* [BUG] crystalhd git.linuxtv.org kernel driver: NULL pointer deref in bc_cproc_reset_stats() after crashing bino3d
@ 2012-12-29 4:25 thomas schorpp
0 siblings, 0 replies; only message in thread
From: thomas schorpp @ 2012-12-29 4:25 UTC (permalink / raw)
To: linux-media; +Cc: j, jarod
Hello guys,
I'm working on supporting BCM 970012/15 crystalhd decoder in userspace video/tv apps and
can't find where to report bugs of
http://git.linuxtv.org/jarod/crystalhd.git
<devinheitmueller> I think he just borrowed our git server.
So I borrow this list to get more developers, testers and sw- quality guys in.
Got a double free null pointer deref OOPS in chd_dec_free_iodata on crashing bino3d using crystalhd driver on
debian wheezy
Linux vdr1 3.6.10-PM #8 PREEMPT Sat Dec 15 00:54:11 CET 2012 i686 GNU/Linux
crystalhd driver+lib, libavcodec crystalhd.c git HEAD but libavcodec53
reproducible and only occuring after
Dec 27 12:12:17 vdr1 kernel: [33147.169731] crystalhd_hw_stats: Invalid Arguments
log message.
System not crashing, driver still usable.
Note: I've disabled the legacy h264 software codec in libavcodec53 to force every app using h264_crystalhd for h.264 with
my backport patch -Attached- from ffmpeg git HEAD of yesterday to libavcodec.so.53.61.100 , debian src ffmpeg 7:0.10.3-dmo1 0
using
./configure ... --disable-decoder='h264,h264_vdpau,h264_vda'
to automate testing of (lib)crystalhd(.ko) with all apps requesting libavcodec h.264 ;-)
Don't worry, I've left the "childlock" in the patch to not get this patch in any distro.
y
tom
-Att: Kernel OOPS bt, etc
Dec 27 12:11:57 vdr1 kernel: [33127.022053] crystalhd 0000:02:00.0: Opening new user[0] handle
Dec 27 12:12:00 vdr1 kernel: [33129.862089] start_capture: pause_th:12, resume_th:5
Dec 27 12:12:00 vdr1 kernel: [33130.273355] crystalhd 0000:02:00.0: Closing user[0] handle via ioctl with mode 1417200
Dec 27 12:12:00 vdr1 kernel: [33130.589582] crystalhd 0000:02:00.0: Opening new user[0] handle
Dec 27 12:12:03 vdr1 kernel: [33133.464029] start_capture: pause_th:12, resume_th:5
Dec 27 12:12:17 vdr1 kernel: [33146.856414] crystalhd 0000:02:00.0: Closing user[0] handle with mode 1417200
Dec 27 12:12:17 vdr1 kernel: [33147.169731] crystalhd_hw_stats: Invalid Arguments
Dec 27 12:12:17 vdr1 kernel: [33147.169778] BUG: unable to handle kernel NULL pointer dereference at 00000040
Dec 27 12:12:17 vdr1 kernel: [33147.170259] IP: [<c11848d8>] do_raw_spin_trylock+0x8/0x50
Dec 27 12:12:17 vdr1 kernel: [33147.170621] *pdpt = 000000002b9cb001 *pde = 0000000000000000
Dec 27 12:12:17 vdr1 kernel: [33147.170622] Oops: 0000 [#1] PREEMPT
Dec 27 12:12:17 vdr1 kernel: [33147.170622] Modules linked in: dvb_ttpci md5 crypto_hash cpufreq_stats cpufreq_powersave cpufreq_userspace cpufreq_conservative bnep rfcomm bluetooth crc16 binfmt_misc uinput fuse nfsd exportfs auth_rpcgss nfs_acl nfs lockd sunrpc nf_conntrack_ipv6 nf_defrag_ipv6 ip6table_filter ip6_tables nf_conntrack_ipv4 nf_defrag_ipv4 xt_state nf_conntrack xt_limit iptable_filter ip_tables af_packet ipv6 w83627ehf hwmon_vid hwmon uvcvideo isl6405 dvb_pll tda10086 saa7134_dvb tuner videobuf_dvb tda10021 saa7134 stv0297 snd_usb_audio cryptomgr aead arc4 crypto_blkcipher crypto_algapi snd_usbmidi_lib snd_hwdep rt73usb rt2x00usb rt2x00lib snd_pcm_oss budget_av snd_intel8x0 saa7146_vv budget_core ttpci_eeprom snd_ac97_codec saa7146 mac80211 ac97_bus snd_mixer_oss snd_seq_dummy snd_pcm snd_seq_oss cfg80211 dvb_core tveeprom videobuf2_vmalloc videobuf2_memops videobuf_dma_sg videobuf2_core snd_page_alloc snd_seq_midi joydev videobuf_core v4l2_common crc_itu_t crypto snd_ra
wmidi videodev snd_seq_mid
Dec 27 12:12:17 vdr1 kernel: i_event snd_seq rc_core shpchp snd_seq_device snd_timer snd serio_raw i2c_i801 pcspkr pci_hotplug rng_core crystalhd(O) 8250_pnp soundcore 8250 serial_core acpi_cpufreq mperf processor evdev ext3 mbcache jbd sg sr_mod sd_mod cdrom crc_t10dif hid_generic hid_sunplus usbhid hid ata_piix ahci libahci uhci_hcd ehci_hcd libata scsi_mod usbcore [last unloaded: dvb_ttpci]
Dec 27 12:12:17 vdr1 kernel: [33147.170622] Pid: 23337, comm: bino Tainted: G O 3.6.10-PM #8 /Alviso
Dec 27 12:12:17 vdr1 kernel: [33147.170622] EIP: 0060:[<c11848d8>] EFLAGS: 00210046 CPU: 0
Dec 27 12:12:17 vdr1 kernel: [33147.170622] EIP is at do_raw_spin_trylock+0x8/0x50
Dec 27 12:12:17 vdr1 kernel: [33147.170622] EAX: 00000040 EBX: 00000000 ECX: 00000040 EDX: 00000000
Dec 27 12:12:17 vdr1 kernel: [33147.170622] ESI: 00000040 EDI: 00200292 EBP: f5379e5c ESP: f5379e58
Dec 27 12:12:17 vdr1 kernel: [33147.170622] DS: 007b ES: 007b FS: 0000 GS: 0033 SS: 0068
Dec 27 12:12:17 vdr1 kernel: [33147.170622] CR0: 8005003b CR2: 00000040 CR3: 315c7000 CR4: 000007f0
Dec 27 12:12:17 vdr1 kernel: [33147.170622] DR0: 00000000 DR1: 00000000 DR2: 00000000 DR3: 00000000
Dec 27 12:12:17 vdr1 kernel: [33147.170622] DR6: ffff0ff0 DR7: 00000400
Dec 27 12:12:17 vdr1 kernel: [33147.170622] Process bino (pid: 23337, ti=f5378000 task=f59e2940 task.ti=f5378000)
Dec 27 12:12:17 vdr1 kernel: [33147.170622] Stack:
Dec 27 12:12:17 vdr1 kernel: [33147.170622] 00000050 f5379e80 c136c9b5 00000000 00000002 00000000 fa1f1bd6 f42e9400
Dec 27 12:12:17 vdr1 kernel: [33147.170622] f595dc88 00000000 f5379ed8 fa1f1bd6 00000218 f5378000 00000000 f5379eb0
Dec 27 12:12:17 vdr1 kernel: [33147.170622] c117e811 08679940 042e9400 f42e9400 00000000 08679940 f5379ed8 fa1ef3b9
Dec 27 12:12:17 vdr1 kernel: [33147.170622] Call Trace:
Dec 27 12:12:17 vdr1 kernel: [33147.170622] [<c136c9b5>] _raw_spin_lock_irqsave+0x55/0x90
Dec 27 12:12:17 vdr1 kernel: [33147.170622] [<fa1f1bd6>] ? bc_cproc_get_stats+0x226/0x280 [crystalhd]
Dec 27 12:12:17 vdr1 kernel: [33147.170622] [<fa1f1bd6>] bc_cproc_get_stats+0x226/0x280 [crystalhd]
Dec 27 12:12:17 vdr1 kernel: [33147.170622] [<c117e811>] ? _copy_from_user+0x41/0xb0
Dec 27 12:12:17 vdr1 kernel: [33147.170622] [<fa1ef3b9>] ? chd_dec_proc_user_data+0x59/0x320 [crystalhd]
Dec 27 12:12:17 vdr1 kernel: [33147.170622] [<fa1ef977>] ? chd_dec_alloc_iodata+0xf7/0x120 [crystalhd]
Dec 27 12:12:17 vdr1 kernel: [33147.170622] [<fa1efb5e>] chd_dec_ioctl+0x16e/0x1c0 [crystalhd]
Dec 27 12:12:17 vdr1 kernel: [33147.170622] [<fa1f19b0>] ? bc_cproc_reset_stats+0x20/0x20 [crystalhd]
Dec 27 12:12:17 vdr1 kernel: [33147.170622] [<fa1ef9f0>] ? chd_dec_free_iodata+0x50/0x50 [crystalhd]
Dec 27 12:12:17 vdr1 kernel: [33147.170622] [<c10f4355>] do_vfs_ioctl+0x535/0x580
Dec 27 12:12:17 vdr1 kernel: [33147.170622] [<c104e73e>] ? hrtimer_nanosleep+0x6e/0xf0
Dec 27 12:12:17 vdr1 kernel: [33147.170622] [<c10e4ab8>] ? fget_light+0xe8/0x120
Dec 27 12:12:17 vdr1 kernel: [33147.170622] [<c10e4ad1>] ? fget_light+0x101/0x120
Dec 27 12:12:17 vdr1 kernel: [33147.170622] [<c10e4a30>] ? fget_light+0x60/0x120
Dec 27 12:12:17 vdr1 kernel: [33147.170622] [<c10f43cd>] sys_ioctl+0x2d/0x60
Dec 27 12:12:17 vdr1 kernel: [33147.170622] [<c137238c>] sysenter_do_call+0x12/0x32
Dec 27 12:12:17 vdr1 kernel: [33147.170622] [<c1360000>] ? asus_hides_smbus_hostbridge+0x264/0x269
Dec 27 12:12:17 vdr1 kernel: [33147.170622] Code: a2 66 90 c7 43 08 00 00 00 00 8b 75 f8 8b 7d fc a1 2c dc 4e c1 89 43 0c 8b 5d f4 89 ec 5d c3 8d 74 26 00 55 89 c1 89 e5 53 31 db <8b> 00 c7 01 00 00 00 00 84 c0 0f 9f c3 85 db 74 17 a1 2c dc 4e
Dec 27 12:12:17 vdr1 kernel: [33147.170622] EIP: [<c11848d8>] do_raw_spin_trylock+0x8/0x50 SS:ESP 0068:f5379e58
Dec 27 12:12:17 vdr1 kernel: [33147.170622] CR2: 0000000000000040
Dec 27 12:12:17 vdr1 kernel: [33147.170622] ---[ end trace 41db3e0e4ba186f9 ]---
Dec 27 12:12:17 vdr1 kernel: [33147.470034] note: bino[23337] exited with preempt_count 1
Dec 27 12:14:54 vdr1 kernel: [33304.694760] crystalhd 0000:02:00.0: Handle is already closed
Dec 28 01:44:24 vdr1 kernel: [81873.888316] crystalhd 0000:02:00.0: Closing user[0] handle via ioctl with mode 1417200
Dec 28 01:44:24 vdr1 kernel: [81874.194675] crystalhd 0000:02:00.0: Opening new user[0] handle
Dec 28 01:44:26 vdr1 kernel: [81876.705679] start_capture: pause_th:12, resume_th:5
Dec 28 01:44:37 vdr1 vdr: [15683] frontend 2/0 lost lock on channel 76, tp 212480
Dec 28 01:44:37 vdr1 vdr: [15683] frontend 2/0 regained lock on channel 76, tp 212480
Dec 28 01:44:59 vdr1 kernel: [81909.012564] crystalhd 0000:02:00.0: Closing user[0] handle with mode 1417200
Dec 28 01:45:00 vdr1 kernel: [81909.318416] crystalhd_hw_stats: Invalid Arguments
Dec 28 01:45:00 vdr1 kernel: [81909.318446] BUG: unable to handle kernel NULL pointer dereference at 00000040
Dec 28 01:45:00 vdr1 kernel: [81909.319394] IP: [<c11848d8>] do_raw_spin_trylock+0x8/0x50
Dec 28 01:45:00 vdr1 kernel: [81909.319394] *pdpt = 0000000014069001 *pde = 0000000000000000
6_tables nf_conntrack_ipv4 nf_defrag_ipv4 xt_state nf_conntrack xt_limit iptable_filter ip_tables af_packet ipv6 w83627ehf hwmon_vid hwmon uvcvideo isl6405 dvb_pll tda10086 saa7134_dvb tuner videobuf_dvb tda10021 saa7134 stv0297 snd_usb_audio cryptomgr aead arc4 crypto_blkcipher crypto_algapi snd_usbmidi_lib snd_hwdep rt73usb rt2x00usb rt2x00lib snd_pcm_oss budget_av snd_intel8x0 saa7146_vv budget_core ttpci_eeprom snd_ac97_codec saa7146 mac80211 ac97_bus snd_mixer_oss snd_seq_dummy snd_pcm snd_seq_oss cfg80211 dvb_core tveeprom videobuf2_vmalloc videobuf2_memops videobuf_dma_sg videobuf2_core snd_page_alloc snd_seq_midi joydev videobuf_core v4l2_common crc_itu_t crypto snd_rawmidi videodev snd_seq_mid
Dec 28 01:45:00 vdr1 kernel: i_event snd_seq rc_core shpchp snd_seq_device snd_timer snd serio_raw i2c_i801 pcspkr pci_hotplug rng_core crystalhd(O) 8250_pnp soundcore 8250 serial_core acpi_cpufreq mperf processor evdev ext3 mbcache jbd sg sr_mod sd_mod cdrom crc_t10dif hid_generic hid_sunplus usbhid hid ata_piix ahci libahci uhci_hcd ehci_hcd libata scsi_mod usbcore [last unloaded: dvb_ttpci]
Dec 28 01:45:00 vdr1 kernel: [81909.319394] Pid: 15899, comm: bino Tainted: G D O 3.6.10-PM #8 /Alviso
Dec 28 01:45:00 vdr1 kernel: [81909.319394] EIP: 0060:[<c11848d8>] EFLAGS: 00010046 CPU: 0
Dec 28 01:45:00 vdr1 kernel: [81909.319394] EIP is at do_raw_spin_trylock+0x8/0x50
Dec 28 01:45:00 vdr1 kernel: [81909.319394] EAX: 00000040 EBX: 00000000 ECX: 00000040 EDX: 00000000
Dec 28 01:45:00 vdr1 kernel: [81909.319394] ESI: 00000040 EDI: 00000292 EBP: d415fe5c ESP: d415fe58
Dec 28 01:45:00 vdr1 kernel: [81909.319394] DS: 007b ES: 007b FS: 0000 GS: 0033 SS: 0068
Dec 28 01:45:00 vdr1 kernel: [81909.319394] CR0: 8005003b CR2: 00000040 CR3: 34dae000 CR4: 000007f0
Dec 28 01:45:00 vdr1 kernel: [81909.319394] DR0: 00000000 DR1: 00000000 DR2: 00000000 DR3: 00000000
Dec 28 01:45:00 vdr1 kernel: [81909.319394] DR6: ffff0ff0 DR7: 00000400
Dec 28 01:45:00 vdr1 kernel: [81909.319394] Process bino (pid: 15899, ti=d415e000 task=c67a94a0 task.ti=d415e000)
Dec 28 01:45:00 vdr1 kernel: [81909.319394] Stack:
Dec 28 01:45:00 vdr1 kernel: [81909.319394] 00000050 d415fe80 c136c9b5 00000000 00000002 00000000 fa1f1bd6 f42e9800
Dec 28 01:45:00 vdr1 kernel: [81909.319394] f595dc88 00000000 d415fed8 fa1f1bd6 00000218 d415e000 00000000 d415feb0
Dec 28 01:45:00 vdr1 kernel: [81909.319394] c117e811 b0b08f98 042e9800 f42e9800 00000000 b0b08f98 d415fed8 fa1ef3b9
Dec 28 01:45:00 vdr1 kernel: [81909.319394] Call Trace:
Dec 28 01:45:00 vdr1 kernel: [81909.319394] [<c136c9b5>] _raw_spin_lock_irqsave+0x55/0x90
Dec 28 01:45:00 vdr1 kernel: [81909.319394] [<fa1f1bd6>] ? bc_cproc_get_stats+0x226/0x280 [crystalhd]
Dec 28 01:45:00 vdr1 kernel: [81909.319394] [<fa1f1bd6>] bc_cproc_get_stats+0x226/0x280 [crystalhd]
Dec 28 01:45:00 vdr1 kernel: [81909.319394] [<c117e811>] ? _copy_from_user+0x41/0xb0
Dec 28 01:45:00 vdr1 kernel: [81909.319394] [<fa1ef3b9>] ? chd_dec_proc_user_data+0x59/0x320 [crystalhd]
Dec 28 01:45:00 vdr1 kernel: [81909.319394] [<fa1ef977>] ? chd_dec_alloc_iodata+0xf7/0x120 [crystalhd]
Dec 28 01:45:00 vdr1 kernel: [81909.319394] [<fa1efb5e>] chd_dec_ioctl+0x16e/0x1c0 [crystalhd]
Dec 28 01:45:00 vdr1 kernel: [81909.319394] [<fa1f19b0>] ? bc_cproc_reset_stats+0x20/0x20 [crystalhd]
Dec 28 01:45:00 vdr1 kernel: [81909.319394] [<fa1ef9f0>] ? chd_dec_free_iodata+0x50/0x50 [crystalhd]
Dec 28 01:45:00 vdr1 kernel: [81909.319394] [<c10f4355>] do_vfs_ioctl+0x535/0x580
Dec 28 01:45:00 vdr1 kernel: [81909.319394] [<c104e73e>] ? hrtimer_nanosleep+0x6e/0xf0
Dec 28 01:45:00 vdr1 kernel: [81909.319394] [<c10e4ab8>] ? fget_light+0xe8/0x120
Dec 28 01:45:00 vdr1 kernel: [81909.319394] [<c10e4ad1>] ? fget_light+0x101/0x120
Dec 28 01:45:00 vdr1 kernel: [81909.319394] [<c10e4a30>] ? fget_light+0x60/0x120
Dec 28 01:45:00 vdr1 kernel: [81909.319394] [<c10f43cd>] sys_ioctl+0x2d/0x60
Dec 28 01:45:00 vdr1 kernel: [81909.319394] [<c137238c>] sysenter_do_call+0x12/0x32
Dec 28 01:45:00 vdr1 kernel: [81909.319394] [<c1360000>] ? asus_hides_smbus_hostbridge+0x264/0x269
Dec 28 01:45:00 vdr1 kernel: [81909.319394] Code: a2 66 90 c7 43 08 00 00 00 00 8b 75 f8 8b 7d fc a1 2c dc 4e c1 89 43 0c 8b 5d f4 89 ec 5d c3 8d 74 26 00 55 89 c1 89 e5 53 31 db <8b> 00 c7 01 00 00 00 00 84 c0 0f 9f c3 85 db 74 17 a1 2c dc 4e
Dec 28 01:45:00 vdr1 kernel: [81909.319394] EIP: [<c11848d8>] do_raw_spin_trylock+0x8/0x50 SS:ESP 0068:d415fe58
Dec 28 01:45:00 vdr1 kernel: [81909.319394] CR2: 0000000000000040
Dec 28 01:45:00 vdr1 kernel: [81909.319394] ---[ end trace 41db3e0e4ba186fa ]---
Dec 28 01:45:00 vdr1 kernel: [81909.866655] note: bino[15899] exited with preempt_count 1
^ permalink raw reply [flat|nested] only message in thread
only message in thread, other threads:[~2012-12-29 4:33 UTC | newest]
Thread overview: (only message) (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2012-12-29 4:25 [BUG] crystalhd git.linuxtv.org kernel driver: NULL pointer deref in bc_cproc_reset_stats() after crashing bino3d thomas schorpp
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.