This is originally raised as Debian bug but the more I investigate
it seems to trace back to 4.14.x xhci. (see also message #29)

Call trace:
 xhci_giveback_urb_in_irq.isra.43+0x7f/0xe0 [xhci_hcd]
 xhci_td_cleanup+0xe7/0x170 [xhci_hcd]
 xhci_irq+0xd81/0x1fe0 [xhci_hcd]

My vote is trying to trace things on:
mainly two first calls not in any statement
- xhci_urb_free_priv()
- usb_hcd_unlink_urb_from_ep()

It occurs at least three separate endcoms:
BUG: unable to handle kernel NULL pointer dereference at 00000000000000e5
IP: kfree+0x13/0xe0

list_del corruption. prev->next should be ffff99e5cea8ca20, but was ffff99e5cea8d420

BUG: unable to handle kernel NULL pointer dereference at 0000000000000118
IP: usb_hcd_giveback_urb+0xf/0x110 [usbcore]
PGD 0 P4D 0

My original workaround assumption was this may relate to USB power management but after having no impact to this with the following I would assume it false assumption:
- remove distro's laptop-mode-tools
- boot with usbcore.autosuspend=-1

Any help to find a discrete reproduce method or a working workaround
would be appreciated.

Juho Tykkälä
To unsubscribe from this list: send the line "unsubscribe linux-usb" in
the body of a message to
More majordomo info at

Reply via email to