#11620 HIGH 1.75-so: Kernel null pointer dereference in mmp_camera

Zarro Boogs per Child bugtracker at laptop.org
Mon Feb 13 10:29:17 EST 2012 

#11620: Kernel null pointer dereference in mmp_camera
-----------------------+----------------------------------------------------
 Reporter:  greenfeld  |                 Owner:                                   
     Type:  defect     |                Status:  new                              
 Priority:  high       |             Milestone:  1.75-software                    
Component:  kernel     |               Version:  Development build as of this date
 Keywords:             |           Next_action:  diagnose                         
 Verified:  0          |   Deployment_affected:                                   
Blockedby:             |              Blocking:                                   
-----------------------+----------------------------------------------------
 1. Record a few seconds of video using Record.  Stop recording.
  2. Leaving the Record activity open, switch to the Linux console and run
 "rtcwake -m mem -s 5".
  3. Switch back to Record, and record a few seconds of a second video
 using Record.  Stop recording.
  4. If you have not hung entirely you will get this hang.
  5. Don't let the XO suspend again or it may hang while suspending in a
 manner which seems impossible to wake up from.  (Nothing unusual is logged
 when this happens.)

 Seen in 11.3.1 os27.

 {{{
 [ 806.228867] SETTING SPEAKER MUTE TO 0
 [ 808.548034] Bus Clock: USB PLL 480MHz
 [ 808.550302] GC Controller Clock: USB PLL 480MHz
 [ 808.776517] hub 1-1:1.0: hub_suspend
 [ 808.776694] usb 1-1: unlink qh256-0001/dca40b60 start 3 [1/0 us]
 [ 808.777264] usb 1-1: usb auto-suspend
 [ 810.796366] hub 1-0:1.0: hub_suspend
 [ 810.796400] usb usb1: bus auto-suspend
 [ 810.796436] pxau2o-ehci pxau2o-ehci.0: suspend root hub
 [ 811.586377] vb2_common_vm_close: dc577880, refcount: 2, vma:
 444f1000-44587000
 [ 811.586606] vb2_common_vm_close: dc130dc0, refcount: 2, vma:
 45041000-450d7000
 [ 811.626424] mmp-camera mmp-camera.0: Release, 276 frames, 2 singles, 275
 delivered
 [ 811.626703] cma: dma_release_from_contiguous(page c087c020)
 [ 811.626758] cma: dma_release_from_contiguous(page c087c040)
 [ 811.626773] vb2_dma_sg_put: Freeing buffer of 150 pages
 [ 811.626773] vb2_dma_sg_put: Freeing buffer of 150 pages
 [ 812.046371] vb2_dma_sg_alloc: Allocated buffer of 38 pages
 [ 812.047697] cma: dma_alloc_from_contiguous(cma dc04e900, count 1, align
 0)
 [ 812.048813] cma: dma_alloc_from_contiguous(): returned c087c020
 [ 812.048813] vb2_dma_sg_alloc: Allocated buffer of 38 pages
 [ 812.049043] cma: dma_alloc_from_contiguous(cma dc04e900, count 1, align
 0)
 [ 812.049466] cma: dma_alloc_from_contiguous(): returned c087c040
 [ 812.050184] vb2_common_vm_open: dc130dc0, refcount: 1, vma:
 444ac000-444d2000
 [ 812.050490] vb2_common_vm_open: dc1a4500, refcount: 1, vma:
 44561000-44587000
 [ 816.746367] vb2_common_vm_close: dc130dc0, refcount: 2, vma:
 444ac000-444d2000
 [ 816.746564] vb2_common_vm_close: dc1a4500, refcount: 2, vma:
 44561000-44587000
 [ 816.795935] mmp-camera mmp-camera.0: Release, 69 frames, 2 singles, 68
 delivered
 [ 816.795935] cma: dma_release_from_contiguous(page c087c020)
 [ 816.795993] cma: dma_release_from_contiguous(page c087c040)
 [ 816.795993] vb2_dma_sg_put: Freeing buffer of 38 pages
 [ 816.796008] vb2_dma_sg_put: Freeing buffer of 38 pages
 [ 820.296407] vb2_dma_sg_alloc: Allocated buffer of 150 pages
 [ 820.296951] cma: dma_alloc_from_contiguous(cma dc04e900, count 1, align
 0)
 [ 820.307599] Unable to handle kernel NULL pointer dereference at virtual
 address 00000005
 [ 820.307650] pgd = dca64000
 [ 820.307676] [00000005] *pgd=1c5f3831, *pte=00000000, *ppte=00000000
 [ 820.307687] Internal error: Oops: 17 [#1] PREEMPT
 [ 820.307710] Modules linked in: fuse xt_tcpudp iptable_filter ip_tables
 x_tables uinput libertas_sdio psmouse libertas mousedev siv120d ov7670
 mmp_camera videobuf2_core joydev videobuf2_dma_sg videobuf2_memops [last
 unloaded: scsi_wait_scan]
 [ 820.307721] CPU: 0 Not tainted (3.0.19_xo1.75-20120207.0609.olpc.d6a2a5e
 #1)
 [ 820.307795] PC is at __free_pages+0x8/0x40
 [ 820.307827] LR is at __dma_free_buffer+0x20/0x30
 [ 820.307847] pc : [<c0093130>] lr : [<c0037be4>] psr: 80000013
 [ 820.307862] sp : dc3c9ba4 ip : 00000001 fp : 00000000
 [ 820.307871] r10: ffffffff r9 : 00000000 r8 : 00000000
 [ 820.307885] r7 : 000000d0 r6 : ffffffff r5 : 00000021 r4 : 00000001
 [ 820.307898] r3 : 00000000 r2 : 00000005 r1 : 00000000 r0 : 00000001
 [ 820.307913] Flags: Nzcv IRQs on FIQs on Mode SVC_32 ISA ARM Segment user
 [ 820.307946] Control: 10c5387d Table: 1ca64019 DAC: 00000015
 [ 820.307961] Process Record <e29d890 (pid: 1265, stack limit =
 0xdc3c82f8)
 [ 820.307977] Stack: (0xdc3c9ba4 to 0xdc3ca000)
 [ 820.307977] 9ba0: 00000001 00000021 c0037be4 00000000 00001000 c04c65e8
 c00381a0
 [ 820.307995] 9bc0: dc5ee400 dc5ee400 dc3c9e68 c00af884 dc5ee690 c00b0b1c
 000000d0 00000001
 [ 820.308019] 9be0: 00096000 000000d0 dc5ee690 000004b8 c04c65e8 00000001
 dc5ee43c dc5ee408
 [ 820.308042] 9c00: dc3c9e68 c0038268 00000247 00001000 dc58c800 00000254
 dc5ee400 dc459008
 [ 820.308065] 9c20: dc5ee400 dc3c9c64 dc5ee400 bf017138 bf017108 dc459248
 00000000 bf00eac0
 [ 820.308089] 9c40: dc459308 dc3c9e70 00000000 dc459264 00000001 00000001
 dc459264 00000002
 [ 820.308133] 9c60: 00096000 00000000 00000000 00000000 00000000 00000000
 00000000 00000000
 [ 820.308133] 9c80: 00000001 00000002 00000007 dc459390 dc459008 dc3c9e68
 bf018464 c0145608
 [ 820.308179] 9ca0: dc459008 dcb96d60 00000001 bf016fc4 dc3c9e68 00000000
 dc459098 c024f9ec
 [ 820.308179] 9cc0: c04fcc38 dc3c9d30 00000000 c04e4398 dc3c9cec 000200da
 00000000 007fffff
 [ 820.308202] 9ce0: c04e4b28 dc65e980 00000001 00000000 c04e4398 c0093b58
 00000001 dc3c9e68
 [ 820.308225] 9d00: c04e4398 00000002 00000000 00000000 00000002 00000001
 c04e4b2c 0000000f
 [ 820.308247] 9d20: 000200da c04c7218 0000000f dc3c8000 00000000 c00912f4
 00000041 c04e4398
 [ 820.308270] 9d40: 0000037d 400c8000 dc3ceb78 400c8000 dc717320 dc65e980
 00020000 0cef534f
 [ 820.308293] 9d60: dc3ceb78 c00a6fec c04e4b2c 00000000 c096450c 00000000
 00000000 c04be01c
 [ 820.308316] 9d80: dc9276c0 c00662c8 dc9276c0 400c8000 dca64000 00000200
 dc65e980 dca65000
 [ 820.308340] 9da0: 00000001 dc3ceb78 00000014 c00a755c dc032e20 dc032ea8
 00000001 00000000
 [ 820.308362] 9dc0: dc3c9e04 c004040c 400c8000 dc9276c0 dc3c9ea0 c00385ac
 400c8000 00000817
 [ 820.308386] 9de0: 00000817 c04c71d0 dc032e20 00000001 00000000 00000003
 00000000 00000000
 [ 820.308408] 9e00: 00021641 00000000 a4ac4827 0000000a dc7cc540 dc48a990
 c04c7218 dc7cc540
 [ 820.308431] 9e20: c002bd58 dcb92000 c0036fdc c0065f18 dc3c8000 c0145608
 00000000 00000014
 [ 820.308477] 9e40: 00000000 dc3c9e68 00000000 00000000 bee1079c c024d3f4
 00000003 00000000
 [ 820.308477] 9e60: dcb96d60 c024d5a4 00000002 00000001 00000001 00000000
 00000000 00000000
 [ 820.308522] 9e80: dc032e20 dc032ea8 00000001 c04fcc38 dc3c9ed4 c004040c
 c04c5020 c006e2c0
 [ 820.308546] 9ea0: 2684e48c 00000025 dc3c9fb0 dc3c9eb0 c04c00fc c04c71d0
 dc032e20 00000001
 [ 820.308546] 9ec0: c04fcc38 dc3c9f30 00000000 c00528c0 dc3c9eec c003e3c0
 00000001 c04c71d0
 [ 820.308569] 9ee0: 40000113 00000102 dc3c9efc dc459098 c0145608 bee1079c
 dcb96d60 bee1079c
 [ 820.308593] 9f00: dc3c8000 00020000 42ee4340 c024c56c dcb96d60 bee1079c
 bee1079c dc5f1668
 [ 820.308616] 9f20: c0031228 c00cbea4 c04fb64c c04fb84c dc3c9f30 dc3c9f30
 c002bd58 dc05e000
 [ 820.308664] 9f40: c0036fdc c0065f18 dc3c8000 dc9276c0 c04c71d0 dc032e20
 dc3c8000 c006628c
 [ 820.308688] 9f60: dc65e980 ffffffff dc65e9b4 dcb96d60 bee1079c c0145608
 00000025 c0031228
 [ 820.308688] 9f80: dc3c8000 c00cbf4c 00000025 00000001 bee1079c bee105b4
 00000000 42ed52e4
 [ 820.308734] 9fa0: 00000036 c0031080 bee105b4 00000000 00000025 c0145608
 bee1079c 42eca32c
 [ 820.308734] 9fc0: bee105b4 00000000 42ed52e4 00000036 000000a8 00000000
 42ee4340 42ee4340
 [ 820.308756] 9fe0: bee10558 bee10548 42ed950c 40444a30 80000010 00000025
 00000000 00000000
 [ 820.308816] [<c0093130>] (__free_pages+0x8/0x40) from [<c0037be4>]
 (__dma_free_buffer+0x20/0x30)
 [ 820.308816] [<c0037be4>] (__dma_free_buffer+0x20/0x30) from [<c00381a0>]
 (__dma_alloc+0x2d8/0x328)
 [ 820.308843] [<c00381a0>] (__dma_alloc+0x2d8/0x328) from [<c0038268>]
 (dma_alloc_coherent+0x54/0x60)
 [ 820.308868] [<c0038268>] (dma_alloc_coherent+0x54/0x60) from
 [<bf017138>] (mcam_vb_sg_buf_init+0x30/0x5c [mmp_camera])
 [ 820.308961] [<bf017138>] (mcam_vb_sg_buf_init+0x30/0x5c [mmp_camera])
 from [<bf00eac0>] (vb2_reqbufs+0x404/0x628 [videobuf2_core])
 [ 820.308961] [<bf00eac0>] (vb2_reqbufs+0x404/0x628 [videobuf2_core]) from
 [<bf016fc4>] (mcam_vidioc_reqbufs+0x24/0x38 [mmp_camera])
 [ 820.309000] [<bf016fc4>] (mcam_vidioc_reqbufs+0x24/0x38 [mmp_camera])
 from [<c024f9ec>] (__video_do_ioctl+0x2448/0x5164)
 [ 820.309068] [<c024f9ec>] (__video_do_ioctl+0x2448/0x5164) from
 [<c024d3f4>] (video_usercopy+0x35c/0x4a4)
 [ 820.309068] [<c024d3f4>] (video_usercopy+0x35c/0x4a4) from [<c024c56c>]
 (v4l2_ioctl+0x68/0x114)
 [ 820.309124] [<c024c56c>] (v4l2_ioctl+0x68/0x114) from [<c00cbea4>]
 (do_vfs_ioctl+0x544/0x5b8)
 [ 820.309124] [<c00cbea4>] (do_vfs_ioctl+0x544/0x5b8) from [<c00cbf4c>]
 (sys_ioctl+0x34/0x54)
 [ 820.309181] [<c00cbf4c>] (sys_ioctl+0x34/0x54) from [<c0031080>]
 (ret_fast_syscall+0x0/0x30)
 [ 820.309181] Code: c04ca178 c04e4398 e92d4030 e2802004 (e5904004)
 [ 820.309205] ---[ end trace 6cc822361b74f385 ]---
 }}}

-- 
Ticket URL: <http://dev.laptop.org/ticket/11620>
One Laptop Per Child <http://laptop.org/>
OLPC bug tracking system

More information about the Bugs mailing list