Bug 806433

Summary: [abrt] kernel: BUG: unable to handle kernel NULL pointer dereference at 0000000000000180
Product: [Fedora] Fedora Reporter: Paulo Fidalgo <paulo.fidalgo.pt>
Component: kernelAssignee: Mauro Carvalho Chehab <mchehab>
Status: CLOSED ERRATA QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: 16CC: artemio.silva, elad, gansalmon, ian.fleming.uk87, itamar, jonathan, jpeeler+redhat, kernel-maint, laurent.pinchart, luca.pellacani, lwang, madhu.chinakonda, M.Torro, Paul, rruban, sandeep, sinys
Target Milestone: ---   
Target Release: ---   
Hardware: x86_64   
OS: Unspecified   
Whiteboard: abrt_hash:7128bac961cdb76735bcce49cd298acb6bc149c9
Fixed In Version: kernel-2.6.43.2-6.fc15 Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2012-04-08 03:27:16 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Attachments:
Description Flags
Fix race-induced crash in uvc_video_clock_update() none

Description Paulo Fidalgo 2012-03-23 17:39:35 UTC 
libreport version: 2.0.8
abrt_version:   2.0.7
cmdline:        BOOT_IMAGE=/boot/vmlinuz-3.3.0-4.fc16.x86_64 root=UUID=513f4211-89cb-4b72-a792-9117a54b956e ro rd.md=0 rd.lvm=0 rd.dm=0 KEYTABLE=pt-latin1 quiet SYSFONT=latarcyrheb-sun16 rhgb rd.luks=0 LANG=en_US.UTF-8
comment:        I've just started on flash aplication on firefox which uses the video camera.
kernel:         3.3.0-4.fc16.x86_64
reason:         BUG: unable to handle kernel NULL pointer dereference at 0000000000000180
time:           Fri 23 Mar 2012 05:37:11 PM WET

backtrace:
:BUG: unable to handle kernel NULL pointer dereference at 0000000000000180
:IP: [<ffffffffa030632f>] uvc_video_clock_update+0x7f/0x400 [uvcvideo]
:PGD 1ecf25067 PUD 1fc4dd067 PMD 0 
:Oops: 0000 [#1] SMP 
:CPU 0 
:Modules linked in: ipt_MASQUERADE nf_nat_h323 nf_conntrack_h323 nf_nat_pptp nf_conntrack_pptp nf_conntrack_proto_gre nf_nat_proto_gre nf_nat_tftp nf_conntrack_tftp nf_nat_sip nf_conntrack_sip nf_nat_irc nf_conntrack_irc nf_nat_ftp nf_conntrack_ftp iptable_nat nf_nat nf_conntrack_ipv4 nf_defrag_ipv4 tcp_lp ppdev parport_pc lp parport 8021q fcoe garp stp llc libfcoe libfc scsi_transport_fc scsi_tgt rfcomm bnep ip6t_REJECT nf_conntrack_ipv6 nf_defrag_ipv6 ip6table_filter xt_state nf_conntrack ip6_tables sha256_generic dm_crypt tpm_infineon btusb snd_hda_codec_hdmi arc4 bluetooth iwlwifi snd_hda_codec_realtek snd_hda_intel snd_hda_codec snd_hwdep cdc_ncm usbnet snd_seq snd_seq_device mii iTCO_wdt iTCO_vendor_support snd_pcm e1000e uvcvideo cdc_wdm cdc_acm videobuf2_core videodev media v4l2_compat_ioctl32 videobuf2_vmalloc videobuf2_memops snd_timer toshiba_acpi sparse_keymap tpm_tis tpm microcode toshiba_bluetooth joydev snd soundcore mac80211 cfg80211 rfkill uinput tpm_
:bios snd_page_alloc usb_storage sdhci_pci sdhci mmc_core video radeon ttm drm_kms_helper drm i2c_algo_bit i2c_core [last unloaded: nf_defrag_ipv4]
:Pid: 16892, comm: plugin-containe Not tainted 3.3.0-4.fc16.x86_64 #1 TOSHIBA TECRA R840/Portable PC
:RIP: 0010:[<ffffffffa030632f>]  [<ffffffffa030632f>] uvc_video_clock_update+0x7f/0x400 [uvcvideo]
:RSP: 0018:ffff880139dffac8  EFLAGS: 00010002
:RAX: 00000000a43481d5 RBX: ffff88022dfbd000 RCX: 0000000000000000
:RDX: 000000000000000b RSI: 0000000000000020 RDI: ffff88022dfbd550
:RBP: ffff880139dffb98 R08: ffff8801867eea78 R09: 0000000000000000
:R10: 0000000000000752 R11: 0000000000000001 R12: 0000000000000180
:R13: ffff8801867eea78 R14: ffff88022dfbd550 R15: 00000000243481d5
:FS:  00007f6a2b34d700(0000) GS:ffff88023dc00000(0000) knlGS:0000000000000000
:CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
:CR2: 0000000000000180 CR3: 00000001fc29a000 CR4: 00000000000406f0
:DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
:DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000400
:Process plugin-containe (pid: 16892, threadinfo ffff880139dfe000, task ffff880167705cc0)
:Stack:
: 0000000000000000 ffff880167705cc0 0000000000000000 ffebebeb00000001
: ffff8801542e6700 00000000000000db ffebebeb00000000 ffff880139dffab8
: ffffffff81194390 dead000000100100 dead000000200200 ffff88022dfbd230
:Call Trace:
: [<ffffffff81194390>] ? __pollwait+0xf0/0xf0
: [<ffffffffa0301f66>] uvc_buffer_finish+0x26/0x30 [uvcvideo]
: [<ffffffffa02e373a>] vb2_dqbuf+0x23a/0x3c0 [videobuf2_core]
: [<ffffffffa02e2e47>] ? __fill_v4l2_buffer+0xe7/0x1a0 [videobuf2_core]
: [<ffffffffa02e30ce>] ? vb2_qbuf+0x1ce/0x2c0 [videobuf2_core]
: [<ffffffffa03022c8>] uvc_dequeue_buffer+0x48/0x70 [uvcvideo]
: [<ffffffffa0303df4>] uvc_v4l2_do_ioctl+0xd64/0x1290 [uvcvideo]
: [<ffffffffa02ca430>] video_usercopy+0x120/0x550 [videodev]
: [<ffffffffa0303090>] ? uvc_v4l2_open+0x130/0x130 [uvcvideo]
: [<ffffffff8126be84>] ? avc_has_perm_flags+0x74/0x90
: [<ffffffffa03027e9>] uvc_v4l2_ioctl+0x29/0x70 [uvcvideo]
: [<ffffffffa02c93db>] v4l2_ioctl+0xcb/0x160 [videodev]
: [<ffffffff81193498>] do_vfs_ioctl+0x98/0x550
: [<ffffffff811939e1>] sys_ioctl+0x91/0xa0
: [<ffffffff815fc029>] system_call_fastpath+0x16/0x1b
:Code: 83 40 05 00 00 31 d2 48 8b 8b 38 05 00 00 45 8b bf f0 02 00 00 41 89 c4 83 e8 01 f7 f6 49 c1 e4 05 41 8d 87 00 00 00 80 49 01 cc <41> 8b 34 24 41 89 d5 29 c6 49 c1 e5 05 49 01 cd 41 8b 7d 00 29 
:RIP  [<ffffffffa030632f>] uvc_video_clock_update+0x7f/0x400 [uvcvideo]
: RSP <ffff880139dffac8>
:CR2: 0000000000000180

smolt_data:
:
:
:General
:=================================
:UUID: 13d91974-2211-47b6-944e-d1941a98dd52
:OS: Fedora release 16 (Verne)
:Default run level: Unknown
:Language: en_US.UTF-8
:Platform: x86_64
:BogoMIPS: 4983.34
:CPU Vendor: GenuineIntel
:CPU Model: Intel(R) Core(TM) i5-2520M CPU @ 2.50GHz
:CPU Stepping: 7
:CPU Family: 6
:CPU Model Num: 42
:Number of CPUs: 4
:CPU Speed: 2501
:System Memory: 7936
:System Swap: 16383
:Vendor: TOSHIBA
:System: TECRA R840 PT429E-00X007EP
:Form factor: Notebook
:Kernel: 3.3.0-4.fc16.x86_64
:SELinux Enabled: 1
:SELinux Policy: targeted
:SELinux Enforce: Enforcing
:MythTV Remote: Unknown
:MythTV Role: Unknown
:MythTV Theme: Unknown
:MythTV Plugin: 
:MythTV Tuner: -1
:
:
:Devices
:=================================
:(4147:404:4473:1) pci, xhci_hcd, USB, uPD720200 USB 3.0 Host Controller
:(32902:7247:4473:1) pci, None, PCI/ISA, QM67 Express Chipset Family LPC Controller
:(32902:7188:4473:1) pci, pcieport, PCI/PCI, 6 Series/C200 Series Chipset Family PCI Express Root Port 3
:(32902:7171:4473:1) pci, ahci, STORAGE, 6 Series/C200 Series Chipset Family 6 port SATA AHCI Controller
:(32902:7184:4473:1) pci, pcieport, PCI/PCI, 6 Series/C200 Series Chipset Family PCI Express Root Port 1
:(32902:7186:4473:1) pci, pcieport, PCI/PCI, 6 Series/C200 Series Chipset Family PCI Express Root Port 2
:(32902:9288:4473:1) pci, None, PCI/PCI, 82801 Mobile PCI Bridge
:(32902:7192:4473:1) pci, pcieport, PCI/PCI, 6 Series/C200 Series Chipset Family PCI Express Root Port 5
:(32902:7200:4473:1) pci, snd_hda_intel, MULTIMEDIA, 6 Series/C200 Series Chipset Family High Definition Audio Controller
:(32902:5378:4473:1) pci, e1000e, ETHERNET, 82579LM Gigabit Network Connection
:(32902:7213:4473:1) pci, ehci_hcd, USB, 6 Series/C200 Series Chipset Family USB Enhanced Host Controller #2
:(4480:59427:4473:1) pci, sdhci-pci, BASE, N/A
:(32902:145:32902:20993) pci, iwlwifi, NETWORK, Centrino Advanced-N 6230 AGN
:(4098:26464:4473:4) pci, radeon, VIDEO, NI Seymour [AMD Radeon HD 6470M]
:(32902:7229:4473:1) pci, serial, 16550_SERIAL, 6 Series/C200 Series Chipset Family KT Controller
:(32902:7206:4473:1) pci, ehci_hcd, USB, 6 Series/C200 Series Chipset Family USB Enhanced Host Controller #1
:(32902:260:4473:1) pci, None, HOST/PCI, 2nd Generation Core Processor Family DRAM Controller
:(32902:7226:4473:1) pci, None, SIMPLE, 6 Series/C200 Series Chipset Family MEI Controller #1
:(4098:43672:4473:1) pci, snd_hda_intel, MULTIMEDIA, NI Caicos HDMI Audio [AMD RADEON HD 6450]
:(32902:7194:4473:1) pci, pcieport, PCI/PCI, 6 Series/C200 Series Chipset Family PCI Express Root Port 6
:(32902:257:4473:1) pci, pcieport, PCI/PCI, Xeon E3-1200/2nd Generation Core Processor Family PCI Express Root Port
:
:
:Filesystem Information
:=================================
:device mtpt type bsize frsize blocks bfree bavail file ffree favail
:-------------------------------------------------------------------
:/dev/sda5 / ext4 4096 4096 7855238 4653844 4575224 1966080 1720630 1720630
:/dev/mapper/disk WITHHELD ext4 4096 4096 85086045 42968963 38709868 21299200 21051496 21051496
:/dev/mapper/home /home ext4 4096 4096 4983605 1868325 1618340 1250928 1145845 1145845
:/dev/sdb1 WITHHELD ext3 4096 4096 76909378 36197130 32290022 19537920 19413973 19413973
:
Comment 1 Elad Alfassa 2012-03-25 17:12:52 UTC 
Used tumblr's build in webcam thingy (flash based) to take a picture.

Package: kernel
OS Release: Fedora release 16 (Verne)
Comment 2 Ian Fleming 2012-03-25 20:06:04 UTC 
http://krazydad.com/asciicam/asciicam.swf

and it happend's again when i try to copy da link
Comment 3 Josh Boyer 2012-03-26 20:31:55 UTC 
*** Bug 806578 has been marked as a duplicate of this bug. ***
Comment 4 Josh Boyer 2012-03-26 20:34:44 UTC 
Mauro, Laurent, any ideas on this one?
Comment 5 Laurent Pinchart 2012-03-27 08:59:46 UTC 
Created attachment 572981 [details]
Fix race-induced crash in uvc_video_clock_update()

(In reply to comment #4)
> Mauro, Laurent, any ideas on this one?

Ouch. I've been able to reproduce the problem. Could you please try this patch ?
Comment 6 Josh Boyer 2012-03-27 13:14:14 UTC 
I've started a scratch build with the patch from comment #5.  Please test this when it completes and let us know if the problem is solved.

http://koji.fedoraproject.org/koji/taskinfo?taskID=3936407
Comment 7 Luca Pellacani 2012-03-28 10:26:48 UTC 
OpenMeetings - testing the Setup of audioinput source and webcam 

Package: kernel
OS Release: Fedora release 16 (Verne)
Comment 8 Luca Pellacani 2012-03-28 10:49:25 UTC 
Change V4L device form Flash-properties

Package: kernel
OS Release: Fedora release 16 (Verne)
Comment 9 Luca Pellacani 2012-03-28 15:09:31 UTC 
Start UP a WebCam on OpenMeetings FlashBased webapps

Package: kernel
OS Release: Fedora release 16 (Verne)
Comment 10 Luca Pellacani 2012-03-29 13:02:33 UTC 
WebCam streaming using Flash ...

Package: kernel
OS Release: Fedora release 16 (Verne)
Comment 11 Josh Boyer 2012-03-30 13:56:25 UTC 
*** Bug 803720 has been marked as a duplicate of this bug. ***
Comment 12 Josh Boyer 2012-03-30 13:56:35 UTC 
*** Bug 808262 has been marked as a duplicate of this bug. ***
Comment 13 ranjith ruban 2012-03-31 19:32:51 UTC 
When using webcam..

Package: kernel
OS Release: Fedora release 16 (Verne)
Comment 14 ranjith ruban 2012-03-31 22:25:20 UTC 
patched
kernel in comment #6 solved the crash with the module 

Thanks 
Ranjith Ruban
Comment 15 Laurent Pinchart 2012-04-02 09:20:17 UTC 
(In reply to comment #14)
> patched kernel in comment #6 solved the crash with the module

Thank you for the report. I've sent a pull request for v3.4 and asked the patch to be backported to the stable kernel series.
Comment 16 Josh Boyer 2012-04-03 16:51:22 UTC 
(In reply to comment #15)
> (In reply to comment #14)
> > patched kernel in comment #6 solved the crash with the module
> 
> Thank you for the report. I've sent a pull request for v3.4 and asked the patch
> to be backported to the stable kernel series.

I'll get this into Fedora in the meantime.
Comment 17 Josh Boyer 2012-04-03 16:55:25 UTC 
*** Bug 809544 has been marked as a duplicate of this bug. ***
Comment 18 Josh Boyer 2012-04-03 17:58:40 UTC 
Fixed in Fedora git.  It will be in the next builds of all the various branches.
Comment 19 Josh Boyer 2012-04-04 21:00:49 UTC 
*** Bug 810003 has been marked as a duplicate of this bug. ***
Comment 20 Fedora Update System 2012-04-05 12:50:42 UTC 
kernel-3.3.1-3.fc17 has been submitted as an update for Fedora 17.
https://admin.fedoraproject.org/updates/kernel-3.3.1-3.fc17
Comment 21 Fedora Update System 2012-04-05 12:53:30 UTC 
kernel-3.3.1-3.fc16 has been submitted as an update for Fedora 16.
https://admin.fedoraproject.org/updates/kernel-3.3.1-3.fc16
Comment 22 Fedora Update System 2012-04-05 18:24:54 UTC 
Package kernel-3.3.1-3.fc17:
* should fix your issue,
* was pushed to the Fedora 17 testing repository,
* should be available at your local mirror within two days.
Update it with:
# su -c 'yum update --enablerepo=updates-testing kernel-3.3.1-3.fc17'
as soon as you are able to, then reboot.
Please go to the following url:
https://admin.fedoraproject.org/updates/FEDORA-2012-5346/kernel-3.3.1-3.fc17
then log in and leave karma (feedback).
Comment 23 Jeff Peeler 2012-04-06 19:49:40 UTC 
This happened when attempting to record a video with my webcam on Google+. I clicked record, it started, and then upon clicking stop the crash occurred. It is reproducible.

Package: kernel
OS Release: Fedora release 16 (Verne)
Comment 24 Jeff Peeler 2012-04-06 21:25:22 UTC 
I left some karma in bodhi, problem fixed for me now.
Comment 25 Fedora Update System 2012-04-08 03:27:16 UTC 
kernel-3.3.1-3.fc16 has been pushed to the Fedora 16 stable repository.  If problems still persist, please make note of it in this bug report.
Comment 26 Josh Boyer 2012-04-09 13:09:11 UTC 
*** Bug 810599 has been marked as a duplicate of this bug. ***
Comment 27 Fedora Update System 2012-04-11 00:27:13 UTC 
kernel-3.3.1-5.fc16 has been submitted as an update for Fedora 16.
https://admin.fedoraproject.org/updates/kernel-3.3.1-5.fc16
Comment 28 Fedora Update System 2012-04-11 00:28:49 UTC 
kernel-3.3.1-5.fc17 has been submitted as an update for Fedora 17.
https://admin.fedoraproject.org/updates/kernel-3.3.1-5.fc17
Comment 29 Fedora Update System 2012-04-11 00:29:38 UTC 
kernel-2.6.43.1-5.fc15 has been submitted as an update for Fedora 15.
https://admin.fedoraproject.org/updates/kernel-2.6.43.1-5.fc15
Comment 30 Josh Boyer 2012-04-11 10:34:07 UTC 
*** Bug 811435 has been marked as a duplicate of this bug. ***
Comment 31 Fedora Update System 2012-04-13 21:33:02 UTC 
kernel-3.3.1-5.fc16 has been pushed to the Fedora 16 stable repository.  If problems still persist, please make note of it in this bug report.
Comment 32 Fedora Update System 2012-04-14 00:40:17 UTC 
kernel-2.6.43.2-2.fc15 has been submitted as an update for Fedora 15.
https://admin.fedoraproject.org/updates/kernel-2.6.43.2-2.fc15
Comment 33 Fedora Update System 2012-04-14 04:33:27 UTC 
kernel-3.3.1-5.fc17 has been pushed to the Fedora 17 stable repository.  If problems still persist, please make note of it in this bug report.
Comment 34 Fedora Update System 2012-04-21 16:47:13 UTC 
kernel-2.6.43.2-6.fc15 has been submitted as an update for Fedora 15.
https://admin.fedoraproject.org/updates/kernel-2.6.43.2-6.fc15
Comment 35 Fedora Update System 2012-04-26 03:28:27 UTC 
kernel-2.6.43.2-6.fc15 has been pushed to the Fedora 15 stable repository.  If problems still persist, please make note of it in this bug report.