Hi, Vincent Pelletier <plr.vincent@xxxxxxxxx> writes: > Hello, > > I'm triggering a reproducible panic using a DWC3 in gadget mode > (intel edison board). Built kernel is a 4.14 with all patches from > Andy Shevchenko's tree for the edison (including ones to the dwc3 to > skip EP1 & 8). It is available here: > https://github.com/vpelletier/linux/tree/eds_4.14 > > The setup is a rather simple test implementation for bidirectional > piping: <snip> > Test program is here (highlighted is the blocking call described below): > https://github.com/vpelletier/python-functionfs/blob/da45cb2435b26e65d8385b67a7395be04a65461c/examples/usbcat/device.py#L134 > > What seem to be the relevant pieces are: > - at least one AIO transfers submitted for reading from EP2OUT > - upon receiving data from stdin, a synchronous write happens on EP2IN, > which blocks if host did not submit a transfer (normal) > - SIGQUIT to interrupt the write while it's blocking > > A very short while after SIGQUIT, the kernel emits a BUG, which content > and severity (dropping to kdb command line, or sometimes continuing > seemingly normally), but seem to always be inside > dwc3_gadget_ep_dequeue (2 traces below, where kernel survived and > another boot where it panic'ed). > > Only writing without submitted AIO transfers does not cause any panic > on interruption. > > What should I do to debug further ? > > Case where the kernel survived: > [ 382.200896] BUG: scheduling while atomic: screen/1808/0x00000100 > [ 382.207124] 4 locks held by screen/1808: > [ 382.211266] #0: (rcu_callback){....}, at: [<c10b4ff0>] rcu_process_callbacks+0x260/0x440 > [ 382.219949] #1: (rcu_read_lock_sched){....}, at: [<c1358ba0>] percpu_ref_switch_to_atomic_rcu+0xb0/0x130 > [ 382.230034] #2: (&(&ctx->ctx_lock)->rlock){....}, at: [<c11f0c73>] free_ioctx_users+0x23/0xd0 > [ 382.230096] #3: (&(&ffs->eps_lock)->rlock){....}, at: [<f81e7710>] ffs_aio_cancel+0x20/0x60 [usb_f_fs] > [ 382.230160] Modules linked in: usb_f_fs libcomposite configfs bnep btsdio bluetooth ecdh_generic brcmfmac brcmutil intel_powerclamp coretemp dwc3 kvm_intel ulpi udc_core kvm irqbypass crc32_pclmul crc32c_intel pcbc dwc3_pci aesni_intel aes_i586 crypto_simd cryptd ehci_pci ehci_hcd gpio_keys usbcore basincove_gpadc industrialio usb_common > [ 382.230407] CPU: 1 PID: 1808 Comm: screen Not tainted 4.14.0-edison+ #117 > [ 382.230416] Hardware name: Intel Corporation Merrifield/BODEGA BAY, BIOS 542 2015.01.21:18.19.48 > [ 382.230425] Call Trace: > [ 382.230438] <SOFTIRQ> > [ 382.230466] dump_stack+0x47/0x62 > [ 382.230498] __schedule_bug+0x61/0x80 > [ 382.230522] __schedule+0x43/0x7a0 > [ 382.230587] schedule+0x5f/0x70 > [ 382.230625] dwc3_gadget_ep_dequeue+0x14c/0x270 [dwc3] $ gdb vmlinux (gdb) l *(dwc3_gadget_ep_dequeue + 0x14c) what does that give you? -- balbi
Attachment:
signature.asc
Description: PGP signature
