Re: [PATCH] media: vicodec: add V4L2_CID_MIN_BUFFERS_FOR_* controls

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 




Hello,

kernel test robot noticed "BUG:kernel_NULL_pointer_dereference,address" on:

commit: 9e4beef457f5cf6e0c388248b2e12d9755edf03d ("[PATCH] media: vicodec: add V4L2_CID_MIN_BUFFERS_FOR_* controls")
url: https://github.com/intel-lab-lkp/linux/commits/Hans-Verkuil/media-vicodec-add-V4L2_CID_MIN_BUFFERS_FOR_-controls/20241031-155021
base: https://git.linuxtv.org/media_stage.git master
patch link: https://lore.kernel.org/all/1dd09050-40ca-4c5b-b985-819731140388@xxxxxxxxx/
patch subject: [PATCH] media: vicodec: add V4L2_CID_MIN_BUFFERS_FOR_* controls

in testcase: boot

config: i386-randconfig-013-20241103
compiler: gcc-12
test machine: qemu-system-x86_64 -enable-kvm -cpu SandyBridge -smp 2 -m 16G

(please refer to attached dmesg/kmsg for entire log/backtrace)


+---------------------------------------------+------------+------------+
|                                             | d020ca11a8 | 9e4beef457 |
+---------------------------------------------+------------+------------+
| boot_successes                              | 6          | 0          |
| boot_failures                               | 0          | 6          |
| BUG:kernel_NULL_pointer_dereference,address | 0          | 6          |
| Oops                                        | 0          | 6          |
| EIP:__v4l2_ctrl_handler_setup               | 0          | 6          |
| Kernel_panic-not_syncing:Fatal_exception    | 0          | 6          |
+---------------------------------------------+------------+------------+


If you fix the issue in a separate patch/commit (i.e. not just a new version of
the same patch/commit), kindly add following tags
| Reported-by: kernel test robot <oliver.sang@xxxxxxxxx>
| Closes: https://lore.kernel.org/oe-lkp/202411041552.ff2b79d7-lkp@xxxxxxxxx


[    9.211498][  T113] BUG: kernel NULL pointer dereference, address: 00000000
[    9.212220][  T113] #PF: supervisor read access in kernel mode
[    9.212739][  T113] #PF: error_code(0x0000) - not-present page
[    9.213245][  T113] *pde = 00000000
[    9.213566][  T113] Oops: Oops: 0000 [#1] PREEMPT SMP
[    9.214004][  T113] CPU: 1 UID: 0 PID: 113 Comm: v4l_id Not tainted 6.12.0-rc1-00151-g9e4beef457f5 #1
[    9.214806][  T113] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
[ 9.215724][ T113] EIP: __v4l2_ctrl_handler_setup (drivers/media/v4l2-core/v4l2-ctrls-core.c:2469) 
[ 9.216251][ T113] Code: 83 c0 38 e8 69 34 26 00 85 c0 75 02 0f 0b 8b 43 50 8d 73 50 39 c6 74 08 80 60 1c fe 8b 00 eb f4 8b 5b 50 39 de 74 c1 8b 43 14 <8b> 38 f6 43 1c 01 74 04 8b 1b eb ed 83 7b 30 04 74 f6 31 d2 f6 43
All code
========
   0:	83 c0 38             	add    $0x38,%eax
   3:	e8 69 34 26 00       	call   0x263471
   8:	85 c0                	test   %eax,%eax
   a:	75 02                	jne    0xe
   c:	0f 0b                	ud2
   e:	8b 43 50             	mov    0x50(%rbx),%eax
  11:	8d 73 50             	lea    0x50(%rbx),%esi
  14:	39 c6                	cmp    %eax,%esi
  16:	74 08                	je     0x20
  18:	80 60 1c fe          	andb   $0xfe,0x1c(%rax)
  1c:	8b 00                	mov    (%rax),%eax
  1e:	eb f4                	jmp    0x14
  20:	8b 5b 50             	mov    0x50(%rbx),%ebx
  23:	39 de                	cmp    %ebx,%esi
  25:	74 c1                	je     0xffffffffffffffe8
  27:	8b 43 14             	mov    0x14(%rbx),%eax
  2a:*	8b 38                	mov    (%rax),%edi		<-- trapping instruction
  2c:	f6 43 1c 01          	testb  $0x1,0x1c(%rbx)
  30:	74 04                	je     0x36
  32:	8b 1b                	mov    (%rbx),%ebx
  34:	eb ed                	jmp    0x23
  36:	83 7b 30 04          	cmpl   $0x4,0x30(%rbx)
  3a:	74 f6                	je     0x32
  3c:	31 d2                	xor    %edx,%edx
  3e:	f6                   	.byte 0xf6
  3f:	43                   	rex.XB

Code starting with the faulting instruction
===========================================
   0:	8b 38                	mov    (%rax),%edi
   2:	f6 43 1c 01          	testb  $0x1,0x1c(%rbx)
   6:	74 04                	je     0xc
   8:	8b 1b                	mov    (%rbx),%ebx
   a:	eb ed                	jmp    0xfffffffffffffff9
   c:	83 7b 30 04          	cmpl   $0x4,0x30(%rbx)
  10:	74 f6                	je     0x8
  12:	31 d2                	xor    %edx,%edx
  14:	f6                   	.byte 0xf6
  15:	43                   	rex.XB
[    9.217884][  T113] EAX: 00000000 EBX: c410a7c0 ECX: 00000000 EDX: 00000000
[    9.218489][  T113] ESI: c0a6c104 EDI: c410a900 EBP: c425dd68 ESP: c425dd58
[    9.219105][  T113] DS: 007b ES: 007b FS: 00d8 GS: 0033 SS: 0068 EFLAGS: 00010287
[    9.219760][  T113] CR0: 80050033 CR2: 00000000 CR3: 048af000 CR4: 000406d0
[    9.220371][  T113] DR0: 00000000 DR1: 00000000 DR2: 00000000 DR3: 00000000
[    9.220987][  T113] DR6: fffe0ff0 DR7: 00000400
[    9.221391][  T113] Call Trace:
[ 9.221717][ T113] ? show_regs (arch/x86/kernel/dumpstack.c:478) 
[ 9.222109][ T113] ? __die_body (arch/x86/kernel/dumpstack.c:421) 
[ 9.222498][ T113] ? __die (arch/x86/kernel/dumpstack.c:435) 
[ 9.222868][ T113] ? page_fault_oops (arch/x86/mm/fault.c:715) 
[ 9.223285][ T113] ? kernelmode_fixup_or_oops+0x50/0x5e 
[ 9.223873][ T113] ? __bad_area_nosemaphore+0x37/0x1db 
[ 9.224429][ T113] ? up_read (kernel/locking/rwsem.c:1621) 
[ 9.224788][ T113] ? mmap_read_unlock (include/linux/mmap_lock.h:171) 
[ 9.225210][ T113] ? bad_area_nosemaphore (arch/x86/mm/fault.c:835) 
[ 9.225649][ T113] ? do_user_addr_fault (arch/x86/mm/fault.c:1280 (discriminator 1)) 
[ 9.226083][ T113] ? exc_page_fault (arch/x86/include/asm/irqflags.h:26 arch/x86/include/asm/irqflags.h:87 arch/x86/include/asm/irqflags.h:147 arch/x86/mm/fault.c:1489 arch/x86/mm/fault.c:1539) 
[ 9.226496][ T113] ? pvclock_clocksource_read_nowd (arch/x86/mm/fault.c:1494) 
[ 9.227059][ T113] ? handle_exception (arch/x86/entry/entry_32.S:1047) 
[ 9.227509][ T113] ? pvclock_clocksource_read_nowd (arch/x86/mm/fault.c:1494) 
[ 9.228049][ T113] ? __v4l2_ctrl_handler_setup (drivers/media/v4l2-core/v4l2-ctrls-core.c:2469) 
[ 9.228563][ T113] ? pvclock_clocksource_read_nowd (arch/x86/mm/fault.c:1494) 
[ 9.229122][ T113] ? __v4l2_ctrl_handler_setup (drivers/media/v4l2-core/v4l2-ctrls-core.c:2469) 
[ 9.229606][ T113] v4l2_ctrl_handler_setup (drivers/media/v4l2-core/v4l2-ctrls-core.c:2502) 
[ 9.230067][ T113] vicodec_open (drivers/media/test-drivers/vicodec/vicodec-core.c:1874) 
[ 9.230469][ T113] ? __mutex_unlock_slowpath (arch/x86/include/asm/atomic.h:23 include/linux/atomic/atomic-arch-fallback.h:457 include/linux/atomic/atomic-long.h:40 include/linux/atomic/atomic-instrumented.h:3189 kernel/locking/mutex.c:921) 
[ 9.230942][ T113] v4l2_open (drivers/media/v4l2-core/v4l2-dev.c:429) 
[ 9.231310][ T113] chrdev_open (fs/char_dev.c:414) 
[ 9.231704][ T113] ? cdev_put (fs/char_dev.c:374) 
[ 9.232074][ T113] do_dentry_open (fs/open.c:958) 
[ 9.232468][ T113] ? cdev_put (fs/char_dev.c:374) 
[ 9.232809][ T113] vfs_open (fs/open.c:1088) 
[ 9.233152][ T113] do_open (fs/namei.c:3774) 
[ 9.233507][ T113] ? open_last_lookups (fs/namei.c:3721) 
[ 9.233893][ T113] path_openat (fs/namei.c:3933) 
[ 9.234240][ T113] do_filp_open (fs/namei.c:3961) 
[ 9.234580][ T113] do_sys_openat2 (fs/open.c:1415) 
[ 9.234933][ T113] do_sys_open (fs/open.c:1431) 
[ 9.235262][ T113] __ia32_sys_openat (fs/open.c:1441) 
[ 9.235647][ T113] ia32_sys_call (kbuild/obj/consumer/i386-randconfig-013-20241103/./arch/x86/include/generated/asm/syscalls_32.h:296) 
[ 9.236049][ T113] do_int80_syscall_32 (arch/x86/entry/common.c:165 arch/x86/entry/common.c:339) 
[ 9.236452][ T113] ? irqentry_exit (kernel/entry/common.c:334) 
[ 9.236817][ T113] ? exc_page_fault (arch/x86/mm/fault.c:1543) 
[ 9.237201][ T113] entry_INT80_32 (arch/x86/entry/entry_32.S:941) 
[    9.237584][  T113] EIP: 0xb7edd2a9
[ 9.237888][ T113] Code: 89 d0 31 f6 25 00 00 41 00 3d 00 00 41 00 74 29 65 a1 0c 00 00 00 85 c0 75 27 b8 27 01 00 00 bb 9c ff ff ff 8b 4c 24 20 cd 80 <3d> 00 f0 ff ff 77 50 83 c4 10 5b 5e 5f c3 90 8b 74 24 28 eb d1 66
All code
========
   0:	89 d0                	mov    %edx,%eax
   2:	31 f6                	xor    %esi,%esi
   4:	25 00 00 41 00       	and    $0x410000,%eax
   9:	3d 00 00 41 00       	cmp    $0x410000,%eax
   e:	74 29                	je     0x39
  10:	65 a1 0c 00 00 00 85 	movabs %gs:0x2775c0850000000c,%eax
  17:	c0 75 27 
  1a:	b8 27 01 00 00       	mov    $0x127,%eax
  1f:	bb 9c ff ff ff       	mov    $0xffffff9c,%ebx
  24:	8b 4c 24 20          	mov    0x20(%rsp),%ecx
  28:	cd 80                	int    $0x80
  2a:*	3d 00 f0 ff ff       	cmp    $0xfffff000,%eax		<-- trapping instruction
  2f:	77 50                	ja     0x81
  31:	83 c4 10             	add    $0x10,%esp
  34:	5b                   	pop    %rbx
  35:	5e                   	pop    %rsi
  36:	5f                   	pop    %rdi
  37:	c3                   	ret
  38:	90                   	nop
  39:	8b 74 24 28          	mov    0x28(%rsp),%esi
  3d:	eb d1                	jmp    0x10
  3f:	66                   	data16

Code starting with the faulting instruction
===========================================
   0:	3d 00 f0 ff ff       	cmp    $0xfffff000,%eax
   5:	77 50                	ja     0x57
   7:	83 c4 10             	add    $0x10,%esp
   a:	5b                   	pop    %rbx
   b:	5e                   	pop    %rsi
   c:	5f                   	pop    %rdi
   d:	c3                   	ret
   e:	90                   	nop
   f:	8b 74 24 28          	mov    0x28(%rsp),%esi
  13:	eb d1                	jmp    0xffffffffffffffe6
  15:	66                   	data16


The kernel config and materials to reproduce are available at:
https://download.01.org/0day-ci/archive/20241104/202411041552.ff2b79d7-lkp@xxxxxxxxx



-- 
0-DAY CI Kernel Test Service
https://github.com/intel/lkp-tests/wiki





[Index of Archives]     [Linux Input]     [Video for Linux]     [Gstreamer Embedded]     [Mplayer Users]     [Linux USB Devel]     [Linux Audio Users]     [Linux Kernel]     [Linux SCSI]     [Yosemite Backpacking]

  Powered by Linux