- Linux-stable-mirror - lists.linaro.org

[PATCH v4] usb: dwc3: Abort suspend on soft disconnect failure

by Kuen-Han Tsai

When dwc3_gadget_soft_disconnect() fails, dwc3_suspend_common() keeps going with the suspend, resulting in a period where the power domain is off, but the gadget driver remains connected. Within this time frame, invoking vbus_event_work() will cause an error as it attempts to access DWC3 registers for endpoint disabling after the power domain has been completely shut down. Abort the suspend sequence when dwc3_gadget_suspend() cannot halt the controller and proceeds with a soft connect. Fixes: 9f8a67b65a49 ("usb: dwc3: gadget: fix gadget suspend/resume") CC: stable(a)vger.kernel.org Signed-off-by: Kuen-Han Tsai <khtsai(a)google.com> --- Kernel panic - not syncing: Asynchronous SError Interrupt Workqueue: events vbus_event_work Call trace: dump_backtrace+0xf4/0x118 show_stack+0x18/0x24 dump_stack_lvl+0x60/0x7c dump_stack+0x18/0x3c panic+0x16c/0x390 nmi_panic+0xa4/0xa8 arm64_serror_panic+0x6c/0x94 do_serror+0xc4/0xd0 el1h_64_error_handler+0x34/0x48 el1h_64_error+0x68/0x6c readl+0x4c/0x8c __dwc3_gadget_ep_disable+0x48/0x230 dwc3_gadget_ep_disable+0x50/0xc0 usb_ep_disable+0x44/0xe4 ffs_func_eps_disable+0x64/0xc8 ffs_func_set_alt+0x74/0x368 ffs_func_disable+0x18/0x28 composite_disconnect+0x90/0xec configfs_composite_disconnect+0x64/0x88 usb_gadget_disconnect_locked+0xc0/0x168 vbus_event_work+0x3c/0x58 process_one_work+0x1e4/0x43c worker_thread+0x25c/0x430 kthread+0x104/0x1d4 ret_from_fork+0x10/0x20 --- Changelog: v4: - correct the mistake where semicolon was forgotten - return -EAGAIN upon dwc3_gadget_suspend() failure v3: - change the Fixes tag v2: - move declarations in separate lines - add the Fixes tag --- drivers/usb/dwc3/core.c | 9 +++++++-- drivers/usb/dwc3/gadget.c | 22 +++++++++------------- 2 files changed, 16 insertions(+), 15 deletions(-) diff --git a/drivers/usb/dwc3/core.c b/drivers/usb/dwc3/core.c index 66a08b527165..f36bc933c55b 100644 --- a/drivers/usb/dwc3/core.c +++ b/drivers/usb/dwc3/core.c @@ -2388,6 +2388,7 @@ static int dwc3_suspend_common(struct dwc3 *dwc, pm_message_t msg) { u32 reg; int i; + int ret; if (!pm_runtime_suspended(dwc->dev) && !PMSG_IS_AUTO(msg)) { dwc->susphy_state = (dwc3_readl(dwc->regs, DWC3_GUSB2PHYCFG(0)) & @@ -2406,7 +2407,9 @@ static int dwc3_suspend_common(struct dwc3 *dwc, pm_message_t msg) case DWC3_GCTL_PRTCAP_DEVICE: if (pm_runtime_suspended(dwc->dev)) break; - dwc3_gadget_suspend(dwc); + ret = dwc3_gadget_suspend(dwc); + if (ret) + return ret; synchronize_irq(dwc->irq_gadget); dwc3_core_exit(dwc); break; @@ -2441,7 +2444,9 @@ static int dwc3_suspend_common(struct dwc3 *dwc, pm_message_t msg) break; if (dwc->current_otg_role == DWC3_OTG_ROLE_DEVICE) { - dwc3_gadget_suspend(dwc); + ret = dwc3_gadget_suspend(dwc); + if (ret) + return ret; synchronize_irq(dwc->irq_gadget); } diff --git a/drivers/usb/dwc3/gadget.c b/drivers/usb/dwc3/gadget.c index 89a4dc8ebf94..630fd5f0ce97 100644 --- a/drivers/usb/dwc3/gadget.c +++ b/drivers/usb/dwc3/gadget.c @@ -4776,26 +4776,22 @@ int dwc3_gadget_suspend(struct dwc3 *dwc) int ret; ret = dwc3_gadget_soft_disconnect(dwc); - if (ret) - goto err; - - spin_lock_irqsave(&dwc->lock, flags); - if (dwc->gadget_driver) - dwc3_disconnect_gadget(dwc); - spin_unlock_irqrestore(&dwc->lock, flags); - - return 0; - -err: /* * Attempt to reset the controller's state. Likely no * communication can be established until the host * performs a port reset. */ - if (dwc->softconnect) + if (ret && dwc->softconnect) { dwc3_gadget_soft_connect(dwc); + return -EAGAIN; + } - return ret; + spin_lock_irqsave(&dwc->lock, flags); + if (dwc->gadget_driver) + dwc3_disconnect_gadget(dwc); + spin_unlock_irqrestore(&dwc->lock, flags); + + return 0; } int dwc3_gadget_resume(struct dwc3 *dwc) -- 2.49.0.604.gff1f9ca942-goog

10 hours, 54 minutes

2
5
0 0

[PATCH RESEND v3 0/3] Add ti,suppress-v1p8-ena

by Judith Mendez

Resend patch series to fix cc list There are MMC boot failures seen with V1P8_SIGNAL_ENA on Kingston eMMC and Microcenter/Patriot SD cards on Sitara K3 boards due to the HS200 initialization sequence involving V1P8_SIGNAL_ENA. Since V1P8_SIGNAL_ENA is optional for eMMC, do not set V1P8_SIGNAL_ENA by default for eMMC. For SD cards we shall parse DT for ti,suppress-v1p8-ena property to determine whether to suppress V1P8_SIGNAL_ENA. Add new ti,suppress-v1p8-ena to am62x, am62ax, and am62px SoC dtsi files since there is no internal LDO tied to sdhci1 interface so V1P8_SIGNAL_ENA only affects timing. This fix was previously merged in the kernel, but was reverted due to the "heuristics for enabling the quirk"[0]. This issue is adressed in this patch series by adding optional ti,suppress-v1p8-ena DT property which determines whether to apply the quirk for SD. Changes since v2: - Include patch 3/3 - Reword cover letter - Reword binding patch description - Add fixes/cc tags to driver patch - Reorder patches according to binding patch first - Resend to fix cc list in original v3 series Link to v2: https://lore.kernel.org/linux-mmc/20250417182652.3521104-1-jm@ti.com/ Link to v1: https://lore.kernel.org/linux-mmc/20250407222702.2199047-1-jm@ti.com/ [0] https://lore.kernel.org/linux-mmc/20250127-am654-mmc-regression-v2-1-9bb39f… Judith Mendez (3): dt-bindings: mmc: sdhci-am654: Add ti,suppress-v1p8-ena mmc: sdhci_am654: Add sdhci_am654_start_signal_voltage_switch arm64: dts: ti: k3-am62*: add ti,suppress-v1p8-ena .../devicetree/bindings/mmc/sdhci-am654.yaml | 5 +++ arch/arm64/boot/dts/ti/k3-am62-main.dtsi | 1 + arch/arm64/boot/dts/ti/k3-am62a-main.dtsi | 1 + .../dts/ti/k3-am62p-j722s-common-main.dtsi | 1 + drivers/mmc/host/sdhci_am654.c | 32 +++++++++++++++++++ 5 files changed, 40 insertions(+) base-commit: 1be38f81251f6d276713c259ecf4414f82f22c29 -- 2.49.0

11 hours, 6 minutes

2
4
0 0

[PATCH v2] drm/tiny: panel-mipi-dbi: Use drm_client_setup_with_fourcc()

by Fabio Estevam

From: Fabio Estevam <festevam(a)denx.de> Since commit 559358282e5b ("drm/fb-helper: Don't use the preferred depth for the BPP default"), RGB565 displays such as the CFAF240320X no longer render correctly: colors are distorted and the content is shown twice horizontally. This regression is due to the fbdev emulation layer defaulting to 32 bits per pixel, whereas the display expects 16 bpp (RGB565). As a result, the framebuffer data is incorrectly interpreted by the panel. Fix the issue by calling drm_client_setup_with_fourcc() with a format explicitly selected based on the display's bits-per-pixel value. For 16 bpp, use DRM_FORMAT_RGB565; for other values, fall back to the previous behavior. This ensures that the allocated framebuffer format matches the hardware expectations, avoiding color and layout corruption. Tested on a CFAF240320X display with an RGB565 configuration, confirming correct colors and layout after applying this patch. Cc: stable(a)vger.kernel.org Fixes: 559358282e5b ("drm/fb-helper: Don't use the preferred depth for the BPP default") Signed-off-by: Fabio Estevam <festevam(a)denx.de> Reviewed-by: Thomas Zimmermann <tzimmermann(a)suse.de> --- Changes since v1: - Improved the commit log. - Added Thomas' Reviewed-by tag. - Added more maintainers on Cc as panel-mipi-dbi.c has been marked as orphan. drivers/gpu/drm/tiny/panel-mipi-dbi.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/drivers/gpu/drm/tiny/panel-mipi-dbi.c b/drivers/gpu/drm/tiny/panel-mipi-dbi.c index 0460ecaef4bd..23914a9f7fd3 100644 --- a/drivers/gpu/drm/tiny/panel-mipi-dbi.c +++ b/drivers/gpu/drm/tiny/panel-mipi-dbi.c @@ -390,7 +390,10 @@ static int panel_mipi_dbi_spi_probe(struct spi_device *spi) spi_set_drvdata(spi, drm); - drm_client_setup(drm, NULL); + if (bpp == 16) + drm_client_setup_with_fourcc(drm, DRM_FORMAT_RGB565); + else + drm_client_setup_with_fourcc(drm, DRM_FORMAT_RGB888); return 0; } -- 2.34.1

11 hours, 20 minutes

2
1
0 0

[PATCH] video: screen_info: Update framebuffers behind PCI bridges

by Thomas Zimmermann

Apply bridge window offsets to screen_info framebuffers during relocation. Fixes invalid access to I/O memory. Resources behind a PCI bridge can be located at a certain offset in the kernel's I/O range. The framebuffer memory range stored in screen_info refers to the offset as seen during boot (essentialy 0). During boot up, the kernel may assign a different memory offset to the bridge device and thereby relocating the framebuffer address of the PCI graphics device as seen by the kernel. The information in screen_info must be updated as well. The helper pcibios_bus_to_resource() performs the relocation of the screen_info resource. The result now matches the I/O-memory resource of the PCI graphics device. As before, we store away the information necessary to update the information in screen_info. Commit 78aa89d1dfba ("firmware/sysfb: Update screen_info for relocated EFI framebuffers") added the code for updating screen_info. It is based on similar functionality that pre-existed in efifb. But efifb did not handle bridges correctly, so the problem presumably exists only on newer systems. Signed-off-by: Thomas Zimmermann <tzimmermann(a)suse.de> Reported-by: Tested-by: "Ivan T. Ivanov" <iivanov(a)suse.de> Closes: https://bugzilla.suse.com/show_bug.cgi?id=1240696 Tested-by: Tested-by: "Ivan T. Ivanov" <iivanov(a)suse.de> Fixes: 78aa89d1dfba ("firmware/sysfb: Update screen_info for relocated EFI framebuffers") Cc: dri-devel(a)lists.freedesktop.org Cc: <stable(a)vger.kernel.org> # v6.9+ --- drivers/video/screen_info_pci.c | 17 ++++++++++++++--- 1 file changed, 14 insertions(+), 3 deletions(-) diff --git a/drivers/video/screen_info_pci.c b/drivers/video/screen_info_pci.c index 6c5833517141..c46c75dc3fae 100644 --- a/drivers/video/screen_info_pci.c +++ b/drivers/video/screen_info_pci.c @@ -8,7 +8,7 @@ static struct pci_dev *screen_info_lfb_pdev; static size_t screen_info_lfb_bar; static resource_size_t screen_info_lfb_offset; -static struct resource screen_info_lfb_res = DEFINE_RES_MEM(0, 0); +static struct pci_bus_region screen_info_lfb_region; static bool __screen_info_relocation_is_valid(const struct screen_info *si, struct resource *pr) { @@ -31,7 +31,7 @@ void screen_info_apply_fixups(void) if (screen_info_lfb_pdev) { struct resource *pr = &screen_info_lfb_pdev->resource[screen_info_lfb_bar]; - if (pr->start != screen_info_lfb_res.start) { + if (pr->start != screen_info_lfb_region.start) { if (__screen_info_relocation_is_valid(si, pr)) { /* * Only update base if we have an actual @@ -69,10 +69,21 @@ static void screen_info_fixup_lfb(struct pci_dev *pdev) for (i = 0; i < numres; ++i) { struct resource *r = &res[i]; + struct pci_bus_region bus_region = { + .start = r->start, + .end = r->end, + }; const struct resource *pr; if (!(r->flags & IORESOURCE_MEM)) continue; + + /* + * Translate the address to resource if the framebuffer + * is behind a PCI bridge. + */ + pcibios_bus_to_resource(pdev->bus, r, &bus_region); + pr = pci_find_resource(pdev, r); if (!pr) continue; @@ -85,7 +96,7 @@ static void screen_info_fixup_lfb(struct pci_dev *pdev) screen_info_lfb_pdev = pdev; screen_info_lfb_bar = pr - pdev->resource; screen_info_lfb_offset = r->start - pr->start; - memcpy(&screen_info_lfb_res, r, sizeof(screen_info_lfb_res)); + memcpy(&screen_info_lfb_region, &bus_region, sizeof(screen_info_lfb_region)); } } DECLARE_PCI_FIXUP_CLASS_HEADER(PCI_ANY_ID, PCI_ANY_ID, PCI_BASE_CLASS_DISPLAY, 16, -- 2.49.0

11 hours, 22 minutes

2
2
0 0

[REGRESSION] 6.14.3 panic - kernel NULL pointer dereference in htb_dequeue

by Alan J. Wylie

#regzbot introduced: 6.14.2..6.14.3 Since 6.14.3 I have been seeing random panics, all in htb_dequeue. 6.14.2 was fine. One only happened 8 hours after the reboot, so bisecting would be prolonged, since I have no idea what is triggering the crash. I've captured three panics with netconsole. All are very similar. I've also included the script I use to initialise tc. As well as when the ppp over ethernet interface comes up, I also run this every 5 minutes as a cron job since my ADSL line can fluctuate between 22 and 30 Mb/s. However, from the timings of the last few lines in /var/log/messages before the crash, it doesn't seem that this is directly related. Finally, I've decoded the first panic. I'm more than happy to help with debugging, if necessary. The system is running up-to-date Gentoo. Linux version 6.14.3 (alan@bilbo) (gcc (Gentoo Hardened 14.2.1_p20241221 p7) 14.2.1 20241221, GNU ld (Gentoo 2.44 p1) 2.44.0) #20 SMP PREEMPT_DYNAMIC Sun Apr 20 21:18:54 BST 2025 Linux bilbo 6.14.3 #20 SMP PREEMPT_DYNAMIC Sun Apr 20 21:18:54 BST 2025 x86_64 AMD FX(tm)-4300 Quad-Core Processor AuthenticAMD GNU/Linux # equery -q list iproute2 sys-apps/iproute2-6.13.0 BUG: kernel NULL pointer dereference, address: 0000000000000000 #PF: supervisor read access in kernel mode #PF: error_code(0x0000) - not-present page PGD 0 P4D 0 Oops: Oops: 0000 [#1] PREEMPT SMP NOPTI CPU: 0 UID: 0 PID: 0 Comm: swapper/0 Tainted: G O 6.14.3 #20 Tainted: [O]=OOT_MODULE Hardware name: Gigabyte Technology Co., Ltd. To be filled by O.E.M./970A-DS3P, BIOS FD 02/26/2016 RIP: 0010:rb_next+0x0/0x50 Code: e8 d5 fa ff ff 5b 4c 89 e0 5d 41 5c 41 5d 41 5e e9 85 73 01 00 5b 5d 41 5c 41 5d 41 5e e9 38 76 01 00 0f 1f 84 00 00 00 00 00 <48> 3b 3f 48 89 f8 74 38 48 8b 57 08 48 85 d2 74 11 48 89 d0 48 8b RSP: 0018:ffffc90000003e50 EFLAGS: 00010246 RAX: 0000000000000000 RBX: ffff88811a764000 RCX: ffff88811a764180 RDX: ffff88835e4c6c00 RSI: ffff888162c998e8 RDI: 0000000000000000 RBP: 0000000000000000 R08: ffff88811a7642b0 R09: 00000000a535eebc R10: 0000000000000d09 R11: ffffc90000003ff8 R12: ffff88835e4c6c00 R13: ffff88811a7642b8 R14: 00001a951355b383 R15: 0000000000000000 FS: 0000000000000000(0000) GS:ffff88842ec00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 0000000000000000 CR3: 00000001084b4000 CR4: 00000000000406f0 Call Trace: <IRQ> htb_dequeue+0x42f/0x610 [sch_htb] __qdisc_run+0x253/0x480 ? timerqueue_del+0x2c/0x40 qdisc_run+0x15/0x30 net_tx_action+0x182/0x1b0 handle_softirqs+0x102/0x240 __irq_exit_rcu+0x3e/0xb0 sysvec_apic_timer_interrupt+0x5b/0x70 </IRQ> <TASK> asm_sysvec_apic_timer_interrupt+0x16/0x20 RIP: 0010:cpuidle_enter_state+0x126/0x220 Code: 18 4c 6f 00 85 c0 7e 0b 8b 73 04 83 cf ff e8 a1 22 e5 ff 31 ff e8 9a 2e 98 ff 45 84 ff 74 07 31 ff e8 0e 58 9d ff fb 45 85 ed <0f> 88 cc 00 00 00 49 63 c5 48 8b 3c 24 48 6b c8 68 48 6b d0 30 49 RSP: 0018:ffffffff81e03e40 EFLAGS: 00000202 RAX: ffff88842ec00000 RBX: ffff8881008d9400 RCX: 0000000000000000 RDX: 00001a94d9502071 RSI: fffffffbb3498394 RDI: 0000000000000000 RBP: 0000000000000002 R08: 0000000000000002 R09: 00001a94d7bd7640 R10: 0000000000000006 R11: 0000000000000020 R12: ffffffff81f98280 R13: 0000000000000002 R14: 00001a94d9502071 R15: 0000000000000000 cpuidle_enter+0x2a/0x40 do_idle+0x12d/0x1a0 cpu_startup_entry+0x29/0x30 rest_init+0xbc/0xc0 start_kernel+0x630/0x630 x86_64_start_reservations+0x25/0x30 x86_64_start_kernel+0x73/0x80 common_startup_64+0x12c/0x138 </TASK> Modules linked in: udp_diag netconsole sch_htb cls_u32 sch_ingress sch_cake ifb act_mirred xt_hl xt_nat ts_bm xt_string xt_TARPIT(O) xt_CT xt_tcpudp xt_helper nf_nat_ftp nf_conntrack_ftp ip6t_rt ip6table_nat xt_MASQUERADE iptable_nat nf_nat xt_TCPMSS xt_LOG nf_log_syslog ip6t_REJECT nf_reject_ipv6 ipt_REJECT nf_reject_ipv4 ip6table_raw iptable_raw ip6table_mangle iptable_mangle xt_multiport xt_state xt_limit xt_conntrack nf_conntrack nf_defrag_ipv6 nf_defrag_ipv4 ip6table_filter ip6_tables iptable_filter ip_tables x_tables tun pppoe binfmt_misc pppox ppp_generic slhc af_packet bridge stp llc ctr ccm dm_crypt radeon drm_client_lib video wmi drm_exec drm_suballoc_helper ath9k drm_ttm_helper syscopyarea ttm sysfillrect ath9k_common sysimgblt ath9k_hw fb_sys_fops drm_display_helper drm_kms_helper ath mac80211 agpgart pl2303 snd_hda_codec_realtek cfbfillrect snd_hda_codec_generic usbserial snd_hda_codec_hdmi snd_hda_scodec_component cfbimgblt snd_hda_intel fb_io_fops snd_intel_dspcfg cfbcopyarea snd_hda_codec i2c_algo_bit fb snd_hda_core aesni_intel cfg80211 cdc_acm snd_pcm crypto_simd font snd_timer cryptd snd at24 e1000 regmap_i2c acpi_cpufreq libarc4 soundcore k10temp fam15h_power evdev nfsd sch_fq_codel auth_rpcgss lockd grace drm sunrpc drm_panel_orientation_quirks fuse backlight configfs loop nfnetlink usbhid ohci_pci xhci_pci xhci_hcd ohci_hcd ehci_pci ehci_hcd sha512_ssse3 usbcore sha256_ssse3 sha1_ssse3 sha1_generic gf128mul usb_common dm_mirror dm_region_hash dm_log cpuid i2c_piix4 i2c_smbus i2c_dev i2c_core it87 hwmon_vid msr dmi_sysfs autofs4 CR2: 0000000000000000 ---[ end trace 0000000000000000 ]--- RIP: 0010:rb_next+0x0/0x50 Code: e8 d5 fa ff ff 5b 4c 89 e0 5d 41 5c 41 5d 41 5e e9 85 73 01 00 5b 5d 41 5c 41 5d 41 5e e9 38 76 01 00 0f 1f 84 00 00 00 00 00 <48> 3b 3f 48 89 f8 74 38 48 8b 57 08 48 85 d2 74 11 48 89 d0 48 8b RSP: 0018:ffffc90000003e50 EFLAGS: 00010246 RAX: 0000000000000000 RBX: ffff88811a764000 RCX: ffff88811a764180 RDX: ffff88835e4c6c00 RSI: ffff888162c998e8 RDI: 0000000000000000 RBP: 0000000000000000 R08: ffff88811a7642b0 R09: 00000000a535eebc R10: 0000000000000d09 R11: ffffc90000003ff8 R12: ffff88835e4c6c00 R13: ffff88811a7642b8 R14: 00001a951355b383 R15: 0000000000000000 FS: 0000000000000000(0000) GS:ffff88842ec00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 0000000000000000 CR3: 00000001084b4000 CR4: 00000000000406f0 Kernel panic - not syncing: Fatal exception in interrupt Kernel Offset: disabled ---[ end Kernel panic - not syncing: Fatal exception in interrupt ]--- BUG: kernel NULL pointer dereference, address: 0000000000000000 #PF: supervisor read access in kernel mode #PF: error_code(0x0000) - not-present page PGD 1062b1067 P4D 1062b1067 PUD 1062ae067 PMD 0 Oops: Oops: 0000 [#1] PREEMPT SMP NOPTI CPU: 1 UID: 0 PID: 0 Comm: swapper/1 Tainted: G O 6.14.3 #20 Tainted: [O]=OOT_MODULE Hardware name: Gigabyte Technology Co., Ltd. To be filled by O.E.M./970A-DS3P, BIOS FD 02/26/2016 RIP: 0010:rb_next+0x0/0x50 Code: e8 d5 fa ff ff 5b 4c 89 e0 5d 41 5c 41 5d 41 5e e9 85 73 01 00 5b 5d 41 5c 41 5d 41 5e e9 38 76 01 00 0f 1f 84 00 00 00 00 00 <48> 3b 3f 48 89 f8 74 38 48 8b 57 08 48 85 d2 74 11 48 89 d0 48 8b RSP: 0018:ffffc9000010ce50 EFLAGS: 00010246 RAX: 0000000000000000 RBX: ffff88812106e000 RCX: ffff88812106e180 RDX: ffff888129726c00 RSI: ffff888106a052e8 RDI: 0000000000000000 RBP: 0000000000000000 R08: ffff88812106e2b0 R09: 0000000036705a4e R10: 0000000000000d03 R11: ffffc9000010cff8 R12: ffff888129726c00 R13: ffff88812106e2b8 R14: 000000d9fd03fce6 R15: 0000000000000000 FS: 0000000000000000(0000) GS:ffff88842ec80000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 0000000000000000 CR3: 0000000112716000 CR4: 00000000000406f0 Call Trace: <IRQ> htb_dequeue+0x42f/0x610 [sch_htb] __qdisc_run+0x253/0x480 ? timerqueue_del+0x2c/0x40 qdisc_run+0x15/0x30 net_tx_action+0x182/0x1b0 handle_softirqs+0x102/0x240 __irq_exit_rcu+0x3e/0xb0 sysvec_apic_timer_interrupt+0x5b/0x70 </IRQ> <TASK> asm_sysvec_apic_timer_interrupt+0x16/0x20 RIP: 0010:acpi_safe_halt+0x22/0x30 Code: 0f 1f 84 00 00 00 00 00 65 48 8b 05 b8 38 71 7e 48 8b 00 a8 08 75 14 8b 05 a3 92 bb 00 85 c0 7e 07 0f 00 2d 20 4f 15 00 fb f4 <fa> e9 18 77 00 00 0f 1f 84 00 00 00 00 00 8a 47 08 3c 01 75 05 e9 RSP: 0018:ffffc900000c7e80 EFLAGS: 00000246 RAX: 0000000000000000 RBX: 0000000000000001 RCX: ffff88842ec80000 RDX: ffff888100ddd464 RSI: ffff888100ddd400 RDI: ffff888100ddd464 RBP: 0000000000000001 R08: 0000000000000001 R09: 071c71c71c71c71c R10: 0000000000000006 R11: 0000000000000020 R12: ffffffff81f98280 R13: ffffffff81f982e8 R14: ffffffff81f98300 R15: 0000000000000000 acpi_idle_enter+0x8f/0xa0 cpuidle_enter_state+0xb3/0x220 cpuidle_enter+0x2a/0x40 do_idle+0x12d/0x1a0 cpu_startup_entry+0x29/0x30 start_secondary+0xed/0xf0 common_startup_64+0x12c/0x138 </TASK> Modules linked in: netconsole sch_htb cls_u32 sch_ingress sch_cake ifb act_mirred xt_hl xt_nat ts_bm xt_string xt_TARPIT(O) xt_CT xt_tcpudp xt_helper nf_nat_ftp nf_conntrack_ftp ip6t_rt ip6table_nat xt_MASQUERADE iptable_nat nf_nat xt_TCPMSS xt_LOG nf_log_syslog ip6t_REJECT nf_reject_ipv6 ipt_REJECT nf_reject_ipv4 ip6table_raw iptable_raw ip6table_mangle iptable_mangle xt_multiport xt_state xt_limit xt_conntrack nf_conntrack nf_defrag_ipv6 nf_defrag_ipv4 ip6table_filter ip6_tables iptable_filter ip_tables x_tables tun pppoe pppox binfmt_misc ppp_generic slhc af_packet bridge stp llc ctr ccm dm_crypt radeon drm_client_lib ath9k video wmi drm_exec ath9k_common drm_suballoc_helper ath9k_hw drm_ttm_helper syscopyarea ttm sysfillrect sysimgblt ath pl2303 snd_hda_codec_realtek fb_sys_fops snd_hda_codec_generic usbserial mac80211 drm_display_helper snd_hda_codec_hdmi snd_hda_scodec_component drm_kms_helper snd_hda_intel snd_intel_dspcfg snd_hda_codec agpgart cfbfillrect snd_hda_core cfbimgblt fb_io_fops aesni_intel snd_pcm cfg80211 e1000 cfbcopyarea i2c_algo_bit cdc_acm fb crypto_simd snd_timer snd cryptd acpi_cpufreq at24 font fam15h_power libarc4 soundcore k10temp regmap_i2c evdev nfsd sch_fq_codel auth_rpcgss lockd drm grace sunrpc drm_panel_orientation_quirks fuse backlight configfs loop nfnetlink usbhid xhci_pci ohci_pci xhci_hcd ohci_hcd ehci_pci ehci_hcd usbcore sha512_ssse3 sha256_ssse3 sha1_ssse3 sha1_generic gf128mul usb_common dm_mirror dm_region_hash dm_log cpuid i2c_piix4 i2c_smbus i2c_dev i2c_core it87 hwmon_vid msr dmi_sysfs autofs4 CR2: 0000000000000000 ---[ end trace 0000000000000000 ]--- RIP: 0010:rb_next+0x0/0x50 Code: e8 d5 fa ff ff 5b 4c 89 e0 5d 41 5c 41 5d 41 5e e9 85 73 01 00 5b 5d 41 5c 41 5d 41 5e e9 38 76 01 00 0f 1f 84 00 00 00 00 00 <48> 3b 3f 48 89 f8 74 38 48 8b 57 08 48 85 d2 74 11 48 89 d0 48 8b RSP: 0018:ffffc9000010ce50 EFLAGS: 00010246 RAX: 0000000000000000 RBX: ffff88812106e000 RCX: ffff88812106e180 RDX: ffff888129726c00 RSI: ffff888106a052e8 RDI: 0000000000000000 RBP: 0000000000000000 R08: ffff88812106e2b0 R09: 0000000036705a4e R10: 0000000000000d03 R11: ffffc9000010cff8 R12: ffff888129726c00 R13: ffff88812106e2b8 R14: 000000d9fd03fce6 R15: 0000000000000000 FS: 0000000000000000(0000) GS:ffff88842ec80000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 0000000000000000 CR3: 0000000112716000 CR4: 00000000000406f0 Kernel panic - not syncing: Fatal exception in interrupt Kernel Offset: disabled ---[ end Kernel panic - not syncing: Fatal exception in interrupt ]--- BUG: kernel NULL pointer dereference, address: 0000000000000000 #PF: supervisor read access in kernel mode #PF: error_code(0x0000) - not-present page PGD 0 P4D 0 Oops: Oops: 0000 [#1] PREEMPT SMP NOPTI CPU: 1 UID: 0 PID: 0 Comm: swapper/1 Tainted: G O 6.14.3 #20 Tainted: [O]=OOT_MODULE Hardware name: Gigabyte Technology Co., Ltd. To be filled by O.E.M./970A-DS3P, BIOS FD 02/26/2016 RIP: 0010:rb_next+0x0/0x50 Code: e8 d5 fa ff ff 5b 4c 89 e0 5d 41 5c 41 5d 41 5e e9 85 73 01 00 5b 5d 41 5c 41 5d 41 5e e9 38 76 01 00 0f 1f 84 00 00 00 00 00 <48> 3b 3f 48 89 f8 74 38 48 8b 57 08 48 85 d2 74 11 48 89 d0 48 8b RSP: 0018:ffffc9000010ce50 EFLAGS: 00010246 RAX: 0000000000000000 RBX: ffff88811899d000 RCX: ffff88811899d180 RDX: ffff8881845f2800 RSI: ffff8881069b7ae8 RDI: 0000000000000000 RBP: 0000000000000000 R08: ffff88811899d2b0 R09: 000000002997d2aa R10: 0000000000003fbf R11: ffffc9000010cff8 R12: ffff8881845f2800 R13: ffff88811899d2b8 R14: 000000a69ae56401 R15: 0000000000000000 FS: 0000000000000000(0000) GS:ffff88842ec80000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 0000000000000000 CR3: 0000000103c80000 CR4: 00000000000406f0 Call Trace: <IRQ> htb_dequeue+0x42f/0x610 [sch_htb] __qdisc_run+0x253/0x480 ? timerqueue_del+0x2c/0x40 qdisc_run+0x15/0x30 net_tx_action+0x182/0x1b0 handle_softirqs+0x102/0x240 __irq_exit_rcu+0x3e/0xb0 sysvec_apic_timer_interrupt+0x5b/0x70 </IRQ> <TASK> asm_sysvec_apic_timer_interrupt+0x16/0x20 RIP: 0010:cpuidle_enter_state+0x126/0x220 Code: 18 4c 6f 00 85 c0 7e 0b 8b 73 04 83 cf ff e8 a1 22 e5 ff 31 ff e8 9a 2e 98 ff 45 84 ff 74 07 31 ff e8 0e 58 9d ff fb 45 85 ed <0f> 88 cc 00 00 00 49 63 c5 48 8b 3c 24 48 6b c8 68 48 6b d0 30 49 RSP: 0018:ffffc900000c7e98 EFLAGS: 00000202 RAX: ffff88842ec80000 RBX: ffff888101d7f800 RCX: 0000000000000000 RDX: 000000a6607c6802 RSI: fffffffc350c4254 RDI: 0000000000000000 RBP: 0000000000000002 R08: 0000000000000002 R09: 000000e8ec11c440 R10: 0000000000000006 R11: 0000000000000020 R12: ffffffff81f98280 R13: 0000000000000002 R14: 000000a6607c6802 R15: 0000000000000000 ? cpuidle_enter_state+0x116/0x220 cpuidle_enter+0x2a/0x40 do_idle+0x12d/0x1a0 cpu_startup_entry+0x29/0x30 start_secondary+0xed/0xf0 common_startup_64+0x12c/0x138 </TASK> Modules linked in: sch_htb cls_u32 sch_ingress sch_cake ifb act_mirred xt_hl xt_nat ts_bm xt_string xt_TARPIT(O) xt_CT xt_tcpudp xt_helper nf_nat_ftp nf_conntrack_ftp ip6t_rt ip6table_nat xt_MASQUERADE iptable_nat nf_nat xt_TCPMSS xt_LOG nf_log_syslog ip6t_REJECT nf_reject_ipv6 ipt_REJECT nf_reject_ipv4 ip6table_raw iptable_raw ip6table_mangle iptable_mangle xt_multiport xt_state xt_limit xt_conntrack nf_conntrack nf_defrag_ipv6 nf_defrag_ipv4 ip6table_filter ip6_tables iptable_filter ip_tables x_tables pppoe tun pppox binfmt_misc ppp_generic slhc netconsole af_packet bridge stp llc ctr ccm dm_crypt radeon drm_client_lib video wmi drm_exec ath9k drm_suballoc_helper drm_ttm_helper syscopyarea ttm ath9k_common ath9k_hw sysfillrect sysimgblt fb_sys_fops drm_display_helper ath pl2303 drm_kms_helper usbserial mac80211 snd_hda_codec_realtek snd_hda_codec_generic snd_hda_codec_hdmi agpgart snd_hda_scodec_component cfbfillrect snd_hda_intel cfbimgblt snd_intel_dspcfg snd_hda_codec fb_io_fops snd_hda_core cfbcopyarea aesni_intel i2c_algo_bit cfg80211 snd_pcm fb snd_timer e1000 snd crypto_simd cdc_acm cryptd at24 font acpi_cpufreq libarc4 soundcore fam15h_power regmap_i2c k10temp evdev nfsd sch_fq_codel auth_rpcgss lockd grace sunrpc drm fuse configfs drm_panel_orientation_quirks backlight loop nfnetlink usbhid xhci_pci ohci_pci xhci_hcd ohci_hcd ehci_pci ehci_hcd sha512_ssse3 sha256_ssse3 usbcore sha1_ssse3 sha1_generic gf128mul usb_common dm_mirror dm_region_hash dm_log cpuid i2c_piix4 i2c_smbus i2c_dev i2c_core it87 hwmon_vid msr dmi_sysfs autofs4 CR2: 0000000000000000 ---[ end trace 0000000000000000 ]--- RIP: 0010:rb_next+0x0/0x50 Code: e8 d5 fa ff ff 5b 4c 89 e0 5d 41 5c 41 5d 41 5e e9 85 73 01 00 5b 5d 41 5c 41 5d 41 5e e9 38 76 01 00 0f 1f 84 00 00 00 00 00 <48> 3b 3f 48 89 f8 74 38 48 8b 57 08 48 85 d2 74 11 48 89 d0 48 8b RSP: 0018:ffffc9000010ce50 EFLAGS: 00010246 RAX: 0000000000000000 RBX: ffff88811899d000 RCX: ffff88811899d180 RDX: ffff8881845f2800 RSI: ffff8881069b7ae8 RDI: 0000000000000000 RBP: 0000000000000000 R08: ffff88811899d2b0 R09: 000000002997d2aa R10: 0000000000003fbf R11: ffffc9000010cff8 R12: ffff8881845f2800 R13: ffff88811899d2b8 R14: 000000a69ae56401 R15: 0000000000000000 FS: 0000000000000000(0000) GS:ffff88842ec80000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 0000000000000000 CR3: 0000000103c80000 CR4: 00000000000406f0 Kernel panic - not syncing: Fatal exception in interrupt Kernel Offset: disabled ---[ end Kernel panic - not syncing: Fatal exception in interrupt ]--- #!/bin/bash # https://www.bufferbloat.net/projects/codel/wiki/Cake/#installing-cake-out-o… # https://trofi.github.io/posts/217-mitigating%20bufferbloat.html #set -x set -o nounset set -o errexit export PATH=/sbin:/bin:/usr/sbin:/usr/bin ext=ppp0 ext_ingress=ppp0ifb0 # [query ADSL modem for up and down rates] echo -e "pppd pppoe UP $UP DN $DN" | systemd-cat -t traffic-control ext_up=$((UP * 95 / 100))kbit ext_down=$((DN * 95 / 100))kbit # below taken from https://wiki.gentoo.org/wiki/Traffic_shaping q=1486 # HTB Quantum = 1500bytes IP + 14 bytes ethernet. # Higher bandwidths may require a higher htb quantum. MEASURE. # Some ADSL devices might require a stab setting. quantum=300 # fq_codel quantum 300 gives a boost to interactive flows # At higher bandwidths (50Mbit+) don't bother modprobe act_mirred modprobe ifb modprobe sch_cake modprobe sch_fq_codel ethtool -K "$ext" tso off gso off gro off # Also turn of gro on ALL interfaces # e.g ethtool -K eth1 gro off if you have eth1 # some devices you may need to run these # commands independently # Clear old queuing disciplines (qdisc) on the interfaces tc qdisc del dev "$ext" root >& /dev/null || true tc qdisc del dev "$ext" ingress >& /dev/null || true tc qdisc del dev "$ext_ingress" root >& /dev/null || true tc qdisc del dev "$ext_ingress" ingress >& /dev/null || true ip link del "$ext_ingress" >& /dev/null || true ######### # INGRESS ######### # Create ingress on external interface tc qdisc add dev "$ext" handle ffff: ingress ip link add name "$ext_ingress" type ifb ip link set dev "$ext_ingress" up || true # if the interace is not up bad things happen # Forward all ingress traffic to the IFB device tc filter add dev "$ext" parent ffff: protocol all u32 match u32 0 0 action mirred egress redirect dev "$ext_ingress" # Create an EGRESS filter on the IFB device # Warning: sch_htb: quantum of class 10001 is big. Consider r2q change # https://web.archive.org/web/20030514055053/http://www.docum.org/stef.coene/… # default r2q is 10 # since up ADSL rate went from 24.4 Mb/s to 26.8 Mb/s, "r2q 15" started giving a "too big" error # up it to 20, now OK again tc qdisc add dev "$ext_ingress" root handle 1: htb default 11 r2q 20 # Add root class HTB with rate limiting tc class add dev "$ext_ingress" parent 1: classid 1:1 htb rate $ext_down #|& grep -v "Consider r2q change" || true tc class add dev "$ext_ingress" parent 1:1 classid 1:11 htb rate $ext_down prio 0 quantum $q # Add FQ_CODEL qdisc with ECN support (if you want ecn) tc qdisc add dev "$ext_ingress" parent 1:11 fq_codel quantum $quantum ecn ######### # EGRESS ######### # Add FQ_CODEL to EGRESS on external interface tc qdisc add dev "$ext" root handle 1: htb default 11 # Add root class HTB with rate limiting tc class add dev "$ext" parent 1: classid 1:1 htb rate $ext_up tc class add dev "$ext" parent 1:1 classid 1:11 htb rate $ext_up prio 0 quantum $q # Note: You can apply a packet limit here and on ingress if you are memory constrained - e.g # for low bandwidths and machines with < 64MB of ram, limit 1000 is good, otherwise no point # Add FQ_CODEL qdisc without ECN support - on egress it's generally better to just drop the packet # but feel free to enable it if you want. tc qdisc add dev "$ext" parent 1:11 fq_codel quantum $quantum noecn $ cat ~/1.panic | scripts/decode_stacktrace.sh vmlinux BUG: kernel NULL pointer dereference, address: 0000000000000000 #PF: supervisor read access in kernel mode #PF: error_code(0x0000) - not-present page PGD 0 P4D 0 Oops: Oops: 0000 [#1] PREEMPT SMP NOPTI CPU: 0 UID: 0 PID: 0 Comm: swapper/0 Tainted: G O 6.14.3 #20 Tainted: [O]=OOT_MODULE Hardware name: Gigabyte Technology Co., Ltd. To be filled by O.E.M./970A-DS3P, BIOS FD 02/26/2016 RIP: 0010:rb_next (lib/rbtree.c:496) Code: e8 d5 fa ff ff 5b 4c 89 e0 5d 41 5c 41 5d 41 5e e9 85 73 01 00 5b 5d 41 5c 41 5d 41 5e e9 38 76 01 00 0f 1f 84 00 00 00 00 00 <48> 3b 3f 48 89 f8 74 38 48 8b 57 08 48 85 d2 74 11 48 89 d0 48 8b All code ======== 0: e8 d5 fa ff ff call 0xfffffffffffffada 5: 5b pop %rbx 6: 4c 89 e0 mov %r12,%rax 9: 5d pop %rbp a: 41 5c pop %r12 c: 41 5d pop %r13 e: 41 5e pop %r14 10: e9 85 73 01 00 jmp 0x1739a 15: 5b pop %rbx 16: 5d pop %rbp 17: 41 5c pop %r12 19: 41 5d pop %r13 1b: 41 5e pop %r14 1d: e9 38 76 01 00 jmp 0x1765a 22: 0f 1f 84 00 00 00 00 nopl 0x0(%rax,%rax,1) 29: 00 2a:* 48 3b 3f cmp (%rdi),%rdi <-- trapping instruction 2d: 48 89 f8 mov %rdi,%rax 30: 74 38 je 0x6a 32: 48 8b 57 08 mov 0x8(%rdi),%rdx 36: 48 85 d2 test %rdx,%rdx 39: 74 11 je 0x4c 3b: 48 89 d0 mov %rdx,%rax 3e: 48 rex.W 3f: 8b .byte 0x8b Code starting with the faulting instruction =========================================== 0: 48 3b 3f cmp (%rdi),%rdi 3: 48 89 f8 mov %rdi,%rax 6: 74 38 je 0x40 8: 48 8b 57 08 mov 0x8(%rdi),%rdx c: 48 85 d2 test %rdx,%rdx f: 74 11 je 0x22 11: 48 89 d0 mov %rdx,%rax 14: 48 rex.W 15: 8b .byte 0x8b RSP: 0018:ffffc90000003e50 EFLAGS: 00010246 RAX: 0000000000000000 RBX: ffff88811a764000 RCX: ffff88811a764180 RDX: ffff88835e4c6c00 RSI: ffff888162c998e8 RDI: 0000000000000000 RBP: 0000000000000000 R08: ffff88811a7642b0 R09: 00000000a535eebc R10: 0000000000000d09 R11: ffffc90000003ff8 R12: ffff88835e4c6c00 R13: ffff88811a7642b8 R14: 00001a951355b383 R15: 0000000000000000 FS: 0000000000000000(0000) GS:ffff88842ec00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 0000000000000000 CR3: 00000001084b4000 CR4: 00000000000406f0 Call Trace: <IRQ> htb_dequeue (net/sched/sch_htb.c:351 (discriminator 1) net/sched/sch_htb.c:924 (discriminator 1) net/sched/sch_htb.c:982 (discriminator 1)) sch_htb __qdisc_run (net/sched/sch_generic.c:294 net/sched/sch_generic.c:398 net/sched/sch_generic.c:416) ? timerqueue_del (lib/timerqueue.c:58) qdisc_run (./include/net/pkt_sched.h:128 ./include/net/pkt_sched.h:124) net_tx_action (net/core/dev.c:5553) handle_softirqs (./arch/x86/include/asm/atomic.h:23 ./include/linux/atomic/atomic-arch-fallback.h:457 ./include/linux/jump_label.h:262 ./include/trace/events/irq.h:142 kernel/softirq.c:562) __irq_exit_rcu (kernel/softirq.c:435 kernel/softirq.c:662) sysvec_apic_timer_interrupt (arch/x86/kernel/apic/apic.c:1049 (discriminator 35) arch/x86/kernel/apic/apic.c:1049 (discriminator 35)) </IRQ> <TASK> asm_sysvec_apic_timer_interrupt (./arch/x86/include/asm/idtentry.h:574) RIP: 0010:cpuidle_enter_state (drivers/cpuidle/cpuidle.c:292) Code: 18 4c 6f 00 85 c0 7e 0b 8b 73 04 83 cf ff e8 a1 22 e5 ff 31 ff e8 9a 2e 98 ff 45 84 ff 74 07 31 ff e8 0e 58 9d ff fb 45 85 ed <0f> 88 cc 00 00 00 49 63 c5 48 8b 3c 24 48 6b c8 68 48 6b d0 30 49 All code ======== 0: 18 4c 6f 00 sbb %cl,0x0(%rdi,%rbp,2) 4: 85 c0 test %eax,%eax 6: 7e 0b jle 0x13 8: 8b 73 04 mov 0x4(%rbx),%esi b: 83 cf ff or $0xffffffff,%edi e: e8 a1 22 e5 ff call 0xffffffffffe522b4 13: 31 ff xor %edi,%edi 15: e8 9a 2e 98 ff call 0xffffffffff982eb4 1a: 45 84 ff test %r15b,%r15b 1d: 74 07 je 0x26 1f: 31 ff xor %edi,%edi 21: e8 0e 58 9d ff call 0xffffffffff9d5834 26: fb sti 27: 45 85 ed test %r13d,%r13d 2a:* 0f 88 cc 00 00 00 js 0xfc <-- trapping instruction 30: 49 63 c5 movslq %r13d,%rax 33: 48 8b 3c 24 mov (%rsp),%rdi 37: 48 6b c8 68 imul $0x68,%rax,%rcx 3b: 48 6b d0 30 imul $0x30,%rax,%rdx 3f: 49 rex.WB Code starting with the faulting instruction =========================================== 0: 0f 88 cc 00 00 00 js 0xd2 6: 49 63 c5 movslq %r13d,%rax 9: 48 8b 3c 24 mov (%rsp),%rdi d: 48 6b c8 68 imul $0x68,%rax,%rcx 11: 48 6b d0 30 imul $0x30,%rax,%rdx 15: 49 rex.WB RSP: 0018:ffffffff81e03e40 EFLAGS: 00000202 RAX: ffff88842ec00000 RBX: ffff8881008d9400 RCX: 0000000000000000 RDX: 00001a94d9502071 RSI: fffffffbb3498394 RDI: 0000000000000000 RBP: 0000000000000002 R08: 0000000000000002 R09: 00001a94d7bd7640 R10: 0000000000000006 R11: 0000000000000020 R12: ffffffff81f98280 R13: 0000000000000002 R14: 00001a94d9502071 R15: 0000000000000000 cpuidle_enter (drivers/cpuidle/cpuidle.c:391 (discriminator 2)) do_idle (kernel/sched/idle.c:234 kernel/sched/idle.c:325) cpu_startup_entry (kernel/sched/idle.c:422) rest_init (init/main.c:743) start_kernel (init/main.c:1525) x86_64_start_reservations (arch/x86/kernel/head64.c:513) x86_64_start_kernel (??:?) common_startup_64 (arch/x86/kernel/head_64.S:421) </TASK> Modules linked in: udp_diag netconsole sch_htb cls_u32 sch_ingress sch_cake ifb act_mirred xt_hl xt_nat ts_bm xt_string xt_TARPIT(O) xt_CT xt_tcpudp xt_helper nf_nat_ftp nf_conntrack_ftp ip6t_rt ip6table_nat xt_MASQUERADE iptable_nat nf_nat xt_TCPMSS xt_LOG nf_log_syslog ip6t_REJECT nf_reject_ipv6 ipt_REJECT nf_reject_ipv4 ip6table_raw iptable_raw ip6table_mangle iptable_mangle xt_multiport xt_state xt_limit xt_conntrack nf_conntrack nf_defrag_ipv6 nf_defrag_ipv4 ip6table_filter ip6_tables iptable_filter ip_tables x_tables tun pppoe binfmt_misc pppox ppp_generic slhc af_packet bridge stp llc ctr ccm dm_crypt radeon drm_client_lib video wmi drm_exec drm_suballoc_helper ath9k drm_ttm_helper syscopyarea ttm sysfillrect ath9k_common sysimgblt ath9k_hw fb_sys_fops drm_display_helper drm_kms_helper ath mac80211 agpgart pl2303 snd_hda_codec_realtek cfbfillrect snd_hda_codec_generic usbserial snd_hda_codec_hdmi snd_hda_scodec_component cfbimgblt snd_hda_intel fb_io_fops snd_intel_dspcfg cfbcopyarea snd_hda_codec i2c_algo_bit fb snd_hda_core aesni_intel cfg80211 cdc_acm snd_pcm crypto_simd font snd_timer cryptd snd at24 e1000 regmap_i2c acpi_cpufreq libarc4 soundcore k10temp fam15h_power evdev nfsd sch_fq_codel auth_rpcgss lockd grace drm sunrpc drm_panel_orientation_quirks fuse backlight configfs loop nfnetlink usbhid ohci_pci xhci_pci xhci_hcd ohci_hcd ehci_pci ehci_hcd sha512_ssse3 usbcore sha256_ssse3 sha1_ssse3 sha1_generic gf128mul usb_common dm_mirror dm_region_hash dm_log cpuid i2c_piix4 i2c_smbus i2c_dev i2c_core it87 hwmon_vid msr dmi_sysfs autofs4 CR2: 0000000000000000 ---[ end trace 0000000000000000 ]--- RIP: 0010:rb_next (lib/rbtree.c:496) Code: e8 d5 fa ff ff 5b 4c 89 e0 5d 41 5c 41 5d 41 5e e9 85 73 01 00 5b 5d 41 5c 41 5d 41 5e e9 38 76 01 00 0f 1f 84 00 00 00 00 00 <48> 3b 3f 48 89 f8 74 38 48 8b 57 08 48 85 d2 74 11 48 89 d0 48 8b All code ======== 0: e8 d5 fa ff ff call 0xfffffffffffffada 5: 5b pop %rbx 6: 4c 89 e0 mov %r12,%rax 9: 5d pop %rbp a: 41 5c pop %r12 c: 41 5d pop %r13 e: 41 5e pop %r14 10: e9 85 73 01 00 jmp 0x1739a 15: 5b pop %rbx 16: 5d pop %rbp 17: 41 5c pop %r12 19: 41 5d pop %r13 1b: 41 5e pop %r14 1d: e9 38 76 01 00 jmp 0x1765a 22: 0f 1f 84 00 00 00 00 nopl 0x0(%rax,%rax,1) 29: 00 2a:* 48 3b 3f cmp (%rdi),%rdi <-- trapping instruction 2d: 48 89 f8 mov %rdi,%rax 30: 74 38 je 0x6a 32: 48 8b 57 08 mov 0x8(%rdi),%rdx 36: 48 85 d2 test %rdx,%rdx 39: 74 11 je 0x4c 3b: 48 89 d0 mov %rdx,%rax 3e: 48 rex.W 3f: 8b .byte 0x8b Code starting with the faulting instruction =========================================== 0: 48 3b 3f cmp (%rdi),%rdi 3: 48 89 f8 mov %rdi,%rax 6: 74 38 je 0x40 8: 48 8b 57 08 mov 0x8(%rdi),%rdx c: 48 85 d2 test %rdx,%rdx f: 74 11 je 0x22 11: 48 89 d0 mov %rdx,%rax 14: 48 rex.W 15: 8b .byte 0x8b RSP: 0018:ffffc90000003e50 EFLAGS: 00010246 RAX: 0000000000000000 RBX: ffff88811a764000 RCX: ffff88811a764180 RDX: ffff88835e4c6c00 RSI: ffff888162c998e8 RDI: 0000000000000000 RBP: 0000000000000000 R08: ffff88811a7642b0 R09: 00000000a535eebc R10: 0000000000000d09 R11: ffffc90000003ff8 R12: ffff88835e4c6c00 R13: ffff88811a7642b8 R14: 00001a951355b383 R15: 0000000000000000 FS: 0000000000000000(0000) GS:ffff88842ec00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 0000000000000000 CR3: 00000001084b4000 CR4: 00000000000406f0 Kernel panic - not syncing: Fatal exception in interrupt Kernel Offset: disabled ---[ end Kernel panic - not syncing: Fatal exception in interrupt ]--- $ -- Alan J. Wylie https://www.wylie.me.uk/ mailto:<alan(a)wylie.me.uk> Dance like no-one's watching. / Encrypt like everyone is. Security is inversely proportional to convenience

11 hours, 24 minutes

3
10
0 0

[PATCH v2] video: screen_info: Relocate framebuffers behind PCI bridges

by Thomas Zimmermann

Apply bridge window offsets to screen_info framebuffers during relocation. Fixes invalid access to I/O memory. Resources behind a PCI bridge can be located at a certain offset in the kernel's I/O range. The framebuffer memory range stored in screen_info refers to the offset as seen during boot (essentialy 0). During boot up, the kernel may assign a different memory offset to the bridge device and thereby relocating the framebuffer address of the PCI graphics device as seen by the kernel. The information in screen_info must be updated as well. The helper pcibios_bus_to_resource() performs the relocation of the screen_info resource. The result now matches the I/O-memory resource of the PCI graphics device. As before, we store away the information necessary to update the information in screen_info. Commit 78aa89d1dfba ("firmware/sysfb: Update screen_info for relocated EFI framebuffers") added the code for updating screen_info. It is based on similar functionality that pre-existed in efifb. Efifb uses a pointer to the PCI resource, while the newer code does a memcpy of the region. Hence efifb sees any updates to the PCI resource and avoids the issue. v2: - Fixed tags (Takashi, Ivan) - Updated information on efifb Signed-off-by: Thomas Zimmermann <tzimmermann(a)suse.de> Reported-by: "Ivan T. Ivanov" <iivanov(a)suse.de> Closes: https://bugzilla.suse.com/show_bug.cgi?id=1240696 Tested-by: "Ivan T. Ivanov" <iivanov(a)suse.de> Fixes: 78aa89d1dfba ("firmware/sysfb: Update screen_info for relocated EFI framebuffers") Cc: dri-devel(a)lists.freedesktop.org Cc: <stable(a)vger.kernel.org> # v6.9+ --- drivers/video/screen_info_pci.c | 17 ++++++++++++++--- 1 file changed, 14 insertions(+), 3 deletions(-) diff --git a/drivers/video/screen_info_pci.c b/drivers/video/screen_info_pci.c index 6c5833517141..c46c75dc3fae 100644 --- a/drivers/video/screen_info_pci.c +++ b/drivers/video/screen_info_pci.c @@ -8,7 +8,7 @@ static struct pci_dev *screen_info_lfb_pdev; static size_t screen_info_lfb_bar; static resource_size_t screen_info_lfb_offset; -static struct resource screen_info_lfb_res = DEFINE_RES_MEM(0, 0); +static struct pci_bus_region screen_info_lfb_region; static bool __screen_info_relocation_is_valid(const struct screen_info *si, struct resource *pr) { @@ -31,7 +31,7 @@ void screen_info_apply_fixups(void) if (screen_info_lfb_pdev) { struct resource *pr = &screen_info_lfb_pdev->resource[screen_info_lfb_bar]; - if (pr->start != screen_info_lfb_res.start) { + if (pr->start != screen_info_lfb_region.start) { if (__screen_info_relocation_is_valid(si, pr)) { /* * Only update base if we have an actual @@ -69,10 +69,21 @@ static void screen_info_fixup_lfb(struct pci_dev *pdev) for (i = 0; i < numres; ++i) { struct resource *r = &res[i]; + struct pci_bus_region bus_region = { + .start = r->start, + .end = r->end, + }; const struct resource *pr; if (!(r->flags & IORESOURCE_MEM)) continue; + + /* + * Translate the address to resource if the framebuffer + * is behind a PCI bridge. + */ + pcibios_bus_to_resource(pdev->bus, r, &bus_region); + pr = pci_find_resource(pdev, r); if (!pr) continue; @@ -85,7 +96,7 @@ static void screen_info_fixup_lfb(struct pci_dev *pdev) screen_info_lfb_pdev = pdev; screen_info_lfb_bar = pr - pdev->resource; screen_info_lfb_offset = r->start - pr->start; - memcpy(&screen_info_lfb_res, r, sizeof(screen_info_lfb_res)); + memcpy(&screen_info_lfb_region, &bus_region, sizeof(screen_info_lfb_region)); } } DECLARE_PCI_FIXUP_CLASS_HEADER(PCI_ANY_ID, PCI_ANY_ID, PCI_BASE_CLASS_DISPLAY, 16, -- 2.49.0

11 hours, 26 minutes

2
1
0 0

[PATCH] media: imagination: fix a potential memory leak in e5010_probe()

by Haoxiang Li

Add video_device_release() to release the memory allocated by video_device_alloc() if something goes wrong. Fixes: a1e294045885 ("media: imagination: Add E5010 JPEG Encoder driver") Cc: stable(a)vger.kernel.org Signed-off-by: Haoxiang Li <haoxiang_li2024(a)163.com> --- drivers/media/platform/imagination/e5010-jpeg-enc.c | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/drivers/media/platform/imagination/e5010-jpeg-enc.c b/drivers/media/platform/imagination/e5010-jpeg-enc.c index c194f830577f..53e501b5ac0a 100644 --- a/drivers/media/platform/imagination/e5010-jpeg-enc.c +++ b/drivers/media/platform/imagination/e5010-jpeg-enc.c @@ -1057,8 +1057,11 @@ static int e5010_probe(struct platform_device *pdev) e5010->vdev->lock = &e5010->mutex; ret = v4l2_device_register(dev, &e5010->v4l2_dev); - if (ret) - return dev_err_probe(dev, ret, "failed to register v4l2 device\n"); + if (ret) { + dev_err_probe(dev, ret, "failed to register v4l2 device\n"); + goto fail_after_video_device_alloc; + } + e5010->m2m_dev = v4l2_m2m_init(&e5010_m2m_ops); if (IS_ERR(e5010->m2m_dev)) { @@ -1118,6 +1121,8 @@ static int e5010_probe(struct platform_device *pdev) v4l2_m2m_release(e5010->m2m_dev); fail_after_v4l2_register: v4l2_device_unregister(&e5010->v4l2_dev); +fail_after_video_device_alloc: + video_device_release(e5010->vdev); return ret; } -- 2.25.1

11 hours, 44 minutes

2
1
0 0

[PATCH] arm64: dts: qcom: x1e80100: Fix PCIe 3rd controller DBI size

by Abel Vesa

According to documentation, the DBI range size is 0xf20. So fix it. Cc: stable(a)vger.kernel.org # 6.14 Fixes: f8af195beeb0 ("arm64: dts: qcom: x1e80100: Add support for PCIe3 on x1e80100") Signed-off-by: Abel Vesa <abel.vesa(a)linaro.org> --- arch/arm64/boot/dts/qcom/x1e80100.dtsi | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/arch/arm64/boot/dts/qcom/x1e80100.dtsi b/arch/arm64/boot/dts/qcom/x1e80100.dtsi index 46b79fce92c90d969e3de48bc88e27915d1592bb..34ccabc3cc302b17e944b4343a37fab0bb6334e9 100644 --- a/arch/arm64/boot/dts/qcom/x1e80100.dtsi +++ b/arch/arm64/boot/dts/qcom/x1e80100.dtsi @@ -3126,7 +3126,7 @@ pcie3: pcie@1bd0000 { device_type = "pci"; compatible = "qcom,pcie-x1e80100"; reg = <0x0 0x01bd0000 0x0 0x3000>, - <0x0 0x78000000 0x0 0xf1d>, + <0x0 0x78000000 0x0 0xf20>, <0x0 0x78000f40 0x0 0xa8>, <0x0 0x78001000 0x0 0x1000>, <0x0 0x78100000 0x0 0x100000>, --- base-commit: bc8aa6cdadcc00862f2b5720e5de2e17f696a081 change-id: 20250422-x1e80100-dts-fix-pcie3-dbi-size-56fc110aa36d Best regards, -- Abel Vesa <abel.vesa(a)linaro.org>

12 hours, 41 minutes

2
1
0 0

FAILED: patch "[PATCH] ASoC: qcom: Fix sc7280 lpass potential buffer overflow" failed to apply to 6.1-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.1-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.1.y git checkout FETCH_HEAD git cherry-pick -x a31a4934b31faea76e735bab17e63d02fcd8e029 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025042138-spherical-reabsorb-d6da@gregkh' --subject-prefix 'PATCH 6.1.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From a31a4934b31faea76e735bab17e63d02fcd8e029 Mon Sep 17 00:00:00 2001 From: Evgeny Pimenov <pimenoveu12(a)gmail.com> Date: Tue, 1 Apr 2025 23:40:58 +0300 Subject: [PATCH] ASoC: qcom: Fix sc7280 lpass potential buffer overflow Case values introduced in commit 5f78e1fb7a3e ("ASoC: qcom: Add driver support for audioreach solution") cause out of bounds access in arrays of sc7280 driver data (e.g. in case of RX_CODEC_DMA_RX_0 in sc7280_snd_hw_params()). Redefine LPASS_MAX_PORTS to consider the maximum possible port id for q6dsp as sc7280 driver utilizes some of those values. Found by Linux Verification Center (linuxtesting.org) with SVACE. Fixes: 77d0ffef793d ("ASoC: qcom: Add macro for lpass DAI id's max limit") Cc: stable(a)vger.kernel.org # v6.0+ Suggested-by: Mikhail Kobuk <m.kobuk(a)ispras.ru> Suggested-by: Alexey Khoroshilov <khoroshilov(a)ispras.ru> Signed-off-by: Evgeny Pimenov <pimenoveu12(a)gmail.com> Link: https://patch.msgid.link/20250401204058.32261-1-pimenoveu12@gmail.com Signed-off-by: Mark Brown <broonie(a)kernel.org> diff --git a/sound/soc/qcom/lpass.h b/sound/soc/qcom/lpass.h index 27a2bf9a6613..de3ec6f594c1 100644 --- a/sound/soc/qcom/lpass.h +++ b/sound/soc/qcom/lpass.h @@ -13,10 +13,11 @@ #include <linux/platform_device.h> #include <linux/regmap.h> #include <dt-bindings/sound/qcom,lpass.h> +#include <dt-bindings/sound/qcom,q6afe.h> #include "lpass-hdmi.h" #define LPASS_AHBIX_CLOCK_FREQUENCY 131072000 -#define LPASS_MAX_PORTS (LPASS_CDC_DMA_VA_TX8 + 1) +#define LPASS_MAX_PORTS (DISPLAY_PORT_RX_7 + 1) #define LPASS_MAX_MI2S_PORTS (8) #define LPASS_MAX_DMA_CHANNELS (8) #define LPASS_MAX_HDMI_DMA_CHANNELS (4)

13 hours, 14 minutes

3
3
0 0

[PATCH 5.4/5.10] nvmet-fc: Remove unused functions

by WangYuli

[ Upstream commit 1b304c006b0fb4f0517a8c4ba8c46e88f48a069c ] The functions nvmet_fc_iodnum() and nvmet_fc_fodnum() are currently unutilized. Following commit c53432030d86 ("nvme-fabrics: Add target support for FC transport"), which introduced these two functions, they have not been used at all in practice. Remove them to resolve the compiler warnings. Fix follow errors with clang-19 when W=1e: drivers/nvme/target/fc.c:177:1: error: unused function 'nvmet_fc_iodnum' [-Werror,-Wunused-function] 177 | nvmet_fc_iodnum(struct nvmet_fc_ls_iod *iodptr) | ^~~~~~~~~~~~~~~ drivers/nvme/target/fc.c:183:1: error: unused function 'nvmet_fc_fodnum' [-Werror,-Wunused-function] 183 | nvmet_fc_fodnum(struct nvmet_fc_fcp_iod *fodptr) | ^~~~~~~~~~~~~~~ 2 errors generated. make[8]: *** [scripts/Makefile.build:207: drivers/nvme/target/fc.o] Error 1 make[7]: *** [scripts/Makefile.build:465: drivers/nvme/target] Error 2 make[6]: *** [scripts/Makefile.build:465: drivers/nvme] Error 2 make[6]: *** Waiting for unfinished jobs.... Fixes: c53432030d86 ("nvme-fabrics: Add target support for FC transport") Signed-off-by: WangYuli <wangyuli(a)uniontech.com> Reviewed-by: Chaitanya Kulkarni <kch(a)nvidia.com> Reviewed-by: Christoph Hellwig <hch(a)lst.de> Signed-off-by: Keith Busch <kbusch(a)kernel.org> --- drivers/nvme/target/fc.c | 14 -------------- 1 file changed, 14 deletions(-) diff --git a/drivers/nvme/target/fc.c b/drivers/nvme/target/fc.c index 846fb41da643..321859753ae8 100644 --- a/drivers/nvme/target/fc.c +++ b/drivers/nvme/target/fc.c @@ -169,20 +169,6 @@ struct nvmet_fc_tgt_assoc { struct work_struct del_work; }; - -static inline int -nvmet_fc_iodnum(struct nvmet_fc_ls_iod *iodptr) -{ - return (iodptr - iodptr->tgtport->iod); -} - -static inline int -nvmet_fc_fodnum(struct nvmet_fc_fcp_iod *fodptr) -{ - return (fodptr - fodptr->queue->fod); -} - - /* * Association and Connection IDs: * -- 2.49.0

13 hours, 27 minutes

2
1
0 0

2025

2024

2023

2022

2021

2020

2019

2018

2017

Linux-stable-mirror