According to NULL pointer fix: https://tinyurl.com/uqft5ra
xhci: Fix NULL pointer dereference with xhci_irq() for shared_hcd
The similar issue has also been found in QC activities in Mediatek.

Here quote the description from the referenced patch as follows.
"Commit ("f068090426ea xhci: Fix leaking USB3 shared_hcd
at xhci removal") sets xhci_shared_hcd to NULL without
stopping xhci host. This results into a race condition
where shared_hcd (super speed roothub) related interrupts
are being handled with xhci_irq happens when the
xhci_plat_remove is called and shared_hcd is set to NULL.
Fix this by setting the shared_hcd to NULL only after the
controller is halted and no interrupts are generated."

Signed-off-by: Sriharsha Allenki <redacted>
Signed-off-by: Macpaul Lin <macpaul.lin@mediatek.com>
---
  drivers/usb/host/xhci-mtk.c | 2 +-
  1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/drivers/usb/host/xhci-mtk.c b/drivers/usb/host/xhci-mtk.c
index b18a6baef204..c227c67f5dc5 100644
--- a/drivers/usb/host/xhci-mtk.c
+++ b/drivers/usb/host/xhci-mtk.c

@@ -593,11 +593,11 @@ static int xhci_mtk_remove(struct platform_device *dev)
  	struct usb_hcd  *shared_hcd = xhci->shared_hcd;
  
  	usb_remove_hcd(shared_hcd);
-	xhci->shared_hcd = NULL;
  	device_init_wakeup(&dev->dev, false);
  
  	usb_remove_hcd(hcd);
  	usb_put_hcd(shared_hcd);
+	xhci->shared_hcd = NULL;
  	usb_put_hcd(hcd);
  	xhci_mtk_sch_exit(mtk);
  	xhci_mtk_clks_disable(mtk);