* budget.c driver: Kernel oops: "BUG: unable to handle kernel paging request at ffffffff"
@ 2009-01-18 10:55 Tony Broad
2009-01-18 13:36 ` Oliver Endriss
0 siblings, 1 reply; 2+ messages in thread
From: Tony Broad @ 2009-01-18 10:55 UTC (permalink / raw)
To: linux-media
[-- Attachment #1: Type: text/plain, Size: 3390 bytes --]
I'm using a "Hauppauge WinTV-NOVA-T DVB card" of PCI id "13c2:1005" with
kernel 2.6.27.9.
I've recently experienced the following fairly consistent kernel oops on
startup in grundig_29504_401_tuner_set_params from budget.c. As you
might expect, following this failure, the card doesn't work.
I'm not a kernel developer, nevertheless I seem to have managed to track
this down to a non-existent initialisation of
budget->dvb_frontend->tuner_priv.
The attached patch fixes the problem for me (and I've managed to tune
the card successfully as a result), but I don't know of anyone else
using the driver so I can't test it on other people.
Please let me know if this works for you or if I've done something
terribly wrong ;-(
Cheers,
Tony
--
Kernel failure message 1:
BUG: unable to handle kernel paging request at ffffffff
IP: [<f8981e11>] :budget:grundig_29504_401_tuner_set_params+0x3b/0xf8
*pde = 007e0067 *pte = 00000000
Oops: 0000 [#1] SMP
Modules linked in: bridge stp bnep rfcomm l2cap asb100 hwmon_vid hwmon
fuse ipt_REJECT nf_conntrack_ipv4 iptable_filter ip_tables ip6t_REJECT
xt_tcpudp nf_conntrack_ipv6 xt_state nf_conntrack ip6table_filter
ip6_tables x_tables ipv6 loop dm_multipath scsi_dh ppdev snd_cmipci
gameport snd_seq_dummy snd_seq_oss snd_seq_midi_event snd_seq
snd_pcm_oss snd_mixer_oss l64781 snd_pcm snd_page_alloc snd_opl3_lib
snd_timer parport_pc snd_hwdep parport btusb snd_mpu401_uart budget
budget_core snd_rawmidi bluetooth saa7146 snd_seq_device ttpci_eeprom
snd soundcore sr_mod i2c_sis96x cdrom dvb_core sis900 i2c_core floppy
pcspkr mii sata_sil sg dm_snapshot dm_zero dm_mirror dm_log dm_mod
pata_sis ata_generic pata_acpi libata sd_mod scsi_mod crc_t10dif ext3
jbd mbcache uhci_hcd ohci_hcd ehci_hcd [last unloaded: microcode]
Pid: 2319, comm: kdvb-fe-0 Not tainted (2.6.27.9-73.fc9.i686 #1)
EIP: 0060:[<f8981e11>] EFLAGS: 00010286 CPU: 0
EIP is at grundig_29504_401_tuner_set_params+0x3b/0xf8 [budget]
EAX: f6417f00 EBX: f6f53808 ECX: 00000000 EDX: ffffffff
ESI: f6f94404 EDI: f6417f00 EBP: f6417f10 ESP: f6417ef0
DS: 007b ES: 007b FS: 00d8 GS: 0000 SS: 0068
Process kdvb-fe-0 (pid: 2319, ti=f6417000 task=f642b2c0 task.ti=f6417000)
Stack: f6e39800 00000000 00000004 f6417f00 c064523c f6f53808 f6f53800
f6f94404
f6417f54 f8b2e45a f6417f24 00000286 f6417f4c f6417f38 00000000
00000286
f6417f3c c064520f f642b2c0 f6417f6c c064456f 00000001 f6f94400
00000001
Call Trace:
[<c064523c>] ? _spin_lock_irqsave+0x29/0x30
[<f8b2e45a>] ? apply_frontend_param+0x27/0x357 [l64781]
[<c064520f>] ? _spin_lock_irq+0x1c/0x20
[<c064456f>] ? __down_common+0x91/0xbf
[<f894f25d>] ? dvb_frontend_swzigzag_autotune+0x17d/0x1a4 [dvb_core]
[<f894f780>] ? dvb_frontend_swzigzag+0x1ac/0x209 [dvb_core]
[<f894fcc8>] ? dvb_frontend_thread+0x2eb/0x3b3 [dvb_core]
[<c043c166>] ? autoremove_wake_function+0x0/0x33
[<f894f9dd>] ? dvb_frontend_thread+0x0/0x3b3 [dvb_core]
[<c043bec3>] ? kthread+0x3b/0x61
[<c043be88>] ? kthread+0x0/0x61
[<c040494b>] ? kernel_thread_helper+0x7/0x10
=======================
Code: ec 14 8b 80 00 02 00 00 8b 93 08 02 00 00 8d 7d e4 8b 40 20 89 45
e0 31 c0 85 d2 f3 ab 8d 45 f0 66 c7 45 e8 04 00 89 45 ec 74 09 <0f> b6
02 66 89 45 e4 eb 06 66 c7 45 e4 61 00 8b 0e be 0a 8b 02
EIP: [<f8981e11>] grundig_29504_401_tuner_set_params+0x3b/0xf8 [budget]
SS:ESP 0068:f6417ef0
---[ end trace a5d7a53bd60d29d2 ]---
[-- Attachment #2: kerneloops.txt --]
[-- Type: text/plain, Size: 2637 bytes --]
Kernel failure message 1:
BUG: unable to handle kernel paging request at ffffffff
IP: [<f8981e11>] :budget:grundig_29504_401_tuner_set_params+0x3b/0xf8
*pde = 007e0067 *pte = 00000000
Oops: 0000 [#1] SMP
Modules linked in: bridge stp bnep rfcomm l2cap asb100 hwmon_vid hwmon fuse ipt_REJECT nf_conntrack_ipv4 iptable_filter ip_tables ip6t_REJECT xt_tcpudp nf_conntrack_ipv6 xt_state nf_conntrack ip6table_filter ip6_tables x_tables ipv6 loop dm_multipath scsi_dh ppdev snd_cmipci gameport snd_seq_dummy snd_seq_oss snd_seq_midi_event snd_seq snd_pcm_oss snd_mixer_oss l64781 snd_pcm snd_page_alloc snd_opl3_lib snd_timer parport_pc snd_hwdep parport btusb snd_mpu401_uart budget budget_core snd_rawmidi bluetooth saa7146 snd_seq_device ttpci_eeprom snd soundcore sr_mod i2c_sis96x cdrom dvb_core sis900 i2c_core floppy pcspkr mii sata_sil sg dm_snapshot dm_zero dm_mirror dm_log dm_mod pata_sis ata_generic pata_acpi libata sd_mod scsi_mod crc_t10dif ext3 jbd mbcache uhci_hcd ohci_hcd ehci_hcd [last unloaded: microcode]
Pid: 2319, comm: kdvb-fe-0 Not tainted (2.6.27.9-73.fc9.i686 #1)
EIP: 0060:[<f8981e11>] EFLAGS: 00010286 CPU: 0
EIP is at grundig_29504_401_tuner_set_params+0x3b/0xf8 [budget]
EAX: f6417f00 EBX: f6f53808 ECX: 00000000 EDX: ffffffff
ESI: f6f94404 EDI: f6417f00 EBP: f6417f10 ESP: f6417ef0
DS: 007b ES: 007b FS: 00d8 GS: 0000 SS: 0068
Process kdvb-fe-0 (pid: 2319, ti=f6417000 task=f642b2c0 task.ti=f6417000)
Stack: f6e39800 00000000 00000004 f6417f00 c064523c f6f53808 f6f53800 f6f94404
f6417f54 f8b2e45a f6417f24 00000286 f6417f4c f6417f38 00000000 00000286
f6417f3c c064520f f642b2c0 f6417f6c c064456f 00000001 f6f94400 00000001
Call Trace:
[<c064523c>] ? _spin_lock_irqsave+0x29/0x30
[<f8b2e45a>] ? apply_frontend_param+0x27/0x357 [l64781]
[<c064520f>] ? _spin_lock_irq+0x1c/0x20
[<c064456f>] ? __down_common+0x91/0xbf
[<f894f25d>] ? dvb_frontend_swzigzag_autotune+0x17d/0x1a4 [dvb_core]
[<f894f780>] ? dvb_frontend_swzigzag+0x1ac/0x209 [dvb_core]
[<f894fcc8>] ? dvb_frontend_thread+0x2eb/0x3b3 [dvb_core]
[<c043c166>] ? autoremove_wake_function+0x0/0x33
[<f894f9dd>] ? dvb_frontend_thread+0x0/0x3b3 [dvb_core]
[<c043bec3>] ? kthread+0x3b/0x61
[<c043be88>] ? kthread+0x0/0x61
[<c040494b>] ? kernel_thread_helper+0x7/0x10
=======================
Code: ec 14 8b 80 00 02 00 00 8b 93 08 02 00 00 8d 7d e4 8b 40 20 89 45 e0 31 c0 85 d2 f3 ab 8d 45 f0 66 c7 45 e8 04 00 89 45 ec 74 09 <0f> b6 02 66 89 45 e4 eb 06 66 c7 45 e4 61 00 8b 0e be 0a 8b 02
EIP: [<f8981e11>] grundig_29504_401_tuner_set_params+0x3b/0xf8 [budget] SS:ESP 0068:f6417ef0
---[ end trace a5d7a53bd60d29d2 ]---
[-- Attachment #3: ObjDump.txt --]
[-- Type: text/plain, Size: 3322 bytes --]
00000dd6 <grundig_29504_401_tuner_set_params>:
dd6: 55 push %ebp
dd7: b9 03 00 00 00 mov $0x3,%ecx
ddc: 89 e5 mov %esp,%ebp
dde: 57 push %edi
ddf: 56 push %esi
de0: 89 d6 mov %edx,%esi
de2: 53 push %ebx
de3: 89 c3 mov %eax,%ebx
de5: 83 ec 14 sub $0x14,%esp
de8: 8b 80 00 02 00 00 mov 0x200(%eax),%eax
dee: 8b 93 08 02 00 00 mov 0x208(%ebx),%edx
df4: 8d 7d e4 lea -0x1c(%ebp),%edi
df7: 8b 40 20 mov 0x20(%eax),%eax
dfa: 89 45 e0 mov %eax,-0x20(%ebp)
dfd: 31 c0 xor %eax,%eax
dff: 85 d2 test %edx,%edx
e01: f3 ab rep stos %eax,%es:(%edi)
e03: 8d 45 f0 lea -0x10(%ebp),%eax
e06: 66 c7 45 e8 04 00 movw $0x4,-0x18(%ebp)
e0c: 89 45 ec mov %eax,-0x14(%ebp)
e0f: 74 09 je e1a <grundig_29504_401_tuner_set_params+0x44>
e11: 0f b6 02 movzbl (%edx),%eax
e14: 66 89 45 e4 mov %ax,-0x1c(%ebp)
e18: eb 06 jmp e20 <grundig_29504_401_tuner_set_params+0x4a>
e1a: 66 c7 45 e4 61 00 movw $0x61,-0x1c(%ebp)
e20: 8b 0e mov (%esi),%ecx
e22: be 0a 8b 02 00 mov $0x28b0a,%esi
e27: 8d 91 48 39 27 02 lea 0x2273948(%ecx),%edx
e2d: 89 d0 mov %edx,%eax
e2f: 31 d2 xor %edx,%edx
e31: f7 f6 div %esi
struct budget *budget = fe->dvb->priv;
df7: 8b 40 20 mov 0x20(%eax),%eax
dfa: 89 45 e0 mov %eax,-0x20(%ebp)
u8 *tuner_addr = fe->tuner_priv;
u32 div;
u8 cfg, cpump, band_select;
u8 data[4];
struct i2c_msg msg = { .flags = 0, .buf = data, .len = sizeof(data) };
dfd: 31 c0 xor %eax,%eax
if (tuner_addr)
dff: 85 d2 test %edx,%edx
struct budget *budget = fe->dvb->priv;
u8 *tuner_addr = fe->tuner_priv;
u32 div;
u8 cfg, cpump, band_select;
u8 data[4];
struct i2c_msg msg = { .flags = 0, .buf = data, .len = sizeof(data) };
e01: f3 ab rep stos %eax,%es:(%edi)
e03: 8d 45 f0 lea -0x10(%ebp),%eax
e06: 66 c7 45 e8 04 00 movw $0x4,-0x18(%ebp)
e0c: 89 45 ec mov %eax,-0x14(%ebp)
if (tuner_addr)
e0f: 74 09 je e1a <grundig_29504_401_tuner_set_params+0x44>
msg.addr = *tuner_addr;
e11: 0f b6 02 movzbl (%edx),%eax
e14: 66 89 45 e4 mov %ax,-0x1c(%ebp)
e18: eb 06 jmp e20 <grundig_29504_401_tuner_set_params+0x4a>
[-- Attachment #4: linux-2.6.27-budget-dvb-set-params-oops.patch --]
[-- Type: text/plain, Size: 649 bytes --]
diff -uNrp kernel-2.6.27.orig/drivers/media/dvb/ttpci/budget.c kernel-2.6.27.new/drivers/media/dvb/ttpci/budget.c
--- kernel-2.6.27.orig/drivers/media/dvb/ttpci/budget.c 2009-01-12 18:18:17.000000000 +0000
+++ kernel-2.6.27.new/drivers/media/dvb/ttpci/budget.c 2009-01-12 18:18:55.000000000 +0000
@@ -460,6 +460,7 @@ static void frontend_init(struct budget
budget->dvb_frontend = dvb_attach(l64781_attach, &grundig_29504_401_config, &budget->i2c_adap);
if (budget->dvb_frontend) {
budget->dvb_frontend->ops.tuner_ops.set_params = grundig_29504_401_tuner_set_params;
+ budget->dvb_frontend->tuner_priv = NULL;
break;
}
break;
^ permalink raw reply [flat|nested] 2+ messages in thread
* Re: budget.c driver: Kernel oops: "BUG: unable to handle kernel paging request at ffffffff"
2009-01-18 10:55 budget.c driver: Kernel oops: "BUG: unable to handle kernel paging request at ffffffff" Tony Broad
@ 2009-01-18 13:36 ` Oliver Endriss
0 siblings, 0 replies; 2+ messages in thread
From: Oliver Endriss @ 2009-01-18 13:36 UTC (permalink / raw)
To: Tony Broad; +Cc: linux-media, Mauro Carvalho Chehab
[-- Attachment #1: Type: text/plain, Size: 1351 bytes --]
Tony Broad wrote:
> I'm using a "Hauppauge WinTV-NOVA-T DVB card" of PCI id "13c2:1005" with
> kernel 2.6.27.9.
>
> I've recently experienced the following fairly consistent kernel oops on
> startup in grundig_29504_401_tuner_set_params from budget.c. As you
> might expect, following this failure, the card doesn't work.
>
> I'm not a kernel developer, nevertheless I seem to have managed to track
> this down to a non-existent initialisation of
> budget->dvb_frontend->tuner_priv.
>
> The attached patch fixes the problem for me (and I've managed to tune
> the card successfully as a result), but I don't know of anyone else
> using the driver so I can't test it on other people.
>
> Please let me know if this works for you or if I've done something
> terribly wrong ;-(
Hi,
you are right, and your patch is basically correct.
Anyway, the l64781 frontend driver is a better place to fix the bug:
Initializing the frontend struct at allocation time will prevent this
kind of problem for all card drivers now and forever...
Signed-off-by: Oliver Endriss <o.endriss@gmx.de>
Btw, this fix should be applied to all kernels >= 2.6.26.
CU
Oliver
--
----------------------------------------------------------------
VDR Remote Plugin 0.4.0: http://www.escape-edv.de/endriss/vdr/
----------------------------------------------------------------
[-- Attachment #2: l64781-initfix.diff --]
[-- Type: text/x-diff, Size: 597 bytes --]
diff -r 1930f80b6970 linux/drivers/media/dvb/frontends/l64781.c
--- a/linux/drivers/media/dvb/frontends/l64781.c Sun Dec 14 15:38:29 2008 +0100
+++ b/linux/drivers/media/dvb/frontends/l64781.c Sun Jan 18 14:04:39 2009 +0100
@@ -501,7 +501,7 @@ struct dvb_frontend* l64781_attach(const
{ .addr = config->demod_address, .flags = I2C_M_RD, .buf = b1, .len = 1 } };
/* allocate memory for the internal state */
- state = kmalloc(sizeof(struct l64781_state), GFP_KERNEL);
+ state = kzalloc(sizeof(struct l64781_state), GFP_KERNEL);
if (state == NULL) goto error;
/* setup the state */
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2009-01-18 13:38 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2009-01-18 10:55 budget.c driver: Kernel oops: "BUG: unable to handle kernel paging request at ffffffff" Tony Broad
2009-01-18 13:36 ` Oliver Endriss
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox