0x7fd/0x930 net/socket.c:2114 __sys_sendmsg+0x11d/0x280 net/socket.c:2152 __do_sys_sendmsg net/socket.c:2161 [inline] __se_sys_sendmsg net/socket.c:2159 [inline] __x64_sys_sendmsg+0x78/0xb0 net/socket.c:2159 do_syscall_64+0x1b9/0x820 arch/x86/entry/common.c:290 entry_SYSCALL_64_after_hwframe+0x49/0xbe RIP: 0033:0x457099 Code: fd b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 RSP: 002b:00007f83756edc78 EFLAGS: 00000246 ORIG_RAX: 000000000000002e RAX: ffffffffffffffda RBX: 00007f83756ee6d4 RCX: 0000000000457099 RDX: 0000000000000000 RSI: 0000000020003840 RDI: 0000000000000004 RBP: 00000000009300a0 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff R13: 00000000004d4b30 R14: 00000000004c90b1 R15: 0000000000000000 Allocated by task 32088: save_stack+0x43/0xd0 mm/kasan/kasan.c:448 set_track mm/kasan/kasan.c:460 [inline] kasan_kmalloc+0xc7/0xe0 mm/kasan/kasan.c:553 kasan_slab_alloc+0x12/0x20 mm/kasan/kasan.c:490 kmem_cache_alloc+0x12e/0x730 mm/slab.c:3554 dst_alloc+0xbb/0x1d0 net/core/dst.c:105 ip6_dst_alloc+0x35/0xa0 net/ipv6/route.c:353 ip6_rt_cache_alloc+0x247/0x7b0 net/ipv6/route.c:1186 ip6_pol_route+0x8f8/0xd90 net/ipv6/route.c:1895 ip6_pol_route_output+0x54/0x70 net/ipv6/route.c:2093 fib6_rule_lookup+0x277/0x860 net/ipv6/fib6_rules.c:122 ip6_route_output_flags+0x2c5/0x350 net/ipv6/route.c:2121 ip6_route_output include/net/ip6_route.h:88 [inline] ip6_dst_lookup_tail+0xe27/0x1d60 net/ipv6/ip6_output.c:951 ip6_dst_lookup_flow+0xc8/0x270 net/ipv6/ip6_output.c:1079 rawv6_sendmsg+0x12d9/0x4630 net/ipv6/raw.c:905 inet_sendmsg+0x1a1/0x690 net/ipv4/af_inet.c:798 sock_sendmsg_nosec net/socket.c:621 [inline] sock_sendmsg+0xd5/0x120 net/socket.c:631 ___sys_sendmsg+0x7fd/0x930 net/socket.c:2114 __sys_sendmsg+0x11d/0x280 net/socket.c:2152 __do_sys_sendmsg net/socket.c:2161 [inline] __se_sys_sendmsg net/socket.c:2159 [inline] __x64_sys_sendmsg+0x78/0xb0 net/socket.c:2159 do_syscall_64+0x1b9/0x820 arch/x86/entry/common.c:290 entry_SYSCALL_64_after_hwframe+0x49/0xbe Freed by task 5356: save_stack+0x43/0xd0 mm/kasan/kasan.c:448 set_track mm/kasan/kasan.c:460 [inline] __kasan_slab_free+0x102/0x150 mm/kasan/kasan.c:521 kasan_slab_free+0xe/0x10 mm/kasan/kasan.c:528 __cache_free mm/slab.c:3498 [inline] kmem_cache_free+0x83/0x290 mm/slab.c:3756 dst_destroy+0x267/0x3c0 net/core/dst.c:141 dst_destroy_rcu+0x16/0x19 net/core/dst.c:154 __rcu_reclaim kernel/rcu/rcu.h:236 [inline] rcu_do_batch kernel/rcu/tree.c:2576 [inline] invoke_rcu_callbacks kernel/rcu/tree.c:2880 [inline] __rcu_process_callbacks kernel/rcu/tree.c:2847 [inline] rcu_process_callbacks+0xf23/0x2670 kernel/rcu/tree.c:2864 __do_softirq+0x30b/0xad8 kernel/softirq.c:292 Fixes: 1789a64 ("raw: avoid two atomics in xmit") Signed-off-by: Wei Wang <weiwan@google.com> Signed-off-by: Eric Dumazet <edumazet@google.com> Signed-off-by: David S. Miller <davem@davemloft.net> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
repojohnray
pushed a commit
to repojohnray/linux-sunxi-4.7.y
that referenced
this issue
May 5, 2019
[ Upstream commit a622b40 ] Before taking a refcount on a rcu protected structure, we need to make sure the refcount is not zero. syzbot reported : refcount_t: increment on 0; use-after-free. WARNING: CPU: 1 PID: 23533 at lib/refcount.c:156 refcount_inc_checked lib/refcount.c:156 [inline] WARNING: CPU: 1 PID: 23533 at lib/refcount.c:156 refcount_inc_checked+0x61/0x70 lib/refcount.c:154 Kernel panic - not syncing: panic_on_warn set ... CPU: 1 PID: 23533 Comm: syz-executor.2 Not tainted 5.1.0-rc7+ linux-sunxi#93 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:77 [inline] dump_stack+0x172/0x1f0 lib/dump_stack.c:113 panic+0x2cb/0x65c kernel/panic.c:214 __warn.cold+0x20/0x45 kernel/panic.c:571 report_bug+0x263/0x2b0 lib/bug.c:186 fixup_bug arch/x86/kernel/traps.c:179 [inline] fixup_bug arch/x86/kernel/traps.c:174 [inline] do_error_trap+0x11b/0x200 arch/x86/kernel/traps.c:272 do_invalid_op+0x37/0x50 arch/x86/kernel/traps.c:291 invalid_op+0x14/0x20 arch/x86/entry/entry_64.S:973 RIP: 0010:refcount_inc_checked lib/refcount.c:156 [inline] RIP: 0010:refcount_inc_checked+0x61/0x70 lib/refcount.c:154 Code: 1d 98 2b 2a 06 31 ff 89 de e8 db 2c 40 fe 84 db 75 dd e8 92 2b 40 fe 48 c7 c7 20 7a a1 87 c6 05 78 2b 2a 06 01 e8 7d d9 12 fe <0f> 0b eb c1 90 90 90 90 90 90 90 90 90 90 90 55 48 89 e5 41 57 41 RSP: 0018:ffff888069f0fba8 EFLAGS: 00010286 RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000000 RDX: 000000000000f353 RSI: ffffffff815afcb6 RDI: ffffed100d3e1f67 RBP: ffff888069f0fbb8 R08: ffff88809b1845c0 R09: ffffed1015d23ef1 R10: ffffed1015d23ef0 R11: ffff8880ae91f787 R12: ffff8880a8f26968 R13: 0000000000000004 R14: dffffc0000000000 R15: ffff8880a49a6440 l2tp_tunnel_inc_refcount net/l2tp/l2tp_core.h:240 [inline] l2tp_tunnel_get+0x250/0x580 net/l2tp/l2tp_core.c:173 pppol2tp_connect+0xc00/0x1c70 net/l2tp/l2tp_ppp.c:702 __sys_connect+0x266/0x330 net/socket.c:1808 __do_sys_connect net/socket.c:1819 [inline] __se_sys_connect net/socket.c:1816 [inline] __x64_sys_connect+0x73/0xb0 net/socket.c:1816 Fixes: 54652eb ("l2tp: hold tunnel while looking up sessions in l2tp_netlink") Signed-off-by: Eric Dumazet <edumazet@google.com> Reported-by: syzbot <syzkaller@googlegroups.com> Cc: Guillaume Nault <g.nault@alphalink.fr> Signed-off-by: David S. Miller <davem@davemloft.net> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
repojohnray
pushed a commit
to repojohnray/linux-sunxi-4.7.y
that referenced
this issue
Aug 27, 2020
[ Upstream commit eeaac36 ] Currently the nexthop code will use an empty NHA_GROUP attribute, but it requires at least 1 entry in order to function properly. Otherwise we end up derefencing null or random pointers all over the place due to not having any nh_grp_entry members allocated, nexthop code relies on having at least the first member present. Empty NHA_GROUP doesn't make any sense so just disallow it. Also add a WARN_ON for any future users of nexthop_create_group(). BUG: kernel NULL pointer dereference, address: 0000000000000080 #PF: supervisor read access in kernel mode #PF: error_code(0x0000) - not-present page PGD 0 P4D 0 Oops: 0000 [jwrdegoede#1] SMP CPU: 0 PID: 558 Comm: ip Not tainted 5.9.0-rc1+ linux-sunxi#93 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.13.0-2.fc32 04/01/2014 RIP: 0010:fib_check_nexthop+0x4a/0xaa Code: 0f 84 83 00 00 00 48 c7 02 80 03 f7 81 c3 40 80 fe fe 75 12 b8 ea ff ff ff 48 85 d2 74 6b 48 c7 02 40 03 f7 81 c3 48 8b 40 10 <48> 8b 80 80 00 00 00 eb 36 80 78 1a 00 74 12 b8 ea ff ff ff 48 85 RSP: 0018:ffff88807983ba00 EFLAGS: 00010213 RAX: 0000000000000000 RBX: ffff88807983bc00 RCX: 0000000000000000 RDX: ffff88807983bc00 RSI: 0000000000000000 RDI: ffff88807bdd0a80 RBP: ffff88807983baf8 R08: 0000000000000dc0 R09: 000000000000040a R10: 0000000000000000 R11: ffff88807bdd0ae8 R12: 0000000000000000 R13: 0000000000000000 R14: ffff88807bea3100 R15: 0000000000000001 FS: 00007f10db393700(0000) GS:ffff88807dc00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 0000000000000080 CR3: 000000007bd0f004 CR4: 00000000003706f0 Call Trace: fib_create_info+0x64d/0xaf7 fib_table_insert+0xf6/0x581 ? __vma_adjust+0x3b6/0x4d4 inet_rtm_newroute+0x56/0x70 rtnetlink_rcv_msg+0x1e3/0x20d ? rtnl_calcit.isra.0+0xb8/0xb8 netlink_rcv_skb+0x5b/0xac netlink_unicast+0xfa/0x17b netlink_sendmsg+0x334/0x353 sock_sendmsg_nosec+0xf/0x3f ____sys_sendmsg+0x1a0/0x1fc ? copy_msghdr_from_user+0x4c/0x61 ___sys_sendmsg+0x63/0x84 ? handle_mm_fault+0xa39/0x11b5 ? sockfd_lookup_light+0x72/0x9a __sys_sendmsg+0x50/0x6e do_syscall_64+0x54/0xbe entry_SYSCALL_64_after_hwframe+0x44/0xa9 RIP: 0033:0x7f10dacc0bb7 Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb cd 66 0f 1f 44 00 00 8b 05 9a 4b 2b 00 85 c0 75 2e 48 63 ff 48 63 d2 b8 2e 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 8b 15 b1 f2 2a 00 f7 d8 64 89 02 48 RSP: 002b:00007ffcbe628bf8 EFLAGS: 00000246 ORIG_RAX: 000000000000002e RAX: ffffffffffffffda RBX: 00007ffcbe628f80 RCX: 00007f10dacc0bb7 RDX: 0000000000000000 RSI: 00007ffcbe628c60 RDI: 0000000000000003 RBP: 000000005f41099c R08: 0000000000000001 R09: 0000000000000008 R10: 00000000000005e9 R11: 0000000000000246 R12: 0000000000000000 R13: 0000000000000000 R14: 00007ffcbe628d70 R15: 0000563a86c6e440 Modules linked in: CR2: 0000000000000080 CC: David Ahern <dsahern@gmail.com> Fixes: 430a049 ("nexthop: Add support for nexthop groups") Reported-by: syzbot+a61aa19b0c14c8770bd9@syzkaller.appspotmail.com Signed-off-by: Nikolay Aleksandrov <nikolay@cumulusnetworks.com> Reviewed-by: David Ahern <dsahern@gmail.com> Signed-off-by: David S. Miller <davem@davemloft.net> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
jwrdegoede
pushed a commit
to jwrdegoede/linux-sunxi
that referenced
this issue
Aug 29, 2020
Currently the nexthop code will use an empty NHA_GROUP attribute, but it requires at least 1 entry in order to function properly. Otherwise we end up derefencing null or random pointers all over the place due to not having any nh_grp_entry members allocated, nexthop code relies on having at least the first member present. Empty NHA_GROUP doesn't make any sense so just disallow it. Also add a WARN_ON for any future users of nexthop_create_group(). BUG: kernel NULL pointer dereference, address: 0000000000000080 #PF: supervisor read access in kernel mode #PF: error_code(0x0000) - not-present page PGD 0 P4D 0 Oops: 0000 [#1] SMP CPU: 0 PID: 558 Comm: ip Not tainted 5.9.0-rc1+ linux-sunxi#93 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.13.0-2.fc32 04/01/2014 RIP: 0010:fib_check_nexthop+0x4a/0xaa Code: 0f 84 83 00 00 00 48 c7 02 80 03 f7 81 c3 40 80 fe fe 75 12 b8 ea ff ff ff 48 85 d2 74 6b 48 c7 02 40 03 f7 81 c3 48 8b 40 10 <48> 8b 80 80 00 00 00 eb 36 80 78 1a 00 74 12 b8 ea ff ff ff 48 85 RSP: 0018:ffff88807983ba00 EFLAGS: 00010213 RAX: 0000000000000000 RBX: ffff88807983bc00 RCX: 0000000000000000 RDX: ffff88807983bc00 RSI: 0000000000000000 RDI: ffff88807bdd0a80 RBP: ffff88807983baf8 R08: 0000000000000dc0 R09: 000000000000040a R10: 0000000000000000 R11: ffff88807bdd0ae8 R12: 0000000000000000 R13: 0000000000000000 R14: ffff88807bea3100 R15: 0000000000000001 FS: 00007f10db393700(0000) GS:ffff88807dc00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 0000000000000080 CR3: 000000007bd0f004 CR4: 00000000003706f0 Call Trace: fib_create_info+0x64d/0xaf7 fib_table_insert+0xf6/0x581 ? __vma_adjust+0x3b6/0x4d4 inet_rtm_newroute+0x56/0x70 rtnetlink_rcv_msg+0x1e3/0x20d ? rtnl_calcit.isra.0+0xb8/0xb8 netlink_rcv_skb+0x5b/0xac netlink_unicast+0xfa/0x17b netlink_sendmsg+0x334/0x353 sock_sendmsg_nosec+0xf/0x3f ____sys_sendmsg+0x1a0/0x1fc ? copy_msghdr_from_user+0x4c/0x61 ___sys_sendmsg+0x63/0x84 ? handle_mm_fault+0xa39/0x11b5 ? sockfd_lookup_light+0x72/0x9a __sys_sendmsg+0x50/0x6e do_syscall_64+0x54/0xbe entry_SYSCALL_64_after_hwframe+0x44/0xa9 RIP: 0033:0x7f10dacc0bb7 Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb cd 66 0f 1f 44 00 00 8b 05 9a 4b 2b 00 85 c0 75 2e 48 63 ff 48 63 d2 b8 2e 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 8b 15 b1 f2 2a 00 f7 d8 64 89 02 48 RSP: 002b:00007ffcbe628bf8 EFLAGS: 00000246 ORIG_RAX: 000000000000002e RAX: ffffffffffffffda RBX: 00007ffcbe628f80 RCX: 00007f10dacc0bb7 RDX: 0000000000000000 RSI: 00007ffcbe628c60 RDI: 0000000000000003 RBP: 000000005f41099c R08: 0000000000000001 R09: 0000000000000008 R10: 00000000000005e9 R11: 0000000000000246 R12: 0000000000000000 R13: 0000000000000000 R14: 00007ffcbe628d70 R15: 0000563a86c6e440 Modules linked in: CR2: 0000000000000080 CC: David Ahern <dsahern@gmail.com> Fixes: 430a049 ("nexthop: Add support for nexthop groups") Reported-by: syzbot+a61aa19b0c14c8770bd9@syzkaller.appspotmail.com Signed-off-by: Nikolay Aleksandrov <nikolay@cumulusnetworks.com> Reviewed-by: David Ahern <dsahern@gmail.com> Signed-off-by: David S. Miller <davem@davemloft.net>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Attached a OTG cable to A7HD, and attached a mouse:
[ 2961.530000]
[ 2961.530000]
[ 2961.530000] insmod_host_driver
[ 2961.530000]
[ 2961.530000] [sw_hcd0]: sw_usb_host0_enable start
[ 2961.530000] WRN:L1556(drivers/usb/sun4i_usb/hcd/hcd0/sw_hcd0.c):ERR: request_irq -1066347428 failed!
No power was being sent to the usb device after that.
Detached mouse and OTG cable, and then:
rmmod_host_driver
[sw_hcd0]: sw_usb_host0_disable start
-------sw_hcd-1066743968_soft_disconnect---------
<1>Unable to handle kernel NULL pointer dereference at virtual address 00000004
[ 3125.170000] Unable to handle kernel NULL pointer dereference at virtual address 00000004
<1>pgd = c0004000
[ 3125.170000] pgd = c0004000
<1>[00000004] *pgd=00000000[ 3125.170000] [00000004] *pgd=00000000
<0>Internal error: Oops: 80000007 [#1] PREEMPT
[ 3125.170000] Internal error: Oops: 80000007 [#1] PREEMPT
Modules linked in:[ 3125.170000] Modules linked in:
CPU: 0 Not tainted (3.0.42+ #89)
[ 3125.170000] CPU: 0 Not tainted (3.0.42+ #89)
PC is at 0x4
[ 3125.170000] PC is at 0x4
LR is at sw_usb_host0_disable+0xe4/0x1f4
[ 3125.170000] LR is at sw_usb_host0_disable+0xe4/0x1f4
pc : [<00000004>] lr : [] psr: 200f0093
sp : e78cff60 ip : e78cff60 fp : e78cff84
[ 3125.170000] pc : [<00000004>] lr : [] psr: 200f0093
[ 3125.170000] sp : e78cff60 ip : e78cff60 fp : e78cff84
r10: 00000000 r9 : 00000000 r8 : 600f0013
[ 3125.170000] r10: 00000000 r9 : 00000000 r8 : 600f0013
r7 : e78a08f0 r6 : 00000000 r5 : c0837328 r4 : e78a0800
[ 3125.170000] r7 : e78a08f0 r6 : 00000000 r5 : c0837328 r4 : e78a0800
r3 : 00000004 r2 : e78cfe40 r1 : 00000000 r0 : e78a08f0
[ 3125.170000] r3 : 00000004 r2 : e78cfe40 r1 : 00000000 r0 : e78a08f0
Flags: nzCv IRQs off FIQs on Mode SVC_32 ISA ARM Segment kernel
[ 3125.170000] Flags: nzCv IRQs off FIQs on Mode SVC_32 ISA ARM Segment kernel
Control: 10c5387d Table: 66e10019 DAC: 00000015
[ 3125.170000] Control: 10c5387d Table: 66e10019 DAC: 00000015
LR: 0xc03789ac:
[ 3125.170000]
[ 3125.170000] LR: 0xc03789ac:
89ac [ 3125.170000] 89ac e3e0000f e3e0000f e89da9f8 e89da9f8 e3001644 e3001644 e59f2164 e59f2164 e59f0164 e59f0164 eb06f103 eb06f103 e59f0164 e59f0164 eb06f101 eb06f101
89cc [ 3125.170000] 89cc e3e00000 e3e00000 e89da9f8 e89da9f8 e300164a e300164a e59f2144 e59f2144 e59f0144 e59f0144 eb06f0fb eb06f0fb e59f0148 e59f0148 eb06f0f9 eb06f0f9
89ec [ 3125.170000] 89ec e3e00000 e3e00000 e89da9f8 e89da9f8 e10f8000 e10f8000 f10c0080 f10c0080 e3a00001 e3a00001 ebf37d4c ebf37d4c e1a00007 e1a00007 ebffef04 ebffef04
8a0c [ 3125.170000] 8a0c e1a00007 e1a00007 ebfffac1 ebfffac1 e5943150 e5943150 e3530000 e3530000 0a000002 0a000002 e1a01006 e1a01006 e1a00007 e1a00007 e12fff33 e12fff33
8a2c [ 3125.170000] 8a2c e1a00007 e1a00007 ebffecc7 ebffecc7 e121f008 e121f008 e3a00001 e3a00001 ebf37d08 ebf37d08 e1a0300d e1a0300d e3c36d7f e3c36d7f e3c6603f e3c6603f
8a4c [ 3125.170000] 8a4c e5963000 e5963000 e3130002 e3130002 0a000000 0a000000 eb0704b8 eb0704b8 e5940190 e5940190 e3500000 e3500000 ba000007 ba000007 e5d43194 e5d43194
8a6c [ 3125.170000] 8a6c e3130001 e3130001 0a000001 0a000001 e3a01000 e3a01000 ebf4b8b0 ebf4b8b0 e5940190 e5940190 e1a01007 e1a01007 ebf4b997 ebf4b997 e10f8000 e10f8000
8a8c [ 3125.170000] 8a8c f10c0080 f10c0080 e3a00001 e3a00001 ebf37d27 ebf37d27 e1a00007 e1a00007 eb06fd0c eb06fd0c e1a00007 e1a00007 ebffec01 ebffec01 e121f008 e121f008
SP: 0xe78cfee0:
[ 3125.170000]
[ 3125.170000] SP: 0xe78cfee0:
fee0 [ 3125.170000] fee0 5d303030 5d303030 00000020 00000020 10624dd3 10624dd3 e78cff2c e78cff2c e78cff1c e78cff1c 0000040f 0000040f 00000007 00000007 00000000 00000000
ff00 [ 3125.170000] ff00 e78a08f0 e78a08f0 600f0013 600f0013 e78cff84 e78cff84 e78cff18 e78cff18 c0037974 c0037974 c00312b4 c00312b4 e78a08f0 e78a08f0 00000000 00000000
ff20 [ 3125.170000] ff20 e78cfe40 e78cfe40 00000004 00000004 e78a0800 e78a0800 c0837328 c0837328 00000000 00000000 e78a08f0 e78a08f0 600f0013 600f0013 00000000 00000000
ff40 [ 3125.170000] ff40 00000000 00000000 e78cff84 e78cff84 e78cff60 e78cff60 e78cff60 e78cff60 c0378a2c c0378a2c 00000004 00000004 200f0093 200f0093 ffffffff ffffffff
ff60 [ 3125.170000] ff60 00000000 00000000 c0837310 c0837310 00000001 00000001 c0837310 c0837310 00000013 00000013 00000000 00000000 e78cffa4 e78cffa4 e78cff88 e78cff88
ff80 [ 3125.170000] ff80 c0378264 c0378264 c0378954 c0378954 c0837310 c0837310 c0836ff4 c0836ff4 c076bb40 c076bb40 c0373730 c0373730 e78cffbc e78cffbc e78cffa8 e78cffa8
ffa0 [ 3125.170000] ffa0 c0373760 c0373760 c0378188 c0378188 e783befc e783befc c0836ff4 c0836ff4 e78cfff4 e78cfff4 e78cffc0 e78cffc0 c007e740 c007e740 c037373c c037373c
ffc0 [ 3125.170000] ffc0 e783befc e783befc 00000000 00000000 c0836ff4 c0836ff4 00000000 00000000 e78cffd0 e78cffd0 e78cffd0 e78cffd0 00000000 00000000 e783befc e783befc
IP: 0xe78cfee0:
[ 3125.170000]
[ 3125.170000] IP: 0xe78cfee0:
fee0 [ 3125.170000] fee0 5d303030 5d303030 00000020 00000020 10624dd3 10624dd3 e78cff2c e78cff2c e78cff1c e78cff1c 0000040f 0000040f 00000007 00000007 00000000 00000000
ff00 [ 3125.170000] ff00 e78a08f0 e78a08f0 600f0013 600f0013 e78cff84 e78cff84 e78cff18 e78cff18 c0037974 c0037974 c00312b4 c00312b4 e78a08f0 e78a08f0 00000000 00000000
ff20 [ 3125.170000] ff20 e78cfe40 e78cfe40 00000004 00000004 e78a0800 e78a0800 c0837328 c0837328 00000000 00000000 e78a08f0 e78a08f0 600f0013 600f0013 00000000 00000000
ff40 [ 3125.170000] ff40 00000000 00000000 e78cff84 e78cff84 e78cff60 e78cff60 e78cff60 e78cff60 c0378a2c c0378a2c 00000004 00000004 200f0093 200f0093 ffffffff ffffffff
ff60 [ 3125.170000] ff60 00000000 00000000 c0837310 c0837310 00000001 00000001 c0837310 c0837310 00000013 00000013 00000000 00000000 e78cffa4 e78cffa4 e78cff88 e78cff88
ff80 [ 3125.170000] ff80 c0378264 c0378264 c0378954 c0378954 c0837310 c0837310 c0836ff4 c0836ff4 c076bb40 c076bb40 c0373730 c0373730 e78cffbc e78cffbc e78cffa8 e78cffa8
ffa0 [ 3125.170000] ffa0 c0373760 c0373760 c0378188 c0378188 e783befc e783befc c0836ff4 c0836ff4 e78cfff4 e78cfff4 e78cffc0 e78cffc0 c007e740 c007e740 c037373c c037373c
ffc0 [ 3125.170000] ffc0 e783befc e783befc 00000000 00000000 c0836ff4 c0836ff4 00000000 00000000 e78cffd0 e78cffd0 e78cffd0 e78cffd0 00000000 00000000 e783befc e783befc
FP: 0xe78cff04:
[ 3125.170000]
[ 3125.170000] FP: 0xe78cff04:
ff04 [ 3125.170000] ff04 600f0013 600f0013 e78cff84 e78cff84 e78cff18 e78cff18 c0037974 c0037974 c00312b4 c00312b4 e78a08f0 e78a08f0 00000000 00000000 e78cfe40 e78cfe40
ff24 [ 3125.170000] ff24 00000004 00000004 e78a0800 e78a0800 c0837328 c0837328 00000000 00000000 e78a08f0 e78a08f0 600f0013 600f0013 00000000 00000000 00000000 00000000
ff44 [ 3125.170000] ff44 e78cff84 e78cff84 e78cff60 e78cff60 e78cff60 e78cff60 c0378a2c c0378a2c 00000004 00000004 200f0093 200f0093 ffffffff ffffffff 00000000 00000000
ff64 [ 3125.170000] ff64 c0837310 c0837310 00000001 00000001 c0837310 c0837310 00000013 00000013 00000000 00000000 e78cffa4 e78cffa4 e78cff88 e78cff88 c0378264 c0378264
ff84 [ 3125.170000] ff84 c0378954 c0378954 c0837310 c0837310 c0836ff4 c0836ff4 c076bb40 c076bb40 c0373730 c0373730 e78cffbc e78cffbc e78cffa8 e78cffa8 c0373760 c0373760
ffa4 [ 3125.170000] ffa4 c0378188 c0378188 e783befc e783befc c0836ff4 c0836ff4 e78cfff4 e78cfff4 e78cffc0 e78cffc0 c007e740 c007e740 c037373c c037373c e783befc e783befc
ffc4 [ 3125.170000] ffc4 00000000 00000000 c0836ff4 c0836ff4 00000000 00000000 e78cffd0 e78cffd0 e78cffd0 e78cffd0 00000000 00000000 e783befc e783befc c007e6b4 c007e6b4
ffe4 [ 3125.170000] ffe4 c00663a0 c00663a0 00000000 00000000 e78cfff8 e78cfff8 c00663a0 c00663a0 c007e6c c007e6c ffffffff ffffffff ffffffff ffffffff 00000001 00000001
R0: 0xe78a0870:
[ 3125.170000]
[ 3125.170000] R0: 0xe78a0870:
0870 [ 3125.170000] 0870 c070d430 c070d430 c077d27c c077d27c 00000004 00000004 000001a4 000001a4 00000000 00000000 e78c1308 e78c1308 c006b538 c006b538 00000000 00000000
0890 [ 3125.170000] 0890 00000000 00000000 c06ac718 c06ac718 c077d278 c077d278 00000004 00000004 000001a4 000001a4 00000000 00000000 e78c1308 e78c1308 c006b58c c006b58c
08b0 [ 3125.170000] 08b0 00000000 00000000 00000000 00000000 c06ac72c c06ac72c c077d288 c077d288 00000004 00000004 000001a4 000001a4 00000000 00000000 e78c1308 e78c1308
08d0 [ 3125.170000] 08d0 c006b58c c006b58c 00000000 00000000 00000000 00000000 c06ac744 c06ac744 c077d280 c077d280 00000004 00000004 000001a4 000001a4 00000000 00000000
08f0 [ 3125.170000] 08f0 e78c1308 e78c1308 00000200 00000200 e78a08f8 e78a08f8 e78a08f8 e78a08f8 c0378690 c0378690 c077d28c c077d28c 00000004 00000004 000001a4 000001a4
0910 [ 3125.170000] 0910 00000000 00000000 e78c1308 e78c1308 c006b44c c006b44c 00000000 00000000 00000000 00000000 c06ac760 c06ac760 00010100 00010100 00000004 00000004
0930 [ 3125.170000] 0930 000001a4 000001a4 00000000 00000000 e78c1308 e78c1308 c006b44c c006b44c 00000000 00000000 00000000 00000000 c070d440 c070d440 c077d29c c077d29c
0950 [ 3125.170000] 0950 00000004 00000004 000001a4 000001a4 00000000 00000000 e78c1308 e78c1308 c006b538 c006b538 00000000 00000000 00000000 00000000 c070d450 c070d450
R2: 0xe78cfdc0:
[ 3125.170000]
[ 3125.170000] R2: 0xe78cfdc0:
fdc0 [ 3125.170000] fdc0 e78cff18 e78cff18 e7895300 e7895300 e78cfe64 e78cfe64 e78cfdd8 e78cfdd8 c0040390 c0040390 c0534b78 c0534b78 c06aa44a c06aa44a c06aa44a c06aa44a
fde0 [ 3125.170000] fde0 e78cfe0c e78cfe0c e78cfec5 e78cfec5 c06aa44f c06aa44f c06aa44f c06aa44f 00000005 00000005 c06aa451 c06aa451 89705f41 89705f41 e78cfecb e78cfecb
fe00 [ 3125.170000] fe00 e78cfe5c e78cfe5c e78cfecb e78cfecb e78cfecb e78cfecb c029cf78 c029cf78 00000001 00000001 0000000a 0000000a 00000006 00000006 ffffffff ffffffff
fe20 [ 3125.170000] fe20 c074e4c0 c074e4c0 600f0093 600f0093 000055ae 000055ae 000055ae 000055ae e78cfe4c e78cfe4c e78cfe40 e78cfe40 c00631f0 c00631f0 00000007 00000007
fe40 [ 3125.170000] fe40 c0040148 c0040148 c074ac68 c074ac68 00000004 00000004 e78cff18 e78cff18 200f0193 200f0193 00000000 00000000 e78cff14 e78cff14 e78cfe68 e78cfe68
fe60 [ 3125.170000] fe60 c00312e4 c00312e4 c0040154 c0040154 00000044 00000044 c074e498 c074e498 800f0093 800f0093 e78ce000 e78ce000 e78cff1c e78cff1c e78cfe88 e78cfe88
fe80 [ 3125.170000] fe80 c00637c0 c00637c0 c0057e70 c0057e70 a570a3d7 a570a3d7 00000186 00000186 a2a5d080 a2a5d080 000002d7 000002d7 c078e3af c078e3af e78cfebe e78cfebe
fea0 [ 3125.170000] fea0 800f0093 800f0093 00000000 00000000 10624dd3 10624dd3 000002d7 000002d7 c078e3af c078e3af e78cfed6 e78cfed6 00000004 00000004 205b0000 205b0000
R4: 0xe78a0780:
[ 3125.170000]
[ 3125.170000] R4: 0xe78a0780:
0780 [ 3125.170000] 0780 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000
07a0 [ 3125.170000] 07a0 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000
07c0 [ 3125.170000] 07c0 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000
07e0 [ 3125.170000] 07e0 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000
0800 [ 3125.170000] 0800 e78c1200 e78c1200 c06ac6ec c06ac6ec c077d298 c077d298 00000004 00000004 000001a4 000001a4 00000000 00000000 e78c1308 e78c1308 c006b44c c006b44c
0820 [ 3125.170000] 0820 00000000 00000000 00000000 00000000 c06ac6fc c06ac6fc c077d290 c077d290 00000004 00000004 000001a4 000001a4 00000000 00000000 e78c1308 e78c1308
0840 [ 3125.170000] 0840 c006b44c c006b44c 00000000 00000000 00000000 00000000 c06ac70c c06ac70c c077d294 c077d294 00000004 00000004 000001a4 000001a4 00000000 00000000
0860 [ 3125.170000] 0860 e78c1308 e78c1308 c006b44c c006b44c 00000000 00000000 00000000 00000000 c070d430 c070d430 c077d27c c077d27c 00000004 00000004 000001a4 000001a4
R5: 0xc08372a8:
[ 3125.170000]
[ 3125.170000] R5: 0xc08372a8:
72a8 [ 3125.170000] 72a8 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 e78c0380 e78c0380
72c8 [ 3125.170000] 72c8 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000
72e8 [ 3125.170000] 72e8 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000001 00000001 00000000 00000000
7308 [ 3125.170000] 7308 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00010000 00010000 00000000 00000000 00000001 00000001 00000000 00000000
7328 [ 3125.170000] 7328 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000
7348 [ 3125.170000] 7348 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000
7368 [ 3125.170000] 7368 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000
7388 [ 3125.170000] 7388 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000
R7: 0xe78a0870:
[ 3125.170000]
[ 3125.170000] R7: 0xe78a0870:
0870 [ 3125.170000] 0870 c070d430 c070d430 c077d27c c077d27c 00000004 00000004 000001a4 000001a4 00000000 00000000 e78c1308 e78c1308 c006b538 c006b538 00000000 00000000
0890 [ 3125.170000] 0890 00000000 00000000 c06ac718 c06ac718 c077d278 c077d278 00000004 00000004 000001a4 000001a4 00000000 00000000 e78c1308 e78c1308 c006b58c c006b58c
08b0 [ 3125.170000] 08b0 00000000 00000000 00000000 00000000 c06ac72c c06ac72c c077d288 c077d288 00000004 00000004 000001a4 000001a4 00000000 00000000 e78c1308 e78c1308
08d0 [ 3125.170000] 08d0 c006b58c c006b58c 00000000 00000000 00000000 00000000 c06ac744 c06ac744 c077d280 c077d280 00000004 00000004 000001a4 000001a4 00000000 00000000
08f0 [ 3125.170000] 08f0 e78c1308 e78c1308 00000200 00000200 e78a08f8 e78a08f8 e78a08f8 e78a08f8 c0378690 c0378690 c077d28c c077d28c 00000004 00000004 000001a4 000001a4
0910 [ 3125.170000] 0910 00000000 00000000 e78c1308 e78c1308 c006b44c c006b44c 00000000 00000000 00000000 00000000 c06ac760 c06ac760 00010100 00010100 00000004 00000004
0930 [ 3125.170000] 0930 000001a4 000001a4 00000000 00000000 e78c1308 e78c1308 c006b44c c006b44c 00000000 00000000 00000000 00000000 c070d440 c070d440 c077d29c c077d29c
0950 [ 3125.170000] 0950 00000004 00000004 000001a4 000001a4 00000000 00000000 e78c1308 e78c1308 c006b538 c006b538 00000000 00000000 00000000 00000000 c070d450 c070d450
<0>Process usb-hardware-sc (pid: 18, stack limit = 0xe78ce2e8)
[ 3125.170000] Process usb-hardware-sc (pid: 18, stack limit = 0xe78ce2e8)
<0>Stack: (0xe78cff60 to 0xe78d0000)
[ 3125.170000] Stack: (0xe78cff60 to 0xe78d0000)
<0>ff60: 00000000 c0837310 00000001 c0837310 00000013 00000000 e78cffa4 e78cff88
[ 3125.170000] ff60: 00000000 c0837310 00000001 c0837310 00000013 00000000 e78cffa4 e78cff88
<0>ff80: c0378264 c0378954 c0837310 c0836ff4 c076bb40 c0373730 e78cffbc e78cffa8
[ 3125.170000] ff80: c0378264 c0378954 c0837310 c0836ff4 c076bb40 c0373730 e78cffbc e78cffa8
<0>ffa0: c0373760 c0378188 e783befc c0836ff4 e78cfff4 e78cffc0 c007e740 c037373c
[ 3125.170000] ffa0: c0373760 c0378188 e783befc c0836ff4 e78cfff4 e78cffc0 c007e740 c037373c
<0>ffc0: e783befc 00000000 c0836ff4 00000000 e78cffd0 e78cffd0 00000000 e783befc
[ 3125.170000] ffc0: e783befc 00000000 c0836ff4 00000000 e78cffd0 e78cffd0 00000000 e783befc
<0>ffe0: c007e6b4 c00663a0 00000000 e78cfff8 c00663a0 c007e6c ffffffff ffffffff
[ 3125.170000] ffe0: c007e6b4 c00663a0 00000000 e78cfff8 c00663a0 c007e6c ffffffff ffffffff
Backtrace: [ 3125.170000] Backtrace:
from
[ 3125.170000] from
r8:00000000[ 3125.170000] r8:00000000 r7:00000013 r7:00000013 r6:c0837310 r6:c0837310 r5:00000001 r5:00000001 r4:c0837310 r4:c0837310
r3:00000000
[ 3125.170000] r3:00000000
from
[ 3125.170000] from
r6:c0373730[ 3125.170000] r6:c0373730 r5:c076bb40 r5:c076bb40 r4:c0836ff4 r4:c0836ff4 r3:c0837310 r3:c0837310
from
[ 3125.170000] from
r5:c0836ff4[ 3125.170000] r5:c0836ff4 r4:e783befc r4:e783befc
from
[ 3125.170000] from
r6:c00663a0[ 3125.170000] r6:c00663a0 r5:c007e6b4 r5:c007e6b4 r4:e783befc r4:e783befc
<0>Code: bad PC value
[ 3125.170000] Code: bad PC value
<4>---[ end trace 246cf2adc693945e ]---
[ 3126.780000] ---[ end trace 246cf2adc693945e ]---
<6>note: usb-hardware-sc[18] exited with preempt_count 1
[ 3126.790000] note: usb-hardware-sc[18] exited with preempt_count 1
[ 3125.170000] from
r6:c0373730[ 3125.170000] r6:c0373730 r5:c076bb40 r5:c076bb40 r4:c0836ff4 r4:c0836ff4 r3:c0837310 r3:c0837310
from
[ 3125.170000] from
r5:c0836ff4[ 3125.170000] r5:c0836ff4 r4:e783befc r4:e783befc
from
[ 3125.170000] from
r6:c00663a0[ 3125.170000] r6:c00663a0 r5:c007e6b4 r5:c007e6b4 r4:e783befc r4:e783befc
<0>Code: bad PC value
[ 3125.170000] Code: bad PC value
<4>---[ end trace 246cf2adc693945e ]---
[ 3126.780000] ---[ end trace 246cf2adc693945e ]---
<6>note: usb-hardware-sc[18] exited with preempt_count 1
[ 3126.790000] note: usb-hardware-sc[18] exited with preempt_count 1
[ 3125.170000] from
r6:c0373730[ 3125.170000] r6:c0373730 r5:c076bb40 r5:c076bb40 r4:c0836ff4 r4:c0836ff4 r3:c0837310 r3:c0837310
from
[ 3125.170000] from
r5:c0836ff4[ 3125.170000] r5:c0836ff4 r4:e783befc r4:e783befc
from
[ 3125.170000] from
r6:c00663a0[ 3125.170000] r6:c00663a0 r5:c007e6b4 r5:c007e6b4 r4:e783befc r4:e783befc
<0>Code: bad PC value
[ 3125.170000] Code: bad PC value
<4>---[ end trace 246cf2adc693945e ]---
[ 3126.780000] ---[ end trace 246cf2adc693945e ]---
<6>note: usb-hardware-sc[18] exited with preempt_count 1
[ 3126.790000] note: usb-hardware-sc[18] exited with preempt_count 1
[ 3125.170000] from
r6:c0373730[ 3125.170000] r6:c0373730 r5:c076bb40 r5:c076bb40 r4:c0836ff4 r4:c0836ff4 r3:c0837310 r3:c0837310
from
[ 3125.170000] from
r5:c0836ff4[ 3125.170000] r5:c0836ff4 r4:e783befc r4:e783befc
from
[ 3125.170000] from
r6:c00663a0[ 3125.170000] r6:c00663a0 r5:c007e6b4 r5:c007e6b4 r4:e783befc r4:e783befc
<0>Code: bad PC value
[ 3125.170000] Code: bad PC value
<4>---[ end trace 246cf2adc693945e ]---
[ 3126.780000] ---[ end trace 246cf2adc693945e ]---
<6>note: usb-hardware-sc[18] exited with preempt_count 1
[ 3126.790000] note: usb-hardware-sc[18] exited with preempt_count 1
[ 3125.170000] from
r6:c0373730[ 3125.170000] r6:c0373730 r5:c076bb40 r5:c076bb40 r4:c0836ff4 r4:c0836ff4 r3:c0837310 r3:c0837310
from
[ 3125.170000] from
r5:c0836ff4[ 3125.170000] r5:c0836ff4 r4:e783befc r4:e783befc
from
[ 3125.170000] from
r6:c00663a0[ 3125.170000] r6:c00663a0 r5:c007e6b4 r5:c007e6b4 r4:e783befc r4:e783befc
<0>Code: bad PC value
[ 3125.170000] Code: bad PC value
<4>---[ end trace 246cf2adc693945e ]---
[ 3126.780000] ---[ end trace 246cf2adc693945e ]---
<6>note: usb-hardware-sc[18] exited with preempt_count 1
[ 3126.790000] note: usb-hardware-sc[18] exited with preempt_count 1
[ 3125.170000] from
r6:c0373730[ 3125.170000] r6:c0373730 r5:c076bb40 r5:c076bb40 r4:c0836ff4 r4:c0836ff4 r3:c0837310 r3:c0837310
from
[ 3125.170000] from
r5:c0836ff4[ 3125.170000] r5:c0836ff4 r4:e783befc r4:e783befc
from
[ 3125.170000] from
r6:c00663a0[ 3125.170000] r6:c00663a0 r5:c007e6b4 r5:c007e6b4 r4:e783befc r4:e783befc
<0>Code: bad PC value
[ 3125.170000] Code: bad PC value
<4>---[ end trace 246cf2adc693945e ]---
[ 3126.780000] ---[ end trace 246cf2adc693945e ]---
<6>note: usb-hardware-sc[18] exited with preempt_count 1
[ 3126.790000] note: usb-hardware-sc[18] exited with preempt_count 1
[ 3125.170000] from
r6:c0373730[ 3125.170000] r6:c0373730 r5:c076bb40 r5:c076bb40 r4:c0836ff4 r4:c0836ff4 r3:c0837310 r3:c0837310
from
[ 3125.170000] from
r5:c0836ff4[ 3125.170000] r5:c0836ff4 r4:e783befc r4:e783befc
from
[ 3125.170000] from
r6:c00663a0[ 3125.170000] r6:c00663a0 r5:c007e6b4 r5:c007e6b4 r4:e783befc r4:e783befc
<0>Code: bad PC value
[ 3125.170000] Code: bad PC value
<4>---[ end trace 246cf2adc693945e ]---
[ 3126.780000] ---[ end trace 246cf2adc693945e ]---
<6>note: usb-hardware-sc[18] exited with preempt_count 1
[ 3126.790000] note: usb-hardware-sc[18] exited with preempt_count 1
[ 3125.170000] from
r6:c0373730[ 3125.170000] r6:c0373730 r5:c076bb40 r5:c076bb40 r4:c0836ff4 r4:c0836ff4 r3:c0837310 r3:c0837310
from
[ 3125.170000] from
r5:c0836ff4[ 3125.170000] r5:c0836ff4 r4:e783befc r4:e783befc
from
[ 3125.170000] from
r6:c00663a0[ 3125.170000] r6:c00663a0 r5:c007e6b4 r5:c007e6b4 r4:e783befc r4:e783befc
<0>Code: bad PC value
[ 3125.170000] Code: bad PC value
<4>---[ end trace 246cf2adc693945e ]---
[ 3126.780000] ---[ end trace 246cf2adc693945e ]---
<6>note: usb-hardware-sc[18] exited with preempt_count 1
[ 3126.790000] note: usb-hardware-sc[18] exited with preempt_count 1
[ 3125.170000] from
r6:c0373730[ 3125.170000] r6:c0373730 r5:c076bb40 r5:c076bb40 r4:c0836ff4 r4:c0836ff4 r3:c0837310 r3:c0837310
from
[ 3125.170000] from
r5:c0836ff4[ 3125.170000] r5:c0836ff4 r4:e783befc r4:e783befc
from
[ 3125.170000] from
r6:c00663a0[ 3125.170000] r6:c00663a0 r5:c007e6b4 r5:c007e6b4 r4:e783befc r4:e783befc
<0>Code: bad PC value
[ 3125.170000] Code: bad PC value
<4>---[ end trace 246cf2adc693945e ]---
[ 3126.780000] ---[ end trace 246cf2adc693945e ]---
<6>note: usb-hardware-sc[18] exited with preempt_count 1
[ 3126.790000] note: usb-hardware-sc[18] exited with preempt_count 1
[ 3125.170000] from
r6:c0373730[ 3125.170000] r6:c0373730 r5:c076bb40 r5:c076bb40 r4:c0836ff4 r4:c0836ff4 r3:c0837310 r3:c0837310
from
[ 3125.170000] from
r5:c0836ff4[ 3125.170000] r5:c0836ff4 r4:e783befc r4:e783befc
from
[ 3125.170000] from
r6:c00663a0[ 3125.170000] r6:c00663a0 r5:c007e6b4 r5:c007e6b4 r4:e783befc r4:e783befc
<0>Code: bad PC value
[ 3125.170000] Code: bad PC value
<4>---[ end trace 246cf2adc693945e ]---
[ 3126.780000] ---[ end trace 246cf2adc693945e ]---
<6>note: usb-hardware-sc[18] exited with preempt_count 1
[ 3126.790000] note: usb-hardware-sc[18] exited with preempt_count 1
[ 3125.170000] from
r6:c0373730[ 3125.170000] r6:c0373730 r5:c076bb40 r5:c076bb40 r4:c0836ff4 r4:c0836ff4 r3:c0837310 r3:c0837310
from
[ 3125.170000] from [0 (kthread+0x8c/0x94)
r5:c0836ff4[ 3125.170000] r5:c0836ff4 r4:e783befc r4:e783befc
from
[ 3125.170000] from
r6:c00663a0[ 3125.170000] r6:c00663a0 r5:c007e6b4 r5:c007e6b4 r4:e783befc r4:e783befc
<0>Code: bad PC value
[ 3125.170000] Code: bad PC value
<4>---[ end trace 246cf2adc693945e ]---
[ 3126.780000] ---[ end trace 246cf2adc693945e ]---
<6>note: usb-hardware-sc[18] exited with preempt_count 1
[ 3126.790000] note: usb-hardware-sc[18] exited with preempt_count 1
[ 3125.170000] from
r6:c0373730[ 3125.170000] r6:c0373730 r5:c076bb40 r5:c076bb40 r4:c0836ff4 r4:c0836ff4 r3:c0837310 r3:c0837310
from
[ 3125.170000] from
r5:c0836ff4[ 3125.170000] r5:c0836ff4 r4:e783befc r4:e783befc
from
[ 3125.170000] from
r6:c00663a0[ 3125.170000] r6:c00663a0 r5:c007e6b4 r5:c007e6b4 r4:e783befc r4:e783befc
<0>Code: bad PC value
[ 3125.170000] Code: bad PC value
<4>---[ end trace 246cf2adc693945e ]---
[ 3126.780000] ---[ end trace 246cf2adc693945e ]---
<6>note: usb-hardware-sc[18] exited with preempt_count 1
[ 3126.790000] note: usb-hardware-sc[18] exited with preempt_count 1
The text was updated successfully, but these errors were encountered: