[drivers][imx-sdma] Ooops on null pointer access of bd0 register in sdma_load_context function
Simon Egli
deadolus at gmail.com
Fri Feb 10 05:15:40 PST 2023
Hello,
you seem to be responsible for maintaining drivers/dma/imx-sdma.c (as found out by get_maintainer.pl - following guide at https://www.kernel.org/doc/Documentation/admin-guide/bug-hunting.rst),
I write you with a Oops kernel error in the imx-sdma.c file.
Following are two kernel Oops traces and one "decoded" stacktraces.
I suspect that there is an illegal access in the sdma_load_context function with the "bd0->mode.command" register/variable.
I am sending you the traces in the hope, that you might have a look at it and fix the error, if it is still in the mainline kernel.
This is from a machine running a non-tainted 5.15.32 kernel.
Best regards,
Simon Egli
#### Original Oops Trace 1
[ 32.780327] 8<--- cut here ---
[ 32.783417] Unable to handle kernel NULL pointer dereference at virtual address 00000003
[ 32.791512] pgd = 6130f725
[ 32.794228] [00000003] *pgd=00000000
[ 32.797817] Internal error: Oops: 805 [#1] PREEMPT SMP ARM
[ 32.803307] Modules linked in: caam_jr caamkeyblob_desc caamhash_desc caamalg_desc crypto_engine rng_core authenc libdes brcmfmac brcmutil caam secvio error
[ 32.817365] CPU: 1 PID: 436 Comm: customer.Gateway Not tainted 5.15.32-lts-next+gecbf55218182 #1
[ 32.826075] Hardware name: Freescale i.MX7 Dual (Device Tree)
[ 32.831825] PC is at sdma_transfer_init+0x124/0x244
[ 32.836720] LR is at 0x0
[ 32.839257] pc : [<805ce5e4>] lr : [<00000000>] psr: 80060093
[ 32.845527] sp : 85487d98 ip : ac040280 fp : 20060093
[ 32.850754] r10: 84472ca0 r9 : 84470040 r8 : 00000002
[ 32.855981] r7 : ac040200 r6 : 00000000 r5 : 85f4c800 r4 : 844702d4
[ 32.862512] r3 : 84472040 r2 : 00000001 r1 : 00000000 r0 : ac040200
[ 32.869043] Flags: Nzcv IRQs off FIQs on Mode SVC_32 ISA ARM Segment none
[ 32.876271] Control: 10c5387d Table: 8537806a DAC: 00000051
[ 32.882019] Register r0 information: 0-page vmalloc region starting at 0xac000000 allocated at iotable_init+0x0/0xec
[ 32.892564] Register r1 information: NULL pointer
[ 32.897275] Register r2 information: non-paged memory
[ 32.902331] Register r3 information: non-slab/vmalloc memory
[ 32.908001] Register r4 information: non-slab/vmalloc memory
[ 32.913682] Register r5 information: slab kmalloc-128 start 85f4c800 pointer offset 0 size 128
[ 32.922330] Register r6 information: NULL pointer
[ 32.927047] Register r7 information: 0-page vmalloc region starting at 0xac000000 allocated at iotable_init+0x0/0xec
[ 32.937598] Register r8 information: non-paged memory
[ 32.942664] Register r9 information: non-slab/vmalloc memory
[ 32.948337] Register r10 information: non-slab/vmalloc memory
[ 32.954093] Register r11 information: non-paged memory
[ 32.959237] Register r12 information: 0-page vmalloc region starting at 0xac000000 allocated at iotable_init+0x0/0xec
[ 32.969862] Process customer.Gateway (pid: 436, stack limit = 0x6bec4388)
[ 32.976573] Stack: (0x85487d98 to 0x85488000)
[ 32.980937] 7d80: 00000000 00000000
[ 32.989121] 7da0: 00000002 84472040 351aa3f5 8418e9dc 00000001 844702d4 00000001 840f3810
[ 32.997305] 7dc0: 84470040 00000000 84afb404 805ce760 8418e9dc 840f3810 00004002 00000002
[ 33.005489] 7de0: 84afb404 8418e840 00000000 844702d4 8418e9dc 840f3810 805ce704 8418e840
[ 33.013673] 7e00: 84afb404 8061ce6c 00000001 00000000 00000000 00000000 8401c4d8 00000000
[ 33.021857] 7e20: 00000004 00000fff 84688c00 80619b28 00000004 a0060013 00000004 84688c00
[ 33.030041] 7e40: 00000004 84afb400 c080726c 85d39900 84688c74 00000400 85486000 805fdecc
[ 33.038226] 7e60: 84789d80 84afb400 85486000 84688d74 80d353d4 00000001 00000000 8509e180
[ 33.046411] 7e80: 8016d28c 84688d78 84688d78 81304f88 84688c00 84688c00 84789d80 00000004
[ 33.054594] 7ea0: 00000004 85d39900 85487f08 00000400 85486000 805f99e0 00000000 00000000
[ 33.062778] 7ec0: 805fdb3c 85d39900 00000255 84789d80 00000006 00000004 00000000 85487f78
[ 33.070963] 7ee0: 00000000 00000000 00000000 8025ea5c 00000004 00000cc0 00067c1d 67c1d000
[ 33.079146] 7f00: 71a86808 00000004 00000100 00000000 00000000 85487f08 00000000 00000000
[ 33.087330] 7f20: 84789d80 00000000 00000000 00000000 00000000 00000000 00000006 00000000
[ 33.095514] 7f40: 00000000 00000000 00000001 81304f88 00000004 84789d81 84789d80 00000000
[ 33.103697] 7f60: 00000000 71a86808 00000004 00000004 7e8ec9cc 8025ed3c 00000000 00000000
[ 33.111881] 7f80: 7e8ec3f8 81304f88 00000020 00000004 71a86808 76fded70 00000004 801002c4
[ 33.120065] 7fa0: 85486000 80100060 00000004 71a86808 00000092 71a86808 00000004 00000000
[ 33.128249] 7fc0: 00000004 71a86808 76fded70 00000004 71a86808 7e8ed260 00000000 7e8ec9cc
[ 33.136433] 7fe0: 00000004 7e8ec968 76d182e5 76ca40a6 80060030 00000092 00000000 00000000
[ 33.144621] [<805ce5e4>] (sdma_transfer_init) from [<805ce760>] (sdma_prep_slave_sg+0x5c/0x234)
[ 33.153340] [<805ce760>] (sdma_prep_slave_sg) from [<8061ce6c>] (imx_uart_dma_tx+0xf4/0x22c)
[ 33.161798] [<8061ce6c>] (imx_uart_dma_tx) from [<80619b28>] (uart_write+0xec/0x1f4)
[ 33.169558] [<80619b28>] (uart_write) from [<805fdecc>] (n_tty_write+0x390/0x4dc)
[ 33.177056] [<805fdecc>] (n_tty_write) from [<805f99e0>] (file_tty_write.constprop.0+0x130/0x274)
[ 33.185943] [<805f99e0>] (file_tty_write.constprop.0) from [<8025ea5c>] (vfs_write+0x2d0/0x45c)
[ 33.194657] [<8025ea5c>] (vfs_write) from [<8025ed3c>] (ksys_write+0x64/0xec)
[ 33.201804] [<8025ed3c>] (ksys_write) from [<80100060>] (ret_fast_syscall+0x0/0x58)
[ 33.209473] Exception stack(0x85487fa8 to 0x85487ff0)
[ 33.214531] 7fa0: 00000004 71a86808 00000092 71a86808 00000004 00000000
[ 33.222715] 7fc0: 00000004 71a86808 76fded70 00000004 71a86808 7e8ed260 00000000 7e8ec9cc
[ 33.230896] 7fe0: 00000004 7e8ec968 76d182e5 76ca40a6
[ 33.235957] Code: e5872020 e5942108 e5872024 e3a02001 (e5c62003)
[ 33.242057] ---[ end trace 189621c39bdc0442 ]---
### Original Oops Trace 2
[ 32.893037] 8<--- cut here ---
[ 32.896125] Unable to handle kernel NULL pointer dereference at virtual address 00000003
[ 32.904221] pgd = b471414e
[ 32.906937] [00000003] *pgd=00000000
[ 32.910526] Internal error: Oops: 805 [#1] PREEMPT SMP ARM
[ 32.916017] Modules linked in: caam_jr caamkeyblob_desc caamhash_desc caamalg_desc crypto_engine rng_core authenc libdes brcmfmac brcmutil caam secvio error
[ 32.930075] CPU: 1 PID: 436 Comm: customer.Gateway Not tainted 5.15.32-lts-next+gecbf55218182 #1
[ 32.938781] Hardware name: Freescale i.MX7 Dual (Device Tree)
[ 32.944529] PC is at sdma_transfer_init+0x124/0x244
[ 32.949423] LR is at 0x0
[ 32.951959] pc : [<805ce5e4>] lr : [<00000000>] psr: 80060093
[ 32.958229] sp : 85499d98 ip : ac040280 fp : 20060093
[ 32.963456] r10: 84472ca0 r9 : 84470040 r8 : 00000002
[ 32.968684] r7 : ac040200 r6 : 00000000 r5 : 853fe180 r4 : 844702d4
[ 32.975214] r3 : 84472040 r2 : 00000001 r1 : 00000000 r0 : ac040200
[ 32.981745] Flags: Nzcv IRQs off FIQs on Mode SVC_32 ISA ARM Segment none
[ 32.988974] Control: 10c5387d Table: 8547006a DAC: 00000051
[ 32.994721] Register r0 information: 0-page vmalloc region starting at 0xac000000 allocated at iotable_init+0x0/0xec
[ 33.005263] Register r1 information: NULL pointer
[ 33.009974] Register r2 information: non-paged memory
[ 33.015034] Register r3 information: non-slab/vmalloc memory
[ 33.020713] Register r4 information: non-slab/vmalloc memory
[ 33.026389] Register r5 information: slab kmalloc-128 start 853fe180 pointer offset 0 size 128
[ 33.035036] Register r6 information: NULL pointer
[ 33.039750] Register r7 information: 0-page vmalloc region starting at 0xac000000 allocated at iotable_init+0x0/0xec
[ 33.050301] Register r8 information: non-paged memory
[ 33.055366] Register r9 information: non-slab/vmalloc memory
[ 33.061035] Register r10 information: non-slab/vmalloc memory
[ 33.066788] Register r11 information: non-paged memory
[ 33.071935] Register r12 information: 0-page vmalloc region starting at 0xac000000 allocated at iotable_init+0x0/0xec
[ 33.082566] Process customer.Gateway (pid: 436, stack limit = 0x2fe51843)
[ 33.089281] Stack: (0x85499d98 to 0x8549a000)
[ 33.093649] 9d80: 00000000 00000000
[ 33.101837] 9da0: 00000002 84472040 750aa5f7 8418e9dc 00000001 844702d4 00000001 840f3810
[ 33.110024] 9dc0: 84470040 00000000 84ceb804 805ce760 8418e9dc 840f3810 00004002 00000002
[ 33.118210] 9de0: 84ceb804 8418e840 00000000 844702d4 8418e9dc 840f3810 805ce704 8418e840
[ 33.126396] 9e00: 84ceb804 8061ce6c 00000001 00000000 00000000 00000000 8401c4d8 00000000
[ 33.134583] 9e20: 00000004 00000fff 84f75a00 80619b28 00000004 a0060013 00000004 84f75a00
[ 33.142769] 9e40: 00000004 84ceb800 c080726c 850c9f80 84f75a74 00000400 85498000 805fdecc
[ 33.150956] 9e60: 85036f00 84ceb800 85498000 84f75b74 80d353d4 80249128 00000000 84bb9a00
[ 33.159142] 9e80: 8016d28c 84f75b78 84f75b78 81304f88 84f75a00 84f75a00 85036f00 00000004
[ 33.167348] 9ea0: 00000004 850c9f80 85499f08 00000400 85498000 805f99e0 00000000 00000000
[ 33.175552] 9ec0: 805fdb3c 850c9f80 00000255 85036f00 00000006 00000004 00000000 85499f78
[ 33.183740] 9ee0: 00000000 00000000 00000000 8025ea5c 00000004 00000cc0 00067c09 67c09000
[ 33.191925] 9f00: 71a6e1a8 00000004 00000100 00000000 00000000 85499f08 00000000 00000000
[ 33.200111] 9f20: 85036f00 00000000 00000000 00000000 00000000 00000000 00000006 00000000
[ 33.208296] 9f40: 00000000 00000000 00000001 81304f88 00000004 85036f01 85036f00 00000000
[ 33.216483] 9f60: 00000000 71a6e1a8 00000004 00000004 7ef8f9cc 8025ed3c 00000000 00000000
[ 33.224669] 9f80: 7ef8f3f8 81304f88 00000020 00000004 71a6e1a8 76fd8d70 00000004 801002c4
[ 33.232857] 9fa0: 85498000 80100060 00000004 71a6e1a8 00000092 71a6e1a8 00000004 00000000
[ 33.241045] 9fc0: 00000004 71a6e1a8 76fd8d70 00000004 71a6e1a8 7ef90260 00000000 7ef8f9cc
[ 33.249232] 9fe0: 00000004 7ef8f968 76d122e5 76c9e0a6 80060030 00000092 00000000 00000000
[ 33.257421] [<805ce5e4>] (sdma_transfer_init) from [<805ce760>] (sdma_prep_slave_sg+0x5c/0x234)
[ 33.266155] [<805ce760>] (sdma_prep_slave_sg) from [<8061ce6c>] (imx_uart_dma_tx+0xf4/0x22c)
[ 33.274619] [<8061ce6c>] (imx_uart_dma_tx) from [<80619b28>] (uart_write+0xec/0x1f4)
[ 33.282381] [<80619b28>] (uart_write) from [<805fdecc>] (n_tty_write+0x390/0x4dc)
[ 33.289886] [<805fdecc>] (n_tty_write) from [<805f99e0>] (file_tty_write.constprop.0+0x130/0x274)
[ 33.298789] [<805f99e0>] (file_tty_write.constprop.0) from [<8025ea5c>] (vfs_write+0x2d0/0x45c)
[ 33.307539] [<8025ea5c>] (vfs_write) from [<8025ed3c>] (ksys_write+0x64/0xec)
[ 33.314693] [<8025ed3c>] (ksys_write) from [<80100060>] (ret_fast_syscall+0x0/0x58)
[ 33.322369] Exception stack(0x85499fa8 to 0x85499ff0)
[ 33.327434] 9fa0: 00000004 71a6e1a8 00000092 71a6e1a8 00000004 00000000
[ 33.335621] 9fc0: 00000004 71a6e1a8 76fd8d70 00000004 71a6e1a8 7ef90260 00000000 7ef8f9cc
[ 33.343805] 9fe0: 00000004 7ef8f968 76d122e5 76c9e0a6
[ 33.348871] Code: e5872020 e5942108 e5872024 e3a02001 (e5c62003)
[ 33.354973] ---[ end trace a70ed07b969c6b4a ]---
### Decoded Stacktrace (via decode_stacktrace)
~/customer/yocto-master/build/tmp/work-shared/customer-gateway/kernel-source/scripts/decode_stacktrace.sh boot/vmlinux-5.15.32+ge17b66690cb9 ./ < stacktrace.txt
[ 32.780327] 8<--- cut here ---
[ 32.783417] Unable to handle kernel NULL pointer dereference at virtual address 00000003
[ 32.791512] pgd = 6130f725
[ 32.794228] [00000003] *pgd=00000000
[ 32.797817] Internal error: Oops: 805 [#1] PREEMPT SMP ARM
[ 32.803307] Modules linked in: caam_jr caamkeyblob_desc caamhash_desc caamalg_desc crypto_engine rng_core authenc libdes brcmfmac brcmutil caam secvio error
[ 32.817365] CPU: 1 PID: 436 Comm: customer.Gateway Not tainted 5.15.32-lts-next+gecbf55218182 #1
[ 32.826075] Hardware name: Freescale i.MX7 Dual (Device Tree)
[ 32.831825] PC is at sdma_transfer_init (/usr/src/kernel/drivers/dma/imx-sdma.c:1285 /usr/src/kernel/drivers/dma/imx-sdma.c:1821)
[ 32.836720] LR is at 0x0
[ 32.839257] pc : lr : psr: 80060093
[ 32.845527] sp : 85487d98 ip : ac040280 fp : 20060093
[ 32.850754] r10: 84472ca0 r9 : 84470040 r8 : 00000002
[ 32.855981] r7 : ac040200 r6 : 00000000 r5 : 85f4c800 r4 : 844702d4
[ 32.862512] r3 : 84472040 r2 : 00000001 r1 : 00000000 r0 : ac040200
[ 32.869043] Flags: Nzcv IRQs off FIQs on Mode SVC_32 ISA ARM Segment none
[ 32.876271] Control: 10c5387d Table: 8537806a DAC: 00000051
[ 32.882019] Register r0 information: 0-page vmalloc region starting at 0xac000000 allocated at iotable_init (/usr/src/kernel/arch/arm/mm/mmu.c:993)
[ 32.892564] Register r1 information: NULL pointer
[ 32.897275] Register r2 information: non-paged memory
[ 32.902331] Register r3 information: non-slab/vmalloc memory
[ 32.908001] Register r4 information: non-slab/vmalloc memory
[ 32.913682] Register r5 information: slab kmalloc-128 start 85f4c800 pointer offset 0 size 128
[ 32.922330] Register r6 information: NULL pointer
[ 32.927047] Register r7 information: 0-page vmalloc region starting at 0xac000000 allocated at iotable_init (/usr/src/kernel/arch/arm/mm/mmu.c:993)
[ 32.937598] Register r8 information: non-paged memory
[ 32.942664] Register r9 information: non-slab/vmalloc memory
[ 32.948337] Register r10 information: non-slab/vmalloc memory
[ 32.954093] Register r11 information: non-paged memory
[ 32.959237] Register r12 information: 0-page vmalloc region starting at 0xac000000 allocated at iotable_init (/usr/src/kernel/arch/arm/mm/mmu.c:993)
[ 32.969862] Process customer.Gateway (pid: 436, stack limit = 0x6bec4388)
[ 32.976573] Stack: (0x85487d98 to 0x85488000)
[ 32.980937] 7d80: 00000000 00000000
[ 32.989121] 7da0: 00000002 84472040 351aa3f5 8418e9dc 00000001 844702d4 00000001 840f3810
[ 32.997305] 7dc0: 84470040 00000000 84afb404 805ce760 8418e9dc 840f3810 00004002 00000002
[ 33.005489] 7de0: 84afb404 8418e840 00000000 844702d4 8418e9dc 840f3810 805ce704 8418e840
[ 33.013673] 7e00: 84afb404 8061ce6c 00000001 00000000 00000000 00000000 8401c4d8 00000000
[ 33.021857] 7e20: 00000004 00000fff 84688c00 80619b28 00000004 a0060013 00000004 84688c00
[ 33.030041] 7e40: 00000004 84afb400 c080726c 85d39900 84688c74 00000400 85486000 805fdecc
[ 33.038226] 7e60: 84789d80 84afb400 85486000 84688d74 80d353d4 00000001 00000000 8509e180
[ 33.046411] 7e80: 8016d28c 84688d78 84688d78 81304f88 84688c00 84688c00 84789d80 00000004
[ 33.054594] 7ea0: 00000004 85d39900 85487f08 00000400 85486000 805f99e0 00000000 00000000
[ 33.062778] 7ec0: 805fdb3c 85d39900 00000255 84789d80 00000006 00000004 00000000 85487f78
[ 33.070963] 7ee0: 00000000 00000000 00000000 8025ea5c 00000004 00000cc0 00067c1d 67c1d000
[ 33.079146] 7f00: 71a86808 00000004 00000100 00000000 00000000 85487f08 00000000 00000000
[ 33.087330] 7f20: 84789d80 00000000 00000000 00000000 00000000 00000000 00000006 00000000
[ 33.095514] 7f40: 00000000 00000000 00000001 81304f88 00000004 84789d81 84789d80 00000000
[ 33.103697] 7f60: 00000000 71a86808 00000004 00000004 7e8ec9cc 8025ed3c 00000000 00000000
[ 33.111881] 7f80: 7e8ec3f8 81304f88 00000020 00000004 71a86808 76fded70 00000004 801002c4
[ 33.120065] 7fa0: 85486000 80100060 00000004 71a86808 00000092 71a86808 00000004 00000000
[ 33.128249] 7fc0: 00000004 71a86808 76fded70 00000004 71a86808 7e8ed260 00000000 7e8ec9cc
[ 33.136433] 7fe0: 00000004 7e8ec968 76d182e5 76ca40a6 80060030 00000092 00000000 00000000
[ 33.144621] (sdma_transfer_init) from sdma_prep_slave_sg (/usr/src/kernel/drivers/dma/imx-sdma.c:1912)
[ 33.153340] (sdma_prep_slave_sg) from imx_uart_dma_tx (/usr/src/kernel/drivers/tty/serial/imx.c:656)
[ 33.161798] (imx_uart_dma_tx) from uart_write (/usr/src/kernel/include/linux/spinlock.h:418 /usr/src/kernel/drivers/tty/serial/serial_core.c:598)
[ 33.169558] (uart_write) from n_tty_write (/usr/src/kernel/drivers/tty/n_tty.c:2309)
[ 33.177056] (n_tty_write) from file_tty_write.constprop.0 (/usr/src/kernel/drivers/tty/tty_io.c:1038 /usr/src/kernel/drivers/tty/tty_io.c:1110)
[ 33.185943] (file_tty_write.constprop.0) from vfs_write (/usr/src/kernel/fs/read_write.c:508 /usr/src/kernel/fs/read_write.c:594 /usr/src/kernel/fs/read_write.c:574)
[ 33.194657] (vfs_write) from ksys_write (/usr/src/kernel/fs/read_write.c:648)
[ 33.201804] (ksys_write) from ret_fast_syscall (/usr/src/kernel/arch/arm/kernel/entry-common.S:51)
[ 33.209473] Exception stack(0x85487fa8 to 0x85487ff0)
[ 33.214531] 7fa0: 00000004 71a86808 00000092 71a86808 00000004 00000000
[ 33.222715] 7fc0: 00000004 71a86808 76fded70 00000004 71a86808 7e8ed260 00000000 7e8ec9cc
[ 33.230896] 7fe0: 00000004 7e8ec968 76d182e5 76ca40a6
[ 33.235957] Code: e5872020 e5942108 e5872024 e3a02001 (e5c62003)
All code
========
0: 20 20 and %ah,(%rax)
2: 87 e5 xchg %esp,%ebp
4: 08 21 or %ah,(%rcx)
6: 94 xchg %eax,%esp
7: e5 24 in $0x24,%eax
9: 20 87 e5 01 20 a0 and %al,-0x5fdffe1b(%rdi)
f:* e3 03 jrcxz 0x14 <-- trapping instruction
11: 20 c6 and %al,%dh
13: e5 .byte 0xe5
Code starting with the faulting instruction
===========================================
0: 03 20 add (%rax),%esp
2: c6 (bad)
3: e5 .byte 0xe5
[ 33.242057] ---[ end trace 189621c39bdc0442 ]---
### Suspected faulty code region imx-sdma.c, line 1271 in 5.15.32 kernel(seems bd0 was not properly initialized and thus a NULL pointer access occurs)
/* Send by context the event mask,base address for peripheral
* and watermark level
*/
if (sdmac->peripheral_type == IMX_DMATYPE_HDMI) {
context->gReg[4] = sdmac->per_addr;
context->gReg[6] = sdmac->shp_addr;
} else {
context->gReg[0] = sdmac->event_mask[1];
context->gReg[1] = sdmac->event_mask[0];
context->gReg[2] = sdmac->per_addr;
context->gReg[6] = sdmac->shp_addr;
context->gReg[7] = sdmac->watermark_level;
}
bd0->mode.command = C0_SETDM;
bd0->mode.status = BD_DONE | BD_WRAP | BD_EXTD;
bd0->mode.count = sizeof(*context) / 4;
bd0->buffer_addr = sdma->context_phys;
bd0->ext_buffer_addr = 2048 + (sizeof(*context) / 4) * channel;
ret = sdma_run_channel0(sdma);
More information about the linux-arm-kernel
mailing list