September 2025 - Linux-stable-mirror

[REGRESSION] 6.16 fae58d0155 prevents boot of google-tomato (mt8195)

by ninelore

Hi, starting with the bisected commit fae58d0155a979a8c414bbc12db09dd4b2f910d0 ("[v2] drm/mediatek: Fix device/node reference count leaks in mtk_drm_get_all_drm_priv") on 6.16.y my chromebook codenamed google-tomato with the SoC MT8195 seems to hang while initializing drm. Kernel messages over serial show CPU stalls some minutes later. I am attaching the full kernel logs below. This issue is present in 6.16.7, however not in v6.17-rc6 This is my first time reporting a bug here. Please let me know if you need additional information. Thanks and kind regards Ingo Reitz -------- Booting Linux on physical CPU 0x0000000000 [0x412fd050] Linux version 6.16.4 (nixbld@localhost) (aarch64-unknown-linux-gnu-gcc (GCC) 14.3.0, GNU ld (GNU Binutils) 2.44) #1-NixOS SMP Tue Jan 1 00:00:00 UTC 1980 Machine model: Acer Tomato (rev3 - 4) board Reserved memory: created DMA memory pool at 0x0000000050000000, size 41 MiB OF: reserved mem: initialized node memory@50000000, compatible id shared-dma-pool OF: reserved mem: 0x0000000050000000..0x00000000528fffff (41984 KiB) nomap non-reusable memory@50000000 Reserved memory: created DMA memory pool at 0x0000000060000000, size 13 MiB OF: reserved mem: initialized node memory@60000000, compatible id shared-dma-pool OF: reserved mem: 0x0000000060000000..0x0000000060d7ffff (13824 KiB) nomap non-reusable memory@60000000 Reserved memory: created DMA memory pool at 0x0000000060d80000, size 1 MiB OF: reserved mem: initialized node memory@60d80000, compatible id shared-dma-pool OF: reserved mem: 0x0000000060d80000..0x0000000060e7ffff (1024 KiB) nomap non-reusable memory@60d80000 Reserved memory: created DMA memory pool at 0x0000000060e80000, size 2 MiB OF: reserved mem: initialized node memory@60e80000, compatible id shared-dma-pool OF: reserved mem: 0x0000000060e80000..0x00000000610fffff (2560 KiB) nomap non-reusable memory@60e80000 Zone ranges: Normal [mem 0x0000000040000000-0x000000023fffffff] Movable zone start for each node Early memory node ranges node 0: [mem 0x0000000040000000-0x000000004fffffff] node 0: [mem 0x0000000050000000-0x00000000528fffff] node 0: [mem 0x0000000052900000-0x00000000545fffff] node 0: [mem 0x0000000054660000-0x000000005fffffff] node 0: [mem 0x0000000060000000-0x00000000610fffff] node 0: [mem 0x0000000061100000-0x00000000fffdafff] node 0: [mem 0x0000000100000000-0x000000023fffffff] Initmem setup node 0 [mem 0x0000000040000000-0x000000023fffffff] On node 0, zone Normal: 96 pages in unavailable ranges On node 0, zone Normal: 37 pages in unavailable ranges psci: probing for conduit method from DT. psci: PSCIv1.1 detected in firmware. psci: Using standard PSCI v0.2 function IDs psci: MIGRATE_INFO_TYPE not supported. psci: SMC Calling Convention v1.5 percpu: Embedded 17 pages/cpu s40608 r0 d29024 u69632 pcpu-alloc: s40608 r0 d29024 u69632 alloc=17*4096 pcpu-alloc: [0] 0 [0] 1 [0] 2 [0] 3 [0] 4 [0] 5 [0] 6 [0] 7 Detected VIPT I-cache on CPU0 CPU features: detected: GIC system register CPU interface CPU features: detected: Virtualization Host Extensions CPU features: kernel page table isolation disabled by kernel configuration alternatives: applying boot alternatives Kernel command line: console=tty0 console=ttyS0,115200n8 loglevel=15 printk: log buffer data + meta data: 131072 + 458752 = 589824 bytes Dentry cache hash table entries: 1048576 (order: 11, 8388608 bytes, linear) Inode-cache hash table entries: 524288 (order: 10, 4194304 bytes, linear) software IO TLB: SWIOTLB bounce buffer size adjusted to 8MB software IO TLB: area num 8. software IO TLB: mapped [mem 0x0000000236a00000-0x0000000237200000] (8MB) Built 1 zonelists, mobility grouping on. Total pages: 2097019 mem auto-init: stack:all(zero), heap alloc:off, heap free:off SLUB: HWalign=64, Order=0-1, MinObjects=0, CPUs=8, Nodes=1 rcu: Hierarchical RCU implementation. rcu: RCU restricting CPUs from NR_CPUS=512 to nr_cpu_ids=8. rcu: RCU calculated value of scheduler-enlistment delay is 25 jiffies. rcu: Adjusting geometry for rcu_fanout_leaf=16, nr_cpu_ids=8 NR_IRQS: 64, nr_irqs: 64, preallocated irqs: 0 GICv3: GIC: Using split EOI/Deactivate mode GICv3: 864 SPIs implemented GICv3: 0 Extended SPIs implemented Root IRQ handler: 0xffff80008001007c GICv3: GICv3 features: 16 PPIs GICv3: GICD_CTRL.DS=0, SCR_EL3.FIQ=0 GICv3: CPU0: found redistributor 0 region 0:0x000000000c040000 GICv3: GIC: PPI partition interrupt-partition-0[0] { /cpus/cpu@0[0] /cpus/cpu@100[1] /cpus/cpu@200[2] /cpus/cpu@300[3] } GICv3: GIC: PPI partition interrupt-partition-1[1] { /cpus/cpu@400[4] /cpus/cpu@500[5] /cpus/cpu@600[6] /cpus/cpu@700[7] } rcu: srcu_init: Setting srcu_struct sizes based on contention. arch_timer: cp15 timer(s) running at 13.00MHz (phys). clocksource: arch_sys_counter: mask: 0xffffffffffffff max_cycles: 0x2ff89eacb, max_idle_ns: 440795202429 ns sched_clock: 56 bits at 13MHz, resolution 76ns, wraps every 4398046511101ns Console: colour dummy device 80x25 printk: legacy console [tty0] enabled Calibrating delay loop (skipped), value calculated using timer frequency.. 26.00 BogoMIPS (lpj=52000) pid_max: default: 32768 minimum: 301 Mount-cache hash table entries: 16384 (order: 5, 131072 bytes, linear) Mountpoint-cache hash table entries: 16384 (order: 5, 131072 bytes, linear) rcu: Hierarchical SRCU implementation. rcu: Max phase no-delay instances is 1000. smp: Bringing up secondary CPUs ... Detected VIPT I-cache on CPU1 GICv3: CPU1: found redistributor 100 region 0:0x000000000c060000 CPU1: Booted secondary processor 0x0000000100 [0x412fd050] Detected VIPT I-cache on CPU2 GICv3: CPU2: found redistributor 200 region 0:0x000000000c080000 CPU2: Booted secondary processor 0x0000000200 [0x412fd050] Detected VIPT I-cache on CPU3 GICv3: CPU3: found redistributor 300 region 0:0x000000000c0a0000 CPU3: Booted secondary processor 0x0000000300 [0x412fd050] CPU features: detected: Spectre-v4 CPU features: detected: Spectre-BHB Detected PIPT I-cache on CPU4 GICv3: CPU4: found redistributor 400 region 0:0x000000000c0c0000 CPU4: Booted secondary processor 0x0000000400 [0x411fd410] Detected PIPT I-cache on CPU5 GICv3: CPU5: found redistributor 500 region 0:0x000000000c0e0000 CPU5: Booted secondary processor 0x0000000500 [0x411fd410] Detected PIPT I-cache on CPU6 GICv3: CPU6: found redistributor 600 region 0:0x000000000c100000 CPU6: Booted secondary processor 0x0000000600 [0x411fd410] Detected PIPT I-cache on CPU7 GICv3: CPU7: found redistributor 700 region 0:0x000000000c120000 CPU7: Booted secondary processor 0x0000000700 [0x411fd410] smp: Brought up 1 node, 8 CPUs SMP: Total of 8 processors activated. CPU: All CPU(s) started at EL2 CPU features: detected: 32-bit EL0 Support CPU features: detected: Data cache clean to the PoU not required for I/D coherence CPU features: detected: Common not Private translations CPU features: detected: CRC32 instructions CPU features: detected: Data cache clean to Point of Persistence CPU features: detected: RCpc load-acquire (LDAPR) CPU features: detected: LSE atomic instructions CPU features: detected: PMUv3 CPU features: detected: RAS Extension Support CPU features: detected: Speculative Store Bypassing Safe (SSBS) spectre-bhb mitigation disabled by compile time option spectre-bhb mitigation disabled by compile time option alternatives: applying system-wide alternatives CPU features: detected: Hardware dirty bit management on CPU0-7 Memory: 8159184K/8388076K available (4928K kernel code, 924K rwdata, 1800K rodata, 896K init, 479K bss, 224752K reserved, 0K cma-reserved) devtmpfs: initialized clocksource: jiffies: mask: 0xffffffff max_cycles: 0xffffffff, max_idle_ns: 7645041785100000 ns futex hash table entries: 2048 (131072 bytes on 1 NUMA nodes, total 128 KiB, linear). pinctrl core: initialized pinctrl subsystem DMA: preallocated 1024 KiB GFP_KERNEL pool for atomic allocations thermal_sys: Registered thermal governor 'step_wise' thermal_sys: Registered thermal governor 'power_allocator' hw-breakpoint: found 6 breakpoint and 4 watchpoint registers. ASID allocator initialised with 65536 entries Serial: AMBA PL011 UART driver /soc/interrupt-controller@c000000: Fixed dependency cycle(s) with /soc/interrupt-controller@c000000 /soc/syscon@1c01a000: Fixed dependency cycle(s) with /soc/ovl@1c000000 /soc/ovl@1c000000: Fixed dependency cycle(s) with /soc/rdma@1c002000 /soc/ovl@1c000000: Fixed dependency cycle(s) with /soc/syscon@1c01a000 /soc/rdma@1c002000: Fixed dependency cycle(s) with /soc/color@1c003000 /soc/rdma@1c002000: Fixed dependency cycle(s) with /soc/ovl@1c000000 /soc/rdma@1c002000: Fixed dependency cycle(s) with /soc/syscon@1c01a000 /soc/color@1c003000: Fixed dependency cycle(s) with /soc/ccorr@1c004000 /soc/color@1c003000: Fixed dependency cycle(s) with /soc/rdma@1c002000 /soc/color@1c003000: Fixed dependency cycle(s) with /soc/syscon@1c01a000 /soc/ccorr@1c004000: Fixed dependency cycle(s) with /soc/aal@1c005000 /soc/ccorr@1c004000: Fixed dependency cycle(s) with /soc/color@1c003000 /soc/ccorr@1c004000: Fixed dependency cycle(s) with /soc/syscon@1c01a000 /soc/aal@1c005000: Fixed dependency cycle(s) with /soc/gamma@1c006000 /soc/aal@1c005000: Fixed dependency cycle(s) with /soc/ccorr@1c004000 /soc/aal@1c005000: Fixed dependency cycle(s) with /soc/syscon@1c01a000 /soc/gamma@1c006000: Fixed dependency cycle(s) with /soc/dither@1c007000 /soc/gamma@1c006000: Fixed dependency cycle(s) with /soc/aal@1c005000 /soc/gamma@1c006000: Fixed dependency cycle(s) with /soc/syscon@1c01a000 /soc/dither@1c007000: Fixed dependency cycle(s) with /soc/dsc@1c009000 /soc/dither@1c007000: Fixed dependency cycle(s) with /soc/gamma@1c006000 /soc/dither@1c007000: Fixed dependency cycle(s) with /soc/syscon@1c01a000 /soc/dsc@1c009000: Fixed dependency cycle(s) with /soc/merge@1c014000 /soc/dsc@1c009000: Fixed dependency cycle(s) with /soc/dither@1c007000 /soc/dsc@1c009000: Fixed dependency cycle(s) with /soc/syscon@1c01a000 /soc/merge@1c014000: Fixed dependency cycle(s) with /soc/dp-intf@1c015000 /soc/merge@1c014000: Fixed dependency cycle(s) with /soc/dsc@1c009000 /soc/merge@1c014000: Fixed dependency cycle(s) with /soc/syscon@1c01a000 /soc/dp-intf@1c015000: Fixed dependency cycle(s) with /soc/edp-tx@1c500000 /soc/dp-intf@1c015000: Fixed dependency cycle(s) with /soc/merge@1c014000 /soc/dp-intf@1c015000: Fixed dependency cycle(s) with /soc/syscon@1c01a000 /soc/syscon@1c100000: Fixed dependency cycle(s) with /soc/hdr-engine@1c114000 /soc/vpp-merge@1c110000: Fixed dependency cycle(s) with /soc/dp-intf@1c113000 /soc/vpp-merge@1c110000: Fixed dependency cycle(s) with /soc/hdr-engine@1c114000 /soc/vpp-merge@1c110000: Fixed dependency cycle(s) with /soc/syscon@1c100000 /soc/dp-intf@1c113000: Fixed dependency cycle(s) with /soc/dp-tx@1c600000 /soc/dp-intf@1c113000: Fixed dependency cycle(s) with /soc/vpp-merge@1c110000 /soc/dp-intf@1c113000: Fixed dependency cycle(s) with /soc/syscon@1c100000 /soc/hdr-engine@1c114000: Fixed dependency cycle(s) with /soc/vpp-merge@1c110000 /soc/hdr-engine@1c114000: Fixed dependency cycle(s) with /soc/syscon@1c100000 /soc/edp-tx@1c500000: Fixed dependency cycle(s) with /soc/edp-tx@1c500000/aux-bus/panel /soc/edp-tx@1c500000: Fixed dependency cycle(s) with /soc/dp-intf@1c015000 /soc/edp-tx@1c500000/aux-bus/panel: Fixed dependency cycle(s) with /soc/edp-tx@1c500000 /soc/dp-tx@1c600000: Fixed dependency cycle(s) with /soc/dp-intf@1c113000 /soc/pinctrl@10005000: Fixed dependency cycle(s) with /soc/pinctrl@10005000/pio-default-pins /soc/pcie@112f8000: Fixed dependency cycle(s) with /soc/pcie@112f8000/interrupt-controller /soc/syscon@1c01a000: Fixed dependency cycle(s) with /soc/ovl@1c000000 /soc/syscon@1c01a000: Fixed dependency cycle(s) with /soc/ovl@1c000000 /soc/ovl@1c000000: Fixed dependency cycle(s) with /soc/rdma@1c002000 /soc/ovl@1c000000: Fixed dependency cycle(s) with /soc/syscon@1c01a000 /soc/ovl@1c000000: Fixed dependency cycle(s) with /soc/rdma@1c002000 /soc/rdma@1c002000: Fixed dependency cycle(s) with /soc/color@1c003000 /soc/rdma@1c002000: Fixed dependency cycle(s) with /soc/ovl@1c000000 /soc/rdma@1c002000: Fixed dependency cycle(s) with /soc/syscon@1c01a000 /soc/rdma@1c002000: Fixed dependency cycle(s) with /soc/color@1c003000 /soc/color@1c003000: Fixed dependency cycle(s) with /soc/ccorr@1c004000 /soc/color@1c003000: Fixed dependency cycle(s) with /soc/rdma@1c002000 /soc/color@1c003000: Fixed dependency cycle(s) with /soc/syscon@1c01a000 /soc/color@1c003000: Fixed dependency cycle(s) with /soc/ccorr@1c004000 /soc/ccorr@1c004000: Fixed dependency cycle(s) with /soc/aal@1c005000 /soc/ccorr@1c004000: Fixed dependency cycle(s) with /soc/color@1c003000 /soc/ccorr@1c004000: Fixed dependency cycle(s) with /soc/syscon@1c01a000 /soc/ccorr@1c004000: Fixed dependency cycle(s) with /soc/aal@1c005000 /soc/aal@1c005000: Fixed dependency cycle(s) with /soc/gamma@1c006000 /soc/aal@1c005000: Fixed dependency cycle(s) with /soc/ccorr@1c004000 /soc/aal@1c005000: Fixed dependency cycle(s) with /soc/syscon@1c01a000 /soc/aal@1c005000: Fixed dependency cycle(s) with /soc/gamma@1c006000 /soc/gamma@1c006000: Fixed dependency cycle(s) with /soc/dither@1c007000 /soc/gamma@1c006000: Fixed dependency cycle(s) with /soc/aal@1c005000 /soc/gamma@1c006000: Fixed dependency cycle(s) with /soc/syscon@1c01a000 /soc/gamma@1c006000: Fixed dependency cycle(s) with /soc/dither@1c007000 /soc/dither@1c007000: Fixed dependency cycle(s) with /soc/dsc@1c009000 /soc/dither@1c007000: Fixed dependency cycle(s) with /soc/gamma@1c006000 /soc/dither@1c007000: Fixed dependency cycle(s) with /soc/syscon@1c01a000 /soc/dither@1c007000: Fixed dependency cycle(s) with /soc/dsc@1c009000 /soc/dsc@1c009000: Fixed dependency cycle(s) with /soc/merge@1c014000 /soc/dsc@1c009000: Fixed dependency cycle(s) with /soc/dither@1c007000 /soc/dsc@1c009000: Fixed dependency cycle(s) with /soc/syscon@1c01a000 /soc/dsc@1c009000: Fixed dependency cycle(s) with /soc/merge@1c014000 /soc/merge@1c014000: Fixed dependency cycle(s) with /soc/dp-intf@1c015000 /soc/merge@1c014000: Fixed dependency cycle(s) with /soc/dsc@1c009000 /soc/merge@1c014000: Fixed dependency cycle(s) with /soc/syscon@1c01a000 /soc/merge@1c014000: Fixed dependency cycle(s) with /soc/dp-intf@1c015000 /soc/dp-intf@1c015000: Fixed dependency cycle(s) with /soc/edp-tx@1c500000 /soc/dp-intf@1c015000: Fixed dependency cycle(s) with /soc/merge@1c014000 /soc/dp-intf@1c015000: Fixed dependency cycle(s) with /soc/syscon@1c01a000 /soc/syscon@1c100000: Fixed dependency cycle(s) with /soc/hdr-engine@1c114000 /soc/vpp-merge@1c110000: Fixed dependency cycle(s) with /soc/dp-intf@1c113000 /soc/vpp-merge@1c110000: Fixed dependency cycle(s) with /soc/hdr-engine@1c114000 /soc/vpp-merge@1c110000: Fixed dependency cycle(s) with /soc/syscon@1c100000 /soc/vpp-merge@1c110000: Fixed dependency cycle(s) with /soc/dp-intf@1c113000 /soc/dp-intf@1c113000: Fixed dependency cycle(s) with /soc/dp-tx@1c600000 /soc/dp-intf@1c113000: Fixed dependency cycle(s) with /soc/vpp-merge@1c110000 /soc/dp-intf@1c113000: Fixed dependency cycle(s) with /soc/syscon@1c100000 /soc/vpp-merge@1c110000: Fixed dependency cycle(s) with /soc/hdr-engine@1c114000 /soc/syscon@1c100000: Fixed dependency cycle(s) with /soc/hdr-engine@1c114000 /soc/hdr-engine@1c114000: Fixed dependency cycle(s) with /soc/vpp-merge@1c110000 /soc/hdr-engine@1c114000: Fixed dependency cycle(s) with /soc/syscon@1c100000 /soc/dp-intf@1c015000: Fixed dependency cycle(s) with /soc/edp-tx@1c500000 /soc/edp-tx@1c500000: Fixed dependency cycle(s) with /soc/edp-tx@1c500000/aux-bus/panel /soc/edp-tx@1c500000: Fixed dependency cycle(s) with /soc/dp-intf@1c015000 /soc/edp-tx@1c500000/aux-bus/panel: Fixed dependency cycle(s) with /soc/edp-tx@1c500000 /soc/dp-intf@1c113000: Fixed dependency cycle(s) with /soc/dp-tx@1c600000 /soc/dp-tx@1c600000: Fixed dependency cycle(s) with /soc/dp-intf@1c113000 HugeTLB: allocation took 0ms with hugepage_allocation_threads=2 HugeTLB: allocation took 0ms with hugepage_allocation_threads=2 HugeTLB: registered 1.00 GiB page size, pre-allocated 0 pages HugeTLB: 0 KiB vmemmap can be freed for a 1.00 GiB page HugeTLB: registered 32.0 MiB page size, pre-allocated 0 pages HugeTLB: 0 KiB vmemmap can be freed for a 32.0 MiB page HugeTLB: registered 2.00 MiB page size, pre-allocated 0 pages HugeTLB: 0 KiB vmemmap can be freed for a 2.00 MiB page HugeTLB: registered 64.0 KiB page size, pre-allocated 0 pages HugeTLB: 0 KiB vmemmap can be freed for a 64.0 KiB page iommu: Default domain type: Translated iommu: DMA domain TLB invalidation policy: strict mode SCSI subsystem initialized libata version 3.00 loaded. usbcore: registered new interface driver usbfs usbcore: registered new interface driver hub usbcore: registered new device driver usb vgaarb: loaded clocksource: Switched to clocksource arch_sys_counter PCI: CLS 0 bytes, default 64 Unpacking initramfs... workingset: timestamp_bits=62 max_order=21 bucket_order=0 squashfs: version 4.0 (2009/01/31) Phillip Lougher Block layer SCSI generic (bsg) driver version 0.4 loaded (major 251) io scheduler mq-deadline registered io scheduler kyber registered io scheduler bfq registered Freeing initrd memory: 2996K cannot find "mediatek,mt8195-fhctl" mtk-socinfo mtk-socinfo.0.auto: MediaTek Kompanio 1380 (MT8195) SoC detected. Serial: 8250/16550 driver, 32 ports, IRQ sharing disabled printk: legacy console [ttyS0] disabled 11001100.serial: ttyS0 at MMIO 0x11001100 (irq = 253, base_baud = 1625000) is a ST16650V2 printk: legacy console [ttyS0] enabled Serial: AMBA driver loop: module loaded mt6359-keys: Failed to locate of_node [id: -1] mt6359-accdet: Failed to locate of_node [id: -1] mtk-spi-nor 1132c000.spi: spi frequency: 52000000 Hz usbcore: registered new interface driver usb-storage mt6397-rtc mt6359-rtc: registered as rtc0 mt6397-rtc mt6359-rtc: setting system clock to 2025-09-15T22:15:30 UTC (1757974530) mtk-lvts-thermal 1100b000.thermal-sensor: golden temp=60 vgpu11_sshub: Bringing 400000uV into 550000-550000uV thermal thermal_zone0: power_allocator: sustainable_power will be estimated thermal thermal_zone1: power_allocator: sustainable_power will be estimated thermal thermal_zone2: power_allocator: sustainable_power will be estimated thermal thermal_zone3: power_allocator: sustainable_power will be estimated thermal thermal_zone4: power_allocator: sustainable_power will be estimated thermal thermal_zone5: power_allocator: sustainable_power will be estimated thermal thermal_zone6: power_allocator: sustainable_power will be estimated thermal thermal_zone7: power_allocator: sustainable_power will be estimated thermal thermal_zone8: power_allocator: sustainable_power will be estimated mtk-lvts-thermal 11278000.thermal-sensor: golden temp=60 thermal thermal_zone9: power_allocator: sustainable_power will be estimated thermal thermal_zone10: power_allocator: sustainable_power will be estimated thermal thermal_zone11: power_allocator: sustainable_power will be estimated thermal thermal_zone12: power_allocator: sustainable_power will be estimated thermal thermal_zone13: power_allocator: sustainable_power will be estimated thermal thermal_zone14: power_allocator: sustainable_power will be estimated thermal thermal_zone15: power_allocator: sustainable_power will be estimated thermal thermal_zone16: power_allocator: sustainable_power will be estimated cpu cpu0: EM: created perf domain cpu cpu4: EM: created perf domain coreboot_table firmware:coreboot: probe with driver coreboot_table failed with error -22 hid: raw HID events driver (C) Jiri Kosina usbcore: registered new interface driver usbhid usbhid: USB HID core driver spi_master spi0: will run message pump with realtime priority hw perfevents: enabled with armv8_cortex_a55 PMU driver, 7 (0,8000003f) counters available hw perfevents: enabled with armv8_cortex_a78 PMU driver, 7 (0,8000003f) counters available mediatek-drm mediatek-drm.12.auto: Adding component match for /soc/ovl@1c000000 mediatek-drm mediatek-drm.12.auto: Adding component match for /soc/rdma@1c002000 mediatek-drm mediatek-drm.12.auto: Adding component match for /soc/color@1c003000 mediatek-drm mediatek-drm.12.auto: Adding component match for /soc/ccorr@1c004000 mediatek-drm mediatek-drm.12.auto: Adding component match for /soc/aal@1c005000 mediatek-drm mediatek-drm.12.auto: Adding component match for /soc/gamma@1c006000 mediatek-drm mediatek-drm.12.auto: Adding component match for /soc/merge@1c014000 mediatek-drm mediatek-drm.12.auto: Adding component match for /soc/dp-intf@1c015000 mediatek-disp-ovl-adaptor mediatek-disp-ovl-adaptor.15.auto: Failed to get id. type: 2, alias: -19 mediatek-disp-ovl-adaptor mediatek-disp-ovl-adaptor.15.auto: Skipping unknown component /soc/merge@1c014000 mediatek-disp-ovl-adaptor mediatek-disp-ovl-adaptor.15.auto: Failed to get id. type: 2, alias: 5 mediatek-disp-ovl-adaptor mediatek-disp-ovl-adaptor.15.auto: Skipping unknown component /soc/vpp-merge@1c110000 mediatek-drm mediatek-drm.14.auto: Adding component match for /soc/vpp-merge@1c110000 mediatek-drm mediatek-drm.14.auto: Adding component match for /soc/dp-intf@1c113000 mtk-msdc 11230000.mmc: Final PAD_DS_TUNE: 0x15011 mtk-power-controller 10006000.syscon:power-controller: /soc/syscon@10006000/power-controller/power-domain@15/power-domain@16/power-domain@18/power-domain@20: A default off power domain has been ON input: cros_ec as /devices/platform/soc/1100a000.spi/spi_master/spi0/spi0.0/1100a000.spi:ec@0:keyboard-controller/input/input0 mmc0: Host Software Queue enabled mmc0: new HS400 MMC card at address 0001 mmcblk0: mmc0:0001 DA4128 116 GiB mmcblk0: p1 p2 p3 mmcblk0boot0: mmc0:0001 DA4128 4.00 MiB mmcblk0boot1: mmc0:0001 DA4128 4.00 MiB mmcblk0rpmb: mmc0:0001 DA4128 16.0 MiB, chardev (249:0) input: cros_ec_buttons as /devices/platform/soc/1100a000.spi/spi_master/spi0/spi0.0/1100a000.spi:ec@0:keyboard-controller/input/input1 /soc/edp-tx@1c500000: Fixed dependency cycle(s) with /soc/edp-tx@1c500000/aux-bus/panel /soc/edp-tx@1c500000/aux-bus/panel: Fixed dependency cycle(s) with /soc/edp-tx@1c500000 cros-ec-spi spi0.0: Chrome EC device registered mtu3 11201000.usb: uwk - reg:0x400, version:103 mtu3 11201000.usb: dr_mode: 1, drd: auto mtu3 11201000.usb: u2p_dis_msk: 0, u3p_dis_msk: 0 mtu3 11201000.usb: usb3-drd: 1 xhci-mtk 11200000.usb: supply vusb33 not found, using dummy regulator xhci-mtk 11200000.usb: xHCI Host Controller xhci-mtk 11200000.usb: new USB bus registered, assigned bus number 1 xhci-mtk 11200000.usb: hcc params 0x01400f99 hci version 0x110 quirks 0x0000000000200010 xhci-mtk 11200000.usb: irq 287, io mem 0x11200000 xhci-mtk 11200000.usb: xHCI Host Controller xhci-mtk 11200000.usb: new USB bus registered, assigned bus number 2 xhci-mtk 11200000.usb: Host supports USB 3.2 Enhanced SuperSpeed usb usb1: New USB device found, idVendor=1d6b, idProduct=0002, bcdDevice= 6.16 usb usb1: New USB device strings: Mfr=3, Product=2, SerialNumber=1 usb usb1: Product: xHCI Host Controller usb usb1: Manufacturer: Linux 6.16.4 xhci-hcd usb usb1: SerialNumber: 11200000.usb hub 1-0:1.0: USB hub found hub 1-0:1.0: 1 port detected usb usb2: We don't know the algorithms for LPM for this host, disabling LPM. usb usb2: New USB device found, idVendor=1d6b, idProduct=0003, bcdDevice= 6.16 usb usb2: New USB device strings: Mfr=3, Product=2, SerialNumber=1 usb usb2: Product: xHCI Host Controller usb usb2: Manufacturer: Linux 6.16.4 xhci-hcd usb usb2: SerialNumber: 11200000.usb hub 2-0:1.0: USB hub found hub 2-0:1.0: 1 port detected mtu3 11201000.usb: xHCI platform device register success... mtu3 112a1000.usb: uwk - reg:0x400, version:105 mtu3 112a1000.usb: dr_mode: 1, drd: auto mtu3 112a1000.usb: u2p_dis_msk: 0, u3p_dis_msk: 0 mtu3 112a1000.usb: usb3-drd: 0 xhci-mtk 112a0000.usb: supply vusb33 not found, using dummy regulator xhci-mtk 112a0000.usb: xHCI Host Controller xhci-mtk 112a0000.usb: new USB bus registered, assigned bus number 3 xhci-mtk 112a0000.usb: USB3 root hub has no ports xhci-mtk 112a0000.usb: hcc params 0x01400f99 hci version 0x110 quirks 0x0000000000200010 xhci-mtk 112a0000.usb: irq 288, io mem 0x112a0000 usb usb3: New USB device found, idVendor=1d6b, idProduct=0002, bcdDevice= 6.16 usb usb3: New USB device strings: Mfr=3, Product=2, SerialNumber=1 usb usb3: Product: xHCI Host Controller usb usb3: Manufacturer: Linux 6.16.4 xhci-hcd usb usb3: SerialNumber: 112a0000.usb hub 3-0:1.0: USB hub found hub 3-0:1.0: 1 port detected mtu3 112a1000.usb: xHCI platform device register success... mtu3 112b1000.usb: uwk - reg:0x400, version:106 mtu3 112b1000.usb: dr_mode: 1, drd: auto mtu3 112b1000.usb: u2p_dis_msk: 0, u3p_dis_msk: 0 mtu3 112b1000.usb: usb3-drd: 0 xhci-mtk 112b0000.usb: supply vusb33 not found, using dummy regulator xhci-mtk 112b0000.usb: xHCI Host Controller xhci-mtk 112b0000.usb: new USB bus registered, assigned bus number 4 xhci-mtk 112b0000.usb: USB3 root hub has no ports xhci-mtk 112b0000.usb: hcc params 0x01400f99 hci version 0x110 quirks 0x0000000020200010 xhci-mtk 112b0000.usb: irq 289, io mem 0x112b0000 usb usb4: New USB device found, idVendor=1d6b, idProduct=0002, bcdDevice= 6.16 usb usb4: New USB device strings: Mfr=3, Product=2, SerialNumber=1 usb usb4: Product: xHCI Host Controller usb usb4: Manufacturer: Linux 6.16.4 xhci-hcd usb usb4: SerialNumber: 112b0000.usb hub 4-0:1.0: USB hub found hub 4-0:1.0: 1 port detected mtu3 112b1000.usb: xHCI platform device register success... thermal thermal_zone17: power_allocator: sustainable_power will be estimated thermal thermal_zone18: power_allocator: sustainable_power will be estimated mtk-msdc 11240000.mmc: Got CD GPIO usb 1-1: new high-speed USB device number 2 using xhci-mtk usb 3-1: new high-speed USB device number 2 using xhci-mtk usb 1-1: New USB device found, idVendor=05e3, idProduct=0610, bcdDevice=65.02 usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=0 usb 1-1: Product: USB2.1 Hub usb 1-1: Manufacturer: GenesysLogic hub 1-1:1.0: USB hub found hub 1-1:1.0: 3 ports detected usb 4-1: new high-speed USB device number 2 using xhci-mtk usb 2-1: new SuperSpeed USB device number 2 using xhci-mtk usb 2-1: New USB device found, idVendor=05e3, idProduct=0620, bcdDevice=65.02 usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=0 usb 2-1: Product: USB3.2 Hub usb 2-1: Manufacturer: GenesysLogic hub 2-1:1.0: USB hub found hub 2-1:1.0: 3 ports detected usb 3-1: New USB device found, idVendor=0408, idProduct=4034, bcdDevice= 0.02 usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 usb 3-1: Product: ACER HD User Facing usb 3-1: Manufacturer: Quanta usb 3-1: SerialNumber: 01.00.00 usb 4-1: New USB device found, idVendor=04ca, idProduct=3802, bcdDevice= 1.00 usb 4-1: New USB device strings: Mfr=5, Product=6, SerialNumber=7 usb 4-1: Product: Wireless_Device usb 4-1: Manufacturer: MediaTek Inc. usb 4-1: SerialNumber: 000000000 panel-simple-dp-aux aux-1c500000.edp-tx: Detected BOE NE135FBM-N41 v8.1 (0x095f) xhci-mtk 11290000.usb: uwk - reg:0x400, version:104 xhci-mtk 11290000.usb: xHCI Host Controller xhci-mtk 11290000.usb: new USB bus registered, assigned bus number 5 xhci-mtk 11290000.usb: hcc params 0x01400f99 hci version 0x110 quirks 0x0000000000200010 xhci-mtk 11290000.usb: irq 291, io mem 0x11290000 xhci-mtk 11290000.usb: xHCI Host Controller xhci-mtk 11290000.usb: new USB bus registered, assigned bus number 6 xhci-mtk 11290000.usb: Host supports USB 3.2 Enhanced SuperSpeed usb usb5: New USB device found, idVendor=1d6b, idProduct=0002, bcdDevice= 6.16 usb usb5: New USB device strings: Mfr=3, Product=2, SerialNumber=1 usb usb5: Product: xHCI Host Controller usb usb5: Manufacturer: Linux 6.16.4 xhci-hcd usb usb5: SerialNumber: 11290000.usb hub 5-0:1.0: USB hub found hub 5-0:1.0: 1 port detected usb usb6: We don't know the algorithms for LPM for this host, disabling LPM. usb usb6: New USB device found, idVendor=1d6b, idProduct=0003, bcdDevice= 6.16 usb usb6: New USB device strings: Mfr=3, Product=2, SerialNumber=1 usb usb6: Product: xHCI Host Controller usb usb6: Manufacturer: Linux 6.16.4 xhci-hcd usb usb6: SerialNumber: 11290000.usb hub 6-0:1.0: USB hub found hub 6-0:1.0: 1 port detected i2c_hid_of 4-0010: supply vddl not found, using dummy regulator platform 14001000.dma-controller: Adding to iommu group 0 platform 14009000.display: Adding to iommu group 0 platform 1400c000.dma-controller: Adding to iommu group 0 platform 14f0a000.dma-controller: Adding to iommu group 0 platform 14f25000.dma-controller: Adding to iommu group 0 platform soc:jpgenc-master: Adding to iommu group 1 i2c_hid_of 4-0010: i2c_hid_get_input: IRQ triggered but there's no data platform 1c105000.dma-controller: Adding to iommu group 2 input: hid-over-i2c 04F3:4040 Touchscreen as /devices/platform/soc/11e04000.i2c/i2c-4/4-0010/0018:04F3:4040.0001/input/input2 platform 1c107000.dma-controller: Adding to iommu group 2 input: hid-over-i2c 04F3:4040 as /devices/platform/soc/11e04000.i2c/i2c-4/4-0010/0018:04F3:4040.0001/input/input3 platform 1c109000.dma-controller: Adding to iommu group 2 input: hid-over-i2c 04F3:4040 as /devices/platform/soc/11e04000.i2c/i2c-4/4-0010/0018:04F3:4040.0001/input/input4 platform 1c10b000.dma-controller: Adding to iommu group 2 input: hid-over-i2c 04F3:4040 Stylus as /devices/platform/soc/11e04000.i2c/i2c-4/4-0010/0018:04F3:4040.0001/input/input5 platform 1c114000.hdr-engine: Adding to iommu group 2 hid-generic 0018:04F3:4040.0001: input,hidraw0: I2C HID v1.00 Device [hid-over-i2c 04F3:4040] on 4-0010 mtk-iommu 14018000.iommu: bound 1c019000.larb (ops 0xffff800080611fb8) mtk-iommu 14018000.iommu: bound 1c103000.larb (ops 0xffff800080611fb8) mtk-iommu 14018000.iommu: bound 14013000.larb (ops 0xffff800080611fb8) mtk-iommu 14018000.iommu: bound 14f03000.larb (ops 0xffff800080611fb8) mtk-iommu 14018000.iommu: bound 14e05000.larb (ops 0xffff800080611fb8) mtk-iommu 14018000.iommu: bound 15340000.larb (ops 0xffff800080611fb8) mtk-iommu 14018000.iommu: bound 16002000.larb (ops 0xffff800080611fb8) mtk-iommu 14018000.iommu: bound 16012000.larb (ops 0xffff800080611fb8) mtk-iommu 14018000.iommu: bound 17201000.larb (ops 0xffff800080611fb8) mtk-iommu 14018000.iommu: bound 1b010000.larb (ops 0xffff800080611fb8) mtk-iommu 14018000.iommu: bound 1803e000.larb (ops 0xffff800080611fb8) mtk-iommu 14018000.iommu: bound 1800e000.larb (ops 0xffff800080611fb8) mtk-iommu 14018000.iommu: bound 16142000.larb (ops 0xffff800080611fb8) mtk-iommu 14018000.iommu: bound 16014000.larb (ops 0xffff800080611fb8) platform 14f08000.dma-controller: Adding to iommu group 0 platform 14f09000.dma-controller: Adding to iommu group 0 platform 14f1f000.display: Adding to iommu group 0 platform 14f23000.dma-controller: Adding to iommu group 0 platform 14f24000.dma-controller: Adding to iommu group 0 platform 18000000.video-codec: Adding to iommu group 1 platform 1a020000.video-codec: Adding to iommu group 1 platform soc:jpgdec-master: Adding to iommu group 1 platform 1c000000.ovl: Adding to iommu group 2 platform 1c002000.rdma: Adding to iommu group 2 platform 1c104000.dma-controller: Adding to iommu group 2 platform 1c106000.dma-controller: Adding to iommu group 2 platform 1c108000.dma-controller: Adding to iommu group 2 platform 1c10a000.dma-controller: Adding to iommu group 2 mtk-iommu 1c01f000.iommu: bound 1c018000.larb (ops 0xffff800080611fb8) mtk-iommu 1c01f000.iommu: bound 1c102000.larb (ops 0xffff800080611fb8) mtk-iommu 1c01f000.iommu: bound 14f02000.larb (ops 0xffff800080611fb8) mtk-iommu 1c01f000.iommu: bound 14e04000.larb (ops 0xffff800080611fb8) mtk-iommu 1c01f000.iommu: bound 15001000.larb (ops 0xffff800080611fb8) mtk-iommu 1c01f000.iommu: bound 15120000.larb (ops 0xffff800080611fb8) mtk-iommu 1c01f000.iommu: bound 15230000.larb (ops 0xffff800080611fb8) mtk-iommu 1c01f000.iommu: bound 16001000.larb (ops 0xffff800080611fb8) mtk-iommu 1c01f000.iommu: bound 16013000.larb (ops 0xffff800080611fb8) mtk-iommu 1c01f000.iommu: bound 1a010000.larb (ops 0xffff800080611fb8) mtk-iommu 1c01f000.iommu: bound 1802e000.larb (ops 0xffff800080611fb8) mtk-iommu 1c01f000.iommu: bound 1800d000.larb (ops 0xffff800080611fb8) mtk-iommu 1c01f000.iommu: bound 16141000.larb (ops 0xffff800080611fb8) mtk-iommu 1c01f000.iommu: bound 16015000.larb (ops 0xffff800080611fb8) rcu: INFO: rcu_sched detected stalls on CPUs/tasks: rcu: 5-...0: (37 ticks this GP) idle=39b4/1/0x4000000000000000 softirq=263/265 fqs=1751 rcu: (detected by 0, t=5252 jiffies, g=-919, q=73 ncpus=8) Sending NMI from CPU 0 to CPUs 5: rcu: INFO: rcu_sched detected stalls on CPUs/tasks: rcu: 5-...0: (37 ticks this GP) idle=39b4/1/0x4000000000000000 softirq=263/265 fqs=6170 rcu: (detected by 0, t=21007 jiffies, g=-919, q=73 ncpus=8) Sending NMI from CPU 0 to CPUs 5: rcu: INFO: rcu_sched detected stalls on CPUs/tasks: rcu: 5-...0: (37 ticks this GP) idle=39b4/1/0x4000000000000000 softirq=263/265 fqs=10589 rcu: (detected by 0, t=36762 jiffies, g=-919, q=73 ncpus=8) Sending NMI from CPU 0 to CPUs 5: rcu: INFO: rcu_sched detected stalls on CPUs/tasks: rcu: 5-...0: (37 ticks this GP) idle=39b4/1/0x4000000000000000 softirq=263/265 fqs=15008 rcu: (detected by 0, t=52517 jiffies, g=-919, q=73 ncpus=8) Sending NMI from CPU 0 to CPUs 5: rcu: INFO: rcu_sched detected stalls on CPUs/tasks: rcu: 5-...0: (37 ticks this GP) idle=39b4/1/0x4000000000000000 softirq=263/265 fqs=19427 rcu: (detected by 0, t=68272 jiffies, g=-919, q=73 ncpus=8) Sending NMI from CPU 0 to CPUs 5: rcu: INFO: rcu_sched detected stalls on CPUs/tasks: rcu: 5-...0: (37 ticks this GP) idle=39b4/1/0x4000000000000000 softirq=263/265 fqs=23846 rcu: (detected by 0, t=84027 jiffies, g=-919, q=73 ncpus=8) Sending NMI from CPU 0 to CPUs 5: rcu: INFO: rcu_sched detected stalls on CPUs/tasks: rcu: 5-...0: (37 ticks this GP) idle=39b4/1/0x4000000000000000 softirq=263/265 fqs=28265 rcu: (detected by 0, t=99782 jiffies, g=-919, q=73 ncpus=8) Sending NMI from CPU 0 to CPUs 5: rcu: INFO: rcu_sched detected stalls on CPUs/tasks: rcu: 5-...0: (37 ticks this GP) idle=39b4/1/0x4000000000000000 softirq=263/265 fqs=32684 rcu: (detected by 0, t=115537 jiffies, g=-919, q=73 ncpus=8) Sending NMI from CPU 0 to CPUs 5: rcu: INFO: rcu_sched detected stalls on CPUs/tasks: rcu: 5-...0: (37 ticks this GP) idle=39b4/1/0x4000000000000000 softirq=263/265 fqs=37103 rcu: (detected by 0, t=131292 jiffies, g=-919, q=73 ncpus=8) Sending NMI from CPU 0 to CPUs 5: rcu: INFO: rcu_sched detected stalls on CPUs/tasks: rcu: 5-...0: (37 ticks this GP) idle=39b4/1/0x4000000000000000 softirq=263/265 fqs=41522 rcu: (detected by 0, t=147047 jiffies, g=-919, q=73 ncpus=8) Sending NMI from CPU 0 to CPUs 5: rcu: INFO: rcu_sched detected stalls on CPUs/tasks: rcu: 5-...0: (37 ticks this GP) idle=39b4/1/0x4000000000000000 softirq=263/265 fqs=45941 rcu: (detected by 0, t=162802 jiffies, g=-919, q=73 ncpus=8) Sending NMI from CPU 0 to CPUs 5: rcu: INFO: rcu_sched detected stalls on CPUs/tasks: rcu: 5-...0: (37 ticks this GP) idle=39b4/1/0x4000000000000000 softirq=263/265 fqs=50360 rcu: (detected by 0, t=178557 jiffies, g=-919, q=73 ncpus=8) Sending NMI from CPU 0 to CPUs 5: rcu: INFO: rcu_sched detected stalls on CPUs/tasks: rcu: 5-...0: (37 ticks this GP) idle=39b4/1/0x4000000000000000 softirq=263/265 fqs=54779 rcu: (detected by 0, t=194312 jiffies, g=-919, q=73 ncpus=8) Sending NMI from CPU 0 to CPUs 5: random: crng init done rcu: INFO: rcu_sched detected stalls on CPUs/tasks: rcu: 5-...0: (37 ticks this GP) idle=39b4/1/0x4000000000000000 softirq=263/265 fqs=59198 rcu: (detected by 0, t=210067 jiffies, g=-919, q=73 ncpus=8) Sending NMI from CPU 0 to CPUs 5: rcu: INFO: rcu_sched detected stalls on CPUs/tasks: rcu: 5-...0: (37 ticks this GP) idle=39b4/1/0x4000000000000000 softirq=263/265 fqs=63617 rcu: (detected by 0, t=225822 jiffies, g=-919, q=73 ncpus=8) Sending NMI from CPU 0 to CPUs 5: rcu: INFO: rcu_sched detected stalls on CPUs/tasks: rcu: 5-...0: (37 ticks this GP) idle=39b4/1/0x4000000000000000 softirq=263/265 fqs=68036 rcu: (detected by 0, t=241577 jiffies, g=-919, q=73 ncpus=8) Sending NMI from CPU 0 to CPUs 5: rcu: INFO: rcu_sched detected stalls on CPUs/tasks: rcu: 5-...0: (37 ticks this GP) idle=39b4/1/0x4000000000000000 softirq=263/265 fqs=72455 rcu: (detected by 0, t=257332 jiffies, g=-919, q=73 ncpus=8) Sending NMI from CPU 0 to CPUs 5: rcu: INFO: rcu_sched detected stalls on CPUs/tasks: rcu: 5-...0: (37 ticks this GP) idle=39b4/1/0x4000000000000000 softirq=263/265 fqs=76874 rcu: (detected by 0, t=273087 jiffies, g=-919, q=73 ncpus=8) Sending NMI from CPU 0 to CPUs 5: rcu: INFO: rcu_sched detected stalls on CPUs/tasks: rcu: 5-...0: (37 ticks this GP) idle=39b4/1/0x4000000000000000 softirq=263/265 fqs=81293 rcu: (detected by 0, t=288842 jiffies, g=-919, q=73 ncpus=8) Sending NMI from CPU 0 to CPUs 5: rcu: INFO: rcu_sched detected stalls on CPUs/tasks: rcu: 5-...0: (37 ticks this GP) idle=39b4/1/0x4000000000000000 softirq=263/265 fqs=85712 rcu: (detected by 0, t=304597 jiffies, g=-919, q=73 ncpus=8) Sending NMI from CPU 0 to CPUs 5: rcu: INFO: rcu_sched detected stalls on CPUs/tasks: rcu: 5-...0: (37 ticks this GP) idle=39b4/1/0x4000000000000000 softirq=263/265 fqs=90131 rcu: (detected by 0, t=320352 jiffies, g=-919, q=73 ncpus=8) Sending NMI from CPU 0 to CPUs 5: rcu: INFO: rcu_sched detected stalls on CPUs/tasks: rcu: 5-...0: (37 ticks this GP) idle=39b4/1/0x4000000000000000 softirq=263/265 fqs=94550 rcu: (detected by 0, t=336107 jiffies, g=-919, q=73 ncpus=8) Sending NMI from CPU 0 to CPUs 5: rcu: INFO: rcu_sched detected stalls on CPUs/tasks: rcu: 5-...0: (37 ticks this GP) idle=39b4/1/0x4000000000000000 softirq=263/265 fqs=98969 rcu: (detected by 0, t=351862 jiffies, g=-919, q=73 ncpus=8) Sending NMI from CPU 0 to CPUs 5: rcu: INFO: rcu_sched detected stalls on CPUs/tasks: rcu: 5-...0: (37 ticks this GP) idle=39b4/1/0x4000000000000000 softirq=263/265 fqs=103388 rcu: (detected by 0, t=367617 jiffies, g=-919, q=73 ncpus=8) Sending NMI from CPU 0 to CPUs 5: rcu: INFO: rcu_sched detected stalls on CPUs/tasks: rcu: 5-...0: (37 ticks this GP) idle=39b4/1/0x4000000000000000 softirq=263/265 fqs=107807 rcu: (detected by 0, t=383372 jiffies, g=-919, q=73 ncpus=8) Sending NMI from CPU 0 to CPUs 5: rcu: INFO: rcu_sched detected stalls on CPUs/tasks: rcu: 5-...0: (37 ticks this GP) idle=39b4/1/0x4000000000000000 softirq=263/265 fqs=112226 rcu: (detected by 0, t=399127 jiffies, g=-919, q=73 ncpus=8) Sending NMI from CPU 0 to CPUs 5: rcu: INFO: rcu_sched detected stalls on CPUs/tasks: rcu: 5-...0: (37 ticks this GP) idle=39b4/1/0x4000000000000000 softirq=263/265 fqs=116645 rcu: (detected by 0, t=414882 jiffies, g=-919, q=73 ncpus=8) Sending NMI from CPU 0 to CPUs 5: rcu: INFO: rcu_sched detected stalls on CPUs/tasks: rcu: 5-...0: (37 ticks this GP) idle=39b4/1/0x4000000000000000 softirq=263/265 fqs=121064 rcu: (detected by 0, t=430637 jiffies, g=-919, q=73 ncpus=8) Sending NMI from CPU 0 to CPUs 5: rcu: INFO: rcu_sched detected stalls on CPUs/tasks: rcu: 5-...0: (37 ticks this GP) idle=39b4/1/0x4000000000000000 softirq=263/265 fqs=125483 rcu: (detected by 0, t=446392 jiffies, g=-919, q=73 ncpus=8) Sending NMI from CPU 0 to CPUs 5: rcu: INFO: rcu_sched detected stalls on CPUs/tasks: rcu: 5-...0: (37 ticks this GP) idle=39b4/1/0x4000000000000000 softirq=263/265 fqs=129902 rcu: (detected by 0, t=462147 jiffies, g=-919, q=73 ncpus=8) Sending NMI from CPU 0 to CPUs 5: rcu: INFO: rcu_sched detected stalls on CPUs/tasks: rcu: 5-...0: (37 ticks this GP) idle=39b4/1/0x4000000000000000 softirq=263/265 fqs=134321 rcu: (detected by 0, t=477902 jiffies, g=-919, q=73 ncpus=8) Sending NMI from CPU 0 to CPUs 5: rcu: INFO: rcu_sched detected stalls on CPUs/tasks: rcu: 5-...0: (37 ticks this GP) idle=39b4/1/0x4000000000000000 softirq=263/265 fqs=138740 rcu: (detected by 0, t=493657 jiffies, g=-919, q=73 ncpus=8) Sending NMI from CPU 0 to CPUs 5: rcu: INFO: rcu_sched detected stalls on CPUs/tasks: rcu: 5-...0: (37 ticks this GP) idle=39b4/1/0x4000000000000000 softirq=263/265 fqs=143159 rcu: (detected by 0, t=509412 jiffies, g=-919, q=73 ncpus=8) Sending NMI from CPU 0 to CPUs 5:

3 days, 1 hour

3
2
0 0

5.10 kernel series fails to build on newer toolchain: FAILED unresolved symbol filp_close

by Philip Müller

For some odd reason 5.10 kernel series doesn't compile with a newer toolchain since 2025-02-09: 2025-02-09T17:32:07.7991299Z GEN .version 2025-02-09T17:32:07.8270062Z CHK include/generated/compile.h 2025-02-09T17:32:07.8540777Z LD vmlinux.o 2025-02-09T17:32:11.7210899Z MODPOST vmlinux.symvers 2025-02-09T17:32:12.0869599Z MODINFO modules.builtin.modinfo 2025-02-09T17:32:12.1403022Z GEN modules.builtin 2025-02-09T17:32:12.1475659Z LD .tmp_vmlinux.btf 2025-02-09T17:32:19.6117204Z BTF .btf.vmlinux.bin.o 2025-02-09T17:32:31.2916650Z LD .tmp_vmlinux.kallsyms1 2025-02-09T17:32:34.8731104Z KSYMS .tmp_vmlinux.kallsyms1.S 2025-02-09T17:32:35.4910608Z AS .tmp_vmlinux.kallsyms1.o 2025-02-09T17:32:35.9662538Z LD .tmp_vmlinux.kallsyms2 2025-02-09T17:32:39.2595984Z KSYMS .tmp_vmlinux.kallsyms2.S 2025-02-09T17:32:39.8802028Z AS .tmp_vmlinux.kallsyms2.o 2025-02-09T17:32:40.3659440Z LD vmlinux 2025-02-09T17:32:48.0031558Z BTFIDS vmlinux 2025-02-09T17:32:48.0143553Z FAILED unresolved symbol filp_close 2025-02-09T17:32:48.5019928Z make: *** [Makefile:1207: vmlinux] Error 255 2025-02-09T17:32:48.5061241Z ==> ERROR: A failure occurred in build(). 5.10.234 built fine couple of days ago with the older one. There were slight changes made. 5.4 and 5.15 still compile. Wonder what might be missing here ... -- Best, Philip

3 days, 20 hours

5
14
0 0

[PATCH v2 RESEND] net/dccp: validate Reset/Close/CloseReq in DCCP_REQUESTING

by Yizhou Zhao

DCCP sockets in DCCP_REQUESTING state do not check the sequence number or acknowledgment number for incoming Reset, CloseReq, and Close packets. As a result, an attacker can send a spoofed Reset packet while the client is in the requesting state. The client will accept the packet without verification and immediately close the connection, causing a denial of service (DoS) attack. This patch moves the processing of Reset, Close, and CloseReq packets into dccp_rcv_request_sent_state_process() and validates the ack number before accepting them. This fix should apply to stable versions *only* in Linux 5.x and 6.x. Note that DCCP was removed in Linux 6.16, so this patch is only relevant for older versions. We tested it on Ubuntu 24.04 LTS (Linux 6.8) and it worked as expected. Signed-off-by: Yizhou Zhao <zhaoyz24(a)mails.tsinghua.edu.cn> Cc: stable(a)vger.kernel.org Signed-off-by: Yizhou Zhao <zhaoyz24(a)mails.tsinghua.edu.cn> --- net/dccp/input.c | 54 ++++++++++++++++++++++++++++-------------------- 1 file changed, 32 insertions(+), 22 deletions(-) diff --git a/net/dccp/input.c b/net/dccp/input.c index 2cbb757a8..0b1ffb044 100644 --- a/net/dccp/input.c +++ b/net/dccp/input.c @@ -397,21 +397,22 @@ static int dccp_rcv_request_sent_state_process(struct sock *sk, * / * Response processing continues in Step 10; Reset * processing continues in Step 9 * / */ + struct dccp_sock *dp = dccp_sk(sk); + + if (!between48(DCCP_SKB_CB(skb)->dccpd_ack_seq, + dp->dccps_awl, dp->dccps_awh)) { + dccp_pr_debug("invalid ackno: S.AWL=%llu, " + "P.ackno=%llu, S.AWH=%llu\n", + (unsigned long long)dp->dccps_awl, + (unsigned long long)DCCP_SKB_CB(skb)->dccpd_ack_seq, + (unsigned long long)dp->dccps_awh); + goto out_invalid_packet; + } + if (dh->dccph_type == DCCP_PKT_RESPONSE) { const struct inet_connection_sock *icsk = inet_csk(sk); - struct dccp_sock *dp = dccp_sk(sk); - long tstamp = dccp_timestamp(); - - if (!between48(DCCP_SKB_CB(skb)->dccpd_ack_seq, - dp->dccps_awl, dp->dccps_awh)) { - dccp_pr_debug("invalid ackno: S.AWL=%llu, " - "P.ackno=%llu, S.AWH=%llu\n", - (unsigned long long)dp->dccps_awl, - (unsigned long long)DCCP_SKB_CB(skb)->dccpd_ack_seq, - (unsigned long long)dp->dccps_awh); - goto out_invalid_packet; - } + long tstamp = dccp_timestamp(); /* * If option processing (Step 8) failed, return 1 here so that * dccp_v4_do_rcv() sends a Reset. The Reset code depends on @@ -496,6 +497,13 @@ static int dccp_rcv_request_sent_state_process(struct sock *sk, } dccp_send_ack(sk); return -1; + } else if (dh->dccph_type == DCCP_PKT_RESET) { + dccp_rcv_reset(sk, skb); + return 0; + } else if (dh->dccph_type == DCCP_PKT_CLOSEREQ) { + return dccp_rcv_closereq(sk, skb); + } else if (dh->dccph_type == DCCP_PKT_CLOSE) { + return dccp_rcv_close(sk, skb); } out_invalid_packet: @@ -658,17 +666,19 @@ int dccp_rcv_state_process(struct sock *sk, struct sk_buff *skb, * Set TIMEWAIT timer * Drop packet and return */ - if (dh->dccph_type == DCCP_PKT_RESET) { - dccp_rcv_reset(sk, skb); - return 0; - } else if (dh->dccph_type == DCCP_PKT_CLOSEREQ) { /* Step 13 */ - if (dccp_rcv_closereq(sk, skb)) - return 0; - goto discard; - } else if (dh->dccph_type == DCCP_PKT_CLOSE) { /* Step 14 */ - if (dccp_rcv_close(sk, skb)) + if (sk->sk_state != DCCP_REQUESTING) { + if (dh->dccph_type == DCCP_PKT_RESET) { + dccp_rcv_reset(sk, skb); return 0; - goto discard; + } else if (dh->dccph_type == DCCP_PKT_CLOSEREQ) { /* Step 13 */ + if (dccp_rcv_closereq(sk, skb)) + return 0; + goto discard; + } else if (dh->dccph_type == DCCP_PKT_CLOSE) { /* Step 14 */ + if (dccp_rcv_close(sk, skb)) + return 0; + goto discard; + } } switch (sk->sk_state) { -- 2.34.1

4 days

2
3
0 0

[PATCH V2] LoongArch: Align ACPI structures if ARCH_STRICT_ALIGN enabled

by Huacai Chen

ARCH_STRICT_ALIGN is used for hardware without UAL, now it only control the -mstrict-align flag. However, ACPI structures are packed by default so will cause unaligned accesses. To avoid this, define ACPI_MISALIGNMENT_NOT_SUPPORTED in asm/acenv.h to align ACPI structures if ARCH_STRICT_ALIGN enabled. Cc: stable(a)vger.kernel.org Reported-by: Binbin Zhou <zhoubinbin(a)loongson.cn> Suggested-by: Xi Ruoyao <xry111(a)xry111.site> Suggested-by: Jiaxun Yang <jiaxun.yang(a)flygoat.com> Signed-off-by: Huacai Chen <chenhuacai(a)loongson.cn> --- V2: Modify asm/acenv.h instead of Makefile. arch/loongarch/include/asm/acenv.h | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/arch/loongarch/include/asm/acenv.h b/arch/loongarch/include/asm/acenv.h index 52f298f7293b..483c955f2ae5 100644 --- a/arch/loongarch/include/asm/acenv.h +++ b/arch/loongarch/include/asm/acenv.h @@ -10,9 +10,8 @@ #ifndef _ASM_LOONGARCH_ACENV_H #define _ASM_LOONGARCH_ACENV_H -/* - * This header is required by ACPI core, but we have nothing to fill in - * right now. Will be updated later when needed. - */ +#ifdef CONFIG_ARCH_STRICT_ALIGN +#define ACPI_MISALIGNMENT_NOT_SUPPORTED +#endif /* CONFIG_ARCH_STRICT_ALIGN */ #endif /* _ASM_LOONGARCH_ACENV_H */ -- 2.47.3

4 days, 21 hours

6
8
0 0

[PATCH v2 0/4] arm64: dts: marvell: cn913x-solidrun: fix sata ports status

by Josua Mayer

The SolidRun CN9130 SoC based boards have a variety of functional problems, in particular - SATA ports - CN9132 CEX-7 eMMC - CN9132 Clearfog PCI-E x2 / x4 ports are not functional. The SATA issue was recently introduced via changes to the armada-cp11x.dtsi, wheras the eMMC and SPI problems were present in the board dts from the very beginning. This patch-set aims to resolve the problems after testing on Debian 13 release (Linux v6.12). Signed-off-by: Josua Mayer <josua(a)solid-run.com> --- Changes in v2: - fixed mistakes in the original board device-trees that caused functional issues with eMMC and pci. - Link to v1: https://lore.kernel.org/r/20250911-cn913x-sr-fix-sata-v1-1-9e72238d0988@sol… --- Josua Mayer (4): arm64: dts: marvell: cn913x-solidrun: fix sata ports status arm64: dts: marvell: cn9132-clearfog: disable eMMC high-speed modes arm64: dts: marvell: cn9132-clearfog: fix multi-lane pci x2 and x4 ports arm64: dts: marvell: cn9130-sr-som: add missing properties to emmc arch/arm64/boot/dts/marvell/cn9130-cf.dtsi | 7 ++++--- arch/arm64/boot/dts/marvell/cn9130-sr-som.dtsi | 2 ++ arch/arm64/boot/dts/marvell/cn9131-cf-solidwan.dts | 6 ++++-- arch/arm64/boot/dts/marvell/cn9132-clearfog.dts | 22 ++++++++++++++++------ arch/arm64/boot/dts/marvell/cn9132-sr-cex7.dtsi | 8 ++++++++ 5 files changed, 34 insertions(+), 11 deletions(-) --- base-commit: 8f5ae30d69d7543eee0d70083daf4de8fe15d585 change-id: 20250911-cn913x-sr-fix-sata-5c737ebdb97f Best regards, -- Josua Mayer <josua(a)solid-run.com>

5 days, 12 hours

3
13
0 0

[PATCH] devcoredump: Fix circular locking dependency with devcd->mutex.

by Maarten Lankhorst

The original code causes a circular locking dependency found by lockdep. ====================================================== WARNING: possible circular locking dependency detected 6.16.0-rc6-lgci-xe-xe-pw-151626v3+ #1 Tainted: G S U ------------------------------------------------------ xe_fault_inject/5091 is trying to acquire lock: ffff888156815688 ((work_completion)(&(&devcd->del_wk)->work)){+.+.}-{0:0}, at: __flush_work+0x25d/0x660 but task is already holding lock: ffff888156815620 (&devcd->mutex){+.+.}-{3:3}, at: dev_coredump_put+0x3f/0xa0 which lock already depends on the new lock. the existing dependency chain (in reverse order) is: -> #2 (&devcd->mutex){+.+.}-{3:3}: mutex_lock_nested+0x4e/0xc0 devcd_data_write+0x27/0x90 sysfs_kf_bin_write+0x80/0xf0 kernfs_fop_write_iter+0x169/0x220 vfs_write+0x293/0x560 ksys_write+0x72/0xf0 __x64_sys_write+0x19/0x30 x64_sys_call+0x2bf/0x2660 do_syscall_64+0x93/0xb60 entry_SYSCALL_64_after_hwframe+0x76/0x7e -> #1 (kn->active#236){++++}-{0:0}: kernfs_drain+0x1e2/0x200 __kernfs_remove+0xae/0x400 kernfs_remove_by_name_ns+0x5d/0xc0 remove_files+0x54/0x70 sysfs_remove_group+0x3d/0xa0 sysfs_remove_groups+0x2e/0x60 device_remove_attrs+0xc7/0x100 device_del+0x15d/0x3b0 devcd_del+0x19/0x30 process_one_work+0x22b/0x6f0 worker_thread+0x1e8/0x3d0 kthread+0x11c/0x250 ret_from_fork+0x26c/0x2e0 ret_from_fork_asm+0x1a/0x30 -> #0 ((work_completion)(&(&devcd->del_wk)->work)){+.+.}-{0:0}: __lock_acquire+0x1661/0x2860 lock_acquire+0xc4/0x2f0 __flush_work+0x27a/0x660 flush_delayed_work+0x5d/0xa0 dev_coredump_put+0x63/0xa0 xe_driver_devcoredump_fini+0x12/0x20 [xe] devm_action_release+0x12/0x30 release_nodes+0x3a/0x120 devres_release_all+0x8a/0xd0 device_unbind_cleanup+0x12/0x80 device_release_driver_internal+0x23a/0x280 device_driver_detach+0x14/0x20 unbind_store+0xaf/0xc0 drv_attr_store+0x21/0x50 sysfs_kf_write+0x4a/0x80 kernfs_fop_write_iter+0x169/0x220 vfs_write+0x293/0x560 ksys_write+0x72/0xf0 __x64_sys_write+0x19/0x30 x64_sys_call+0x2bf/0x2660 do_syscall_64+0x93/0xb60 entry_SYSCALL_64_after_hwframe+0x76/0x7e other info that might help us debug this: Chain exists of: (work_completion)(&(&devcd->del_wk)->work) --> kn->active#236 --> &devcd->mutex Possible unsafe locking scenario: CPU0 CPU1 ---- ---- lock(&devcd->mutex); lock(kn->active#236); lock(&devcd->mutex); lock((work_completion)(&(&devcd->del_wk)->work)); *** DEADLOCK *** 5 locks held by xe_fault_inject/5091: #0: ffff8881129f9488 (sb_writers#5){.+.+}-{0:0}, at: ksys_write+0x72/0xf0 #1: ffff88810c755078 (&of->mutex#2){+.+.}-{3:3}, at: kernfs_fop_write_iter+0x123/0x220 #2: ffff8881054811a0 (&dev->mutex){....}-{3:3}, at: device_release_driver_internal+0x55/0x280 #3: ffff888156815620 (&devcd->mutex){+.+.}-{3:3}, at: dev_coredump_put+0x3f/0xa0 #4: ffffffff8359e020 (rcu_read_lock){....}-{1:2}, at: __flush_work+0x72/0x660 stack backtrace: CPU: 14 UID: 0 PID: 5091 Comm: xe_fault_inject Tainted: G S U 6.16.0-rc6-lgci-xe-xe-pw-151626v3+ #1 PREEMPT_{RT,(lazy)} Tainted: [S]=CPU_OUT_OF_SPEC, [U]=USER Hardware name: Micro-Star International Co., Ltd. MS-7D25/PRO Z690-A DDR4(MS-7D25), BIOS 1.10 12/13/2021 Call Trace: <TASK> dump_stack_lvl+0x91/0xf0 dump_stack+0x10/0x20 print_circular_bug+0x285/0x360 check_noncircular+0x135/0x150 ? register_lock_class+0x48/0x4a0 __lock_acquire+0x1661/0x2860 lock_acquire+0xc4/0x2f0 ? __flush_work+0x25d/0x660 ? mark_held_locks+0x46/0x90 ? __flush_work+0x25d/0x660 __flush_work+0x27a/0x660 ? __flush_work+0x25d/0x660 ? trace_hardirqs_on+0x1e/0xd0 ? __pfx_wq_barrier_func+0x10/0x10 flush_delayed_work+0x5d/0xa0 dev_coredump_put+0x63/0xa0 xe_driver_devcoredump_fini+0x12/0x20 [xe] devm_action_release+0x12/0x30 release_nodes+0x3a/0x120 devres_release_all+0x8a/0xd0 device_unbind_cleanup+0x12/0x80 device_release_driver_internal+0x23a/0x280 ? bus_find_device+0xa8/0xe0 device_driver_detach+0x14/0x20 unbind_store+0xaf/0xc0 drv_attr_store+0x21/0x50 sysfs_kf_write+0x4a/0x80 kernfs_fop_write_iter+0x169/0x220 vfs_write+0x293/0x560 ksys_write+0x72/0xf0 __x64_sys_write+0x19/0x30 x64_sys_call+0x2bf/0x2660 do_syscall_64+0x93/0xb60 ? __f_unlock_pos+0x15/0x20 ? __x64_sys_getdents64+0x9b/0x130 ? __pfx_filldir64+0x10/0x10 ? do_syscall_64+0x1a2/0xb60 ? clear_bhb_loop+0x30/0x80 ? clear_bhb_loop+0x30/0x80 entry_SYSCALL_64_after_hwframe+0x76/0x7e RIP: 0033:0x76e292edd574 Code: c7 00 16 00 00 00 b8 ff ff ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 f3 0f 1e fa 80 3d d5 ea 0e 00 00 74 13 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 54 c3 0f 1f 00 55 48 89 e5 48 83 ec 20 48 89 RSP: 002b:00007fffe247a828 EFLAGS: 00000202 ORIG_RAX: 0000000000000001 RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 000076e292edd574 RDX: 000000000000000c RSI: 00006267f6306063 RDI: 000000000000000b RBP: 000000000000000c R08: 000076e292fc4b20 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000202 R12: 00006267f6306063 R13: 000000000000000b R14: 00006267e6859c00 R15: 000076e29322a000 </TASK> xe 0000:03:00.0: [drm] Xe device coredump has been deleted. Fixes: 01daccf74832 ("devcoredump : Serialize devcd_del work") Cc: Mukesh Ojha <quic_mojha(a)quicinc.com> Cc: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Cc: Johannes Berg <johannes(a)sipsolutions.net> Cc: "Rafael J. Wysocki" <rafael(a)kernel.org> Cc: Danilo Krummrich <dakr(a)kernel.org> Cc: linux-kernel(a)vger.kernel.org Cc: <stable(a)vger.kernel.org> # v6.1+ Signed-off-by: Maarten Lankhorst <dev(a)lankhorst.se> Cc: Matthew Brost <matthew.brost(a)intel.com> --- drivers/base/devcoredump.c | 136 ++++++++++++++++++++++--------------- 1 file changed, 83 insertions(+), 53 deletions(-) diff --git a/drivers/base/devcoredump.c b/drivers/base/devcoredump.c index 03a39c417dc41..ad4bddde12ccb 100644 --- a/drivers/base/devcoredump.c +++ b/drivers/base/devcoredump.c @@ -23,50 +23,46 @@ struct devcd_entry { void *data; size_t datalen; /* - * Here, mutex is required to serialize the calls to del_wk work between - * user/kernel space which happens when devcd is added with device_add() - * and that sends uevent to user space. User space reads the uevents, - * and calls to devcd_data_write() which try to modify the work which is - * not even initialized/queued from devcoredump. + * There are 2 races for which mutex is required. * + * The first race is between device creation and userspace writing to + * schedule immediately destruction. * + * This race is handled by arming the timer before device creation, but + * when device creation fails the timer still exists. * - * cpu0(X) cpu1(Y) + * To solve this, hold the mutex during device_add(), and set + * init_completed on success before releasing the mutex. * - * dev_coredump() uevent sent to user space - * device_add() ======================> user space process Y reads the - * uevents writes to devcd fd - * which results into writes to + * That way the timer will never fire until device_add() is called, + * it will do nothing if init_completed is not set. The timer is also + * cancelled in that case. * - * devcd_data_write() - * mod_delayed_work() - * try_to_grab_pending() - * timer_delete() - * debug_assert_init() - * INIT_DELAYED_WORK() - * schedule_delayed_work() - * - * - * Also, mutex alone would not be enough to avoid scheduling of - * del_wk work after it get flush from a call to devcd_free() - * mentioned as below. - * - * disabled_store() - * devcd_free() - * mutex_lock() devcd_data_write() - * flush_delayed_work() - * mutex_unlock() - * mutex_lock() - * mod_delayed_work() - * mutex_unlock() - * So, delete_work flag is required. + * The second race involves multiple parallel invocations of devcd_free(), + * add a deleted flag so only 1 can call the destructor. */ struct mutex mutex; - bool delete_work; + bool init_completed, deleted; struct module *owner; ssize_t (*read)(char *buffer, loff_t offset, size_t count, void *data, size_t datalen); void (*free)(void *data); + /* + * If nothing interferes and device_add() was returns success, + * del_wk will destroy the device after the timer fires. + * + * Multiple userspace processes can interfere in the working of the timer: + * - Writing to the coredump will reschedule the timer to run immediately, + * if still armed. + * + * This is handled by using "if (cancel_delayed_work()) { + * schedule_delayed_work() }", to prevent re-arming after having + * been previously fired. + * - Writing to /sys/class/devcoredump/disabled will destroy the + * coredump synchronously. + * This is handled by using disable_delayed_work_sync(), and then + * checking if deleted flag is set with &devcd->mutex held. + */ struct delayed_work del_wk; struct device *failing_dev; }; @@ -95,14 +91,27 @@ static void devcd_dev_release(struct device *dev) kfree(devcd); } +static void __devcd_del(struct devcd_entry *devcd) +{ + devcd->deleted = true; + device_del(&devcd->devcd_dev); + put_device(&devcd->devcd_dev); +} + static void devcd_del(struct work_struct *wk) { struct devcd_entry *devcd; + bool init_completed; devcd = container_of(wk, struct devcd_entry, del_wk.work); - device_del(&devcd->devcd_dev); - put_device(&devcd->devcd_dev); + /* devcd->mutex serializes against dev_coredumpm_timeout */ + mutex_lock(&devcd->mutex); + init_completed = devcd->init_completed; + mutex_unlock(&devcd->mutex); + + if (init_completed) + __devcd_del(devcd); } static ssize_t devcd_data_read(struct file *filp, struct kobject *kobj, @@ -122,12 +131,12 @@ static ssize_t devcd_data_write(struct file *filp, struct kobject *kobj, struct device *dev = kobj_to_dev(kobj); struct devcd_entry *devcd = dev_to_devcd(dev); - mutex_lock(&devcd->mutex); - if (!devcd->delete_work) { - devcd->delete_work = true; - mod_delayed_work(system_wq, &devcd->del_wk, 0); - } - mutex_unlock(&devcd->mutex); + /* + * Although it's tempting to use mod_delayed work here, + * that will cause a reschedule if the timer already fired. + */ + if (cancel_delayed_work(&devcd->del_wk)) + schedule_delayed_work(&devcd->del_wk, 0); return count; } @@ -151,11 +160,21 @@ static int devcd_free(struct device *dev, void *data) { struct devcd_entry *devcd = dev_to_devcd(dev); + /* + * To prevent a race with devcd_data_write(), disable work and + * complete manually instead. + * + * We cannot rely on the return value of + * disable_delayed_work_sync() here, because it might be in the + * middle of a cancel_delayed_work + schedule_delayed_work pair. + * + * devcd->mutex here guards against multiple parallel invocations + * of devcd_free(). + */ + disable_delayed_work_sync(&devcd->del_wk); mutex_lock(&devcd->mutex); - if (!devcd->delete_work) - devcd->delete_work = true; - - flush_delayed_work(&devcd->del_wk); + if (!devcd->deleted) + __devcd_del(devcd); mutex_unlock(&devcd->mutex); return 0; } @@ -179,12 +198,10 @@ static ssize_t disabled_show(const struct class *class, const struct class_attri * put_device() <- last reference * error = fn(dev, data) devcd_dev_release() * devcd_free(dev, data) kfree(devcd) - * mutex_lock(&devcd->mutex); * * * In the above diagram, it looks like disabled_store() would be racing with parallelly - * running devcd_del() and result in memory abort while acquiring devcd->mutex which - * is called after kfree of devcd memory after dropping its last reference with + * running devcd_del() and result in memory abort after dropping its last reference with * put_device(). However, this will not happens as fn(dev, data) runs * with its own reference to device via klist_node so it is not its last reference. * so, above situation would not occur. @@ -374,7 +391,7 @@ void dev_coredumpm_timeout(struct device *dev, struct module *owner, devcd->read = read; devcd->free = free; devcd->failing_dev = get_device(dev); - devcd->delete_work = false; + devcd->deleted = false; mutex_init(&devcd->mutex); device_initialize(&devcd->devcd_dev); @@ -383,8 +400,14 @@ void dev_coredumpm_timeout(struct device *dev, struct module *owner, atomic_inc_return(&devcd_count)); devcd->devcd_dev.class = &devcd_class; - mutex_lock(&devcd->mutex); dev_set_uevent_suppress(&devcd->devcd_dev, true); + + /* devcd->mutex prevents devcd_del() completing until init finishes */ + mutex_lock(&devcd->mutex); + devcd->init_completed = false; + INIT_DELAYED_WORK(&devcd->del_wk, devcd_del); + schedule_delayed_work(&devcd->del_wk, timeout); + if (device_add(&devcd->devcd_dev)) goto put_device; @@ -401,13 +424,20 @@ void dev_coredumpm_timeout(struct device *dev, struct module *owner, dev_set_uevent_suppress(&devcd->devcd_dev, false); kobject_uevent(&devcd->devcd_dev.kobj, KOBJ_ADD); - INIT_DELAYED_WORK(&devcd->del_wk, devcd_del); - schedule_delayed_work(&devcd->del_wk, timeout); + + /* + * Safe to run devcd_del() now that we are done with devcd_dev. + * Alternatively we could have taken a ref on devcd_dev before + * dropping the lock. + */ + devcd->init_completed = true; mutex_unlock(&devcd->mutex); return; put_device: - put_device(&devcd->devcd_dev); mutex_unlock(&devcd->mutex); + cancel_delayed_work_sync(&devcd->del_wk); + put_device(&devcd->devcd_dev); + put_module: module_put(owner); free: -- 2.45.2

5 days, 23 hours

4
8
0 0

[PATCH] perf/x86/intel: Fix KASAN global-out-of-bounds warning

by Dapeng Mi

When running "perf mem record" command on CWF, the below KASAN global-out-of-bounds warning is seen. 196.273657] ================================================================== [ 196.273662] BUG: KASAN: global-out-of-bounds in cmt_latency_data+0x176/0x1b0 [ 196.273669] Read of size 4 at addr ffffffffb721d000 by task dtlb/9850 [ 196.273676] CPU: 126 UID: 0 PID: 9850 Comm: dtlb Kdump: loaded Not tainted 6.17.0-rc3-2025-08-29-intel-next-34160-g316938187eb0 #1 PREEMPT(none) [ 196.273680] Hardware name: Intel Corporation AvenueCity/AvenueCity, BIOS BHSDCRB1.IPC.3544.P83.2507110208 07/11/2025 [ 196.273682] Call Trace: [ 196.273683] <NMI> [ 196.273684] dump_stack_lvl+0x55/0x70 [ 196.273689] print_address_description.constprop.0+0x2c/0x3d0 [ 196.273694] ? cmt_latency_data+0x176/0x1b0 [ 196.273696] print_report+0xb4/0x270 [ 196.273699] ? kasan_addr_to_slab+0xd/0xa0 [ 196.273702] kasan_report+0xb8/0xf0 [ 196.273705] ? cmt_latency_data+0x176/0x1b0 [ 196.273707] cmt_latency_data+0x176/0x1b0 [ 196.273710] setup_arch_pebs_sample_data+0xf49/0x2560 [ 196.273713] intel_pmu_drain_arch_pebs+0x577/0xb00 [ 196.273716] ? __pfx_intel_pmu_drain_arch_pebs+0x10/0x10 [ 196.273719] ? perf_output_begin+0x3e4/0xa10 [ 196.273724] ? intel_pmu_drain_bts_buffer+0xc2/0x6a0 [ 196.273727] ? __pfx_intel_pmu_drain_bts_buffer+0x10/0x10 [ 196.273730] handle_pmi_common+0x6c4/0xc80 [ 196.273734] ? __pfx_handle_pmi_common+0x10/0x10 [ 196.273738] ? intel_bts_interrupt+0xd3/0x4d0 [ 196.273740] ? __pfx_intel_bts_interrupt+0x10/0x10 [ 196.273742] ? intel_pmu_lbr_enable_all+0x25/0x150 [ 196.273745] intel_pmu_handle_irq+0x388/0x700 [ 196.273748] perf_event_nmi_handler+0xff/0x150 [ 196.273751] nmi_handle.part.0+0xa8/0x2d0 [ 196.273755] ? perf_output_begin+0x3e9/0xa10 [ 196.273757] default_do_nmi+0x79/0x1a0 [ 196.273760] fred_exc_nmi+0x40/0x90 [ 196.273762] asm_fred_entrypoint_kernel+0x45/0x60 [ 196.273765] RIP: 0010:perf_output_begin+0x3e9/0xa10 [ 196.273768] Code: 54 24 1c 85 d2 0f 85 19 03 00 00 48 8b 44 24 18 48 c1 e8 03 42 0f b6 04 28 84 c0 74 08 3c 03 0f 8e 25 05 00 00 41 8b 44 24 18 <c1> e0 0c 48 98 48 83 e8 01 80 7c 24 2a 00 0f 85 f9 02 00 00 4c 29 [ 196.273770] RSP: 0018:ffffc9001cf575e8 EFLAGS: 00000246 [ 196.273774] RAX: 0000000000000080 RBX: ffff88c1a0f95028 RCX: 0000000000000004 [ 196.273775] RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffff88c08c8f9408 [ 196.273777] RBP: 0000000000000028 R08: 0000000000000000 R09: ffffed18341f2a05 [ 196.273778] R10: ffff88c1a0f9502f R11: ffff88c1a0dbe1b8 R12: ffff88c1a0f95000 [ 196.273779] R13: dffffc0000000000 R14: 0000000000000000 R15: ffffc9001cf577e0 [ 196.273782] </NMI> The issue is caused by below code in __grt_latency_data(). The code tries to access x86_hybrid_pmu structure which doesn't exist on non-hybrid platform like CWF. WARN_ON_ONCE(hybrid_pmu(event->pmu)->pmu_type == hybrid_big) So add is_hybrid() check before calling this WARN_ON_ONCE to fix the global-out-of-bounds access issue. Reported-by: Xudong Hao <xudong.hao(a)intel.com> Cc: stable(a)vger.kernel.org Fixes: 090262439f66 ("perf/x86/intel: Rename model-specific pebs_latency_data functions") Signed-off-by: Dapeng Mi <dapeng1.mi(a)linux.intel.com> --- arch/x86/events/intel/ds.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/arch/x86/events/intel/ds.c b/arch/x86/events/intel/ds.c index c0b7ac1c7594..d1ac1f1ceee9 100644 --- a/arch/x86/events/intel/ds.c +++ b/arch/x86/events/intel/ds.c @@ -317,7 +317,7 @@ static u64 __grt_latency_data(struct perf_event *event, u64 status, { u64 val; - WARN_ON_ONCE(hybrid_pmu(event->pmu)->pmu_type == hybrid_big); + WARN_ON_ONCE(is_hybrid() && hybrid_pmu(event->pmu)->pmu_type == hybrid_big); dse &= PERF_PEBS_DATA_SOURCE_GRT_MASK; val = hybrid_var(event->pmu, pebs_data_source)[dse]; base-commit: 16ed389227651330879e17bd83d43bd234006722 -- 2.34.1

6 days, 9 hours

3
2
0 0

[PATCH 1/2] mmc: core sd: Simplify current limit logic for 200mA default

by Avri Altman

The SD current limit logic is updated to avoid explicitly setting the current limit when the maximum power is 200mA (0.72W) or less, as this is already the default value. The code now only issues a current limit switch if a higher limit is required, and the unused SD_SET_CURRENT_NO_CHANGE constant is removed. This reduces unnecessary commands and simplifies the logic. Fixes: 0aa6770000ba ("mmc: sdhci: only set 200mA support for 1.8v if 200mA is available") Signed-off-by: Avri Altman <avri.altman(a)sandisk.com> Cc: stable(a)vger.kernel.org --- drivers/mmc/core/sd.c | 7 ++----- include/linux/mmc/card.h | 1 - 2 files changed, 2 insertions(+), 6 deletions(-) diff --git a/drivers/mmc/core/sd.c b/drivers/mmc/core/sd.c index ec02067f03c5..cf92c5b2059a 100644 --- a/drivers/mmc/core/sd.c +++ b/drivers/mmc/core/sd.c @@ -554,7 +554,7 @@ static u32 sd_get_host_max_current(struct mmc_host *host) static int sd_set_current_limit(struct mmc_card *card, u8 *status) { - int current_limit = SD_SET_CURRENT_NO_CHANGE; + int current_limit = SD_SET_CURRENT_LIMIT_200; int err; u32 max_current; @@ -598,11 +598,8 @@ static int sd_set_current_limit(struct mmc_card *card, u8 *status) else if (max_current >= 400 && card->sw_caps.sd3_curr_limit & SD_MAX_CURRENT_400) current_limit = SD_SET_CURRENT_LIMIT_400; - else if (max_current >= 200 && - card->sw_caps.sd3_curr_limit & SD_MAX_CURRENT_200) - current_limit = SD_SET_CURRENT_LIMIT_200; - if (current_limit != SD_SET_CURRENT_NO_CHANGE) { + if (current_limit != SD_SET_CURRENT_LIMIT_200) { err = mmc_sd_switch(card, SD_SWITCH_SET, 3, current_limit, status); if (err) diff --git a/include/linux/mmc/card.h b/include/linux/mmc/card.h index ddcdf23d731c..e9e964c20e53 100644 --- a/include/linux/mmc/card.h +++ b/include/linux/mmc/card.h @@ -182,7 +182,6 @@ struct sd_switch_caps { #define SD_SET_CURRENT_LIMIT_400 1 #define SD_SET_CURRENT_LIMIT_600 2 #define SD_SET_CURRENT_LIMIT_800 3 -#define SD_SET_CURRENT_NO_CHANGE (-1) #define SD_MAX_CURRENT_200 (1 << SD_SET_CURRENT_LIMIT_200) #define SD_MAX_CURRENT_400 (1 << SD_SET_CURRENT_LIMIT_400) -- 2.25.1

6 days, 15 hours

3
4
0 0

[PATCH] PCI/PM: Ensure power-up succeeded before restoring MMIO state

by Brian Norris

From: Brian Norris <briannorris(a)google.com> As the comments in pci_pm_thaw_noirq() suggest, pci_restore_state() may need to restore MSI-X state in MMIO space. This is only possible if we reach D0; if we failed to power up, this might produce a fatal error when touching memory space. Check for errors (as the "verify" in "pci_pm_power_up_and_verify_state" implies), and skip restoring if it fails. This mitigates errors seen during resume_noirq, for example, when the platform did not resume the link properly. Cc: stable(a)vger.kernel.org Signed-off-by: Brian Norris <briannorris(a)google.com> Signed-off-by: Brian Norris <briannorris(a)chromium.org> --- drivers/pci/pci-driver.c | 12 +++++++++--- drivers/pci/pci.c | 13 +++++++++++-- drivers/pci/pci.h | 2 +- 3 files changed, 21 insertions(+), 6 deletions(-) diff --git a/drivers/pci/pci-driver.c b/drivers/pci/pci-driver.c index 302d61783f6c..d66d95bd0ca2 100644 --- a/drivers/pci/pci-driver.c +++ b/drivers/pci/pci-driver.c @@ -557,7 +557,13 @@ static void pci_pm_default_resume(struct pci_dev *pci_dev) static void pci_pm_default_resume_early(struct pci_dev *pci_dev) { - pci_pm_power_up_and_verify_state(pci_dev); + /* + * If we failed to reach D0, we'd better not touch MSI-X state in MMIO + * space. + */ + if (pci_pm_power_up_and_verify_state(pci_dev)) + return; + pci_restore_state(pci_dev); pci_pme_restore(pci_dev); } @@ -1101,8 +1107,8 @@ static int pci_pm_thaw_noirq(struct device *dev) * in case the driver's "freeze" callbacks put it into a low-power * state. */ - pci_pm_power_up_and_verify_state(pci_dev); - pci_restore_state(pci_dev); + if (!pci_pm_power_up_and_verify_state(pci_dev)) + pci_restore_state(pci_dev); if (pci_has_legacy_pm_support(pci_dev)) return 0; diff --git a/drivers/pci/pci.c b/drivers/pci/pci.c index e698278229f2..c75fec3b094f 100644 --- a/drivers/pci/pci.c +++ b/drivers/pci/pci.c @@ -3144,10 +3144,19 @@ void pci_d3cold_disable(struct pci_dev *dev) } EXPORT_SYMBOL_GPL(pci_d3cold_disable); -void pci_pm_power_up_and_verify_state(struct pci_dev *pci_dev) +int pci_pm_power_up_and_verify_state(struct pci_dev *pci_dev) { - pci_power_up(pci_dev); + int ret; + + ret = pci_power_up(pci_dev); pci_update_current_state(pci_dev, PCI_D0); + + if (ret < 0 && pci_dev->current_state == PCI_D3cold) { + dev_err(&pci_dev->dev, "Failed to power up device: %d\n", ret); + return ret; + } + + return 0; } /** diff --git a/drivers/pci/pci.h b/drivers/pci/pci.h index 1c48bc447f58..87ad201417d5 100644 --- a/drivers/pci/pci.h +++ b/drivers/pci/pci.h @@ -233,7 +233,7 @@ void pci_dev_adjust_pme(struct pci_dev *dev); void pci_dev_complete_resume(struct pci_dev *pci_dev); void pci_config_pm_runtime_get(struct pci_dev *dev); void pci_config_pm_runtime_put(struct pci_dev *dev); -void pci_pm_power_up_and_verify_state(struct pci_dev *pci_dev); +int pci_pm_power_up_and_verify_state(struct pci_dev *pci_dev); void pci_pm_init(struct pci_dev *dev); void pci_ea_init(struct pci_dev *dev); void pci_msi_init(struct pci_dev *dev); -- 2.51.0.rc1.193.gad69d77794-goog

6 days, 16 hours

2
1
0 0

[PATCH] Revert "sched/core: Tweak wait_task_inactive() to force dequeue sched_delayed tasks"

by Matt Fleming

From: Matt Fleming <mfleming(a)cloudflare.com> This reverts commit b7ca5743a2604156d6083b88cefacef983f3a3a6. If we dequeue a task (task B) that was sched delayed then that task is definitely no longer on the rq and not tracked in the rbtree. Unfortunately, task_on_rq_queued(B) will still return true because dequeue_task() doesn't update p->on_rq. This inconsistency can lead to tasks (task A) spinning indefinitely in wait_task_inactive(), e.g. when delivering a fatal signal to a thread group, because it thinks the task B is still queued (it's not) and waits forever for it to unschedule. Task A Task B arch_do_signal_or_restart() get_signal() do_coredump() coredump_wait() zap_threads() arch_do_signal_or_restart() wait_task_inactive() <-- SPIN get_signal() do_group_exit() do_exit() coredump_task_exit() schedule() <--- never comes back Not only will task A spin forever in wait_task_inactive(), but task B will also trigger RCU stalls: INFO: rcu_tasks detected stalls on tasks: 00000000a973a4d8: .. nvcsw: 2/2 holdout: 1 idle_cpu: -1/79 task:ffmpeg state:I stack:0 pid:665601 tgid:665155 ppid:668691 task_flags:0x400448 flags:0x00004006 Call Trace: <TASK> __schedule+0x4fb/0xbf0 ? srso_return_thunk+0x5/0x5f schedule+0x27/0xf0 do_exit+0xdd/0xaa0 ? __pfx_futex_wake_mark+0x10/0x10 do_group_exit+0x30/0x80 get_signal+0x81e/0x860 ? srso_return_thunk+0x5/0x5f ? futex_wake+0x177/0x1a0 arch_do_signal_or_restart+0x2e/0x1f0 ? srso_return_thunk+0x5/0x5f ? srso_return_thunk+0x5/0x5f ? __x64_sys_futex+0x10c/0x1d0 syscall_exit_to_user_mode+0xa5/0x130 do_syscall_64+0x57/0x110 entry_SYSCALL_64_after_hwframe+0x76/0x7e RIP: 0033:0x7f22d05b0f16 RSP: 002b:00007f2265761cf0 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca RAX: fffffffffffffe00 RBX: 0000000000000000 RCX: 00007f22d05b0f16 RDX: 0000000000000000 RSI: 0000000000000189 RDI: 00005629e320d97c RBP: 0000000000000000 R08: 0000000000000000 R09: 00000000ffffffff R10: 0000000000000000 R11: 0000000000000246 R12: 00005629e320d928 R13: 0000000000000000 R14: 0000000000000001 R15: 00005629e320d97c </TASK> Fixes: b7ca5743a260 ("sched/core: Tweak wait_task_inactive() to force dequeue sched_delayed tasks") Cc: Peter Zijlstra <peterz(a)infradead.org> Cc: Oleg Nesterov <oleg(a)redhat.com> Cc: John Stultz <jstultz(a)google.com> Cc: Chris Arges <carges(a)cloudflare.com> Cc: stable(a)vger.kernel.org # v6.12 Signed-off-by: Matt Fleming <mfleming(a)cloudflare.com> --- kernel/sched/core.c | 6 ------ 1 file changed, 6 deletions(-) diff --git a/kernel/sched/core.c b/kernel/sched/core.c index ccba6fc3c3fe..2dfc3977920d 100644 --- a/kernel/sched/core.c +++ b/kernel/sched/core.c @@ -2293,12 +2293,6 @@ unsigned long wait_task_inactive(struct task_struct *p, unsigned int match_state * just go back and repeat. */ rq = task_rq_lock(p, &rf); - /* - * If task is sched_delayed, force dequeue it, to avoid always - * hitting the tick timeout in the queued case - */ - if (p->se.sched_delayed) - dequeue_task(rq, p, DEQUEUE_SLEEP | DEQUEUE_DELAYED); trace_sched_wait_task(p); running = task_on_cpu(rq, p); queued = task_on_rq_queued(p); -- 2.34.1

1 week

5
13
0 0

2025

2024

2023

2022

2021

2020

2019

2018

2017

Linux-stable-mirror September 2025