Re: 2.6.18-rc1-mm1 NULL pointer dereference

From: Andrew Morton
Date: Thu Jul 13 2006 - 06:32:03 EST


On Wed, 12 Jul 2006 21:08:50 +0200
Arne Ahrend <aahrend@xxxxxx> wrote:

> 2.6.18-rc1-mm1 dereferences a NULL pointer while setting up the DVB-T card and mentions sysfs.
>
> Normally (2.6.17) it would go on loading bt878, dvb_core and a couple of frontents:
> mt352 (the one I need), nxt6000, dvb_pll, sp887x, dst_ca, dst, cx24110, or51211, lgdt330x.
>
> I applied this patch to get it to compile on the Athlon64:
>
> --- 2.6.18-rc1-mm1-64.orig/arch/x86_64/kernel/vsyscall.c
> +++ 2.6.18-rc1-mm1-64/arch/x86_64/kernel/vsyscall.c
> @@ -253,13 +253,14 @@ void __cpuinit vsyscall_set_cpu(int cpu)
> #ifdef CONFIG_NUMA
> node = cpu_to_node[cpu];
> #endif
> +#ifdef CONFIG_SMP
> if (cpu_has(&cpu_data[cpu], X86_FEATURE_RDTSCP)) {
> /* the notifier is unfortunately not executed on the
> target CPU */
> void *info = (void *)((node << 12) | cpu);
> smp_call_function_single(cpu, write_rdtscp_cb, info, 0, 1);
> }
> -
> +#endif
> /* Store cpu number in limit so that it can be loaded quickly
> in user space in vgetcpu.
> 12 bits for the CPU and 8 bits for the node. */
>
> from
>
> http://marc.theaimsgroup.com/?l=linux-kernel&m=115249660716416&w=4
>

Hopefully Andi will have a new version uploaded when I do -mm2.

> and this to make Debians make-kpkg happy:
>
> --- linux-2.6.18-rc1-mm1-orig/Makefile 2006-07-12 21:05:36.000000000 +0200
> +++ linux-2.6.18-rc1-mm1/Makefile 2006-07-10 23:44:55.000000000 +0200
> @@ -859,6 +859,7 @@
> # needs to be updated, so this check is forced on all builds
>
> uts_len := 64
> +
> define filechk_utsrelease.h
> if [ `echo -n "$(KERNELRELEASE)" | wc -c ` -gt $(uts_len) ]; then \
> echo '"$(KERNELRELEASE)" exceeds $(uts_len) characters' >&2; \
> @@ -867,10 +868,21 @@
> (echo \#define UTS_RELEASE \"$(KERNELRELEASE)\";)
> endef
>
> +# define filechk_version.h
> +# (echo \#define LINUX_VERSION_CODE $(shell \
> +# expr $(VERSION) \* 65536 + $(PATCHLEVEL) \* 256 + $(SUBLEVEL)); \
> +# echo '#define KERNEL_VERSION(a,b,c) (((a) << 16) + ((b) << 8) + (c))';)
> +# endef
> +
> define filechk_version.h
> - (echo \#define LINUX_VERSION_CODE $(shell \
> - expr $(VERSION) \* 65536 + $(PATCHLEVEL) \* 256 + $(SUBLEVEL)); \
> - echo '#define KERNEL_VERSION(a,b,c) (((a) << 16) + ((b) << 8) + (c))';)
> + if [ `echo -n "$(KERNELRELEASE)" | wc -c ` -gt $(uts_len) ]; then \
> + echo '"$(KERNELRELEASE)" exceeds $(uts_len) characters' >&2; \
> + exit 1; \
> + fi; \
> + (echo \#define UTS_RELEASE \"$(KERNELRELEASE)\"; \
> + echo \#define LINUX_VERSION_CODE `expr $(VERSION) \\* 65536 + $(PATCHLEVEL) \\* 256 + $(SUBLEVEL)`; \
> + echo '#define KERNEL_VERSION(a,b,c) (((a) << 16) + ((b) << 8) + (c))'; \
> + )
> endef
>
> include/linux/version.h: $(srctree)/Makefile FORCE

Thanks, I'll forward this to Sam.

> bttv0: using: AVerMedia AVerTV DVB-T 771 [card=123,autodetected]
> bttv0: using tuner=4
> bttv0: registered device video0
> Unable to handle kernel NULL pointer dereference at 00000000000000d9 RIP:
> [<ffffffff801cb377>] sysfs_add_file+0x20/0x88
> PGD 3ee37067 PUD 3edec067 PMD 0
> Oops: 0000 [1] PREEMPT
> last sysfs file: /devices/pci0000:00/0000:00:10.4/usb1/idVendor
> CPU 0
> Modules linked in: tuner snd_via82xx snd_ice17xx_ak4xxx snd_via82xx_modem snd_ak4xxx_adda snd_cs8427 snd_ac97_codec snd_ac97_bus snd_i2c snd_mpu401_uart snd_pcm snd_timer bttv video_buf firmware_class snd_rawmidi snd_seq_device ir_common uhci_hcd sr_mod sk98lin compat_ioctl32 btcx_risc tveeprom videodev v4l2_common snd_page_alloc 8139too mii ehci_hcd usbcore snd soundcore ohci1394 ieee1394 cdrom psmouse k8_edac pcspkr
> Pid: 545, comm: modprobe Not tainted 2.6.18-rc1-mm1 #1
> RIP: 0010:[<ffffffff801cb377>] [<ffffffff801cb377>] sysfs_add_file+0x20/0x88
> RSP: 0018:ffff81003ee3fd48 EFLAGS: 00010296
> RAX: 00000000ffffff00 RBX: ffffffff881106a0 RCX: ffff81003fde37f0
> RDX: 0000000000000004 RSI: ffffffff88107d20 RDI: 0000000000000001
> RBP: ffff81003ee3fd78 R08: 0000000000008040 R09: 0000000000000000
> R10: ffffffff8015c243 R11: ffffffff8015c243 R12: ffffffff88107d20
> R13: 0000000000000001 R14: 00000000ffffffef R15: 0000000000000000
> FS: 00002ad53d5b96d0(0000) GS:ffffffff80628000(0000) knlGS:0000000000000000
> CS: 0010 DS: 0000 ES: 0000 CR0: 000000008005003b
> CR2: 00000000000000d9 CR3: 000000003ebd2000 CR4: 00000000000006a0
> Process modprobe (pid: 545, threadinfo ffff81003ee3e000, task ffff81003fde30c0)
> Stack: 000000043ee3fd58 ffffffff881106a0 0000000000000000 ffff81003ff78000
> ffffffff88110e68 0000000000000000 ffff81003ee3fd88 ffffffff801cb414
> ffff81003ee3fd98 ffffffff80265b91 ffff81003ee3fdd8 ffffffff880f2c90
> Call Trace:
> [<ffffffff801cb414>] sysfs_create_file+0x35/0x37
> [<ffffffff80265b91>] class_device_create_file+0x17/0x19
> [<ffffffff880f2c90>] :bttv:bttv_probe+0x5c2/0x7a1
> [<ffffffff801fd9b8>] pci_device_probe+0x4c/0x74
> [<ffffffff8026501b>] driver_probe_device+0x5c/0xb7
> [<ffffffff802650e9>] __driver_attach+0x0/0x98
> [<ffffffff80265138>] __driver_attach+0x4f/0x98
> [<ffffffff80264a34>] bus_for_each_dev+0x49/0x7a
> [<ffffffff80264f45>] driver_attach+0x1c/0x1e
> [<ffffffff80264648>] bus_add_driver+0x89/0x138
> [<ffffffff80265391>] driver_register+0x8f/0x93
> [<ffffffff801fdb96>] __pci_register_driver+0x63/0x86
> [<ffffffff880f1ac8>] :bttv:bttv_init_module+0xb3/0xb5
> [<ffffffff801909aa>] sys_init_module+0xb0/0x203
> [<ffffffff8015854e>] system_call+0x7e/0x83
>
>
> Code: 4c 8b bf d8 00 00 00 48 8b 7f 50 8b 5e 10 48 81 c7 00 01 00
> RIP [<ffffffff801cb377>] sysfs_add_file+0x20/0x88
> RSP <ffff81003ee3fd48>
> CR2: 00000000000000d9

Yours is the third report of this. Mauro is on vacation, it's not known to
be a v4l bug and nobody knows what's causing it. Not a happy story.
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/