* ufs_qcom_dump_dbg_regs makes the kernel panic
@ 2018-12-10 12:37 ` Marc Gonzalez
0 siblings, 0 replies; 16+ messages in thread
From: Marc Gonzalez @ 2018-12-10 12:37 UTC (permalink / raw)
To: Jeffrey Hugo, Vivek Gautam, Bjorn Andersson, Andy Gross, David Brown
Cc: MSM, Linux ARM
Hello,
When the kernel fails to init the UFSHC, it calls ufshcd_print_host_regs()
to help with debugging, which calls the dbg_register_dump hook.
ufs_qcom_dump_dbg_regs makes the kernel panic:
[ 3.715634] UFS_DBG_RD_REG_TXUC 000000a0: 00000000 00000000 00000000 00000000
[ 3.722750] UFS_DBG_RD_REG_TXUC 000000b0: 00000001 00000000 00000000 00000004
[ 3.729943] Internal error: synchronous external abort: 96000210 [#1] PREEMPT SMP
[ 3.737000] Modules linked in:
[ 3.744371] CPU: 2 PID: 1 Comm: swapper/0 Tainted: G S 4.20.0-rc4 #16
[ 3.747413] Hardware name: Qualcomm Technologies, Inc. MSM8998 v1 MTP (DT)
[ 3.755295] pstate: 00000005 (nzcv daif -PAN -UAO)
[ 3.761978] pc : __memcpy_fromio+0x68/0x80
[ 3.766718] lr : ufshcd_dump_regs+0x50/0xb0
[ 3.770767] sp : ffff00000807ba00
[ 3.774830] x29: ffff00000807ba00 x28: 00000000fffffffb
[ 3.778344] x27: ffff0000089db068 x26: ffff8000f6e58000
[ 3.783728] x25: 000000000000000e x24: 0000000000000800
[ 3.789023] x23: ffff8000f6e587c8 x22: 0000000000000800
[ 3.794319] x21: ffff000008908368 x20: ffff8000f6e1ab80
[ 3.799615] x19: 000000000000006c x18: ffffffffffffffff
[ 3.804910] x17: 0000000000000000 x16: 0000000000000000
[ 3.810206] x15: ffff000009199648 x14: ffff000089244187
[ 3.815502] x13: ffff000009244195 x12: ffff0000091ab000
[ 3.820797] x11: 0000000005f5e0ff x10: ffff0000091998a0
[ 3.826093] x9 : 0000000000000000 x8 : ffff8000f6e1ac00
[ 3.831389] x7 : 0000000000000000 x6 : 0000000000000068
[ 3.836676] x5 : ffff8000f6e1abe8 x4 : 0000000000000000
[ 3.841971] x3 : ffff00000928c868 x2 : ffff8000f6e1abec
[ 3.847267] x1 : ffff00000928c868 x0 : ffff8000f6e1abe8
[ 3.852567] Process swapper/0 (pid: 1, stack limit = 0x(____ptrval____))
[ 3.857900] Call trace:
[ 3.864473] __memcpy_fromio+0x68/0x80
[ 3.866683] ufs_qcom_dump_dbg_regs+0x1c0/0x370
[ 3.870522] ufshcd_print_host_regs+0x168/0x190
[ 3.874946] ufshcd_init+0xd4c/0xde0
[ 3.879459] ufshcd_pltfrm_init+0x3c8/0x550
[ 3.883264] ufs_qcom_probe+0x24/0x60
[ 3.887188] platform_drv_probe+0x50/0xa0
[ 3.890993] really_probe+0x1f0/0x2a0
[ 3.894983] driver_probe_device+0x58/0x100
[ 3.898628] __driver_attach+0xd4/0xe0
[ 3.902617] bus_for_each_dev+0x74/0xd0
[ 3.906436] driver_attach+0x20/0x30
[ 3.910169] bus_add_driver+0x1ac/0x220
[ 3.913992] driver_register+0x60/0x110
[ 3.917540] __platform_driver_register+0x40/0x50
[ 3.921413] ufs_qcom_pltform_init+0x18/0x20
[ 3.926248] do_one_initcall+0x5c/0x180
[ 3.930593] kernel_init_freeable+0x198/0x244
[ 3.934156] kernel_init+0x10/0x110
[ 3.938629] ret_from_fork+0x10/0x20
[ 3.941940] Code: f2400842 54000100 8b020002 d503201f (39400023)
[ 3.945875] ---[ end trace 2d10f654364744f5 ]---
[ 3.951841] Kernel panic - not syncing: Attempted to kill init! exitcode=0x0000000b
[ 3.956528] SMP: stopping secondary CPUs
[ 5.005502] SMP: failed to stop secondary CPUs 2,7
[ 5.005648] Kernel Offset: disabled
[ 5.009292] CPU features: 0x2,21802008
[ 5.012676] Memory Limit: none
[ 5.016485] ---[ end Kernel panic - not syncing: Attempted to kill init! exitcode=0x0000000b ]---
The problem appears to be on this line:
reg = ufs_qcom_get_debug_reg_offset(host, UFS_DBG_RD_REG_RXUC);
/* reg = 0x800 */
print_fn(hba, reg, 27, "UFS_DBG_RD_REG_RXUC ", priv);
I'm not sure what's going on, because the driver is supposed to map 0x2500 bytes.
(reg = <0x1da4000 0x2500>;)
Commenting out the last 4 dumps of ufs_qcom_print_hw_debug_reg_all() makes
the panic disappear, but the kernel just hangs after printing UFS_DBG_RD_REG_TXUC
Regards.
^ permalink raw reply [flat|nested] 16+ messages in thread
* ufs_qcom_dump_dbg_regs makes the kernel panic
@ 2018-12-10 12:37 ` Marc Gonzalez
0 siblings, 0 replies; 16+ messages in thread
From: Marc Gonzalez @ 2018-12-10 12:37 UTC (permalink / raw)
To: Jeffrey Hugo, Vivek Gautam, Bjorn Andersson, Andy Gross, David Brown
Cc: MSM, Linux ARM
Hello,
When the kernel fails to init the UFSHC, it calls ufshcd_print_host_regs()
to help with debugging, which calls the dbg_register_dump hook.
ufs_qcom_dump_dbg_regs makes the kernel panic:
[ 3.715634] UFS_DBG_RD_REG_TXUC 000000a0: 00000000 00000000 00000000 00000000
[ 3.722750] UFS_DBG_RD_REG_TXUC 000000b0: 00000001 00000000 00000000 00000004
[ 3.729943] Internal error: synchronous external abort: 96000210 [#1] PREEMPT SMP
[ 3.737000] Modules linked in:
[ 3.744371] CPU: 2 PID: 1 Comm: swapper/0 Tainted: G S 4.20.0-rc4 #16
[ 3.747413] Hardware name: Qualcomm Technologies, Inc. MSM8998 v1 MTP (DT)
[ 3.755295] pstate: 00000005 (nzcv daif -PAN -UAO)
[ 3.761978] pc : __memcpy_fromio+0x68/0x80
[ 3.766718] lr : ufshcd_dump_regs+0x50/0xb0
[ 3.770767] sp : ffff00000807ba00
[ 3.774830] x29: ffff00000807ba00 x28: 00000000fffffffb
[ 3.778344] x27: ffff0000089db068 x26: ffff8000f6e58000
[ 3.783728] x25: 000000000000000e x24: 0000000000000800
[ 3.789023] x23: ffff8000f6e587c8 x22: 0000000000000800
[ 3.794319] x21: ffff000008908368 x20: ffff8000f6e1ab80
[ 3.799615] x19: 000000000000006c x18: ffffffffffffffff
[ 3.804910] x17: 0000000000000000 x16: 0000000000000000
[ 3.810206] x15: ffff000009199648 x14: ffff000089244187
[ 3.815502] x13: ffff000009244195 x12: ffff0000091ab000
[ 3.820797] x11: 0000000005f5e0ff x10: ffff0000091998a0
[ 3.826093] x9 : 0000000000000000 x8 : ffff8000f6e1ac00
[ 3.831389] x7 : 0000000000000000 x6 : 0000000000000068
[ 3.836676] x5 : ffff8000f6e1abe8 x4 : 0000000000000000
[ 3.841971] x3 : ffff00000928c868 x2 : ffff8000f6e1abec
[ 3.847267] x1 : ffff00000928c868 x0 : ffff8000f6e1abe8
[ 3.852567] Process swapper/0 (pid: 1, stack limit = 0x(____ptrval____))
[ 3.857900] Call trace:
[ 3.864473] __memcpy_fromio+0x68/0x80
[ 3.866683] ufs_qcom_dump_dbg_regs+0x1c0/0x370
[ 3.870522] ufshcd_print_host_regs+0x168/0x190
[ 3.874946] ufshcd_init+0xd4c/0xde0
[ 3.879459] ufshcd_pltfrm_init+0x3c8/0x550
[ 3.883264] ufs_qcom_probe+0x24/0x60
[ 3.887188] platform_drv_probe+0x50/0xa0
[ 3.890993] really_probe+0x1f0/0x2a0
[ 3.894983] driver_probe_device+0x58/0x100
[ 3.898628] __driver_attach+0xd4/0xe0
[ 3.902617] bus_for_each_dev+0x74/0xd0
[ 3.906436] driver_attach+0x20/0x30
[ 3.910169] bus_add_driver+0x1ac/0x220
[ 3.913992] driver_register+0x60/0x110
[ 3.917540] __platform_driver_register+0x40/0x50
[ 3.921413] ufs_qcom_pltform_init+0x18/0x20
[ 3.926248] do_one_initcall+0x5c/0x180
[ 3.930593] kernel_init_freeable+0x198/0x244
[ 3.934156] kernel_init+0x10/0x110
[ 3.938629] ret_from_fork+0x10/0x20
[ 3.941940] Code: f2400842 54000100 8b020002 d503201f (39400023)
[ 3.945875] ---[ end trace 2d10f654364744f5 ]---
[ 3.951841] Kernel panic - not syncing: Attempted to kill init! exitcode=0x0000000b
[ 3.956528] SMP: stopping secondary CPUs
[ 5.005502] SMP: failed to stop secondary CPUs 2,7
[ 5.005648] Kernel Offset: disabled
[ 5.009292] CPU features: 0x2,21802008
[ 5.012676] Memory Limit: none
[ 5.016485] ---[ end Kernel panic - not syncing: Attempted to kill init! exitcode=0x0000000b ]---
The problem appears to be on this line:
reg = ufs_qcom_get_debug_reg_offset(host, UFS_DBG_RD_REG_RXUC);
/* reg = 0x800 */
print_fn(hba, reg, 27, "UFS_DBG_RD_REG_RXUC ", priv);
I'm not sure what's going on, because the driver is supposed to map 0x2500 bytes.
(reg = <0x1da4000 0x2500>;)
Commenting out the last 4 dumps of ufs_qcom_print_hw_debug_reg_all() makes
the panic disappear, but the kernel just hangs after printing UFS_DBG_RD_REG_TXUC
Regards.
_______________________________________________
linux-arm-kernel mailing list
linux-arm-kernel@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/linux-arm-kernel
^ permalink raw reply [flat|nested] 16+ messages in thread
* Re: ufs_qcom_dump_dbg_regs makes the kernel panic
2018-12-10 12:37 ` Marc Gonzalez
@ 2018-12-10 13:34 ` Robin Murphy
-1 siblings, 0 replies; 16+ messages in thread
From: Robin Murphy @ 2018-12-10 13:34 UTC (permalink / raw)
To: Marc Gonzalez, Jeffrey Hugo, Vivek Gautam, Bjorn Andersson,
Andy Gross, David Brown
Cc: MSM, Linux ARM
On 10/12/2018 12:37, Marc Gonzalez wrote:
> Hello,
>
> When the kernel fails to init the UFSHC, it calls ufshcd_print_host_regs()
> to help with debugging, which calls the dbg_register_dump hook.
>
> ufs_qcom_dump_dbg_regs makes the kernel panic:
>
> [ 3.715634] UFS_DBG_RD_REG_TXUC 000000a0: 00000000 00000000 00000000 00000000
> [ 3.722750] UFS_DBG_RD_REG_TXUC 000000b0: 00000001 00000000 00000000 00000004
> [ 3.729943] Internal error: synchronous external abort: 96000210 [#1] PREEMPT SMP
> [ 3.737000] Modules linked in:
> [ 3.744371] CPU: 2 PID: 1 Comm: swapper/0 Tainted: G S 4.20.0-rc4 #16
> [ 3.747413] Hardware name: Qualcomm Technologies, Inc. MSM8998 v1 MTP (DT)
> [ 3.755295] pstate: 00000005 (nzcv daif -PAN -UAO)
> [ 3.761978] pc : __memcpy_fromio+0x68/0x80
> [ 3.766718] lr : ufshcd_dump_regs+0x50/0xb0
> [ 3.770767] sp : ffff00000807ba00
> [ 3.774830] x29: ffff00000807ba00 x28: 00000000fffffffb
> [ 3.778344] x27: ffff0000089db068 x26: ffff8000f6e58000
> [ 3.783728] x25: 000000000000000e x24: 0000000000000800
> [ 3.789023] x23: ffff8000f6e587c8 x22: 0000000000000800
> [ 3.794319] x21: ffff000008908368 x20: ffff8000f6e1ab80
> [ 3.799615] x19: 000000000000006c x18: ffffffffffffffff
> [ 3.804910] x17: 0000000000000000 x16: 0000000000000000
> [ 3.810206] x15: ffff000009199648 x14: ffff000089244187
> [ 3.815502] x13: ffff000009244195 x12: ffff0000091ab000
> [ 3.820797] x11: 0000000005f5e0ff x10: ffff0000091998a0
> [ 3.826093] x9 : 0000000000000000 x8 : ffff8000f6e1ac00
> [ 3.831389] x7 : 0000000000000000 x6 : 0000000000000068
> [ 3.836676] x5 : ffff8000f6e1abe8 x4 : 0000000000000000
> [ 3.841971] x3 : ffff00000928c868 x2 : ffff8000f6e1abec
> [ 3.847267] x1 : ffff00000928c868 x0 : ffff8000f6e1abe8
> [ 3.852567] Process swapper/0 (pid: 1, stack limit = 0x(____ptrval____))
> [ 3.857900] Call trace:
> [ 3.864473] __memcpy_fromio+0x68/0x80
> [ 3.866683] ufs_qcom_dump_dbg_regs+0x1c0/0x370
> [ 3.870522] ufshcd_print_host_regs+0x168/0x190
> [ 3.874946] ufshcd_init+0xd4c/0xde0
> [ 3.879459] ufshcd_pltfrm_init+0x3c8/0x550
> [ 3.883264] ufs_qcom_probe+0x24/0x60
> [ 3.887188] platform_drv_probe+0x50/0xa0
> [ 3.890993] really_probe+0x1f0/0x2a0
> [ 3.894983] driver_probe_device+0x58/0x100
> [ 3.898628] __driver_attach+0xd4/0xe0
> [ 3.902617] bus_for_each_dev+0x74/0xd0
> [ 3.906436] driver_attach+0x20/0x30
> [ 3.910169] bus_add_driver+0x1ac/0x220
> [ 3.913992] driver_register+0x60/0x110
> [ 3.917540] __platform_driver_register+0x40/0x50
> [ 3.921413] ufs_qcom_pltform_init+0x18/0x20
> [ 3.926248] do_one_initcall+0x5c/0x180
> [ 3.930593] kernel_init_freeable+0x198/0x244
> [ 3.934156] kernel_init+0x10/0x110
> [ 3.938629] ret_from_fork+0x10/0x20
> [ 3.941940] Code: f2400842 54000100 8b020002 d503201f (39400023)
> [ 3.945875] ---[ end trace 2d10f654364744f5 ]---
> [ 3.951841] Kernel panic - not syncing: Attempted to kill init! exitcode=0x0000000b
> [ 3.956528] SMP: stopping secondary CPUs
> [ 5.005502] SMP: failed to stop secondary CPUs 2,7
> [ 5.005648] Kernel Offset: disabled
> [ 5.009292] CPU features: 0x2,21802008
> [ 5.012676] Memory Limit: none
> [ 5.016485] ---[ end Kernel panic - not syncing: Attempted to kill init! exitcode=0x0000000b ]---
>
>
> The problem appears to be on this line:
>
> reg = ufs_qcom_get_debug_reg_offset(host, UFS_DBG_RD_REG_RXUC);
> /* reg = 0x800 */
> print_fn(hba, reg, 27, "UFS_DBG_RD_REG_RXUC ", priv);
>
> I'm not sure what's going on, because the driver is supposed to map 0x2500 bytes.
> (reg = <0x1da4000 0x2500>;)
It is mapped - you're not getting an MMU fault but an external abort,
which means the access has been translated and gone out, but the
peripheral (or possibly the interconnect in between) didn't like it and
sent some kind of decode error back. Given that you're faulting in
memcpy_from_io() that's not too surprising - using that on actual device
registers (rather than stuff like ioremap()ed SRAM) is generally a bad
idea, since you have no control over things like access size and
ordering that a typical device is sensitive to.
> Commenting out the last 4 dumps of ufs_qcom_print_hw_debug_reg_all() makes
> the panic disappear, but the kernel just hangs after printing UFS_DBG_RD_REG_TXUC
I'd recommend fixing the register dump code to use specific read*()
accesses of the appropriate sizes for each register.
Robin.
^ permalink raw reply [flat|nested] 16+ messages in thread
* Re: ufs_qcom_dump_dbg_regs makes the kernel panic
@ 2018-12-10 13:34 ` Robin Murphy
0 siblings, 0 replies; 16+ messages in thread
From: Robin Murphy @ 2018-12-10 13:34 UTC (permalink / raw)
To: Marc Gonzalez, Jeffrey Hugo, Vivek Gautam, Bjorn Andersson,
Andy Gross, David Brown
Cc: MSM, Linux ARM
On 10/12/2018 12:37, Marc Gonzalez wrote:
> Hello,
>
> When the kernel fails to init the UFSHC, it calls ufshcd_print_host_regs()
> to help with debugging, which calls the dbg_register_dump hook.
>
> ufs_qcom_dump_dbg_regs makes the kernel panic:
>
> [ 3.715634] UFS_DBG_RD_REG_TXUC 000000a0: 00000000 00000000 00000000 00000000
> [ 3.722750] UFS_DBG_RD_REG_TXUC 000000b0: 00000001 00000000 00000000 00000004
> [ 3.729943] Internal error: synchronous external abort: 96000210 [#1] PREEMPT SMP
> [ 3.737000] Modules linked in:
> [ 3.744371] CPU: 2 PID: 1 Comm: swapper/0 Tainted: G S 4.20.0-rc4 #16
> [ 3.747413] Hardware name: Qualcomm Technologies, Inc. MSM8998 v1 MTP (DT)
> [ 3.755295] pstate: 00000005 (nzcv daif -PAN -UAO)
> [ 3.761978] pc : __memcpy_fromio+0x68/0x80
> [ 3.766718] lr : ufshcd_dump_regs+0x50/0xb0
> [ 3.770767] sp : ffff00000807ba00
> [ 3.774830] x29: ffff00000807ba00 x28: 00000000fffffffb
> [ 3.778344] x27: ffff0000089db068 x26: ffff8000f6e58000
> [ 3.783728] x25: 000000000000000e x24: 0000000000000800
> [ 3.789023] x23: ffff8000f6e587c8 x22: 0000000000000800
> [ 3.794319] x21: ffff000008908368 x20: ffff8000f6e1ab80
> [ 3.799615] x19: 000000000000006c x18: ffffffffffffffff
> [ 3.804910] x17: 0000000000000000 x16: 0000000000000000
> [ 3.810206] x15: ffff000009199648 x14: ffff000089244187
> [ 3.815502] x13: ffff000009244195 x12: ffff0000091ab000
> [ 3.820797] x11: 0000000005f5e0ff x10: ffff0000091998a0
> [ 3.826093] x9 : 0000000000000000 x8 : ffff8000f6e1ac00
> [ 3.831389] x7 : 0000000000000000 x6 : 0000000000000068
> [ 3.836676] x5 : ffff8000f6e1abe8 x4 : 0000000000000000
> [ 3.841971] x3 : ffff00000928c868 x2 : ffff8000f6e1abec
> [ 3.847267] x1 : ffff00000928c868 x0 : ffff8000f6e1abe8
> [ 3.852567] Process swapper/0 (pid: 1, stack limit = 0x(____ptrval____))
> [ 3.857900] Call trace:
> [ 3.864473] __memcpy_fromio+0x68/0x80
> [ 3.866683] ufs_qcom_dump_dbg_regs+0x1c0/0x370
> [ 3.870522] ufshcd_print_host_regs+0x168/0x190
> [ 3.874946] ufshcd_init+0xd4c/0xde0
> [ 3.879459] ufshcd_pltfrm_init+0x3c8/0x550
> [ 3.883264] ufs_qcom_probe+0x24/0x60
> [ 3.887188] platform_drv_probe+0x50/0xa0
> [ 3.890993] really_probe+0x1f0/0x2a0
> [ 3.894983] driver_probe_device+0x58/0x100
> [ 3.898628] __driver_attach+0xd4/0xe0
> [ 3.902617] bus_for_each_dev+0x74/0xd0
> [ 3.906436] driver_attach+0x20/0x30
> [ 3.910169] bus_add_driver+0x1ac/0x220
> [ 3.913992] driver_register+0x60/0x110
> [ 3.917540] __platform_driver_register+0x40/0x50
> [ 3.921413] ufs_qcom_pltform_init+0x18/0x20
> [ 3.926248] do_one_initcall+0x5c/0x180
> [ 3.930593] kernel_init_freeable+0x198/0x244
> [ 3.934156] kernel_init+0x10/0x110
> [ 3.938629] ret_from_fork+0x10/0x20
> [ 3.941940] Code: f2400842 54000100 8b020002 d503201f (39400023)
> [ 3.945875] ---[ end trace 2d10f654364744f5 ]---
> [ 3.951841] Kernel panic - not syncing: Attempted to kill init! exitcode=0x0000000b
> [ 3.956528] SMP: stopping secondary CPUs
> [ 5.005502] SMP: failed to stop secondary CPUs 2,7
> [ 5.005648] Kernel Offset: disabled
> [ 5.009292] CPU features: 0x2,21802008
> [ 5.012676] Memory Limit: none
> [ 5.016485] ---[ end Kernel panic - not syncing: Attempted to kill init! exitcode=0x0000000b ]---
>
>
> The problem appears to be on this line:
>
> reg = ufs_qcom_get_debug_reg_offset(host, UFS_DBG_RD_REG_RXUC);
> /* reg = 0x800 */
> print_fn(hba, reg, 27, "UFS_DBG_RD_REG_RXUC ", priv);
>
> I'm not sure what's going on, because the driver is supposed to map 0x2500 bytes.
> (reg = <0x1da4000 0x2500>;)
It is mapped - you're not getting an MMU fault but an external abort,
which means the access has been translated and gone out, but the
peripheral (or possibly the interconnect in between) didn't like it and
sent some kind of decode error back. Given that you're faulting in
memcpy_from_io() that's not too surprising - using that on actual device
registers (rather than stuff like ioremap()ed SRAM) is generally a bad
idea, since you have no control over things like access size and
ordering that a typical device is sensitive to.
> Commenting out the last 4 dumps of ufs_qcom_print_hw_debug_reg_all() makes
> the panic disappear, but the kernel just hangs after printing UFS_DBG_RD_REG_TXUC
I'd recommend fixing the register dump code to use specific read*()
accesses of the appropriate sizes for each register.
Robin.
_______________________________________________
linux-arm-kernel mailing list
linux-arm-kernel@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/linux-arm-kernel
^ permalink raw reply [flat|nested] 16+ messages in thread
* Re: ufs_qcom_dump_dbg_regs makes the kernel panic
2018-12-10 13:34 ` Robin Murphy
@ 2018-12-10 14:07 ` Marc Gonzalez
-1 siblings, 0 replies; 16+ messages in thread
From: Marc Gonzalez @ 2018-12-10 14:07 UTC (permalink / raw)
To: Robin Murphy, Jeffrey Hugo, Vivek Gautam, Bjorn Andersson,
Andy Gross, David Brown
Cc: MSM, Linux ARM
On 10/12/2018 14:34, Robin Murphy wrote:
> On 10/12/2018 12:37, Marc Gonzalez wrote:
>
>> When the kernel fails to init the UFSHC, it calls ufshcd_print_host_regs()
>> to help with debugging, which calls the dbg_register_dump hook.
>>
>> ufs_qcom_dump_dbg_regs makes the kernel panic:
>>
>> [ 3.715634] UFS_DBG_RD_REG_TXUC 000000a0: 00000000 00000000 00000000 00000000
>> [ 3.722750] UFS_DBG_RD_REG_TXUC 000000b0: 00000001 00000000 00000000 00000004
>> [ 3.729943] Internal error: synchronous external abort: 96000210 [#1] PREEMPT SMP
>> [ 3.737000] Modules linked in:
>> [ 3.744371] CPU: 2 PID: 1 Comm: swapper/0 Tainted: G S 4.20.0-rc4 #16
>> [ 3.747413] Hardware name: Qualcomm Technologies, Inc. MSM8998 v1 MTP (DT)
>> [ 3.755295] pstate: 00000005 (nzcv daif -PAN -UAO)
>> [ 3.761978] pc : __memcpy_fromio+0x68/0x80
>> [ 3.766718] lr : ufshcd_dump_regs+0x50/0xb0
>> [ 3.770767] sp : ffff00000807ba00
>> [ 3.774830] x29: ffff00000807ba00 x28: 00000000fffffffb
>> [ 3.778344] x27: ffff0000089db068 x26: ffff8000f6e58000
>> [ 3.783728] x25: 000000000000000e x24: 0000000000000800
>> [ 3.789023] x23: ffff8000f6e587c8 x22: 0000000000000800
>> [ 3.794319] x21: ffff000008908368 x20: ffff8000f6e1ab80
>> [ 3.799615] x19: 000000000000006c x18: ffffffffffffffff
>> [ 3.804910] x17: 0000000000000000 x16: 0000000000000000
>> [ 3.810206] x15: ffff000009199648 x14: ffff000089244187
>> [ 3.815502] x13: ffff000009244195 x12: ffff0000091ab000
>> [ 3.820797] x11: 0000000005f5e0ff x10: ffff0000091998a0
>> [ 3.826093] x9 : 0000000000000000 x8 : ffff8000f6e1ac00
>> [ 3.831389] x7 : 0000000000000000 x6 : 0000000000000068
>> [ 3.836676] x5 : ffff8000f6e1abe8 x4 : 0000000000000000
>> [ 3.841971] x3 : ffff00000928c868 x2 : ffff8000f6e1abec
>> [ 3.847267] x1 : ffff00000928c868 x0 : ffff8000f6e1abe8
>> [ 3.852567] Process swapper/0 (pid: 1, stack limit = 0x(____ptrval____))
>> [ 3.857900] Call trace:
>> [ 3.864473] __memcpy_fromio+0x68/0x80
>> [ 3.866683] ufs_qcom_dump_dbg_regs+0x1c0/0x370
>> [ 3.870522] ufshcd_print_host_regs+0x168/0x190
>> [ 3.874946] ufshcd_init+0xd4c/0xde0
>> [ 3.879459] ufshcd_pltfrm_init+0x3c8/0x550
>> [ 3.883264] ufs_qcom_probe+0x24/0x60
>> [ 3.887188] platform_drv_probe+0x50/0xa0
>> [ 3.890993] really_probe+0x1f0/0x2a0
>> [ 3.894983] driver_probe_device+0x58/0x100
>> [ 3.898628] __driver_attach+0xd4/0xe0
>> [ 3.902617] bus_for_each_dev+0x74/0xd0
>> [ 3.906436] driver_attach+0x20/0x30
>> [ 3.910169] bus_add_driver+0x1ac/0x220
>> [ 3.913992] driver_register+0x60/0x110
>> [ 3.917540] __platform_driver_register+0x40/0x50
>> [ 3.921413] ufs_qcom_pltform_init+0x18/0x20
>> [ 3.926248] do_one_initcall+0x5c/0x180
>> [ 3.930593] kernel_init_freeable+0x198/0x244
>> [ 3.934156] kernel_init+0x10/0x110
>> [ 3.938629] ret_from_fork+0x10/0x20
>> [ 3.941940] Code: f2400842 54000100 8b020002 d503201f (39400023)
>> [ 3.945875] ---[ end trace 2d10f654364744f5 ]---
>> [ 3.951841] Kernel panic - not syncing: Attempted to kill init! exitcode=0x0000000b
>> [ 3.956528] SMP: stopping secondary CPUs
>> [ 5.005502] SMP: failed to stop secondary CPUs 2,7
>> [ 5.005648] Kernel Offset: disabled
>> [ 5.009292] CPU features: 0x2,21802008
>> [ 5.012676] Memory Limit: none
>> [ 5.016485] ---[ end Kernel panic - not syncing: Attempted to kill init! exitcode=0x0000000b ]---
>>
>>
>> The problem appears to be on this line:
>>
>> reg = ufs_qcom_get_debug_reg_offset(host, UFS_DBG_RD_REG_RXUC);
>> /* reg = 0x800 */
>> print_fn(hba, reg, 27, "UFS_DBG_RD_REG_RXUC ", priv);
>>
>> I'm not sure what's going on, because the driver is supposed to map 0x2500 bytes.
>> (reg = <0x1da4000 0x2500>;)
>
> It is mapped - you're not getting an MMU fault but an external abort,
> which means the access has been translated and gone out, but the
> peripheral (or possibly the interconnect in between) didn't like it and
> sent some kind of decode error back. Given that you're faulting in
> memcpy_from_io() that's not too surprising - using that on actual device
> registers (rather than stuff like ioremap()ed SRAM) is generally a bad
> idea, since you have no control over things like access size and
> ordering that a typical device is sensitive to.
Thanks Robin, your insight is always so very helpful. I do see that __memcpy_fromio
reads in chunks of 8-bytes, using __raw_readq.
The weird thing (to me) is that the kernel does not panic when I call
the debug function a bit later (after sleeping for a second). Feels
like there is a race somewhere, and the device is not happy if it
accessed "too soon". The kernel still hangs though, which might be
worse than a clear-cut panic...
>> Commenting out the last 4 dumps of ufs_qcom_print_hw_debug_reg_all() makes
>> the panic disappear, but the kernel just hangs after printing UFS_DBG_RD_REG_TXUC
>
> I'd recommend fixing the register dump code to use specific read*()
> accesses of the appropriate sizes for each register.
I don't have documentation for that memory region, but based on the source code,
I would assume 32-bit registers. I'll try cooking up a small patch.
Regards.
^ permalink raw reply [flat|nested] 16+ messages in thread
* Re: ufs_qcom_dump_dbg_regs makes the kernel panic
@ 2018-12-10 14:07 ` Marc Gonzalez
0 siblings, 0 replies; 16+ messages in thread
From: Marc Gonzalez @ 2018-12-10 14:07 UTC (permalink / raw)
To: Robin Murphy, Jeffrey Hugo, Vivek Gautam, Bjorn Andersson,
Andy Gross, David Brown
Cc: MSM, Linux ARM
On 10/12/2018 14:34, Robin Murphy wrote:
> On 10/12/2018 12:37, Marc Gonzalez wrote:
>
>> When the kernel fails to init the UFSHC, it calls ufshcd_print_host_regs()
>> to help with debugging, which calls the dbg_register_dump hook.
>>
>> ufs_qcom_dump_dbg_regs makes the kernel panic:
>>
>> [ 3.715634] UFS_DBG_RD_REG_TXUC 000000a0: 00000000 00000000 00000000 00000000
>> [ 3.722750] UFS_DBG_RD_REG_TXUC 000000b0: 00000001 00000000 00000000 00000004
>> [ 3.729943] Internal error: synchronous external abort: 96000210 [#1] PREEMPT SMP
>> [ 3.737000] Modules linked in:
>> [ 3.744371] CPU: 2 PID: 1 Comm: swapper/0 Tainted: G S 4.20.0-rc4 #16
>> [ 3.747413] Hardware name: Qualcomm Technologies, Inc. MSM8998 v1 MTP (DT)
>> [ 3.755295] pstate: 00000005 (nzcv daif -PAN -UAO)
>> [ 3.761978] pc : __memcpy_fromio+0x68/0x80
>> [ 3.766718] lr : ufshcd_dump_regs+0x50/0xb0
>> [ 3.770767] sp : ffff00000807ba00
>> [ 3.774830] x29: ffff00000807ba00 x28: 00000000fffffffb
>> [ 3.778344] x27: ffff0000089db068 x26: ffff8000f6e58000
>> [ 3.783728] x25: 000000000000000e x24: 0000000000000800
>> [ 3.789023] x23: ffff8000f6e587c8 x22: 0000000000000800
>> [ 3.794319] x21: ffff000008908368 x20: ffff8000f6e1ab80
>> [ 3.799615] x19: 000000000000006c x18: ffffffffffffffff
>> [ 3.804910] x17: 0000000000000000 x16: 0000000000000000
>> [ 3.810206] x15: ffff000009199648 x14: ffff000089244187
>> [ 3.815502] x13: ffff000009244195 x12: ffff0000091ab000
>> [ 3.820797] x11: 0000000005f5e0ff x10: ffff0000091998a0
>> [ 3.826093] x9 : 0000000000000000 x8 : ffff8000f6e1ac00
>> [ 3.831389] x7 : 0000000000000000 x6 : 0000000000000068
>> [ 3.836676] x5 : ffff8000f6e1abe8 x4 : 0000000000000000
>> [ 3.841971] x3 : ffff00000928c868 x2 : ffff8000f6e1abec
>> [ 3.847267] x1 : ffff00000928c868 x0 : ffff8000f6e1abe8
>> [ 3.852567] Process swapper/0 (pid: 1, stack limit = 0x(____ptrval____))
>> [ 3.857900] Call trace:
>> [ 3.864473] __memcpy_fromio+0x68/0x80
>> [ 3.866683] ufs_qcom_dump_dbg_regs+0x1c0/0x370
>> [ 3.870522] ufshcd_print_host_regs+0x168/0x190
>> [ 3.874946] ufshcd_init+0xd4c/0xde0
>> [ 3.879459] ufshcd_pltfrm_init+0x3c8/0x550
>> [ 3.883264] ufs_qcom_probe+0x24/0x60
>> [ 3.887188] platform_drv_probe+0x50/0xa0
>> [ 3.890993] really_probe+0x1f0/0x2a0
>> [ 3.894983] driver_probe_device+0x58/0x100
>> [ 3.898628] __driver_attach+0xd4/0xe0
>> [ 3.902617] bus_for_each_dev+0x74/0xd0
>> [ 3.906436] driver_attach+0x20/0x30
>> [ 3.910169] bus_add_driver+0x1ac/0x220
>> [ 3.913992] driver_register+0x60/0x110
>> [ 3.917540] __platform_driver_register+0x40/0x50
>> [ 3.921413] ufs_qcom_pltform_init+0x18/0x20
>> [ 3.926248] do_one_initcall+0x5c/0x180
>> [ 3.930593] kernel_init_freeable+0x198/0x244
>> [ 3.934156] kernel_init+0x10/0x110
>> [ 3.938629] ret_from_fork+0x10/0x20
>> [ 3.941940] Code: f2400842 54000100 8b020002 d503201f (39400023)
>> [ 3.945875] ---[ end trace 2d10f654364744f5 ]---
>> [ 3.951841] Kernel panic - not syncing: Attempted to kill init! exitcode=0x0000000b
>> [ 3.956528] SMP: stopping secondary CPUs
>> [ 5.005502] SMP: failed to stop secondary CPUs 2,7
>> [ 5.005648] Kernel Offset: disabled
>> [ 5.009292] CPU features: 0x2,21802008
>> [ 5.012676] Memory Limit: none
>> [ 5.016485] ---[ end Kernel panic - not syncing: Attempted to kill init! exitcode=0x0000000b ]---
>>
>>
>> The problem appears to be on this line:
>>
>> reg = ufs_qcom_get_debug_reg_offset(host, UFS_DBG_RD_REG_RXUC);
>> /* reg = 0x800 */
>> print_fn(hba, reg, 27, "UFS_DBG_RD_REG_RXUC ", priv);
>>
>> I'm not sure what's going on, because the driver is supposed to map 0x2500 bytes.
>> (reg = <0x1da4000 0x2500>;)
>
> It is mapped - you're not getting an MMU fault but an external abort,
> which means the access has been translated and gone out, but the
> peripheral (or possibly the interconnect in between) didn't like it and
> sent some kind of decode error back. Given that you're faulting in
> memcpy_from_io() that's not too surprising - using that on actual device
> registers (rather than stuff like ioremap()ed SRAM) is generally a bad
> idea, since you have no control over things like access size and
> ordering that a typical device is sensitive to.
Thanks Robin, your insight is always so very helpful. I do see that __memcpy_fromio
reads in chunks of 8-bytes, using __raw_readq.
The weird thing (to me) is that the kernel does not panic when I call
the debug function a bit later (after sleeping for a second). Feels
like there is a race somewhere, and the device is not happy if it
accessed "too soon". The kernel still hangs though, which might be
worse than a clear-cut panic...
>> Commenting out the last 4 dumps of ufs_qcom_print_hw_debug_reg_all() makes
>> the panic disappear, but the kernel just hangs after printing UFS_DBG_RD_REG_TXUC
>
> I'd recommend fixing the register dump code to use specific read*()
> accesses of the appropriate sizes for each register.
I don't have documentation for that memory region, but based on the source code,
I would assume 32-bit registers. I'll try cooking up a small patch.
Regards.
_______________________________________________
linux-arm-kernel mailing list
linux-arm-kernel@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/linux-arm-kernel
^ permalink raw reply [flat|nested] 16+ messages in thread
* Re: ufs_qcom_dump_dbg_regs makes the kernel panic
2018-12-10 14:07 ` Marc Gonzalez
@ 2018-12-10 14:57 ` Marc Gonzalez
-1 siblings, 0 replies; 16+ messages in thread
From: Marc Gonzalez @ 2018-12-10 14:57 UTC (permalink / raw)
To: Robin Murphy, Jeffrey Hugo, Vivek Gautam, Bjorn Andersson,
Andy Gross, David Brown
Cc: MSM, Linux ARM
On 10/12/2018 15:07, Marc Gonzalez wrote:
> On 10/12/2018 14:34, Robin Murphy wrote:
>
>> On 10/12/2018 12:37, Marc Gonzalez wrote:
>>
>>> When the kernel fails to init the UFSHC, it calls ufshcd_print_host_regs()
>>> to help with debugging, which calls the dbg_register_dump hook.
>>>
>>> ufs_qcom_dump_dbg_regs makes the kernel panic:
>>>
>>> [ 3.715634] UFS_DBG_RD_REG_TXUC 000000a0: 00000000 00000000 00000000 00000000
>>> [ 3.722750] UFS_DBG_RD_REG_TXUC 000000b0: 00000001 00000000 00000000 00000004
>>> [ 3.729943] Internal error: synchronous external abort: 96000210 [#1] PREEMPT SMP
>>> [ 3.737000] Modules linked in:
>>> [ 3.744371] CPU: 2 PID: 1 Comm: swapper/0 Tainted: G S 4.20.0-rc4 #16
>>> [ 3.747413] Hardware name: Qualcomm Technologies, Inc. MSM8998 v1 MTP (DT)
>>> [ 3.755295] pstate: 00000005 (nzcv daif -PAN -UAO)
>>> [ 3.761978] pc : __memcpy_fromio+0x68/0x80
>>> [ 3.766718] lr : ufshcd_dump_regs+0x50/0xb0
>>> [ 3.770767] sp : ffff00000807ba00
>>> [ 3.774830] x29: ffff00000807ba00 x28: 00000000fffffffb
>>> [ 3.778344] x27: ffff0000089db068 x26: ffff8000f6e58000
>>> [ 3.783728] x25: 000000000000000e x24: 0000000000000800
>>> [ 3.789023] x23: ffff8000f6e587c8 x22: 0000000000000800
>>> [ 3.794319] x21: ffff000008908368 x20: ffff8000f6e1ab80
>>> [ 3.799615] x19: 000000000000006c x18: ffffffffffffffff
>>> [ 3.804910] x17: 0000000000000000 x16: 0000000000000000
>>> [ 3.810206] x15: ffff000009199648 x14: ffff000089244187
>>> [ 3.815502] x13: ffff000009244195 x12: ffff0000091ab000
>>> [ 3.820797] x11: 0000000005f5e0ff x10: ffff0000091998a0
>>> [ 3.826093] x9 : 0000000000000000 x8 : ffff8000f6e1ac00
>>> [ 3.831389] x7 : 0000000000000000 x6 : 0000000000000068
>>> [ 3.836676] x5 : ffff8000f6e1abe8 x4 : 0000000000000000
>>> [ 3.841971] x3 : ffff00000928c868 x2 : ffff8000f6e1abec
>>> [ 3.847267] x1 : ffff00000928c868 x0 : ffff8000f6e1abe8
>>> [ 3.852567] Process swapper/0 (pid: 1, stack limit = 0x(____ptrval____))
>>> [ 3.857900] Call trace:
>>> [ 3.864473] __memcpy_fromio+0x68/0x80
>>> [ 3.866683] ufs_qcom_dump_dbg_regs+0x1c0/0x370
>>> [ 3.870522] ufshcd_print_host_regs+0x168/0x190
>>> [ 3.874946] ufshcd_init+0xd4c/0xde0
>>> [ 3.879459] ufshcd_pltfrm_init+0x3c8/0x550
>>> [ 3.883264] ufs_qcom_probe+0x24/0x60
>>> [ 3.887188] platform_drv_probe+0x50/0xa0
>>> [ 3.890993] really_probe+0x1f0/0x2a0
>>> [ 3.894983] driver_probe_device+0x58/0x100
>>> [ 3.898628] __driver_attach+0xd4/0xe0
>>> [ 3.902617] bus_for_each_dev+0x74/0xd0
>>> [ 3.906436] driver_attach+0x20/0x30
>>> [ 3.910169] bus_add_driver+0x1ac/0x220
>>> [ 3.913992] driver_register+0x60/0x110
>>> [ 3.917540] __platform_driver_register+0x40/0x50
>>> [ 3.921413] ufs_qcom_pltform_init+0x18/0x20
>>> [ 3.926248] do_one_initcall+0x5c/0x180
>>> [ 3.930593] kernel_init_freeable+0x198/0x244
>>> [ 3.934156] kernel_init+0x10/0x110
>>> [ 3.938629] ret_from_fork+0x10/0x20
>>> [ 3.941940] Code: f2400842 54000100 8b020002 d503201f (39400023)
>>> [ 3.945875] ---[ end trace 2d10f654364744f5 ]---
>>> [ 3.951841] Kernel panic - not syncing: Attempted to kill init! exitcode=0x0000000b
>>> [ 3.956528] SMP: stopping secondary CPUs
>>> [ 5.005502] SMP: failed to stop secondary CPUs 2,7
>>> [ 5.005648] Kernel Offset: disabled
>>> [ 5.009292] CPU features: 0x2,21802008
>>> [ 5.012676] Memory Limit: none
>>> [ 5.016485] ---[ end Kernel panic - not syncing: Attempted to kill init! exitcode=0x0000000b ]---
>>>
>>>
>>> The problem appears to be on this line:
>>>
>>> reg = ufs_qcom_get_debug_reg_offset(host, UFS_DBG_RD_REG_RXUC);
>>> /* reg = 0x800 */
>>> print_fn(hba, reg, 27, "UFS_DBG_RD_REG_RXUC ", priv);
>>>
>>> I'm not sure what's going on, because the driver is supposed to map 0x2500 bytes.
>>> (reg = <0x1da4000 0x2500>;)
>>
>> It is mapped - you're not getting an MMU fault but an external abort,
>> which means the access has been translated and gone out, but the
>> peripheral (or possibly the interconnect in between) didn't like it and
>> sent some kind of decode error back. Given that you're faulting in
>> memcpy_from_io() that's not too surprising - using that on actual device
>> registers (rather than stuff like ioremap()ed SRAM) is generally a bad
>> idea, since you have no control over things like access size and
>> ordering that a typical device is sensitive to.
>
> Thanks Robin, your insight is always so very helpful. I do see that __memcpy_fromio
> reads in chunks of 8-bytes, using __raw_readq.
>
> The weird thing (to me) is that the kernel does not panic when I call
> the debug function a bit later (after sleeping for a second). Feels
> like there is a race somewhere, and the device is not happy if it
> accessed "too soon". The kernel still hangs though, which might be
> worse than a clear-cut panic...
>
>>> Commenting out the last 4 dumps of ufs_qcom_print_hw_debug_reg_all() makes
>>> the panic disappear, but the kernel just hangs after printing UFS_DBG_RD_REG_TXUC
>>
>> I'd recommend fixing the register dump code to use specific read*()
>> accesses of the appropriate sizes for each register.
>
> I don't have documentation for that memory region, but based on the source code,
> I would assume 32-bit registers. I'll try cooking up a small patch.
I applied the following patch:
diff --git a/drivers/scsi/ufs/ufshcd.c b/drivers/scsi/ufs/ufshcd.c
index 3d4bdfab6c18..1fb74ce012e9 100644
--- a/drivers/scsi/ufs/ufshcd.c
+++ b/drivers/scsi/ufs/ufshcd.c
@@ -111,13 +111,16 @@
int ufshcd_dump_regs(struct ufs_hba *hba, size_t offset, size_t len,
const char *prefix)
{
- u8 *regs;
+ u32 *regs;
+ size_t end;
regs = kzalloc(len, GFP_KERNEL);
if (!regs)
return -ENOMEM;
- memcpy_fromio(regs, hba->mmio_base + offset, len);
+ for (end = offset + len; offset < end; offset += 4)
+ regs[offset / 4] = ufshcd_readl(hba, offset);
+
ufshcd_hex_dump(prefix, regs, len);
kfree(regs);
That does seem to fix the "synchronous external abort", as can be
(not) seen in the following log:
[ 12.361219] ufshcd-qcom 1da4000.ufshc: dme-link-startup: error code 1
[ 12.473064] ufshcd-qcom 1da4000.ufshc: dme-link-startup: error code 1
[ 12.585057] ufshcd-qcom 1da4000.ufshc: dme-link-startup: error code 1
[ 12.697058] ufshcd-qcom 1da4000.ufshc: dme-link-startup: error code 1
[ 12.708104] ufshcd-qcom 1da4000.ufshc: link startup failed 1
[ 12.708265] ufshcd-qcom 1da4000.ufshc: UFS Host state=0
[ 12.712980] ufshcd-qcom 1da4000.ufshc: lrb in use=0x0, outstanding reqs=0x0 tasks=0x0
[ 12.717986] ufshcd-qcom 1da4000.ufshc: saved_err=0x0, saved_uic_err=0x0
[ 12.725945] ufshcd-qcom 1da4000.ufshc: Device power mode=1, UIC link state=0
[ 12.732374] ufshcd-qcom 1da4000.ufshc: PM in progress=0, sys. suspended=0
[ 12.739666] ufshcd-qcom 1da4000.ufshc: Auto BKOPS=0, Host self-block=0
[ 12.746331] ufshcd-qcom 1da4000.ufshc: Clk gate=1
[ 12.752722] ufshcd-qcom 1da4000.ufshc: error handling flags=0x0, req. abort count=0
[ 12.757556] ufshcd-qcom 1da4000.ufshc: Host capabilities=0x1587001f, caps=0xf
[ 12.765019] ufshcd-qcom 1da4000.ufshc: quirks=0x0, dev. quirks=0x0
[ 12.772285] ufshcd-qcom 1da4000.ufshc: ufshcd_print_pwr_info:[RX, TX]: gear=[0, 0], lane[0, 0], pwr[INVALID MODE, INVALID MODE], rate = 0
[ 12.778683] host_regs: 00000000: 1587001f 00000000 00000210 00000000
[ 12.790777] host_regs: 00000010: 01000000 00010217 00000000 00000000
[ 12.797209] host_regs: 00000020: 00000000 00000470 00000000 00000000
[ 12.803542] host_regs: 00000030: 00000008 00000001 00000000 00000000
[ 12.809880] host_regs: 00000040: 00000000 00000000 00000000 00000000
[ 12.816213] host_regs: 00000050: 00000000 00000000 00000000 00000000
[ 12.822558] host_regs: 00000060: 00000000 00000000 00000000 00000000
[ 12.828890] host_regs: 00000070: 00000000 00000000 00000000 00000000
[ 12.835237] host_regs: 00000080: 00000000 00000000 00000000 00000000
[ 12.841560] host_regs: 00000090: 00000001 00410000 00000000 00000001
[ 12.847906] ufshcd-qcom 1da4000.ufshc: hba->ufs_version = 0x210, hba->capabilities = 0x1587001f
[ 12.854281] ufshcd-qcom 1da4000.ufshc: hba->outstanding_reqs = 0x0, hba->outstanding_tasks = 0x0
[ 12.862717] ufshcd-qcom 1da4000.ufshc: last_hibern8_exit_tstamp at 0 us, hibern8_exit_cnt = 0
[ 12.871739] ufshcd-qcom 1da4000.ufshc: clk: core_clk, rate: 200000000
[ 12.880105] ufshcd-qcom 1da4000.ufshc: clk: core_clk_unipro, rate: 150000000
[ 12.886540] ufshcd-qcom 1da4000.ufshc: clk: core_clk_ice, rate: 300000000
[ 12.893730] HCI Vendor Specific Registers 00000000: 00000000 00000000 00000000 00000000
[ 12.900359] HCI Vendor Specific Registers 00000010: 00000000 00000000 00000000 00000000
[ 12.908182] HCI Vendor Specific Registers 00000020: 00000000 00000000 00000000 00000000
[ 12.916154] HCI Vendor Specific Registers 00000030: 00000000 00000000 00000000 00000000
[ 12.924310] UFS_UFS_DBG_RD_REG_OCSC 00000000: 00000000 00000000 00000000 00000000
[ 12.932122] UFS_UFS_DBG_RD_REG_OCSC 00000010: 00000000 00000000 00000000 00000000
[ 12.939767] UFS_UFS_DBG_RD_REG_OCSC 00000020: 00000000 00000000 00000000 00000000
[ 12.947225] UFS_UFS_DBG_RD_REG_OCSC 00000030: 00000000 00000000 00000000 00000000
[ 12.954691] UFS_UFS_DBG_RD_REG_OCSC 00000040: 00000000 00000000 00000000 00000000
[ 12.962156] UFS_UFS_DBG_RD_REG_OCSC 00000050: 00000000 00000000 00000000 00000000
[ 12.969632] UFS_UFS_DBG_RD_REG_OCSC 00000060: 00000000 00000000 00000000 00000000
[ 12.977094] UFS_UFS_DBG_RD_REG_OCSC 00000070: 00000000 00000000 00000000 00000000
[ 12.984559] UFS_UFS_DBG_RD_REG_OCSC 00000080: 00000000 00000000 00000000 00000000
[ 12.992017] UFS_UFS_DBG_RD_REG_OCSC 00000090: 00000000 00000000 00000000 00000000
[ 12.999488] UFS_UFS_DBG_RD_REG_OCSC 000000a0: 00000000 00000000 00000000 00000000
[ 13.007073] UFS_UFS_DBG_RD_EDTL_RAM 00000000: 00000000 00000000 00000000 00000000
[ 13.014421] UFS_UFS_DBG_RD_EDTL_RAM 00000010: 00000000 00000000 00000000 00000000
[ 13.021878] UFS_UFS_DBG_RD_EDTL_RAM 00000020: 00000000 00000000 00000000 00000000
[ 13.029346] UFS_UFS_DBG_RD_EDTL_RAM 00000030: 00000000 00000000 00000000 00000000
[ 13.036814] UFS_UFS_DBG_RD_EDTL_RAM 00000040: 00000000 00000000 00000000 00000000
[ 13.044288] UFS_UFS_DBG_RD_EDTL_RAM 00000050: 00000000 00000000 00000000 00000000
[ 13.051746] UFS_UFS_DBG_RD_EDTL_RAM 00000060: 00000000 00000000 00000000 00000000
[ 13.059212] UFS_UFS_DBG_RD_EDTL_RAM 00000070: 00000000 00000000 00000000 00000000
[ 13.067140] UFS_UFS_DBG_RD_DESC_RAM 00000000: 00000000 00000000 00000000 00000000
[ 13.074147] UFS_UFS_DBG_RD_DESC_RAM 00000010: 00000000 00000000 00000000 00000000
[ 13.081606] UFS_UFS_DBG_RD_DESC_RAM 00000020: 00000000 00000000 00000000 00000000
[ 13.089077] UFS_UFS_DBG_RD_DESC_RAM 00000030: 00000000 00000000 00000000 00000000
[ 13.096538] UFS_UFS_DBG_RD_DESC_RAM 00000040: 00000000 00000000 00000000 00000000
[ 13.104007] UFS_UFS_DBG_RD_DESC_RAM 00000050: 00000000 00000000 00000000 00000000
[ 13.111468] UFS_UFS_DBG_RD_DESC_RAM 00000060: 00000000 00000000 00000000 00000000
[ 13.118939] UFS_UFS_DBG_RD_DESC_RAM 00000070: 00000000 00000000 00000000 00000000
[ 13.126398] UFS_UFS_DBG_RD_DESC_RAM 00000080: 00000000 00000000 00000000 00000000
[ 13.133866] UFS_UFS_DBG_RD_DESC_RAM 00000090: 00000000 00000000 00000000 00000000
[ 13.141324] UFS_UFS_DBG_RD_DESC_RAM 000000a0: 00000000 00000000 00000000 00000000
[ 13.148797] UFS_UFS_DBG_RD_DESC_RAM 000000b0: 00000000 00000000 00000000 00000000
[ 13.156258] UFS_UFS_DBG_RD_DESC_RAM 000000c0: 00000000 00000000 00000000 00000000
[ 13.163726] UFS_UFS_DBG_RD_DESC_RAM 000000d0: 00000000 00000000 00000000 00000000
[ 13.171182] UFS_UFS_DBG_RD_DESC_RAM 000000e0: 00000000 00000000 00000000 00000000
[ 13.178654] UFS_UFS_DBG_RD_DESC_RAM 000000f0: 00000000 00000000 00000000 00000000
[ 13.186115] UFS_UFS_DBG_RD_DESC_RAM 00000100: 00000000 00000000 00000000 00000000
[ 13.193588] UFS_UFS_DBG_RD_DESC_RAM 00000110: 00000000 00000000 00000000 00000000
[ 13.201047] UFS_UFS_DBG_RD_DESC_RAM 00000120: 00000000 00000000 00000000 00000000
[ 13.208519] UFS_UFS_DBG_RD_DESC_RAM 00000130: 00000000 00000000 00000000 00000000
[ 13.215982] UFS_UFS_DBG_RD_DESC_RAM 00000140: 00000000 00000000 00000000 00000000
[ 13.223447] UFS_UFS_DBG_RD_DESC_RAM 00000150: 00000000 00000000 00000000 00000000
[ 13.230905] UFS_UFS_DBG_RD_DESC_RAM 00000160: 00000000 00000000 00000000 00000000
[ 13.238373] UFS_UFS_DBG_RD_DESC_RAM 00000170: 00000000 00000000 00000000 00000000
[ 13.245842] UFS_UFS_DBG_RD_DESC_RAM 00000180: 00000000 00000000 00000000 00000000
[ 13.253306] UFS_UFS_DBG_RD_DESC_RAM 00000190: 00000000 00000000 00000000 00000000
[ 13.260765] UFS_UFS_DBG_RD_DESC_RAM 000001a0: 00000000 00000000 00000000 00000000
[ 13.268233] UFS_UFS_DBG_RD_DESC_RAM 000001b0: 00000000 00000000 00000000 00000000
[ 13.275702] UFS_UFS_DBG_RD_DESC_RAM 000001c0: 00000000 00000000 00000000 00000000
[ 13.283174] UFS_UFS_DBG_RD_DESC_RAM 000001d0: 00000000 00000000 00000000 00000000
[ 13.290632] UFS_UFS_DBG_RD_DESC_RAM 000001e0: 00000000 00000000 00000000 00000000
[ 13.298104] UFS_UFS_DBG_RD_DESC_RAM 000001f0: 00000000 00000000 00000000 00000000
[ 13.305802] UFS_UFS_DBG_RD_PRDT_RAM 00000000: 00000000 00000000 00000000 00000000
[ 13.313036] UFS_UFS_DBG_RD_PRDT_RAM 00000010: 00000000 00000000 00000000 00000000
[ 13.320495] UFS_UFS_DBG_RD_PRDT_RAM 00000020: 00000000 00000000 00000000 00000000
[ 13.327959] UFS_UFS_DBG_RD_PRDT_RAM 00000030: 00000000 00000000 00000000 00000000
[ 13.335420] UFS_UFS_DBG_RD_PRDT_RAM 00000040: 00000000 00000000 00000000 00000000
[ 13.342894] UFS_UFS_DBG_RD_PRDT_RAM 00000050: 00000000 00000000 00000000 00000000
[ 13.350352] UFS_UFS_DBG_RD_PRDT_RAM 00000060: 00000000 00000000 00000000 00000000
[ 13.357823] UFS_UFS_DBG_RD_PRDT_RAM 00000070: 00000000 00000000 00000000 00000000
[ 13.365281] UFS_UFS_DBG_RD_PRDT_RAM 00000080: 00000000 00000000 00000000 00000000
[ 13.372747] UFS_UFS_DBG_RD_PRDT_RAM 00000090: 00000000 00000000 00000000 00000000
[ 13.380232] UFS_UFS_DBG_RD_PRDT_RAM 000000a0: 00000000 00000000 00000000 00000000
[ 13.387681] UFS_UFS_DBG_RD_PRDT_RAM 000000b0: 00000000 00000000 00000000 00000000
[ 13.395150] UFS_UFS_DBG_RD_PRDT_RAM 000000c0: 00000000 00000000 00000000 00000000
[ 13.402612] UFS_UFS_DBG_RD_PRDT_RAM 000000d0: 00000000 00000000 00000000 00000000
[ 13.410078] UFS_UFS_DBG_RD_PRDT_RAM 000000e0: 00000000 00000000 00000000 00000000
[ 13.417544] UFS_UFS_DBG_RD_PRDT_RAM 000000f0: 00000000 00000000 00000000 00000000
[ 13.425033] UFS_DBG_RD_REG_UAWM 00000000: 00000000 00000000 00000000 00000000
[ 13.432491] UFS_DBG_RD_REG_UARM 00000000: 00000000 00000000 00000000 00000000
[ 13.439762] UFS_DBG_RD_REG_TXUC 00000000: 00000000 00000000 00000000 00000000
[ 13.446706] UFS_DBG_RD_REG_TXUC 00000010: 00000000 00000000 00000000 00000000
[ 13.453811] UFS_DBG_RD_REG_TXUC 00000020: 00000000 00000000 00000000 00000000
[ 13.460937] UFS_DBG_RD_REG_TXUC 00000030: 00000000 00000000 00000000 00000000
[ 13.468055] UFS_DBG_RD_REG_TXUC 00000040: 00000000 00000000 00000000 00000000
[ 13.475173] UFS_DBG_RD_REG_TXUC 00000050: 00000000 00000000 00000000 00000000
[ 13.482291] UFS_DBG_RD_REG_TXUC 00000060: 00000000 00000000 00000000 00000000
[ 13.489411] UFS_DBG_RD_REG_TXUC 00000070: 00000000 00000000 00000000 00000000
[ 13.496528] UFS_DBG_RD_REG_TXUC 00000080: 00000000 00000000 00000000 00000000
[ 13.503646] UFS_DBG_RD_REG_TXUC 00000090: 00000000 00000000 00000000 00000000
[ 13.510763] UFS_DBG_RD_REG_TXUC 000000a0: 00000000 00000000 00000000 00000000
[ 13.517883] UFS_DBG_RD_REG_TXUC 000000b0: 00000000 00000000 00000000 00000000
[ 13.525099] UFS_DBG_RD_REG_RXUC 00000000: 00000000 00000000 00000000 00000000
[ 13.532119] UFS_DBG_RD_REG_RXUC 00000010: 00000000 00000000 00000000 00000000
[ 13.539237] UFS_DBG_RD_REG_RXUC 00000020: 00000000 00000000 00000000 00000000
[ 13.546356] UFS_DBG_RD_REG_RXUC 00000030: 00000000 00000000 00000000 00000000
[ 13.553474] UFS_DBG_RD_REG_RXUC 00000040: 00000000 00000000 00000000 00000000
[ 13.560591] UFS_DBG_RD_REG_RXUC 00000050: 00000000 00000000 00000000 00000000
[ 13.567706] UFS_DBG_RD_REG_RXUC 00000060: 00000000 00000000 00000000
[ 13.574883] UFS_DBG_RD_REG_DFC 00000000: 00000000 00000000 00000000 00000000
[ 13.581242] UFS_DBG_RD_REG_DFC 00000010: 00000000 00000000 00000000 00000000
[ 13.588283] UFS_DBG_RD_REG_DFC 00000020: 00000000 00000000 00000000 00000000
[ 13.595311] UFS_DBG_RD_REG_DFC 00000030: 00000000 00000000 00000000 00000000
[ 13.602341] UFS_DBG_RD_REG_DFC 00000040: 00000000 00000000 00000000
[ 13.609472] UFS_DBG_RD_REG_TRLUT 00000000: 00000000 00000000 00000000 00000000
[ 13.615365] UFS_DBG_RD_REG_TRLUT 00000010: 00000000 00000000 00000000 00000000
[ 13.622656] UFS_DBG_RD_REG_TRLUT 00000020: 00000000 00000000 00000000 00000000
[ 13.629862] UFS_DBG_RD_REG_TRLUT 00000030: 00000000 00000000 00000000 00000000
[ 13.637066] UFS_DBG_RD_REG_TRLUT 00000040: 00000000 00000000 00000000 00000000
[ 13.644274] UFS_DBG_RD_REG_TRLUT 00000050: 00000000 00000000 00000000 00000000
[ 13.651470] UFS_DBG_RD_REG_TRLUT 00000060: 00000000 00000000 00000000 00000000
[ 13.658676] UFS_DBG_RD_REG_TRLUT 00000070: 00000000 00000000 00000000 00000000
[ 13.665880] UFS_DBG_RD_REG_TRLUT 00000080: 00000000 00000000
[ 13.673097] UFS_DBG_RD_REG_TMRLUT 00000000: 00000000 00000000 00000000 00000000
[ 13.678908] UFS_DBG_RD_REG_TMRLUT 00000010: 00000000 00000000 00000000 00000000
[ 13.685938] UFS_DBG_RD_REG_TMRLUT 00000020: 00000000
[ 13.694307] UFS_TEST_BUS 00000000
[ 13.708230] UNIPRO_TEST_BUS 00000000: 00000000 00000000 00000000 00000000
[ 13.708410] UNIPRO_TEST_BUS 00000010: 00000000 00000000 00000000 00000000
[ 13.714181] UNIPRO_TEST_BUS 00000020: 00000000 00000000 00000000 00000000
[ 13.720950] UNIPRO_TEST_BUS 00000030: 00000000 80808080 80808080 00000000
[ 13.727725] UNIPRO_TEST_BUS 00000040: 00000000 00120002 0020000a 0020000a
[ 13.734485] UNIPRO_TEST_BUS 00000050: 78002800 78002800 00000200 00000200
[ 13.741264] UNIPRO_TEST_BUS 00000060: 201e0002 201e0002 00000002 00000002
[ 13.748035] UNIPRO_TEST_BUS 00000070: 00700001 00000000 00000001 00000001
[ 13.754810] UNIPRO_TEST_BUS 00000080: 00100000 00000100 1010101e 00000200
[ 13.761572] UNIPRO_TEST_BUS 00000090: 00000000 00000007 00000007 0ac0a007
[ 13.768340] UNIPRO_TEST_BUS 000000a0: 00000007 0b516a07 00205700 20000000
[ 13.775118] UNIPRO_TEST_BUS 000000b0: 00000040 00000020 00000040 00000040
[ 13.781892] UNIPRO_TEST_BUS 000000c0: 64fa3fc0 00020002 00000000 00000000
[ 13.788652] UNIPRO_TEST_BUS 000000d0: 00000000 00000000 00010000 b6825540
[ 13.795434] UNIPRO_TEST_BUS 000000e0: b6825540 0fffff82 fe001000 80000000
[ 13.802196] UNIPRO_TEST_BUS 000000f0: 00008000 7fff2000 00000000 128c01f4
[ 13.808965] UNIPRO_TEST_BUS 00000100: 00018160 00000800 00000070 003e1a7c
[ 13.815734] UNIPRO_TEST_BUS 00000110: 00000000 00000000 003e0000 003e0000
[ 13.822516] UNIPRO_TEST_BUS 00000120: 003e0000 003e0000 00000000 00000000
[ 13.829279] UNIPRO_TEST_BUS 00000130: 9f000000 9f000000 9f000000 9f000000
[ 13.836052] UNIPRO_TEST_BUS 00000140: 00000000 00000000 000d3e00 201ff940
[ 13.842821] UNIPRO_TEST_BUS 00000150: 03e00000 03e00000 03e00000 03e00000
[ 13.849595] UNIPRO_TEST_BUS 00000160: 00000000 00000000 00000000 00000000
[ 13.856366] UNIPRO_TEST_BUS 00000170: 00000000 00000000 00000000 00000000
[ 13.863139] UNIPRO_TEST_BUS 00000180: 00000000 00000000 00000000 00000000
[ 13.869900] UNIPRO_TEST_BUS 00000190: 00000000 00000000 00000000 00000000
[ 13.876680] UNIPRO_TEST_BUS 000001a0: 00000000 02006800 000007fe 00000000
[ 13.883450] UNIPRO_TEST_BUS 000001b0: 000007fe 10040000 04000000 00000000
[ 13.890224] UNIPRO_TEST_BUS 000001c0: 00000000 00000000 00600000 00000000
[ 13.896984] UNIPRO_TEST_BUS 000001d0: 00000000 00001e00 000000cf 00000000
[ 13.903767] UNIPRO_TEST_BUS 000001e0: 00000000 80000000 00003800 00000000
[ 13.910527] UNIPRO_TEST_BUS 000001f0: 94000000 01400000 01000000 00120000
[ 13.917304] UNIPRO_TEST_BUS 00000200: 00000000 00000008 00020000 00000208
[ 13.924073] UNIPRO_TEST_BUS 00000210: 80000208 80010000 20000000 00000000
[ 13.930847] UNIPRO_TEST_BUS 00000220: fff00000 06e40001 00008601 00000000
[ 13.937617] UNIPRO_TEST_BUS 00000230: 000ff000 00000000 00000000 00000000
[ 13.944385] UNIPRO_TEST_BUS 00000240: 000e0000 00054000 a8200000 00000104
[ 13.951152] UNIPRO_TEST_BUS 00000250: 03018000 0c000000 0000a2b0 00002001
[ 13.957935] UNIPRO_TEST_BUS 00000260: 00002001 00002001 00002001 00002001
[ 13.964696] UNIPRO_TEST_BUS 00000270: 00002001 00002001 00002001 00000201
[ 13.971469] UNIPRO_TEST_BUS 00000280: 00000201 00000201 00000201 00000000
[ 13.978238] UNIPRO_TEST_BUS 00000290: 00000000 00000000 00000000 00000000
[ 13.985007] UNIPRO_TEST_BUS 000002a0: 00000000 00000000 00000000 00000000
[ 13.991778] UNIPRO_TEST_BUS 000002b0: 00000000 00000000 00000000 00000000
[ 13.998559] UNIPRO_TEST_BUS 000002c0: 00000000 00000000 00000000 00000000
[ 14.005322] UNIPRO_TEST_BUS 000002d0: 00000000 00000000 00000000 00000000
[ 14.012098] UNIPRO_TEST_BUS 000002e0: 00000000 00000000 00000000 00000000
[ 14.018858] UNIPRO_TEST_BUS 000002f0: 00000000 00000000 00000000 00000000
[ 14.025640] UNIPRO_TEST_BUS 00000300: 00000000 00000000 00000000 00000000
[ 14.032400] UNIPRO_TEST_BUS 00000310: 00000000 00000000 00000000 00000000
[ 14.039182] UNIPRO_TEST_BUS 00000320: 00000000 00000000 00000000 00000000
[ 14.045943] UNIPRO_TEST_BUS 00000330: 00000000 00000000 00000000 00000000
[ 14.052722] UNIPRO_TEST_BUS 00000340: 00000000 00000000 00000000 00000000
[ 14.059491] UNIPRO_TEST_BUS 00000350: 00000000 00000000 00000000 00000000
[ 14.066264] UNIPRO_TEST_BUS 00000360: 00000000 00000000 00000000 00000000
[ 14.073033] UNIPRO_TEST_BUS 00000370: 00000000 00000000 00000000 00000000
[ 14.079806] UNIPRO_TEST_BUS 00000380: 00000000 00000000 00000000 00000000
[ 14.086573] UNIPRO_TEST_BUS 00000390: 00000000 00000000 00000000 00000000
[ 14.093342] UNIPRO_TEST_BUS 000003a0: 00000000 00000000 00000000 00000000
[ 14.100111] UNIPRO_TEST_BUS 000003b0: 00000000 00000000 00000000 00000000
[ 14.106892] UNIPRO_TEST_BUS 000003c0: 00000000 00000000 00000000 00000000
[ 14.113652] UNIPRO_TEST_BUS 000003d0: 00000000 00000000 00000000 00000000
[ 14.120429] UNIPRO_TEST_BUS 000003e0: 00000000 00000000 00000000 00000000
[ 14.127197] UNIPRO_TEST_BUS 000003f0: 00000000 00000000 00000000 00000000
[ 14.135960] ufshcd-qcom 1da4000.ufshc: __ufshcd_setup_clocks: clk: core_clk disabled
[ 14.140789] ufshcd-qcom 1da4000.ufshc: __ufshcd_setup_clocks: clk: bus_aggr_clk disabled
[ 14.148604] ufshcd-qcom 1da4000.ufshc: __ufshcd_setup_clocks: clk: iface_clk disabled
[ 14.156687] ufshcd-qcom 1da4000.ufshc: __ufshcd_setup_clocks: clk: core_clk_unipro disabled
[ 14.164398] ufshcd-qcom 1da4000.ufshc: __ufshcd_setup_clocks: clk: core_clk_ice disabled
[ 14.172866] ufshcd-qcom 1da4000.ufshc: __ufshcd_setup_clocks: clk: ref_clk disabled
[ 14.180878] ufshcd-qcom 1da4000.ufshc: __ufshcd_setup_clocks: clk: tx_lane0_sync_clk disabled
[ 14.188272] ufshcd-qcom 1da4000.ufshc: __ufshcd_setup_clocks: clk: rx_lane0_sync_clk disabled
[ 14.196958] ufshcd-qcom 1da4000.ufshc: __ufshcd_setup_clocks: clk: rx_lane1_sync_clk disabled
/*** System hangs here ***/
Regards.
^ permalink raw reply related [flat|nested] 16+ messages in thread
* Re: ufs_qcom_dump_dbg_regs makes the kernel panic
@ 2018-12-10 14:57 ` Marc Gonzalez
0 siblings, 0 replies; 16+ messages in thread
From: Marc Gonzalez @ 2018-12-10 14:57 UTC (permalink / raw)
To: Robin Murphy, Jeffrey Hugo, Vivek Gautam, Bjorn Andersson,
Andy Gross, David Brown
Cc: MSM, Linux ARM
On 10/12/2018 15:07, Marc Gonzalez wrote:
> On 10/12/2018 14:34, Robin Murphy wrote:
>
>> On 10/12/2018 12:37, Marc Gonzalez wrote:
>>
>>> When the kernel fails to init the UFSHC, it calls ufshcd_print_host_regs()
>>> to help with debugging, which calls the dbg_register_dump hook.
>>>
>>> ufs_qcom_dump_dbg_regs makes the kernel panic:
>>>
>>> [ 3.715634] UFS_DBG_RD_REG_TXUC 000000a0: 00000000 00000000 00000000 00000000
>>> [ 3.722750] UFS_DBG_RD_REG_TXUC 000000b0: 00000001 00000000 00000000 00000004
>>> [ 3.729943] Internal error: synchronous external abort: 96000210 [#1] PREEMPT SMP
>>> [ 3.737000] Modules linked in:
>>> [ 3.744371] CPU: 2 PID: 1 Comm: swapper/0 Tainted: G S 4.20.0-rc4 #16
>>> [ 3.747413] Hardware name: Qualcomm Technologies, Inc. MSM8998 v1 MTP (DT)
>>> [ 3.755295] pstate: 00000005 (nzcv daif -PAN -UAO)
>>> [ 3.761978] pc : __memcpy_fromio+0x68/0x80
>>> [ 3.766718] lr : ufshcd_dump_regs+0x50/0xb0
>>> [ 3.770767] sp : ffff00000807ba00
>>> [ 3.774830] x29: ffff00000807ba00 x28: 00000000fffffffb
>>> [ 3.778344] x27: ffff0000089db068 x26: ffff8000f6e58000
>>> [ 3.783728] x25: 000000000000000e x24: 0000000000000800
>>> [ 3.789023] x23: ffff8000f6e587c8 x22: 0000000000000800
>>> [ 3.794319] x21: ffff000008908368 x20: ffff8000f6e1ab80
>>> [ 3.799615] x19: 000000000000006c x18: ffffffffffffffff
>>> [ 3.804910] x17: 0000000000000000 x16: 0000000000000000
>>> [ 3.810206] x15: ffff000009199648 x14: ffff000089244187
>>> [ 3.815502] x13: ffff000009244195 x12: ffff0000091ab000
>>> [ 3.820797] x11: 0000000005f5e0ff x10: ffff0000091998a0
>>> [ 3.826093] x9 : 0000000000000000 x8 : ffff8000f6e1ac00
>>> [ 3.831389] x7 : 0000000000000000 x6 : 0000000000000068
>>> [ 3.836676] x5 : ffff8000f6e1abe8 x4 : 0000000000000000
>>> [ 3.841971] x3 : ffff00000928c868 x2 : ffff8000f6e1abec
>>> [ 3.847267] x1 : ffff00000928c868 x0 : ffff8000f6e1abe8
>>> [ 3.852567] Process swapper/0 (pid: 1, stack limit = 0x(____ptrval____))
>>> [ 3.857900] Call trace:
>>> [ 3.864473] __memcpy_fromio+0x68/0x80
>>> [ 3.866683] ufs_qcom_dump_dbg_regs+0x1c0/0x370
>>> [ 3.870522] ufshcd_print_host_regs+0x168/0x190
>>> [ 3.874946] ufshcd_init+0xd4c/0xde0
>>> [ 3.879459] ufshcd_pltfrm_init+0x3c8/0x550
>>> [ 3.883264] ufs_qcom_probe+0x24/0x60
>>> [ 3.887188] platform_drv_probe+0x50/0xa0
>>> [ 3.890993] really_probe+0x1f0/0x2a0
>>> [ 3.894983] driver_probe_device+0x58/0x100
>>> [ 3.898628] __driver_attach+0xd4/0xe0
>>> [ 3.902617] bus_for_each_dev+0x74/0xd0
>>> [ 3.906436] driver_attach+0x20/0x30
>>> [ 3.910169] bus_add_driver+0x1ac/0x220
>>> [ 3.913992] driver_register+0x60/0x110
>>> [ 3.917540] __platform_driver_register+0x40/0x50
>>> [ 3.921413] ufs_qcom_pltform_init+0x18/0x20
>>> [ 3.926248] do_one_initcall+0x5c/0x180
>>> [ 3.930593] kernel_init_freeable+0x198/0x244
>>> [ 3.934156] kernel_init+0x10/0x110
>>> [ 3.938629] ret_from_fork+0x10/0x20
>>> [ 3.941940] Code: f2400842 54000100 8b020002 d503201f (39400023)
>>> [ 3.945875] ---[ end trace 2d10f654364744f5 ]---
>>> [ 3.951841] Kernel panic - not syncing: Attempted to kill init! exitcode=0x0000000b
>>> [ 3.956528] SMP: stopping secondary CPUs
>>> [ 5.005502] SMP: failed to stop secondary CPUs 2,7
>>> [ 5.005648] Kernel Offset: disabled
>>> [ 5.009292] CPU features: 0x2,21802008
>>> [ 5.012676] Memory Limit: none
>>> [ 5.016485] ---[ end Kernel panic - not syncing: Attempted to kill init! exitcode=0x0000000b ]---
>>>
>>>
>>> The problem appears to be on this line:
>>>
>>> reg = ufs_qcom_get_debug_reg_offset(host, UFS_DBG_RD_REG_RXUC);
>>> /* reg = 0x800 */
>>> print_fn(hba, reg, 27, "UFS_DBG_RD_REG_RXUC ", priv);
>>>
>>> I'm not sure what's going on, because the driver is supposed to map 0x2500 bytes.
>>> (reg = <0x1da4000 0x2500>;)
>>
>> It is mapped - you're not getting an MMU fault but an external abort,
>> which means the access has been translated and gone out, but the
>> peripheral (or possibly the interconnect in between) didn't like it and
>> sent some kind of decode error back. Given that you're faulting in
>> memcpy_from_io() that's not too surprising - using that on actual device
>> registers (rather than stuff like ioremap()ed SRAM) is generally a bad
>> idea, since you have no control over things like access size and
>> ordering that a typical device is sensitive to.
>
> Thanks Robin, your insight is always so very helpful. I do see that __memcpy_fromio
> reads in chunks of 8-bytes, using __raw_readq.
>
> The weird thing (to me) is that the kernel does not panic when I call
> the debug function a bit later (after sleeping for a second). Feels
> like there is a race somewhere, and the device is not happy if it
> accessed "too soon". The kernel still hangs though, which might be
> worse than a clear-cut panic...
>
>>> Commenting out the last 4 dumps of ufs_qcom_print_hw_debug_reg_all() makes
>>> the panic disappear, but the kernel just hangs after printing UFS_DBG_RD_REG_TXUC
>>
>> I'd recommend fixing the register dump code to use specific read*()
>> accesses of the appropriate sizes for each register.
>
> I don't have documentation for that memory region, but based on the source code,
> I would assume 32-bit registers. I'll try cooking up a small patch.
I applied the following patch:
diff --git a/drivers/scsi/ufs/ufshcd.c b/drivers/scsi/ufs/ufshcd.c
index 3d4bdfab6c18..1fb74ce012e9 100644
--- a/drivers/scsi/ufs/ufshcd.c
+++ b/drivers/scsi/ufs/ufshcd.c
@@ -111,13 +111,16 @@
int ufshcd_dump_regs(struct ufs_hba *hba, size_t offset, size_t len,
const char *prefix)
{
- u8 *regs;
+ u32 *regs;
+ size_t end;
regs = kzalloc(len, GFP_KERNEL);
if (!regs)
return -ENOMEM;
- memcpy_fromio(regs, hba->mmio_base + offset, len);
+ for (end = offset + len; offset < end; offset += 4)
+ regs[offset / 4] = ufshcd_readl(hba, offset);
+
ufshcd_hex_dump(prefix, regs, len);
kfree(regs);
That does seem to fix the "synchronous external abort", as can be
(not) seen in the following log:
[ 12.361219] ufshcd-qcom 1da4000.ufshc: dme-link-startup: error code 1
[ 12.473064] ufshcd-qcom 1da4000.ufshc: dme-link-startup: error code 1
[ 12.585057] ufshcd-qcom 1da4000.ufshc: dme-link-startup: error code 1
[ 12.697058] ufshcd-qcom 1da4000.ufshc: dme-link-startup: error code 1
[ 12.708104] ufshcd-qcom 1da4000.ufshc: link startup failed 1
[ 12.708265] ufshcd-qcom 1da4000.ufshc: UFS Host state=0
[ 12.712980] ufshcd-qcom 1da4000.ufshc: lrb in use=0x0, outstanding reqs=0x0 tasks=0x0
[ 12.717986] ufshcd-qcom 1da4000.ufshc: saved_err=0x0, saved_uic_err=0x0
[ 12.725945] ufshcd-qcom 1da4000.ufshc: Device power mode=1, UIC link state=0
[ 12.732374] ufshcd-qcom 1da4000.ufshc: PM in progress=0, sys. suspended=0
[ 12.739666] ufshcd-qcom 1da4000.ufshc: Auto BKOPS=0, Host self-block=0
[ 12.746331] ufshcd-qcom 1da4000.ufshc: Clk gate=1
[ 12.752722] ufshcd-qcom 1da4000.ufshc: error handling flags=0x0, req. abort count=0
[ 12.757556] ufshcd-qcom 1da4000.ufshc: Host capabilities=0x1587001f, caps=0xf
[ 12.765019] ufshcd-qcom 1da4000.ufshc: quirks=0x0, dev. quirks=0x0
[ 12.772285] ufshcd-qcom 1da4000.ufshc: ufshcd_print_pwr_info:[RX, TX]: gear=[0, 0], lane[0, 0], pwr[INVALID MODE, INVALID MODE], rate = 0
[ 12.778683] host_regs: 00000000: 1587001f 00000000 00000210 00000000
[ 12.790777] host_regs: 00000010: 01000000 00010217 00000000 00000000
[ 12.797209] host_regs: 00000020: 00000000 00000470 00000000 00000000
[ 12.803542] host_regs: 00000030: 00000008 00000001 00000000 00000000
[ 12.809880] host_regs: 00000040: 00000000 00000000 00000000 00000000
[ 12.816213] host_regs: 00000050: 00000000 00000000 00000000 00000000
[ 12.822558] host_regs: 00000060: 00000000 00000000 00000000 00000000
[ 12.828890] host_regs: 00000070: 00000000 00000000 00000000 00000000
[ 12.835237] host_regs: 00000080: 00000000 00000000 00000000 00000000
[ 12.841560] host_regs: 00000090: 00000001 00410000 00000000 00000001
[ 12.847906] ufshcd-qcom 1da4000.ufshc: hba->ufs_version = 0x210, hba->capabilities = 0x1587001f
[ 12.854281] ufshcd-qcom 1da4000.ufshc: hba->outstanding_reqs = 0x0, hba->outstanding_tasks = 0x0
[ 12.862717] ufshcd-qcom 1da4000.ufshc: last_hibern8_exit_tstamp at 0 us, hibern8_exit_cnt = 0
[ 12.871739] ufshcd-qcom 1da4000.ufshc: clk: core_clk, rate: 200000000
[ 12.880105] ufshcd-qcom 1da4000.ufshc: clk: core_clk_unipro, rate: 150000000
[ 12.886540] ufshcd-qcom 1da4000.ufshc: clk: core_clk_ice, rate: 300000000
[ 12.893730] HCI Vendor Specific Registers 00000000: 00000000 00000000 00000000 00000000
[ 12.900359] HCI Vendor Specific Registers 00000010: 00000000 00000000 00000000 00000000
[ 12.908182] HCI Vendor Specific Registers 00000020: 00000000 00000000 00000000 00000000
[ 12.916154] HCI Vendor Specific Registers 00000030: 00000000 00000000 00000000 00000000
[ 12.924310] UFS_UFS_DBG_RD_REG_OCSC 00000000: 00000000 00000000 00000000 00000000
[ 12.932122] UFS_UFS_DBG_RD_REG_OCSC 00000010: 00000000 00000000 00000000 00000000
[ 12.939767] UFS_UFS_DBG_RD_REG_OCSC 00000020: 00000000 00000000 00000000 00000000
[ 12.947225] UFS_UFS_DBG_RD_REG_OCSC 00000030: 00000000 00000000 00000000 00000000
[ 12.954691] UFS_UFS_DBG_RD_REG_OCSC 00000040: 00000000 00000000 00000000 00000000
[ 12.962156] UFS_UFS_DBG_RD_REG_OCSC 00000050: 00000000 00000000 00000000 00000000
[ 12.969632] UFS_UFS_DBG_RD_REG_OCSC 00000060: 00000000 00000000 00000000 00000000
[ 12.977094] UFS_UFS_DBG_RD_REG_OCSC 00000070: 00000000 00000000 00000000 00000000
[ 12.984559] UFS_UFS_DBG_RD_REG_OCSC 00000080: 00000000 00000000 00000000 00000000
[ 12.992017] UFS_UFS_DBG_RD_REG_OCSC 00000090: 00000000 00000000 00000000 00000000
[ 12.999488] UFS_UFS_DBG_RD_REG_OCSC 000000a0: 00000000 00000000 00000000 00000000
[ 13.007073] UFS_UFS_DBG_RD_EDTL_RAM 00000000: 00000000 00000000 00000000 00000000
[ 13.014421] UFS_UFS_DBG_RD_EDTL_RAM 00000010: 00000000 00000000 00000000 00000000
[ 13.021878] UFS_UFS_DBG_RD_EDTL_RAM 00000020: 00000000 00000000 00000000 00000000
[ 13.029346] UFS_UFS_DBG_RD_EDTL_RAM 00000030: 00000000 00000000 00000000 00000000
[ 13.036814] UFS_UFS_DBG_RD_EDTL_RAM 00000040: 00000000 00000000 00000000 00000000
[ 13.044288] UFS_UFS_DBG_RD_EDTL_RAM 00000050: 00000000 00000000 00000000 00000000
[ 13.051746] UFS_UFS_DBG_RD_EDTL_RAM 00000060: 00000000 00000000 00000000 00000000
[ 13.059212] UFS_UFS_DBG_RD_EDTL_RAM 00000070: 00000000 00000000 00000000 00000000
[ 13.067140] UFS_UFS_DBG_RD_DESC_RAM 00000000: 00000000 00000000 00000000 00000000
[ 13.074147] UFS_UFS_DBG_RD_DESC_RAM 00000010: 00000000 00000000 00000000 00000000
[ 13.081606] UFS_UFS_DBG_RD_DESC_RAM 00000020: 00000000 00000000 00000000 00000000
[ 13.089077] UFS_UFS_DBG_RD_DESC_RAM 00000030: 00000000 00000000 00000000 00000000
[ 13.096538] UFS_UFS_DBG_RD_DESC_RAM 00000040: 00000000 00000000 00000000 00000000
[ 13.104007] UFS_UFS_DBG_RD_DESC_RAM 00000050: 00000000 00000000 00000000 00000000
[ 13.111468] UFS_UFS_DBG_RD_DESC_RAM 00000060: 00000000 00000000 00000000 00000000
[ 13.118939] UFS_UFS_DBG_RD_DESC_RAM 00000070: 00000000 00000000 00000000 00000000
[ 13.126398] UFS_UFS_DBG_RD_DESC_RAM 00000080: 00000000 00000000 00000000 00000000
[ 13.133866] UFS_UFS_DBG_RD_DESC_RAM 00000090: 00000000 00000000 00000000 00000000
[ 13.141324] UFS_UFS_DBG_RD_DESC_RAM 000000a0: 00000000 00000000 00000000 00000000
[ 13.148797] UFS_UFS_DBG_RD_DESC_RAM 000000b0: 00000000 00000000 00000000 00000000
[ 13.156258] UFS_UFS_DBG_RD_DESC_RAM 000000c0: 00000000 00000000 00000000 00000000
[ 13.163726] UFS_UFS_DBG_RD_DESC_RAM 000000d0: 00000000 00000000 00000000 00000000
[ 13.171182] UFS_UFS_DBG_RD_DESC_RAM 000000e0: 00000000 00000000 00000000 00000000
[ 13.178654] UFS_UFS_DBG_RD_DESC_RAM 000000f0: 00000000 00000000 00000000 00000000
[ 13.186115] UFS_UFS_DBG_RD_DESC_RAM 00000100: 00000000 00000000 00000000 00000000
[ 13.193588] UFS_UFS_DBG_RD_DESC_RAM 00000110: 00000000 00000000 00000000 00000000
[ 13.201047] UFS_UFS_DBG_RD_DESC_RAM 00000120: 00000000 00000000 00000000 00000000
[ 13.208519] UFS_UFS_DBG_RD_DESC_RAM 00000130: 00000000 00000000 00000000 00000000
[ 13.215982] UFS_UFS_DBG_RD_DESC_RAM 00000140: 00000000 00000000 00000000 00000000
[ 13.223447] UFS_UFS_DBG_RD_DESC_RAM 00000150: 00000000 00000000 00000000 00000000
[ 13.230905] UFS_UFS_DBG_RD_DESC_RAM 00000160: 00000000 00000000 00000000 00000000
[ 13.238373] UFS_UFS_DBG_RD_DESC_RAM 00000170: 00000000 00000000 00000000 00000000
[ 13.245842] UFS_UFS_DBG_RD_DESC_RAM 00000180: 00000000 00000000 00000000 00000000
[ 13.253306] UFS_UFS_DBG_RD_DESC_RAM 00000190: 00000000 00000000 00000000 00000000
[ 13.260765] UFS_UFS_DBG_RD_DESC_RAM 000001a0: 00000000 00000000 00000000 00000000
[ 13.268233] UFS_UFS_DBG_RD_DESC_RAM 000001b0: 00000000 00000000 00000000 00000000
[ 13.275702] UFS_UFS_DBG_RD_DESC_RAM 000001c0: 00000000 00000000 00000000 00000000
[ 13.283174] UFS_UFS_DBG_RD_DESC_RAM 000001d0: 00000000 00000000 00000000 00000000
[ 13.290632] UFS_UFS_DBG_RD_DESC_RAM 000001e0: 00000000 00000000 00000000 00000000
[ 13.298104] UFS_UFS_DBG_RD_DESC_RAM 000001f0: 00000000 00000000 00000000 00000000
[ 13.305802] UFS_UFS_DBG_RD_PRDT_RAM 00000000: 00000000 00000000 00000000 00000000
[ 13.313036] UFS_UFS_DBG_RD_PRDT_RAM 00000010: 00000000 00000000 00000000 00000000
[ 13.320495] UFS_UFS_DBG_RD_PRDT_RAM 00000020: 00000000 00000000 00000000 00000000
[ 13.327959] UFS_UFS_DBG_RD_PRDT_RAM 00000030: 00000000 00000000 00000000 00000000
[ 13.335420] UFS_UFS_DBG_RD_PRDT_RAM 00000040: 00000000 00000000 00000000 00000000
[ 13.342894] UFS_UFS_DBG_RD_PRDT_RAM 00000050: 00000000 00000000 00000000 00000000
[ 13.350352] UFS_UFS_DBG_RD_PRDT_RAM 00000060: 00000000 00000000 00000000 00000000
[ 13.357823] UFS_UFS_DBG_RD_PRDT_RAM 00000070: 00000000 00000000 00000000 00000000
[ 13.365281] UFS_UFS_DBG_RD_PRDT_RAM 00000080: 00000000 00000000 00000000 00000000
[ 13.372747] UFS_UFS_DBG_RD_PRDT_RAM 00000090: 00000000 00000000 00000000 00000000
[ 13.380232] UFS_UFS_DBG_RD_PRDT_RAM 000000a0: 00000000 00000000 00000000 00000000
[ 13.387681] UFS_UFS_DBG_RD_PRDT_RAM 000000b0: 00000000 00000000 00000000 00000000
[ 13.395150] UFS_UFS_DBG_RD_PRDT_RAM 000000c0: 00000000 00000000 00000000 00000000
[ 13.402612] UFS_UFS_DBG_RD_PRDT_RAM 000000d0: 00000000 00000000 00000000 00000000
[ 13.410078] UFS_UFS_DBG_RD_PRDT_RAM 000000e0: 00000000 00000000 00000000 00000000
[ 13.417544] UFS_UFS_DBG_RD_PRDT_RAM 000000f0: 00000000 00000000 00000000 00000000
[ 13.425033] UFS_DBG_RD_REG_UAWM 00000000: 00000000 00000000 00000000 00000000
[ 13.432491] UFS_DBG_RD_REG_UARM 00000000: 00000000 00000000 00000000 00000000
[ 13.439762] UFS_DBG_RD_REG_TXUC 00000000: 00000000 00000000 00000000 00000000
[ 13.446706] UFS_DBG_RD_REG_TXUC 00000010: 00000000 00000000 00000000 00000000
[ 13.453811] UFS_DBG_RD_REG_TXUC 00000020: 00000000 00000000 00000000 00000000
[ 13.460937] UFS_DBG_RD_REG_TXUC 00000030: 00000000 00000000 00000000 00000000
[ 13.468055] UFS_DBG_RD_REG_TXUC 00000040: 00000000 00000000 00000000 00000000
[ 13.475173] UFS_DBG_RD_REG_TXUC 00000050: 00000000 00000000 00000000 00000000
[ 13.482291] UFS_DBG_RD_REG_TXUC 00000060: 00000000 00000000 00000000 00000000
[ 13.489411] UFS_DBG_RD_REG_TXUC 00000070: 00000000 00000000 00000000 00000000
[ 13.496528] UFS_DBG_RD_REG_TXUC 00000080: 00000000 00000000 00000000 00000000
[ 13.503646] UFS_DBG_RD_REG_TXUC 00000090: 00000000 00000000 00000000 00000000
[ 13.510763] UFS_DBG_RD_REG_TXUC 000000a0: 00000000 00000000 00000000 00000000
[ 13.517883] UFS_DBG_RD_REG_TXUC 000000b0: 00000000 00000000 00000000 00000000
[ 13.525099] UFS_DBG_RD_REG_RXUC 00000000: 00000000 00000000 00000000 00000000
[ 13.532119] UFS_DBG_RD_REG_RXUC 00000010: 00000000 00000000 00000000 00000000
[ 13.539237] UFS_DBG_RD_REG_RXUC 00000020: 00000000 00000000 00000000 00000000
[ 13.546356] UFS_DBG_RD_REG_RXUC 00000030: 00000000 00000000 00000000 00000000
[ 13.553474] UFS_DBG_RD_REG_RXUC 00000040: 00000000 00000000 00000000 00000000
[ 13.560591] UFS_DBG_RD_REG_RXUC 00000050: 00000000 00000000 00000000 00000000
[ 13.567706] UFS_DBG_RD_REG_RXUC 00000060: 00000000 00000000 00000000
[ 13.574883] UFS_DBG_RD_REG_DFC 00000000: 00000000 00000000 00000000 00000000
[ 13.581242] UFS_DBG_RD_REG_DFC 00000010: 00000000 00000000 00000000 00000000
[ 13.588283] UFS_DBG_RD_REG_DFC 00000020: 00000000 00000000 00000000 00000000
[ 13.595311] UFS_DBG_RD_REG_DFC 00000030: 00000000 00000000 00000000 00000000
[ 13.602341] UFS_DBG_RD_REG_DFC 00000040: 00000000 00000000 00000000
[ 13.609472] UFS_DBG_RD_REG_TRLUT 00000000: 00000000 00000000 00000000 00000000
[ 13.615365] UFS_DBG_RD_REG_TRLUT 00000010: 00000000 00000000 00000000 00000000
[ 13.622656] UFS_DBG_RD_REG_TRLUT 00000020: 00000000 00000000 00000000 00000000
[ 13.629862] UFS_DBG_RD_REG_TRLUT 00000030: 00000000 00000000 00000000 00000000
[ 13.637066] UFS_DBG_RD_REG_TRLUT 00000040: 00000000 00000000 00000000 00000000
[ 13.644274] UFS_DBG_RD_REG_TRLUT 00000050: 00000000 00000000 00000000 00000000
[ 13.651470] UFS_DBG_RD_REG_TRLUT 00000060: 00000000 00000000 00000000 00000000
[ 13.658676] UFS_DBG_RD_REG_TRLUT 00000070: 00000000 00000000 00000000 00000000
[ 13.665880] UFS_DBG_RD_REG_TRLUT 00000080: 00000000 00000000
[ 13.673097] UFS_DBG_RD_REG_TMRLUT 00000000: 00000000 00000000 00000000 00000000
[ 13.678908] UFS_DBG_RD_REG_TMRLUT 00000010: 00000000 00000000 00000000 00000000
[ 13.685938] UFS_DBG_RD_REG_TMRLUT 00000020: 00000000
[ 13.694307] UFS_TEST_BUS 00000000
[ 13.708230] UNIPRO_TEST_BUS 00000000: 00000000 00000000 00000000 00000000
[ 13.708410] UNIPRO_TEST_BUS 00000010: 00000000 00000000 00000000 00000000
[ 13.714181] UNIPRO_TEST_BUS 00000020: 00000000 00000000 00000000 00000000
[ 13.720950] UNIPRO_TEST_BUS 00000030: 00000000 80808080 80808080 00000000
[ 13.727725] UNIPRO_TEST_BUS 00000040: 00000000 00120002 0020000a 0020000a
[ 13.734485] UNIPRO_TEST_BUS 00000050: 78002800 78002800 00000200 00000200
[ 13.741264] UNIPRO_TEST_BUS 00000060: 201e0002 201e0002 00000002 00000002
[ 13.748035] UNIPRO_TEST_BUS 00000070: 00700001 00000000 00000001 00000001
[ 13.754810] UNIPRO_TEST_BUS 00000080: 00100000 00000100 1010101e 00000200
[ 13.761572] UNIPRO_TEST_BUS 00000090: 00000000 00000007 00000007 0ac0a007
[ 13.768340] UNIPRO_TEST_BUS 000000a0: 00000007 0b516a07 00205700 20000000
[ 13.775118] UNIPRO_TEST_BUS 000000b0: 00000040 00000020 00000040 00000040
[ 13.781892] UNIPRO_TEST_BUS 000000c0: 64fa3fc0 00020002 00000000 00000000
[ 13.788652] UNIPRO_TEST_BUS 000000d0: 00000000 00000000 00010000 b6825540
[ 13.795434] UNIPRO_TEST_BUS 000000e0: b6825540 0fffff82 fe001000 80000000
[ 13.802196] UNIPRO_TEST_BUS 000000f0: 00008000 7fff2000 00000000 128c01f4
[ 13.808965] UNIPRO_TEST_BUS 00000100: 00018160 00000800 00000070 003e1a7c
[ 13.815734] UNIPRO_TEST_BUS 00000110: 00000000 00000000 003e0000 003e0000
[ 13.822516] UNIPRO_TEST_BUS 00000120: 003e0000 003e0000 00000000 00000000
[ 13.829279] UNIPRO_TEST_BUS 00000130: 9f000000 9f000000 9f000000 9f000000
[ 13.836052] UNIPRO_TEST_BUS 00000140: 00000000 00000000 000d3e00 201ff940
[ 13.842821] UNIPRO_TEST_BUS 00000150: 03e00000 03e00000 03e00000 03e00000
[ 13.849595] UNIPRO_TEST_BUS 00000160: 00000000 00000000 00000000 00000000
[ 13.856366] UNIPRO_TEST_BUS 00000170: 00000000 00000000 00000000 00000000
[ 13.863139] UNIPRO_TEST_BUS 00000180: 00000000 00000000 00000000 00000000
[ 13.869900] UNIPRO_TEST_BUS 00000190: 00000000 00000000 00000000 00000000
[ 13.876680] UNIPRO_TEST_BUS 000001a0: 00000000 02006800 000007fe 00000000
[ 13.883450] UNIPRO_TEST_BUS 000001b0: 000007fe 10040000 04000000 00000000
[ 13.890224] UNIPRO_TEST_BUS 000001c0: 00000000 00000000 00600000 00000000
[ 13.896984] UNIPRO_TEST_BUS 000001d0: 00000000 00001e00 000000cf 00000000
[ 13.903767] UNIPRO_TEST_BUS 000001e0: 00000000 80000000 00003800 00000000
[ 13.910527] UNIPRO_TEST_BUS 000001f0: 94000000 01400000 01000000 00120000
[ 13.917304] UNIPRO_TEST_BUS 00000200: 00000000 00000008 00020000 00000208
[ 13.924073] UNIPRO_TEST_BUS 00000210: 80000208 80010000 20000000 00000000
[ 13.930847] UNIPRO_TEST_BUS 00000220: fff00000 06e40001 00008601 00000000
[ 13.937617] UNIPRO_TEST_BUS 00000230: 000ff000 00000000 00000000 00000000
[ 13.944385] UNIPRO_TEST_BUS 00000240: 000e0000 00054000 a8200000 00000104
[ 13.951152] UNIPRO_TEST_BUS 00000250: 03018000 0c000000 0000a2b0 00002001
[ 13.957935] UNIPRO_TEST_BUS 00000260: 00002001 00002001 00002001 00002001
[ 13.964696] UNIPRO_TEST_BUS 00000270: 00002001 00002001 00002001 00000201
[ 13.971469] UNIPRO_TEST_BUS 00000280: 00000201 00000201 00000201 00000000
[ 13.978238] UNIPRO_TEST_BUS 00000290: 00000000 00000000 00000000 00000000
[ 13.985007] UNIPRO_TEST_BUS 000002a0: 00000000 00000000 00000000 00000000
[ 13.991778] UNIPRO_TEST_BUS 000002b0: 00000000 00000000 00000000 00000000
[ 13.998559] UNIPRO_TEST_BUS 000002c0: 00000000 00000000 00000000 00000000
[ 14.005322] UNIPRO_TEST_BUS 000002d0: 00000000 00000000 00000000 00000000
[ 14.012098] UNIPRO_TEST_BUS 000002e0: 00000000 00000000 00000000 00000000
[ 14.018858] UNIPRO_TEST_BUS 000002f0: 00000000 00000000 00000000 00000000
[ 14.025640] UNIPRO_TEST_BUS 00000300: 00000000 00000000 00000000 00000000
[ 14.032400] UNIPRO_TEST_BUS 00000310: 00000000 00000000 00000000 00000000
[ 14.039182] UNIPRO_TEST_BUS 00000320: 00000000 00000000 00000000 00000000
[ 14.045943] UNIPRO_TEST_BUS 00000330: 00000000 00000000 00000000 00000000
[ 14.052722] UNIPRO_TEST_BUS 00000340: 00000000 00000000 00000000 00000000
[ 14.059491] UNIPRO_TEST_BUS 00000350: 00000000 00000000 00000000 00000000
[ 14.066264] UNIPRO_TEST_BUS 00000360: 00000000 00000000 00000000 00000000
[ 14.073033] UNIPRO_TEST_BUS 00000370: 00000000 00000000 00000000 00000000
[ 14.079806] UNIPRO_TEST_BUS 00000380: 00000000 00000000 00000000 00000000
[ 14.086573] UNIPRO_TEST_BUS 00000390: 00000000 00000000 00000000 00000000
[ 14.093342] UNIPRO_TEST_BUS 000003a0: 00000000 00000000 00000000 00000000
[ 14.100111] UNIPRO_TEST_BUS 000003b0: 00000000 00000000 00000000 00000000
[ 14.106892] UNIPRO_TEST_BUS 000003c0: 00000000 00000000 00000000 00000000
[ 14.113652] UNIPRO_TEST_BUS 000003d0: 00000000 00000000 00000000 00000000
[ 14.120429] UNIPRO_TEST_BUS 000003e0: 00000000 00000000 00000000 00000000
[ 14.127197] UNIPRO_TEST_BUS 000003f0: 00000000 00000000 00000000 00000000
[ 14.135960] ufshcd-qcom 1da4000.ufshc: __ufshcd_setup_clocks: clk: core_clk disabled
[ 14.140789] ufshcd-qcom 1da4000.ufshc: __ufshcd_setup_clocks: clk: bus_aggr_clk disabled
[ 14.148604] ufshcd-qcom 1da4000.ufshc: __ufshcd_setup_clocks: clk: iface_clk disabled
[ 14.156687] ufshcd-qcom 1da4000.ufshc: __ufshcd_setup_clocks: clk: core_clk_unipro disabled
[ 14.164398] ufshcd-qcom 1da4000.ufshc: __ufshcd_setup_clocks: clk: core_clk_ice disabled
[ 14.172866] ufshcd-qcom 1da4000.ufshc: __ufshcd_setup_clocks: clk: ref_clk disabled
[ 14.180878] ufshcd-qcom 1da4000.ufshc: __ufshcd_setup_clocks: clk: tx_lane0_sync_clk disabled
[ 14.188272] ufshcd-qcom 1da4000.ufshc: __ufshcd_setup_clocks: clk: rx_lane0_sync_clk disabled
[ 14.196958] ufshcd-qcom 1da4000.ufshc: __ufshcd_setup_clocks: clk: rx_lane1_sync_clk disabled
/*** System hangs here ***/
Regards.
_______________________________________________
linux-arm-kernel mailing list
linux-arm-kernel@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/linux-arm-kernel
^ permalink raw reply related [flat|nested] 16+ messages in thread
* Re: ufs_qcom_dump_dbg_regs makes the kernel panic
2018-12-10 14:57 ` Marc Gonzalez
@ 2018-12-10 15:54 ` Robin Murphy
-1 siblings, 0 replies; 16+ messages in thread
From: Robin Murphy @ 2018-12-10 15:54 UTC (permalink / raw)
To: Marc Gonzalez, Jeffrey Hugo, Vivek Gautam, Bjorn Andersson,
Andy Gross, David Brown
Cc: MSM, Linux ARM
On 10/12/2018 14:57, Marc Gonzalez wrote:
[...]
> [ 14.135960] ufshcd-qcom 1da4000.ufshc: __ufshcd_setup_clocks: clk: core_clk disabled
> [ 14.140789] ufshcd-qcom 1da4000.ufshc: __ufshcd_setup_clocks: clk: bus_aggr_clk disabled
> [ 14.148604] ufshcd-qcom 1da4000.ufshc: __ufshcd_setup_clocks: clk: iface_clk disabled
> [ 14.156687] ufshcd-qcom 1da4000.ufshc: __ufshcd_setup_clocks: clk: core_clk_unipro disabled
> [ 14.164398] ufshcd-qcom 1da4000.ufshc: __ufshcd_setup_clocks: clk: core_clk_ice disabled
> [ 14.172866] ufshcd-qcom 1da4000.ufshc: __ufshcd_setup_clocks: clk: ref_clk disabled
> [ 14.180878] ufshcd-qcom 1da4000.ufshc: __ufshcd_setup_clocks: clk: tx_lane0_sync_clk disabled
> [ 14.188272] ufshcd-qcom 1da4000.ufshc: __ufshcd_setup_clocks: clk: rx_lane0_sync_clk disabled
> [ 14.196958] ufshcd-qcom 1da4000.ufshc: __ufshcd_setup_clocks: clk: rx_lane1_sync_clk disabled
> /*** System hangs here ***/
Looks like it's time to rule out the obvious and crank up the
clock/power domain debugging to see if turning off all this stuff
inadvertently also turns off something else important (and/or the
primary CPU gets wedged trying to read some now-unclocked register).
Robin.
^ permalink raw reply [flat|nested] 16+ messages in thread
* Re: ufs_qcom_dump_dbg_regs makes the kernel panic
@ 2018-12-10 15:54 ` Robin Murphy
0 siblings, 0 replies; 16+ messages in thread
From: Robin Murphy @ 2018-12-10 15:54 UTC (permalink / raw)
To: Marc Gonzalez, Jeffrey Hugo, Vivek Gautam, Bjorn Andersson,
Andy Gross, David Brown
Cc: MSM, Linux ARM
On 10/12/2018 14:57, Marc Gonzalez wrote:
[...]
> [ 14.135960] ufshcd-qcom 1da4000.ufshc: __ufshcd_setup_clocks: clk: core_clk disabled
> [ 14.140789] ufshcd-qcom 1da4000.ufshc: __ufshcd_setup_clocks: clk: bus_aggr_clk disabled
> [ 14.148604] ufshcd-qcom 1da4000.ufshc: __ufshcd_setup_clocks: clk: iface_clk disabled
> [ 14.156687] ufshcd-qcom 1da4000.ufshc: __ufshcd_setup_clocks: clk: core_clk_unipro disabled
> [ 14.164398] ufshcd-qcom 1da4000.ufshc: __ufshcd_setup_clocks: clk: core_clk_ice disabled
> [ 14.172866] ufshcd-qcom 1da4000.ufshc: __ufshcd_setup_clocks: clk: ref_clk disabled
> [ 14.180878] ufshcd-qcom 1da4000.ufshc: __ufshcd_setup_clocks: clk: tx_lane0_sync_clk disabled
> [ 14.188272] ufshcd-qcom 1da4000.ufshc: __ufshcd_setup_clocks: clk: rx_lane0_sync_clk disabled
> [ 14.196958] ufshcd-qcom 1da4000.ufshc: __ufshcd_setup_clocks: clk: rx_lane1_sync_clk disabled
> /*** System hangs here ***/
Looks like it's time to rule out the obvious and crank up the
clock/power domain debugging to see if turning off all this stuff
inadvertently also turns off something else important (and/or the
primary CPU gets wedged trying to read some now-unclocked register).
Robin.
_______________________________________________
linux-arm-kernel mailing list
linux-arm-kernel@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/linux-arm-kernel
^ permalink raw reply [flat|nested] 16+ messages in thread
* Re: ufs_qcom_dump_dbg_regs makes the kernel panic
2018-12-10 15:54 ` Robin Murphy
@ 2018-12-11 10:48 ` Marc Gonzalez
-1 siblings, 0 replies; 16+ messages in thread
From: Marc Gonzalez @ 2018-12-11 10:48 UTC (permalink / raw)
To: Robin Murphy, Jeffrey Hugo, Vivek Gautam, Bjorn Andersson,
Andy Gross, David Brown
Cc: MSM, Linux ARM
On 10/12/2018 16:54, Robin Murphy wrote:
> On 10/12/2018 14:57, Marc Gonzalez wrote:
> [...]
>> [ 14.135960] ufshcd-qcom 1da4000.ufshc: __ufshcd_setup_clocks: clk: core_clk disabled
>> [ 14.140789] ufshcd-qcom 1da4000.ufshc: __ufshcd_setup_clocks: clk: bus_aggr_clk disabled
>> [ 14.148604] ufshcd-qcom 1da4000.ufshc: __ufshcd_setup_clocks: clk: iface_clk disabled
>> [ 14.156687] ufshcd-qcom 1da4000.ufshc: __ufshcd_setup_clocks: clk: core_clk_unipro disabled
>> [ 14.164398] ufshcd-qcom 1da4000.ufshc: __ufshcd_setup_clocks: clk: core_clk_ice disabled
>> [ 14.172866] ufshcd-qcom 1da4000.ufshc: __ufshcd_setup_clocks: clk: ref_clk disabled
>> [ 14.180878] ufshcd-qcom 1da4000.ufshc: __ufshcd_setup_clocks: clk: tx_lane0_sync_clk disabled
>> [ 14.188272] ufshcd-qcom 1da4000.ufshc: __ufshcd_setup_clocks: clk: rx_lane0_sync_clk disabled
>> [ 14.196958] ufshcd-qcom 1da4000.ufshc: __ufshcd_setup_clocks: clk: rx_lane1_sync_clk disabled
>> /*** System hangs here ***/
>
> Looks like it's time to rule out the obvious and crank up the
> clock/power domain debugging to see if turning off all this stuff
> inadvertently also turns off something else important (and/or the
> primary CPU gets wedged trying to read some now-unclocked register).
For the record, I'm seeing different types of failures: the synchronous abort
(which I have hopefully fixed), the hard lockup, and now this MMU fault(?)
[ 4.282053] UNIPRO_TEST_BUS 000003e0: 00000000 00000000 00000000 00000000
[ 4.288833] UNIPRO_TEST_BUS 000003f0: 00000000 00000000 00000000 00000000
[ 4.296711] ufshcd-qcom 1da4000.ufshc: UFS Host state=0
[ 4.302335] ufshcd-qcom 1da4000.ufshc: lrb in use=0x0, outstanding reqs=0x0 tasks=0x0
[ 4.307435] ufshcd-qcom 1da4000.ufshc: saved_err=0x0, saved_uic_err=0x0
[ 4.315388] ufshcd-qcom 1da4000.ufshc: Device power mode=0, UIC link state=0
[ 4.321825] ufshcd-qcom 1da4000.ufshc: PM in progress=0, sys. suspended=0
[ 4.329107] ufshcd-qcom 1da4000.ufshc: Auto BKOPS=0, Host self-block=0
[ 4.335781] ufshcd-qcom 1da4000.ufshc: Clk gate=1
[ 4.342170] ufshcd-qcom 1da4000.ufshc: error handling flags=0x0, req. abort count=0
[ 4.347004] ufshcd-qcom 1da4000.ufshc: Host capabilities=0x1587001f, caps=0xf
[ 4.354464] ufshcd-qcom 1da4000.ufshc: quirks=0x0, dev. quirks=0x0
[ 4.363091] ufshcd-qcom 1da4000.ufshc: __ufshcd_setup_clocks: clk: core_clk disabled
[ 4.367870] ufshcd-qcom 1da4000.ufshc: __ufshcd_setup_clocks: clk: bus_aggr_clk disabled
[ 4.375771] ufshcd-qcom 1da4000.ufshc: __ufshcd_setup_clocks: clk: iface_clk disabled
[ 4.383847] ufshcd-qcom 1da4000.ufshc: __ufshcd_setup_clocks: clk: core_clk_unipro disabled
[ 4.391561] ufshcd-qcom 1da4000.ufshc: __ufshcd_setup_clocks: clk: core_clk_ice disabled
[ 4.400016] ufshcd-qcom 1da4000.ufshc: __ufshcd_setup_clocks: clk: ref_clk disabled
[ 4.408039] ufshcd-qcom 1da4000.ufshc: __ufshcd_setup_clocks: clk: tx_lane0_sync_clk disabled
[ 4.415444] ufshcd-qcom 1da4000.ufshc: __ufshcd_setup_clocks: clk: rx_lane0_sync_clk disabled
[ 4.424115] ufshcd-qcom 1da4000.ufshc: __ufshcd_setup_clocks: clk: rx_lane1_sync_clk disabled
[ 4.432621] ufshcd-qcom 1da4000.ufshc: Initialization failed
[ 4.485263] ufshcd-qcom 1da4000.ufshc: ufshcd_pltfrm_init() failed -5
[ 4.486307] ufshcd-qcom 1da4000.ufshc: Dropping the link to regulator.5
[ 4.490990] ufshcd-qcom 1da4000.ufshc: Dropping the link to regulator.40
[ 4.497413] ufshcd-qcom 1da4000.ufshc: Dropping the link to regulator.34
[ 4.504327] ufshcd-qcom: probe of 1da4000.ufshc failed with error -5
[ 4.511176] Unable to handle kernel paging request at virtual address 0000000a00000000
[ 4.517293] Mem abort info:
[ 4.524887] ESR = 0x96000004
[ 4.527599] Exception class = DABT (current EL), IL = 32 bits
[ 4.530775] SET = 0, FnV = 0
[ 4.536525] EA = 0, S1PTW = 0
[ 4.539651] Data abort info:
[ 4.542689] ISV = 0, ISS = 0x00000004
[ 4.545831] CM = 0, WnR = 0
[ 4.549381] [0000000a00000000] user address but active_mm is swapper
[ 4.552584] Internal error: Oops: 96000004 [#1] PREEMPT SMP
[ 4.558981] Modules linked in:
[ 4.564237] CPU: 1 PID: 1 Comm: swapper/0 Tainted: G S 4.20.0-rc4 #12
[ 4.567444] Hardware name: Qualcomm Technologies, Inc. MSM8998 v1 MTP (DT)
[ 4.575334] pstate: 20000005 (nzCv daif -PAN -UAO)
[ 4.582035] pc : kmem_cache_alloc+0xbc/0x1f0
[ 4.586732] lr : kmem_cache_alloc+0x30/0x1f0
[ 4.591153] sp : ffff00000807bce0
[ 4.595384] x29: ffff00000807bce0 x28: 0000000000000007
[ 4.598644] x27: ffff0000089db068 x26: ffff000008961db8
[ 4.604018] x25: ffff000008970634 x24: ffff00000924e000
[ 4.609314] x23: 000000000003be81 x22: ffff00000835166c
[ 4.614610] x21: 00000000006000c0 x20: ffff8000f9c03c80
[ 4.619904] x19: 0000000a00000000 x18: ffffffffffffffff
[ 4.625199] x17: 0000000000000000 x16: 0000000000000000
[ 4.630495] x15: ffff0000091a9648 x14: ffff8000f8e5e91c
[ 4.635791] x13: ffff8000f8e5e16d x12: 0000000000000010
[ 4.641086] x11: 0101010101010101 x10: 7f7f7f7f7f7f7f7f
[ 4.646382] x9 : 625e7377645e6372 x8 : 7f7f7f7f7f7f7f7f
[ 4.651678] x7 : ffff000009289000 x6 : 0000000000000000
[ 4.656973] x5 : ffff8000f96b8000 x4 : 0000000080808081
[ 4.662269] x3 : 000000000003be81 x2 : ffff7e0003db5740
[ 4.667565] x1 : 0000000000000000 x0 : 0000000000000001
[ 4.672867] Process swapper/0 (pid: 1, stack limit = 0x(____ptrval____))
[ 4.678190] Call trace:
[ 4.684774] kmem_cache_alloc+0xbc/0x1f0
[ 4.687013] register_blkdev+0x6c/0x1b0
[ 4.691171] init_sd+0x3c/0x17c
[ 4.694696] do_one_initcall+0x5c/0x180
[ 4.697847] kernel_init_freeable+0x198/0x244
[ 4.701682] kernel_init+0x10/0x110
[ 4.706150] ret_from_fork+0x10/0x20
[ 4.709459] Code: f9001fb8 b9402281 b94010a0 11000400 (f8616a78)
[ 4.713398] ---[ end trace 5569ef4940f46939 ]---
[ 4.719345] Kernel panic - not syncing: Attempted to kill init! exitcode=0x0000000b
[ 4.724042] SMP: stopping secondary CPUs
[ 4.731351] Kernel Offset: disabled
[ 4.735492] CPU features: 0x2,21802008
[ 4.738711] Memory Limit: none
[ 4.742521] ---[ end Kernel panic - not syncing: Attempted to kill init! exitcode=0x0000000b ]---
Rebooting, I get yet another failure:
[ 4.295129] UNIPRO_TEST_BUS 000003e0: 00000000 00000000 00000000 00000000
[ 4.301900] UNIPRO_TEST_BUS 000003f0: 00000000 00000000 00000000 00000000
[ 4.309776] ufshcd-qcom 1da4000.ufshc: UFS Host state=0
[ 4.315409] ufshcd-qcom 1da4000.ufshc: lrb in use=0x0, outstanding reqs=0x0 tasks=0x0
[ 4.320501] ufshcd-qcom 1da4000.ufshc: saved_err=0x0, saved_uic_err=0x0
[ 4.328454] ufshcd-qcom 1da4000.ufshc: Device power mode=0, UIC link state=0
[ 4.334890] ufshcd-qcom 1da4000.ufshc: PM in progress=0, sys. suspended=0
[ 4.342179] ufshcd-qcom 1da4000.ufshc: Auto BKOPS=0, Host self-block=0
[ 4.348853] ufshcd-qcom 1da4000.ufshc: Clk gate=1
[ 4.355242] ufshcd-qcom 1da4000.ufshc: error handling flags=0x0, req. abort count=0
[ 4.360076] ufshcd-qcom 1da4000.ufshc: Host capabilities=0x1587001f, caps=0xf
[ 4.367529] ufshcd-qcom 1da4000.ufshc: quirks=0x0, dev. quirks=0x0
[ 4.376153] ufshcd-qcom 1da4000.ufshc: __ufshcd_setup_clocks: clk: core_clk disabled
[ 4.380934] ufshcd-qcom 1da4000.ufshc: __ufshcd_setup_clocks: clk: bus_aggr_clk disabled
[ 4.388836] ufshcd-qcom 1da4000.ufshc: __ufshcd_setup_clocks: clk: iface_clk disabled
[ 4.396918] ufshcd-qcom 1da4000.ufshc: __ufshcd_setup_clocks: clk: core_clk_unipro disabled
[ 4.404633] ufshcd-qcom 1da4000.ufshc: __ufshcd_setup_clocks: clk: core_clk_ice disabled
[ 4.413079] ufshcd-qcom 1da4000.ufshc: __ufshcd_setup_clocks: clk: ref_clk disabled
[ 4.421113] ufshcd-qcom 1da4000.ufshc: __ufshcd_setup_clocks: clk: tx_lane0_sync_clk disabled
[ 4.428506] ufshcd-qcom 1da4000.ufshc: __ufshcd_setup_clocks: clk: rx_lane0_sync_clk disabled
[ 4.437187] ufshcd-qcom 1da4000.ufshc: __ufshcd_setup_clocks: clk: rx_lane1_sync_clk disabled
[ 4.445686] ufshcd-qcom 1da4000.ufshc: Initialization failed
[ 4.486278] ufshcd-qcom 1da4000.ufshc: ufshcd_pltfrm_init() failed -5
[ 4.487401] ufshcd-qcom 1da4000.ufshc: Dropping the link to regulator.5
[ 4.491976] ufshcd-qcom 1da4000.ufshc: Dropping the link to regulator.40
[ 4.498412] ufshcd-qcom 1da4000.ufshc: Dropping the link to regulator.34
[ 4.505334] ufshcd-qcom: probe of 1da4000.ufshc failed with error -5
[ 4.513185] spmi spmi-0: PMIC arbiter version v3 (0x30000000)
[ 4.524036] Unable to handle kernel paging request at virtual address 0039b70e092828aa
[ 4.524258] Mem abort info:
[ 4.531662] ESR = 0x96000004
[ 4.534331] Exception class = DABT (current EL), IL = 32 bits
[ 4.537507] SET = 0, FnV = 0
[ 4.543268] EA = 0, S1PTW = 0
[ 4.546396] Data abort info:
[ 4.549432] ISV = 0, ISS = 0x00000004
[ 4.552574] CM = 0, WnR = 0
[ 4.556124] [0039b70e092828aa] address between user and kernel address ranges
[ 4.559346] Internal error: Oops: 96000004 [#1] PREEMPT SMP
[ 4.566420] Modules linked in:
[ 4.571757] CPU: 2 PID: 1 Comm: swapper/0 Tainted: G S 4.20.0-rc4 #12
[ 4.574971] Hardware name: Qualcomm Technologies, Inc. MSM8998 v1 MTP (DT)
[ 4.582859] pstate: 60000005 (nZCv daif -PAN -UAO)
[ 4.589561] pc : kmem_cache_alloc_node+0x13c/0x210
[ 4.594259] lr : kmem_cache_alloc_node+0x38/0x210
[ 4.599030] sp : ffff00000807b290
[ 4.603777] x29: ffff00000807b290 x28: 0000000000000000
[ 4.607122] x27: 0000000000000022 x26: 0000000000000000
[ 4.612505] x25: 00000000ffffffff x24: 0000000000002942
[ 4.617801] x23: ffff000008108824 x22: 00000000ffffffff
[ 4.623097] x21: 00000000006080c0 x20: ffff8000f9c03980
[ 4.628391] x19: 0039b70e092828aa x18: ffffffffffffffff
[ 4.633686] x17: 0000000000000000 x16: 0000000000000000
[ 4.638982] x15: ffff0000091a9648 x14: ffff8000f6e35283
[ 4.644270] x13: ffff8000f6e35282 x12: 0000000000000038
[ 4.649565] x11: 000000000000000b x10: 0101010101010101
[ 4.654861] x9 : ffffffffffffffff x8 : 7f7f7f7f7f7f7f7f
[ 4.660157] x7 : fefefeff646c606d x6 : 0000000000000001
[ 4.665452] x5 : ffff8000f96b8000 x4 : 0000000000000000
[ 4.670748] x3 : 0000000000002942 x2 : 00008000f5187000
[ 4.676044] x1 : 0000000000000000 x0 : 0000000000000000
[ 4.681343] Process swapper/0 (pid: 1, stack limit = 0x(____ptrval____))
[ 4.686677] Call trace:
[ 4.693254] kmem_cache_alloc_node+0x13c/0x210
[ 4.695483] alloc_desc+0x44/0x1b0
[ 4.699977] __irq_alloc_descs+0x1fc/0x2b0
[ 4.703367] irq_domain_alloc_descs+0x50/0xe0
[ 4.707451] irq_create_mapping+0x94/0x130
[ 4.711865] irq_create_fwspec_mapping+0x190/0x310
[ 4.715876] irq_create_of_mapping+0x80/0xa0
[ 4.720662] of_irq_get+0x74/0xe0
[ 4.725041] of_irq_to_resource+0x38/0x100
[ 4.728274] of_irq_to_resource_table+0x50/0x80
[ 4.732291] of_device_alloc+0x11c/0x1f0
[ 4.736689] of_platform_device_create_pdata+0x74/0x130
[ 4.740882] of_platform_bus_create+0x174/0x370
[ 4.745812] of_platform_populate+0x78/0xe0
[ 4.750321] devm_of_platform_populate+0x50/0xb0
[ 4.754526] pmic_spmi_probe+0x54/0xf0
[ 4.759362] spmi_drv_probe+0x48/0xc0
[ 4.762919] really_probe+0x1f0/0x2a0
[ 4.766632] driver_probe_device+0x58/0x100
[ 4.770286] __device_attach_driver+0x98/0xf0
[ 4.774291] bus_for_each_drv+0x64/0xd0
[ 4.778785] __device_attach+0xd8/0x130
[ 4.782429] device_initial_probe+0x10/0x20
[ 4.786258] bus_probe_device+0x90/0xa0
[ 4.790424] device_add+0x454/0x630
[ 4.794230] spmi_device_add+0x30/0x80
[ 4.797712] spmi_controller_add+0xd0/0x1d0
[ 4.801535] spmi_pmic_arb_probe+0x398/0x540
[ 4.805629] platform_drv_probe+0x50/0xa0
[ 4.810130] really_probe+0x1f0/0x2a0
[ 4.814030] driver_probe_device+0x58/0x100
[ 4.817683] __driver_attach+0xd4/0xe0
[ 4.821669] bus_for_each_dev+0x74/0xd0
[ 4.825481] driver_attach+0x20/0x30
[ 4.829223] bus_add_driver+0x1ac/0x220
[ 4.833033] driver_register+0x60/0x110
[ 4.836601] __platform_driver_register+0x40/0x50
[ 4.840465] spmi_pmic_arb_driver_init+0x18/0x20
[ 4.845314] do_one_initcall+0x5c/0x180
[ 4.849991] kernel_init_freeable+0x198/0x244
[ 4.853537] kernel_init+0x10/0x110
[ 4.858036] ret_from_fork+0x10/0x20
[ 4.861350] Code: 17ffffc5 b9402281 d5384105 b94010a0 (f8616a79)
[ 4.865287] ---[ end trace 018ba04c46f3a5d7 ]---
[ 4.871243] Kernel panic - not syncing: Attempted to kill init! exitcode=0x0000000b
[ 4.875921] SMP: stopping secondary CPUs
[ 4.883238] Kernel Offset: disabled
[ 4.887377] CPU features: 0x2,21802008
[ 4.890588] Memory Limit: none
[ 4.894398] ---[ end Kernel panic - not syncing: Attempted to kill init! exitcode=0x0000000b ]---
Looks like the UFS debug code might be smashing memory it doesn't own?
I'm kinda puzzled right now. I'll keep digging.
Are there debug options that might help figuring things out? UBSAN?
Regards.
^ permalink raw reply [flat|nested] 16+ messages in thread
* Re: ufs_qcom_dump_dbg_regs makes the kernel panic
@ 2018-12-11 10:48 ` Marc Gonzalez
0 siblings, 0 replies; 16+ messages in thread
From: Marc Gonzalez @ 2018-12-11 10:48 UTC (permalink / raw)
To: Robin Murphy, Jeffrey Hugo, Vivek Gautam, Bjorn Andersson,
Andy Gross, David Brown
Cc: MSM, Linux ARM
On 10/12/2018 16:54, Robin Murphy wrote:
> On 10/12/2018 14:57, Marc Gonzalez wrote:
> [...]
>> [ 14.135960] ufshcd-qcom 1da4000.ufshc: __ufshcd_setup_clocks: clk: core_clk disabled
>> [ 14.140789] ufshcd-qcom 1da4000.ufshc: __ufshcd_setup_clocks: clk: bus_aggr_clk disabled
>> [ 14.148604] ufshcd-qcom 1da4000.ufshc: __ufshcd_setup_clocks: clk: iface_clk disabled
>> [ 14.156687] ufshcd-qcom 1da4000.ufshc: __ufshcd_setup_clocks: clk: core_clk_unipro disabled
>> [ 14.164398] ufshcd-qcom 1da4000.ufshc: __ufshcd_setup_clocks: clk: core_clk_ice disabled
>> [ 14.172866] ufshcd-qcom 1da4000.ufshc: __ufshcd_setup_clocks: clk: ref_clk disabled
>> [ 14.180878] ufshcd-qcom 1da4000.ufshc: __ufshcd_setup_clocks: clk: tx_lane0_sync_clk disabled
>> [ 14.188272] ufshcd-qcom 1da4000.ufshc: __ufshcd_setup_clocks: clk: rx_lane0_sync_clk disabled
>> [ 14.196958] ufshcd-qcom 1da4000.ufshc: __ufshcd_setup_clocks: clk: rx_lane1_sync_clk disabled
>> /*** System hangs here ***/
>
> Looks like it's time to rule out the obvious and crank up the
> clock/power domain debugging to see if turning off all this stuff
> inadvertently also turns off something else important (and/or the
> primary CPU gets wedged trying to read some now-unclocked register).
For the record, I'm seeing different types of failures: the synchronous abort
(which I have hopefully fixed), the hard lockup, and now this MMU fault(?)
[ 4.282053] UNIPRO_TEST_BUS 000003e0: 00000000 00000000 00000000 00000000
[ 4.288833] UNIPRO_TEST_BUS 000003f0: 00000000 00000000 00000000 00000000
[ 4.296711] ufshcd-qcom 1da4000.ufshc: UFS Host state=0
[ 4.302335] ufshcd-qcom 1da4000.ufshc: lrb in use=0x0, outstanding reqs=0x0 tasks=0x0
[ 4.307435] ufshcd-qcom 1da4000.ufshc: saved_err=0x0, saved_uic_err=0x0
[ 4.315388] ufshcd-qcom 1da4000.ufshc: Device power mode=0, UIC link state=0
[ 4.321825] ufshcd-qcom 1da4000.ufshc: PM in progress=0, sys. suspended=0
[ 4.329107] ufshcd-qcom 1da4000.ufshc: Auto BKOPS=0, Host self-block=0
[ 4.335781] ufshcd-qcom 1da4000.ufshc: Clk gate=1
[ 4.342170] ufshcd-qcom 1da4000.ufshc: error handling flags=0x0, req. abort count=0
[ 4.347004] ufshcd-qcom 1da4000.ufshc: Host capabilities=0x1587001f, caps=0xf
[ 4.354464] ufshcd-qcom 1da4000.ufshc: quirks=0x0, dev. quirks=0x0
[ 4.363091] ufshcd-qcom 1da4000.ufshc: __ufshcd_setup_clocks: clk: core_clk disabled
[ 4.367870] ufshcd-qcom 1da4000.ufshc: __ufshcd_setup_clocks: clk: bus_aggr_clk disabled
[ 4.375771] ufshcd-qcom 1da4000.ufshc: __ufshcd_setup_clocks: clk: iface_clk disabled
[ 4.383847] ufshcd-qcom 1da4000.ufshc: __ufshcd_setup_clocks: clk: core_clk_unipro disabled
[ 4.391561] ufshcd-qcom 1da4000.ufshc: __ufshcd_setup_clocks: clk: core_clk_ice disabled
[ 4.400016] ufshcd-qcom 1da4000.ufshc: __ufshcd_setup_clocks: clk: ref_clk disabled
[ 4.408039] ufshcd-qcom 1da4000.ufshc: __ufshcd_setup_clocks: clk: tx_lane0_sync_clk disabled
[ 4.415444] ufshcd-qcom 1da4000.ufshc: __ufshcd_setup_clocks: clk: rx_lane0_sync_clk disabled
[ 4.424115] ufshcd-qcom 1da4000.ufshc: __ufshcd_setup_clocks: clk: rx_lane1_sync_clk disabled
[ 4.432621] ufshcd-qcom 1da4000.ufshc: Initialization failed
[ 4.485263] ufshcd-qcom 1da4000.ufshc: ufshcd_pltfrm_init() failed -5
[ 4.486307] ufshcd-qcom 1da4000.ufshc: Dropping the link to regulator.5
[ 4.490990] ufshcd-qcom 1da4000.ufshc: Dropping the link to regulator.40
[ 4.497413] ufshcd-qcom 1da4000.ufshc: Dropping the link to regulator.34
[ 4.504327] ufshcd-qcom: probe of 1da4000.ufshc failed with error -5
[ 4.511176] Unable to handle kernel paging request at virtual address 0000000a00000000
[ 4.517293] Mem abort info:
[ 4.524887] ESR = 0x96000004
[ 4.527599] Exception class = DABT (current EL), IL = 32 bits
[ 4.530775] SET = 0, FnV = 0
[ 4.536525] EA = 0, S1PTW = 0
[ 4.539651] Data abort info:
[ 4.542689] ISV = 0, ISS = 0x00000004
[ 4.545831] CM = 0, WnR = 0
[ 4.549381] [0000000a00000000] user address but active_mm is swapper
[ 4.552584] Internal error: Oops: 96000004 [#1] PREEMPT SMP
[ 4.558981] Modules linked in:
[ 4.564237] CPU: 1 PID: 1 Comm: swapper/0 Tainted: G S 4.20.0-rc4 #12
[ 4.567444] Hardware name: Qualcomm Technologies, Inc. MSM8998 v1 MTP (DT)
[ 4.575334] pstate: 20000005 (nzCv daif -PAN -UAO)
[ 4.582035] pc : kmem_cache_alloc+0xbc/0x1f0
[ 4.586732] lr : kmem_cache_alloc+0x30/0x1f0
[ 4.591153] sp : ffff00000807bce0
[ 4.595384] x29: ffff00000807bce0 x28: 0000000000000007
[ 4.598644] x27: ffff0000089db068 x26: ffff000008961db8
[ 4.604018] x25: ffff000008970634 x24: ffff00000924e000
[ 4.609314] x23: 000000000003be81 x22: ffff00000835166c
[ 4.614610] x21: 00000000006000c0 x20: ffff8000f9c03c80
[ 4.619904] x19: 0000000a00000000 x18: ffffffffffffffff
[ 4.625199] x17: 0000000000000000 x16: 0000000000000000
[ 4.630495] x15: ffff0000091a9648 x14: ffff8000f8e5e91c
[ 4.635791] x13: ffff8000f8e5e16d x12: 0000000000000010
[ 4.641086] x11: 0101010101010101 x10: 7f7f7f7f7f7f7f7f
[ 4.646382] x9 : 625e7377645e6372 x8 : 7f7f7f7f7f7f7f7f
[ 4.651678] x7 : ffff000009289000 x6 : 0000000000000000
[ 4.656973] x5 : ffff8000f96b8000 x4 : 0000000080808081
[ 4.662269] x3 : 000000000003be81 x2 : ffff7e0003db5740
[ 4.667565] x1 : 0000000000000000 x0 : 0000000000000001
[ 4.672867] Process swapper/0 (pid: 1, stack limit = 0x(____ptrval____))
[ 4.678190] Call trace:
[ 4.684774] kmem_cache_alloc+0xbc/0x1f0
[ 4.687013] register_blkdev+0x6c/0x1b0
[ 4.691171] init_sd+0x3c/0x17c
[ 4.694696] do_one_initcall+0x5c/0x180
[ 4.697847] kernel_init_freeable+0x198/0x244
[ 4.701682] kernel_init+0x10/0x110
[ 4.706150] ret_from_fork+0x10/0x20
[ 4.709459] Code: f9001fb8 b9402281 b94010a0 11000400 (f8616a78)
[ 4.713398] ---[ end trace 5569ef4940f46939 ]---
[ 4.719345] Kernel panic - not syncing: Attempted to kill init! exitcode=0x0000000b
[ 4.724042] SMP: stopping secondary CPUs
[ 4.731351] Kernel Offset: disabled
[ 4.735492] CPU features: 0x2,21802008
[ 4.738711] Memory Limit: none
[ 4.742521] ---[ end Kernel panic - not syncing: Attempted to kill init! exitcode=0x0000000b ]---
Rebooting, I get yet another failure:
[ 4.295129] UNIPRO_TEST_BUS 000003e0: 00000000 00000000 00000000 00000000
[ 4.301900] UNIPRO_TEST_BUS 000003f0: 00000000 00000000 00000000 00000000
[ 4.309776] ufshcd-qcom 1da4000.ufshc: UFS Host state=0
[ 4.315409] ufshcd-qcom 1da4000.ufshc: lrb in use=0x0, outstanding reqs=0x0 tasks=0x0
[ 4.320501] ufshcd-qcom 1da4000.ufshc: saved_err=0x0, saved_uic_err=0x0
[ 4.328454] ufshcd-qcom 1da4000.ufshc: Device power mode=0, UIC link state=0
[ 4.334890] ufshcd-qcom 1da4000.ufshc: PM in progress=0, sys. suspended=0
[ 4.342179] ufshcd-qcom 1da4000.ufshc: Auto BKOPS=0, Host self-block=0
[ 4.348853] ufshcd-qcom 1da4000.ufshc: Clk gate=1
[ 4.355242] ufshcd-qcom 1da4000.ufshc: error handling flags=0x0, req. abort count=0
[ 4.360076] ufshcd-qcom 1da4000.ufshc: Host capabilities=0x1587001f, caps=0xf
[ 4.367529] ufshcd-qcom 1da4000.ufshc: quirks=0x0, dev. quirks=0x0
[ 4.376153] ufshcd-qcom 1da4000.ufshc: __ufshcd_setup_clocks: clk: core_clk disabled
[ 4.380934] ufshcd-qcom 1da4000.ufshc: __ufshcd_setup_clocks: clk: bus_aggr_clk disabled
[ 4.388836] ufshcd-qcom 1da4000.ufshc: __ufshcd_setup_clocks: clk: iface_clk disabled
[ 4.396918] ufshcd-qcom 1da4000.ufshc: __ufshcd_setup_clocks: clk: core_clk_unipro disabled
[ 4.404633] ufshcd-qcom 1da4000.ufshc: __ufshcd_setup_clocks: clk: core_clk_ice disabled
[ 4.413079] ufshcd-qcom 1da4000.ufshc: __ufshcd_setup_clocks: clk: ref_clk disabled
[ 4.421113] ufshcd-qcom 1da4000.ufshc: __ufshcd_setup_clocks: clk: tx_lane0_sync_clk disabled
[ 4.428506] ufshcd-qcom 1da4000.ufshc: __ufshcd_setup_clocks: clk: rx_lane0_sync_clk disabled
[ 4.437187] ufshcd-qcom 1da4000.ufshc: __ufshcd_setup_clocks: clk: rx_lane1_sync_clk disabled
[ 4.445686] ufshcd-qcom 1da4000.ufshc: Initialization failed
[ 4.486278] ufshcd-qcom 1da4000.ufshc: ufshcd_pltfrm_init() failed -5
[ 4.487401] ufshcd-qcom 1da4000.ufshc: Dropping the link to regulator.5
[ 4.491976] ufshcd-qcom 1da4000.ufshc: Dropping the link to regulator.40
[ 4.498412] ufshcd-qcom 1da4000.ufshc: Dropping the link to regulator.34
[ 4.505334] ufshcd-qcom: probe of 1da4000.ufshc failed with error -5
[ 4.513185] spmi spmi-0: PMIC arbiter version v3 (0x30000000)
[ 4.524036] Unable to handle kernel paging request at virtual address 0039b70e092828aa
[ 4.524258] Mem abort info:
[ 4.531662] ESR = 0x96000004
[ 4.534331] Exception class = DABT (current EL), IL = 32 bits
[ 4.537507] SET = 0, FnV = 0
[ 4.543268] EA = 0, S1PTW = 0
[ 4.546396] Data abort info:
[ 4.549432] ISV = 0, ISS = 0x00000004
[ 4.552574] CM = 0, WnR = 0
[ 4.556124] [0039b70e092828aa] address between user and kernel address ranges
[ 4.559346] Internal error: Oops: 96000004 [#1] PREEMPT SMP
[ 4.566420] Modules linked in:
[ 4.571757] CPU: 2 PID: 1 Comm: swapper/0 Tainted: G S 4.20.0-rc4 #12
[ 4.574971] Hardware name: Qualcomm Technologies, Inc. MSM8998 v1 MTP (DT)
[ 4.582859] pstate: 60000005 (nZCv daif -PAN -UAO)
[ 4.589561] pc : kmem_cache_alloc_node+0x13c/0x210
[ 4.594259] lr : kmem_cache_alloc_node+0x38/0x210
[ 4.599030] sp : ffff00000807b290
[ 4.603777] x29: ffff00000807b290 x28: 0000000000000000
[ 4.607122] x27: 0000000000000022 x26: 0000000000000000
[ 4.612505] x25: 00000000ffffffff x24: 0000000000002942
[ 4.617801] x23: ffff000008108824 x22: 00000000ffffffff
[ 4.623097] x21: 00000000006080c0 x20: ffff8000f9c03980
[ 4.628391] x19: 0039b70e092828aa x18: ffffffffffffffff
[ 4.633686] x17: 0000000000000000 x16: 0000000000000000
[ 4.638982] x15: ffff0000091a9648 x14: ffff8000f6e35283
[ 4.644270] x13: ffff8000f6e35282 x12: 0000000000000038
[ 4.649565] x11: 000000000000000b x10: 0101010101010101
[ 4.654861] x9 : ffffffffffffffff x8 : 7f7f7f7f7f7f7f7f
[ 4.660157] x7 : fefefeff646c606d x6 : 0000000000000001
[ 4.665452] x5 : ffff8000f96b8000 x4 : 0000000000000000
[ 4.670748] x3 : 0000000000002942 x2 : 00008000f5187000
[ 4.676044] x1 : 0000000000000000 x0 : 0000000000000000
[ 4.681343] Process swapper/0 (pid: 1, stack limit = 0x(____ptrval____))
[ 4.686677] Call trace:
[ 4.693254] kmem_cache_alloc_node+0x13c/0x210
[ 4.695483] alloc_desc+0x44/0x1b0
[ 4.699977] __irq_alloc_descs+0x1fc/0x2b0
[ 4.703367] irq_domain_alloc_descs+0x50/0xe0
[ 4.707451] irq_create_mapping+0x94/0x130
[ 4.711865] irq_create_fwspec_mapping+0x190/0x310
[ 4.715876] irq_create_of_mapping+0x80/0xa0
[ 4.720662] of_irq_get+0x74/0xe0
[ 4.725041] of_irq_to_resource+0x38/0x100
[ 4.728274] of_irq_to_resource_table+0x50/0x80
[ 4.732291] of_device_alloc+0x11c/0x1f0
[ 4.736689] of_platform_device_create_pdata+0x74/0x130
[ 4.740882] of_platform_bus_create+0x174/0x370
[ 4.745812] of_platform_populate+0x78/0xe0
[ 4.750321] devm_of_platform_populate+0x50/0xb0
[ 4.754526] pmic_spmi_probe+0x54/0xf0
[ 4.759362] spmi_drv_probe+0x48/0xc0
[ 4.762919] really_probe+0x1f0/0x2a0
[ 4.766632] driver_probe_device+0x58/0x100
[ 4.770286] __device_attach_driver+0x98/0xf0
[ 4.774291] bus_for_each_drv+0x64/0xd0
[ 4.778785] __device_attach+0xd8/0x130
[ 4.782429] device_initial_probe+0x10/0x20
[ 4.786258] bus_probe_device+0x90/0xa0
[ 4.790424] device_add+0x454/0x630
[ 4.794230] spmi_device_add+0x30/0x80
[ 4.797712] spmi_controller_add+0xd0/0x1d0
[ 4.801535] spmi_pmic_arb_probe+0x398/0x540
[ 4.805629] platform_drv_probe+0x50/0xa0
[ 4.810130] really_probe+0x1f0/0x2a0
[ 4.814030] driver_probe_device+0x58/0x100
[ 4.817683] __driver_attach+0xd4/0xe0
[ 4.821669] bus_for_each_dev+0x74/0xd0
[ 4.825481] driver_attach+0x20/0x30
[ 4.829223] bus_add_driver+0x1ac/0x220
[ 4.833033] driver_register+0x60/0x110
[ 4.836601] __platform_driver_register+0x40/0x50
[ 4.840465] spmi_pmic_arb_driver_init+0x18/0x20
[ 4.845314] do_one_initcall+0x5c/0x180
[ 4.849991] kernel_init_freeable+0x198/0x244
[ 4.853537] kernel_init+0x10/0x110
[ 4.858036] ret_from_fork+0x10/0x20
[ 4.861350] Code: 17ffffc5 b9402281 d5384105 b94010a0 (f8616a79)
[ 4.865287] ---[ end trace 018ba04c46f3a5d7 ]---
[ 4.871243] Kernel panic - not syncing: Attempted to kill init! exitcode=0x0000000b
[ 4.875921] SMP: stopping secondary CPUs
[ 4.883238] Kernel Offset: disabled
[ 4.887377] CPU features: 0x2,21802008
[ 4.890588] Memory Limit: none
[ 4.894398] ---[ end Kernel panic - not syncing: Attempted to kill init! exitcode=0x0000000b ]---
Looks like the UFS debug code might be smashing memory it doesn't own?
I'm kinda puzzled right now. I'll keep digging.
Are there debug options that might help figuring things out? UBSAN?
Regards.
_______________________________________________
linux-arm-kernel mailing list
linux-arm-kernel@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/linux-arm-kernel
^ permalink raw reply [flat|nested] 16+ messages in thread
* Re: ufs_qcom_dump_dbg_regs makes the kernel panic
2018-12-11 10:48 ` Marc Gonzalez
@ 2018-12-11 11:56 ` Robin Murphy
-1 siblings, 0 replies; 16+ messages in thread
From: Robin Murphy @ 2018-12-11 11:56 UTC (permalink / raw)
To: Marc Gonzalez, Jeffrey Hugo, Vivek Gautam, Bjorn Andersson,
Andy Gross, David Brown
Cc: MSM, Linux ARM
On 11/12/2018 10:48, Marc Gonzalez wrote:
> On 10/12/2018 16:54, Robin Murphy wrote:
>
>> On 10/12/2018 14:57, Marc Gonzalez wrote:
>> [...]
>>> [ 14.135960] ufshcd-qcom 1da4000.ufshc: __ufshcd_setup_clocks: clk: core_clk disabled
>>> [ 14.140789] ufshcd-qcom 1da4000.ufshc: __ufshcd_setup_clocks: clk: bus_aggr_clk disabled
>>> [ 14.148604] ufshcd-qcom 1da4000.ufshc: __ufshcd_setup_clocks: clk: iface_clk disabled
>>> [ 14.156687] ufshcd-qcom 1da4000.ufshc: __ufshcd_setup_clocks: clk: core_clk_unipro disabled
>>> [ 14.164398] ufshcd-qcom 1da4000.ufshc: __ufshcd_setup_clocks: clk: core_clk_ice disabled
>>> [ 14.172866] ufshcd-qcom 1da4000.ufshc: __ufshcd_setup_clocks: clk: ref_clk disabled
>>> [ 14.180878] ufshcd-qcom 1da4000.ufshc: __ufshcd_setup_clocks: clk: tx_lane0_sync_clk disabled
>>> [ 14.188272] ufshcd-qcom 1da4000.ufshc: __ufshcd_setup_clocks: clk: rx_lane0_sync_clk disabled
>>> [ 14.196958] ufshcd-qcom 1da4000.ufshc: __ufshcd_setup_clocks: clk: rx_lane1_sync_clk disabled
>>> /*** System hangs here ***/
>>
>> Looks like it's time to rule out the obvious and crank up the
>> clock/power domain debugging to see if turning off all this stuff
>> inadvertently also turns off something else important (and/or the
>> primary CPU gets wedged trying to read some now-unclocked register).
>
> For the record, I'm seeing different types of failures: the synchronous abort
> (which I have hopefully fixed), the hard lockup, and now this MMU fault(?)
>
> [ 4.282053] UNIPRO_TEST_BUS 000003e0: 00000000 00000000 00000000 00000000
> [ 4.288833] UNIPRO_TEST_BUS 000003f0: 00000000 00000000 00000000 00000000
> [ 4.296711] ufshcd-qcom 1da4000.ufshc: UFS Host state=0
> [ 4.302335] ufshcd-qcom 1da4000.ufshc: lrb in use=0x0, outstanding reqs=0x0 tasks=0x0
> [ 4.307435] ufshcd-qcom 1da4000.ufshc: saved_err=0x0, saved_uic_err=0x0
> [ 4.315388] ufshcd-qcom 1da4000.ufshc: Device power mode=0, UIC link state=0
> [ 4.321825] ufshcd-qcom 1da4000.ufshc: PM in progress=0, sys. suspended=0
> [ 4.329107] ufshcd-qcom 1da4000.ufshc: Auto BKOPS=0, Host self-block=0
> [ 4.335781] ufshcd-qcom 1da4000.ufshc: Clk gate=1
> [ 4.342170] ufshcd-qcom 1da4000.ufshc: error handling flags=0x0, req. abort count=0
> [ 4.347004] ufshcd-qcom 1da4000.ufshc: Host capabilities=0x1587001f, caps=0xf
> [ 4.354464] ufshcd-qcom 1da4000.ufshc: quirks=0x0, dev. quirks=0x0
> [ 4.363091] ufshcd-qcom 1da4000.ufshc: __ufshcd_setup_clocks: clk: core_clk disabled
> [ 4.367870] ufshcd-qcom 1da4000.ufshc: __ufshcd_setup_clocks: clk: bus_aggr_clk disabled
> [ 4.375771] ufshcd-qcom 1da4000.ufshc: __ufshcd_setup_clocks: clk: iface_clk disabled
> [ 4.383847] ufshcd-qcom 1da4000.ufshc: __ufshcd_setup_clocks: clk: core_clk_unipro disabled
> [ 4.391561] ufshcd-qcom 1da4000.ufshc: __ufshcd_setup_clocks: clk: core_clk_ice disabled
> [ 4.400016] ufshcd-qcom 1da4000.ufshc: __ufshcd_setup_clocks: clk: ref_clk disabled
> [ 4.408039] ufshcd-qcom 1da4000.ufshc: __ufshcd_setup_clocks: clk: tx_lane0_sync_clk disabled
> [ 4.415444] ufshcd-qcom 1da4000.ufshc: __ufshcd_setup_clocks: clk: rx_lane0_sync_clk disabled
> [ 4.424115] ufshcd-qcom 1da4000.ufshc: __ufshcd_setup_clocks: clk: rx_lane1_sync_clk disabled
> [ 4.432621] ufshcd-qcom 1da4000.ufshc: Initialization failed
> [ 4.485263] ufshcd-qcom 1da4000.ufshc: ufshcd_pltfrm_init() failed -5
> [ 4.486307] ufshcd-qcom 1da4000.ufshc: Dropping the link to regulator.5
> [ 4.490990] ufshcd-qcom 1da4000.ufshc: Dropping the link to regulator.40
> [ 4.497413] ufshcd-qcom 1da4000.ufshc: Dropping the link to regulator.34
> [ 4.504327] ufshcd-qcom: probe of 1da4000.ufshc failed with error -5
> [ 4.511176] Unable to handle kernel paging request at virtual address 0000000a00000000
> [ 4.517293] Mem abort info:
> [ 4.524887] ESR = 0x96000004
> [ 4.527599] Exception class = DABT (current EL), IL = 32 bits
> [ 4.530775] SET = 0, FnV = 0
> [ 4.536525] EA = 0, S1PTW = 0
> [ 4.539651] Data abort info:
> [ 4.542689] ISV = 0, ISS = 0x00000004
> [ 4.545831] CM = 0, WnR = 0
> [ 4.549381] [0000000a00000000] user address but active_mm is swapper
> [ 4.552584] Internal error: Oops: 96000004 [#1] PREEMPT SMP
> [ 4.558981] Modules linked in:
> [ 4.564237] CPU: 1 PID: 1 Comm: swapper/0 Tainted: G S 4.20.0-rc4 #12
> [ 4.567444] Hardware name: Qualcomm Technologies, Inc. MSM8998 v1 MTP (DT)
> [ 4.575334] pstate: 20000005 (nzCv daif -PAN -UAO)
> [ 4.582035] pc : kmem_cache_alloc+0xbc/0x1f0
> [ 4.586732] lr : kmem_cache_alloc+0x30/0x1f0
> [ 4.591153] sp : ffff00000807bce0
> [ 4.595384] x29: ffff00000807bce0 x28: 0000000000000007
> [ 4.598644] x27: ffff0000089db068 x26: ffff000008961db8
> [ 4.604018] x25: ffff000008970634 x24: ffff00000924e000
> [ 4.609314] x23: 000000000003be81 x22: ffff00000835166c
> [ 4.614610] x21: 00000000006000c0 x20: ffff8000f9c03c80
> [ 4.619904] x19: 0000000a00000000 x18: ffffffffffffffff
> [ 4.625199] x17: 0000000000000000 x16: 0000000000000000
> [ 4.630495] x15: ffff0000091a9648 x14: ffff8000f8e5e91c
> [ 4.635791] x13: ffff8000f8e5e16d x12: 0000000000000010
> [ 4.641086] x11: 0101010101010101 x10: 7f7f7f7f7f7f7f7f
> [ 4.646382] x9 : 625e7377645e6372 x8 : 7f7f7f7f7f7f7f7f
> [ 4.651678] x7 : ffff000009289000 x6 : 0000000000000000
> [ 4.656973] x5 : ffff8000f96b8000 x4 : 0000000080808081
> [ 4.662269] x3 : 000000000003be81 x2 : ffff7e0003db5740
> [ 4.667565] x1 : 0000000000000000 x0 : 0000000000000001
> [ 4.672867] Process swapper/0 (pid: 1, stack limit = 0x(____ptrval____))
> [ 4.678190] Call trace:
> [ 4.684774] kmem_cache_alloc+0xbc/0x1f0
> [ 4.687013] register_blkdev+0x6c/0x1b0
> [ 4.691171] init_sd+0x3c/0x17c
> [ 4.694696] do_one_initcall+0x5c/0x180
> [ 4.697847] kernel_init_freeable+0x198/0x244
> [ 4.701682] kernel_init+0x10/0x110
> [ 4.706150] ret_from_fork+0x10/0x20
> [ 4.709459] Code: f9001fb8 b9402281 b94010a0 11000400 (f8616a78)
> [ 4.713398] ---[ end trace 5569ef4940f46939 ]---
> [ 4.719345] Kernel panic - not syncing: Attempted to kill init! exitcode=0x0000000b
> [ 4.724042] SMP: stopping secondary CPUs
> [ 4.731351] Kernel Offset: disabled
> [ 4.735492] CPU features: 0x2,21802008
> [ 4.738711] Memory Limit: none
> [ 4.742521] ---[ end Kernel panic - not syncing: Attempted to kill init! exitcode=0x0000000b ]---
>
>
> Rebooting, I get yet another failure:
>
> [ 4.295129] UNIPRO_TEST_BUS 000003e0: 00000000 00000000 00000000 00000000
> [ 4.301900] UNIPRO_TEST_BUS 000003f0: 00000000 00000000 00000000 00000000
> [ 4.309776] ufshcd-qcom 1da4000.ufshc: UFS Host state=0
> [ 4.315409] ufshcd-qcom 1da4000.ufshc: lrb in use=0x0, outstanding reqs=0x0 tasks=0x0
> [ 4.320501] ufshcd-qcom 1da4000.ufshc: saved_err=0x0, saved_uic_err=0x0
> [ 4.328454] ufshcd-qcom 1da4000.ufshc: Device power mode=0, UIC link state=0
> [ 4.334890] ufshcd-qcom 1da4000.ufshc: PM in progress=0, sys. suspended=0
> [ 4.342179] ufshcd-qcom 1da4000.ufshc: Auto BKOPS=0, Host self-block=0
> [ 4.348853] ufshcd-qcom 1da4000.ufshc: Clk gate=1
> [ 4.355242] ufshcd-qcom 1da4000.ufshc: error handling flags=0x0, req. abort count=0
> [ 4.360076] ufshcd-qcom 1da4000.ufshc: Host capabilities=0x1587001f, caps=0xf
> [ 4.367529] ufshcd-qcom 1da4000.ufshc: quirks=0x0, dev. quirks=0x0
> [ 4.376153] ufshcd-qcom 1da4000.ufshc: __ufshcd_setup_clocks: clk: core_clk disabled
> [ 4.380934] ufshcd-qcom 1da4000.ufshc: __ufshcd_setup_clocks: clk: bus_aggr_clk disabled
> [ 4.388836] ufshcd-qcom 1da4000.ufshc: __ufshcd_setup_clocks: clk: iface_clk disabled
> [ 4.396918] ufshcd-qcom 1da4000.ufshc: __ufshcd_setup_clocks: clk: core_clk_unipro disabled
> [ 4.404633] ufshcd-qcom 1da4000.ufshc: __ufshcd_setup_clocks: clk: core_clk_ice disabled
> [ 4.413079] ufshcd-qcom 1da4000.ufshc: __ufshcd_setup_clocks: clk: ref_clk disabled
> [ 4.421113] ufshcd-qcom 1da4000.ufshc: __ufshcd_setup_clocks: clk: tx_lane0_sync_clk disabled
> [ 4.428506] ufshcd-qcom 1da4000.ufshc: __ufshcd_setup_clocks: clk: rx_lane0_sync_clk disabled
> [ 4.437187] ufshcd-qcom 1da4000.ufshc: __ufshcd_setup_clocks: clk: rx_lane1_sync_clk disabled
> [ 4.445686] ufshcd-qcom 1da4000.ufshc: Initialization failed
> [ 4.486278] ufshcd-qcom 1da4000.ufshc: ufshcd_pltfrm_init() failed -5
> [ 4.487401] ufshcd-qcom 1da4000.ufshc: Dropping the link to regulator.5
> [ 4.491976] ufshcd-qcom 1da4000.ufshc: Dropping the link to regulator.40
> [ 4.498412] ufshcd-qcom 1da4000.ufshc: Dropping the link to regulator.34
> [ 4.505334] ufshcd-qcom: probe of 1da4000.ufshc failed with error -5
> [ 4.513185] spmi spmi-0: PMIC arbiter version v3 (0x30000000)
> [ 4.524036] Unable to handle kernel paging request at virtual address 0039b70e092828aa
> [ 4.524258] Mem abort info:
> [ 4.531662] ESR = 0x96000004
> [ 4.534331] Exception class = DABT (current EL), IL = 32 bits
> [ 4.537507] SET = 0, FnV = 0
> [ 4.543268] EA = 0, S1PTW = 0
> [ 4.546396] Data abort info:
> [ 4.549432] ISV = 0, ISS = 0x00000004
> [ 4.552574] CM = 0, WnR = 0
> [ 4.556124] [0039b70e092828aa] address between user and kernel address ranges
> [ 4.559346] Internal error: Oops: 96000004 [#1] PREEMPT SMP
> [ 4.566420] Modules linked in:
> [ 4.571757] CPU: 2 PID: 1 Comm: swapper/0 Tainted: G S 4.20.0-rc4 #12
> [ 4.574971] Hardware name: Qualcomm Technologies, Inc. MSM8998 v1 MTP (DT)
> [ 4.582859] pstate: 60000005 (nZCv daif -PAN -UAO)
> [ 4.589561] pc : kmem_cache_alloc_node+0x13c/0x210
> [ 4.594259] lr : kmem_cache_alloc_node+0x38/0x210
> [ 4.599030] sp : ffff00000807b290
> [ 4.603777] x29: ffff00000807b290 x28: 0000000000000000
> [ 4.607122] x27: 0000000000000022 x26: 0000000000000000
> [ 4.612505] x25: 00000000ffffffff x24: 0000000000002942
> [ 4.617801] x23: ffff000008108824 x22: 00000000ffffffff
> [ 4.623097] x21: 00000000006080c0 x20: ffff8000f9c03980
> [ 4.628391] x19: 0039b70e092828aa x18: ffffffffffffffff
> [ 4.633686] x17: 0000000000000000 x16: 0000000000000000
> [ 4.638982] x15: ffff0000091a9648 x14: ffff8000f6e35283
> [ 4.644270] x13: ffff8000f6e35282 x12: 0000000000000038
> [ 4.649565] x11: 000000000000000b x10: 0101010101010101
> [ 4.654861] x9 : ffffffffffffffff x8 : 7f7f7f7f7f7f7f7f
> [ 4.660157] x7 : fefefeff646c606d x6 : 0000000000000001
> [ 4.665452] x5 : ffff8000f96b8000 x4 : 0000000000000000
> [ 4.670748] x3 : 0000000000002942 x2 : 00008000f5187000
> [ 4.676044] x1 : 0000000000000000 x0 : 0000000000000000
> [ 4.681343] Process swapper/0 (pid: 1, stack limit = 0x(____ptrval____))
> [ 4.686677] Call trace:
> [ 4.693254] kmem_cache_alloc_node+0x13c/0x210
> [ 4.695483] alloc_desc+0x44/0x1b0
> [ 4.699977] __irq_alloc_descs+0x1fc/0x2b0
> [ 4.703367] irq_domain_alloc_descs+0x50/0xe0
> [ 4.707451] irq_create_mapping+0x94/0x130
> [ 4.711865] irq_create_fwspec_mapping+0x190/0x310
> [ 4.715876] irq_create_of_mapping+0x80/0xa0
> [ 4.720662] of_irq_get+0x74/0xe0
> [ 4.725041] of_irq_to_resource+0x38/0x100
> [ 4.728274] of_irq_to_resource_table+0x50/0x80
> [ 4.732291] of_device_alloc+0x11c/0x1f0
> [ 4.736689] of_platform_device_create_pdata+0x74/0x130
> [ 4.740882] of_platform_bus_create+0x174/0x370
> [ 4.745812] of_platform_populate+0x78/0xe0
> [ 4.750321] devm_of_platform_populate+0x50/0xb0
> [ 4.754526] pmic_spmi_probe+0x54/0xf0
> [ 4.759362] spmi_drv_probe+0x48/0xc0
> [ 4.762919] really_probe+0x1f0/0x2a0
> [ 4.766632] driver_probe_device+0x58/0x100
> [ 4.770286] __device_attach_driver+0x98/0xf0
> [ 4.774291] bus_for_each_drv+0x64/0xd0
> [ 4.778785] __device_attach+0xd8/0x130
> [ 4.782429] device_initial_probe+0x10/0x20
> [ 4.786258] bus_probe_device+0x90/0xa0
> [ 4.790424] device_add+0x454/0x630
> [ 4.794230] spmi_device_add+0x30/0x80
> [ 4.797712] spmi_controller_add+0xd0/0x1d0
> [ 4.801535] spmi_pmic_arb_probe+0x398/0x540
> [ 4.805629] platform_drv_probe+0x50/0xa0
> [ 4.810130] really_probe+0x1f0/0x2a0
> [ 4.814030] driver_probe_device+0x58/0x100
> [ 4.817683] __driver_attach+0xd4/0xe0
> [ 4.821669] bus_for_each_dev+0x74/0xd0
> [ 4.825481] driver_attach+0x20/0x30
> [ 4.829223] bus_add_driver+0x1ac/0x220
> [ 4.833033] driver_register+0x60/0x110
> [ 4.836601] __platform_driver_register+0x40/0x50
> [ 4.840465] spmi_pmic_arb_driver_init+0x18/0x20
> [ 4.845314] do_one_initcall+0x5c/0x180
> [ 4.849991] kernel_init_freeable+0x198/0x244
> [ 4.853537] kernel_init+0x10/0x110
> [ 4.858036] ret_from_fork+0x10/0x20
> [ 4.861350] Code: 17ffffc5 b9402281 d5384105 b94010a0 (f8616a79)
> [ 4.865287] ---[ end trace 018ba04c46f3a5d7 ]---
> [ 4.871243] Kernel panic - not syncing: Attempted to kill init! exitcode=0x0000000b
> [ 4.875921] SMP: stopping secondary CPUs
> [ 4.883238] Kernel Offset: disabled
> [ 4.887377] CPU features: 0x2,21802008
> [ 4.890588] Memory Limit: none
> [ 4.894398] ---[ end Kernel panic - not syncing: Attempted to kill init! exitcode=0x0000000b ]---
>
>
>
> Looks like the UFS debug code might be smashing memory it doesn't own?
> I'm kinda puzzled right now. I'll keep digging.
> Are there debug options that might help figuring things out? UBSAN?
Oh, that does rather look like something stomping all over the slab
allocator. I'd start with CONFIG_KASAN and CONFIG_SLUB_DEBUG_ON to to
catch any obvious out-of-bounds/use-after-free/double-free conditions.
Robin.
^ permalink raw reply [flat|nested] 16+ messages in thread
* Re: ufs_qcom_dump_dbg_regs makes the kernel panic
@ 2018-12-11 11:56 ` Robin Murphy
0 siblings, 0 replies; 16+ messages in thread
From: Robin Murphy @ 2018-12-11 11:56 UTC (permalink / raw)
To: Marc Gonzalez, Jeffrey Hugo, Vivek Gautam, Bjorn Andersson,
Andy Gross, David Brown
Cc: MSM, Linux ARM
On 11/12/2018 10:48, Marc Gonzalez wrote:
> On 10/12/2018 16:54, Robin Murphy wrote:
>
>> On 10/12/2018 14:57, Marc Gonzalez wrote:
>> [...]
>>> [ 14.135960] ufshcd-qcom 1da4000.ufshc: __ufshcd_setup_clocks: clk: core_clk disabled
>>> [ 14.140789] ufshcd-qcom 1da4000.ufshc: __ufshcd_setup_clocks: clk: bus_aggr_clk disabled
>>> [ 14.148604] ufshcd-qcom 1da4000.ufshc: __ufshcd_setup_clocks: clk: iface_clk disabled
>>> [ 14.156687] ufshcd-qcom 1da4000.ufshc: __ufshcd_setup_clocks: clk: core_clk_unipro disabled
>>> [ 14.164398] ufshcd-qcom 1da4000.ufshc: __ufshcd_setup_clocks: clk: core_clk_ice disabled
>>> [ 14.172866] ufshcd-qcom 1da4000.ufshc: __ufshcd_setup_clocks: clk: ref_clk disabled
>>> [ 14.180878] ufshcd-qcom 1da4000.ufshc: __ufshcd_setup_clocks: clk: tx_lane0_sync_clk disabled
>>> [ 14.188272] ufshcd-qcom 1da4000.ufshc: __ufshcd_setup_clocks: clk: rx_lane0_sync_clk disabled
>>> [ 14.196958] ufshcd-qcom 1da4000.ufshc: __ufshcd_setup_clocks: clk: rx_lane1_sync_clk disabled
>>> /*** System hangs here ***/
>>
>> Looks like it's time to rule out the obvious and crank up the
>> clock/power domain debugging to see if turning off all this stuff
>> inadvertently also turns off something else important (and/or the
>> primary CPU gets wedged trying to read some now-unclocked register).
>
> For the record, I'm seeing different types of failures: the synchronous abort
> (which I have hopefully fixed), the hard lockup, and now this MMU fault(?)
>
> [ 4.282053] UNIPRO_TEST_BUS 000003e0: 00000000 00000000 00000000 00000000
> [ 4.288833] UNIPRO_TEST_BUS 000003f0: 00000000 00000000 00000000 00000000
> [ 4.296711] ufshcd-qcom 1da4000.ufshc: UFS Host state=0
> [ 4.302335] ufshcd-qcom 1da4000.ufshc: lrb in use=0x0, outstanding reqs=0x0 tasks=0x0
> [ 4.307435] ufshcd-qcom 1da4000.ufshc: saved_err=0x0, saved_uic_err=0x0
> [ 4.315388] ufshcd-qcom 1da4000.ufshc: Device power mode=0, UIC link state=0
> [ 4.321825] ufshcd-qcom 1da4000.ufshc: PM in progress=0, sys. suspended=0
> [ 4.329107] ufshcd-qcom 1da4000.ufshc: Auto BKOPS=0, Host self-block=0
> [ 4.335781] ufshcd-qcom 1da4000.ufshc: Clk gate=1
> [ 4.342170] ufshcd-qcom 1da4000.ufshc: error handling flags=0x0, req. abort count=0
> [ 4.347004] ufshcd-qcom 1da4000.ufshc: Host capabilities=0x1587001f, caps=0xf
> [ 4.354464] ufshcd-qcom 1da4000.ufshc: quirks=0x0, dev. quirks=0x0
> [ 4.363091] ufshcd-qcom 1da4000.ufshc: __ufshcd_setup_clocks: clk: core_clk disabled
> [ 4.367870] ufshcd-qcom 1da4000.ufshc: __ufshcd_setup_clocks: clk: bus_aggr_clk disabled
> [ 4.375771] ufshcd-qcom 1da4000.ufshc: __ufshcd_setup_clocks: clk: iface_clk disabled
> [ 4.383847] ufshcd-qcom 1da4000.ufshc: __ufshcd_setup_clocks: clk: core_clk_unipro disabled
> [ 4.391561] ufshcd-qcom 1da4000.ufshc: __ufshcd_setup_clocks: clk: core_clk_ice disabled
> [ 4.400016] ufshcd-qcom 1da4000.ufshc: __ufshcd_setup_clocks: clk: ref_clk disabled
> [ 4.408039] ufshcd-qcom 1da4000.ufshc: __ufshcd_setup_clocks: clk: tx_lane0_sync_clk disabled
> [ 4.415444] ufshcd-qcom 1da4000.ufshc: __ufshcd_setup_clocks: clk: rx_lane0_sync_clk disabled
> [ 4.424115] ufshcd-qcom 1da4000.ufshc: __ufshcd_setup_clocks: clk: rx_lane1_sync_clk disabled
> [ 4.432621] ufshcd-qcom 1da4000.ufshc: Initialization failed
> [ 4.485263] ufshcd-qcom 1da4000.ufshc: ufshcd_pltfrm_init() failed -5
> [ 4.486307] ufshcd-qcom 1da4000.ufshc: Dropping the link to regulator.5
> [ 4.490990] ufshcd-qcom 1da4000.ufshc: Dropping the link to regulator.40
> [ 4.497413] ufshcd-qcom 1da4000.ufshc: Dropping the link to regulator.34
> [ 4.504327] ufshcd-qcom: probe of 1da4000.ufshc failed with error -5
> [ 4.511176] Unable to handle kernel paging request at virtual address 0000000a00000000
> [ 4.517293] Mem abort info:
> [ 4.524887] ESR = 0x96000004
> [ 4.527599] Exception class = DABT (current EL), IL = 32 bits
> [ 4.530775] SET = 0, FnV = 0
> [ 4.536525] EA = 0, S1PTW = 0
> [ 4.539651] Data abort info:
> [ 4.542689] ISV = 0, ISS = 0x00000004
> [ 4.545831] CM = 0, WnR = 0
> [ 4.549381] [0000000a00000000] user address but active_mm is swapper
> [ 4.552584] Internal error: Oops: 96000004 [#1] PREEMPT SMP
> [ 4.558981] Modules linked in:
> [ 4.564237] CPU: 1 PID: 1 Comm: swapper/0 Tainted: G S 4.20.0-rc4 #12
> [ 4.567444] Hardware name: Qualcomm Technologies, Inc. MSM8998 v1 MTP (DT)
> [ 4.575334] pstate: 20000005 (nzCv daif -PAN -UAO)
> [ 4.582035] pc : kmem_cache_alloc+0xbc/0x1f0
> [ 4.586732] lr : kmem_cache_alloc+0x30/0x1f0
> [ 4.591153] sp : ffff00000807bce0
> [ 4.595384] x29: ffff00000807bce0 x28: 0000000000000007
> [ 4.598644] x27: ffff0000089db068 x26: ffff000008961db8
> [ 4.604018] x25: ffff000008970634 x24: ffff00000924e000
> [ 4.609314] x23: 000000000003be81 x22: ffff00000835166c
> [ 4.614610] x21: 00000000006000c0 x20: ffff8000f9c03c80
> [ 4.619904] x19: 0000000a00000000 x18: ffffffffffffffff
> [ 4.625199] x17: 0000000000000000 x16: 0000000000000000
> [ 4.630495] x15: ffff0000091a9648 x14: ffff8000f8e5e91c
> [ 4.635791] x13: ffff8000f8e5e16d x12: 0000000000000010
> [ 4.641086] x11: 0101010101010101 x10: 7f7f7f7f7f7f7f7f
> [ 4.646382] x9 : 625e7377645e6372 x8 : 7f7f7f7f7f7f7f7f
> [ 4.651678] x7 : ffff000009289000 x6 : 0000000000000000
> [ 4.656973] x5 : ffff8000f96b8000 x4 : 0000000080808081
> [ 4.662269] x3 : 000000000003be81 x2 : ffff7e0003db5740
> [ 4.667565] x1 : 0000000000000000 x0 : 0000000000000001
> [ 4.672867] Process swapper/0 (pid: 1, stack limit = 0x(____ptrval____))
> [ 4.678190] Call trace:
> [ 4.684774] kmem_cache_alloc+0xbc/0x1f0
> [ 4.687013] register_blkdev+0x6c/0x1b0
> [ 4.691171] init_sd+0x3c/0x17c
> [ 4.694696] do_one_initcall+0x5c/0x180
> [ 4.697847] kernel_init_freeable+0x198/0x244
> [ 4.701682] kernel_init+0x10/0x110
> [ 4.706150] ret_from_fork+0x10/0x20
> [ 4.709459] Code: f9001fb8 b9402281 b94010a0 11000400 (f8616a78)
> [ 4.713398] ---[ end trace 5569ef4940f46939 ]---
> [ 4.719345] Kernel panic - not syncing: Attempted to kill init! exitcode=0x0000000b
> [ 4.724042] SMP: stopping secondary CPUs
> [ 4.731351] Kernel Offset: disabled
> [ 4.735492] CPU features: 0x2,21802008
> [ 4.738711] Memory Limit: none
> [ 4.742521] ---[ end Kernel panic - not syncing: Attempted to kill init! exitcode=0x0000000b ]---
>
>
> Rebooting, I get yet another failure:
>
> [ 4.295129] UNIPRO_TEST_BUS 000003e0: 00000000 00000000 00000000 00000000
> [ 4.301900] UNIPRO_TEST_BUS 000003f0: 00000000 00000000 00000000 00000000
> [ 4.309776] ufshcd-qcom 1da4000.ufshc: UFS Host state=0
> [ 4.315409] ufshcd-qcom 1da4000.ufshc: lrb in use=0x0, outstanding reqs=0x0 tasks=0x0
> [ 4.320501] ufshcd-qcom 1da4000.ufshc: saved_err=0x0, saved_uic_err=0x0
> [ 4.328454] ufshcd-qcom 1da4000.ufshc: Device power mode=0, UIC link state=0
> [ 4.334890] ufshcd-qcom 1da4000.ufshc: PM in progress=0, sys. suspended=0
> [ 4.342179] ufshcd-qcom 1da4000.ufshc: Auto BKOPS=0, Host self-block=0
> [ 4.348853] ufshcd-qcom 1da4000.ufshc: Clk gate=1
> [ 4.355242] ufshcd-qcom 1da4000.ufshc: error handling flags=0x0, req. abort count=0
> [ 4.360076] ufshcd-qcom 1da4000.ufshc: Host capabilities=0x1587001f, caps=0xf
> [ 4.367529] ufshcd-qcom 1da4000.ufshc: quirks=0x0, dev. quirks=0x0
> [ 4.376153] ufshcd-qcom 1da4000.ufshc: __ufshcd_setup_clocks: clk: core_clk disabled
> [ 4.380934] ufshcd-qcom 1da4000.ufshc: __ufshcd_setup_clocks: clk: bus_aggr_clk disabled
> [ 4.388836] ufshcd-qcom 1da4000.ufshc: __ufshcd_setup_clocks: clk: iface_clk disabled
> [ 4.396918] ufshcd-qcom 1da4000.ufshc: __ufshcd_setup_clocks: clk: core_clk_unipro disabled
> [ 4.404633] ufshcd-qcom 1da4000.ufshc: __ufshcd_setup_clocks: clk: core_clk_ice disabled
> [ 4.413079] ufshcd-qcom 1da4000.ufshc: __ufshcd_setup_clocks: clk: ref_clk disabled
> [ 4.421113] ufshcd-qcom 1da4000.ufshc: __ufshcd_setup_clocks: clk: tx_lane0_sync_clk disabled
> [ 4.428506] ufshcd-qcom 1da4000.ufshc: __ufshcd_setup_clocks: clk: rx_lane0_sync_clk disabled
> [ 4.437187] ufshcd-qcom 1da4000.ufshc: __ufshcd_setup_clocks: clk: rx_lane1_sync_clk disabled
> [ 4.445686] ufshcd-qcom 1da4000.ufshc: Initialization failed
> [ 4.486278] ufshcd-qcom 1da4000.ufshc: ufshcd_pltfrm_init() failed -5
> [ 4.487401] ufshcd-qcom 1da4000.ufshc: Dropping the link to regulator.5
> [ 4.491976] ufshcd-qcom 1da4000.ufshc: Dropping the link to regulator.40
> [ 4.498412] ufshcd-qcom 1da4000.ufshc: Dropping the link to regulator.34
> [ 4.505334] ufshcd-qcom: probe of 1da4000.ufshc failed with error -5
> [ 4.513185] spmi spmi-0: PMIC arbiter version v3 (0x30000000)
> [ 4.524036] Unable to handle kernel paging request at virtual address 0039b70e092828aa
> [ 4.524258] Mem abort info:
> [ 4.531662] ESR = 0x96000004
> [ 4.534331] Exception class = DABT (current EL), IL = 32 bits
> [ 4.537507] SET = 0, FnV = 0
> [ 4.543268] EA = 0, S1PTW = 0
> [ 4.546396] Data abort info:
> [ 4.549432] ISV = 0, ISS = 0x00000004
> [ 4.552574] CM = 0, WnR = 0
> [ 4.556124] [0039b70e092828aa] address between user and kernel address ranges
> [ 4.559346] Internal error: Oops: 96000004 [#1] PREEMPT SMP
> [ 4.566420] Modules linked in:
> [ 4.571757] CPU: 2 PID: 1 Comm: swapper/0 Tainted: G S 4.20.0-rc4 #12
> [ 4.574971] Hardware name: Qualcomm Technologies, Inc. MSM8998 v1 MTP (DT)
> [ 4.582859] pstate: 60000005 (nZCv daif -PAN -UAO)
> [ 4.589561] pc : kmem_cache_alloc_node+0x13c/0x210
> [ 4.594259] lr : kmem_cache_alloc_node+0x38/0x210
> [ 4.599030] sp : ffff00000807b290
> [ 4.603777] x29: ffff00000807b290 x28: 0000000000000000
> [ 4.607122] x27: 0000000000000022 x26: 0000000000000000
> [ 4.612505] x25: 00000000ffffffff x24: 0000000000002942
> [ 4.617801] x23: ffff000008108824 x22: 00000000ffffffff
> [ 4.623097] x21: 00000000006080c0 x20: ffff8000f9c03980
> [ 4.628391] x19: 0039b70e092828aa x18: ffffffffffffffff
> [ 4.633686] x17: 0000000000000000 x16: 0000000000000000
> [ 4.638982] x15: ffff0000091a9648 x14: ffff8000f6e35283
> [ 4.644270] x13: ffff8000f6e35282 x12: 0000000000000038
> [ 4.649565] x11: 000000000000000b x10: 0101010101010101
> [ 4.654861] x9 : ffffffffffffffff x8 : 7f7f7f7f7f7f7f7f
> [ 4.660157] x7 : fefefeff646c606d x6 : 0000000000000001
> [ 4.665452] x5 : ffff8000f96b8000 x4 : 0000000000000000
> [ 4.670748] x3 : 0000000000002942 x2 : 00008000f5187000
> [ 4.676044] x1 : 0000000000000000 x0 : 0000000000000000
> [ 4.681343] Process swapper/0 (pid: 1, stack limit = 0x(____ptrval____))
> [ 4.686677] Call trace:
> [ 4.693254] kmem_cache_alloc_node+0x13c/0x210
> [ 4.695483] alloc_desc+0x44/0x1b0
> [ 4.699977] __irq_alloc_descs+0x1fc/0x2b0
> [ 4.703367] irq_domain_alloc_descs+0x50/0xe0
> [ 4.707451] irq_create_mapping+0x94/0x130
> [ 4.711865] irq_create_fwspec_mapping+0x190/0x310
> [ 4.715876] irq_create_of_mapping+0x80/0xa0
> [ 4.720662] of_irq_get+0x74/0xe0
> [ 4.725041] of_irq_to_resource+0x38/0x100
> [ 4.728274] of_irq_to_resource_table+0x50/0x80
> [ 4.732291] of_device_alloc+0x11c/0x1f0
> [ 4.736689] of_platform_device_create_pdata+0x74/0x130
> [ 4.740882] of_platform_bus_create+0x174/0x370
> [ 4.745812] of_platform_populate+0x78/0xe0
> [ 4.750321] devm_of_platform_populate+0x50/0xb0
> [ 4.754526] pmic_spmi_probe+0x54/0xf0
> [ 4.759362] spmi_drv_probe+0x48/0xc0
> [ 4.762919] really_probe+0x1f0/0x2a0
> [ 4.766632] driver_probe_device+0x58/0x100
> [ 4.770286] __device_attach_driver+0x98/0xf0
> [ 4.774291] bus_for_each_drv+0x64/0xd0
> [ 4.778785] __device_attach+0xd8/0x130
> [ 4.782429] device_initial_probe+0x10/0x20
> [ 4.786258] bus_probe_device+0x90/0xa0
> [ 4.790424] device_add+0x454/0x630
> [ 4.794230] spmi_device_add+0x30/0x80
> [ 4.797712] spmi_controller_add+0xd0/0x1d0
> [ 4.801535] spmi_pmic_arb_probe+0x398/0x540
> [ 4.805629] platform_drv_probe+0x50/0xa0
> [ 4.810130] really_probe+0x1f0/0x2a0
> [ 4.814030] driver_probe_device+0x58/0x100
> [ 4.817683] __driver_attach+0xd4/0xe0
> [ 4.821669] bus_for_each_dev+0x74/0xd0
> [ 4.825481] driver_attach+0x20/0x30
> [ 4.829223] bus_add_driver+0x1ac/0x220
> [ 4.833033] driver_register+0x60/0x110
> [ 4.836601] __platform_driver_register+0x40/0x50
> [ 4.840465] spmi_pmic_arb_driver_init+0x18/0x20
> [ 4.845314] do_one_initcall+0x5c/0x180
> [ 4.849991] kernel_init_freeable+0x198/0x244
> [ 4.853537] kernel_init+0x10/0x110
> [ 4.858036] ret_from_fork+0x10/0x20
> [ 4.861350] Code: 17ffffc5 b9402281 d5384105 b94010a0 (f8616a79)
> [ 4.865287] ---[ end trace 018ba04c46f3a5d7 ]---
> [ 4.871243] Kernel panic - not syncing: Attempted to kill init! exitcode=0x0000000b
> [ 4.875921] SMP: stopping secondary CPUs
> [ 4.883238] Kernel Offset: disabled
> [ 4.887377] CPU features: 0x2,21802008
> [ 4.890588] Memory Limit: none
> [ 4.894398] ---[ end Kernel panic - not syncing: Attempted to kill init! exitcode=0x0000000b ]---
>
>
>
> Looks like the UFS debug code might be smashing memory it doesn't own?
> I'm kinda puzzled right now. I'll keep digging.
> Are there debug options that might help figuring things out? UBSAN?
Oh, that does rather look like something stomping all over the slab
allocator. I'd start with CONFIG_KASAN and CONFIG_SLUB_DEBUG_ON to to
catch any obvious out-of-bounds/use-after-free/double-free conditions.
Robin.
_______________________________________________
linux-arm-kernel mailing list
linux-arm-kernel@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/linux-arm-kernel
^ permalink raw reply [flat|nested] 16+ messages in thread
* Re: ufs_qcom_dump_dbg_regs makes the kernel panic
2018-12-11 11:56 ` Robin Murphy
@ 2018-12-11 12:56 ` Marc Gonzalez
-1 siblings, 0 replies; 16+ messages in thread
From: Marc Gonzalez @ 2018-12-11 12:56 UTC (permalink / raw)
To: Robin Murphy, Jeffrey Hugo, Vivek Gautam, Bjorn Andersson,
Andy Gross, David Brown
Cc: MSM, Linux ARM
On 11/12/2018 12:56, Robin Murphy wrote:
> On 11/12/2018 10:48, Marc Gonzalez wrote:
>
>> Looks like the UFS debug code might be smashing memory it doesn't own?
>> I'm kinda puzzled right now. I'll keep digging.
>> Are there debug options that might help figuring things out? UBSAN?
>
> Oh, that does rather look like something stomping all over the slab
> allocator. I'd start with CONFIG_KASAN and CONFIG_SLUB_DEBUG_ON to to
> catch any obvious out-of-bounds/use-after-free/double-free conditions.
Thanks for pointing out CONFIG_KASAN, which instantly allowed me to
pinpoint the obvious bug... in my own code!
Doooh! My initial "replace memcpy_fromio" patch is garbage. I'll send
a correct patch in a few minutes.
I am (again) in your debt :-)
Regards.
^ permalink raw reply [flat|nested] 16+ messages in thread
* Re: ufs_qcom_dump_dbg_regs makes the kernel panic
@ 2018-12-11 12:56 ` Marc Gonzalez
0 siblings, 0 replies; 16+ messages in thread
From: Marc Gonzalez @ 2018-12-11 12:56 UTC (permalink / raw)
To: Robin Murphy, Jeffrey Hugo, Vivek Gautam, Bjorn Andersson,
Andy Gross, David Brown
Cc: MSM, Linux ARM
On 11/12/2018 12:56, Robin Murphy wrote:
> On 11/12/2018 10:48, Marc Gonzalez wrote:
>
>> Looks like the UFS debug code might be smashing memory it doesn't own?
>> I'm kinda puzzled right now. I'll keep digging.
>> Are there debug options that might help figuring things out? UBSAN?
>
> Oh, that does rather look like something stomping all over the slab
> allocator. I'd start with CONFIG_KASAN and CONFIG_SLUB_DEBUG_ON to to
> catch any obvious out-of-bounds/use-after-free/double-free conditions.
Thanks for pointing out CONFIG_KASAN, which instantly allowed me to
pinpoint the obvious bug... in my own code!
Doooh! My initial "replace memcpy_fromio" patch is garbage. I'll send
a correct patch in a few minutes.
I am (again) in your debt :-)
Regards.
_______________________________________________
linux-arm-kernel mailing list
linux-arm-kernel@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/linux-arm-kernel
^ permalink raw reply [flat|nested] 16+ messages in thread
end of thread, other threads:[~2018-12-11 12:56 UTC | newest]
Thread overview: 16+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2018-12-10 12:37 ufs_qcom_dump_dbg_regs makes the kernel panic Marc Gonzalez
2018-12-10 12:37 ` Marc Gonzalez
2018-12-10 13:34 ` Robin Murphy
2018-12-10 13:34 ` Robin Murphy
2018-12-10 14:07 ` Marc Gonzalez
2018-12-10 14:07 ` Marc Gonzalez
2018-12-10 14:57 ` Marc Gonzalez
2018-12-10 14:57 ` Marc Gonzalez
2018-12-10 15:54 ` Robin Murphy
2018-12-10 15:54 ` Robin Murphy
2018-12-11 10:48 ` Marc Gonzalez
2018-12-11 10:48 ` Marc Gonzalez
2018-12-11 11:56 ` Robin Murphy
2018-12-11 11:56 ` Robin Murphy
2018-12-11 12:56 ` Marc Gonzalez
2018-12-11 12:56 ` Marc Gonzalez
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.