Re: [GIT PULL FOR v5.15] v2: Various fixes and enhancements
From: Robert Foss
Date: Tue Aug 10 2021 - 06:20:22 EST
Hey Naresh,
Thanks for reporting this.
On Tue, 10 Aug 2021 at 11:45, Naresh Kamboju <naresh.kamboju@xxxxxxxxxx> wrote:
>
> [Please ignore this if it is already reported]
> The following kernel crash "Internal error: Oops:" found while booting the arm64
> Dragonboard 845c device.
>
> Our bisect scripts are still running to bisect the first bad commit.
> However, I would like to report on suspecting sub-systems patch set
>
> On Thu, 5 Aug 2021 at 15:48, Hans Verkuil <hverkuil@xxxxxxxxx> wrote:
>
> > Robert Foss (4):
> > media: camss: vfe: Don't read hardware version needlessly
> > media: camss: vfe: Decrease priority of of VFE HW version to 'dbg'
> > media: camss: vfe: Remove vfe_hw_version_read() argument
> > media: camss: vfe: Rework vfe_hw_version_read() function definition
>
> [ 8.296907] Unable to handle kernel NULL pointer dereference at
> virtual address 0000000000000000
> [ 8.305943] Mem abort info:
> [ 8.307150] Bluetooth: Core ver 2.22
> [ 8.308784] ESR = 0x96000004
> [ 8.308787] EC = 0x25: DABT (current EL), IL = 32 bits
> [ 8.308790] SET = 0, FnV = 0
> [ 8.308792] EA = 0, S1PTW = 0
> [ 8.308794] FSC = 0x04: level 0 translation fault
> [ 8.308796] Data abort info:
> [ 8.308798] ISV = 0, ISS = 0x00000004
> [ 8.313982] NET: Registered PF_BLUETOOTH protocol family
> [ 8.315502] CM = 0, WnR = 0
> [ 8.320889] Bluetooth: HCI device and connection manager initialized
> [ 8.323948] user pgtable: 4k pages, 48-bit VAs, pgdp=0000000107162000
> [ 8.323952] [0000000000000000] pgd=0000000000000000, p4d=0000000000000000
> [ 8.323959] Internal error: Oops: 96000004 [#1] PREEMPT SMP
> [ 8.323963] Modules linked in: gpu_sched(+) bluetooth(+)
> reset_qcom_pdc drm_kms_helper i2c_qcom_geni(+) qcom_camss
> spi_geni_qcom videobuf2_dma_sg venus_core v4l2_fwnode v4l2_async
> v4l2_mem2mem
> [ 8.327174] Bluetooth: HCI socket layer initialized
> [ 8.332068] videobuf2_memops videobuf2_v4l2 camcc_sdm845
> videobuf2_common qcom_rng i2c_qcom_cci ath10k_snoc ath10k_core
> xhci_pci ath qcom_q6v5_mss qrtr xhci_pci_renesas mac80211
> qcom_q6v5_pas ns qcom_pil_info qcom_q6v5 slim_qcom_ngd_ctrl
> pdr_interface qcom_sysmon cfg80211 qcom_common display_connector
> qcom_glink_smem icc_osm_l3 rfkill slimbus qcom_wdt qmi_helpers
> mdt_loader socinfo drm rmtfs_mem fuse
> [ 8.332103] CPU: 6 PID: 9 Comm: kworker/u16:1 Not tainted
> 5.14.0-rc5-next-20210809 #1
> [ 8.332107] Hardware name: Thundercomm Dragonboard 845c (DT)
> [ 8.332109] Workqueue: events_unbound deferred_probe_work_func
> [ 8.332120] pstate: 60400005 (nZCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)
> [ 8.335040] Bluetooth: L2CAP socket layer initialized
> [ 8.337046] i2c 10-003b: Fixing up cyclic dependency with hdmi-out
> [ 8.342391] pc : vfe_hw_version+0x20/0x80 [qcom_camss]
> [ 8.342405] lr : msm_vfe_subdev_init+0x8c/0x4d0 [qcom_camss]
> [ 8.342415] sp : ffff80001009ba20
> [ 8.342416] x29: ffff80001009ba20 x28: ffff330f84ea6000 x27: 0000000000000004
> [ 8.347824] Bluetooth: SCO socket layer initialized
> [ 8.350763]
> [ 8.350764] x26: 0000000000000003 x25: ffff330f8ea00080 x24: 0000000000000000
> [ 8.350767] x23: ffff330f84ea6000 x22: ffff330f80f5b010 x21: ffffd62954d86828
> [ 8.350770] x20: ffff330f80f5b000 x19: 0000000000000000 x18: 0000000000000000
> [ 8.350773] x17: 0000000000000000 x16: ffffd6298befc0e0 x15: 0000000000000000
> [ 8.350776] x14: 0000000000000000 x13: 7367616c665f746e x12: 69617274736e6f63
> [ 8.350779] x11: ffff330f80400000 x10: 0000000000000000 x9 : ffffd62954d811b0
> [ 8.350782] x8 : 0101010101010101 x7 : ffffd62954d7d814 x6 : ffffd62954d80f80
> [ 8.350785] x5 : ffff330f8ea03080 x4 : ffff330f8ea03640 x3 : ffffd62954d7d720
> [ 8.557091] x2 : 0000000000000003 x1 : ffffd62954d7dae0 x0 : ffff330f8ea00080
> [ 8.564282] Call trace:
> [ 8.566749] vfe_hw_version+0x20/0x80 [qcom_camss]
> [ 8.571599] msm_vfe_subdev_init+0x8c/0x4d0 [qcom_camss]
> [ 8.576956] camss_probe+0x358/0xd60 [qcom_camss]
> [ 8.581710] platform_probe+0x74/0xf0
> [ 8.585400] really_probe+0xc4/0x470
> [ 8.589003] __driver_probe_device+0x11c/0x190
> [ 8.593477] driver_probe_device+0x48/0x110
> [ 8.597694] __device_attach_driver+0xa4/0x140
> [ 8.602173] bus_for_each_drv+0x84/0xe0
> [ 8.606038] __device_attach+0xe4/0x1c0
> [ 8.609904] device_initial_probe+0x20/0x30
> [ 8.614118] bus_probe_device+0xa4/0xb0
> [ 8.617979] deferred_probe_work_func+0xa8/0xfc
> [ 8.622543] process_one_work+0x1dc/0x4a0
> [ 8.626587] worker_thread+0x144/0x470
> [ 8.630364] kthread+0x144/0x160
> [ 8.633617] ret_from_fork+0x10/0x20
> [ 8.637227] Code: a9be7bfd 910003fd f9000bf3 f9400813 (b9400273)
> [ 8.643362] ---[ end trace 37b6accc93773476 ]---
>
> full test log:
> https://qa-reports.linaro.org/lkft/linux-next-master/build/next-20210809/testrun/5410288/suite/ltp-crypto-tests/test/af_alg07/log
>
> Reported-by: Linux Kernel Functional Testing <lkft@xxxxxxxxxx>
>
> steps to reproduce:
> # It is always reproducible
> # Boot arm64 Dragonboard 845c board with built kernel Image
> # While booting the device you will notice this crash log
>
> metadata:
> git branch: master
> git repo: https://gitlab.com/Linaro/lkft/mirrors/next/linux-next
> git commit: da454ebf578f6c542ba9f5b3ddb98db3ede109c1
> git describe: next-20210809
> make_kernelversion: 5.14.0-rc5
> kernel-config: https://builds.tuxbuild.com/1wURGIfgNW0xkrl16wDktoeATBp/config
> vmlinux: https://builds.tuxbuild.com/1wURGIfgNW0xkrl16wDktoeATBp/vmlinux.xz
> System.map: https://builds.tuxbuild.com/1wURGIfgNW0xkrl16wDktoeATBp/System.map
> Image: https://builds.tuxbuild.com/1wURGIfgNW0xkrl16wDktoeATBp/Image.gz
> gcc: gcc-11
>
Having a look at this issue, I've traced the issue to the
vfe->ops->hw_version(vfe) call happening before vfe->base is assigned.
I'll submit a patch fixing this issue shortly.
Rob.