Date: Sat, 16 Dec 2017 21:03:45 -0600 From: Lucas Young <youngluc@gmail.com> To: Hans Petter Selasky <hps@selasky.org>, freebsd-multimedia@freebsd.org Subject: Re: webcamd-4.12.0.1 segfault when using WinTV-HV-950Q Message-ID: <d35dba0c-5953-a856-3d6f-0010ce05cb27@gmail.com> In-Reply-To: <a78060a6-38f5-09d4-9139-75e732b2cbd1@selasky.org> References: <63966a1d-1244-4ea0-0bf8-15b485f63cd4@gmail.com> <a78060a6-38f5-09d4-9139-75e732b2cbd1@selasky.org>
next in thread | previous in thread | raw e-mail | index | archive | help
Hans Petter Selasky wrote on 2017-12-16 10:50: > On 12/16/17 14:10, Lucas Young wrote: >> I am trying to get my WinTV-HV-950Q working on FreeBSD. I am running >> into, apparently, the same problem as described in the following link >> which is from this list about two years ago. >> [Hauppauge WinTV HVR >> 950Q](https://lists.freebsd.org/pipermail/freebsd-multimedia/2015-June/016273.html) >> >> >> This one sounds similar as well. >> [FreeBSD-10.3 and WinTV >> HVR-950Q](https://lists.freebsd.org/pipermail/freebsd-multimedia/2016-December/017525.html) >> >> >> Unfortunately, it does not appear that the solution to either of those >> previous issues was posted to the list so hoping that there is someone >> who is willing to rehash this for me. >> >> In short, webcamd is crashing with a segfault the first time that it >> is run. If it is run again, it usually starts but then consumes 100% >> of one CPU core. I have included the particulars from my system below. >> Note that I have already compiled webcamd from ports with the DEBUG >> turned on. I am not proficient in C or in using gdb so I need some >> help to know what to check next. >> >> # uname -mrs >> FreeBSD 11.1-RELEASE-p4 amd64 >> >> # pkg info -x webcamd >> webcamd-4.12.0.1 >> >> # md5 /boot/modules/dvb-fe-xc5000-1.6.114.fw >> MD5 (/boot/modules/dvb-fe-xc5000-1.6.114.fw) = >> b1ac8f759020523ebaaeff3fdf4789ed >> >> # usbconfig >> ugen4.1: <AMD OHCI root HUB> at usbus4, cfg=0 md=HOST spd=FULL >> (12Mbps) pwr=SAVE (0mA) >> ugen0.1: <0x1022 XHCI root HUB> at usbus0, cfg=0 md=HOST spd=SUPER >> (5.0Gbps) pwr=SAVE (0mA) >> ugen5.1: <AMD EHCI root HUB> at usbus5, cfg=0 md=HOST spd=HIGH >> (480Mbps) pwr=SAVE (0mA) >> ugen2.1: <AMD OHCI root HUB> at usbus2, cfg=0 md=HOST spd=FULL >> (12Mbps) pwr=SAVE (0mA) >> ugen3.1: <AMD EHCI root HUB> at usbus3, cfg=0 md=HOST spd=HIGH >> (480Mbps) pwr=SAVE (0mA) >> ugen1.1: <0x1022 XHCI root HUB> at usbus1, cfg=0 md=HOST spd=SUPER >> (5.0Gbps) pwr=SAVE (0mA) >> ugen0.2: <Hauppauge WinTV HVR-950> at usbus0, cfg=0 md=HOST spd=HIGH >> (480Mbps) pwr=ON (500mA) >> ugen3.2: <Chicony Electronics Co.,Ltd. HP Truevision HD> at usbus3, >> cfg=0 md=HOST spd=HIGH (480Mbps) pwr=ON (500mA) >> >> # usbconfig -d 0.2 dump_device_desc >> ugen0.2: <Hauppauge WinTV HVR-950> at usbus0, cfg=0 md=HOST spd=HIGH >> (480Mbps) p >> wr=ON (500mA) >> >> bLength = 0x0012 >> bDescriptorType = 0x0001 >> bcdUSB = 0x0200 >> bDeviceClass = 0x0000 <Probed by interface class> >> bDeviceSubClass = 0x0000 >> bDeviceProtocol = 0x0000 >> bMaxPacketSize0 = 0x0040 >> idVendor = 0x2040 >> idProduct = 0x7200 >> bcdDevice = 0x0005 >> iManufacturer = 0x0001 <retrieving string failed> >> iProduct = 0x0002 <retrieving string failed> >> iSerialNumber = 0x000a <retrieving string failed> >> bNumConfigurations = 0x0001 >> >> # cat /boot/loader.conf >> kern.geom.label.disk_ident.enable="0" >> kern.geom.label.gptid.enable="0" >> vfs.zfs.min_auto_ashift=12 >> zfs_load="YES" >> cuse_load="YES" >> >> # sysrc -a >> autofs_enable: YES >> dbus_enable: NO >> dumpdev: AUTO >> hald_enable: NO >> jackd_enable: NO >> mountd_enable: YES >> mountd_flags: -r >> moused_enable: NO >> mythbackend_enable: YES >> nfs_server_enable: YES >> ntpd_enable: YES >> powerd_enable: YES >> rpc_lockd_enable: YES >> rpc_statd_enable: YES >> rpcbind_enable: YES >> sshd_enable: YES >> webcamd_0_flags: -N Hauppauge-WinTV-HVR-950 -S unknown >> webcamd_1_flags: -N Chicony-Electronics-Co--Ltd--HP-Truevision-HD -S >> 0x0001 >> webcamd_enable: YES >> zfs_enable: YES >> >> >> When the host boots I find that the cuse module is loaded, there is a >> coredump in /, and dmesg indicates that it "exited on signal 11" >> during the boot. >> >> # kldstat >> Id Refs Address Size Name >> 1 17 0xffffffff80200000 1f67a88 kernel >> 2 1 0xffffffff82169000 316708 zfs.ko >> 3 2 0xffffffff82480000 cb78 opensolaris.ko >> 4 1 0xffffffff8248d000 e690 cuse.ko >> 5 1 0xffffffff82a31000 10913 snd_uaudio.ko >> >> # dmesg >> ... >> uaudio0 on uhub3 >> uaudio0: <WinTV HVR-950 Audio> on usbus0 >> uaudio0: No playback. >> uaudio0: Record: 48000 Hz, 2 ch, 16-bit S-LE PCM format, 2x8ms buffer. >> uaudio0: No MIDI sequencer. >> pcm2: <USB audio> on uaudio0 >> uaudio0: No HID volume keys found. >> pid 99972 (webcamd), uid 0: exited on signal 11 (core dumped) >> ... >> >> # gdb $(which webcamd) /webcamd.core >> GNU gdb 6.1.1 [FreeBSD] >> Copyright 2004 Free Software Foundation, Inc. >> GDB is free software, covered by the GNU General Public License, and >> you are >> welcome to change it and/or distribute copies of it under certain >> conditions. >> Type "show copying" to see the conditions. >> There is absolutely no warranty for GDB. Type "show warranty" for >> details. >> This GDB was configured as "amd64-marcel-freebsd"... >> Core was generated by '/usr/local/sbin/webcamd -i 0 -d ugen0.2 -B -U >> webcamd -G webcamd'. >> Program terminated with signal 11, Segmentation fault. >> Reading symbols from /usr/local/lib/libhal.so...done. >> Loaded symbols for /usr/local/lib/libhal.so >> Reading symbols from /usr/local/lib/libdbus-1.so...done. >> Loaded symbols for /usr/local/lib/libdbus-1.so >> Reading symbols from /usr/lib/libusb.so.3...done. >> Loaded symbols for /usr/lib/libusb.so.3 >> Reading symbols from /lib/libthr.so.3...done. >> Loaded symbols for /lib/libthr.so.3 >> Reading symbols from /lib/libutil.so.9...done. >> Loaded symbols for /lib/libutil.so.9 >> Reading symbols from /usr/lib/libcuse.so.1...done. >> Loaded symbols for /usr/lib/libcuse.so.1 >> Reading symbols from /lib/libc.so.7...done. >> Loaded symbols for /lib/libc.so.7 >> Reading symbols from /usr/lib/libexecinfo.so.1...done. >> Loaded symbols for /usr/lib/libexecinfo.so.1 >> Reading symbols from /lib/libelf.so.2...done. >> Loaded symbols for /lib/libelf.so.2 >> Reading symbols from /lib/libgcc_s.so.1...done. >> Loaded symbols for /lib/libgcc_s.so.1 >> Reading symbols from /libexec/ld-elf.so.1...done. >> Loaded symbols for /libexec/ld-elf.so.1 >> #0 0x0000000000414e32 in timer_exec (arg=0x0) at >> kernel/linux_timer.c:142 >> 142 TAILQ_REMOVE(&timer_head, t, >> entry); >> (gdb) bt >> #0 0x0000000000414e32 in timer_exec (arg=0x0) at >> kernel/linux_timer.c:142 >> #1 0x00000008014c7bc5 in pthread_create () from /lib/libthr.so.3 >> #2 0x0000000000000000 in ?? () >> Current language: auto; currently minimal >> (gdb) p &timer_head >> $1 = (struct timer_head *) 0xccee78 >> (gdb) p t >> $2 = (struct timer_list *) 0x802843130 >> >> >> Can someone point me in the direction of what to check next? > > Hi, > > I think the TAILQ_INIT() was called too late. Can you try this patch > inside webcamd sources after "make extract patch" ? > >> Index: kernel/linux_timer.c >> =================================================================== >> --- kernel/linux_timer.c (revision 4030) >> +++ kernel/linux_timer.c (working copy) >> @@ -27,7 +27,7 @@ >> >> TAILQ_HEAD(timer_head, timer_list); >> >> -static struct timer_head timer_head; >> +static struct timer_head timer_head = >> TAILQ_HEAD_INITIALIZER(timer_head); >> static pthread_t timer_thread; >> static volatile int timer_thread_started; >> static int timer_needed; >> @@ -206,8 +206,6 @@ >> static int >> timer_init(void) >> { >> - TAILQ_INIT(&timer_head); >> - >> get_jiffies_64(); >> >> if (pthread_create(&timer_thread, NULL, timer_exec, NULL)) { > > --HPS Hello Hans, Thank you for your prompt reply and for sending the patch. The problem persists even after the patch is applied, however. In case it helps, here is the output when running from the command line. # /usr/local/sbin/webcamd -i 0 -d ugen0.2 -U webcamd -G webcamd -m xc5000.debug=1 virtual DVB server adapter driver, version 1.0-hps, (c) 2011 Hans Petter Selasky Linux video capture interface: v2.00 IR NEC protocol handler initialized IR RC5(x/sz) protocol handler initialized IR RC6 protocol handler initialized IR JVC protocol handler initialized IR Sony protocol handler initialized IR SANYO protocol handler initialized IR LIRC bridge handler initialized IR XMP protocol handler initialized b2c2-flexcop: B2C2 FlexcopII/II(b)/III digital TV receiver chip loaded successfully USB Video Class driver (1.1.1) cpia2: V4L-Driver for Vision CPiA2 based cameras v3.0.1 pvrusb2: V4L in-tree version:Hauppauge WinTV-PVR-USB2 MPEG2 Encoder/Tuner pvrusb2: Debug mask is 31 (0x1f) USBVision USB Video Device Driver for Linux : 0.9.11 Attached to ugen0.2[0] au8522 128-0047: creating new instance au8522_decoder creating new instance... xc5000: xc5000_attach(128-0061) xc5000 128-0061: creating new instance xc5000: Successfully identified at address 0x61 xc5000: Firmware has not been loaded previously au8522 128-0047: attaching existing instance xc5000: xc5000_attach(128-0061) xc5000 128-0061: attaching existing instance xc5000: Successfully identified at address 0x61 xc5000: Firmware has not been loaded previously DBG: : dvb_register_frontend: INFO: : DVB: registering adapter 0 frontend 0 (Auvitek AU8522 QAM/8VSB Frontend)... DBG: : dvb_frontend_clear_cache: Clearing cache for delivery system 11 INFO: rc0: au0828 IR (Hauppauge HVR950Q) as webcamd INFO: rc0: lirc_dev: driver ir-lirc-codec (au0828-input) registered at minor = 0 Registered IR keymap rc-hauppauge xc5000: xc5000_sleep() Creating /dev/video1 xc5000: xc5000_sleep() Creating /dev/video2 Creating /dev/dvb/adapter0/demux0 Creating /dev/dvb/adapter0/dvr0 DBG: : dvb_frontend_open: DBG: : dvb_frontend_release: Creating /dev/dvb/adapter0/frontend0 DBG: rc0: lirc_dev (ir-lirc-codec (au0828-input)[0]): open called Creating /dev/lirc0 Creating /dev/input/event0 Segmentation fault Here is the info from gdb from the above command (after the patch): # gdb $(which webcamd) ./webcamd.core GNU gdb 6.1.1 [FreeBSD] Copyright 2004 Free Software Foundation, Inc. GDB is free software, covered by the GNU General Public License, and you are welcome to change it and/or distribute copies of it under certain conditions. Type "show copying" to see the conditions. There is absolutely no warranty for GDB. Type "show warranty" for details. This GDB was configured as "amd64-marcel-freebsd"... Core was generated by '/usr/local/sbin/webcamd -i 0 -d ugen0.2 -U webcamd -G webcamd -m xc5000.debug=1'. Program terminated with signal 11, Segmentation fault. Reading symbols from /usr/local/lib/libhal.so.1...done. Loaded symbols for /usr/local/lib/libhal.so.1 Reading symbols from /usr/local/lib/libdbus-1.so.3...done. Loaded symbols for /usr/local/lib/libdbus-1.so.3 Reading symbols from /usr/lib/libusb.so.3...done. Loaded symbols for /usr/lib/libusb.so.3 Reading symbols from /lib/libthr.so.3...done. Loaded symbols for /lib/libthr.so.3 Reading symbols from /lib/libutil.so.9...done. Loaded symbols for /lib/libutil.so.9 Reading symbols from /usr/lib/libcuse.so.1...done. Loaded symbols for /usr/lib/libcuse.so.1 Reading symbols from /lib/libc.so.7...done. Loaded symbols for /lib/libc.so.7 Reading symbols from /usr/lib/libexecinfo.so.1...done. Loaded symbols for /usr/lib/libexecinfo.so.1 Reading symbols from /lib/libelf.so.2...done. Loaded symbols for /lib/libelf.so.2 Reading symbols from /lib/libgcc_s.so.1...done. Loaded symbols for /lib/libgcc_s.so.1 Reading symbols from /libexec/ld-elf.so.1...done. Loaded symbols for /libexec/ld-elf.so.1 #0 0x0000000000415262 in timer_exec (arg=0x0) at kernel/linux_timer.c:142 142 TAILQ_REMOVE(&timer_head, t, entry); (gdb) bt #0 0x0000000000415262 in timer_exec (arg=0x0) at kernel/linux_timer.c:142 #1 0x00000008014cfbc5 in pthread_create () from /lib/libthr.so.3 #2 0x0000000000000000 in ?? () Current language: auto; currently minimal (gdb) p &timer_head $1 = (struct timer_head *) 0xc32bf8 (gdb) p t $2 = (struct timer_list *) 0x802843130
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?d35dba0c-5953-a856-3d6f-0010ce05cb27>