RE: [BUG] drm: vc4: refcount_t: increment on 0; use-after-free.
Hi and sorry for the delayed reply! > Hi Kees, > > On Sat, 25 Nov 2017 12:57:04 -0800 > Kees Cookwrote: > > > On Wed, Nov 22, 2017 at 11:57 PM, Daniel Vetter wrote: > > > On Wed, Nov 22, 2017 at 07:21:00PM +0100, Boris Brezillon wrote: > > >> On Wed, 22 Nov 2017 19:13:09 +0100 > > >> Daniel Vetter wrote: > > >> > > >> > On Wed, Nov 22, 2017 at 6:51 PM, Boris Brezillon > > >> > wrote: > > >> > > Hi Stefan, > > >> > > > > >> > > On Wed, 22 Nov 2017 17:43:35 +0100 (CET) > > >> > > Stefan Wahren wrote: > > >> > > > > >> > >> Hi Boris, > > >> > >> if i boot Raspberry Pi 3 (ARM64, defconfig, linux-next-20171122) > > >> > >> with > sufficient CMA memory (32 MB), i'll get this warning during boot: > > >> > >> > > >> > >> [7.623510] vc4-drm soc:gpu: bound 3f902000.hdmi (ops > > >> > >> vc4_hdmi_ops > [vc4]) > > >> > >> [7.632453] vc4-drm soc:gpu: bound 3f806000.vec (ops vc4_vec_ops > [vc4]) > > >> > >> [7.639707] vc4-drm soc:gpu: bound 3f40.hvs (ops vc4_hvs_ops > [vc4]) > > >> > >> [7.647364] vc4-drm soc:gpu: bound 3f206000.pixelvalve (ops > vc4_crtc_ops [vc4]) > > >> > >> [7.655451] vc4-drm soc:gpu: bound 3f207000.pixelvalve (ops > vc4_crtc_ops [vc4]) > > >> > >> [7.663415] vc4-drm soc:gpu: bound 3f807000.pixelvalve (ops > vc4_crtc_ops [vc4]) > > >> > >> [7.730580] vc4-drm soc:gpu: bound 3fc0.v3d (ops vc4_v3d_ops > [vc4]) > > >> > >> [7.743965] [drm] Initialized vc4 0.0.0 20140616 for soc:gpu on > > >> > >> minor 0 > > >> > >> [7.750841] [drm] Supports vblank timestamp caching Rev 2 > > >> > >> (21.10.2013). > > >> > >> [7.757620] [drm] Driver supports precise vblank timestamp query. > > >> > >> [7.811775] [ cut here ] > > >> > >> [7.811780] refcount_t: increment on 0; use-after-free. > > >> > >> [7.811881] WARNING: CPU: 2 PID: 2188 at lib/refcount.c:153 > refcount_inc+0x44/0x50 > > >> > >> [7.811884] Modules linked in: vc4(+) cfg80211 cec drm_kms_helper > smsc95xx usbnet drm rfkill brcmutil bcm2835_rng rng_core bcm2835_dma crc32_ce > i2c_bcm2835 pwm_bcm2835 ip_tables x_tables ipv6 > > >> > >> [7.811950] CPU: 2 PID: 2188 Comm: systemd-udevd Not tainted > > >> > >> 4.14.0- > next-20171122 #1 > > >> > >> [7.811953] Hardware name: Raspberry Pi 3 Model B Rev 1.2 (DT) > > >> > >> [7.811958] task: 800036b91c00 task.stack: 0d6f > > >> > >> [7.811967] pstate: 2005 (nzCv daif -PAN -UAO) > > >> > >> [7.811974] pc : refcount_inc+0x44/0x50 > > >> > >> [7.811981] lr : refcount_inc+0x44/0x50 > > >> > >> [7.811984] sp : 0d6f3300 > > >> > >> [7.811988] x29: 0d6f3300 x28: > > >> > >> [7.811996] x27: 0003 x26: 800037107800 > > >> > >> [7.812004] x25: 0001 x24: 800035afdc00 > > >> > >> [7.812012] x23: x22: 800035dfa600 > > >> > >> [7.812020] x21: 800035afd9b0 x20: 800035afd9a4 > > >> > >> [7.812027] x19: x18: > > >> > >> [7.812034] x17: 0001 x16: 0019 > > >> > >> [7.812042] x15: 0001 x14: fff0 > > >> > >> [7.812049] x13: 090ae840 x12: 08fa2d50 > > >> > >> [7.812057] x11: 08fa2000 x10: 090ad000 > > >> > >> [7.812064] x9 : x8 : 090b5c2f > > >> > >> [7.812072] x7 : x6 : 0015ee00 > > >> > >> [7.812079] x5 : x4 : > > >> > >> [7.812087] x3 : x2 : 800030047000 > > >> > >> [7.812094] x1 : 800036b91c00 x0 : 002b > > >> > >> [7.812102] Call trace: > > >> > >> [7.812109] refcount_inc+0x44/0x50 > > >> > >> [7.812226] vc4_bo_inc_usecnt+0x84/0x88 [vc4] > > >> > >> [7.812310] vc4_prepare_fb+0x40/0xf0 [vc4] > > >> > >> [7.812460] drm_atomic_helper_prepare_planes+0x54/0xf0 > [drm_kms_helper] > > >> > >> [7.812543] vc4_atomic_commit+0x88/0x130 [vc4] > > >> > >> [7.812868] drm_atomic_commit+0x48/0x68 [drm] > > >> > >> [7.813002] restore_fbdev_mode_atomic+0x1d8/0x1e8 > [drm_kms_helper] > > >> > >> [7.813113] restore_fbdev_mode+0x28/0x160 [drm_kms_helper] > > >> > >> [7.813223] > drm_fb_helper_restore_fbdev_mode_unlocked.part.24+0x28/0x90 > [drm_kms_helper] > > >> > >> [7.813331] drm_fb_helper_set_par+0x54/0xa8 [drm_kms_helper] > > >> > >> [7.813346] fbcon_init+0x4e8/0x538 > > >> > >> [7.813357] visual_init+0xb4/0x108 > > >> > >> [7.813366] do_bind_con_driver+0x1b8/0x3a0 > > >> > >> [7.813373] do_take_over_console+0x150/0x1d0 > > >> > >> [7.813380] do_fbcon_takeover+0x6c/0xf0 > > >> > >> [7.813387] fbcon_event_notify+0x8fc/0x928 > > >> > >> [7.813399] notifier_call_chain+0x50/0x90 > > >> > >> [7.813406]
Re: [BUG] drm: vc4: refcount_t: increment on 0; use-after-free.
On Wed, Nov 22, 2017 at 11:57 PM, Daniel Vetterwrote: > On Wed, Nov 22, 2017 at 07:21:00PM +0100, Boris Brezillon wrote: >> On Wed, 22 Nov 2017 19:13:09 +0100 >> Daniel Vetter wrote: >> >> > On Wed, Nov 22, 2017 at 6:51 PM, Boris Brezillon >> > wrote: >> > > Hi Stefan, >> > > >> > > On Wed, 22 Nov 2017 17:43:35 +0100 (CET) >> > > Stefan Wahren wrote: >> > > >> > >> Hi Boris, >> > >> if i boot Raspberry Pi 3 (ARM64, defconfig, linux-next-20171122) with >> > >> sufficient CMA memory (32 MB), i'll get this warning during boot: >> > >> >> > >> [7.623510] vc4-drm soc:gpu: bound 3f902000.hdmi (ops vc4_hdmi_ops >> > >> [vc4]) >> > >> [7.632453] vc4-drm soc:gpu: bound 3f806000.vec (ops vc4_vec_ops >> > >> [vc4]) >> > >> [7.639707] vc4-drm soc:gpu: bound 3f40.hvs (ops vc4_hvs_ops >> > >> [vc4]) >> > >> [7.647364] vc4-drm soc:gpu: bound 3f206000.pixelvalve (ops >> > >> vc4_crtc_ops [vc4]) >> > >> [7.655451] vc4-drm soc:gpu: bound 3f207000.pixelvalve (ops >> > >> vc4_crtc_ops [vc4]) >> > >> [7.663415] vc4-drm soc:gpu: bound 3f807000.pixelvalve (ops >> > >> vc4_crtc_ops [vc4]) >> > >> [7.730580] vc4-drm soc:gpu: bound 3fc0.v3d (ops vc4_v3d_ops >> > >> [vc4]) >> > >> [7.743965] [drm] Initialized vc4 0.0.0 20140616 for soc:gpu on >> > >> minor 0 >> > >> [7.750841] [drm] Supports vblank timestamp caching Rev 2 >> > >> (21.10.2013). >> > >> [7.757620] [drm] Driver supports precise vblank timestamp query. >> > >> [7.811775] [ cut here ] >> > >> [7.811780] refcount_t: increment on 0; use-after-free. >> > >> [7.811881] WARNING: CPU: 2 PID: 2188 at lib/refcount.c:153 >> > >> refcount_inc+0x44/0x50 >> > >> [7.811884] Modules linked in: vc4(+) cfg80211 cec drm_kms_helper >> > >> smsc95xx usbnet drm rfkill brcmutil bcm2835_rng rng_core bcm2835_dma >> > >> crc32_ce i2c_bcm2835 pwm_bcm2835 ip_tables x_tables ipv6 >> > >> [7.811950] CPU: 2 PID: 2188 Comm: systemd-udevd Not tainted >> > >> 4.14.0-next-20171122 #1 >> > >> [7.811953] Hardware name: Raspberry Pi 3 Model B Rev 1.2 (DT) >> > >> [7.811958] task: 800036b91c00 task.stack: 0d6f >> > >> [7.811967] pstate: 2005 (nzCv daif -PAN -UAO) >> > >> [7.811974] pc : refcount_inc+0x44/0x50 >> > >> [7.811981] lr : refcount_inc+0x44/0x50 >> > >> [7.811984] sp : 0d6f3300 >> > >> [7.811988] x29: 0d6f3300 x28: >> > >> [7.811996] x27: 0003 x26: 800037107800 >> > >> [7.812004] x25: 0001 x24: 800035afdc00 >> > >> [7.812012] x23: x22: 800035dfa600 >> > >> [7.812020] x21: 800035afd9b0 x20: 800035afd9a4 >> > >> [7.812027] x19: x18: >> > >> [7.812034] x17: 0001 x16: 0019 >> > >> [7.812042] x15: 0001 x14: fff0 >> > >> [7.812049] x13: 090ae840 x12: 08fa2d50 >> > >> [7.812057] x11: 08fa2000 x10: 090ad000 >> > >> [7.812064] x9 : x8 : 090b5c2f >> > >> [7.812072] x7 : x6 : 0015ee00 >> > >> [7.812079] x5 : x4 : >> > >> [7.812087] x3 : x2 : 800030047000 >> > >> [7.812094] x1 : 800036b91c00 x0 : 002b >> > >> [7.812102] Call trace: >> > >> [7.812109] refcount_inc+0x44/0x50 >> > >> [7.812226] vc4_bo_inc_usecnt+0x84/0x88 [vc4] >> > >> [7.812310] vc4_prepare_fb+0x40/0xf0 [vc4] >> > >> [7.812460] drm_atomic_helper_prepare_planes+0x54/0xf0 >> > >> [drm_kms_helper] >> > >> [7.812543] vc4_atomic_commit+0x88/0x130 [vc4] >> > >> [7.812868] drm_atomic_commit+0x48/0x68 [drm] >> > >> [7.813002] restore_fbdev_mode_atomic+0x1d8/0x1e8 [drm_kms_helper] >> > >> [7.813113] restore_fbdev_mode+0x28/0x160 [drm_kms_helper] >> > >> [7.813223] >> > >> drm_fb_helper_restore_fbdev_mode_unlocked.part.24+0x28/0x90 >> > >> [drm_kms_helper] >> > >> [7.813331] drm_fb_helper_set_par+0x54/0xa8 [drm_kms_helper] >> > >> [7.813346] fbcon_init+0x4e8/0x538 >> > >> [7.813357] visual_init+0xb4/0x108 >> > >> [7.813366] do_bind_con_driver+0x1b8/0x3a0 >> > >> [7.813373] do_take_over_console+0x150/0x1d0 >> > >> [7.813380] do_fbcon_takeover+0x6c/0xf0 >> > >> [7.813387] fbcon_event_notify+0x8fc/0x928 >> > >> [7.813399] notifier_call_chain+0x50/0x90 >> > >> [7.813406] __blocking_notifier_call_chain+0x4c/0x90 >> > >> [7.813413] blocking_notifier_call_chain+0x14/0x20 >> > >> [7.813420] fb_notifier_call_chain+0x1c/0x28 >> > >> [7.813426] register_framebuffer+0x1d0/0x2d8 >> > >> [7.813533] __drm_fb_helper_initial_config_and_unlock+0x1e8/0x350 >> > >> [drm_kms_helper] >> > >> [7.813639]
Re: [BUG] drm: vc4: refcount_t: increment on 0; use-after-free.
Boris Brezillonwrites: > Hi Kees, > > On Sat, 25 Nov 2017 12:57:04 -0800 > Kees Cook wrote: > >> On Wed, Nov 22, 2017 at 11:57 PM, Daniel Vetter wrote: >> > On Wed, Nov 22, 2017 at 07:21:00PM +0100, Boris Brezillon wrote: >> >> On Wed, 22 Nov 2017 19:13:09 +0100 >> >> Daniel Vetter wrote: >> >> >> >> > On Wed, Nov 22, 2017 at 6:51 PM, Boris Brezillon >> >> > wrote: >> >> > > Hi Stefan, >> >> > > >> >> > > On Wed, 22 Nov 2017 17:43:35 +0100 (CET) >> >> > > Stefan Wahren wrote: >> >> > > >> >> > >> Hi Boris, >> >> > >> if i boot Raspberry Pi 3 (ARM64, defconfig, linux-next-20171122) >> >> > >> with sufficient CMA memory (32 MB), i'll get this warning during >> >> > >> boot: >> >> > >> >> >> > >> [7.623510] vc4-drm soc:gpu: bound 3f902000.hdmi (ops >> >> > >> vc4_hdmi_ops [vc4]) >> >> > >> [7.632453] vc4-drm soc:gpu: bound 3f806000.vec (ops vc4_vec_ops >> >> > >> [vc4]) >> >> > >> [7.639707] vc4-drm soc:gpu: bound 3f40.hvs (ops vc4_hvs_ops >> >> > >> [vc4]) >> >> > >> [7.647364] vc4-drm soc:gpu: bound 3f206000.pixelvalve (ops >> >> > >> vc4_crtc_ops [vc4]) >> >> > >> [7.655451] vc4-drm soc:gpu: bound 3f207000.pixelvalve (ops >> >> > >> vc4_crtc_ops [vc4]) >> >> > >> [7.663415] vc4-drm soc:gpu: bound 3f807000.pixelvalve (ops >> >> > >> vc4_crtc_ops [vc4]) >> >> > >> [7.730580] vc4-drm soc:gpu: bound 3fc0.v3d (ops vc4_v3d_ops >> >> > >> [vc4]) >> >> > >> [7.743965] [drm] Initialized vc4 0.0.0 20140616 for soc:gpu on >> >> > >> minor 0 >> >> > >> [7.750841] [drm] Supports vblank timestamp caching Rev 2 >> >> > >> (21.10.2013). >> >> > >> [7.757620] [drm] Driver supports precise vblank timestamp query. >> >> > >> [7.811775] [ cut here ] >> >> > >> [7.811780] refcount_t: increment on 0; use-after-free. >> >> > >> [7.811881] WARNING: CPU: 2 PID: 2188 at lib/refcount.c:153 >> >> > >> refcount_inc+0x44/0x50 >> >> > >> [7.811884] Modules linked in: vc4(+) cfg80211 cec drm_kms_helper >> >> > >> smsc95xx usbnet drm rfkill brcmutil bcm2835_rng rng_core bcm2835_dma >> >> > >> crc32_ce i2c_bcm2835 pwm_bcm2835 ip_tables x_tables ipv6 >> >> > >> [7.811950] CPU: 2 PID: 2188 Comm: systemd-udevd Not tainted >> >> > >> 4.14.0-next-20171122 #1 >> >> > >> [7.811953] Hardware name: Raspberry Pi 3 Model B Rev 1.2 (DT) >> >> > >> [7.811958] task: 800036b91c00 task.stack: 0d6f >> >> > >> [7.811967] pstate: 2005 (nzCv daif -PAN -UAO) >> >> > >> [7.811974] pc : refcount_inc+0x44/0x50 >> >> > >> [7.811981] lr : refcount_inc+0x44/0x50 >> >> > >> [7.811984] sp : 0d6f3300 >> >> > >> [7.811988] x29: 0d6f3300 x28: >> >> > >> [7.811996] x27: 0003 x26: 800037107800 >> >> > >> [7.812004] x25: 0001 x24: 800035afdc00 >> >> > >> [7.812012] x23: x22: 800035dfa600 >> >> > >> [7.812020] x21: 800035afd9b0 x20: 800035afd9a4 >> >> > >> [7.812027] x19: x18: >> >> > >> [7.812034] x17: 0001 x16: 0019 >> >> > >> [7.812042] x15: 0001 x14: fff0 >> >> > >> [7.812049] x13: 090ae840 x12: 08fa2d50 >> >> > >> [7.812057] x11: 08fa2000 x10: 090ad000 >> >> > >> [7.812064] x9 : x8 : 090b5c2f >> >> > >> [7.812072] x7 : x6 : 0015ee00 >> >> > >> [7.812079] x5 : x4 : >> >> > >> [7.812087] x3 : x2 : 800030047000 >> >> > >> [7.812094] x1 : 800036b91c00 x0 : 002b >> >> > >> [7.812102] Call trace: >> >> > >> [7.812109] refcount_inc+0x44/0x50 >> >> > >> [7.812226] vc4_bo_inc_usecnt+0x84/0x88 [vc4] >> >> > >> [7.812310] vc4_prepare_fb+0x40/0xf0 [vc4] >> >> > >> [7.812460] drm_atomic_helper_prepare_planes+0x54/0xf0 >> >> > >> [drm_kms_helper] >> >> > >> [7.812543] vc4_atomic_commit+0x88/0x130 [vc4] >> >> > >> [7.812868] drm_atomic_commit+0x48/0x68 [drm] >> >> > >> [7.813002] restore_fbdev_mode_atomic+0x1d8/0x1e8 >> >> > >> [drm_kms_helper] >> >> > >> [7.813113] restore_fbdev_mode+0x28/0x160 [drm_kms_helper] >> >> > >> [7.813223] >> >> > >> drm_fb_helper_restore_fbdev_mode_unlocked.part.24+0x28/0x90 >> >> > >> [drm_kms_helper] >> >> > >> [7.813331] drm_fb_helper_set_par+0x54/0xa8 [drm_kms_helper] >> >> > >> [7.813346] fbcon_init+0x4e8/0x538 >> >> > >> [7.813357] visual_init+0xb4/0x108 >> >> > >> [7.813366] do_bind_con_driver+0x1b8/0x3a0 >> >> > >> [7.813373] do_take_over_console+0x150/0x1d0 >> >> > >> [7.813380] do_fbcon_takeover+0x6c/0xf0 >> >> > >> [7.813387] fbcon_event_notify+0x8fc/0x928 >> >>
Re: [BUG] drm: vc4: refcount_t: increment on 0; use-after-free.
Hi Kees, On Sat, 25 Nov 2017 12:57:04 -0800 Kees Cookwrote: > On Wed, Nov 22, 2017 at 11:57 PM, Daniel Vetter wrote: > > On Wed, Nov 22, 2017 at 07:21:00PM +0100, Boris Brezillon wrote: > >> On Wed, 22 Nov 2017 19:13:09 +0100 > >> Daniel Vetter wrote: > >> > >> > On Wed, Nov 22, 2017 at 6:51 PM, Boris Brezillon > >> > wrote: > >> > > Hi Stefan, > >> > > > >> > > On Wed, 22 Nov 2017 17:43:35 +0100 (CET) > >> > > Stefan Wahren wrote: > >> > > > >> > >> Hi Boris, > >> > >> if i boot Raspberry Pi 3 (ARM64, defconfig, linux-next-20171122) with > >> > >> sufficient CMA memory (32 MB), i'll get this warning during boot: > >> > >> > >> > >> [7.623510] vc4-drm soc:gpu: bound 3f902000.hdmi (ops vc4_hdmi_ops > >> > >> [vc4]) > >> > >> [7.632453] vc4-drm soc:gpu: bound 3f806000.vec (ops vc4_vec_ops > >> > >> [vc4]) > >> > >> [7.639707] vc4-drm soc:gpu: bound 3f40.hvs (ops vc4_hvs_ops > >> > >> [vc4]) > >> > >> [7.647364] vc4-drm soc:gpu: bound 3f206000.pixelvalve (ops > >> > >> vc4_crtc_ops [vc4]) > >> > >> [7.655451] vc4-drm soc:gpu: bound 3f207000.pixelvalve (ops > >> > >> vc4_crtc_ops [vc4]) > >> > >> [7.663415] vc4-drm soc:gpu: bound 3f807000.pixelvalve (ops > >> > >> vc4_crtc_ops [vc4]) > >> > >> [7.730580] vc4-drm soc:gpu: bound 3fc0.v3d (ops vc4_v3d_ops > >> > >> [vc4]) > >> > >> [7.743965] [drm] Initialized vc4 0.0.0 20140616 for soc:gpu on > >> > >> minor 0 > >> > >> [7.750841] [drm] Supports vblank timestamp caching Rev 2 > >> > >> (21.10.2013). > >> > >> [7.757620] [drm] Driver supports precise vblank timestamp query. > >> > >> [7.811775] [ cut here ] > >> > >> [7.811780] refcount_t: increment on 0; use-after-free. > >> > >> [7.811881] WARNING: CPU: 2 PID: 2188 at lib/refcount.c:153 > >> > >> refcount_inc+0x44/0x50 > >> > >> [7.811884] Modules linked in: vc4(+) cfg80211 cec drm_kms_helper > >> > >> smsc95xx usbnet drm rfkill brcmutil bcm2835_rng rng_core bcm2835_dma > >> > >> crc32_ce i2c_bcm2835 pwm_bcm2835 ip_tables x_tables ipv6 > >> > >> [7.811950] CPU: 2 PID: 2188 Comm: systemd-udevd Not tainted > >> > >> 4.14.0-next-20171122 #1 > >> > >> [7.811953] Hardware name: Raspberry Pi 3 Model B Rev 1.2 (DT) > >> > >> [7.811958] task: 800036b91c00 task.stack: 0d6f > >> > >> [7.811967] pstate: 2005 (nzCv daif -PAN -UAO) > >> > >> [7.811974] pc : refcount_inc+0x44/0x50 > >> > >> [7.811981] lr : refcount_inc+0x44/0x50 > >> > >> [7.811984] sp : 0d6f3300 > >> > >> [7.811988] x29: 0d6f3300 x28: > >> > >> [7.811996] x27: 0003 x26: 800037107800 > >> > >> [7.812004] x25: 0001 x24: 800035afdc00 > >> > >> [7.812012] x23: x22: 800035dfa600 > >> > >> [7.812020] x21: 800035afd9b0 x20: 800035afd9a4 > >> > >> [7.812027] x19: x18: > >> > >> [7.812034] x17: 0001 x16: 0019 > >> > >> [7.812042] x15: 0001 x14: fff0 > >> > >> [7.812049] x13: 090ae840 x12: 08fa2d50 > >> > >> [7.812057] x11: 08fa2000 x10: 090ad000 > >> > >> [7.812064] x9 : x8 : 090b5c2f > >> > >> [7.812072] x7 : x6 : 0015ee00 > >> > >> [7.812079] x5 : x4 : > >> > >> [7.812087] x3 : x2 : 800030047000 > >> > >> [7.812094] x1 : 800036b91c00 x0 : 002b > >> > >> [7.812102] Call trace: > >> > >> [7.812109] refcount_inc+0x44/0x50 > >> > >> [7.812226] vc4_bo_inc_usecnt+0x84/0x88 [vc4] > >> > >> [7.812310] vc4_prepare_fb+0x40/0xf0 [vc4] > >> > >> [7.812460] drm_atomic_helper_prepare_planes+0x54/0xf0 > >> > >> [drm_kms_helper] > >> > >> [7.812543] vc4_atomic_commit+0x88/0x130 [vc4] > >> > >> [7.812868] drm_atomic_commit+0x48/0x68 [drm] > >> > >> [7.813002] restore_fbdev_mode_atomic+0x1d8/0x1e8 [drm_kms_helper] > >> > >> [7.813113] restore_fbdev_mode+0x28/0x160 [drm_kms_helper] > >> > >> [7.813223] > >> > >> drm_fb_helper_restore_fbdev_mode_unlocked.part.24+0x28/0x90 > >> > >> [drm_kms_helper] > >> > >> [7.813331] drm_fb_helper_set_par+0x54/0xa8 [drm_kms_helper] > >> > >> [7.813346] fbcon_init+0x4e8/0x538 > >> > >> [7.813357] visual_init+0xb4/0x108 > >> > >> [7.813366] do_bind_con_driver+0x1b8/0x3a0 > >> > >> [7.813373] do_take_over_console+0x150/0x1d0 > >> > >> [7.813380] do_fbcon_takeover+0x6c/0xf0 > >> > >> [7.813387] fbcon_event_notify+0x8fc/0x928 > >> > >> [7.813399] notifier_call_chain+0x50/0x90 > >> > >> [7.813406] __blocking_notifier_call_chain+0x4c/0x90 > >> > >> [7.813413]
Re: [BUG] drm: vc4: refcount_t: increment on 0; use-after-free.
Hi Boris, > Boris Brezillonhat am 22. November 2017 > um 18:51 geschrieben: > > > Hi Stefan, > > On Wed, 22 Nov 2017 17:43:35 +0100 (CET) > Stefan Wahren wrote: > ... > > Looks like I didn't test this code with CONFIG_REFCOUNT_FULL enabled :-/. > > Anyway, can you try to apply the following diff and let me know if it > fixes the problem? yes, this fixes the problem. > > Thanks, > > Boris > > --->8--- > diff --git a/drivers/gpu/drm/vc4/vc4_bo.c b/drivers/gpu/drm/vc4/vc4_bo.c > index 4ae45d7dac42..2decc8e2c79f 100644 > --- a/drivers/gpu/drm/vc4/vc4_bo.c > +++ b/drivers/gpu/drm/vc4/vc4_bo.c > @@ -637,7 +637,8 @@ int vc4_bo_inc_usecnt(struct vc4_bo *bo) > mutex_lock(>madv_lock); > switch (bo->madv) { > case VC4_MADV_WILLNEED: > - refcount_inc(>usecnt); > + if (!refcount_inc_not_zero(>usecnt)) > + refcount_set(>usecnt, 1); > ret = 0; > break; > case VC4_MADV_DONTNEED: > ___ dri-devel mailing list dri-devel@lists.freedesktop.org https://lists.freedesktop.org/mailman/listinfo/dri-devel
Re: [BUG] drm: vc4: refcount_t: increment on 0; use-after-free.
On Wed, Nov 22, 2017 at 07:21:00PM +0100, Boris Brezillon wrote: > On Wed, 22 Nov 2017 19:13:09 +0100 > Daniel Vetterwrote: > > > On Wed, Nov 22, 2017 at 6:51 PM, Boris Brezillon > > wrote: > > > Hi Stefan, > > > > > > On Wed, 22 Nov 2017 17:43:35 +0100 (CET) > > > Stefan Wahren wrote: > > > > > >> Hi Boris, > > >> if i boot Raspberry Pi 3 (ARM64, defconfig, linux-next-20171122) with > > >> sufficient CMA memory (32 MB), i'll get this warning during boot: > > >> > > >> [7.623510] vc4-drm soc:gpu: bound 3f902000.hdmi (ops vc4_hdmi_ops > > >> [vc4]) > > >> [7.632453] vc4-drm soc:gpu: bound 3f806000.vec (ops vc4_vec_ops > > >> [vc4]) > > >> [7.639707] vc4-drm soc:gpu: bound 3f40.hvs (ops vc4_hvs_ops > > >> [vc4]) > > >> [7.647364] vc4-drm soc:gpu: bound 3f206000.pixelvalve (ops > > >> vc4_crtc_ops [vc4]) > > >> [7.655451] vc4-drm soc:gpu: bound 3f207000.pixelvalve (ops > > >> vc4_crtc_ops [vc4]) > > >> [7.663415] vc4-drm soc:gpu: bound 3f807000.pixelvalve (ops > > >> vc4_crtc_ops [vc4]) > > >> [7.730580] vc4-drm soc:gpu: bound 3fc0.v3d (ops vc4_v3d_ops > > >> [vc4]) > > >> [7.743965] [drm] Initialized vc4 0.0.0 20140616 for soc:gpu on minor > > >> 0 > > >> [7.750841] [drm] Supports vblank timestamp caching Rev 2 > > >> (21.10.2013). > > >> [7.757620] [drm] Driver supports precise vblank timestamp query. > > >> [7.811775] [ cut here ] > > >> [7.811780] refcount_t: increment on 0; use-after-free. > > >> [7.811881] WARNING: CPU: 2 PID: 2188 at lib/refcount.c:153 > > >> refcount_inc+0x44/0x50 > > >> [7.811884] Modules linked in: vc4(+) cfg80211 cec drm_kms_helper > > >> smsc95xx usbnet drm rfkill brcmutil bcm2835_rng rng_core bcm2835_dma > > >> crc32_ce i2c_bcm2835 pwm_bcm2835 ip_tables x_tables ipv6 > > >> [7.811950] CPU: 2 PID: 2188 Comm: systemd-udevd Not tainted > > >> 4.14.0-next-20171122 #1 > > >> [7.811953] Hardware name: Raspberry Pi 3 Model B Rev 1.2 (DT) > > >> [7.811958] task: 800036b91c00 task.stack: 0d6f > > >> [7.811967] pstate: 2005 (nzCv daif -PAN -UAO) > > >> [7.811974] pc : refcount_inc+0x44/0x50 > > >> [7.811981] lr : refcount_inc+0x44/0x50 > > >> [7.811984] sp : 0d6f3300 > > >> [7.811988] x29: 0d6f3300 x28: > > >> [7.811996] x27: 0003 x26: 800037107800 > > >> [7.812004] x25: 0001 x24: 800035afdc00 > > >> [7.812012] x23: x22: 800035dfa600 > > >> [7.812020] x21: 800035afd9b0 x20: 800035afd9a4 > > >> [7.812027] x19: x18: > > >> [7.812034] x17: 0001 x16: 0019 > > >> [7.812042] x15: 0001 x14: fff0 > > >> [7.812049] x13: 090ae840 x12: 08fa2d50 > > >> [7.812057] x11: 08fa2000 x10: 090ad000 > > >> [7.812064] x9 : x8 : 090b5c2f > > >> [7.812072] x7 : x6 : 0015ee00 > > >> [7.812079] x5 : x4 : > > >> [7.812087] x3 : x2 : 800030047000 > > >> [7.812094] x1 : 800036b91c00 x0 : 002b > > >> [7.812102] Call trace: > > >> [7.812109] refcount_inc+0x44/0x50 > > >> [7.812226] vc4_bo_inc_usecnt+0x84/0x88 [vc4] > > >> [7.812310] vc4_prepare_fb+0x40/0xf0 [vc4] > > >> [7.812460] drm_atomic_helper_prepare_planes+0x54/0xf0 > > >> [drm_kms_helper] > > >> [7.812543] vc4_atomic_commit+0x88/0x130 [vc4] > > >> [7.812868] drm_atomic_commit+0x48/0x68 [drm] > > >> [7.813002] restore_fbdev_mode_atomic+0x1d8/0x1e8 [drm_kms_helper] > > >> [7.813113] restore_fbdev_mode+0x28/0x160 [drm_kms_helper] > > >> [7.813223] > > >> drm_fb_helper_restore_fbdev_mode_unlocked.part.24+0x28/0x90 > > >> [drm_kms_helper] > > >> [7.813331] drm_fb_helper_set_par+0x54/0xa8 [drm_kms_helper] > > >> [7.813346] fbcon_init+0x4e8/0x538 > > >> [7.813357] visual_init+0xb4/0x108 > > >> [7.813366] do_bind_con_driver+0x1b8/0x3a0 > > >> [7.813373] do_take_over_console+0x150/0x1d0 > > >> [7.813380] do_fbcon_takeover+0x6c/0xf0 > > >> [7.813387] fbcon_event_notify+0x8fc/0x928 > > >> [7.813399] notifier_call_chain+0x50/0x90 > > >> [7.813406] __blocking_notifier_call_chain+0x4c/0x90 > > >> [7.813413] blocking_notifier_call_chain+0x14/0x20 > > >> [7.813420] fb_notifier_call_chain+0x1c/0x28 > > >> [7.813426] register_framebuffer+0x1d0/0x2d8 > > >> [7.813533] __drm_fb_helper_initial_config_and_unlock+0x1e8/0x350 > > >> [drm_kms_helper] > > >> [7.813639] drm_fb_helper_initial_config+0x40/0x58 [drm_kms_helper] > > >> [7.813747] drm_fbdev_cma_init_with_funcs+0x88/0x158 [drm_kms_helper] > > >> [7.813855] drm_fbdev_cma_init+0x14/0x28
Re: [BUG] drm: vc4: refcount_t: increment on 0; use-after-free.
On Wed, 22 Nov 2017 19:13:09 +0100 Daniel Vetterwrote: > On Wed, Nov 22, 2017 at 6:51 PM, Boris Brezillon > wrote: > > Hi Stefan, > > > > On Wed, 22 Nov 2017 17:43:35 +0100 (CET) > > Stefan Wahren wrote: > > > >> Hi Boris, > >> if i boot Raspberry Pi 3 (ARM64, defconfig, linux-next-20171122) with > >> sufficient CMA memory (32 MB), i'll get this warning during boot: > >> > >> [7.623510] vc4-drm soc:gpu: bound 3f902000.hdmi (ops vc4_hdmi_ops > >> [vc4]) > >> [7.632453] vc4-drm soc:gpu: bound 3f806000.vec (ops vc4_vec_ops [vc4]) > >> [7.639707] vc4-drm soc:gpu: bound 3f40.hvs (ops vc4_hvs_ops [vc4]) > >> [7.647364] vc4-drm soc:gpu: bound 3f206000.pixelvalve (ops > >> vc4_crtc_ops [vc4]) > >> [7.655451] vc4-drm soc:gpu: bound 3f207000.pixelvalve (ops > >> vc4_crtc_ops [vc4]) > >> [7.663415] vc4-drm soc:gpu: bound 3f807000.pixelvalve (ops > >> vc4_crtc_ops [vc4]) > >> [7.730580] vc4-drm soc:gpu: bound 3fc0.v3d (ops vc4_v3d_ops [vc4]) > >> [7.743965] [drm] Initialized vc4 0.0.0 20140616 for soc:gpu on minor 0 > >> [7.750841] [drm] Supports vblank timestamp caching Rev 2 (21.10.2013). > >> [7.757620] [drm] Driver supports precise vblank timestamp query. > >> [7.811775] [ cut here ] > >> [7.811780] refcount_t: increment on 0; use-after-free. > >> [7.811881] WARNING: CPU: 2 PID: 2188 at lib/refcount.c:153 > >> refcount_inc+0x44/0x50 > >> [7.811884] Modules linked in: vc4(+) cfg80211 cec drm_kms_helper > >> smsc95xx usbnet drm rfkill brcmutil bcm2835_rng rng_core bcm2835_dma > >> crc32_ce i2c_bcm2835 pwm_bcm2835 ip_tables x_tables ipv6 > >> [7.811950] CPU: 2 PID: 2188 Comm: systemd-udevd Not tainted > >> 4.14.0-next-20171122 #1 > >> [7.811953] Hardware name: Raspberry Pi 3 Model B Rev 1.2 (DT) > >> [7.811958] task: 800036b91c00 task.stack: 0d6f > >> [7.811967] pstate: 2005 (nzCv daif -PAN -UAO) > >> [7.811974] pc : refcount_inc+0x44/0x50 > >> [7.811981] lr : refcount_inc+0x44/0x50 > >> [7.811984] sp : 0d6f3300 > >> [7.811988] x29: 0d6f3300 x28: > >> [7.811996] x27: 0003 x26: 800037107800 > >> [7.812004] x25: 0001 x24: 800035afdc00 > >> [7.812012] x23: x22: 800035dfa600 > >> [7.812020] x21: 800035afd9b0 x20: 800035afd9a4 > >> [7.812027] x19: x18: > >> [7.812034] x17: 0001 x16: 0019 > >> [7.812042] x15: 0001 x14: fff0 > >> [7.812049] x13: 090ae840 x12: 08fa2d50 > >> [7.812057] x11: 08fa2000 x10: 090ad000 > >> [7.812064] x9 : x8 : 090b5c2f > >> [7.812072] x7 : x6 : 0015ee00 > >> [7.812079] x5 : x4 : > >> [7.812087] x3 : x2 : 800030047000 > >> [7.812094] x1 : 800036b91c00 x0 : 002b > >> [7.812102] Call trace: > >> [7.812109] refcount_inc+0x44/0x50 > >> [7.812226] vc4_bo_inc_usecnt+0x84/0x88 [vc4] > >> [7.812310] vc4_prepare_fb+0x40/0xf0 [vc4] > >> [7.812460] drm_atomic_helper_prepare_planes+0x54/0xf0 [drm_kms_helper] > >> [7.812543] vc4_atomic_commit+0x88/0x130 [vc4] > >> [7.812868] drm_atomic_commit+0x48/0x68 [drm] > >> [7.813002] restore_fbdev_mode_atomic+0x1d8/0x1e8 [drm_kms_helper] > >> [7.813113] restore_fbdev_mode+0x28/0x160 [drm_kms_helper] > >> [7.813223] > >> drm_fb_helper_restore_fbdev_mode_unlocked.part.24+0x28/0x90 > >> [drm_kms_helper] > >> [7.813331] drm_fb_helper_set_par+0x54/0xa8 [drm_kms_helper] > >> [7.813346] fbcon_init+0x4e8/0x538 > >> [7.813357] visual_init+0xb4/0x108 > >> [7.813366] do_bind_con_driver+0x1b8/0x3a0 > >> [7.813373] do_take_over_console+0x150/0x1d0 > >> [7.813380] do_fbcon_takeover+0x6c/0xf0 > >> [7.813387] fbcon_event_notify+0x8fc/0x928 > >> [7.813399] notifier_call_chain+0x50/0x90 > >> [7.813406] __blocking_notifier_call_chain+0x4c/0x90 > >> [7.813413] blocking_notifier_call_chain+0x14/0x20 > >> [7.813420] fb_notifier_call_chain+0x1c/0x28 > >> [7.813426] register_framebuffer+0x1d0/0x2d8 > >> [7.813533] __drm_fb_helper_initial_config_and_unlock+0x1e8/0x350 > >> [drm_kms_helper] > >> [7.813639] drm_fb_helper_initial_config+0x40/0x58 [drm_kms_helper] > >> [7.813747] drm_fbdev_cma_init_with_funcs+0x88/0x158 [drm_kms_helper] > >> [7.813855] drm_fbdev_cma_init+0x14/0x28 [drm_kms_helper] > >> [7.813943] vc4_kms_load+0xa4/0xf0 [vc4] > >> [7.814026] vc4_drm_bind+0x100/0x168 [vc4] > >> [7.814038] try_to_bring_up_master+0x144/0x1a8 > >> [7.814044] component_master_add_with_match+0x9c/0xe0 > >> [7.814128]
Re: [BUG] drm: vc4: refcount_t: increment on 0; use-after-free.
On Wed, Nov 22, 2017 at 6:51 PM, Boris Brezillonwrote: > Hi Stefan, > > On Wed, 22 Nov 2017 17:43:35 +0100 (CET) > Stefan Wahren wrote: > >> Hi Boris, >> if i boot Raspberry Pi 3 (ARM64, defconfig, linux-next-20171122) with >> sufficient CMA memory (32 MB), i'll get this warning during boot: >> >> [7.623510] vc4-drm soc:gpu: bound 3f902000.hdmi (ops vc4_hdmi_ops [vc4]) >> [7.632453] vc4-drm soc:gpu: bound 3f806000.vec (ops vc4_vec_ops [vc4]) >> [7.639707] vc4-drm soc:gpu: bound 3f40.hvs (ops vc4_hvs_ops [vc4]) >> [7.647364] vc4-drm soc:gpu: bound 3f206000.pixelvalve (ops vc4_crtc_ops >> [vc4]) >> [7.655451] vc4-drm soc:gpu: bound 3f207000.pixelvalve (ops vc4_crtc_ops >> [vc4]) >> [7.663415] vc4-drm soc:gpu: bound 3f807000.pixelvalve (ops vc4_crtc_ops >> [vc4]) >> [7.730580] vc4-drm soc:gpu: bound 3fc0.v3d (ops vc4_v3d_ops [vc4]) >> [7.743965] [drm] Initialized vc4 0.0.0 20140616 for soc:gpu on minor 0 >> [7.750841] [drm] Supports vblank timestamp caching Rev 2 (21.10.2013). >> [7.757620] [drm] Driver supports precise vblank timestamp query. >> [7.811775] [ cut here ] >> [7.811780] refcount_t: increment on 0; use-after-free. >> [7.811881] WARNING: CPU: 2 PID: 2188 at lib/refcount.c:153 >> refcount_inc+0x44/0x50 >> [7.811884] Modules linked in: vc4(+) cfg80211 cec drm_kms_helper >> smsc95xx usbnet drm rfkill brcmutil bcm2835_rng rng_core bcm2835_dma >> crc32_ce i2c_bcm2835 pwm_bcm2835 ip_tables x_tables ipv6 >> [7.811950] CPU: 2 PID: 2188 Comm: systemd-udevd Not tainted >> 4.14.0-next-20171122 #1 >> [7.811953] Hardware name: Raspberry Pi 3 Model B Rev 1.2 (DT) >> [7.811958] task: 800036b91c00 task.stack: 0d6f >> [7.811967] pstate: 2005 (nzCv daif -PAN -UAO) >> [7.811974] pc : refcount_inc+0x44/0x50 >> [7.811981] lr : refcount_inc+0x44/0x50 >> [7.811984] sp : 0d6f3300 >> [7.811988] x29: 0d6f3300 x28: >> [7.811996] x27: 0003 x26: 800037107800 >> [7.812004] x25: 0001 x24: 800035afdc00 >> [7.812012] x23: x22: 800035dfa600 >> [7.812020] x21: 800035afd9b0 x20: 800035afd9a4 >> [7.812027] x19: x18: >> [7.812034] x17: 0001 x16: 0019 >> [7.812042] x15: 0001 x14: fff0 >> [7.812049] x13: 090ae840 x12: 08fa2d50 >> [7.812057] x11: 08fa2000 x10: 090ad000 >> [7.812064] x9 : x8 : 090b5c2f >> [7.812072] x7 : x6 : 0015ee00 >> [7.812079] x5 : x4 : >> [7.812087] x3 : x2 : 800030047000 >> [7.812094] x1 : 800036b91c00 x0 : 002b >> [7.812102] Call trace: >> [7.812109] refcount_inc+0x44/0x50 >> [7.812226] vc4_bo_inc_usecnt+0x84/0x88 [vc4] >> [7.812310] vc4_prepare_fb+0x40/0xf0 [vc4] >> [7.812460] drm_atomic_helper_prepare_planes+0x54/0xf0 [drm_kms_helper] >> [7.812543] vc4_atomic_commit+0x88/0x130 [vc4] >> [7.812868] drm_atomic_commit+0x48/0x68 [drm] >> [7.813002] restore_fbdev_mode_atomic+0x1d8/0x1e8 [drm_kms_helper] >> [7.813113] restore_fbdev_mode+0x28/0x160 [drm_kms_helper] >> [7.813223] drm_fb_helper_restore_fbdev_mode_unlocked.part.24+0x28/0x90 >> [drm_kms_helper] >> [7.813331] drm_fb_helper_set_par+0x54/0xa8 [drm_kms_helper] >> [7.813346] fbcon_init+0x4e8/0x538 >> [7.813357] visual_init+0xb4/0x108 >> [7.813366] do_bind_con_driver+0x1b8/0x3a0 >> [7.813373] do_take_over_console+0x150/0x1d0 >> [7.813380] do_fbcon_takeover+0x6c/0xf0 >> [7.813387] fbcon_event_notify+0x8fc/0x928 >> [7.813399] notifier_call_chain+0x50/0x90 >> [7.813406] __blocking_notifier_call_chain+0x4c/0x90 >> [7.813413] blocking_notifier_call_chain+0x14/0x20 >> [7.813420] fb_notifier_call_chain+0x1c/0x28 >> [7.813426] register_framebuffer+0x1d0/0x2d8 >> [7.813533] __drm_fb_helper_initial_config_and_unlock+0x1e8/0x350 >> [drm_kms_helper] >> [7.813639] drm_fb_helper_initial_config+0x40/0x58 [drm_kms_helper] >> [7.813747] drm_fbdev_cma_init_with_funcs+0x88/0x158 [drm_kms_helper] >> [7.813855] drm_fbdev_cma_init+0x14/0x28 [drm_kms_helper] >> [7.813943] vc4_kms_load+0xa4/0xf0 [vc4] >> [7.814026] vc4_drm_bind+0x100/0x168 [vc4] >> [7.814038] try_to_bring_up_master+0x144/0x1a8 >> [7.814044] component_master_add_with_match+0x9c/0xe0 >> [7.814128] vc4_platform_drm_probe+0xb4/0xf0 [vc4] >> [7.814137] platform_drv_probe+0x58/0xc0 >> [7.814146] driver_probe_device+0x224/0x308 >> [7.814153] __driver_attach+0xac/0xb0 >> [7.814161] bus_for_each_dev+0x64/0xa0 >> [7.814169] driver_attach+0x20/0x28 >> [7.814177]
Re: [BUG] drm: vc4: refcount_t: increment on 0; use-after-free.
Hi Stefan, On Wed, 22 Nov 2017 17:43:35 +0100 (CET) Stefan Wahrenwrote: > Hi Boris, > if i boot Raspberry Pi 3 (ARM64, defconfig, linux-next-20171122) with > sufficient CMA memory (32 MB), i'll get this warning during boot: > > [7.623510] vc4-drm soc:gpu: bound 3f902000.hdmi (ops vc4_hdmi_ops [vc4]) > [7.632453] vc4-drm soc:gpu: bound 3f806000.vec (ops vc4_vec_ops [vc4]) > [7.639707] vc4-drm soc:gpu: bound 3f40.hvs (ops vc4_hvs_ops [vc4]) > [7.647364] vc4-drm soc:gpu: bound 3f206000.pixelvalve (ops vc4_crtc_ops > [vc4]) > [7.655451] vc4-drm soc:gpu: bound 3f207000.pixelvalve (ops vc4_crtc_ops > [vc4]) > [7.663415] vc4-drm soc:gpu: bound 3f807000.pixelvalve (ops vc4_crtc_ops > [vc4]) > [7.730580] vc4-drm soc:gpu: bound 3fc0.v3d (ops vc4_v3d_ops [vc4]) > [7.743965] [drm] Initialized vc4 0.0.0 20140616 for soc:gpu on minor 0 > [7.750841] [drm] Supports vblank timestamp caching Rev 2 (21.10.2013). > [7.757620] [drm] Driver supports precise vblank timestamp query. > [7.811775] [ cut here ] > [7.811780] refcount_t: increment on 0; use-after-free. > [7.811881] WARNING: CPU: 2 PID: 2188 at lib/refcount.c:153 > refcount_inc+0x44/0x50 > [7.811884] Modules linked in: vc4(+) cfg80211 cec drm_kms_helper smsc95xx > usbnet drm rfkill brcmutil bcm2835_rng rng_core bcm2835_dma crc32_ce > i2c_bcm2835 pwm_bcm2835 ip_tables x_tables ipv6 > [7.811950] CPU: 2 PID: 2188 Comm: systemd-udevd Not tainted > 4.14.0-next-20171122 #1 > [7.811953] Hardware name: Raspberry Pi 3 Model B Rev 1.2 (DT) > [7.811958] task: 800036b91c00 task.stack: 0d6f > [7.811967] pstate: 2005 (nzCv daif -PAN -UAO) > [7.811974] pc : refcount_inc+0x44/0x50 > [7.811981] lr : refcount_inc+0x44/0x50 > [7.811984] sp : 0d6f3300 > [7.811988] x29: 0d6f3300 x28: > [7.811996] x27: 0003 x26: 800037107800 > [7.812004] x25: 0001 x24: 800035afdc00 > [7.812012] x23: x22: 800035dfa600 > [7.812020] x21: 800035afd9b0 x20: 800035afd9a4 > [7.812027] x19: x18: > [7.812034] x17: 0001 x16: 0019 > [7.812042] x15: 0001 x14: fff0 > [7.812049] x13: 090ae840 x12: 08fa2d50 > [7.812057] x11: 08fa2000 x10: 090ad000 > [7.812064] x9 : x8 : 090b5c2f > [7.812072] x7 : x6 : 0015ee00 > [7.812079] x5 : x4 : > [7.812087] x3 : x2 : 800030047000 > [7.812094] x1 : 800036b91c00 x0 : 002b > [7.812102] Call trace: > [7.812109] refcount_inc+0x44/0x50 > [7.812226] vc4_bo_inc_usecnt+0x84/0x88 [vc4] > [7.812310] vc4_prepare_fb+0x40/0xf0 [vc4] > [7.812460] drm_atomic_helper_prepare_planes+0x54/0xf0 [drm_kms_helper] > [7.812543] vc4_atomic_commit+0x88/0x130 [vc4] > [7.812868] drm_atomic_commit+0x48/0x68 [drm] > [7.813002] restore_fbdev_mode_atomic+0x1d8/0x1e8 [drm_kms_helper] > [7.813113] restore_fbdev_mode+0x28/0x160 [drm_kms_helper] > [7.813223] drm_fb_helper_restore_fbdev_mode_unlocked.part.24+0x28/0x90 > [drm_kms_helper] > [7.813331] drm_fb_helper_set_par+0x54/0xa8 [drm_kms_helper] > [7.813346] fbcon_init+0x4e8/0x538 > [7.813357] visual_init+0xb4/0x108 > [7.813366] do_bind_con_driver+0x1b8/0x3a0 > [7.813373] do_take_over_console+0x150/0x1d0 > [7.813380] do_fbcon_takeover+0x6c/0xf0 > [7.813387] fbcon_event_notify+0x8fc/0x928 > [7.813399] notifier_call_chain+0x50/0x90 > [7.813406] __blocking_notifier_call_chain+0x4c/0x90 > [7.813413] blocking_notifier_call_chain+0x14/0x20 > [7.813420] fb_notifier_call_chain+0x1c/0x28 > [7.813426] register_framebuffer+0x1d0/0x2d8 > [7.813533] __drm_fb_helper_initial_config_and_unlock+0x1e8/0x350 > [drm_kms_helper] > [7.813639] drm_fb_helper_initial_config+0x40/0x58 [drm_kms_helper] > [7.813747] drm_fbdev_cma_init_with_funcs+0x88/0x158 [drm_kms_helper] > [7.813855] drm_fbdev_cma_init+0x14/0x28 [drm_kms_helper] > [7.813943] vc4_kms_load+0xa4/0xf0 [vc4] > [7.814026] vc4_drm_bind+0x100/0x168 [vc4] > [7.814038] try_to_bring_up_master+0x144/0x1a8 > [7.814044] component_master_add_with_match+0x9c/0xe0 > [7.814128] vc4_platform_drm_probe+0xb4/0xf0 [vc4] > [7.814137] platform_drv_probe+0x58/0xc0 > [7.814146] driver_probe_device+0x224/0x308 > [7.814153] __driver_attach+0xac/0xb0 > [7.814161] bus_for_each_dev+0x64/0xa0 > [7.814169] driver_attach+0x20/0x28 > [7.814177] bus_add_driver+0x108/0x228 > [7.814184] driver_register+0x60/0xf8 > [7.814190] __platform_driver_register+0x40/0x48 > [7.814274]