TBS6902 Linux 4.11.10 crash #69

rubdos · 2017-07-22T16:08:52Z

[   17.434300] BUG: unable to handle kernel NULL pointer dereference at           (null)
[   17.434313] IP: av201x_wrm+0x2a/0xe0 [av201x]
[   17.434317] PGD 0 

[   17.434322] Oops: 0000 [#1] SMP
[   17.434325] Modules linked in: ipt_MASQUERADE nf_nat_masquerade_ipv4 xt_addrtype ip6t_rpfilter ip6t_REJECT nf_reject_ipv6 ip_set nfnetlink ebtable_broute ebtable_nat ip6table_mangle ip6table_raw xt_conntrack ip6table_security br_netfilter ip6table_nat nf_conntrack_ipv6 bridge nf_defrag_ipv6 nf_nat_ipv6 stp iptable_mangle llc iptable_raw iptable_security iptable_nat nf_conntrack_ipv4 nf_defrag_ipv4 nf_nat_ipv4 nf_nat nf_conntrack libcrc32c ebtable_filter ebtables ip6table_filter ip6_tables av201x(OE) vfat fat edac_mce_amd edac_core kvm snd_hda_codec_realtek snd_hda_codec_generic eeepc_wmi asus_wmi snd_hda_intel sparse_keymap snd_hda_codec irqbypass rfkill video crct10dif_pclmul crc32_pclmul ghash_clmulni_intel snd_hda_core snd_hwdep snd_pcm tbsecp3(OE) snd_timer tas2101(OE) snd dvb_core i2c_mux soundcore
[   17.434378]  ccp sp5100_tco i2c_piix4 shpchp wmi i2c_designware_platform i2c_designware_core acpi_cpufreq tpm_tis tpm_tis_core tpm nfsd auth_rpcgss nfs_acl lockd grace sunrpc btrfs xor raid6_pq crc32c_intel r8169 nvme mii nvme_core
[   17.434408] CPU: 1 PID: 1624 Comm: kdvb-ad-1-fe-0 Tainted: G           OE   4.11.10-200.fc25.x86_64 #1
[   17.434417] Hardware name: System manufacturer System Product Name/PRIME A320M-K, BIOS 0608 05/05/2017
[   17.434426] task: ffff9d2481282580 task.stack: ffffb0d00318c000
[   17.434433] RIP: 0010:av201x_wrm+0x2a/0xe0 [av201x]
[   17.434439] RSP: 0018:ffffb0d00318fd38 EFLAGS: 00010246
[   17.434445] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 00000000000000ff
[   17.434450] RDX: 0000000000000002 RSI: ffffb0d00318fdb6 RDI: 0000000000000000
[   17.434456] RBP: ffffb0d00318fd70 R08: ffff9d24b9586200 R09: 0000000000000000
[   17.434462] R10: ffffb0d00318fe08 R11: 0000000000000004 R12: ffffb0d00318fdb6
[   17.434467] R13: 0000000000000002 R14: 0000000000000000 R15: ffff9d24b6efc800
[   17.434473] FS:  0000000000000000(0000) GS:ffff9d24be640000(0000) knlGS:0000000000000000
[   17.434482] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   17.434488] CR2: 0000000000000000 CR3: 00000003f73b1000 CR4: 00000000003406e0
[   17.434493] Call Trace:
[   17.434502]  ? i2c_mux_unlock_bus+0x31/0x40 [i2c_mux]
[   17.434509]  av201x_regmask+0xcf/0x160 [av201x]
[   17.434517]  ? tas2101_wrm+0x5d/0xe0 [tas2101]
[   17.434524]  av201x_wrtable+0x3e/0x70 [av201x]
[   17.434530]  ? av201x_wrtable+0x3e/0x70 [av201x]
[   17.434537]  av201x_init+0x3f/0x130 [av201x]
[   17.434543]  ? tas2101_initfe+0x121/0x160 [tas2101]
[   17.434555]  dvb_frontend_init+0x51/0xb0 [dvb_core]
[   17.434565]  dvb_frontend_thread+0x8c/0x700 [dvb_core]
[   17.434572]  ? __schedule+0x3c0/0x8a0
[   17.434580]  kthread+0x109/0x140
[   17.434590]  ? dtv_set_frontend+0x420/0x420 [dvb_core]
[   17.434596]  ? kthread_park+0x90/0x90
[   17.434603]  ret_from_fork+0x25/0x30
[   17.434608] Code: 00 0f 1f 44 00 00 55 48 89 e5 41 55 41 54 53 48 89 fb 49 89 f4 41 89 d5 48 83 ec 20 65 48 8b 04 25 28 00 00 00 48 89 45 e0 31 c0 <48> 8b 07 0f b6 00 66 89 55 d4 48 89 75 d8 66 89 45 d0 31 c0 66 
[   17.434656] RIP: av201x_wrm+0x2a/0xe0 [av201x] RSP: ffffb0d00318fd38
[   17.434661] CR2: 0000000000000000
[   17.434667] ---[ end trace 34807536dd2b5693 ]---

[root@xxx ~]# lspci -vks 24:00.0
24:00.0 Multimedia controller: TBS Technologies DVB-S2 4 Tuner PCIe Card
	Subsystem: Device 6902:0002
	Flags: bus master, fast devsel, latency 0, IRQ 55
	Memory at fe500000 (32-bit, non-prefetchable) [size=256K]
	Capabilities: [50] Power Management version 3
	Capabilities: [70] MSI: Enable+ Count=1/1 Maskable- 64bit+
	Capabilities: [90] Express Endpoint, MSI 00
	Capabilities: [100] Device Serial Number 00-00-00-00-00-00-00-00
	Kernel driver in use: TBSECP3 driver
	Kernel modules: tbsecp3

Please advice :-)

The text was updated successfully, but these errors were encountered:

cz172638 · 2017-07-27T14:28:44Z

same with tbs5990 (usb).
after git pull i received 600 commits, not able to identify which is last before merging 4.12 commits
with 4.12.3 kernel it works
problem is on kernel-rt where patch is for 4.11

In list_add, the first variable is the new node and the second is the list head. The function is called with a wrong order causing NULL dereference: [ 15.527030] Unable to handle kernel NULL pointer dereference at virtual address 0000000000000008 [ 15.542317] Mem abort info: [ 15.545152] ESR = 0x96000044 [ 15.548248] EC = 0x25: DABT (current EL), IL = 32 bits [ 15.553624] SET = 0, FnV = 0 [ 15.556715] EA = 0, S1PTW = 0 [ 15.559892] Data abort info: [ 15.562799] ISV = 0, ISS = 0x00000044 [ 15.566678] CM = 0, WnR = 1 [ 15.569683] user pgtable: 4k pages, 48-bit VAs, pgdp=00000001373f0000 [ 15.576196] [0000000000000008] pgd=0000000000000000, p4d=0000000000000000 [ 15.583101] Internal error: Oops: 96000044 [#1] PREEMPT SMP [ 15.588747] Modules linked in: mtk_mdp(+) cfg80211 v4l2_mem2mem videobuf2_vmalloc videobuf2_dma_contig videobuf2_memops videobuf2_v4l2 videobuf2_common vide odev mt8173_rt5650 smsc95xx usbnet ecdh_generic ecc snd_soc_rt5645 mc mt8173_afe_pcm rfkill cros_ec_sensors snd_soc_mtk_common elan_i2c crct10dif_ce cros_ec_se nsors_core snd_soc_rl6231 elants_i2c industrialio_triggered_buffer kfifo_buf mtk_vpu cros_ec_chardev cros_usbpd_charger cros_usbpd_logger sbs_battery display_c onnector pwm_bl ip_tables x_tables ipv6 [ 15.634295] CPU: 0 PID: 188 Comm: systemd-udevd Not tainted 5.9.0-rc2+ #69 [ 15.641242] Hardware name: Google Elm (DT) [ 15.645381] pstate: 20000005 (nzCv daif -PAN -UAO BTYPE=--) [ 15.651022] pc : mtk_mdp_probe+0x134/0x3a8 [mtk_mdp] [ 15.656041] lr : mtk_mdp_probe+0x128/0x3a8 [mtk_mdp] [ 15.661055] sp : ffff80001255b910 [ 15.669548] x29: ffff80001255b910 x28: 0000000000000000 [ 15.679973] x27: ffff800009089bf8 x26: ffff0000fafde800 [ 15.690347] x25: ffff0000ff7d2768 x24: ffff800009089010 [ 15.700670] x23: ffff0000f01a7cd8 x22: ffff0000fafde810 [ 15.710940] x21: ffff0000f01a7c80 x20: ffff0000f0c3c180 [ 15.721148] x19: ffff0000ff7f1618 x18: 0000000000000010 [ 15.731289] x17: 0000000000000000 x16: 0000000000000000 [ 15.741375] x15: 0000000000aaaaaa x14: 0000000000000020 [ 15.751399] x13: 00000000ffffffff x12: 0000000000000020 [ 15.761363] x11: 0000000000000028 x10: 0101010101010101 [ 15.771279] x9 : 0000000000000004 x8 : 7f7f7f7f7f7f7f7f [ 15.781148] x7 : 646bff6171606b2b x6 : 0000000000806d65 [ 15.790981] x5 : ffff0000ff7f8360 x4 : 0000000000000000 [ 15.800767] x3 : 0000000000000004 x2 : 0000000000000001 [ 15.810501] x1 : 0000000000000005 x0 : 0000000000000000 [ 15.820171] Call trace: [ 15.826944] mtk_mdp_probe+0x134/0x3a8 [mtk_mdp] [ 15.835908] platform_drv_probe+0x54/0xa8 [ 15.844247] really_probe+0xe4/0x3b0 [ 15.852104] driver_probe_device+0x58/0xb8 [ 15.860457] device_driver_attach+0x74/0x80 [ 15.868854] __driver_attach+0x58/0xe0 [ 15.876770] bus_for_each_dev+0x70/0xc0 [ 15.884726] driver_attach+0x24/0x30 [ 15.892374] bus_add_driver+0x14c/0x1f0 [ 15.900295] driver_register+0x64/0x120 [ 15.908168] __platform_driver_register+0x48/0x58 [ 15.916864] mtk_mdp_driver_init+0x20/0x1000 [mtk_mdp] [ 15.925943] do_one_initcall+0x54/0x1b4 [ 15.933662] do_init_module+0x54/0x200 [ 15.941246] load_module+0x1cf8/0x22d0 [ 15.948798] __do_sys_finit_module+0xd8/0xf0 [ 15.956829] __arm64_sys_finit_module+0x20/0x30 [ 15.965082] el0_svc_common.constprop.0+0x6c/0x168 [ 15.973527] do_el0_svc+0x24/0x90 [ 15.980403] el0_sync_handler+0x90/0x198 [ 15.987867] el0_sync+0x158/0x180 [ 15.994653] Code: 9400014b 2a0003fc 35000920 f9400280 (f9000417) [ 16.004299] ---[ end trace 76fee0203f9898e5 ]--- Fixes: 86698b9 ("media: mtk-mdp: convert mtk_mdp_dev.comp array to list") Signed-off-by: Dafna Hirschfeld <dafna.hirschfeld@collabora.com> Reviewed-by: Matthias Brugger <matthias.bgg@gmail.com> Tested-by: Enric Balletbo i Serra <enric.balletbo@collabora.com> Signed-off-by: Hans Verkuil <hverkuil-cisco@xs4all.nl> Signed-off-by: Mauro Carvalho Chehab <mchehab+huawei@kernel.org>

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

TBS6902 Linux 4.11.10 crash #69

TBS6902 Linux 4.11.10 crash #69

rubdos commented Jul 22, 2017

cz172638 commented Jul 27, 2017

TBS6902 Linux 4.11.10 crash #69

TBS6902 Linux 4.11.10 crash #69

Comments

rubdos commented Jul 22, 2017

cz172638 commented Jul 27, 2017