From: Tomasz Figa <tfiga@chromium.org>
To: Laurent Pinchart <laurent.pinchart@ideasonboard.com>
Cc: Yong Zhi <yong.zhi@intel.com>,
"Mani, Rajmohan" <rajmohan.mani@intel.com>,
Linux Media Mailing List <linux-media@vger.kernel.org>,
Sakari Ailus <sakari.ailus@linux.intel.com>,
Mauro Carvalho Chehab <mchehab@kernel.org>,
Hans Verkuil <hans.verkuil@cisco.com>,
"Zheng, Jian Xu" <jian.xu.zheng@intel.com>,
"Hu, Jerry W" <jerry.w.hu@intel.com>,
"Toivonen, Tuukka" <tuukka.toivonen@intel.com>,
"Qiu, Tian Shu" <tian.shu.qiu@intel.com>,
Cao Bing Bu <bingbu.cao@intel.com>
Subject: Re: [PATCH v7 00/16] Intel IPU3 ImgU patchset
Date: Fri, 21 Dec 2018 12:04:08 +0900 [thread overview]
Message-ID: <CAAFQd5CN3dhTviSnFbzSOjkMTQqUyOajYv+CVxSLLAih522CgQ@mail.gmail.com> (raw)
In-Reply-To: <3475971.piroVKfGO7@avalon>
On Fri, Dec 21, 2018 at 7:24 AM Laurent Pinchart
<laurent.pinchart@ideasonboard.com> wrote:
>
> Hellon
>
> On Sunday, 16 December 2018 09:26:18 EET Laurent Pinchart wrote:
> > Hello Yong,
> >
> > Could you please have a look at the crash reported below ?
>
> A bit more information to help you debugging this. I've enabled KASAN in the
> kernel configuration, and get the following use-after-free reports.
>
> [ 166.332920] ==================================================================
> [ 166.332937] BUG: KASAN: use-after-free in __cached_rbnode_delete_update+0x36/0x202
> [ 166.332944] Read of size 8 at addr ffff888133823718 by task yavta/1305
>
> [ 166.332955] CPU: 3 PID: 1305 Comm: yavta Tainted: G C 4.20.0-rc6+ #3
> [ 166.332958] Hardware name: HP Soraka/Soraka, BIOS 08/30/2018
> [ 166.332959] Call Trace:
> [ 166.332967] dump_stack+0x5b/0x81
> [ 166.332974] print_address_description+0x65/0x227
> [ 166.332979] ? __cached_rbnode_delete_update+0x36/0x202
> [ 166.332983] kasan_report+0x247/0x285
> [ 166.332989] __cached_rbnode_delete_update+0x36/0x202
> [ 166.332995] private_free_iova+0x57/0x6d
> [ 166.332999] __free_iova+0x23/0x31
> [ 166.333011] ipu3_dmamap_free+0x118/0x1d6 [ipu3_imgu]
Thanks Laurent, I think this is a very good hint. It looks like we're
basically freeing and already freed IOVA and corrupting some allocator
state?
> [ 166.333022] ipu3_css_pool_cleanup+0x25/0x2f [ipu3_imgu]
> [ 166.333032] ipu3_css_pipeline_cleanup+0x79/0xcf [ipu3_imgu]
> [ 166.333043] ipu3_css_stop_streaming+0x2fe/0x4dc [ipu3_imgu]
> [ 166.333056] imgu_s_stream+0xc0/0x6c0 [ipu3_imgu]
> [ 166.333067] ? ipu3_all_nodes_streaming+0x1ee/0x20d [ipu3_imgu]
> [ 166.333079] ipu3_vb2_stop_streaming+0x27c/0x2d2 [ipu3_imgu]
> [ 166.333088] __vb2_queue_cancel+0xa8/0x705 [videobuf2_common]
> [ 166.333096] ? __mutex_lock_interruptible_slowpath+0xf/0xf
> [ 166.333104] vb2_core_streamoff+0x68/0xf8 [videobuf2_common]
> [ 166.333123] __video_do_ioctl+0x625/0x887 [videodev]
> [ 166.333142] ? copy_overflow+0x14/0x14 [videodev]
> [ 166.333147] ? slab_free_freelist_hook+0x46/0x94
> [ 166.333151] ? kfree+0x107/0x1a0
> [ 166.333169] video_usercopy+0x3a3/0x8ae [videodev]
> [ 166.333187] ? copy_overflow+0x14/0x14 [videodev]
> [ 166.333203] ? v4l_enumstd+0x49/0x49 [videodev]
> [ 166.333207] ? __wake_up_common+0x342/0x342
> [ 166.333215] ? atomic_long_add_return+0x15/0x24
> [ 166.333219] ? ldsem_up_read+0x15/0x29
> [ 166.333223] ? tty_write+0x4c6/0x4d8
> [ 166.333227] ? n_tty_receive_char_special+0x1152/0x1152
> [ 166.333244] ? video_usercopy+0x8ae/0x8ae [videodev]
> [ 166.333260] v4l2_ioctl+0xb7/0xc5 [videodev]
> [ 166.333266] vfs_ioctl+0x76/0x89
> [ 166.333271] do_vfs_ioctl+0xb33/0xb7e
> [ 166.333275] ? __switch_to_asm+0x40/0x70
> [ 166.333279] ? __switch_to_asm+0x40/0x70
> [ 166.333282] ? __switch_to_asm+0x34/0x70
> [ 166.333286] ? __switch_to_asm+0x40/0x70
> [ 166.333290] ? ioctl_preallocate+0x174/0x174
> [ 166.333294] ? __switch_to+0x71c/0xb00
> [ 166.333299] ? compat_start_thread+0x6b/0x6b
> [ 166.333302] ? __switch_to_asm+0x34/0x70
> [ 166.333305] ? __switch_to_asm+0x40/0x70
> [ 166.333309] ? mmdrop+0x12/0x23
> [ 166.333313] ? finish_task_switch+0x34d/0x3de
> [ 166.333319] ? __schedule+0x1004/0x1045
> [ 166.333325] ? firmware_map_remove+0x119/0x119
> [ 166.333330] ksys_ioctl+0x50/0x70
> [ 166.333335] __x64_sys_ioctl+0x82/0x89
> [ 166.333340] do_syscall_64+0xa0/0xd2
> [ 166.333345] entry_SYSCALL_64_after_hwframe+0x44/0xa9
> [ 166.333349] RIP: 0033:0x7f2481541f47
> [ 166.333354] Code: 00 00 00 48 8b 05 51 6f 2c 00 64 c7 00 26 00 00 00 48 c7 c0 ff ff ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 b8 10 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 8b 0d 21 6f 2c 00 f7 d8 64 89 01 48
> [ 166.333357] RSP: 002b:00007fffd6aff9b8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
> [ 166.333362] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f2481541f47
> [ 166.333364] RDX: 00007fffd6aff9c4 RSI: 0000000040045613 RDI: 0000000000000003
> [ 166.333367] RBP: 0000555f1c494af8 R08: 00007f247f34c000 R09: 00007f2481c24700
> [ 166.333369] R10: 0000000000000020 R11: 0000000000000246 R12: 0000555f1c494b06
> [ 166.333372] R13: 0000000000000004 R14: 00007fffd6affb90 R15: 00007fffd6b00825
>
> [ 166.333383] Allocated by task 1305:
> [ 166.333389] kasan_kmalloc+0x8a/0x98
> [ 166.333392] slab_post_alloc_hook+0x31/0x51
> [ 166.333396] kmem_cache_alloc+0xd7/0x174
> [ 166.333399] alloc_iova+0x24/0x2ea
> [ 166.333407] ipu3_dmamap_alloc+0x193/0x83f [ipu3_imgu]
> [ 166.333415] ipu3_css_pool_init+0x80/0xdf [ipu3_imgu]
> [ 166.333424] ipu3_css_start_streaming+0x58df/0x5ddc [ipu3_imgu]
> [ 166.333433] imgu_s_stream+0x2dd/0x6c0 [ipu3_imgu]
> [ 166.333442] ipu3_vb2_start_streaming+0x35f/0x3de [ipu3_imgu]
> [ 166.333449] vb2_start_streaming+0x164/0x33b [videobuf2_common]
> [ 166.333455] vb2_core_streamon+0x1a1/0x208 [videobuf2_common]
> [ 166.333471] __video_do_ioctl+0x625/0x887 [videodev]
> [ 166.333487] video_usercopy+0x3a3/0x8ae [videodev]
> [ 166.333501] v4l2_ioctl+0xb7/0xc5 [videodev]
> [ 166.333505] vfs_ioctl+0x76/0x89
> [ 166.333508] do_vfs_ioctl+0xb33/0xb7e
> [ 166.333511] ksys_ioctl+0x50/0x70
> [ 166.333514] __x64_sys_ioctl+0x82/0x89
> [ 166.333518] do_syscall_64+0xa0/0xd2
> [ 166.333521] entry_SYSCALL_64_after_hwframe+0x44/0xa9
>
> [ 166.333526] Freed by task 1301:
> [ 166.333532] __kasan_slab_free+0xfa/0x11c
> [ 166.333535] slab_free_freelist_hook+0x46/0x94
> [ 166.333538] kmem_cache_free+0x7b/0x172
> [ 166.333542] __free_iova+0x23/0x31
> [ 166.333550] ipu3_dmamap_free+0x118/0x1d6 [ipu3_imgu]
> [ 166.333557] ipu3_css_pool_cleanup+0x25/0x2f [ipu3_imgu]
> [ 166.333566] ipu3_css_pipeline_cleanup+0x79/0xcf [ipu3_imgu]
> [ 166.333574] ipu3_css_stop_streaming+0x2fe/0x4dc [ipu3_imgu]
> [ 166.333584] imgu_s_stream+0xc0/0x6c0 [ipu3_imgu]
> [ 166.333593] ipu3_vb2_stop_streaming+0x27c/0x2d2 [ipu3_imgu]
> [ 166.333599] __vb2_queue_cancel+0xa8/0x705 [videobuf2_common]
> [ 166.333606] vb2_core_streamoff+0x68/0xf8 [videobuf2_common]
> [ 166.333621] __video_do_ioctl+0x625/0x887 [videodev]
> [ 166.333637] video_usercopy+0x3a3/0x8ae [videodev]
> [ 166.333652] v4l2_ioctl+0xb7/0xc5 [videodev]
> [ 166.333655] vfs_ioctl+0x76/0x89
> [ 166.333658] do_vfs_ioctl+0xb33/0xb7e
> [ 166.333662] ksys_ioctl+0x50/0x70
> [ 166.333665] __x64_sys_ioctl+0x82/0x89
> [ 166.333668] do_syscall_64+0xa0/0xd2
> [ 166.333671] entry_SYSCALL_64_after_hwframe+0x44/0xa9
>
> [ 166.333678] The buggy address belongs to the object at ffff888133823700
> which belongs to the cache iommu_iova of size 40
> [ 166.333685] The buggy address is located 24 bytes inside of
> 40-byte region [ffff888133823700, ffff888133823728)
> [ 166.333690] The buggy address belongs to the page:
> [ 166.333696] page:ffffea0004ce0880 count:1 mapcount:0 mapping:ffff8881519e8640 index:0x0 compound_mapcount: 0
> [ 166.333703] flags: 0x200000000010200(slab|head)
> [ 166.333710] raw: 0200000000010200 ffffea0004dfc488 ffff88814bfbde70 ffff8881519e8640
> [ 166.333717] raw: 0000000000000000 0000000000120012 00000001ffffffff 0000000000000000
> [ 166.333720] page dumped because: kasan: bad access detected
>
> [ 166.333726] Memory state around the buggy address:
> [ 166.333732] ffff888133823600: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
> [ 166.333737] ffff888133823680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
> [ 166.333742] >ffff888133823700: fb fb fb fb fb fc fc fc fc fc fc fc fc fc fc fc
> [ 166.333745] ^
> [ 166.333750] ffff888133823780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
> [ 166.333755] ffff888133823800: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
> [ 166.333759] ==================================================================
> [ 166.333762] Disabling lock debugging due to kernel taint
> [ 166.333764] ==================================================================
> [ 166.333770] BUG: KASAN: double-free or invalid-free in kmem_cache_free+0x7b/0x172
>
> [ 166.333780] CPU: 3 PID: 1305 Comm: yavta Tainted: G B C 4.20.0-rc6+ #3
> [ 166.333782] Hardware name: HP Soraka/Soraka, BIOS 08/30/2018
> [ 166.333783] Call Trace:
> [ 166.333789] dump_stack+0x5b/0x81
> [ 166.333795] print_address_description+0x65/0x227
> [ 166.333799] ? kmem_cache_free+0x7b/0x172
> [ 166.333803] kasan_report_invalid_free+0x67/0xa0
> [ 166.333807] ? kmem_cache_free+0x7b/0x172
> [ 166.333812] __kasan_slab_free+0x86/0x11c
> [ 166.333817] slab_free_freelist_hook+0x46/0x94
> [ 166.333822] kmem_cache_free+0x7b/0x172
> [ 166.333826] ? __free_iova+0x23/0x31
> [ 166.333831] __free_iova+0x23/0x31
> [ 166.333840] ipu3_dmamap_free+0x118/0x1d6 [ipu3_imgu]
> [ 166.333851] ipu3_css_pool_cleanup+0x25/0x2f [ipu3_imgu]
> [ 166.333861] ipu3_css_pipeline_cleanup+0x79/0xcf [ipu3_imgu]
> [ 166.333872] ipu3_css_stop_streaming+0x2fe/0x4dc [ipu3_imgu]
> [ 166.333885] imgu_s_stream+0xc0/0x6c0 [ipu3_imgu]
> [ 166.333896] ? ipu3_all_nodes_streaming+0x1ee/0x20d [ipu3_imgu]
> [ 166.333908] ipu3_vb2_stop_streaming+0x27c/0x2d2 [ipu3_imgu]
> [ 166.333917] __vb2_queue_cancel+0xa8/0x705 [videobuf2_common]
> [ 166.333923] ? __mutex_lock_interruptible_slowpath+0xf/0xf
> [ 166.333932] vb2_core_streamoff+0x68/0xf8 [videobuf2_common]
> [ 166.333950] __video_do_ioctl+0x625/0x887 [videodev]
> [ 166.333970] ? copy_overflow+0x14/0x14 [videodev]
> [ 166.333974] ? slab_free_freelist_hook+0x46/0x94
> [ 166.333979] ? kfree+0x107/0x1a0
> [ 166.333997] video_usercopy+0x3a3/0x8ae [videodev]
> [ 166.334015] ? copy_overflow+0x14/0x14 [videodev]
> [ 166.334031] ? v4l_enumstd+0x49/0x49 [videodev]
> [ 166.334035] ? __wake_up_common+0x342/0x342
> [ 166.334042] ? atomic_long_add_return+0x15/0x24
> [ 166.334046] ? ldsem_up_read+0x15/0x29
> [ 166.334050] ? tty_write+0x4c6/0x4d8
> [ 166.334054] ? n_tty_receive_char_special+0x1152/0x1152
> [ 166.334071] ? video_usercopy+0x8ae/0x8ae [videodev]
> [ 166.334087] v4l2_ioctl+0xb7/0xc5 [videodev]
> [ 166.334092] vfs_ioctl+0x76/0x89
> [ 166.334097] do_vfs_ioctl+0xb33/0xb7e
> [ 166.334101] ? __switch_to_asm+0x40/0x70
> [ 166.334105] ? __switch_to_asm+0x40/0x70
> [ 166.334108] ? __switch_to_asm+0x34/0x70
> [ 166.334111] ? __switch_to_asm+0x40/0x70
> [ 166.334116] ? ioctl_preallocate+0x174/0x174
> [ 166.334120] ? __switch_to+0x71c/0xb00
> [ 166.334124] ? compat_start_thread+0x6b/0x6b
> [ 166.334127] ? __switch_to_asm+0x34/0x70
> [ 166.334130] ? __switch_to_asm+0x40/0x70
> [ 166.334134] ? mmdrop+0x12/0x23
> [ 166.334137] ? finish_task_switch+0x34d/0x3de
> [ 166.334143] ? __schedule+0x1004/0x1045
> [ 166.334148] ? firmware_map_remove+0x119/0x119
> [ 166.334153] ksys_ioctl+0x50/0x70
> [ 166.334158] __x64_sys_ioctl+0x82/0x89
> [ 166.334163] do_syscall_64+0xa0/0xd2
> [ 166.334167] entry_SYSCALL_64_after_hwframe+0x44/0xa9
> [ 166.334171] RIP: 0033:0x7f2481541f47
> [ 166.334175] Code: 00 00 00 48 8b 05 51 6f 2c 00 64 c7 00 26 00 00 00 48 c7 c0 ff ff ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 b8 10 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 8b 0d 21 6f 2c 00 f7 d8 64 89 01 48
> [ 166.334177] RSP: 002b:00007fffd6aff9b8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
> [ 166.334181] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f2481541f47
> [ 166.334184] RDX: 00007fffd6aff9c4 RSI: 0000000040045613 RDI: 0000000000000003
> [ 166.334186] RBP: 0000555f1c494af8 R08: 00007f247f34c000 R09: 00007f2481c24700
> [ 166.334189] R10: 0000000000000020 R11: 0000000000000246 R12: 0000555f1c494b06
> [ 166.334191] R13: 0000000000000004 R14: 00007fffd6affb90 R15: 00007fffd6b00825
>
> [ 166.334201] Allocated by task 1305:
> [ 166.334207] kasan_kmalloc+0x8a/0x98
> [ 166.334210] slab_post_alloc_hook+0x31/0x51
> [ 166.334213] kmem_cache_alloc+0xd7/0x174
> [ 166.334216] alloc_iova+0x24/0x2ea
> [ 166.334225] ipu3_dmamap_alloc+0x193/0x83f [ipu3_imgu]
> [ 166.334233] ipu3_css_pool_init+0x80/0xdf [ipu3_imgu]
> [ 166.334241] ipu3_css_start_streaming+0x58df/0x5ddc [ipu3_imgu]
> [ 166.334250] imgu_s_stream+0x2dd/0x6c0 [ipu3_imgu]
> [ 166.334259] ipu3_vb2_start_streaming+0x35f/0x3de [ipu3_imgu]
> [ 166.334266] vb2_start_streaming+0x164/0x33b [videobuf2_common]
> [ 166.334273] vb2_core_streamon+0x1a1/0x208 [videobuf2_common]
> [ 166.334288] __video_do_ioctl+0x625/0x887 [videodev]
> [ 166.334304] video_usercopy+0x3a3/0x8ae [videodev]
> [ 166.334319] v4l2_ioctl+0xb7/0xc5 [videodev]
> [ 166.334322] vfs_ioctl+0x76/0x89
> [ 166.334325] do_vfs_ioctl+0xb33/0xb7e
> [ 166.334328] ksys_ioctl+0x50/0x70
> [ 166.334332] __x64_sys_ioctl+0x82/0x89
> [ 166.334335] do_syscall_64+0xa0/0xd2
> [ 166.334338] entry_SYSCALL_64_after_hwframe+0x44/0xa9
>
> [ 166.334343] Freed by task 1301:
> [ 166.334349] __kasan_slab_free+0xfa/0x11c
> [ 166.334352] slab_free_freelist_hook+0x46/0x94
> [ 166.334355] kmem_cache_free+0x7b/0x172
> [ 166.334359] __free_iova+0x23/0x31
> [ 166.334367] ipu3_dmamap_free+0x118/0x1d6 [ipu3_imgu]
> [ 166.334375] ipu3_css_pool_cleanup+0x25/0x2f [ipu3_imgu]
> [ 166.334383] ipu3_css_pipeline_cleanup+0x79/0xcf [ipu3_imgu]
> [ 166.334392] ipu3_css_stop_streaming+0x2fe/0x4dc [ipu3_imgu]
> [ 166.334401] imgu_s_stream+0xc0/0x6c0 [ipu3_imgu]
> [ 166.334410] ipu3_vb2_stop_streaming+0x27c/0x2d2 [ipu3_imgu]
> [ 166.334416] __vb2_queue_cancel+0xa8/0x705 [videobuf2_common]
> [ 166.334423] vb2_core_streamoff+0x68/0xf8 [videobuf2_common]
> [ 166.334438] __video_do_ioctl+0x625/0x887 [videodev]
> [ 166.334454] video_usercopy+0x3a3/0x8ae [videodev]
> [ 166.334469] v4l2_ioctl+0xb7/0xc5 [videodev]
> [ 166.334472] vfs_ioctl+0x76/0x89
> [ 166.334475] do_vfs_ioctl+0xb33/0xb7e
> [ 166.334479] ksys_ioctl+0x50/0x70
> [ 166.334482] __x64_sys_ioctl+0x82/0x89
> [ 166.334485] do_syscall_64+0xa0/0xd2
> [ 166.334488] entry_SYSCALL_64_after_hwframe+0x44/0xa9
>
> [ 166.334494] The buggy address belongs to the object at ffff888133823700
> which belongs to the cache iommu_iova of size 40
> [ 166.334501] The buggy address is located 0 bytes inside of
> 40-byte region [ffff888133823700, ffff888133823728)
> [ 166.334506] The buggy address belongs to the page:
> [ 166.334511] page:ffffea0004ce0880 count:1 mapcount:0 mapping:ffff8881519e8640 index:0x0 compound_mapcount: 0
> [ 166.334517] flags: 0x200000000010200(slab|head)
> [ 166.334524] raw: 0200000000010200 ffffea0004dfc488 ffff88814bfbde70 ffff8881519e8640
> [ 166.334530] raw: 0000000000000000 0000000000120012 00000001ffffffff 0000000000000000
> [ 166.334533] page dumped because: kasan: bad access detected
>
> [ 166.334539] Memory state around the buggy address:
> [ 166.334544] ffff888133823600: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
> [ 166.334549] ffff888133823680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
> [ 166.334554] >ffff888133823700: fb fb fb fb fb fc fc fc fc fc fc fc fc fc fc fc
> [ 166.334558] ^
> [ 166.334562] ffff888133823780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
> [ 166.334567] ffff888133823800: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
> [ 166.334571] ==================================================================
> [ 166.340377] ==================================================================
> [ 166.340388] BUG: KASAN: double-free or invalid-free in kfree+0x107/0x1a0
>
> [ 166.340399] CPU: 3 PID: 1305 Comm: yavta Tainted: G B C 4.20.0-rc6+ #3
> [ 166.340401] Hardware name: HP Soraka/Soraka, BIOS 08/30/2018
> [ 166.340403] Call Trace:
> [ 166.340410] dump_stack+0x5b/0x81
> [ 166.340416] print_address_description+0x65/0x227
> [ 166.340420] ? kfree+0x107/0x1a0
> [ 166.340425] kasan_report_invalid_free+0x67/0xa0
> [ 166.340428] ? kfree+0x107/0x1a0
> [ 166.340433] __kasan_slab_free+0x86/0x11c
> [ 166.340438] slab_free_freelist_hook+0x46/0x94
> [ 166.340443] kfree+0x107/0x1a0
> [ 166.340454] ? ipu3_dmamap_free+0x17b/0x1d6 [ipu3_imgu]
> [ 166.340464] ipu3_dmamap_free+0x17b/0x1d6 [ipu3_imgu]
> [ 166.340475] ipu3_css_pool_cleanup+0x25/0x2f [ipu3_imgu]
> [ 166.340485] ipu3_css_pipeline_cleanup+0x79/0xcf [ipu3_imgu]
> [ 166.340495] ipu3_css_stop_streaming+0x2fe/0x4dc [ipu3_imgu]
> [ 166.340509] imgu_s_stream+0xc0/0x6c0 [ipu3_imgu]
> [ 166.340520] ? ipu3_all_nodes_streaming+0x1ee/0x20d [ipu3_imgu]
> [ 166.340531] ipu3_vb2_stop_streaming+0x27c/0x2d2 [ipu3_imgu]
> [ 166.340541] __vb2_queue_cancel+0xa8/0x705 [videobuf2_common]
> [ 166.340548] ? __mutex_lock_interruptible_slowpath+0xf/0xf
> [ 166.340557] vb2_core_streamoff+0x68/0xf8 [videobuf2_common]
> [ 166.340575] __video_do_ioctl+0x625/0x887 [videodev]
> [ 166.340595] ? copy_overflow+0x14/0x14 [videodev]
> [ 166.340600] ? slab_free_freelist_hook+0x46/0x94
> [ 166.340604] ? kfree+0x107/0x1a0
> [ 166.340622] video_usercopy+0x3a3/0x8ae [videodev]
> [ 166.340640] ? copy_overflow+0x14/0x14 [videodev]
> [ 166.340657] ? v4l_enumstd+0x49/0x49 [videodev]
> [ 166.340660] ? __wake_up_common+0x342/0x342
> [ 166.340668] ? atomic_long_add_return+0x15/0x24
> [ 166.340672] ? ldsem_up_read+0x15/0x29
> [ 166.340677] ? tty_write+0x4c6/0x4d8
> [ 166.340681] ? n_tty_receive_char_special+0x1152/0x1152
> [ 166.340698] ? video_usercopy+0x8ae/0x8ae [videodev]
> [ 166.340714] v4l2_ioctl+0xb7/0xc5 [videodev]
> [ 166.340720] vfs_ioctl+0x76/0x89
> [ 166.340725] do_vfs_ioctl+0xb33/0xb7e
> [ 166.340729] ? __switch_to_asm+0x40/0x70
> [ 166.340733] ? __switch_to_asm+0x40/0x70
> [ 166.340736] ? __switch_to_asm+0x34/0x70
> [ 166.340739] ? __switch_to_asm+0x40/0x70
> [ 166.340743] ? ioctl_preallocate+0x174/0x174
> [ 166.340748] ? __switch_to+0x71c/0xb00
> [ 166.340752] ? compat_start_thread+0x6b/0x6b
> [ 166.340756] ? __switch_to_asm+0x34/0x70
> [ 166.340759] ? __switch_to_asm+0x40/0x70
> [ 166.340762] ? mmdrop+0x12/0x23
> [ 166.340766] ? finish_task_switch+0x34d/0x3de
> [ 166.340772] ? __schedule+0x1004/0x1045
> [ 166.340777] ? firmware_map_remove+0x119/0x119
> [ 166.340782] ksys_ioctl+0x50/0x70
> [ 166.340788] __x64_sys_ioctl+0x82/0x89
> [ 166.340793] do_syscall_64+0xa0/0xd2
> [ 166.340797] entry_SYSCALL_64_after_hwframe+0x44/0xa9
> [ 166.340802] RIP: 0033:0x7f2481541f47
> [ 166.340806] Code: 00 00 00 48 8b 05 51 6f 2c 00 64 c7 00 26 00 00 00 48 c7 c0 ff ff ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 b8 10 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 8b 0d 21 6f 2c 00 f7 d8 64 89 01 48
> [ 166.340809] RSP: 002b:00007fffd6aff9b8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
> [ 166.340813] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f2481541f47
> [ 166.340816] RDX: 00007fffd6aff9c4 RSI: 0000000040045613 RDI: 0000000000000003
> [ 166.340819] RBP: 0000555f1c494af8 R08: 00007f247f34c000 R09: 00007f2481c24700
> [ 166.340821] R10: 0000000000000020 R11: 0000000000000246 R12: 0000555f1c494b06
> [ 166.340824] R13: 0000000000000004 R14: 00007fffd6affb90 R15: 00007fffd6b00825
>
> [ 166.340834] Allocated by task 1305:
> [ 166.340840] kasan_kmalloc+0x8a/0x98
> [ 166.340844] __kmalloc_node+0x193/0x1ba
> [ 166.340848] kvmalloc_node+0x44/0x6d
> [ 166.340856] ipu3_dmamap_alloc+0x1c9/0x83f [ipu3_imgu]
> [ 166.340864] ipu3_css_pool_init+0x80/0xdf [ipu3_imgu]
> [ 166.340873] ipu3_css_start_streaming+0x58df/0x5ddc [ipu3_imgu]
> [ 166.340882] imgu_s_stream+0x2dd/0x6c0 [ipu3_imgu]
> [ 166.340891] ipu3_vb2_start_streaming+0x35f/0x3de [ipu3_imgu]
> [ 166.340897] vb2_start_streaming+0x164/0x33b [videobuf2_common]
> [ 166.340904] vb2_core_streamon+0x1a1/0x208 [videobuf2_common]
> [ 166.340920] __video_do_ioctl+0x625/0x887 [videodev]
> [ 166.340935] video_usercopy+0x3a3/0x8ae [videodev]
> [ 166.340950] v4l2_ioctl+0xb7/0xc5 [videodev]
> [ 166.340954] vfs_ioctl+0x76/0x89
> [ 166.340957] do_vfs_ioctl+0xb33/0xb7e
> [ 166.340960] ksys_ioctl+0x50/0x70
> [ 166.340963] __x64_sys_ioctl+0x82/0x89
> [ 166.340966] do_syscall_64+0xa0/0xd2
> [ 166.340969] entry_SYSCALL_64_after_hwframe+0x44/0xa9
>
> [ 166.340974] Freed by task 1301:
> [ 166.340980] __kasan_slab_free+0xfa/0x11c
> [ 166.340983] slab_free_freelist_hook+0x46/0x94
> [ 166.340986] kfree+0x107/0x1a0
> [ 166.340994] ipu3_dmamap_free+0x17b/0x1d6 [ipu3_imgu]
> [ 166.341002] ipu3_css_pool_cleanup+0x25/0x2f [ipu3_imgu]
> [ 166.341010] ipu3_css_pipeline_cleanup+0x79/0xcf [ipu3_imgu]
> [ 166.341019] ipu3_css_stop_streaming+0x2fe/0x4dc [ipu3_imgu]
> [ 166.341028] imgu_s_stream+0xc0/0x6c0 [ipu3_imgu]
> [ 166.341037] ipu3_vb2_stop_streaming+0x27c/0x2d2 [ipu3_imgu]
> [ 166.341043] __vb2_queue_cancel+0xa8/0x705 [videobuf2_common]
> [ 166.341050] vb2_core_streamoff+0x68/0xf8 [videobuf2_common]
> [ 166.341066] __video_do_ioctl+0x625/0x887 [videodev]
> [ 166.341081] video_usercopy+0x3a3/0x8ae [videodev]
> [ 166.341096] v4l2_ioctl+0xb7/0xc5 [videodev]
> [ 166.341100] vfs_ioctl+0x76/0x89
> [ 166.341103] do_vfs_ioctl+0xb33/0xb7e
> [ 166.341106] ksys_ioctl+0x50/0x70
> [ 166.341109] __x64_sys_ioctl+0x82/0x89
> [ 166.341112] do_syscall_64+0xa0/0xd2
> [ 166.341116] entry_SYSCALL_64_after_hwframe+0x44/0xa9
>
> [ 166.341122] The buggy address belongs to the object at ffff88811d228440
> which belongs to the cache kmalloc-8 of size 8
> [ 166.341129] The buggy address is located 0 bytes inside of
> 8-byte region [ffff88811d228440, ffff88811d228448)
> [ 166.341134] The buggy address belongs to the page:
> [ 166.341140] page:ffffea0004748a00 count:1 mapcount:0 mapping:ffff88815a80c340 index:0xffff88811d228f80 compound_mapcount: 0
> [ 166.341146] flags: 0x200000000010200(slab|head)
> [ 166.341153] raw: 0200000000010200 ffffea000564b288 ffffea00049ef708 ffff88815a80c340
> [ 166.341159] raw: ffff88811d228f80 0000000000160013 00000001ffffffff 0000000000000000
> [ 166.341163] page dumped because: kasan: bad access detected
>
> [ 166.341169] Memory state around the buggy address:
> [ 166.341174] ffff88811d228300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
> [ 166.341179] ffff88811d228380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
> [ 166.341184] >ffff88811d228400: fc fc fc fc fc fc fc fc fb fc fc fc fc fc fc fc
> [ 166.341188] ^
> [ 166.341192] ffff88811d228480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
> [ 166.341197] ffff88811d228500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
> [ 166.341201] ==================================================================
>
> > On Tuesday, 11 December 2018 16:20:43 EET Laurent Pinchart wrote:
> > > On Tuesday, 11 December 2018 15:43:53 EET Laurent Pinchart wrote:
> > > > On Tuesday, 11 December 2018 15:34:49 EET Laurent Pinchart wrote:
> > > >> On Wednesday, 5 December 2018 02:30:46 EET Mani, Rajmohan wrote:
> > > >>
> > > >> [snip]
> > > >>
> > > >>> I can see a couple of steps missing in the script below.
> > > >>> (https://lists.libcamera.org/pipermail/libcamera-devel/2018-November/0
> > > >>> 00040.html)
> > > >>>
> > > >>> From patch 02 of this v7 series "doc-rst: Add Intel IPU3
> > > >>> documentation",
> > > >>> under section "Configuring ImgU V4L2 subdev for image processing"...
> > > >>>
> > > >>> 1. The pipe mode needs to be configured for the V4L2 subdev.
> > > >>>
> > > >>> Also the pipe mode of the corresponding V4L2 subdev should be set as
> > > >>> desired (e.g 0 for video mode or 1 for still mode) through the control
> > > >>> id 0x009819a1 as below.
> > > >>>
> > > >>> e.g v4l2n -d /dev/v4l-subdev7 --ctrl=0x009819A1=1
> > > >>
> > > >> I assume the control takes a valid default value ? It's better to set
> > > >> it
> > > >> explicitly anyway, so I'll do so.
> > > >>
> > > >>> 2. ImgU pipeline needs to be configured for image processing as below.
> > > >>>
> > > >>> RAW bayer frames go through the following ISP pipeline HW blocks to
> > > >>> have the processed image output to the DDR memory.
> > > >>>
> > > >>> RAW bayer frame -> Input Feeder -> Bayer Down Scaling (BDS) ->
> > > >>> Geometric Distortion Correction (GDC) -> DDR
> > > >>>
> > > >>> The ImgU V4L2 subdev has to be configured with the supported
> > > >>> resolutions in all the above HW blocks, for a given input resolution.
> > > >>>
> > > >>> For a given supported resolution for an input frame, the Input Feeder,
> > > >>> Bayer Down Scaling and GDC blocks should be configured with the
> > > >>> supported resolutions. This information can be obtained by looking at
> > > >>> the following IPU3 ISP configuration table for ov5670 sensor.
> > > >>>
> > > >>> https://chromium.googlesource.com/chromiumos/overlays/board-overlays/+
> > > >>> /master/baseboard-poppy/media-libs/cros-camera-hal-configs-poppy/files
> > > >>> /
> > > >>> gcss/graph_settings_ov5670.xml
> > > >>>
> > > >>> For the ov5670 example, for an input frame with a resolution of
> > > >>> 2592x1944 (which is input to the ImgU subdev pad 0), the corresponding
> > > >>> resolutions for input feeder, BDS and GDC are 2592x1944, 2592x1944 and
> > > >>> 2560x1920 respectively.
> > > >>
> > > >> How is the GDC output resolution computed from the input resolution ?
> > > >> Does the GDC always consume 32 columns and 22 lines ?
> > > >>
> > > >>> The following steps prepare the ImgU ISP pipeline for the image
> > > >>> processing.
> > > >>>
> > > >>> 1. The ImgU V4L2 subdev data format should be set by using the
> > > >>> VIDIOC_SUBDEV_S_FMT on pad 0, using the GDC width and height obtained
> > > >>> above.
> > > >>
> > > >> If I understand things correctly, the GDC resolution is the pipeline
> > > >> output resolution. Why is it configured on pad 0 ?
> > > >>
> > > >>> 2. The ImgU V4L2 subdev cropping should be set by using the
> > > >>> VIDIOC_SUBDEV_S_SELECTION on pad 0, with V4L2_SEL_TGT_CROP as the
> > > >>> target, using the input feeder height and width.
> > > >>>
> > > >>> 3. The ImgU V4L2 subdev composing should be set by using the
> > > >>> VIDIOC_SUBDEV_S_SELECTION on pad 0, with V4L2_SEL_TGT_COMPOSE as the
> > > >>> target, using the BDS height and width.
> > > >>>
> > > >>> Once these 2 steps are done, the raw bayer frames can be input to the
> > > >>> ImgU V4L2 subdev for processing.
> > > >>
> > > >> Do I need to capture from both the output and viewfinder nodes ? How
> > > >> are
> > > >> they related to the IF -> BDS -> GDC pipeline, are they both fed from
> > > >> the GDC output ? If so, how does the viewfinder scaler fit in that
> > > >> picture ?
> > > >>
> > > >> I have tried the above configuration with the IPU3 v8 driver, and while
> > > >> the kernel doesn't crash, no images get processed. The userspace
> > > >> processes wait forever for buffers to be ready. I then configured pad 2
> > > >> to 2560x1920 and pad 3 to 1920x1080, and managed to capture images \o/
> > > >>
> > > >> There's one problem though: during capture, or very soon after it, the
> > > >> machine locks up completely. I suspect a memory corruption, as when it
> > > >> doesn't log immediately commands such as dmesg will not produce any
> > > >> output and just block, until the system freezes soon after (especially
> > > >> when moving the mouse).
> > > >>
> > > >> I would still call this an improvement to some extent, but there's
> > > >> definitely room for more improvements :-)
> > > >>
> > > >> To reproduce the issue, you can run the ipu3-process.sh script
> > > >> (attached
> > > >> to this e-mail) with the following arguments:
> > > >>
> > > >> $ ipu3-process.sh --out 2560x1920 frame-2592x1944.cio2
> > >
> > > This should have read
> > >
> > > $ ipu3-process.sh --out 2560x1920 --vf 1920x1080 frame-2592x1944.cio2
> > >
> > > Without the --vf argument no images are processed.
> > >
> > > It seems that the Intel mail server blocked the mail that contained the
> > > script. You can find a copy at http://paste.debian.net/hidden/fd5bb8df/.
> > >
> > > >> frame-2592x1944.cio2 is a binary file containing a 2592x1944 images in
> > > >> the IPU3-specific Bayer format (for a total of 6469632 bytes).
> > > >
> > > > I managed to get the dmesg output, and it doesn't look pretty.
> > > >
> > > > [ 571.217192] WARNING: CPU: 3 PID: 1303 at /home/laurent/src/iob/oss/
> > > > libcamera/linux/drivers/staging/media/ipu3/ipu3-dmamap.c:172
> > > > ipu3_dmamap_unmap+0x30/0x75 [ipu3_imgu]
> > > > [ 571.217196] Modules linked in: asix usbnet mii zram arc4 iwlmvm
> > > > mac80211
> > > > iwlwifi intel_rapl x86_pkg_temp_thermal intel_powerclamp coretemp
> > > > cfg80211
> > > > 8250_dw hid_multitouch ipu3_cio2 ipu3_imgu(C) videobuf2_dma_sg
> > > > videobuf2_memops videobuf2_v4l2 videobuf2_common
> > > > processor_thermal_device
> > > > intel_soc_dts_iosf ov13858 dw9714 ov5670 v4l2_fwnode v4l2_common
> > > > videodev
> > > > at24 media int3403_thermal int340x_thermal_zone cros_ec_lpcs
> > > > cros_ec_core
> > > > int3400_thermal chromeos_pstore mac_hid acpi_thermal_rel autofs4 usbhid
> > > > mmc_block hid_generic i915 video i2c_algo_bit drm_kms_helper syscopyarea
> > > > sysfillrect sdhci_pci sysimgblt fb_sys_fops cqhci sdhci drm
> > > > drm_panel_orientation_quirks i2c_hid hid
> > > > [ 571.217254] CPU: 3 PID: 1303 Comm: yavta Tainted: G C
> > > > 4.20.0-rc6+ #2
> > > > [ 571.217256] Hardware name: HP Soraka/Soraka, BIOS 08/30/2018
> > > > [ 571.217267] RIP: 0010:ipu3_dmamap_unmap+0x30/0x75 [ipu3_imgu]
> > > > [ 571.217271] Code: 54 55 48 8d af d0 6e 00 00 53 48 8b 76 10 49 89 fc
> > > > f3
> > > > 48 0f bc 8f f0 6e 00 00 48 89 ef 48 d3 ee e8 e6 73 d9 e6 48 85 c0 75 07
> > > > <0f> 0b 5b 5d 41 5c c3 48 8b 70 20 48 89 c3 48 8b 40 18 49 8b bc 24
> > > > [ 571.217274] RSP: 0018:ffffb675021c7b38 EFLAGS: 00010246
> > > > [ 571.217278] RAX: 0000000000000000 RBX: ffff8f5cf58f8448 RCX:
> > > > 000000000000000c
> > > > [ 571.217280] RDX: 0000000000000000 RSI: 0000000000000202 RDI:
> > > > 00000000ffffffff
> > > > [ 571.217283] RBP: ffff8f5cf58f6ef8 R08: 00000000000006c5 R09:
> > > > ffff8f5cfaba16f0
> > > > [ 571.217286] R10: ffff8f5cbf508f98 R11: 000000e03da27aba R12:
> > > > ffff8f5cf58f0028
> > > > [ 571.217289] R13: ffff8f5cf58f0028 R14: 0000000000000000 R15:
> > > > ffff8f5cf58f04e8
> > > > [ 571.217293] FS: 00007f85d009c700(0000) GS:ffff8f5cfab80000(0000)
> > > > knlGS:
> > > > 0000000000000000
> > > > [ 571.217296] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
> > > > [ 571.217299] CR2: 00007f3440fce4b0 CR3: 000000014abf2001 CR4:
> > > > 00000000003606e0
> > > > [ 571.217301] Call Trace:
> > > > [ 571.217316] ipu3_dmamap_free+0x5b/0x8f [ipu3_imgu]
> > > > [ 571.217326] ipu3_css_pool_cleanup+0x25/0x2f [ipu3_imgu]
> > > > [ 571.217338] ipu3_css_pipeline_cleanup+0x59/0x8f [ipu3_imgu]
> > > > [ 571.217348] ipu3_css_stop_streaming+0x15b/0x20f [ipu3_imgu]
> > > > [ 571.217360] imgu_s_stream+0x5a/0x30a [ipu3_imgu]
> > > > [ 571.217371] ? ipu3_all_nodes_streaming+0x14f/0x16b [ipu3_imgu]
> > > > [ 571.217382] ipu3_vb2_stop_streaming+0xe4/0x10f [ipu3_imgu]
> > > > [ 571.217392] __vb2_queue_cancel+0x2b/0x1b8 [videobuf2_common]
> > > > [ 571.217402] vb2_core_streamoff+0x30/0x71 [videobuf2_common]
> > > > [ 571.217418] __video_do_ioctl+0x258/0x38e [videodev]
> > > > [ 571.217438] video_usercopy+0x25f/0x4e5 [videodev]
> > > > [ 571.217453] ? copy_overflow+0x14/0x14 [videodev]
> > > > [ 571.217471] v4l2_ioctl+0x4d/0x58 [videodev]
> > > > [ 571.217480] vfs_ioctl+0x1e/0x2b
> > > > [ 571.217486] do_vfs_ioctl+0x531/0x559
> > > > [ 571.217494] ? vfs_write+0xd1/0xdf
> > > > [ 571.217500] ksys_ioctl+0x50/0x70
> > > > [ 571.217506] __x64_sys_ioctl+0x16/0x19
> > > > [ 571.217512] do_syscall_64+0x53/0x60
> > > > [ 571.217519] entry_SYSCALL_64_after_hwframe+0x44/0xa9
> > > > [ 571.217524] RIP: 0033:0x7f85cf9b9f47
> > > > [ 571.217528] Code: 00 00 00 48 8b 05 51 6f 2c 00 64 c7 00 26 00 00 00
> > > > 48
> > > > c7 c0 ff ff ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 b8 10 00 00 00 0f 05
> > > > <48> 3d 01 f0 ff ff 73 01 c3 48 8b 0d 21 6f 2c 00 f7 d8 64 89 01 48
> > > > [ 571.217531] RSP: 002b:00007ffc59056b78 EFLAGS: 00000246 ORIG_RAX:
> > > > 0000000000000010
> > > > [ 571.217535] RAX: ffffffffffffffda RBX: 0000000000000000 RCX:
> > > > 00007f85cf9b9f47
> > > > [ 571.217537] RDX: 00007ffc59056b84 RSI: 0000000040045613 RDI:
> > > > 0000000000000003
> > > > [ 571.217540] RBP: 000055f4c4dc0af8 R08: 00007f85cd7c4000 R09:
> > > > 00007f85d009c700
> > > > [ 571.217542] R10: 0000000000000020 R11: 0000000000000246 R12:
> > > > 000055f4c4dc0b06
> > > > [ 571.217545] R13: 0000000000000004 R14: 00007ffc59056d50 R15:
> > > > 00007ffc59057825
> > > > [ 571.217553] ---[ end trace 4b42bd84953eff53 ]---
> > > > [ 571.318645] ipu3-imgu 0000:00:05.0: wait cio gate idle timeout
> > >
> > > And after fixing another issue in the capture script (which was setting
> > > the
> > > format on the ImgU subdev pad 3 to 2560x1920 but capture in 1920x1080), I
> > > now get plenty of the following messages:
> > >
> > > [ 221.366131] BUG: Bad page state in process yavta pfn:14a4ff
> > > [ 221.366134] page:ffffde5d45293fc0 count:-1 mapcount:0 mapping:
> > > 0000000000000000 index:0x0
> > > [ 221.366137] flags: 0x200000000000000()
> > > [ 221.366140] raw: 0200000000000000 dead000000000100 dead000000000200
> > > 0000000000000000
> > > [ 221.366143] raw: 0000000000000000 0000000000000000 ffffffffffffffff
> > > 0000000000000000
> > > [ 221.366145] page dumped because: nonzero _refcount
> > > [ 221.366147] Modules linked in: asix usbnet mii zram arc4 iwlmvm
> > > intel_rapl x86_pkg_temp_thermal intel_powerclamp coretemp mac80211 iwlwifi
> > > cfg80211 hid_multitouch 8250_dw ipu3_cio2 ipu3_imgu(C) videobuf2_dma_sg
> > > videobuf2_memops videobuf2_v4l2 processor_thermal_device videobuf2_common
> > > intel_soc_dts_iosf ov13858 ov5670 dw9714 v4l2_fwnode v4l2_common videodev
> > > media at24 cros_ec_lpcs cros_ec_core int3403_thermal int340x_thermal_zone
> > > chromeos_pstore mac_hid int3400_thermal acpi_thermal_rel autofs4 usbhid
> > > mmc_block hid_generic i915 video i2c_algo_bit drm_kms_helper syscopyarea
> > > sysfillrect sysimgblt fb_sys_fops sdhci_pci cqhci sdhci drm
> > > drm_panel_orientation_quirks i2c_hid hid
> > > [ 221.366172] CPU: 3 PID: 1022 Comm: yavta Tainted: G B WC
> > > 4.20.0-rc6+ #2
> > > [ 221.366173] Hardware name: HP Soraka/Soraka, BIOS 08/30/2018
> > > [ 221.366173] Call Trace:
> > > [ 221.366176] dump_stack+0x46/0x59
> > > [ 221.366179] bad_page+0xf2/0x10c
> > > [ 221.366182] free_pages_check+0x78/0x81
> > > [ 221.366186] free_pcppages_bulk+0xa6/0x236
> > > [ 221.366190] free_unref_page+0x4b/0x53
> > > [ 221.366193] vb2_dma_sg_put+0x95/0xb5 [videobuf2_dma_sg]
> > > [ 221.366197] __vb2_buf_mem_free+0x3a/0x6e [videobuf2_common]
> > > [ 221.366202] __vb2_queue_free+0xe3/0x1be [videobuf2_common]
> > > [ 221.366207] vb2_core_reqbufs+0xe9/0x2cc [videobuf2_common]
> > > [ 221.366212] vb2_ioctl_reqbufs+0x78/0x9e [videobuf2_v4l2]
> > > [ 221.366220] __video_do_ioctl+0x258/0x38e [videodev]
> > > [ 221.366229] video_usercopy+0x25f/0x4e5 [videodev]
> > > [ 221.366237] ? copy_overflow+0x14/0x14 [videodev]
> > > [ 221.366240] ? unmap_region+0xe0/0x10a
> > > [ 221.366250] v4l2_ioctl+0x4d/0x58 [videodev]
> > > [ 221.366253] vfs_ioctl+0x1e/0x2b
> > > [ 221.366255] do_vfs_ioctl+0x531/0x559
> > > [ 221.366260] ksys_ioctl+0x50/0x70
> > > [ 221.366263] __x64_sys_ioctl+0x16/0x19
> > > [ 221.366266] do_syscall_64+0x53/0x60
> > > [ 221.366269] entry_SYSCALL_64_after_hwframe+0x44/0xa9
> > > [ 221.366270] RIP: 0033:0x7fbe39f6af47
> > > [ 221.366272] Code: 00 00 00 48 8b 05 51 6f 2c 00 64 c7 00 26 00 00 00 48
> > > c7 c0 ff ff ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 b8 10 00 00 00 0f 05
> > > <48> 3d 01 f0 ff ff 73 01 c3 48 8b 0d 21 6f 2c 00 f7 d8 64 89 01 48
> > > [ 221.366273] RSP: 002b:00007fff05638e68 EFLAGS: 00000246 ORIG_RAX:
> > > 0000000000000010
> > > [ 221.366275] RAX: ffffffffffffffda RBX: 0000000000000007 RCX:
> > > 00007fbe39f6af47
> > > [ 221.366279] RDX: 00007fff05638f90 RSI: 00000000c0145608 RDI:
> > > 0000000000000003
> > > [ 221.366283] RBP: 0000000000000004 R08: 0000000000000000 R09:
> > > 0000000000000045
> > > [ 221.366287] R10: 0000000000000557 R11: 0000000000000246 R12:
> > > 000055c83bd76750
> > > [ 221.366290] R13: 000055c83b6b26a0 R14: 0000000000000001 R15:
> > > 00007fff0563a825
>
> --
> Regards,
>
> Laurent Pinchart
>
>
>
next prev parent reply other threads:[~2018-12-21 3:04 UTC|newest]
Thread overview: 123+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-10-29 22:22 [PATCH v7 00/16] Intel IPU3 ImgU patchset Yong Zhi
2018-10-29 22:22 ` [PATCH v7 01/16] v4l: Add Intel IPU3 meta buffer formats Yong Zhi
2018-11-02 12:59 ` Mauro Carvalho Chehab
2018-11-02 13:05 ` Mauro Carvalho Chehab
2018-11-29 19:16 ` Laurent Pinchart
2018-11-29 23:12 ` Zhi, Yong
2018-10-29 22:22 ` [PATCH v7 02/16] doc-rst: Add Intel IPU3 documentation Yong Zhi
2018-11-29 22:50 ` Laurent Pinchart
2018-12-13 9:38 ` Sakari Ailus
2018-12-13 10:41 ` Laurent Pinchart
2018-12-13 10:50 ` Sakari Ailus
2018-12-13 9:38 ` [PATCH 1/1] staging/ipu3-imgu: Address documentation comments Sakari Ailus
2018-10-29 22:22 ` [PATCH v7 03/16] v4l: Add Intel IPU3 meta data uAPI Yong Zhi
2018-11-02 13:02 ` Sakari Ailus
2018-11-16 22:37 ` Zhi, Yong
[not found] ` <20181129224548.qwbkau6suipt2veq@kekkonen.localdomain>
2018-11-29 23:06 ` Zhi, Yong
2018-11-29 23:06 ` Zhi, Yong
2018-12-01 20:57 ` Sakari Ailus
2018-12-01 20:57 ` Sakari Ailus
2018-11-02 13:49 ` Mauro Carvalho Chehab
2018-11-02 14:04 ` Tomasz Figa
2018-11-06 23:27 ` Mani, Rajmohan
2018-11-15 10:52 ` Hans Verkuil
2018-11-29 0:41 ` Mani, Rajmohan
2018-11-06 18:25 ` Zhi, Yong
2018-11-15 12:51 ` Hans Verkuil
2018-11-21 18:45 ` Zhi, Yong
2018-10-29 22:22 ` [PATCH v7 04/16] intel-ipu3: abi: Add register definitions and enum Yong Zhi
2018-10-29 22:22 ` [PATCH v7 05/16] intel-ipu3: abi: Add structs Yong Zhi
2018-11-05 8:27 ` Sakari Ailus
2018-11-05 19:05 ` Mani, Rajmohan
2018-11-06 8:04 ` Sakari Ailus
2018-11-06 23:31 ` Mani, Rajmohan
2018-10-29 22:23 ` [PATCH v7 06/16] intel-ipu3: mmu: Implement driver Yong Zhi
2018-11-05 11:55 ` Sakari Ailus
2018-11-06 5:50 ` Zhi, Yong
2018-11-06 5:56 ` Tomasz Figa
2018-10-29 22:23 ` [PATCH v7 07/16] intel-ipu3: Implement DMA mapping functions Yong Zhi
2018-10-29 22:23 ` [PATCH v7 08/16] intel-ipu3: css: Add dma buff pool utility functions Yong Zhi
2018-11-08 15:36 ` Sakari Ailus
2018-11-09 23:16 ` Zhi, Yong
2018-11-12 9:21 ` Sakari Ailus
2018-10-29 22:23 ` [PATCH v7 09/16] intel-ipu3: css: Add support for firmware management Yong Zhi
2018-11-28 22:22 ` Sakari Ailus
2018-10-29 22:23 ` [PATCH v7 11/16] intel-ipu3: css: Compute and program ccs Yong Zhi
2018-10-29 22:23 ` [PATCH v7 12/16] intel-ipu3: css: Initialize css hardware Yong Zhi
2018-11-09 12:06 ` Sakari Ailus
2018-10-29 22:23 ` [PATCH v7 13/16] intel-ipu3: Add css pipeline programming Yong Zhi
2018-10-29 22:23 ` [PATCH v7 14/16] intel-ipu3: Add v4l2 driver based on media framework Yong Zhi
2018-11-09 12:36 ` Sakari Ailus
2018-11-09 23:26 ` Zhi, Yong
2018-11-15 12:51 ` Hans Verkuil
2018-11-15 16:09 ` Zhi, Yong
2018-10-29 22:23 ` [PATCH v7 15/16] intel-ipu3: Add imgu top level pci device driver Yong Zhi
2018-11-09 12:54 ` Sakari Ailus
2018-11-12 22:16 ` Zhi, Yong
2018-10-29 22:23 ` [PATCH v7 16/16] intel-ipu3: Add dual pipe support Yong Zhi
2018-11-01 12:03 ` [PATCH v7 00/16] Intel IPU3 ImgU patchset Sakari Ailus
2018-11-07 4:16 ` Bing Bu Cao
2018-11-09 1:28 ` Zhi, Yong
2018-11-09 11:28 ` Sakari Ailus
2018-11-09 10:09 ` Sakari Ailus
2018-11-12 4:31 ` Bing Bu Cao
2018-11-13 10:31 ` Sakari Ailus
2018-11-13 11:04 ` Bing Bu Cao
2018-11-13 21:58 ` Sakari Ailus
2018-11-14 7:02 ` Bing Bu Cao
2018-11-29 23:09 ` Laurent Pinchart
2018-11-30 13:37 ` Sakari Ailus
2018-11-29 23:07 ` Laurent Pinchart
2018-12-03 9:51 ` Sakari Ailus
2018-12-03 12:34 ` Laurent Pinchart
2018-11-14 0:25 ` jacopo mondi
2018-11-14 7:40 ` Sakari Ailus
2018-11-18 0:12 ` jacopo mondi
2018-11-29 14:43 ` Laurent Pinchart
2018-11-29 19:51 ` Tomasz Figa
2018-11-29 22:54 ` Laurent Pinchart
2018-11-29 22:58 ` Mani, Rajmohan
2018-12-04 16:07 ` Mani, Rajmohan
2018-12-04 16:42 ` Laurent Pinchart
2018-12-04 16:53 ` Mani, Rajmohan
2018-12-05 0:30 ` Mani, Rajmohan
2018-12-11 13:34 ` Laurent Pinchart
2018-12-11 13:43 ` Laurent Pinchart
2018-12-11 14:20 ` Laurent Pinchart
2018-12-16 7:26 ` Laurent Pinchart
2018-12-20 22:25 ` Laurent Pinchart
2018-12-21 3:04 ` Tomasz Figa [this message]
2019-01-08 6:54 ` Tomasz Figa
2019-01-09 16:40 ` Jacopo Mondi
2019-01-09 17:00 ` Mani, Rajmohan
2019-01-09 17:25 ` Jacopo Mondi
2019-01-09 18:01 ` Mani, Rajmohan
2019-01-09 18:20 ` Jacopo Mondi
2019-01-09 18:36 ` Mani, Rajmohan
2019-01-10 8:19 ` Jacopo Mondi
2019-01-12 2:06 ` Mani, Rajmohan
2019-01-12 2:30 ` Mani, Rajmohan
2019-01-12 15:10 ` Laurent Pinchart
[not found] ` <6F87890CF0F5204F892DEA1EF0D77A599B323499@fmsmsx122.amr.corp.intel.com>
2019-01-21 5:41 ` Tomasz Figa
2019-01-21 8:07 ` Laurent Pinchart
2019-01-22 16:21 ` Mani, Rajmohan
[not found] ` <6F87890CF0F5204F892DEA1EF0D77A599B31FAF4@fmsmsx122.amr.corp.intel.com>
2019-01-08 23:34 ` Laurent Pinchart
2018-12-12 4:55 ` Bingbu Cao
2018-12-13 22:24 ` Laurent Pinchart
2018-12-14 2:53 ` Bingbu Cao
2018-12-17 3:14 ` Bingbu Cao
2018-12-26 11:03 ` Laurent Pinchart
2019-01-02 2:38 ` Bingbu Cao
2019-01-02 8:20 ` Laurent Pinchart
2019-01-02 20:26 ` Sakari Ailus
2019-01-28 10:09 ` Jacopo Mondi
2019-01-29 8:56 ` Tomasz Figa
2019-02-01 10:04 ` Jacopo Mondi
2019-02-05 6:01 ` Tomasz Figa
2019-03-23 13:02 ` Jacopo Mondi
2019-03-25 3:45 ` Bingbu Cao
2019-03-25 4:06 ` Laurent Pinchart
2019-03-25 8:11 ` Jacopo Mondi
2019-03-25 10:07 ` Bingbu Cao
2019-03-26 11:16 ` Jacopo Mondi
2019-04-08 6:35 ` Bingbu Cao
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=CAAFQd5CN3dhTviSnFbzSOjkMTQqUyOajYv+CVxSLLAih522CgQ@mail.gmail.com \
--to=tfiga@chromium.org \
--cc=bingbu.cao@intel.com \
--cc=hans.verkuil@cisco.com \
--cc=jerry.w.hu@intel.com \
--cc=jian.xu.zheng@intel.com \
--cc=laurent.pinchart@ideasonboard.com \
--cc=linux-media@vger.kernel.org \
--cc=mchehab@kernel.org \
--cc=rajmohan.mani@intel.com \
--cc=sakari.ailus@linux.intel.com \
--cc=tian.shu.qiu@intel.com \
--cc=tuukka.toivonen@intel.com \
--cc=yong.zhi@intel.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).