diff mbox series

[GIT,PULL] arm64 updates for 6.1-rc1

Message ID 20221005144116.2256580-1-catalin.marinas@arm.com (mailing list archive)
State New, archived
Headers show
Series [GIT,PULL] arm64 updates for 6.1-rc1 | expand

Pull-request

git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux tags/arm64-upstream

Commit Message

Catalin Marinas Oct. 5, 2022, 2:41 p.m. UTC
Hi Linus,

Please pull the arm64 updates for 6.1-rc1. It's almost entirely
contained within arch/arm64/, drivers/perf/ and tools/testing/ with a
few additional changes in drivers/ due to more automatic sysreg
definitions generation. There is a trivial conflict with current
mainline removing the '__nocfi' annotation while the arm64 tree makes a
pointer const for the same function. I included my merge resolution
below.

Thanks.

The following changes since commit b90cb1053190353cc30f0fef0ef1f378ccc063c5:

  Linux 6.0-rc3 (2022-08-28 15:05:29 -0700)

are available in the Git repository at:

  git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux tags/arm64-upstream

for you to fetch changes up to d2995249a2f72333a4ab4922ff3c42a76c023791:

  arm64: alternatives: Use vdso/bits.h instead of linux/bits.h (2022-10-05 10:44:44 +0100)

+++ b/arch/arm64/kernel/alternative.c
@@@ -133,8 -139,9 +139,8 @@@ static void clean_dcache_range_nopatch(
  	} while (cur += d_size, cur < end);
  }
  
- static void __apply_alternatives(struct alt_region *region, bool is_module,
- 				 unsigned long *feature_mask)
 -static void __nocfi __apply_alternatives(const struct alt_region *region,
 -					 bool is_module,
 -					 unsigned long *feature_mask)
++static void __apply_alternatives(const struct alt_region *region,
++				 bool is_module, unsigned long *feature_mask)
  {
  	struct alt_instr *alt;
  	__le32 *origptr, *updptr;

----------------------------------------------------------------
arm64 updates for 6.1:

- arm64 perf: DDR PMU driver for Alibaba's T-Head Yitian 710 SoC, SVE
  vector granule register added to the user regs together with SVE perf
  extensions documentation.

- SVE updates: add HWCAP for SVE EBF16, update the SVE ABI documentation
  to match the actual kernel behaviour (zeroing the registers on syscall
  rather than "zeroed or preserved" previously).

- More conversions to automatic system registers generation.

- vDSO: use self-synchronising virtual counter access in gettimeofday()
  if the architecture supports it.

- arm64 stacktrace cleanups and improvements.

- arm64 atomics improvements: always inline assembly, remove LL/SC
  trampolines.

- Improve the reporting of EL1 exceptions: rework BTI and FPAC exception
  handling, better EL1 undefs reporting.

- Cortex-A510 erratum 2658417: remove BF16 support due to incorrect
  result.

- arm64 defconfig updates: build CoreSight as a module, enable options
  necessary for docker, memory hotplug/hotremove, enable all PMUs
  provided by Arm.

- arm64 ptrace() support for TPIDR2_EL0 (register provided with the SME
  extensions).

- arm64 ftraces updates/fixes: fix module PLTs with mcount, remove
  unused function.

- kselftest updates for arm64: simple HWCAP validation, FP stress test
  improvements, validation of ZA regs in signal handlers, include larger
  SVE and SME vector lengths in signal tests, various cleanups.

- arm64 alternatives (code patching) improvements to robustness and
  consistency: replace cpucap static branches with equivalent
  alternatives, associate callback alternatives with a cpucap.

- Miscellaneous updates: optimise kprobe performance of patching
  single-step slots, simplify uaccess_mask_ptr(), move MTE registers
  initialisation to C, support huge vmalloc() mappings, run softirqs on
  the per-CPU IRQ stack, compat (arm32) misalignment fixups for
  multiword accesses.

----------------------------------------------------------------
Ard Biesheuvel (1):
      arm64: compat: Implement misalignment fixups for multiword loads

Catalin Marinas (4):
      Merge branches 'for-next/doc', 'for-next/sve', 'for-next/sysreg', 'for-next/gettimeofday', 'for-next/stacktrace', 'for-next/atomics', 'for-next/el1-exceptions', 'for-next/a510-erratum-2658417', 'for-next/defconfig', 'for-next/tpidr2_el0' and 'for-next/ftrace', remote-tracking branch 'arm64/for-next/perf' into for-next/core
      Merge branch 'for-next/kselftest' into for-next/core
      Merge branch 'for-next/alternatives' into for-next/core
      Merge branch 'for-next/misc' into for-next/core

Colin Ian King (1):
      kselftest/arm64: Fix spelling misakes of signal names

James Clark (3):
      perf: arm64: Add SVE vector granule register to user regs
      arm64/sve: Add Perf extensions documentation
      arm64: defconfig: Add Coresight as module

James Morse (3):
      arm64: cpufeature: Force HWCAP to be based on the sysreg visible to user-space
      arm64: cpufeature: Expose get_arm64_ftr_reg() outside cpufeature.c
      arm64: errata: remove BF16 HWCAP due to incorrect result on Cortex-A510

Joey Gouly (3):
      arm64: module: move find_section to header
      arm64: alternative: patch alternatives in the vDSO
      arm64: vdso: use SYS_CNTVCTSS_EL0 for gettimeofday

Kefeng Wang (3):
      arm64: support huge vmalloc mappings
      arm64: defconfig: Enable memory hotplug and hotremove config
      arm64: mm: handle ARM64_KERNEL_USES_PMD_MAPS in vmemmap_populate()

Kristina Martsenko (3):
      arm64: cache: Remove unused CTR_CACHE_MINLINE_MASK
      arm64/sysreg: Standardise naming for ID_AA64MMFR1_EL1 fields
      arm64/sysreg: Convert ID_AA64MMFR1_EL1 to automatic generation

Li Huafei (2):
      arm64: module: Make plt_equals_entry() static
      arm64: module: Remove unused plt_entry_is_initialized()

Liao Chang (1):
      arm64/kprobe: Optimize the performance of patching single-step slot

Liu Song (1):
      arm64: spectre: increase parameters that can be used to turn off bhb mitigation individually

Mark Brown (65):
      kselftest/arm64: Add simple hwcap validation
      kselftest/arm64: Always encourage preemption for za-test
      kselftest/arm64: Count SIGUSR2 deliveries in FP stress tests
      arm64/sve: Document our actual ABI for clearing registers on syscall
      arm64/sysreg: Add hwcap for SVE EBF16
      kselftest/arm64: Install signal handlers before output in FP stress tests
      kselftest/arm64: kselftest harness for FP stress tests
      kselftest/arm64: Tighten up validation of ZA signal context
      kselftest/arm64: Add a test for signal frames with ZA disabled
      kselftest/arm64: Enumerate SME rather than SVE vector lengths for za_regs
      kselftest/arm64: Validate signal ucontext in place
      kselftest/arm64: Fix validatation termination record after EXTRA_CONTEXT
      kselftest/arm64: Fix validation of EXTRA_CONTEXT signal context location
      kselftest/arm64: Remove unneeded protype for validate_extra_context()
      kselftest/arm64: Only validate each signal context once
      kselftest/arm64: Validate contents of EXTRA_CONTEXT blocks
      kselftest/arm64: Preserve any EXTRA_CONTEXT in handle_signal_copyctx()
      kselftest/arm64: Allow larger buffers in get_signal_context()
      kselftest/arm64: Include larger SVE and SME VLs in signal tests
      kselftest/arm64: Correct buffer allocation for SVE Z registers
      kselftest/arm64: Enforce actual ABI for SVE syscalls
      arm64/sysreg: Remove stray SMIDR_EL1 defines
      arm64/sysreg: Describe ID_AA64SMFR0_EL1.SMEVer as an enumeration
      arm64/sysreg: Add _EL1 into ID_AA64MMFR0_EL1 definition names
      arm64/sysreg: Add _EL1 into ID_AA64MMFR2_EL1 definition names
      arm64/sysreg: Add _EL1 into ID_AA64PFR0_EL1 definition names
      arm64/sysreg: Add _EL1 into ID_AA64PFR1_EL1 constant names
      arm64/sysreg: Standardise naming of ID_AA64MMFR0_EL1.BigEnd
      arm64/sysreg: Standardise naming of ID_AA64MMFR0_EL1.ASIDBits
      arm64/sysreg: Standardise naming for ID_AA64MMFR2_EL1.VARange
      arm64/sysreg: Standardise naming for ID_AA64MMFR2_EL1.CnP
      arm64/sysreg: Standardise naming for ID_AA64PFR0_EL1 constants
      arm64/sysreg: Standardise naming for ID_AA64PFR0_EL1.AdvSIMD constants
      arm64/sysreg: Standardise naming for SSBS feature enumeration
      arm64/sysreg: Standardise naming for MTE feature enumeration
      arm64/sysreg: Standardise naming of ID_AA64PFR1_EL1 fractional version fields
      arm64/sysreg: Standardise naming of ID_AA64PFR1_EL1 BTI enumeration
      arm64/sysreg: Standardise naming of ID_AA64PFR1_EL1 SME enumeration
      arm64/sysreg: Convert HCRX_EL2 to automatic generation
      arm64/sysreg: Convert ID_AA64MMFR0_EL1 to automatic generation
      arm64/sysreg: Convert ID_AA64MMFR2_EL1 to automatic generation
      arm64/sysreg: Convert ID_AA64PFR0_EL1 to automatic generation
      arm64/sysreg: Convert ID_AA64PFR1_EL1 to automatic generation
      arm64/sysreg: Convert TIPDR_EL1 to automatic generation
      arm64/sysreg: Convert SCXTNUM_EL1 to automatic generation
      arm64/sysreg: Add defintion for ALLINT
      arm64/sysreg: Align field names in ID_AA64DFR0_EL1 with architecture
      arm64/sysreg: Add _EL1 into ID_AA64DFR0_EL1 definition names
      arm64/sysreg: Use feature numbering for PMU and SPE revisions
      arm64/sysreg: Convert ID_AA64FDR0_EL1 to automatic generation
      arm64/sysreg: Convert ID_AA64DFR1_EL1 to automatic generation
      arm64/sysreg: Convert ID_AA64AFRn_EL1 to automatic generation
      kselftest/arm64: Add missing newline in hwcap output
      kselftest/arm64: Add SVE 2 to the tested hwcaps
      kselftest/arm64: Add hwcap test for RNG
      arm64: configs: Enable all PMUs provided by Arm
      kselftest/arm64: Add test coverage for NT_ARM_TLS
      arm64/ptrace: Document extension of NT_ARM_TLS to cover TPIDR2_EL0
      arm64/ptrace: Support access to TPIDR2_EL0
      kselftest/arm64: Add coverage of TPIDR2_EL0 ptrace interface
      kselftest/arm64: Fix typo in hwcap check
      kselftest/arm64: Don't enable v8.5 for MTE selftest builds
      kselftest/arm64: Don't repeat termination handler for fp-stress
      kselftest/arm64: Flag fp-stress as exiting when we begin finishing up
      kselftest/arm64: Handle EINTR while reading data from children

Mark Rutland (28):
      arm64: stacktrace: fix kerneldoc comments
      arm64: stacktrace: simplify unwind_next_common()
      arm64: stacktrace: rename unwind_next_common() -> unwind_next_frame_record()
      arm64: stacktrace: move SDEI stack helpers to stacktrace code
      arm64: stacktrace: add stackinfo_on_stack() helper
      arm64: stacktrace: rework stack boundary discovery
      arm64: stacktrace: remove stack type from fp translator
      arm64: stacktrace: track all stack boundaries explicitly
      arm64: stacktrace: track hyp stacks in unwinder's address space
      arm64: atomics: remove LL/SC trampolines
      arm64: atomic: always inline the assembly
      arm64: report EL1 UNDEFs better
      arm64: die(): pass 'err' as long
      arm64: consistently pass ESR_ELx to die()
      arm64: rework FPAC exception handling
      arm64: rework BTI exception handling
      arm64: cpufeature: make cpus_have_cap() noinstr-safe
      arm64: alternatives: kvm: prepare for cap changes
      arm64: alternatives: proton-pack: prepare for cap changes
      arm64: alternatives: hoist print out of __apply_alternatives()
      arm64: alternatives: make alt_region const
      arm64: alternatives: have callbacks take a cap
      arm64: alternatives: add alternative_has_feature_*()
      arm64: alternatives: add shared NOP callback
      arm64: avoid BUILD_BUG_ON() in alternative-macros
      arm64: uaccess: simplify uaccess_mask_ptr()
      arm64: fix the build with binutils 2.27
      arm64: ftrace: fix module PLTs with mcount

Mike Rapoport (1):
      arm64/mm: fold check for KFENCE into can_set_direct_map()

Nathan Chancellor (2):
      arm64/sysreg: Fix a few missed conversions
      arm64: alternatives: Use vdso/bits.h instead of linux/bits.h

Peter Collingbourne (1):
      arm64: mte: move register initialization to C

Qi Zheng (1):
      arm64: run softirqs on the per-CPU IRQ stack

Shuai Xue (3):
      docs: perf: Add description for Alibaba's T-Head PMU driver
      drivers/perf: add DDR Sub-System Driveway PMU driver for Yitian 710 SoC
      MAINTAINERS: add maintainers for Alibaba' T-Head PMU driver

Vincenzo Frascino (1):
      arm64: Enable docker support in defconfig

Will Deacon (2):
      arm64: dma: Drop cache invalidation from arch_dma_prep_coherent()
      arm64: asm/perf_regs.h: Avoid C++-style comment in UAPI header

Xiu Jianfeng (1):
      ARM64: reloc_test: add __init/__exit annotations to module init/exit funcs

 Documentation/admin-guide/kernel-parameters.txt    |   7 +-
 Documentation/admin-guide/perf/alibaba_pmu.rst     | 100 +++
 Documentation/admin-guide/perf/index.rst           |   1 +
 Documentation/arm64/elf_hwcaps.rst                 |   3 +
 Documentation/arm64/silicon-errata.rst             |   2 +
 Documentation/arm64/sme.rst                        |   3 +
 Documentation/arm64/sve.rst                        |  22 +-
 MAINTAINERS                                        |   6 +
 arch/arm64/Kconfig                                 |  18 +
 arch/arm64/configs/defconfig                       |  23 +
 arch/arm64/include/asm/alternative-macros.h        |  66 +-
 arch/arm64/include/asm/assembler.h                 |  20 +-
 arch/arm64/include/asm/atomic_ll_sc.h              |  58 +-
 arch/arm64/include/asm/atomic_lse.h                |  46 +-
 arch/arm64/include/asm/cache.h                     |   4 -
 arch/arm64/include/asm/cpufeature.h                |  83 ++-
 arch/arm64/include/asm/el2_setup.h                 |  18 +-
 arch/arm64/include/asm/exception.h                 |   9 +-
 arch/arm64/include/asm/hw_breakpoint.h             |   4 +-
 arch/arm64/include/asm/hwcap.h                     |   1 +
 arch/arm64/include/asm/kvm_mmu.h                   |   5 +-
 arch/arm64/include/asm/kvm_pgtable.h               |   6 +-
 arch/arm64/include/asm/lse.h                       |   5 +-
 arch/arm64/include/asm/module.h                    |  15 +-
 arch/arm64/include/asm/mte.h                       |   5 +
 arch/arm64/include/asm/processor.h                 |   2 +-
 arch/arm64/include/asm/sdei.h                      |  17 -
 arch/arm64/include/asm/stacktrace.h                |  71 +-
 arch/arm64/include/asm/stacktrace/common.h         | 221 +++---
 arch/arm64/include/asm/stacktrace/nvhe.h           |   4 +-
 arch/arm64/include/asm/sysreg.h                    | 211 +-----
 arch/arm64/include/asm/system_misc.h               |   2 +-
 arch/arm64/include/asm/uaccess.h                   |  22 +-
 arch/arm64/include/asm/vdso.h                      |   3 +
 arch/arm64/include/asm/vdso/gettimeofday.h         |  19 +-
 arch/arm64/include/uapi/asm/hwcap.h                |   1 +
 arch/arm64/include/uapi/asm/perf_regs.h            |   7 +
 arch/arm64/kernel/Makefile                         |   1 +
 arch/arm64/kernel/alternative.c                    |  94 ++-
 arch/arm64/kernel/compat_alignment.c               | 387 ++++++++++
 arch/arm64/kernel/cpu_errata.c                     |  26 +
 arch/arm64/kernel/cpufeature.c                     | 325 +++++----
 arch/arm64/kernel/cpuinfo.c                        |   1 +
 arch/arm64/kernel/debug-monitors.c                 |   2 +-
 arch/arm64/kernel/entry-common.c                   |  32 +-
 arch/arm64/kernel/entry.S                          |   8 +-
 arch/arm64/kernel/ftrace.c                         |  17 +-
 arch/arm64/kernel/head.S                           |  10 +-
 arch/arm64/kernel/hyp-stub.S                       |   8 +-
 arch/arm64/kernel/idreg-override.c                 |  10 +-
 arch/arm64/kernel/image-vars.h                     |   5 +-
 arch/arm64/kernel/irq.c                            |  14 +
 arch/arm64/kernel/module-plts.c                    |   3 +-
 arch/arm64/kernel/module.c                         |  15 -
 arch/arm64/kernel/mte.c                            |  51 ++
 arch/arm64/kernel/perf_event.c                     |   8 +-
 arch/arm64/kernel/perf_regs.c                      |  30 +-
 arch/arm64/kernel/probes/kprobes.c                 |  27 +-
 arch/arm64/kernel/proton-pack.c                    |  16 +-
 arch/arm64/kernel/ptrace.c                         |  27 +-
 arch/arm64/kernel/reloc_test_core.c                |   4 +-
 arch/arm64/kernel/sdei.c                           |  32 -
 arch/arm64/kernel/stacktrace.c                     |  66 +-
 arch/arm64/kernel/suspend.c                        |   2 +
 arch/arm64/kernel/traps.c                          |  48 +-
 arch/arm64/kernel/vdso.c                           |   3 -
 arch/arm64/kernel/vdso/vdso.lds.S                  |   7 +
 arch/arm64/kvm/debug.c                             |   4 +-
 arch/arm64/kvm/hyp/hyp-entry.S                     |   4 +-
 arch/arm64/kvm/hyp/include/nvhe/fixed_config.h     |  60 +-
 arch/arm64/kvm/hyp/nvhe/pkvm.c                     |  38 +-
 arch/arm64/kvm/hyp/nvhe/stacktrace.c               |  40 +-
 arch/arm64/kvm/hyp/nvhe/sys_regs.c                 |  10 +-
 arch/arm64/kvm/hyp/pgtable.c                       |   2 +-
 arch/arm64/kvm/pmu-emul.c                          |  16 +-
 arch/arm64/kvm/reset.c                             |  12 +-
 arch/arm64/kvm/stacktrace.c                        | 137 ++--
 arch/arm64/kvm/sys_regs.c                          |  48 +-
 arch/arm64/kvm/va_layout.c                         |   5 +-
 arch/arm64/mm/context.c                            |   6 +-
 arch/arm64/mm/dma-mapping.c                        |   2 +-
 arch/arm64/mm/fault.c                              |   3 +
 arch/arm64/mm/init.c                               |   2 +-
 arch/arm64/mm/mmu.c                                |  23 +-
 arch/arm64/mm/pageattr.c                           |   8 +-
 arch/arm64/mm/proc.S                               |  46 +-
 arch/arm64/tools/cpucaps                           |   3 +
 arch/arm64/tools/sysreg                            | 449 +++++++++++-
 drivers/firmware/efi/libstub/arm64-stub.c          |   4 +-
 drivers/hwtracing/coresight/coresight-etm4x-core.c |   4 +-
 drivers/hwtracing/coresight/coresight-trbe.h       |   3 +-
 drivers/iommu/arm/arm-smmu-v3/arm-smmu-v3-sva.c    |   6 +-
 drivers/irqchip/irq-gic-v4.c                       |   2 +-
 drivers/perf/Kconfig                               |   7 +
 drivers/perf/Makefile                              |   1 +
 drivers/perf/alibaba_uncore_drw_pmu.c              | 810 +++++++++++++++++++++
 drivers/perf/arm_pmu.c                             |   2 +-
 drivers/perf/arm_spe_pmu.c                         |   6 +-
 tools/testing/selftests/arm64/abi/.gitignore       |   2 +
 tools/testing/selftests/arm64/abi/Makefile         |   2 +-
 tools/testing/selftests/arm64/abi/hwcap.c          | 336 +++++++++
 tools/testing/selftests/arm64/abi/ptrace.c         | 241 ++++++
 tools/testing/selftests/arm64/abi/syscall-abi.c    |  61 +-
 tools/testing/selftests/arm64/fp/.gitignore        |   1 +
 tools/testing/selftests/arm64/fp/Makefile          |   5 +-
 tools/testing/selftests/arm64/fp/asm-offsets.h     |   1 +
 tools/testing/selftests/arm64/fp/fp-stress.c       | 555 ++++++++++++++
 tools/testing/selftests/arm64/fp/fpsimd-test.S     |  51 +-
 tools/testing/selftests/arm64/fp/sve-test.S        |  51 +-
 tools/testing/selftests/arm64/fp/za-test.S         |  58 +-
 tools/testing/selftests/arm64/mte/Makefile         |   5 +-
 tools/testing/selftests/arm64/mte/mte_helper.S     |   2 +
 .../selftests/arm64/signal/test_signals_utils.c    |  59 +-
 .../selftests/arm64/signal/test_signals_utils.h    |   5 +-
 .../signal/testcases/fake_sigreturn_bad_magic.c    |   2 +-
 .../signal/testcases/fake_sigreturn_bad_size.c     |   2 +-
 .../testcases/fake_sigreturn_bad_size_for_magic0.c |   2 +-
 .../testcases/fake_sigreturn_duplicated_fpsimd.c   |   2 +-
 .../testcases/fake_sigreturn_misaligned_sp.c       |   2 +-
 .../testcases/fake_sigreturn_missing_fpsimd.c      |   2 +-
 .../testcases/fake_sigreturn_sme_change_vl.c       |   2 +-
 .../testcases/fake_sigreturn_sve_change_vl.c       |   2 +-
 .../selftests/arm64/signal/testcases/sme_vl.c      |   2 +-
 .../selftests/arm64/signal/testcases/ssve_regs.c   |  25 +-
 .../selftests/arm64/signal/testcases/sve_regs.c    |  23 +-
 .../selftests/arm64/signal/testcases/sve_vl.c      |   2 +-
 .../selftests/arm64/signal/testcases/testcases.c   |  48 +-
 .../selftests/arm64/signal/testcases/testcases.h   |   9 +-
 .../selftests/arm64/signal/testcases/za_no_regs.c  | 119 +++
 .../selftests/arm64/signal/testcases/za_regs.c     |  44 +-
 130 files changed, 4615 insertions(+), 1260 deletions(-)
 create mode 100644 Documentation/admin-guide/perf/alibaba_pmu.rst
 create mode 100644 arch/arm64/kernel/compat_alignment.c
 create mode 100644 drivers/perf/alibaba_uncore_drw_pmu.c
 create mode 100644 tools/testing/selftests/arm64/abi/hwcap.c
 create mode 100644 tools/testing/selftests/arm64/abi/ptrace.c
 create mode 100644 tools/testing/selftests/arm64/fp/fp-stress.c
 create mode 100644 tools/testing/selftests/arm64/signal/testcases/za_no_regs.c

Comments

pr-tracker-bot@kernel.org Oct. 6, 2022, 7 p.m. UTC | #1
The pull request you sent on Wed,  5 Oct 2022 15:41:16 +0100:

> git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux tags/arm64-upstream

has been merged into torvalds/linux.git:
https://git.kernel.org/torvalds/c/18fd049731e67651009f316195da9281b756f2cf

Thank you!
Amit Pundir Oct. 18, 2022, 4:05 p.m. UTC | #2
On Wed, 12 Oct 2022 at 17:24, Catalin Marinas <catalin.marinas@arm.com> wrote:
>
> Hi Amit,
>
> On Sat, Oct 08, 2022 at 08:28:26PM +0530, Amit Pundir wrote:
> > On Wed, 5 Oct 2022 at 20:11, Catalin Marinas <catalin.marinas@arm.com> wrote:
> > > Will Deacon (2):
> > >       arm64: dma: Drop cache invalidation from arch_dma_prep_coherent()
> >
> > Hi Will,
> >
> > This patch broke AOSP on Dragonboard 845c (SDM845). I don't see any
> > relevant crash in the attached log and device silently reboots into
> > USB crash dump mode. The crash is fairly reproducible on db845c. I
> > could trigger it twice in 5 reboots and it always crash at the same
> > point during the boot process. Reverting this patch fixes the crash.
> >
> > I'm happy to test run any debug patche(s), that would help narrow
> > down this breakage.
>
> Cc'ing Robin, maybe he has a better idea (that's commit c44094eee32f).
> Architecturally the change shouldn't make any difference since the cache
> lines can be brought in via the linear mapping at any point. It's just
> less likely to hit a real bug (software or hardware). It's also possible
> that arch_dma_prep_coherent() is used outside the DMA API (if you have
> out of tree drivers).

Hi Catalin,

I can reproduce this crash on vanilla v6.1-rc1 as well with no
out-of-tree drivers.

>
> Leaving the original log in place for Robin. A question I have, with a
> successful boot, what's normally after the bpfloader lines are printed?
> We should try to pinpoint which device/driver causes this. It looks like
> it's well into user-space at that point (graphics about to start?)
>

Yes the device is well into user-space at this point with file-system
mounted. And it always crashes while it is busy bringing up remoteproc
(modem) and running bpf programs.

[   19.535003][    T1] init: starting service 'tqftpserv'...
[   19.579617][    T1] init: starting service 'rmtfs'...
[   19.588578][    T1] init: processing action (load_bpf_programs)
from (/system/etc/init/bpfloader.rc:17)
[   19.596465][  T456] remoteproc remoteproc0: powering up 4080000.remoteproc
[   19.600240][    T1] init: starting service 'bpfloader'...
[   19.608071][  T456] remoteproc remoteproc0: Booting fw image
qcom/sdm845/mba.mbn, size 242400
[   19.616901][    T1] init: SVC_EXEC service 'bpfloader' pid 457 (uid
0 gid 0+7 context default) started; waiting...
[   19.699862][  T457] bpfloader:
/apex/com.android.tethering/etc/flag/out-of-process exists.
[   19.710798][  T457] LibBpfLoader: Section bpfloader_min_ver value is 2 [0x2]
[   19.717980][  T457] LibBpfLoader: Section bpfloader_max_ver value
is 25 [0x19]
[   19.725375][  T457] LibBpfLoader: Section size_of_bpf_map_def value
is 120 [0x78]
[   19.732806][  T456] qcom-q6v5-mss 4080000.remoteproc: MBA booted
without debug policy, loading mpss
[   19.732996][  T457] LibBpfLoader: Section size_of_bpf_prog_def
value is 92 [0x5c]
[   19.749603][  T457] LibBpfLoader: BpfLoader version 0x0001c
ignoring ELF object /apex/com.android.tethering/etc/bpf/test.o with
max ver 0x00019
[   19.762621][  T457] bpfloader: Loaded object:
/apex/com.android.tethering/etc/bpf/test.o
        <... ...crash and reboot into bootloader here... ...>


In case of a successful boot, bpfloader exits successfully, modem
boots up fine and standard AOSP services start kicking in.

[   19.242267][    T1] init: starting service 'tqftpserv'...
[   19.272100][    T1] init: starting service 'rmtfs'...
[   19.280426][    T1] init: processing action (load_bpf_programs)
from (/system/etc/init/bpfloader.rc:17)
[   19.288715][  T448] remoteproc remoteproc0: powering up 4080000.remoteproc
[   19.290737][    T1] init: starting service 'bpfloader'...
[   19.299421][  T448] remoteproc remoteproc0: Booting fw image
qcom/sdm845/mba.mbn, size 242400
[   19.306169][    T1] init: SVC_EXEC service 'bpfloader' pid 449 (uid
0 gid 0+7 context default) started; waiting...
[   19.325297][  T449] bpfloader:
/apex/com.android.tethering/etc/flag/out-of-process exists.
[   19.335554][  T449] LibBpfLoader: Section bpfloader_min_ver value is 2 [0x2]
[   19.342773][  T449] LibBpfLoader: Section bpfloader_max_ver value
is 25 [0x19]
[   19.350194][  T449] LibBpfLoader: Section size_of_bpf_map_def value
is 120 [0x78]
[   19.357886][  T449] LibBpfLoader: Section size_of_bpf_prog_def
value is 92 [0x5c]
[   19.365476][  T449] LibBpfLoader: BpfLoader version 0x0001c
ignoring ELF object /apex/com.android.tethering/etc/bpf/test.o with
max ver 0x00019
[   19.378519][  T449] bpfloader: Loaded object:
/apex/com.android.tethering/etc/bpf/test.o
[   19.391515][  T449] LibBpfLoader: Section bpfloader_min_ver value is 2 [0x2]
[   19.397239][  T448] qcom-q6v5-mss 4080000.remoteproc: MBA booted
without debug policy, loading mpss
[   19.398678][  T449] LibBpfLoader: Section bpfloader_max_ver value
is 25 [0x19]
[   19.415184][  T449] LibBpfLoader: Section size_of_bpf_map_def value
is 120 [0x78]
[   19.422825][  T449] LibBpfLoader: Section size_of_bpf_prog_def
value is 92 [0x5c]
[   19.430424][  T449] LibBpfLoader: BpfLoader version 0x0001c
ignoring ELF object /apex/com.android.tethering/etc/bpf/offload.o with
max ver 0x00019
[   19.443723][  T449] bpfloader: Loaded object:
/apex/com.android.tethering/etc/bpf/offload.o
[   19.453137][  T449] LibBpfLoader: Section bpfloader_min_ver value
is 25 [0x19]
[   19.460494][  T449] LibBpfLoader: Section bpfloader_max_ver value
is 65536 [0x10000]
[   19.468349][  T449] LibBpfLoader: Section size_of_bpf_map_def value
is 120 [0x78]
[   19.475903][  T449] LibBpfLoader: Section size_of_bpf_prog_def
value is 92 [0x5c]
[   19.483450][  T449] LibBpfLoader: BpfLoader version 0x0001c
processing ELF object /apex/com.android.tethering/etc/bpf/test@btf.o
with ver [0x00019,0x10000)
[   19.527906][  T449] LibBpfLoader: map
/sys/fs/bpf/tethering/map_test_tether_downstream6_map id 1
[   19.536802][  T449] LibBpfLoader: map
/sys/fs/bpf/tethering/map_test_bitmap id 2
[   19.545451][  T449] LibBpfLoader: prog
/sys/fs/bpf/tethering/prog_test_xdp_drop_ipv4_udp_ether id 1
[   19.554598][  T449] bpfloader: Loaded object:
/apex/com.android.tethering/etc/bpf/test@btf.o
[   19.565372][  T449] LibBpfLoader: Section bpfloader_min_ver value
is 25 [0x19]
[   19.572672][  T449] LibBpfLoader: Section bpfloader_max_ver value
is 65536 [0x10000]
[   19.580511][  T449] LibBpfLoader: Section size_of_bpf_map_def value
is 120 [0x78]
[   19.588069][  T449] LibBpfLoader: Section size_of_bpf_prog_def
value is 92 [0x5c]
[   19.595611][  T449] LibBpfLoader: BpfLoader version 0x0001c
processing ELF object
/apex/com.android.tethering/etc/bpf/offload@btf.o with ver
[0x00019,0x10000)
[   19.629859][  T449] LibBpfLoader: map
/sys/fs/bpf/tethering/map_offload_tether_error_map id 3
[   19.636219][  T448] remoteproc remoteproc0: remote processor
4080000.remoteproc is now up
[   19.646726][  T449] LibBpfLoader: map
/sys/fs/bpf/tethering/map_offload_tether_stats_map id 4
[   19.646817][  T448] rmtfs (448) used greatest stack depth: 9952 bytes left
[   19.662274][  T449] LibBpfLoader: map
/sys/fs/bpf/tethering/map_offload_tether_limit_map id 5
[   19.670941][  T449] LibBpfLoader: map
/sys/fs/bpf/tethering/map_offload_tether_downstream6_map id 6
[   19.680189][  T449] LibBpfLoader: map
/sys/fs/bpf/tethering/map_offload_tether_downstream64_map id 7
[   19.689463][  T449] LibBpfLoader: map
/sys/fs/bpf/tethering/map_offload_tether_upstream6_map id 8
[   19.698492][  T449] LibBpfLoader: map
/sys/fs/bpf/tethering/map_offload_tether_downstream4_map id 9
[   19.707692][  T449] LibBpfLoader: map
/sys/fs/bpf/tethering/map_offload_tether_upstream4_map id 10
[   19.762291][  T449] LibBpfLoader: map
/sys/fs/bpf/tethering/map_offload_tether_dev_map id 11
[   19.781943][  T449] LibBpfLoader: prog
/sys/fs/bpf/tethering/prog_offload_schedcls_tether_downstream6_ether
id 2
[   19.793483][  T449] LibBpfLoader: prog
/sys/fs/bpf/tethering/prog_offload_schedcls_tether_upstream6_ether id
3
[   19.804834][  T449] LibBpfLoader: prog
/sys/fs/bpf/tethering/prog_offload_schedcls_tether_downstream6_rawip
id 4
[   19.816326][  T449] LibBpfLoader: prog
/sys/fs/bpf/tethering/prog_offload_schedcls_tether_upstream6_rawip id
5
[   19.828262][  T449] LibBpfLoader: prog
/sys/fs/bpf/tethering/prog_offload_schedcls_tether_downstream4_rawip
id 6
[   19.840313][  T449] LibBpfLoader: prog
/sys/fs/bpf/tethering/prog_offload_schedcls_tether_upstream4_rawip id
7
[   19.852089][  T449] LibBpfLoader: prog
/sys/fs/bpf/tethering/prog_offload_schedcls_tether_downstream4_ether
id 8
[   19.864041][  T449] LibBpfLoader: prog
/sys/fs/bpf/tethering/prog_offload_schedcls_tether_upstream4_ether id
9
[   19.875042][  T449] LibBpfLoader: prog
/sys/fs/bpf/tethering/prog_offload_xdp_tether_downstream_ether id 10
[   19.885521][  T449] LibBpfLoader: prog
/sys/fs/bpf/tethering/prog_offload_xdp_tether_downstream_rawip id 11
[   19.896037][  T449] LibBpfLoader: prog
/sys/fs/bpf/tethering/prog_offload_xdp_tether_upstream_ether id 12
[   19.906437][  T449] LibBpfLoader: prog
/sys/fs/bpf/tethering/prog_offload_xdp_tether_upstream_rawip id 13
[   19.916186][  T449] bpfloader: Loaded object:
/apex/com.android.tethering/etc/bpf/offload@btf.o
[   19.927346][  T449] LibBpfLoader: Section bpfloader_min_ver value is 13 [0xd]
[   19.934578][  T449] LibBpfLoader: Section bpfloader_max_ver value
is 65536 [0x10000]
[   19.942419][  T449] LibBpfLoader: Section size_of_bpf_map_def value
is 120 [0x78]
[   19.949981][  T449] LibBpfLoader: Section size_of_bpf_prog_def
value is 92 [0x5c]
[   19.957519][  T449] LibBpfLoader: BpfLoader version 0x0001c
processing ELF object
/apex/com.android.tethering/etc/bpf/netd_shared/netd.o with ver
[0x0000d,0x10000)
[   19.981108][  T449] LibBpfLoader: map configuration_map
selinux_context [fs_bpf_netd_readonly            ] -> 5 ->
'fs_bpf_netd_readonly' (netd_readonly/)
[   19.995188][  T449] LibBpfLoader: map
/sys/fs/bpf/netd_shared/map_netd_configuration_map id 12
[   20.004173][  T449] LibBpfLoader: map
/sys/fs/bpf/netd_shared/map_netd_cookie_tag_map id 13
[   20.012604][  T449] LibBpfLoader: map uid_counterset_map
selinux_context [fs_bpf_net_shared               ] -> 4 ->
'fs_bpf_net_shared' (net_shared/)
[   20.026214][  T449] LibBpfLoader: map
/sys/fs/bpf/netd_shared/map_netd_uid_counterset_map id 14
[   20.034984][  T449] LibBpfLoader: map app_uid_stats_map
selinux_context [fs_bpf_net_shared               ] -> 4 ->
'fs_bpf_net_shared' (net_shared/)
[   20.048710][  T449] LibBpfLoader: map
/sys/fs/bpf/netd_shared/map_netd_app_uid_stats_map id 15
[   20.057599][  T449] LibBpfLoader: map
/sys/fs/bpf/netd_shared/map_netd_stats_map_A id 16
[   20.065765][  T449] LibBpfLoader: map stats_map_B selinux_context
[fs_bpf_netd_readonly            ] -> 5 -> 'fs_bpf_netd_readonly'
(netd_readonly/)
[   20.079363][  T449] LibBpfLoader: map
/sys/fs/bpf/netd_shared/map_netd_stats_map_B id 17
[   20.087521][  T449] LibBpfLoader: map iface_stats_map
selinux_context [fs_bpf_net_shared               ] -> 4 ->
'fs_bpf_net_shared' (net_shared/)
[   20.100823][  T449] LibBpfLoader: map
/sys/fs/bpf/netd_shared/map_netd_iface_stats_map id 18
[   20.109330][  T449] LibBpfLoader: map uid_owner_map selinux_context
[fs_bpf_net_shared               ] -> 4 -> 'fs_bpf_net_shared'
(net_shared/)
[   20.122473][  T449] LibBpfLoader: map
/sys/fs/bpf/netd_shared/map_netd_uid_owner_map id 19
[   20.130897][  T449] LibBpfLoader: map
/sys/fs/bpf/netd_shared/map_netd_uid_permission_map id 20
[   20.139676][  T449] LibBpfLoader: map iface_index_name_map
selinux_context [fs_bpf_net_shared               ] -> 4 ->
'fs_bpf_net_shared' (net_shared/)
[   20.153413][  T449] LibBpfLoader: map
/sys/fs/bpf/netd_shared/map_netd_iface_index_name_map id 21
[   20.163738][  T449] LibBpfLoader: prog cgroupskb_ingress_stats
selinux_context [fs_bpf_netd_readonly            ] -> 5 ->
'fs_bpf_netd_readonly' (netd_readonly/)
[   20.180672][  T449] LibBpfLoader: prog
/sys/fs/bpf/netd_shared/prog_netd_cgroupskb_ingress_stats id 14
[   20.190075][  T449] LibBpfLoader: prog cgroupskb_egress_stats
selinux_context [fs_bpf_netd_readonly            ] -> 5 ->
'fs_bpf_netd_readonly' (netd_readonly/)
[   20.206105][  T449] LibBpfLoader: prog
/sys/fs/bpf/netd_shared/prog_netd_cgroupskb_egress_stats id 15
[   20.216274][  T449] LibBpfLoader: prog
/sys/fs/bpf/netd_shared/prog_netd_skfilter_egress_xtbpf id 16
[   20.226376][  T449] LibBpfLoader: prog
/sys/fs/bpf/netd_shared/prog_netd_skfilter_ingress_xtbpf id 17
[   20.235683][  T449] LibBpfLoader: prog schedact_ingress_account
selinux_context [fs_bpf_net_shared               ] -> 4 ->
'fs_bpf_net_shared' (net_shared/)
[   20.250698][  T449] LibBpfLoader: prog
/sys/fs/bpf/netd_shared/prog_netd_schedact_ingress_account id 18
[   20.261050][  T449] LibBpfLoader: prog
/sys/fs/bpf/netd_shared/prog_netd_skfilter_allowlist_xtbpf id 19
[   20.271359][  T449] LibBpfLoader: prog
/sys/fs/bpf/netd_shared/prog_netd_skfilter_denylist_xtbpf id 20
[   20.280757][  T449] LibBpfLoader: prog cgroupsock_inet_create
selinux_context [fs_bpf_netd_readonly            ] -> 5 ->
'fs_bpf_netd_readonly' (netd_readonly/)
[   20.296020][  T449] LibBpfLoader: prog
/sys/fs/bpf/netd_shared/prog_netd_cgroupsock_inet_create id 21
[   20.305386][  T449] bpfloader: Loaded object:
/apex/com.android.tethering/etc/bpf/netd_shared/netd.o
[   20.315965][  T449] LibBpfLoader: Section bpfloader_min_ver value is 13 [0xd]
[   20.323187][  T449] LibBpfLoader: Section bpfloader_max_ver value
is 65536 [0x10000]
[   20.331029][  T449] LibBpfLoader: Section size_of_bpf_map_def value
is 120 [0x78]
[   20.338590][  T449] LibBpfLoader: Section size_of_bpf_prog_def
value is 92 [0x5c]
[   20.346129][  T449] LibBpfLoader: BpfLoader version 0x0001c
processing ELF object
/apex/com.android.tethering/etc/bpf/net_shared/dscpPolicy.o with ver
[0x0000d,0x10000)
[   20.368275][  T449] LibBpfLoader: map
/sys/fs/bpf/net_shared/map_dscpPolicy_socket_policy_cache_map id 22
[   20.377973][  T449] LibBpfLoader: map
/sys/fs/bpf/net_shared/map_dscpPolicy_ipv4_dscp_policies_map id 23
[   20.387561][  T449] LibBpfLoader: map
/sys/fs/bpf/net_shared/map_dscpPolicy_ipv6_dscp_policies_map id 24
[   20.410850][  T449] LibBpfLoader: prog
/sys/fs/bpf/net_shared/prog_dscpPolicy_schedcls_set_dscp_ether id 22
[   20.420760][  T449] bpfloader: Loaded object:
/apex/com.android.tethering/etc/bpf/net_shared/dscpPolicy.o
[   20.432580][  T449] LibBpfLoader: Section bpfloader_min_ver value is 13 [0xd]
[   20.439803][  T449] LibBpfLoader: Section bpfloader_max_ver value
is 65536 [0x10000]
[   20.447640][  T449] LibBpfLoader: Section size_of_bpf_map_def value
is 120 [0x78]
[   20.455200][  T449] LibBpfLoader: Section size_of_bpf_prog_def
value is 92 [0x5c]
[   20.462739][  T449] LibBpfLoader: BpfLoader version 0x0001c
processing ELF object
/apex/com.android.tethering/etc/bpf/net_shared/block.o with ver
[0x0000d,0x10000)
[   20.505305][  T449] LibBpfLoader: map
/sys/fs/bpf/net_shared/map_block_blocked_ports_map id 25
[   20.515150][  T449] LibBpfLoader: prog
/sys/fs/bpf/net_shared/prog_block_bind4_block_port id 23
[   20.524754][  T449] LibBpfLoader: prog
/sys/fs/bpf/net_shared/prog_block_bind6_block_port id 24
[   20.533575][  T449] bpfloader: Loaded object:
/apex/com.android.tethering/etc/bpf/net_shared/block.o
[   20.544256][  T449] LibBpfLoader: Section bpfloader_min_ver value is 13 [0xd]
[   20.551477][  T449] LibBpfLoader: Section bpfloader_max_ver value
is 65536 [0x10000]
[   20.559313][  T449] LibBpfLoader: Section size_of_bpf_map_def value
is 120 [0x78]
[   20.566875][  T449] LibBpfLoader: Section size_of_bpf_prog_def
value is 92 [0x5c]
[   20.574412][  T449] LibBpfLoader: BpfLoader version 0x0001c
processing ELF object
/apex/com.android.tethering/etc/bpf/net_shared/clatd.o with ver
[0x0000d,0x10000)
[   20.617474][  T449] LibBpfLoader: map
/sys/fs/bpf/net_shared/map_clatd_clat_ingress6_map id 26
[   20.626210][  T449] LibBpfLoader: map
/sys/fs/bpf/net_shared/map_clatd_clat_egress4_map id 27
[   20.636225][  T449] LibBpfLoader: prog
/sys/fs/bpf/net_shared/prog_clatd_schedcls_ingress6_clat_ether id 25
[   20.647124][  T449] LibBpfLoader: prog
/sys/fs/bpf/net_shared/prog_clatd_schedcls_ingress6_clat_rawip id 26
[   20.657696][  T449] LibBpfLoader: prog
/sys/fs/bpf/net_shared/prog_clatd_schedcls_egress4_clat_ether id 27
[   20.668425][  T449] LibBpfLoader: prog
/sys/fs/bpf/net_shared/prog_clatd_schedcls_egress4_clat_rawip id 28
[   20.678202][  T449] bpfloader: Loaded object:
/apex/com.android.tethering/etc/bpf/net_shared/clatd.o
[   20.703175][  T449] LibBpfLoader: Section bpfloader_min_ver value
is 28 [0x1c]
[   20.710475][  T449] LibBpfLoader: Section bpfloader_max_ver value
is 65536 [0x10000]
[   20.718306][  T449] LibBpfLoader: Section size_of_bpf_map_def value
is 120 [0x78]
[   20.725864][  T449] LibBpfLoader: Section size_of_bpf_prog_def
value is 92 [0x5c]
[   20.733404][  T449] LibBpfLoader: BpfLoader version 0x0001c
processing ELF object /system/etc/bpf/gpuWork.o with ver
[0x0001c,0x10000)
[   20.746152][  T449] LibBpfLoader: map
/sys/fs/bpf/map_gpuWork_gpu_work_map id 28
[   20.753644][  T449] LibBpfLoader: map
/sys/fs/bpf/map_gpuWork_gpu_work_global_data id 29
[   20.762876][  T449] LibBpfLoader: prog
/sys/fs/bpf/prog_gpuWork_tracepoint_power_gpu_work_period id 29
[   20.772275][  T449] bpfloader: Loaded object: /system/etc/bpf/gpuWork.o
[   20.779516][  T449] LibBpfLoader: Section bpfloader_min_ver value
is 28 [0x1c]
[   20.786846][  T449] LibBpfLoader: Section bpfloader_max_ver value
is 65536 [0x10000]
[   20.794688][  T449] LibBpfLoader: Section size_of_bpf_map_def value
is 120 [0x78]
[   20.802245][  T449] LibBpfLoader: Section size_of_bpf_prog_def
value is 92 [0x5c]
[   20.809784][  T449] LibBpfLoader: BpfLoader version 0x0001c
processing ELF object /system/etc/bpf/gpuMem.o with ver
[0x0001c,0x10000)
[   20.849720][  T449] LibBpfLoader: map
/sys/fs/bpf/map_gpuMem_gpu_mem_total_map id 30
[   20.858655][  T449] LibBpfLoader: prog
/sys/fs/bpf/prog_gpuMem_tracepoint_gpu_mem_gpu_mem_total id 30
[   20.867977][  T449] bpfloader: Loaded object: /system/etc/bpf/gpuMem.o
[   20.874900][  T449] LibBpfLoader: Section bpfloader_min_ver value
is 28 [0x1c]
[   20.882196][  T449] LibBpfLoader: Section bpfloader_max_ver value
is 65536 [0x10000]
[   20.890031][  T449] LibBpfLoader: Section size_of_bpf_map_def value
is 120 [0x78]
[   20.897583][  T449] LibBpfLoader: Section size_of_bpf_prog_def
value is 92 [0x5c]
[   20.905124][  T449] LibBpfLoader: BpfLoader version 0x0001c
processing ELF object /system/etc/bpf/fuseMedia.o with ver
[0x0001c,0x10000)
[   20.917800][  T449] LibBpfLoader: No maps section could be found in
elf object
[   20.925097][  T449] bpfloader: Loaded object: /system/etc/bpf/fuseMedia.o
[   20.932463][  T449] LibBpfLoader: Section bpfloader_min_ver value
is 28 [0x1c]
[   20.939774][  T449] LibBpfLoader: Section bpfloader_max_ver value
is 65536 [0x10000]
[   20.947610][  T449] LibBpfLoader: Section size_of_bpf_map_def value
is 120 [0x78]
[   20.955166][  T449] LibBpfLoader: Section size_of_bpf_prog_def
value is 92 [0x5c]
[   20.962702][  T449] LibBpfLoader: BpfLoader version 0x0001c
processing ELF object /system/etc/bpf/timeInState.o with ver
[0x0001c,0x10000)
[   20.982983][  T449] LibBpfLoader: map
/sys/fs/bpf/map_timeInState_total_time_in_state_map id 31
[   20.992893][  T449] LibBpfLoader: map
/sys/fs/bpf/map_timeInState_uid_time_in_state_map id 32
[   21.002295][  T449] LibBpfLoader: map
/sys/fs/bpf/map_timeInState_uid_concurrent_times_map id 33
[   21.011230][  T449] LibBpfLoader: map
/sys/fs/bpf/map_timeInState_uid_last_update_map id 34
[   21.019706][  T449] LibBpfLoader: map
/sys/fs/bpf/map_timeInState_cpu_last_update_map id 35
[   21.028159][  T449] LibBpfLoader: map
/sys/fs/bpf/map_timeInState_cpu_last_pid_map id 36
[   21.036347][  T449] LibBpfLoader: map
/sys/fs/bpf/map_timeInState_cpu_policy_map id 37
[   21.044356][  T449] LibBpfLoader: map
/sys/fs/bpf/map_timeInState_policy_freq_idx_map id 38
[   21.052856][  T449] LibBpfLoader: map
/sys/fs/bpf/map_timeInState_freq_to_idx_map id 39
[   21.060973][  T449] LibBpfLoader: map
/sys/fs/bpf/map_timeInState_nr_active_map id 40
[   21.068895][  T449] LibBpfLoader: map
/sys/fs/bpf/map_timeInState_policy_nr_active_map id 41
[   21.077437][  T449] LibBpfLoader: map
/sys/fs/bpf/map_timeInState_pid_tracked_hash_map id 42
[   21.085969][  T449] LibBpfLoader: map
/sys/fs/bpf/map_timeInState_pid_tracked_map id 43
[   21.094099][  T449] LibBpfLoader: map
/sys/fs/bpf/map_timeInState_pid_task_aggregation_map id 44
[   21.103893][  T449] LibBpfLoader: map
/sys/fs/bpf/map_timeInState_pid_time_in_state_map id 45
[   21.116868][  T449] LibBpfLoader: prog
/sys/fs/bpf/prog_timeInState_tracepoint_sched_sched_switch id 31
[   21.127324][  T449] LibBpfLoader: prog
/sys/fs/bpf/prog_timeInState_tracepoint_power_cpu_frequency id 32
[   21.137979][  T449] LibBpfLoader: prog
/sys/fs/bpf/prog_timeInState_tracepoint_sched_sched_process_free id 33
[   21.148047][  T449] bpfloader: Loaded object: /system/etc/bpf/timeInState.o
[   21.157656][    T1] init: Service 'bpfloader' (pid 449) exited with
status 0 waiting took 1.853000 seconds
[   21.167396][    T1] init: Sending signal 9 to service 'bpfloader'
(pid 449) process group...
[   21.176037][    T1] libprocessgroup: Successfully killed process
cgroup uid 0 pid 449 in 0ms
[   21.186578][    T1] init: processing action
(ro.crypto.state=encrypted && ro.crypto.type=file && zygote-start)
from (/system/etc/init/hw/init.rc:1060)
[   21.200189][    T1] init:
start_waiting_for_property("odsign.verification.done", "1"): already
set
[   21.209345][    T1] init: Command 'exec_start
update_verifier_nonencrypted' action=ro.crypto.state=encrypted &&
ro.crypto.type=file && zygote-start (/system/etc/init/hw/init.rc:1063)
took 0ms and failed: Service not found
[   21.231829][    T1] init: starting service 'statsd'...
[   21.237303][    T1] init: Created socket '/dev/socket/statsdw',
mode 222, user 1066, group 1066
[   21.260054][    T1] init: starting service 'netd'...
[   21.265386][    T1] init: Created socket '/dev/socket/dnsproxyd',
mode 660, user 0, group 3003
[   21.274241][    T1] init: Created socket '/dev/socket/mdns', mode
660, user 0, group 1000
[   21.282628][    T1] init: Created socket '/dev/socket/fwmarkd',
mode 660, user 0, group 3003
[   21.294432][    T1] init: starting service 'zygote'...
[   21.299968][    T1] init: Created socket '/dev/socket/zygote', mode
660, user 0, group 1000
[   21.308548][    T1] init: Created socket
'/dev/socket/usap_pool_primary', mode 660, user 0, group 1000
[   21.320892][    T1] init: starting service 'zygote_secondary'...
[   21.327157][    T1] init: Created socket
'/dev/socket/zygote_secondary', mode 660, user 0, group 1000
[   21.336591][    T1] init: Created socket
'/dev/socket/usap_pool_secondary', mode 660, user 0, group 1000
[   21.348788][    T1] init: processing action (zygote-start) from
(/vendor/etc/init/init.db845c.rc:38)
[   21.360963][    T1] init: processing action
(firmware_mounts_complete) from (/system/etc/init/hw/init.rc:513)
[   21.371050][    T1] init: processing action (early-boot) from
(/system/etc/init/installd.rc:5)
[   21.385885][    T1] init: processing action (early-boot) from
(/vendor/etc/init/init.db845c.rc:30)
[   21.395343][    T1] init: Command 'mount debugfs debugfs
/sys/kernel/debug' action=early-boot
(/vendor/etc/init/init.db845c.rc:31) took 0ms and failed: mount()
failed: Device or resource busy
[   21.413899][    T1] init: processing action (boot) from
(/system/etc/init/hw/init.rc:1074)
[   21.424621][    T1] init: Command 'write
/dev/sys/block/by-name/rootdisk/queue/discard_max_bytes 134217728'
action=boot (/system/etc/init/hw/init.rc:1120) took 0ms and failed:
Unable to write to file
'/dev/sys/block/by-name/rootdisk/queue/discard_max_bytes': open()
failed: Permission denied
[   21.424733][  T336] type=1400 audit(27.187:4): avc: denied { write
} for comm="init" name="discard_max_bytes" dev="sysfs" ino=40490
scontext=u:r:init:s0 tcontext=u:object_r:sysfs:s0 tclass=file
permissive=0
[   21.451424][    T1] init: Command 'verity_update_state' action=boot
(/system/etc/init/hw/init.rc:1179) took 0ms and failed:
fs_mgr_load_verity_state() failed
[   21.483352][    T1] init: starting service 'hidl_memory'...
[   21.506462][    T1] init: starting service 'vendor.audio-hal'...
[   21.515157][    T1] init: starting service 'btlinux-1.1'...
[   21.544305][    T1] init: starting service
'vendor.camera-provider-2-4-ext'...
[   21.554697][    T1] init: starting service 'vendor.cas-hal-1-2'...
[   21.563521][    T1] init: starting service 'vendor.gatekeeper-1-0'...
[   21.572369][    T1] init: starting service 'vendor.graphics.allocator-4-0'...
[   21.581826][    T1] init: starting service 'vendor.hwcomposer-2-3'...
[   21.590550][    T1] init: starting service 'health-hal-2-1'...
[   21.598974][    T1] init: starting service 'vendor.power-default'...
[   21.607702][    T1] init: starting service 'vendor.power.stats-default'...
[   21.616988][    T1] init: Command 'class_start hal' action=boot
(/system/etc/init/hw/init.rc:1182) took 133ms and succeeded
[   21.628257][    T1] init: service 'ueventd' requested start, but it
is already running (flags: 2084)
[   21.637473][    T1] init: service 'console' requested start, but it
is already running (flags: 148)
[   21.641487][  T489] healthd: No battery devices found
[   21.643265][  T487] msm_dpu ae01000.display-controller:
[drm:adreno_request_fw [msm]] loaded qcom/a630_sqe.fw from new
location
[   21.646597][    T1] init: service 'apexd' requested start, but it
is already running (flags: 134)
[   21.646810][    T1] init: starting service 'audioserver'...
[   21.649530][  T487] msm_dpu ae01000.display-controller:
[drm:adreno_request_fw [msm]] loaded qcom/a630_gmu.bin from new
location
[   21.654333][  T489] healthd: battery l=85 v=3600 t=35.0 h=2 st=2 chg=au
[   21.665741][    T1] init: starting service 'credstore'...
[   21.724265][    T1] init: starting service 'gpu'...
[   21.731719][    T1] init: service 'lmkd' requested start, but it is
already running (flags: 36)
[   21.740534][    T1] init: service 'servicemanager' requested start,
but it is already running (flags: 2084)
[   21.750640][    T1] init: starting service 'surfaceflinger'...
[   21.756734][    T1] init: Could not create socket
'pdx/system/vr/display/client': Failed to bind socket
'pdx/system/vr/display/client': No such file or directory
[   21.771622][    T1] init: Could not create socket
'pdx/system/vr/display/manager': Failed to bind socket
'pdx/system/vr/display/manager': No such file or directory
[   21.786631][    T1] init: Could not create socket
'pdx/system/vr/display/vsync': Failed to bind socket
'pdx/system/vr/display/vsync': No such file or directory
[   21.827039][    T1] init: service 'vold' requested start, but it is
already running (flags: 2052)
[   21.836014][    T1] init: service 'qrtr-ns' requested start, but it
is already running (flags: 134)
[   21.845138][    T1] init: service 'pd_mapper' requested start, but
it is already running (flags: 134)
[   21.854438][    T1] init: service 'tqftpserv' requested start, but
it is already running (flags: 134)
[   21.863743][    T1] init: service 'rmtfs' requested start, but it
is already running (flags: 134)
[   21.872708][    T1] init: Command 'class_start core' action=boot
(/system/etc/init/hw/init.rc:1184) took 244ms and succeeded
[   21.884040][    T1] init: processing action
(persist.sys.usb.config=* && boot) from
(/system/etc/init/hw/init.usb.rc:108)
[   21.895504][    T1] init: processing action (boot) from
(/system/etc/init/dumpstate.rc:1)
[   21.903868][    T1] init: processing action (boot) from
(/system/etc/init/gsid.rc:25)
[   21.908105][   T11] ath10k_snoc 18800000.wifi: qmi chip_id 0x30214
chip_family 0x4001 board_id 0xff soc_id 0x40030001
[   21.912021][    T1] init: starting service 'exec 15
(/system/bin/gsid run-startup-tasks)'...
[   21.922451][   T11] ath10k_snoc 18800000.wifi: qmi fw_version
0x2009856b fw_build_timestamp 2018-07-19 12:28 fw_build_id
QC_IMAGE_VERSION_STRING=WLAN.HL.2.0-01387-QCAHLSWMTPLZ-1
[   21.948810][    T1] init: processing action
(persist.device_config.profcollect_native_boot.enabled= && boot) from
(/system/etc/init/profcollectd.rc:19)
[   21.962718][    T1] init: starting service 'exec 16
(/system/bin/profcollectctl reset)'...
[   21.972858][    T1] init: processing action (boot) from
(/vendor/etc/init/init.db845c.usb.rc:1)
[   21.981877][    T1] init: Command 'mount configfs none /config'
action=boot (/vendor/etc/init/init.db845c.usb.rc:2) took 0ms and
failed: mount() failed: Device or resource busy
[   22.000190][    T1] init: Service 'exec 15 (/system/bin/gsid
run-startup-tasks)' (pid 522) exited with status 0 oneshot service
took 0.052000 seconds in background
[   22.014936][    T1] init: Sending signal 9 to service 'exec 15
(/system/bin/gsid run-startup-tasks)' (pid 522) process group...
[   22.026605][    T1] libprocessgroup: Successfully killed process
cgroup uid 0 pid 522 in 0ms
[   22.039827][  T263] file system registered
[   22.058523][    T1] init: processing action
(enable_property_trigger) from (<Builtin Action>:0)
[   22.067632][    T1] init: processing action (apexd.status=ready &&
ro.product.cpu.abilist32=*) from (/system/etc/init/hw/init.rc:484)
[   22.082698][    T1] init: starting service 'boringssl_self_test_apex32'...
[   22.092119][    T1] init: SVC_EXEC service
'boringssl_self_test_apex32' pid 528 (uid 0 gid 0+0 context default)
started; waiting...
[   22.308290][  T336] type=1400 audit(28.071:5): avc: denied { read }
for comm="composer@2.3-se" name="u:object_r:vendor_hw_prop:s0"
dev="tmpfs" ino=298 scontext=u:r:hal_graphics_composer_default:s0
tcontext=u:object_r:vendor_hw_prop:s0 tclass=file permissive=0
[   22.335281][    T1] init: Service 'boringssl_self_test_apex32' (pid
528) exited with status 0 waiting took 0.244000 seconds
[   22.346515][    T1] init: Sending signal 9 to service
'boringssl_self_test_apex32' (pid 528) process group...
[   22.356615][    T1] libprocessgroup: Successfully killed process
cgroup uid 0 pid 528 in 0ms
[   22.366335][    T1] init: processing action (apexd.status=ready &&
ro.product.cpu.abilist64=*) from (/system/etc/init/hw/init.rc:486)
[   22.378727][    T1] init: starting service 'boringssl_self_test_apex64'...
[   22.403204][    T1] init: SVC_EXEC service
'boringssl_self_test_apex64' pid 539 (uid 0 gid 0+0 context default)
started; waiting...
[   22.473464][    T1] init: Service 'boringssl_self_test_apex64' (pid
539) exited with status 0 waiting took 0.086000 seconds
[   22.484721][    T1] init: Sending signal 9 to service
'boringssl_self_test_apex64' (pid 539) process group...
[   22.494858][    T1] libprocessgroup: Successfully killed process
cgroup uid 0 pid 539 in 0ms
[   22.504380][    T1] init: processing action (bootreceiver.enable=1
&& ro.product.cpu.abilist64=*) from (/system/etc/init/hw/init.rc:657)
[   22.561656][    T1] init: Service 'exec 16
(/system/bin/profcollectctl reset)' (pid 523) exited with status 0
oneshot service took 0.589000 seconds in background
[   22.576223][    T1] init: Sending signal 9 to service 'exec 16
(/system/bin/profcollectctl reset)' (pid 523) process group...
[   22.587719][    T1] libprocessgroup: Successfully killed process
cgroup uid 0 pid 523 in 0ms
[   22.598544][    T1] init: processing action
(net.tcp_def_init_rwnd=*) from (/system/etc/init/hw/init.rc:1214)
[   22.608696][    T1] init: processing action
(sys.init.perf_lsm_hooks=1) from (/system/etc/init/hw/init.rc:1225)
[   22.614735][  T336] type=1400 audit(28.371:6): avc: denied { read }
for comm="composer@2.3-se" name="u:object_r:vendor_hw_prop:s0"
dev="tmpfs" ino=298 scontext=u:r:hal_graphics_composer_default:s0
tcontext=u:object_r:vendor_hw_prop:s0 tclass=file permissive=0
[   22.619036][    T1] init: processing action
(security.perf_harden=1) from (/system/etc/init/hw/init.rc:1239)
[   22.652295][    T1] init: processing action (ro.debuggable=1) from
(/system/etc/init/hw/init.rc:1274)
[   22.661766][    T1] init: processing action (sys.usb.config=adb &&
sys.usb.configfs=1) from (/system/etc/init/hw/init.usb.configfs.rc:17)
[   22.675031][    T1] init: starting service 'adbd'...
[   22.680343][    T1] init: Created socket '/dev/socket/adbd', mode
660, user 1000, group 1000
[   22.707151][    T1] init: processing action
(init.svc.audioserver=running) from
(/system/etc/init/audioserver.rc:35)
[   22.717816][    T1] init: service 'vendor.audio-hal' requested
start, but it is already running (flags: 4)
[   22.727591][    T1] init: Command 'start vendor.audio-hal-aidl'
action=init.svc.audioserver=running
(/system/etc/init/audioserver.rc:37) took 0ms and failed: service
vendor.audio-hal-aidl not found
[   22.745277][    T1] init: Command 'start
vendor.audio-effect-hal-aidl' action=init.svc.audioserver=running
(/system/etc/init/audioserver.rc:38) took 0ms and failed: service
vendor.audio-effect-hal-aidl not found
[   22.764197][    T1] init: Command 'start vendor.audio-hal-4-0-msd'
action=init.svc.audioserver=running
(/system/etc/init/audioserver.rc:39) took 0ms and failed: service
vendor.audio-hal-4-0-msd not found
[   22.782408][    T1] init: Command 'start audio_proxy_service'
action=init.svc.audioserver=running
(/system/etc/init/audioserver.rc:40) took 0ms and failed: service
audio_proxy_service not found
[   22.788406][  T544] read descriptors
[   22.799739][    T1] init: processing action
(ro.persistent_properties.ready=true) from
(/system/etc/init/bootstat.rc:66)
[   22.800153][    T1] init: processing action
(ro.persistent_properties.ready=true) from
(/system/etc/init/bootstat.rc:70)
[   22.803356][  T544] read strings
[   22.814550][    T1] init: starting service 'exec 17
(/system/bin/bootstat --set_system_boot_reason)'...
[   22.839864][    T1] init: processing action (bootreceiver.enable=1
&& ro.product.cpu.abilist64=*) from (/system/etc/init/dmesgd.rc:3)
[   22.852852][    T1] init: Command 'rm
/data/misc/dmesgd/sent_reports.txt' action=bootreceiver.enable=1 &&
ro.product.cpu.abilist64=* (/system/etc/init/dmesgd.rc:5) took 0ms and
failed: unlink() failed: No such file or directory
[   22.873188][    T1] init: processing action
(persist.heapprofd.enable= && traced.lazy.heapprofd=) from
(/system/etc/init/heapprofd.rc:49)
[   22.891868][    T1] init: processing action (ro.debuggable=1) from
(/system/etc/init/llkd-debuggable.rc:1)
[   22.902003][    T1] init: Service 'exec 17 (/system/bin/bootstat
--set_system_boot_reason)' (pid 547) exited with status 0 oneshot
service took 0.062000 seconds in background
[   22.917699][    T1] init: Sending signal 9 to service 'exec 17
(/system/bin/bootstat --set_system_boot_reason)' (pid 547) process
group...
[   22.930359][    T1] libprocessgroup: Successfully killed process
cgroup uid 1000 pid 547 in 0ms
[   22.939654][    T1] init: processing action (ro.debuggable=*) from
(/system/etc/init/llkd.rc:2)
[   22.949027][    T1] init: processing action
(debug.atrace.user_initiated= && persist.traced.enable=1) from
(/system/etc/init/perfetto.rc:47)
[   22.962061][    T1] init: starting service 'traced_probes'...
[   23.010308][    T1] init: processing action
(persist.traced.enable=1) from (/system/etc/init/perfetto.rc:50)
[   23.021462][    T1] init: starting service 'traced'...
[   23.026878][    T1] init: Created socket
'/dev/socket/traced_consumer', mode 666, user 0, group 0
[   23.035956][    T1] init: Created socket
'/dev/socket/traced_producer', mode 666, user 0, group 0
[   23.051235][    T1] init: service 'traced_probes' requested start,
but it is already running (flags: 132)
[   23.060954][    T1] init: processing action
(ro.persistent_properties.ready=true) from
(/system/etc/init/perfetto.rc:116)
[   23.072054][    T1] init: processing action
(persist.traced_perf.enable= && sys.init.perf_lsm_hooks=1 &&
traced.lazy.traced_perf=) from (/system/etc/init/traced_perf.rc:43)
[   23.088097][    T1] init: processing action
(vendor.usb.controller=*) from
(/vendor/etc/init/init.db845c.usb.rc:35)
[   23.099397][    T1] init: processing action (sys.usb.config=adb &&
sys.usb.configfs=1) from (/vendor/etc/init/init.db845c.usb.rc:67)
[   23.112391][    T1] init: processing action (nonencrypted) from
(/system/etc/init/hw/init.rc:1186)
[   23.117923][  T336] type=1400 audit(28.879:7): avc: denied { read }
for comm="composer@2.3-se" name="u:object_r:vendor_hw_prop:s0"
dev="tmpfs" ino=298 scontext=u:r:hal_graphics_composer_default:s0
tcontext=u:object_r:vendor_hw_prop:s0 tclass=file permissive=0
[   23.121464][    T1] init: service 'zygote_secondary' requested
start, but it is already running (flags: 4)
[   23.154401][    T1] init: service 'zygote' requested start, but it
is already running (flags: 4)
[   23.163563][    T1] init: starting service 'cameraserver'...
[   23.172550][    T1] init: starting service 'idmap2d'...
[   23.198923][    T1] init: starting service 'incidentd'...
[   23.206893][    T1] init: starting service 'installd'...
[   23.214605][    T1] init: starting service 'mediaextractor'...
[   23.223087][    T1] init: starting service 'mediametrics'...
[   23.231354][    T1] init: starting service 'media'...
[   23.238907][    T1] init: service 'netd' requested start, but it is
already running (flags: 4)
[   23.247824][    T1] init: starting service 'storaged'...
[   23.253312][    T1] init: Could not open file
'/d/mmc0/mmc0:0001/ext_csd': Failed to open file
'/d/mmc0/mmc0:0001/ext_csd': No such file or directory
[   23.269187][    T1] init: starting service 'wificond'...
[   23.277087][    T1] init: starting service 'vendor.media.omx'...
[   23.298553][    T1] init: starting service 'media.swcodec'...
[   23.307278][    T1] init: service 'statsd' requested start, but it
is already running (flags: 4)
[   23.316300][    T1] init: Command 'class_start main'
action=nonencrypted (/system/etc/init/hw/init.rc:1187) took 194ms and
succeeded
[   23.328685][    T1] init: starting service 'gatekeeperd'...
[   23.337437][    T1] init: service 'traced' requested start, but it
is already running (flags: 132)
[   23.338293][  T336] type=1400 audit(29.103:8): avc: denied { read }
for comm="storaged" name="stat" dev="sysfs" ino=40456
scontext=u:r:storaged:s0 tcontext=u:object_r:sysfs:s0 tclass=file
permissive=0
[   23.346654][    T1] init: service 'traced_probes' requested start,
but it is already running (flags: 132)
[   23.374381][    T1] init: starting service 'usbd'...
[   23.406482][    T1] init: Command 'class_start late_start'
action=nonencrypted (/system/etc/init/hw/init.rc:1188) took 77ms and
succeeded
[   23.415373][  T474] wsa881x-codec sdw:0:0217:2010:00:1: ASoC: error
at soc_component_read_no_lock on sdw:0:0217:2010:00:1 for register:
[0x0000312d] -16
[   23.419298][    T1] init: starting service 'bootanim'...
[   23.432850][  T474] wsa881x-codec sdw:0:0217:2010:00:1: ASoC: error
at soc_component_read_no_lock on sdw:0:0217:2010:00:1 for register:
[0x0000311b] -16
[   23.442000][    T1] init: Control message: Processed ctl.start for
'bootanim' from pid: 510 (/system/bin/surfaceflinger)
[   23.452050][  T474] wsa881x-codec sdw:0:0217:2010:00:2: ASoC: error
at soc_component_read_no_lock on sdw:0:0217:2010:00:2 for register:
[0x0000312d] -16
[   23.463322][    T1] init: processing action
(load_persist_props_action) from
(/system/etc/init/flags_health_check.rc:1)
[   23.476596][  T474] wsa881x-codec sdw:0:0217:2010:00:2: ASoC: error
at soc_component_read_no_lock on sdw:0:0217:2010:00:2 for register:
[0x0000311b] -16
[   23.488181][    T1] init: Encryption policy of
/data/server_configurable_flags set to
f4f3260e5a1591680b49745bca448896 v2 modes 1/4 flags 0xa
[   23.507702][   T11] qcom,slim-ngd-ctrl 171c0000.slim: SLIM SAT:
Rcvd master capability
[   23.515794][    T1] init: Service 'usbd' (pid 600) exited with
status 0 oneshot service took 0.135000 seconds in background
[   23.533772][    T1] init: Sending signal 9 to service 'usbd' (pid
600) process group...
[   23.542016][    T1] libprocessgroup: Successfully killed process
cgroup uid 0 pid 600 in 0ms
[   23.552397][    T1] init: starting service 'exec 18
(/system/bin/flags_health_check BOOT_FAILURE)'...
[   23.601248][    T1] init: SVC_EXEC service 'exec 18
(/system/bin/flags_health_check BOOT_FAILURE)' pid 614 (uid 1000 gid
1000+0 context default) started; waiting...
[   23.616131][    T1] init: Command 'exec - system system --
/system/bin/flags_health_check BOOT_FAILURE'
action=load_persist_props_action
(/system/etc/init/flags_health_check.rc:5) took 63ms and succeeded
[   23.635210][    T1] init: Service 'exec 18
(/system/bin/flags_health_check BOOT_FAILURE)' (pid 614) exited with
status 0 waiting took 0.072000 seconds
[   23.648836][    T1] init: Sending signal 9 to service 'exec 18
(/system/bin/flags_health_check BOOT_FAILURE)' (pid 614) process
group...
[   23.661364][    T1] libprocessgroup: Successfully killed process
cgroup uid 1000 pid 614 in 0ms
[   23.670476][    T1] init: processing action
(load_persist_props_action) from (/system/etc/init/logcatd.rc:29)
[   23.682014][  T336] type=1400 audit(29.447:9): avc: denied { read }
for comm="composer@2.3-se" name="u:object_r:vendor_hw_prop:s0"
dev="tmpfs" ino=298 scontext=u:r:hal_graphics_composer_default:s0
tcontext=u:object_r:vendor_hw_prop:s0 tclass=file permissive=0
[   23.682371][    T1] init: processing action (sys.usb.config=adb &&
sys.usb.configfs=1 && sys.usb.ffs.ready=1) from
(/system/etc/init/hw/init.usb.configfs.rc:20)
[   23.727765][    T1] init: processing action (llk.enable=0) from
(/system/etc/init/llkd.rc:12)
[   23.738126][    T1] init: processing action (khungtask.enable=1)
from (/system/etc/init/llkd.rc:18)
[   23.749813][    T1] init: processing action (llk.enable=0) from
(/system/etc/init/llkd.rc:12)
[   23.758922][    T1] init: processing action (khungtask.enable=0)
from (/system/etc/init/llkd.rc:21)
[   23.769039][    T1] init: processing action (init.svc.media=*) from
(/system/etc/init/mediaserver.rc:1)
[   23.779676][    T1] init: processing action (khungtask.enable=true)
from (/system/etc/init/llkd.rc:25)
[   23.789799][    T1] init: processing action
(khungtask.enable=false) from (/system/etc/init/llkd.rc:31)
[   24.344734][  T488] lt9611 10-003b: video check: hactive_a=0,
hactive_b=0, vactive=0, v_total=0, h_total_sysclk=0
[   25.070117][  T190] ath10k_snoc 18800000.wifi: wcn3990 hw1.0 target
0x00000008 chip_id 0x00000000 sub 0000:0000
[   25.080846][  T190] ath10k_snoc 18800000.wifi: kconfig debug 0
debugfs 0 tracing 0 dfs 0 testmode 1
[   25.089988][  T190] ath10k_snoc 18800000.wifi: firmware ver  api 5
features wowlan,mgmt-tx-by-reference,non-bmi crc32 b3d4b790
[   25.135305][  T190] ath10k_snoc 18800000.wifi: htt-ver 3.53 wmi-op
4 htt-op 3 cal file max-sta 32 raw 0 hwcrypto 1
[   25.229856][  T190] ath10k_snoc 18800000.wifi: invalid MAC address;
choosing random
[   26.445563][  T336] type=1400 audit(32.211:10): avc: denied { read
} for comm="binder:350_4" name="wakeup4" dev="sysfs" ino=46186
scontext=u:r:system_suspend:s0 tcontext=u:object_r:sysfs:s0 tclass=dir
permissive=0
[   26.469050][  T336] type=1400 audit(32.211:11): avc: denied { read
} for comm="binder:350_4" name="wakeup2" dev="sysfs" ino=46035
scontext=u:r:system_suspend:s0 tcontext=u:object_r:sysfs:s0 tclass=dir
permissive=0
[   26.488294][  T336] type=1400 audit(32.211:12): avc: denied { read
} for comm="binder:350_4" name="wakeup0" dev="sysfs" ino=36243
scontext=u:r:system_suspend:s0 tcontext=u:object_r:sysfs:s0 tclass=dir
permissive=0
[   26.507755][  T336] type=1400 audit(32.211:13): avc: denied { read
} for comm="binder:350_4" name="wakeup7" dev="sysfs" ino=46674
scontext=u:r:system_suspend:s0 tcontext=u:object_r:sysfs:s0 tclass=dir
permissive=0
[   26.526919][  T336] type=1400 audit(32.211:14): avc: denied { read
} for comm="binder:350_4" name="wakeup5" dev="sysfs" ino=46247
scontext=u:r:system_suspend:s0 tcontext=u:object_r:sysfs:s0 tclass=dir
permissive=0
[   26.546041][  T336] type=1400 audit(32.211:15): avc: denied { read
} for comm="binder:350_4" name="wakeup3" dev="sysfs" ino=46116
scontext=u:r:system_suspend:s0 tcontext=u:object_r:sysfs:s0 tclass=dir
permissive=0
[   26.565141][  T336] type=1400 audit(32.211:16): avc: denied { read
} for comm="binder:350_4" name="wakeup6" dev="sysfs" ino=46588
scontext=u:r:system_suspend:s0 tcontext=u:object_r:sysfs:s0 tclass=dir
permissive=0
[   27.697073][  T432] AidlLazyServiceRegistrar: Process has 1 (of 1
available) client(s) in use after notification apexservice has
clients: 1
[   27.709713][  T432] AidlLazyServiceRegistrar: Shutdown prevented by
forcePersist override flag.
[   30.354040][  T688] package-parsing (688) used greatest stack
depth: 9792 bytes left
[   30.675961][    T1] init: service 'idmap2d' requested start, but it
is already running (flags: 4)
[   30.688043][    T1] init: Control message: Processed ctl.start for
'idmap2d' from pid: 639 (system_server)
[   30.834358][  T489] healthd: battery l=85 v=3600 t=35.0 h=2 st=2 chg=au
[   31.294095][    T1] init: processing action
(sys.sysctl.extra_free_kbytes=*) from
(/system/etc/init/hw/init.rc:1205)
[   31.307317][    T1] init: starting service 'exec 19
(/system/bin/extra_free_kbytes.sh 24300)'...
[   31.337257][    T1] init: SVC_EXEC service 'exec 19
(/system/bin/extra_free_kbytes.sh 24300)' pid 726 (uid 0 gid 0+0
context default) started; waiting...
[   31.639486][    T1] init: Service 'exec 19
(/system/bin/extra_free_kbytes.sh 24300)' (pid 726) exited with status
0 waiting took 0.320000 seconds
[   31.652700][    T1] init: Sending signal 9 to service 'exec 19
(/system/bin/extra_free_kbytes.sh 24300)' (pid 726) process group...
[   31.664733][    T1] libprocessgroup: Successfully killed process
cgroup uid 0 pid 726 in 0ms
[   32.696773][  T432] AidlLazyServiceRegistrar: Process has 0 (of 1
available) client(s) in use after notification apexservice has
clients: 0
[   32.709494][  T432] AidlLazyServiceRegistrar: Shutdown prevented by
forcePersist override flag.
[   36.255572][  T332] logd: logdr: UID=2000 GID=2000 PID=875 b tail=0
logMask=99 pid=0 start=0ns deadline=0ns
[   37.696487][  T432] AidlLazyServiceRegistrar: Process has 1 (of 1
available) client(s) in use after notification apexservice has
clients: 1
[   37.709241][  T432] AidlLazyServiceRegistrar: Shutdown prevented by
forcePersist override flag.
[   38.338612][  T336] type=1400 audit(1666104608.191:17): avc:
granted { read } for comm="rkstack.process" name="psched" dev="proc"
ino=4026531994 scontext=u:r:network_stack:s0
tcontext=u:object_r:proc_net:s0 tclass=file
[   38.358532][  T336] type=1400 audit(1666104608.191:18): avc:
granted { read open } for comm="rkstack.process"
path="/proc/1086/net/psched" dev="proc" ino=4026531994
scontext=u:r:network_stack:s0 tcontext=u:object_r:proc_net:s0
tclass=file
[   38.380026][  T336] type=1400 audit(1666104608.191:19): avc:
granted { getattr } for comm="rkstack.process"
path="/proc/1086/net/psched" dev="proc" ino=4026531994
scontext=u:r:network_stack:s0 tcontext=u:object_r:proc_net:s0
tclass=file
[   38.617748][  T475] Bluetooth: hci0: setting up wcn399x
[   38.757009][  T475] Bluetooth: hci0: QCA Product ID   :0x0000000a
[   38.763227][  T475] Bluetooth: hci0: QCA SOC Version  :0x40010214
[   38.769530][  T475] Bluetooth: hci0: QCA ROM Version  :0x00000201
[   38.775726][  T475] Bluetooth: hci0: QCA Patch Version:0x00000001
[   38.801570][  T475] Bluetooth: hci0: QCA controller version 0x02140201
[   38.808233][  T475] Bluetooth: hci0: QCA Downloading qca/crbtfw21.tlv
[   39.633279][  T475] Bluetooth: hci0: QCA Downloading qca/crnv21.bin
[   39.644525][    T1] init: Service 'bootanim' (pid 603) exited with
status 0 oneshot service took 16.205000 seconds in background
[   39.656244][    T1] init: Sending signal 9 to service 'bootanim'
(pid 603) process group...
[   39.665372][    T1] libprocessgroup: Successfully killed process
cgroup uid 1003 pid 603 in 0ms
[   39.674836][  T475] Bluetooth: hci0: QCA setup on UART is completed
[   39.871775][    T1] init: processing action (sys.boot_completed=1)
from (/system/etc/init/hw/init.rc:1196)
[   39.882217][    T1] init: starting service 'exec 20 (/bin/rm -rf
/data/per_boot)'...
[   39.934126][    T1] init: SVC_EXEC service 'exec 20 (/bin/rm -rf
/data/per_boot)' pid 1432 (uid 1000 gid 1000+0 context default)
started; waiting...
[   39.947707][    T1] init: Command 'exec - system system -- /bin/rm
-rf /data/per_boot' action=sys.boot_completed=1
(/system/etc/init/hw/init.rc:1199) took 65ms and succeeded
[   39.963681][    T1] init: Service 'exec 20 (/bin/rm -rf
/data/per_boot)' (pid 1432) exited with status 0 waiting took 0.071000
seconds
[   39.975951][    T1] init: Sending signal 9 to service 'exec 20
(/bin/rm -rf /data/per_boot)' (pid 1432) process group...
[   39.987364][    T1] libprocessgroup: Successfully killed process
cgroup uid 1000 pid 1432 in 0ms
[   40.030995][    T1] init: Encryption policy of /data/per_boot set
to a24a2d090cd712a9f22d91a727e864b5 v2 modes 1/4 flags 0xa
[   40.042534][    T1] init: processing action (sys.boot_completed=1
&& sys.bootstat.first_boot_completed=0) from
(/system/etc/init/bootstat.rc:76)
[   40.056124][    T1] init: starting service 'exec 21
(/system/bin/bootstat --record_boot_complete --record_boot_reason
--record_time_since_factory_reset -l)'...
[   40.073771][    T1] init: processing action (sys.boot_completed=1)
from (/system/etc/init/flags_health_check.rc:7)
[   40.097685][    T1] init: processing action
(persist.dbg.keep_debugfs_mounted= &&
ro.product.debugfs_restrictions.enabled=true && sys.boot_completed=1)
from (/system/etc/init/init-debug.rc:15)
[   40.115950][    T1] init: processing action (sys.boot_completed=1)
from (/system/etc/init/logd.rc:34)
[   40.125509][    T1] init: starting service 'logd-auditctl'...
[   40.137943][    T1] init: processing action (sys.boot_completed=1
&& sys.wifitracing.started=0) from (/system/etc/init/wifi.rc:28)
[   40.150263][    T1] init: Service 'exec 21 (/system/bin/bootstat
--record_boot_complete --record_boot_reason
--record_time_since_factory_reset -l)' (pid 1497) exited with status 0
oneshot service took 0.078000 seconds in background
[   40.171258][    T1] init: Sending signal 9 to service 'exec 21
(/system/bin/bootstat --record_boot_complete --record_boot_reason
--record_time_since_factory_reset -l)' (pid 1497) process group...
[   40.189477][    T1] libprocessgroup: Successfully killed process
cgroup uid 1000 pid 1497 in 0ms
[   40.199201][    T1] init: Service 'logd-auditctl' (pid 1500) exited
with status 0 oneshot service took 0.066000 seconds in background
[   40.211365][    T1] init: Sending signal 9 to service
'logd-auditctl' (pid 1500) process group...
[   40.220647][    T1] libprocessgroup: Successfully killed process
cgroup uid 1036 pid 1500 in 0ms
[   40.230322][    T1] selinux: SELinux: Could not get canonical path
for /sys/kernel/debug/tracing/instances/wifi restorecon: No such file
or directory.
[   40.244011][    T1] selinux:
[   40.378651][    T1] init: processing action (sys.boot_completed=1)
from (/vendor/etc/init/init.db845c.rc:43)
Amit Pundir Oct. 25, 2022, 12:38 p.m. UTC | #3
On Wed, 12 Oct 2022 at 17:24, Catalin Marinas <catalin.marinas@arm.com> wrote:
>
> Hi Amit,
>
> On Sat, Oct 08, 2022 at 08:28:26PM +0530, Amit Pundir wrote:
> > On Wed, 5 Oct 2022 at 20:11, Catalin Marinas <catalin.marinas@arm.com> wrote:
> > > Will Deacon (2):
> > >       arm64: dma: Drop cache invalidation from arch_dma_prep_coherent()
> >
> > Hi Will,
> >
> > This patch broke AOSP on Dragonboard 845c (SDM845). I don't see any
> > relevant crash in the attached log and device silently reboots into
> > USB crash dump mode. The crash is fairly reproducible on db845c. I
> > could trigger it twice in 5 reboots and it always crash at the same
> > point during the boot process. Reverting this patch fixes the crash.
> >
> > I'm happy to test run any debug patche(s), that would help narrow
> > down this breakage.
>
> Cc'ing Robin, maybe he has a better idea (that's commit c44094eee32f).
> Architecturally the change shouldn't make any difference since the cache
> lines can be brought in via the linear mapping at any point. It's just
> less likely to hit a real bug (software or hardware). It's also possible
> that arch_dma_prep_coherent() is used outside the DMA API (if you have
> out of tree drivers).
>
> Leaving the original log in place for Robin. A question I have, with a
> successful boot, what's normally after the bpfloader lines are printed?
> We should try to pinpoint which device/driver causes this. It looks like
> it's well into user-space at that point (graphics about to start?)

Further narrowed down the breakage to the userspace daemon rmtfs
https://github.com/andersson/rmtfs. Is there anything specific in the
userspace code that I should be paying attention to?

console:/ #
console:/ # start rmtfs
[   56.425631][    T1] init: starting service 'rmtfs'...
[   56.455541][    T1] init: Control message: Processed ctl.start for
'rmtfs' from pid: 1819 (start rmtfs)
[   56.487524][  T344] type=1400 audit(1666698550.979:267): avc:
denied { read } for comm="rmtfs" name="modalias" dev="sysfs" ino=6325
scontext=u:r:rmtfs:s0 tcontext=u:object_r:sysfs:s0 tclass=file
permissive=1
[   56.487662][ T1821] remoteproc remoteproc0: powering up 4080000.remoteproc
[   56.506365][  T344] type=1400 audit(1666698550.979:268): avc:
denied { open } for comm="rmtfs"
path="/sys/devices/platform/remoteproc-cdsp/modalias" dev="sysfs"
ino=6325 scontext=u:r:rmtfs:s0 tcontext=u:object_r:sysfs:s0
tclass=file permissive=1
[   56.515137][ T1821] remoteproc remoteproc0: Booting fw image
qcom/sdm845/mba.mbn, size 242400
[   56.535020][  T344] type=1400 audit(1666698550.979:269): avc:
denied { read } for comm="rmtfs" name="modalias" dev="sysfs" ino=7200
scontext=u:r:rmtfs:s0 tcontext=u:object_r:sysfs_remoteproc:s0
tclass=file permissive=1
[   56.621541][ T1821] qcom-q6v5-mss 4080000.remoteproc: MBA booted
without debug policy, loading mpss
Amit Pundir Nov. 8, 2022, 5:28 p.m. UTC | #4
On Tue, 25 Oct 2022 at 18:08, Amit Pundir <amit.pundir@linaro.org> wrote:
>
> On Wed, 12 Oct 2022 at 17:24, Catalin Marinas <catalin.marinas@arm.com> wrote:
> >
> > Hi Amit,
> >
> > On Sat, Oct 08, 2022 at 08:28:26PM +0530, Amit Pundir wrote:
> > > On Wed, 5 Oct 2022 at 20:11, Catalin Marinas <catalin.marinas@arm.com> wrote:
> > > > Will Deacon (2):
> > > >       arm64: dma: Drop cache invalidation from arch_dma_prep_coherent()
> > >
> > > Hi Will,
> > >
> > > This patch broke AOSP on Dragonboard 845c (SDM845). I don't see any
> > > relevant crash in the attached log and device silently reboots into
> > > USB crash dump mode. The crash is fairly reproducible on db845c. I
> > > could trigger it twice in 5 reboots and it always crash at the same
> > > point during the boot process. Reverting this patch fixes the crash.
> > >
> > > I'm happy to test run any debug patche(s), that would help narrow
> > > down this breakage.
> >
> > Cc'ing Robin, maybe he has a better idea (that's commit c44094eee32f).
> > Architecturally the change shouldn't make any difference since the cache
> > lines can be brought in via the linear mapping at any point. It's just
> > less likely to hit a real bug (software or hardware). It's also possible
> > that arch_dma_prep_coherent() is used outside the DMA API (if you have
> > out of tree drivers).
> >
> > Leaving the original log in place for Robin. A question I have, with a
> > successful boot, what's normally after the bpfloader lines are printed?
> > We should try to pinpoint which device/driver causes this. It looks like
> > it's well into user-space at that point (graphics about to start?)
>
> Further narrowed down the breakage to the userspace daemon rmtfs
> https://github.com/andersson/rmtfs. Is there anything specific in the
> userspace code that I should be paying attention to?
>
> console:/ #
> console:/ # start rmtfs
> [   56.425631][    T1] init: starting service 'rmtfs'...
> [   56.455541][    T1] init: Control message: Processed ctl.start for
> 'rmtfs' from pid: 1819 (start rmtfs)
> [   56.487524][  T344] type=1400 audit(1666698550.979:267): avc:
> denied { read } for comm="rmtfs" name="modalias" dev="sysfs" ino=6325
> scontext=u:r:rmtfs:s0 tcontext=u:object_r:sysfs:s0 tclass=file
> permissive=1
> [   56.487662][ T1821] remoteproc remoteproc0: powering up 4080000.remoteproc
> [   56.506365][  T344] type=1400 audit(1666698550.979:268): avc:
> denied { open } for comm="rmtfs"
> path="/sys/devices/platform/remoteproc-cdsp/modalias" dev="sysfs"
> ino=6325 scontext=u:r:rmtfs:s0 tcontext=u:object_r:sysfs:s0
> tclass=file permissive=1
> [   56.515137][ T1821] remoteproc remoteproc0: Booting fw image
> qcom/sdm845/mba.mbn, size 242400
> [   56.535020][  T344] type=1400 audit(1666698550.979:269): avc:
> denied { read } for comm="rmtfs" name="modalias" dev="sysfs" ino=7200
> scontext=u:r:rmtfs:s0 tcontext=u:object_r:sysfs_remoteproc:s0
> tclass=file permissive=1
> [   56.621541][ T1821] qcom-q6v5-mss 4080000.remoteproc: MBA booted
> without debug policy, loading mpss

Hi, I can reproduce this crash on v6.1-rc4 as well and would really
appreciate some help here.
I could narrow down the db845c crash into USB crash dump mode to:

# echo "start" > /sys/class/remoteproc/remoteproc0/state
[   50.987035][  T431] remoteproc remoteproc0: powering up 4080000.remoteproc
[   50.999628][  T431] remoteproc remoteproc0: Booting fw image
qcom/sdm845/mba.mbn, size 242400
[   51.095967][  T431] qcom-q6v5-mss 4080000.remoteproc: MBA booted
without debug policy, loading mpss


Format: Log Type - Time(microsec) - Message - Optional Info
Log Type: B - Since Boot(Power On Reset),  D - Delta,  S - Statistic
S - QC_IMAGE_VERSION_STRING=BOOT.XF.2.0-00371-SDM845LZB-1
S - IMAGE_VARIANT_STRING=SDM845LA
S - OEM_IMAGE_VERSION_STRING=TSBJ-FA-PC-02170
S - Boot Interface: UFS
S - Secure Boot: Off
S - Boot Config @ 0x00786070 = 0x000000c1
S - JTAG ID @ 0x00786130 = 0x2008e0e1
S - OEM ID @ 0x00786138 = 0x00000000
S - Serial Number @ 0x00784138 = 0x710cee0b
S - OEM Config Row 0 @ 0x00784188 = 0x0000000400000000
S - OEM Config Row 1 @ 0x00784190 = 0x0000000000000000
S - Feature Config Row 0 @ 0x007841a0 = 0x0050200080000400
S - Feature Config Row 1 @ 0x007841a8 = 0xe000ffff00007fff
S - Core 0 Frequency, 1516 MHz
S - PBL Patch Ver: 1
S - PBL freq: 600 MHZ
B -        94 - PBL, Start
B -      5279 - bootable_media_detect_entry
B -     44106 - bootable_media_detect_success
B -     44483 - elf_loader_entry
B -     45046 - auth_hash_seg_entry
B -     45242 - auth_hash_seg_exit
B -     51093 - elf_segs_hash_verify_entry
B -     57888 - elf_segs_hash_verify_exit
B -     58515 - auth_xbl_sec_hash_seg_entry
B -     65894 - auth_xbl_sec_hash_seg_exit
B -     65896 - xbl_sec_segs_hash_verify_entry
B -     66654 - xbl_sec_segs_hash_verify_exit
B -     66679 - PBL, End
B -     81191 - SBL1, Start
B -    205082 - boot_flash_init, Start
D -         0 - boot_flash_init, Delta
B -    208620 - xblconfig_init, Start
D -       549 - Auth Metadata
D -    188459 - xblconfig_init, Delta
B -    402051 - sbl1_ddr_set_default_params, Start
D -         0 - sbl1_ddr_set_default_params, Delta
B -    410042 - boot_config_data_table_init, Start
B -    414708 - CDT not programmed, using default
D -      4544 - boot_config_data_table_init, Delta - (54 Bytes)
B -    429226 - CDT Version:3,Platform ID:8,Major ID:1,Minor ID:0,Subtype:0
B -    434930 - pm_device_init, Start
B -   1514660 - PM: PON REASON: PM0=0x8000024000020021:0x0
PM1=0x8000084000080020:0x0 PM2=0x8000084000080020:0x0
B -   1574837 - PM: SET_VAL:Skip
D -   1140425 - pm_device_init, Delta
B -   1577826 - pm_driver_init, Start
D -      5337 - pm_driver_init, Delta
B -   1586610 - PM: Trigger FG IMA Reset
B -   1590239 - PM: Trigger FG IMA Reset.Completed
B -   1599450 - PM: EntryVbat: 4221; EntrySOC: -1
B -   1599481 - PM: ADSP result: 0
B -   1604025 - PM: Manually set ICL 500mA
B -   1607106 - PM: BATT TEMP: 29 DegC
B -   1611132 - vsense_init, Start
D -         0 - vsense_init, Delta
B -   1647762 - Pre_DDR_clock_init, Start
D -        61 - Pre_DDR_clock_init, Delta
D -   1651575 - sbl1_ddr_set_params, Delta
B -   1655326 - sbl1_ddr_init, Start
B -   1659261 - Freeze IOs = 0x1, 0x1, 0x1, 0x1, DBG PDC Tr = 0x0,
First Pass expire = 0x0, First Pass complete = 0x1
D -      9058 - sbl1_ddr_init, Delta
B -   1673169 - do_ddr_training, Start
D -         0 - do_ddr_training, Delta
B -   1679787 - pImem Init Start
D -      4422 - pImem Init End, Delta
B -   1691743 - clock_init, Start
D -       244 - clock_init, Delta
B -   1695037 - Image Load, Start
D -      2867 - APDP Image Loaded, Delta - (0 Bytes)
B -   1707024 - usb: chgr -  SDP_CHARGER
B -   1707359 - usb: qusb2_1: hstx , 0x5
B -   1710836 - usb: PLL1 locked , 0x5
B -   1714435 - TCSR reg value 0x10
B -   1718034 - Image Load, Start
D -       457 - Auth Metadata
D -      2837 - Segments hash check
D -     13664 - XBLRamDump Image Loaded, Delta - (582427 Bytes)
B -   1811090 - DisplayLib: LAB/IBB GetStatus(LabVregOk) failed after 25ms

B -   1818166 - DisplayDxe: Resolution 1440x2560 (2 intf)

B -   2129632 - usb: init start
B -   2130760 - usb: ss_lane_1st
B -   2132834 - usb: usb_lane
B -   2136708 - usb: qusb2_1: hstx , 0x5
B -   2138385 - usb: PLL1 locked , 0x5
B -   2142137 - usb: id_p , 0x1009b
B -   2145461 - usb: VBUS High!
B -   2245898 - usb: suspended
B -   2435120 - usb: HIGH , 0x900e
B -   2567246 - usb: HIGH , 0x900e
B -   2670702 - usb: ENUM success
Catalin Marinas Nov. 11, 2022, 11:15 a.m. UTC | #5
On Tue, Nov 08, 2022 at 10:58:16PM +0530, Amit Pundir wrote:
> On Tue, 25 Oct 2022 at 18:08, Amit Pundir <amit.pundir@linaro.org> wrote:
> > On Wed, 12 Oct 2022 at 17:24, Catalin Marinas <catalin.marinas@arm.com> wrote:
> > > On Sat, Oct 08, 2022 at 08:28:26PM +0530, Amit Pundir wrote:
> > > > On Wed, 5 Oct 2022 at 20:11, Catalin Marinas <catalin.marinas@arm.com> wrote:
> > > > > Will Deacon (2):
> > > > >       arm64: dma: Drop cache invalidation from arch_dma_prep_coherent()
> > > >
> > > > This patch broke AOSP on Dragonboard 845c (SDM845). I don't see any
> > > > relevant crash in the attached log and device silently reboots into
> > > > USB crash dump mode. The crash is fairly reproducible on db845c. I
> > > > could trigger it twice in 5 reboots and it always crash at the same
> > > > point during the boot process. Reverting this patch fixes the crash.
> > > >
> > > > I'm happy to test run any debug patche(s), that would help narrow
> > > > down this breakage.
[...]
> > Further narrowed down the breakage to the userspace daemon rmtfs
> > https://github.com/andersson/rmtfs. Is there anything specific in the
> > userspace code that I should be paying attention to?

Since you don't see anything in the logs like a crash and the system
restarts, I suspect it's some deadlock and that's triggering the
watchdog. We have an erratum (826319) but that's for Cortex-A53. IIUC
SDM845 has Kryo 3xx series which based on some random google searches is
derived from A75/A55. Unfortunately the MIDR_EL1 register doesn't match
the Arm Ltd numbering, so I have no idea what CPUs these are by looking
at the boot log.

I wouldn't be surprised if you hit a similar bug, though I couldn't find
anything close in the A55 errata notice.

While we could revert commit c44094eee32f ("arm64: dma: Drop cache
invalidation from arch_dma_prep_coherent()"), if you hit a real hardware
issue it may trigger in other scenario where we only do cache cleaning
(without invalidate), like arch_sync_dma_for_device(). So I'd rather get
to the bottom of this and potentially enable the workaround for this
chipset.

You could give it a quick try to by adding the MIDR ranges for SDM845 to
struct midr_range workaround_clean_cache[].

After that I suggest you raise it with Qualcomm to investigate. Normally
we ask for an erratum number to enable a workaround and it's only
Qualcomm that can provide one here.
Robin Murphy Nov. 11, 2022, 11:54 a.m. UTC | #6
On 2022-11-11 11:15, Catalin Marinas wrote:
> On Tue, Nov 08, 2022 at 10:58:16PM +0530, Amit Pundir wrote:
>> On Tue, 25 Oct 2022 at 18:08, Amit Pundir <amit.pundir@linaro.org> wrote:
>>> On Wed, 12 Oct 2022 at 17:24, Catalin Marinas <catalin.marinas@arm.com> wrote:
>>>> On Sat, Oct 08, 2022 at 08:28:26PM +0530, Amit Pundir wrote:
>>>>> On Wed, 5 Oct 2022 at 20:11, Catalin Marinas <catalin.marinas@arm.com> wrote:
>>>>>> Will Deacon (2):
>>>>>>        arm64: dma: Drop cache invalidation from arch_dma_prep_coherent()
>>>>>
>>>>> This patch broke AOSP on Dragonboard 845c (SDM845). I don't see any
>>>>> relevant crash in the attached log and device silently reboots into
>>>>> USB crash dump mode. The crash is fairly reproducible on db845c. I
>>>>> could trigger it twice in 5 reboots and it always crash at the same
>>>>> point during the boot process. Reverting this patch fixes the crash.
>>>>>
>>>>> I'm happy to test run any debug patche(s), that would help narrow
>>>>> down this breakage.
> [...]
>>> Further narrowed down the breakage to the userspace daemon rmtfs
>>> https://github.com/andersson/rmtfs. Is there anything specific in the
>>> userspace code that I should be paying attention to?

FWIW, this scenario appears to have pretty much everything going on - 
buffers allocated from no-map carveouts, being shared with firmware as 
well as DMA devices, being poked by userspace through /dev/mem, and 
presumably with the funky Qualcomm sort-of-coherent outer cache in the 
mix too (where IIRC the outer non-cacheable attribute behaves 
differently for CPUs vs. DMA). If anything's ever going to go awry with 
mismatched attributes and stale cachelines, it's probably in that setup 
somewhere.

> Since you don't see anything in the logs like a crash and the system
> restarts, I suspect it's some deadlock and that's triggering the
> watchdog. We have an erratum (826319) but that's for Cortex-A53. IIUC
> SDM845 has Kryo 3xx series which based on some random google searches is
> derived from A75/A55. Unfortunately the MIDR_EL1 register doesn't match
> the Arm Ltd numbering, so I have no idea what CPUs these are by looking
> at the boot log.

Note that the EL2 firmware on these things tends to happily reset the 
system without warning if you so much as look at it funny, so I'd 
imagine a straightforward timeout or other unexpected condition due to 
coherency getting lost somewhere in the kernel/firmware/device handoff 
process is probably more than enough.

Robin.
Manivannan Sadhasivam Nov. 11, 2022, 5:39 p.m. UTC | #7
On Fri, Nov 11, 2022 at 11:15:11AM +0000, Catalin Marinas wrote:
> On Tue, Nov 08, 2022 at 10:58:16PM +0530, Amit Pundir wrote:
> > On Tue, 25 Oct 2022 at 18:08, Amit Pundir <amit.pundir@linaro.org> wrote:
> > > On Wed, 12 Oct 2022 at 17:24, Catalin Marinas <catalin.marinas@arm.com> wrote:
> > > > On Sat, Oct 08, 2022 at 08:28:26PM +0530, Amit Pundir wrote:
> > > > > On Wed, 5 Oct 2022 at 20:11, Catalin Marinas <catalin.marinas@arm.com> wrote:
> > > > > > Will Deacon (2):
> > > > > >       arm64: dma: Drop cache invalidation from arch_dma_prep_coherent()
> > > > >
> > > > > This patch broke AOSP on Dragonboard 845c (SDM845). I don't see any
> > > > > relevant crash in the attached log and device silently reboots into
> > > > > USB crash dump mode. The crash is fairly reproducible on db845c. I
> > > > > could trigger it twice in 5 reboots and it always crash at the same
> > > > > point during the boot process. Reverting this patch fixes the crash.
> > > > >
> > > > > I'm happy to test run any debug patche(s), that would help narrow
> > > > > down this breakage.
> [...]
> > > Further narrowed down the breakage to the userspace daemon rmtfs
> > > https://github.com/andersson/rmtfs. Is there anything specific in the
> > > userspace code that I should be paying attention to?
> 
> Since you don't see anything in the logs like a crash and the system
> restarts, I suspect it's some deadlock and that's triggering the
> watchdog. We have an erratum (826319) but that's for Cortex-A53. IIUC
> SDM845 has Kryo 3xx series which based on some random google searches is
> derived from A75/A55. Unfortunately the MIDR_EL1 register doesn't match
> the Arm Ltd numbering, so I have no idea what CPUs these are by looking
> at the boot log.
> 
> I wouldn't be surprised if you hit a similar bug, though I couldn't find
> anything close in the A55 errata notice.
> 
> While we could revert commit c44094eee32f ("arm64: dma: Drop cache
> invalidation from arch_dma_prep_coherent()"), if you hit a real hardware
> issue it may trigger in other scenario where we only do cache cleaning
> (without invalidate), like arch_sync_dma_for_device(). So I'd rather get
> to the bottom of this and potentially enable the workaround for this
> chipset.
> 
> You could give it a quick try to by adding the MIDR ranges for SDM845 to
> struct midr_range workaround_clean_cache[].
> 

I gave it a shot and indeed it fixes the crash on DB845.

> After that I suggest you raise it with Qualcomm to investigate. Normally
> we ask for an erratum number to enable a workaround and it's only
> Qualcomm that can provide one here.
> 

I will check with Qualcomm folks and update.

Thanks,
Mani

> -- 
> Catalin
Manivannan Sadhasivam Nov. 11, 2022, 7:18 p.m. UTC | #8
On Fri, Nov 11, 2022 at 11:10:01PM +0530, Manivannan Sadhasivam wrote:
> On Fri, Nov 11, 2022 at 11:15:11AM +0000, Catalin Marinas wrote:
> > On Tue, Nov 08, 2022 at 10:58:16PM +0530, Amit Pundir wrote:
> > > On Tue, 25 Oct 2022 at 18:08, Amit Pundir <amit.pundir@linaro.org> wrote:
> > > > On Wed, 12 Oct 2022 at 17:24, Catalin Marinas <catalin.marinas@arm.com> wrote:
> > > > > On Sat, Oct 08, 2022 at 08:28:26PM +0530, Amit Pundir wrote:
> > > > > > On Wed, 5 Oct 2022 at 20:11, Catalin Marinas <catalin.marinas@arm.com> wrote:
> > > > > > > Will Deacon (2):
> > > > > > >       arm64: dma: Drop cache invalidation from arch_dma_prep_coherent()
> > > > > >
> > > > > > This patch broke AOSP on Dragonboard 845c (SDM845). I don't see any
> > > > > > relevant crash in the attached log and device silently reboots into
> > > > > > USB crash dump mode. The crash is fairly reproducible on db845c. I
> > > > > > could trigger it twice in 5 reboots and it always crash at the same
> > > > > > point during the boot process. Reverting this patch fixes the crash.
> > > > > >
> > > > > > I'm happy to test run any debug patche(s), that would help narrow
> > > > > > down this breakage.
> > [...]
> > > > Further narrowed down the breakage to the userspace daemon rmtfs
> > > > https://github.com/andersson/rmtfs. Is there anything specific in the
> > > > userspace code that I should be paying attention to?
> > 
> > Since you don't see anything in the logs like a crash and the system
> > restarts, I suspect it's some deadlock and that's triggering the
> > watchdog. We have an erratum (826319) but that's for Cortex-A53. IIUC
> > SDM845 has Kryo 3xx series which based on some random google searches is
> > derived from A75/A55. Unfortunately the MIDR_EL1 register doesn't match
> > the Arm Ltd numbering, so I have no idea what CPUs these are by looking
> > at the boot log.
> > 
> > I wouldn't be surprised if you hit a similar bug, though I couldn't find
> > anything close in the A55 errata notice.
> > 
> > While we could revert commit c44094eee32f ("arm64: dma: Drop cache
> > invalidation from arch_dma_prep_coherent()"), if you hit a real hardware
> > issue it may trigger in other scenario where we only do cache cleaning
> > (without invalidate), like arch_sync_dma_for_device(). So I'd rather get
> > to the bottom of this and potentially enable the workaround for this
> > chipset.
> > 
> > You could give it a quick try to by adding the MIDR ranges for SDM845 to
> > struct midr_range workaround_clean_cache[].
> > 
> 
> I gave it a shot and indeed it fixes the crash on DB845.
> 
> > After that I suggest you raise it with Qualcomm to investigate. Normally
> > we ask for an erratum number to enable a workaround and it's only
> > Qualcomm that can provide one here.
> > 
> 
> I will check with Qualcomm folks and update.
> 

I digged a little further and found that the crash was due to the secure
processor (XPU) violation. It happens because, CPU tried acccessing the memory
after sharing it with the modem for firmware metadata validation.

Sibi tried fixing this problem earlier by using a hack in the remoteproc driver
[1], but I guess that got negated due to c44094eee32f?

This is a common issue for other Qcom remoteproc drivers as well where CPU
shares a chunk of memory with the modem. There is one more hack in place where
the a chunk of memory is reserved and the driver will do memremap/copy the
data/memunmap using it and share it with modem.

But is there a better solution overall that you could advise?

Thanks,
Mani

[1] https://lore.kernel.org/lkml/1652248625-990-1-git-send-email-quic_sibis@quicinc.com/

> Thanks,
> Mani
> 
> > -- 
> > Catalin
> 
> -- 
> மணிவண்ணன் சதாசிவம்
Will Deacon Nov. 14, 2022, 2:09 p.m. UTC | #9
On Sat, Nov 12, 2022 at 12:48:20AM +0530, Manivannan Sadhasivam wrote:
> On Fri, Nov 11, 2022 at 11:10:01PM +0530, Manivannan Sadhasivam wrote:
> > On Fri, Nov 11, 2022 at 11:15:11AM +0000, Catalin Marinas wrote:
> > > On Tue, Nov 08, 2022 at 10:58:16PM +0530, Amit Pundir wrote:
> > > > On Tue, 25 Oct 2022 at 18:08, Amit Pundir <amit.pundir@linaro.org> wrote:
> > > > > On Wed, 12 Oct 2022 at 17:24, Catalin Marinas <catalin.marinas@arm.com> wrote:
> > > > > > On Sat, Oct 08, 2022 at 08:28:26PM +0530, Amit Pundir wrote:
> > > > > > > On Wed, 5 Oct 2022 at 20:11, Catalin Marinas <catalin.marinas@arm.com> wrote:
> > > > > > > > Will Deacon (2):
> > > > > > > >       arm64: dma: Drop cache invalidation from arch_dma_prep_coherent()
> > > > > > >
> > > > > > > This patch broke AOSP on Dragonboard 845c (SDM845). I don't see any
> > > > > > > relevant crash in the attached log and device silently reboots into
> > > > > > > USB crash dump mode. The crash is fairly reproducible on db845c. I
> > > > > > > could trigger it twice in 5 reboots and it always crash at the same
> > > > > > > point during the boot process. Reverting this patch fixes the crash.
> > > > > > >
> > > > > > > I'm happy to test run any debug patche(s), that would help narrow
> > > > > > > down this breakage.
> > > [...]
> > > > > Further narrowed down the breakage to the userspace daemon rmtfs
> > > > > https://github.com/andersson/rmtfs. Is there anything specific in the
> > > > > userspace code that I should be paying attention to?
> > > 
> > > Since you don't see anything in the logs like a crash and the system
> > > restarts, I suspect it's some deadlock and that's triggering the
> > > watchdog. We have an erratum (826319) but that's for Cortex-A53. IIUC
> > > SDM845 has Kryo 3xx series which based on some random google searches is
> > > derived from A75/A55. Unfortunately the MIDR_EL1 register doesn't match
> > > the Arm Ltd numbering, so I have no idea what CPUs these are by looking
> > > at the boot log.
> > > 
> > > I wouldn't be surprised if you hit a similar bug, though I couldn't find
> > > anything close in the A55 errata notice.
> > > 
> > > While we could revert commit c44094eee32f ("arm64: dma: Drop cache
> > > invalidation from arch_dma_prep_coherent()"), if you hit a real hardware
> > > issue it may trigger in other scenario where we only do cache cleaning
> > > (without invalidate), like arch_sync_dma_for_device(). So I'd rather get
> > > to the bottom of this and potentially enable the workaround for this
> > > chipset.
> > > 
> > > You could give it a quick try to by adding the MIDR ranges for SDM845 to
> > > struct midr_range workaround_clean_cache[].
> > > 
> > 
> > I gave it a shot and indeed it fixes the crash on DB845.
> > 
> > > After that I suggest you raise it with Qualcomm to investigate. Normally
> > > we ask for an erratum number to enable a workaround and it's only
> > > Qualcomm that can provide one here.
> > > 
> > 
> > I will check with Qualcomm folks and update.
> > 
> 
> I digged a little further and found that the crash was due to the secure
> processor (XPU) violation. It happens because, CPU tried acccessing the memory
> after sharing it with the modem for firmware metadata validation.

Can you share more details about this violation, please? For example, is it
s read or a write, what size is it, how is it detected?

> Sibi tried fixing this problem earlier by using a hack in the remoteproc driver
> [1], but I guess that got negated due to c44094eee32f?

Performing a clean rather than a clean+invalidate when the buffer is
allocated (which is what is achieved by c44094eee32f) shouldn't affect
this afaict.

> This is a common issue for other Qcom remoteproc drivers as well where CPU
> shares a chunk of memory with the modem. There is one more hack in place where
> the a chunk of memory is reserved and the driver will do memremap/copy the
> data/memunmap using it and share it with modem.
> 
> But is there a better solution overall that you could advise?

I think we need a better understanding of what Qualcomm's SCM firmware is
expecting about the state of the buffer pages being shared with the modem
before we can suggest other solutions.

Will
Catalin Marinas Nov. 14, 2022, 2:54 p.m. UTC | #10
On Mon, Nov 14, 2022 at 02:09:04PM +0000, Will Deacon wrote:
> On Sat, Nov 12, 2022 at 12:48:20AM +0530, Manivannan Sadhasivam wrote:
> > I digged a little further and found that the crash was due to the secure
> > processor (XPU) violation. It happens because, CPU tried acccessing the memory
> > after sharing it with the modem for firmware metadata validation.
[...]
> > Sibi tried fixing this problem earlier by using a hack in the remoteproc driver
> > [1], but I guess that got negated due to c44094eee32f?
> 
> Performing a clean rather than a clean+invalidate when the buffer is
> allocated (which is what is achieved by c44094eee32f) shouldn't affect
> this afaict.

I agree. The DMA_ATTR_NO_KERNEL_MAPPING used in the qcom_q6v5_mss fix
only ensures that there is no non-cacheable DMA mapping but we still
have the kernel linear map in place that may be accessed speculatively
by the CPU at any point. I can't tell why the clean+inval makes any
difference but I suspect it's a matter of time before you'd hit similar
conditions again (maybe not at boot).
Thorsten Leemhuis Nov. 14, 2022, 6:59 p.m. UTC | #11
[Note: this mail is primarily send for documentation purposes and/or for
regzbot, my Linux kernel regression tracking bot. That's why I removed
most or all folks from the list of recipients, but left any that looked
like a mailing lists. These mails usually contain '#forregzbot' in the
subject, to make them easy to spot and filter out.]

[TLDR: I'm adding this regression report to the list of tracked
regressions; all text from me you find below is based on a few templates
paragraphs you might have encountered already already in similar form.]

Hi, this is your Linux kernel regression tracker.

On 08.11.22 18:28, Amit Pundir wrote:
> On Tue, 25 Oct 2022 at 18:08, Amit Pundir <amit.pundir@linaro.org> wrote:
>>
>> On Wed, 12 Oct 2022 at 17:24, Catalin Marinas <catalin.marinas@arm.com> wrote:
>>>
>>> Hi Amit,
>>>
>>> On Sat, Oct 08, 2022 at 08:28:26PM +0530, Amit Pundir wrote:
>>>> On Wed, 5 Oct 2022 at 20:11, Catalin Marinas <catalin.marinas@arm.com> wrote:
>>>>> Will Deacon (2):
>>>>>       arm64: dma: Drop cache invalidation from arch_dma_prep_coherent()
>>>>
>>>> Hi Will,
>>>>
>>>> This patch broke AOSP on Dragonboard 845c (SDM845). I don't see any
>>>> relevant crash in the attached log and device silently reboots into
>>>> USB crash dump mode. The crash is fairly reproducible on db845c. I
>>>> could trigger it twice in 5 reboots and it always crash at the same
>>>> point during the boot process. Reverting this patch fixes the crash.
>>>>
>>>> I'm happy to test run any debug patche(s), that would help narrow
>>>> down this breakage.
>>>
>>> Cc'ing Robin, maybe he has a better idea (that's commit c44094eee32f).
>>> Architecturally the change shouldn't make any difference since the cache
>>> lines can be brought in via the linear mapping at any point. It's just
>>> less likely to hit a real bug (software or hardware). It's also possible
>>> that arch_dma_prep_coherent() is used outside the DMA API (if you have
>>> out of tree drivers).
>>>
>>> Leaving the original log in place for Robin. A question I have, with a
>>> successful boot, what's normally after the bpfloader lines are printed?
>>> We should try to pinpoint which device/driver causes this. It looks like
>>> it's well into user-space at that point (graphics about to start?)
>>
>> Further narrowed down the breakage to the userspace daemon rmtfs
>> https://github.com/andersson/rmtfs. Is there anything specific in the
>> userspace code that I should be paying attention to?

Thanks for the report. To be sure below issue doesn't fall through the
cracks unnoticed, I'm adding it to regzbot, my Linux kernel regression
tracking bot:

#regzbot ^introduced c44094eee32f
#regzbot title arm64: crash on the Qualcomm SM8250
#regzbot monitor
https://lore.kernel.org/all/20221114110329.68413-1-manivannan.sadhasivam@linaro.org/

#regzbot ignore-activity

This isn't a regression? This issue or a fix for it are already
discussed somewhere else? It was fixed already? You want to clarify when
the regression started to happen? Or point out I got the title or
something else totally wrong? Then just reply -- ideally with also
telling regzbot about it, as explained here:
https://linux-regtracking.leemhuis.info/tracked-regression/

Reminder for developers: When fixing the issue, add 'Link:' tags
pointing to the report (the mail this one replies to), as explained for
in the Linux kernel's documentation; above webpage explains why this is
important for tracked regressions.

Ciao, Thorsten (wearing his 'the Linux kernel's regression tracker' hat)

P.S.: As the Linux kernel's regression tracker I deal with a lot of
reports and sometimes miss something important when writing mails like
this. If that's the case here, don't hesitate to tell me in a public
reply, it's in everyone's interest to set the public record straight.
Thorsten Leemhuis Dec. 7, 2022, 5:36 a.m. UTC | #12
On 14.11.22 19:59, Thorsten Leemhuis wrote:
> [Note: this mail is primarily send for documentation purposes and/or for
> regzbot, my Linux kernel regression tracking bot. That's why I removed
> most or all folks from the list of recipients, but left any that looked
> like a mailing lists. These mails usually contain '#forregzbot' in the
> subject, to make them easy to spot and filter out.]
> 
> On 08.11.22 18:28, Amit Pundir wrote:
>> On Tue, 25 Oct 2022 at 18:08, Amit Pundir <amit.pundir@linaro.org> wrote:
>>> On Wed, 12 Oct 2022 at 17:24, Catalin Marinas <catalin.marinas@arm.com> wrote:
>>>> On Sat, Oct 08, 2022 at 08:28:26PM +0530, Amit Pundir wrote:
>>>>> On Wed, 5 Oct 2022 at 20:11, Catalin Marinas <catalin.marinas@arm.com> wrote:
>>>>>> Will Deacon (2):
>>>>>>       arm64: dma: Drop cache invalidation from arch_dma_prep_coherent()
>>>>>
>>>>> Hi Will,
>>>>>
>>>>> This patch broke AOSP on Dragonboard 845c (SDM845). I don't see any
>>>>> relevant crash in the attached log and device silently reboots into
>>>>> USB crash dump mode. The crash is fairly reproducible on db845c. I
>>>>> could trigger it twice in 5 reboots and it always crash at the same
>>>>> point during the boot process. Reverting this patch fixes the crash.
> [...]
> #regzbot ^introduced c44094eee32f
> #regzbot title arm64: crash on the Qualcomm SM8250
> #regzbot monitor
> https://lore.kernel.org/all/20221114110329.68413-1-manivannan.sadhasivam@linaro.org/

#regzbot fixed-by: b7d9aae404841d9999b7476170867ae441e948d2
diff mbox series

Patch

diff --cc arch/arm64/kernel/alternative.c
index d2c66507398d,64045e3ef03a..80772986687a
--- a/arch/arm64/kernel/alternative.c