Bug 60604

Summary: list corruption & null pointer dereference in pciehp_unconfigure_device()
Product: Drivers Reporter: Bjorn Helgaas (bjorn)
Component: PCIAssignee: drivers_pci (drivers_pci)
Status: RESOLVED CODE_FIX    
Severity: normal    
Priority: P1    
Hardware: All   
OS: Linux   
URL: https://lkml.kernel.org/r/CAE9FiQUPNinBo77UnsuY7w_oWjqAwy9seKVVBBP844EA_BPkng@mail.gmail.com
Kernel Version: 3.10 Subsystem:
Regression: Yes Bisected commit-id:
Attachments: log showing crash

Description Bjorn Helgaas 2013-07-22 18:08:18 UTC 
Created attachment 106986 [details]
log showing crash

Reported by Yinghai Lu <yinghai@kernel.org>.

Hot-removing an SR-IOV device causes a null pointer dereference in pciehp_unconfigure_device():

# echo -n 0 > /sys/bus/pci/slots/2/power
...
WARNING: CPU: 20 PID: 25098 at include/linux/kref.h:47 kobject_get+0x40/0x60()
...
WARNING: CPU: 20 PID: 25098 at lib/list_debug.c:56 __list_del_entry+0x63/0xe0()
list_del corruption, ffff8880263dd000->prev is LIST_POISON2 (dead000000200200)
...
BUG: unable to handle kernel NULL pointer dereference at           (null)
IP: [<ffffffff8154e815>] pciehp_unconfigure_device+0x165/0x190
Comment 1 Bjorn Helgaas 2013-09-10 20:53:36 UTC 
This should be fixed by 29ed1f29b6 ("PCI: pciehp: Fix null pointer deref when hot-removing SR-IOV device"), which appeared in v3.11.

http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=29ed1f29b68a8395d5679b3c4e38352b617b3236