Hi Alan,
> Alan Stern <stern@xxxxxxxxxxxxxxxxxxx> hat am 24. August 2016 um 20:55
> geschrieben:
>
>
> On Wed, 24 Aug 2016, Stefan Wahren wrote:
>
> > Hi,
> >
> > [add Li Jun to CC]
> >
> > > Alan Stern <stern@xxxxxxxxxxxxxxxxxxx> hat am 24. August 2016 um 15:45
> > > geschrieben:
> > >
> > >
> > > On Wed, 24 Aug 2016, Peter Chen wrote:
> > >
> > > > On Tue, Aug 23, 2016 at 09:17:02PM +0200, Stefan Wahren wrote:
> > > > > Hi,
> > > > >
> > > > > i'm using a iMX233-OLinuXino board and the kernel panics during
> > > > > shutdown
> > > > > with
> > > > > 4.8.0-rc2-next-20160819:
> > > > >
> > > > > [ 420.040000] ci_hdrc ci_hdrc.0: remove, state 1
> > > > > [ 420.050000] usb usb1: USB disconnect, device number 1
> > > > > [ 420.060000] usb 1-1: USB disconnect, device number 2
> > > > > [ 420.060000] usb 1-1.1: USB disconnect, device number 3
> > > > > [ 420.090000] smsc95xx 1-1.1:1.0 eth0: unregister 'smsc95xx'
> > > > > usb-ci_hdrc.0-1.1,
> > > > > smsc95xx USB 2.0 Ethernet
> > > > > [ 420.290000] ci_hdrc ci_hdrc.0: USB bus 1 deregistered
> > > > > [ 420.300000] Unable to handle kernel NULL pointer dereference at
> > > > > virtual
> > > > > address 00000118
> > > > > [ 420.300000] pgd = c2ea4000
> > > > > [ 420.300000] [00000118] *pgd=00000000
> > > > > [ 420.300000] Internal error: Oops: 5 [#1] ARM
> > > > > [ 420.300000] Modules linked in:
> > > > > [ 420.300000] CPU: 0 PID: 1 Comm: systemd-shutdow Not tainted
> > > > > 4.8.0-rc2-next-20160819 #1
> > > > > [ 420.300000] Hardware name: Freescale MXS (Device Tree)
> > > > > [ 420.300000] task: c3490000 task.stack: c348e000
> > > > > [ 420.300000] PC is at usb_hcd_irq+0x0/0x34
> > > > > [ 420.300000] LR is at ci_irq+0x58/0x12c
> > >
> > > > I am afraid the hcd is freed before the interrupt triggered. Would you
> > > > please try below changes:
> > > >
> > > > diff --git a/drivers/usb/chipidea/host.c b/drivers/usb/chipidea/host.c
> > > > index 96ae695..61237a9 100644
> > > > --- a/drivers/usb/chipidea/host.c
> > > > +++ b/drivers/usb/chipidea/host.c
> > > > @@ -103,7 +103,7 @@ static const struct ehci_driver_overrides
> > > > ehci_ci_overrides = {
> > > > static irqreturn_t host_irq(struct ci_hdrc *ci)
> > > > {
> > > > - return usb_hcd_irq(ci->irq, ci->hcd);
> > > > + return ci->hcd ? usb_hcd_irq(ci->irq, ci->hcd) : IRQ_NONE;
> > > > }
> > >
> > > This should not be needed. Instead, the driver should make sure that
> > > the interrupt handler has been fully unregistered before the hcd is
> > > deallocated.
> >
> > according to ci_hdrc_probe() from the chipidea core the IRQ seems to be
> > requested via devm_request_irq() with the flag IRQF_SHARED.
> >
> > I have the suspicion the following commit triggers the kernel panic:
> >
> > 43a404577a93 ("usb: chipidea: host: set host to be null after hcd is freed")
>
> No, that's not the cause. Without that commit, you would try to access
> deallocated memory instead of trying to dereference a NULL pointer, but
> the kernel would still oops.
>
> Instead, how about setting ci->role to CI_ROLE_END and then calling
> synchronize_irq(ci->irq) in host_stop(), before the usb_put_hcd()?
i tried the following patch:
--- a/drivers/usb/chipidea/host.c
+++ b/drivers/usb/chipidea/host.c
@@ -185,6 +185,8 @@ static void host_stop(struct ci_hdrc *ci)
if (hcd) {
usb_remove_hcd(hcd);
+ ci_role_stop(ci);
+ synchronize_irq(ci->irq);
usb_put_hcd(hcd);
if (ci->platdata->reg_vbus && !ci_otg_is_fsm_mode(ci) &&
(ci->platdata->flags & CI_HDRC_TURN_VBUS_EARLY_ON))
the i get the following during shutdown:
[ 102.170000] ci_hdrc ci_hdrc.0: remove, state 1
[ 102.180000] usb usb1: USB disconnect, device number 1
[ 102.180000] usb 1-1: USB disconnect, device number 2
[ 102.190000] usb 1-1.1: USB disconnect, device number 3
[ 102.220000] smsc95xx 1-1.1:1.0 eth0: unregister 'smsc95xx' usb-ci_hdrc.0-1.1,
smsc95xx USB 2.0 Ethernet
[ 102.410000] ci_hdrc ci_hdrc.0: USB bus 1 deregistered
[ 102.420000] ci_hdrc ci_hdrc.0: remove, state 0
[ 102.420000] Unable to handle kernel NULL pointer dereference at virtual
address 00000090
[ 102.430000] pgd = c2e74000
[ 102.430000] [00000090] *pgd=00000000
[ 102.440000] Internal error: Oops: 5 [#1] ARM
[ 102.440000] Modules linked in:
[ 102.440000] CPU: 0 PID: 1 Comm: systemd-shutdow Tainted: G W
4.8.0-rc3-00026-gcad9d20-dirty #4
[ 102.440000] Hardware name: Freescale MXS (Device Tree)
[ 102.440000] task: c3490000 task.stack: c348e000
[ 102.440000] PC is at sysfs_remove_group+0x18/0x9c
[ 102.440000] LR is at usb_remove_hcd+0x3c/0x1ac
[ 102.440000] pc : [<c01a636c>] lr : [<c0427c68>] psr: 60000013
[ 102.440000] sp : c348fd48 ip : c3490000 fp : be87dc58
[ 102.440000] r10: c08cd48c r9 : 00000000 r8 : c348fe5c
[ 102.440000] r7 : c354bc44 r6 : c08a5160 r5 : 00000078 r4 : c08afd2c
[ 102.440000] r3 : c3490000 r2 : 00000000 r1 : 00000000 r0 : 00000078
[ 102.440000] Flags: nZCv IRQs on FIQs on Mode SVC_32 ISA ARM Segment none
[ 102.440000] Control: 0005317f Table: 42e74000 DAC: 00000051
[ 102.440000] Process systemd-shutdow (pid: 1, stack limit = 0xc348e190)
[ 102.440000] Stack: (0xc348fd48 to 0xc3490000)
[ 102.440000] fd40: c348fd4c c348fd58 c3643000 c3643000
c08a5160 c0427c68
[ 102.440000] fd60: c354bc44 00000000 c08cd48c c360a010 c3643000 c044be28
c360a010 c3643000
[ 102.440000] fd80: c08a5160 c044be50 c360a010 c3704800 c08a5160 c04470e8
c08a5160 00000000
[ 102.440000] fda0: c04470a8 c3704810 c08a5160 c039a434 c3704810 c08b3e94
c08a5160 c0398158
[ 102.440000] fdc0: c3704844 c3704810 c08a5160 c03982cc c3402a4c c3704810
c08a5160 c03976dc
[ 102.440000] fde0: c3704810 c354bc10 c1126054 c03957a4 c3490000 00000007
00000006 c348fe5c
[ 102.440000] fe00: c3704800 c3704810 c354bc10 c354bc44 c348fe5c c039a508
c3704800 c3708090
[ 102.440000] fe20: c354bc10 c039aa90 00000000 c0447b50 c354bc00 c044cde8
c354bc10 c03a3174
[ 102.440000] fe40: c354bc10 c354b810 c1126054 c0399ef0 c354bc10 c0395d88
00000002 c08a4f2c
[ 102.440000] fe60: c342fa20 c354bc1c 4321fedc c085e9fc cdef0123 1b130d00
c000a484 c348e000
[ 102.440000] fe80: 00000000 c0041be4 4321fedc c0041e00 00000000 00000000
c348fec8 00000029
[ 102.440000] fea0: c37c9c60 00000000 c34b9c28 00000002 c0068778 c37c9c68
00000000 c0130f78
[ 102.440000] fec0: 00000000 00000000 be87d1f8 00000004 be87df8a 00000010
be87d224 00000005
[ 102.440000] fee0: be87d2c4 0000000f 7f64c9f8 00000001 be87cd3c c085a9b4
c348ffb0 00053177
[ 102.440000] ff00: 000007ff 000f0f24 c37c9c60 00000000 00000000 00000000
00000000 00000000
[ 102.440000] ff20: 00000000 00000000 00000001 00000000 00000029 c348fec8
00000005 00000000
[ 102.440000] ff40: 00000000 0004001e 00000005 be87d24c 00000005 be87d24c
c348e000 00000000
[ 102.440000] ff60: 7f65f854 c0131090 c348ff88 00000000 c37c9c60 c37c9c60
00000000 c01310dc
[ 102.440000] ff80: 00000000 c000a484 00000000 7fe7e190 7fe7d118 00000000
7fe7e190 7fe7d118
[ 102.440000] ffa0: 00000058 c000a2e0 00000000 7fe7e190 fee1dead 28121969
cdef0123 1b130d00
[ 102.440000] ffc0: 00000000 7fe7e190 7fe7d118 00000058 be87dbc4 00000000
00000000 be87dc58
[ 102.440000] ffe0: 7f65ee4c be87db08 7f63f114 b6e61088 60000010 fee1dead
00000000 00000000
[ 102.440000] [<c01a636c>] (sysfs_remove_group) from [<c0427c68>]
(usb_remove_hcd+0x3c/0x1ac)
[ 102.440000] [<c0427c68>] (usb_remove_hcd) from [<c044be28>]
(host_stop+0x20/0xac)
[ 102.440000] [<c044be28>] (host_stop) from [<c044be50>] (host_stop+0x48/0xac)
[ 102.440000] [<c044be50>] (host_stop) from [<c04470e8>]
(ci_hdrc_remove+0x40/0x130)
[ 102.440000] [<c04470e8>] (ci_hdrc_remove) from [<c039a434>]
(platform_drv_remove+0x20/0x38)
[ 102.440000] [<c039a434>] (platform_drv_remove) from [<c0398158>]
(__device_release_driver+0xa0/0x12c)
[ 102.440000] [<c0398158>] (__device_release_driver) from [<c03982cc>]
(device_release_driver+0x20/0x2c)
[ 102.440000] [<c03982cc>] (device_release_driver) from [<c03976dc>]
(bus_remove_device+0x10c/0x12c)
[ 102.440000] [<c03976dc>] (bus_remove_device) from [<c03957a4>]
(device_del+0xfc/0x1e8)
[ 102.440000] [<c03957a4>] (device_del) from [<c039a508>]
(platform_device_del+0x18/0x8c)
[ 102.440000] [<c039a508>] (platform_device_del) from [<c039aa90>]
(platform_device_unregister+0xc/0x18)
[ 102.440000] [<c039aa90>] (platform_device_unregister) from [<c0447b50>]
(ci_hdrc_remove_device+0xc/0x20)
[ 102.440000] [<c0447b50>] (ci_hdrc_remove_device) from [<c044cde8>]
(ci_hdrc_imx_remove+0x28/0xa4)
[ 102.440000] [<c044cde8>] (ci_hdrc_imx_remove) from [<c0399ef0>]
(platform_drv_shutdown+0x1c/0x20)
[ 102.440000] [<c0399ef0>] (platform_drv_shutdown) from [<c0395d88>]
(device_shutdown+0x44/0x1b4)
[ 102.440000] [<c0395d88>] (device_shutdown) from [<c0041be4>]
(kernel_halt+0xc/0x30)
[ 102.440000] [<c0041be4>] (kernel_halt) from [<c0041e00>]
(SyS_reboot+0x16c/0x1c4)
[ 102.440000] [<c0041e00>] (SyS_reboot) from [<c000a2e0>]
(ret_fast_syscall+0x0/0x1c)
[ 102.440000] Code: e5911000 e24dd008 e3510000 e1a05000 (e5906018)
[ 102.870000] ---[ end trace 179002d79586d7fd ]---
[ 102.880000] systemd-shutdow: 2 output lines suppressed due to ratelimiting
[ 102.880000] Kernel panic - not syncing: Attempted to kill init!
exitcode=0x0000000b
[ 102.880000]
[ 102.880000] ---[ end Kernel panic - not syncing: Attempted to kill init!
exitcode=0x0000000b
>
> Alan Stern
>
--
To unsubscribe from this list: send the line "unsubscribe linux-usb" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
