Re: 32-bit Amlogic (ARM) SoC: kernel BUG in kfree()
From: Martin Blumenstingl
Date: Fri Mar 22 2019 - 17:08:14 EST
Hi Matthew,
On Thu, Mar 21, 2019 at 10:44 PM Matthew Wilcox <willy@xxxxxxxxxxxxx> wrote:
>
> On Thu, Mar 21, 2019 at 09:17:34PM +0100, Martin Blumenstingl wrote:
> > Hello,
> >
> > I am experiencing the following crash:
> > ------------[ cut here ]------------
> > kernel BUG at mm/slub.c:3950!
>
> if (unlikely(!PageSlab(page))) {
> BUG_ON(!PageCompound(page));
>
> You called kfree() on the address of a page which wasn't allocated by slab.
>
> > I have traced this crash to the kfree() in meson_nfc_read_buf().
> > my observation is as follows:
> > - meson_nfc_read_buf() is called 7 times without any crash, the
> > kzalloc() call returns 0xe9e6c600 (virtual address) / 0x29e6c600
> > (physical address)
> > - the eight time meson_nfc_read_buf() is called kzalloc() call returns
> > 0xee39a38b (virtual address) / 0x2e39a38b (physical address) and the
> > final kfree() crashes
> > - changing the size in the kzalloc() call from PER_INFO_BYTE (= 8) to
> > PAGE_SIZE works around that crash
>
> I suspect you're doing something which corrupts memory. Overrunning
> the end of your allocation or something similar. Have you tried KASAN
> or even the various slab debugging (eg redzones)?
KASAN is not available on 32-bit ARM. there was some progress last
year [0] but it didn't make it into mainline. I tried to make the
patches apply again and got it to compile (and my kernel is still
booting) but I have no idea if it's still working. for anyone
interested, my patches are here: [1] (I consider this a HACK because I
don't know anything about the code which is being touched in the
patches, I only made it compile)
SLAB debugging (redzones) were a great hint, thank you very much for
that Matthew! I enabled:
CONFIG_SLUB_DEBUG=y
CONFIG_SLUB_DEBUG_ON=y
and with that I now get "BUG kmalloc-64 (Not tainted): Redzone
overwritten" (a larger kernel log extract is attached).
I'm starting to wonder if the NAND controller (hardware) writes more
than 8 bytes.
some context: the "info" buffer allocated in meson_nfc_read_buf is
then passed to the NAND controller IP (after using dma_map_single).
Liang, how does the NAND controller know that it only has to send
PER_INFO_BYTE (= 8) bytes when called from meson_nfc_read_buf? all
other callers of meson_nfc_dma_buffer_setup (which passes the info
buffer to the hardware) are using (nand->ecc.steps * PER_INFO_BYTE)
bytes?
Regards
Martin
[0] https://lore.kernel.org/patchwork/cover/913212/
[1] https://github.com/xdarklight/linux/tree/arm-kasan-hack-v5.1-rc1
[ 2.742070] meson_nfc_read_buf e95e7d00 0x295e7d00
[ 2.742155] meson_nfc_read_buf e95e7d00 0x295e7d00
[ 2.746056] meson_nfc_read_buf e95e62c0 0x295e62c0
[ 2.750947] meson_nfc_read_buf e95e7d00 0x295e7d00
[ 2.755530] =============================================================================
[ 2.763673] BUG kmalloc-64 (Not tainted): Redzone overwritten
[ 2.769392] -----------------------------------------------------------------------------
[ 2.769392]
[ 2.779013] Disabling lock debugging due to kernel taint
[ 2.784303] INFO: 0x(ptrval)-0x(ptrval). First byte 0xff instead of 0xcc
[ 2.790982] INFO: Allocated in 0xffffffff age=4294937574 cpu=4294967295 pid=-1
[ 2.798171] 0xffffffff
[ 2.800598] 0xffffffff
[ 2.803024] 0xffffffff
[ 2.805451] 0xffffffff
[ 2.807879] 0xffffffff
[ 2.810306] 0xffffffff
[ 2.812733] 0xffffffff
[ 2.815160] 0xffffffff
[ 2.817587] 0xffffffff
[ 2.820014] 0xffffffff
[ 2.822441] 0xffffffff
[ 2.824869] 0xffffffff
[ 2.827296] 0xffffffff
[ 2.829722] 0xffffffff
[ 2.832150] 0xffffffff
[ 2.834577] 0xffffffff
[ 2.837006] INFO: Freed in 0xffffffff age=4294937574 cpu=4294967295 pid=-1
[ 2.843852] 0xffffffff
[ 2.846279] 0xffffffff
[ 2.848706] 0xffffffff
[ 2.851133] 0xffffffff
[ 2.853560] 0xffffffff
[ 2.855987] 0xffffffff
[ 2.858414] 0xffffffff
[ 2.860842] 0xffffffff
[ 2.863269] 0xffffffff
[ 2.865696] 0xffffffff
[ 2.868123] 0xffffffff
[ 2.870550] 0xffffffff
[ 2.872977] 0xffffffff
[ 2.875404] 0xffffffff
[ 2.877831] 0xffffffff
[ 2.880258] 0xffffffff
[ 2.882687] INFO: Slab 0x(ptrval) objects=25 used=4 fp=0x(ptrval) flags=0x10201
[ 2.889968] INFO: Object 0x(ptrval) @offset=7424 fp=0x(ptrval)
[ 2.889968]
[ 2.897251] Redzone (ptrval): cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc ................
[ 2.905917] Redzone (ptrval): cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc ................
[ 2.914585] Redzone (ptrval): cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc ................
[ 2.923253] Redzone (ptrval): cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc ................
[ 2.931922] Object (ptrval): 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
[ 2.940503] Object (ptrval): 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
[ 2.949085] Object (ptrval): ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ................
[ 2.957666] Object (ptrval): ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ................
[ 2.966248] Redzone (ptrval): ff ff ff ff ....
[ 2.973876] Padding (ptrval): ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ................
[ 2.982544] Padding (ptrval): ff ff ff ff ff ff ff ff ........
[ 2.990523] CPU: 1 PID: 1 Comm: swapper/0 Tainted: G B 5.1.0-rc1-00088-g406014e081b4-dirty #4272
[ 3.000574] Hardware name: Amlogic Meson platform
[ 3.005269] [<c0311bb8>] (unwind_backtrace) from [<c030ca68>] (show_stack+0x10/0x14)
[ 3.012976] [<c030ca68>] (show_stack) from [<c0ccba28>] (dump_stack+0xa4/0xb8)
[ 3.020171] [<c0ccba28>] (dump_stack) from [<c0487fe0>] (check_bytes_and_report+0xcc/0x104)
[ 3.028490] [<c0487fe0>] (check_bytes_and_report) from [<c04881d4>] (check_object+0x194/0x28c)
[ 3.037072] [<c04881d4>] (check_object) from [<c048a658>] (free_debug_processing+0x12c/0x420)
[ 3.045566] [<c048a658>] (free_debug_processing) from [<c048ac5c>] (__slab_free+0x310/0x4a0)
[ 3.053974] [<c048ac5c>] (__slab_free) from [<c048b1c4>] (kfree+0x184/0x274)
[ 3.060997] [<c048b1c4>] (kfree) from [<c08b861c>] (meson_nfc_exec_op+0x3b0/0x408)
[ 3.068541] [<c08b861c>] (meson_nfc_exec_op) from [<c08a424c>] (nand_read_data_op+0xb8/0x154)
[ 3.077034] [<c08a424c>] (nand_read_data_op) from [<c08ae394>] (nand_onfi_detect+0xdc/0x644)
[ 3.085440] [<c08ae394>] (nand_onfi_detect) from [<c08aa4d0>] (nand_scan_with_ids+0x900/0x171c)
[ 3.094111] [<c08aa4d0>] (nand_scan_with_ids) from [<c08b7a04>] (meson_nfc_probe+0x46c/0x694)
[ 3.102606] [<c08b7a04>] (meson_nfc_probe) from [<c081f430>] (platform_drv_probe+0x48/0x98)
[ 3.110924] [<c081f430>] (platform_drv_probe) from [<c081d4b8>] (really_probe+0x1e0/0x2cc)
[ 3.119158] [<c081d4b8>] (really_probe) from [<c081d704>] (driver_probe_device+0x60/0x16c)
[ 3.127393] [<c081d704>] (driver_probe_device) from [<c081d9b0>] (device_driver_attach+0x58/0x60)
[ 3.136235] [<c081d9b0>] (device_driver_attach) from [<c081da10>] (__driver_attach+0x58/0xcc)
[ 3.144734] [<c081da10>] (__driver_attach) from [<c081b87c>] (bus_for_each_dev+0x74/0xb4)
[ 3.152879] [<c081b87c>] (bus_for_each_dev) from [<c081c8ec>] (bus_add_driver+0x1b8/0x1d8)
[ 3.161113] [<c081c8ec>] (bus_add_driver) from [<c081e53c>] (driver_register+0x74/0x108)
[ 3.169176] [<c081e53c>] (driver_register) from [<c0302f54>] (do_one_initcall+0x54/0x284)
[ 3.177324] [<c0302f54>] (do_one_initcall) from [<c1001180>] (kernel_init_freeable+0x2d4/0x36c)
[ 3.185991] [<c1001180>] (kernel_init_freeable) from [<c0ce2a38>] (kernel_init+0x8/0x110)
[ 3.194139] [<c0ce2a38>] (kernel_init) from [<c03010f0>] (ret_from_fork+0x14/0x24)
[ 3.201678] Exception stack(0xe983ffb0 to 0xe983fff8)
[ 3.206707] ffa0: 00000000 00000000 00000000 00000000
[ 3.214856] ffc0: 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000
[ 3.223003] ffe0: 00000000 00000000 00000000 00000000 00000013 00000000
[ 3.229591] FIX kmalloc-64: Restoring 0x(ptrval)-0x(ptrval)=0xcc
[ 3.229591]
[ 3.237097] FIX kmalloc-64: Object at 0x(ptrval) not freed
[ 3.242545] meson_nfc_read_buf e95e6400 0x295e6400
[ 3.247278] =============================================================================
[ 3.255421] BUG kmalloc-64 (Tainted: G B ): Redzone overwritten
[ 3.262527] -----------------------------------------------------------------------------
[ 3.262527]
[ 3.272151] INFO: 0x(ptrval)-0x(ptrval). First byte 0xff instead of 0xcc
[ 3.278827] INFO: Allocated in 0xfedfffff age=4294937620 cpu=0 pid=27697
[ 3.285499] 0xffef6f7f
[ 3.287926] 0xffffffff
[ 3.290353] 0xffffffef
[ 3.292780] 0xdf777fef
[ 3.295207] 0xffffffff
[ 3.297636] INFO: Freed in 0x80840052 age=4294937617 cpu=0 pid=33554432
[ 3.304223] INFO: Slab 0x(ptrval) objects=25 used=5 fp=0x(ptrval) flags=0x10201
[ 3.311504] INFO: Object 0x(ptrval) @offset=1024 fp=0x(ptrval)
[ 3.311504]
[ 3.318786] Redzone (ptrval): cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc ................
[ 3.327454] Redzone (ptrval): cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc ................
[ 3.336122] Redzone (ptrval): cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc ................
[ 3.344790] Redzone (ptrval): cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc ................
[ 3.353458] Object (ptrval): 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
[ 3.362040] Object (ptrval): 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
[ 3.370621] Object (ptrval): ff ff ff ff ff ff ff ff ff fd fb bf ff ff ff ff ................
[ 3.379203] Object (ptrval): ef ff f7 ff ff ff ff ff fb ff fe ff ff ff ff ff ................
[ 3.387784] Redzone (ptrval): ff ff ff ff ....
[ 3.395412] Padding (ptrval): 00 00 00 00 02 00 00 00 01 00 00 02 e0 8b ff ff ................
[ 3.404080] Padding (ptrval): 00 00 00 00 00 00 00 00 ........
[ 3.412057] CPU: 1 PID: 1 Comm: swapper/0 Tainted: G B 5.1.0-rc1-00088-g406014e081b4-dirty #4272
[ 3.422110] Hardware name: Amlogic Meson platform
[ 3.426797] [<c0311bb8>] (unwind_backtrace) from [<c030ca68>] (show_stack+0x10/0x14)
[ 3.434510] [<c030ca68>] (show_stack) from [<c0ccba28>] (dump_stack+0xa4/0xb8)
[ 3.441705] [<c0ccba28>] (dump_stack) from [<c0487fe0>] (check_bytes_and_report+0xcc/0x104)
[ 3.450026] [<c0487fe0>] (check_bytes_and_report) from [<c04881d4>] (check_object+0x194/0x28c)
[ 3.458607] [<c04881d4>] (check_object) from [<c048a658>] (free_debug_processing+0x12c/0x420)
[ 3.467102] [<c048a658>] (free_debug_processing) from [<c048ac5c>] (__slab_free+0x310/0x4a0)
[ 3.475510] [<c048ac5c>] (__slab_free) from [<c048b1c4>] (kfree+0x184/0x274)
[ 3.482531] [<c048b1c4>] (kfree) from [<c08b861c>] (meson_nfc_exec_op+0x3b0/0x408)
[ 3.490074] [<c08b861c>] (meson_nfc_exec_op) from [<c08a424c>] (nand_read_data_op+0xb8/0x154)
[ 3.498569] [<c08a424c>] (nand_read_data_op) from [<c08ae394>] (nand_onfi_detect+0xdc/0x644)
[ 3.506976] [<c08ae394>] (nand_onfi_detect) from [<c08aa4d0>] (nand_scan_with_ids+0x900/0x171c)
[ 3.515645] [<c08aa4d0>] (nand_scan_with_ids) from [<c08b7a04>] (meson_nfc_probe+0x46c/0x694)
[ 3.524140] [<c08b7a04>] (meson_nfc_probe) from [<c081f430>] (platform_drv_probe+0x48/0x98)
[ 3.532460] [<c081f430>] (platform_drv_probe) from [<c081d4b8>] (really_probe+0x1e0/0x2cc)
[ 3.540695] [<c081d4b8>] (really_probe) from [<c081d704>] (driver_probe_device+0x60/0x16c)
[ 3.548930] [<c081d704>] (driver_probe_device) from [<c081d9b0>] (device_driver_attach+0x58/0x60)
[ 3.557771] [<c081d9b0>] (device_driver_attach) from [<c081da10>] (__driver_attach+0x58/0xcc)
[ 3.566267] [<c081da10>] (__driver_attach) from [<c081b87c>] (bus_for_each_dev+0x74/0xb4)
[ 3.574415] [<c081b87c>] (bus_for_each_dev) from [<c081c8ec>] (bus_add_driver+0x1b8/0x1d8)
[ 3.582649] [<c081c8ec>] (bus_add_driver) from [<c081e53c>] (driver_register+0x74/0x108)
[ 3.590711] [<c081e53c>] (driver_register) from [<c0302f54>] (do_one_initcall+0x54/0x284)
[ 3.598859] [<c0302f54>] (do_one_initcall) from [<c1001180>] (kernel_init_freeable+0x2d4/0x36c)
[ 3.607527] [<c1001180>] (kernel_init_freeable) from [<c0ce2a38>] (kernel_init+0x8/0x110)
[ 3.615675] [<c0ce2a38>] (kernel_init) from [<c03010f0>] (ret_from_fork+0x14/0x24)
[ 3.623214] Exception stack(0xe983ffb0 to 0xe983fff8)
[ 3.628243] ffa0: 00000000 00000000 00000000 00000000
[ 3.636392] ffc0: 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000
[ 3.644539] ffe0: 00000000 00000000 00000000 00000000 00000013 00000000
[ 3.651126] FIX kmalloc-64: Restoring 0x(ptrval)-0x(ptrval)=0xcc
[ 3.651126]
[ 3.658617] FIX kmalloc-64: Object at 0x(ptrval) not freed
[ 3.664070] meson_nfc_read_buf e95e62c0 0x295e62c0
[ 3.668825] =============================================================================
[ 3.676957] BUG kmalloc-64 (Tainted: G B ): Redzone overwritten
[ 3.684064] -----------------------------------------------------------------------------
[ 3.684064]
[ 3.693687] INFO: 0x(ptrval)-0x(ptrval). First byte 0x0 instead of 0xcc
[ 3.700277] INFO: Freed in 0xfe55620 age=536841280 cpu=4294967263 pid=-1048577
[ 3.707469] INFO: Slab 0x(ptrval) objects=25 used=6 fp=0x(ptrval) flags=0x10201
[ 3.714750] INFO: Object 0x(ptrval) @offset=704 fp=0x(ptrval)
[ 3.714750]
[ 3.721945] Redzone (ptrval): cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc ................
[ 3.730613] Redzone (ptrval): cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc ................
[ 3.739281] Redzone (ptrval): cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc ................
[ 3.747949] Redzone (ptrval): cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc ................
[ 3.756618] Object (ptrval): 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
[ 3.765199] Object (ptrval): 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
[ 3.773781] Object (ptrval): ff ff ff ff ff ff ff ff ff bf ff ff 7f ff ff ff ................
[ 3.782362] Object (ptrval): ff ff ff ff ff ff ff ff ff ff df ff 2f ff ff ff ............/...
[ 3.790944] Redzone (ptrval): 00 00 00 00 ....
[ 3.798572] Padding (ptrval): ff ff ff ff ff ff d7 fe ff ff ff ff ff ff ff ff ................
[ 3.807240] Padding (ptrval): db ff ff ff 5e 7b ff ff ....^{..
[ 3.815217] CPU: 1 PID: 1 Comm: swapper/0 Tainted: G B 5.1.0-rc1-00088-g406014e081b4-dirty #4272
[ 3.825269] Hardware name: Amlogic Meson platform
[ 3.829957] [<c0311bb8>] (unwind_backtrace) from [<c030ca68>] (show_stack+0x10/0x14)
[ 3.837669] [<c030ca68>] (show_stack) from [<c0ccba28>] (dump_stack+0xa4/0xb8)
[ 3.844865] [<c0ccba28>] (dump_stack) from [<c0487fe0>] (check_bytes_and_report+0xcc/0x104)
[ 3.853186] [<c0487fe0>] (check_bytes_and_report) from [<c04881d4>] (check_object+0x194/0x28c)
[ 3.861767] [<c04881d4>] (check_object) from [<c048a658>] (free_debug_processing+0x12c/0x420)
[ 3.870262] [<c048a658>] (free_debug_processing) from [<c048ac5c>] (__slab_free+0x310/0x4a0)
[ 3.878670] [<c048ac5c>] (__slab_free) from [<c048b1c4>] (kfree+0x184/0x274)
[ 3.885691] [<c048b1c4>] (kfree) from [<c08b861c>] (meson_nfc_exec_op+0x3b0/0x408)
[ 3.893233] [<c08b861c>] (meson_nfc_exec_op) from [<c08a424c>] (nand_read_data_op+0xb8/0x154)
[ 3.901728] [<c08a424c>] (nand_read_data_op) from [<c08ae394>] (nand_onfi_detect+0xdc/0x644)
[ 3.910135] [<c08ae394>] (nand_onfi_detect) from [<c08aa4d0>] (nand_scan_with_ids+0x900/0x171c)
[ 3.918805] [<c08aa4d0>] (nand_scan_with_ids) from [<c08b7a04>] (meson_nfc_probe+0x46c/0x694)
[ 3.927300] [<c08b7a04>] (meson_nfc_probe) from [<c081f430>] (platform_drv_probe+0x48/0x98)
[ 3.935619] [<c081f430>] (platform_drv_probe) from [<c081d4b8>] (really_probe+0x1e0/0x2cc)
[ 3.943854] [<c081d4b8>] (really_probe) from [<c081d704>] (driver_probe_device+0x60/0x16c)
[ 3.952089] [<c081d704>] (driver_probe_device) from [<c081d9b0>] (device_driver_attach+0x58/0x60)
[ 3.960931] [<c081d9b0>] (device_driver_attach) from [<c081da10>] (__driver_attach+0x58/0xcc)
[ 3.969427] [<c081da10>] (__driver_attach) from [<c081b87c>] (bus_for_each_dev+0x74/0xb4)
[ 3.977575] [<c081b87c>] (bus_for_each_dev) from [<c081c8ec>] (bus_add_driver+0x1b8/0x1d8)
[ 3.985808] [<c081c8ec>] (bus_add_driver) from [<c081e53c>] (driver_register+0x74/0x108)
[ 3.993871] [<c081e53c>] (driver_register) from [<c0302f54>] (do_one_initcall+0x54/0x284)
[ 4.002019] [<c0302f54>] (do_one_initcall) from [<c1001180>] (kernel_init_freeable+0x2d4/0x36c)
[ 4.010686] [<c1001180>] (kernel_init_freeable) from [<c0ce2a38>] (kernel_init+0x8/0x110)
[ 4.018834] [<c0ce2a38>] (kernel_init) from [<c03010f0>] (ret_from_fork+0x14/0x24)
[ 4.026373] Exception stack(0xe983ffb0 to 0xe983fff8)
[ 4.031402] ffa0: 00000000 00000000 00000000 00000000
[ 4.039552] ffc0: 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000
[ 4.047699] ffe0: 00000000 00000000 00000000 00000000 00000013 00000000
[ 4.054286] FIX kmalloc-64: Restoring 0x(ptrval)-0x(ptrval)=0xcc
[ 4.054286]
[ 4.061773] FIX kmalloc-64: Object at 0x(ptrval) not freed
[ 4.067212] Could not find a valid ONFI parameter page, trying bit-wise majority to recover it
[ 4.075833] ONFI parameter recovery failed, aborting
[ 4.080773] meson_nfc_read_buf e95e7bc0 0x295e7bc0
[ 4.085578] meson_nfc_read_buf e95e7bc0 0x295e7bc0
[ 4.090336] nand: device found, Manufacturer ID: 0xad, Chip ID: 0xde
[ 4.096586] nand: Hynix NAND 8GiB 3,3V 8-bit
[ 4.100847] nand: 8192 MiB, MLC, erase size: 4096 KiB, page size: 16384, OOB size: 1280
[ 4.108873] meson_nfc_read_buf e95e7bc0 0x295e7bc0
[ 4.116115] Unable to handle kernel paging request at virtual address fffffffe
[ 4.120770] pgd = (ptrval)
[ 4.123457] [fffffffe] *pgd=2bfde861, *pte=00000000, *ppte=00000000
[ 4.129703] Internal error: Oops: 80000007 [#1] PREEMPT SMP ARM
[ 4.135593] Modules linked in:
[ 4.138630] CPU: 0 PID: 0 Comm: swapper/0 Tainted: G B 5.1.0-rc1-00088-g406014e081b4-dirty #4272
[ 4.148681] Hardware name: Amlogic Meson platform
[ 4.153364] PC is at 0xfffffffe
[ 4.156491] LR is at __handle_irq_event_percpu+0x7c/0x2c4
[ 4.161858] pc : [<fffffffe>] lr : [<c037c878>] psr: 600001b3
[ 4.168099] sp : c1101e48 ip : ea001ee8 fp : c11c32a0
[ 4.173300] r10: c11c32b4 r9 : c1101f10 r8 : c1101e90
[ 4.178501] r7 : 00000033 r6 : 00000000 r5 : e9a566a8 r4 : e95e4f40
[ 4.185002] r3 : ffffffff r2 : c1108cb4 r1 : ffffffff r0 : 00000033
[ 4.191505] Flags: nZCv IRQs off FIQs on Mode SVC_32 ISA Thumb Segment none
[ 4.198872] Control: 10c5387d Table: 0020404a DAC: 00000051
[ 4.204592] Process swapper/0 (pid: 0, stack limit = 0x(ptrval))
[ 4.210573] Stack: (0xc1101e48 to 0xc1102000)
[ 4.214910] 1e40: 00000080 c11c3264 eaf86680 c11c32b4 ffffe000 e9a56640
[ 4.223059] 1e60: c1108cb4 c11c2d03 eaf85580 c1108c88 e9a566a8 e9a56640 00000001 00000000
[ 4.231207] 1e80: c1101f10 c021f540 c0f40060 c037caec 00000000 5b1da9e9 e9a56640 e9a566a8
[ 4.239355] 1ea0: c11093a0 c037cb78 e9a56640 e9a566a8 c11093a0 c0380d90 c108d1b4 00000000
[ 4.247503] 1ec0: 00000033 c037ba34 c108d1b4 c037c014 c11093a0 c11579c8 f080210c f0802100
[ 4.255651] 1ee0: c1101f10 f0803100 c108c970 c06fe26c c030946c 60000013 ffffffff c1101f44
[ 4.263799] 1f00: c1108c88 c1100000 c108c970 c0301a8c 00000000 0000a974 eaf8ade0 c031aee0
[ 4.271948] 1f20: ffffe000 c1108cb4 c1108cf8 00000001 c1108c88 00000000 c108c970 c0f40060
[ 4.280096] 1f40: c1108d9c c1101f60 c0309468 c030946c 60000013 ffffffff 00000051 00000000
[ 4.288244] 1f60: ffffe000 c0356de4 00000000 c1108c88 00000041 5b1da9e9 c1112210 000000c9
[ 4.296392] 1f80: 00000001 ffffffff c11d7640 c1108c88 00000041 c11d7640 c106da40 c0357168
[ 4.304540] 1fa0: c11d7698 c1000e80 ffffffff ffffffff 00000000 c1000584 00000000 ebfffd00
[ 4.312688] 1fc0: 00000000 c106da40 5b18a8e9 00000000 00000000 c1000330 00000051 10c0387d
[ 4.320836] 1fe0: 00000f81 1f164000 414fc091 10c5387d 00000000 00000000 00000000 00000000
[ 4.328989] [<c037c878>] (__handle_irq_event_percpu) from [<c037caec>] (handle_irq_event_percpu+0x2c/0x80)
[ 4.338608] [<c037caec>] (handle_irq_event_percpu) from [<c037cb78>] (handle_irq_event+0x38/0x5c)
[ 4.347451] [<c037cb78>] (handle_irq_event) from [<c0380d90>] (handle_fasteoi_irq+0xcc/0x17c)
[ 4.355943] [<c0380d90>] (handle_fasteoi_irq) from [<c037ba34>] (generic_handle_irq+0x24/0x34)
[ 4.364525] [<c037ba34>] (generic_handle_irq) from [<c037c014>] (__handle_domain_irq+0x7c/0xec)
[ 4.373196] [<c037c014>] (__handle_domain_irq) from [<c06fe26c>] (gic_handle_irq+0x4c/0x90)
[ 4.381515] [<c06fe26c>] (gic_handle_irq) from [<c0301a8c>] (__irq_svc+0x6c/0xa8)
[ 4.388966] Exception stack(0xc1101f10 to 0xc1101f58)
[ 4.393995] 1f00: 00000000 0000a974 eaf8ade0 c031aee0
[ 4.402145] 1f20: ffffe000 c1108cb4 c1108cf8 00000001 c1108c88 00000000 c108c970 c0f40060
[ 4.410292] 1f40: c1108d9c c1101f60 c0309468 c030946c 60000013 ffffffff
[ 4.416883] [<c0301a8c>] (__irq_svc) from [<c030946c>] (arch_cpu_idle+0x38/0x3c)
[ 4.424252] [<c030946c>] (arch_cpu_idle) from [<c0356de4>] (do_idle+0x1e4/0x290)
[ 4.431618] [<c0356de4>] (do_idle) from [<c0357168>] (cpu_startup_entry+0x18/0x1c)
[ 4.439158] [<c0357168>] (cpu_startup_entry) from [<c1000e80>] (start_kernel+0x45c/0x488)
[ 4.447305] [<c1000e80>] (start_kernel) from [<00000000>] ( (null))
[ 4.453631] Code: bad PC value
[ 4.456674] ---[ end trace eaad995c3018501e ]---
[ 4.461259] Kernel panic - not syncing: Fatal exception in interrupt
[ 4.467592] CPU3: stopping
[ 4.470277] CPU: 3 PID: 0 Comm: swapper/3 Tainted: G B D 5.1.0-rc1-00088-g406014e081b4-dirty #4272
[ 4.480328] Hardware name: Amlogic Meson platform
[ 4.485017] [<c0311bb8>] (unwind_backtrace) from [<c030ca68>] (show_stack+0x10/0x14)
[ 4.492729] [<c030ca68>] (show_stack) from [<c0ccba28>] (dump_stack+0xa4/0xb8)
[ 4.499924] [<c0ccba28>] (dump_stack) from [<c03100d4>] (handle_IPI+0x418/0x444)
[ 4.507292] [<c03100d4>] (handle_IPI) from [<c06fe2ac>] (gic_handle_irq+0x8c/0x90)
[ 4.514832] [<c06fe2ac>] (gic_handle_irq) from [<c0301a8c>] (__irq_svc+0x6c/0xa8)
[ 4.522283] Exception stack(0xe987df60 to 0xe987dfa8)
[ 4.527315] df60: 00000000 00003658 eafc0de0 c031aee0 ffffe000 c1108cb4 c1108cf8 00000008
[ 4.535462] df80: c1108c88 00000000 c108c970 c0f40060 00000001 e987dfb0 c0309468 c030946c
[ 4.543607] dfa0: 600c0013 ffffffff
[ 4.547079] [<c0301a8c>] (__irq_svc) from [<c030946c>] (arch_cpu_idle+0x38/0x3c)
[ 4.554447] [<c030946c>] (arch_cpu_idle) from [<c0356de4>] (do_idle+0x1e4/0x290)
[ 4.561814] [<c0356de4>] (do_idle) from [<c0357168>] (cpu_startup_entry+0x18/0x1c)
[ 4.569355] [<c0357168>] (cpu_startup_entry) from [<003026ac>] (0x3026ac)
[ 4.576113] CPU1: stopping
[ 4.578803] CPU: 1 PID: 0 Comm: swapper/1 Tainted: G B D 5.1.0-rc1-00088-g406014e081b4-dirty #4272
[ 4.588855] Hardware name: Amlogic Meson platform
[ 4.593543] [<c0311bb8>] (unwind_backtrace) from [<c030ca68>] (show_stack+0x10/0x14)
[ 4.601254] [<c030ca68>] (show_stack) from [<c0ccba28>] (dump_stack+0xa4/0xb8)
[ 4.608449] [<c0ccba28>] (dump_stack) from [<c03100d4>] (handle_IPI+0x418/0x444)
[ 4.615817] [<c03100d4>] (handle_IPI) from [<c06fe2ac>] (gic_handle_irq+0x8c/0x90)
[ 4.623358] [<c06fe2ac>] (gic_handle_irq) from [<c0301a8c>] (__irq_svc+0x6c/0xa8)
[ 4.630809] Exception stack(0xe9877f60 to 0xe9877fa8)
[ 4.635841] 7f60: 00000000 00005464 eaf9cde0 c031aee0 ffffe000 c1108cb4 c1108cf8 00000002
[ 4.643989] 7f80: c1108c88 00000000 c108c970 c0f40060 00000001 e9877fb0 c0309468 c030946c
[ 4.652133] 7fa0: 600c0013 ffffffff
[ 4.655605] [<c0301a8c>] (__irq_svc) from [<c030946c>] (arch_cpu_idle+0x38/0x3c)
[ 4.662973] [<c030946c>] (arch_cpu_idle) from [<c0356de4>] (do_idle+0x1e4/0x290)
[ 4.670341] [<c0356de4>] (do_idle) from [<c0357168>] (cpu_startup_entry+0x18/0x1c)
[ 4.677881] [<c0357168>] (cpu_startup_entry) from [<003026ac>] (0x3026ac)
[ 4.684640] CPU2: stopping
[ 4.687329] CPU: 2 PID: 0 Comm: swapper/2 Tainted: G B D 5.1.0-rc1-00088-g406014e081b4-dirty #4272
[ 4.697381] Hardware name: Amlogic Meson platform
[ 4.702069] [<c0311bb8>] (unwind_backtrace) from [<c030ca68>] (show_stack+0x10/0x14)
[ 4.709781] [<c030ca68>] (show_stack) from [<c0ccba28>] (dump_stack+0xa4/0xb8)
[ 4.716975] [<c0ccba28>] (dump_stack) from [<c03100d4>] (handle_IPI+0x418/0x444)
[ 4.724344] [<c03100d4>] (handle_IPI) from [<c06fe2ac>] (gic_handle_irq+0x8c/0x90)
[ 4.731884] [<c06fe2ac>] (gic_handle_irq) from [<c0301a8c>] (__irq_svc+0x6c/0xa8)
[ 4.739336] Exception stack(0xe987bf60 to 0xe987bfa8)
[ 4.744367] bf60: 00000000 00009844 eafaede0 c031aee0 ffffe000 c1108cb4 c1108cf8 00000004
[ 4.752515] bf80: c1108c88 00000000 c108c970 c0f40060 eafaab34 e987bfb0 c0309468 c030946c
[ 4.760660] bfa0: 600c0013 ffffffff
[ 4.764132] [<c0301a8c>] (__irq_svc) from [<c030946c>] (arch_cpu_idle+0x38/0x3c)
[ 4.771499] [<c030946c>] (arch_cpu_idle) from [<c0356de4>] (do_idle+0x1e4/0x290)
[ 4.778867] [<c0356de4>] (do_idle) from [<c0357168>] (cpu_startup_entry+0x18/0x1c)
[ 4.786408] [<c0357168>] (cpu_startup_entry) from [<003026ac>] (0x3026ac)
[ 4.793171] ---[ end Kernel panic - not syncing: Fatal exception in interrupt ]---