Your message dated Sat, 02 Mar 2013 19:02:38 +0000
with message-id <e1ubrhe-0004sq...@franck.debian.org>
and subject line Bug#699470: fixed in crystalhd 1:0.0~git20110715.fdd2f19-8
has caused the Debian Bug report #699470,
regarding crystalhd-dkms: Kernel null pointer BUG in crystalhd_dioq_fetch_wait()
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
699470: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=699470
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: crystalhd-dkms
Version: 1:0.0~git20110715.fdd2f19-7
Severity: critical
Tags: patch
Justification: breaks the whole system
Reproducible NULL pointer BUG at
crystalhd-0.0~git20110715.fdd2f19/driver/linux/crystalhd_misc.c:515,
triggered by adobe flash plugin from dmo repo, ffmpeg, mplayer, bino or other,
mostly on heavy ioq usage
or after FETCH_TIMEOUT and/or unclosed driver HANDLEs.
Your package is affected, reproducible on all 3.x kernel.org "stable" kernel
versions.
Subsequent driver access without reboot or after rmmod -f && modprobe again
will trigger kernel freeze by
kernel unhandled paging request.
This patch has fixed this bug for me until now.
Upstream maintainer/owner of codebase host git.linuxtv.org or Broadcom authors
have not responded yet,
but affected BCM70015 chip hardware is still in production state and
wholeselling as mini-PCI-E card.
Signed-off-by: Thomas Schorpp <thomas.scho...@gmail.com>
y
tom
8043-Jan 24 18:33:14 tom3 kernel: [ 457.636878] BUG: unable to handle kernel
NULL pointer dereference at 000000000000002c
8044:Jan 24 18:33:14 tom3 kernel: [ 457.637016] IP: [<ffffffffa043a14c>]
crystalhd_dioq_fetch_wait+0x25c/0x410 [crystalhd]
8045-Jan 24 18:33:14 tom3 kernel: [ 457.637150] PGD 631fe067 PUD 57474067 PMD 0
8046-Jan 24 18:33:14 tom3 kernel: [ 457.637238] Oops: 0000 [#1] PREEMPT SMP
8047-Jan 24 18:33:14 tom3 kernel: [ 457.637326] CPU 0
8048-Jan 24 18:33:14 tom3 kernel: [ 457.637361] Modules linked in: uinput
parport_pc ppdev lp parport bluetooth nfsd lockd nfs_acl auth_rpcgss sunrpc
exportfs acpi_cpufreq mperf cpufreq_powersave cpufreq_stats
cpufreq_conservative cpufreq_performance cpufreq_ondemand freq_table fuse
dm_mod ext3 jbd pciehp arc4 ath5k ath snd_hda_codec_analog mac80211 cfg80211
snd_hda_intel snd_hda_codec snd_usb_audio thinkpad_acpi snd_pcm_oss
snd_mixer_oss snd_hwdep rfkill snd_pcm snd_usbmidi_lib snd_seq_dummy
snd_seq_oss snd_seq_midi snd_rawmidi snd_seq_midi_event snd_seq snd_timer
snd_seq_device gspca_zc3xx gspca_main snd videodev pcmcia usb_storage
v4l2_compat_ioctl32 psmouse yenta_socket tpm_tis pcmcia_rsrc crystalhd(O)
snd_page_alloc soundcore tpm pcmcia_core tpm_bios pcspkr serio_raw i2c_i801
nvram wmi rtc_cmos battery ac evdev processor nf_conntrack_ipv6 nf_defrag_ipv6
ip6table_filter ip6_tables nf_conntrack_ipv4 nf_defrag_ipv4 xt_state
nf_conntrack xt_limit xt_tcpudp iptable_filter ip
_tables
x
_tables ext4 mbcache jbd2 crc16
8049-Jan 24 18:33:14 tom3 kernel: usbhid hid sg sd_mod crc_t10dif ata_generic
uhci_hcd ahci libahci ata_piix atkbd libata thermal xhci_hcd ehci_hcd usbcore
e1000e usb_common [last unloaded: scsi_wait_scan]
8050-Jan 24 18:33:14 tom3 kernel: [ 457.637841]
8051-Jan 24 18:33:14 tom3 kernel: [ 457.637841] Pid: 6318, comm: ffmpeg
Tainted: G O 3.2.36-dirty #7 LENOVO 7735Y1T/7735Y1T
8052:Jan 24 18:33:14 tom3 kernel: [ 457.637841] RIP: 0010:[<ffffffffa043a14c>]
[<ffffffffa043a14c>] crystalhd_dioq_fetch_wait+0x25c/0x410 [crystalhd]
8053-Jan 24 18:33:14 tom3 kernel: [ 457.637841] RSP: 0018:ffff88006300dd48
EFLAGS: 00010246
8054-Jan 24 18:33:14 tom3 kernel: [ 457.637841] RAX: 0000000000000000 RBX:
ffff88007b1cde50 RCX: 0000000000000000
8055-Jan 24 18:33:14 tom3 kernel: [ 457.637841] RDX: 0000000000000046 RSI:
ffffffffa04395c3 RDI: ffffffff81493e82
8056-Jan 24 18:33:14 tom3 kernel: [ 457.637841] RBP: ffff88006300ddf8 R08:
0000000000000000 R09: 0000000000000000
8057-Jan 24 18:33:14 tom3 kernel: [ 457.637841] R10: 0000000000000000 R11:
ffff88007b1ce510 R12: ffff88007a855d80
8058-Jan 24 18:33:14 tom3 kernel: [ 457.637841] R13: 0000000000000000 R14:
ffff88007a855da8 R15: ffff88007b1cde50
8059-Jan 24 18:33:14 tom3 kernel: [ 457.637841] FS: 00007f559fa7b760(0000)
GS:ffff88007f400000(0000) knlGS:0000000000000000
8060-Jan 24 18:33:14 tom3 kernel: [ 457.637841] CS: 0010 DS: 0000 ES: 0000
CR0: 0000000080050033
8061-Jan 24 18:33:14 tom3 kernel: [ 457.637841] CR2: 000000000000002c CR3:
0000000057470000 CR4: 00000000000006f0
8062-Jan 24 18:33:14 tom3 kernel: [ 457.637841] DR0: 0000000000000000 DR1:
0000000000000000 DR2: 0000000000000000
8063-Jan 24 18:33:14 tom3 kernel: [ 457.637841] DR3: 0000000000000000 DR6:
00000000ffff0ff0 DR7: 0000000000000400
8064-Jan 24 18:33:14 tom3 kernel: [ 457.637841] Process ffmpeg (pid: 6318,
threadinfo ffff88006300c000, task ffff88007b1cde50)
8065-Jan 24 18:33:14 tom3 kernel: [ 457.637841] Stack:
8066-Jan 24 18:33:14 tom3 kernel: [ 457.637841] 0000000000000327
ffff88007b1ce510 ffff88006b199400 ffff88007c1b1090
8067-Jan 24 18:33:14 tom3 kernel: [ 457.637841] ffff88006300de14
ffff8800594145b0 ffff880059414400 ffff88007b1cde50
8068-Jan 24 18:33:14 tom3 kernel: [ 457.637841] ffff88007a855de0
0000000100026d5c 0000000000000000 ffff88007b1cde50
8069-Jan 24 18:33:14 tom3 kernel: [ 457.637841] Call Trace:
8070-Jan 24 18:33:14 tom3 kernel: [ 457.637841] [<ffffffff810497e0>] ?
try_to_wake_up+0x260/0x260
8071-Jan 24 18:33:14 tom3 kernel: [ 457.637841] [<ffffffffa043b7b0>] ?
bc_cproc_start_capture+0x100/0x100 [crystalhd]
8072-Jan 24 18:33:14 tom3 kernel: [ 457.637841] [<ffffffffa043d566>]
crystalhd_hw_get_cap_buffer+0x56/0x1a0 [crystalhd]
8073-Jan 24 18:33:14 tom3 kernel: [ 457.637841] [<ffffffffa043b83d>]
bc_cproc_fetch_frame+0x8d/0x1b0 [crystalhd]
8074-Jan 24 18:33:14 tom3 kernel: [ 457.637841] [<ffffffffa0438db1>]
chd_dec_api_cmd+0x81/0x100 [crystalhd]
8075-Jan 24 18:33:14 tom3 kernel: [ 457.637841] [<ffffffffa0438ec0>]
chd_dec_ioctl+0x90/0x170 [crystalhd]
8076-Jan 24 18:33:14 tom3 kernel: [ 457.637841] [<ffffffff811704bc>]
do_vfs_ioctl+0x9c/0x330
8077-Jan 24 18:33:14 tom3 kernel: [ 457.637841] [<ffffffff8115ebb0>] ?
fget_light+0x40/0x140
8078-Jan 24 18:33:14 tom3 kernel: [ 457.637841] [<ffffffff8108d9bd>] ?
trace_hardirqs_on_caller+0x11d/0x1b0
8079-Jan 24 18:33:14 tom3 kernel: [ 457.637841] [<ffffffff8117079f>]
sys_ioctl+0x4f/0x80
8080-Jan 24 18:33:14 tom3 kernel: [ 457.637841] [<ffffffff8149b6eb>]
system_call_fastpath+0x16/0x1b
8081-Jan 24 18:33:14 tom3 kernel: [ 457.637841] Code: 89 f7 e8 18 9d 05 e1 45
85 ed 75 81 48 8b bd 78 ff ff ff e8 77 17 c4 e0 85 c0 0f 85 c7 00 00 00 4c 89
e7 e8 57 f3 ff ff 49 89 c0 <f6> 40 2c 03 0f 85 3d 01 00 00 48 8b 4d 80 48 8b 81
d0 00 00 00
8082:Jan 24 18:33:14 tom3 kernel: [ 457.637841] RIP [<ffffffffa043a14c>]
crystalhd_dioq_fetch_wait+0x25c/0x410 [crystalhd]
8083-Jan 24 18:33:14 tom3 kernel: [ 457.637841] RSP <ffff88006300dd48>
8084-Jan 24 18:33:14 tom3 kernel: [ 457.637841] CR2: 000000000000002c
8085-Jan 24 18:33:14 tom3 kernel: [ 457.663980] ---[ end trace
784283982dcd2475 ]---
8081-Jan 24 18:33:14 tom3 kernel: [ 457.637841] Code: 89 f7 e8 18 9d 05 e1 45
85 ed 75 81 48 8b bd 78 ff ff ff e8 77 17 c4 e0 85 c0 0f 85 c7 00 00 00 4c 89
e7 e8 57 f3 ff ff 49 89 c0 <f6> 40 2c 03 0f 85 3d 01 00 00 48 8b 4d 80 48 8b 81
d0 00 00 00
$ linux-stable/scripts/decodecode < oops.txt
All code
========
0: 89 f7 mov %esi,%edi
2: e8 18 9d 05 e1 callq 0xffffffffe1059d1f
7: 45 85 ed test %r13d,%r13d
a: 75 81 jne 0xffffffffffffff8d
c: 48 8b bd 78 ff ff ff mov -0x88(%rbp),%rdi
13: e8 77 17 c4 e0 callq 0xffffffffe0c4178f
18: 85 c0 test %eax,%eax
1a: 0f 85 c7 00 00 00 jne 0xe7
20: 4c 89 e7 mov %r12,%rdi
23: e8 57 f3 ff ff callq 0xfffffffffffff37f
28: 49 89 c0 mov %rax,%r8
2b:* f6 40 2c 03 testb $0x3,0x2c(%rax) <-- trapping
instruction
2f: 0f 85 3d 01 00 00 jne 0x172
35: 48 8b 4d 80 mov -0x80(%rbp),%rcx
39: 48 8b 81 d0 00 00 00 mov 0xd0(%rcx),%rax
Code starting with the faulting instruction
===========================================
0: f6 40 2c 03 testb $0x3,0x2c(%rax)
4: 0f 85 3d 01 00 00 jne 0x147
a: 48 8b 4d 80 mov -0x80(%rbp),%rcx
e: 48 8b 81 d0 00 00 00 mov 0xd0(%rcx),%rax
$ gdb /mnt/data/usr/local/src/crystalhd/driver/linux/crystalhd.ko
(gdb) l *(crystalhd_dioq_fetch_wait + 604)
0x216c is in crystalhd_dioq_fetch_wait
(/mnt/data/usr/local/src/crystalhd/driver/linux/crystalhd_misc.c:516).
511 /* Lock against checks from get status calls */
512 if(down_interruptible(&hw->fetch_sem))
513 goto sem_error;
514 r_pkt = crystalhd_dioq_fetch(ioq);
515 /* If format change packet, then return with out checking
anything */
516 if (r_pkt->flags & (COMP_FLAG_PIB_VALID |
COMP_FLAG_FMT_CHANGE)) <--- x86 testb instruction XXXXXX
517 goto sem_rel_return;
518 if (hw->adp->pdev->device == BC_PCI_DEVID_LINK) {
519 picYcomp = link_GetRptDropParam(hw, hw->PICHeight,
hw->PICWidth, (void *)r_pkt);
520 }
(gdb) l *(crystalhd_dioq_fetch_wait + 0x410)
0x2320 is in bc_kern_dma_free
(/mnt/data/usr/local/src/crystalhd/driver/linux/crystalhd_misc.c:262).
257 * Return:
258 * none.
259 */
260 void bc_kern_dma_free(struct crystalhd_adp *adp, uint32_t sz, void *ka,
261 dma_addr_t phy_addr)
262 {
263 if (!adp || !ka || !sz || !phy_addr) {
264 printk(KERN_ERR "%s: Invalid arg\n", __func__);
265 return;
266 }
crystalhd-nullpointer-bugfix.schorpp.01.patch
diff --git a/driver/linux/crystalhd_misc.c b/driver/linux/crystalhd_misc.c
index 410ab9d..b3ce457 100644
--- a/driver/linux/crystalhd_misc.c
+++ b/driver/linux/crystalhd_misc.c
@@ -512,7 +512,10 @@ void *crystalhd_dioq_fetch_wait(struct crystalhd_hw *hw,
uint32_t to_secs, uint3
if(down_interruptible(&hw->fetch_sem))
goto sem_error;
r_pkt = crystalhd_dioq_fetch(ioq);
- /* If format change packet, then return with out
checking anything */
+ /* If no packet then up and return zero otherwise will
*0 BUG the kernel on heavy dioq load */
+ if (!r_pkt)
+ goto sem_rel_return;
+ /* If format change packet then return without checking
anything */
if (r_pkt->flags & (COMP_FLAG_PIB_VALID |
COMP_FLAG_FMT_CHANGE))
goto sem_rel_return;
if (hw->adp->pdev->device == BC_PCI_DEVID_LINK) {
-- System Information:
Debian Release: 7.0
APT prefers testing
APT policy: (990, 'testing')
Architecture: i386 (i686)
Kernel: Linux 3.2.37-PM (PREEMPT)
Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
diff --git a/driver/linux/crystalhd_misc.c b/driver/linux/crystalhd_misc.c
index 410ab9d..b3ce457 100644
--- a/driver/linux/crystalhd_misc.c
+++ b/driver/linux/crystalhd_misc.c
@@ -512,7 +512,10 @@ void *crystalhd_dioq_fetch_wait(struct crystalhd_hw *hw, uint32_t to_secs, uint3
if(down_interruptible(&hw->fetch_sem))
goto sem_error;
r_pkt = crystalhd_dioq_fetch(ioq);
- /* If format change packet, then return with out checking anything */
+ /* If no packet then up and return zero otherwise will *0 BUG the kernel on heavy dioq load */
+ if (!r_pkt)
+ goto sem_rel_return;
+ /* If format change packet then return without checking anything */
if (r_pkt->flags & (COMP_FLAG_PIB_VALID | COMP_FLAG_FMT_CHANGE))
goto sem_rel_return;
if (hw->adp->pdev->device == BC_PCI_DEVID_LINK) {
--- End Message ---
--- Begin Message ---
Source: crystalhd
Source-Version: 1:0.0~git20110715.fdd2f19-8
We believe that the bug you reported is fixed in the latest version of
crystalhd, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 699...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Andres Mejia <ame...@debian.org> (supplier of updated crystalhd package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.8
Date: Sat, 02 Mar 2013 13:34:36 -0500
Source: crystalhd
Binary: libcrystalhd-dev libcrystalhd3 gstreamer0.10-crystalhd
Architecture: source amd64
Version: 1:0.0~git20110715.fdd2f19-8
Distribution: unstable
Urgency: high
Maintainer: Andres Mejia <ame...@debian.org>
Changed-By: Andres Mejia <ame...@debian.org>
Description:
gstreamer0.10-crystalhd - Crystal HD Video Decoder (GStreamer plugin)
libcrystalhd-dev - Crystal HD Video Decoder (development files)
libcrystalhd3 - Crystal HD Video Decoder (shared library)
Closes: 682252 699470
Changes:
crystalhd (1:0.0~git20110715.fdd2f19-8) unstable; urgency=high
.
* Remove dkms package which contained buggy driver.
Driver already existed in mainline kernel. Any issues with the driver
should be directed to the kernel package.
(Closes: #682252)
(Closes: #699470)
* Bump to Standards-Version 3.9.4.
* Build with hardening options to satisfy Wheezy release goal.
Checksums-Sha1:
45042a247a90cd4577ec6c3d9106e9aad563b459 2180
crystalhd_0.0~git20110715.fdd2f19-8.dsc
597fc881f8dae9aaf8582d198d7949ba63d57ca4 4963
crystalhd_0.0~git20110715.fdd2f19-8.debian.tar.gz
ac575d8f0d96f015cb677bc7324bdcd7533ee656 17994
libcrystalhd-dev_0.0~git20110715.fdd2f19-8_amd64.deb
790bf11f0ad0bcd65a6794498a82dfe2752de1ca 53082
libcrystalhd3_0.0~git20110715.fdd2f19-8_amd64.deb
098c5fc0f7ba09489e4169319d404a25dab5e905 28760
gstreamer0.10-crystalhd_0.0~git20110715.fdd2f19-8_amd64.deb
Checksums-Sha256:
c3c403361e331aaae519998e7f4a1c570546338a394304b45b3696ba6fd189a6 2180
crystalhd_0.0~git20110715.fdd2f19-8.dsc
7d317c911d720003a0600c7935aea68a600fdad0a24f3bec017936796c1c88c0 4963
crystalhd_0.0~git20110715.fdd2f19-8.debian.tar.gz
7536f2b0586992005704cb2fda112fc959857d59417597d00733d02d8906a712 17994
libcrystalhd-dev_0.0~git20110715.fdd2f19-8_amd64.deb
b350bcfa97f98e289c19ef701da8c9a7a9abb997a4217562c9b5dbd844ba5d1d 53082
libcrystalhd3_0.0~git20110715.fdd2f19-8_amd64.deb
da659740e69590f2bc2ee9e178c27ffa3a63cf03b801cc768deaca55dcb5de8f 28760
gstreamer0.10-crystalhd_0.0~git20110715.fdd2f19-8_amd64.deb
Files:
43bd4b8da573c62f4e1d6857b237905c 2180 libs optional
crystalhd_0.0~git20110715.fdd2f19-8.dsc
3614728dd1ad122df5599c368d1792bf 4963 libs optional
crystalhd_0.0~git20110715.fdd2f19-8.debian.tar.gz
5d0e037399e1b362d6dd549996ba62d9 17994 libdevel optional
libcrystalhd-dev_0.0~git20110715.fdd2f19-8_amd64.deb
cffa8eb43f07b1af3f43dd0e54ce3cce 53082 libs optional
libcrystalhd3_0.0~git20110715.fdd2f19-8_amd64.deb
c5f3665050555fa274412279969eb7af 28760 video optional
gstreamer0.10-crystalhd_0.0~git20110715.fdd2f19-8_amd64.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
iQIcBAEBAgAGBQJRMkqGAAoJED+5x4pTyFTfIroQAKzo5TxJDzZ6YNtLlBRL3W99
72WJrmRfFVY+XfnABZqe857/SGSjWVHKqpv0/3KTssfHZIAfjVTSz0mXb9QFqnyg
uRHyWDnJsCoGh/22YD75W7BUNpZW2Yep8qb76uYd9L/HqbaAHBMPXnumW37FpDs4
k089Knq/TausrCTTFyFVIkl0zd/9JdM3sVjjn3ZVkyG33tjKwOhJuHLa3DyGyFp9
xoeEzkW+Ng740LJ3y6ZgkSSMe+Ftphm85B+xOF3OKdZCD+ZRL+WQl6RBd2G8hOMh
GzGefhEGlfqLqa+FB9fvoe7xhW1qR6fwC2QEh2IrWm/CGJxyRgGBPQaiQ8dIkZ5m
NvGftIsEsfRBfYcaakT0WmUgpaNKBd3SS5SVF1tVY8uS0S8tw2ttynsf6XmUyL+0
xKOsxnSMyGfB7DbhaHwQ0b32MEnnt6Wq9H9AY/JvcKGgfKclbxpU5DjIXEq1UYd9
8AePSFN5LPjTav6FcKD79qhkgJUCKt6tC5oTfoa8w70ww2ETpL1WqoUMStSLnvRn
NI4oXZPP3g7nxTsaD29siMvalrXoxRcEAm+HZNp58wLKsMrjmTUdj7Lz4R1tgvPQ
w4jcnJmi7iiZZgEkfEAmOBkAKo3v7Ai/SuDTtYL8EJ0sG4puRhS9Re/0nhKr0qkE
6jPVKO5NxAvmTuYGB7Dc
=e/MH
-----END PGP SIGNATURE-----
--- End Message ---
