Bug 219258
Summary: | vivid can be trivially crashed | ||
---|---|---|---|
Product: | v4l-dvb | Reporter: | Artem S. Tashkinov (aros) |
Component: | v4l-core | Assignee: | v4l-dvb_v4l-core (v4l-dvb_v4l-core) |
Status: | NEW --- | ||
Severity: | blocking | CC: | hverkuil |
Priority: | P3 | ||
Hardware: | All | ||
OS: | Linux | ||
Kernel Version: | 6.10.8 | Subsystem: | |
Regression: | No | Bisected commit-id: |
Description
Artem S. Tashkinov
2024-09-10 13:00:20 UTC
Any process trying to open /dev/video0 freezes and cannot be killed. rmmod -f vivid freezes and cannot be killed. rmmod -f vivid rmmod: ERROR: libkmod/libkmod-module.c:856 kmod_module_remove_module() could not remove 'vivid': Device or resource busy rmmod: ERROR: could not remove module vivid: Device or resource busy 6.11 no changes: mc: Linux media interface: v0.10 videodev: Linux video capture interface: v2.00 vivid-000: using single planar format API vivid-000: V4L2 capture device registered as video0 vivid-000: V4L2 output device registered as video1 vivid-000: V4L2 capture device registered as vbi0, supports raw and sliced VBI vivid-000: V4L2 output device registered as vbi1, supports raw and sliced VBI vivid-000: V4L2 capture device registered as swradio0 vivid-000: V4L2 receiver device registered as radio0 vivid-000: V4L2 transmitter device registered as radio1 vivid-000: V4L2 metadata capture device registered as video2 vivid-000: V4L2 metadata output device registered as video3 vivid-000: V4L2 touch capture device registered as v4l-touch0 Oops: divide error: 0000 [#1] PREEMPT SMP NOPTI CPU: 3 UID: 0 PID: 87751 Comm: ffmpeg Tainted: G O 6.11.0-zen3 #1 Tainted: [O]=OOT_MODULE Hardware name: System manufacturer System Product Name/TUF GAMING X570-PLUS (WI-FI), BIOS 5013 03/22/2024 RIP: 0010:vid_cap_buf_prepare+0x9f/0x190 [vivid] Code: 00 8b 83 08 64 00 00 31 d2 f7 f1 89 c1 8b 83 68 66 00 00 44 89 da 4c 8d 62 04 0f af c1 41 0f b6 4c 15 09 31 d2 43 8b 74 a5 04 <f7> f1 8d 14 30 45 39 cb 72 36 48 85 d2 0f 85 a3 00 00 00 49 83 c2 RSP: 0018:ffffb1b946ba3b48 EFLAGS: 00010246 RAX: 0000000000054600 RBX: ffff9698031d8000 RCX: 0000000000000000 RDX: 0000000000000000 RSI: 0000000000000100 RDI: ffff9696d889c474 RBP: ffffb1b946ba3b68 R08: 0000000000000001 R09: 0000000000000001 R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000004 R13: ffffffffc1a50c00 R14: 0000000000000003 R15: 0000000000000000 FS: 00007f65a910ba80(0000) GS:ffff96a5eeec0000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 000000003973a038 CR3: 0000000129388000 CR4: 0000000000b50ef0 Call Trace: <TASK> ? show_regs.part.0+0x1d/0x30 ? __die+0x52/0x95 ? die+0x2a/0x50 ? do_trap+0x10e/0x120 ? do_error_trap+0x69/0x90 ? vid_cap_buf_prepare+0x9f/0x190 [vivid] ? exc_divide_error+0x37/0x50 ? vid_cap_buf_prepare+0x9f/0x190 [vivid] ? asm_exc_divide_error+0x1b/0x20 ? vid_cap_buf_prepare+0x9f/0x190 [vivid] __buf_prepare+0x179/0x1c0 [videobuf2_common] vb2_core_qbuf+0x329/0x4c0 [videobuf2_common] vb2_qbuf+0x87/0xf0 [videobuf2_v4l2] vb2_ioctl_qbuf+0x4e/0x60 [videobuf2_v4l2] v4l_qbuf+0x3b/0x50 [videodev] __video_do_ioctl+0x461/0x490 [videodev] ? do_futex+0x121/0x190 video_usercopy+0x318/0x6c0 [videodev] ? v4l_s_output+0x60/0x60 [videodev] video_ioctl2+0x10/0x20 [videodev] v4l2_ioctl+0x4b/0x60 [videodev] __x64_sys_ioctl+0x96/0xd0 x64_sys_call+0x10b6/0x1d10 do_syscall_64+0x79/0x150 ? __count_memcg_events+0x57/0xf0 ? handle_mm_fault+0x154/0x240 ? syscall_exit_to_user_mode+0x11/0x1c0 ? do_syscall_64+0x85/0x150 entry_SYSCALL_64_after_hwframe+0x6c/0x74 RIP: 0033:0x7f65aab25f2d Code: 04 25 28 00 00 00 48 89 45 c8 31 c0 48 8d 45 10 c7 45 b0 10 00 00 00 48 89 45 b8 48 8d 45 d0 48 89 45 c0 b8 10 00 00 00 0f 05 <89> c2 3d 00 f0 ff ff 77 1a 48 8b 45 c8 64 48 2b 04 25 28 00 00 00 RSP: 002b:00007ffcd21b6910 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 RAX: ffffffffffffffda RBX: 00000000394c44c0 RCX: 00007f65aab25f2d RDX: 00007ffcd21b69b0 RSI: 00000000c058560f RDI: 0000000000000003 RBP: 00007ffcd21b6960 R08: 0000000039490010 R09: 0000000000000007 R10: 00007f65980024c0 R11: 0000000000000246 R12: 00000000394c9ca0 R13: 00000000394c5380 R14: 00000000394c5680 R15: 00000000394c6f00 </TASK> Modules linked in: vivid videobuf2_dma_contig v4l2_tpg v4l2_dv_timings videobuf2_vmalloc videobuf2_memops videobuf2_v4l2 videodev videobuf2_common mc uinput tun rfcomm snd_hrtimer nvidia_uvm(O) cmac algif_hash algif_skcipher af_alg input_leds msr hid_generic usbhid hid bnep vboxnetadp(O) vboxnetflt(O) nf_log_syslog nft_limit btusb btintel btbcm bluetooth nft_ct nf_conntrack nf_defrag_ipv6 nf_defrag_ipv4 nfnetlink_log nft_log vboxdrv(O) nf_tables libcrc32c nct6775 nct6775_core hwmon_vid ntfs3 nvidia_drm(O) nvidia_modeset(O) iwlmvm ptp pps_core mac80211 libarc4 snd_hda_codec_realtek kvm_amd snd_hda_codec_generic snd_hda_scodec_component led_class snd_hda_codec_hdmi ee1004 kvm crct10dif_pclmul crc32_pclmul crc32c_intel snd_hda_intel snd_intel_dspcfg polyval_clmulni wmi_bmof polyval_generic snd_hda_codec sha512_ssse3 nvidia(O) snd_hwdep sha512_generic snd_hda_core sha256_ssse3 iwlwifi sr_mod snd_seq snd_seq_device cdrom snd_pcm sha1_ssse3 r8169 aesni_intel cfg80211 gf128mul snd_timer crypto_simd ccp efi_pstore realtek xhci_pci cryptd pcspkr k10temp rfkill backlight snd i2c_piix4 sha1_generic mdio_devres xhci_hcd libphy wmi 8250 8250_base tpm_crb serial_base tpm_tis tpm_tis_core evdev fuse dm_mod nfnetlink efivarfs tpm libaescfb ecdh_generic ecc rng_core ipv6 ---[ end trace 0000000000000000 ]--- pstore: backend (efi_pstore) writing error (-28) RIP: 0010:vid_cap_buf_prepare+0x9f/0x190 [vivid] Code: 00 8b 83 08 64 00 00 31 d2 f7 f1 89 c1 8b 83 68 66 00 00 44 89 da 4c 8d 62 04 0f af c1 41 0f b6 4c 15 09 31 d2 43 8b 74 a5 04 <f7> f1 8d 14 30 45 39 cb 72 36 48 85 d2 0f 85 a3 00 00 00 49 83 c2 RSP: 0018:ffffb1b946ba3b48 EFLAGS: 00010246 RAX: 0000000000054600 RBX: ffff9698031d8000 RCX: 0000000000000000 RDX: 0000000000000000 RSI: 0000000000000100 RDI: ffff9696d889c474 RBP: ffffb1b946ba3b68 R08: 0000000000000001 R09: 0000000000000001 R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000004 R13: ffffffffc1a50c00 R14: 0000000000000003 R15: 0000000000000000 FS: 00007f65a910ba80(0000) GS:ffff96a5eeec0000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 000000003973a038 CR3: 0000000129388000 CR4: 0000000000b50ef0 This is reproducible in 6.11.5 as well. Hans, Could you take a look please? |