From owner-freebsd-multimedia@freebsd.org Sun Dec 17 03:03:53 2017 Return-Path: Delivered-To: freebsd-multimedia@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id A500BE9D9DB for ; Sun, 17 Dec 2017 03:03:53 +0000 (UTC) (envelope-from youngluc@gmail.com) Received: from mail-io0-x243.google.com (mail-io0-x243.google.com [IPv6:2607:f8b0:4001:c06::243]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 701067FB89 for ; Sun, 17 Dec 2017 03:03:53 +0000 (UTC) (envelope-from youngluc@gmail.com) Received: by mail-io0-x243.google.com with SMTP id w127so6470886iow.11 for ; Sat, 16 Dec 2017 19:03:53 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=reply-to:subject:to:references:from:message-id:date:user-agent :mime-version:in-reply-to:content-transfer-encoding; bh=6nVjoDa1scPMMXSf7QwbNEI7tZ9VjkMuXmfqs/uCLCQ=; b=GKhQRRh/4KjIn+4PJMDW3nGwBJBE4WOeLopVnDl21RyfEtNnX+LqPkaFyXYj4iSFJK EniAR3l67bguNiecC2fL+7yGDqJ7EiYYvR6FuMoKBamQXzVMaoa2sMqkaI/Bi4vEO8Sd o/R4gzMYzo6aImdEiscu8hNyhb88tTtM8SS9zpN/tTHf1VkdCj77qlac61YL/MvHft0l lTo55qn1z2aQ4m7U0pHRnQB/ouAeYkP6FQu3wZogFm+zRdKUs0Cl3Wh4m7D2I+A1g4q/ oCSJLGtjt5/hiJcffsoCeQ2u336dLx1N29GAZTaLEKf7xrhwTAXsf1/Nb8Lbt9Of5o9u ez5A== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:reply-to:subject:to:references:from:message-id :date:user-agent:mime-version:in-reply-to:content-transfer-encoding; bh=6nVjoDa1scPMMXSf7QwbNEI7tZ9VjkMuXmfqs/uCLCQ=; b=Nnzgt6atUnvTTDvI2gkNplsuF6sAxvIVZWZtBlmSub4xoL84amheD6Gi4e8WSstLCN d3yn2Rz1QVMmihOm5LcYtCG+DfkdZCDYWXrq7pbuP+BBDSar29RKCgdtVWKDhQTZTMlq cg4uv/ibDWB2vCft2nCc0j2TwQPo8YtErgYyQbQXzupwzgp0YnY03GmlYrgwYD3VbLPp yGhOSKPWRCwDf9/PsKm/PhmGy4AvDDfzXoldLP4iYh6pwgkzqbK+dK0kCk4qMt/vePFe i5VROiLufkcZ2qTcNL/OgkjuSnXy/NyaanIG7EGUGHAG0s9and/KSYZPwKY4vwzAx23n 67XQ== X-Gm-Message-State: AKGB3mK/l9YMR8apJilqbaZvogIJc4mxyNkb8H8A8Hy/A/1YmrPCyHUM XtjxyADfARLbDbcZjlrG9kDaFA== X-Google-Smtp-Source: ACJfBosyBGGlhIhBmM4lpasWaG8KWkSTVgGY9d1Zh3deOKpzd5O2ws+vZAs31V3J+mLoOyqf7hn88Q== X-Received: by 10.107.38.206 with SMTP id m197mr17842634iom.189.1513479832255; Sat, 16 Dec 2017 19:03:52 -0800 (PST) Received: from [10.40.8.62] (67-220-9-24.usiwireless.com. [67.220.9.24]) by smtp.gmail.com with ESMTPSA id b80sm5230079ioe.31.2017.12.16.19.03.50 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Sat, 16 Dec 2017 19:03:51 -0800 (PST) Reply-To: youngluc@gmail.com Subject: Re: webcamd-4.12.0.1 segfault when using WinTV-HV-950Q To: Hans Petter Selasky , freebsd-multimedia@freebsd.org References: <63966a1d-1244-4ea0-0bf8-15b485f63cd4@gmail.com> From: Lucas Young Message-ID: Date: Sat, 16 Dec 2017 21:03:45 -0600 User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:52.0) Gecko/20100101 Firefox/52.0 SeaMonkey/2.49.1 MIME-Version: 1.0 In-Reply-To: Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 8bit X-BeenThere: freebsd-multimedia@freebsd.org X-Mailman-Version: 2.1.25 Precedence: list List-Id: Multimedia discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 17 Dec 2017 03:03:53 -0000 Hans Petter Selasky wrote on 2017-12-16 10:50: > On 12/16/17 14:10, Lucas Young wrote: >> I am trying to get my WinTV-HV-950Q working on FreeBSD. I am running >> into, apparently, the same problem as described in the following link >> which is from this list about two years ago. >> [Hauppauge WinTV HVR >> 950Q](https://lists.freebsd.org/pipermail/freebsd-multimedia/2015-June/016273.html) >> >> >> This one sounds similar as well. >> [FreeBSD-10.3 and WinTV >> HVR-950Q](https://lists.freebsd.org/pipermail/freebsd-multimedia/2016-December/017525.html) >> >> >> Unfortunately, it does not appear that the solution to either of those >> previous issues was posted to the list so hoping that there is someone >> who is willing to rehash this for me. >> >> In short, webcamd is crashing with a segfault the first time that it >> is run. If it is run again, it usually starts but then consumes 100% >> of one CPU core. I have included the particulars from my system below. >> Note that I have already compiled webcamd from ports with the DEBUG >> turned on. I am not proficient in C or in using gdb so I need some >> help to know what to check next. >> >> # uname -mrs >> FreeBSD 11.1-RELEASE-p4 amd64 >> >> # pkg info -x webcamd >> webcamd-4.12.0.1 >> >> # md5 /boot/modules/dvb-fe-xc5000-1.6.114.fw >> MD5 (/boot/modules/dvb-fe-xc5000-1.6.114.fw) = >> b1ac8f759020523ebaaeff3fdf4789ed >> >> # usbconfig >> ugen4.1: at usbus4, cfg=0 md=HOST spd=FULL >> (12Mbps) pwr=SAVE (0mA) >> ugen0.1: <0x1022 XHCI root HUB> at usbus0, cfg=0 md=HOST spd=SUPER >> (5.0Gbps) pwr=SAVE (0mA) >> ugen5.1: at usbus5, cfg=0 md=HOST spd=HIGH >> (480Mbps) pwr=SAVE (0mA) >> ugen2.1: at usbus2, cfg=0 md=HOST spd=FULL >> (12Mbps) pwr=SAVE (0mA) >> ugen3.1: at usbus3, cfg=0 md=HOST spd=HIGH >> (480Mbps) pwr=SAVE (0mA) >> ugen1.1: <0x1022 XHCI root HUB> at usbus1, cfg=0 md=HOST spd=SUPER >> (5.0Gbps) pwr=SAVE (0mA) >> ugen0.2: at usbus0, cfg=0 md=HOST spd=HIGH >> (480Mbps) pwr=ON (500mA) >> ugen3.2: at usbus3, >> cfg=0 md=HOST spd=HIGH (480Mbps) pwr=ON (500mA) >> >> # usbconfig -d 0.2 dump_device_desc >> ugen0.2: at usbus0, cfg=0 md=HOST spd=HIGH >> (480Mbps) p >> wr=ON (500mA) >> >>    bLength = 0x0012 >>    bDescriptorType = 0x0001 >>    bcdUSB = 0x0200 >>    bDeviceClass = 0x0000  >>    bDeviceSubClass = 0x0000 >>    bDeviceProtocol = 0x0000 >>    bMaxPacketSize0 = 0x0040 >>    idVendor = 0x2040 >>    idProduct = 0x7200 >>    bcdDevice = 0x0005 >>    iManufacturer = 0x0001  >>    iProduct = 0x0002  >>    iSerialNumber = 0x000a  >>    bNumConfigurations = 0x0001 >> >> # cat /boot/loader.conf >> kern.geom.label.disk_ident.enable="0" >> kern.geom.label.gptid.enable="0" >> vfs.zfs.min_auto_ashift=12 >> zfs_load="YES" >> cuse_load="YES" >> >> # sysrc -a >> autofs_enable: YES >> dbus_enable: NO >> dumpdev: AUTO >> hald_enable: NO >> jackd_enable: NO >> mountd_enable: YES >> mountd_flags: -r >> moused_enable: NO >> mythbackend_enable: YES >> nfs_server_enable: YES >> ntpd_enable: YES >> powerd_enable: YES >> rpc_lockd_enable: YES >> rpc_statd_enable: YES >> rpcbind_enable: YES >> sshd_enable: YES >> webcamd_0_flags: -N Hauppauge-WinTV-HVR-950 -S unknown >> webcamd_1_flags: -N Chicony-Electronics-Co--Ltd--HP-Truevision-HD -S >> 0x0001 >> webcamd_enable: YES >> zfs_enable: YES >> >> >> When the host boots I find that the cuse module is loaded, there is a >> coredump in /, and dmesg indicates that it "exited on signal 11" >> during the boot. >> >> # kldstat >> Id Refs Address            Size     Name >>   1   17 0xffffffff80200000 1f67a88  kernel >>   2    1 0xffffffff82169000 316708   zfs.ko >>   3    2 0xffffffff82480000 cb78     opensolaris.ko >>   4    1 0xffffffff8248d000 e690     cuse.ko >>   5    1 0xffffffff82a31000 10913    snd_uaudio.ko >> >> # dmesg >> ... >> uaudio0 on uhub3 >> uaudio0: on usbus0 >> uaudio0: No playback. >> uaudio0: Record: 48000 Hz, 2 ch, 16-bit S-LE PCM format, 2x8ms buffer. >> uaudio0: No MIDI sequencer. >> pcm2: on uaudio0 >> uaudio0: No HID volume keys found. >> pid 99972 (webcamd), uid 0: exited on signal 11 (core dumped) >> ... >> >> # gdb $(which webcamd) /webcamd.core >> GNU gdb 6.1.1 [FreeBSD] >> Copyright 2004 Free Software Foundation, Inc. >> GDB is free software, covered by the GNU General Public License, and >> you are >> welcome to change it and/or distribute copies of it under certain >> conditions. >> Type "show copying" to see the conditions. >> There is absolutely no warranty for GDB.  Type "show warranty" for >> details. >> This GDB was configured as "amd64-marcel-freebsd"... >> Core was generated by '/usr/local/sbin/webcamd -i 0 -d ugen0.2 -B -U >> webcamd -G webcamd'. >> Program terminated with signal 11, Segmentation fault. >> Reading symbols from /usr/local/lib/libhal.so...done. >> Loaded symbols for /usr/local/lib/libhal.so >> Reading symbols from /usr/local/lib/libdbus-1.so...done. >> Loaded symbols for /usr/local/lib/libdbus-1.so >> Reading symbols from /usr/lib/libusb.so.3...done. >> Loaded symbols for /usr/lib/libusb.so.3 >> Reading symbols from /lib/libthr.so.3...done. >> Loaded symbols for /lib/libthr.so.3 >> Reading symbols from /lib/libutil.so.9...done. >> Loaded symbols for /lib/libutil.so.9 >> Reading symbols from /usr/lib/libcuse.so.1...done. >> Loaded symbols for /usr/lib/libcuse.so.1 >> Reading symbols from /lib/libc.so.7...done. >> Loaded symbols for /lib/libc.so.7 >> Reading symbols from /usr/lib/libexecinfo.so.1...done. >> Loaded symbols for /usr/lib/libexecinfo.so.1 >> Reading symbols from /lib/libelf.so.2...done. >> Loaded symbols for /lib/libelf.so.2 >> Reading symbols from /lib/libgcc_s.so.1...done. >> Loaded symbols for /lib/libgcc_s.so.1 >> Reading symbols from /libexec/ld-elf.so.1...done. >> Loaded symbols for /libexec/ld-elf.so.1 >> #0  0x0000000000414e32 in timer_exec (arg=0x0) at >> kernel/linux_timer.c:142 >> 142                                     TAILQ_REMOVE(&timer_head, t, >> entry); >> (gdb) bt >> #0  0x0000000000414e32 in timer_exec (arg=0x0) at >> kernel/linux_timer.c:142 >> #1  0x00000008014c7bc5 in pthread_create () from /lib/libthr.so.3 >> #2  0x0000000000000000 in ?? () >> Current language:  auto; currently minimal >> (gdb) p &timer_head >> $1 = (struct timer_head *) 0xccee78 >> (gdb) p t >> $2 = (struct timer_list *) 0x802843130 >> >> >> Can someone point me in the direction of what to check next? > > Hi, > > I think the TAILQ_INIT() was called too late. Can you try this patch > inside webcamd sources after "make extract patch" ? > >> Index: kernel/linux_timer.c >> =================================================================== >> --- kernel/linux_timer.c    (revision 4030) >> +++ kernel/linux_timer.c    (working copy) >> @@ -27,7 +27,7 @@ >> >>  TAILQ_HEAD(timer_head, timer_list); >> >> -static struct timer_head timer_head; >> +static struct timer_head timer_head = >> TAILQ_HEAD_INITIALIZER(timer_head); >>  static pthread_t timer_thread; >>  static volatile int timer_thread_started; >>  static int timer_needed; >> @@ -206,8 +206,6 @@ >>  static int >>  timer_init(void) >>  { >> -    TAILQ_INIT(&timer_head); >> - >>      get_jiffies_64(); >> >>      if (pthread_create(&timer_thread, NULL, timer_exec, NULL)) { > > --HPS Hello Hans, Thank you for your prompt reply and for sending the patch. The problem persists even after the patch is applied, however. In case it helps, here is the output when running from the command line. # /usr/local/sbin/webcamd -i 0 -d ugen0.2 -U webcamd -G webcamd -m xc5000.debug=1 virtual DVB server adapter driver, version 1.0-hps, (c) 2011 Hans Petter Selasky Linux video capture interface: v2.00 IR NEC protocol handler initialized IR RC5(x/sz) protocol handler initialized IR RC6 protocol handler initialized IR JVC protocol handler initialized IR Sony protocol handler initialized IR SANYO protocol handler initialized IR LIRC bridge handler initialized IR XMP protocol handler initialized b2c2-flexcop: B2C2 FlexcopII/II(b)/III digital TV receiver chip loaded successfully USB Video Class driver (1.1.1) cpia2: V4L-Driver for Vision CPiA2 based cameras v3.0.1 pvrusb2: V4L in-tree version:Hauppauge WinTV-PVR-USB2 MPEG2 Encoder/Tuner pvrusb2: Debug mask is 31 (0x1f) USBVision USB Video Device Driver for Linux : 0.9.11 Attached to ugen0.2[0] au8522 128-0047: creating new instance au8522_decoder creating new instance... xc5000: xc5000_attach(128-0061) xc5000 128-0061: creating new instance xc5000: Successfully identified at address 0x61 xc5000: Firmware has not been loaded previously au8522 128-0047: attaching existing instance xc5000: xc5000_attach(128-0061) xc5000 128-0061: attaching existing instance xc5000: Successfully identified at address 0x61 xc5000: Firmware has not been loaded previously DBG: : dvb_register_frontend: INFO: : DVB: registering adapter 0 frontend 0 (Auvitek AU8522 QAM/8VSB Frontend)... DBG: : dvb_frontend_clear_cache: Clearing cache for delivery system 11 INFO: rc0: au0828 IR (Hauppauge HVR950Q) as webcamd INFO: rc0: lirc_dev: driver ir-lirc-codec (au0828-input) registered at minor = 0 Registered IR keymap rc-hauppauge xc5000: xc5000_sleep() Creating /dev/video1 xc5000: xc5000_sleep() Creating /dev/video2 Creating /dev/dvb/adapter0/demux0 Creating /dev/dvb/adapter0/dvr0 DBG: : dvb_frontend_open: DBG: : dvb_frontend_release: Creating /dev/dvb/adapter0/frontend0 DBG: rc0: lirc_dev (ir-lirc-codec (au0828-input)[0]): open called Creating /dev/lirc0 Creating /dev/input/event0 Segmentation fault Here is the info from gdb from the above command (after the patch): # gdb $(which webcamd) ./webcamd.core GNU gdb 6.1.1 [FreeBSD] Copyright 2004 Free Software Foundation, Inc. GDB is free software, covered by the GNU General Public License, and you are welcome to change it and/or distribute copies of it under certain conditions. Type "show copying" to see the conditions. There is absolutely no warranty for GDB. Type "show warranty" for details. This GDB was configured as "amd64-marcel-freebsd"... Core was generated by '/usr/local/sbin/webcamd -i 0 -d ugen0.2 -U webcamd -G webcamd -m xc5000.debug=1'. Program terminated with signal 11, Segmentation fault. Reading symbols from /usr/local/lib/libhal.so.1...done. Loaded symbols for /usr/local/lib/libhal.so.1 Reading symbols from /usr/local/lib/libdbus-1.so.3...done. Loaded symbols for /usr/local/lib/libdbus-1.so.3 Reading symbols from /usr/lib/libusb.so.3...done. Loaded symbols for /usr/lib/libusb.so.3 Reading symbols from /lib/libthr.so.3...done. Loaded symbols for /lib/libthr.so.3 Reading symbols from /lib/libutil.so.9...done. Loaded symbols for /lib/libutil.so.9 Reading symbols from /usr/lib/libcuse.so.1...done. Loaded symbols for /usr/lib/libcuse.so.1 Reading symbols from /lib/libc.so.7...done. Loaded symbols for /lib/libc.so.7 Reading symbols from /usr/lib/libexecinfo.so.1...done. Loaded symbols for /usr/lib/libexecinfo.so.1 Reading symbols from /lib/libelf.so.2...done. Loaded symbols for /lib/libelf.so.2 Reading symbols from /lib/libgcc_s.so.1...done. Loaded symbols for /lib/libgcc_s.so.1 Reading symbols from /libexec/ld-elf.so.1...done. Loaded symbols for /libexec/ld-elf.so.1 #0 0x0000000000415262 in timer_exec (arg=0x0) at kernel/linux_timer.c:142 142 TAILQ_REMOVE(&timer_head, t, entry); (gdb) bt #0 0x0000000000415262 in timer_exec (arg=0x0) at kernel/linux_timer.c:142 #1 0x00000008014cfbc5 in pthread_create () from /lib/libthr.so.3 #2 0x0000000000000000 in ?? () Current language: auto; currently minimal (gdb) p &timer_head $1 = (struct timer_head *) 0xc32bf8 (gdb) p t $2 = (struct timer_list *) 0x802843130