Bug 808603 - i2400m null pointer dereference
Summary: i2400m null pointer dereference
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Fedora
Classification: Fedora
Component: kernel
Version: 17
Hardware: Unspecified
OS: Unspecified
unspecified
unspecified
Target Milestone: ---
Assignee: Kernel Maintainer List
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard:
: 799092 804836 809644 (view as bug list)
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2012-03-30 19:55 UTC by Bill Nottingham
Modified: 2014-03-17 03:30 UTC (History)
10 users (show)

Fixed In Version: kernel-2.6.43.2-6.fc15
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2012-04-08 03:27:32 UTC
Type: ---


Attachments (Terms of Use)
a patch thrown at upstream (1.58 KB, patch)
2012-03-30 20:25 UTC, Bill Nottingham
no flags Details | Diff

Description Bill Nottingham 2012-03-30 19:55:54 UTC
Description of problem:

The most awesome part is that it does this in the device add path, so any attempt to pull kernel network device information via netlink hangs.

[    5.243248] BUG: unable to handle kernel NULL pointer dereference at           (null)
[    5.243293] IP: [<ffffffff812c5b98>] strncpy+0x18/0x30
[    5.243324] PGD 21e4f2067 PUD 21e4f3067 PMD 0 
[    5.243356] Oops: 0000 [#1] SMP 
[    5.243380] CPU 1 
[    5.243393] Modules linked in: cnic(+) uio cxgb4i cxgb4 cxgb3i cxgb3 mdio libcxgbi ib_iser rdma_cm ib_addr 
iw_cm ib_cm ib_sa ib_mad ib_core iscsi_tcp libiscsi_tcp libiscsi scsi_transport_iscsi ip6t_REJECT nf_conntrack
_ipv6 nf_defrag_ipv6 xt_physdev nf_conntrack_ipv4 nf_defrag_ipv4 ip6table_filter xt_state nf_conntrack ip6_tab
les snd_hda_codec_hdmi snd_hda_codec_conexant arc4 vhost_net tun macvtap macvlan kvm_intel snd_hda_intel i2400
m_usb(+) kvm snd_hda_codec iwlwifi snd_hwdep snd_pcm mac80211 snd_page_alloc i2400m snd_timer thinkpad_acpi(+)
 iTCO_wdt snd binfmt_misc wimax microcode btusb bluetooth intel_ips i2c_i801 iTCO_vendor_support cfg80211 soun
dcore e1000e wmi rfkill uinput ums_realtek usb_storage i915 video i2c_algo_bit drm_kms_helper drm i2c_core
[    5.243958] 
[    5.243969] Pid: 548, comm: modprobe Not tainted 3.3.0-8.fc17.x86_64 #1 LENOVO 5129CTO/5129CTO
[    5.244012] RIP: 0010:[<ffffffff812c5b98>]  [<ffffffff812c5b98>] strncpy+0x18/0x30
[    5.244047] RSP: 0018:ffff88021e6b1c78  EFLAGS: 00010202
[    5.244070] RAX: ffff88021e6b1cf0 RBX: ffff88021e6b1cac RCX: ffff88021e6b1cf0
[    5.244098] RDX: 000000000000001f RSI: 0000000000000000 RDI: ffff88021e6b1cf0
[    5.244126] RBP: ffff88021e6b1c78 R08: ffff88021e6b1d0f R09: 000000000000fffd
[    5.244154] R10: 0000000000000000 R11: 0000000000000000 R12: ffff88022da1b000
[    5.244183] R13: ffff88022da1b000 R14: 0000000000000000 R15: ffff88022da1b000
[    5.244211] FS:  00007f0cef80a740(0000) GS:ffff88023bc80000(0000) knlGS:0000000000000000
[    5.244243] CS:  0010 DS: 0000 ES: 0000 CR0: 000000008005003b
[    5.244267] CR2: 0000000000000000 CR3: 000000021e4f5000 CR4: 00000000000006e0
[    5.244295] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[    5.244323] DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000400
[    5.244352] Process modprobe (pid: 548, threadinfo ffff88021e6b0000, task ffff88022dbc8000)
[    5.244392] Stack:
[    5.244406]  ffff88021e6b1c98 ffffffffa0250c46 0000000000000000 ffff88021e6b1cac
[    5.244445]  ffff88021e6b1da8 ffffffffa05b571b 000000001e6b1cd8 00006d3030343269
[    5.244483]  0000000000000000 0000000000000000 0000000000000000 0000000000000000
[    5.244522] Call Trace:
[    5.244542]  [<ffffffffa0250c46>] i2400m_get_drvinfo+0x56/0x90 [i2400m]
[    5.244572]  [<ffffffffa05b571b>] is_cnic_dev+0x7b/0x500 [cnic]
[    5.244599]  [<ffffffffa05b6bca>] cnic_netdev_event+0xca/0x340 [cnic]
[    5.244627]  [<ffffffffa05c1000>] ? 0xffffffffa05c0fff
[    5.244654]  [<ffffffff814db725>] register_netdevice_notifier+0x85/0x1c0
[    5.244682]  [<ffffffffa05c1000>] ? 0xffffffffa05c0fff
[    5.244706]  [<ffffffffa05c1028>] cnic_init+0x28/0x1000 [cnic]
[    5.244733]  [<ffffffff8100212a>] do_one_initcall+0x12a/0x180
[    5.244761]  [<ffffffff810b6136>] sys_init_module+0x1106/0x20b0
[    5.244788]  [<ffffffff815f33e9>] system_call_fastpath+0x16/0x1b
[    5.244813] Code: 84 c9 75 ef 5d c3 66 66 66 66 2e 0f 1f 84 00 00 00 00 00 55 48 85 d2 48 89 f8 4c 8d 04 17 48 89 f9 48 89 e5 74 1a 0f 1f 44 00 00 <0f> b6 16 80 fa 01 88 11 48 83 de ff 48 83 c1 01 4c 39 c1 75 eb 
[    5.245117] RIP  [<ffffffff812c5b98>] strncpy+0x18/0x30
[    5.245143]  RSP <ffff88021e6b1c78>
[    5.245159] CR2: 0000000000000000



Version-Release number of selected component (if applicable):


How reproducible:


Steps to Reproduce:
1.
2.
3.
  
Actual results:


Expected results:


Additional info:

Comment 1 Bill Nottingham 2012-03-30 19:56:42 UTC
3.3.0-8.fc17.x86_64

Comment 2 Bill Nottingham 2012-03-30 20:25:29 UTC
Created attachment 574091 [details]
a patch thrown at upstream

Comment 3 Stanislaw Gruszka 2012-04-04 11:10:08 UTC
*** Bug 804836 has been marked as a duplicate of this bug. ***

Comment 4 Stanislaw Gruszka 2012-04-04 11:11:20 UTC
Upstream commit (not CCed stable).

commit 4eee6a3a04e8bb53fbe7de0f64d0524d3fbe3f80
Author: Phil Sutter <phil.sutter@viprinet.com>
Date:   Mon Mar 26 09:01:30 2012 +0000

    wimax: i2400m - prevent a possible kernel bug due to missing fw_name string

Comment 5 Josh Boyer 2012-04-04 12:21:43 UTC
Fixed in F15-F17.

Comment 6 Stanislaw Gruszka 2012-04-04 22:35:36 UTC
*** Bug 809644 has been marked as a duplicate of this bug. ***

Comment 7 Fedora Update System 2012-04-05 12:50:51 UTC
kernel-3.3.1-3.fc17 has been submitted as an update for Fedora 17.
https://admin.fedoraproject.org/updates/kernel-3.3.1-3.fc17

Comment 8 Fedora Update System 2012-04-05 12:53:43 UTC
kernel-3.3.1-3.fc16 has been submitted as an update for Fedora 16.
https://admin.fedoraproject.org/updates/kernel-3.3.1-3.fc16

Comment 9 Fedora Update System 2012-04-05 18:25:01 UTC
Package kernel-3.3.1-3.fc17:
* should fix your issue,
* was pushed to the Fedora 17 testing repository,
* should be available at your local mirror within two days.
Update it with:
# su -c 'yum update --enablerepo=updates-testing kernel-3.3.1-3.fc17'
as soon as you are able to, then reboot.
Please go to the following url:
https://admin.fedoraproject.org/updates/FEDORA-2012-5346/kernel-3.3.1-3.fc17
then log in and leave karma (feedback).

Comment 10 Fedora Update System 2012-04-08 03:27:32 UTC
kernel-3.3.1-3.fc16 has been pushed to the Fedora 16 stable repository.  If problems still persist, please make note of it in this bug report.

Comment 11 Fedora Update System 2012-04-11 00:27:28 UTC
kernel-3.3.1-5.fc16 has been submitted as an update for Fedora 16.
https://admin.fedoraproject.org/updates/kernel-3.3.1-5.fc16

Comment 12 Fedora Update System 2012-04-11 00:28:56 UTC
kernel-3.3.1-5.fc17 has been submitted as an update for Fedora 17.
https://admin.fedoraproject.org/updates/kernel-3.3.1-5.fc17

Comment 13 Fedora Update System 2012-04-11 00:29:46 UTC
kernel-2.6.43.1-5.fc15 has been submitted as an update for Fedora 15.
https://admin.fedoraproject.org/updates/kernel-2.6.43.1-5.fc15

Comment 14 Josh Boyer 2012-04-11 17:45:46 UTC
*** Bug 799092 has been marked as a duplicate of this bug. ***

Comment 15 Fedora Update System 2012-04-13 21:33:12 UTC
kernel-3.3.1-5.fc16 has been pushed to the Fedora 16 stable repository.  If problems still persist, please make note of it in this bug report.

Comment 16 Fedora Update System 2012-04-14 00:40:27 UTC
kernel-2.6.43.2-2.fc15 has been submitted as an update for Fedora 15.
https://admin.fedoraproject.org/updates/kernel-2.6.43.2-2.fc15

Comment 17 Fedora Update System 2012-04-14 04:33:37 UTC
kernel-3.3.1-5.fc17 has been pushed to the Fedora 17 stable repository.  If problems still persist, please make note of it in this bug report.

Comment 18 Fedora Update System 2012-04-21 16:47:24 UTC
kernel-2.6.43.2-6.fc15 has been submitted as an update for Fedora 15.
https://admin.fedoraproject.org/updates/kernel-2.6.43.2-6.fc15

Comment 19 Fedora Update System 2012-04-26 03:28:39 UTC
kernel-2.6.43.2-6.fc15 has been pushed to the Fedora 15 stable repository.  If problems still persist, please make note of it in this bug report.


Note You need to log in before you can comment on or make changes to this bug.