[3.3.0-rc3][uvcvideo][regression] oops - uvc_video_clock_update

From: Shawn Starr
Date: Sun Feb 19 2012 - 20:15:45 EST

Next message: Chanho Min: "[PATCH] amba-pl011â/dma: Add check for the residue in DMA callback"
Previous message: Linus Torvalds: "Re: [PATCH 0/2] More i387 state save/restore work"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Recently, I've been able to trigger this. If using a webcam in Firefox with a
flash plugin, when trying turn off cam, panic dumps to console (X switches to
console).

This was fine in 3.2/3.1 series.

Linux segfault.sh0n.net 3.3.0-0.rc3.git6.2.fc18.x86_64 #1 SMP Thu Feb 16
00:14:39 UTC 2012 x86_64 x86_64 x86_64 GNU/Linux

Aside from VirtualBox being loaded - and not using video - I can trigger this
without VirtualBox loaded also. the stack clearly shows bug in uvc driver.

oops below:

[ 2007.719508] BUG: unable to handle kernel NULL pointer dereference at
00000000000000a4
[ 2007.720401] IP: [<ffffffffa04d83f2>] uvc_video_clock_update+0x72/0x3a0
[uvcvideo]
[ 2007.720401] PGD 133bdd067 PUD 13357d067 PMD 0
[ 2007.720401] Oops: 0000 [#1] SMP
[ 2007.720401] CPU 1
[ 2007.720401] Modules linked in: vboxpci(O) vboxnetadp(O) vboxnetflt(O)
vboxdrv(O) lockd sunrpc coretemp uvcvideo videobuf2_core videodev media
v4l2_compat_ioctl32 videobuf2_vmalloc videobuf2_memops snd_usb_audio
snd_usbmidi_lib snd_rawmidi snd_seq_device arc4 snd_hda_codec_conexant iwlwifi
mac80211 snd_hda_intel i2c_i801 thinkpad_acpi cfg80211 snd_hda_codec snd_hwdep
snd_pcm snd_timer snd_page_alloc rfkill microcode r592 memstick snd soundcore
serial_cs e1000e iTCO_wdt iTCO_vendor_support binfmt_misc virtio_net kvm_intel
kvm sdhci_pci sdhci mmc_core firewire_ohci firewire_core crc_itu_t
yenta_socket wmi video radeon ttm drm_kms_helper drm i2c_algo_bit i2c_core
[last unloaded: scsi_wait_scan]
[ 2007.720401]
[ 2007.720401] Pid: 3337, comm: plugin-containe Tainted: G WC O
3.3.0-0.rc3.git6.2.fc18.x86_64 #1 LENOVO 4058CTO/4058CTO
[ 2007.720401] RIP: 0010:[<ffffffffa04d83f2>] [<ffffffffa04d83f2>]
uvc_video_clock_update+0x72/0x3a0 [uvcvideo]
[ 2007.720401] RSP: 0018:ffff8800650c1ad8 EFLAGS: 00010006
[ 2007.720401] RAX: 0000000000000000 RBX: 00000000000000a0 RCX:
0000000000000020
[ 2007.720401] RDX: 0000000000000004 RSI: 00000000312a0c44 RDI:
0000000000000046
[ 2007.720401] RBP: ffff8800650c1ba8 R08: 0000000000000001 R09:
0000000000000001
[ 2007.720401] R10: 0000000000000000 R11: 0000000000000000 R12:
ffff880132f3b800
[ 2007.720401] R13: ffff88006279f000 R14: ffff880132f3bf20 R15:
ffff88006279f000
[ 2007.720401] FS: 00007fd4fc1ff700(0000) GS:ffff880137000000(0000)
knlGS:0000000000000000
[ 2007.720401] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 2007.720401] CR2: 00000000000000a4 CR3: 000000010a894000 CR4:
00000000000426e0
[ 2007.720401] DR0: 0000000000000000 DR1: 0000000000000000 DR2:
0000000000000000
[ 2007.720401] DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7:
0000000000000400
[ 2007.720401] Process plugin-containe (pid: 3337, threadinfo
ffff8800650c0000, task ffff88012eb14a80)
[ 2007.720401] Stack:
[ 2007.720401] 0000000000000000 0000000000000000 0000000000000002
0000000000000000
[ 2007.720401] ffff8800650c1b78 0000000000000046 0000000000000000
ffffffffa04c9750
[ 2007.720401] 0000000000000000 0000000000000000 ffff8800650c1b78
0000000000000046
[ 2007.720401] Call Trace:
[ 2007.720401] [<ffffffffa04c9750>] ? vb2_dqbuf+0x220/0x3e0 [videobuf2_core]
[ 2007.720401] [<ffffffffa04d3e26>] uvc_buffer_finish+0x26/0x30 [uvcvideo]
[ 2007.720401] [<ffffffffa04c978f>] vb2_dqbuf+0x25f/0x3e0 [videobuf2_core]
[ 2007.720401] [<ffffffffa04d4207>] ? uvc_dequeue_buffer+0x37/0x70 [uvcvideo]
[ 2007.720401] [<ffffffffa04d421a>] uvc_dequeue_buffer+0x4a/0x70 [uvcvideo]
[ 2007.720401] [<ffffffffa04d5e2c>] uvc_v4l2_do_ioctl+0xdfc/0x1320 [uvcvideo]
[ 2007.720401] [<ffffffffa04a953c>] video_usercopy+0x17c/0x570 [videodev]
[ 2007.720401] [<ffffffff81174375>] ? might_fault+0xa5/0xb0]
[ 2007.720401] [<ffffffffa04d5030>] ? uvc_v4l2_open+0x140/0x140 [uvcvideo]
[ 2007.720401] [<ffffffffa04d4779>] uvc_v4l2_ioctl+0x29/0x70 [uvcvideo]
[ 2007.720401] [<ffffffffa04a8353>] v4l2_ioctl+0xc3/0x170 [videodev]
[ 2007.720401] [<ffffffff811d0169>] do_vfs_ioctl+0x99/0x5a0
[ 2007.720401] [<ffffffff811bd440>] ? fget_light+0xf0/0x4a0
[ 2007.720401] [<ffffffff811bd3b2>] ? fget_light+0x62/0x4a0
[ 2007.720401] [<ffffffff811d0709>] sys_ioctl+0x99/0xa0
[ 2007.720401] [<ffffffff816a6d29>] system_call_fastpath+0x16/0x1b
[ 2007.720401] Code: 09 02 00 00 41 8b 84 24 10 07 00 00 31 d2 4d 8b 94 24 08
07 00 00 41 8b b5 f0 02 00 00 89 c3 83 e8 01 f7 f1 48 c1 e3 05 4c 01 d3 <0f>
b7 7b 04 44 8b 0b 89 d0 48 c1 e0 05 81 c7 00 08 00 00 49 01
[ 2007.720401] RIP [<ffffffffa04d83f2>] uvc_video_clock_update+0x72/0x3a0
[uvcvideo]
[ 2007.720401] RSP <ffff8800650c1ad8>
[ 2007.720401] CR2: 00000000000000a4
[ 2007.837048] hpet1: lost 5 rtc interrupts
[ 2007.855100] ---[ end trace 9a81e1b8ccffd693 ]---

...

[ 2007.855270] BUG: scheduling while atomic: plugin-containe/3337/0x10000002
[ 2007.855272] INFO: lockdep is turned off.
[ 2007.855274] Modules linked in: vboxpci(O) vboxnetadp(O) vboxnetflt(O)
vboxdrv(O) lockd sunrpc coretemp uvcvideo videobuf2_core videodev media
v4l2_compat_ioctl32 videobuf2_vmalloc videobuf2_memops snd_usb_audio
snd_usbmidi_lib snd_rawmidi snd_seq_device arc4 snd_hda_codec_conexant iwlwifi
mac80211 snd_hda_intel i2c_i801 thinkpad_acpi cfg80211 snd_hda_codec snd_hwdep
snd_pcm snd_timer snd_page_alloc rfkill microcode r592 memstick snd soundcore
serial_cs e1000e iTCO_wdt iTCO_vendor_support binfmt_misc virtio_net kvm_intel
kvm sdhci_pci sdhci mmc_core firewire_ohci firewire_core crc_itu_t
yenta_socket wmi video radeon ttm drm_kms_helper drm i2c_algo_bit i2c_core
[last unloaded: scsi_wait_scan]
[ 2007.855331] irq event stamp: 0
[ 2007.855333] hardirqs last enabled at (0): [< (null)>]
(null)
[ 2007.855335] hardirqs last disabled at (0): [<ffffffff8105e7fe>]
copy_process.part.21+0x56e/0x16f0
[ 2007.855339] softirqs last enabled at (0): [<ffffffff8105e7fe>]
copy_process.part.21+0x56e/0x16f0
[ 2007.855342] softirqs last disabled at (0): [< (null)>]
(null)
[ 2007.855346] Pid: 3337, comm: plugin-containe Tainted: G D WC O
3.3.0-0.rc3.git6.2.fc18.x86_64 #1
[ 2007.855348] Call Trace:
[ 2007.855351] [<ffffffff810ca740>] ? print_irqtrace_events+0xd0/0xe0
[ 2007.855354] [<ffffffff8169204e>] __schedule_bug+0x80/0x85
[ 2007.855357] [<ffffffff8169c14b>] __schedule+0x8db/0x9a0
[ 2007.855361] [<ffffffff8109bbaa>] __cond_resched+0x2a/0x40
[ 2007.855364] [<ffffffff8169c290>] _cond_resched+0x30/0x40
[ 2007.855367] [<ffffffff8169b56b>] down_read+0x2b/0x98
[ 2007.855370] [<ffffffff8107a814>] exit_signals+0x24/0x130
[ 2007.855373] [<ffffffff8106592c>] do_exit+0xdc/0xaa0
[ 2007.855376] [<ffffffff81062aac>] ? kmsg_dump+0x9c/0x260
[ 2007.855379] [<ffffffff81691973>] ? printk+0x51/0x53
[ 2007.855382] [<ffffffff8169f40e>] oops_end+0x9e/0xe0
[ 2007.855385] [<ffffffff81691276>] no_context+0x258/0x283
[ 2007.855388] [<ffffffff8169146b>] __bad_area_nosemaphore+0x1ca/0x1e9
[ 2007.855391] [<ffffffff8169149d>] bad_area_nosemaphore+0x13/0x15
[ 2007.855394] [<ffffffff816a234b>] do_page_fault+0x4db/0x570
[ 2007.855397] [<ffffffff811d10c7>] ? poll_freewait+0x47/0xb0
[ 2007.855400] [<ffffffff811d1a4a>] ? do_select+0x77a/0x8a0
[ 2007.855403] [<ffffffff8132b96d>] ? trace_hardirqs_off_thunk+0x3a/0x3c
[ 2007.855406] [<ffffffff8169e775>] page_fault+0x25/0x30
[ 2007.855410] [<ffffffffa04d83f2>] ? uvc_video_clock_update+0x72/0x3a0
[uvcvideo]
[ 2007.855414] [<ffffffffa04d83b1>] ? uvc_video_clock_update+0x31/0x3a0
[uvcvideo]
[ 2007.855418] [<ffffffffa04c9750>] ? vb2_dqbuf+0x220/0x3e0 [videobuf2_core]
[ 2007.855423] [<ffffffffa04d3e26>] uvc_buffer_finish+0x26/0x30 [uvcvideo]
[ 2007.855426] [<ffffffffa04c978f>] vb2_dqbuf+0x25f/0x3e0 [videobuf2_core]
[ 2007.855431] [<ffffffffa04d4207>] ? uvc_dequeue_buffer+0x37/0x70 [uvcvideo]
[ 2007.855435] [<ffffffffa04d421a>] uvc_dequeue_buffer+0x4a/0x70 [uvcvideo]
[ 2007.855439] [<ffffffffa04d5e2c>] uvc_v4l2_do_ioctl+0xdfc/0x1320 [uvcvideo]
[ 2007.855444] [<ffffffffa04a953c>] video_usercopy+0x17c/0x570 [videodev]
[ 2007.855447] [<ffffffff81174375>] ? might_fault+0xa5/0xb0
[ 2007.855451] [<ffffffffa04d5030>] ? uvc_v4l2_open+0x140/0x140 [uvcvideo]
[ 2007.855455] [<ffffffffa04d4779>] uvc_v4l2_ioctl+0x29/0x70 [uvcvideo]
[ 2007.855460] [<ffffffffa04a8353>] v4l2_ioctl+0xc3/0x170 [videodev]
[ 2007.855463] [<ffffffff811d0169>] do_vfs_ioctl+0x99/0x5a0
[ 2007.855466] [<ffffffff811bd440>] ? fget_light+0xf0/0x4a0
[ 2007.855469] [<ffffffff811bd3b2>] ? fget_light+0x62/0x4a0
[ 2007.855472] [<ffffffff811d0709>] sys_ioctl+0x99/0xa0
[ 2007.855475] [<ffffffff816a6d29>] system_call_fastpath+0x16/0x1b
[ 2007.855488] note: plugin-containe[3337] exited with preempt_count 1

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Chanho Min: "[PATCH] amba-pl011â/dma: Add check for the residue in DMA callback"
Previous message: Linus Torvalds: "Re: [PATCH 0/2] More i387 state save/restore work"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]