BUG: unable to handle kernel NULL pointer dereference at (null)

Bug #624701 reported by Brian Rogers
18
This bug affects 3 people
Affects Status Importance Assigned to Milestone
linux (Ubuntu)
Fix Released
Medium
Brian Rogers
Nominated for Maverick by Brian Rogers

Bug Description

SRU Justification:

Impact: Kernel oops occurs whenever the LIRC daemon loads.
Fix: Apply patch to check for NULL pointer dereference (see comment #5)
Testcase: Confirm kernel oops occurs prior to patch being applied. Confirm kernel oops no longer occurs after patch applied.

=====

When my system starts, I get an oops in dmesg, which appears to be related to the IR receiver in my TV tuner. This problem didn't happen in Lucid's 2.6.32 kernel. So far I haven't witnessed any harmful effects.

It crashes whenever the LIRC daemon loads. To reproduce the error, I just have to reboot my system. My TV tuner is saa7134-based, and is called "MSI TVAnywhere Plus."

ProblemType: KernelOops
DistroRelease: Ubuntu 10.10
Package: linux-image-2.6.35-19-generic 2.6.35-19.25
Regression: Yes
Reproducible: Yes
ProcVersionSignature: Ubuntu 2.6.35-19.25-generic 2.6.35.3
Uname: Linux 2.6.35-19-generic x86_64
NonfreeKernelModules: nvidia
AlsaVersion: Advanced Linux Sound Architecture Driver Version 1.0.23.
Annotation: Your system might become unstable now and might need to be restarted.
Architecture: amd64
AudioDevicesInUse:
 USER PID ACCESS COMMAND
 /dev/snd/controlC0: brian 2916 F.... pulseaudio
Card0.Amixer.info:
 Card hw:0 'CK804'/'NVidia CK804 with ALC850 at irq 22'
   Mixer name : 'Realtek ALC850 rev 0'
   Components : 'AC97a:414c4790'
   Controls : 42
   Simple ctrls : 27
Card2.Amixer.info:
 Card hw:2 'SAA7134'/'saa7133[0] at 0xfdeff000 irq 16'
   Mixer name : 'SAA7134 Mixer'
   Components : ''
   Controls : 6
   Simple ctrls : 3
Date: Thu Aug 26 07:45:26 2010
Failure: oops
HibernationDevice: RESUME=UUID=61a5c693-e163-4e66-85f1-7b930d941f63
Lsusb:
 Bus 002 Device 004: ID 046d:c00e Logitech, Inc. M-BJ58/M-BJ69 Optical Wheel Mouse
 Bus 002 Device 003: ID 046d:c312 Logitech, Inc. DeLuxe 250 Keyboard
 Bus 002 Device 002: ID 1131:1001 Integrated System Solution Corp. KY-BT100 Bluetooth Adapter
 Bus 002 Device 001: ID 1d6b:0001 Linux Foundation 1.1 root hub
 Bus 001 Device 001: ID 1d6b:0002 Linux Foundation 2.0 root hub
MachineType: Unknow Unknow
ProcCmdLine: BOOT_IMAGE=/boot/vmlinuz-2.6.35-19-generic root=UUID=87050cee-e9c4-4381-8753-17615d08427b ro nouveau.tv_norm=NTSC-M nouveau.modeset=1 quiet
RelatedPackageVersions: linux-firmware 1.38
SourcePackage: linux
Title: BUG: unable to handle kernel NULL pointer dereference at (null)
WpaSupplicantLog:

dmi.bios.date: 11/14/2007
dmi.bios.vendor: Phoenix Technologies, LTD
dmi.bios.version: 6.00 PG
dmi.board.name: KN9 Series(NF-CK804)
dmi.board.vendor: http://www.abit.com.tw/
dmi.board.version: 1.x
dmi.chassis.type: 3
dmi.chassis.vendor: Unknow
dmi.modalias: dmi:bvnPhoenixTechnologies,LTD:bvr6.00PG:bd11/14/2007:svnUnknow:pnUnknow:pvrUnknow:rvnhttp//www.abit.com.tw/:rnKN9Series(NF-CK804):rvr1.x:cvnUnknow:ct3:cvr:
dmi.product.name: Unknow
dmi.product.version: Unknow
dmi.sys.vendor: Unknow

Revision history for this message
Brian Rogers (brian-rogers) wrote :
Revision history for this message
Brian Rogers (brian-rogers) wrote :

2.6.35-18.24 is good
2.6.35-19.25 is bad

Mainline 2.6.36-rc3 is also bad.

Therefore, this is the suspect commit:

UBUNTU: SAUCE: Update ir-core to linuxtv/other which should be merged for 2.6.36.

BugLink: http://bugs.launchpad.net/bugs/609234

Patch generated from the linuxtv staging/other branch, with a few
additional pending fixes merged in, and just about everything not
essential to the ir-core update chopped out.

(Patch generated 2010.07.16)

Signed-off-by: Jarod Wilson <email address hidden>
Signed-off-by: Mario Limonciello <email address hidden>>
Acked-by: Tim Gardner <email address hidden>
Signed-off-by: Leann Ogasawara <email address hidden>

Revision history for this message
Brian Rogers (brian-rogers) wrote :

Bisected. Bad commit upstream:

commit 667c9ebe97f7e5f1e48e7eb321644c6fb1668de5
Author: David Härdeman <email address hidden>
Date: Sun Jun 13 17:29:31 2010 -0300

    V4L/DVB: ir-core: centralize sysfs raw decoder enabling/disabling

    With the current logic, each raw decoder needs to add a copy of the exact
    same sysfs code. This is both unnecessary and also means that (re)loading
    an IR driver after raw decoder modules have been loaded won't work as
    expected.

    This patch moves that logic into ir-raw-event and adds a single sysfs
    file per device.

    Reading that file returns something like:

        "rc5 [rc6] nec jvc [sony]"

    (with enabled protocols in [] brackets)

    Writing either "+protocol" or "-protocol" to that file will
    enable or disable the according protocol decoder.

    An additional benefit is that the disabling of a decoder will be
    remembered across module removal/insertion so a previously
    disabled decoder won't suddenly be activated again. The default
    setting is to enable all decoders.

    This is also necessary for the next patch which moves even more decoder
    state into the central raw decoding structs.

    Signed-off-by: David Härdeman <email address hidden>
    Acked-by: Jarod Wilson <email address hidden>
    Tested-by: Jarod Wilson <email address hidden>
    Signed-off-by: Mauro Carvalho Chehab <email address hidden>

description: updated
Revision history for this message
Brian Rogers (brian-rogers) wrote :

Here's a patch I wrote. Posted here: http://article.gmane.org/gmane.linux.kernel.input/15312

Changed in linux (Ubuntu):
assignee: nobody → Brian Rogers (brian-rogers)
Revision history for this message
Brian Rogers (brian-rogers) wrote :

OK, I neglected to go back and look at the Maverick kernel code until now. Here's a version based on Maverick's code.

I also tested this on top of Ubuntu-2.6.35-22.32 and verified that:
 * LIRC no longer crashes
 * no oops message
 * I can look and poke at /sys/class/rc/rc0/protocols without crashing anything
 * My remote works now

description: updated
description: updated
Changed in linux (Ubuntu):
importance: Undecided → Medium
status: New → Triaged
tags: added: patch
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package linux - 2.6.35-22.33

---------------
linux (2.6.35-22.33) maverick; urgency=low

  [ Andy Whitcroft ]

  * Revert "SAUCE: Add support for Intellimouse Mode in ALPS touchpad on
    Dell E2 series Laptops"
    - LP: #641320

  [ Brian Rogers ]

  * SAUCE: ir-core: Fix null dereferences in the protocols sysfs interface
    - LP: #624701

  [ Christopher James Halse Rogers ]

  * SAUCE: Nouveau: Add quirk framework to disable acceleration
    - LP: #544088, #546393
  * SAUCE: Nouveau: Disable acceleration on MacBook Pros
    - LP: #546393

  [ John Johansen ]

  * Revert "SAUCE: AppArmor: allow newer tools to load policy on older
    kernels"
  * SAUCE: AppArmor: allow newer tools to load policy on older kernels
    - LP: #639758

  [ Mathieu J. Poirier ]

  * SAUCE: Adding vdd_sdi regulator supply to OMAP3EVM

  [ Upstream Kernel Changes ]

  * ALSA: HDA: Enable internal speaker on Dell M101z
    - LP: #640254
 -- Leann Ogasawara <email address hidden> Fri, 17 Sep 2010 13:21:28 -0700

Changed in linux (Ubuntu):
status: Triaged → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.