omapdrm/pvr kernel crash with camera capture and display application

2014-12-02 Thread Vikas Patil 
Hi All,

What I found is UnwrapExtMemoryCallBack() function from
eurasia_km\services4\srvkm\common\devicemem.c always calls
omap_gem_put_pages(), however just before the crash  it calls
omap_gem_put_paddr() and it crashes in it due to  NULL pointer dereference
of  >dev->struct_mutex. instead of omap_gem_put_pages(). Does this
gives any clue on what might be going wrong? What OMAP_BO_TILED_MASK
signifies?

See the function below:
static PVRSRV_ERROR UnwrapExtMemoryCallBack(IMG_PVOID  pvParam,
IMG_UINT32 ui32Param,
IMG_BOOL   bDummy)
{
PVRSRV_KERNEL_MEM_INFO*psMemInfo = (PVRSRV_KERNEL_MEM_INFO
*)pvParam;
#if defined(SUPPORT_DRI_DRM_EXTERNAL)
IMG_BOOL bPhysContig = (IMG_BOOL)ui32Param;
struct drm_gem_object *buf =
BM_GetGEM(psMemInfo->sMemBlk.hBuffer);
#endif
PVRSRV_ERROR err = FreeMemCallBackCommon(psMemInfo, ui32Param,
PVRSRV_FREE_CALLBACK_ORIGIN_ALLOCATOR);

PVR_UNREFERENCED_PARAMETER(bDummy);

#if defined(SUPPORT_DRI_DRM_EXTERNAL)
if (buf) {
if (omap_gem_flags(buf) & OMAP_BO_TILED_MASK) {
omap_gem_put_paddr(buf);
} else {
if (bPhysContig) {
omap_gem_put_paddr(buf);
} else {
omap_gem_put_pages(buf);
}
}
}
#endif /* SUPPORT_DRI_DRM_EXTERNAL */

return err;
}

Thanks & Regards,
Vikash


On Mon, Dec 1, 2014 at 7:38 PM, Vikas Patil  wrote:

> Hi,
>
> I am running camera capture application (based on omap iss, v4l2,
> videobuf2-dma-contig, x11, gles2) on customized OMAP5 board with 3.8 kernel
> and rootfs based on GLSDK 6.04.00.02. However within 12 to 30 minutes it
> crashes with following trace.
>
> I have reverted Link 1 patch from omap_gem.c and integrated link 2 patch
> to fix another crash I was observing
> Link1:
> http://git.omapzoom.org/?p=kernel/omap.git;a=commitdiff;h=f968e920452aa3061fb1dfff1a55a55f8af60dde;hp=1bca805f90dc31eac5a2093074cf70fe1b806f55
> Link2:
> http://omapzoom.org/?p=kernel/omap.git;a=commitdiff;h=0f88f7ca8283f9407a17f150968c6fc1a980231c;hp=0421a5efd6e44bb29e3abe2dc80b4b2564083df9
>
>
> Could anyone give some inputs/suggestion to understand and fix this crash?
> How should I start debugging it?
>
> Regards & Thanks,
> Vikash
>
> Crash log:
>
> [  114.055145] systemd[1]: Converting job network.service/restart ->
> network.service/start
> [  114.061676] Unable to handle kernel NULL pointer dereference at virtual
> address 0014
> [  114.061676] pgd = 80004000
> [  114.061676] [0014] *pgd=
> [  114.061676] Internal error: Oops: 17 [#1] PREEMPT SMP ARM
> [  114.061706] Modules linked in: omap5_iss ov10635 videobuf2_dma_contig
> tc358746xbg ser913q_de914q sd8xxx(O) mlan(PO) omapdrm_pvr(O)
> [  114.061706] CPU: 0Tainted: P   O  (3.8.13 #14)
> [  114.061737] PC is at mutex_lock+0x1c/0x58
> [  114.061737] LR is at omap_gem_put_paddr+0x24/0xb8
> [  114.061737] pc : [<804c4ff0>]lr : [<80324a80>]psr: 0013
> [  114.061737] sp : ef0b9e10  ip : ef0b9e28  fp : ef0b9e24
> [  114.061737] r10:   r9 :   r8 : 8073ef0c
> [  114.061737] r7 : ee9653c0  r6 :   r5 :   r4 : 0014
> [  114.061767] r3 : f000  r2 : 0001d838  r1 : 6013  r0 : 0014
> [  114.061767] Flags: nzcv  IRQs on  FIQs on  Mode SVC_32  ISA ARM
> Segment kernel
> [  114.061767] Control: 10c5387d  Table: ecd3406a  DAC: 0015
> [  114.061767] Process kworker/u:0 (pid: 6, stack limit = 0xef0b8240)
> [  114.061767] Stack: (0xef0b9e10 to 0xef0ba000)
> [  114.061767] 9e00: f000 ecfe5300
> ef0b9e3c ef0b9e28
> [  114.061798] 9e20: 80324a80 804c4fe0 ecfe5300  ef0b9e5c ef0b9e40
> 7f009e44 80324a68
> [  114.061798] 9e40: 7f009de0 ee965b00 0001  ef0b9e84 ef0b9e60
> 7f014d88 7f009dec
> [  114.061798] 9e60: 7f04711c ecd40854 eeb55340 ee965b00  ecf68880
> ef0b9e9c ef0b9e88
> [  114.061798] 9e80: 7f0155b4 7f014d4c ee9653c0 7f0268a0 ef0b9ebc ef0b9ea0
> 7f009314 7f01555c
> [  114.061798] 9ea0:  ee965420 807bbaa4 7f0092e0 ef0b9edc ef0b9ec0
> 803244e0 7f0092ec
> [  114.061828] 9ec0: ef0661c0 ee965420 8073ee00 ef2aca00 ef0b9f24 ef0b9ee0
> 80058198 803244ac
> [  114.061828] 9ee0: ef0661c0 8073ef0c ef0b8000 ef0661c0 8073ef0c 
> 8073ee00 ef0661c0
> [  114.061828] 9f00: 8073ef0c ef0b8000 8073ee00 ef0661d4 8073ef0c 8073ef0c
> ef0b9f5c ef0b9f28
> [  114.061828] 9f20: 80058808 80057f2c  ef0661c0 80058590 ef0a5e58
>  ef0661c0
> [  114.061828] 9f40: 80058590    ef0b9fac ef0b9f60
> 800600d4 8005859c
> [  114.061828] 9f60: 00102d58  ef0b9f94 ef0661c0  
> ef0b9f78 ef0b9f78
> [  114.061859] 9f80:   ef0b9f88 ef0b9f88 ef0a5e58 80060018
>  
> [  114.061859] 9fa0:  ef0b9fb0 8000ee18 80060024  
>  
> [  114.061859] 9fc0:

omapdrm/pvr kernel crash with camera capture and display application

2014-12-02 Thread Tomi Valkeinen 
Hi,

On 02/12/14 14:41, Vikas Patil wrote:
> Hi All,
> 
> What I found is UnwrapExtMemoryCallBack() function from
> eurasia_km\services4\srvkm\common\devicemem.c always calls
> omap_gem_put_pages(), however just before the crash  it calls
> omap_gem_put_paddr() and it crashes in it due to  NULL pointer
> dereference of  >dev->struct_mutex. instead of
> omap_gem_put_pages(). Does this gives any clue on what might be going
> wrong? What OMAP_BO_TILED_MASK signifies?

OMAP_BO_TILED_MASK tells that the buffer has been allocated with TILER.

I'm not really familiar with this stuff, but I presume a matching
operation is done in PVRSRVImportGEMKM().

But but... If >dev->struct_mutex causes a NULL ref, it sounds to me
that the memory has already been released, or somehow else a NULL has
gotten into there.

Even if the code would accidentally call omap_gem_put_paddr instead of
omap_gem_put_pages, the struct_mutex should be fine.

 Tomi


-- next part --
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: OpenPGP digital signature
URL:

omapdrm/pvr kernel crash with camera capture and display application

2014-12-01 Thread Vikas Patil 
Hi,

I am running camera capture application (based on omap iss, v4l2,
videobuf2-dma-contig, x11, gles2) on customized OMAP5 board with 3.8 kernel
and rootfs based on GLSDK 6.04.00.02. However within 12 to 30 minutes it
crashes with following trace.

I have reverted Link 1 patch from omap_gem.c and integrated link 2 patch to
fix another crash I was observing
Link1:
http://git.omapzoom.org/?p=kernel/omap.git;a=commitdiff;h=f968e920452aa3061fb1dfff1a55a55f8af60dde;hp=1bca805f90dc31eac5a2093074cf70fe1b806f55
Link2:
http://omapzoom.org/?p=kernel/omap.git;a=commitdiff;h=0f88f7ca8283f9407a17f150968c6fc1a980231c;hp=0421a5efd6e44bb29e3abe2dc80b4b2564083df9


Could anyone give some inputs/suggestion to understand and fix this crash?
How should I start debugging it?

Regards & Thanks,
Vikash

Crash log:

[  114.055145] systemd[1]: Converting job network.service/restart ->
network.service/start
[  114.061676] Unable to handle kernel NULL pointer dereference at virtual
address 0014
[  114.061676] pgd = 80004000
[  114.061676] [0014] *pgd=
[  114.061676] Internal error: Oops: 17 [#1] PREEMPT SMP ARM
[  114.061706] Modules linked in: omap5_iss ov10635 videobuf2_dma_contig
tc358746xbg ser913q_de914q sd8xxx(O) mlan(PO) omapdrm_pvr(O)
[  114.061706] CPU: 0Tainted: P   O  (3.8.13 #14)
[  114.061737] PC is at mutex_lock+0x1c/0x58
[  114.061737] LR is at omap_gem_put_paddr+0x24/0xb8
[  114.061737] pc : [<804c4ff0>]lr : [<80324a80>]psr: 0013
[  114.061737] sp : ef0b9e10  ip : ef0b9e28  fp : ef0b9e24
[  114.061737] r10:   r9 :   r8 : 8073ef0c
[  114.061737] r7 : ee9653c0  r6 :   r5 :   r4 : 0014
[  114.061767] r3 : f000  r2 : 0001d838  r1 : 6013  r0 : 0014
[  114.061767] Flags: nzcv  IRQs on  FIQs on  Mode SVC_32  ISA ARM  Segment
kernel
[  114.061767] Control: 10c5387d  Table: ecd3406a  DAC: 0015
[  114.061767] Process kworker/u:0 (pid: 6, stack limit = 0xef0b8240)
[  114.061767] Stack: (0xef0b9e10 to 0xef0ba000)
[  114.061767] 9e00: f000 ecfe5300
ef0b9e3c ef0b9e28
[  114.061798] 9e20: 80324a80 804c4fe0 ecfe5300  ef0b9e5c ef0b9e40
7f009e44 80324a68
[  114.061798] 9e40: 7f009de0 ee965b00 0001  ef0b9e84 ef0b9e60
7f014d88 7f009dec
[  114.061798] 9e60: 7f04711c ecd40854 eeb55340 ee965b00  ecf68880
ef0b9e9c ef0b9e88
[  114.061798] 9e80: 7f0155b4 7f014d4c ee9653c0 7f0268a0 ef0b9ebc ef0b9ea0
7f009314 7f01555c
[  114.061798] 9ea0:  ee965420 807bbaa4 7f0092e0 ef0b9edc ef0b9ec0
803244e0 7f0092ec
[  114.061828] 9ec0: ef0661c0 ee965420 8073ee00 ef2aca00 ef0b9f24 ef0b9ee0
80058198 803244ac
[  114.061828] 9ee0: ef0661c0 8073ef0c ef0b8000 ef0661c0 8073ef0c 
8073ee00 ef0661c0
[  114.061828] 9f00: 8073ef0c ef0b8000 8073ee00 ef0661d4 8073ef0c 8073ef0c
ef0b9f5c ef0b9f28
[  114.061828] 9f20: 80058808 80057f2c  ef0661c0 80058590 ef0a5e58
 ef0661c0
[  114.061828] 9f40: 80058590    ef0b9fac ef0b9f60
800600d4 8005859c
[  114.061828] 9f60: 00102d58  ef0b9f94 ef0661c0  
ef0b9f78 ef0b9f78
[  114.061859] 9f80:   ef0b9f88 ef0b9f88 ef0a5e58 80060018
 
[  114.061859] 9fa0:  ef0b9fb0 8000ee18 80060024  
 
[  114.061859] 9fc0:      
 
[  114.061859] 9fe0:     0013 
40c04a08 00412274
[  114.061859] Backtrace:
[  114.061889] [<804c4fd4>] (mutex_lock+0x0/0x58) from [<80324a80>]
(omap_gem_put_paddr+0x24/0xb8)
[  114.061889]  r4:ecfe5300 r3:f000
[  114.061920] [<80324a5c>] (omap_gem_put_paddr+0x0/0xb8) from [<7f009e44>]
(UnwrapExtMemoryCallBack+0x64/0x74 [omapdrm_pvr])
[  114.061920]  r5: r4:ecfe5300
[  114.061981] [<7f009de0>] (UnwrapExtMemoryCallBack+0x0/0x74
[omapdrm_pvr]) from [<7f014d88>] (FreeResourceByPtr+0x48/0xe8 [omapdrm_pvr])
[  114.061981]  r6: r5:0001 r4:ee965b00 r3:7f009de0
[  114.062042] [<7f014d40>] (FreeResourceByPtr+0x0/0xe8 [omapdrm_pvr]) from
[<7f0155b4>] (ResManFreeResByPtr+0x64/0x80 [omapdrm_pvr])
[  114.062042]  r6:ecf68880 r5: r4:ee965b00
[  114.062072] [<7f015550>] (ResManFreeResByPtr+0x0/0x80 [omapdrm_pvr])
from [<7f009314>] (async_unmap+0x34/0x54 [omapdrm_pvr])
[  114.062103]  r5:7f0268a0 r4:ee9653c0
[  114.062103] [<7f0092e0>] (async_unmap+0x0/0x54 [omapdrm_pvr]) from
[<803244e0>] (notify_worker+0x40/0x48)
[  114.062133]  r6:7f0092e0 r5:807bbaa4 r4:ee965420 r3:
[  114.062133] [<803244a0>] (notify_worker+0x0/0x48) from [<80058198>]
(process_one_work+0x278/0x488)
[  114.062133]  r7:ef2aca00 r6:8073ee00 r5:ee965420 r4:ef0661c0
[  114.062164] [<80057f20>] (process_one_work+0x0/0x488) from [<80058808>]
(worker_thread+0x278/0x398)
[  114.062164] [<80058590>] (worker_thread+0x0/0x398) from [<800600d4>]
(kthread+0xbc/0xcc)
[  114.062164] [<80060018>] (kthread+0x0/0xcc) from [<8000ee18>]