[pvrusb2] Kernel oops in pvrusb2 driver

Gary Buhrmaster gary.buhrmaster at gmail.com
Mon Jan 9 21:48:17 CST 2012


While admittedly abusive (I was trying to test something else),
there may be a race in the pvrusb2 driver (I can file a fedora
bugzilla request if desired).

Environment: Fedora 16, 64 bit, 3.1.7 kernel, HVR-1950
How reproducable: 100% (well, 4 out of 4 test cases).
Importance: Low (I doubt anyone is going to be so abusive)
Result: kernel oops

Scenerio:

running a perl program doing a
   while(1) { sysopen(F,"/dev/video0",O_RDWR); close(F);}
(the v4l device was instantiated as /dev/video0),
I unplugged the usb cable, and received this oops:


kernel oops:

[89096.369019] usb 2-1.8: USB disconnect, device number 5
[89096.369082] pvrusb2: Device being rendered inoperable
[89096.369154] BUG: unable to handle kernel NULL pointer dereference
at 0000000000000020
[89096.369193] pvrusb2: unregistered device video0 [mpeg]
[89096.370522] IP: [<ffffffff815aea38>] klist_put+0x28/0xa0
[89096.371208] PGD 0
[89096.371893] Oops: 0000 [#1] SMP
[89096.372560] CPU 1
[89096.372568] Modules linked in: s5h1411 tda18271 tda8290 tuner
cx25840 pvrusb2 dvb_core cx2341x tveeprom v4l2_common videodev media
v4l2_compat_ioctl32 tcp_lp fuse lockd bnep bluetooth rfkill
ip6t_REJECT nf_conntrack_ipv6 nf_conntrack_ipv4 nf_defrag_ipv6
w83627ehf hwmon_vid coretemp nf_defrag_ipv4 ip6table_filter xt_state
nf_conntrack ip6_tables sunrpc snd_hda_codec_hdmi
snd_hda_codec_realtek snd_hda_intel snd_hda_codec snd_hwdep snd_seq
snd_seq_device snd_pcm snd_timer snd microcode iTCO_wdt
iTCO_vendor_support i2c_i801 e1000e soundcore snd_page_alloc serio_raw
uinput firewire_ohci firewire_core pata_acpi raid1 crc_itu_t
ata_generic megaraid_sas i915 drm_kms_helper drm i2c_algo_bit i2c_core
video [last unloaded: scsi_wait_scan]
[89096.377496]
[89096.378207] Pid: 19922, comm: pvrusb2-context Not tainted
3.1.7-1.fc16.x86_64 #1                  /DQ67SW
[89096.378942] RIP: 0010:[<ffffffff815aea38>]  [<ffffffff815aea38>]
klist_put+0x28/0xa0
[89096.379690] RSP: 0018:ffff8803a43ffd60  EFLAGS: 00010246
[89096.380444] RAX: 000000000000005b RBX: 0000000000000000 RCX: 00000000000205b8
[89096.381202] RDX: ffffffff81a9dd30 RSI: 0000000000000001 RDI: 0000000000000000
[89096.381932] RBP: ffff8803a43ffd80 R08: ffffffff81a9dd30 R09: ffffffff812aa582
[89096.382683] R10: 000000000000000a R11: 0000000000000001 R12: ffff8803df23f9e8
[89096.383439] R13: ffff8803f0c62900 R14: 0000000000000001 R15: ffff880407537888
[89096.384222] FS:  0000000000000000(0000) GS:ffff88043e280000(0000)
knlGS:0000000000000000
[89096.384968] CS:  0010 DS: 0000 ES: 0000 CR0: 000000008005003b
[89096.385763] CR2: 0000000000000020 CR3: 000000040d207000 CR4: 00000000000406e0
[89096.386549] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[89096.387342] DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000400
[89096.388122] Process pvrusb2-context (pid: 19922, threadinfo
ffff8803a43fe000, task ffff8803f0e7ae60)
[89096.388900] Stack:
[89096.389694]  ffff8803f0e7ae60 ffff8803df23f9e8 ffff8803f0c62900
ffff8803931c7098
[89096.390502]  ffff8803a43ffd90 ffffffff815aeaee ffff8803a43ffde0
ffffffff815aec08
[89096.391293]  ffffffff81a9dd30 ffffffff81a9dd30 ffff8803df23f9e8
ffff8803f0e7ae60
[89096.392091] Call Trace:
[89096.392856]  [<ffffffff815aeaee>] klist_del+0xe/0x10
[89096.393653]  [<ffffffff815aec08>] klist_remove+0x58/0xa0
[89096.394451]  [<ffffffff81388545>] device_move+0x95/0x2a0
[89096.395270]  [<ffffffffa03b3bf3>]
pvr2_v4l2_dev_disassociate_parent+0x33/0x40 [pvrusb2]
[89096.396081]  [<ffffffffa03b4041>]
pvr2_v4l2_internal_check+0x31/0x50 [pvrusb2]
[89096.396866]  [<ffffffffa03b68aa>]
pvr2_context_thread_func+0xda/0x330 [pvrusb2]
[89096.397678]  [<ffffffff8108e6b0>] ? remove_wait_queue+0x50/0x50
[89096.398488]  [<ffffffffa03b67d0>] ? pvr2_context_destroy+0xe0/0xe0 [pvrusb2]
[89096.399303]  [<ffffffff8108de0c>] kthread+0x8c/0xa0
[89096.400115]  [<ffffffff815deef4>] kernel_thread_helper+0x4/0x10
[89096.400902]  [<ffffffff8108dd80>] ? kthread_worker_fn+0x190/0x190
[89096.401750]  [<ffffffff815deef0>] ? gs_change+0x13/0x13
[89096.402582] Code: 00 00 00 55 48 89 e5 48 83 ec 20 4c 89 65 e8 4c
89 75 f8 49 89 fc 48 89 5d e0 4c 89 6d f0 41 89 f6 48 8b 1f 48 83 e3
fe 48 89 df <4c> 8b 6b 20 e8 2f 66 02 00 45 84 f6 74 10 49 8b 04 24 a8
01 75
[89096.404444] RIP  [<ffffffff815aea38>] klist_put+0x28/0xa0
[89096.405330]  RSP <ffff8803a43ffd60>
[89096.406193] CR2: 0000000000000020
[89096.689336] ---[ end trace 22154e4d0f29d294 ]---


More information about the pvrusb2 mailing list