Mali driver fails to initialize #39

teseo-sw · 2017-10-16T07:42:38Z

Often the mali driver stack fails to initialize:

$ glmark2-es2
ERROR: The DDK is not compatible with any of the Mali GPUs on the system.
The DDK was built for 0x750 r0p0 status range [1..1], but none of the GPUs matched:
Error: eglInitialize() failed with error: 0x3001
ERROR: The DDK is not compatible with any of the Mali GPUs on the system.
The DDK was built for 0x750 r0p0 status range [1..1], but none of the GPUs matched:
Error: eglInitialize() failed with error: 0x3001
Error: main: Could not initialize canvas

The only thing I can do at that point is to repeatedly reboot until driver starts up correctly and I'm able to access the GPU again.

$ dmesg
[    0.000000] Booting Linux on physical CPU 0x500
[    0.000000] Linux version 4.4.16-pTAM8_v00.01 (teseo@teseo-desktop) (gcc version 6.2.0 (GCC) ) #3 SMP Tue Oct 10 16:50:43 CEST 2017
[    0.000000] CPU: ARMv7 Processor [410fc0d1] revision 1 (ARMv7), cr=10c5387d
[    0.000000] CPU: PIPT / VIPT nonaliasing data cache, VIPT aliasing instruction cache
[    0.000000] Machine model: Boardcon-RK3288
[    0.000000] Memory policy: Data cache writealloc
[    0.000000] On node 0 totalpages: 524288
[    0.000000] free_area_init_node: node 0, pgdat c109b180, node_mem_map eeffa000
[    0.000000]   Normal zone: 1536 pages used for memmap
[    0.000000]   Normal zone: 0 pages reserved
[    0.000000]   Normal zone: 196608 pages, LIFO batch:31
[    0.000000]   HighMem zone: 327680 pages, LIFO batch:31
[    0.000000] PERCPU: Embedded 13 pages/cpu @eef8e000 s24024 r8192 d21032 u53248
[    0.000000] pcpu-alloc: s24024 r8192 d21032 u53248 alloc=13*4096
[    0.000000] pcpu-alloc: [0] 0 [0] 1 [0] 2 [0] 3 
[    0.000000] Built 1 zonelists in Zone order, mobility grouping on.  Total pages: 522752
[    0.000000] Kernel command line: earlyprintk=ttyS2,115200 console=tty0 console=ttyS2,115200 androidboot.selinux=permissive androidboot.hardware=rk30board androidboot.console=ttyS2 root=/dev/mmcblk2p3 rw rootfstype=ext4 init=/sbin/init  mtdparts=rk29xxnand:0x00010000@0x00002000(boot),0x00002000@0x00012000(backup),-@0x00014000(linuxroot) storagemedia=emmc uboot_logo=0x02000000@0x7dc00000 loader.timestamp=2015-06-20_15:49:25
[    0.000000] PID hash table entries: 4096 (order: 2, 16384 bytes)
[    0.000000] Dentry cache hash table entries: 131072 (order: 7, 524288 bytes)
[    0.000000] Inode-cache hash table entries: 65536 (order: 6, 262144 bytes)
[    0.000000] Memory: 2060256K/2097152K available (11022K kernel code, 656K rwdata, 2848K rodata, 1024K init, 517K bss, 36896K reserved, 0K cma-reserved, 1310720K highmem)
[    0.000000] Virtual kernel memory layout:
[    0.000000]     vector  : 0xffff0000 - 0xffff1000   (   4 kB)
[    0.000000]     fixmap  : 0xffc00000 - 0xfff00000   (3072 kB)
[    0.000000]     vmalloc : 0xf0800000 - 0xff800000   ( 240 MB)
[    0.000000]     lowmem  : 0xc0000000 - 0xf0000000   ( 768 MB)
[    0.000000]     pkmap   : 0xbfe00000 - 0xc0000000   (   2 MB)
[    0.000000]     modules : 0xbf000000 - 0xbfe00000   (  14 MB)
[    0.000000]       .text : 0xc0008000 - 0xc0e8ba0c   (14863 kB)
[    0.000000]       .init : 0xc0f00000 - 0xc1000000   (1024 kB)
[    0.000000]       .data : 0xc1000000 - 0xc10a4300   ( 657 kB)
[    0.000000]        .bss : 0xc10a6000 - 0xc11275f8   ( 518 kB)
[    0.000000] SLUB: HWalign=64, Order=0-3, MinObjects=0, CPUs=4, Nodes=1
[    0.000000] Hierarchical RCU implementation.
[    0.000000] 	Build-time adjustment of leaf fanout to 32.
[    0.000000] NR_IRQS:16 nr_irqs:16 16
[    0.000000] L2C: failed to init: -19
[    0.000000] rockchip_clk_register_ddrclk: unsupported ddrclk type 3
[    0.000000] rockchip_clk_register_branches: failed to register clock sclk_ddrc: -22
[    0.000000] Architected cp15 timer(s) running at 24.00MHz (phys).
[    0.000000] clocksource: arch_sys_counter: mask: 0xffffffffffffff max_cycles: 0x588fe9dc0, max_idle_ns: 440795202592 ns
[    0.000006] sched_clock: 56 bits at 24MHz, resolution 41ns, wraps every 4398046511097ns
[    0.000023] Switching to timer-based delay loop, resolution 41ns
[    0.001955] Console: colour dummy device 80x30
[    0.002863] console [tty0] enabled
[    0.002913] Calibrating delay loop (skipped), value calculated using timer frequency.. 48.00 BogoMIPS (lpj=240000)
[    0.002974] pid_max: default: 32768 minimum: 301
[    0.003094] Security Framework initialized
[    0.003127] Yama: becoming mindful.
[    0.003214] Mount-cache hash table entries: 2048 (order: 1, 8192 bytes)
[    0.003254] Mountpoint-cache hash table entries: 2048 (order: 1, 8192 bytes)
[    0.004059] CPU: Testing write buffer coherency: ok
[    0.004128] ftrace: allocating 34301 entries in 101 pages
[    0.078846] CPU0: update cpu_capacity 430
[    0.078888] CPU0: thread -1, cpu 0, socket 5, mpidr 80000500
[    0.079233] Setting up static identity map for 0x100000 - 0x100058
[    0.082123] CPU1: update cpu_capacity 430
[    0.082130] CPU1: thread -1, cpu 1, socket 5, mpidr 80000501
[    0.083887] CPU2: update cpu_capacity 430
[    0.083894] CPU2: thread -1, cpu 2, socket 5, mpidr 80000502
[    0.085633] CPU3: update cpu_capacity 430
[    0.085640] CPU3: thread -1, cpu 3, socket 5, mpidr 80000503
[    0.085724] Brought up 4 CPUs
[    0.085851] SMP: Total of 4 processors activated (192.00 BogoMIPS).
[    0.085873] CPU: All CPU(s) started in SVC mode.
[    0.087373] devtmpfs: initialized
[    0.101891] VFP support v0.3: implementor 41 architecture 3 part 30 variant d rev 0
[    0.102303] clocksource: jiffies: mask: 0xffffffff max_cycles: 0xffffffff, max_idle_ns: 19112604462750000 ns
[    0.102654] pinctrl core: initialized pinctrl subsystem
[    0.103740] NET: Registered protocol family 16
[    0.104579] DMA: preallocated 256 KiB pool for atomic coherent allocations
[    0.128583] cpuidle: using governor ladder
[    0.158605] cpuidle: using governor menu
[    0.173659] gpiochip_add: registered GPIOs 0 to 23 on device: gpio0
[    0.173793] gpiochip_add: registered GPIOs 24 to 55 on device: gpio1
[    0.173912] gpiochip_add: registered GPIOs 56 to 87 on device: gpio2
[    0.174029] gpiochip_add: registered GPIOs 88 to 119 on device: gpio3
[    0.174152] gpiochip_add: registered GPIOs 120 to 151 on device: gpio4
[    0.174270] gpiochip_add: registered GPIOs 152 to 183 on device: gpio5
[    0.174393] gpiochip_add: registered GPIOs 184 to 215 on device: gpio6
[    0.174511] gpiochip_add: registered GPIOs 216 to 247 on device: gpio7
[    0.174628] gpiochip_add: registered GPIOs 248 to 263 on device: gpio8
[    0.185124] hw-breakpoint: found 5 (+1 reserved) breakpoint and 4 watchpoint registers.
[    0.185168] hw-breakpoint: maximum watchpoint size is 4 bytes.
[    0.219964] of_get_named_gpiod_flags: can't parse 'gpio' property of node '/dovdd-1v8-regulator[0]'
[    0.220287] of_get_named_gpiod_flags: can't parse 'gpio' property of node '/vsys-regulator[0]'
[    0.220692] of_get_named_gpiod_flags: parsed 'gpio' property of node '/sdmmc-regulator[0]' - status (0)
[    0.221026] of_get_named_gpiod_flags: can't parse 'gpio' property of node '/flash-regulator[0]'
[    0.221293] of_get_named_gpiod_flags: can't parse 'gpio' property of node '/usb-regulator[0]'
[    0.221670] of_get_named_gpiod_flags: parsed 'gpio' property of node '/usb-host-regulator[0]' - status (0)
[    0.222054] of_get_named_gpiod_flags: parsed 'gpio' property of node '/usb-otg-regulator[0]' - status (0)
[    0.222427] of_get_named_gpiod_flags: parsed 'gpio' property of node '/vcc28-dvp-regulator[0]' - status (0)
[    0.223137] iommu: Adding device ff930000.vop to group 0
[    0.223249] iommu: Adding device ff940000.vop to group 1
[    0.223354] iommu: Adding device ff9a0000.video-codec to group 2
[    0.224483] SCSI subsystem initialized
[    0.224787] usbcore: registered new interface driver usbfs
[    0.224875] usbcore: registered new interface driver hub
[    0.224954] usbcore: registered new device driver usb
[    0.225115] Linux video capture interface: v2.00
[    0.225177] pps_core: LinuxPPS API ver. 1 registered
[    0.225200] pps_core: Software ver. 5.3.6 - Copyright 2005-2007 Rodolfo Giometti <giometti@linux.it>
[    0.225255] PTP clock support registered
[    0.225780] Advanced Linux Sound Architecture Driver Initialized.
[    0.226566] Bluetooth: Core ver 2.21
[    0.226622] NET: Registered protocol family 31
[    0.226644] Bluetooth: HCI device and connection manager initialized
[    0.226675] Bluetooth: HCI socket layer initialized
[    0.226702] Bluetooth: L2CAP socket layer initialized
[    0.226752] Bluetooth: SCO socket layer initialized
[    0.228076] clocksource: Switched to clocksource arch_sys_counter
[    0.287945] NET: Registered protocol family 2
[    0.288746] TCP established hash table entries: 8192 (order: 3, 32768 bytes)
[    0.288861] TCP bind hash table entries: 8192 (order: 5, 163840 bytes)
[    0.289119] TCP: Hash tables configured (established 8192 bind 8192)
[    0.289231] UDP hash table entries: 512 (order: 2, 24576 bytes)
[    0.289323] UDP-Lite hash table entries: 512 (order: 2, 24576 bytes)
[    0.289656] NET: Registered protocol family 1
[    0.290095] RPC: Registered named UNIX socket transport module.
[    0.290124] RPC: Registered udp transport module.
[    0.290145] RPC: Registered tcp transport module.
[    0.290166] RPC: Registered tcp NFSv4.1 backchannel transport module.
[    0.291090] hw perfevents: enabled with armv7_cortex_a12 PMU driver, 7 counters available
[    0.292921] futex hash table entries: 1024 (order: 4, 65536 bytes)
[    0.293640] Initialise system trusted keyring
[    0.304860] squashfs: version 4.0 (2009/01/31) Phillip Lougher
[    0.307013] NFS: Registering the id_resolver key type
[    0.307070] Key type id_resolver registered
[    0.307092] Key type id_legacy registered
[    0.307133] nfs4filelayout_init: NFSv4 File Layout Driver Registering...
[    0.307230] fuse init (API version 7.23)
[    0.312653] NET: Registered protocol family 38
[    0.312703] Key type asymmetric registered
[    0.312733] Asymmetric key parser 'x509' registered
[    0.312832] bounce: pool size: 64 pages
[    0.313075] Block layer SCSI generic (bsg) driver version 0.4 loaded (major 249)
[    0.313122] io scheduler noop registered
[    0.313151] io scheduler deadline registered
[    0.313354] io scheduler cfq registered (default)
[    0.313788] rockchip-usb-phy phy: GPIO lookup for consumer vbus_drv
[    0.313800] rockchip-usb-phy phy: using device tree for GPIO lookup
[    0.313814] of_get_named_gpiod_flags: can't parse 'vbus_drv-gpios' property of node '/phy[0]'
[    0.313826] of_get_named_gpiod_flags: can't parse 'vbus_drv-gpio' property of node '/phy[0]'
[    0.313837] rockchip-usb-phy phy: using lookup tables for GPIO lookup
[    0.313849] rockchip-usb-phy phy: lookup for GPIO vbus_drv failed
[    0.313861] rockchip-usb-phy phy: vbus_drv is not assigned!
[    0.316136] pwm-backlight backlight: GPIO lookup for consumer enable
[    0.316150] pwm-backlight backlight: using device tree for GPIO lookup
[    0.316186] of_get_named_gpiod_flags: parsed 'enable-gpios' property of node '/backlight[0]' - status (0)
[    0.316240] backlight supply power not found, using dummy regulator
[    0.319047] dma-pl330 ff250000.dma-controller: Loaded driver for PL330 DMAC-241330
[    0.319093] dma-pl330 ff250000.dma-controller: 	DBUFF-128x8bytes Num_Chans-8 Num_Peri-20 Num_Events-16
[    0.320068] dma-pl330 ffb20000.dma-controller: Loaded driver for PL330 DMAC-241330
[    0.320111] dma-pl330 ffb20000.dma-controller: 	DBUFF-64x8bytes Num_Chans-5 Num_Peri-6 Num_Events-10
[    0.320818] Serial: 8250/16550 driver, 4 ports, IRQ sharing disabled
[    0.322786] ff180000.serial: ttyS0 at MMIO 0xff180000 (irq = 39, base_baud = 1500000) is a 16550A
[    0.323631] ff190000.serial: ttyS1 at MMIO 0xff190000 (irq = 40, base_baud = 1500000) is a 16550A
[    0.324454] console [ttyS2] disabled
[    0.324515] ff690000.serial: ttyS2 at MMIO 0xff690000 (irq = 41, base_baud = 1500000) is a 16550A
[    1.083906] console [ttyS2] enabled
[    1.088384] ff1b0000.serial: ttyS3 at MMIO 0xff1b0000 (irq = 42, base_baud = 1500000) is a 16550A
[    1.098764] func: gpio_controller_probe
[    1.102642] of_get_named_gpiod_flags: parsed 'sata_enable' property of node '/gpio-controller[0]' - status (0)
[    1.118115] of_get_named_gpiod_flags: parsed 'sata_reset' property of node '/gpio-controller[0]' - status (0)
[    1.138255] [drm] Initialized drm 1.1.0 20060810
[    1.144299] [drm:rockchip_lvds_probe] *ERROR* failed to find panel
[    1.150587] platform ff96c000.lvds: Driver rockchip-lvds requests probe deferral
[    1.159255] usbcore: registered new interface driver udl
[    1.165962] lvds_panel supply power not found, using dummy regulator
[    1.172408] panel-simple lvds_panel: GPIO lookup for consumer enable
[    1.172420] panel-simple lvds_panel: using device tree for GPIO lookup
[    1.172452] of_get_named_gpiod_flags: parsed 'enable-gpios' property of node '/lvds_panel[0]' - status (0)
[    1.172467] no flags found for enable
[    1.173918] platform ffa30000.gpu: Driver mali requests probe deferral
[    1.181844] brd: module loaded
[    1.192086] loop: module loaded
[    1.195284] lkdtm: No crash points registered, enable through debugfs
[    1.206128] tun: Universal TUN/TAP device driver, 1.6
[    1.211235] tun: (C) 1999-2004 Max Krasnyansky <maxk@qualcomm.com>
[    1.217629] CAN device driver interface
[    1.221781] vcc_5v: supplied by vcc_sys
[    1.258979] rk_gmac-dwmac ff290000.ethernet: phy regulator is not available yet, deferred probing
[    1.267916] platform ff290000.ethernet: Driver rk_gmac-dwmac requests probe deferral
[    1.276248] PPP generic driver version 2.4.2
[    1.280876] usbcore: registered new interface driver rndis_wlan
[    1.287031] usbcore: registered new interface driver rt2800usb
[    1.293163] pegasus: v0.9.3 (2013/04/25), Pegasus/Pegasus II USB Ethernet driver
[    1.300671] usbcore: registered new interface driver pegasus
[    1.306400] usbcore: registered new interface driver rtl8150
[    1.312147] usbcore: registered new interface driver r8152
[    1.317714] usbcore: registered new interface driver asix
[    1.323198] usbcore: registered new interface driver ax88179_178a
[    1.329383] usbcore: registered new interface driver cdc_ether
[    1.335283] usbcore: registered new interface driver dm9601
[    1.340958] usbcore: registered new interface driver smsc75xx
[    1.346789] usbcore: registered new interface driver smsc95xx
[    1.352620] usbcore: registered new interface driver net1080
[    1.358360] usbcore: registered new interface driver rndis_host
[    1.364344] usbcore: registered new interface driver MOSCHIP usb-ethernet driver
[    1.371877] usbcore: registered new interface driver cdc_ncm
[    1.377602] usbcore: registered new interface driver cdc_mbim
[    1.383769] ff540000.usb supply vusb_d not found, using dummy regulator
[    1.390475] ff540000.usb supply vusb_a not found, using dummy regulator
[    1.557440] dwc2 ff540000.usb: DWC OTG Controller
[    1.562216] dwc2 ff540000.usb: new USB bus registered, assigned bus number 1
[    1.569320] dwc2 ff540000.usb: irq 46, io mem 0x00000000
[    1.574912] usb usb1: New USB device found, idVendor=1d6b, idProduct=0002
[    1.581734] usb usb1: New USB device strings: Mfr=3, Product=2, SerialNumber=1
[    1.588988] usb usb1: Product: DWC OTG Controller
[    1.593704] usb usb1: Manufacturer: Linux 4.4.16-pTAM8_v00.01 dwc2_hsotg
[    1.600428] usb usb1: SerialNumber: ff540000.usb
[    1.605762] hub 1-0:1.0: USB hub found
[    1.609591] hub 1-0:1.0: 1 port detected
[    1.614170] ff580000.usb supply vusb_d not found, using dummy regulator
[    1.620877] ff580000.usb supply vusb_a not found, using dummy regulator
[    1.918118] dwc2 ff580000.usb: EPs: 10, dedicated fifos, 972 entries in SPRAM
[    1.925674] dwc2 ff580000.usb: DWC OTG Controller
[    1.930439] dwc2 ff580000.usb: new USB bus registered, assigned bus number 2
[    1.937523] dwc2 ff580000.usb: irq 47, io mem 0x00000000
[    1.943024] usb usb2: New USB device found, idVendor=1d6b, idProduct=0002
[    1.949845] usb usb2: New USB device strings: Mfr=3, Product=2, SerialNumber=1
[    1.957086] usb usb2: Product: DWC OTG Controller
[    1.961815] usb usb2: Manufacturer: Linux 4.4.16-pTAM8_v00.01 dwc2_hsotg
[    1.968539] usb usb2: SerialNumber: ff580000.usb
[    1.973820] hub 2-0:1.0: USB hub found
[    1.977613] hub 2-0:1.0: 1 port detected
[    1.982907] ehci_hcd: USB 2.0 'Enhanced' Host Controller (EHCI) Driver
[    1.989481] ehci-platform: EHCI generic platform driver
[    1.995002] ehci-platform ff500000.usb: EHCI Host Controller
[    2.000915] ehci-platform ff500000.usb: new USB bus registered, assigned bus number 3
[    2.008906] ehci-platform ff500000.usb: irq 45, io mem 0xff500000
[    2.028102] ehci-platform ff500000.usb: USB 2.0 started, EHCI 1.00
[    2.034454] usb usb3: New USB device found, idVendor=1d6b, idProduct=0002
[    2.041285] usb usb3: New USB device strings: Mfr=3, Product=2, SerialNumber=1
[    2.048544] usb usb3: Product: EHCI Host Controller
[    2.053434] usb usb3: Manufacturer: Linux 4.4.16-pTAM8_v00.01 ehci_hcd
[    2.059990] usb usb3: SerialNumber: ff500000.usb
[    2.065286] hub 3-0:1.0: USB hub found
[    2.069109] hub 3-0:1.0: 1 port detected
[    2.073781] usbcore: registered new interface driver cdc_acm
[    2.079485] cdc_acm: USB Abstract Control Model driver for USB modems and ISDN adapters
[    2.087666] usbcore: registered new interface driver cdc_wdm
[    2.093489] usbcore: registered new interface driver usb-storage
[    2.099645] usbcore: registered new interface driver usbserial
[    2.105535] usbcore: registered new interface driver usbserial_generic
[    2.112130] usbserial: USB Serial support registered for generic
[    2.118222] usbcore: registered new interface driver cp210x
[    2.123839] usbserial: USB Serial support registered for cp210x
[    2.129872] usbcore: registered new interface driver ftdi_sio
[    2.135664] usbserial: USB Serial support registered for FTDI USB Serial Device
[    2.143174] usbcore: registered new interface driver keyspan
[    2.148898] usbserial: USB Serial support registered for Keyspan - (without firmware)
[    2.156779] usbserial: USB Serial support registered for Keyspan 1 port adapter
[    2.164162] usbserial: USB Serial support registered for Keyspan 2 port adapter
[    2.171615] usbserial: USB Serial support registered for Keyspan 4 port adapter
[    2.179025] usbcore: registered new interface driver option
[    2.184645] usbserial: USB Serial support registered for GSM modem (1-port)
[    2.191849] usbcore: registered new interface driver oti6858
[    2.197556] usbserial: USB Serial support registered for oti6858
[    2.203655] usbcore: registered new interface driver pl2303
[    2.209289] usbserial: USB Serial support registered for pl2303
[    2.215284] usbcore: registered new interface driver qcserial
[    2.221093] usbserial: USB Serial support registered for Qualcomm USB modem
[    2.228153] usbcore: registered new interface driver sierra
[    2.233772] usbserial: USB Serial support registered for Sierra USB modem
[    2.241414] usbcore: registered new interface driver usbtouchscreen
[    2.248024] i2c /dev entries driver
[    2.252389] rk3x-i2c ff140000.i2c: Initialized RK3xxx I2C bus at f08dc000
[    2.259991] at24 3-0050: 8192 byte 24c64 EEPROM, writable, 32 bytes/write
[    2.267106] rk3x-i2c ff150000.i2c: Initialized RK3xxx I2C bus at f08de000
[    2.274684] rk3x-i2c ff170000.i2c: Initialized RK3xxx I2C bus at f08f2000
[    2.282326] fan53555-regulator 0-0040: GPIO lookup for consumer vsel
[    2.282339] fan53555-regulator 0-0040: using device tree for GPIO lookup
[    2.282354] of_get_named_gpiod_flags: can't parse 'vsel-gpios' property of node '/i2c@ff650000/syr827@40[0]'
[    2.282367] of_get_named_gpiod_flags: can't parse 'vsel-gpio' property of node '/i2c@ff650000/syr827@40[0]'
[    2.282378] fan53555-regulator 0-0040: using lookup tables for GPIO lookup
[    2.282390] fan53555-regulator 0-0040: lookup for GPIO vsel failed
[    2.282788] fan53555-regulator 0-0040: FAN53555 Option[8] Rev[1] Detected!
[    2.290062] vdd_cpu: No configuration
[    2.294946] fan53555-regulator 0-0041: GPIO lookup for consumer vsel
[    2.294959] fan53555-regulator 0-0041: using device tree for GPIO lookup
[    2.294972] of_get_named_gpiod_flags: can't parse 'vsel-gpios' property of node '/i2c@ff650000/syr828@41[0]'
[    2.294984] of_get_named_gpiod_flags: can't parse 'vsel-gpio' property of node '/i2c@ff650000/syr828@41[0]'
[    2.294995] fan53555-regulator 0-0041: using lookup tables for GPIO lookup
[    2.295006] fan53555-regulator 0-0041: lookup for GPIO vsel failed
[    2.295349] fan53555-regulator 0-0041: FAN53555 Option[8] Rev[1] Detected!
[    2.302594] vdd_gpu: No configuration
[    2.309931] rtc-hym8563 0-0051: rtc core: registered hym8563 as rtc0
[    2.316998] rockchip-pinctrl pinctrl: pin gpio7-14 already requested by ff120000.spi; cannot claim for 0-005a
[    2.326967] rockchip-pinctrl pinctrl: pin-230 (0-005a) status -22
[    2.333087] rockchip-pinctrl pinctrl: could not request pin 230 (gpio7-14) from group pmic-vsel  on device rockchip-pinctrl
[    2.344245] act8865 0-005a: Error applying setting, reverse things back
[    2.359490] rk3x-i2c ff650000.i2c: Initialized RK3xxx I2C bus at f08f4000
[    2.367127] func: lt8618_i2c_probe
[    2.380955] rk3x-i2c ff660000.i2c: Initialized RK3xxx I2C bus at f08f6000
[    2.388111] usb 3-1: new high-speed USB device number 2 using ehci-platform
[    2.388690] probe device ff9a0000.video-codec
[    2.399578] rockchip-vpu ff9a0000.video-codec: Rockchip VPU encoder registered as /vpu/video0
[    2.408377] rockchip-vpu ff9a0000.video-codec: Rockchip VPU decoder registered as /vpu/video1
[    2.417199] usbcore: registered new interface driver uvcvideo
[    2.422979] USB Video Class driver (1.1.1)
[    2.427943] vcc_io: supplied by vcc_sys
[    2.432437] vcc28_dvp: supplied by vcc_io
[    2.436657] dovdd_1v8: supplied by vcc28_dvp
[    2.441117] vcc_flash: supplied by vcc_io
[    2.445424] vcc_lan: supplied by vcc_sys
[    2.449843] vcc_20: supplied by vcc_sys
[    2.453877] vcc_18: supplied by vcc_20
[    2.458680] vcca_33: supplied by vcc_sys
[    2.463198] vccio_sd: supplied by vcc_sys
[    2.469543] rk_tsadcv2_initialize: Missing rockchip,grf property
[    2.477017] device-mapper: ioctl: 4.34.0-ioctl (2015-10-28) initialised: dm-devel@redhat.com
[    2.485877] Bluetooth: Virtual HCI driver ver 1.5
[    2.490800] Bluetooth: HCI UART driver ver 2.3
[    2.495260] Bluetooth: HCI UART protocol H4 registered
[    2.500427] Bluetooth: HCI UART protocol LL registered
[    2.505575] Bluetooth: HCI UART protocol ATH3K registered
[    2.511094] usbcore: registered new interface driver bfusb
[    2.516677] usbcore: registered new interface driver btusb
[    2.522571] vdd_cpu: supplied by vcc_sys
[    2.529827] cpufreq-dt cpufreq-dt: failed register driver: -17
[    2.535668] cpufreq-dt: probe of cpufreq-dt failed with error -17
[    2.541813] sdhci: Secure Digital Host Controller Interface driver
[    2.547990] sdhci: Copyright(c) Pierre Ossman
[    2.552348] Synopsys Designware Multimedia Card Interface Driver
[    2.558661] usb 3-1: New USB device found, idVendor=0424, idProduct=2514
[    2.558811] dwmmc_rockchip ff0c0000.dwmmc: IDMAC supports 32-bit address mode.
[    2.558834] dwmmc_rockchip ff0c0000.dwmmc: Using internal DMA controller.
[    2.558840] dwmmc_rockchip ff0c0000.dwmmc: Version ID is 270a
[    2.558868] dwmmc_rockchip ff0c0000.dwmmc: DW MMC controller at irq 29,32 bit host data width,256 deep fifo
[    2.558924] vcc_sd: supplied by vcc_io
[    2.559280] dwmmc_rockchip ff0c0000.dwmmc: GPIO lookup for consumer cd
[    2.559283] dwmmc_rockchip ff0c0000.dwmmc: using device tree for GPIO lookup
[    2.559287] of_get_named_gpiod_flags: can't parse 'cd-gpios' property of node '/dwmmc@ff0c0000[0]'
[    2.559290] of_get_named_gpiod_flags: can't parse 'cd-gpio' property of node '/dwmmc@ff0c0000[0]'
[    2.559292] dwmmc_rockchip ff0c0000.dwmmc: using lookup tables for GPIO lookup
[    2.559296] dwmmc_rockchip ff0c0000.dwmmc: lookup for GPIO cd failed
[    2.559299] dwmmc_rockchip ff0c0000.dwmmc: GPIO lookup for consumer wp
[    2.559301] dwmmc_rockchip ff0c0000.dwmmc: using device tree for GPIO lookup
[    2.559304] of_get_named_gpiod_flags: can't parse 'wp-gpios' property of node '/dwmmc@ff0c0000[0]'
[    2.559306] of_get_named_gpiod_flags: can't parse 'wp-gpio' property of node '/dwmmc@ff0c0000[0]'
[    2.559308] dwmmc_rockchip ff0c0000.dwmmc: using lookup tables for GPIO lookup
[    2.559310] dwmmc_rockchip ff0c0000.dwmmc: lookup for GPIO wp failed
[    2.598607] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[    2.606123] hub 3-1:1.0: USB hub found
[    2.610026] hub 3-1:1.0: 4 ports detected
[    2.688100] mmc_host mmc0: Bus speed (slot 0) = 400000Hz (slot req 400000Hz, actual 400000HZ div = 0)
[    2.709128] dwmmc_rockchip ff0c0000.dwmmc: 1 slots initialized
[    2.715212] dwmmc_rockchip ff0d0000.dwmmc: IDMAC supports 32-bit address mode.
[    2.722460] dwmmc_rockchip ff0d0000.dwmmc: Using internal DMA controller.
[    2.729255] dwmmc_rockchip ff0d0000.dwmmc: Version ID is 270a
[    2.735023] dwmmc_rockchip ff0d0000.dwmmc: DW MMC controller at irq 30,32 bit host data width,256 deep fifo
[    2.744944] dwmmc_rockchip ff0d0000.dwmmc: No vmmc regulator found
[    2.751133] dwmmc_rockchip ff0d0000.dwmmc: GPIO lookup for consumer wp
[    2.751138] dwmmc_rockchip ff0d0000.dwmmc: using device tree for GPIO lookup
[    2.751144] of_get_named_gpiod_flags: can't parse 'wp-gpios' property of node '/dwmmc@ff0d0000[0]'
[    2.751149] of_get_named_gpiod_flags: can't parse 'wp-gpio' property of node '/dwmmc@ff0d0000[0]'
[    2.751153] dwmmc_rockchip ff0d0000.dwmmc: using lookup tables for GPIO lookup
[    2.751158] dwmmc_rockchip ff0d0000.dwmmc: lookup for GPIO wp failed
[    2.751226] platform sdio-pwrseq: GPIO lookup for consumer reset
[    2.751231] platform sdio-pwrseq: using device tree for GPIO lookup
[    2.751241] of_get_named_gpiod_flags: parsed 'reset-gpios' property of node '/sdio-pwrseq[0]' - status (0)
[    2.751265] dwmmc_rockchip ff0d0000.dwmmc: allocated mmc-pwrseq
[    2.768096] mmc_host mmc1: Bus speed (slot 0) = 400000Hz (slot req 400000Hz, actual 400000HZ div = 0)
[    2.788105] dwmmc_rockchip ff0d0000.dwmmc: 1 slots initialized
[    2.794179] dwmmc_rockchip ff0f0000.dwmmc: IDMAC supports 32-bit address mode.
[    2.802437] dwmmc_rockchip ff0f0000.dwmmc: Using internal DMA controller.
[    2.809251] dwmmc_rockchip ff0f0000.dwmmc: Version ID is 270a
[    2.817030] dwmmc_rockchip ff0f0000.dwmmc: DW MMC controller at irq 31,32 bit host data width,256 deep fifo
[    2.827001] dwmmc_rockchip ff0f0000.dwmmc: GPIO lookup for consumer wp
[    2.827006] dwmmc_rockchip ff0f0000.dwmmc: using device tree for GPIO lookup
[    2.827015] of_get_named_gpiod_flags: can't parse 'wp-gpios' property of node '/dwmmc@ff0f0000[0]'
[    2.827020] of_get_named_gpiod_flags: can't parse 'wp-gpio' property of node '/dwmmc@ff0f0000[0]'
[    2.827024] dwmmc_rockchip ff0f0000.dwmmc: using lookup tables for GPIO lookup
[    2.827029] dwmmc_rockchip ff0f0000.dwmmc: lookup for GPIO wp failed
[    2.838088] mmc_host mmc2: Bus speed (slot 0) = 400000Hz (slot req 400000Hz, actual 400000HZ div = 0)
[    2.848088] mmc_host mmc1: Bus speed (slot 0) = 300000Hz (slot req 300000Hz, actual 300000HZ div = 0)
[    2.859161] dwmmc_rockchip ff0f0000.dwmmc: 1 slots initialized
[    2.867127] sdhci-pltfm: SDHCI platform and OF driver helper
[    2.873924] of_get_named_gpiod_flags: parsed 'gpios' property of node '/leds/work[0]' - status (0)
[    2.876036] of_get_named_gpiod_flags: parsed 'gpios' property of node '/leds/power[0]' - status (0)
[    2.876150] hidraw: raw HID events driver (C) Jiri Kosina
[    2.885058] usbcore: registered new interface driver usbhid
[    2.888078] usb 3-1.1: new low-speed USB device number 3 using ehci-platform
[    2.897702] usbhid: USB HID core driver
[    2.902885] usbcore: registered new interface driver snd-usb-audio
[    2.909691] platform sound_i2s: Driver asoc-simple-card requests probe deferral
[    2.917900] u32 classifier
[    2.921703] mmc2: MAN_BKOPS_EN bit is not set
[    2.926251] Initializing XFRM netlink socket
[    2.930995] NET: Registered protocol family 10
[    2.935468] mmc_host mmc2: Bus speed (slot 0) = 50000000Hz (slot req 52000000Hz, actual 50000000HZ div = 0)
[    2.945374] mmc2: new high speed MMC card at address 0001
[    2.950838] mmc_host mmc1: Bus speed (slot 0) = 200000Hz (slot req 200000Hz, actual 200000HZ div = 0)
[    2.951109] sit: IPv6 over IPv4 tunneling driver
[    2.951461] NET: Registered protocol family 17
[    2.951475] NET: Registered protocol family 15
[    2.951501] bridge: automatic filtering via arp/ip/ip6tables has been deprecated. Update your scripts to load br_netfilter if you need this.
[    2.951505] can: controller area network core (rev 20120528 abi 9)
[    2.951538] NET: Registered protocol family 29
[    2.951557] can: raw protocol (rev 20120528)
[    2.951561] can: broadcast manager protocol (rev 20120528 t)
[    2.951567] can: netlink gateway (rev 20130117) max_hops=1
[    2.951722] Bluetooth: RFCOMM socket layer initialized
[    2.951765] Bluetooth: RFCOMM ver 1.11
[    2.951775] Bluetooth: HIDP (Human Interface Emulation) ver 1.2
[    2.951780] Bluetooth: HIDP socket layer initialized
[    2.951813] 8021q: 802.1Q VLAN Support v1.8
[    2.951828] lib80211: common routines for IEEE802.11 drivers
[    2.951830] lib80211_crypt: registered algorithm 'NULL'
[    2.951835] lib80211_crypt: registered algorithm 'WEP'
[    2.951840] lib80211_crypt: registered algorithm 'CCMP'
[    2.951845] lib80211_crypt: registered algorithm 'TKIP'
[    2.951850] [WLAN_RFKILL]: Enter rfkill_wlan_init
[    2.952021] [WLAN_RFKILL]: Enter rfkill_wlan_probe
[    2.952039] [WLAN_RFKILL]: wlan_platdata_parse_dt: wifi_chip_type = ap6210
[    2.952042] [WLAN_RFKILL]: wlan_platdata_parse_dt: enable wifi power control.
[    2.952044] [WLAN_RFKILL]: wlan_platdata_parse_dt: wifi power controled by gpio.
[    2.952047] of_get_named_gpiod_flags: can't parse 'WIFI,poweren_gpio' property of node '/wireless-wlan[0]'
[    2.952049] of_get_named_gpiod_flags: can't parse 'WIFI,reset_gpio' property of node '/wireless-wlan[0]'
[    2.952066] of_get_named_gpiod_flags: parsed 'WIFI,host_wake_irq' property of node '/wireless-wlan[0]' - status (0)
[    2.952068] [WLAN_RFKILL]: wlan_platdata_parse_dt: get property: WIFI,host_wake_irq = 150, flags = 0.
[    2.952069] [WLAN_RFKILL]: rfkill_wlan_probe: init gpio
[    2.952074] [WLAN_RFKILL]: Exit rfkill_wlan_probe
[    2.952102] [BT_RFKILL]: Enter rfkill_rk_init
[    2.952299] [BT_RFKILL]: Enter rfkill_rk_probe
[    2.952302] [BT_RFKILL]: Enter bluetooth_platdata_parse_dt
[    2.952313] of_get_named_gpiod_flags: parsed 'uart_rts_gpios' property of node '/wireless-bluetooth[0]' - status (0)
[    2.952315] [BT_RFKILL]: bluetooth_platdata_parse_dt: get property: uart_rts_gpios = 139.
[    2.952319] of_get_named_gpiod_flags: can't parse 'BT,power_gpio' property of node '/wireless-bluetooth[0]'
[    2.952326] of_get_named_gpiod_flags: parsed 'BT,reset_gpio' property of node '/wireless-bluetooth[0]' - status (0)
[    2.952328] [BT_RFKILL]: bluetooth_platdata_parse_dt: get property: BT,reset_gpio = 149.
[    2.952334] of_get_named_gpiod_flags: parsed 'BT,wake_gpio' property of node '/wireless-bluetooth[0]' - status (0)
[    2.952336] [BT_RFKILL]: bluetooth_platdata_parse_dt: get property: BT,wake_gpio = 146.
[    2.952342] of_get_named_gpiod_flags: parsed 'BT,wake_host_irq' property of node '/wireless-bluetooth[0]' - status (0)
[    2.952343] [BT_RFKILL]: bluetooth_platdata_parse_dt: get property: BT,wake_host_irq = 151.
[    2.952355] [BT_RFKILL]: init gpio
[    2.952356] [BT_RFKILL]: Enter rfkill_rk_setup_gpio
[    2.952357] [BT_RFKILL]: Enter rfkill_rk_setup_gpio
[    2.952365] [BT_RFKILL]: Enter rfkill_rk_setup_gpio
[    2.952368] [BT_RFKILL]: Enter rfkill_rk_setup_gpio
[    2.952373] [BT_RFKILL]: Enter rfkill_rk_setup_wake_irq
[    2.952374] [BT_RFKILL]: Enter rfkill_rk_setup_gpio
[    2.952378] [BT_RFKILL]: Request irq for bt wakeup host
[    2.952416] [BT_RFKILL]: ** disable irq
[    2.952419] [BT_RFKILL]: setup rfkill
[    2.952506] [BT_RFKILL]: bt_default device registered.
[    2.952552] Key type dns_resolver registered
[    2.952869] ThumbEE CPU extension supported.
[    2.952881] Registering SWP/SWPB emulation handler
[    2.953270] Loading compiled-in X.509 certificates
[    2.968826] iommu: Adding device display-subsystem to group 3
[    2.968834] rockchip-drm display-subsystem: Possibly a virtual device
[    2.968983] rockchip-drm display-subsystem: bound ff940000.vop (ops vop_component_ops)
[    2.969076] rockchip-drm display-subsystem: bound ff930000.vop (ops vop_component_ops)
[    2.969120] rockchip-drm display-subsystem: bound ff96c000.lvds (ops rockchip_lvds_component_ops)
[    2.969196] dwhdmi-rockchip ff980000.hdmi: Detected HDMI controller 0x20:0xa:0xa0:0xc1
[    2.969604] rockchip-drm display-subsystem: bound ff980000.hdmi (ops dw_hdmi_rockchip_ops)
[    2.969745] [drm] Supports vblank timestamp caching Rev 2 (21.10.2013).
[    2.969747] [drm] No driver support for vblank timestamp query.
[    2.969762] rockchip-drm display-subsystem: failed to parse display resources
[    3.036272] usb 3-1.1: New USB device found, idVendor=04d9, idProduct=1203
[    3.036276] usb 3-1.1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[    3.066060] input: HID 04d9:1203 as /devices/platform/ff500000.usb/usb3/3-1/3-1.1/3-1.1:1.0/0003:04D9:1203.0001/input/input0
[    3.128388] hid-generic 0003:04D9:1203.0001: input,hidraw0: USB HID v1.11 Keyboard [HID 04d9:1203] on usb-ff500000.usb-1.1/input0
[    3.177353] input: HID 04d9:1203 as /devices/platform/ff500000.usb/usb3/3-1/3-1.1/3-1.1:1.1/0003:04D9:1203.0002/input/input1
[    3.238248] hid-generic 0003:04D9:1203.0002: input,hidraw1: USB HID v1.11 Device [HID 04d9:1203] on usb-ff500000.usb-1.1/input1
[    3.341120] mmcblk2: mmc2:0001 8GND3R 7.28 GiB 
[    3.358107] mmcblk2boot0: mmc2:0001 8GND3R partition 1 4.00 MiB
[    3.358265] mmcblk2boot1: mmc2:0001 8GND3R partition 2 4.00 MiB
[    3.358395] mmcblk2rpmb: mmc2:0001 8GND3R partition 3 512 KiB
[    3.358813]       boot: 0x000400000 -- 0x002400000 (32 MB)
[    3.358816]     backup: 0x002400000 -- 0x002800000 (4 MB)
[    3.358819]  linuxroot: 0x002800000 -- 0x1d1c00000 (7412 MB)
[    3.368761]  mmcblk2: p1 p2 p3
[    3.368765] Console: switching to colour frame buffer device 240x67
[    3.445077] rockchip-drm display-subsystem: fb0:  frame buffer device
[    3.458933] vendor storage:20160801 ret = 0
[    3.478491] vdd_gpu: supplied by vcc_sys
[    3.483290] mali ffa30000.gpu: GPU identified as 0x0750 r0p0 status 1
[    3.490466] mali ffa30000.gpu: Probed as mali0
[    3.495641] rk_gmac-dwmac ff290000.ethernet: clock input or output? (input).
[    3.502844] rk_gmac-dwmac ff290000.ethernet: TX delay(0x30).
[    3.508622] rk_gmac-dwmac ff290000.ethernet: RX delay(0x10).
[    3.514450] rk_gmac-dwmac ff290000.ethernet: clock input from PHY
[    3.520668] rk_gmac-dwmac ff290000.ethernet: init for RGMII
[    3.531538] stmmac - user ID: 0x10, Synopsys ID: 0x35
[    3.536673]  Ring mode enabled
[    3.539794]  DMA HW capability register supported
[    3.544410]  Normal descriptors
[    3.547796]  RX Checksum Offload Engine supported (type 2)
[    3.553390]  TX Checksum insertion supported
[    3.557730]  Wake-Up On Lan supported
[    3.561497]  Enable RX Mitigation via HW Watchdog Timer
[    3.567370] of_get_named_gpiod_flags: parsed 'snps,reset-gpio' property of node '/ethernet@ff290000[0]' - status (0)
[    4.592036] libphy: stmmac: probed
[    4.595500] eth0: PHY ID 001cc915 at 0 IRQ POLL (stmmac-0:00) active
[    4.601990] eth0: PHY ID 001cc915 at 1 IRQ POLL (stmmac-0:01)
[    4.608141] of_get_named_gpiod_flags: can't parse 'simple-audio-card,hp-det-gpio' property of node '/sound_i2s[0]'
[    4.608147] of_get_named_gpiod_flags: can't parse 'simple-audio-card,mic-det-gpio' property of node '/sound_i2s[0]'
[    4.608985] asoc-simple-card sound_i2s: i2s-hifi <-> ff890000.i2s mapping ok
[    4.616960] of_get_named_gpiod_flags: parsed 'gpios' property of node '/gpio-keys/button@0[0]' - status (0)
[    4.617014] gpio-5 (GPIO Power): gpiod_set_debounce: missing set() or set_debounce() operations
[    4.617179] input: gpio-keys as /devices/platform/gpio-keys/input/input2
[    4.624607] rtc-hym8563 0-0051: setting system clock to 2017-10-16 09:37:33 UTC (1508146653)
[    4.641250] dovdd_1v8: disabling
[    4.644578] vcc_sd: disabling
[    4.648130] ALSA device list:
[    4.651165]   #0: rockchip,boardcon-codec
[    4.655521] ttyS2 - failed to request DMA
[    4.684276] EXT4-fs (mmcblk2p3): recovery complete
[    4.695213] EXT4-fs (mmcblk2p3): mounted filesystem with ordered data mode. Opts: (null)
[    4.709185] VFS: Mounted root (ext4 filesystem) on device 179:3.
[    4.721522] devtmpfs: mounted
[    4.730828] Freeing unused kernel memory: 1024K (c0f00000 - c1000000)
[    5.064128] udevd[152]: starting version 3.2
[    5.075381] random: udevd urandom read with 32 bits of entropy available
[    5.119208] udevd[153]: starting eudev-3.2
[    5.186071] EXT4-fs (mmcblk2p3): re-mounted. Opts: data=ordered
[    5.712957] eth0: device MAC address 5a:59:40:16:9b:a8
[    6.416623] ret = fffffff2
[    6.422372] ret = fffffff2
[   10.858495] rk_gmac-dwmac ff290000.ethernet eth0: Link is Up - 1Gbps/Full - flow control off
[   23.741024] ret = fffffff2
[   23.743973] ret = fffffff2
[   23.747373] ret = fffffff2
[   23.750187] ret = fffffff2
[   56.772647] random: nonblocking pool is initialized
[  329.444002] ret = fffffff2
[  329.446993] ret = fffffff2
[  329.450087] ret = fffffff2
[  329.452903] ret = fffffff2
[  338.844784] ret = fffffff2
[  338.847706] ret = fffffff2
[  338.850798] ret = fffffff2
[  338.853579] ret = fffffff2

I'm using the morty branch of meta-rockchip.

The text was updated successfully, but these errors were encountered:

wzyy2 · 2017-10-16T08:57:12Z

It might be kernel driver problem and morty branch is not maintained, you could checkout to pyro.

wzyy2 · 2017-10-16T21:13:45Z

" Boardcon-RK3288", oh, so is it your own board?
You could try to increase gpu voltage, it might be hardware problem.

teseo-sw · 2017-10-26T09:14:06Z

Yes, it is a custom board based on EM3288 from Boardcon.
I switched to pyro (libmali-midgard-r9p0-r0p0.so) but nothing changed.

Voltage settings:

vdd_gpu: syr828@41 {
	compatible = "silergy,syr828";
	fcs,suspend-voltage-selector = <1>;
	reg = <0x41>;
	regulator-name = "vdd_gpu";
	regulator-min-microvolt = <850000>;
	regulator-max-microvolt = <1350000>;
	regulator-always-on;
	regulator-ramp-delay = <6000>;
	vin-supply = <&vcc_sys>;
};

Are there any particular values you recommend?

wzyy2 · 2017-10-26T09:38:07Z

Search "gpu" "opp" in rk3288.dtsi.

teseo-sw · 2017-10-26T09:47:35Z

rk3288.dtsi:

gpu: gpu@ffa30000 {
	compatible = "arm,malit764",
		     "arm,malit76x",
		     "arm,malit7xx",
		     "arm,mali-midgard";
	reg = <0xffa30000 0x10000>;
	interrupts = <GIC_SPI 6 IRQ_TYPE_LEVEL_HIGH>,
		     <GIC_SPI 7 IRQ_TYPE_LEVEL_HIGH>,
		     <GIC_SPI 8 IRQ_TYPE_LEVEL_HIGH>;
	interrupt-names = "JOB", "MMU", "GPU";
	clocks = <&cru ACLK_GPU>;
	clock-names = "clk_mali";
	operating-points = <
		/* KHz uV */
		600000 1250000
		/* 500000 1200000 - See crosbug.com/p/33857 */
		400000 1100000
		300000 1000000
		200000 950000
		100000 950000
	>;
	#cooling-cells = <2>; /* min followed by max */
	power-domains = <&power RK3288_PD_GPU>;
	status = "disabled";
};

Does this mean I should set regulator-[min,max]-microvolt to 950000 and 1250000 respectively?

teseo-sw · 2017-11-03T14:57:39Z

I upgraded to current release-4.4 and latest user-space mali drivers (r14-p0) but the problem persists. Here is the relevant dmesg output (note that the messages are the same regardless of whether mali fails to initialize or not:

root@ptam8:~# dmesg | grep mali   
[    1.403601] mali ffa30000.gpu: Failed to get regulator
[    1.409452] mali ffa30000.gpu: Power control initialization failed
[    4.868433] W : [File] : drivers/gpu/arm/midgard/platform/rk/mali_kbase_config_rk.c; [Line] : 135; [Func] : kbase_platform_rk_init(); power-off-delay-ms not available.
[    4.891492] mali ffa30000.gpu: GPU identified as 0x0750 r0p0 status 1
[    4.902349] I : [File] : drivers/gpu/arm/midgard/backend/gpu/mali_kbase_devfreq.c; [Line] : 284; [Func] : kbase_devfreq_init(); success initing power_model_simple.
[    4.925636] mali ffa30000.gpu: Probed as mali0

teseo-sw · 2017-11-03T15:43:46Z

I built mali driver as module and the messages about "regulator" and "power control" disappeared. It seems now that the driver never fails, probably because initialization happens at a later time:

root@ptam8:~# dmesg | grep mali
[    7.035345] W : [File] : drivers/gpu/arm/midgard/platform/rk/mali_kbase_config_rk.c; [Line] : 135; [Func] : kbase_platform_rk_init(); power-off-delay-ms not available.
[    7.064590] mali ffa30000.gpu: GPU identified as 0x0750 r0p0 status 1
[    7.086305] I : [File] : drivers/gpu/arm/midgard/backend/gpu/mali_kbase_devfreq.c; [Line] : 284; [Func] : kbase_devfreq_init(); success initing power_model_simple.
[    7.119409] mali ffa30000.gpu: Probed as mali0

I don't think that is intended behavior though, isn't it?

[ Upstream commit b9b312a ] syzkaller reported crashes in IPv6 stack [1] Xin Long found that lo MTU was set to silly values. IPv6 stack reacts to changes to small MTU, by disabling itself under RTNL. But there is a window where threads not using RTNL can see a wrong device mtu. This can lead to surprises, in mld code where it is assumed the mtu is suitable. Fix this by reading device mtu once and checking IPv6 minimal MTU. [1] skbuff: skb_over_panic: text:0000000010b86b8d len:196 put:20 head:000000003b477e60 data:000000000e85441e tail:0xd4 end:0xc0 dev:lo ------------[ cut here ]------------ kernel BUG at net/core/skbuff.c:104! invalid opcode: 0000 [#1] SMP KASAN Dumping ftrace buffer: (ftrace buffer empty) Modules linked in: CPU: 1 PID: 0 Comm: swapper/1 Not tainted 4.15.0-rc2-mm1+ #39 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 RIP: 0010:skb_panic+0x15c/0x1f0 net/core/skbuff.c:100 RSP: 0018:ffff8801db307508 EFLAGS: 00010286 RAX: 0000000000000082 RBX: ffff8801c517e840 RCX: 0000000000000000 RDX: 0000000000000082 RSI: 1ffff1003b660e61 RDI: ffffed003b660e95 RBP: ffff8801db307570 R08: 1ffff1003b660e23 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000000 R12: ffffffff85bd4020 R13: ffffffff84754ed2 R14: 0000000000000014 R15: ffff8801c4e26540 FS: 0000000000000000(0000) GS:ffff8801db300000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 0000000000463610 CR3: 00000001c6698000 CR4: 00000000001406e0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: <IRQ> skb_over_panic net/core/skbuff.c:109 [inline] skb_put+0x181/0x1c0 net/core/skbuff.c:1694 add_grhead.isra.24+0x42/0x3b0 net/ipv6/mcast.c:1695 add_grec+0xa55/0x1060 net/ipv6/mcast.c:1817 mld_send_cr net/ipv6/mcast.c:1903 [inline] mld_ifc_timer_expire+0x4d2/0x770 net/ipv6/mcast.c:2448 call_timer_fn+0x23b/0x840 kernel/time/timer.c:1320 expire_timers kernel/time/timer.c:1357 [inline] __run_timers+0x7e1/0xb60 kernel/time/timer.c:1660 run_timer_softirq+0x4c/0xb0 kernel/time/timer.c:1686 __do_softirq+0x29d/0xbb2 kernel/softirq.c:285 invoke_softirq kernel/softirq.c:365 [inline] irq_exit+0x1d3/0x210 kernel/softirq.c:405 exiting_irq arch/x86/include/asm/apic.h:540 [inline] smp_apic_timer_interrupt+0x16b/0x700 arch/x86/kernel/apic/apic.c:1052 apic_timer_interrupt+0xa9/0xb0 arch/x86/entry/entry_64.S:920 Signed-off-by: Eric Dumazet <edumazet@google.com> Reported-by: syzbot <syzkaller@googlegroups.com> Tested-by: Xin Long <lucien.xin@gmail.com> Signed-off-by: David S. Miller <davem@davemloft.net> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

alandingbc · 2018-05-31T03:48:34Z

Hi, teseo-sw. I have the same problem. The error of regulator error in mali initialization actually is due to the order of modules loading. Generally, the regulator devices attached to the i2c bus. So the mali driver easily gets loading earlier than i2c slave devices. You can just modify the file 'mali_kbase_core_linux.c' and modify the function 'module_init()' to 'late_initcall()'. I have tested it and worked.
But it seems the regulator doesn't actually cause the problem about the mali driver & libmali & egl. It's so weird that I have the correct userspace libmali which matching the kernel driver, however get eglinitialize error with 0x3001 too. If I use the xserver build by rockchip, it's okay. Maybe the glamor 2d acceleration influence the egl?
All of these really confuse me. Hope Rockchip could provide instructions.

Increase kasan instrumented kernel stack size from 32k to 64k. Other architectures seems to get away with just doubling kernel stack size under kasan, but on s390 this appears to be not enough due to bigger frame size. The particular pain point is kasan inlined checks (CONFIG_KASAN_INLINE vs CONFIG_KASAN_OUTLINE). With inlined checks one particular case hitting stack overflow is fs sync on xfs filesystem: #0 [9a0681e8] 704 bytes check_usage at 34b1fc #1 [9a0684a8] 432 bytes check_usage at 34c710 #2 [9a068658] 1048 bytes validate_chain at 35044a #3 [9a068a70] 312 bytes __lock_acquire at 3559fe #4 [9a068ba8] 440 bytes lock_acquire at 3576ee #5 [9a068d60] 104 bytes _raw_spin_lock at 21b44e0 #6 [9a068dc8] 1992 bytes enqueue_entity at 2dbf72 #7 [9a069590] 1496 bytes enqueue_task_fair at 2df5f0 #8 [9a069b68] 64 bytes ttwu_do_activate at 28f438 #9 [9a069ba8] 552 bytes try_to_wake_up at 298c4c #10 [9a069dd0] 168 bytes wake_up_worker at 23f97c #11 [9a069e78] 200 bytes insert_work at 23fc2e #12 [9a069f40] 648 bytes __queue_work at 2487c0 #13 [9a06a1c8] 200 bytes __queue_delayed_work at 24db28 #14 [9a06a290] 248 bytes mod_delayed_work_on at 24de84 #15 [9a06a388] 24 bytes kblockd_mod_delayed_work_on at 153e2a0 #16 [9a06a3a0] 288 bytes __blk_mq_delay_run_hw_queue at 158168c #17 [9a06a4c0] 192 bytes blk_mq_run_hw_queue at 1581a3c #18 [9a06a580] 184 bytes blk_mq_sched_insert_requests at 15a2192 #19 [9a06a638] 1024 bytes blk_mq_flush_plug_list at 1590f3a #20 [9a06aa38] 704 bytes blk_flush_plug_list at 1555028 #21 [9a06acf8] 320 bytes schedule at 219e476 #22 [9a06ae38] 760 bytes schedule_timeout at 21b0aac #23 [9a06b130] 408 bytes wait_for_common at 21a1706 #24 [9a06b2c8] 360 bytes xfs_buf_iowait at fa1540 #25 [9a06b430] 256 bytes __xfs_buf_submit at fadae6 #26 [9a06b530] 264 bytes xfs_buf_read_map at fae3f6 #27 [9a06b638] 656 bytes xfs_trans_read_buf_map at 10ac9a8 #28 [9a06b8c8] 304 bytes xfs_btree_kill_root at e72426 #29 [9a06b9f8] 288 bytes xfs_btree_lookup_get_block at e7bc5e #30 [9a06bb18] 624 bytes xfs_btree_lookup at e7e1a6 #31 [9a06bd88] 2664 bytes xfs_alloc_ag_vextent_near at dfa070 #32 [9a06c7f0] 144 bytes xfs_alloc_ag_vextent at dff3ca #33 [9a06c880] 1128 bytes xfs_alloc_vextent at e05fce #34 [9a06cce8] 584 bytes xfs_bmap_btalloc at e58342 #35 [9a06cf30] 1336 bytes xfs_bmapi_write at e618de #36 [9a06d468] 776 bytes xfs_iomap_write_allocate at ff678e #37 [9a06d770] 720 bytes xfs_map_blocks at f82af8 rockchip-linux#38 [9a06da40] 928 bytes xfs_writepage_map at f83cd6 rockchip-linux#39 [9a06dde0] 320 bytes xfs_do_writepage at f85872 rockchip-linux#40 [9a06df20] 1320 bytes write_cache_pages at 73dfe8 rockchip-linux#41 [9a06e448] 208 bytes xfs_vm_writepages at f7f892 rockchip-linux#42 [9a06e518] 88 bytes do_writepages at 73fe6a rockchip-linux#43 [9a06e570] 872 bytes __writeback_single_inode at a20cb6 rockchip-linux#44 [9a06e8d8] 664 bytes writeback_sb_inodes at a23be2 rockchip-linux#45 [9a06eb70] 296 bytes __writeback_inodes_wb at a242e0 rockchip-linux#46 [9a06ec98] 928 bytes wb_writeback at a2500e rockchip-linux#47 [9a06f038] 848 bytes wb_do_writeback at a260ae rockchip-linux#48 [9a06f388] 536 bytes wb_workfn at a28228 rockchip-linux#49 [9a06f5a0] 1088 bytes process_one_work at 24a234 rockchip-linux#50 [9a06f9e0] 1120 bytes worker_thread at 24ba26 rockchip-linux#51 [9a06fe40] 104 bytes kthread at 26545a rockchip-linux#52 [9a06fea8] kernel_thread_starter at 21b6b62 To be able to increase the stack size to 64k reuse LLILL instruction in __switch_to function to load 64k - STACK_FRAME_OVERHEAD - __PT_SIZE (65192) value as unsigned. Reported-by: Benjamin Block <bblock@linux.ibm.com> Reviewed-by: Heiko Carstens <heiko.carstens@de.ibm.com> Signed-off-by: Vasily Gorbik <gor@linux.ibm.com> Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com>

generic/417 reported as blow: ------------[ cut here ]------------ kernel BUG at /home/yuchao/git/devf2fs/inode.c:695! invalid opcode: 0000 [#1] PREEMPT SMP CPU: 1 PID: 21697 Comm: umount Tainted: G W O 4.18.0-rc2+ rockchip-linux#39 Hardware name: innotek GmbH VirtualBox/VirtualBox, BIOS VirtualBox 12/01/2006 EIP: f2fs_evict_inode+0x556/0x580 [f2fs] Call Trace: ? _raw_spin_unlock+0x2c/0x50 evict+0xa8/0x170 dispose_list+0x34/0x40 evict_inodes+0x118/0x120 generic_shutdown_super+0x41/0x100 ? rcu_read_lock_sched_held+0x97/0xa0 kill_block_super+0x22/0x50 kill_f2fs_super+0x6f/0x80 [f2fs] deactivate_locked_super+0x3d/0x70 deactivate_super+0x40/0x60 cleanup_mnt+0x39/0x70 __cleanup_mnt+0x10/0x20 task_work_run+0x81/0xa0 exit_to_usermode_loop+0x59/0xa7 do_fast_syscall_32+0x1f5/0x22c entry_SYSENTER_32+0x53/0x86 EIP: f2fs_evict_inode+0x556/0x580 [f2fs] It can simply reproduced with scripts: Enable quota feature during mkfs. Testcase1: 1. mkfs.f2fs /dev/zram0 2. mount -t f2fs /dev/zram0 /mnt/f2fs 3. xfs_io -f /mnt/f2fs/file -c "pwrite 0 4k" -c "fsync" 4. godown /mnt/f2fs 5. umount /mnt/f2fs 6. mount -t f2fs -o ro /dev/zram0 /mnt/f2fs 7. umount /mnt/f2fs Testcase2: 1. mkfs.f2fs /dev/zram0 2. mount -t f2fs /dev/zram0 /mnt/f2fs 3. touch /mnt/f2fs/file 4. create process[pid = x] do: a) open /mnt/f2fs/file; b) unlink /mnt/f2fs/file 5. godown -f /mnt/f2fs 6. kill process[pid = x] 7. umount /mnt/f2fs 8. mount -t f2fs -o ro /dev/zram0 /mnt/f2fs 9. umount /mnt/f2fs The reason is: during recovery, i_{c,m}time of inode will be updated, then the inode can be set dirty w/o being tracked in sbi->inode_list[DIRTY_META] global list, so later write_checkpoint will not flush such dirty inode into node page. Once umount is called, sync_filesystem() in generic_shutdown_super() will skip syncng dirty inodes due to sb_rdonly check, leaving dirty inodes there. To solve this issue, during umount, add remove SB_RDONLY flag in sb->s_flags, to make sure sync_filesystem() will not be skipped. Signed-off-by: Chao Yu <yuchao0@huawei.com> Signed-off-by: Jaegeuk Kim <jaegeuk@kernel.org>

https://bugzilla.kernel.org/show_bug.cgi?id=200219 Reproduction way: - mount image - run poc code - umount image F2FS-fs (loop1): Bitmap was wrongly set, blk:15364 ------------[ cut here ]------------ kernel BUG at /home/yuchao/git/devf2fs/segment.c:2061! invalid opcode: 0000 [#1] PREEMPT SMP CPU: 2 PID: 17686 Comm: umount Tainted: G W O 4.18.0-rc2+ rockchip-linux#39 Hardware name: innotek GmbH VirtualBox/VirtualBox, BIOS VirtualBox 12/01/2006 EIP: update_sit_entry+0x459/0x4e0 [f2fs] Code: e8 1c b5 fd ff 0f 0b 0f 0b 8b 45 e4 c7 44 24 08 9c 7a 6c f8 c7 44 24 04 bc 4a 6c f8 89 44 24 0c 8b 06 89 04 24 e8 f7 b4 fd ff <0f> 0b 8b 45 e4 0f b6 d2 89 54 24 10 c7 44 24 08 60 7a 6c f8 c7 44 EAX: 00000032 EBX: 000000f8 ECX: 00000002 EDX: 00000001 ESI: d7177000 EDI: f520fe68 EBP: d6477c6c ESP: d6477c34 DS: 007b ES: 007b FS: 00d8 GS: 00e0 SS: 0068 EFLAGS: 00010282 CR0: 80050033 CR2: b7fbe000 CR3: 2a99b3c0 CR4: 000406f0 Call Trace: f2fs_allocate_data_block+0x124/0x580 [f2fs] do_write_page+0x78/0x150 [f2fs] f2fs_do_write_node_page+0x25/0xa0 [f2fs] __write_node_page+0x2bf/0x550 [f2fs] f2fs_sync_node_pages+0x60e/0x6d0 [f2fs] ? sync_inode_metadata+0x2f/0x40 ? f2fs_write_checkpoint+0x28f/0x7d0 [f2fs] ? up_write+0x1e/0x80 f2fs_write_checkpoint+0x2a9/0x7d0 [f2fs] ? mark_held_locks+0x5d/0x80 ? _raw_spin_unlock_irq+0x27/0x50 kill_f2fs_super+0x68/0x90 [f2fs] deactivate_locked_super+0x3d/0x70 deactivate_super+0x40/0x60 cleanup_mnt+0x39/0x70 __cleanup_mnt+0x10/0x20 task_work_run+0x81/0xa0 exit_to_usermode_loop+0x59/0xa7 do_fast_syscall_32+0x1f5/0x22c entry_SYSENTER_32+0x53/0x86 EIP: 0xb7f95c51 Code: c1 1e f7 ff ff 89 e5 8b 55 08 85 d2 8b 81 64 cd ff ff 74 02 89 02 5d c3 8b 0c 24 c3 8b 1c 24 c3 90 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d 76 00 58 b8 77 00 00 00 cd 80 90 8d 76 EAX: 00000000 EBX: 0871ab90 ECX: bfb2cd00 EDX: 00000000 ESI: 00000000 EDI: 0871ab90 EBP: 0871ab90 ESP: bfb2cd7c DS: 007b ES: 007b FS: 0000 GS: 0033 SS: 007b EFLAGS: 00000246 Modules linked in: f2fs(O) crc32_generic bnep rfcomm bluetooth ecdh_generic snd_intel8x0 snd_ac97_codec ac97_bus snd_pcm snd_seq_midi snd_seq_midi_event snd_rawmidi snd_seq pcbc joydev aesni_intel snd_seq_device aes_i586 snd_timer crypto_simd snd cryptd soundcore mac_hid serio_raw video i2c_piix4 parport_pc ppdev lp parport hid_generic psmouse usbhid hid e1000 [last unloaded: f2fs] ---[ end trace d423f83982cfcdc5 ]--- The reason is, different log headers using the same segment, once one log's next block address is used by another log, it will cause panic as above. Main area: 24 segs, 24 secs 24 zones - COLD data: 0, 0, 0 - WARM data: 1, 1, 1 - HOT data: 20, 20, 20 - Dir dnode: 22, 22, 22 - File dnode: 22, 22, 22 - Indir nodes: 21, 21, 21 So this patch adds sanity check to detect such condition to avoid this issue. Signed-off-by: Chao Yu <yuchao0@huawei.com> Signed-off-by: Jaegeuk Kim <jaegeuk@kernel.org>

We've been seeing some crashes in testing that look like this: BUG: unable to handle kernel NULL pointer dereference at (null) IP: [<ffffffff8135ce99>] memcpy_orig+0x29/0x110 PGD 212ca2067 PUD 212ca3067 PMD 0 Oops: 0002 [FireflyTeam#1] SMP Modules linked in: rpcsec_gss_krb5 nfsv4 dns_resolver nfs fscache ppdev parport_pc i2c_piix4 sg parport i2c_core virtio_balloon pcspkr acpi_cpufreq nfsd auth_rpcgss nfs_acl lockd grace sunrpc ip_tables xfs libcrc32c sd_mod ata_generic pata_acpi virtio_scsi 8139too ata_piix libata 8139cp mii virtio_pci floppy virtio_ring serio_raw virtio CPU: 1 PID: 1540 Comm: nfsd Not tainted 4.9.0-rc1 rockchip-linux#39 Hardware name: Red Hat KVM, BIOS 0.5.1 01/01/2007 task: ffff88020d7ed200 task.stack: ffff880211838000 RIP: 0010:[<ffffffff8135ce99>] [<ffffffff8135ce99>] memcpy_orig+0x29/0x110 RSP: 0018:ffff88021183bdd0 EFLAGS: 00010206 RAX: 0000000000000000 RBX: ffff88020d7fa000 RCX: 000000f400000000 RDX: 0000000000000014 RSI: ffff880212927020 RDI: 0000000000000000 RBP: ffff88021183be30 R08: 01000000ef896996 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000000 R12: ffff880211704ca8 R13: ffff88021473f000 R14: 00000000ef896996 R15: ffff880211704800 FS: 0000000000000000(0000) GS:ffff88021fc80000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 0000000000000000 CR3: 0000000212ca1000 CR4: 00000000000006e0 Stack: ffffffffa01ea087 ffffffff63400001 ffff880215145e00 ffff880211bacd00 ffff88021473f2b8 0000000000000004 00000000d0679d67 ffff880211bacd00 ffff88020d7fa000 ffff88021473f000 0000000000000000 ffff88020d7faa30 Call Trace: [<ffffffffa01ea087>] ? svc_tcp_recvfrom+0x5a7/0x790 [sunrpc] [<ffffffffa01f84d8>] svc_recv+0xad8/0xbd0 [sunrpc] [<ffffffffa0262d5e>] nfsd+0xde/0x160 [nfsd] [<ffffffffa0262c80>] ? nfsd_destroy+0x60/0x60 [nfsd] [<ffffffff810a9418>] kthread+0xd8/0xf0 [<ffffffff816dbdbf>] ret_from_fork+0x1f/0x40 [<ffffffff810a9340>] ? kthread_park+0x60/0x60 Code: 00 00 48 89 f8 48 83 fa 20 72 7e 40 38 fe 7c 35 48 83 ea 20 48 83 ea 20 4c 8b 06 4c 8b 4e 08 4c 8b 56 10 4c 8b 5e 18 48 8d 76 20 <4c> 89 07 4c 89 4f 08 4c 89 57 10 4c 89 5f 18 48 8d 7f 20 73 d4 RIP [<ffffffff8135ce99>] memcpy_orig+0x29/0x110 RSP <ffff88021183bdd0> CR2: 0000000000000000 Both Bruce and Eryu ran a bisect here and found that the problematic patch was 6877894 (SUNRPC: Separate buffer pointers for RPC Call and Reply messages). That patch changed rpc_xdr_encode to use a new rq_rbuffer pointer to set up the receive buffer, but didn't change all of the necessary codepaths to set it properly. In particular the backchannel setup was missing. We need to set rq_rbuffer whenever rq_buffer is set. Ensure that it is. Reviewed-by: Chuck Lever <chuck.lever@oracle.com> Tested-by: Chuck Lever <chuck.lever@oracle.com> Reported-by: Eryu Guan <guaneryu@gmail.com> Tested-by: Eryu Guan <guaneryu@gmail.com> Fixes: 6877894 "SUNRPC: Separate buffer pointers..." Reported-by: J. Bruce Fields <bfields@fieldses.org> Signed-off-by: Jeff Layton <jlayton@redhat.com> Signed-off-by: J. Bruce Fields <bfields@redhat.com>

Lock socket before checking the SOCK_ZAPPED flag in l2tp_ip6_bind(). Without lock, a concurrent call could modify the socket flags between the sock_flag(sk, SOCK_ZAPPED) test and the lock_sock() call. This way, a socket could be inserted twice in l2tp_ip6_bind_table. Releasing it would then leave a stale pointer there, generating use-after-free errors when walking through the list or modifying adjacent entries. BUG: KASAN: use-after-free in l2tp_ip6_close+0x22e/0x290 at addr ffff8800081b0ed8 Write of size 8 by task syz-executor/10987 CPU: 0 PID: 10987 Comm: syz-executor Not tainted 4.8.0+ rockchip-linux#39 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.8.2-0-g33fbe13 by qemu-project.org 04/01/2014 ffff880031d97838 ffffffff829f835b ffff88001b5a1640 ffff8800081b0ec0 ffff8800081b15a0 ffff8800081b6d20 ffff880031d97860 ffffffff8174d3cc ffff880031d978f0 ffff8800081b0e80 ffff88001b5a1640 ffff880031d978e0 Call Trace: [<ffffffff829f835b>] dump_stack+0xb3/0x118 lib/dump_stack.c:15 [<ffffffff8174d3cc>] kasan_object_err+0x1c/0x70 mm/kasan/report.c:156 [< inline >] print_address_description mm/kasan/report.c:194 [<ffffffff8174d666>] kasan_report_error+0x1f6/0x4d0 mm/kasan/report.c:283 [< inline >] kasan_report mm/kasan/report.c:303 [<ffffffff8174db7e>] __asan_report_store8_noabort+0x3e/0x40 mm/kasan/report.c:329 [< inline >] __write_once_size ./include/linux/compiler.h:249 [< inline >] __hlist_del ./include/linux/list.h:622 [< inline >] hlist_del_init ./include/linux/list.h:637 [<ffffffff8579047e>] l2tp_ip6_close+0x22e/0x290 net/l2tp/l2tp_ip6.c:239 [<ffffffff850b2dfd>] inet_release+0xed/0x1c0 net/ipv4/af_inet.c:415 [<ffffffff851dc5a0>] inet6_release+0x50/0x70 net/ipv6/af_inet6.c:422 [<ffffffff84c4581d>] sock_release+0x8d/0x1d0 net/socket.c:570 [<ffffffff84c45976>] sock_close+0x16/0x20 net/socket.c:1017 [<ffffffff817a108c>] __fput+0x28c/0x780 fs/file_table.c:208 [<ffffffff817a1605>] ____fput+0x15/0x20 fs/file_table.c:244 [<ffffffff813774f9>] task_work_run+0xf9/0x170 [<ffffffff81324aae>] do_exit+0x85e/0x2a00 [<ffffffff81326dc8>] do_group_exit+0x108/0x330 [<ffffffff81348cf7>] get_signal+0x617/0x17a0 kernel/signal.c:2307 [<ffffffff811b49af>] do_signal+0x7f/0x18f0 [<ffffffff810039bf>] exit_to_usermode_loop+0xbf/0x150 arch/x86/entry/common.c:156 [< inline >] prepare_exit_to_usermode arch/x86/entry/common.c:190 [<ffffffff81006060>] syscall_return_slowpath+0x1a0/0x1e0 arch/x86/entry/common.c:259 [<ffffffff85e4d726>] entry_SYSCALL_64_fastpath+0xc4/0xc6 Object at ffff8800081b0ec0, in cache L2TP/IPv6 size: 1448 Allocated: PID = 10987 [ 1116.897025] [<ffffffff811ddcb6>] save_stack_trace+0x16/0x20 [ 1116.897025] [<ffffffff8174c736>] save_stack+0x46/0xd0 [ 1116.897025] [<ffffffff8174c9ad>] kasan_kmalloc+0xad/0xe0 [ 1116.897025] [<ffffffff8174cee2>] kasan_slab_alloc+0x12/0x20 [ 1116.897025] [< inline >] slab_post_alloc_hook mm/slab.h:417 [ 1116.897025] [< inline >] slab_alloc_node mm/slub.c:2708 [ 1116.897025] [< inline >] slab_alloc mm/slub.c:2716 [ 1116.897025] [<ffffffff817476a8>] kmem_cache_alloc+0xc8/0x2b0 mm/slub.c:2721 [ 1116.897025] [<ffffffff84c4f6a9>] sk_prot_alloc+0x69/0x2b0 net/core/sock.c:1326 [ 1116.897025] [<ffffffff84c58ac8>] sk_alloc+0x38/0xae0 net/core/sock.c:1388 [ 1116.897025] [<ffffffff851ddf67>] inet6_create+0x2d7/0x1000 net/ipv6/af_inet6.c:182 [ 1116.897025] [<ffffffff84c4af7b>] __sock_create+0x37b/0x640 net/socket.c:1153 [ 1116.897025] [< inline >] sock_create net/socket.c:1193 [ 1116.897025] [< inline >] SYSC_socket net/socket.c:1223 [ 1116.897025] [<ffffffff84c4b46f>] SyS_socket+0xef/0x1b0 net/socket.c:1203 [ 1116.897025] [<ffffffff85e4d685>] entry_SYSCALL_64_fastpath+0x23/0xc6 Freed: PID = 10987 [ 1116.897025] [<ffffffff811ddcb6>] save_stack_trace+0x16/0x20 [ 1116.897025] [<ffffffff8174c736>] save_stack+0x46/0xd0 [ 1116.897025] [<ffffffff8174cf61>] kasan_slab_free+0x71/0xb0 [ 1116.897025] [< inline >] slab_free_hook mm/slub.c:1352 [ 1116.897025] [< inline >] slab_free_freelist_hook mm/slub.c:1374 [ 1116.897025] [< inline >] slab_free mm/slub.c:2951 [ 1116.897025] [<ffffffff81748b28>] kmem_cache_free+0xc8/0x330 mm/slub.c:2973 [ 1116.897025] [< inline >] sk_prot_free net/core/sock.c:1369 [ 1116.897025] [<ffffffff84c541eb>] __sk_destruct+0x32b/0x4f0 net/core/sock.c:1444 [ 1116.897025] [<ffffffff84c5aca4>] sk_destruct+0x44/0x80 net/core/sock.c:1452 [ 1116.897025] [<ffffffff84c5ad33>] __sk_free+0x53/0x220 net/core/sock.c:1460 [ 1116.897025] [<ffffffff84c5af23>] sk_free+0x23/0x30 net/core/sock.c:1471 [ 1116.897025] [<ffffffff84c5cb6c>] sk_common_release+0x28c/0x3e0 ./include/net/sock.h:1589 [ 1116.897025] [<ffffffff8579044e>] l2tp_ip6_close+0x1fe/0x290 net/l2tp/l2tp_ip6.c:243 [ 1116.897025] [<ffffffff850b2dfd>] inet_release+0xed/0x1c0 net/ipv4/af_inet.c:415 [ 1116.897025] [<ffffffff851dc5a0>] inet6_release+0x50/0x70 net/ipv6/af_inet6.c:422 [ 1116.897025] [<ffffffff84c4581d>] sock_release+0x8d/0x1d0 net/socket.c:570 [ 1116.897025] [<ffffffff84c45976>] sock_close+0x16/0x20 net/socket.c:1017 [ 1116.897025] [<ffffffff817a108c>] __fput+0x28c/0x780 fs/file_table.c:208 [ 1116.897025] [<ffffffff817a1605>] ____fput+0x15/0x20 fs/file_table.c:244 [ 1116.897025] [<ffffffff813774f9>] task_work_run+0xf9/0x170 [ 1116.897025] [<ffffffff81324aae>] do_exit+0x85e/0x2a00 [ 1116.897025] [<ffffffff81326dc8>] do_group_exit+0x108/0x330 [ 1116.897025] [<ffffffff81348cf7>] get_signal+0x617/0x17a0 kernel/signal.c:2307 [ 1116.897025] [<ffffffff811b49af>] do_signal+0x7f/0x18f0 [ 1116.897025] [<ffffffff810039bf>] exit_to_usermode_loop+0xbf/0x150 arch/x86/entry/common.c:156 [ 1116.897025] [< inline >] prepare_exit_to_usermode arch/x86/entry/common.c:190 [ 1116.897025] [<ffffffff81006060>] syscall_return_slowpath+0x1a0/0x1e0 arch/x86/entry/common.c:259 [ 1116.897025] [<ffffffff85e4d726>] entry_SYSCALL_64_fastpath+0xc4/0xc6 Memory state around the buggy address: ffff8800081b0d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc ffff8800081b0e00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc >ffff8800081b0e80: fc fc fc fc fc fc fc fc fb fb fb fb fb fb fb fb ^ ffff8800081b0f00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb ffff8800081b0f80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb ================================================================== The same issue exists with l2tp_ip_bind() and l2tp_ip_bind_table. Fixes: c51ce49 ("l2tp: fix oops in L2TP IP sockets for connect() AF_UNSPEC case") Reported-by: Baozeng Ding <sploving1@gmail.com> Reported-by: Andrey Konovalov <andreyknvl@google.com> Tested-by: Baozeng Ding <sploving1@gmail.com> Signed-off-by: Guillaume Nault <g.nault@alphalink.fr> Signed-off-by: David S. Miller <davem@davemloft.net>

There is at least one Chelsio 10Gb card which uses VPD area to store some non-standard blocks (example below). However pci_vpd_size() returns the length of the first block only assuming that there can be only one VPD "End Tag". Since 4e1a635 ("vfio/pci: Use kernel VPD access functions"), VFIO blocks access beyond that offset, which prevents the guest "cxgb3" driver from probing the device. The host system does not have this problem as its driver accesses the config space directly without pci_read_vpd(). Add a quirk to override the VPD size to a bigger value. The maximum size is taken from EEPROMSIZE in drivers/net/ethernet/chelsio/cxgb3/common.h. We do not read the tag as the cxgb3 driver does as the driver supports writing to EEPROM/VPD and when it writes, it only checks for 8192 bytes boundary. The quirk is registered for all devices supported by the cxgb3 driver. This adds a quirk to the PCI layer (not to the cxgb3 driver) as the cxgb3 driver itself accesses VPD directly and the problem only exists with the vfio-pci driver (when cxgb3 is not running on the host and may not be even loaded) which blocks accesses beyond the first block of VPD data. However vfio-pci itself does not have quirks mechanism so we add it to PCI. This is the controller: Ethernet controller [0200]: Chelsio Communications Inc T310 10GbE Single Port Adapter [1425:0030] This is what I parsed from its VPD: === b'\x82*\x0010 Gigabit Ethernet-SR PCI Express Adapter\x90J\x00EC\x07D76809 FN\x0746K' 0000 Large item 42 bytes; name 0x2 Identifier String b'10 Gigabit Ethernet-SR PCI Express Adapter' 002d Large item 74 bytes; name 0x10 #00 [EC] len=7: b'D76809 ' #0a [FN] len=7: b'46K7897' FireflyTeam#14 [PN] len=7: b'46K7897' #1e [MN] len=4: b'1037' rockchip-linux#25 [FC] len=4: b'5769' #2c [SN] len=12: b'YL102035603V' #3b [NA] len=12: b'00145E992ED1' 007a Small item 1 bytes; name 0xf End Tag 0c00 Large item 16 bytes; name 0x2 Identifier String b'S310E-SR-X ' 0c13 Large item 234 bytes; name 0x10 #00 [PN] len=16: b'TBD ' FireflyTeam#13 [EC] len=16: b'110107730D2 ' rockchip-linux#26 [SN] len=16: b'97YL102035603V ' rockchip-linux#39 [NA] len=12: b'00145E992ED1' rockchip-linux#48 [V0] len=6: b'175000' rockchip-linux#51 [V1] len=6: b'266666' #5a [V2] len=6: b'266666' rockchip-linux#63 [V3] len=6: b'2000 ' #6c [V4] len=2: b'1 ' rockchip-linux#71 [V5] len=6: b'c2 ' #7a [V6] len=6: b'0 ' rockchip-linux#83 [V7] len=2: b'1 ' rockchip-linux#88 [V8] len=2: b'0 ' #8d [V9] len=2: b'0 ' rockchip-linux#92 [VA] len=2: b'0 ' rockchip-linux#97 [RV] len=80: b's\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00'... 0d00 Large item 252 bytes; name 0x11 #00 [VC] len=16: b'122310_1222 dp ' FireflyTeam#13 [VD] len=16: b'610-0001-00 H1\x00\x00' rockchip-linux#26 [VE] len=16: b'122310_1353 fp ' rockchip-linux#39 [VF] len=16: b'610-0001-00 H1\x00\x00' #4c [RW] len=173: b'\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00'... 0dff Small item 0 bytes; name 0xf End Tag 10f3 Large item 13315 bytes; name 0x62 !!! unknown item name 98: b'\xd0\x03\x00@`\x0c\x08\x00\x00\x00\x00\x00\x00\x00\x00\x00' === Signed-off-by: Alexey Kardashevskiy <aik@ozlabs.ru> Signed-off-by: Bjorn Helgaas <bhelgaas@google.com>

[ Upstream commit 042be0f ] https://bugzilla.kernel.org/show_bug.cgi?id=200219 Reproduction way: - mount image - run poc code - umount image F2FS-fs (loop1): Bitmap was wrongly set, blk:15364 ------------[ cut here ]------------ kernel BUG at /home/yuchao/git/devf2fs/segment.c:2061! invalid opcode: 0000 [#1] PREEMPT SMP CPU: 2 PID: 17686 Comm: umount Tainted: G W O 4.18.0-rc2+ #39 Hardware name: innotek GmbH VirtualBox/VirtualBox, BIOS VirtualBox 12/01/2006 EIP: update_sit_entry+0x459/0x4e0 [f2fs] Code: e8 1c b5 fd ff 0f 0b 0f 0b 8b 45 e4 c7 44 24 08 9c 7a 6c f8 c7 44 24 04 bc 4a 6c f8 89 44 24 0c 8b 06 89 04 24 e8 f7 b4 fd ff <0f> 0b 8b 45 e4 0f b6 d2 89 54 24 10 c7 44 24 08 60 7a 6c f8 c7 44 EAX: 00000032 EBX: 000000f8 ECX: 00000002 EDX: 00000001 ESI: d7177000 EDI: f520fe68 EBP: d6477c6c ESP: d6477c34 DS: 007b ES: 007b FS: 00d8 GS: 00e0 SS: 0068 EFLAGS: 00010282 CR0: 80050033 CR2: b7fbe000 CR3: 2a99b3c0 CR4: 000406f0 Call Trace: f2fs_allocate_data_block+0x124/0x580 [f2fs] do_write_page+0x78/0x150 [f2fs] f2fs_do_write_node_page+0x25/0xa0 [f2fs] __write_node_page+0x2bf/0x550 [f2fs] f2fs_sync_node_pages+0x60e/0x6d0 [f2fs] ? sync_inode_metadata+0x2f/0x40 ? f2fs_write_checkpoint+0x28f/0x7d0 [f2fs] ? up_write+0x1e/0x80 f2fs_write_checkpoint+0x2a9/0x7d0 [f2fs] ? mark_held_locks+0x5d/0x80 ? _raw_spin_unlock_irq+0x27/0x50 kill_f2fs_super+0x68/0x90 [f2fs] deactivate_locked_super+0x3d/0x70 deactivate_super+0x40/0x60 cleanup_mnt+0x39/0x70 __cleanup_mnt+0x10/0x20 task_work_run+0x81/0xa0 exit_to_usermode_loop+0x59/0xa7 do_fast_syscall_32+0x1f5/0x22c entry_SYSENTER_32+0x53/0x86 EIP: 0xb7f95c51 Code: c1 1e f7 ff ff 89 e5 8b 55 08 85 d2 8b 81 64 cd ff ff 74 02 89 02 5d c3 8b 0c 24 c3 8b 1c 24 c3 90 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d 76 00 58 b8 77 00 00 00 cd 80 90 8d 76 EAX: 00000000 EBX: 0871ab90 ECX: bfb2cd00 EDX: 00000000 ESI: 00000000 EDI: 0871ab90 EBP: 0871ab90 ESP: bfb2cd7c DS: 007b ES: 007b FS: 0000 GS: 0033 SS: 007b EFLAGS: 00000246 Modules linked in: f2fs(O) crc32_generic bnep rfcomm bluetooth ecdh_generic snd_intel8x0 snd_ac97_codec ac97_bus snd_pcm snd_seq_midi snd_seq_midi_event snd_rawmidi snd_seq pcbc joydev aesni_intel snd_seq_device aes_i586 snd_timer crypto_simd snd cryptd soundcore mac_hid serio_raw video i2c_piix4 parport_pc ppdev lp parport hid_generic psmouse usbhid hid e1000 [last unloaded: f2fs] ---[ end trace d423f83982cfcdc5 ]--- The reason is, different log headers using the same segment, once one log's next block address is used by another log, it will cause panic as above. Main area: 24 segs, 24 secs 24 zones - COLD data: 0, 0, 0 - WARM data: 1, 1, 1 - HOT data: 20, 20, 20 - Dir dnode: 22, 22, 22 - File dnode: 22, 22, 22 - Indir nodes: 21, 21, 21 So this patch adds sanity check to detect such condition to avoid this issue. Signed-off-by: Chao Yu <yuchao0@huawei.com> Signed-off-by: Jaegeuk Kim <jaegeuk@kernel.org> Signed-off-by: Sasha Levin <sashal@kernel.org>

commit 2baae35 upstream. synchronize_rcu() is fine when the rcu callbacks only need to free memory (kfree_rcu() or direct kfree() call rcu call backs) __dev_map_entry_free() is a bit more complex, so we need to make sure that call queued __dev_map_entry_free() callbacks have completed. sysbot report: BUG: KASAN: use-after-free in dev_map_flush_old kernel/bpf/devmap.c:365 [inline] BUG: KASAN: use-after-free in __dev_map_entry_free+0x2a8/0x300 kernel/bpf/devmap.c:379 Read of size 8 at addr ffff8801b8da38c8 by task ksoftirqd/1/18 CPU: 1 PID: 18 Comm: ksoftirqd/1 Not tainted 4.17.0+ rockchip-linux#39 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:77 [inline] dump_stack+0x1b9/0x294 lib/dump_stack.c:113 print_address_description+0x6c/0x20b mm/kasan/report.c:256 kasan_report_error mm/kasan/report.c:354 [inline] kasan_report.cold.7+0x242/0x2fe mm/kasan/report.c:412 __asan_report_load8_noabort+0x14/0x20 mm/kasan/report.c:433 dev_map_flush_old kernel/bpf/devmap.c:365 [inline] __dev_map_entry_free+0x2a8/0x300 kernel/bpf/devmap.c:379 __rcu_reclaim kernel/rcu/rcu.h:178 [inline] rcu_do_batch kernel/rcu/tree.c:2558 [inline] invoke_rcu_callbacks kernel/rcu/tree.c:2818 [inline] __rcu_process_callbacks kernel/rcu/tree.c:2785 [inline] rcu_process_callbacks+0xe9d/0x1760 kernel/rcu/tree.c:2802 __do_softirq+0x2e0/0xaf5 kernel/softirq.c:284 run_ksoftirqd+0x86/0x100 kernel/softirq.c:645 smpboot_thread_fn+0x417/0x870 kernel/smpboot.c:164 kthread+0x345/0x410 kernel/kthread.c:240 ret_from_fork+0x3a/0x50 arch/x86/entry/entry_64.S:412 Allocated by task 6675: save_stack+0x43/0xd0 mm/kasan/kasan.c:448 set_track mm/kasan/kasan.c:460 [inline] kasan_kmalloc+0xc4/0xe0 mm/kasan/kasan.c:553 kmem_cache_alloc_trace+0x152/0x780 mm/slab.c:3620 kmalloc include/linux/slab.h:513 [inline] kzalloc include/linux/slab.h:706 [inline] dev_map_alloc+0x208/0x7f0 kernel/bpf/devmap.c:102 find_and_alloc_map kernel/bpf/syscall.c:129 [inline] map_create+0x393/0x1010 kernel/bpf/syscall.c:453 __do_sys_bpf kernel/bpf/syscall.c:2351 [inline] __se_sys_bpf kernel/bpf/syscall.c:2328 [inline] __x64_sys_bpf+0x303/0x510 kernel/bpf/syscall.c:2328 do_syscall_64+0x1b1/0x800 arch/x86/entry/common.c:290 entry_SYSCALL_64_after_hwframe+0x49/0xbe Freed by task 26: save_stack+0x43/0xd0 mm/kasan/kasan.c:448 set_track mm/kasan/kasan.c:460 [inline] __kasan_slab_free+0x11a/0x170 mm/kasan/kasan.c:521 kasan_slab_free+0xe/0x10 mm/kasan/kasan.c:528 __cache_free mm/slab.c:3498 [inline] kfree+0xd9/0x260 mm/slab.c:3813 dev_map_free+0x4fa/0x670 kernel/bpf/devmap.c:191 bpf_map_free_deferred+0xba/0xf0 kernel/bpf/syscall.c:262 process_one_work+0xc64/0x1b70 kernel/workqueue.c:2153 worker_thread+0x181/0x13a0 kernel/workqueue.c:2296 kthread+0x345/0x410 kernel/kthread.c:240 ret_from_fork+0x3a/0x50 arch/x86/entry/entry_64.S:412 The buggy address belongs to the object at ffff8801b8da37c0 which belongs to the cache kmalloc-512 of size 512 The buggy address is located 264 bytes inside of 512-byte region [ffff8801b8da37c0, ffff8801b8da39c0) The buggy address belongs to the page: page:ffffea0006e368c0 count:1 mapcount:0 mapping:ffff8801da800940 index:0xffff8801b8da3540 flags: 0x2fffc0000000100(slab) raw: 02fffc0000000100 ffffea0007217b88 ffffea0006e30cc8 ffff8801da800940 raw: ffff8801b8da3540 ffff8801b8da3040 0000000100000004 0000000000000000 page dumped because: kasan: bad access detected Memory state around the buggy address: ffff8801b8da3780: fc fc fc fc fc fc fc fc fb fb fb fb fb fb fb fb ffff8801b8da3800: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb > ffff8801b8da3880: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb ^ ffff8801b8da3900: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb ffff8801b8da3980: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc Fixes: 546ac1f ("bpf: add devmap, a map for storing net device references") Signed-off-by: Eric Dumazet <edumazet@google.com> Reported-by: syzbot+457d3e2ffbcf31aee5c0@syzkaller.appspotmail.com Acked-by: Toke Høiland-Jørgensen <toke@redhat.com> Acked-by: Jesper Dangaard Brouer <brouer@redhat.com> Signed-off-by: Daniel Borkmann <daniel@iogearbox.net> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

syzkaller reported crashes in IPv6 stack [1] Xin Long found that lo MTU was set to silly values. IPv6 stack reacts to changes to small MTU, by disabling itself under RTNL. But there is a window where threads not using RTNL can see a wrong device mtu. This can lead to surprises, in mld code where it is assumed the mtu is suitable. Fix this by reading device mtu once and checking IPv6 minimal MTU. [1] skbuff: skb_over_panic: text:0000000010b86b8d len:196 put:20 head:000000003b477e60 data:000000000e85441e tail:0xd4 end:0xc0 dev:lo ------------[ cut here ]------------ kernel BUG at net/core/skbuff.c:104! invalid opcode: 0000 [FireflyTeam#1] SMP KASAN Dumping ftrace buffer: (ftrace buffer empty) Modules linked in: CPU: 1 PID: 0 Comm: swapper/1 Not tainted 4.15.0-rc2-mm1+ rockchip-linux#39 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 RIP: 0010:skb_panic+0x15c/0x1f0 net/core/skbuff.c:100 RSP: 0018:ffff8801db307508 EFLAGS: 00010286 RAX: 0000000000000082 RBX: ffff8801c517e840 RCX: 0000000000000000 RDX: 0000000000000082 RSI: 1ffff1003b660e61 RDI: ffffed003b660e95 RBP: ffff8801db307570 R08: 1ffff1003b660e23 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000000 R12: ffffffff85bd4020 R13: ffffffff84754ed2 R14: 0000000000000014 R15: ffff8801c4e26540 FS: 0000000000000000(0000) GS:ffff8801db300000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 0000000000463610 CR3: 00000001c6698000 CR4: 00000000001406e0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: <IRQ> skb_over_panic net/core/skbuff.c:109 [inline] skb_put+0x181/0x1c0 net/core/skbuff.c:1694 add_grhead.isra.24+0x42/0x3b0 net/ipv6/mcast.c:1695 add_grec+0xa55/0x1060 net/ipv6/mcast.c:1817 mld_send_cr net/ipv6/mcast.c:1903 [inline] mld_ifc_timer_expire+0x4d2/0x770 net/ipv6/mcast.c:2448 call_timer_fn+0x23b/0x840 kernel/time/timer.c:1320 expire_timers kernel/time/timer.c:1357 [inline] __run_timers+0x7e1/0xb60 kernel/time/timer.c:1660 run_timer_softirq+0x4c/0xb0 kernel/time/timer.c:1686 __do_softirq+0x29d/0xbb2 kernel/softirq.c:285 invoke_softirq kernel/softirq.c:365 [inline] irq_exit+0x1d3/0x210 kernel/softirq.c:405 exiting_irq arch/x86/include/asm/apic.h:540 [inline] smp_apic_timer_interrupt+0x16b/0x700 arch/x86/kernel/apic/apic.c:1052 apic_timer_interrupt+0xa9/0xb0 arch/x86/entry/entry_64.S:920 Signed-off-by: Eric Dumazet <edumazet@google.com> Reported-by: syzbot <syzkaller@googlegroups.com> Tested-by: Xin Long <lucien.xin@gmail.com> Signed-off-by: David S. Miller <davem@davemloft.net>

In case of TX timeout, fs_timeout() calls phy_stop(), which triggers the following BUG_ON() as we are in interrupt. [92708.199889] kernel BUG at drivers/net/phy/mdio_bus.c:482! [92708.204985] Oops: Exception in kernel mode, sig: 5 [FireflyTeam#1] [92708.210119] PREEMPT [92708.212107] CMPC885 [92708.214216] CPU: 0 PID: 3 Comm: ksoftirqd/0 Tainted: G W 4.9.61 rockchip-linux#39 [92708.223227] task: c60f0a40 task.stack: c6104000 [92708.227697] NIP: c02a84bc LR: c02a947c CTR: c02a93d8 [92708.232614] REGS: c6105c70 TRAP: 0700 Tainted: G W (4.9.61) [92708.241193] MSR: 00021032 <ME,IR,DR,RI>[92708.244818] CR: 24000822 XER: 20000000 [92708.248767] GPR00: c02a947c c6105d20 c60f0a40 c62b4c00 00000005 0000001f c069aad8 0001a688 GPR08: 00000007 00000100 c02a93d8 00000000 000005fc 00000000 c6213240 c06338e4 GPR16: 00000001 c06330d4 c0633094 00000000 c0680000 c6104000 c6104000 00000000 GPR24: 00000200 00000000 ffffffff 00000004 00000078 00009032 00000000 c62b4c00 NIP [c02a84bc] mdiobus_read+0x20/0x74 [92708.281517] LR [c02a947c] kszphy_config_intr+0xa4/0xc4 [92708.286547] Call Trace: [92708.288980] [c6105d20] [c6104000] 0xc6104000 (unreliable) [92708.294339] [c6105d40] [c02a947c] kszphy_config_intr+0xa4/0xc4 [92708.300098] [c6105d50] [c02a5330] phy_stop+0x60/0x9c [92708.305007] [c6105d60] [c02c84d0] fs_timeout+0xdc/0x110 [92708.310197] [c6105d80] [c035cd48] dev_watchdog+0x268/0x2a0 [92708.315593] [c6105db0] [c0060288] call_timer_fn+0x34/0x17c [92708.321014] [c6105dd0] [c00605f0] run_timer_softirq+0x21c/0x2e4 [92708.326887] [c6105e50] [c001e19c] __do_softirq+0xf4/0x2f4 [92708.332207] [c6105eb0] [c001e3c8] run_ksoftirqd+0x2c/0x40 [92708.337560] [c6105ec0] [c003b420] smpboot_thread_fn+0x1f0/0x258 [92708.343405] [c6105ef0] [c003745c] kthread+0xbc/0xd0 [92708.348217] [c6105f40] [c000c400] ret_from_kernel_thread+0x5c/0x64 [92708.354275] Instruction dump: [92708.357207] 7c0803a6 bbc10018 38210020 4e800020 7c0802a6 9421ffe0 54290024 bfc10018 [92708.364865] 90010024 7c7f1b78 81290008 552902ee <0f090000> 3bc3002c 7fc3f378 90810008 [92708.372711] ---[ end trace 42b05441616fafd7 ]--- This patch moves fs_timeout() actions into an async worker. Fixes: commit 48257c4 ("Add fs_enet ethernet network driver, for several embedded platforms") Signed-off-by: Christophe Leroy <christophe.leroy@c-s.fr> Signed-off-by: David S. Miller <davem@davemloft.net>

When traceSMB is enabled through 'echo 1 > /proc/fs/cifs/traceSMB', after a mount, the following oops is triggered: [ 27.137943] BUG: unable to handle kernel paging request at ffff8800f80c268b [ 27.143396] PGD 2c6b067 P4D 2c6b067 PUD 0 [ 27.145386] Oops: 0000 [FireflyTeam#1] SMP PTI [ 27.146186] CPU: 2 PID: 2655 Comm: mount.cifs Not tainted 4.17.0+ rockchip-linux#39 [ 27.147174] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.0.0-prebuilt.qemu-project.org 04/01/2014 [ 27.148969] RIP: 0010:hex_dump_to_buffer+0x413/0x4b0 [ 27.149738] Code: 48 8b 44 24 08 31 db 45 31 d2 48 89 6c 24 18 44 89 6c 24 24 48 c7 c1 78 b5 23 82 4c 89 64 24 10 44 89 d5 41 89 dc 4c 8d 58 02 <44> 0f b7 00 4d 89 dd eb 1f 83 c5 01 41 01 c4 41 39 ef 0f 84 48 fe [ 27.152396] RSP: 0018:ffffc9000058f8c0 EFLAGS: 00010246 [ 27.153129] RAX: ffff8800f80c268b RBX: 0000000000000000 RCX: ffffffff8223b578 [ 27.153867] RDX: 0000000000000000 RSI: ffffffff81a55496 RDI: 0000000000000008 [ 27.154612] RBP: 0000000000000000 R08: 0000000000000020 R09: 0000000000000083 [ 27.155355] R10: 0000000000000000 R11: ffff8800f80c268d R12: 0000000000000000 [ 27.156101] R13: 0000000000000002 R14: ffffc9000058f94d R15: 0000000000000008 [ 27.156838] FS: 00007f1693a6b740(0000) GS:ffff88007fd00000(0000) knlGS:0000000000000000 [ 27.158354] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 27.159093] CR2: ffff8800f80c268b CR3: 00000000798fa001 CR4: 0000000000360ee0 [ 27.159892] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 27.160661] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 27.161464] Call Trace: [ 27.162123] print_hex_dump+0xd3/0x160 [ 27.162814] journal-offline (2658) used greatest stack depth: 13144 bytes left [ 27.162824] ? __release_sock+0x60/0xd0 [ 27.165344] ? tcp_sendmsg+0x31/0x40 [ 27.166177] dump_smb+0x39/0x40 [ 27.166972] ? vsnprintf+0x236/0x490 [ 27.167807] __smb_send_rqst.constprop.12+0x103/0x430 [ 27.168554] ? apic_timer_interrupt+0xa/0x20 [ 27.169306] smb_send_rqst+0x48/0xc0 [ 27.169984] cifs_send_recv+0xda/0x420 [ 27.170639] SMB2_negotiate+0x23d/0xfa0 [ 27.171301] ? vsnprintf+0x236/0x490 [ 27.171961] ? smb2_negotiate+0x19/0x30 [ 27.172586] smb2_negotiate+0x19/0x30 [ 27.173257] cifs_negotiate_protocol+0x70/0xd0 [ 27.173935] ? kstrdup+0x43/0x60 [ 27.174551] cifs_get_smb_ses+0x295/0xbe0 [ 27.175260] ? lock_timer_base+0x67/0x80 [ 27.175936] ? __internal_add_timer+0x1a/0x50 [ 27.176575] ? add_timer+0x10f/0x230 [ 27.177267] cifs_mount+0x101/0x1190 [ 27.177940] ? cifs_smb3_do_mount+0x144/0x5c0 [ 27.178575] cifs_smb3_do_mount+0x144/0x5c0 [ 27.179270] mount_fs+0x35/0x150 [ 27.179930] vfs_kern_mount.part.28+0x54/0xf0 [ 27.180567] do_mount+0x5ad/0xc40 [ 27.181234] ? kmem_cache_alloc_trace+0xed/0x1a0 [ 27.181916] ksys_mount+0x80/0xd0 [ 27.182535] __x64_sys_mount+0x21/0x30 [ 27.183220] do_syscall_64+0x4e/0x100 [ 27.183882] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 27.184535] RIP: 0033:0x7f169339055a [ 27.185192] Code: 48 8b 0d 41 d9 2b 00 f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 8b 0d 0e d9 2b 00 f7 d8 64 89 01 48 [ 27.187268] RSP: 002b:00007fff7b44eb58 EFLAGS: 00000202 ORIG_RAX: 00000000000000a5 [ 27.188515] RAX: ffffffffffffffda RBX: 00007f1693a7e70e RCX: 00007f169339055a [ 27.189244] RDX: 000055b9f97f64e5 RSI: 000055b9f97f652c RDI: 00007fff7b45074f [ 27.189974] RBP: 000055b9fb8c9260 R08: 000055b9fb8ca8f0 R09: 0000000000000000 [ 27.190721] R10: 0000000000000000 R11: 0000000000000202 R12: 000055b9fb8ca8f0 [ 27.191429] R13: 0000000000000000 R14: 00007f1693a7c000 R15: 00007f1693a7e91d [ 27.192167] Modules linked in: [ 27.192797] CR2: ffff8800f80c268b [ 27.193435] ---[ end trace 67404c618badf323 ]--- The problem was that dump_smb() had been called with an invalid pointer, that is, in __smb_send_rqst(), iov[1] doesn't exist (n_vec == 1). This patch fixes it by relying on the n_vec value to dump out the smb packets. Signed-off-by: Paulo Alcantara <palcantara@suse.de> Signed-off-by: Steve French <stfrench@microsoft.com> Reviewed-by: Ronnie Sahlberg <lsahlber@redhat.com>

syzbot reported use after free that is caused by fib6_info being freed without a proper RCU grace period. CPU: 0 PID: 1407 Comm: udevd Not tainted 4.17.0+ rockchip-linux#39 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: <IRQ> __dump_stack lib/dump_stack.c:77 [inline] dump_stack+0x1b9/0x294 lib/dump_stack.c:113 print_address_description+0x6c/0x20b mm/kasan/report.c:256 kasan_report_error mm/kasan/report.c:354 [inline] kasan_report.cold.7+0x242/0x2fe mm/kasan/report.c:412 __asan_report_load8_noabort+0x14/0x20 mm/kasan/report.c:433 __read_once_size include/linux/compiler.h:188 [inline] find_rr_leaf net/ipv6/route.c:705 [inline] rt6_select net/ipv6/route.c:761 [inline] fib6_table_lookup+0x12b7/0x14d0 net/ipv6/route.c:1823 ip6_pol_route+0x1c2/0x1020 net/ipv6/route.c:1856 ip6_pol_route_output+0x54/0x70 net/ipv6/route.c:2082 fib6_rule_lookup+0x211/0x6d0 net/ipv6/fib6_rules.c:122 ip6_route_output_flags+0x2c5/0x350 net/ipv6/route.c:2110 ip6_route_output include/net/ip6_route.h:82 [inline] icmpv6_xrlim_allow net/ipv6/icmp.c:211 [inline] icmp6_send+0x147c/0x2da0 net/ipv6/icmp.c:535 icmpv6_send+0x17a/0x300 net/ipv6/ip6_icmp.c:43 ip6_link_failure+0xa5/0x790 net/ipv6/route.c:2244 dst_link_failure include/net/dst.h:427 [inline] ndisc_error_report+0xd1/0x1c0 net/ipv6/ndisc.c:695 neigh_invalidate+0x246/0x550 net/core/neighbour.c:892 neigh_timer_handler+0xaf9/0xde0 net/core/neighbour.c:978 call_timer_fn+0x230/0x940 kernel/time/timer.c:1326 expire_timers kernel/time/timer.c:1363 [inline] __run_timers+0x79e/0xc50 kernel/time/timer.c:1666 run_timer_softirq+0x4c/0x70 kernel/time/timer.c:1692 __do_softirq+0x2e0/0xaf5 kernel/softirq.c:284 invoke_softirq kernel/softirq.c:364 [inline] irq_exit+0x1d1/0x200 kernel/softirq.c:404 exiting_irq arch/x86/include/asm/apic.h:527 [inline] smp_apic_timer_interrupt+0x17e/0x710 arch/x86/kernel/apic/apic.c:1052 apic_timer_interrupt+0xf/0x20 arch/x86/entry/entry_64.S:863 </IRQ> RIP: 0010:strlen+0x5e/0xa0 lib/string.c:482 Code: 24 00 74 3b 48 bb 00 00 00 00 00 fc ff df 4c 89 e0 48 83 c0 01 48 89 c2 48 89 c1 48 c1 ea 03 83 e1 07 0f b6 14 1a 38 ca 7f 04 <84> d2 75 23 80 38 00 75 de 48 83 c4 08 4c 29 e0 5b 41 5c 5d c3 48 RSP: 0018:ffff8801af117850 EFLAGS: 00000246 ORIG_RAX: ffffffffffffff13 RAX: ffff880197f53bd0 RBX: dffffc0000000000 RCX: 0000000000000000 RDX: 0000000000000000 RSI: ffffffff81c5b06c RDI: ffff880197f53bc0 RBP: ffff8801af117868 R08: ffff88019a976540 R09: 0000000000000000 R10: ffff88019a976540 R11: 0000000000000000 R12: ffff880197f53bc0 R13: ffff880197f53bc0 R14: ffffffff899e4e90 R15: ffff8801d91c6a00 strlen include/linux/string.h:267 [inline] getname_kernel+0x24/0x370 fs/namei.c:218 open_exec+0x17/0x70 fs/exec.c:882 load_elf_binary+0x968/0x5610 fs/binfmt_elf.c:780 search_binary_handler+0x17d/0x570 fs/exec.c:1653 exec_binprm fs/exec.c:1695 [inline] __do_execve_file.isra.35+0x16fe/0x2710 fs/exec.c:1819 do_execveat_common fs/exec.c:1866 [inline] do_execve fs/exec.c:1883 [inline] __do_sys_execve fs/exec.c:1964 [inline] __se_sys_execve fs/exec.c:1959 [inline] __x64_sys_execve+0x8f/0xc0 fs/exec.c:1959 do_syscall_64+0x1b1/0x800 arch/x86/entry/common.c:290 entry_SYSCALL_64_after_hwframe+0x49/0xbe RIP: 0033:0x7f1576a46207 Code: 77 19 f4 48 89 d7 44 89 c0 0f 05 48 3d 00 f0 ff ff 76 e0 f7 d8 64 41 89 01 eb d8 f7 d8 64 41 89 01 eb df b8 3b 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 02 f3 c3 48 8b 15 00 8c 2d 00 f7 d8 64 89 02 RSP: 002b:00007ffff2784568 EFLAGS: 00000202 ORIG_RAX: 000000000000003b RAX: ffffffffffffffda RBX: 00000000ffffffff RCX: 00007f1576a46207 RDX: 0000000001215b10 RSI: 00007ffff2784660 RDI: 00007ffff2785670 RBP: 0000000000625500 R08: 000000000000589c R09: 000000000000589c R10: 0000000000000000 R11: 0000000000000202 R12: 0000000001215b10 R13: 0000000000000007 R14: 0000000001204250 R15: 0000000000000005 Allocated by task 12188: save_stack+0x43/0xd0 mm/kasan/kasan.c:448 set_track mm/kasan/kasan.c:460 [inline] kasan_kmalloc+0xc4/0xe0 mm/kasan/kasan.c:553 kmem_cache_alloc_trace+0x152/0x780 mm/slab.c:3620 kmalloc include/linux/slab.h:513 [inline] kzalloc include/linux/slab.h:706 [inline] fib6_info_alloc+0xbb/0x280 net/ipv6/ip6_fib.c:152 ip6_route_info_create+0x782/0x2b50 net/ipv6/route.c:3013 ip6_route_add+0x23/0xb0 net/ipv6/route.c:3154 ipv6_route_ioctl+0x5a5/0x760 net/ipv6/route.c:3660 inet6_ioctl+0x100/0x1f0 net/ipv6/af_inet6.c:546 sock_do_ioctl+0xe4/0x3e0 net/socket.c:973 sock_ioctl+0x30d/0x680 net/socket.c:1097 vfs_ioctl fs/ioctl.c:46 [inline] file_ioctl fs/ioctl.c:500 [inline] do_vfs_ioctl+0x1cf/0x16f0 fs/ioctl.c:684 ksys_ioctl+0xa9/0xd0 fs/ioctl.c:701 __do_sys_ioctl fs/ioctl.c:708 [inline] __se_sys_ioctl fs/ioctl.c:706 [inline] __x64_sys_ioctl+0x73/0xb0 fs/ioctl.c:706 do_syscall_64+0x1b1/0x800 arch/x86/entry/common.c:290 entry_SYSCALL_64_after_hwframe+0x49/0xbe Freed by task 1402: save_stack+0x43/0xd0 mm/kasan/kasan.c:448 set_track mm/kasan/kasan.c:460 [inline] __kasan_slab_free+0x11a/0x170 mm/kasan/kasan.c:521 kasan_slab_free+0xe/0x10 mm/kasan/kasan.c:528 __cache_free mm/slab.c:3498 [inline] kfree+0xd9/0x260 mm/slab.c:3813 fib6_info_destroy+0x29b/0x350 net/ipv6/ip6_fib.c:207 fib6_info_release include/net/ip6_fib.h:286 [inline] __ip6_del_rt_siblings net/ipv6/route.c:3235 [inline] ip6_route_del+0x11c4/0x13b0 net/ipv6/route.c:3316 ipv6_route_ioctl+0x616/0x760 net/ipv6/route.c:3663 inet6_ioctl+0x100/0x1f0 net/ipv6/af_inet6.c:546 sock_do_ioctl+0xe4/0x3e0 net/socket.c:973 sock_ioctl+0x30d/0x680 net/socket.c:1097 vfs_ioctl fs/ioctl.c:46 [inline] file_ioctl fs/ioctl.c:500 [inline] do_vfs_ioctl+0x1cf/0x16f0 fs/ioctl.c:684 ksys_ioctl+0xa9/0xd0 fs/ioctl.c:701 __do_sys_ioctl fs/ioctl.c:708 [inline] __se_sys_ioctl fs/ioctl.c:706 [inline] __x64_sys_ioctl+0x73/0xb0 fs/ioctl.c:706 do_syscall_64+0x1b1/0x800 arch/x86/entry/common.c:290 entry_SYSCALL_64_after_hwframe+0x49/0xbe The buggy address belongs to the object at ffff8801b5df2580 which belongs to the cache kmalloc-256 of size 256 The buggy address is located 8 bytes inside of 256-byte region [ffff8801b5df2580, ffff8801b5df2680) The buggy address belongs to the page: page:ffffea0006d77c80 count:1 mapcount:0 mapping:ffff8801da8007c0 index:0xffff8801b5df2e40 flags: 0x2fffc0000000100(slab) raw: 02fffc0000000100 ffffea0006c5cc48 ffffea0007363308 ffff8801da8007c0 raw: ffff8801b5df2e40 ffff8801b5df2080 0000000100000006 0000000000000000 page dumped because: kasan: bad access detected Memory state around the buggy address: ffff8801b5df2480: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb ffff8801b5df2500: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc > ffff8801b5df2580: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb ^ ffff8801b5df2600: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb ffff8801b5df2680: fc fc fc fc fc fc fc fc fb fb fb fb fb fb fb fb Fixes: a64efe1 ("net/ipv6: introduce fib6_info struct and helpers") Signed-off-by: Eric Dumazet <edumazet@google.com> Cc: David Ahern <dsahern@gmail.com> Reported-by: syzbot+9e6d75e3edef427ee888@syzkaller.appspotmail.com Acked-by: David Ahern <dsahern@gmail.com> Tested-by: David Ahern <dsahern@gmail.com> Signed-off-by: David S. Miller <davem@davemloft.net>

…rq() lan78xx_status() will run with interrupts enabled due to the change in ed194d1 ("usb: core: remove local_irq_save() around ->complete() handler"). generic_handle_irq() expects to be run with IRQs disabled. [ 4.886203] 000: irq 79 handler irq_default_primary_handler+0x0/0x8 enabled interrupts [ 4.886243] 000: WARNING: CPU: 0 PID: 0 at kernel/irq/handle.c:152 __handle_irq_event_percpu+0x154/0x168 [ 4.896294] 000: Modules linked in: [ 4.896301] 000: CPU: 0 PID: 0 Comm: swapper/0 Not tainted 5.3.6 rockchip-linux#39 [ 4.896310] 000: Hardware name: Raspberry Pi 3 Model B+ (DT) [ 4.896315] 000: pstate: 60000005 (nZCv daif -PAN -UAO) [ 4.896321] 000: pc : __handle_irq_event_percpu+0x154/0x168 [ 4.896331] 000: lr : __handle_irq_event_percpu+0x154/0x168 [ 4.896339] 000: sp : ffff000010003cc0 [ 4.896346] 000: x29: ffff000010003cc0 x28: 0000000000000060 [ 4.896355] 000: x27: ffff000011021980 x26: ffff00001189c72b [ 4.896364] 000: x25: ffff000011702bc0 x24: ffff800036d6e400 [ 4.896373] 000: x23: 000000000000004f x22: ffff000010003d64 [ 4.896381] 000: x21: 0000000000000000 x20: 0000000000000002 [ 4.896390] 000: x19: ffff8000371c8480 x18: 0000000000000060 [ 4.896398] 000: x17: 0000000000000000 x16: 00000000000000eb [ 4.896406] 000: x15: ffff000011712d18 x14: 7265746e69206465 [ 4.896414] 000: x13: ffff000010003ba0 x12: ffff000011712df0 [ 4.896422] 000: x11: 0000000000000001 x10: ffff000011712e08 [ 4.896430] 000: x9 : 0000000000000001 x8 : 000000000003c920 [ 4.896437] 000: x7 : ffff0000118cc410 x6 : ffff0000118c7f00 [ 4.896445] 000: x5 : 000000000003c920 x4 : 0000000000004510 [ 4.896453] 000: x3 : ffff000011712dc8 x2 : 0000000000000000 [ 4.896461] 000: x1 : 73a3f67df94c1500 x0 : 0000000000000000 [ 4.896466] 000: Call trace: [ 4.896471] 000: __handle_irq_event_percpu+0x154/0x168 [ 4.896481] 000: handle_irq_event_percpu+0x50/0xb0 [ 4.896489] 000: handle_irq_event+0x40/0x98 [ 4.896497] 000: handle_simple_irq+0xa4/0xf0 [ 4.896505] 000: generic_handle_irq+0x24/0x38 [ 4.896513] 000: intr_complete+0xb0/0xe0 [ 4.896525] 000: __usb_hcd_giveback_urb+0x58/0xd8 [ 4.896533] 000: usb_giveback_urb_bh+0xd0/0x170 [ 4.896539] 000: tasklet_action_common.isra.0+0x9c/0x128 [ 4.896549] 000: tasklet_hi_action+0x24/0x30 [ 4.896556] 000: __do_softirq+0x120/0x23c [ 4.896564] 000: irq_exit+0xb8/0xd8 [ 4.896571] 000: __handle_domain_irq+0x64/0xb8 [ 4.896579] 000: bcm2836_arm_irqchip_handle_irq+0x60/0xc0 [ 4.896586] 000: el1_irq+0xb8/0x140 [ 4.896592] 000: arch_cpu_idle+0x10/0x18 [ 4.896601] 000: do_idle+0x200/0x280 [ 4.896608] 000: cpu_startup_entry+0x20/0x28 [ 4.896615] 000: rest_init+0xb4/0xc0 [ 4.896623] 000: arch_call_rest_init+0xc/0x14 [ 4.896632] 000: start_kernel+0x454/0x480 Fixes: ed194d1 ("usb: core: remove local_irq_save() around ->complete() handler") Cc: Woojung Huh <woojung.huh@microchip.com> Cc: Marc Zyngier <maz@kernel.org> Cc: Andrew Lunn <andrew@lunn.ch> Cc: Stefan Wahren <wahrenst@gmx.net> Cc: Jisheng Zhang <Jisheng.Zhang@synaptics.com> Cc: Sebastian Andrzej Siewior <bigeasy@linutronix.de> Cc: Thomas Gleixner <tglx@linutronix.de> Cc: David Miller <davem@davemloft.net> Signed-off-by: Daniel Wagner <dwagner@suse.de> Tested-by: Stefan Wahren <wahrenst@gmx.net> Signed-off-by: David S. Miller <davem@davemloft.net>

ydirson · 2020-06-17T15:39:13Z

FWIW, I start getting this error when migrating a yocto build from sumo to warrior, without changing kernel and with minimal meta-rockchip changes.

ydirson · 2020-06-17T16:59:14Z

In my case, if I use the exact same glmark2 version from sumo in my warrior build, use ltrace -S on glmark2-es2 and compare the results, what stands out is:

-eglInitialize(0x24b4680, 0x7ffc284788, 0x7ffc28478c, 0xffffffff <unfinished ...>
+eglInitialize(0x5598e03e50, 0x7fe7bc2c00, 0x7fe7bc2c04, 0xffffffff <unfinished ...>
...
-openat@SYS(AT_FDCWD, "/dev/dri/card0", 0x2, 00)                                                                       = 8
...
-<... eglInitialize resumed> )                                                                                         = 1
...
+openat@SYS(AT_FDCWD, "", 0x2, 00)                                                                                     = -2
+<... eglInitialize resumed> )                                                                                         = 0
+eglGetError(0, 0, 0x5598e03e68, 0)                                                                                    = 0x3001

For some reason libMali tries to open the driver with an empty string!

[ Upstream commit 3b70683 ] ubsan report this warning, fix it by adding a unsigned suffix. UBSAN: signed-integer-overflow in drivers/net/ethernet/intel/ixgbe/ixgbe_common.c:2246:26 65535 * 65537 cannot be represented in type 'int' CPU: 21 PID: 7 Comm: kworker/u256:0 Not tainted 5.7.0-rc3-debug+ rockchip-linux#39 Hardware name: Huawei TaiShan 2280 V2/BC82AMDC, BIOS 2280-V2 03/27/2020 Workqueue: ixgbe ixgbe_service_task [ixgbe] Call trace: dump_backtrace+0x0/0x3f0 show_stack+0x28/0x38 dump_stack+0x154/0x1e4 ubsan_epilogue+0x18/0x60 handle_overflow+0xf8/0x148 __ubsan_handle_mul_overflow+0x34/0x48 ixgbe_fc_enable_generic+0x4d0/0x590 [ixgbe] ixgbe_service_task+0xc20/0x1f78 [ixgbe] process_one_work+0x8f0/0xf18 worker_thread+0x430/0x6d0 kthread+0x218/0x238 ret_from_fork+0x10/0x18 Reported-by: Hulk Robot <hulkci@huawei.com> Signed-off-by: Xie XiuQi <xiexiuqi@huawei.com> Tested-by: Andrew Bowers <andrewx.bowers@intel.com> Signed-off-by: Jeff Kirsher <jeffrey.t.kirsher@intel.com> Signed-off-by: Sasha Levin <sashal@kernel.org>

[ Upstream commit 4f49206 ] The following warning is displayed when the tcp6-multi-diffip11 stress test case of the LTP test suite is tested: watchdog: BUG: soft lockup - CPU#0 stuck for 22s! [ns-tcpserver:48198] CPU: 0 PID: 48198 Comm: ns-tcpserver Kdump: loaded Not tainted 6.0.0-rc6+ rockchip-linux#39 Hardware name: QEMU KVM Virtual Machine, BIOS 0.0.0 02/06/2015 pstate: 80400005 (Nzcv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--) pc : des3_ede_encrypt+0x27c/0x460 [libdes] lr : 0x3f sp : ffff80000ceaa1b0 x29: ffff80000ceaa1b0 x28: ffff0000df056100 x27: ffff0000e51e5280 x26: ffff80004df75030 x25: ffff0000e51e4600 x24: 000000000000003b x23: 0000000000802080 x22: 000000000000003d x21: 0000000000000038 x20: 0000000080000020 x19: 000000000000000a x18: 0000000000000033 x17: ffff0000e51e4780 x16: ffff80004e2d1448 x15: ffff80004e2d1248 x14: ffff0000e51e4680 x13: ffff80004e2d1348 x12: ffff80004e2d1548 x11: ffff80004e2d1848 x10: ffff80004e2d1648 x9 : ffff80004e2d1748 x8 : ffff80004e2d1948 x7 : 000000000bcaf83d x6 : 000000000000001b x5 : ffff80004e2d1048 x4 : 00000000761bf3bf x3 : 000000007f1dd0a3 x2 : ffff0000e51e4780 x1 : ffff0000e3b9a2f8 x0 : 00000000db44e872 Call trace: des3_ede_encrypt+0x27c/0x460 [libdes] crypto_des3_ede_encrypt+0x1c/0x30 [des_generic] crypto_cbc_encrypt+0x148/0x190 crypto_skcipher_encrypt+0x2c/0x40 crypto_authenc_encrypt+0xc8/0xfc [authenc] crypto_aead_encrypt+0x2c/0x40 echainiv_encrypt+0x144/0x1a0 [echainiv] crypto_aead_encrypt+0x2c/0x40 esp6_output_tail+0x1c8/0x5d0 [esp6] esp6_output+0x120/0x278 [esp6] xfrm_output_one+0x458/0x4ec xfrm_output_resume+0x6c/0x1f0 xfrm_output+0xac/0x4ac __xfrm6_output+0x130/0x270 xfrm6_output+0x60/0xec ip6_xmit+0x2ec/0x5bc inet6_csk_xmit+0xbc/0x10c __tcp_transmit_skb+0x460/0x8c0 tcp_write_xmit+0x348/0x890 __tcp_push_pending_frames+0x44/0x110 tcp_rcv_established+0x3c8/0x720 tcp_v6_do_rcv+0xdc/0x4a0 tcp_v6_rcv+0xc24/0xcb0 ip6_protocol_deliver_rcu+0xf0/0x574 ip6_input_finish+0x48/0x7c ip6_input+0x48/0xc0 ip6_rcv_finish+0x80/0x9c xfrm_trans_reinject+0xb0/0xf4 tasklet_action_common.constprop.0+0xf8/0x134 tasklet_action+0x30/0x3c __do_softirq+0x128/0x368 do_softirq+0xb4/0xc0 __local_bh_enable_ip+0xb0/0xb4 put_cpu_fpsimd_context+0x40/0x70 kernel_neon_end+0x20/0x40 sha1_base_do_update.constprop.0.isra.0+0x11c/0x140 [sha1_ce] sha1_ce_finup+0x94/0x110 [sha1_ce] crypto_shash_finup+0x34/0xc0 hmac_finup+0x48/0xe0 crypto_shash_finup+0x34/0xc0 shash_digest_unaligned+0x74/0x90 crypto_shash_digest+0x4c/0x9c shash_ahash_digest+0xc8/0xf0 shash_async_digest+0x28/0x34 crypto_ahash_digest+0x48/0xcc crypto_authenc_genicv+0x88/0xcc [authenc] crypto_authenc_encrypt+0xd8/0xfc [authenc] crypto_aead_encrypt+0x2c/0x40 echainiv_encrypt+0x144/0x1a0 [echainiv] crypto_aead_encrypt+0x2c/0x40 esp6_output_tail+0x1c8/0x5d0 [esp6] esp6_output+0x120/0x278 [esp6] xfrm_output_one+0x458/0x4ec xfrm_output_resume+0x6c/0x1f0 xfrm_output+0xac/0x4ac __xfrm6_output+0x130/0x270 xfrm6_output+0x60/0xec ip6_xmit+0x2ec/0x5bc inet6_csk_xmit+0xbc/0x10c __tcp_transmit_skb+0x460/0x8c0 tcp_write_xmit+0x348/0x890 __tcp_push_pending_frames+0x44/0x110 tcp_push+0xb4/0x14c tcp_sendmsg_locked+0x71c/0xb64 tcp_sendmsg+0x40/0x6c inet6_sendmsg+0x4c/0x80 sock_sendmsg+0x5c/0x6c __sys_sendto+0x128/0x15c __arm64_sys_sendto+0x30/0x40 invoke_syscall+0x50/0x120 el0_svc_common.constprop.0+0x170/0x194 do_el0_svc+0x38/0x4c el0_svc+0x28/0xe0 el0t_64_sync_handler+0xbc/0x13c el0t_64_sync+0x180/0x184 Get softirq info by bcc tool: ./softirqs -NT 10 Tracing soft irq event time... Hit Ctrl-C to end. 15:34:34 SOFTIRQ TOTAL_nsecs block 158990 timer 20030920 sched 46577080 net_rx 676746820 tasklet 9906067650 15:34:45 SOFTIRQ TOTAL_nsecs block 86100 sched 38849790 net_rx 676532470 timer 1163848790 tasklet 9409019620 15:34:55 SOFTIRQ TOTAL_nsecs sched 58078450 net_rx 475156720 timer 533832410 tasklet 9431333300 The tasklet software interrupt takes too much time. Therefore, the xfrm_trans_reinject executor is changed from tasklet to workqueue. Add add spin lock to protect the queue. This reduces the processing flow of the tcp_sendmsg function in this scenario. Fixes: acf568e ("xfrm: Reinject transport-mode packets through tasklet") Signed-off-by: Liu Jian <liujian56@huawei.com> Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com> Signed-off-by: Sasha Levin <sashal@kernel.org>

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Mali driver fails to initialize #39

Mali driver fails to initialize #39

teseo-sw commented Oct 16, 2017 •

edited

wzyy2 commented Oct 16, 2017 •

edited

wzyy2 commented Oct 16, 2017 •

edited

teseo-sw commented Oct 26, 2017

wzyy2 commented Oct 26, 2017

teseo-sw commented Oct 26, 2017

teseo-sw commented Nov 3, 2017

teseo-sw commented Nov 3, 2017

alandingbc commented May 31, 2018

ydirson commented Jun 17, 2020

ydirson commented Jun 17, 2020

Mali driver fails to initialize #39

Mali driver fails to initialize #39

Comments

teseo-sw commented Oct 16, 2017 • edited

wzyy2 commented Oct 16, 2017 • edited

wzyy2 commented Oct 16, 2017 • edited

teseo-sw commented Oct 26, 2017

wzyy2 commented Oct 26, 2017

teseo-sw commented Oct 26, 2017

teseo-sw commented Nov 3, 2017

teseo-sw commented Nov 3, 2017

alandingbc commented May 31, 2018

ydirson commented Jun 17, 2020

ydirson commented Jun 17, 2020

teseo-sw commented Oct 16, 2017 •

edited

wzyy2 commented Oct 16, 2017 •

edited

wzyy2 commented Oct 16, 2017 •

edited