Kernel Oops 96000021 [#1] SMP

Question

Kernel Oops 96000021 [#1] SMP

I'm writing a driver for petalinux, but I've some problems with an v4l2 ioctl function, in particolar with ioctl(fd, VIDIOC_STREAMON, &type). When I call streamon it sometimes goes correctly other times I get this error:

[  899.083253]Unable to handle kernel NULL pointer dereference at virtual address 0000000000000001
[  899.092044] Mem abort info:
[  899.094832]   ESR = 0x96000021
[  899.097875]   Exception class = DABT (current EL), IL = 32 bits
[  899.103787]   SET = 0, FnV = 0
[  899.106833]   EA = 0, S1PTW = 0
[  899.109967] Data abort info:
[  899.112836]   ISV = 0, ISS = 0x00000021
[  899.116661]   CM = 0, WnR = 0
[  899.119622] user pgtable: 4k pages, 39-bit VAs, pgdp = (____ptrval____)
[  899.126228] [0000000000000001] pgd=0000000000000000, pud=0000000000000000
[  899.133018] Internal error: Oops: 96000021 [#1] SMP
[  899.137881] Modules linked in: video(O) al5d(O) al5e(O) allegro(O) xlnx_vcu_clk xlnx_vcu xilinx_hdmi_rx(O) xilinx_vphy(O) xlnx_vcu_core mali(O) uio_pdrv_genirq [last unloaded: video]
[  899.154143] CPU: 0 PID: 2322 Comm: test Tainted: G        W  O      4.19.0-xilinx-v2019.1 #1
[  899.162568] Hardware name: ZynqMP ZCU106 RevA (DT)
[  899.167345] pstate: a0000005 (NzCv daif -PAN -UAO)
[  899.172125] pc : __ll_sc___cmpxchg_case_acq_8+0x4/0x20
[  899.177251] lr : mutex_lock_interruptible+0x18/0x40
[  899.182118] sp : ffffff8010c73bb0
[  899.185416] x29: ffffff8010c73bb0 x28: ffffffc87af98000
[  899.190720] x27: ffffff8008769108 x26: ffffff8000c9b1f8
[  899.196024] x25: 0000007fc63db5c4 x24: 0000000000000001
[  899.201319] x23: 0000000000000000 x22: ffffff8009138648
[  899.206615] x21: 0000000000000012 x20: 0000000040045612
[  899.211910] x19: ffffffc879d60800 x18: 0000000000000000
[  899.217205] x17: 0000000000000000 x16: 0000000000000000
[  899.222501] x15: 0000000000000000 x14: 0000000000000000
[  899.227796] x13: 0000000000000000 x12: 0000000000000000
[  899.233091] x11: 0000000000000000 x10: 0000000000000000
[  899.238387] x9 : 0000000000000000 x8 : 0000000000000000
[  899.243682] x7 : 0000000000000000 x6 : ffffffc87b942080
[  899.248977] x5 : 00000000ffffffff x4 : ffffff800876cea0
[  899.254281] x3 : 0000000000000001 x2 : ffffffc87ac2f400
[  899.259577] x1 : 0000000000000000 x0 : 0000000000000001
[  899.264873] Process test (pid: 2322, stack limit = 0x(____ptrval____))
[  899.271383] Call trace:
[  899.273817]  __ll_sc___cmpxchg_case_acq_8+0x4/0x20
[  899.278600]  __video_do_ioctl+0x124/0x498
[  899.282600]  video_usercopy+0x144/0x518
[  899.286420]  video_ioctl2+0x14/0x1c
[  899.289894]  v4l2_ioctl+0x3c/0x58
[  899.293202]  do_vfs_ioctl+0xb8/0x8a0
[  899.296768]  ksys_ioctl+0x44/0x90
[  899.300067]  __arm64_sys_ioctl+0x1c/0x28
[  899.303975]  el0_svc_common+0x84/0xd8
[  899.307627]  el0_svc_handler+0x68/0x80
[  899.311360]  el0_svc+0x8/0xc
[  899.314226] Code: 35ffff91 aa1003e0 d65f03c0 f9800011 (c85ffc10)
[  899.320310] ---[ end trace da93a42a8cf31bfc ]---
Segmentation fault

I tried to call VIDIOC_STREAMON four times:

first: error
second: ok
third: ok
fourth: error

If I test again I get a different result. Is the error related to something in my driver or to the kernel ?

This is my streamon function, but I get the error also when all the code inside vidioc_streamon is commented

static int vidioc_streamon(struct file *file, void *fh, enum v4l2_buf_type t){
    int ret = -1;

    if( t == V4L2_BUF_TYPE_VIDEO_CAPTURE )
        skel->ready_for_capture = 1;

    switch( t ){
        case V4L2_BUF_TYPE_VIDEO_OUTPUT:    skel->ready_for_output = 0;
                                            if (!skel->ready_for_capture) {
                                                ret = allocate_buffers(skel);
                                                if (ret < 0)
                                                    return ret;
                                                skel->ready_for_capture = 1;
                                            }
                                            return 0;
        case V4L2_BUF_TYPE_VIDEO_CAPTURE:   if( !skel->ready_for_capture ){
                                                printk(KERN_ERR "Streamon, capture not ready");
                                                return -EIO;
                                            }
                                            printk(KERN_INFO "Streamon, capture ready");
                                            printk(KERN_INFO "");
                                            return 0;
        default:                            printk(KERN_INFO "INVALID BUF_TYPE");
                                            return -EINVAL;
    }

    return -EINVAL;
}

During the loading of the module I get this warning

[   29.165507] ------------[ cut here ]------------
[   29.173531] refcount_t: increment on 0; use-after-free.
[   29.178787] WARNING: CPU: 3 PID: 2295 at lib/refcount.c:153 refcount_inc_checked+0x40/0x48
[   29.187038] Modules linked in: video(O+) al5d(O) al5e(O) allegro(O) xlnx_vcu_clk xlnx_vcu xilinx_hdmi_rx(O) xilinx_vphy(O) xlnx_vcu_core mali(O) uio_pdrv_genirq [last unloaded: video]
[   29.203388] CPU: 3 PID: 2295 Comm: insmod Tainted: G           O      4.19.0-xilinx-v2019.1 #1
[   29.211987] Hardware name: ZynqMP ZCU106 RevA (DT)
[   29.216764] pstate: 60000005 (nZCv daif -PAN -UAO)
[   29.221538] pc : refcount_inc_checked+0x40/0x48
[   29.226052] lr : refcount_inc_checked+0x40/0x48
[   29.230564] sp : ffffff8010f7b8f0
[   29.233863] x29: ffffff8010f7b8f0 x28: ffffffc87aebb1b8
[   29.239167] x27: ffffff800920fc18 x26: ffffffc87aebb000
[   29.244471] x25: 0000000000000001 x24: ffffff8008d9c6d8
[   29.249775] x23: 0000000000000000 x22: ffffff8008bfc7c8
[   29.255079] x21: ffffff800918dc28 x20: ffffff8009138648
[   29.260374] x19: 0000000000000001 x18: 0000000000000010
[   29.265669] x17: 0000000000000000 x16: 0000000000000000
[   29.270965] x15: ffffffffffffffff x14: ffffff8009138648
[   29.276269] x13: ffffff80891d6f0f x12: ffffff80091d6f17
[   29.281564] x11: ffffff800914a000 x10: ffffff8010f7b5d0
[   29.286859] x9 : ffffff8009138648 x8 : ffffff8008569d70
[   29.292163] x7 : 2d657375203b3020 x6 : 0000000000000189
[   29.297458] x5 : 0000000000000001 x4 : 0000000000000000
[   29.302754] x3 : 0000000000000000 x2 : ffffffffffffffff
[   29.308049] x1 : c29b4d7389105500 x0 : 0000000000000000
[   29.313345] Call trace:
[   29.315778]  refcount_inc_checked+0x40/0x48
[   29.319947]  __video_register_device+0x5f8/0xf00
[   29.324561]  video_probe+0x394/0x550 [video]
[   29.328818]  platform_drv_probe+0x50/0xa0
[   29.332818]  really_probe+0x1c8/0x280
[   29.336463]  driver_probe_device+0x54/0xe8
[   29.340544]  __driver_attach+0xe4/0xe8
[   29.344276]  bus_for_each_dev+0x70/0xc0
[   29.348096]  driver_attach+0x20/0x28
[   29.351655]  bus_add_driver+0x1dc/0x208
[   29.355475]  driver_register+0x60/0x110
[   29.359295]  __platform_driver_register+0x44/0x50
[   29.363986]  video_init+0x28/0x1000 [video]
[   29.368159]  do_one_initcall+0x74/0x178
[   29.371987]  do_init_module+0x54/0x1c8
[   29.375719]  load_module+0x1b5c/0x20e0
[   29.379451]  __se_sys_finit_module+0xb8/0xc8
[   29.383705]  __arm64_sys_finit_module+0x18/0x20
[   29.388220]  el0_svc_common+0x84/0xd8
[   29.391874]  el0_svc_handler+0x68/0x80
[   29.395606]  el0_svc+0x8/0xc
[   29.398470] ---[ end trace 6a49c9f1f8cce610 ]---

c

linux-kernel

kernel-module

petalinux

asked on Stack Overflow Jul 4, 2019 by

Andrea • edited Dec 5, 2019 by

red0ct

0 Answers

Nobody has answered this question yet.

User contributions licensed under CC BY-SA 3.0