[Bugme-new] [Bug 20372] New: NULL pointer dereference

bugzilla-daemon at bugzilla.kernel.org bugzilla-daemon at bugzilla.kernel.org
Thu Oct 14 12:17:58 PDT 2010 

https://bugzilla.kernel.org/show_bug.cgi?id=20372

           Summary: NULL pointer dereference
           Product: v4l-dvb
           Version: unspecified
    Kernel Version: linux-2.6.35.5
          Platform: All
        OS/Version: Linux
              Tree: Mainline
            Status: NEW
          Severity: high
          Priority: P1
         Component: dvb-usb
        AssignedTo: v4l-dvb_dvb-usb at kernel-bugs.osdl.org
        ReportedBy: soos.mate at gmail.com
        Regression: No


Created an attachment (id=33652)
 --> (https://bugzilla.kernel.org/attachment.cgi?id=33652)
dmesg output

I was running "gnome-dvb-setup", and did some strange set of actions (cancel,
then forward, then cancel, etc.). It seemd to have gone haywire. Then I looked
at the dmesg, and I got this:

[27332.491854] BUG: unable to handle kernel NULL pointer dereference at
0000000000000012
[27332.491862] IP: [<ffffffffa00cd59f>] i2c_transfer+0x1a/0xc1 [i2c_core]
[27332.491874] PGD 332d1067 PUD 37f20067 PMD 0 
[27332.491879] Oops: 0000 [#1] SMP 
[27332.491882] last sysfs file:
/sys/devices/pci0000:00/0000:00:1d.7/usb1/1-7/product
[27332.491886] CPU 1 
[27332.491887] Modules linked in: mt2060 dvb_usb_dib0700 dib7000p dib0090
dib7000m dib0070 dvb_usb dib8000 dvb_core dib3000mc dibx000_common usb_storage
snd_emu10k1_synth snd_emux_synth snd_seq_virmidi snd_seq_midi_emul snd_emu10k1
snd_ac97_codec ac97_bus snd_pcm_oss snd_mixer_oss snd_pcm snd_page_alloc
snd_util_mem snd_hwdep snd_seq_midi snd_rawmidi snd_seq_midi_event snd_seq
snd_timer snd_seq_device snd soundcore mperf cpufreq_powersave
cpufreq_conservative cpufreq_userspace cpufreq_stats ppdev microcode coretemp
firewire_sbp2 nouveau drm_kms_helper i5k_amb tpm_tis tpm tpm_bios parport_pc
emu10k1_gp i2c_algo_bit gameport i2c_i801 rng_core ttm drm i2c_core loop uinput
binfmt_misc crc16 lp parport ide_cd_mod cdrom ata_generic ata_piix usbhid hid
uhci_hcd ahci libahci piix ehci_hcd tg3 firewire_ohci firewire_core ide_core
crc_itu_t i5000_edac usbcore libata shpchp evdev edac_core libphy pcspkr dcdbas
pci_hotplug nls_base processor button thermal thermal_sys [last unloaded:
scsi_wait_scan]
[27332.491958] 
[27332.491962] Pid: 24898, comm: gnome-dvb-daemo Not tainted 2.6.35.5 #5
0GU083/Precision WorkStation 490    
[27332.491965] RIP: 0010:[<ffffffffa00cd59f>]  [<ffffffffa00cd59f>]
i2c_transfer+0x1a/0xc1 [i2c_core]
[27332.491971] RSP: 0018:ffff880084119b88  EFLAGS: 00010286
[27332.491973] RAX: 00000000ffffffa1 RBX: 0000000000000002 RCX:
0000000000000000
[27332.491976] RDX: 0000000000000002 RSI: ffff880084119bc8 RDI:
0000000000000002
[27332.491979] RBP: 0000000000000000 R08: ffff880037c08900 R09:
0000000000000001
[27332.491981] R10: 0000000000000080 R11: ffff880120cc4400 R12:
ffffc90013d3d000
[27332.491984] R13: ffff880084119bc8 R14: 0000000000000002 R15:
ffffc90013e58000
[27332.491987] FS:  00007fe9b2968710(0000) GS:ffff880001a40000(0000)
knlGS:0000000000000000
[27332.491990] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[27332.491992] CR2: 0000000000000012 CR3: 000000001a51f000 CR4:
00000000000006e0
[27332.491995] DR0: 0000000000000000 DR1: 0000000000000000 DR2:
0000000000000000
[27332.491998] DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7:
0000000000000400
[27332.492001] Process gnome-dvb-daemo (pid: 24898, threadinfo
ffff880084118000, task ffff880065c46630)
[27332.492003] Stack:
[27332.492005]  ffff880100000e00 ffffffff00000000 00000000000000eb
0000000000000000
[27332.492009] <0> ffffc90013d3d000 0000000000000001 ffff8800b12b20e0
ffffffffa027b109
[27332.492013] <0> ffff000200000010 ffff880084119bf8 0000000200010010
ffff880084119be8
[27332.492017] Call Trace:
[27332.492024]  [<ffffffffa027b109>] ? dib7000p_read_word+0x6e/0xbe [dib7000p]
[27332.492029]  [<ffffffffa0102a93>] ? usb_urb_submit+0x26/0x67 [dvb_usb]
[27332.492034]  [<ffffffffa027bcdb>] ? dib7000p_pid_filter_ctrl+0x1f/0x7b
[dib7000p]
[27332.492038]  [<ffffffffa01020ad>] ? dvb_usb_ctrl_feed+0xcb/0x113 [dvb_usb]
[27332.492047]  [<ffffffffa03be659>] ? dmx_ts_feed_start_filtering+0x73/0xc9
[dvb_core]
[27332.492054]  [<ffffffffa03bb9e5>] ? dvb_dmxdev_start_feed+0xb5/0xe6
[dvb_core]
[27332.492060]  [<ffffffffa03bcb3a>] ? dvb_dmxdev_filter_start+0x2b4/0x301
[dvb_core]
[27332.492067]  [<ffffffffa03bd2c4>] ? dvb_demux_do_ioctl+0x25d/0x4a5
[dvb_core]
[27332.492074]  [<ffffffff810ea065>] ? chrdev_open+0x0/0x145
[27332.492080]  [<ffffffffa03bb39f>] ? dvb_usercopy+0xb2/0x12e [dvb_core]
[27332.492086]  [<ffffffffa03bd067>] ? dvb_demux_do_ioctl+0x0/0x4a5 [dvb_core]
[27332.492091]  [<ffffffff810fc06e>] ? mntput_no_expire+0x23/0xde
[27332.492095]  [<ffffffff810f27df>] ? do_filp_open+0x510/0x58e
[27332.492101]  [<ffffffffa03bc01f>] ? dvb_demux_ioctl+0x38/0x5a [dvb_core]
[27332.492104]  [<ffffffff810f351a>] ? vfs_ioctl+0x23/0x93
[27332.492107]  [<ffffffff810f3dab>] ? do_vfs_ioctl+0x45d/0x497
[27332.492111]  [<ffffffff810f04ef>] ? getname+0x23/0x1b1
[27332.492114]  [<ffffffff810f3e30>] ? sys_ioctl+0x4b/0x6f
[27332.492119]  [<ffffffff810e6044>] ? do_sys_open+0xea/0xf9
[27332.492125]  [<ffffffff810089c2>] ? system_call_fastpath+0x16/0x1b
[27332.492127] Code: 48 c7 c2 e3 d1 0c a0 e8 1c 5f 16 e1 48 83 c4 18 c3 41 56
41 89 d6 b8 a1 ff ff ff 41 55 49 89 f5 41 54 55 53 48 89 fb 48 83 ec 10 <48> 8b
57 10 48 83 3a 00 0f 84 8c 00 00 00 65 48 8b 04 25 08 cc 
[27332.492158] RIP  [<ffffffffa00cd59f>] i2c_transfer+0x1a/0xc1 [i2c_core]
[27332.492164]  RSP <ffff880084119b88>
[27332.492165] CR2: 0000000000000012
[27332.492185] ---[ end trace b75f99b9dc4d902c ]---
[27883.754976] usb 1-7: USB disconnect, address 7
[27883.772677] mt2060 I2C write failed


The insertion of the module for my Nova-T USB stick was the following:
[26964.444012] usb 1-7: new high speed USB device using ehci_hcd and address 7
[26964.576900] usb 1-7: New USB device found, idVendor=2040, idProduct=7050
[26964.576903] usb 1-7: New USB device strings: Mfr=1, Product=2,
SerialNumber=3
[26964.576905] usb 1-7: Product: Nova-T Stick
[26964.576908] usb 1-7: Manufacturer: Hauppauge
[26964.576909] usb 1-7: SerialNumber: 4027216528
[26964.577274] dvb-usb: found a 'Hauppauge Nova-T Stick' in cold state, will
try to load a firmware
[26964.580510] dvb-usb: downloading firmware from file
'dvb-usb-dib0700-1.20.fw'
[26964.783773] dib0700: firmware started successfully.
[26965.284237] dvb-usb: found a 'Hauppauge Nova-T Stick' in warm state.
[26965.284299] dvb-usb: will pass the complete MPEG2 transport stream to the
software demuxer.
[26965.284413] DVB: registering new adapter (Hauppauge Nova-T Stick)
[26965.616534] DVB: registering adapter 0 frontend 0 (DiBcom
7000MA/MB/PA/PB/MC)...
[26965.620157] MT2060: successfully identified (IF1 = 1235)
[26966.098625] input: IR-receiver inside an USB DVB receiver as
/devices/pci0000:00/0000:00:1d.7/usb1/1-7/input/input8
[26966.098696] dvb-usb: schedule remote query interval to 50 msecs.
[26966.098699] dvb-usb: Hauppauge Nova-T Stick successfully initialized and
connected.

This _immediately_ preceded the above NULL pointer dereference message.

The linux kernel I am using was compiled manually from sources directly from
kernel.org on this machine (the same as the one that had the NULL dereference):

cat /proc/cpuinfo

processor       : 0
vendor_id       : GenuineIntel
cpu family      : 6
model           : 15
model name      : Intel(R) Xeon(R) CPU            5130  @ 2.00GHz
stepping        : 6
cpu MHz         : 1994.864
cache size      : 4096 KB
physical id     : 0
siblings        : 2
core id         : 0
cpu cores       : 2
apicid          : 0
initial apicid  : 0
fpu             : yes
fpu_exception   : yes
cpuid level     : 10
wp              : yes
flags           : fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov
pat pse36 clflush dts acpi mmx fxsr sse sse2 ss ht tm pbe syscall nx lm
constant_tsc arch_perfmon pebs bts rep_good aperfmperf pni dtes64 monitor
ds_cpl vmx tm2 ssse3 cx16 xtpr pdcm dca lahf_lm tpr_shadow
bogomips        : 3989.72
clflush size    : 64
cache_alignment : 64
address sizes   : 36 bits physical, 48 bits virtual
power management:

processor       : 1
vendor_id       : GenuineIntel
cpu family      : 6
model           : 15
model name      : Intel(R) Xeon(R) CPU            5130  @ 2.00GHz
stepping        : 6
cpu MHz         : 1994.864
cache size      : 4096 KB
physical id     : 0
siblings        : 2
core id         : 1
cpu cores       : 2
apicid          : 1
initial apicid  : 1
fpu             : yes
fpu_exception   : yes
cpuid level     : 10
wp              : yes
flags           : fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov
pat pse36 clflush dts acpi mmx fxsr sse sse2 ss ht tm pbe syscall nx lm
constant_tsc arch_perfmon pebs bts rep_good aperfmperf pni dtes64 monitor
ds_cpl vmx tm2 ssse3 cx16 xtpr pdcm dca lahf_lm tpr_shadow
bogomips        : 3989.97
clflush size    : 64
cache_alignment : 64
address sizes   : 36 bits physical, 48 bits virtual
power management:

The computer is a couple-of-year old Dell Precision 490.

I am running Debian squeeze, but as stated previously, I have a manually
compiled and installed the kernel:

uname -a

Linux sleepy 2.6.35.5 #5 SMP Fri Sep 24 01:09:21 CEST 2010 x86_64 GNU/Linux

I have attached the full dmesg output.

-- 
Configure bugmail: https://bugzilla.kernel.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.

More information about the Bugme-new mailing list