lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Date:	Sun, 26 Jun 2011 00:49:29 +0530
From:	Raghavendra D Prabhu <rprabhu@...hang.net>
To:	laurent.pinchart@...asonboard.com
Cc:	mchehab@...radead.org, linux-media@...r.kernel.org,
	linux-kernel@...r.kernel.org
Subject: Oops while modprobing uvcvideo module

Hi,

     While modprobing uvcvideo I am getting the following oops. This is
     on a kernel built with latest linus master
     (536142f950f7ea4f3d146a138ad6938f28a34f33). I have also attached the
     full dmesg.

=============================================================
  [ 1985.732475] uvcvideo: Found UVC 1.00 device Laptop_Integrated_Webcam_2HDM (0408:2fb1)
  [ 1985.759844] uvcvideo: No streaming interface found for terminal 6.
  [ 1985.759863] BUG: unable to handle kernel NULL pointer dereference at 0000000000000050
  [ 1985.759871] IP: [<ffffffffa0da23e0>] media_entity_init+0x40/0xa0 [media]
  [ 1985.759884] PGD 10f9eb067 PUD 1397ce067 PMD 0
  [ 1985.759892] Oops: 0002 [#1] PREEMPT SMP
  [ 1985.759899] CPU 0
  [ 1985.759901] Modules linked in: uvcvideo(+) videodev v4l2_compat_ioctl32 media nbd kvm_intel kvm usb_storage cls_u32 sch_sfb sch_htb max6650 coretemp usbhid snd_hda_codec_hdmi snd_hda_codec_realtek iwlagn snd_hda_intel mac80211 snd_hda_c odec nvidia(P) snd_pcm cfg80211 dell_laptop rfkill ehci_hcd snd_timer iTCO_wdt dell_wmi snd soundcore snd_page_alloc psmouse sparse_keymap mei(C) i7core_edac edac_core dcdbas intel_ips xhci_hcd iTCO_vendor_support wmi usbcore agpgart sd_mo d ahci libahci
  [ 1985.759961]
  [ 1985.759967] Pid: 14596, comm: modprobe Tainted: P         C  3.0.0-rc4-LYM #8 Dell Inc. XPS L501X  /0J1VR3
  [ 1985.759975] RIP: 0010:[<ffffffffa0da23e0>]  [<ffffffffa0da23e0>] media_entity_init+0x40/0xa0 [media]
  [ 1985.759986] RSP: 0018:ffff88013a657bc8  EFLAGS: 00010282
  [ 1985.759990] RAX: ffff880126cfd6e0 RBX: 0000000000000000 RCX: 0000000000000000
  [ 1985.759995] RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffff880126cfd700
  [ 1985.760000] RBP: ffff88013a657bf8 R08: 0000000000000000 R09: ffff880126cfd6e0
  [ 1985.760004] R10: 0000000000000000 R11: 0000000000000001 R12: 0000000000000001
  [ 1985.760008] R13: ffff8800b18c7d58 R14: 0000000000000001 R15: 0000000000000001
  [ 1985.760014] FS:  00007f7cb0722700(0000) GS:ffff88013fc00000(0000) knlGS:0000000000000000
  [ 1985.760019] CS:  0010 DS: 0000 ES: 0000 CR0: 000000008005003b
  [ 1985.760024] CR2: 0000000000000050 CR3: 0000000132f04000 CR4: 00000000000006f0
  [ 1985.760029] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
  [ 1985.760034] DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000400
  [ 1985.760039] Process modprobe (pid: 14596, threadinfo ffff88013a656000, task ffff88013940c920)
  [ 1985.760043] Stack:
  [ 1985.760046]  ffff8800b76fac00 ffff8800b18c7800 ffff8800b18c7070 ffff8800b7679d80
  [ 1985.760055]  ffff8800b7679d98 0000000000000000 ffff88013a657c38 ffffffffa0df211a
  [ 1985.760063]  ffff88013a657c38 ffff8800b7679d88 ffff8800b18c0cc0 ffff8800b18c0800
  [ 1985.760072] Call Trace:
  [ 1985.760086]  [<ffffffffa0df211a>] uvc_mc_register_entities+0xba/0x25c [uvcvideo]
  [ 1985.760100]  [<ffffffffa0de8a48>] uvc_probe+0x388/0x2550 [uvcvideo]
  [ 1985.760128]  [<ffffffffa0047ed3>] usb_probe_interface+0xf3/0x250 [usbcore]
  [ 1985.760138]  [<ffffffff81425bfc>] driver_probe_device+0x9c/0x2b0
  [ 1985.760144]  [<ffffffff81425ebb>] __driver_attach+0xab/0xb0
  [ 1985.760151]  [<ffffffff81425e10>] ? driver_probe_device+0x2b0/0x2b0
  [ 1985.760157]  [<ffffffff81425e10>] ? driver_probe_device+0x2b0/0x2b0
  [ 1985.760165]  [<ffffffff81424a0c>] bus_for_each_dev+0x5c/0x90
  [ 1985.760173]  [<ffffffff8142580e>] driver_attach+0x1e/0x20
  [ 1985.760179]  [<ffffffff81425410>] bus_add_driver+0x1b0/0x2a0
  [ 1985.760186]  [<ffffffff814263f6>] driver_register+0x76/0x140
  [ 1985.760205]  [<ffffffffa0046cbd>] usb_register_driver+0x9d/0x190 [usbcore]
  [ 1985.760213]  [<ffffffffa0dba000>] ? 0xffffffffa0db9fff
  [ 1985.760224]  [<ffffffffa0dba020>] uvc_init+0x20/0x1000 [uvcvideo]
  [ 1985.760234]  [<ffffffff810001d0>] do_one_initcall+0x40/0x170
  [ 1985.760243]  [<ffffffff8108494e>] sys_init_module+0xbe/0x230
  [ 1985.760252]  [<ffffffff815881eb>] system_call_fastpath+0x16/0x1b
  [ 1985.760256] Code: 90 44 0f b7 f6 44 0f b7 f9 48 89 fb 45 01 f7 41 89 f4 be d0 80 00 00 44 89 ff 49 89 d5 48 c1 e7 05 e8 35 60 38 e0 48 85 c0 74 56
  [ 1985.760296]  89 43 50 31 c0 45 85 f6 c7 43 38 00 00 00 00 66 44 89 7b 42
  [ 1985.760315] RIP  [<ffffffffa0da23e0>] media_entity_init+0x40/0xa0 [media]
  [ 1985.760325]  RSP <ffff88013a657bc8>
  [ 1985.760328] CR2: 0000000000000050
  [ 1985.760383] ---[ end trace d9254fd075095138 ]---
======================================================================

I was able to observe this at boot and also reproduce it later.

Further analyzing the oops revealed this:
========================================================
perl scripts/markup_oops.pl < ~/oops

No vmlinux specified, assuming /lib/modules/3.0.0-rc4-LYM/build/vmlinux
         unsigned int max_links = num_pads + extra_links;
         unsigned int i;

         links = kzalloc(max_links * sizeof(links[0]), GFP_KERNEL);
  ffffffffa01573d2:      48 c1 e7 05             shl    $0x5,%rdi   |  %edi => ffff88013ac31200
  ffffffffa01573d6:      e8 00 00 00 00          callq  ffffffffa01573db <media_entity_init+0x3b>
         if (links == NULL)
  ffffffffa01573db:      48 85 c0                test   %rax,%rax   |  %eax => ffff88013ac311e0
  ffffffffa01573de:      74 56                   je     ffffffffa0157436 <media_entity_init+0x96>
         entity->max_links = max_links;
         entity->num_links = 0;
         entity->num_backlinks = 0;
         entity->num_pads = num_pads;
         entity->pads = pads;
         entity->links = links;
*ffffffffa01573e0:      48 89 43 50             mov    %rax,0x50(%rbx) |  %eax = ffff88013ac311e0 <--- faulting instruction
         for (i = 0; i < num_pads; i++) {
                 pads[i].entity = entity;
                 pads[i].index = i;
         }

         return 0;
  ffffffffa01573e4:      31 c0                   xor    %eax,%eax
         entity->num_backlinks = 0;
         entity->num_pads = num_pads;
         entity->pads = pads;
         entity->links = links;
==================================================================

gcc --version 
==================
gcc (GCC) 4.6.0 20110603 (prerelease)
Copyright (C) 2011 Free Software Foundation, Inc.
This is free software; see the source for copying conditions.  There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.

Currently I have blacklisted the uvcvideo, so it is not hampering normal
operation of the system.

--------------------------
Raghavendra Prabhu
GPG Id : 0xD72BE977
Fingerprint: B93F EBCB 8E05 7039 CD3C A4B8 A616 DCA1 D72B E977
www: wnohang.net

View attachment "oops.dmesg" of type "text/plain" (71831 bytes)

Content of type "application/pgp-signature" skipped

Powered by blists - more mailing lists