lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <1790544.iFZb6bsyOS@avalon>
Date:	Mon, 14 Dec 2015 17:44:38 +0200
From:	Laurent Pinchart <laurent.pinchart@...asonboard.com>
To:	Geert Uytterhoeven <geert@...ux-m68k.org>
Cc:	Mauro Carvalho Chehab <mchehab@....samsung.com>,
	Javier Martinez Canillas <javier@....samsung.com>,
	Linux Media Mailing List <linux-media@...r.kernel.org>,
	ALSA Development Mailing List <alsa-devel@...a-project.org>,
	"linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>,
	sakari.ailus@...well.research.nokia.com,
	Linux-sh list <linux-sh@...r.kernel.org>
Subject: Re: vsp1 BUG_ON() and crash (Re: [PATCH v9 03/12] media: Entities, pads and links)

Hi Geert,

On Monday 14 December 2015 14:59:38 Geert Uytterhoeven wrote:
> On Mon, Feb 14, 2011 at 1:20 PM, Laurent Pinchart
> 
> <laurent.pinchart@...asonboard.com> wrote:
> > +media_entity_create_link(struct media_entity *source, u16 source_pad,
> > +                        struct media_entity *sink, u16 sink_pad, u32
> > flags) +{
> > +       struct media_link *link;
> > +       struct media_link *backlink;
> > +
> > +       BUG_ON(source == NULL || sink == NULL);
> > +       BUG_ON(source_pad >= source->num_pads);
> > +       BUG_ON(sink_pad >= sink->num_pads);
> 
> This triggers on r8a7791/koelsch:
> 
>     vsp1 fe928000.vsp1: Entity type for entity fe928000.vsp1 bru was
> not initialized!
>     vsp1 fe928000.vsp1: Entity type for entity fe928000.vsp1 hsi was
> not initialized!
>     vsp1 fe928000.vsp1: Entity type for entity fe928000.vsp1 hst was
> not initialized!
>     vsp1 fe928000.vsp1: Entity type for entity fe928000.vsp1 lut was
> not initialized!
>     vsp1 fe928000.vsp1: Entity type for entity fe928000.vsp1 rpf.0 was
> not initialized!
>     vsp1 fe928000.vsp1: Entity type for entity fe928000.vsp1 rpf.1 was
> not initialized!
>     vsp1 fe928000.vsp1: Entity type for entity fe928000.vsp1 rpf.2 was
> not initialized!
>     vsp1 fe928000.vsp1: Entity type for entity fe928000.vsp1 rpf.3 was
> not initialized!
>     vsp1 fe928000.vsp1: Entity type for entity fe928000.vsp1 rpf.4 was
> not initialized!
>     vsp1 fe928000.vsp1: Entity type for entity fe928000.vsp1 sru was
> not initialized!
>     vsp1 fe928000.vsp1: Entity type for entity fe928000.vsp1 uds.0 was
> not initialized!
>     vsp1 fe928000.vsp1: Entity type for entity fe928000.vsp1 uds.1 was
> not initialized!
>     vsp1 fe928000.vsp1: Entity type for entity fe928000.vsp1 uds.2 was
> not initialized!
>     vsp1 fe928000.vsp1: Entity type for entity fe928000.vsp1 wpf.0 was
> not initialized!
>     vsp1 fe928000.vsp1: Entity type for entity fe928000.vsp1 wpf.1 was
> not initialized!
>     vsp1 fe928000.vsp1: Entity type for entity fe928000.vsp1 wpf.2 was
> not initialized!
>     vsp1 fe928000.vsp1: Entity type for entity fe928000.vsp1 wpf.3 was
> not initialized!
>     vsp1 fe930000.vsp1: Entity type for entity fe930000.vsp1 bru was
> not initialized!
>     vsp1 fe930000.vsp1: Entity type for entity fe930000.vsp1 hsi was
> not initialized!
>     vsp1 fe930000.vsp1: Entity type for entity fe930000.vsp1 hst was
> not initialized!
>     vsp1 fe930000.vsp1: Entity type for entity fe930000.vsp1 lif was
> not initialized!
>     vsp1 fe930000.vsp1: Entity type for entity fe930000.vsp1 lut was
> not initialized!
>     vsp1 fe930000.vsp1: Entity type for entity fe930000.vsp1 rpf.0 was
> not initialized!
>     vsp1 fe930000.vsp1: Entity type for entity fe930000.vsp1 rpf.1 was
> not initialized!
>     vsp1 fe930000.vsp1: Entity type for entity fe930000.vsp1 rpf.2 was
> not initialized!
>     vsp1 fe930000.vsp1: Entity type for entity fe930000.vsp1 rpf.3 was
> not initialized!
>     vsp1 fe930000.vsp1: Entity type for entity fe930000.vsp1 uds.0 was
> not initialized!
>     vsp1 fe930000.vsp1: Entity type for entity fe930000.vsp1 wpf.0 was
> not initialized!
>     vsp1 fe930000.vsp1: Entity type for entity fe930000.vsp1 wpf.1 was
> not initialized!
>     vsp1 fe930000.vsp1: Entity type for entity fe930000.vsp1 wpf.2 was
> not initialized!
>     vsp1 fe930000.vsp1: Entity type for entity fe930000.vsp1 wpf.3 was
> not initialized!
>     ------------[ cut here ]------------
>     kernel BUG at drivers/media/media-entity.c:521!
>     Internal error: Oops - BUG: 0 [#1] SMP ARM
>     CPU: 0 PID: 1 Comm: swapper/0 Not tainted
> 4.4.0-rc5-03225-g596de581263544d2 #400
>     Hardware name: Generic R8A7791 (Flattened Device Tree)
>     task: ee84fb40 ti: ee850000 task.ti: ee850000
>     PC is at media_create_pad_link+0x50/0x13c
>     LR is at vsp1_wpf_create_links+0x4c/0x54
>     pc : [<c034fd90>]    lr : [<c03761cc>]    psr: 60000013
>     sp : ee851d50  ip : ee851d80  fp : ee851d7c
>     r10: 00000001  r9 : ee9e9600  r8 : 00000000
>     r7 : ee111c80  r6 : 00000000  r5 : ee114a40  r4 : ee114b18
>     r3 : 00000000  r2 : ee114b18  r1 : 00000001  r0 : ee114a40
>     Flags: nZCv  IRQs on  FIQs on  Mode SVC_32  ISA ARM  Segment none
>     Control: 10c5307d  Table: 4000406a  DAC: 00000051
>     Process swapper/0 (pid: 1, stack limit = 0xee850210)
>     Stack: (0xee851d50 to 0xee852000)
>     1d40:                                     00000000 ee111c10
> ee114a10 ee111c90
>     1d60: ee111c80 ee9e9610 ee9e9600 ee111c98 ee851d94 ee851d80
> c03761cc c034fd4c
>     1d80: 00000001 ee111c98 ee851de4 ee851d98 c03730c0 c037618c
> 00000000 ee9eac00
>     1da0: ee111c10 ee851db0 00000000 ee114840 ee114c40 00000000
> c071b678 00000000
>     1dc0: ee9e9610 c06d3414 c071b678 c06d3414 00000000 00000000
> ee851e04 ee851de8
>     1de0: c028f2b0 c0372bbc c028f258 ee9e9610 c071b668 00000000
> ee851e2c ee851e08
>     1e00: c028dd4c c028f264 ee9e9610 ee9e9644 c06d3414 c06cb3a8
> c069e010 c06e2000
>     1e20: ee851e4c ee851e30 c028df04 c028dc1c 00000001 00000000
> c06d3414 c028de94
>     1e40: ee851e74 ee851e50 c028c47c c028dea0 ee884f5c ee9e7bb4
> ee884f70 c06d3414
>     1e60: 00000000 eeaeb980 ee851e84 ee851e78 c028e138 c028c414
> ee851eac ee851e88
>     1e80: c028cc18 c028e124 c0646a6b ee851e98 c06d3414 c0681dc8
> 00000000 c069e010
>     1ea0: ee851ec4 ee851eb0 c028e848 c028cb50 ee0bd380 c0681dc8
> ee851ed4 ee851ec8
>     1ec0: c028fcbc c028e7b0 ee851ee4 ee851ed8 c0681de0 c028fc90
> ee851f5c ee851ee8
>     1ee0: c0664df8 c0681dd4 ee851f0c ee851ef8 c0664604 c01c94bc
> efffcc00 efffcc10
>     1f00: ee851f5c ee851f10 c003f90c c06645f4 00000000 c0661740
> c0661740 00000006
>     1f20: 00000006 000000b6 c0660908 efffcc38 ee851f5c 00000006
> 00000006 000000b6
>     1f40: c069e83c c06aad08 c06e2000 c06e2000 ee851f94 ee851f60
> c0664fd4 c0664cfc
>     1f60: 00000006 00000006 00000000 c06645e8 00000000 c04e752c
> 00000000 00000000
>     1f80: 00000000 00000000 ee851fac ee851f98 c04e753c c0664eb8
> ee850000 00000000
>     1fa0: 00000000 ee851fb0 c000fe98 c04e7538 00000000 00000000
> 00000000 00000000
>     1fc0: 00000000 00000000 00000000 00000000 00000000 00000000
> 00000000 00000000
>     1fe0: 00000000 00000000 00000000 00000000 00000013 00000000
> 00000000 00000000
>     Backtrace:
>     [<c034fd40>] (media_create_pad_link) from [<c03761cc>]
> (vsp1_wpf_create_links+0x4c/0x54)
>      r10:ee111c98 r9:ee9e9600 r8:ee9e9610 r7:ee111c80 r6:ee111c90
> r5:ee114a10 r4:ee111c10 r3:00000000
>     [<c0376180>] (vsp1_wpf_create_links) from [<c03730c0>]
> (vsp1_probe+0x510/0x700)
>     [<c0372bb0>] (vsp1_probe) from [<c028f2b0>]
> (platform_drv_probe+0x58/0xa8) r10:00000000 r9:00000000 r8:c06d3414
> r7:c071b678 r6:c06d3414 r5:ee9e9610 r4:00000000
> 
> While bisecting, I arrived at a NULL pointer dereference:
> 
>         Unable to handle kernel NULL pointer dereference at virtual
> address 00000250
>         pgd = c0004000
>         [00000250] *pgd=00000000
>         Internal error: Oops: 5 [#1] SMP ARM
>         CPU: 0 PID: 1 Comm: swapper/0 Not tainted
> 4.4.0-rc2-00170-gf9836d92a3c8c143 #417
>         ata1: SATA link down (SStatus 0 SControl 300)
>         Hardware name: Generic R8A7791 (Flattened Device Tree)
>         task: ee84fb40 ti: ee850000 task.ti: ee850000
>         PC is at media_gobj_init+0x20/0x68
>         LR is at media_entity_create_link+0xe4/0x108
>         pc : [<c0342428>]    lr : [<c0342a80>]    psr: 60000013
>         sp : ee851d10  ip : ee851d20  fp : ee851d1c
>         r10: 00000000  r9 : ee103890  r8 : 00000000
>         r7 : ee159920  r6 : ee103740  r5 : ee103840  r4 : ee159840
>         r3 : 00000003  r2 : ee103840  r1 : 00000002  r0 : 00000000
>         Flags: nZCv  IRQs on  FIQs on  Mode SVC_32  ISA ARM  Segment none
>         Control: 10c5307d  Table: 4000406a  DAC: 00000051
>         Process swapper/0 (pid: 1, stack limit = 0xee850210)
>         Stack: (0xee851d10 to 0xee852000)
>         1d00:                                     ee851d4c ee851d20
> c0342a80 c0342414
>         1d20: 00000000 ee159810 00000000 ee159840 ee159910 00000000
> ee9e6800 ee102898
>         1d40: ee851d94 ee851d50 c036506c c03429a8 00000003 00000000
> 000000ff 00000000
>         1d60: 00000001 00000000 000000ff 00000000 c0366740 ee102810
> ee102890 00000000
>         1d80: ee102858 ee9e6810 ee851de4 ee851d98 c0362a44 c0364ef4
> 00000080 ee9e8f00
>         1da0: ee102810 ee851db0 c012bcac ee9e6810 ee9e6810 c06b1f88
> c06e76b4 00000000
>         1dc0: ee9e6810 c06b1f88 c06e76b4 00000000 c06b1f88 00000000
> ee851e04 ee851de8
>         1de0: c0285b14 c0362694 c0285abc ee9e6810 00000000 c06e76a8
> ee851e2c ee851e08
>         1e00: c028457c c0285ac8 ee9e6810 ee9e6844 c06b1f88 c06aab38
> c067d010 c06c1000
>         1e20: ee851e4c ee851e30 c0284770 c028446c 00000001 00000000
> c06b1f88 c0284700
>         1e40: ee851e74 ee851e50 c0282d78 c028470c ee884f5c ee9e4cb4
> ee884f70 c06b1f88
>         1e60: 00000000 ee9c4700 ee851e84 ee851e78 c028499c c0282d10
> ee851eac ee851e88
>         1e80: c0283514 c0284988 c0627e00 ee851e98 c06b1f88 c06618a8
> 00000000 c067d010
>         1ea0: ee851ec4 ee851eb0 c02850ac c028344c eea9a200 c06618a8
> ee851ed4 ee851ec8
>         1ec0: c02864e0 c0285014 ee851ee4 ee851ed8 c06618c0 c02864b4
> ee851f5c ee851ee8
>         1ee0: c0644df8 c06618b4 ee851f0c ee851ef8 c0644604 c01c91bc
> efffcc00 efffcc10
>         1f00: ee851f5c ee851f10 c003f908 c06445f4 00000000 c0641c1c
> c0641c1c 00000006
>         1f20: 00000006 000000b1 c0640e48 efffcc38 ee851f5c 00000006
> 00000006 000000b1
>         1f40: c067d83c c0689c84 c06c1000 c06c1000 ee851f94 ee851f60
> c0644fd4 c0644cfc
>         1f60: 00000006 00000006 00000000 c06445e8 00000000 c04d00ac
> 00000000 00000000
>         1f80: 00000000 00000000 ee851fac ee851f98 c04d00bc c0644eb8
> ee850000 00000000
>         1fa0: 00000000 ee851fb0 c000fe98 c04d00b8 00000000 00000000
> 00000000 00000000
>         1fc0: 00000000 00000000 00000000 00000000 00000000 00000000
> 00000000 00000000
>         1fe0: 00000000 00000000 00000000 00000000 00000013 00000000
> 00000000 00000000
>         Backtrace:
>         [<c0342408>] (media_gobj_init) from [<c0342a80>]
> (media_entity_create_link+0xe4/0x108)
>         [<c034299c>] (media_entity_create_link) from [<c036506c>]
> (vsp1_rpf_create+0x184/0x1c8)
>          r10:ee102898 r9:ee9e6800 r8:00000000 r7:ee159910 r6:ee159840
> r5:00000000
>          r4:ee159810 r3:00000000
>         [<c0364ee8>] (vsp1_rpf_create) from [<c0362a44>]
> (vsp1_probe+0x3bc/0x6c0)
>          r8:ee9e6810 r7:ee102858 r6:00000000 r5:ee102890 r4:ee102810
>         [<c0362688>] (vsp1_probe) from [<c0285b14>]
> (platform_drv_probe+0x58/0xa8)
>          r10:00000000 r9:c06b1f88 r8:00000000 r7:c06e76b4 r6:c06b1f88
> r5:ee9e6810
>          r4:00000000
> 
> The NULL pointer dereference was introduced by:
> 
>         commit f9836d92a3c8c143c6f5fe89c558c37767628fa6
>         Author: Mauro Carvalho Chehab <mchehab@....samsung.com>
>         Date:   Fri Aug 14 12:54:36 2015 -0300
> 
>             [media] media: use media_gobj inside links

I assume that's caused by the linux-media next branch containing the media-
controller branch. The latter is a work in progress branch and is not ready 
for mainline.

> and triggers until the following commit, after which the BUG_ON() takes
> over:
> 
>         commit eb9e998983338811c3328294ed2f093367161df1
>         Author: Javier Martinez Canillas <javier@....samsung.com>
>         Date:   Thu Sep 3 12:19:25 2015 -0300
> 
>             [media] v4l: vsp1: separate links creation from entities init

Mauro, this is another proof that rebasing the branch is required. The fixes 
need to be squashed into the commits that introduce them. And, of course, the 
bug that occurs here should be fixed.

-- 
Regards,

Laurent Pinchart

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ