Wind River Support Network

HomeDefectsLIN8-8589
Fixed

LIN8-8589 : NULL pointer dereference in tipc_send workqueue

Created: Jan 23, 2018    Updated: Dec 3, 2018
Resolved Date: Apr 25, 2018
Found In Version: 8.0.0.24
Fix Version: 8.0.0.26
Severity: Severe
Applicable for: Wind River Linux 8
Component/s: Kernel

Description

There is a "NULL pointer dereference in tipc_send workqueue"

The following are the crash outputs:

Nov 16 13:38:50 typhoon-base-unit1 kernel: BUG: unable to handle kernel NULL pointer dereference at 0000000000000028 
Nov 16 13:38:50 typhoon-base-unit1 kernel: IP: [<ffffffff817d9810>] kernel_sendmsg+0x20/0x50 
Nov 16 13:38:50 typhoon-base-unit1 kernel: PGD 280587067 PUD 2c6b23067 PMD 0 
Nov 16 13:38:50 typhoon-base-unit1 kernel: Oops: 0000 [#1] PREEMPT SMP 
Nov 16 13:38:50 typhoon-base-unit1 kernel: Modules linked in: xfrm_user af_key xt_pkttype tipc ip6_udp_tunnel udp_tunnel bonding 
Nov 16 13:38:50 typhoon-base-unit1 kernel: CPU: 1 PID: 10235 Comm: kworker/u10:1 Not tainted 4.1.21-WR0.1_cgl #1 
Nov 16 13:38:50 typhoon-base-unit1 kernel: Hardware name: Red Hat KVM, BIOS 0.5.1 01/01/2007 
Nov 16 13:38:50 typhoon-base-unit1 kernel: Workqueue: tipc_send tipc_send_work [tipc] 
Nov 16 13:38:50 typhoon-base-unit1 kernel: task: ffff8802e0088000 ti: ffff8802805cc000 task.ti: ffff8802805cc000 
Nov 16 13:38:50 typhoon-base-unit1 kernel: RIP: 0010:[<ffffffff817d9810>] [<ffffffff817d9810>] kernel_sendmsg+0x20/0x50 
Nov 16 13:38:50 typhoon-base-unit1 kernel: RSP: 0018:ffff8802805cfd38 EFLAGS: 00210202 
Nov 16 13:38:50 typhoon-base-unit1 kernel: RAX: 0000000000000001 RBX: ffff8802805cfd70 RCX: 0000000000000001 
Nov 16 13:38:50 typhoon-base-unit1 kernel: RDX: ffff8800b1e56fd0 RSI: 0000000000000003 RDI: ffff8802805cfd80 
Nov 16 13:38:50 typhoon-base-unit1 kernel: RBP: ffff8802805cfd48 R08: 0000000000000030 R09: 0000000000000001 
Nov 16 13:38:50 typhoon-base-unit1 kernel: R10: 0000000000000001 R11: 00000000000001bd R12: 0000000000000000 
Nov 16 13:38:50 typhoon-base-unit1 kernel: FS: 0000000000000000(0000) GS:ffff880313100000(0000) knlGS:0000000000000000 
Nov 16 13:38:50 typhoon-base-unit1 kernel: CS: 0010 DS: 0000 ES: 0000 CR0: 000000008005003b 
Nov 16 13:38:50 typhoon-base-unit1 kernel: CR2: 0000000000000028 CR3: 00000002807b7000 CR4: 00000000000006e0 
Nov 16 13:38:50 typhoon-base-unit1 kernel: Stack: 
Nov 16 13:38:50 typhoon-base-unit1 kernel: 0000000000000000 ffff8800b1e56fc0 ffff8802805cfdf8 ffffffffa0043c69 
Nov 16 13:38:50 typhoon-base-unit1 kernel: ffff8800c828e000 ffff8800c828e050 ffff8803112930a0 0000000000000000 
Nov 16 13:38:50 typhoon-base-unit1 kernel: 0000000000000000 0000000000000003 0000000000000000 0000000000000030 
Nov 16 13:38:50 typhoon-base-unit1 kernel: Call Trace: 
Nov 16 13:38:50 typhoon-base-unit1 kernel: [<ffffffffa0043c69>] tipc_send_work+0x139/0x1a0 [tipc] 
Nov 16 13:38:50 typhoon-base-unit1 kernel: [<ffffffff810c049b>] process_one_work+0x13b/0x4d0 
Nov 16 13:38:50 typhoon-base-unit1 kernel: [<ffffffff810c0878>] worker_thread+0x48/0x4c0 
Nov 16 13:38:50 typhoon-base-unit1 kernel: [<ffffffff810c0830>] ? process_one_work+0x4d0/0x4d0 
Nov 16 13:38:50 typhoon-base-unit1 kernel: [<ffffffff810c67a9>] kthread+0xc9/0xe0 
Nov 16 13:38:50 typhoon-base-unit1 kernel: [<ffffffff810c0000>] ? destroy_workqueue+0x220/0x250 
Nov 16 13:38:50 typhoon-base-unit1 kernel: [<ffffffff810c66e0>] ? flush_kthread_worker+0x70/0x70 
Nov 16 13:38:50 typhoon-base-unit1 kernel: [<ffffffff81994d22>] ret_from_fork+0x42/0x70 
Nov 16 13:38:50 typhoon-base-unit1 kernel: [<ffffffff810c66e0>] ? flush_kthread_worker+0x70/0x70 
Nov 16 13:38:50 typhoon-base-unit1 kernel: Code: ff ff eb c1 b8 ea ff ff ff eb ba 0f 1f 44 00 00 55 48 89 e5 41 54 49 89 fc 53 48 8d 7e 10 48 89 f3 be 03 00 00 00 e8 20 c5 c8 ff <49> 8b 44 24 28 48 89 de 4c 89 e7 48 8b 53 20 ff 90 88 00 00 00 
Nov 16 13:38:50 typhoon-base-unit1 kernel: RIP [<ffffffff817d9810>] kernel_sendmsg+0x20/0x50 
Nov 16 13:38:50 typhoon-base-unit1 kernel: RSP <ffff8802805cfd38> 
Nov 16 13:38:50 typhoon-base-unit1 kernel: CR2: 0000000000000028 
Nov 16 13:38:50 typhoon-base-unit1 kernel: ---[ end trace 242e547bf78fd704 ]---

And this is the output from a ATCA7370 Sandy-Bridge:

 

21:12pm  up   8:07,  1 user,  load average: 0.76, 0.90, 0.79

root@xxxx:/root> BUG: unable to handle kernel NULL pointer dereference at 000000000000009c

IP: [<ffffffffa007dc21>] tipc_send_work+0xf1/0x1a0 [tipc]

PGD 0 

Oops: 0000 [#1] PREEMPT SMP 

Modules linked in: 8021q xt_DSCP xt_dscp tipc ip6_udp_tunnel udp_tunnel bonding ipmi_devintf ipmi_si ipmi_msghandler

CPU: 4 PID: 22781 Comm: kworker/u65:2 Not tainted 4.1.21-WR0.1_cgl #1

Hardware name: Intel Corporation RoseCity Platform/Romley EP, BIOS 1.3.02 X64 02/20/2013

Workqueue: tipc_send tipc_send_work [tipc]

task: ffff88077593c8f0 ti: ffff880775a5c000 task.ti: ffff880775a5c000

RIP: 0010:[<ffffffffa007dc21>]  [<ffffffffa007dc21>] tipc_send_work+0xf1/0x1a0 [tipc]

RSP: 0018:ffff880775a5fd58  EFLAGS: 00010246

RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000000

RDX: 0000000080000001 RSI: 0000000000000201 RDI: ffff880775a5fdc8

RBP: ffff880775a5fdf8 R08: ffff88081f49bc00 R09: ffff88081fb15fa8

R10: 0000000000000020 R11: 0000000000000004 R12: ffff880805c60380

R13: ffff88081aa36428 R14: ffff88081aa36420 R15: 0000000000000000

FS:  0000000000000000(0000) GS:ffff88081fb00000(0000) knlGS:0000000000000000

CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033

CR2: 000000000000009c CR3: 0000000001e0c000 CR4: 00000000000406e0

Stack:

ffff88081aa363c0 ffff88081aa36410 ffff88101c1dc8f0 0000000000000000

0000000000000000 0000000000000000 0000000000000000 0000000000000000

0000000000000000 0000000000000000 0000000000000000 0000000000000000

Call Trace:

[<ffffffff810c052b>] process_one_work+0x13b/0x4d0

[<ffffffff810c0908>] worker_thread+0x48/0x4c0

[<ffffffff810c08c0>] ? process_one_work+0x4d0/0x4d0

[<ffffffff810c08c0>] ? process_one_work+0x4d0/0x4d0

[<ffffffff810c6839>] kthread+0xc9/0xe0

[<ffffffff810c0000>] ? destroy_workqueue+0x190/0x250

[<ffffffff810c6770>] ? flush_kthread_worker+0x70/0x70

[<ffffffff8197c162>] ret_from_fork+0x42/0x70

[<ffffffff810c6770>] ? flush_kthread_worker+0x70/0x70

Code: e1 4d 8b 65 e8 4c 3b a5 68 ff ff ff 0f 84 88 00 00 00 4c 89 f7 e8 a0 dc 8f e1 31 c0 b9 0b 00 00 00 48 8d bd 78 ff ff ff f3 48 ab <41> 8b 87 9c 00 00 00 c7 45 c0 40 00 00 00 83 e8 02 83 e0 fd 75 

RIP  [<ffffffffa007dc21>] tipc_send_work+0xf1/0x1a0 [tipc]

RSP <ffff880775a5fd58>

CR2: 000000000000009c

Other Downloads

Live chat
Online
  • Linkedin
  • Facebook
  • Twitter
  • Youtube