Bug#729760: [linux] Segfault in pvrusb2 after suspend/resume
Package: linux-image-3.2.0-4-amd64
Version: 3.2.51-1
Recording oopses sometimes after suspend/resume cycles
within pvrusb2.
This happens at start or few seconds into a recording
started after such suspend/resume cycle.
Bisecting upstream tells me
bd20948dc24c3a1cf5ea18385943783f11c2c751 is the first bad commit.
(though it's not 100% because oops not always happens)
This was touched again in 3.2.52, which I'm currently testing.
No oopses happened as of this writing. I'll report back if something
changes.
BUG: unable to handle kernel NULL pointer dereference at (null)
IP: [<ffffffffa057373c>] pvr2_v4l2_dev_destroy+0x26/0xc5 [pvrusb2]
PGD 1f1050067 PUD 1a59f2067 PMD 0
Oops: 0000 [#1] SMP
CPU 0
Modules linked in: pvrusb2 btusb ext3 jbd sha256_generic usb_storage
parport_pc ppdev lp parport bnep cpufreq_userspace cpufreq_powersave
cpufreq
_stats cpufreq_conservative rfcomm bluetooth snd_hrtimer pci_stub nfsd nfs
nfs_acl auth_rpcgss fscache lockd sunrpc nls_utf8 nls_cp437 vfat fat
ext2 loop tuner_simple tuner_types tda9887 tda
8290 tuner msp3400 saa7115 cx2341x dvb_core tveeprom v4l2_common videodev
v4l2_compat_ioctl32 media snd_hda_codec_hdmi snd_hda_codec_via
snd_hda_intel snd_hda_codec
pvrusb2: unregistered device radio0 [mpeg]
snd_hwdep snd_pcm snd_page_alloc snd_seq snd_seq_device snd_timer snd i915
eeepc_wmi asus_wmi sparse_keymap rfkill soundcore iTCO_wdt iTCO_vendo
r_support drm_kms_helper drm i2c_i801 acpi_cpufreq i2c_algo_bit mperf coretemp
wmi processor video button evdev i2c_core psmouse efivars
serio_raw pcspkr ext4 crc16 jbd2 mbcache xts gf128mul
dm_crypt dm_mod microcode sg sr_mod sd_mod cdrom crc_t10dif crc32c_intel
ghash_clmulni_intel xhci_hcd ahci libahci aesni_intel thermal
aes_x86_64 libata r8169 mii ehci_hcd scsi_mod fan ther
mal_sys aes_generic cryptd usbcore usb_common [last unloaded: pvrusb2]
Pid: 31186, comm: v4l_id Tainted: G O 3.2.0-4-amd64 #1 Debian
3.2.51-1
RIP: 0010:[<ffffffffa057373c>] [<ffffffffa057373c>]
pvr2_v4l2_dev_destroy+0x26/0xc5 [pvrusb2]
RSP: 0018:ffff88013364be18 EFLAGS: 00010246
RAX: 0000000000000000 RBX: ffff880183338c00 RCX: ffff8801312ef338
RDX: 0000000000000048 RSI: ffff88007fd7d980 RDI: 0000000000000001
RBP: ffff88009b940740 R08: ffff88013364a000 R09: 0000000000000246
R10: ffff88007fd7d980 R11: ffff8801e6144f40 R12: ffff88009786f0c0
R13: ffff8801312ee000 R14: ffff8801552a9c80 R15: ffff88009786f0d0
FS: 00007fba8115d700(0000) GS:ffff88021ea00000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 000000008005003b
CR2: 0000000000000000 CR3: 0000000170121000 CR4: 00000000001406f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000400
Process v4l_id (pid: 31186, threadinfo ffff88013364a000, task
ffff8801de268fe0)
Stack:
ffffffff8134f247 ffffffffa056da44 ffffffff81036628 0000000000000000
ffff8801de268fe0 ffffffff8105fc83 ffff88013364be48 ffff88007fd7d980
0000000000000282 ffffffffa057394a ffff8801312ee000 000000004282e7f0
Call Trace:
[<ffffffff8134f247>] ? _raw_spin_unlock_irqrestore+0xe/0xf
[<ffffffffa056da44>] ? pvr2_hdw_wait+0xc0/0xd0 [pvrusb2]
[<ffffffff81036628>] ? should_resched+0x5/0x23
[<ffffffff8105fc83>] ? add_wait_queue+0x3c/0x3c
[<ffffffffa057394a>] ? pvr2_v4l2_release+0x114/0x137 [pvrusb2]
[<ffffffffa0573803>] ? pvr2_v4l2_destroy_no_lock+0x28/0x5b [pvrusb2]
[<ffffffffa0573963>] ? pvr2_v4l2_release+0x12d/0x137 [pvrusb2]
[<ffffffffa0391151>] ? v4l2_release+0x3e/0x62 [videodev]
[<ffffffff810fb529>] ? fput+0xf9/0x1a1
[<ffffffff8134de91>] ? __schedule+0x5f9/0x610
[<ffffffff810f9254>] ? filp_close+0x62/0x6a
[<ffffffff810f92ea>] ? sys_close+0x8e/0xcb
[<ffffffff81354212>] ? system_call_fastpath+0x16/0x1b
Code: e9 63 b6 ff ff 55 53 48 89 fb 48 83 ec 68 65 48 8b 04 25 28 00 00 00 48
89 44 24 58 31 c0 48 8b 87 b0 03 00 00 8b bf c0 03 00 00 <48> 8b
00 48 8b 68 30 e8 91 a6 ff ff 48 8b 8b d8 00 00 00 49 89
RIP [<ffffffffa057373c>] pvr2_v4l2_dev_destroy+0x26/0xc5 [pvrusb2]
RSP <ffff88013364be18>
CR2: 0000000000000000
---[ end trace 0390a7f66b525677 ]---
Reply to: