Bug 6403 - Kernel OOPSes when playing DVBstream and USB dongle is unplugged. Also oopses when kaffeine is killed after first OOPS
Summary: Kernel OOPSes when playing DVBstream and USB dongle is unplugged. Also oopses...
Status: CLOSED PATCH_ALREADY_AVAILABLE
Alias: None
Product: v4l-dvb
Classification: Unclassified
Component: dvb-other (show other bugs)
Hardware: i386 Linux
: P2 blocking
Assignee: drivers_video-other
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2006-04-17 15:15 UTC by Cijoml Cijomlovic Cijomlov
Modified: 2007-04-15 02:06 UTC (History)
5 users (show)

See Also:
Kernel Version: 2.6.16.16 and all lower
Subsystem:
Regression: ---
Bisected commit-id:


Attachments

Description Cijoml Cijomlovic Cijomlov 2006-04-17 15:15:25 UTC
Most recent kernel where this bug did not occur: 2.6.16 and all lower
Distribution: Debian testing
Hardware Environment: Acer TravelMate 240, other laptops tested with same behaviour
Software Environment: Linux kernel, kaffeine
Problem Description:
Kernel OOPSes when playing DVBstream and USB dongle is unplugged. Also oopses
when kaffeine is killed after first OOPS

Steps to reproduce:
1) plug in DVB adapter
2) start play the stream for example through kaffeine
3) unplug dongle
4) see dmesg
5) killall kaffeine
6) see dmesg again

usb 4-2: new high speed USB device using ehci_hcd and address 4
usb 4-2: configuration #1 chosen from 1 choice
dvb-usb: found a 'WideView WT-220U PenType Receiver (Typhoon/Freecom)' in cold 
state, will try to load a firmware
dvb-usb: downloading firmware from file 'dvb-usb-wt220u-02.fw'
usbcore: registered new driver dvb_usb_dtt200u
usb 4-2: USB disconnect, address 4
dvb-usb: generic DVB-USB module successfully deinitialized and disconnected.
usb 4-2: new high speed USB device using ehci_hcd and address 5
usb 4-2: configuration #1 chosen from 1 choice
dvb-usb: found a 'WideView WT-220U PenType Receiver (Typhoon/Freecom)' in warm 
state.
dvb-usb: will use the device's hardware PID filter (table count: 15).
DVB: registering new adapter (WideView WT-220U PenType Receiver 
(Typhoon/Freecom)).
DVB: registering frontend 0 (WideView USB DVB-T)...
input: IR-receiver inside an USB DVB receiver as /class/input/input6
dvb-usb: schedule remote query interval to 300 msecs.
dvb-usb: WideView WT-220U PenType Receiver (Typhoon/Freecom) successfully 
initialized and connected.
dvb-usb: recv bulk message failed: -110
dvb-usb: bulk message failed: -71 (1/0)
usb 4-2: USB disconnect, address 5
dvb-usb: bulk message failed: -22 (1/1)
dvb-usb: WideView WT-220U PenType Receiver (Typhoon/Freecom) successfully 
deinitialized and disconnected.
Unable to handle kernel NULL pointer dereference at virtual address 00000038
 printing eip:
fcc17d5c
*pde = 00000000
Oops: 0000 [#1]
PREEMPT
Modules linked in: dvb_usb_dtt200u dvb_usb dvb_core i2c_core dvb_pll 
snd_pcm_oss snd_mixer_oss ppp_deflate zlib_deflate bsd_comp ppp_async 
crc_ccitt ppp_generic slhc hci_usb bnep rfcomm hidp l2cap bluetooth hostap_cs 
hostap ieee80211_crypt parport_pc parport snd_intel8x0m 8250_pci 8250 
serial_core snd_intel8x0 snd_ac97_codec snd_ac97_bus snd_pcm snd_timer snd 
snd_page_alloc ehci_hcd usbhid uhci_hcd 8139too mii nls_iso8859_2 ntfs ide_cd 
cdrom rtc
CPU:    0
EIP:    0060:[<fcc17d5c>]    Not tainted VLI
EFLAGS: 00210246   (2.6.16.2 #5)
EIP is at dvb_dvr_poll+0x49/0x6a [dvb_core]
eax: 00000030   ebx: 00000000   ecx: 00000106   edx: 00000002
esi: 00000000   edi: ec1ff300   ebp: eb3feb00   esp: ebebbf54
ds: 007b   es: 007b   ss: 0068
Process kaffeine (pid: 5041, threadinfo=ebeba000 task=ed21e030)
Stack: <0>ec1ff300 00000020 eb3feb08 c015dcff ec1ff300 00000000 0826b060 
eb3feb00
       00000000 00000000 00000001 00000000 c015d117 e89dd000 00000000 0826b058
       00000000 b6491ff4 ebeba000 c015e0df 0826b058 00000001 ebebbfb0 00000000
Call Trace:
 [<c015dcff>] do_sys_poll+0x17a/0x317
 [<c015d117>] __pollwait+0x0/0x9a
 [<c015e0df>] sys_poll+0x42/0x47
 [<c0102a85>] syscall_call+0x7/0xb
Code: fc 68 a0 09 c2 fc e8 e2 0e 50 c3 58 5a 8d 43 30 85 f6 74 0c 85 c0 74 08 
56 50 57 ff 16 83 c4 0c b9 06 01 00 00 f6 47 18 03 75 1b <8b> 43 38 83 f8 01 
19 c9 f7 d1 83 e1 4b 8b 43 2c 89 ca 83 ca 43
 <1>Unable to handle kernel paging request at virtual address fcb2104c
 printing eip:
fcc17673
*pde = 01b12067
*pte = 00000000
Oops: 0000 [#2]
PREEMPT
Modules linked in: dvb_usb_dtt200u dvb_usb dvb_core i2c_core dvb_pll 
snd_pcm_oss snd_mixer_oss ppp_deflate zlib_deflate bsd_comp ppp_async 
crc_ccitt ppp_generic slhc hci_usb bnep rfcomm hidp l2cap bluetooth hostap_cs 
hostap ieee80211_crypt parport_pc parport snd_intel8x0m 8250_pci 8250 
serial_core snd_intel8x0 snd_ac97_codec snd_ac97_bus snd_pcm snd_timer snd 
snd_page_alloc ehci_hcd usbhid uhci_hcd 8139too mii nls_iso8859_2 ntfs ide_cd 
cdrom rtc
CPU:    0
EIP:    0060:[<fcc17673>]    Not tainted VLI
EFLAGS: 00210246   (2.6.16.2 #5)
EIP is at dvb_demux_poll+0x29/0x56 [dvb_core]
eax: fcb21064   ebx: fcb21000   ecx: ffffffea   edx: 00000000
esi: ed388cc0   edi: ea42c728   ebp: ea42c720   esp: ec3bff58
ds: 007b   es: 007b   ss: 0068
Process kaffeine (pid: 5038, threadinfo=ec3be000 task=ec23d030)
Stack: <0>ed388cc0 00000020 c015dcff ed388cc0 00000000 0826c258 ea42c720 
00000000
       00000000 00000001 00000000 c015d117 e89eb000 00000000 0826c250 000003e8
       b6491ff4 ec3be000 c015e0df 0826c250 00000001 ec3bffb0 00000000 00000000
Call Trace:
 [<c015dcff>] do_sys_poll+0x17a/0x317
 [<c015d117>] __pollwait+0x0/0x9a
 [<c015e0df>] sys_poll+0x42/0x47
 [<c0102a85>] syscall_call+0x7/0xb
Code: 14 c3 56 53 8b 74 24 0c 8b 54 24 10 8b 5e 74 b9 ea ff ff ff 85 db 74 3b 
8d 43 64 85 d2 74 0c 85 c0 74 08 52 50 56 ff 12 83 c4 0c <8b> 43 4c 83 e8 03 
31 c9 83 f8 02 77 1b 8b 43 6c 83 f8 01 19 c9
 <1>Unable to handle kernel paging request at virtual address fcb210f4
 printing eip:
fcc18cd5
*pde = 01b12067
*pte = 00000000
Oops: 0000 [#3]
PREEMPT
Modules linked in: dvb_usb_dtt200u dvb_usb dvb_core i2c_core dvb_pll 
snd_pcm_oss snd_mixer_oss ppp_deflate zlib_deflate bsd_comp ppp_async 
crc_ccitt ppp_generic slhc hci_usb bnep rfcomm hidp l2cap bluetooth hostap_cs 
hostap ieee80211_crypt parport_pc parport snd_intel8x0m 8250_pci 8250 
serial_core snd_intel8x0 snd_ac97_codec snd_ac97_bus snd_pcm snd_timer snd 
snd_page_alloc ehci_hcd usbhid uhci_hcd 8139too mii nls_iso8859_2 ntfs ide_cd 
cdrom rtc
CPU:    0
EIP:    0060:[<fcc18cd5>]    Not tainted VLI
EFLAGS: 00210282   (2.6.16.2 #5)
EIP is at dvb_demux_release+0xa/0x102 [dvb_core]
eax: eb905600   ebx: fcb210a4   ecx: f7b28d30   edx: eb905600
esi: eb905600   edi: f7b29478   ebp: f7b28d30   esp: eba63f50
ds: 007b   es: 007b   ss: 0068
Process kaffeine (pid: 5036, threadinfo=eba62000 task=c1bff560)
Stack: <0>00000008 eb905600 f7b29478 c014e481 f7b29478 eb905600 c18b41c0 
eb905600
       00000000 c1b6d200 eb905600 c014c044 eb905600 c1b6d200 eb905600 c1b6d200
       00000011 eba62000 c1b6d200 c014c9f8 eb905600 c1b6d200 00000011 0841c924
Call Trace:
 [<c014e481>] __fput+0x80/0x14c
 [<c014c044>] filp_close+0x4e/0x57
 [<c014c9f8>] sys_close+0x69/0x96
 [<c0102a85>] syscall_call+0x7/0xb
Code: 89 c2 83 c4 10 eb 05 ba ea ff ff ff 8b 0c 24 ff 41 3c 0f 8e 59 02 00 00 
89 d0 5f 5d 5b 5e 5f 5d c3 57 56 53 8b 44 24 14 8b 58 74 <8b> 7b 50 ff 4f 3c 
0f 88 47 02 00 00 31 c0 ba 00 fe ff ff 85 c0
 <1>Unable to handle kernel NULL pointer dereference at virtual address 
0000000c
 printing eip:
fcc1cba4
*pde = 00000000
Oops: 0000 [#4]
PREEMPT
Modules linked in: dvb_usb_dtt200u dvb_usb dvb_core i2c_core dvb_pll 
snd_pcm_oss snd_mixer_oss ppp_deflate zlib_deflate bsd_comp ppp_async 
crc_ccitt ppp_generic slhc hci_usb bnep rfcomm hidp l2cap bluetooth hostap_cs 
hostap ieee80211_crypt parport_pc parport snd_intel8x0m 8250_pci 8250 
serial_core snd_intel8x0 snd_ac97_codec snd_ac97_bus snd_pcm snd_timer snd 
snd_page_alloc ehci_hcd usbhid uhci_hcd 8139too mii nls_iso8859_2 ntfs ide_cd 
cdrom rtc

Here I do killall kaffeine and got next oops:

CPU:    0
EIP:    0060:[<fcc1cba4>]    Not tainted VLI
EFLAGS: 00010286   (2.6.16.2 #5)
EIP is at dvb_frontend_release+0x11/0x4f [dvb_core]
eax: 00000000   ebx: eb905240   ecx: f7b19098   edx: eb905240
esi: eb905240   edi: f7b2964c   ebp: f7b19098   esp: ebee3e34
ds: 007b   es: 007b   ss: 0068
Process kaffeine (pid: 5051, threadinfo=ebee2000 task=ec23da90)
Stack: <0>00000008 eb905240 f7b2964c c014e481 f7b2964c eb905240 c18b41c0 
eb905240
       00000000 c1b6d200 c1b6d208 c014c044 eb905240 c1b6d200 eb905240 c1b6d200
       c1b6d200 0000003c 00000eeb c0118fe6 eb905240 c1b6d200 00000001 00000000
Call Trace:
 [<c014e481>] __fput+0x80/0x14c
 [<c014c044>] filp_close+0x4e/0x57
 [<c0118fe6>] put_files_struct+0x66/0xa3
 [<c0119e79>] do_exit+0x1ba/0x6fc
 [<c011a441>] sys_exit_group+0x0/0x11
 [<c0121f7e>] get_signal_to_deliver+0x3df/0x405
 [<c0102443>] do_notify_resume+0x8a/0x5a3
 [<c015d117>] __pollwait+0x0/0x9a
 [<c015d7b7>] core_sys_select+0x23b/0x248
 [<c015dab9>] sys_select+0x9a/0x166
 [<c014e070>] sys_read+0x3b/0x64
 [<c0102b16>] work_notifysig+0x13/0x19
Code: 01 00 00 b8 43 00 00 00 39 93 68 01 00 00 ba 00 00 00 00 0f 44 c2 5b 5e 
5f c3 57 56 53 8b 7c 24 10 8b 5c 24 14 8b 43 74 8b 40 28 <8b> 70 0c 83 3d 98 
84 c2 fc 00 74 11 68 94 01 c2 fc 68 0d 11 c2
 <1>Fixing recursive fault but reboot is needed!
Comment 1 Andrew Morton 2007-01-31 02:06:55 UTC
Is this crash still happening in recent kernels?
Comment 2 Cijoml Cijomlovic Cijomlov 2007-01-31 02:09:28 UTC
yes, I was talking with Mike (mkrufky) and this is known problem unfixed. So bug
is still open.
Comment 3 Markus Rechberger 2007-04-04 09:38:37 UTC
Hi,

can you please retry with:
http://mcentral.de/hg/~mrec/v4l-dvb-stable/ 

at this time it's the latest repository from linuxtv.org and a few hotplug 
patches.

Markus

Note You need to log in before you can comment on or make changes to this bug.