Bug 16243
| Summary: | firedtv: NULL pointer dereference in fw_iso_context_stop, dvb_frontend_thread context | ||
|---|---|---|---|
| Product: | Drivers | Reporter: | Stefan Richter (stefanr) |
| Component: | IEEE1394 | Assignee: | drivers_ieee1394 |
| Status: | ASSIGNED --- | ||
| Severity: | normal | CC: | alan, clemens |
| Priority: | P1 | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Kernel Version: | 2.6.34/3.6? | Subsystem: | |
| Regression: | No | Bisected commit-id: | |
| Attachments: | syslog with the NULL pointer dereference | ||
ffffffffa0208d74: 48 8b 07 mov (%rdi),%rax <-- crash here ffffffffa0208d77: 48 8b 00 mov (%rax),%rax ffffffffa0208d7a: 4c 8b 58 68 mov 0x68(%rax),%r11 ffffffffa0208d7e: 41 ff e3 jmpq *%r11 The parameter to fw_iso_context_stop() is NULL. I recently had another panic on kernel version 3.6 which looked like this one. Didn't take a screenshot because it appeared to be identical. |
Created attachment 26831 [details] syslog with the NULL pointer dereference A FireDTV somehow vanished from the bus for no apparent reason (PHY lock-up perhaps; plug-out/ plug-in was necessary to get it back). When doing so, the firedtv driver crashed in fw_iso_context_stop. Backtrace: BUG: unable to handle kernel NULL pointer dereference at (null) IP: [<ffffffffa0208d74>] fw_iso_context_stop+0x0/0xd [firewire_core] ... RIP: 0010:[<ffffffffa0208d74>] [<ffffffffa0208d74>] fw_iso_context_stop+0x0/0xd [firewire_core] ... ? stop_iso+0x19/0x41 [firedtv] ? fdtv_sleep+0x15/0x36 [firedtv] ? dvb_frontend_thread+0x5ac/0x63c [dvb_core] ? autoremove_wake_function+0x0/0x2e ? dvb_frontend_thread+0x0/0x63c [dvb_core] ? kthread+0x79/0x81 ... Complete trace follows as attachment. Is firedtv perhaps not prepared for a kernel thread to stop the context (instead of user context)?