[BUG] rockpro64-v2: NULL pointer dereference when booting

Heikki Krogerus heikki.krogerus at linux.intel.com
Mon Jan 24 04:13:06 PST 2022 

On Mon, Jan 24, 2022 at 11:51:48AM +0000, Alexandru Elisei wrote:
> Hi,
> 
> When booting a rockpro64-v2 with a kernel built from commit dd81e1c7d5fb
> ("Merge tag 'powerpc-5.17-2' of git://git.kernel.org/pub/scm/linux/kernel/git/powerpc/linux"),
> which was the latest commit when ran the tests, I encounter a NULL pointer
> dereference:
> 
> [..]
> [    0.000000] Kernel command line: root=PARTUUID=7f4aab92-69d8-47f3-be10-624da40a71f9 rw earlycon rootwait
> [..]
> [    3.396944] hub 7-0:1.0: USB hub found
> [    3.397575] hub 7-0:1.0: 1 port detected
> [    3.406086] ohci-platform fe3e0000.usb: Generic Platform OHCI controller
> [    3.406932] ohci-platform fe3e0000.usb: new USB bus registered, assigned bus number 8
> [    3.408530] ohci-platform fe3e0000.usb: irq 38, io mem 0xfe3e0000
> [    3.476869] hub 8-0:1.0: USB hub found
> [    3.477501] hub 8-0:1.0: 1 port detected
> [    3.483278] rk808 0-001b: chip id: 0x0
> [    3.498495] random: fast init done
> [    3.509322] rk808-regulator rk808-regulator: there is no dvs0 gpio
> [    3.510143] rk808-regulator rk808-regulator: there is no dvs1 gpio
> [    3.569278] OF: graph: no port node found in /i2c at ff3d0000/typec-portc at 22
> [    3.573471] Unable to handle kernel NULL pointer dereference at virtual address 0000000000000000
> [    3.574466] Mem abort info:
> [    3.574800]   ESR = 0x96000004
> [    3.575163]   EC = 0x25: DABT (current EL), IL = 32 bits
> [    3.575770]   SET = 0, FnV = 0
> [    3.576204]   EA = 0, S1PTW = 0
> [    3.576580]   FSC = 0x04: level 0 translation fault
> [    3.577140] Data abort info:
> [    3.577482]   ISV = 0, ISS = 0x00000004
> [    3.577927]   CM = 0, WnR = 0
> [    3.578279] [0000000000000000] user address but active_mm is swapper
> [    3.579065] Internal error: Oops: 96000004 [#1] PREEMPT SMP
> [    3.579586] Modules linked in:
> [    3.579880] CPU: 5 PID: 7 Comm: kworker/u12:0 Not tainted 5.16.0-rc6-00081-g730b49aac426 #244
> [    3.580667] Hardware name: Pine64 RockPro64 v2.0 (DT)
> [    3.581135] Workqueue: events_unbound deferred_probe_work_func
> [    3.581689] pstate: 60000005 (nZCv daif -PAN -UAO -TCO -DIT -SSBS BTYPE=--)
> [    3.582335] pc : component_master_add_with_match+0x20/0xfc
> [    3.582850] lr : typec_link_ports+0x58/0x8c
> [    3.583244] sp : ffff800013093980
> [    3.583553] x29: ffff800013093980 x28: ffff80001212b000 x27: ffff00000041d00d
> [    3.584223] x26: ffff0000063e85e0 x25: ffff800012fcb290 x24: ffff000001386820
> [    3.584891] x23: ffff000006c2e808 x22: ffff800011416670 x21: ffff000006c2e808
> [    3.585558] x20: 0000000000000000 x19: ffff000006c2e800 x18: ffffffffffffffff
> [    3.586224] x17: 000000040044ffff x16: 00400034b5503510 x15: 0000000000005ff9
> [    3.586890] x14: 0000000000000000 x13: 0000000000000003 x12: ffff0000063e8080
> [    3.587557] x11: 0000000000000005 x10: ffff800012c13a60 x9 : 0000000000000000
> [    3.588224] x8 : 0000200000000000 x7 : 0000000000000038 x6 : 000000000000004b
> [    3.588892] x5 : 0000000000000000 x4 : ffff000000711800 x3 : ffff800010cd6390
> [    3.589558] x2 : 0000000000000000 x1 : ffff800011416670 x0 : ffff000006c2e808
> [    3.590224] Call trace:
> [    3.590457]  component_master_add_with_match+0x20/0xfc
> [    3.590938]  typec_link_ports+0x58/0x8c
> [    3.591299]  typec_register_port+0x1ac/0x300
> [    3.591705]  tcpm_register_port+0x62c/0x90c
> [    3.592099]  fusb302_probe+0x260/0x430
> [    3.592453]  i2c_device_probe+0x338/0x370
> [    3.592835]  really_probe.part.0+0x9c/0x30c
> [    3.593229]  __driver_probe_device+0x98/0x144
> [    3.593639]  driver_probe_device+0xc8/0x160
> [    3.594033]  __device_attach_driver+0xb8/0x120
> [    3.594450]  bus_for_each_drv+0x78/0xd0
> [    3.594810]  __device_attach+0xd8/0x180
> [    3.595171]  device_initial_probe+0x14/0x20
> [    3.595565]  bus_probe_device+0x9c/0xa4
> [    3.595926]  deferred_probe_work_func+0x88/0xc4
> [    3.596351]  process_one_work+0x288/0x6e0
> [    3.596729]  worker_thread+0x220/0x464
> [    3.597081]  kthread+0x17c/0x190
> [    3.597392]  ret_from_fork+0x10/0x20
> [    3.597737] Code: aa0203f4 a9025bf5 aa0003f5 aa0103f6 (a9400440) 
> [    3.598301] ---[ end trace 823a8d1795013b55 ]---
> 
> The full log can be found at [1]; config file can be found at [2]. All
> pastebins expire after 6 months.
> 
> I tried bisecting the bug and the first bad commit is 730b49aac426 ("usb:
> typec: port-mapper: Convert to the component framework"). I tried to double
> check that the patch is indeed responsible by reverting it from master, but
> I got this build error:
> 
> drivers/usb/typec/port-mapper.c: In function 'typec_link_ports':
> drivers/usb/typec/port-mapper.c:256:15: error: implicit declaration of function 'usb_for_each_port'; did you mean 'usb_for_each_dev'? [-Werror=implicit-function-declaration]
>   256 |         ret = usb_for_each_port(&con->dev, each_port);
>       |               ^~~~~~~~~~~~~~~~~
>       |               usb_for_each_dev
> 
> I tried building and booting from the bad commit, and I got the same NULL
> pointer dereference error. When building from the last good commit
> (8c67d06f3fd9 ("usb: Link the ports to the connectors they are attached
> to")), the board boots just fine. The log when booting from the good commit
> can be found at [3].
> 
> I can help with debugging and testing, but I'm not familiar enough with the
> USB subsystem to fix it myself.
> 
> [1] https://pastebin.com/w4tMNhve
> [2] https://pastebin.com/SiUuLeMs
> [3] https://pastebin.com/Pcm9xmL7

There is already a fix pending:
https://lore.kernel.org/linux-usb/20220124090228.41396-3-heikki.krogerus@linux.intel.com/

thanks,

-- 
heikki

More information about the linux-arm-kernel mailing list