Hi Dirk, Thanks for the report. Q1) How can we trigger this condition? Q2) Do you see any messages "Failed submitting Rx DMA descriptor\n" in logs? Cheers, Biju > -----Original Message----- > From: Dirk Behme <dirk.behme@xxxxxxxxxxxx> > Sent: Thursday, April 11, 2024 1:41 PM > To: Linux-Renesas <linux-renesas-soc@xxxxxxxxxxxxxxx> > Cc: Biju Das <biju.das.jz@xxxxxxxxxxxxxx>; Geert Uytterhoeven <geert+renesas@xxxxxxxxx> > Subject: tty: serial: sh-sci: hrtimer not properly canceled on chan_rx invalidation? > > Hi, > > using drivers/tty/serial/sh-sci.c (on 4.14.x Renesas BSP) what is quite similar to [1] we got [2]. > > Analyzing this we found that in sci_dma_rx_timer_fn() s->chan_rx is NULL. > > Is there any chance that there is a race condition where the timer function sci_dma_rx_timer_fn() > is called while s->chan_rx is invalidated, already. E.g. via > sci_dma_rx_chan_invalidate()/sci_dma_rx_release()? Or anything else? > > Any idea? > > Best regards > > Dirk > > [1] > https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/tree/drivers/tty/serial/sh-sci.c > > [2] > > Unable to handle kernel NULL pointer dereference at virtual address 00000000 Mem abort info: > Exception class = DABT (current EL), IL = 32 bits > SET = 0, FnV = 0 > EA = 0, S1PTW = 0 > Data abort info: > ISV = 0, ISS = 0x00000006 > CM = 0, WnR = 0 > user pgtable: 4k pages, 48-bit VAs, pgd = ffff80061f6ba000 [0000000000000000] > *pgd=000000065f6c0003, *pud=000000065f6bf003, > *pmd=0000000000000000 > Internal error: Oops: 96000006 [#1] PREEMPT SMP Process (pid: 3983, stack limit = > 0xffff000009540000) > CPU: 2 PID: 3983 Tainted: G C 4.14.327-ltsi #1 > Hardware name: Bosch custom board based on r8a7796 (DT) pc : sci_dma_rx_timer_fn+0x64/0x194 lr : > sci_dma_rx_timer_fn+0x3c/0x194 sp : ffff000008013df0 pstate : 600001c5 > x29: ffff000008013df0 x28: ffff0000084055e8 > x27: 00000060cce93e4e x26: 0000000000000003 > x25: ffff000008c48b38 x24: 0000000000000000 > x23: 00000000000001c0 x22: ffff000008d98708 > x21: ffff000008999000 x20: 0000000000000000 > x19: ffff000008d98810 x18: 00004000362715f6 > x17: 00000039f1fc5610 x16: 00000039f22bd748 > x15: 000007b1e26dc9d4 x14: 000112a7eb4cd8a2 > x13: 00000000631508c6 x12: 0000000000000028 > x11: 0101010101010101 x10: 0000000000000000 > x9 : 00000000000000cc x8 : ffff800696c04500 > x7 : 0000000000000064 x6 : ffff000008d98b08 > x5 : ffff00000a923e31 x4 : ffff80069ff09580 > x3 : ffff00000a923e30 x2 : 0000000000000000 > x1 : 00000000ffffffea x0 : 0000000000000000 Call trace: > sci_dma_rx_timer_fn+0x64/0x194 > __hrtimer_run_queues+0x19c/0x2f8 > hrtimer_interrupt+0xa0/0x1b0 > arch_timer_handler_phys+0x28/0x3c > handle_percpu_devid_irq+0xbc/0x268 > generic_handle_irq+0x18/0x2c > __handle_domain_irq+0xa8/0xac > gic_handle_irq+0x68/0xa8 > el0_irq_naked+0x50/0x5c > Code: 6b00003f 54000101 52800034 f941aac0 (f9400002) ---[ end trace 07c3c96aa9b5135e ]--- Kernel > panic - not syncing: Fatal exception in interrupt > SMP: stopping secondary CPUs > Kernel Offset: disabled > CPU features: 0x61002004 > Memory Limit: 6016 MB > Rebooting in 3 seconds..
