From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-10.7 required=3.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,MAILING_LIST_MULTI,MENTIONS_GIT_HOSTING,SPF_HELO_NONE, SPF_PASS,USER_AGENT_SANE_1 autolearn=unavailable autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 8D0BBC47094 for ; Mon, 7 Jun 2021 13:44:05 +0000 (UTC) Received: from bombadil.infradead.org (bombadil.infradead.org [198.137.202.133]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPS id 52F9161153 for ; Mon, 7 Jun 2021 13:44:05 +0000 (UTC) DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org 52F9161153 Authentication-Results: mail.kernel.org; dmarc=fail (p=none dis=none) header.from=kernel.org Authentication-Results: mail.kernel.org; spf=none smtp.mailfrom=linux-arm-kernel-bounces+linux-arm-kernel=archiver.kernel.org@lists.infradead.org DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=bombadil.20210309; h=Sender: Content-Transfer-Encoding:Content-Type:List-Subscribe:List-Help:List-Post: List-Archive:List-Unsubscribe:List-Id:In-Reply-To:MIME-Version:References: Message-ID:Subject:Cc:To:From:Date:Reply-To:Content-ID:Content-Description: Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID: List-Owner; bh=PlI2/0VEJjuSA9dbksRurFpXHixxlqAnbm28eBV/u5M=; b=ZcbOhWBHK9iFJA YOliGzrnL5AY0m+ideWwOZp0VsBZHdPW4yLo4kdJoMgVXXj/2694H2fQz0wV5eZDMMAPmPTvY4gkU Bghw8zIO1ybMT7q98ZKt+LvBjqqMrmueJVrZd7faHURmbf8YQStUQRch7xLeY+0lx6xN1pR9jeEvF AhsNhnaBXTc/dNC6p3gIscDr7A7pqUAtYJlMPESlp4WTuOHPRIi0bDlNY+jzWUITCUwp1R3wtQ80i WXGqllyAmaz21yArq6DvCuwdycyVdKafIlSkRo0TMT1LxOo01ZfRIoh1uvSM663/4gf8wqTS3g67s +/xj2RNRZ5huHKPFedcA==; Received: from localhost ([::1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.94.2 #2 (Red Hat Linux)) id 1lqFUC-003rwD-Ka; Mon, 07 Jun 2021 13:40:12 +0000 Received: from mail.kernel.org ([198.145.29.99]) by bombadil.infradead.org with esmtps (Exim 4.94.2 #2 (Red Hat Linux)) id 1lqFTz-003rrf-6S for linux-arm-kernel@lists.infradead.org; Mon, 07 Jun 2021 13:40:03 +0000 Received: by mail.kernel.org (Postfix) with ESMTPSA id D7E1C60FE3; Mon, 7 Jun 2021 13:39:56 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1623073198; bh=3dq30MIqb9Zu3eJwO7pJjF/9szWUcEOMNK2qtkcZ67o=; h=Date:From:To:Cc:Subject:References:In-Reply-To:From; b=UZQqWQXJ+w0mbnKMv2bhdxo0FlbSXTFhJxDJZDQfcOFzGuTYMK+Bb8qAgJT7d1MLW PTmDKVCqohoMBpPlNd0aOulqe0vXvClrZ67Bdt3K0hvAzrTboJ6bBXSXPiq4Fuvt0B 8fOritybmqhyUbqy0bBo8CnEWl15UTqOdhUfocdTXh65Knp11YJUGIZdHOQdbzpGDS KCeYWePd2x2L9jjijlsfA4XxW2akFXx1rrtxMinsnmnIqnPozPGO9xIjMzMQXsSA5P J0y+KteHpn5s6HjI/QdtPVfBwqlSfjgnZ4nxWEp6qedbERpiyODBS1pvMAeq5ow5Zn 4w6Ju9yGREZ9Q== Date: Mon, 7 Jun 2021 14:39:54 +0100 From: Will Deacon To: Mark Rutland , emma@anholt.net, mripard@kernel.org Cc: Marek Szyprowski , linux-arm-kernel@lists.infradead.org, kernel-team@android.com, Catalin Marinas , Ard Biesheuvel , Arnd Bergmann , Vincent Whitchurch , Bartlomiej Zolnierkiewicz , dri-devel@lists.freedesktop.org Subject: Re: [PATCH] arm64: cache: Lower ARCH_DMA_MINALIGN to 64 (L1_CACHE_BYTES) Message-ID: <20210607133953.GB7330@willie-the-truck> References: <20210527124356.22367-1-will@kernel.org> <4d0c8318-bad8-2be7-e292-fc8f70c198de@samsung.com> <20210602135123.GD12753@C02TD0UTHF1T.local> <130ce34f-460a-0046-f722-00144f2d5502@samsung.com> <20210604100114.GC64162@C02TD0UTHF1T.local> <0d10411d-49fe-fbca-0479-e2983af16aa8@samsung.com> <20210607120118.GC97489@C02TD0UTHF1T.local> <20210607130859.GD97489@C02TD0UTHF1T.local> MIME-Version: 1.0 Content-Disposition: inline In-Reply-To: <20210607130859.GD97489@C02TD0UTHF1T.local> User-Agent: Mutt/1.10.1 (2018-07-13) X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20210607_063959_362879_823009CB X-CRM114-Status: GOOD ( 25.70 ) X-BeenThere: linux-arm-kernel@lists.infradead.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Sender: "linux-arm-kernel" Errors-To: linux-arm-kernel-bounces+linux-arm-kernel=archiver.kernel.org@lists.infradead.org [Adding VC4 folks -- please see the KASAN splat below!] Background here is that reducing ARCH_DMA_MINALIGN to 64 on arm64 (queued in -next) is causing vc4 to hang on Rpi3b due to a probable driver bug. Will On Mon, Jun 07, 2021 at 02:08:59PM +0100, Mark Rutland wrote: > On Mon, Jun 07, 2021 at 01:01:18PM +0100, Mark Rutland wrote: > > On Mon, Jun 07, 2021 at 11:58:32AM +0200, Marek Szyprowski wrote: > > > I've just checked with the latest firmware from > > > https://github.com/raspberrypi/firmware (master branch, just copied > > > everything to /boot) and the issue is still there. > > > > > > If you start from arm64/defconfig without modules, please make sure you > > > have enabled all RPi drivers, otherwise VC4 DRM won't come up. I've > > > managed to reproduce the issue without the modules with the following > > > changes to arm64's defconfig: > > > > > > ./scripts/config -e DRM -e DRM_VC4 -e CONFIG_CLK_RASPBERRYPI -e > > > CONFIG_SENSORS_RASPBERRYPI_HWMON -e CONFIG_I2C_BCM2835 -e > > > CONFIG_ARM_RASPBERRYPI_CPUFREQ > > > > Thanks for this! > > > > With that config on commit 65688d2a05deb9f0 I also see a hang at the end > > of boot, but before reaching userspace, with the last messages in dmesg > > as below. > > > > I'll go check that the ARCH_DMA_MINALIGN affects this, then I'll go play > > with debug options. > > I can confirm that with the ARCH_DMA_MINALIGN change reverted, the hang > goes away. Running with that reverted andwith KASAN, I get the > slab-out-of-bounds splat below, which occurs at the time the hang would > otherwise occur, and is possibly the problem: > > [ 3.609515] vc4-drm soc:gpu: bound 3f902000.hdmi (ops vc4_hdmi_ops) > [ 3.621451] vc4-drm soc:gpu: bound 3f806000.vec (ops vc4_vec_ops) > [ 3.628344] vc4-drm soc:gpu: bound 3f400000.hvs (ops vc4_hvs_ops) > [ 3.635904] vc4-drm soc:gpu: bound 3f004000.txp (ops vc4_txp_ops) > [ 3.643351] vc4-drm soc:gpu: bound 3f206000.pixelvalve (ops vc4_crtc_ops) > [ 3.651238] vc4-drm soc:gpu: bound 3f207000.pixelvalve (ops vc4_crtc_ops) > [ 3.659167] vc4-drm soc:gpu: bound 3f807000.pixelvalve (ops vc4_crtc_ops) > [ 3.666499] vc4-drm soc:gpu: bound 3fc00000.v3d (ops vc4_v3d_ops) > [ 3.688560] [drm] Initialized vc4 0.0.0 20140616 for soc:gpu on minor 0 > [ 3.728010] ================================================================== > [ 3.728042] BUG: KASAN: slab-out-of-bounds in vc4_atomic_commit_tail+0x1cc/0x910 > [ 3.728123] Read of size 8 at addr ffff000007360440 by task kworker/u8:0/7 > [ 3.728153] > [ 3.728169] CPU: 2 PID: 7 Comm: kworker/u8:0 Not tainted 5.13.0-rc3-00009-g694c523e7267 #3 > [ 3.728203] Hardware name: Raspberry Pi 3 Model B (DT) > [ 3.728225] Workqueue: events_unbound deferred_probe_work_func > [ 3.728290] Call trace: > [ 3.728301] dump_backtrace+0x0/0x2b4 > [ 3.728358] show_stack+0x1c/0x30 > [ 3.728407] dump_stack+0xfc/0x168 > [ 3.728445] print_address_description.constprop.0+0x2c/0x2c0 > [ 3.728495] kasan_report+0x1dc/0x240 > [ 3.728529] __asan_load8+0x98/0xd4 > [ 3.728565] vc4_atomic_commit_tail+0x1cc/0x910 > [ 3.728621] commit_tail+0x100/0x210 > [ 3.728675] drm_atomic_helper_commit+0x1c4/0x3dc > [ 3.728730] drm_atomic_commit+0x80/0x94 > [ 3.728768] drm_client_modeset_commit_atomic+0x2f4/0x3a0 > [ 3.728821] drm_client_modeset_commit_locked+0x8c/0x230 > [ 3.728872] drm_fb_helper_pan_display+0x164/0x3a0 > [ 3.728924] fb_pan_display+0x12c/0x1fc > [ 3.728963] bit_update_start+0x34/0xa0 > [ 3.729013] fbcon_switch+0x678/0x920 > [ 3.729058] redraw_screen+0x17c/0x35c > [ 3.729095] fbcon_prepare_logo+0x484/0x5bc > [ 3.729143] fbcon_init+0x77c/0x970 > [ 3.729187] visual_init+0x14c/0x1e4 > [ 3.729239] do_bind_con_driver.isra.0+0x2c4/0x530 > [ 3.729279] do_take_over_console+0x200/0x2e0 > [ 3.729317] do_fbcon_takeover+0x90/0x120 > [ 3.729363] fbcon_fb_registered+0x14c/0x164 > [ 3.729412] register_framebuffer+0x308/0x4e0 > [ 3.729451] __drm_fb_helper_initial_config_and_unlock+0x538/0x7d0 > [ 3.729506] drm_fbdev_client_hotplug+0x204/0x374 > [ 3.729556] drm_fbdev_generic_setup+0xf4/0x24c > [ 3.729604] vc4_drm_bind+0x1d4/0x1f0 > [ 3.729654] try_to_bring_up_master+0x254/0x2dc > [ 3.729709] __component_add+0x10c/0x240 > [ 3.729759] component_add+0x18/0x24 > [ 3.729807] vc4_v3d_dev_probe+0x20/0x30 > [ 3.729854] platform_probe+0x90/0x110 > [ 3.729907] really_probe+0x148/0x744 > [ 3.729952] driver_probe_device+0x8c/0xfc > [ 3.729998] __device_attach_driver+0x120/0x180 > [ 3.730048] bus_for_each_drv+0xf4/0x15c > [ 3.730091] __device_attach+0x168/0x250 > [ 3.730137] device_initial_probe+0x18/0x24 > [ 3.730186] bus_probe_device+0xec/0x100 > [ 3.730230] deferred_probe_work_func+0xe8/0x130 > [ 3.730279] process_one_work+0x3b8/0x650 > [ 3.730319] worker_thread+0x3cc/0x72c > [ 3.730356] kthread+0x21c/0x224 > [ 3.730402] ret_from_fork+0x10/0x38 > [ 3.730442] > [ 3.730453] Allocated by task 7: > [ 3.730470] kasan_save_stack+0x2c/0x60 > [ 3.730526] __kasan_kmalloc+0x90/0xb4 > [ 3.730577] vc4_hvs_channels_duplicate_state+0x60/0x1a0 > [ 3.730637] drm_atomic_get_private_obj_state+0x144/0x230 > [ 3.730680] vc4_atomic_check+0x40/0x73c > [ 3.730732] drm_atomic_check_only+0x998/0xe60 > [ 3.730769] drm_atomic_commit+0x34/0x94 > [ 3.730804] drm_client_modeset_commit_atomic+0x2f4/0x3a0 > [ 3.730854] drm_client_modeset_commit_locked+0x8c/0x230 > [ 3.730904] drm_client_modeset_commit+0x38/0x60 > [ 3.730951] drm_fb_helper_set_par+0x104/0x17c > [ 3.730998] fbcon_init+0x43c/0x970 > [ 3.731041] visual_init+0x14c/0x1e4 > [ 3.731090] do_bind_con_driver.isra.0+0x2c4/0x530 > [ 3.731128] do_take_over_console+0x200/0x2e0 > [ 3.731165] do_fbcon_takeover+0x90/0x120 > [ 3.731210] fbcon_fb_registered+0x14c/0x164 > [ 3.731258] register_framebuffer+0x308/0x4e0 > [ 3.731296] __drm_fb_helper_initial_config_and_unlock+0x538/0x7d0 > [ 3.731349] drm_fbdev_client_hotplug+0x204/0x374 > [ 3.731398] drm_fbdev_generic_setup+0xf4/0x24c > [ 3.731446] vc4_drm_bind+0x1d4/0x1f0 > [ 3.731493] try_to_bring_up_master+0x254/0x2dc > [ 3.731546] __component_add+0x10c/0x240 > [ 3.731594] component_add+0x18/0x24 > [ 3.731642] vc4_v3d_dev_probe+0x20/0x30 > [ 3.731686] platform_probe+0x90/0x110 > [ 3.731737] really_probe+0x148/0x744 > [ 3.731781] driver_probe_device+0x8c/0xfc > [ 3.731827] __device_attach_driver+0x120/0x180 > [ 3.731875] bus_for_each_drv+0xf4/0x15c > [ 3.731916] __device_attach+0x168/0x250 > [ 3.731962] device_initial_probe+0x18/0x24 > [ 3.732009] bus_probe_device+0xec/0x100 > [ 3.732052] deferred_probe_work_func+0xe8/0x130 > [ 3.732100] process_one_work+0x3b8/0x650 > [ 3.732137] worker_thread+0x3cc/0x72c > [ 3.732172] kthread+0x21c/0x224 > [ 3.732215] ret_from_fork+0x10/0x38 > [ 3.732253] > [ 3.732262] The buggy address belongs to the object at ffff000007360400 > [ 3.732262] which belongs to the cache kmalloc-128 of size 128 > [ 3.732293] The buggy address is located 64 bytes inside of > [ 3.732293] 128-byte region [ffff000007360400, ffff000007360480) > [ 3.732329] The buggy address belongs to the page: > [ 3.732344] page:(____ptrval____) refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x7360 > [ 3.732380] flags: 0x3fffc0000000200(slab|node=0|zone=0|lastcpupid=0xffff) > [ 3.732442] raw: 03fffc0000000200 dead000000000100 dead000000000122 ffff000004c02300 > [ 3.732478] raw: 0000000000000000 0000000000100010 00000001ffffffff 0000000000000000 > [ 3.732501] page dumped because: kasan: bad access detected > [ 3.732518] > [ 3.732527] Memory state around the buggy address: > [ 3.732549] ffff000007360300: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb > [ 3.732579] ffff000007360380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc > [ 3.732608] >ffff000007360400: 00 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc > [ 3.732629] ^ > [ 3.732652] ffff000007360480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc > [ 3.732682] ffff000007360500: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb > [ 3.732703] ================================================================== > [ 3.732718] Disabling lock debugging due to kernel taint > [ 3.769129] Console: switching to colour frame buffer device 90x30 > [ 5.148699] vc4-drm soc:gpu: [drm] fb0: vc4drmfb frame buffer device _______________________________________________ linux-arm-kernel mailing list linux-arm-kernel@lists.infradead.org http://lists.infradead.org/mailman/listinfo/linux-arm-kernel From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-10.3 required=3.0 tests=BAYES_00,DKIM_INVALID, DKIM_SIGNED,MAILING_LIST_MULTI,MENTIONS_GIT_HOSTING,SPF_HELO_NONE,SPF_PASS, USER_AGENT_SANE_1 autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 20437C47095 for ; Mon, 7 Jun 2021 13:40:01 +0000 (UTC) Received: from gabe.freedesktop.org (gabe.freedesktop.org [131.252.210.177]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPS id E30BD61159 for ; Mon, 7 Jun 2021 13:40:00 +0000 (UTC) DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org E30BD61159 Authentication-Results: mail.kernel.org; dmarc=fail (p=none dis=none) header.from=kernel.org Authentication-Results: mail.kernel.org; spf=none smtp.mailfrom=dri-devel-bounces@lists.freedesktop.org Received: from gabe.freedesktop.org (localhost [127.0.0.1]) by gabe.freedesktop.org (Postfix) with ESMTP id 63B3E6E8C3; Mon, 7 Jun 2021 13:40:00 +0000 (UTC) Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by gabe.freedesktop.org (Postfix) with ESMTPS id 036646E8C3 for ; Mon, 7 Jun 2021 13:39:59 +0000 (UTC) Received: by mail.kernel.org (Postfix) with ESMTPSA id D7E1C60FE3; Mon, 7 Jun 2021 13:39:56 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1623073198; bh=3dq30MIqb9Zu3eJwO7pJjF/9szWUcEOMNK2qtkcZ67o=; h=Date:From:To:Cc:Subject:References:In-Reply-To:From; b=UZQqWQXJ+w0mbnKMv2bhdxo0FlbSXTFhJxDJZDQfcOFzGuTYMK+Bb8qAgJT7d1MLW PTmDKVCqohoMBpPlNd0aOulqe0vXvClrZ67Bdt3K0hvAzrTboJ6bBXSXPiq4Fuvt0B 8fOritybmqhyUbqy0bBo8CnEWl15UTqOdhUfocdTXh65Knp11YJUGIZdHOQdbzpGDS KCeYWePd2x2L9jjijlsfA4XxW2akFXx1rrtxMinsnmnIqnPozPGO9xIjMzMQXsSA5P J0y+KteHpn5s6HjI/QdtPVfBwqlSfjgnZ4nxWEp6qedbERpiyODBS1pvMAeq5ow5Zn 4w6Ju9yGREZ9Q== Date: Mon, 7 Jun 2021 14:39:54 +0100 From: Will Deacon To: Mark Rutland , emma@anholt.net, mripard@kernel.org Subject: Re: [PATCH] arm64: cache: Lower ARCH_DMA_MINALIGN to 64 (L1_CACHE_BYTES) Message-ID: <20210607133953.GB7330@willie-the-truck> References: <20210527124356.22367-1-will@kernel.org> <4d0c8318-bad8-2be7-e292-fc8f70c198de@samsung.com> <20210602135123.GD12753@C02TD0UTHF1T.local> <130ce34f-460a-0046-f722-00144f2d5502@samsung.com> <20210604100114.GC64162@C02TD0UTHF1T.local> <0d10411d-49fe-fbca-0479-e2983af16aa8@samsung.com> <20210607120118.GC97489@C02TD0UTHF1T.local> <20210607130859.GD97489@C02TD0UTHF1T.local> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20210607130859.GD97489@C02TD0UTHF1T.local> User-Agent: Mutt/1.10.1 (2018-07-13) X-BeenThere: dri-devel@lists.freedesktop.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Direct Rendering Infrastructure - Development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Arnd Bergmann , Bartlomiej Zolnierkiewicz , Catalin Marinas , Vincent Whitchurch , dri-devel@lists.freedesktop.org, kernel-team@android.com, Ard Biesheuvel , linux-arm-kernel@lists.infradead.org, Marek Szyprowski Errors-To: dri-devel-bounces@lists.freedesktop.org Sender: "dri-devel" [Adding VC4 folks -- please see the KASAN splat below!] Background here is that reducing ARCH_DMA_MINALIGN to 64 on arm64 (queued in -next) is causing vc4 to hang on Rpi3b due to a probable driver bug. Will On Mon, Jun 07, 2021 at 02:08:59PM +0100, Mark Rutland wrote: > On Mon, Jun 07, 2021 at 01:01:18PM +0100, Mark Rutland wrote: > > On Mon, Jun 07, 2021 at 11:58:32AM +0200, Marek Szyprowski wrote: > > > I've just checked with the latest firmware from > > > https://github.com/raspberrypi/firmware (master branch, just copied > > > everything to /boot) and the issue is still there. > > > > > > If you start from arm64/defconfig without modules, please make sure you > > > have enabled all RPi drivers, otherwise VC4 DRM won't come up. I've > > > managed to reproduce the issue without the modules with the following > > > changes to arm64's defconfig: > > > > > > ./scripts/config -e DRM -e DRM_VC4 -e CONFIG_CLK_RASPBERRYPI -e > > > CONFIG_SENSORS_RASPBERRYPI_HWMON -e CONFIG_I2C_BCM2835 -e > > > CONFIG_ARM_RASPBERRYPI_CPUFREQ > > > > Thanks for this! > > > > With that config on commit 65688d2a05deb9f0 I also see a hang at the end > > of boot, but before reaching userspace, with the last messages in dmesg > > as below. > > > > I'll go check that the ARCH_DMA_MINALIGN affects this, then I'll go play > > with debug options. > > I can confirm that with the ARCH_DMA_MINALIGN change reverted, the hang > goes away. Running with that reverted andwith KASAN, I get the > slab-out-of-bounds splat below, which occurs at the time the hang would > otherwise occur, and is possibly the problem: > > [ 3.609515] vc4-drm soc:gpu: bound 3f902000.hdmi (ops vc4_hdmi_ops) > [ 3.621451] vc4-drm soc:gpu: bound 3f806000.vec (ops vc4_vec_ops) > [ 3.628344] vc4-drm soc:gpu: bound 3f400000.hvs (ops vc4_hvs_ops) > [ 3.635904] vc4-drm soc:gpu: bound 3f004000.txp (ops vc4_txp_ops) > [ 3.643351] vc4-drm soc:gpu: bound 3f206000.pixelvalve (ops vc4_crtc_ops) > [ 3.651238] vc4-drm soc:gpu: bound 3f207000.pixelvalve (ops vc4_crtc_ops) > [ 3.659167] vc4-drm soc:gpu: bound 3f807000.pixelvalve (ops vc4_crtc_ops) > [ 3.666499] vc4-drm soc:gpu: bound 3fc00000.v3d (ops vc4_v3d_ops) > [ 3.688560] [drm] Initialized vc4 0.0.0 20140616 for soc:gpu on minor 0 > [ 3.728010] ================================================================== > [ 3.728042] BUG: KASAN: slab-out-of-bounds in vc4_atomic_commit_tail+0x1cc/0x910 > [ 3.728123] Read of size 8 at addr ffff000007360440 by task kworker/u8:0/7 > [ 3.728153] > [ 3.728169] CPU: 2 PID: 7 Comm: kworker/u8:0 Not tainted 5.13.0-rc3-00009-g694c523e7267 #3 > [ 3.728203] Hardware name: Raspberry Pi 3 Model B (DT) > [ 3.728225] Workqueue: events_unbound deferred_probe_work_func > [ 3.728290] Call trace: > [ 3.728301] dump_backtrace+0x0/0x2b4 > [ 3.728358] show_stack+0x1c/0x30 > [ 3.728407] dump_stack+0xfc/0x168 > [ 3.728445] print_address_description.constprop.0+0x2c/0x2c0 > [ 3.728495] kasan_report+0x1dc/0x240 > [ 3.728529] __asan_load8+0x98/0xd4 > [ 3.728565] vc4_atomic_commit_tail+0x1cc/0x910 > [ 3.728621] commit_tail+0x100/0x210 > [ 3.728675] drm_atomic_helper_commit+0x1c4/0x3dc > [ 3.728730] drm_atomic_commit+0x80/0x94 > [ 3.728768] drm_client_modeset_commit_atomic+0x2f4/0x3a0 > [ 3.728821] drm_client_modeset_commit_locked+0x8c/0x230 > [ 3.728872] drm_fb_helper_pan_display+0x164/0x3a0 > [ 3.728924] fb_pan_display+0x12c/0x1fc > [ 3.728963] bit_update_start+0x34/0xa0 > [ 3.729013] fbcon_switch+0x678/0x920 > [ 3.729058] redraw_screen+0x17c/0x35c > [ 3.729095] fbcon_prepare_logo+0x484/0x5bc > [ 3.729143] fbcon_init+0x77c/0x970 > [ 3.729187] visual_init+0x14c/0x1e4 > [ 3.729239] do_bind_con_driver.isra.0+0x2c4/0x530 > [ 3.729279] do_take_over_console+0x200/0x2e0 > [ 3.729317] do_fbcon_takeover+0x90/0x120 > [ 3.729363] fbcon_fb_registered+0x14c/0x164 > [ 3.729412] register_framebuffer+0x308/0x4e0 > [ 3.729451] __drm_fb_helper_initial_config_and_unlock+0x538/0x7d0 > [ 3.729506] drm_fbdev_client_hotplug+0x204/0x374 > [ 3.729556] drm_fbdev_generic_setup+0xf4/0x24c > [ 3.729604] vc4_drm_bind+0x1d4/0x1f0 > [ 3.729654] try_to_bring_up_master+0x254/0x2dc > [ 3.729709] __component_add+0x10c/0x240 > [ 3.729759] component_add+0x18/0x24 > [ 3.729807] vc4_v3d_dev_probe+0x20/0x30 > [ 3.729854] platform_probe+0x90/0x110 > [ 3.729907] really_probe+0x148/0x744 > [ 3.729952] driver_probe_device+0x8c/0xfc > [ 3.729998] __device_attach_driver+0x120/0x180 > [ 3.730048] bus_for_each_drv+0xf4/0x15c > [ 3.730091] __device_attach+0x168/0x250 > [ 3.730137] device_initial_probe+0x18/0x24 > [ 3.730186] bus_probe_device+0xec/0x100 > [ 3.730230] deferred_probe_work_func+0xe8/0x130 > [ 3.730279] process_one_work+0x3b8/0x650 > [ 3.730319] worker_thread+0x3cc/0x72c > [ 3.730356] kthread+0x21c/0x224 > [ 3.730402] ret_from_fork+0x10/0x38 > [ 3.730442] > [ 3.730453] Allocated by task 7: > [ 3.730470] kasan_save_stack+0x2c/0x60 > [ 3.730526] __kasan_kmalloc+0x90/0xb4 > [ 3.730577] vc4_hvs_channels_duplicate_state+0x60/0x1a0 > [ 3.730637] drm_atomic_get_private_obj_state+0x144/0x230 > [ 3.730680] vc4_atomic_check+0x40/0x73c > [ 3.730732] drm_atomic_check_only+0x998/0xe60 > [ 3.730769] drm_atomic_commit+0x34/0x94 > [ 3.730804] drm_client_modeset_commit_atomic+0x2f4/0x3a0 > [ 3.730854] drm_client_modeset_commit_locked+0x8c/0x230 > [ 3.730904] drm_client_modeset_commit+0x38/0x60 > [ 3.730951] drm_fb_helper_set_par+0x104/0x17c > [ 3.730998] fbcon_init+0x43c/0x970 > [ 3.731041] visual_init+0x14c/0x1e4 > [ 3.731090] do_bind_con_driver.isra.0+0x2c4/0x530 > [ 3.731128] do_take_over_console+0x200/0x2e0 > [ 3.731165] do_fbcon_takeover+0x90/0x120 > [ 3.731210] fbcon_fb_registered+0x14c/0x164 > [ 3.731258] register_framebuffer+0x308/0x4e0 > [ 3.731296] __drm_fb_helper_initial_config_and_unlock+0x538/0x7d0 > [ 3.731349] drm_fbdev_client_hotplug+0x204/0x374 > [ 3.731398] drm_fbdev_generic_setup+0xf4/0x24c > [ 3.731446] vc4_drm_bind+0x1d4/0x1f0 > [ 3.731493] try_to_bring_up_master+0x254/0x2dc > [ 3.731546] __component_add+0x10c/0x240 > [ 3.731594] component_add+0x18/0x24 > [ 3.731642] vc4_v3d_dev_probe+0x20/0x30 > [ 3.731686] platform_probe+0x90/0x110 > [ 3.731737] really_probe+0x148/0x744 > [ 3.731781] driver_probe_device+0x8c/0xfc > [ 3.731827] __device_attach_driver+0x120/0x180 > [ 3.731875] bus_for_each_drv+0xf4/0x15c > [ 3.731916] __device_attach+0x168/0x250 > [ 3.731962] device_initial_probe+0x18/0x24 > [ 3.732009] bus_probe_device+0xec/0x100 > [ 3.732052] deferred_probe_work_func+0xe8/0x130 > [ 3.732100] process_one_work+0x3b8/0x650 > [ 3.732137] worker_thread+0x3cc/0x72c > [ 3.732172] kthread+0x21c/0x224 > [ 3.732215] ret_from_fork+0x10/0x38 > [ 3.732253] > [ 3.732262] The buggy address belongs to the object at ffff000007360400 > [ 3.732262] which belongs to the cache kmalloc-128 of size 128 > [ 3.732293] The buggy address is located 64 bytes inside of > [ 3.732293] 128-byte region [ffff000007360400, ffff000007360480) > [ 3.732329] The buggy address belongs to the page: > [ 3.732344] page:(____ptrval____) refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x7360 > [ 3.732380] flags: 0x3fffc0000000200(slab|node=0|zone=0|lastcpupid=0xffff) > [ 3.732442] raw: 03fffc0000000200 dead000000000100 dead000000000122 ffff000004c02300 > [ 3.732478] raw: 0000000000000000 0000000000100010 00000001ffffffff 0000000000000000 > [ 3.732501] page dumped because: kasan: bad access detected > [ 3.732518] > [ 3.732527] Memory state around the buggy address: > [ 3.732549] ffff000007360300: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb > [ 3.732579] ffff000007360380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc > [ 3.732608] >ffff000007360400: 00 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc > [ 3.732629] ^ > [ 3.732652] ffff000007360480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc > [ 3.732682] ffff000007360500: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb > [ 3.732703] ================================================================== > [ 3.732718] Disabling lock debugging due to kernel taint > [ 3.769129] Console: switching to colour frame buffer device 90x30 > [ 5.148699] vc4-drm soc:gpu: [drm] fb0: vc4drmfb frame buffer device