[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

via-camera crash on unload (but possibly a wider v4l2 issue)

I can reproduce a crash on via-camera module unload. Running latest
linux-next. Simple modprobe then rmmod reproduces it.
I guess cafe_ccic is affected too.

BUG: unable to handle kernel paging request at 6b6b6b6b
IP: device_del

I've diagnosed it, but don't know the solution.

viacam_remove() calls v4l2_device_unregister()

v4l2_device_unregister() starts to unregister all the subdevs
	list_for_each_entry_safe(sd, next, &v4l2_dev->subdevs, list) {

So the subdev has been unregistered.
Still inside v4l2_device_unregister, it then realises its an i2c
subdev and unregisters it at the i2c layer:

		if (sd->flags & V4L2_SUBDEV_FL_IS_I2C) {

i2c_unregister_device() calls device_unregister()
...which calls device_del()
...which calls bus_remove_device()
...which calls device_release_driver()
...which calls __device_release_driver()
...which calls i2c_device_remove()
...which calls ov7670_remove()

This is where the badness starts.

ov7670_remove() calls v4l2_device_unregister_subdev *on the same
subdev that was released above*. Can't lead to good things.
ov7670_remove() then frees its ov7670_info structure (which contains
the v4l2_subdev structure) (eek)

then v4l2_device_unregister() continues, and it checks:
		if (sd->flags & V4L2_SUBDEV_FL_IS_SPI) {
sd->flags is now freed, so it reads 6b6b6b6b, so we go on:

and this calls device_unregister() on more of our freed memory
and now things have gone wrong enough for a BUG() to happen


To unsubscribe from this list: send the line "unsubscribe linux-media" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html

[Linux Input]     [Video for Linux]     [Mplayer Users]     [Linux USB Devel]     [Linux Audio Users]     [Photos]     [Yosemite Photos]     [Linux Kernel]     [Linux SCSI]     [XFree86]     [Devices]     [Yosemite Backpacking]     [Linux Input]

Add to Google Powered by Linux