20372 – NULL pointer dereference

Bug 20372 - NULL pointer dereference

Summary: NULL pointer dereference

Status:	CLOSED CODE_FIX

Alias:	None

Product:	v4l-dvb
Classification:	Unclassified
Component:	dvb-usb (show other bugs)
Hardware:	x86-64 Linux

Importance:	P1 high
Assignee:	dvb-usb

URL:
Keywords:

Depends on:
Blocks:

Reported:	2010-10-14 19:17 UTC by Mate Soos
Modified:	2012-05-17 15:58 UTC (History)
CC List:	3 users (show)

See Also:
Kernel Version:	linux-2.6.35.5
Subsystem:
Regression:	No
Bisected commit-id:

Attachments
dmesg output (114.73 KB, text/plain) 2010-10-14 19:17 UTC, Mate Soos	Details
Add an attachment (proposed patch, testcase, etc.)

Description Mate Soos 2010-10-14 19:17:18 UTC

Created attachment 33652 [details]
dmesg output

I was running "gnome-dvb-setup", and did some strange set of actions (cancel, then forward, then cancel, etc.). It seemd to have gone haywire. Then I looked at the dmesg, and I got this:

[27332.491854] BUG: unable to handle kernel NULL pointer dereference at 0000000000000012
[27332.491862] IP: [<ffffffffa00cd59f>] i2c_transfer+0x1a/0xc1 [i2c_core]
[27332.491874] PGD 332d1067 PUD 37f20067 PMD 0 
[27332.491879] Oops: 0000 [#1] SMP 
[27332.491882] last sysfs file: /sys/devices/pci0000:00/0000:00:1d.7/usb1/1-7/product
[27332.491886] CPU 1 
[27332.491887] Modules linked in: mt2060 dvb_usb_dib0700 dib7000p dib0090 dib7000m dib0070 dvb_usb dib8000 dvb_core dib3000mc dibx000_common usb_storage snd_emu10k1_synth snd_emux_synth snd_seq_virmidi snd_seq_midi_emul snd_emu10k1 snd_ac97_codec ac97_bus snd_pcm_oss snd_mixer_oss snd_pcm snd_page_alloc snd_util_mem snd_hwdep snd_seq_midi snd_rawmidi snd_seq_midi_event snd_seq snd_timer snd_seq_device snd soundcore mperf cpufreq_powersave cpufreq_conservative cpufreq_userspace cpufreq_stats ppdev microcode coretemp firewire_sbp2 nouveau drm_kms_helper i5k_amb tpm_tis tpm tpm_bios parport_pc emu10k1_gp i2c_algo_bit gameport i2c_i801 rng_core ttm drm i2c_core loop uinput binfmt_misc crc16 lp parport ide_cd_mod cdrom ata_generic ata_piix usbhid hid uhci_hcd ahci libahci piix ehci_hcd tg3 firewire_ohci firewire_core ide_core crc_itu_t i5000_edac usbcore libata shpchp evdev edac_core libphy pcspkr dcdbas pci_hotplug nls_base processor button thermal thermal_sys [last unloaded: scsi_wait_scan]
[27332.491958] 
[27332.491962] Pid: 24898, comm: gnome-dvb-daemo Not tainted 2.6.35.5 #5 0GU083/Precision WorkStation 490    
[27332.491965] RIP: 0010:[<ffffffffa00cd59f>]  [<ffffffffa00cd59f>] i2c_transfer+0x1a/0xc1 [i2c_core]
[27332.491971] RSP: 0018:ffff880084119b88  EFLAGS: 00010286
[27332.491973] RAX: 00000000ffffffa1 RBX: 0000000000000002 RCX: 0000000000000000
[27332.491976] RDX: 0000000000000002 RSI: ffff880084119bc8 RDI: 0000000000000002
[27332.491979] RBP: 0000000000000000 R08: ffff880037c08900 R09: 0000000000000001
[27332.491981] R10: 0000000000000080 R11: ffff880120cc4400 R12: ffffc90013d3d000
[27332.491984] R13: ffff880084119bc8 R14: 0000000000000002 R15: ffffc90013e58000
[27332.491987] FS:  00007fe9b2968710(0000) GS:ffff880001a40000(0000) knlGS:0000000000000000
[27332.491990] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[27332.491992] CR2: 0000000000000012 CR3: 000000001a51f000 CR4: 00000000000006e0
[27332.491995] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[27332.491998] DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000400
[27332.492001] Process gnome-dvb-daemo (pid: 24898, threadinfo ffff880084118000, task ffff880065c46630)
[27332.492003] Stack:
[27332.492005]  ffff880100000e00 ffffffff00000000 00000000000000eb 0000000000000000
[27332.492009] <0> ffffc90013d3d000 0000000000000001 ffff8800b12b20e0 ffffffffa027b109
[27332.492013] <0> ffff000200000010 ffff880084119bf8 0000000200010010 ffff880084119be8
[27332.492017] Call Trace:
[27332.492024]  [<ffffffffa027b109>] ? dib7000p_read_word+0x6e/0xbe [dib7000p]
[27332.492029]  [<ffffffffa0102a93>] ? usb_urb_submit+0x26/0x67 [dvb_usb]
[27332.492034]  [<ffffffffa027bcdb>] ? dib7000p_pid_filter_ctrl+0x1f/0x7b [dib7000p]
[27332.492038]  [<ffffffffa01020ad>] ? dvb_usb_ctrl_feed+0xcb/0x113 [dvb_usb]
[27332.492047]  [<ffffffffa03be659>] ? dmx_ts_feed_start_filtering+0x73/0xc9 [dvb_core]
[27332.492054]  [<ffffffffa03bb9e5>] ? dvb_dmxdev_start_feed+0xb5/0xe6 [dvb_core]
[27332.492060]  [<ffffffffa03bcb3a>] ? dvb_dmxdev_filter_start+0x2b4/0x301 [dvb_core]
[27332.492067]  [<ffffffffa03bd2c4>] ? dvb_demux_do_ioctl+0x25d/0x4a5 [dvb_core]
[27332.492074]  [<ffffffff810ea065>] ? chrdev_open+0x0/0x145
[27332.492080]  [<ffffffffa03bb39f>] ? dvb_usercopy+0xb2/0x12e [dvb_core]
[27332.492086]  [<ffffffffa03bd067>] ? dvb_demux_do_ioctl+0x0/0x4a5 [dvb_core]
[27332.492091]  [<ffffffff810fc06e>] ? mntput_no_expire+0x23/0xde
[27332.492095]  [<ffffffff810f27df>] ? do_filp_open+0x510/0x58e
[27332.492101]  [<ffffffffa03bc01f>] ? dvb_demux_ioctl+0x38/0x5a [dvb_core]
[27332.492104]  [<ffffffff810f351a>] ? vfs_ioctl+0x23/0x93
[27332.492107]  [<ffffffff810f3dab>] ? do_vfs_ioctl+0x45d/0x497
[27332.492111]  [<ffffffff810f04ef>] ? getname+0x23/0x1b1
[27332.492114]  [<ffffffff810f3e30>] ? sys_ioctl+0x4b/0x6f
[27332.492119]  [<ffffffff810e6044>] ? do_sys_open+0xea/0xf9
[27332.492125]  [<ffffffff810089c2>] ? system_call_fastpath+0x16/0x1b
[27332.492127] Code: 48 c7 c2 e3 d1 0c a0 e8 1c 5f 16 e1 48 83 c4 18 c3 41 56 41 89 d6 b8 a1 ff ff ff 41 55 49 89 f5 41 54 55 53 48 89 fb 48 83 ec 10 <48> 8b 57 10 48 83 3a 00 0f 84 8c 00 00 00 65 48 8b 04 25 08 cc 
[27332.492158] RIP  [<ffffffffa00cd59f>] i2c_transfer+0x1a/0xc1 [i2c_core]
[27332.492164]  RSP <ffff880084119b88>
[27332.492165] CR2: 0000000000000012
[27332.492185] ---[ end trace b75f99b9dc4d902c ]---
[27883.754976] usb 1-7: USB disconnect, address 7
[27883.772677] mt2060 I2C write failed


The insertion of the module for my Nova-T USB stick was the following:
[26964.444012] usb 1-7: new high speed USB device using ehci_hcd and address 7
[26964.576900] usb 1-7: New USB device found, idVendor=2040, idProduct=7050
[26964.576903] usb 1-7: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[26964.576905] usb 1-7: Product: Nova-T Stick
[26964.576908] usb 1-7: Manufacturer: Hauppauge
[26964.576909] usb 1-7: SerialNumber: 4027216528
[26964.577274] dvb-usb: found a 'Hauppauge Nova-T Stick' in cold state, will try to load a firmware
[26964.580510] dvb-usb: downloading firmware from file 'dvb-usb-dib0700-1.20.fw'
[26964.783773] dib0700: firmware started successfully.
[26965.284237] dvb-usb: found a 'Hauppauge Nova-T Stick' in warm state.
[26965.284299] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer.
[26965.284413] DVB: registering new adapter (Hauppauge Nova-T Stick)
[26965.616534] DVB: registering adapter 0 frontend 0 (DiBcom 7000MA/MB/PA/PB/MC)...
[26965.620157] MT2060: successfully identified (IF1 = 1235)
[26966.098625] input: IR-receiver inside an USB DVB receiver as /devices/pci0000:00/0000:00:1d.7/usb1/1-7/input/input8
[26966.098696] dvb-usb: schedule remote query interval to 50 msecs.
[26966.098699] dvb-usb: Hauppauge Nova-T Stick successfully initialized and connected.

This _immediately_ preceded the above NULL pointer dereference message.

The linux kernel I am using was compiled manually from sources directly from kernel.org on this machine (the same as the one that had the NULL dereference):

cat /proc/cpuinfo

processor       : 0
vendor_id       : GenuineIntel
cpu family      : 6
model           : 15
model name      : Intel(R) Xeon(R) CPU            5130  @ 2.00GHz
stepping        : 6
cpu MHz         : 1994.864
cache size      : 4096 KB
physical id     : 0
siblings        : 2
core id         : 0
cpu cores       : 2
apicid          : 0
initial apicid  : 0
fpu             : yes
fpu_exception   : yes
cpuid level     : 10
wp              : yes
flags           : fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat pse36 clflush dts acpi mmx fxsr sse sse2 ss ht tm pbe syscall nx lm constant_tsc arch_perfmon pebs bts rep_good aperfmperf pni dtes64 monitor ds_cpl vmx tm2 ssse3 cx16 xtpr pdcm dca lahf_lm tpr_shadow
bogomips        : 3989.72
clflush size    : 64
cache_alignment : 64
address sizes   : 36 bits physical, 48 bits virtual
power management:

processor       : 1
vendor_id       : GenuineIntel
cpu family      : 6
model           : 15
model name      : Intel(R) Xeon(R) CPU            5130  @ 2.00GHz
stepping        : 6
cpu MHz         : 1994.864
cache size      : 4096 KB
physical id     : 0
siblings        : 2
core id         : 1
cpu cores       : 2
apicid          : 1
initial apicid  : 1
fpu             : yes
fpu_exception   : yes
cpuid level     : 10
wp              : yes
flags           : fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat pse36 clflush dts acpi mmx fxsr sse sse2 ss ht tm pbe syscall nx lm constant_tsc arch_perfmon pebs bts rep_good aperfmperf pni dtes64 monitor ds_cpl vmx tm2 ssse3 cx16 xtpr pdcm dca lahf_lm tpr_shadow
bogomips        : 3989.97
clflush size    : 64
cache_alignment : 64
address sizes   : 36 bits physical, 48 bits virtual
power management:

The computer is a couple-of-year old Dell Precision 490.

I am running Debian squeeze, but as stated previously, I have a manually compiled and installed the kernel:

uname -a

Linux sleepy 2.6.35.5 #5 SMP Fri Sep 24 01:09:21 CEST 2010 x86_64 GNU/Linux

I have attached the full dmesg output.

Comment 1 Francisco Lloret 2011-01-01 23:58:16 UTC

Hello,

I use Gentoo and i get the same error

BUG: unable to handle kernel NULL pointer dereference at
0000000000000012

with my Hauppauge WinTV Nova-T Stick, with USB id 2040:7050

I get the error with all gentoo-sources kernel 2.6.33 and newer, and with git-sources.

All gentoo-sources-2.6.32 and older works OK.

You can see the Gentoo bug here: http://bugs.gentoo.org/show_bug.cgi?id=326511

Comment 2 Adi Kriegisch 2011-02-23 17:42:25 UTC

For me this issue is fixed by applying Jiri Slaby's patch from here:
https://patchwork.kernel.org/patch/534231/

Note You need to log in before you can comment on or make changes to this bug.