Crash on unplug smsc95xx on 5.14.0-rc6

From: Ferry Toth
Date: Wed Aug 25 2021 - 16:42:36 EST

Next message: Greg KH: "Re: [PATCH v2 1/3] virt: acrn: Introduce interfaces for MMIO device passthrough"
Previous message: Laurent Pinchart: "Re: [RFC PATCH v2 1/3] regulator: core: Add regulator_lookup_list"
Next in thread: Ferry Toth: "Re: Crash on unplug smsc95xx on 5.14.0-rc6"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

With 5.14.0-rc6 smsc9504 attached to dwc3 host (Intel Merrifield) unplugging leads to the following stack trace:

kernel: kernfs: can not remove 'attached_dev', no directory
kernel: WARNING: CPU: 0 PID: 23 at fs/kernfs/dir.c:1508 kernfs_remove_by_name_ns+0x7e/0x90
kernel: Modules linked in: rfcomm iptable_nat bnep snd_sof_nocodec spi_pxa2xx_platform dw_dmac smsc smsc95xx pwm_lpss_pci dw_dmac_pci pwm_lpss dw_dmac_core snd_sof_pc>
kernel: CPU: 0 PID: 23 Comm: kworker/0:1 Not tainted 5.14.0-rc6-edison-acpi-standard #1
kernel: Hardware name: Intel Corporation Merrifield/BODEGA BAY, BIOS 542 2015.01.21:18.19.48
kernel: Workqueue: usb_hub_wq hub_event
kernel: RIP: 0010:kernfs_remove_by_name_ns+0x7e/0x90
kernel: Code: ff 9a 00 31 c0 5d 41 5c 41 5d c3 48 c7 c7 e0 48 f6 b2 e8 15 ff 9a 00 b8 fe ff ff ff eb e7 48 c7 c7 d0 fa a8 b2 e8 cb c6 94 00 <0f> 0b b8 fe ff ff ff eb >
kernel: RSP: 0018:ffffa514000cfa10 EFLAGS: 00010282
kernel: RAX: 0000000000000000 RBX: ffff9a9008a3d8c0 RCX: ffff9a903e217478
kernel: RDX: 00000000ffffffd8 RSI: 0000000000000027 RDI: ffff9a903e217470
kernel: RBP: ffff9a90023d3000 R08: ffffffffb2f341c8 R09: 0000000000009ffb
kernel: R10: 00000000ffffe000 R11: 3fffffffffffffff R12: ffffffffb2af705d
kernel: R13: ffff9a9008a3d8c0 R14: ffffa514000cfb10 R15: 0000000000000003
kernel: FS: 0000000000000000(0000) GS:ffff9a903e200000(0000) knlGS:0000000000000000
kernel: CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
kernel: CR2: 00007fe6971fcca0 CR3: 0000000007b02000 CR4: 00000000001006f0
kernel: Call Trace:
kernel: phy_detach+0x10b/0x170
kernel: smsc95xx_disconnect_phy+0x2a/0x30 [smsc95xx]
kernel: usbnet_stop+0x5d/0x130
kernel: __dev_close_many+0x99/0x110
kernel: dev_close_many+0x76/0x120
kernel: unregister_netdevice_many+0x13d/0x750
kernel: unregister_netdevice_queue+0x80/0xc0
kernel: unregister_netdev+0x13/0x20
kernel: usbnet_disconnect+0x54/0xb0
kernel: usb_unbind_interface+0x85/0x270
kernel: ? kernfs_find_ns+0x30/0xc0
kernel: __device_release_driver+0x175/0x230
kernel: device_release_driver+0x1f/0x30
kernel: bus_remove_device+0xd3/0x140
kernel: device_del+0x186/0x3e0
kernel: ? kobject_put+0x91/0x1d0
kernel: usb_disable_device+0xc1/0x1e0
kernel: usb_disconnect.cold+0x7a/0x1f7
kernel: usb_disconnect.cold+0x29/0x1f7
kernel: hub_event+0xbb9/0x1830
kernel: ? __switch_to_asm+0x42/0x70
kernel: ? __switch_to_asm+0x36/0x70
kernel: process_one_work+0x1cf/0x370
kernel: worker_thread+0x48/0x3d0
kernel: ? rescuer_thread+0x360/0x360
kernel: kthread+0x122/0x140
kernel: ? set_kthread_struct+0x40/0x40
kernel: ret_from_fork+0x22/0x30

The unplug event happen when switching dwc3 from host to device mode.

I'm not sure when this behavior started exactly, but al least since 5.14.0-rc1.

Maybe related: smsc95xx plugin seems to trigger:

DMA-API: cacheline tracking EEXIST, overlapping mappings aren't supported

Next message: Greg KH: "Re: [PATCH v2 1/3] virt: acrn: Introduce interfaces for MMIO device passthrough"
Previous message: Laurent Pinchart: "Re: [RFC PATCH v2 1/3] regulator: core: Add regulator_lookup_list"
Next in thread: Ferry Toth: "Re: Crash on unplug smsc95xx on 5.14.0-rc6"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]