Hi,
I’ve seen a segfault occur on the L4t 28.2 VI driver when loading a v4l2 driver that doesn’t implement fill the camera_common structure, for instance in the following example I load 3 devices (imx298) that does implement the camera common structure on the driver, then 1 that it doesn’t (dw9800w), the segfault that happens at boot time is the following:
[ 6.700086] ALSA device list:
[ 6.700087] #0: tegra-hda at 0x3518000 irq 400
[ 6.700088] #1: tegra-snd-t186ref-mobile-rt565x
[ 6.701237] tegra-vi4 15700000.vi: initialized
[ 6.702412] tegra-vi4 15700000.vi: subdev 150c0000.nvcsi-0 bound
[ 6.702416] tegra-vi4 15700000.vi: subdev imx298 30-0010 bound
[ 6.702511] (null): disable override control
[ 6.702703] tegra-vi4 15700000.vi: subdev 150c0000.nvcsi-2 bound
[ 6.702706] tegra-vi4 15700000.vi: subdev imx298 31-0010 bound
[ 6.702789] (null): disable override control
[ 6.702955] tegra-vi4 15700000.vi: subdev 150c0000.nvcsi-4 bound
[ 6.702957] tegra-vi4 15700000.vi: subdev imx298 32-0010 bound
[ 6.703042] (null): disable override control
[ 6.703175] tegra-vi4 15700000.vi: subdev dw9800w 30-000c bound
[ 6.703220] (null): disable override control
[ 6.703230] Unable to handle kernel paging request at virtual address 601838016818d9c6
[ 6.703231] pgd = ffffffc001505000
[ 6.703234] [601838016818d9c6] *pgd=0000000000000000, *pud=0000000000000000
[ 6.703237] Internal error: Oops: 96000044 [#1] PREEMPT SMP
[ 6.703239] Modules linked in:
[ 6.703243] CPU: 0 PID: 6 Comm: kworker/u12:0 Not tainted 4.4.38-tegra #3
[ 6.703244] Hardware name: quill (DT)
[ 6.703250] Workqueue: events_unbound async_run_entry_fn
[ 6.703251] task: ffffffc1ece3be80 ti: ffffffc1ece6c000 task.ti: ffffffc1ece6c000
[ 6.703256] PC is at tegra_channel_init_subdevices+0x3f0/0x640
[ 6.703258] LR is at tegra_channel_init_subdevices+0x32c/0x640
[ 6.703259] pc : [<ffffffc0007d5240>] lr : [<ffffffc0007d517c>] pstate: 80000045
[ 6.703260] sp : ffffffc1ece6f9a0
[ 6.703262] x29: ffffffc1ece6f9a0 x28: ffffffc1e9fac5b0
[ 6.703264] x27: 0000000000000001 x26: ffffffc1eb541028
[ 6.703266] x25: ffffffc1e4f15c00 x24: ffffffc1e4f41000
[ 6.703268] x23: ffffffc1e4f3d800 x22: ffffffc1e4f42000
[ 6.703269] x21: ffffffc1e4f304f8 x20: ffffffc000c79000
[ 6.703271] x19: ffffffc1e4f30018 x18: 00000000000007e4
[ 6.703273] x17: ffffffc1eb5b1d18 x16: ffffffc1eb5b1cf0
[ 6.703274] x15: 0000000000001618 x14: ffffffc00147ec38
[ 6.703276] x13: ffffffc1e4f436e8 x12: 0000000000000090
[ 6.703277] x11: 0000000000000028 x10: ffffffc1eb5ae420
[ 6.703279] x9 : 0000000000000014 x8 : 0000000000000038
[ 6.703281] x7 : 0000000000000018 x6 : ffffffc1eb5b1d68
[ 6.703283] x5 : 6823fdbff018462a x4 : 4631b12068d8000b
[ 6.703284] x3 : ffffffc1eb540ff0 x2 : 601838016818d9c6
[ 6.703286] x1 : 0000000000000066 x0 : ffffffc1e4f3e000
[ 6.703286]
[ 6.703288] Process kworker/u12:0 (pid: 6, stack limit = 0xffffffc1ece6c020)
[ 6.703289] Call trace:
[ 6.703291] [<ffffffc0007d5240>] tegra_channel_init_subdevices+0x3f0/0x640
[ 6.703293] [<ffffffc0007d61d8>] tegra_vi_graph_notify_complete+0x220/0x660
[ 6.703296] [<ffffffc0007c6600>] v4l2_async_test_notify+0xf0/0x100
[ 6.703298] [<ffffffc0007c6734>] v4l2_async_notifier_register+0x124/0x190
[ 6.703300] [<ffffffc0007d6cd0>] tegra_vi_graph_init+0x1c8/0x298
[ 6.703302] [<ffffffc0007d3068>] tegra_vi_media_controller_init+0x190/0x200
[ 6.703306] [<ffffffc00094f908>] tegra_vi4_probe+0x210/0x2c0
[ 6.703310] [<ffffffc000598748>] platform_drv_probe+0x50/0xb8
[ 6.703312] [<ffffffc000596244>] driver_probe_device+0xcc/0x428
[ 6.703314] [<ffffffc00059663c>] __driver_attach+0x9c/0xa0
[ 6.703315] [<ffffffc000594138>] bus_for_each_dev+0x60/0xa0
[ 6.703317] [<ffffffc000595b38>] driver_attach+0x20/0x28
[ 6.703318] [<ffffffc000594634>] driver_attach_async+0x14/0x58
[ 6.703320] [<ffffffc0000c5ec8>] async_run_entry_fn+0x40/0x168
[ 6.703322] [<ffffffc0000bd108>] process_one_work+0x138/0x4c0
[ 6.703323] [<ffffffc0000bd5b4>] worker_thread+0x124/0x498
[ 6.703325] [<ffffffc0000c32dc>] kthread+0xdc/0xf0
[ 6.703328] [<ffffffc000084f90>] ret_from_fork+0x10/0x40
Another example for the tc358743 (that doesn’t implement the camera_common structure in the v4l2 driver):
[ 5.392516] vi 54080000.vi: vi_probe: ++
[ 5.403450] vi 54080000.vi: initialized
[ 5.412339] vi 54080000.vi: subdev nvcsi-0 bound
[ 5.417852] vi 54080000.vi: subdev tc358743 2-000f bound
[ 5.424472] Unable to handle kernel NULL pointer dereference at virtual address 00000000
[ 5.434242] pgd = ffffffc001618000
[ 5.438495] [00000000] *pgd=000000017b1da003, *pud=000000017b1da003, *pmd=000000017b1db003, *pte=00e8000050041707
[ 5.450528] Internal error: Oops: 96000005 [#1] PREEMPT SMP
[ 5.456941] Modules linked in:
[ 5.460819] CPU: 1 PID: 1 Comm: swapper/0 Not tainted 4.4.38-TEAL-L4T-28.2-009 #1
[ 5.469927] Hardware name: jetson_tx1 (DT)
[ 5.474818] task: ffffffc0fb2d0000 ti: ffffffc0fb2d8000 task.ti: ffffffc0fb2d8000
[ 5.483906] PC is at tegra_channel_sensorprops_setup+0x1d8/0x2a8
[ 5.490751] LR is at tegra_channel_sensorprops_setup+0x15c/0x2a8
[ 5.497569] pc : [<ffffffc0007c8bcc>] lr : [<ffffffc0007c8b50>] pstate: 20000045
[ 5.506569] sp : ffffffc0fb2db9f0
[ 5.510664] x29: ffffffc0fb2db9f0 x28: 0000000000000001
[ 5.516771] x27: ffffffc0f4e4b3e0 x26: ffffffc0011240f0
[ 5.522854] x25: ffffffc0f4e4b018 x24: ffffffc07d2c3500
[ 5.528906] x23: ffffffc0f4e4b4f8 x22: ffffffc0303ee070
[ 5.534944] x21: ffffffc0f4e4d000 x20: ffffffc0f4e55000
[ 5.540982] x19: ffffffc0f4e4c000 x18: 0000000000000000
[ 5.547021] x17: 0000000000000000 x16: 0000000000000000
[ 5.553057] x15: ffffffffffffffff x14: 0ffffffffffffffe
[ 5.559079] x13: ffffff0000000000 [ 5.561579] tegra-pcie 1003000.pcie-controller: link 0 down, retrying
[ 5.570127] x12: ffffffffffffffff
[ 5.575028] x11: 0000000000000001 x10: 0000000000000000
[ 5.581006] x9 : ffffffc0303ee038 x8 : 0000000000000000
[ 5.586971] x7 : ffffffffffffffff x6 : ffffffc0f4e4c0d0
[ 5.592916] x5 : 0000000000000000 x4 : 0000000000000000
[ 5.598841] x3 : 0000000000000000 x2 : ffffffc0f4e4c0d0
[ 5.604754] x1 : 0000000000000000 x0 : ffffffc0f4e55800
[ 5.610638]
[ 5.612646] Process swapper/0 (pid: 1, stack limit = 0xffffffc0fb2d8020)
[ 5.619888] Call trace:
[ 5.622887] [<ffffffc0007c8bcc>] tegra_channel_sensorprops_setup+0x1d8/0x2a8
[ 5.630509] [<ffffffc0007c9eb0>] tegra_channel_init_subdevices+0x1e8/0x294
[ 5.637935] [<ffffffc0007cac9c>] tegra_vi_graph_build_links+0x220/0x25c
[ 5.645106] [<ffffffc0007cad58>] tegra_vi_graph_notify_complete+0x80/0xd4
[ 5.652455] [<ffffffc0007b6218>] v4l2_async_test_notify+0xec/0x108
[ 5.659204] [<ffffffc0007b6358>] v4l2_async_notifier_register+0x124/0x184
[ 5.666570] [<ffffffc0007cb610>] tegra_vi_graph_init+0x230/0x2a8
[ 5.673172] [<ffffffc0007c7660>] tegra_vi_media_controller_init+0xb8/0x134
[ 5.680657] [<ffffffc0007d4cb0>] vi_probe+0x3b4/0x458
[ 5.686325] [<ffffffc00060c950>] platform_drv_probe+0x50/0xa8
[ 5.692700] [<ffffffc00060a314>] really_probe+0x134/0x2e0
Both of the drivers that I had problems on Jetpack 3.2 were working properly on Jetpack 3.1. I’ve detected that there’s an update on tegra_channel_init_subdevices on L4T 28.2 from the VI driver, that now includes methods like tegra_channel_sensorprops_setup that assume that the camera_common_data exist and therefore tries to read from it. Is this a bug of filling camera_common_data a requirement after L4T 28.2?
Best Regards,
JJ