Bug 808603

Summary: i2400m null pointer dereference
Product: [Fedora] Fedora Reporter: Bill Nottingham <notting>
Component: kernelAssignee: Kernel Maintainer List <kernel-maint>
Status: CLOSED ERRATA QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: 17CC: bharrington, gansalmon, greg.hellings, itamar, jonathan, kernel-maint, madhu.chinakonda, mikhail.v.gavrilov, rvokal, sgruszka
Target Milestone: ---   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: kernel-2.6.43.2-6.fc15 Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2012-04-08 03:27:32 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Attachments:
Description Flags
a patch thrown at upstream none

Description Bill Nottingham 2012-03-30 19:55:54 UTC 
Description of problem:

The most awesome part is that it does this in the device add path, so any attempt to pull kernel network device information via netlink hangs.

[    5.243248] BUG: unable to handle kernel NULL pointer dereference at           (null)
[    5.243293] IP: [<ffffffff812c5b98>] strncpy+0x18/0x30
[    5.243324] PGD 21e4f2067 PUD 21e4f3067 PMD 0 
[    5.243356] Oops: 0000 [#1] SMP 
[    5.243380] CPU 1 
[    5.243393] Modules linked in: cnic(+) uio cxgb4i cxgb4 cxgb3i cxgb3 mdio libcxgbi ib_iser rdma_cm ib_addr 
iw_cm ib_cm ib_sa ib_mad ib_core iscsi_tcp libiscsi_tcp libiscsi scsi_transport_iscsi ip6t_REJECT nf_conntrack
_ipv6 nf_defrag_ipv6 xt_physdev nf_conntrack_ipv4 nf_defrag_ipv4 ip6table_filter xt_state nf_conntrack ip6_tab
les snd_hda_codec_hdmi snd_hda_codec_conexant arc4 vhost_net tun macvtap macvlan kvm_intel snd_hda_intel i2400
m_usb(+) kvm snd_hda_codec iwlwifi snd_hwdep snd_pcm mac80211 snd_page_alloc i2400m snd_timer thinkpad_acpi(+)
 iTCO_wdt snd binfmt_misc wimax microcode btusb bluetooth intel_ips i2c_i801 iTCO_vendor_support cfg80211 soun
dcore e1000e wmi rfkill uinput ums_realtek usb_storage i915 video i2c_algo_bit drm_kms_helper drm i2c_core
[    5.243958] 
[    5.243969] Pid: 548, comm: modprobe Not tainted 3.3.0-8.fc17.x86_64 #1 LENOVO 5129CTO/5129CTO
[    5.244012] RIP: 0010:[<ffffffff812c5b98>]  [<ffffffff812c5b98>] strncpy+0x18/0x30
[    5.244047] RSP: 0018:ffff88021e6b1c78  EFLAGS: 00010202
[    5.244070] RAX: ffff88021e6b1cf0 RBX: ffff88021e6b1cac RCX: ffff88021e6b1cf0
[    5.244098] RDX: 000000000000001f RSI: 0000000000000000 RDI: ffff88021e6b1cf0
[    5.244126] RBP: ffff88021e6b1c78 R08: ffff88021e6b1d0f R09: 000000000000fffd
[    5.244154] R10: 0000000000000000 R11: 0000000000000000 R12: ffff88022da1b000
[    5.244183] R13: ffff88022da1b000 R14: 0000000000000000 R15: ffff88022da1b000
[    5.244211] FS:  00007f0cef80a740(0000) GS:ffff88023bc80000(0000) knlGS:0000000000000000
[    5.244243] CS:  0010 DS: 0000 ES: 0000 CR0: 000000008005003b
[    5.244267] CR2: 0000000000000000 CR3: 000000021e4f5000 CR4: 00000000000006e0
[    5.244295] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[    5.244323] DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000400
[    5.244352] Process modprobe (pid: 548, threadinfo ffff88021e6b0000, task ffff88022dbc8000)
[    5.244392] Stack:
[    5.244406]  ffff88021e6b1c98 ffffffffa0250c46 0000000000000000 ffff88021e6b1cac
[    5.244445]  ffff88021e6b1da8 ffffffffa05b571b 000000001e6b1cd8 00006d3030343269
[    5.244483]  0000000000000000 0000000000000000 0000000000000000 0000000000000000
[    5.244522] Call Trace:
[    5.244542]  [<ffffffffa0250c46>] i2400m_get_drvinfo+0x56/0x90 [i2400m]
[    5.244572]  [<ffffffffa05b571b>] is_cnic_dev+0x7b/0x500 [cnic]
[    5.244599]  [<ffffffffa05b6bca>] cnic_netdev_event+0xca/0x340 [cnic]
[    5.244627]  [<ffffffffa05c1000>] ? 0xffffffffa05c0fff
[    5.244654]  [<ffffffff814db725>] register_netdevice_notifier+0x85/0x1c0
[    5.244682]  [<ffffffffa05c1000>] ? 0xffffffffa05c0fff
[    5.244706]  [<ffffffffa05c1028>] cnic_init+0x28/0x1000 [cnic]
[    5.244733]  [<ffffffff8100212a>] do_one_initcall+0x12a/0x180
[    5.244761]  [<ffffffff810b6136>] sys_init_module+0x1106/0x20b0
[    5.244788]  [<ffffffff815f33e9>] system_call_fastpath+0x16/0x1b
[    5.244813] Code: 84 c9 75 ef 5d c3 66 66 66 66 2e 0f 1f 84 00 00 00 00 00 55 48 85 d2 48 89 f8 4c 8d 04 17 48 89 f9 48 89 e5 74 1a 0f 1f 44 00 00 <0f> b6 16 80 fa 01 88 11 48 83 de ff 48 83 c1 01 4c 39 c1 75 eb 
[    5.245117] RIP  [<ffffffff812c5b98>] strncpy+0x18/0x30
[    5.245143]  RSP <ffff88021e6b1c78>
[    5.245159] CR2: 0000000000000000



Version-Release number of selected component (if applicable):


How reproducible:


Steps to Reproduce:
1.
2.
3.
  
Actual results:


Expected results:


Additional info:
Comment 1 Bill Nottingham 2012-03-30 19:56:42 UTC 
3.3.0-8.fc17.x86_64
Comment 2 Bill Nottingham 2012-03-30 20:25:29 UTC 
Created attachment 574091 [details]
a patch thrown at upstream
Comment 3 Stanislaw Gruszka 2012-04-04 11:10:08 UTC 
*** Bug 804836 has been marked as a duplicate of this bug. ***
Comment 4 Stanislaw Gruszka 2012-04-04 11:11:20 UTC 
Upstream commit (not CCed stable).

commit 4eee6a3a04e8bb53fbe7de0f64d0524d3fbe3f80
Author: Phil Sutter <phil.sutter>
Date:   Mon Mar 26 09:01:30 2012 +0000

    wimax: i2400m - prevent a possible kernel bug due to missing fw_name string
Comment 5 Josh Boyer 2012-04-04 12:21:43 UTC 
Fixed in F15-F17.
Comment 6 Stanislaw Gruszka 2012-04-04 22:35:36 UTC 
*** Bug 809644 has been marked as a duplicate of this bug. ***
Comment 7 Fedora Update System 2012-04-05 12:50:51 UTC 
kernel-3.3.1-3.fc17 has been submitted as an update for Fedora 17.
https://admin.fedoraproject.org/updates/kernel-3.3.1-3.fc17
Comment 8 Fedora Update System 2012-04-05 12:53:43 UTC 
kernel-3.3.1-3.fc16 has been submitted as an update for Fedora 16.
https://admin.fedoraproject.org/updates/kernel-3.3.1-3.fc16
Comment 9 Fedora Update System 2012-04-05 18:25:01 UTC 
Package kernel-3.3.1-3.fc17:
* should fix your issue,
* was pushed to the Fedora 17 testing repository,
* should be available at your local mirror within two days.
Update it with:
# su -c 'yum update --enablerepo=updates-testing kernel-3.3.1-3.fc17'
as soon as you are able to, then reboot.
Please go to the following url:
https://admin.fedoraproject.org/updates/FEDORA-2012-5346/kernel-3.3.1-3.fc17
then log in and leave karma (feedback).
Comment 10 Fedora Update System 2012-04-08 03:27:32 UTC 
kernel-3.3.1-3.fc16 has been pushed to the Fedora 16 stable repository.  If problems still persist, please make note of it in this bug report.
Comment 11 Fedora Update System 2012-04-11 00:27:28 UTC 
kernel-3.3.1-5.fc16 has been submitted as an update for Fedora 16.
https://admin.fedoraproject.org/updates/kernel-3.3.1-5.fc16
Comment 12 Fedora Update System 2012-04-11 00:28:56 UTC 
kernel-3.3.1-5.fc17 has been submitted as an update for Fedora 17.
https://admin.fedoraproject.org/updates/kernel-3.3.1-5.fc17
Comment 13 Fedora Update System 2012-04-11 00:29:46 UTC 
kernel-2.6.43.1-5.fc15 has been submitted as an update for Fedora 15.
https://admin.fedoraproject.org/updates/kernel-2.6.43.1-5.fc15
Comment 14 Josh Boyer 2012-04-11 17:45:46 UTC 
*** Bug 799092 has been marked as a duplicate of this bug. ***
Comment 15 Fedora Update System 2012-04-13 21:33:12 UTC 
kernel-3.3.1-5.fc16 has been pushed to the Fedora 16 stable repository.  If problems still persist, please make note of it in this bug report.
Comment 16 Fedora Update System 2012-04-14 00:40:27 UTC 
kernel-2.6.43.2-2.fc15 has been submitted as an update for Fedora 15.
https://admin.fedoraproject.org/updates/kernel-2.6.43.2-2.fc15
Comment 17 Fedora Update System 2012-04-14 04:33:37 UTC 
kernel-3.3.1-5.fc17 has been pushed to the Fedora 17 stable repository.  If problems still persist, please make note of it in this bug report.
Comment 18 Fedora Update System 2012-04-21 16:47:24 UTC 
kernel-2.6.43.2-6.fc15 has been submitted as an update for Fedora 15.
https://admin.fedoraproject.org/updates/kernel-2.6.43.2-6.fc15
Comment 19 Fedora Update System 2012-04-26 03:28:39 UTC 
kernel-2.6.43.2-6.fc15 has been pushed to the Fedora 15 stable repository.  If problems still persist, please make note of it in this bug report.