Hi,
[add Li Jun to CC]
> Alan Stern <stern@xxxxxxxxxxxxxxxxxxx> hat am 24. August 2016 um 15:45
> geschrieben:
>
>
> On Wed, 24 Aug 2016, Peter Chen wrote:
>
> > On Tue, Aug 23, 2016 at 09:17:02PM +0200, Stefan Wahren wrote:
> > > Hi,
> > >
> > > i'm using a iMX233-OLinuXino board and the kernel panics during shutdown
> > > with
> > > 4.8.0-rc2-next-20160819:
> > >
> > > [ 420.040000] ci_hdrc ci_hdrc.0: remove, state 1
> > > [ 420.050000] usb usb1: USB disconnect, device number 1
> > > [ 420.060000] usb 1-1: USB disconnect, device number 2
> > > [ 420.060000] usb 1-1.1: USB disconnect, device number 3
> > > [ 420.090000] smsc95xx 1-1.1:1.0 eth0: unregister 'smsc95xx'
> > > usb-ci_hdrc.0-1.1,
> > > smsc95xx USB 2.0 Ethernet
> > > [ 420.290000] ci_hdrc ci_hdrc.0: USB bus 1 deregistered
> > > [ 420.300000] Unable to handle kernel NULL pointer dereference at virtual
> > > address 00000118
> > > [ 420.300000] pgd = c2ea4000
> > > [ 420.300000] [00000118] *pgd=00000000
> > > [ 420.300000] Internal error: Oops: 5 [#1] ARM
> > > [ 420.300000] Modules linked in:
> > > [ 420.300000] CPU: 0 PID: 1 Comm: systemd-shutdow Not tainted
> > > 4.8.0-rc2-next-20160819 #1
> > > [ 420.300000] Hardware name: Freescale MXS (Device Tree)
> > > [ 420.300000] task: c3490000 task.stack: c348e000
> > > [ 420.300000] PC is at usb_hcd_irq+0x0/0x34
> > > [ 420.300000] LR is at ci_irq+0x58/0x12c
>
> > I am afraid the hcd is freed before the interrupt triggered. Would you
> > please try below changes:
> >
> > diff --git a/drivers/usb/chipidea/host.c b/drivers/usb/chipidea/host.c
> > index 96ae695..61237a9 100644
> > --- a/drivers/usb/chipidea/host.c
> > +++ b/drivers/usb/chipidea/host.c
> > @@ -103,7 +103,7 @@ static const struct ehci_driver_overrides
> > ehci_ci_overrides = {
> > static irqreturn_t host_irq(struct ci_hdrc *ci)
> > {
> > - return usb_hcd_irq(ci->irq, ci->hcd);
> > + return ci->hcd ? usb_hcd_irq(ci->irq, ci->hcd) : IRQ_NONE;
> > }
>
> This should not be needed. Instead, the driver should make sure that
> the interrupt handler has been fully unregistered before the hcd is
> deallocated.
according to ci_hdrc_probe() from the chipidea core the IRQ seems to be
requested via devm_request_irq() with the flag IRQF_SHARED.
I have the suspicion the following commit triggers the kernel panic:
43a404577a93 ("usb: chipidea: host: set host to be null after hcd is freed")
I will validate this.
>
> Alan Stern
>
--
To unsubscribe from this list: send the line "unsubscribe linux-usb" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
