[Bug 1840028] Re: NULL pointer dereference when Inserting the VIMC module
This bug was fixed in the package linux - 4.15.0-65.74 --- linux (4.15.0-65.74) bionic; urgency=medium * bionic/linux: 4.15.0-65.74 -proposed tracker (LP: #1844403) * arm64: large modules fail to load (LP: #1841109) - arm64/kernel: kaslr: reduce module randomization range to 4 GB - arm64/kernel: don't ban ADRP to work around Cortex-A53 erratum #843419 - arm64: fix undefined reference to 'printk' - arm64/kernel: rename module_emit_adrp_veneer->module_emit_veneer_for_adrp - [config] Remove CONFIG_ARM64_MODULE_CMODEL_LARGE * CVE-2018-20976 - xfs: clear sb->s_fs_info on mount failure * br_netfilter: namespace sysctl operations (LP: #1836910) - net: bridge: add bitfield for options and convert vlan opts - net: bridge: convert nf call options to bits - netfilter: bridge: port sysctls to use brnf_net - netfilter: bridge: namespace bridge netfilter sysctls - netfilter: bridge: prevent UAF in brnf_exit_net() * tuntap: correctly set SOCKWQ_ASYNC_NOSPACE (LP: #1830756) - tuntap: correctly set SOCKWQ_ASYNC_NOSPACE * Bionic update: upstream stable patchset 2019-08-30 (LP: #1842114) - HID: Add 044f:b320 ThrustMaster, Inc. 2 in 1 DT - MIPS: kernel: only use i8253 clocksource with periodic clockevent - mips: fix cacheinfo - netfilter: ebtables: fix a memory leak bug in compat - ASoC: dapm: Fix handling of custom_stop_condition on DAPM graph walks - bonding: Force slave speed check after link state recovery for 802.3ad - can: dev: call netif_carrier_off() in register_candev() - ASoC: Fail card instantiation if DAI format setup fails - st21nfca_connectivity_event_received: null check the allocation - st_nci_hci_connectivity_event_received: null check the allocation - ASoC: ti: davinci-mcasp: Correct slot_width posed constraint - net: usb: qmi_wwan: Add the BroadMobi BM818 card - qed: RDMA - Fix the hw_ver returned in device attributes - isdn: mISDN: hfcsusb: Fix possible null-pointer dereferences in start_isoc_chain() - netfilter: ipset: Fix rename concurrency with listing - isdn: hfcsusb: Fix mISDN driver crash caused by transfer buffer on the stack - perf bench numa: Fix cpu0 binding - can: sja1000: force the string buffer NULL-terminated - can: peak_usb: force the string buffer NULL-terminated - net/ethernet/qlogic/qed: force the string buffer NULL-terminated - NFSv4: Fix a potential sleep while atomic in nfs4_do_reclaim() - HID: input: fix a4tech horizontal wheel custom usage - SMB3: Kernel oops mounting a encryptData share with CONFIG_DEBUG_VIRTUAL - net: cxgb3_main: Fix a resource leak in a error path in 'init_one()' - net: hisilicon: make hip04_tx_reclaim non-reentrant - net: hisilicon: fix hip04-xmit never return TX_BUSY - net: hisilicon: Fix dma_map_single failed on arm64 - libata: have ata_scsi_rw_xlat() fail invalid passthrough requests - libata: add SG safety checks in SFF pio transfers - x86/lib/cpu: Address missing prototypes warning - drm/vmwgfx: fix memory leak when too many retries have occurred - perf ftrace: Fix failure to set cpumask when only one cpu is present - perf cpumap: Fix writing to illegal memory in handling cpumap mask - perf pmu-events: Fix missing "cpu_clk_unhalted.core" event - selftests: kvm: Adding config fragments - HID: wacom: correct misreported EKR ring values - HID: wacom: Correct distance scale for 2nd-gen Intuos devices - Revert "dm bufio: fix deadlock with loop device" - ceph: don't try fill file_lock on unsuccessful GETFILELOCK reply - libceph: fix PG split vs OSD (re)connect race - drm/nouveau: Don't retry infinitely when receiving no data on i2c over AUX - gpiolib: never report open-drain/source lines as 'input' to user-space - userfaultfd_release: always remove uffd flags and clear vm_userfaultfd_ctx - x86/retpoline: Don't clobber RFLAGS during CALL_NOSPEC on i386 - x86/apic: Handle missing global clockevent gracefully - x86/CPU/AMD: Clear RDRAND CPUID bit on AMD family 15h/16h - x86/boot: Save fields explicitly, zero out everything else - x86/boot: Fix boot regression caused by bootparam sanitizing - dm kcopyd: always complete failed jobs - dm btree: fix order of block initialization in btree_split_beneath - dm space map metadata: fix missing store of apply_bops() return value - dm table: fix invalid memory accesses with too high sector number - dm zoned: improve error handling in reclaim - dm zoned: improve error handling in i/o map code - dm zoned: properly handle backing device failure - genirq: Properly pair kobject_del() with kobject_add() - mm, page_owner: handle THP splits correctly - mm/zsmalloc.c: migration can leave pages in ZS_EMPTY indefinitely - mm/zsmalloc.c: fix race condition in zs_destroy_pool - xfs: fix missing ILOCK unlock when xfs_setat
[Bug 1840028] Re: NULL pointer dereference when Inserting the VIMC module
This bug is awaiting verification that the kernel in -proposed solves the problem. Please test the kernel and update this bug with the results. If the problem is solved, change the tag 'verification-needed- bionic' to 'verification-done-bionic'. If the problem still exists, change the tag 'verification-needed-bionic' to 'verification-failed- bionic'. If verification is not done by 5 working days from today, this fix will be dropped from the source code, and this bug will be closed. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you! ** Tags added: verification-needed-bionic -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1840028 Title: NULL pointer dereference when Inserting the VIMC module To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1840028/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1840028] Re: NULL pointer dereference when Inserting the VIMC module
This bug is awaiting verification that the kernel in -proposed solves the problem. Please test the kernel and update this bug with the results. If the problem is solved, change the tag 'verification-needed- disco' to 'verification-done-disco'. If the problem still exists, change the tag 'verification-needed-disco' to 'verification-failed-disco'. If verification is not done by 5 working days from today, this fix will be dropped from the source code, and this bug will be closed. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you! ** Tags added: verification-needed-disco -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1840028 Title: NULL pointer dereference when Inserting the VIMC module To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1840028/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1840028] Re: NULL pointer dereference when Inserting the VIMC module
** Changed in: linux (Ubuntu Bionic) Status: In Progress => Fix Committed ** Changed in: linux (Ubuntu Disco) Status: In Progress => Fix Committed -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1840028 Title: NULL pointer dereference when Inserting the VIMC module To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1840028/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1840028] Re: NULL pointer dereference when Inserting the VIMC module
This bug was fixed in the package linux - 5.2.0-13.14 --- linux (5.2.0-13.14) eoan; urgency=medium * eoan/linux: 5.2.0-13.14 -proposed tracker (LP: #1840261) * NULL pointer dereference when Inserting the VIMC module (LP: #1840028) - media: vimc: fix component match compare * Miscellaneous upstream changes - selftests/bpf: remove bpf_util.h from BPF C progs linux (5.2.0-12.13) eoan; urgency=medium * eoan/linux: 5.2.0-12.13 -proposed tracker (LP: #1840184) * Eoan update: v5.2.8 upstream stable release (LP: #1840178) - scsi: fcoe: Embed fc_rport_priv in fcoe_rport structure - libnvdimm/bus: Prepare the nd_ioctl() path to be re-entrant - libnvdimm/bus: Fix wait_nvdimm_bus_probe_idle() ABBA deadlock - ALSA: usb-audio: Sanity checks for each pipe and EP types - ALSA: usb-audio: Fix gpf in snd_usb_pipe_sanity_check - HID: wacom: fix bit shift for Cintiq Companion 2 - HID: Add quirk for HP X1200 PIXART OEM mouse - atm: iphase: Fix Spectre v1 vulnerability - bnx2x: Disable multi-cos feature. - drivers/net/ethernet/marvell/mvmdio.c: Fix non OF case - ife: error out when nla attributes are empty - ip6_gre: reload ipv6h in prepare_ip6gre_xmit_ipv6 - ip6_tunnel: fix possible use-after-free on xmit - ipip: validate header length in ipip_tunnel_xmit - mlxsw: spectrum: Fix error path in mlxsw_sp_module_init() - mvpp2: fix panic on module removal - mvpp2: refactor MTU change code - net: bridge: delete local fdb on device init failure - net: bridge: mcast: don't delete permanent entries when fast leave is enabled - net: bridge: move default pvid init/deinit to NETDEV_REGISTER/UNREGISTER - net: fix ifindex collision during namespace removal - net/mlx5e: always initialize frag->last_in_page - net/mlx5: Use reversed order when unregister devices - net: phy: fixed_phy: print gpio error only if gpio node is present - net: phylink: don't start and stop SGMII PHYs in SFP modules twice - net: phylink: Fix flow control for fixed-link - net: phy: mscc: initialize stats array - net: qualcomm: rmnet: Fix incorrect UL checksum offload logic - net: sched: Fix a possible null-pointer dereference in dequeue_func() - net sched: update vlan action for batched events operations - net: sched: use temporary variable for actions indexes - net/smc: do not schedule tx_work in SMC_CLOSED state - net: stmmac: Use netif_tx_napi_add() for TX polling function - NFC: nfcmrvl: fix gpio-handling regression - ocelot: Cancel delayed work before wq destruction - tipc: compat: allow tipc commands without arguments - tipc: fix unitilized skb list crash - tun: mark small packets as owned by the tap sock - net/mlx5: Fix modify_cq_in alignment - net/mlx5e: Prevent encap flow counter update async to user query - r8169: don't use MSI before RTL8168d - bpf: fix XDP vlan selftests test_xdp_vlan.sh - selftests/bpf: add wrapper scripts for test_xdp_vlan.sh - selftests/bpf: reduce time to execute test_xdp_vlan.sh - net: fix bpf_xdp_adjust_head regression for generic-XDP - hv_sock: Fix hang when a connection is closed - net: phy: fix race in genphy_update_link - net/smc: avoid fallback in case of non-blocking connect - rocker: fix memory leaks of fib_work on two error return paths - mlxsw: spectrum_buffers: Further reduce pool size on Spectrum-2 - net/mlx5: Add missing RDMA_RX capabilities - net/mlx5e: Fix matching of speed to PRM link modes - compat_ioctl: pppoe: fix PPPOEIOCSFWD handling - drm/i915/vbt: Fix VBT parsing for the PSR section - Revert "mac80211: set NETIF_F_LLTX when using intermediate tx queues" - spi: bcm2835: Fix 3-wire mode if DMA is enabled - Linux 5.2.8 * Miscellaneous Ubuntu changes - SAUCE: selftests/bpf: do not include Kbuild.include in makefile - update dkms package versions linux (5.2.0-11.12) eoan; urgency=medium * eoan/linux: 5.2.0-11.12 -proposed tracker (LP: #1839646) * Packaging resync (LP: #1786013) - [Packaging] resync getabis - [Packaging] update helper scripts * Eoan update: v5.2.7 upstream stable release (LP: #1839588) - Revert "UBUNTU: SAUCE: Revert "loop: Don't change loop device under exclusive opener"" - ARM: riscpc: fix DMA - ARM: dts: rockchip: Make rk3288-veyron-minnie run at hs200 - ARM: dts: rockchip: Make rk3288-veyron-mickey's emmc work again - clk: meson: mpll: properly handle spread spectrum - ARM: dts: rockchip: Mark that the rk3288 timer might stop in suspend - ftrace: Enable trampoline when rec count returns back to one - arm64: dts: qcom: qcs404-evb: fix l3 min voltage - soc: qcom: rpmpd: fixup rpmpd set performance state - arm64: dts: marvell: mcbin: enlarge PCI memory window - soc: imx: soc-imx8: Correct return value of error handle - dmaengine: tegra-apb: Error out if
[Bug 1840028] Re: NULL pointer dereference when Inserting the VIMC module
** Tags added: disco eoan -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1840028 Title: NULL pointer dereference when Inserting the VIMC module To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1840028/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1840028] Re: NULL pointer dereference when Inserting the VIMC module
** Changed in: linux (Ubuntu Eoan) Status: In Progress => Fix Committed -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1840028 Title: NULL pointer dereference when Inserting the VIMC module To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1840028/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1840028] Re: NULL pointer dereference when Inserting the VIMC module
https://lists.ubuntu.com/archives/kernel-team/2019-August/103092.html -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1840028 Title: NULL pointer dereference when Inserting the VIMC module To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1840028/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1840028] Re: NULL pointer dereference when Inserting the VIMC module
** Description changed: == SRU Justification == When trying to insert a vimc module on a system has other devices being registered in the component framework, if the device is not necessarily a platform_device, nor have a platform_data it will trigger a NULL pointer deference issue. - Issue found on a bare metal node with Bionic kernel (with config vimc - enabled) + Issue found on a bare metal node with config vimc enabled. ubuntu@amaura:~$ sudo modprobe vimc Killed dmesg output: [ 2855.340272] media: Linux media interface: v0.10 [ 2855.344927] Linux video capture interface: v2.00 [ 2855.346146] BUG: unable to handle kernel NULL pointer dereference at [ 2855.346172] IP: strcmp+0xe/0x30 [ 2855.346181] PGD 0 P4D 0 [ 2855.346189] Oops: [#1] SMP PTI [ 2855.346198] Modules linked in: vimc(+) videodev media ppdev intel_rapl x86_pkg_temp_thermal intel_powerclamp coretemp kvm_intel binfmt_misc kvm irqbypass intel_cstate intel_rapl_perf ipmi_si joydev ipmi_devintf ipmi_msghandler intel_pch_thermal input_leds parport_pc lpc_ich shpchp parport mac_hid sch_fq_codel ib_iser rdma_cm iw_cm ib_cm ib_core iscsi_tcp libiscsi_tcp libiscsi scsi_transport_iscsi ip_tables x_tables autofs4 btrfs zstd_compress raid10 raid456 async_raid6_recov async_memcpy async_pq async_xor async_tx xor raid6_pq libcrc32c raid1 raid0 multipath linear hid_generic usbhid hid crct10dif_pclmul crc32_pclmul ghash_clmulni_intel pcbc i915 mgag200 ttm drm_kms_helper aesni_intel syscopyarea aes_x86_64 sysfillrect crypto_simd igb sysimgblt glue_helper fb_sys_fops cryptd dca drm i2c_algo_bit [ 2855.346366] ahci ptp libahci pps_core video [ 2855.346379] CPU: 4 PID: 1505 Comm: modprobe Not tainted 4.15.0-58-generic #64 [ 2855.346395] Hardware name: Intel Corporation S1200RP/S1200RP, BIOS S1200RP.86B.03.02.0003.070120151022 07/01/2015 [ 2855.346418] RIP: 0010:strcmp+0xe/0x30 [ 2855.346428] RSP: 0018:b63501f93a00 EFLAGS: 00010202 [ 2855.346440] RAX: c0c860f0 RBX: RCX: [ 2855.346456] RDX: a097d85ec440 RSI: c0c8723f RDI: 0001 [ 2855.346473] RBP: b63501f93a00 R08: a097e09270a0 R09: a097d265ca80 [ 2855.346489] R10: e84b51559600 R11: 0200 R12: a097dcdbf718 [ 2855.346505] R13: a097d265ca80 R14: a097d2f2b380 R15: [ 2855.346521] FS: 7fd7f4e4b540() GS:a097e090() knlGS: [ 2855.346539] CS: 0010 DS: ES: CR0: 80050033 [ 2855.346553] CR2: CR3: 0004580fc001 CR4: 003606e0 [ 2855.346569] DR0: DR1: DR2: [ 2855.346585] DR3: DR6: fffe0ff0 DR7: 0400 [ 2855.346601] Call Trace: [ 2855.346611] vimc_comp_compare+0x15/0x20 [vimc] [ 2855.346624] try_to_bring_up_master+0xa3/0x260 [ 2855.346635] ? vimc_remove+0x90/0x90 [vimc] [ 2855.346646] component_master_add_with_match+0x8b/0xd0 [ 2855.346659] vimc_probe+0x325/0x3c9 [vimc] [ 2855.346672] ? acpi_dev_pm_attach+0x25/0xd0 [ 2855.346683] platform_drv_probe+0x3e/0xa0 [ 2855.346693] driver_probe_device+0x30c/0x490 [ 2855.346704] __driver_attach+0xa7/0xf0 [ 2855.346714] ? driver_probe_device+0x490/0x490 [ 2855.346725] bus_for_each_dev+0x70/0xc0 [ 2855.346735] driver_attach+0x1e/0x20 [ 2855.346744] bus_add_driver+0x1c7/0x270 [ 2855.346754] ? 0xc0c8b000 [ 2855.346763] driver_register+0x60/0xe0 [ 2855.346772] ? 0xc0c8b000 [ 2855.346781] __platform_driver_register+0x36/0x40 [ 2855.346793] vimc_init+0x46/0x1000 [vimc] [ 2855.347306] do_one_initcall+0x52/0x19f [ 2855.347810] ? __vunmap+0x8e/0xc0 [ 2855.348322] ? _cond_resched+0x19/0x40 [ 2855.348811] ? kmem_cache_alloc_trace+0x14e/0x1b0 [ 2855.349290] ? do_init_module+0x27/0x209 [ 2855.349768] do_init_module+0x5f/0x209 [ 2855.350246] load_module+0x193b/0x1f30 [ 2855.350710] ? ima_post_read_file+0x96/0xa0 [ 2855.351159] SYSC_finit_module+0xfc/0x120 [ 2855.351592] ? SYSC_finit_module+0xfc/0x120 [ 2855.352010] SyS_finit_module+0xe/0x10 [ 2855.352412] do_syscall_64+0x73/0x130 [ 2855.352797] entry_SYSCALL_64_after_hwframe+0x3d/0xa2 [ 2855.353169] RIP: 0033:0x7fd7f4959839 [ 2855.353538] RSP: 002b:7ffd7e3fd5c8 EFLAGS: 0246 ORIG_RAX: 0139 [ 2855.353915] RAX: ffda RBX: 563c3b02eea0 RCX: 7fd7f4959839 [ 2855.354286] RDX: RSI: 563c39de5d2e RDI: 0005 [ 2855.354647] RBP: 563c39de5d2e R08: R09: 563c3b02eea0 [ 2855.355009] R10: 0005 R11: 0246 R12: [ 2855.355369] R13: 563c3b02ef20 R14: 0004 R15: 563c3b02eea0 [ 2855.355728] Code: 01 c8 c3 c6 44 07 ff 00 eb 91 31 c0 eb c9 48 c7 c0 f9 ff ff ff c3 0f 1f 80 00 00 00 00 55 48 89 e5
[Bug 1840028] Re: NULL pointer dereference when Inserting the VIMC module
** Description changed: == SRU Justification == When trying to insert a vimc module on a system has other devices being registered in the component framework, if the device is not necessarily a platform_device, nor have a platform_data it will trigger a NULL pointer deference issue. Issue found on a bare metal node with Bionic kernel (with config vimc enabled) ubuntu@amaura:~$ sudo modprobe vimc Killed dmesg output: [ 2855.340272] media: Linux media interface: v0.10 [ 2855.344927] Linux video capture interface: v2.00 [ 2855.346146] BUG: unable to handle kernel NULL pointer dereference at [ 2855.346172] IP: strcmp+0xe/0x30 [ 2855.346181] PGD 0 P4D 0 [ 2855.346189] Oops: [#1] SMP PTI [ 2855.346198] Modules linked in: vimc(+) videodev media ppdev intel_rapl x86_pkg_temp_thermal intel_powerclamp coretemp kvm_intel binfmt_misc kvm irqbypass intel_cstate intel_rapl_perf ipmi_si joydev ipmi_devintf ipmi_msghandler intel_pch_thermal input_leds parport_pc lpc_ich shpchp parport mac_hid sch_fq_codel ib_iser rdma_cm iw_cm ib_cm ib_core iscsi_tcp libiscsi_tcp libiscsi scsi_transport_iscsi ip_tables x_tables autofs4 btrfs zstd_compress raid10 raid456 async_raid6_recov async_memcpy async_pq async_xor async_tx xor raid6_pq libcrc32c raid1 raid0 multipath linear hid_generic usbhid hid crct10dif_pclmul crc32_pclmul ghash_clmulni_intel pcbc i915 mgag200 ttm drm_kms_helper aesni_intel syscopyarea aes_x86_64 sysfillrect crypto_simd igb sysimgblt glue_helper fb_sys_fops cryptd dca drm i2c_algo_bit [ 2855.346366] ahci ptp libahci pps_core video [ 2855.346379] CPU: 4 PID: 1505 Comm: modprobe Not tainted 4.15.0-58-generic #64 [ 2855.346395] Hardware name: Intel Corporation S1200RP/S1200RP, BIOS S1200RP.86B.03.02.0003.070120151022 07/01/2015 [ 2855.346418] RIP: 0010:strcmp+0xe/0x30 [ 2855.346428] RSP: 0018:b63501f93a00 EFLAGS: 00010202 [ 2855.346440] RAX: c0c860f0 RBX: RCX: [ 2855.346456] RDX: a097d85ec440 RSI: c0c8723f RDI: 0001 [ 2855.346473] RBP: b63501f93a00 R08: a097e09270a0 R09: a097d265ca80 [ 2855.346489] R10: e84b51559600 R11: 0200 R12: a097dcdbf718 [ 2855.346505] R13: a097d265ca80 R14: a097d2f2b380 R15: [ 2855.346521] FS: 7fd7f4e4b540() GS:a097e090() knlGS: [ 2855.346539] CS: 0010 DS: ES: CR0: 80050033 [ 2855.346553] CR2: CR3: 0004580fc001 CR4: 003606e0 [ 2855.346569] DR0: DR1: DR2: [ 2855.346585] DR3: DR6: fffe0ff0 DR7: 0400 [ 2855.346601] Call Trace: [ 2855.346611] vimc_comp_compare+0x15/0x20 [vimc] [ 2855.346624] try_to_bring_up_master+0xa3/0x260 [ 2855.346635] ? vimc_remove+0x90/0x90 [vimc] [ 2855.346646] component_master_add_with_match+0x8b/0xd0 [ 2855.346659] vimc_probe+0x325/0x3c9 [vimc] [ 2855.346672] ? acpi_dev_pm_attach+0x25/0xd0 [ 2855.346683] platform_drv_probe+0x3e/0xa0 [ 2855.346693] driver_probe_device+0x30c/0x490 [ 2855.346704] __driver_attach+0xa7/0xf0 [ 2855.346714] ? driver_probe_device+0x490/0x490 [ 2855.346725] bus_for_each_dev+0x70/0xc0 [ 2855.346735] driver_attach+0x1e/0x20 [ 2855.346744] bus_add_driver+0x1c7/0x270 [ 2855.346754] ? 0xc0c8b000 [ 2855.346763] driver_register+0x60/0xe0 [ 2855.346772] ? 0xc0c8b000 [ 2855.346781] __platform_driver_register+0x36/0x40 [ 2855.346793] vimc_init+0x46/0x1000 [vimc] [ 2855.347306] do_one_initcall+0x52/0x19f [ 2855.347810] ? __vunmap+0x8e/0xc0 [ 2855.348322] ? _cond_resched+0x19/0x40 [ 2855.348811] ? kmem_cache_alloc_trace+0x14e/0x1b0 [ 2855.349290] ? do_init_module+0x27/0x209 [ 2855.349768] do_init_module+0x5f/0x209 [ 2855.350246] load_module+0x193b/0x1f30 [ 2855.350710] ? ima_post_read_file+0x96/0xa0 [ 2855.351159] SYSC_finit_module+0xfc/0x120 [ 2855.351592] ? SYSC_finit_module+0xfc/0x120 [ 2855.352010] SyS_finit_module+0xe/0x10 [ 2855.352412] do_syscall_64+0x73/0x130 [ 2855.352797] entry_SYSCALL_64_after_hwframe+0x3d/0xa2 [ 2855.353169] RIP: 0033:0x7fd7f4959839 [ 2855.353538] RSP: 002b:7ffd7e3fd5c8 EFLAGS: 0246 ORIG_RAX: 0139 [ 2855.353915] RAX: ffda RBX: 563c3b02eea0 RCX: 7fd7f4959839 [ 2855.354286] RDX: RSI: 563c39de5d2e RDI: 0005 [ 2855.354647] RBP: 563c39de5d2e R08: R09: 563c3b02eea0 [ 2855.355009] R10: 0005 R11: 0246 R12: [ 2855.355369] R13: 563c3b02ef20 R14: 0004 R15: 563c3b02eea0 [ 2855.355728] Code: 01 c8 c3 c6 44 07 ff 00 eb 91 31 c0 eb c9 48 c7 c0 f9 ff ff ff c3 0f 1f 80 00 00 00 00 55 48 89 e5 eb 04 84 c0 74 18 48 83 c7 01 <0f> b6 47 ff 48 83 c6 01 3a
[Bug 1840028] Re: NULL pointer dereference when Inserting the VIMC module
** Description changed: + == SRU Justification == + When trying to insert a vimc module on a system has other devices being registered in the component framework, if the device is not necessarily a platform_device, nor have a platform_data it will trigger a NULL pointer deference issue. + Issue found on a bare metal node with Bionic kernel (with config vimc - enabled, see bug 1831482) + enabled) ubuntu@amaura:~$ sudo modprobe vimc Killed dmesg output: - [ 127.004498] new mount options do not match the existing superblock, will be ignored [ 2855.340272] media: Linux media interface: v0.10 [ 2855.344927] Linux video capture interface: v2.00 [ 2855.346146] BUG: unable to handle kernel NULL pointer dereference at [ 2855.346172] IP: strcmp+0xe/0x30 [ 2855.346181] PGD 0 P4D 0 [ 2855.346189] Oops: [#1] SMP PTI [ 2855.346198] Modules linked in: vimc(+) videodev media ppdev intel_rapl x86_pkg_temp_thermal intel_powerclamp coretemp kvm_intel binfmt_misc kvm irqbypass intel_cstate intel_rapl_perf ipmi_si joydev ipmi_devintf ipmi_msghandler intel_pch_thermal input_leds parport_pc lpc_ich shpchp parport mac_hid sch_fq_codel ib_iser rdma_cm iw_cm ib_cm ib_core iscsi_tcp libiscsi_tcp libiscsi scsi_transport_iscsi ip_tables x_tables autofs4 btrfs zstd_compress raid10 raid456 async_raid6_recov async_memcpy async_pq async_xor async_tx xor raid6_pq libcrc32c raid1 raid0 multipath linear hid_generic usbhid hid crct10dif_pclmul crc32_pclmul ghash_clmulni_intel pcbc i915 mgag200 ttm drm_kms_helper aesni_intel syscopyarea aes_x86_64 sysfillrect crypto_simd igb sysimgblt glue_helper fb_sys_fops cryptd dca drm i2c_algo_bit [ 2855.346366] ahci ptp libahci pps_core video [ 2855.346379] CPU: 4 PID: 1505 Comm: modprobe Not tainted 4.15.0-58-generic #64 [ 2855.346395] Hardware name: Intel Corporation S1200RP/S1200RP, BIOS S1200RP.86B.03.02.0003.070120151022 07/01/2015 [ 2855.346418] RIP: 0010:strcmp+0xe/0x30 [ 2855.346428] RSP: 0018:b63501f93a00 EFLAGS: 00010202 [ 2855.346440] RAX: c0c860f0 RBX: RCX: [ 2855.346456] RDX: a097d85ec440 RSI: c0c8723f RDI: 0001 [ 2855.346473] RBP: b63501f93a00 R08: a097e09270a0 R09: a097d265ca80 [ 2855.346489] R10: e84b51559600 R11: 0200 R12: a097dcdbf718 [ 2855.346505] R13: a097d265ca80 R14: a097d2f2b380 R15: [ 2855.346521] FS: 7fd7f4e4b540() GS:a097e090() knlGS: [ 2855.346539] CS: 0010 DS: ES: CR0: 80050033 [ 2855.346553] CR2: CR3: 0004580fc001 CR4: 003606e0 [ 2855.346569] DR0: DR1: DR2: [ 2855.346585] DR3: DR6: fffe0ff0 DR7: 0400 [ 2855.346601] Call Trace: [ 2855.346611] vimc_comp_compare+0x15/0x20 [vimc] [ 2855.346624] try_to_bring_up_master+0xa3/0x260 [ 2855.346635] ? vimc_remove+0x90/0x90 [vimc] [ 2855.346646] component_master_add_with_match+0x8b/0xd0 [ 2855.346659] vimc_probe+0x325/0x3c9 [vimc] [ 2855.346672] ? acpi_dev_pm_attach+0x25/0xd0 [ 2855.346683] platform_drv_probe+0x3e/0xa0 [ 2855.346693] driver_probe_device+0x30c/0x490 [ 2855.346704] __driver_attach+0xa7/0xf0 [ 2855.346714] ? driver_probe_device+0x490/0x490 [ 2855.346725] bus_for_each_dev+0x70/0xc0 [ 2855.346735] driver_attach+0x1e/0x20 [ 2855.346744] bus_add_driver+0x1c7/0x270 [ 2855.346754] ? 0xc0c8b000 [ 2855.346763] driver_register+0x60/0xe0 [ 2855.346772] ? 0xc0c8b000 [ 2855.346781] __platform_driver_register+0x36/0x40 [ 2855.346793] vimc_init+0x46/0x1000 [vimc] [ 2855.347306] do_one_initcall+0x52/0x19f [ 2855.347810] ? __vunmap+0x8e/0xc0 [ 2855.348322] ? _cond_resched+0x19/0x40 [ 2855.348811] ? kmem_cache_alloc_trace+0x14e/0x1b0 [ 2855.349290] ? do_init_module+0x27/0x209 [ 2855.349768] do_init_module+0x5f/0x209 [ 2855.350246] load_module+0x193b/0x1f30 [ 2855.350710] ? ima_post_read_file+0x96/0xa0 [ 2855.351159] SYSC_finit_module+0xfc/0x120 [ 2855.351592] ? SYSC_finit_module+0xfc/0x120 [ 2855.352010] SyS_finit_module+0xe/0x10 [ 2855.352412] do_syscall_64+0x73/0x130 [ 2855.352797] entry_SYSCALL_64_after_hwframe+0x3d/0xa2 [ 2855.353169] RIP: 0033:0x7fd7f4959839 [ 2855.353538] RSP: 002b:7ffd7e3fd5c8 EFLAGS: 0246 ORIG_RAX: 0139 [ 2855.353915] RAX: ffda RBX: 563c3b02eea0 RCX: 7fd7f4959839 [ 2855.354286] RDX: RSI: 563c39de5d2e RDI: 0005 [ 2855.354647] RBP: 563c39de5d2e R08: R09: 563c3b02eea0 [ 2855.355009] R10: 0005 R11: 0246 R12: [ 2855.355369] R13: 563c3b02ef20 R14: 0004 R15: 563c3b02eea0 [ 2855.355728] Code: 01 c8 c3 c6 44 07 ff 00 eb 91 31 c0 eb c9
[Bug 1840028] Re: NULL pointer dereference when Inserting the VIMC module
Affecting Disco as well, passed with patched kernel. ** Also affects: linux (Ubuntu Disco) Importance: Undecided Status: New ** Also affects: linux (Ubuntu Eoan) Importance: Undecided Assignee: Po-Hsu Lin (cypressyew) Status: Incomplete ** Changed in: linux (Ubuntu Disco) Assignee: (unassigned) => Po-Hsu Lin (cypressyew) -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1840028 Title: NULL pointer dereference when Inserting the VIMC module To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1840028/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1840028] Re: NULL pointer dereference when Inserting the VIMC module
With the Bionic test kernel https://people.canonical.com/~phlin/kernel/lp-1840028-null-ptr-vimc/B/ This issue will gone: ubuntu@amaura:~$ sudo modprobe vimc ubuntu@amaura:~$ [ 10.048268] IPv6: ADDRCONF(NETDEV_CHANGE): eno1: link becomes ready [ 127.217396] new mount options do not match the existing superblock, will be ignored [ 142.328019] media: Linux media interface: v0.10 [ 142.332711] Linux video capture interface: v2.00 [ 142.343775] vimc vimc.0: bound vimc-sensor.1.auto (ops vimc_sen_comp_ops [vimc_sensor]) [ 142.343891] vimc vimc.0: bound vimc-sensor.2.auto (ops vimc_sen_comp_ops [vimc_sensor]) [ 142.343893] vimc vimc.0: bound vimc-debayer.3.auto (ops vimc_deb_comp_ops [vimc_debayer]) [ 142.343895] vimc vimc.0: bound vimc-debayer.4.auto (ops vimc_deb_comp_ops [vimc_debayer]) [ 142.343931] vimc vimc.0: bound vimc-capture.5.auto (ops vimc_cap_comp_ops [vimc_capture]) [ 142.343952] vimc vimc.0: bound vimc-capture.6.auto (ops vimc_cap_comp_ops [vimc_capture]) [ 142.344059] vimc vimc.0: bound vimc-sensor.7.auto (ops vimc_sen_comp_ops [vimc_sensor]) [ 142.344061] vimc vimc.0: bound vimc-scaler.8.auto (ops vimc_sca_comp_ops [vimc_scaler]) [ 142.344083] vimc vimc.0: bound vimc-capture.9.auto (ops vimc_cap_comp_ops [vimc_capture]) -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1840028 Title: NULL pointer dereference when Inserting the VIMC module To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1840028/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1840028] Re: NULL pointer dereference when Inserting the VIMC module
Fix: https://github.com/torvalds/linux/commit/ee1c71a8e1456ab53fe667281d855849edf26a4d #diff-4764248de66b484b364df935156b7e92 ** Tags added: bionic ** Changed in: linux (Ubuntu) Assignee: (unassigned) => Po-Hsu Lin (cypressyew) ** Changed in: linux (Ubuntu Bionic) Assignee: (unassigned) => Po-Hsu Lin (cypressyew) ** Changed in: linux (Ubuntu Bionic) Status: New => Incomplete ** Changed in: linux (Ubuntu Bionic) Status: Incomplete => In Progress -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1840028 Title: NULL pointer dereference when Inserting the VIMC module To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1840028/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
