Re: usb: dwc2: crash regression in commit 3bc04e28a030 (bisected)

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On 30 June 2018 at 02:57, Doug Anderson <dianders@xxxxxxxxxxxx> wrote:
> Hi,
>
> On Fri, Jun 29, 2018 at 11:29 AM, Antti Seppälä <a.seppala@xxxxxxxxx> wrote:
>> Hi Doug, John and linux-usb.
>>
>> I'd like to report a regression in commit 3bc04e28a030 (usb: dwc2:
>> host: Get aligned DMA in a more supported way)
>
> Seems unlikely, but any chance that
> <https://patchwork.kernel.org/patch/10393775/> helps you?
>

Thank you for your suggestion but unfortunately the patch does not
help and the crash remains.

>
>> Apparently the patch does something nasty that the Lantiq platform
>> really does not like as whenever I plug my usb 3g modem into the usb
>> port of my BT HomeHub v5 (Lantiq XRX200) I get a kernel
>> oops/crash/panic with usually quite a weird content that looks like
>> some sort of memory corruption.
>>
>> I've bisected the crash and reverting 3bc04e28a030 allows the 3g-modem
>> to be plugged and the kernel does not crash.
>>
>> Below is the console log when I plug the modem in. I used stable
>> vanilla kernel 4.9.109 from OpenWrt during my tests with dwc2 debug
>> prints enabled:
>>
>> root@lantiq:/# echo -n "module dwc2 +p" >
>> /sys/kernel/debug/dynamic_debug/control
>> [   92.563454] dwc2 1e101000.ifxhcd: gintsts=05000021  gintmsk=f3000806
>> [   92.568762] dwc2 1e101000.ifxhcd: DWC OTG HCD HUB STATUS DATA: Root
>> port status changed
>> [   92.576447] dwc2 1e101000.ifxhcd:   port_connect_status_change: 1
>> [   92.582523] dwc2 1e101000.ifxhcd:   port_reset_change: 0
>> [   92.587830] dwc2 1e101000.ifxhcd:   port_enable_change: 0
>> [   92.593228] dwc2 1e101000.ifxhcd:   port_suspend_change: 0
>> [   92.598710] dwc2 1e101000.ifxhcd:   port_over_current_change: 0
>> [   92.607242] dwc2 1e101000.ifxhcd: ClearPortFeature USB_PORT_FEAT_C_CONNECTION
>> [   92.758240] dwc2 1e101000.ifxhcd: SetPortFeature
>> [   92.761535] dwc2 1e101000.ifxhcd: SetPortFeature - USB_PORT_FEAT_RESET
>> [   92.768063] dwc2 1e101000.ifxhcd: In host mode, hprt0=00021501
>> [   92.841013] dwc2 1e101000.ifxhcd: gintsts=05000029  gintmsk=f3000806
>> [   92.905329] dwc2 1e101000.ifxhcd: ClearPortFeature USB_PORT_FEAT_C_RESET
>> [   92.968536] usb 1-1: new high-speed USB device number 2 using dwc2
>> [   92.975029] dwc2 1e101000.ifxhcd: SetPortFeature
>> [   92.978358] dwc2 1e101000.ifxhcd: SetPortFeature - USB_PORT_FEAT_RESET
>> [   92.984837] dwc2 1e101000.ifxhcd: In host mode, hprt0=00001101
>> [   92.990674] dwc2 1e101000.ifxhcd: gintsts=05000029  gintmsk=f3000806
>> [   93.060349] dwc2 1e101000.ifxhcd: DWC OTG HCD HUB STATUS DATA: Root
>> port status changed
>> [   93.067020] dwc2 1e101000.ifxhcd:   port_connect_status_change: 0
>> [   93.073099] dwc2 1e101000.ifxhcd:   port_reset_change: 0
>> [   93.078375] dwc2 1e101000.ifxhcd:   port_enable_change: 1
>> [   93.083766] dwc2 1e101000.ifxhcd:   port_suspend_change: 0
>> [   93.089252] dwc2 1e101000.ifxhcd:   port_over_current_change: 0
>> [   93.096284] dwc2 1e101000.ifxhcd: gintsts=05000029  gintmsk=f3000806
>> [   93.152672] dwc2 1e101000.ifxhcd: ClearPortFeature USB_PORT_FEAT_C_RESET
>> [   93.216952] dwc2 1e101000.ifxhcd: DWC OTG HCD EP DISABLE:
>> bEndpointAddress=0x00, ep->hcpriv=86e4fa00
>> [   93.224792] dwc2 1e101000.ifxhcd: DWC OTG HCD EP DISABLE:
>> bEndpointAddress=0x00, ep->hcpriv=  (null)
>> [   93.233926] dwc2 1e101000.ifxhcd: DWC OTG HCD EP RESET: bEndpointAddress=0x00
>> [   93.268547] dwc2 1e101000.ifxhcd: DWC OTG HCD EP RESET: bEndpointAddress=0x81
>> [   93.274399] dwc2 1e101000.ifxhcd: DWC OTG HCD EP RESET: bEndpointAddress=0x01
>> [   93.307463] usb-storage 1-1:1.0: USB Mass Storage device detected
>> [   93.312238] dwc2 1e101000.ifxhcd: DWC OTG HCD HUB STATUS DATA: Root
>> port status changed
>> [   93.312256] dwc2 1e101000.ifxhcd:   port_connect_status_change: 0
>> [   93.312270] dwc2 1e101000.ifxhcd:   port_reset_change: 0
>> [   93.312329] dwc2 1e101000.ifxhcd:   port_enable_change: 1
>> [   93.312342] dwc2 1e101000.ifxhcd:   port_suspend_change: 0
>> [   93.312356] dwc2 1e101000.ifxhcd:   port_over_current_change: 0
>> [   93.408514] scsi host0: usb-storage 1-1:1.0
>> [   93.437010] dwc2 1e101000.ifxhcd: ClearPortFeature USB_PORT_FEAT_C_ENABLE
>> [   94.152597] dwc2 1e101000.ifxhcd: DWC OTG HCD EP RESET: bEndpointAddress=0x01
>> [   94.166421] dwc2 1e101000.ifxhcd: gintsts=25000029  gintmsk=f3000806
>> [   94.171336] dwc2 1e101000.ifxhcd: ++Disconnect Detected Interrupt++
>> (Host) a_host
>> [   94.180561] dwc2 1e101000.ifxhcd: DWC OTG HCD EP RESET: bEndpointAddress=0x01
>> [   94.186473] dwc2 1e101000.ifxhcd: Not connected
>> [   94.300415] dwc2 1e101000.ifxhcd: DWC OTG HCD HUB STATUS DATA: Root
>> port status changed
>> [   94.307074] dwc2 1e101000.ifxhcd:   port_connect_status_change: 1
>> [   94.313203] dwc2 1e101000.ifxhcd:   port_reset_change: 0
>> [   94.318467] dwc2 1e101000.ifxhcd:   port_enable_change: 1
>> [   94.323858] dwc2 1e101000.ifxhcd:   port_suspend_change: 0
>> [   94.329344] dwc2 1e101000.ifxhcd:   port_over_current_change: 0
>> [   94.336998] dwc2 1e101000.ifxhcd: ClearPortFeature USB_PORT_FEAT_C_CONNECTION
>> [   94.343368] dwc2 1e101000.ifxhcd: ClearPortFeature USB_PORT_FEAT_C_ENABLE
>> [   94.350145] usb 1-1: USB disconnect, device number 2
>> [   94.365605] dwc2 1e101000.ifxhcd: DWC OTG HCD EP DISABLE:
>> bEndpointAddress=0x00, ep->hcpriv=86e4f980
>> [   94.373454] dwc2 1e101000.ifxhcd: DWC OTG HCD EP DISABLE:
>> bEndpointAddress=0x00, ep->hcpriv=  (null)
>> [   94.382555] dwc2 1e101000.ifxhcd: DWC OTG HCD EP DISABLE:
>> bEndpointAddress=0x01, ep->hcpriv=86e61400
>> [   94.391728] dwc2 1e101000.ifxhcd: DWC OTG HCD EP DISABLE:
>> bEndpointAddress=0x81, ep->hcpriv=  (null)
>> [   94.680851] dwc2 1e101000.ifxhcd: SetPortFeature
>> [  104.824668] dwc2 1e101000.ifxhcd: gintsts=05000029  gintmsk=f1000806
>> [  104.964349] dwc2 1e101000.ifxhcd: DWC OTG HCD HUB STATUS DATA: Root
>> port status changed
>> [  104.970986] dwc2 1e101000.ifxhcd:   port_connect_status_change: 1
>> [  104.977099] dwc2 1e101000.ifxhcd:   port_reset_change: 0
>> [  104.982374] dwc2 1e101000.ifxhcd:   port_enable_change: 0
>> [  104.987766] dwc2 1e101000.ifxhcd:   port_suspend_change: 0
>> [  104.993252] dwc2 1e101000.ifxhcd:   port_over_current_change: 0
>> [  105.000502] dwc2 1e101000.ifxhcd: ClearPortFeature USB_PORT_FEAT_C_CONNECTION
>> [  105.148682] dwc2 1e101000.ifxhcd: SetPortFeature
>> [  105.151879] dwc2 1e101000.ifxhcd: SetPortFeature - USB_PORT_FEAT_RESET
>> [  105.158527] dwc2 1e101000.ifxhcd: In host mode, hprt0=00021501
>> [  105.232669] dwc2 1e101000.ifxhcd: gintsts=05000029  gintmsk=f1000806
>> [  105.292679] dwc2 1e101000.ifxhcd: ClearPortFeature USB_PORT_FEAT_C_RESET
>> [  105.356438] usb 1-1: new high-speed USB device number 3 using dwc2
>> [  105.362006] dwc2 1e101000.ifxhcd: SetPortFeature
>> [  105.365920] dwc2 1e101000.ifxhcd: SetPortFeature - USB_PORT_FEAT_RESET
>> [  105.372437] dwc2 1e101000.ifxhcd: In host mode, hprt0=00001101
>> [  105.378271] dwc2 1e101000.ifxhcd: gintsts=05000029  gintmsk=f3000806
>> [  105.452677] dwc2 1e101000.ifxhcd: gintsts=05000029  gintmsk=f3000806
>> [  105.460379] dwc2 1e101000.ifxhcd: DWC OTG HCD HUB STATUS DATA: Root
>> port status changed
>> [  105.467016] dwc2 1e101000.ifxhcd:   port_connect_status_change: 0
>> [  105.473132] dwc2 1e101000.ifxhcd:   port_reset_change: 1
>> [  105.478407] dwc2 1e101000.ifxhcd:   port_enable_change: 1
>> [  105.483799] dwc2 1e101000.ifxhcd:   port_suspend_change: 0
>> [  105.489284] dwc2 1e101000.ifxhcd:   port_over_current_change: 0
>> [  105.512642] dwc2 1e101000.ifxhcd: ClearPortFeature USB_PORT_FEAT_C_RESET
>> [  105.577270] dwc2 1e101000.ifxhcd: DWC OTG HCD EP DISABLE:
>> bEndpointAddress=0x00, ep->hcpriv=87626a00
>> [  105.585110] dwc2 1e101000.ifxhcd: DWC OTG HCD EP DISABLE:
>> bEndpointAddress=0x00, ep->hcpriv=  (null)
>> [  105.594242] dwc2 1e101000.ifxhcd: DWC OTG HCD EP RESET: bEndpointAddress=0x00
>> [  105.625567] dwc2 1e101000.ifxhcd: DWC OTG HCD EP RESET: bEndpointAddress=0x81
>> [  105.631399] dwc2 1e101000.ifxhcd: DWC OTG HCD EP RESET: bEndpointAddress=0x82
>> [  105.638544] dwc2 1e101000.ifxhcd: DWC OTG HCD EP RESET: bEndpointAddress=0x01
>> [  105.645678] dwc2 1e101000.ifxhcd: DWC OTG HCD EP RESET: bEndpointAddress=0x83
>> [  105.652784] dwc2 1e101000.ifxhcd: DWC OTG HCD EP RESET: bEndpointAddress=0x02
>> [  105.659943] dwc2 1e101000.ifxhcd: DWC OTG HCD EP RESET: bEndpointAddress=0x84
>> [  105.667067] dwc2 1e101000.ifxhcd: DWC OTG HCD EP RESET: bEndpointAddress=0x03
>> [  105.674221] dwc2 1e101000.ifxhcd: DWC OTG HCD EP RESET: bEndpointAddress=0x85
>> [  105.681370] dwc2 1e101000.ifxhcd: DWC OTG HCD EP RESET: bEndpointAddress=0x86
>> [  105.688471] dwc2 1e101000.ifxhcd: DWC OTG HCD EP RESET: bEndpointAddress=0x04
>> [  105.695634] dwc2 1e101000.ifxhcd: DWC OTG HCD EP RESET: bEndpointAddress=0x87
>> [  105.702744] dwc2 1e101000.ifxhcd: DWC OTG HCD EP RESET: bEndpointAddress=0x05
>> [  105.709865] dwc2 1e101000.ifxhcd: DWC OTG HCD HUB STATUS DATA: Root
>> port status changed
>> [  105.709883] dwc2 1e101000.ifxhcd:   port_connect_status_change: 0
>> [  105.709897] dwc2 1e101000.ifxhcd:   port_reset_change: 0
>> [  105.709910] dwc2 1e101000.ifxhcd:   port_enable_change: 1
>> [  105.709923] dwc2 1e101000.ifxhcd:   port_suspend_change: 0
>> [  105.709937] dwc2 1e101000.ifxhcd:   port_over_current_change: 0
>> [  105.746084] dwc2 1e101000.ifxhcd: DWC OTG HCD EP RESET: bEndpointAddress=0x06
>> [  105.753218] dwc2 1e101000.ifxhcd: DWC OTG HCD EP RESET: bEndpointAddress=0x88
>> [  105.928610] dwc2 1e101000.ifxhcd: DWC OTG HCD EP DISABLE:
>> bEndpointAddress=0x86, ep->hcpriv=  (null)
>> [  105.936489] dwc2 1e101000.ifxhcd: DWC OTG HCD EP DISABLE:
>> bEndpointAddress=0x04, ep->hcpriv=  (null)
>> [  105.945589] dwc2 1e101000.ifxhcd: DWC OTG HCD EP RESET: bEndpointAddress=0x86
>> [  105.952695] dwc2 1e101000.ifxhcd: DWC OTG HCD EP RESET: bEndpointAddress=0x04
>> [  105.959806] dwc2 1e101000.ifxhcd: DWC OTG HCD HUB STATUS DATA: Root
>> port status changed
>> [  105.959824] dwc2 1e101000.ifxhcd:   port_connect_status_change: 0
>> [  105.959837] dwc2 1e101000.ifxhcd:   port_reset_change: 0
>> [  105.959851] dwc2 1e101000.ifxhcd:   port_enable_change: 1
>> [  105.959864] dwc2 1e101000.ifxhcd:   port_suspend_change: 0
>> [  105.959878] dwc2 1e101000.ifxhcd:   port_over_current_change: 0
>> [  106.001763] qmi_wwan 1-1:1.3: cdc-wdm0: USB WDM device
>> [  106.013471] qmi_wwan 1-1:1.3 wwan0: register 'qmi_wwan' at
>> usb-1e101000.ifxhcd-1, WWAN/QMI device, f2:65:6f:98:f4:64
>> [  106.025519] usb-storage 1-1:1.5: USB Mass Storage device detected
>> [  106.142668] scsi host0: usb-storage 1-1:1.5
>> [  106.149473] usb-storage 1-1:1.6: USB Mass Storage device detected
>> [  106.176691] scsi host1: usb-storage 1-1:1.6
>> [  106.185319] dwc2 1e101000.ifxhcd: ClearPortFeature USB_PORT_FEAT_C_ENABLE
>> [  107.204509] scsi 0:0:0:0: CD-ROM            HUAWEI   Mass Storage
>>   2.31 PQ: 0 ANSI: 0
>> [  107.232892] scsi 1:0:0:0: Direct-Access     HUAWEI   SD Storage
>>   2.31 PQ: 0 ANSI: 2
>> [  107.288592] sd 1:0:0:0: [sda] Attached SCSI removable disk
>> [  109.544575] dwc2 1e101000.ifxhcd: interval=16
>> [  109.657455] dwc2 1e101000.ifxhcd: DWC OTG HCD URB Dequeue
>> [  109.662507] dwc2 1e101000.ifxhcd: Called usb_hcd_giveback_urb()
>> [  109.667351] dwc2 1e101000.ifxhcd:   urb->status = -2
>> [  109.724199] dwc2 1e101000.ifxhcd: DWC OTG HCD URB Dequeue
>> [  109.728458] dwc2 1e101000.ifxhcd: Called usb_hcd_giveback_urb()
>> [  109.734075] dwc2 1e101000.ifxhcd:   urb->status = -2
>> [  109.812200] dwc2 1e101000.ifxhcd: DWC OTG HCD URB Dequeue
>> [  109.816475] dwc2 1e101000.ifxhcd: Called usb_hcd_giveback_urb()
>> [  109.822072] dwc2 1e101000.ifxhcd:   urb->status = -2
>> [  109.942503] dwc2 1e101000.ifxhcd: DWC OTG HCD URB Dequeue
>> [  109.946678] dwc2 1e101000.ifxhcd: Called usb_hcd_giveback_urb()
>> [  109.952380] dwc2 1e101000.ifxhcd:   urb->status = -2
>> [  110.069543] dwc2 1e101000.ifxhcd: DWC OTG HCD URB Dequeue
>> [  110.073721] dwc2 1e101000.ifxhcd: Called usb_hcd_giveback_urb()
>> [  110.079424] dwc2 1e101000.ifxhcd:   urb->status = -2
>> [  110.193165] dwc2 1e101000.ifxhcd: DWC OTG HCD URB Dequeue
>> [  110.197383] dwc2 1e101000.ifxhcd: Called usb_hcd_giveback_urb()
>> [  110.203038] dwc2 1e101000.ifxhcd:   urb->status = -2
>> [  110.319245] dwc2 1e101000.ifxhcd: DWC OTG HCD URB Dequeue
>> [  110.323434] dwc2 1e101000.ifxhcd: Called usb_hcd_giveback_urb()
>> [  110.329124] dwc2 1e101000.ifxhcd:   urb->status = -2
>> [  115.432622] dwc2 1e101000.ifxhcd: DWC OTG HCD URB Dequeue
>> [  115.436840] dwc2 1e101000.ifxhcd: Called usb_hcd_giveback_urb()
>> [  115.442532] dwc2 1e101000.ifxhcd:   urb->status = -2
>> [  115.489703] dwc2 1e101000.ifxhcd: DWC OTG HCD URB Dequeue
>> [  115.493904] dwc2 1e101000.ifxhcd: Called usb_hcd_giveback_urb()
>> [  115.499578] dwc2 1e101000.ifxhcd:   urb->status = -2
>> [  115.522958] dwc2 1e101000.ifxhcd: DWC OTG HCD URB Dequeue
>> [  115.527161] dwc2 1e101000.ifxhcd: Called usb_hcd_giveback_urb()
>> [  115.532836] dwc2 1e101000.ifxhcd:   urb->status = -2
>> [  115.585907] dwc2 1e101000.ifxhcd: DWC OTG HCD URB Dequeue
>> [  115.590122] dwc2 1e101000.ifxhcd: Called usb_hcd_giveback_urb()
>> [  115.595801] dwc2 1e101000.ifxhcd:   urb->status = -2
>> [  115.625102] dwc2 1e101000.ifxhcd: DWC OTG HCD URB Dequeue
>> [  115.629307] dwc2 1e101000.ifxhcd: Called usb_hcd_giveback_urb()
>> [  115.634977] dwc2 1e101000.ifxhcd:   urb->status = -2
>> [  115.658748] dwc2 1e101000.ifxhcd: DWC OTG HCD URB Dequeue
>> [  115.662945] dwc2 1e101000.ifxhcd: Called usb_hcd_giveback_urb()
>> [  115.668627] dwc2 1e101000.ifxhcd:   urb->status = -2
>> [  115.693557] dwc2 1e101000.ifxhcd: DWC OTG HCD URB Dequeue
>> [  115.697741] dwc2 1e101000.ifxhcd: Called usb_hcd_giveback_urb()
>> [  115.703435] dwc2 1e101000.ifxhcd:   urb->status = -2
>> [  116.537092] dwc2 1e101000.ifxhcd: DWC OTG HCD URB Dequeue
>> [  116.541279] qmi_wwan 1-1:1.3: wdm_int_callback - usb_submit_urb
>> failed with result -1
>> [  116.573139] dwc2 1e101000.ifxhcd: DWC OTG HCD URB Dequeue
>> [  116.577307] dwc2 1e101000.ifxhcd: Called usb_hcd_giveback_urb()
>> [  116.583017] dwc2 1e101000.ifxhcd:   urb->status = -2
>> [  116.729940] dwc2 1e101000.ifxhcd: DWC OTG HCD URB Dequeue
>> [  116.734122] dwc2 1e101000.ifxhcd: Called usb_hcd_giveback_urb()
>> [  116.739820] dwc2 1e101000.ifxhcd:   urb->status = -2
>> [  117.018652] ------------[ cut here ]------------
>> [  117.021857] WARNING: CPU: 0 PID: 1874 at
>> kernel/locking/lockdep.c:2732 handle_tr_int+0x24/0x5c
>> [  117.030437] DEBUG_LOCKS_WARN_ON(current->hardirq_context)[
>> 117.035659] Modules linked in:
>>  qmi_wwan pppoe nf_conntrack_ipv6 iptable_nat ipt_REJECT
>> ipt_MASQUERADE xt_time xt_tcpudp xt_state xt_nat xt_multiport xt_mark
>> xt_mac xt_limit xt_conntrack xt_comment xt_TCPMSS xt_REDIRECT xt_LOG
>> usbnet ums_usbat ums_sddr55 ums_sddr09 ums_karma ums_jumpshot
>> ums_isd200 ums_freecom ums_datafab ums_cypress ums_alauda pppox
>> ppp_async owl_loader nf_reject_ipv4 nf_nat_redirect
>> nf_nat_masquerade_ipv4 nf_conntrack_ipv4 nf_nat_ipv4 nf_nat
>> nf_log_ipv4 nf_defrag_ipv6 nf_defrag_ipv4 nf_conntrack_rtcache
>> nf_conntrack ltq_deu_vr9 iptable_mangle iptable_filter ip_tables
>> crc_ccitt cdc_wdm drv_dsl_cpe_api drv_mei_cpe ip6t_REJECT
>> nf_reject_ipv6 nf_log_ipv6 nf_log_common ip6table_mangle
>> ip6table_filter ip6_tables x_tables pppoatm ppp_generic slhc msdos
>> vfat fat br2684 atm nls_utf8 nls_iso8859_1 nls_cp437 drv_ifxos
>> usb_storage dwc2 sd_mod scsi_mod gpio_button_hotplug ext4 jbd2 mbcache
>> mii crc32c_generic
>> [  117.116878] CPU: 0 PID: 1874 Comm: uci Not tainted 4.9.109 #0
>> [  117.122611] Stack : 00000006 80690000 00000000 00000000 00000000
>> 00000000 80f905c2 00000031
>> [  117.130964]         00000004 00000000 806a0000 806a0000 80690000
>> 80693827 806091d4 00000000
>> [  117.139320]         00000752 808041fc 00000002 86eafda0 8742b070
>> 800880a8 80f905c2 00000012
>> [  117.147676]         8061118c 00000000 806112f4 87c0dc2c 808041fc
>> 800ca26c 8061468c 80690000
>> [  117.156032]         00000003 00000007 87c0dc2c 00040900 00000000
>> 00000000 00000000 00000000
>> [  117.164388]         ...
>> [  117.166826] Call Trace:
>> [  117.169279] [<80010cc4>] show_stack+0x88/0xb8
>> [  117.173650] [<8022f950>] dump_stack+0x120/0x1b0
>> [  117.178167] [<800328e4>] __warn+0x110/0x118
>> [  117.182336] [<8003292c>] warn_slowpath_fmt+0x40/0x64
>> [  117.187299] [<8000bd28>] handle_tr_int+0x24/0x5c
>> [  117.191908] ---[ end trace c07a7a370287cd08 ]---
>> [  117.196674] Kernel bug detected[#1]:
>> [  117.200091] CPU: 0 PID: 1874 Comm: uci Tainted: G        W       4.9.109 #0
>> [  117.207047] task: 87e13200 task.stack: 86e6c000
>> [  117.211567] $ 0   : 00000000 779ed944 00000001 00000000
>> [  117.216788] $ 4   : df6f5735 00000000 00002000 00000002
>> [  117.222011] $ 8   : 00000000 00000003 00000001 3333ff98
>> [  117.227233] $12   : 7f820de8 77aca2c0 00000000 7f820e6c
>> [  117.232455] $16   : 813f8520 df6f5735 00000000 00000000
>> [  117.237678] $20   : 00000000 02000000 00000002 86eafda0
>> [  117.242900] $24   : 00000003 8766614c
>> [  117.248123] $28   : 86e6c000 87c0ddc0 8742b070 8766611c
>> [  117.253346] Hi    : 00000016
>> [  117.256218] Lo    : 00000001
>> [  117.259111] epc   : 80115cb0 kfree+0x90/0x258
>> [  117.263605] ra    : 8766611c dwc2_lowlevel_hw_disable+0xe30/0x2128 [dwc2]
>> [  117.270233] Status: 1100ff02 KERNEL EXL
>> [  117.274151] Cause : 10800034 (ExcCode 0d)
>> [  117.278155] PrId  : 00019556 (MIPS 34Kc)
>> [  117.282068] Modules linked in: qmi_wwan pppoe nf_conntrack_ipv6
>> iptable_nat ipt_REJECT ipt_MASQUERADE xt_time xt_tcpudp xt_state
>> xt_nat xt_multiport xt_mark xt_mac xt_limit xt_conntrack xt_comment
>> xt_TCPMSS xt_REDIRECT xt_LOG usbnet ums_usbat ums_sddr55 ums_sddr09
>> ums_karma ums_jumpshot ums_isd200 ums_freecom ums_datafab ums_cypress
>> ums_alauda pppox ppp_async owl_loader nf_reject_ipv4 nf_nat_redirect
>> nf_nat_masquerade_ipv4 nf_conntrack_ipv4 nf_nat_ipv4 nf_nat
>> nf_log_ipv4 nf_defrag_ipv6 nf_defrag_ipv4 nf_conntrack_rtcache
>> nf_conntrack ltq_deu_vr9 iptable_mangle iptable_filter ip_tables
>> crc_ccitt cdc_wdm drv_dsl_cpe_api drv_mei_cpe ip6t_REJECT
>> nf_reject_ipv6 nf_log_ipv6 nf_log_common ip6table_mangle
>> ip6table_filter ip6_tables x_tables pppoatm ppp_generic slhc msdos
>> vfat fat br2684 atm nls_utf8 nls_iso8859_1 nls_cp437 drv_ifxos
>> usb_storage dwc2 sd_mod scsi_mod gpio_button_hotplug ext4 jbd2 mbcache
>> mii crc32c_generic
>> Process uci (pid: 1874, threadinfo=86e6c000, task=87e13200, tls=77acbdc0)
>> [  117.369630] Stack : 876eea00 80319de4 86e6c000 87c0ddf0 8742b070
>> 8766610c 86eafc00 86ec0008
>> [  117.377984]         00000000 876e4880 00000000 8766611c 876e4880
>> 87666160 8742b070 876e4880
>> [  117.386340]         00000000 86eafc00 00000000 80319f7c 8742b070
>> 8049ba98 86eafc00 8742b010
>> [  117.394695]         86eafc00 8742b010 8742b070 87668a1c 00000001
>> 87c0de38 00000001 0004096d
>> [  117.403051]         86eafd80 8742b010 0000000e 876e4880 86eafb80
>> 8766b038 00000000 00000000
>> [  117.411407]         ...
>> [  117.413846] Call Trace:
>> [  117.416298] [<80115cb0>] kfree+0x90/0x258
>> [  117.420420] [<8766611c>] dwc2_lowlevel_hw_disable+0xe30/0x2128 [dwc2]
>> [  117.426839] Code: 8e020014  30420001  38420001 <00020336> 8e020000
>> 7c420380  1040000b  00000000  9605003a
>> [  117.436475]
>> [  117.438094] ---[ end trace c07a7a370287cd09 ]---
>> [  117.447304] Kernel panic - not syncing: Fatal exception in interrupt
>> [  117.455523] Rebooting in 3 seconds..
>>
>>
>> Sometimes the kernel crashes because of unaligned access:
>>
>>
>> [   83.313488] Unhandled kernel unaligned access[#1]:
>> [   83.316865] CPU: 0 PID: 3 Comm: ksoftirqd/0 Not tainted 4.9.109 #0
>> [   83.323028] task: 87c39900 task.stack: 87c58000
>> [   83.327546] $ 0   : 00000000 807e0000 87c39900 00009dad
>> [   83.332767] $ 4   : 8010f9c0 00000000 00002000 00000002
>> [   83.337985] $ 8   : 00000000 00000003 00000001 33330000
>> [   83.343207] $12   : 00000000 00ac57ac 00000000 00000000
>> [   83.348430] $16   : 811b0f20 cd346bd7 00014302 00000001
>> [   83.353652] $20   : 00000001 00010000 00000002 00000000
>> [   83.358875] $24   : 00000003 8766425c
>> [   83.364097] $28   : 87c58000 87c59d20 00000000 8010f9c0
>> [   83.369323] Hi    : 0000ab55
>> [   83.372191] Lo    : 00000000
>> [   83.375097] epc   : 8010f9c0 kfree+0xec/0x258
>> [   83.379439] ra    : 8010f9c0 kfree+0xec/0x258
>> [   83.383774] Status: 1100ff02 KERNEL EXL
>> [   83.387691] Cause : 00800010 (ExcCode 04)
>> [   83.391695] BadVA : 00014312
>> [   83.394570] PrId  : 00019556 (MIPS 34Kc)
>> [   83.398479] Modules linked in: ath9k ath9k_common ath9k_hw
>> ath10k_pci ath10k_core ath qmi_wwan pppoe nf_conntrack_ipv6 mac80211
>> iptable_nat ipt_REJECT ipt_MASQUERADE cfg80211 xt_time xt_tcpudp
>> xt_state xt_nat xt_multiport xt_mark xt_mac xt_limit xt_conntrack
>> xt_comment xt_TCPMSS xt_REDIRECT xt_LOG usbnet pppox ppp_async
>> owl_loader nf_reject_ipv4 nf_nat_redirect nf_nat_masquerade_ipv4
>> nf_conntrack_ipv4 nf_nat_ipv4 nf_nat nf_log_ipv4 nf_defrag_ipv6
>> nf_defrag_ipv4 nf_conntrack_rtcache nf_conntrack ltq_deu_vr9
>> iptable_mangle iptable_filter ip_tables crc_ccitt compat cdc_wdm
>> drv_dsl_cpe_api drv_mei_cpe ip6t_REJECT nf_reject_ipv6 nf_log_ipv6
>> nf_log_common ip6table_mangle ip6table_filter ip6_tables x_tables
>> pppoatm ppp_generic slhc br2684 atm drv_ifxos dwc2 gpio_button_hotplug
>> mii
>> [   83.467169] Process ksoftirqd/0 (pid: 3, threadinfo=87c58000,
>> task=87c39900, tls=00000000)
>> [   83.475422] Stack : 8760e800 80307070 87c58000 87c59d50 00000000
>> 8766421c 87fa2b00 85b18008
>> [   83.483775]         00000000 87c59da0 806d1278 8766422c 87c59da0
>> 87664270 8760e964 87c59da0
>> [   83.492131]         806d1278 87fa2b00 00000000 80307208 8760e944
>> 80481d7c 80308224 0000a63c
>> [   83.500487]         8760e940 8760e944 8760e964 803082cc 80677078
>> 807e4660 806d1278 8007c7b8
>> [   83.508843]         87c59da0 87c59da0 00000000 8760e970 8760e96c
>> 80677078 80676d20 80037424
>> [   83.517199]         ...
>> [   83.519636] Call Trace:
>> [   83.522097] [<8010f9c0>] kfree+0xec/0x258
>> [   83.526319] [<8766422c>] dwc2_lowlevel_hw_disable+0xd90/0x24c8 [dwc2]
>> [   83.532693] Code: 000000c0  0c01e826  00000000 <8e450010> 0c01f288
>> 02202025  32820001  14400042  00000000
>> [   83.542267]
>> [   83.544055] ---[ end trace 589a75440e5c3686 ]---
>> [   83.554307] Kernel panic - not syncing: Fatal exception in interrupt
>>
>>
>> Any ideas what might be going on? I've looked at the contents of the
>> patch but could not see any obvious reasons for such a crash
>> occurring.
>> I briefly also tested newer kernel version 4.14 but that behaved in
>> the same way.
>
> I see dwc2_lowlevel_hw_disable() in both of your traces.  It's not a
> function that I'm terribly familiar with.  Is that actually being run
> or are your stack crawl symbols just haywire?  It seems hard to
> believe dwc2_lowlevel_hw_disable is 0x24c8 bytes big (even with
> inlining), so presumably you've done some type of stripping that makes
> your stack crawls a bit useless.  Is that right?  Can you undo that
> and give better stack crawls?
>
> For instance, disassembling one kernel I've got around:
>
> c06dfc30 <dwc2_lowlevel_hw_disable>:
> c06dfc30:       e1a0c00d        mov     ip, sp
> c06dfc34:       e92dd818        push    {r3, r4, fp, ip, lr, pc}
> c06dfc38:       e24cb004        sub     fp, ip, #4
> c06dfc3c:       e52de004        push    {lr}            ; (str lr, [sp, #-4]!)
> c06dfc40:       ebf11c0e        bl      c0326c80 <__gnu_mcount_nc>
> c06dfc44:       e1a04000        mov     r4, r0
> c06dfc48:       ebffff6e        bl      c06dfa08 <__dwc2_lowlevel_hw_disable>
> c06dfc4c:       e3500000        cmp     r0, #0
> c06dfc50:       05d43034        ldrbeq  r3, [r4, #52]   ; 0x34
> c06dfc54:       07c23110        bfieq   r3, r0, #2, #1
> c06dfc58:       05c43034        strbeq  r3, [r4, #52]   ; 0x34
> c06dfc5c:       e89da818        ldm     sp, {r3, r4, fp, sp, pc}
>
> ...and even __dwc2_lowlevel_hw_disable isn't that big:
>
>
> c06dfa08 <__dwc2_lowlevel_hw_disable>:
> c06dfa08:       e1a0c00d        mov     ip, sp
> ...
> c06dfab4:       e89da830        ldm     sp, {r4, r5, fp, sp, pc}
>

Yeah, I think the last couple of stack frames are probably corrupted
somehow even though the symbols are in place.

With kernel 4.14.50 I managed to get a saner looking call trace but
even with that the last few frames look like they are corrupted:

[   51.340015] Call Trace:
[   51.342465] [<801281f8>] kfree+0x90/0x258
[   51.346576] [<876e3488>] dwc2_init_params+0x11f4/0x306c [dwc2]
[   51.352398] [<804f5b98>] _raw_spin_unlock_irq+0x30/0x48
[   51.357537] [<8034ac04>] usb_giveback_urb_bh+0xdc/0x100
[   51.362766] [<8003895c>] tasklet_action+0x174/0x250
[   51.367621] [<804f6524>] __do_softirq+0x1cc/0x350
[   51.372321] [<800381f8>] irq_exit+0x80/0xb4
[   51.376497] [<8000317c>] ltq_hw_irqdispatch+0x9c/0xe4
[   51.381554] [<8000adb4>] except_vec_vi_end+0xc8/0xd4
[   51.386516] [<804ee1c0>] __bzero+0xc4/0x164
[   51.390695] [<80040ac0>] flush_signal_handlers+0x5c/0x7c
[   51.396009] [<8018bf1c>] load_elf_binary+0x32c/0x1328
[   51.401057] [<80137280>] search_binary_handler+0x9c/0x290
[   51.406442] [<80137f74>] do_execveat_common+0x5a8/0x7f4
[   51.411664] [<801381e0>] do_execve+0x20/0x2c
[   51.415927] [<8001bad0>] syscall_common+0x34/0x58

My current working theory is that the crash may have something to do
how struct dma_aligned_buffer is laid out in memory which somehow
isn't compatible with big-endian MIPS DMA.

I found discussion over a bug in MMC driver which may be related to
the alignment requirements on MIPS:
https://patchwork.kernel.org/patch/9423097/

Br,
-Antti
--
To unsubscribe from this list: send the line "unsubscribe linux-usb" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
[Index of Archives]     [Linux Media]     [Linux Input]     [Linux Audio Users]     [Yosemite News]     [Linux Kernel]     [Linux SCSI]     [Old Linux USB Devel Archive]

  Powered by Linux