cx25840: probe crashes for cx25837 chip on 2.6.37

Sat, 05 Feb 2011 07:45:26 -0800 

Hello together!
I was eager to test my patch for cx25840 that was included in 2.6.37, so I've updated my system and plugged in my Grabster AV400. But this resulted in a "kernel bug" printed to dmesg: 

==== dmesg begin ====

usb 1-5: new high speed USB device using ehci_hcd and address 6
Linux video capture interface: v2.00
pvrusb2: Hardware description: Terratec Grabster AV400
pvrusb2: **********

pvrusb2: WARNING: Support for this device (Terratec Grabster AV400) is 
experimental.

pvrusb2: Important functionality might not be entirely working.

pvrusb2: Please consider contacting the driver author to help with 
further stabilization of the driver.

pvrusb2: **********
usb 1-5: USB disconnect, address 6
usbcore: registered new interface driver pvrusb2

pvrusb2: 20110116 (from www.isely.net):Hauppauge WinTV-PVR-USB2 MPEG2 
Encoder/Tuner

pvrusb2: Debug mask is 31 (0x1f)
pvrusb2: Failed to submit write-control URB status=-19
pvrusb2: Device being rendered inoperable

pvrusb2: ***WARNING*** pvrusb2 device hardware appears to be jammed and 
I can't clear it.
pvrusb2: You might need to power cycle the pvrusb2 device in order to 
recover.

usb 1-5: new high speed USB device using ehci_hcd and address 7
pvrusb2: Hardware description: Terratec Grabster AV400
pvrusb2: **********

pvrusb2: WARNING: Support for this device (Terratec Grabster AV400) is 
experimental.

pvrusb2: Important functionality might not be entirely working.

pvrusb2: Please consider contacting the driver author to help with 
further stabilization of the driver.

pvrusb2: **********
cx25840 6-0044: cx25837-3 found @ 0x88 (pvrusb2_a)
------------[ cut here ]------------
kernel BUG at drivers/media/video/v4l2-ctrls.c:1143!
invalid opcode: 0000 [#1] PREEMPT SMP

last sysfs file: 
/sys/devices/pci0000:00/0000:00:02.2/usb1/1-5/i2c-6/6-0044/uevent

CPU 1

Modules linked in: cx25840 pvrusb2 dvb_core cx2341x v4l2_common videodev 
v4l1_compat v4l2_compat_ioctl32 tveeprom ipv6 xfs exportfs ext2 radeon 
snd_emu10k1 snd_intel8x0 ohci_hcd snd_rawmidi snd_ac97_codec ttm 
drm_kms_helper ac97_bus snd_seq_dummy skge ehci_hcd snd_seq_oss 
snd_seq_midi_event snd_seq snd_util_mem snd_seq_device snd_pcm_oss 
snd_hwdep snd_mixer_oss snd_pcm snd_timer emu10k1_gp drm i2c_algo_bit 
shpchp snd i2c_nforce2 soundcore usbcore processor pci_hotplug i2c_core 
parport_pc snd_page_alloc floppy serio_raw button psmouse ns558 
edac_core ppdev k8temp edac_mce_amd evdev sg analog lp gameport pcspkr 
parport ext4 mbcache jbd2 crc16 sd_mod sr_mod cdrom sata_nv pata_acpi 
sata_sil24 pata_amd libata scsi_mod raid1 md_mod


Pid: 2184, comm: pvrusb2-context Not tainted 2.6.37-ARCH #1 nForce/

RIP: 0010:[<ffffffffa020b352>]  [<ffffffffa020b352>] 
v4l2_ctrl_cluster+0x32/0x40 [videodev]

RSP: 0018:ffff880033c61a30  EFLAGS: 00010246
RAX: 0000000000000001 RBX: ffff880038065800 RCX: 0000000000000001
RDX: 0000000000000000 RSI: ffff880039de1ee0 RDI: 0000000000000002
RBP: ffff880033c61a30 R08: 2222222222222222 R09: 2222222222222222
R10: 0000000000000000 R11: 0000000000000000 R12: ffff880039de1e78
R13: 0000000000008373 R14: ffff880039de1e00 R15: 00000000000000ed
FS:  00007f05b98a8700(0000) GS:ffff88003fd00000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 000000008005003b
CR2: 00007fff6c8c5fe0 CR3: 000000003c89b000 CR4: 00000000000006e0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000400

Process pvrusb2-context (pid: 2184, threadinfo ffff880033c60000, task 
ffff88003f8ada30)

Stack:
 ffff880033c61aa0 ffffffffa0310b99 ffff880000000000 ffff88003c99e3fc
 ffff880033c61ab0 ffffffff00000000 0000000000000200 ffff880039de1e08
 ffff880033c61ac0 ffff880038065828 ffffffffa0318590 ffffffffa0318540
Call Trace:
 [<ffffffffa0310b99>] cx25840_probe+0x479/0x840 [cx25840]
 [<ffffffffa0308694>] i2c_device_probe+0x94/0xd0 [i2c_core]
 [<ffffffff812b0f0a>] ? driver_sysfs_add+0x7a/0xb0
 [<ffffffff812b11e6>] driver_probe_device+0x96/0x1c0
 [<ffffffff812b13b0>] ? __device_attach+0x0/0x60
 [<ffffffff812b13fb>] __device_attach+0x4b/0x60
 [<ffffffff812afdd4>] bus_for_each_drv+0x64/0x90
 [<ffffffff812b107f>] device_attach+0x8f/0xb0
 [<ffffffff812b0805>] bus_probe_device+0x25/0x40
 [<ffffffff812ae574>] device_add+0x4e4/0x5c0
 [<ffffffff812ba941>] ? pm_runtime_init+0xd1/0xe0
 [<ffffffff812ae669>] device_register+0x19/0x20
 [<ffffffffa03091d5>] i2c_new_device+0x145/0x250 [i2c_core]
 [<ffffffffa00b77b6>] v4l2_i2c_new_subdev_board+0x96/0x240 [v4l2_common]
 [<ffffffffa00b79e3>] v4l2_i2c_new_subdev_cfg+0x83/0xb0 [v4l2_common]
 [<ffffffffa0363760>] ? pvr2_context_notify+0x0/0x10 [pvrusb2]
 [<ffffffffa0363760>] ? pvr2_context_notify+0x0/0x10 [pvrusb2]
 [<ffffffffa035b606>] pvr2_hdw_initialize+0x346/0x1060 [pvrusb2]
 [<ffffffffa036394b>] pvr2_context_thread_func+0x9b/0x320 [pvrusb2]
 [<ffffffffa03638b0>] ? pvr2_context_thread_func+0x0/0x320 [pvrusb2]
 [<ffffffff81077db0>] ? autoremove_wake_function+0x0/0x40
 [<ffffffff813a6dc2>] ? _raw_spin_unlock_irqrestore+0x32/0x40
 [<ffffffffa03638b0>] ? pvr2_context_thread_func+0x0/0x320 [pvrusb2]
 [<ffffffff81077826>] kthread+0x96/0xa0
 [<ffffffff8100cd24>] kernel_thread_helper+0x4/0x10
 [<ffffffff81077790>] ? kthread+0x0/0xa0
 [<ffffffff8100cd20>] ? kernel_thread_helper+0x0/0x10

Code: e5 74 28 31 c0 85 ff 74 20 48 63 d0 48 8d 14 d6 48 8b 0a 48 85 c9 
74 0a 48 89 71 18 48 8b 12 89 7a 20 83 c0 01 39 f8 72 e0 c9 c3 <0f> 0b 
66 66 66 2e 0f 1f 84 00 00 00 00 00 55 48 c7 c2 e0 ff 20

RIP  [<ffffffffa020b352>] v4l2_ctrl_cluster+0x32/0x40 [videodev]
 RSP <ffff880033c61a30>
---[ end trace f2fe4d11aa83a3aa ]---

==== dmesg end ====


I have pinpointed the problem to the following part of cx25840_probe in 
cx25840-core.c:


==== source begin =====
        sd->ctrl_handler = &state->hdl;
        if (state->hdl.error) {
                int err = state->hdl.error;

                v4l2_ctrl_handler_free(&state->hdl);
                kfree(state);
                return err;
        }
        v4l2_ctrl_cluster(2, &state->volume); // <= here the crash occurs
        v4l2_ctrl_handler_setup(&state->hdl);
==== source end ====


I have added a "if (!is_cx2583x(state))" check before the marked line 
and now the probing (and my device) works. If this is the correct 
solution for this problem I'll prepare a mail containing a patch. If not 
feel free to propose a better solution.



Note: This is a regression as the module used to work in 2.6.35 together 
with the AV400 (I haven't tested 2.6.36 though).


Regards,
Sven


PS: Is there a way to get the source file and line of a dmesg "kernel 
bug" report?

--
To unsubscribe from this list: send the line "unsubscribe linux-media" in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html






















					Reply via email to