vc4: NULL pointer dereference in 4.9.51-v7+
mattyway opened this issue · comments
I'm trying to use the VC4 driver on a Raspberry Pi 3. I have updated the kernel via rpi-update and installed the snapd package, but otherwise it should be a regular Raspbian image.
After enabling the driver via raspi-config and rebooting, it seems to be crashing on a NULL pointer dereference. It does reboot successfully sometimes, but a second reboot will trigger the same crash.
[ 0.000000] Booting Linux on physical CPU 0x0
[ 0.000000] Linux version 4.9.51-v7+ (dc4@dc4-XPS13-9333) (gcc version 4.9.3 (crosstool-NG crosstool-ng-1.22.0-88-g8460611) ) #1036 SMP Fri Sep 22 19:49:07 BST 2017
[ 0.000000] CPU: ARMv7 Processor [410fd034] revision 4 (ARMv7), cr=10c5383d
[ 0.000000] CPU: div instructions available: patching division code
[ 0.000000] CPU: PIPT / VIPT nonaliasing data cache, VIPT aliasing instruction cache
[ 0.000000] OF: fdt:Machine model: Raspberry Pi 3 Model B Rev 1.2
[ 0.000000] cma: Reserved 256 MiB at 0x1ec00000
[ 0.000000] Memory policy: Data cache writealloc
[ 0.000000] percpu: Embedded 14 pages/cpu @b7754000 s25600 r8192 d23552 u57344
[ 0.000000] Built 1 zonelists in Zone order, mobility grouping on. Total pages: 227360
[ 0.000000] Kernel command line: 8250.nr_uarts=1 cma=256M bcm2708_fb.fbwidth=1280 bcm2708_fb.fbheight=800 bcm2708_fb.fbswap=1 vc_mem.mem_base=0x3ec00000 vc_mem.mem_size=0x40000000 dwc_otg.lpm_enable=0 console=ttyS0,115200 console=tty1 root=PARTUUID=d3646955-02 rootfstype=ext4 elevator=deadline fsck.repair=yes rootwait
[ 0.000000] PID hash table entries: 4096 (order: 2, 16384 bytes)
[ 0.000000] Dentry cache hash table entries: 131072 (order: 7, 524288 bytes)
[ 0.000000] Inode-cache hash table entries: 65536 (order: 6, 262144 bytes)
[ 0.000000] Memory: 633128K/917504K available (7168K kernel code, 484K rwdata, 2012K rodata, 1024K init, 778K bss, 22232K reserved, 262144K cma-reserved)
[ 0.000000] Virtual kernel memory layout:
[ 0.000000] vector : 0xffff0000 - 0xffff1000 ( 4 kB)
[ 0.000000] fixmap : 0xffc00000 - 0xfff00000 (3072 kB)
[ 0.000000] vmalloc : 0xb8800000 - 0xff800000 (1136 MB)
[ 0.000000] lowmem : 0x80000000 - 0xb8000000 ( 896 MB)
[ 0.000000] modules : 0x7f000000 - 0x80000000 ( 16 MB)
[ 0.000000] .text : 0x80008000 - 0x80800000 (8160 kB)
[ 0.000000] .init : 0x80b00000 - 0x80c00000 (1024 kB)
[ 0.000000] .data : 0x80c00000 - 0x80c79034 ( 485 kB)
[ 0.000000] .bss : 0x80c7b000 - 0x80d3daa4 ( 779 kB)
[ 0.000000] SLUB: HWalign=64, Order=0-3, MinObjects=0, CPUs=4, Nodes=1
[ 0.000000] Hierarchical RCU implementation.
[ 0.000000] Build-time adjustment of leaf fanout to 32.
[ 0.000000] NR_IRQS:16 nr_irqs:16 16
[ 0.000000] arm_arch_timer: Architected cp15 timer(s) running at 19.20MHz (phys).
[ 0.000000] clocksource: arch_sys_counter: mask: 0xffffffffffffff max_cycles: 0x46d987e47, max_idle_ns: 440795202767 ns
[ 0.000007] sched_clock: 56 bits at 19MHz, resolution 52ns, wraps every 4398046511078ns
[ 0.000023] Switching to timer-based delay loop, resolution 52ns
[ 0.000304] Console: colour dummy device 80x30
[ 0.001216] console [tty1] enabled
[ 0.001265] Calibrating delay loop (skipped), value calculated using timer frequency.. 38.40 BogoMIPS (lpj=192000)
[ 0.001334] pid_max: default: 32768 minimum: 301
[ 0.001667] Mount-cache hash table entries: 2048 (order: 1, 8192 bytes)
[ 0.001709] Mountpoint-cache hash table entries: 2048 (order: 1, 8192 bytes)
[ 0.002750] Disabling memory control group subsystem
[ 0.002854] CPU: Testing write buffer coherency: ok
[ 0.002919] ftrace: allocating 22401 entries in 66 pages
[ 0.049827] CPU0: update cpu_capacity 1024
[ 0.049879] CPU0: thread -1, cpu 0, socket 0, mpidr 80000000
[ 0.049941] Setting up static identity map for 0x100000 - 0x100034
[ 0.051853] CPU1: update cpu_capacity 1024
[ 0.051859] CPU1: thread -1, cpu 1, socket 0, mpidr 80000001
[ 0.052551] CPU2: update cpu_capacity 1024
[ 0.052557] CPU2: thread -1, cpu 2, socket 0, mpidr 80000002
[ 0.053236] CPU3: update cpu_capacity 1024
[ 0.053243] CPU3: thread -1, cpu 3, socket 0, mpidr 80000003
[ 0.053330] Brought up 4 CPUs
[ 0.053505] SMP: Total of 4 processors activated (153.60 BogoMIPS).
[ 0.053535] CPU: All CPU(s) started in HYP mode.
[ 0.053561] CPU: Virtualization extensions available.
[ 0.054381] devtmpfs: initialized
[ 0.065764] VFP support v0.3: implementor 41 architecture 3 part 40 variant 3 rev 4
[ 0.066079] clocksource: jiffies: mask: 0xffffffff max_cycles: 0xffffffff, max_idle_ns: 19112604462750000 ns
[ 0.066142] futex hash table entries: 1024 (order: 4, 65536 bytes)
[ 0.076725] pinctrl core: initialized pinctrl subsystem
[ 0.077762] NET: Registered protocol family 16
[ 0.080162] DMA: preallocated 1024 KiB pool for atomic coherent allocations
[ 0.089024] hw-breakpoint: found 5 (+1 reserved) breakpoint and 4 watchpoint registers.
[ 0.089074] hw-breakpoint: maximum watchpoint size is 8 bytes.
[ 0.089250] Serial: AMBA PL011 UART driver
[ 0.091301] bcm2835-mbox 3f00b880.mailbox: mailbox enabled
[ 0.091861] uart-pl011 3f201000.serial: could not find pctldev for node /soc/gpio@7e200000/uart0_pins, deferring probe
[ 0.092219] irq: no irq domain found for /soc/aux@0x7e215000 !
[ 0.160782] bcm2835-dma 3f007000.dma: DMA legacy API manager at b880f000, dmachans=0x1
[ 0.162656] SCSI subsystem initialized
[ 0.162837] usbcore: registered new interface driver usbfs
[ 0.162941] usbcore: registered new interface driver hub
[ 0.163062] usbcore: registered new device driver usb
[ 0.169701] raspberrypi-firmware soc:firmware: Attached to firmware from 2017-09-22 19:50
[ 0.171159] clocksource: Switched to clocksource arch_sys_counter
[ 0.218418] VFS: Disk quotas dquot_6.6.0
[ 0.218532] VFS: Dquot-cache hash table entries: 1024 (order 0, 4096 bytes)
[ 0.218774] FS-Cache: Loaded
[ 0.219044] CacheFiles: Loaded
[ 0.231249] NET: Registered protocol family 2
[ 0.232158] TCP established hash table entries: 8192 (order: 3, 32768 bytes)
[ 0.232297] TCP bind hash table entries: 8192 (order: 4, 65536 bytes)
[ 0.232507] TCP: Hash tables configured (established 8192 bind 8192)
[ 0.232624] UDP hash table entries: 512 (order: 2, 16384 bytes)
[ 0.232692] UDP-Lite hash table entries: 512 (order: 2, 16384 bytes)
[ 0.232925] NET: Registered protocol family 1
[ 0.233366] RPC: Registered named UNIX socket transport module.
[ 0.233398] RPC: Registered udp transport module.
[ 0.233426] RPC: Registered tcp transport module.
[ 0.233454] RPC: Registered tcp NFSv4.1 backchannel transport module.
[ 0.234476] hw perfevents: enabled with armv7_cortex_a7 PMU driver, 7 counters available
[ 0.236833] workingset: timestamp_bits=14 max_order=18 bucket_order=4
[ 0.252917] FS-Cache: Netfs 'nfs' registered for caching
[ 0.253936] NFS: Registering the id_resolver key type
[ 0.253997] Key type id_resolver registered
[ 0.254025] Key type id_legacy registered
[ 0.256409] Block layer SCSI generic (bsg) driver version 0.4 loaded (major 251)
[ 0.256557] io scheduler noop registered
[ 0.256587] io scheduler deadline registered (default)
[ 0.256864] io scheduler cfq registered
[ 0.263333] Serial: 8250/16550 driver, 1 ports, IRQ sharing enabled
[ 0.263967] bcm2835-aux-uart 3f215040.serial: could not get clk: -517
[ 0.265024] bcm2835-rng 3f104000.rng: hwrng registered
[ 0.265168] vc-cma: Videocore CMA driver
[ 0.265197] vc-cma: vc_cma_base = 0x00000000
[ 0.265226] vc-cma: vc_cma_size = 0x00000000 (0 MiB)
[ 0.265255] vc-cma: vc_cma_initial = 0x00000000 (0 MiB)
[ 0.265479] vc-mem: phys_addr:0x00000000 mem_base=0x3ec00000 mem_size:0x40000000(1024 MiB)
[ 0.266026] vc-sm: Videocore shared memory driver
[ 0.280836] brd: module loaded
[ 0.289715] loop: module loaded
[ 0.289758] Loading iSCSI transport class v2.0-870.
[ 0.290313] usbcore: registered new interface driver smsc95xx
[ 0.290355] dwc_otg: version 3.00a 10-AUG-2012 (platform bus)
[ 0.518444] Core Release: 2.80a
[ 0.518477] Setting default values for core params
[ 0.518531] Finished setting default values for core params
[ 0.718945] Using Buffer DMA mode
[ 0.718974] Periodic Transfer Interrupt Enhancement - disabled
[ 0.719004] Multiprocessor Interrupt Enhancement - disabled
[ 0.719034] OTG VER PARAM: 0, OTG VER FLAG: 0
[ 0.719070] Dedicated Tx FIFOs mode
[ 0.719436] WARN::dwc_otg_hcd_init:1032: FIQ DMA bounce buffers: virt = 0x9ed04000 dma = 0xded04000 len=9024
[ 0.719505] FIQ FSM acceleration enabled for :
[ 0.719505] Non-periodic Split Transactions
[ 0.719505] Periodic Split Transactions
[ 0.719505] High-Speed Isochronous Endpoints
[ 0.719505] Interrupt/Control Split Transaction hack enabled
[ 0.719666] WARN::hcd_init_fiq:459: FIQ on core 1 at 0x805905b8
[ 0.719703] WARN::hcd_init_fiq:460: FIQ ASM at 0x80590928 length 36
[ 0.719740] WARN::hcd_init_fiq:486: MPHI regs_base at 0xb88a7000
[ 0.719824] dwc_otg 3f980000.usb: DWC OTG Controller
[ 0.719883] dwc_otg 3f980000.usb: new USB bus registered, assigned bus number 1
[ 0.719954] dwc_otg 3f980000.usb: irq 62, io mem 0x00000000
[ 0.720024] Init: Port Power? op_state=1
[ 0.720051] Init: Power Port (0)
[ 0.720273] usb usb1: New USB device found, idVendor=1d6b, idProduct=0002
[ 0.720310] usb usb1: New USB device strings: Mfr=3, Product=2, SerialNumber=1
[ 0.720358] usb usb1: Product: DWC OTG Controller
[ 0.720389] usb usb1: Manufacturer: Linux 4.9.51-v7+ dwc_otg_hcd
[ 0.720421] usb usb1: SerialNumber: 3f980000.usb
[ 0.721308] hub 1-0:1.0: USB hub found
[ 0.721371] hub 1-0:1.0: 1 port detected
[ 0.722297] usbcore: registered new interface driver usb-storage
[ 0.722535] mousedev: PS/2 mouse device common for all mice
[ 0.723512] bcm2835-wdt 3f100000.watchdog: Broadcom BCM2835 watchdog timer
[ 0.723823] bcm2835-cpufreq: min=600000 max=1200000
[ 0.724251] sdhci: Secure Digital Host Controller Interface driver
[ 0.724282] sdhci: Copyright(c) Pierre Ossman
[ 0.724585] sdhost-bcm2835 3f202000.sdhost: could not get clk, deferring probe
[ 0.726804] mmc-bcm2835 3f300000.mmc: could not get clk, deferring probe
[ 0.726933] sdhci-pltfm: SDHCI platform and OF driver helper
[ 0.729594] ledtrig-cpu: registered to indicate activity on CPUs
[ 0.729810] hidraw: raw HID events driver (C) Jiri Kosina
[ 0.730025] usbcore: registered new interface driver usbhid
[ 0.730055] usbhid: USB HID core driver
[ 0.730854] vchiq: vchiq_init_state: slot_zero = 0x9ed80000, is_master = 0
[ 0.732456] [vc_sm_connected_init]: start
[ 0.739439] [vc_sm_connected_init]: end - returning 0
[ 0.739827] Initializing XFRM netlink socket
[ 0.739874] NET: Registered protocol family 17
[ 0.740013] Key type dns_resolver registered
[ 0.740441] Registering SWP/SWPB emulation handler
[ 0.741174] registered taskstats version 1
[ 0.747354] 3f201000.serial: ttyAMA0 at MMIO 0x3f201000 (irq = 87, base_baud = 0) is a PL011 rev2
[ 0.748969] console [ttyS0] disabled
[ 0.749020] 3f215040.serial: ttyS0 at MMIO 0x0 (irq = 220, base_baud = 31250000) is a 16550
[ 1.731340] console [ttyS0] enabled
[ 1.735651] sdhost: log_buf @ 9ed07000 (ded07000)
[ 1.811183] mmc0: sdhost-bcm2835 loaded - DMA enabled (>1)
[ 1.818966] mmc-bcm2835 3f300000.mmc: mmc_debug:0 mmc_debug2:0
[ 1.824930] mmc-bcm2835 3f300000.mmc: DMA channel allocated
[ 1.851307] Indeed it is in host mode hprt0 = 00021501
[ 1.941278] of_cfs_init
[ 1.943860] of_cfs_init: OK
[ 1.944439] random: fast init done
[ 1.950631] Waiting for root device PARTUUID=d3646955-02...
[ 1.965984] mmc0: host does not support reading read-only switch, assuming write-enable
[ 1.976190] mmc0: new high speed SDHC card at address 59b4
[ 1.982609] mmcblk0: mmc0:59b4 NCard 7.51 GiB
[ 1.988487] mmcblk0: p1 p2
[ 1.996060] mmc1: queuing unknown CIS tuple 0x80 (2 bytes)
[ 2.003220] mmc1: queuing unknown CIS tuple 0x80 (3 bytes)
[ 2.010351] mmc1: queuing unknown CIS tuple 0x80 (3 bytes)
[ 2.018739] mmc1: queuing unknown CIS tuple 0x80 (7 bytes)
[ 2.051199] usb 1-1: new high-speed USB device number 2 using dwc_otg
[ 2.057885] Indeed it is in host mode hprt0 = 00001101
[ 2.112995] EXT4-fs (mmcblk0p2): mounted filesystem with ordered data mode. Opts: (null)
[ 2.121331] VFS: Mounted root (ext4 filesystem) readonly on device 179:2.
[ 2.129272] devtmpfs: mounted
[ 2.134158] Freeing unused kernel memory: 1024K
[ 2.187461] mmc1: new high speed SDIO card at address 0001
[ 2.291485] usb 1-1: New USB device found, idVendor=0424, idProduct=9514
[ 2.298329] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 2.306457] hub 1-1:1.0: USB hub found
[ 2.310376] hub 1-1:1.0: 5 ports detected
[ 2.544233] systemd[1]: System time before build time, advancing clock.
[ 2.631202] usb 1-1.1: new high-speed USB device number 3 using dwc_otg
[ 2.664892] NET: Registered protocol family 10
[ 2.679714] ip_tables: (C) 2000-2006 Netfilter Core Team
[ 2.708376] systemd[1]: systemd 232 running in system mode. (+PAM +AUDIT +SELINUX +IMA +APPARMOR +SMACK +SYSVINIT +UTMP +LIBCRYPTSETUP +GCRYPT +GNUTLS +ACL +XZ +LZ4 +SECCOMP +BLKID +ELFUTILS +KMOD +IDN)
[ 2.727312] systemd[1]: Detected architecture arm.
[ 2.734282] systemd[1]: Set hostname to <raspberrypi>.
[ 2.761591] usb 1-1.1: New USB device found, idVendor=0424, idProduct=ec00
[ 2.768609] usb 1-1.1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 2.779242] smsc95xx v1.0.5
[ 2.884918] smsc95xx 1-1.1:1.0 eth0: register 'smsc95xx' at usb-3f980000.usb-1.1, smsc95xx USB 2.0 Ethernet, b8:27:eb:d9:6b:43
[ 3.001218] usb 1-1.2: new low-speed USB device number 4 using dwc_otg
[ 3.201198] systemd[1]: apparmor.service: Cannot add dependency job, ignoring: Unit apparmor.service is masked.
[ 3.219004] systemd[1]: Listening on Journal Socket.
[ 3.224929] systemd[1]: Listening on Syslog Socket.
[ 3.230344] systemd[1]: Listening on /dev/initctl Compatibility Named Pipe.
[ 3.238438] systemd[1]: Created slice System Slice.
[ 3.239727] usb 1-1.2: New USB device found, idVendor=04d9, idProduct=1603
[ 3.239736] usb 1-1.2: New USB device strings: Mfr=1, Product=2, SerialNumber=0
[ 3.239743] usb 1-1.2: Product: USB Keyboard
[ 3.239749] usb 1-1.2: Manufacturer:
[ 3.270511] systemd[1]: Starting Set the console keyboard layout...
[ 3.283448] systemd[1]: Starting Restore / save the current clock...
[ 3.291690] input: USB Keyboard as /devices/platform/soc/3f980000.usb/usb1/1-1/1-1.2/1-1.2:1.0/0003:04D9:1603.0001/input/input0
[ 3.372647] hid-generic 0003:04D9:1603.0001: input,hidraw0: USB HID v1.10 Keyboard [ USB Keyboard] on usb-3f980000.usb-1.2/input0
[ 3.393107] i2c /dev entries driver
[ 3.480607] input: USB Keyboard as /devices/platform/soc/3f980000.usb/usb1/1-1/1-1.2/1-1.2:1.1/0003:04D9:1603.0002/input/input1
[ OK ] Started Show Plymouth Boot Screen.
[ OK ] Started Forward Password Requests to Plymouth Directory Watch.
[ OK ] Reached target Paths.
[ OK ] Reached target Encrypted Volumes.
[ OK ] Found device /dev/ttyS0.
[ OK ] Found device /dev/serial1.
[ OK ] Found device /dev/disk/by-partuuid/d3646955-01.
Starting File System Check on /dev/disk/by-partuuid/d3646955-01...
[ OK ] Started File System Check on /dev/disk/by-partuuid/d3646955-01.
Mounting /boot...
[ OK ] Mounted /boot.
[ OK ] Listening on Load/Save RF Kill Switch Status /dev/rfkill Watch.
[ OK ] Reached target Sound Card.
[ OK ] Reached target Local File Systems.
Starting Create Volatile Files and Directories...
Starting Preprocess NFS configuration...
Starting Set console font and keymap...
Starting Raise network interfaces...
Starting Tell Plymouth To Write Out Runtime Data...
Starting Load/Save RF Kill Switch Status...
[ OK ] Started Preprocess NFS configuration.
[ OK ] Started Tell Plymouth To Write Out Runtime Data.
[ OK ] Started Set console font and keymap.
[ OK ] Reached target NFS client services.
[ OK ] Reached target Remote File Systems (Pre).
[ OK ] Reached target Remote File Systems.
[ OK ] Started Create Volatile Files and Directories.
Starting Update UTMP about System Boot/Shutdown...
Starting Network Time Synchronization...
[ OK ] Started Load/Save RF Kill Switch Status.
[ OK ] Started Update UTMP about System Boot/Shutdown.
[ OK ] Started Network Time Synchronization.
[ OK ] Reached target System Time Synchronized.
[ OK ] Reached target System Initialization.
[ OK ] Listening on D-Bus System Message Bus Socket.
[ OK ] Listening on triggerhappy.socket.
[ OK ] Listening on Avahi mDNS/DNS-SD Stack Activation Socket.
[ OK ] Reached target Sockets.
[ OK ] Reached target Basic System.
[ OK ] Started D-Bus System Message Bus.
Starting LSB: Switch to ondemand cpu governor (unless shift key is pressed)...
Starting Check for v3d driver...
Starting triggerhappy global hotkey daemon...
Starting LSB: Autogenerate and use a swap file...
Starting System Logging Service...
Starting Save/Restore Sound Card State...
Starting Configure Bluetooth Modems connected by UART...
Starting Avahi mDNS/DNS-SD Stack...
[ OK ] Started Regular background program processing daemon.
[ OK ] Started Daily Cleanup of Temporary Directories.
Starting Login Service...
Starting dhcpcd on all interfaces...
[ OK ] Started triggerhappy global hotkey daemon.
[ OK ] Started Save/Restore Sound Card State.
[ OK ] Started Check for v3d driver.
[ OK ] Started dhcpcd on all interfaces.
[ OK ] Started Avahi mDNS/DNS-SD Stack.
[ OK ] Started System Logging Service.
[ OK ] Started Login Service.
[ OK ] Started Raise network interfaces.
[ OK ] Reached target Network.
[ OK ] Reached target Network is Online.
[ OK ] Started Daily apt download activities.
[ OK ] Started Daily apt upgrade and clean activities.
[ OK ] Reached target Timers.
Starting OpenBSD Secure Shell server...
[ OK ] Started VNC Server in Service Mode daemon.
Starting Permit User Sessions...
Starting /etc/rc.local Compatibility...
[ OK ] Started Permit User Sessions.
[ OK ] Started /etc/rc.local Compatibility.
Starting Terminate Plymouth Boot Screen...
Starting Light Display Manager...
Starting Hold until boot process finishes up...
[ 9.312194] Unable to handle kernel NULL pointer dereference at virtual address 00000088
[ 9.320425] pgd = 80004000
[ 9.323172] [00000088] *pgd=00000000
[ 9.326804] Internal error: Oops: 5 [#1] SMP ARM
[ 9.331495] Modules linked in: vc4 drm_kms_helper drm brcmfmac brcmutil snd_soc_core snd_compress snd_pcm_dmaengine cfg80211 syscopyarea sysfillrect sysimgblt rfkill fb_sys_fops snd_bcm2835 snd_pcm snd_timer snd bcm2835_gpiomem evdev uio_pdrv_genirq uio fixed i2c_dev ip_tables x_tables ipv6
[ 9.357678] CPU: 0 PID: 431 Comm: kworker/0:3 Tainted: G W 4.9.51-v7+ #1036
[ 9.365882] Hardware name: BCM2835
[ 9.369372] Workqueue: events vc4_overflow_mem_work [vc4]
[ 9.374846] task: b67849c0 task.stack: b3e9c000
[ 9.379461] PC is at vc4_overflow_mem_work+0x80/0x120 [vc4]
[ 9.385114] LR is at _raw_spin_lock_irqsave+0x24/0x68
[ 9.390233] pc : [<7f4a8760>] lr : [<8071acec>] psr: 60000093
[ 9.390233] sp : b3e9dec0 ip : b3e9dea8 fp : b3e9dedc
[ 9.401873] r10: 00000000 r9 : 00000008 r8 : 00000000
[ 9.407167] r7 : b3e5b0e0 r6 : 00000000 r5 : 00000001 r4 : b3e5b118
[ 9.413782] r3 : 00000002 r2 : 00000002 r1 : 20000013 r0 : 00080000
[ 9.420400] Flags: nZCv IRQs off FIQs on Mode SVC_32 ISA ARM Segment user
[ 9.427720] Control: 10c5383d Table: 3663406a DAC: 00000055
[ 9.433542] Process kworker/0:3 (pid: 431, stack limit = 0xb3e9c210)
[ 9.439981] Stack: (0xb3e9dec0 to 0xb3e9e000)
[ 9.444397] dec0: b6435300 b3e5b118 b77594c0 b775cd00 b3e9df14 b3e9dee0 80136720 7f4a86ec
[ 9.452690] dee0: b77594d8 80c02d00 00000008 b77594c0 b6435318 b77594c0 b77594d8 80c02d00
[ 9.460983] df00: 00000008 b6435300 b3e9df5c b3e9df18 80136a80 801365d4 b3e9df3c b3e9c000
[ 9.469276] df20: 80c02d00 b6435300 80c71af7 b3e9c018 00000000 00000000 b659cac0 b6435300
[ 9.477568] df40: 80136a1c 00000000 00000000 00000000 b3e9dfac b3e9df60 8013c958 80136a28
[ 9.485861] df60: 36be9000 00000000 b3e9df94 b6435300 00000000 00000000 b3e9df78 b3e9df78
[ 9.494154] df80: 00000000 00000000 b3e9df88 b3e9df88 b659cac0 8013c84c 00000000 00000000
[ 9.502446] dfa0: 00000000 b3e9dfb0 80108148 8013c858 00000000 00000000 00000000 00000000
[ 9.510738] dfc0: 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000
[ 9.519031] dfe0: 00000000 00000000 00000000 00000000 00000013 00000000 0001367f 00013680
[ 9.527361] [<7f4a8760>] (vc4_overflow_mem_work [vc4]) from [<80136720>] (process_one_work+0x158/0x454)
[ 9.536892] [<80136720>] (process_one_work) from [<80136a80>] (worker_thread+0x64/0x568)
[ 9.545100] [<80136a80>] (worker_thread) from [<8013c958>] (kthread+0x10c/0x124)
[ 9.552605] [<8013c958>] (kthread) from [<80108148>] (ret_from_fork+0x14/0x2c)
[ 9.559931] Code: e1a03513 e5043004 f57ff04e e514000c (e5962088)
[ 9.566110] ---[ end trace 1773a549536bf2f6 ]---
[ 9.571085] Unable to handle kernel paging request at virtual address ffffffec
[ 9.578413] pgd = 80004000
[ 9.581155] [ffffffec] *pgd=37f7e861, *pte=00000000, *ppte=00000000
[ 9.587520] Internal error: Oops: 37 [#2] SMP ARM
[ 9.592287] Modules linked in: vc4 drm_kms_helper drm brcmfmac brcmutil snd_soc_core snd_compress snd_pcm_dmaengine cfg80211 syscopyarea sysfillrect sysimgblt rfkill fb_sys_fops snd_bcm2835 snd_pcm snd_timer snd bcm2835_gpiomem evdev uio_pdrv_genirq uio fixed i2c_dev ip_tables x_tables ipv6
[ 9.618464] CPU: 0 PID: 431 Comm: kworker/0:3 Tainted: G D W 4.9.51-v7+ #1036
[ 9.626666] Hardware name: BCM2835
[ 9.630115] task: b67849c0 task.stack: b3e9c000
[ 9.634710] PC is at kthread_data+0x18/0x20
[ 9.638950] LR is at wq_worker_sleeping+0x18/0xd8
[ 9.643715] pc : [<8013d564>] lr : [<801379d4>] psr: 20000193
[ 9.643715] sp : b3e9dbd0 ip : b3e9dbe0 fp : b3e9dbdc
[ 9.655356] r10: 80b7e940 r9 : 00000000 r8 : 80c0442c
[ 9.660649] r7 : 80b7e940 r6 : b6784de8 r5 : b67849c0 r4 : b7759940
[ 9.667265] r3 : 00000000 r2 : 00000000 r1 : b67849c0 r0 : b67849c0
[ 9.673882] Flags: nzCv IRQs off FIQs on Mode SVC_32 ISA ARM Segment user
[ 9.681202] Control: 10c5383d Table: 3663406a DAC: 00000055
[ 9.687025] Process kworker/0:3 (pid: 431, stack limit = 0xb3e9c210)
[ 9.693465] Stack: (0xb3e9dbd0 to 0xb3e9e000)
[ 9.697879] dbc0: b3e9dbec b3e9dbe0 801379d4 8013d558
[ 9.706172] dbe0: b3e9dc54 b3e9dbf0 807163bc 801379c8 b6bb8b00 b6bb5904 80c7b4d4 b67849c0
[ 9.714466] dc00: b3e9dc1c b3e9dc10 36bdb000 8017e998 b3e9dc64 80149700 b7759940 8017ecac
[ 9.722759] dc20: 80cb40f0 00000000 80b79300 b67849c0 b3e9d8b4 b3e9dc70 b6784d60 00000001
[ 9.731052] dc40: 00000001 b70d0000 b3e9dc64 b3e9dc58 80149700 80715eac b3e9dca4 b3e9dc68
[ 9.739345] dc60: 80121788 80149674 00000006 80c7b2c4 b3e9dc70 b3e9dc70 0000000b 80c7b2c4
[ 9.747637] dc80: 60000193 80c08990 0000000b 7f4a8764 00000001 7f4a8762 b3e9dd2c b3e9dca8
[ 9.755930] dca0: 8010c2b0 80121040 b3e9c210 0000000b 00000000 8094e54c 00000008 7f000000
[ 9.764223] dcc0: 00000000 80c08990 651720e4 33306131 20333135 34303565 34303033 37356620
[ 9.772516] dce0: 34306666 35652065 30303431 28206330 36393565 38383032 80002029 80209e4c
[ 9.780809] dd00: 8094fe40 00000088 00000005 b3e9de70 00000000 00000000 b3e9c000 00000000
[ 9.789102] dd20: b3e9dd44 b3e9dd30 80118eb4 8010c068 b3e9de70 00000088 b3e9dd9c b3e9dd48
[ 9.797394] dd40: 8071bbc8 80118e4c b3e9dd8c b3e9dd58 8014e6cc 80169d94 b6994a54 00000001
[ 9.805686] dd60: b3e9de24 b67849c0 b7759978 80152afc 00000001 00000005 00000005 8071bd34
[ 9.813979] dd80: 00000088 b3e9de70 b3e9c000 00000000 b3e9ddbc b3e9dda0 8071bdf0 8071b984
[ 9.822272] dda0: 80c040a4 80c093c4 00000005 8071bd34 b3e9de6c b3e9ddc0 801011e8 8071bd40
[ 9.830564] ddc0: 0001570b 80151598 b6784a40 b6784a40 b6784de4 80b7e940 80c0442c 00000000
[ 9.838858] dde0: b3e9de64 b3e9ddf0 80151598 8014f9fc 80197ab0 805db820 00000001 00ffffff
[ 9.847150] de00: 00000000 00000000 afb50401 00000000 00014fb1 8015a864 b3e9de94 b3e9de28
[ 9.855443] de20: 8015a864 80182968 8014d51c 80b7e940 b6bd6000 b3e5b0e0 60000013 60000013
[ 9.863736] de40: b3e5b0e0 7f4a8760 60000093 7f4a8760 60000093 ffffffff b3e9dea4 00000000
[ 9.872028] de60: b3e9dedc b3e9de70 8071b174 801011ac 00080000 20000013 00000002 00000002
[ 9.880319] de80: b3e5b118 00000001 00000000 b3e5b0e0 00000000 00000008 00000000 b3e9dedc
[ 9.888611] dea0: b3e9dea8 b3e9dec0 8071acec 7f4a8760 60000093 ffffffff 7f4a8718 00000000
[ 9.896903] dec0: b6435300 b3e5b118 b77594c0 b775cd00 b3e9df14 b3e9dee0 80136720 7f4a86ec
[ 9.905196] dee0: b77594d8 80c02d00 00000008 b77594c0 b6435318 b77594c0 b77594d8 80c02d00
[ 9.913489] df00: 00000008 b6435300 b3e9df5c b3e9df18 80136a80 801365d4 b3e9df3c b3e9c000
[ 9.921783] df20: 80c02d00 b6435300 80c71af7 b3e9c018 00000000 00000000 b659cac0 b6435300
[ 9.930077] df40: 80136a1c 00000000 00000000 00000000 b3e9dfac b3e9df60 8013c958 80136a28
[ 9.938369] df60: 36be9000 00000000 b3e9df94 b6435300 00000000 00000000 b3e9df78 b3e9df78
[ 9.946662] df80: 00000001 00010001 b3e9df88 b3e9df88 b659cac0 8013c84c 00000000 00000000
[ 9.954954] dfa0: 00000000 b3e9dfb0 80108148 8013c858 00000000 00000000 00000000 00000000
[ 9.963247] dfc0: 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000
[ 9.971540] dfe0: 00000000 00000000 00000000 00000000 00000013 00000000 0001367f 00013680
[ 9.979842] [<8013d564>] (kthread_data) from [<801379d4>] (wq_worker_sleeping+0x18/0xd8)
[ 9.988055] [<801379d4>] (wq_worker_sleeping) from [<807163bc>] (__schedule+0x51c/0x7bc)
[ 9.996267] [<807163bc>] (__schedule) from [<80149700>] (do_task_dead+0x98/0x9c)
[ 10.003786] [<80149700>] (do_task_dead) from [<80121788>] (do_exit+0x754/0xaec)
[ 10.011206] [<80121788>] (do_exit) from [<8010c2b0>] (die+0x254/0x440)
[ 10.017828] [<8010c2b0>] (die) from [<80118eb4>] (__do_kernel_fault.part.0+0x74/0x1f4)
[ 10.025860] [<80118eb4>] (__do_kernel_fault.part.0) from [<8071bbc8>] (do_page_fault+0x250/0x3bc)
[ 10.034861] [<8071bbc8>] (do_page_fault) from [<8071bdf0>] (do_translation_fault+0xbc/0xc0)
[ 10.043333] [<8071bdf0>] (do_translation_fault) from [<801011e8>] (do_DataAbort+0x48/0xc4)
[ 10.051715] [<801011e8>] (do_DataAbort) from [<8071b174>] (__dabt_svc+0x54/0x80)
[ 10.059212] Exception stack(0xb3e9de70 to 0xb3e9deb8)
[ 10.064331] de60: 00080000 20000013 00000002 00000002
[ 10.072624] de80: b3e5b118 00000001 00000000 b3e5b0e0 00000000 00000008 00000000 b3e9dedc
[ 10.080915] dea0: b3e9dea8 b3e9dec0 8071acec 7f4a8760 60000093 ffffffff
[ 10.087659] [<8071b174>] (__dabt_svc) from [<7f4a8760>] (vc4_overflow_mem_work+0x80/0x120 [vc4])
[ 10.096599] [<7f4a8760>] (vc4_overflow_mem_work [vc4]) from [<80136720>] (process_one_work+0x158/0x454)
[ 10.106130] [<80136720>] (process_one_work) from [<80136a80>] (worker_thread+0x64/0x568)
[ 10.114337] [<80136a80>] (worker_thread) from [<8013c958>] (kthread+0x10c/0x124)
[ 10.121839] [<8013c958>] (kthread) from [<80108148>] (ret_from_fork+0x14/0x2c)
[ 10.129164] Code: e24cb004 e52de004 e8bd4000 e59033f8 (e5130014)
[ 10.135342] ---[ end trace 1773a549536bf2f7 ]---
[ 10.140022] Fixing recursive fault but reboot is needed!
@mattyway Could you try this patch https://gist.github.com/lategoodbye/73f489adacb2e689ccc7017397c90a73 ?
@mattyway Any chance to test the linked patch?
Unfortunately, the oops still occurs with the patch. :/
By the way, I don't know if it was the same cause but I had freezing RPis also with earlier 4.9 kernels - less than 4.9.40 I think.
@anyc I'm not sure your issue is related to this one.
Please try the following patches (keep in mind they are written for current mainline, so maybe they need rework):
https://patchwork.kernel.org/patch/10052207/
https://patchwork.kernel.org/patch/10052209/
Pushed to drm-misc-fixes:
commit 253696ccd613fbdaa5aba1de44c461a058e0a114 (HEAD -> drm-misc-fixes, drm-misc/for-linux-next-fixes, drm-misc/drm-misc-fixes)
Author: Stefan Schake <stschake@gmail.com>
Date: Fri Nov 10 02:05:06 2017 +0100
drm/vc4: Account for interrupts in flight