Bug 115173 - sstfb oopses kernel on load
sstfb oopses kernel on load
Status: CLOSED WONTFIX
Product: Fedora
Classification: Fedora
Component: kernel (Show other bugs)
1
All Linux
low Severity high
: ---
: ---
Assigned To: Arjan van de Ven
Brian Brock
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2004-02-07 16:05 EST by Alan Cox
Modified: 2007-11-30 17:10 EST (History)
1 user (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2004-09-29 16:04:18 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)
Fix (386 bytes, patch)
2004-02-07 18:48 EST, Alan Cox
no flags Details | Diff

  None (edit)
Description Alan Cox 2004-02-07 16:05:55 EST
Description of problem:

sstfb driver crashes

How reproducible:


Steps to Reproduce:
1. modprobe sstfb
  
Actual results:sstfb: Voodoo Graphics with ICS ICS5342 dac
sstfb: framebuffer at 0xd1400000, mapped to 0xccd0b000, size 2Mb
Unable to handle kernel NULL pointer dereference at virtual address
0000000c
 printing eip:
c013a106
*pde = 00000000
Oops: 0000
sstfb lp parport autofs natsemi ipt_REJECT iptable_filter ip_tables
floppy sg sr_mod cdrom scsi_mod microcode keybdev mousedev hid input
usb-uhci usbcore ext3
CPU:    0
EIP:    0060:[<c013a106>]    Not tainted
EFLAGS: 00010002
 
EIP is at kfree [kernel] 0x46 (2.4.22-1.2149.nptl)
eax: 6787690b   ebx: c92c72b4   ecx: 00000000   edx: c1000020
esi: 00000000   edi: 00000202   ebp: c579de24   esp: c579dd5c
ds: 0068   es: 0068   ss: 0068
Process modprobe (pid: 3125, stackpage=c579d000)
Stack: 00000040 00000002 01f69620 000a7876 c92c72b4 00000000 00000000
c579de24
       c01f16f8 6787690b 00000000 c92c7214 c92c7214 00000014 c92c72b4
cc905aa0
       c92c72b4 00000000 00000000 16ddc909 00000010 00000280 0000003f
00000307
Call Trace:   [<c01f16f8>] fb_alloc_cmap [kernel] 0x188 (0xc579dd7c)
[<cc905aa0>] sstfb_set_var [sstfb] 0x180 (0xc579dd98)
[<cc905f33>] sst_get_memsize [sstfb] 0x23 (0xc579ddf4)
[<cc908e60>] dacs [sstfb] 0x0 (0xc579de00)
[<cc907898>] sstfb_probe [sstfb] 0x348 (0xc579de0c)
[<cc908d20>] sstfb_id_tbl [sstfb] 0x0 (0xc579dec4)
[<cc908d80>] sstfb_driver [sstfb] 0x0 (0xc579dec8)
[<c01e7125>] pci_announce_device [kernel] 0x35 (0xc579ded4)
[<cc908d20>] sstfb_id_tbl [sstfb] 0x0 (0xc579dedc)
[<cc908d80>] sstfb_driver [sstfb] 0x0 (0xc579dee4)
[<c01e71cc>] pci_register_driver [kernel] 0x5c (0xc579def0)
[<cc908d80>] sstfb_driver [sstfb] 0x0 (0xc579def4)
[<cc907503>] sstfb_init [sstfb] 0x13 (0xc579df08)
[<cc908d80>] sstfb_driver [sstfb] 0x0 (0xc579df0c)
[<c011dfa4>] sys_init_module [kernel] 0x584 (0xc579df14)
[<cc905060>] __sst_dac_read [sstfb] 0x0 (0xc579df2c)
[<cc905060>] __sst_dac_read [sstfb] 0x0 (0xc579df58)
[<c0109747>] system_call [kernel] 0x33 (0xc579dfc0)
 
 
Code: 8b 51 0c 8b 59 14 29 d0 31 d2 f7 76 18 89 5c 81 18 8b 51 10
  
Expected results:

Working sst frame buffer console
Comment 1 Alan Cox 2004-02-07 18:48:20 EST
Created attachment 97527 [details]
Fix

Uncleared memory makes the cmap layer free junk
Comment 2 Alan Cox 2004-03-11 18:22:41 EST
Bug not in 2.6 btw
Comment 3 Leonard den Ottolander 2004-06-18 18:23:57 EDT
* Tue Feb 17 2004 Dave Jones <davej@redhat.com>
- Fix leak in SSTFB driver.

I assume this is fixed? By the way, would this issue be relevant to
Legacy RHL 9?
Comment 4 Alan Cox 2004-06-18 19:09:42 EDT
Unrelated bug. Both are probably in legacy RH9. The fix for the oops
on load is valid for RH9 too I would suspect
Comment 5 David Lawrence 2004-09-29 16:04:18 EDT
Thanks for the bug report. However, Red Hat no longer maintains this version of
the product. Please upgrade to the latest version and open a new bug if the problem
persists.

The Fedora Legacy project (http://fedoralegacy.org/) maintains some older releases, 
and if you believe this bug is interesting to them, please report the problem in
the bug tracker at: http://bugzilla.fedora.us/

Note You need to log in before you can comment on or make changes to this bug.