Kernel oops bisected to media: videobuf2: move cache_hints handling to allocators

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Hi all

I've been experiencing an oops trying to run libcamera's qcam util
(which starts streaming on a camera sensor - the ov8865), which I
bisected down to the patch cde513fd9b35: "media: videobuf2: move
cache_hints handling to allocators"

The traceback from the oops is attached, but the short version is a null
pointer dereference in vb2_dma_sg_prepare(). I tried the obvious patch:

diff --git a/drivers/media/common/videobuf2/videobuf2-dma-sg.c
b/drivers/media/common/videobuf2/videobuf2-dma-sg.c
index 1094575abf95..937f86b93013 100644
--- a/drivers/media/common/videobuf2/videobuf2-dma-sg.c
+++ b/drivers/media/common/videobuf2/videobuf2-dma-sg.c
@@ -204,7 +204,7 @@ static void vb2_dma_sg_prepare(void *buf_priv)
        struct vb2_dma_sg_buf *buf = buf_priv;
        struct sg_table *sgt = buf->dma_sgt;

-       if (buf->vb->skip_cache_sync_on_prepare)
+       if (buf->vb && buf->vb->skip_cache_sync_on_prepare)
                return;

        dma_sync_sgtable_for_device(buf->dev, sgt, buf->dma_dir);


But that causes a complete lock when I try to stream. Reverting the
patch entirely on the other hand does work fine.

I'm not familiar with this code at all so not really sure what else to
try; any suggestions?

Thanks
Dan


[   63.000973] BUG: kernel NULL pointer dereference, address: 000000000000005c
[   63.000983] #PF: supervisor read access in kernel mode
[   63.000986] #PF: error_code(0x0000) - not-present page
[   63.000989] PGD 0 P4D 0 
[   63.000994] Oops: 0000 [#1] PREEMPT SMP PTI
[   63.000998] CPU: 1 PID: 2046 Comm: qcam Tainted: G         C        5.16.0-rc1+ #419
[   63.001003] Hardware name: Microsoft Corporation Surface Go 2/Surface Go 2, BIOS 1.0.16 05/24/2021
[   63.001005] RIP: 0010:vb2_dma_sg_prepare+0x9/0x30 [videobuf2_dma_sg]
[   63.001015] Code: 70 38 8b 48 24 48 8b 38 48 89 e5 8b 56 08 48 8b 36 e8 fb 2c 61 dd 31 c0 5d c3 0f 1f 80 00 00 00 00 0f 1f 44 00 00 48 8b 47 70 <f6> 40 5c 08 74 01 c3 55 48 8b 47 38 8b 4f 24 48 8b 3f 8b 50 0c 48
[   63.001019] RSP: 0018:ffffb324c0787c40 EFLAGS: 00010246
[   63.001022] RAX: 0000000000000000 RBX: ffff9a3094323800 RCX: ffff9a2f5e5f59e0
[   63.001025] RDX: ffffffffc0718270 RSI: ffff9a309416b2c0 RDI: ffff9a2f421a5700
[   63.001028] RBP: ffffb324c0787c68 R08: 0000000000000000 R09: ffff9a2f5e5f5000
[   63.001030] R10: ffff9a30aacb6448 R11: 0000000000000005 R12: 0000000000000000
[   63.001032] R13: 0000000000000000 R14: ffff9a304ccb0a68 R15: 000000000000000f
[   63.001035] FS:  00007f4b11c93640(0000) GS:ffff9a30aac80000(0000) knlGS:0000000000000000
[   63.001038] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   63.001041] CR2: 000000000000005c CR3: 000000013b3e2003 CR4: 00000000003706e0
[   63.001044] Call Trace:
[   63.001046]  <TASK>
[   63.001050]  ? __buf_prepare+0x154/0x1c0 [videobuf2_common]
[   63.001060]  vb2_core_qbuf+0x399/0x4b0 [videobuf2_common]
[   63.001068]  vb2_qbuf+0x6f/0xa0 [videobuf2_v4l2]
[   63.001074]  ? vb2_start_streaming+0x6d/0x110 [videobuf2_common]
[   63.001081]  vb2_ioctl_qbuf+0x4d/0x60 [videobuf2_v4l2]
[   63.001087]  v4l_qbuf+0x40/0x50 [videodev]
[   63.001101]  __video_do_ioctl+0x1a7/0x400 [videodev]
[   63.001115]  video_usercopy+0x392/0x8d0 [videodev]
[   63.001126]  ? v4l_enumstd+0x30/0x30 [videodev]
[   63.001140]  video_ioctl2+0x15/0x20 [videodev]
[   63.001151]  v4l2_ioctl+0x4c/0x60 [videodev]
[   63.001161]  __x64_sys_ioctl+0x91/0xc0
[   63.001166]  do_syscall_64+0x3b/0xc0
[   63.001170]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[   63.001176] RIP: 0033:0x7f4b1df3b31b
[   63.001180] Code: 89 d8 49 8d 3c 1c 48 f7 d8 49 39 c4 72 b5 e8 1c ff ff ff 85 c0 78 ba 4c 89 e0 5b 5d 41 5c c3 f3 0f 1e fa b8 10 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 8b 0d 1d 3b 0d 00 f7 d8 64 89 01 48
[   63.001183] RSP: 002b:00007f4b11c91a68 EFLAGS: 00000202 ORIG_RAX: 0000000000000010
[   63.001187] RAX: ffffffffffffffda RBX: 00007f4afc01e420 RCX: 00007f4b1df3b31b
[   63.001189] RDX: 00007f4b11c91b60 RSI: 00000000c058560f RDI: 0000000000000025
[   63.001192] RBP: 00007f4b11c91a90 R08: 00007f4b00000ed0 R09: 00007f4b1df8d580
[   63.001194] R10: 0000000000000001 R11: 0000000000000202 R12: 0000563a52a1ec84
[   63.001196] R13: 0000000000000000 R14: 0000000000000000 R15: 00007f4b11c93640
[   63.001201]  </TASK>
[   63.001203] Modules linked in: rfcomm ccm cmac algif_hash algif_skcipher af_alg bnep nls_iso8859_1 x86_pkg_temp_thermal intel_powerclamp coretemp intel_rapl_msr dw9719 kvm_intel kvm snd_soc_skl snd_soc_sst_ipc snd_soc_sst_dsp snd_hda_ext_core snd_soc_acpi_intel_match snd_soc_acpi irqbypass snd_soc_core crct10dif_pclmul ghash_clmulni_intel snd_hda_codec_hdmi snd_compress aesni_intel snd_hda_codec_realtek ac97_bus snd_hda_codec_generic ledtrig_audio crypto_simd cryptd snd_pcm_dmaengine snd_hda_intel snd_intel_dspcfg snd_hda_codec snd_hda_core rapl snd_hwdep snd_pcm intel_cstate joydev snd_seq_midi snd_seq_midi_event snd_rawmidi efi_pstore intel_wmi_thunderbolt snd_seq iwlmvm snd_seq_device snd_timer input_leds mac80211 serio_raw snd libarc4 i915 btusb wmi_bmof iwlwifi btrtl soundcore btbcm btintel cec bluetooth rc_core cfg80211 hid_sensor_gyro_3d hid_sensor_accel_3d hid_sensor_als hid_sensor_rotation ttm ecdh_generic hid_sensor_trigger ecc industrialio_triggered_buffer drm_kms_helper
[   63.001277]  8250_dw hid_multitouch kfifo_buf i2c_algo_bit processor_thermal_device_pci_legacy processor_thermal_device hid_sensor_iio_common ipu3_imgu(C) ipu3_cio2 processor_thermal_rfim fb_sys_fops processor_thermal_mbox syscopyarea ucsi_acpi videobuf2_dma_sg sysfillrect processor_thermal_rapl industrialio sysimgblt intel_pch_thermal mei_me videobuf2_memops intel_rapl_common videobuf2_v4l2 typec_ucsi intel_soc_dts_iosf videobuf2_common mei typec soc_button_array ov8865 v4l2_fwnode intel_skl_int3472_tps68470 tps68470_regulator v4l2_async clk_tps68470 videodev mc int3403_thermal intel_skl_int3472_discrete intel_hid mac_hid sparse_keymap int340x_thermal_zone int3400_thermal acpi_pad acpi_thermal_rel sch_fq_codel parport_pc ppdev lp drm parport ip_tables x_tables autofs4 hid_sensor_hub intel_ishtp_hid mmc_block hid_generic rtsx_pci_sdmmc usbhid crc32_pclmul sdhci_pci cqhci sdhci rtsx_pci intel_ish_ipc intel_ishtp intel_lpss_pci i2c_hid_acpi intel_lpss i2c_hid idma64 virt_dma hid wmi video
[   63.001345]  pinctrl_sunrisepoint
[   63.001351] CR2: 000000000000005c
[   63.001354] ---[ end trace 1be187c5743c6313 ]---
[   63.284270] RIP: 0010:vb2_dma_sg_prepare+0x9/0x30 [videobuf2_dma_sg]
[   63.284286] Code: 70 38 8b 48 24 48 8b 38 48 89 e5 8b 56 08 48 8b 36 e8 fb 2c 61 dd 31 c0 5d c3 0f 1f 80 00 00 00 00 0f 1f 44 00 00 48 8b 47 70 <f6> 40 5c 08 74 01 c3 55 48 8b 47 38 8b 4f 24 48 8b 3f 8b 50 0c 48
[   63.284291] RSP: 0018:ffffb324c0787c40 EFLAGS: 00010246
[   63.284295] RAX: 0000000000000000 RBX: ffff9a3094323800 RCX: ffff9a2f5e5f59e0
[   63.284298] RDX: ffffffffc0718270 RSI: ffff9a309416b2c0 RDI: ffff9a2f421a5700
[   63.284301] RBP: ffffb324c0787c68 R08: 0000000000000000 R09: ffff9a2f5e5f5000
[   63.284303] R10: ffff9a30aacb6448 R11: 0000000000000005 R12: 0000000000000000
[   63.284305] R13: 0000000000000000 R14: ffff9a304ccb0a68 R15: 000000000000000f
[   63.284308] FS:  00007f4b11c93640(0000) GS:ffff9a30aac80000(0000) knlGS:0000000000000000
[   63.284311] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   63.284314] CR2: 000000000000005c CR3: 000000013b3e2004 CR4: 00000000003706e0
[Index of Archives]     [Linux Input]     [Video for Linux]     [Gstreamer Embedded]     [Mplayer Users]     [Linux USB Devel]     [Linux Audio Users]     [Linux Kernel]     [Linux SCSI]     [Yosemite Backpacking]

  Powered by Linux