Bug 796364 - sbc_fitpc2_wdt NULL pointer dereference
Summary: sbc_fitpc2_wdt NULL pointer dereference
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Red Hat Enterprise Linux 6
Classification: Red Hat
Component: kernel
Version: 6.3
Hardware: x86_64
OS: Unspecified
medium
medium
Target Milestone: rc
: ---
Assignee: Don Zickus
QA Contact: Madper Xie
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2012-02-22 18:31 UTC by Josef Lusticky
Modified: 2018-12-03 17:29 UTC (History)
3 users (show)

Fixed In Version: kernel-2.6.32-410.el6
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2013-11-21 12:42:18 UTC
Target Upstream Version:

Attachments (Terms of Use)
Add an attachment (proposed patch, testcase, etc.)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Knowledge Base (Solution) 512933 0 None None None Never
Red Hat Product Errata RHSA-2013:1645 0 normal SHIPPED_LIVE Important: Red Hat Enterprise Linux 6 kernel update 2013-11-20 22:04:18 UTC

Description Josef Lusticky 2012-02-22 18:31:07 UTC 
Description of problem:
When loading module sbc_fitpc2_wdt i got kernel panic:

BUG: unable to handle kernel NULL pointer dereference at (null) 
IP: [<ffffffff81271f6b>] strcmp+0xb/0x30 
PGD 3db38067 PUD 3dab2067 PMD 0  
Oops: 0000 [#1] SMP  
last sysfs file: /sys/module/wm8350/refcnt 
CPU 7  
Modules linked in: sbc_fitpc2_wdt(+) xp gru ab3100_core dcdbas sunrpc cpufreq_ondemand acpi_cpufreq freq_table mperf ipv6 e1000e bnx2 ipmi_si ipmi_msghandler hpwdt microcode serio_raw i5000_edac edac_core i5k_amb ext4 mbcache jbd2 hpsa cciss pata_acpi ata_generic ata_piix radeon ttm drm_kms_helper drm i2c_algo_bit i2c_core dm_mirror dm_region_hash dm_log dm_mod [last unloaded: wm8350] 
 
Pid: 3699, comm: modprobe Tainted: G         C ----------------   2.6.32-220.4.2.el6.x86_64 #1 HP ProLiant DL360 G5 
RIP: 0010:[<ffffffff81271f6b>]  [<ffffffff81271f6b>] strcmp+0xb/0x30 
RSP: 0018:ffff88003d38def8  EFLAGS: 00010292 
RAX: 0000000000000053 RBX: 0000000000000000 RCX: 0000000000000000 
RDX: 0000000000000001 RSI: 0000000000000000 RDI: ffffffffa0e426e8 
RBP: ffff88003d38def8 R08: 0000000000000000 R09: 0000000000000000 
R10: ffff88000240f180 R11: 0000000000000000 R12: ffffffffa0e45000 
R13: 0000000000913490 R14: 0000000000000000 R15: 0000000000000000 
FS:  00007fb19cc14700(0000) GS:ffff8800023c0000(0000) knlGS:0000000000000000 
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033 
CR2: 0000000000000000 CR3: 000000003db1e000 CR4: 00000000000006e0 
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 
DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000400 
Process modprobe (pid: 3699, threadinfo ffff88003d38c000, task ffff88003daa6080) 
Stack: 
 ffff88003d38df18 ffffffffa0e45022 0000000000000000 0000000000000000 
<0> ffff88003d38df48 ffffffff8100204c 0000000000000000 ffffffffa0e42860 
<0> 0000000000003230 0000000000913490 ffff88003d38df78 ffffffff810af4e1 
Call Trace: 
 [<ffffffffa0e45022>] fitpc2_wdt_init+0x22/0x146 [sbc_fitpc2_wdt] 
 [<ffffffff8100204c>] do_one_initcall+0x3c/0x1d0 
 [<ffffffff810af4e1>] sys_init_module+0xe1/0x250 
 [<ffffffff8100b0f2>] system_call_fastpath+0x16/0x1b 
Code: 84 ff 40 88 39 74 0d 48 83 c1 01 48 83 ea 01 75 e7 c6 01 00 c9 c3 66 2e 0f 1f 84 00 00 00 00 00 55 48 89 e5 0f 1f 40 00 0f b6 07 <0f> b6 16 48 83 c7 01 48 83 c6 01 38 d0 75 0e 84 c0 75 ea 31 c0  
RIP  [<ffffffff81271f6b>] strcmp+0xb/0x30 
 RSP <ffff88003d38def8> 
CR2: 0000000000000000 
---[ end trace 8a9fbed50005ed48 ]--- 
Kernel panic - not syncing: Fatal exception 
Pid: 3699, comm: modprobe Tainted: G      D  C ----------------   2.6.32-220.4.2.el6.x86_64 #1 
Call Trace: 
 [<ffffffff814ec2ba>] ? panic+0x78/0x143 
 [<ffffffff814f0444>] ? oops_end+0xe4/0x100 
 [<ffffffff8104234b>] ? no_context+0xfb/0x260 
 [<ffffffff810425d5>] ? __bad_area_nosemaphore+0x125/0x1e0 
 [<ffffffff810426fe>] ? bad_area+0x4e/0x60 
 [<ffffffff81042e03>] ? __do_page_fault+0x3c3/0x480 
 [<ffffffff81278f8c>] ? __bitmap_weight+0x8c/0xb0 
 [<ffffffff8112433f>] ? free_hot_page+0x2f/0x60 
 [<ffffffff81010b2e>] ? copy_user_generic+0xe/0x20 
 [<ffffffff81114831>] ? probe_kernel_write+0x41/0x70 
 [<ffffffff814f23fe>] ? do_page_fault+0x3e/0xa0 
 [<ffffffffa0e45000>] ? fitpc2_wdt_init+0x0/0x146 [sbc_fitpc2_wdt] 
 [<ffffffff814ef7b5>] ? page_fault+0x25/0x30 
 [<ffffffffa0e45000>] ? fitpc2_wdt_init+0x0/0x146 [sbc_fitpc2_wdt] 
 [<ffffffff81271f6b>] ? strcmp+0xb/0x30 
 [<ffffffff81096d15>] ? __blocking_notifier_call_chain+0x65/0x80 
 [<ffffffffa0e45022>] ? fitpc2_wdt_init+0x22/0x146 [sbc_fitpc2_wdt] 
 [<ffffffff8100204c>] ? do_one_initcall+0x3c/0x1d0 
 [<ffffffff810af4e1>] ? sys_init_module+0xe1/0x250 
 [<ffffffff8100b0f2>] ? system_call_fastpath+0x16/0x1b 
panic occurred, switching back to text console 


Version-Release number of selected component (if applicable):


How reproducible:
This happened on hp-dl360g5-01.rhts.eng.bos.redhat.com in our beaker test lab.
Recipe 409463 - https://beaker.engineering.redhat.com/recipes/409463

Steps to Reproduce:
modprobe sbc_fitpc2_wdt
  
Actual results:
Kernel panic

Expected results:
The module is loaded successfully.

Additional info:
RHEL6.3-20120216.n.0_nfs-Server-x86_64
Comment 2 RHEL Program Management 2012-05-03 05:25:56 UTC 
Since RHEL 6.3 External Beta has begun, and this bug remains
unresolved, it has been rejected as it is not proposed as
exception or blocker.

Red Hat invites you to ask your support representative to
propose this request, if appropriate and relevant, in the
next release of Red Hat Enterprise Linux.
Comment 6 Rafael Aquini 2013-08-08 19:39:56 UTC 
Patch(es) available on kernel-2.6.32-410.el6
Comment 10 errata-xmlrpc 2013-11-21 12:42:18 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

http://rhn.redhat.com/errata/RHSA-2013-1645.html
Note You need to log in before you can comment on or make changes to this bug.