Bug 16243 - firedtv: NULL pointer dereference in fw_iso_context_stop, dvb_frontend_thread context
firedtv: NULL pointer dereference in fw_iso_context_stop, dvb_frontend_thread...
Status: ASSIGNED
Product: Drivers
Classification: Unclassified
Component: IEEE1394
All Linux
: P1 normal
Assigned To: drivers_ieee1394
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2010-06-17 22:09 UTC by Stefan Richter
Modified: 2013-12-10 21:46 UTC (History)
2 users (show)

See Also:
Kernel Version: 2.6.34/3.6?
Tree: Mainline
Regression: No


Attachments
syslog with the NULL pointer dereference (7.39 KB, text/plain)
2010-06-17 22:09 UTC, Stefan Richter
Details

Description Stefan Richter 2010-06-17 22:09:46 UTC
Created attachment 26831 [details]
syslog with the NULL pointer dereference

A FireDTV somehow vanished from the bus for no apparent reason (PHY lock-up perhaps; plug-out/ plug-in was necessary to get it back).  When doing so, the firedtv driver crashed in fw_iso_context_stop.

Backtrace:
BUG: unable to handle kernel NULL pointer dereference at (null)
IP: [<ffffffffa0208d74>] fw_iso_context_stop+0x0/0xd [firewire_core]
...
RIP: 0010:[<ffffffffa0208d74>]  [<ffffffffa0208d74>] fw_iso_context_stop+0x0/0xd [firewire_core]
...
? stop_iso+0x19/0x41 [firedtv]
? fdtv_sleep+0x15/0x36 [firedtv]
? dvb_frontend_thread+0x5ac/0x63c [dvb_core]
? autoremove_wake_function+0x0/0x2e
? dvb_frontend_thread+0x0/0x63c [dvb_core]
? kthread+0x79/0x81
...

Complete trace follows as attachment.  Is firedtv perhaps not prepared for a kernel thread to stop the context (instead of user context)?
Comment 1 Clemens Ladisch 2011-02-16 09:28:22 UTC
ffffffffa0208d74:  48 8b 07      mov    (%rdi),%rax    <-- crash here
ffffffffa0208d77:  48 8b 00      mov    (%rax),%rax
ffffffffa0208d7a:  4c 8b 58 68   mov    0x68(%rax),%r11
ffffffffa0208d7e:  41 ff e3      jmpq   *%r11

The parameter to fw_iso_context_stop() is NULL.
Comment 2 Stefan Richter 2012-10-22 12:49:42 UTC
I recently had another panic on kernel version 3.6 which looked like this one.  Didn't take a screenshot because it appeared to be identical.

Note You need to log in before you can comment on or make changes to this bug.