Ubuntu
linux package

06f8:3002 BUG: unable to handle kernel NULL pointer dereference at 0000000000000050; RIP: 0010:[<ffffffffa046ada1>] [<ffffffffa046ada1>] v4l2_ctrl_g_ctrl+0x11/0x60 [videodev]

Bug #1173723 reported by SlavikZ
10
This bug affects 1 person
Affects Status Importance Assigned to Milestone
linux (Ubuntu)
Fix Released
Medium
Unassigned

Bug Description

After update to 13.04 when I connecting my Hercules Blog Webcam, I got kernel oops. This camera was working OK in 12.10 with latest linux-image-3.8.0-19-generic kernel.

Commit bisect revealed the regression at:
-------------------------
1bd7d6adc691993206cf7dd69f1aaf8dccb06677 is the first bad commit
commit 1bd7d6adc691993206cf7dd69f1aaf8dccb06677
Author: Antonio Ospite <email address hidden>
Date: Wed May 16 18:42:46 2012 -0300

    [media] gspca_ov534: Convert to the control framework

    Signed-off-by: Antonio Ospite <email address hidden>
    Signed-off-by: Hans de Goede <email address hidden>
    Signed-off-by: Mauro Carvalho Chehab <email address hidden>

:040000 040000 81bb6d86a59d2fca15fea4d43a8abe34354cf69e 6b7c2077ae5d8bdea32864841b5cd14149c6a44a M drivers
-------------------------

Here is the error stacktrace:
Apr 26 23:01:31 ZHOME kernel: [ 430.706302] usb 3-1: new high-speed USB device number 2 using xhci_hcd
Apr 26 23:01:31 ZHOME kernel: [ 430.724458] usb 3-1: New USB device found, idVendor=06f8, idProduct=3002
Apr 26 23:01:31 ZHOME kernel: [ 430.724462] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=0
Apr 26 23:01:31 ZHOME kernel: [ 430.724465] usb 3-1: Product: Hercules Blog Microphone
Apr 26 23:01:31 ZHOME kernel: [ 430.724467] usb 3-1: Manufacturer: Hercules Blog Webcam
Apr 26 23:01:31 ZHOME mtp-probe: checking bus 3, device 2: "/sys/devices/pci0000:00/0000:00:14.0/usb3/3-1"
Apr 26 23:01:31 ZHOME mtp-probe: bus: 3, device: 2 was not an MTP device
Apr 26 23:01:31 ZHOME kernel: [ 430.737089] Linux video capture interface: v2.00
Apr 26 23:01:31 ZHOME kernel: [ 430.739566] gspca_main: v2.14.0 registered
Apr 26 23:01:31 ZHOME kernel: [ 430.741319] gspca_main: ov534-2.14.0 probing 06f8:3002
Apr 26 23:01:33 ZHOME kernel: [ 433.522117] BUG: unable to handle kernel NULL pointer dereference at 0000000000000050
Apr 26 23:01:33 ZHOME kernel: [ 433.522169] IP: [<ffffffffa046ada1>] v4l2_ctrl_g_ctrl+0x11/0x60 [videodev]
Apr 26 23:01:33 ZHOME kernel: [ 433.522213] PGD 0
Apr 26 23:01:33 ZHOME kernel: [ 433.522227] Oops: 0000 [#1] SMP
Apr 26 23:01:33 ZHOME kernel: [ 433.522251] Modules linked in: gspca_ov534(+) gspca_main videodev vmnet(OF) vsock(OF) vmci(OF) vmmon(OF) rfcomm parport_pc(F) ppdev(F) bnep bluetooth binfmt_misc(F) snd_hda_codec_hdmi snd_hda_codec_realtek stir4200 irda(F) crc_ccitt(F) usblp kvm_intel snd_hda_intel snd_hda_codec kvm snd_hwdep(F) snd_pcm(F) ghash_clmulni_intel(F) snd_page_alloc(F) aesni_intel(F) snd_seq_midi(F) snd_seq_midi_event(F) aes_x86_64(F) xts(F) lrw(F) gf128mul(F) ablk_helper(F) cryptd(F) snd_rawmidi(F) hid_generic snd_seq(F) usbhid psmouse(F) hid snd_seq_device(F) snd_timer(F) snd(F) microcode(F) serio_raw(F) soundcore(F) alx lpc_ich mdio i915 mei drm_kms_helper video(F) drm i2c_algo_bit mac_hid coretemp lp(F) parport(F) firewire_ohci firewire_core crc_itu_t(F) ahci(F) libahci(F) r8169
Apr 26 23:01:33 ZHOME kernel: [ 433.522709] CPU 3
Apr 26 23:01:33 ZHOME kernel: [ 433.522724] Pid: 5284, comm: modprobe Tainted: GF O 3.8.0-19-generic #29-Ubuntu Gigabyte Technology Co., Ltd. To be filled by O.E.M./Z77-DS3H
Apr 26 23:01:33 ZHOME kernel: [ 433.522787] RIP: 0010:[<ffffffffa046ada1>] [<ffffffffa046ada1>] v4l2_ctrl_g_ctrl+0x11/0x60 [videodev]
Apr 26 23:01:33 ZHOME kernel: [ 433.522837] RSP: 0018:ffff88011efabb88 EFLAGS: 00010296
Apr 26 23:01:33 ZHOME kernel: [ 433.522864] RAX: 0000000000000001 RBX: 0000000000000000 RCX: 00000001820001c0
Apr 26 23:01:33 ZHOME kernel: [ 433.522897] RDX: 00000001820001c1 RSI: 00000000820001c0 RDI: 0000000000000000
Apr 26 23:01:33 ZHOME kernel: [ 433.522931] RBP: ffff88011efabba8 R08: 0000000000000000 R09: 0000000000000001
Apr 26 23:01:33 ZHOME kernel: [ 433.522965] R10: ffffea0007f734c0 R11: ffffffff814fd2a2 R12: ffffffffa03273fc
Apr 26 23:01:33 ZHOME kernel: [ 433.522998] R13: 00000000ffffffff R14: 0000000000000000 R15: ffff8801eabfb430
Apr 26 23:01:33 ZHOME kernel: [ 433.523033] FS: 00007fb6ab739740(0000) GS:ffff88021f380000(0000) knlGS:0000000000000000
Apr 26 23:01:33 ZHOME kernel: [ 433.523071] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
Apr 26 23:01:33 ZHOME kernel: [ 433.523098] CR2: 0000000000000050 CR3: 00000001d02d1000 CR4: 00000000001407e0
Apr 26 23:01:33 ZHOME kernel: [ 433.523132] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
Apr 26 23:01:33 ZHOME kernel: [ 433.523166] DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000400
Apr 26 23:01:33 ZHOME kernel: [ 433.523201] Process modprobe (pid: 5284, threadinfo ffff88011efaa000, task ffff8801fdecae80)
Apr 26 23:01:33 ZHOME kernel: [ 433.523240] Stack:
Apr 26 23:01:33 ZHOME kernel: [ 433.523251] ffffffffa0325424 ffff8801557b1000 ffffffffa03273fc ffff8801557b1000
Apr 26 23:01:33 ZHOME kernel: [ 433.523295] ffff88011efabbd8 ffffffffa0326696 ffffffffa0327510 00000000ffffffff
Apr 26 23:01:33 ZHOME kernel: [ 433.523338] ffff8801557b1000 ffff8801557b1000 ffff88011efabc00 ffffffffa032696d
Apr 26 23:01:33 ZHOME kernel: [ 433.523381] Call Trace:
Apr 26 23:01:33 ZHOME kernel: [ 433.523399] [<ffffffffa0325424>] ? sccb_w_array+0x34/0x80 [gspca_ov534]
Apr 26 23:01:33 ZHOME kernel: [ 433.523434] [<ffffffffa0326696>] sd_start+0xd6/0x250 [gspca_ov534]
Apr 26 23:01:33 ZHOME kernel: [ 433.523467] [<ffffffffa032696d>] sd_init+0x15d/0x19c [gspca_ov534]
Apr 26 23:01:33 ZHOME kernel: [ 433.523500] [<ffffffffa043df46>] gspca_dev_probe2+0x336/0x640 [gspca_main]
Apr 26 23:01:33 ZHOME kernel: [ 433.523535] [<ffffffffa043e282>] gspca_dev_probe+0x32/0x60 [gspca_main]
Apr 26 23:01:33 ZHOME kernel: [ 433.523569] [<ffffffffa0325081>] sd_probe+0x21/0x30 [gspca_ov534]
Apr 26 23:01:33 ZHOME kernel: [ 433.523602] [<ffffffff8150095d>] usb_probe_interface+0x1ad/0x270
Apr 26 23:01:33 ZHOME kernel: [ 433.523635] [<ffffffff814556c7>] driver_probe_device+0x77/0x230
Apr 26 23:01:33 ZHOME kernel: [ 433.523666] [<ffffffff8145592b>] __driver_attach+0xab/0xb0
Apr 26 23:01:33 ZHOME kernel: [ 433.523695] [<ffffffff81455880>] ? driver_probe_device+0x230/0x230
Apr 26 23:01:33 ZHOME kernel: [ 433.523727] [<ffffffff814539dd>] bus_for_each_dev+0x5d/0xa0
Apr 26 23:01:33 ZHOME kernel: [ 433.523757] [<ffffffff814551ce>] driver_attach+0x1e/0x20
Apr 26 23:01:33 ZHOME kernel: [ 433.523784] [<ffffffff81454da0>] bus_add_driver+0x190/0x280
Apr 26 23:01:33 ZHOME kernel: [ 433.523815] [<ffffffff81455ff7>] driver_register+0x77/0x170
Apr 26 23:01:33 ZHOME kernel: [ 433.523844] [<ffffffff814ff32e>] usb_register_driver+0x8e/0x160
Apr 26 23:01:33 ZHOME kernel: [ 433.523877] [<ffffffffa033d000>] ? 0xffffffffa033cfff
Apr 26 23:01:33 ZHOME kernel: [ 433.523905] [<ffffffffa033d01e>] sd_driver_init+0x1e/0x1000 [gspca_ov534]
Apr 26 23:01:33 ZHOME kernel: [ 433.523940] [<ffffffff8100215a>] do_one_initcall+0x12a/0x180
Apr 26 23:01:33 ZHOME kernel: [ 433.523973] [<ffffffff810bfec7>] load_module+0x10c7/0x1520
Apr 26 23:01:33 ZHOME kernel: [ 433.524002] [<ffffffff810bb830>] ? unset_module_init_ro_nx+0x80/0x80
Apr 26 23:01:33 ZHOME kernel: [ 433.524036] [<ffffffff810c03e5>] sys_init_module+0xc5/0xf0
Apr 26 23:01:33 ZHOME kernel: [ 433.524067] [<ffffffff816d379d>] system_call_fastpath+0x1a/0x1f
Apr 26 23:01:33 ZHOME kernel: [ 433.524096] Code: 72 09 00 00 48 c7 c7 e8 50 47 a0 e8 aa da be e0 eb cf 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 55 48 89 e5 53 48 89 fb 48 83 ec 18 <8b> 47 50 83 e8 05 83 f8 02 77 09 80 b8 00 1a 47 a0 00 74 1d 48
Apr 26 23:01:33 ZHOME kernel: [ 433.524352] RIP [<ffffffffa046ada1>] v4l2_ctrl_g_ctrl+0x11/0x60 [videodev]
Apr 26 23:01:33 ZHOME kernel: [ 433.524392] RSP <ffff88011efabb88>
Apr 26 23:01:33 ZHOME kernel: [ 433.524409] CR2: 0000000000000050
Apr 26 23:01:33 ZHOME kernel: [ 433.540985] ---[ end trace 85e41a22106076c7 ]---
Apr 26 23:01:33 ZHOME udevd[5282]: '/sbin/modprobe -bv usb:v06F8p3002d0100dc00dsc00dp00ic01isc02ip00in02' [5284] terminated by signal 9 (Killed)
Apr 26 23:02:32 ZHOME udevd[583]: timeout: killing '/sbin/modprobe -bv usb:v06F8p3002d0100dc00dsc00dp00icFFisc00ip00in00' [5290]
Apr 26 23:02:32 ZHOME udevd[584]: timeout: killing '/sbin/modprobe -bv usb:v06F8p3002d0100dc00dsc00dp00ic01isc01ip00in01' [5283]
Apr 26 23:02:32 ZHOME udevd[583]: '/sbin/modprobe -bv usb:v06F8p3002d0100dc00dsc00dp00icFFisc00ip00in00' [5290] terminated by signal 9 (Killed)
Apr 26 23:02:32 ZHOME udevd[584]: '/sbin/modprobe -bv usb:v06F8p3002d0100dc00dsc00dp00ic01isc01ip00in01' [5283] terminated by signal 9 (Killed)
Apr 26 23:03:46 ZHOME kernel: [ 565.748695] usb 3-1: USB disconnect, device number 2
---
ApportVersion: 2.9.2-0ubuntu8
Architecture: amd64
AudioDevicesInUse:
 USER PID ACCESS COMMAND
 /dev/snd/controlC0: slavik 1908 F.... pulseaudio
CRDA: Error: command ['iw', 'reg', 'get'] failed with exit code 1: nl80211 not found.
DistroRelease: Ubuntu 13.04
HibernationDevice: RESUME=UUID=081f61a7-906d-4620-a633-a163ec180e52
InstallationDate: Installed on 2012-12-23 (125 days ago)
InstallationMedia: Ubuntu 12.10 "Quantal Quetzal" - Release amd64 (20121017.5)
MachineType: Gigabyte Technology Co., Ltd. To be filled by O.E.M.
MarkForUpload: True
Package: linux (not installed)
ProcFB: 0 inteldrmfb
ProcKernelCmdLine: BOOT_IMAGE=/boot/vmlinuz-3.8.0-19-generic root=UUID=b93e0bf2-feef-48d4-8d48-c476c7bf6d5a ro quiet splash vt.handoff=7
ProcVersionSignature: Ubuntu 3.8.0-19.29-generic 3.8.8
RelatedPackageVersions:
 linux-restricted-modules-3.8.0-19-generic N/A
 linux-backports-modules-3.8.0-19-generic N/A
 linux-firmware 1.106
RfKill:

Tags: raring
Uname: Linux 3.8.0-19-generic x86_64
UpgradeStatus: Upgraded to raring on 2013-04-26 (1 days ago)
UserGroups: adm cdrom dip lp lpadmin plugdev sambashare sudo
WifiSyslog:

dmi.bios.date: 09/19/2012
dmi.bios.vendor: American Megatrends Inc.
dmi.bios.version: F9
dmi.board.asset.tag: To be filled by O.E.M.
dmi.board.name: Z77-DS3H
dmi.board.vendor: Gigabyte Technology Co., Ltd.
dmi.board.version: x.x
dmi.chassis.asset.tag: To Be Filled By O.E.M.
dmi.chassis.type: 3
dmi.chassis.vendor: Gigabyte Technology Co., Ltd.
dmi.chassis.version: To Be Filled By O.E.M.
dmi.modalias: dmi:bvnAmericanMegatrendsInc.:bvrF9:bd09/19/2012:svnGigabyteTechnologyCo.,Ltd.:pnTobefilledbyO.E.M.:pvrTobefilledbyO.E.M.:rvnGigabyteTechnologyCo.,Ltd.:rnZ77-DS3H:rvrx.x:cvnGigabyteTechnologyCo.,Ltd.:ct3:cvrToBeFilledByO.E.M.:
dmi.product.name: To be filled by O.E.M.
dmi.product.version: To be filled by O.E.M.
dmi.sys.vendor: Gigabyte Technology Co., Ltd.

See original description
Revision history for this message
SlavikZ (slavikz) wrote : AlsaInfo.txt

apport information

tags: added: apport-collected raring
description: updated
Revision history for this message
SlavikZ (slavikz) wrote : BootDmesg.txt

apport information

Revision history for this message
SlavikZ (slavikz) wrote : CurrentDmesg.txt

apport information

Revision history for this message
SlavikZ (slavikz) wrote : HookError_cloud_archive.txt

apport information

Revision history for this message
SlavikZ (slavikz) wrote : IwConfig.txt

apport information

Revision history for this message
SlavikZ (slavikz) wrote : Lspci.txt

apport information

Revision history for this message
SlavikZ (slavikz) wrote : Lsusb.txt

apport information

Revision history for this message
SlavikZ (slavikz) wrote : ProcCpuinfo.txt

apport information

Revision history for this message
SlavikZ (slavikz) wrote : ProcEnviron.txt

apport information

Revision history for this message
SlavikZ (slavikz) wrote : ProcInterrupts.txt

apport information

Revision history for this message
SlavikZ (slavikz) wrote : ProcModules.txt

apport information

Revision history for this message
SlavikZ (slavikz) wrote : PulseList.txt

apport information

Revision history for this message
SlavikZ (slavikz) wrote : UdevDb.txt

apport information

Revision history for this message
SlavikZ (slavikz) wrote : UdevLog.txt

apport information

Changed in linux (Ubuntu):
status: New → Confirmed
Revision history for this message
Joseph Salisbury (jsalisbury) wrote : Re: Kernel oops when connecting web camera

Would it be possible for you to test the latest upstream kernel? Refer to https://wiki.ubuntu.com/KernelMainlineBuilds . Please test the latest v3.9 kernel[0].

If this bug is fixed in the mainline kernel, please add the following tag 'kernel-fixed-upstream'.

If the mainline kernel does not fix this bug, please add the tag: 'kernel-bug-exists-upstream'.

If you are unable to test the mainline kernel, for example it will not boot, please add the tag: 'kernel-unable-to-test-upstream'.
Once testing of the upstream kernel is complete, please mark this bug as "Confirmed".

Thanks in advance.

[0] http://kernel.ubuntu.com/~kernel-ppa/mainline/v3.9-raring/

Changed in linux (Ubuntu):
importance: Undecided → Medium
status: Confirmed → Incomplete
SlavikZ (slavikz)
tags: added: kernel-bug-exists-upstream
Revision history for this message
SlavikZ (slavikz) wrote :

The bug is exists in upstream kernel too. I've add kernel-bug-exists-upstream tag.

I also try to make gspca_ov534.ko kernel module for both 3.8 and 3.9 kernels with ov534.c file taken from linux_3.5.0.orig.tar.gz file - in this case the web camera works OK with both 3.8 and 3.9 kernels.

Changed in linux (Ubuntu):
status: Incomplete → Confirmed
Revision history for this message
SlavikZ (slavikz) wrote :

I've changed the gspca_ov534 module source (ov534.c) from the original 3.8 kernel and added some addintional null checks in sd_start function and the extensive logging to it. With those changes my webcam is working OK.
I'm attaching my test version of drivers/media/usb/gspca/ov534.c file.

Revision history for this message
SlavikZ (slavikz) wrote :

Here is my kernel log for the test version I've posted above.
As far as I can see, sd_start function is called each time when some application wants to access the video device, but when it is called the first time (when a usb cable was insterted), sd struct is almost empty and without null check this leads to kernel oops.

Revision history for this message
SlavikZ (slavikz) wrote :

Here is my patched version of gspca_ov534 module

Ubuntu Foundations Team Bug Bot (crichton)
tags: added: patch
Revision history for this message
penalvch (penalvch) wrote :

SlavikZ, could you please test the newest mainline kernel via http://kernel.ubuntu.com/~kernel-ppa/mainline/v3.11-rc2-saucy/ ?

tags: added: needs-upstream-testing regression-release
tags: added: latest-bios-f9
Changed in linux (Ubuntu):
status: Confirmed → Incomplete
Revision history for this message
SlavikZ (slavikz) wrote :

I've test it with 3.11.0-031100rc2 kernel, OOPS is still exist.

Changed in linux (Ubuntu):
status: Incomplete → Confirmed
Revision history for this message
penalvch (penalvch) wrote :

SlavikZ, thank you for testing the newest mainline kernel. The next step would be to identify the specific commit that caused this problem. Could you please do this following https://wiki.ubuntu.com/Kernel/KernelBisection ?

tags: added: kernel-bug-exists-upstream-v3.11-rc2
removed: needs-upstream-testing
Changed in linux (Ubuntu):
status: Confirmed → Incomplete
tags: added: needs-bisect
Revision history for this message
SlavikZ (slavikz) wrote :
Download full text (3.2 KiB)

Here is the bisect result:
-------------------------
1bd7d6adc691993206cf7dd69f1aaf8dccb06677 is the first bad commit
commit 1bd7d6adc691993206cf7dd69f1aaf8dccb06677
Author: Antonio Ospite <email address hidden>
Date: Wed May 16 18:42:46 2012 -0300

    [media] gspca_ov534: Convert to the control framework

    Signed-off-by: Antonio Ospite <email address hidden>
    Signed-off-by: Hans de Goede <email address hidden>
    Signed-off-by: Mauro Carvalho Chehab <email address hidden>

:040000 040000 81bb6d86a59d2fca15fea4d43a8abe34354cf69e 6b7c2077ae5d8bdea32864841b5cd14149c6a44a M drivers
-------------------------

Here is the full bisect log:
----------------------------
git bisect log
git bisect start
# good: [28a33cbc24e4256c143dce96c7d93bf423229f92] Linux 3.5
git bisect good 28a33cbc24e4256c143dce96c7d93bf423229f92
# bad: [a0d271cbfed1dd50278c6b06bead3d00ba0a88f9] Linux 3.6
git bisect bad a0d271cbfed1dd50278c6b06bead3d00ba0a88f9
# good: [b13bc8dda81c54a66a1c84e66f60b8feba659f28] Merge tag 'staging-3.6-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/staging
git bisect good b13bc8dda81c54a66a1c84e66f60b8feba659f28
# bad: [991b3137f21e13db4711f313edbe67d49bed795b] [media] media: soc_camera: don't clear pix->sizeimage in JPEG mode
git bisect bad 991b3137f21e13db4711f313edbe67d49bed795b
# good: [6f51f51582e793ea13e7de7ed6b138f71c51784b] Merge branch 'for-linus-for-3.6-rc1' of git://git.linaro.org/people/mszyprowski/linux-dma-mapping
git bisect good 6f51f51582e793ea13e7de7ed6b138f71c51784b
# good: [27c1ee3f929555b71fa39ec0d81a7e7185de1b16] Merge branch 'akpm' (Andrew's patch-bomb)
git bisect good 27c1ee3f929555b71fa39ec0d81a7e7185de1b16
# good: [cc8362b1f6d724e46f515121d442779924b19fec] Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/sage/ceph-client
git bisect good cc8362b1f6d724e46f515121d442779924b19fec
# good: [6dbb35b0a74b44b2a48a5373d48074c5aa69fdf5] Merge tag 'nfs-for-3.6-2' of git://git.linux-nfs.org/projects/trondmy/linux-nfs
git bisect good 6dbb35b0a74b44b2a48a5373d48074c5aa69fdf5
# bad: [c2d430af08f38a0b3145c3b60381146b8ac88c88] [media] s5p-fimc: Remove V4L2_FL_LOCK_ALL_FOPS flag
git bisect bad c2d430af08f38a0b3145c3b60381146b8ac88c88
# bad: [ac3322b0d400fdbab410ab80f26a501c2e169e5d] [media] gspca: clear priv field and disable relevant ioctls
git bisect bad ac3322b0d400fdbab410ab80f26a501c2e169e5d
# bad: [3e0ed00903e1904112108135c18b1918386457aa] [media] gspca-mr97310a: convert to the control framework
git bisect bad 3e0ed00903e1904112108135c18b1918386457aa
# good: [74233cd7c3cd670404db90eaac20f8d6c64d6e84] [media] gspca_pac7302: Convert to the control framework
git bisect good 74233cd7c3cd670404db90eaac20f8d6c64d6e84
# bad: [1bd7d6adc691993206cf7dd69f1aaf8dccb06677] [media] gspca_ov534: Convert to the control framework
git bisect bad 1bd7d6adc691993206cf7dd69f1aaf8dccb06677
# good: [9153ac3ba4bccfdccb43e765cf1cf9bd9e65e657] [media] gscpa_sonixb: Convert to the control framework
git bisect good 9153ac3ba4bccfdccb43e765cf1cf9bd9e65e657
# good: [463023b06206863b3d7ecdd1faf20fa4c24af3c8] [media] gspca_kinect: remove traces of the gspca control mechanism
git bisect good 463023b06206863b3d7e...

Read more...

Changed in linux (Ubuntu):
status: Incomplete → Confirmed
Revision history for this message
penalvch (penalvch) wrote : Re: BUG: unable to handle kernel NULL pointer dereference at 0000000000000050; RIP: 0010:[<ffffffffa046ada1>] [<ffffffffa046ada1>] v4l2_ctrl_g_ctrl+0x11/0x60 [videodev]

SlavikZ, thank you for commit bisecting the kernel. Could you please boot into a Live environment of Quantal via http://releases.ubuntu.com/quantal/ , unplug all USB devices, plug in just the Hercules Blog Webcam, and then immediately execute the following in a terminal and attach the results:
lsusb -v > lsusb-v.log

summary: - Kernel oops when connecting web camera
+ BUG: unable to handle kernel NULL pointer dereference at
+ 0000000000000050; RIP: 0010:[<ffffffffa046ada1>] [<ffffffffa046ada1>]
+ v4l2_ctrl_g_ctrl+0x11/0x60 [videodev]
tags: added: bisect-done
removed: needs-bisect
Changed in linux (Ubuntu):
status: Confirmed → Incomplete
Revision history for this message
SlavikZ (slavikz) wrote :

Here is "lsusb -v" result

Changed in linux (Ubuntu):
status: Incomplete → Confirmed
Revision history for this message
penalvch (penalvch) wrote :

SlavikZ, the issue you are reporting is an upstream one. Could you please report this problem through the appropriate channel by following the instructions _verbatim_ at https://wiki.ubuntu.com/Bugs/Upstream/kernel#KernelTeam.2BAC8-KernelTeamBugPolicies.Overview_on_Reporting_Bugs_Upstream ?

Thank you for your understanding.

Helpful bug reporting tips:
https://help.ubuntu.com/community/ReportingBugs

summary: - BUG: unable to handle kernel NULL pointer dereference at
+ 06f8:3002 BUG: unable to handle kernel NULL pointer dereference at
0000000000000050; RIP: 0010:[<ffffffffa046ada1>] [<ffffffffa046ada1>]
v4l2_ctrl_g_ctrl+0x11/0x60 [videodev]
description: updated
Revision history for this message
SlavikZ (slavikz) wrote : [Regression 3.5->3.6, bisected] gspca_ov534: kernel oops when connecting Hercules Blog Webcam
Download full text (7.0 KiB)

Hi!

After update from 3.5 kernel to newer version I got kernel oops when I
connect my Hercules Blog Webcam. The full error stacktrace is at the end
of this e-mail.

Commit bisect revealed the regression at:
-------------------------
1bd7d6adc691993206cf7dd69f1aaf8dccb06677 is the first bad commit
commit 1bd7d6adc691993206cf7dd69f1aaf8dccb06677
Author: Antonio Ospite <ospite@xxxxxxxxxxxx>
Date: Wed May 16 18:42:46 2012 -0300

     [media] gspca_ov534: Convert to the control framework

     Signed-off-by: Antonio Ospite <ospite@xxxxxxxxxxxx>
     Signed-off-by: Hans de Goede <hdegoede@xxxxxxxxxxxx>
     Signed-off-by: Mauro Carvalho Chehab <mchehab@xxxxxxxxxxxx>

:040000 040000 81bb6d86a59d2fca15fea4d43a8abe34354cf69e
6b7c2077ae5d8bdea32864841b5cd14149c6a44a M drivers
-------------------------

I also try to change the gspca_ov534 module source (ov534.c) from the
3.8 kernel and added some additional null checks in sd_start function
and add the extensive logging to it. With those changes my webcam is
working OK. As far as I can see, sd_start function is called couple of
times, but when it is called the first time (when a usb cable was
inserted), sd struct is almost empty and without null check this leads
to kernel oops. Here is the part of test version log when sd_start was
called first time:

sd_start: NO sd->hue!
sd_start: NO sd->saturation!
sd_start: NO sd->autogain!
sd_start: NO sd->autowhitebalance!
sd_start: NO sd->autoexposure!
sd_start: NO sd->gain!
sd_start: NO sd->exposure!
sd_start: NO sd->brightness!
sd_start: NO sd->contrast!
sd_start: NO sd->sharpness!
sd_start: NO sd->hflip and sd->vflip!
sd_start: NO sd->plfreq!

Additional info can be found here:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1173723/

Here is the error stacktrace:
kernel: [ 52.679705] usb 3-2: new high-speed USB device number 2 using
xhci_hcd
kernel: [ 52.697906] usb 3-2: New USB device found, idVendor=06f8,
idProduct=3002
kernel: [ 52.697910] usb 3-2: New USB device strings: Mfr=1,
Product=2, SerialNumber=0
kernel: [ 52.697912] usb 3-2: Product: Hercules Blog Microphone
kernel: [ 52.697914] usb 3-2: Manufacturer: Hercules Blog Webcam
kernel: [ 52.708983] Linux video capture interface: v2.00
kernel: [ 52.710778] gspca_main: v2.14.0 registered
kernel: [ 52.712210] gspca_main: ov534-2.14.0 probing 06f8:3002
kernel: [ 55.506311] BUG: unable to handle kernel NULL pointer
dereference at 0000000000000050
kernel: [ 55.506367] IP: [<ffffffffa03c1b01>]
v4l2_ctrl_g_ctrl+0x11/0x60 [videodev]
kernel: [ 55.506414] PGD 0
kernel: [ 55.506429] Oops: 0000 [#1] SMP
kernel: [ 55.506453] Modules linked in: gspca_ov534(+) gspca_main
videodev rfcomm bnep ppdev bluetooth binfmt_misc snd_hda_codec_hdmi
snd_hda_codec_realtek stir4200 irda crc_ccitt usblp snd_hda_intel
snd_hda_codec snd_hwdep snd_pcm hid_generic snd_page_alloc snd_seq_midi
snd_seq_midi_event usbhid snd_rawmidi snd_seq snd_seq_device snd_timer
hid i915 snd psmouse drm_kms_helper serio_raw mei_me drm mei soundcore
video i2c_algo_bit lpc_ich mac_hid coretemp lp parport firewire_ohci
firewire_core crc_itu_t ahci libahci alx mdio r8169 mii [last unloaded:
parport_pc]
...

Read more...

Revision history for this message
penalvch (penalvch) wrote :

SlavikZ, could you please post a link to the archive containing your e-mail to the distrolist?

As well, if https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1173723/comments/28 is already been e-mailed out, it is not in the format requested of you from kernel.org developers and the Ubuntu community noted in https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1173723/comments/27 . This would be limiting your chances of a kernel maintainer addressing your e-mail, as the information a maintainer would want to see is not provided.

Revision history for this message
Antonio Ospite (ospite) wrote :

On Mon, 29 Jul 2013 12:16:53 +0300
Yaroslav Zakharuk <email address hidden> wrote:

> Hi!
>
> After update from 3.5 kernel to newer version I got kernel oops when I
> connect my Hercules Blog Webcam. The full error stacktrace is at the end
> of this e-mail.

Hi Yaroslav, I'll try to take a look this week-end.

[...]
> Additional info can be found here:
> https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1173723/

I saw you also tested with 3.11-rc2 kernel, and the issue is still
there: https://launchpadlibrarian.net/145608306/kern.log

Thanks,
   Antonio

--
Antonio Ospite
http://ao2.it

A: Because it messes up the order in which people normally read text.
   See http://en.wikipedia.org/wiki/Posting_style
Q: Why is top-posting such a bad thing?

Revision history for this message
Antonio Ospite (ospite) wrote : [PATCH RFC] [media] gspca-ov534: don't call sd_start() from sd_init()

---

Hi Yaroslav,

the patch below should fix the Oops caused by sd_start() called too early, but
I am not sure about why sd_start() was called from sd_init() for Hercules
webcams in the first place, maybe the snippet marked with:

  /* (from ms-win trace) */

in sd_start() must be moved to sd_init() too.

Let me know if the change below alone is enough and the webcam keeps working,
a test with suspend and resume would good to have too.

Thanks,
   Antonio

 drivers/media/usb/gspca/ov534.c | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/drivers/media/usb/gspca/ov534.c b/drivers/media/usb/gspca/ov534.c
index 2e28c81..03a33c4 100644
--- a/drivers/media/usb/gspca/ov534.c
+++ b/drivers/media/usb/gspca/ov534.c
@@ -1305,8 +1305,7 @@ static int sd_init(struct gspca_dev *gspca_dev)
  ov534_set_led(gspca_dev, 1);
  sccb_w_array(gspca_dev, sensor_init[sd->sensor].val,
    sensor_init[sd->sensor].len);
- if (sd->sensor == SENSOR_OV767x)
- sd_start(gspca_dev);
+
  sd_stopN(gspca_dev);
 /* set_frame_rate(gspca_dev); */

--
1.8.4.rc1

Revision history for this message
SlavikZ (slavikz) wrote :

Hi Antonio,
> Let me know if the change below alone is enough and the webcam keeps working,
> a test with suspend and resume would good to have too.
 I've tested your patch with the latest kernel (3.11.0-rc4) - the webcam
works OK. After suspend and resume, the webcam works OK too.

--
Bye, Yaroslav

Revision history for this message
Antonio Ospite (ospite) wrote : Re: [PATCH] [media] gspca-ov534: don't call sd_start() from sd_init()

On Tue, 20 Aug 2013 14:21:22 +0200
Hans de Goede <email address hidden> wrote:

> Hi,
>
> Thanks for the patch I've added this to my "gspca" tree, and this
> will be included in my next pull-request to Mauro for 3.12
>

Thanks HdG.

It's fine with me to have the patch in 3.12 and then have it picked up
for inclusion in stable releases, I was just wondering why you didn't
consider it as a fix for 3.11, the patch fixes an actual crash
experienced by a user.

Regards,
   Antonio

--
Antonio Ospite
http://ao2.it

A: Because it messes up the order in which people normally read text.
   See http://en.wikipedia.org/wiki/Posting_style
Q: Why is top-posting such a bad thing?

Revision history for this message
Chris J Arges (arges) wrote :

This bug was fixed in v3.12-rc1:

$ git tag --contains d48de1c73b41d27e3cc6e500eb9588449edb2f14
v3.12
v3.12-rc1

Therefore it is fixed in 3.13, 3.16 already.

Thanks for all the hard work in reporting and getting this bug fixed!

Changed in linux (Ubuntu):
status: Confirmed → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.