On Thu, Aug 25, 2016 at 07:06:12AM +0200, Stefan Wahren wrote:
> Hi Alan,
>
> > Alan Stern <stern@xxxxxxxxxxxxxxxxxxx> hat am 24. August 2016 um 20:55
> > geschrieben:
> >
> >
> > On Wed, 24 Aug 2016, Stefan Wahren wrote:
> >
> > > Hi,
> > >
> > > [add Li Jun to CC]
> > >
> > > > Alan Stern <stern@xxxxxxxxxxxxxxxxxxx> hat am 24. August 2016 um 15:45
> > > > geschrieben:
> > > >
> > > >
> > > > On Wed, 24 Aug 2016, Peter Chen wrote:
> > > >
> > > > > On Tue, Aug 23, 2016 at 09:17:02PM +0200, Stefan Wahren wrote:
> > > > > > Hi,
> > > > > >
> > > > > > i'm using a iMX233-OLinuXino board and the kernel panics during
> > > > > > shutdown
> > > > > > with
> > > > > > 4.8.0-rc2-next-20160819:
> > > > > >
> > > > > > [ 420.040000] ci_hdrc ci_hdrc.0: remove, state 1
> > > > > > [ 420.050000] usb usb1: USB disconnect, device number 1
> > > > > > [ 420.060000] usb 1-1: USB disconnect, device number 2
> > > > > > [ 420.060000] usb 1-1.1: USB disconnect, device number 3
> > > > > > [ 420.090000] smsc95xx 1-1.1:1.0 eth0: unregister 'smsc95xx'
> > > > > > usb-ci_hdrc.0-1.1,
> > > > > > smsc95xx USB 2.0 Ethernet
> > > > > > [ 420.290000] ci_hdrc ci_hdrc.0: USB bus 1 deregistered
> > > > > > [ 420.300000] Unable to handle kernel NULL pointer dereference at
> > > > > > virtual
> > > > > > address 00000118
> > > > > > [ 420.300000] pgd = c2ea4000
> > > > > > [ 420.300000] [00000118] *pgd=00000000
> > > > > > [ 420.300000] Internal error: Oops: 5 [#1] ARM
> > > > > > [ 420.300000] Modules linked in:
> > > > > > [ 420.300000] CPU: 0 PID: 1 Comm: systemd-shutdow Not tainted
> > > > > > 4.8.0-rc2-next-20160819 #1
> > > > > > [ 420.300000] Hardware name: Freescale MXS (Device Tree)
> > > > > > [ 420.300000] task: c3490000 task.stack: c348e000
> > > > > > [ 420.300000] PC is at usb_hcd_irq+0x0/0x34
> > > > > > [ 420.300000] LR is at ci_irq+0x58/0x12c
> > > >
> > > > > I am afraid the hcd is freed before the interrupt triggered. Would you
> > > > > please try below changes:
> > > > >
> > > > > diff --git a/drivers/usb/chipidea/host.c b/drivers/usb/chipidea/host.c
> > > > > index 96ae695..61237a9 100644
> > > > > --- a/drivers/usb/chipidea/host.c
> > > > > +++ b/drivers/usb/chipidea/host.c
> > > > > @@ -103,7 +103,7 @@ static const struct ehci_driver_overrides
> > > > > ehci_ci_overrides = {
> > > > > static irqreturn_t host_irq(struct ci_hdrc *ci)
> > > > > {
> > > > > - return usb_hcd_irq(ci->irq, ci->hcd);
> > > > > + return ci->hcd ? usb_hcd_irq(ci->irq, ci->hcd) : IRQ_NONE;
> > > > > }
> > > >
> > > > This should not be needed. Instead, the driver should make sure that
> > > > the interrupt handler has been fully unregistered before the hcd is
> > > > deallocated.
> > >
> > > according to ci_hdrc_probe() from the chipidea core the IRQ seems to be
> > > requested via devm_request_irq() with the flag IRQF_SHARED.
> > >
> > > I have the suspicion the following commit triggers the kernel panic:
> > >
> > > 43a404577a93 ("usb: chipidea: host: set host to be null after hcd is freed")
> >
> > No, that's not the cause. Without that commit, you would try to access
> > deallocated memory instead of trying to dereference a NULL pointer, but
> > the kernel would still oops.
> >
> > Instead, how about setting ci->role to CI_ROLE_END and then calling
> > synchronize_irq(ci->irq) in host_stop(), before the usb_put_hcd()?
>
> i tried the following patch:
>
> --- a/drivers/usb/chipidea/host.c
> +++ b/drivers/usb/chipidea/host.c
> @@ -185,6 +185,8 @@ static void host_stop(struct ci_hdrc *ci)
>
> if (hcd) {
> usb_remove_hcd(hcd);
> + ci_role_stop(ci);
> + synchronize_irq(ci->irq);
Would you please just add below line to see if this problem can be
fixed?
+ ci->role = CI_ROLE_END;
When ci->role is CI_ROLE_END, neither host nor device interrupt handler
will run.
What is your controller role? (dr_mode = host, peripheral or otg)?
Besides, you would please add below line at core.c to show what
interrupt occurs at that time:
diff --git a/drivers/usb/chipidea/core.c b/drivers/usb/chipidea/core.c
index b5c155b..e6b8a7e 100644
--- a/drivers/usb/chipidea/core.c
+++ b/drivers/usb/chipidea/core.c
@@ -596,6 +596,12 @@ static irqreturn_t ci_irq(int irq, void *data)
/* Handle device/host interrupt */
if (ci->role != CI_ROLE_END)
ret = ci_role(ci)->irq(ci);
+ else
+ dev_info(ci->dev, "otgsc:0x%x, usbsts:0x%x\n",
+ hw_read_otgsc(ci, ~0),
+ hw_read_intr_status(ci) & hw_read_intr_enable(ci)
+ );
+
return ret;
}
> usb_put_hcd(hcd);
> if (ci->platdata->reg_vbus && !ci_otg_is_fsm_mode(ci) &&
> (ci->platdata->flags & CI_HDRC_TURN_VBUS_EARLY_ON))
>
> the i get the following during shutdown:
The reason for this is the host_stop is re-entered.
Peter
>
> [ 102.170000] ci_hdrc ci_hdrc.0: remove, state 1
> [ 102.180000] usb usb1: USB disconnect, device number 1
> [ 102.180000] usb 1-1: USB disconnect, device number 2
> [ 102.190000] usb 1-1.1: USB disconnect, device number 3
> [ 102.220000] smsc95xx 1-1.1:1.0 eth0: unregister 'smsc95xx' usb-ci_hdrc.0-1.1,
> smsc95xx USB 2.0 Ethernet
> [ 102.410000] ci_hdrc ci_hdrc.0: USB bus 1 deregistered
> [ 102.420000] ci_hdrc ci_hdrc.0: remove, state 0
> [ 102.420000] Unable to handle kernel NULL pointer dereference at virtual
> address 00000090
> [ 102.430000] pgd = c2e74000
> [ 102.430000] [00000090] *pgd=00000000
> [ 102.440000] Internal error: Oops: 5 [#1] ARM
> [ 102.440000] Modules linked in:
> [ 102.440000] CPU: 0 PID: 1 Comm: systemd-shutdow Tainted: G W
> 4.8.0-rc3-00026-gcad9d20-dirty #4
> [ 102.440000] Hardware name: Freescale MXS (Device Tree)
> [ 102.440000] task: c3490000 task.stack: c348e000
> [ 102.440000] PC is at sysfs_remove_group+0x18/0x9c
> [ 102.440000] LR is at usb_remove_hcd+0x3c/0x1ac
> [ 102.440000] pc : [<c01a636c>] lr : [<c0427c68>] psr: 60000013
> [ 102.440000] sp : c348fd48 ip : c3490000 fp : be87dc58
> [ 102.440000] r10: c08cd48c r9 : 00000000 r8 : c348fe5c
> [ 102.440000] r7 : c354bc44 r6 : c08a5160 r5 : 00000078 r4 : c08afd2c
> [ 102.440000] r3 : c3490000 r2 : 00000000 r1 : 00000000 r0 : 00000078
> [ 102.440000] Flags: nZCv IRQs on FIQs on Mode SVC_32 ISA ARM Segment none
> [ 102.440000] Control: 0005317f Table: 42e74000 DAC: 00000051
> [ 102.440000] Process systemd-shutdow (pid: 1, stack limit = 0xc348e190)
> [ 102.440000] Stack: (0xc348fd48 to 0xc3490000)
> [ 102.440000] fd40: c348fd4c c348fd58 c3643000 c3643000
> c08a5160 c0427c68
> [ 102.440000] fd60: c354bc44 00000000 c08cd48c c360a010 c3643000 c044be28
> c360a010 c3643000
> [ 102.440000] fd80: c08a5160 c044be50 c360a010 c3704800 c08a5160 c04470e8
> c08a5160 00000000
> [ 102.440000] fda0: c04470a8 c3704810 c08a5160 c039a434 c3704810 c08b3e94
> c08a5160 c0398158
> [ 102.440000] fdc0: c3704844 c3704810 c08a5160 c03982cc c3402a4c c3704810
> c08a5160 c03976dc
> [ 102.440000] fde0: c3704810 c354bc10 c1126054 c03957a4 c3490000 00000007
> 00000006 c348fe5c
> [ 102.440000] fe00: c3704800 c3704810 c354bc10 c354bc44 c348fe5c c039a508
> c3704800 c3708090
> [ 102.440000] fe20: c354bc10 c039aa90 00000000 c0447b50 c354bc00 c044cde8
> c354bc10 c03a3174
> [ 102.440000] fe40: c354bc10 c354b810 c1126054 c0399ef0 c354bc10 c0395d88
> 00000002 c08a4f2c
> [ 102.440000] fe60: c342fa20 c354bc1c 4321fedc c085e9fc cdef0123 1b130d00
> c000a484 c348e000
> [ 102.440000] fe80: 00000000 c0041be4 4321fedc c0041e00 00000000 00000000
> c348fec8 00000029
> [ 102.440000] fea0: c37c9c60 00000000 c34b9c28 00000002 c0068778 c37c9c68
> 00000000 c0130f78
> [ 102.440000] fec0: 00000000 00000000 be87d1f8 00000004 be87df8a 00000010
> be87d224 00000005
> [ 102.440000] fee0: be87d2c4 0000000f 7f64c9f8 00000001 be87cd3c c085a9b4
> c348ffb0 00053177
> [ 102.440000] ff00: 000007ff 000f0f24 c37c9c60 00000000 00000000 00000000
> 00000000 00000000
> [ 102.440000] ff20: 00000000 00000000 00000001 00000000 00000029 c348fec8
> 00000005 00000000
> [ 102.440000] ff40: 00000000 0004001e 00000005 be87d24c 00000005 be87d24c
> c348e000 00000000
> [ 102.440000] ff60: 7f65f854 c0131090 c348ff88 00000000 c37c9c60 c37c9c60
> 00000000 c01310dc
> [ 102.440000] ff80: 00000000 c000a484 00000000 7fe7e190 7fe7d118 00000000
> 7fe7e190 7fe7d118
> [ 102.440000] ffa0: 00000058 c000a2e0 00000000 7fe7e190 fee1dead 28121969
> cdef0123 1b130d00
> [ 102.440000] ffc0: 00000000 7fe7e190 7fe7d118 00000058 be87dbc4 00000000
> 00000000 be87dc58
> [ 102.440000] ffe0: 7f65ee4c be87db08 7f63f114 b6e61088 60000010 fee1dead
> 00000000 00000000
> [ 102.440000] [<c01a636c>] (sysfs_remove_group) from [<c0427c68>]
> (usb_remove_hcd+0x3c/0x1ac)
> [ 102.440000] [<c0427c68>] (usb_remove_hcd) from [<c044be28>]
> (host_stop+0x20/0xac)
> [ 102.440000] [<c044be28>] (host_stop) from [<c044be50>] (host_stop+0x48/0xac)
> [ 102.440000] [<c044be50>] (host_stop) from [<c04470e8>]
> (ci_hdrc_remove+0x40/0x130)
> [ 102.440000] [<c04470e8>] (ci_hdrc_remove) from [<c039a434>]
> (platform_drv_remove+0x20/0x38)
> [ 102.440000] [<c039a434>] (platform_drv_remove) from [<c0398158>]
> (__device_release_driver+0xa0/0x12c)
> [ 102.440000] [<c0398158>] (__device_release_driver) from [<c03982cc>]
> (device_release_driver+0x20/0x2c)
> [ 102.440000] [<c03982cc>] (device_release_driver) from [<c03976dc>]
> (bus_remove_device+0x10c/0x12c)
> [ 102.440000] [<c03976dc>] (bus_remove_device) from [<c03957a4>]
> (device_del+0xfc/0x1e8)
> [ 102.440000] [<c03957a4>] (device_del) from [<c039a508>]
> (platform_device_del+0x18/0x8c)
> [ 102.440000] [<c039a508>] (platform_device_del) from [<c039aa90>]
> (platform_device_unregister+0xc/0x18)
> [ 102.440000] [<c039aa90>] (platform_device_unregister) from [<c0447b50>]
> (ci_hdrc_remove_device+0xc/0x20)
> [ 102.440000] [<c0447b50>] (ci_hdrc_remove_device) from [<c044cde8>]
> (ci_hdrc_imx_remove+0x28/0xa4)
> [ 102.440000] [<c044cde8>] (ci_hdrc_imx_remove) from [<c0399ef0>]
> (platform_drv_shutdown+0x1c/0x20)
> [ 102.440000] [<c0399ef0>] (platform_drv_shutdown) from [<c0395d88>]
> (device_shutdown+0x44/0x1b4)
> [ 102.440000] [<c0395d88>] (device_shutdown) from [<c0041be4>]
> (kernel_halt+0xc/0x30)
> [ 102.440000] [<c0041be4>] (kernel_halt) from [<c0041e00>]
> (SyS_reboot+0x16c/0x1c4)
> [ 102.440000] [<c0041e00>] (SyS_reboot) from [<c000a2e0>]
> (ret_fast_syscall+0x0/0x1c)
> [ 102.440000] Code: e5911000 e24dd008 e3510000 e1a05000 (e5906018)
> [ 102.870000] ---[ end trace 179002d79586d7fd ]---
> [ 102.880000] systemd-shutdow: 2 output lines suppressed due to ratelimiting
> [ 102.880000] Kernel panic - not syncing: Attempted to kill init!
> exitcode=0x0000000b
> [ 102.880000]
> [ 102.880000] ---[ end Kernel panic - not syncing: Attempted to kill init!
> exitcode=0x0000000b
>
> >
> > Alan Stern
> >
--
Best Regards,
Peter Chen
--
To unsubscribe from this list: send the line "unsubscribe linux-usb" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
