Created attachment 97451 [details] output of dmesg I get a null pointer dereference when loading the cx88_dvb module (kernel 3.9.0-rc4, but using an older kernel makes no difference). If I blacklist the cx8800 module, everything works fine. I have a Hauppauge HVR4000 card with multiple tuners (DVB-T, DVB-S, DVB-S2, analog). I'm using only the DVB-S and DVB-S2 tuners, so I don't need the cx8800 module. Attached is the output of dmesg and lspci.
Created attachment 97461 [details] output of lspci
Created attachment 97531 [details] Patch fixing incorrect wm8775 check. Can you test this patch? I'm fairly certain that this will fix the problem. Basically the check whether there is a wm8775 audiochip is incorrect. It looks at the board information, but on some boards the wm8775 is optional so while the board code says there is one, in reality it may be missing. Check whether the wm8775 was actually loaded instead.
Created attachment 97551 [details] output of dmesg after compiling the wm8775 module After your hint about the wm8775, I tried some things (everything without your patch): 1. The wm8775 module was not activated in the kernel configuration. I compiled the module and loaded it before loading the cx8800 module. Afterwards the cx8800 module loaded without problems: [ 105.416538] cx88/0: cx2388x v4l2 driver version 0.0.9 loaded [ 105.416693] cx88[0]/0: found at 0000:01:06.0, rev: 5, irq: 16, latency: 64, mmio: 0xf9000000 [ 105.418163] wm8775 1-001b: chip found @ 0x36 (cx88[0]) [ 105.444734] cx88[0]/0: registered device video0 [v4l2] [ 105.445091] cx88[0]/0: registered device vbi0 [ 105.445357] cx88[0]/0: registered device radio0 2. I unloaded the cx8800 and the wm8775 module and modprobed the cx8800 module without loading the wm8775 module before. Then it crashed: [ 127.235175] cx88/0: cx2388x v4l2 driver version 0.0.9 loaded [ 127.235310] cx88[0]/0: found at 0000:01:06.0, rev: 5, irq: 16, latency: 64, mmio: 0xf9000000 [ 127.236424] i2c i2c-1: Failed to register i2c client wm8775 at 0x1b (-16) [ 127.241261] BUG: unable to handle kernel paging request at ffffffffa00f3150 [ 127.241265] IP: [<ffffffffa002d00f>] v4l2_ctrl_handler_setup+0xcf/0x120 [videodev] [ 127.241280] PGD 260c067 PUD 260d063 PMD 586ce067 PTE 0 [ 127.241285] Oops: 0000 [#1] PREEMPT SMP [ 127.241288] Modules linked in: cx8800(+) wm8775 nvidia(PO) snd_hda_codec_hdmi cx22702 isl6421 cx24116 snd_hda_codec_realtek ir_lirc_codec lirc_dev cx88_dvb ir_rc6_decoder videobuf_dvb ir_rc5_decoder ir_mce_kbd_decoder rc_hauppauge tuner_simple tuner_types tda9887 tda8290 tuner snd_hda_intel snd_hda_codec cx8802 cx88xx stv0299 snd_pcm tveeprom btcx_risc snd_page_alloc videobuf_dma_sg videobuf_core rc_core budget budget_core ttpci_eeprom v4l2_common videodev saa7146 dvb_core [last unloaded: cx8800] [ 127.241317] CPU 0 [ 127.241321] Pid: 423, comm: modprobe Tainted: P O 3.9.0-rc4 #31 [ 127.241323] RIP: 0010:[<ffffffffa002d00f>] [<ffffffffa002d00f>] v4l2_ctrl_handler_setup+0xcf/0x120 [videodev] [ 127.241332] RSP: 0018:ffff880057157af8 EFLAGS: 00010282 [ 127.241334] RAX: ffffffffa00f3140 RBX: ffff88005beabc00 RCX: 0000000000000000 [ 127.241337] RDX: 0000000000000001 RSI: 0000000000000000 RDI: ffff88005beabc00 [ 127.241339] RBP: ffff880057157b38 R08: 0000000000000000 R09: 0000000000000000 [ 127.241341] R10: ffff88005715799f R11: 0000000000000000 R12: 0000000000000001 [ 127.241344] R13: 0000000000000000 R14: ffff88005daa56b0 R15: ffff88005beabc00 [ 127.241346] FS: 00007f94d07bb700(0000) GS:ffff88005fc00000(0000) knlGS:0000000000000000 [ 127.241349] CS: 0010 DS: 0000 ES: 0000 CR0: 000000008005003b [ 127.241351] CR2: ffffffffa00f3150 CR3: 0000000050dcf000 CR4: 00000000000007f0 [ 127.241353] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 127.241356] DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000400 [ 127.241358] Process modprobe (pid: 423, threadinfo ffff880057156000, task ffff88005a199c20) [ 127.241360] Stack: [ 127.241362] 0000727000000001 ffff88005daa5688 ffff880057157b38 ffff88005da78000 [ 127.241366] ffff88005bff3600 ffff88005daa5000 ffff88005daa5688 ffff88005daa5920 [ 127.241369] ffff880057157be8 ffffffffa0a3f3bb 0000000000000000 ffff880057157ba8 [ 127.241373] Call Trace: [ 127.241382] [<ffffffffa0a3f3bb>] cx8800_initdev+0x41b/0x810 [cx8800] [ 127.241388] [<ffffffff821b98b4>] pci_device_probe+0x94/0xd0 [ 127.241394] [<ffffffff8223dcc6>] driver_probe_device+0x76/0x230 [ 127.241398] [<ffffffff8223df1b>] __driver_attach+0x9b/0xa0 [ 127.241402] [<ffffffff8223de80>] ? driver_probe_device+0x230/0x230 [ 127.241406] [<ffffffff8223c055>] bus_for_each_dev+0x55/0x90 [ 127.241410] [<ffffffff8223d7d9>] driver_attach+0x19/0x20 [ 127.241413] [<ffffffff8223d35e>] bus_add_driver+0xfe/0x260 [ 127.241418] [<ffffffffa0042000>] ? 0xffffffffa0041fff [ 127.241422] [<ffffffff8223e392>] driver_register+0x72/0x160 [ 127.241425] [<ffffffffa0042000>] ? 0xffffffffa0041fff [ 127.241429] [<ffffffff821b9196>] __pci_register_driver+0x46/0x50 [ 127.241434] [<ffffffffa0042033>] cx8800_init+0x33/0x35 [cx8800] [ 127.241439] [<ffffffff820002fa>] do_one_initcall+0x11a/0x160 [ 127.241444] [<ffffffff82066638>] load_module+0x1888/0x2140 [ 127.241448] [<ffffffff82063570>] ? free_notes_attrs+0x60/0x60 [ 127.241452] [<ffffffff82066f82>] sys_init_module+0x92/0xb0 [ 127.241457] [<ffffffff82379112>] system_call_fastpath+0x16/0x1b [ 127.241459] Code: ff 48 8b 43 28 4a 8b 04 e8 80 48 34 02 48 8b 43 28 4a 8b 04 e8 80 48 34 01 41 ff c4 44 3b 63 30 72 ca 48 8b 43 38 48 85 c0 74 19 <48> 8b 40 10 48 85 c0 74 10 48 89 df ff d0 85 c0 75 15 0f 1f 80 [ 127.241492] RIP [<ffffffffa002d00f>] v4l2_ctrl_handler_setup+0xcf/0x120 [videodev] [ 127.241500] RSP <ffff880057157af8> [ 127.241501] CR2: ffffffffa00f3150 [ 127.241505] ---[ end trace 0521787f189bcbb8 ]--- 3. After a reboot udev loaded all the modules and it worked (see attached dmesg_with_wm8775.txt)
Created attachment 97561 [details] output of dmesg with your patch applied and the wm8775 module enabled With your patch applied udev loads everything during the system start (see dmesg_with_patch.txt). Also with your patch, if I remove the wm8775 module, the cx8800 module loads without crashing. But (after a clean reboot with the wm8775 enabled) if I just unload the cx8800 module and reload again, it crashes. It makes no difference, if I use your patch or if I don't use it: [ 32.875079] cx88/0: cx2388x v4l2 driver version 0.0.9 loaded [ 32.875360] cx88[0]/0: found at 0000:01:06.0, rev: 5, irq: 16, latency: 64, mmio: 0xf9000000 [ 32.876464] i2c i2c-1: Failed to register i2c client wm8775 at 0x1b (-16) [ 32.881302] BUG: unable to handle kernel paging request at ffffffffa016e110 [ 32.881306] IP: [<ffffffffa003800f>] v4l2_ctrl_handler_setup+0xcf/0x120 [videodev] [ 32.881322] PGD 260c067 PUD 260d063 PMD 59696067 PTE 0 [ 32.881327] Oops: 0000 [#1] PREEMPT SMP [ 32.881330] Modules linked in: cx8800(+) nvidia(PO) cx22702 isl6421 cx24116 wm8775 cx88_dvb videobuf_dvb ir_mce_kbd_decoder ir_lirc_codec ir_rc6_decoder ir_rc5_decoder lirc_dev snd_hda_codec_hdmi rc_hauppauge tuner_simple tuner_types tda9887 tda8290 tuner snd_hda_codec_realtek stv0299 cx8802 cx88xx tveeprom btcx_risc videobuf_dma_sg videobuf_core rc_core snd_hda_intel budget v4l2_common snd_hda_codec budget_core snd_pcm videodev ttpci_eeprom saa7146 dvb_core snd_page_alloc [last unloaded: cx8800] [ 32.881359] CPU 0 [ 32.881363] Pid: 352, comm: modprobe Tainted: P O 3.9.0-rc4 #31 [ 32.881366] RIP: 0010:[<ffffffffa003800f>] [<ffffffffa003800f>] v4l2_ctrl_handler_setup+0xcf/0x120 [videodev] [ 32.881374] RSP: 0018:ffff880053d3daf8 EFLAGS: 00010286 [ 32.881377] RAX: ffffffffa016e100 RBX: ffff88005a142780 RCX: 0000000000000000 [ 32.881379] RDX: 0000000000000001 RSI: 0000000000000000 RDI: ffff88005a142780 [ 32.881381] RBP: ffff880053d3db38 R08: 0000000000000000 R09: 0000000000000000 [ 32.881384] R10: ffff880053d3d99f R11: 0000000000000000 R12: 0000000000000001 [ 32.881386] R13: 0000000000000000 R14: ffff88005b9fe6b0 R15: ffff88005a142780 [ 32.881389] FS: 00007f39f142e700(0000) GS:ffff88005fc00000(0000) knlGS:0000000000000000 [ 32.881391] CS: 0010 DS: 0000 ES: 0000 CR0: 000000008005003b [ 32.881394] CR2: ffffffffa016e110 CR3: 000000005bb5e000 CR4: 00000000000007f0 [ 32.881396] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 32.881398] DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000400 [ 32.881401] Process modprobe (pid: 352, threadinfo ffff880053d3c000, task ffff88005a05a760) [ 32.881403] Stack: [ 32.881405] 0000727000000001 ffff88005b9fe688 ffff880053d3db38 ffff88005da78000 [ 32.881408] ffff88005d302a00 ffff88005b9fe000 ffff88005b9fe688 ffff88005b9fe920 [ 32.881412] ffff880053d3dbe8 ffffffffa004c36b 0000000000000000 ffff880053d3dba8 [ 32.881415] Call Trace: [ 32.881425] [<ffffffffa004c36b>] cx8800_initdev+0x41b/0x810 [cx8800] [ 32.881431] [<ffffffff821b98b4>] pci_device_probe+0x94/0xd0 [ 32.881437] [<ffffffff8223dcc6>] driver_probe_device+0x76/0x230 [ 32.881441] [<ffffffff8223df1b>] __driver_attach+0x9b/0xa0 [ 32.881445] [<ffffffff8223de80>] ? driver_probe_device+0x230/0x230 [ 32.881449] [<ffffffff8223c055>] bus_for_each_dev+0x55/0x90 [ 32.881453] [<ffffffff8223d7d9>] driver_attach+0x19/0x20 [ 32.881457] [<ffffffff8223d35e>] bus_add_driver+0xfe/0x260 [ 32.881461] [<ffffffffa001b000>] ? 0xffffffffa001afff [ 32.881465] [<ffffffff8223e392>] driver_register+0x72/0x160 [ 32.881468] [<ffffffffa001b000>] ? 0xffffffffa001afff [ 32.881472] [<ffffffff821b9196>] __pci_register_driver+0x46/0x50 [ 32.881477] [<ffffffffa001b033>] cx8800_init+0x33/0x35 [cx8800] [ 32.881482] [<ffffffff820002fa>] do_one_initcall+0x11a/0x160 [ 32.881487] [<ffffffff82066638>] load_module+0x1888/0x2140 [ 32.881491] [<ffffffff82063570>] ? free_notes_attrs+0x60/0x60 [ 32.881496] [<ffffffff82066f82>] sys_init_module+0x92/0xb0 [ 32.881500] [<ffffffff82379112>] system_call_fastpath+0x16/0x1b [ 32.881502] Code: ff 48 8b 43 28 4a 8b 04 e8 80 48 34 02 48 8b 43 28 4a 8b 04 e8 80 48 34 01 41 ff c4 44 3b 63 30 72 ca 48 8b 43 38 48 85 c0 74 19 <48> 8b 40 10 48 85 c0 74 10 48 89 df ff d0 85 c0 75 15 0f 1f 80 [ 32.881535] RIP [<ffffffffa003800f>] v4l2_ctrl_handler_setup+0xcf/0x120 [videodev] [ 32.881543] RSP <ffff880053d3daf8> [ 32.881545] CR2: ffffffffa016e110 [ 32.881548] ---[ end trace 8bba08432f33ab62 ]---
Sebastian, my apologies for the delay. For some reason I did not get an email when you made your comments so I didn't realize that you had done so until I manually opened this bug report. The unload/reload issue is unrelated to this particular bug. Looking at the code I think that the unload sequence is broken. Not an issue for normal use, so it is less critical. Basically I am not surprised that there are issues with that. I've posted my fix to the mailinglist, and I will close this bug report once it is accepted.
is it possible that this bug is related or the same as this https://bugzilla.kernel.org/show_bug.cgi?id=48511 ???
It looks awfully similar, yes. What cx88 card do you have?
subsystem: 0070:6906, board: Hauppauge WinTV-HVR4000(Lite) DVB-S/S2 [card=69,autodetected] tveeprom 9-0050: Hauppauge model 69100, rev B2C3, serial# 5309248
added a comment und 2 logfiles to https://bugzilla.kernel.org/show_bug.cgi?id=48511