lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-ID: <596D839C.2030907@gmail.com>
Date:   Mon, 17 Jul 2017 20:42:20 -0700
From:   Frank Rowand <frowand.list@...il.com>
To:     Kiran Gunda <kgunda@...eaurora.org>,
        Abhijeet Dharmapurikar <adharmap@...eaurora.org>
Cc:     Greg Kroah-Hartman <gregkh@...uxfoundation.org>,
        Christophe JAILLET <christophe.jaillet@...adoo.fr>,
        "linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>,
        Timur Tabi <timur@...eaurora.org>,
        linux-arm-msm <linux-arm-msm@...r.kernel.org>,
        adharmap@...cinc.com, aghayal@....qualcomm.com
Subject: panic, bisect to commit 7f1d4e58dabb "spmi: pmic-arb: optimize table
 lookups"

Hi Abhijeet,

My qcom-apq8074-dragonboard panics on boot on v4.13-rc1.

I bisected the problem to commit 7f1d4e58dabb, "spmi: pmic-arb:
optimize table lookups".

The panic occurs at the top of pmic_arb_ppid_to_apid_v1(), due
to pa->ppid_to_apid being null.

A little more information that might help you narrow down
the root cause -- pa->ppid is not initialized to non-null
in spmi_pmic_arb_probe() because the device is version 1.
I didn't chase the cause any further.

The configuration is  qcom_defconfig, plus the following
changes:

 HWSPINLOCK n -> y
 OF_OVERLAY n -> y
 OF_UNITTEST n -> y
 QCOM_COINCELL n -> y
 REGULATOR_QCOM_SPMI n -> y
+HWSPINLOCK_QCOM y
+OF_DYNAMIC y
+OF_RESOLVE y
+QCOM_ADSP_PIL n
+QCOM_CLK_SMD_RPM n
+QCOM_Q6V5_PIL n
+QCOM_SMD_RPM y
+QCOM_SMEM y
+QCOM_SMP2P n
+QCOM_SMSM n
+QCOM_WCNSS_CTRL n
+QCOM_WCNSS_PIL n
+REGULATOR_QCOM_SMD_RPM y
+RPMSG y
+RPMSG_CHAR n
+RPMSG_QCOM_SMD y


The panic message is:

spmi spmi-0: PMIC arbiter version v1 (0x20000002)
Unable to handle kernel NULL pointer dereference at virtual address 00000940
pgd = c0204000
[00000940] *pgd=00000000
Internal error: Oops: 5 [#1] PREEMPT SMP ARM
Modules linked in:
CPU: 0 PID: 1 Comm: swapper/0 Not tainted 4.13.0-rc1-dirty #1
Hardware name: Generic DT based system
task: ee8a0000 task.stack: ee89c000
PC is at pmic_arb_ppid_to_apid_v1+0x20/0xd8
LR is at qpnpint_irq_domain_dt_translate+0xac/0x19c
pc : [<c0730498>]    lr : [<c07301e8>]    psr: 80000013
sp : ee89da80  ip : c0730478  fp : ee89dab6
r10: 00000004  r9 : 00000940  r8 : ee834010
r7 : c0eaa748  r6 : c2514ec0  r5 : 000004a0  r4 : ee8331a8
r3 : ee89dab6  r2 : 00000000  r1 : 00000400  r0 : ee8331a8
Flags: Nzcv  IRQs on  FIQs on  Mode SVC_32  ISA ARM  Segment none
Control: 10c5787d  Table: 0020406a  DAC: 00000051
Process swapper/0 (pid: 1, stack limit = 0xee89c210)
Stack: (0xee89da80 to 0xee89e000)
da80: ee89dab6 ee89db08 ee8331a8 c2514ec0 c0eaa748 eefeda14 ee89dae8 00000004
daa0: c2515a00 c07301e8 00000000 c096c878 00000000 ffffffff c2514ec0 ee89db00
dac0: c073013c 00000000 c252f200 00000004 c252ee00 c03695ec ee89dae8 ee89daec
dae0: ffffffff ffffffff ffffffff 00000000 eefeda24 c2515a20 eefede80 c03697b8
db00: eefeda24 00000004 00000004 000000a0 00000000 00000000 00000000 c07ef054
db20: ee89db50 c07e7414 ee89db88 00000010 c2514ec0 c0367e54 eefeda24 c2515a20
db40: eefede80 00000000 c252f200 c07ef1a0 eefeda14 00000004 00000004 000000a0
db60: 00000000 00000000 c252ee00 c096cb80 c252ee00 c096c878 00000000 c07e73a8
db80: eefede80 ee89dbd0 c0eaebd0 ffffffea ee89dbd0 c0eaebd0 eefeda24 00000000
dba0: 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000
dbc0: 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000
dbe0: c2515a00 c07ef1fc c252ee00 c07edfd4 00000200 00000000 00000000 c2515a20
dc00: eefede80 00000004 c252f200 c07ef2e8 c0ea0c8c 00000000 00000004 eefede80
dc20: eefeded4 c07e9a80 00000001 00000000 00000800 00000002 c0a33b80 ee833000
dc40: eefede80 c0ef2b44 60000013 c07e80bc eefede80 eefede80 00000000 00000000
dc60: eefeded4 c252ee00 00000000 00000000 c252ee00 c07e9d10 eefede80 00000000
dc80: 00000000 00000001 00000000 c07e9ebc c252f000 00000000 00000001 00000001
dca0: 00000103 c06d08dc eefede80 c07eb8ac eefede80 c07e7134 c0d69724 eefede80
dcc0: eefedcfc 00000000 c252ee00 00000000 00000000 00000001 c0d69724 c07ea258
dce0: 00000001 00000000 c252ee00 c2517190 c252f000 00000000 00000000 00000000
dd00: c0e7b7ec c07ea32c c252ee00 c0a722e4 c252f000 c06dd71c ee833074 c252ee74
dd20: c252ee74 60000013 c0d69724 00000000 00000001 00000002 00000051 00000002
dd40: c252ee00 c252eed4 c0e7b7ec c072dc94 c252ee00 c0ef0dfc c0ea9920 c06b61ec
dd60: ee89dda8 c072f730 c072f718 ee89dda8 00000000 c06b64ec c0ef0dd8 ee833000
dd80: 00000000 c0a81be0 c0d69724 c06b4598 ee93436c eebc1eb8 c252ee00 c252ee34
dda0: 00000001 c06b5e1c c252ee00 00000001 c0d69724 c252ee00 c252ee00 c0e821d4
ddc0: c0ef0dd8 c06b532c c252ee00 c252ee08 00000000 c06b3660 c252ee00 c0957448
dde0: c252ee00 ee833000 c252ee00 ee833000 c0eaa6d0 00000000 00000000 00000000
de00: c252ee00 c072fad8 00000004 eefedcfc ee833000 c072fbf4 00000000 ee9e8700
de20: 00000004 00000000 ee8331a8 ee8331a8 ee833000 ee9d6400 ee9d6410 00000000
de40: 00000001 c0730868 c0a81d00 ee8331a8 00000000 00000000 c0ef0dfc ee9d6410
de60: c0730550 c0e82644 00000000 00000000 c0e82644 c06b7ef0 ee9d6410 c0ef0dfc
de80: c0ea9920 c06b61ec c0a81d5c ee9d6410 c0e82644 ee9d6444 ee9d6410 c0e82644
dea0: c0ea9848 00000000 000000c2 c0d005ac c0d69724 c06b6498 c0e82644 00000000
dec0: c06b63ac c06b4624 ee839e58 ee9c1534 c0e82644 c2515880 c0e7a110 c06b55dc
dee0: c0c44e58 c0e82644 c0e82644 00000006 00000000 c0eb9040 c0d2ff84 c06b7100
df00: c06b7a48 c0d5a850 00000006 c0301770 000000c2 efffc440 c0cc3b00 efffc440
df20: 000000c2 c033bdd8 00000001 00000003 c0cc2c0c 00000000 00000006 00000006
df40: efffc440 efffc455 c0e0c1e4 c0d5a84c 00000006 c0d5a830 c0d5a850 00000006
df60: c0d5a830 c0eb9040 00000000 c0d00d6c 00000006 00000006 00000000 c0d005ac
df80: c0966cdc 00000000 c0966cdc 00000000 00000000 00000000 00000000 00000000
dfa0: 00000000 c0966ce4 00000000 c03080b8 00000000 00000000 00000000 00000000
dfc0: 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000
dfe0: 00000000 00000000 00000000 00000000 00000013 00000000 6f9750d2 e55ff751
[<c0730498>] (pmic_arb_ppid_to_apid_v1) from [<c07301e8>] (qpnpint_irq_domain_dt_translate+0xac/0x19c)
[<c07301e8>] (qpnpint_irq_domain_dt_translate) from [<c03695ec>] (irq_create_fwspec_mapping+0x14c/0x2cc)
[<c03695ec>] (irq_create_fwspec_mapping) from [<c03697b8>] (irq_create_of_mapping+0x4c/0x54)
[<c03697b8>] (irq_create_of_mapping) from [<c07ef1a0>] (of_irq_get+0x58/0x60)
[<c07ef1a0>] (of_irq_get) from [<c07ef1fc>] (of_irq_to_resource+0x18/0xc8)
[<c07ef1fc>] (of_irq_to_resource) from [<c07ef2e8>] (of_irq_to_resource_table+0x3c/0x4c)
[<c07ef2e8>] (of_irq_to_resource_table) from [<c07e9a80>] (of_device_alloc+0xd0/0x184)
[<c07e9a80>] (of_device_alloc) from [<c07e9d10>] (of_platform_device_create_pdata+0x50/0xa8)
[<c07e9d10>] (of_platform_device_create_pdata) from [<c07e9ebc>] (of_platform_bus_create+0x154/0x460)
[<c07e9ebc>] (of_platform_bus_create) from [<c07ea258>] (of_platform_populate+0x90/0x11c)
[<c07ea258>] (of_platform_populate) from [<c07ea32c>] (devm_of_platform_populate+0x48/0x7c)
[<c07ea32c>] (devm_of_platform_populate) from [<c06dd71c>] (pmic_spmi_probe+0x40/0x188)
[<c06dd71c>] (pmic_spmi_probe) from [<c072dc94>] (spmi_drv_probe+0x44/0xac)
[<c072dc94>] (spmi_drv_probe) from [<c06b61ec>] (driver_probe_device+0x2ec/0x4ac)
[<c06b61ec>] (driver_probe_device) from [<c06b4598>] (bus_for_each_drv+0x5c/0x88)
[<c06b4598>] (bus_for_each_drv) from [<c06b5e1c>] (__device_attach+0x9c/0x128)
[<c06b5e1c>] (__device_attach) from [<c06b532c>] (bus_probe_device+0x84/0x8c)
[<c06b532c>] (bus_probe_device) from [<c06b3660>] (device_add+0x30c/0x560)
[<c06b3660>] (device_add) from [<c072fad8>] (spmi_device_add+0x24/0x9c)
[<c072fad8>] (spmi_device_add) from [<c072fbf4>] (spmi_controller_add+0xa4/0x1f0)
[<c072fbf4>] (spmi_controller_add) from [<c0730868>] (spmi_pmic_arb_probe+0x318/0x3f8)
[<c0730868>] (spmi_pmic_arb_probe) from [<c06b7ef0>] (platform_drv_probe+0x50/0xa0)
[<c06b7ef0>] (platform_drv_probe) from [<c06b61ec>] (driver_probe_device+0x2ec/0x4ac)
[<c06b61ec>] (driver_probe_device) from [<c06b6498>] (__driver_attach+0xec/0x110)
[<c06b6498>] (__driver_attach) from [<c06b4624>] (bus_for_each_dev+0x60/0x94)
[<c06b4624>] (bus_for_each_dev) from [<c06b55dc>] (bus_add_driver+0x180/0x258)
[<c06b55dc>] (bus_add_driver) from [<c06b7100>] (driver_register+0x78/0xf4)
[<c06b7100>] (driver_register) from [<c0301770>] (do_one_initcall+0x40/0x160)
[<c0301770>] (do_one_initcall) from [<c0d00d6c>] (kernel_init_freeable+0x10c/0x1d0)
[<c0d00d6c>] (kernel_init_freeable) from [<c0966ce4>] (kernel_init+0x8/0x10c)
[<c0966ce4>] (kernel_init) from [<c03080b8>] (ret_from_fork+0x14/0x3c)
Code: e1a0b003 e1a09085 e1a04000 e590802c (e19230b9)
---[ end trace 6d8cadb333cb01dc ]---
Kernel panic - not syncing: Attempted to kill init! exitcode=0x0000000b


Please let me know if you need any further information.

-Frank

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ