[Please ignore this if it is already reported] The following kernel crash "Internal error: Oops:" found while booting the arm64 Dragonboard 845c device.
Our bisect scripts are still running to bisect the first bad commit. However, I would like to report on suspecting sub-systems patch set
On Thu, 5 Aug 2021 at 15:48, Hans Verkuil hverkuil@xs4all.nl wrote:
Robert Foss (4): media: camss: vfe: Don't read hardware version needlessly media: camss: vfe: Decrease priority of of VFE HW version to 'dbg' media: camss: vfe: Remove vfe_hw_version_read() argument media: camss: vfe: Rework vfe_hw_version_read() function definition
[ 8.296907] Unable to handle kernel NULL pointer dereference at virtual address 0000000000000000 [ 8.305943] Mem abort info: [ 8.307150] Bluetooth: Core ver 2.22 [ 8.308784] ESR = 0x96000004 [ 8.308787] EC = 0x25: DABT (current EL), IL = 32 bits [ 8.308790] SET = 0, FnV = 0 [ 8.308792] EA = 0, S1PTW = 0 [ 8.308794] FSC = 0x04: level 0 translation fault [ 8.308796] Data abort info: [ 8.308798] ISV = 0, ISS = 0x00000004 [ 8.313982] NET: Registered PF_BLUETOOTH protocol family [ 8.315502] CM = 0, WnR = 0 [ 8.320889] Bluetooth: HCI device and connection manager initialized [ 8.323948] user pgtable: 4k pages, 48-bit VAs, pgdp=0000000107162000 [ 8.323952] [0000000000000000] pgd=0000000000000000, p4d=0000000000000000 [ 8.323959] Internal error: Oops: 96000004 [#1] PREEMPT SMP [ 8.323963] Modules linked in: gpu_sched(+) bluetooth(+) reset_qcom_pdc drm_kms_helper i2c_qcom_geni(+) qcom_camss spi_geni_qcom videobuf2_dma_sg venus_core v4l2_fwnode v4l2_async v4l2_mem2mem [ 8.327174] Bluetooth: HCI socket layer initialized [ 8.332068] videobuf2_memops videobuf2_v4l2 camcc_sdm845 videobuf2_common qcom_rng i2c_qcom_cci ath10k_snoc ath10k_core xhci_pci ath qcom_q6v5_mss qrtr xhci_pci_renesas mac80211 qcom_q6v5_pas ns qcom_pil_info qcom_q6v5 slim_qcom_ngd_ctrl pdr_interface qcom_sysmon cfg80211 qcom_common display_connector qcom_glink_smem icc_osm_l3 rfkill slimbus qcom_wdt qmi_helpers mdt_loader socinfo drm rmtfs_mem fuse [ 8.332103] CPU: 6 PID: 9 Comm: kworker/u16:1 Not tainted 5.14.0-rc5-next-20210809 #1 [ 8.332107] Hardware name: Thundercomm Dragonboard 845c (DT) [ 8.332109] Workqueue: events_unbound deferred_probe_work_func [ 8.332120] pstate: 60400005 (nZCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--) [ 8.335040] Bluetooth: L2CAP socket layer initialized [ 8.337046] i2c 10-003b: Fixing up cyclic dependency with hdmi-out [ 8.342391] pc : vfe_hw_version+0x20/0x80 [qcom_camss] [ 8.342405] lr : msm_vfe_subdev_init+0x8c/0x4d0 [qcom_camss] [ 8.342415] sp : ffff80001009ba20 [ 8.342416] x29: ffff80001009ba20 x28: ffff330f84ea6000 x27: 0000000000000004 [ 8.347824] Bluetooth: SCO socket layer initialized [ 8.350763] [ 8.350764] x26: 0000000000000003 x25: ffff330f8ea00080 x24: 0000000000000000 [ 8.350767] x23: ffff330f84ea6000 x22: ffff330f80f5b010 x21: ffffd62954d86828 [ 8.350770] x20: ffff330f80f5b000 x19: 0000000000000000 x18: 0000000000000000 [ 8.350773] x17: 0000000000000000 x16: ffffd6298befc0e0 x15: 0000000000000000 [ 8.350776] x14: 0000000000000000 x13: 7367616c665f746e x12: 69617274736e6f63 [ 8.350779] x11: ffff330f80400000 x10: 0000000000000000 x9 : ffffd62954d811b0 [ 8.350782] x8 : 0101010101010101 x7 : ffffd62954d7d814 x6 : ffffd62954d80f80 [ 8.350785] x5 : ffff330f8ea03080 x4 : ffff330f8ea03640 x3 : ffffd62954d7d720 [ 8.557091] x2 : 0000000000000003 x1 : ffffd62954d7dae0 x0 : ffff330f8ea00080 [ 8.564282] Call trace: [ 8.566749] vfe_hw_version+0x20/0x80 [qcom_camss] [ 8.571599] msm_vfe_subdev_init+0x8c/0x4d0 [qcom_camss] [ 8.576956] camss_probe+0x358/0xd60 [qcom_camss] [ 8.581710] platform_probe+0x74/0xf0 [ 8.585400] really_probe+0xc4/0x470 [ 8.589003] __driver_probe_device+0x11c/0x190 [ 8.593477] driver_probe_device+0x48/0x110 [ 8.597694] __device_attach_driver+0xa4/0x140 [ 8.602173] bus_for_each_drv+0x84/0xe0 [ 8.606038] __device_attach+0xe4/0x1c0 [ 8.609904] device_initial_probe+0x20/0x30 [ 8.614118] bus_probe_device+0xa4/0xb0 [ 8.617979] deferred_probe_work_func+0xa8/0xfc [ 8.622543] process_one_work+0x1dc/0x4a0 [ 8.626587] worker_thread+0x144/0x470 [ 8.630364] kthread+0x144/0x160 [ 8.633617] ret_from_fork+0x10/0x20 [ 8.637227] Code: a9be7bfd 910003fd f9000bf3 f9400813 (b9400273) [ 8.643362] ---[ end trace 37b6accc93773476 ]---
full test log: https://qa-reports.linaro.org/lkft/linux-next-master/build/next-20210809/tes...
Reported-by: Linux Kernel Functional Testing lkft@linaro.org
steps to reproduce: # It is always reproducible # Boot arm64 Dragonboard 845c board with built kernel Image # While booting the device you will notice this crash log
metadata: git branch: master git repo: https://gitlab.com/Linaro/lkft/mirrors/next/linux-next git commit: da454ebf578f6c542ba9f5b3ddb98db3ede109c1 git describe: next-20210809 make_kernelversion: 5.14.0-rc5 kernel-config: https://builds.tuxbuild.com/1wURGIfgNW0xkrl16wDktoeATBp/config vmlinux: https://builds.tuxbuild.com/1wURGIfgNW0xkrl16wDktoeATBp/vmlinux.xz System.map: https://builds.tuxbuild.com/1wURGIfgNW0xkrl16wDktoeATBp/System.map Image: https://builds.tuxbuild.com/1wURGIfgNW0xkrl16wDktoeATBp/Image.gz gcc: gcc-11
-- Linaro LKFT https://lkft.linaro.org
Hey Naresh,
Thanks for reporting this.
On Tue, 10 Aug 2021 at 11:45, Naresh Kamboju naresh.kamboju@linaro.org wrote:
[Please ignore this if it is already reported] The following kernel crash "Internal error: Oops:" found while booting the arm64 Dragonboard 845c device.
Our bisect scripts are still running to bisect the first bad commit. However, I would like to report on suspecting sub-systems patch set
On Thu, 5 Aug 2021 at 15:48, Hans Verkuil hverkuil@xs4all.nl wrote:
Robert Foss (4): media: camss: vfe: Don't read hardware version needlessly media: camss: vfe: Decrease priority of of VFE HW version to 'dbg' media: camss: vfe: Remove vfe_hw_version_read() argument media: camss: vfe: Rework vfe_hw_version_read() function definition
[ 8.296907] Unable to handle kernel NULL pointer dereference at virtual address 0000000000000000 [ 8.305943] Mem abort info: [ 8.307150] Bluetooth: Core ver 2.22 [ 8.308784] ESR = 0x96000004 [ 8.308787] EC = 0x25: DABT (current EL), IL = 32 bits [ 8.308790] SET = 0, FnV = 0 [ 8.308792] EA = 0, S1PTW = 0 [ 8.308794] FSC = 0x04: level 0 translation fault [ 8.308796] Data abort info: [ 8.308798] ISV = 0, ISS = 0x00000004 [ 8.313982] NET: Registered PF_BLUETOOTH protocol family [ 8.315502] CM = 0, WnR = 0 [ 8.320889] Bluetooth: HCI device and connection manager initialized [ 8.323948] user pgtable: 4k pages, 48-bit VAs, pgdp=0000000107162000 [ 8.323952] [0000000000000000] pgd=0000000000000000, p4d=0000000000000000 [ 8.323959] Internal error: Oops: 96000004 [#1] PREEMPT SMP [ 8.323963] Modules linked in: gpu_sched(+) bluetooth(+) reset_qcom_pdc drm_kms_helper i2c_qcom_geni(+) qcom_camss spi_geni_qcom videobuf2_dma_sg venus_core v4l2_fwnode v4l2_async v4l2_mem2mem [ 8.327174] Bluetooth: HCI socket layer initialized [ 8.332068] videobuf2_memops videobuf2_v4l2 camcc_sdm845 videobuf2_common qcom_rng i2c_qcom_cci ath10k_snoc ath10k_core xhci_pci ath qcom_q6v5_mss qrtr xhci_pci_renesas mac80211 qcom_q6v5_pas ns qcom_pil_info qcom_q6v5 slim_qcom_ngd_ctrl pdr_interface qcom_sysmon cfg80211 qcom_common display_connector qcom_glink_smem icc_osm_l3 rfkill slimbus qcom_wdt qmi_helpers mdt_loader socinfo drm rmtfs_mem fuse [ 8.332103] CPU: 6 PID: 9 Comm: kworker/u16:1 Not tainted 5.14.0-rc5-next-20210809 #1 [ 8.332107] Hardware name: Thundercomm Dragonboard 845c (DT) [ 8.332109] Workqueue: events_unbound deferred_probe_work_func [ 8.332120] pstate: 60400005 (nZCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--) [ 8.335040] Bluetooth: L2CAP socket layer initialized [ 8.337046] i2c 10-003b: Fixing up cyclic dependency with hdmi-out [ 8.342391] pc : vfe_hw_version+0x20/0x80 [qcom_camss] [ 8.342405] lr : msm_vfe_subdev_init+0x8c/0x4d0 [qcom_camss] [ 8.342415] sp : ffff80001009ba20 [ 8.342416] x29: ffff80001009ba20 x28: ffff330f84ea6000 x27: 0000000000000004 [ 8.347824] Bluetooth: SCO socket layer initialized [ 8.350763] [ 8.350764] x26: 0000000000000003 x25: ffff330f8ea00080 x24: 0000000000000000 [ 8.350767] x23: ffff330f84ea6000 x22: ffff330f80f5b010 x21: ffffd62954d86828 [ 8.350770] x20: ffff330f80f5b000 x19: 0000000000000000 x18: 0000000000000000 [ 8.350773] x17: 0000000000000000 x16: ffffd6298befc0e0 x15: 0000000000000000 [ 8.350776] x14: 0000000000000000 x13: 7367616c665f746e x12: 69617274736e6f63 [ 8.350779] x11: ffff330f80400000 x10: 0000000000000000 x9 : ffffd62954d811b0 [ 8.350782] x8 : 0101010101010101 x7 : ffffd62954d7d814 x6 : ffffd62954d80f80 [ 8.350785] x5 : ffff330f8ea03080 x4 : ffff330f8ea03640 x3 : ffffd62954d7d720 [ 8.557091] x2 : 0000000000000003 x1 : ffffd62954d7dae0 x0 : ffff330f8ea00080 [ 8.564282] Call trace: [ 8.566749] vfe_hw_version+0x20/0x80 [qcom_camss] [ 8.571599] msm_vfe_subdev_init+0x8c/0x4d0 [qcom_camss] [ 8.576956] camss_probe+0x358/0xd60 [qcom_camss] [ 8.581710] platform_probe+0x74/0xf0 [ 8.585400] really_probe+0xc4/0x470 [ 8.589003] __driver_probe_device+0x11c/0x190 [ 8.593477] driver_probe_device+0x48/0x110 [ 8.597694] __device_attach_driver+0xa4/0x140 [ 8.602173] bus_for_each_drv+0x84/0xe0 [ 8.606038] __device_attach+0xe4/0x1c0 [ 8.609904] device_initial_probe+0x20/0x30 [ 8.614118] bus_probe_device+0xa4/0xb0 [ 8.617979] deferred_probe_work_func+0xa8/0xfc [ 8.622543] process_one_work+0x1dc/0x4a0 [ 8.626587] worker_thread+0x144/0x470 [ 8.630364] kthread+0x144/0x160 [ 8.633617] ret_from_fork+0x10/0x20 [ 8.637227] Code: a9be7bfd 910003fd f9000bf3 f9400813 (b9400273) [ 8.643362] ---[ end trace 37b6accc93773476 ]---
full test log: https://qa-reports.linaro.org/lkft/linux-next-master/build/next-20210809/tes...
Reported-by: Linux Kernel Functional Testing lkft@linaro.org
steps to reproduce: # It is always reproducible # Boot arm64 Dragonboard 845c board with built kernel Image # While booting the device you will notice this crash log
metadata: git branch: master git repo: https://gitlab.com/Linaro/lkft/mirrors/next/linux-next git commit: da454ebf578f6c542ba9f5b3ddb98db3ede109c1 git describe: next-20210809 make_kernelversion: 5.14.0-rc5 kernel-config: https://builds.tuxbuild.com/1wURGIfgNW0xkrl16wDktoeATBp/config vmlinux: https://builds.tuxbuild.com/1wURGIfgNW0xkrl16wDktoeATBp/vmlinux.xz System.map: https://builds.tuxbuild.com/1wURGIfgNW0xkrl16wDktoeATBp/System.map Image: https://builds.tuxbuild.com/1wURGIfgNW0xkrl16wDktoeATBp/Image.gz gcc: gcc-11
Having a look at this issue, I've traced the issue to the vfe->ops->hw_version(vfe) call happening before vfe->base is assigned.
I'll submit a patch fixing this issue shortly.
Rob.