This bug was fixed in the package linux - 4.15.0-65.74
---------------
linux (4.15.0-65.74) bionic; urgency=medium
* bionic/linux: 4.15.0-65.74 -proposed tracker (LP: #1844403)
* arm64: large modules fail to load (LP: #1841109)
- arm64/kernel: kaslr: reduce module randomization range to 4 GB
- arm64/kernel: don't ban ADRP to work around Cortex-A53 erratum #843419
- arm64: fix undefined reference to 'printk'
- arm64/kernel: rename module_emit_adrp_veneer->module_emit_veneer_for_adrp
- [config] Remove CONFIG_ARM64_MODULE_CMODEL_LARGE
* CVE-2018-20976
- xfs: clear sb->s_fs_info on mount failure
* br_netfilter: namespace sysctl operations (LP: #1836910)
- net: bridge: add bitfield for options and convert vlan opts
- net: bridge: convert nf call options to bits
- netfilter: bridge: port sysctls to use brnf_net
- netfilter: bridge: namespace bridge netfilter sysctls
- netfilter: bridge: prevent UAF in brnf_exit_net()
* tuntap: correctly set SOCKWQ_ASYNC_NOSPACE (LP: #1830756)
- tuntap: correctly set SOCKWQ_ASYNC_NOSPACE
* Bionic update: upstream stable patchset 2019-08-30 (LP: #1842114)
- HID: Add 044f:b320 ThrustMaster, Inc. 2 in 1 DT
- MIPS: kernel: only use i8253 clocksource with periodic clockevent
- mips: fix cacheinfo
- netfilter: ebtables: fix a memory leak bug in compat
- ASoC: dapm: Fix handling of custom_stop_condition on DAPM graph walks
- bonding: Force slave speed check after link state recovery for 802.3ad
- can: dev: call netif_carrier_off() in register_candev()
- ASoC: Fail card instantiation if DAI format setup fails
- st21nfca_connectivity_event_received: null check the allocation
- st_nci_hci_connectivity_event_received: null check the allocation
- ASoC: ti: davinci-mcasp: Correct slot_width posed constraint
- net: usb: qmi_wwan: Add the BroadMobi BM818 card
- qed: RDMA - Fix the hw_ver returned in device attributes
- isdn: mISDN: hfcsusb: Fix possible null-pointer dereferences in
start_isoc_chain()
- netfilter: ipset: Fix rename concurrency with listing
- isdn: hfcsusb: Fix mISDN driver crash caused by transfer buffer on the
stack
- perf bench numa: Fix cpu0 binding
- can: sja1000: force the string buffer NULL-terminated
- can: peak_usb: force the string buffer NULL-terminated
- net/ethernet/qlogic/qed: force the string buffer NULL-terminated
- NFSv4: Fix a potential sleep while atomic in nfs4_do_reclaim()
- HID: input: fix a4tech horizontal wheel custom usage
- SMB3: Kernel oops mounting a encryptData share with CONFIG_DEBUG_VIRTUAL
- net: cxgb3_main: Fix a resource leak in a error path in 'init_one()'
- net: hisilicon: make hip04_tx_reclaim non-reentrant
- net: hisilicon: fix hip04-xmit never return TX_BUSY
- net: hisilicon: Fix dma_map_single failed on arm64
- libata: have ata_scsi_rw_xlat() fail invalid passthrough requests
- libata: add SG safety checks in SFF pio transfers
- x86/lib/cpu: Address missing prototypes warning
- drm/vmwgfx: fix memory leak when too many retries have occurred
- perf ftrace: Fix failure to set cpumask when only one cpu is present
- perf cpumap: Fix writing to illegal memory in handling cpumap mask
- perf pmu-events: Fix missing "cpu_clk_unhalted.core" event
- selftests: kvm: Adding config fragments
- HID: wacom: correct misreported EKR ring values
- HID: wacom: Correct distance scale for 2nd-gen Intuos devices
- Revert "dm bufio: fix deadlock with loop device"
- ceph: don't try fill file_lock on unsuccessful GETFILELOCK reply
- libceph: fix PG split vs OSD (re)connect race
- drm/nouveau: Don't retry infinitely when receiving no data on i2c over AUX
- gpiolib: never report open-drain/source lines as 'input' to user-space
- userfaultfd_release: always remove uffd flags and clear vm_userfaultfd_ctx
- x86/retpoline: Don't clobber RFLAGS during CALL_NOSPEC on i386
- x86/apic: Handle missing global clockevent gracefully
- x86/CPU/AMD: Clear RDRAND CPUID bit on AMD family 15h/16h
- x86/boot: Save fields explicitly, zero out everything else
- x86/boot: Fix boot regression caused by bootparam sanitizing
- dm kcopyd: always complete failed jobs
- dm btree: fix order of block initialization in btree_split_beneath
- dm space map metadata: fix missing store of apply_bops() return value
- dm table: fix invalid memory accesses with too high sector number
- dm zoned: improve error handling in reclaim
- dm zoned: improve error handling in i/o map code
- dm zoned: properly handle backing device failure
- genirq: Properly pair kobject_del() with kobject_add()
- mm, page_owner: handle THP splits correctly
- mm/zsmalloc.c: migration can leave pages in ZS_EMPTY indefinitely
- mm/zsmalloc.c: fix race condition in zs_destroy_pool
- xfs: fix missing ILOCK unlock when xfs_setattr_nonsize fails due to EDQUOT
- dm zoned: fix potential NULL dereference in dmz_do_reclaim()
- powerpc: Allow flush_(inval_)dcache_range to work across ranges >4GB
- can: mcp251x: add error check when wq alloc failed
- netfilter: ipset: Actually allow destination MAC address for hash:ip,mac
sets too
- netfilter: ipset: Copy the right MAC address in bitmap:ip,mac and
hash:ip,mac sets
- rxrpc: Fix the lack of notification when sendmsg() fails on a DATA packet
- net: phy: phy_led_triggers: Fix a possible null-pointer dereference in
phy_led_trigger_change_speed()
- NFS: Fix regression whereby fscache errors are appearing on 'nofsc' mounts
- net: stmmac: Fix issues when number of Queues >= 4
- KVM: arm64: Don't write junk to sysregs on reset
- KVM: arm: Don't write junk to CP15 registers on reset
- xfs: don't trip over uninitialized buffer on extent read of corrupted
inode
- xfs: Move fs/xfs/xfs_attr.h to fs/xfs/libxfs/xfs_attr.h
- xfs: Add helper function xfs_attr_try_sf_addname
- xfs: Add attibute remove and helper functions
* Bionic update: upstream stable patchset 2019-08-27 (LP: #1841652)
- sh: kernel: hw_breakpoint: Fix missing break in switch statement
- mm/usercopy: use memory range to be accessed for wraparound check
- mm/memcontrol.c: fix use after free in mem_cgroup_iter()
- bpf: get rid of pure_initcall dependency to enable jits
- bpf: restrict access to core bpf sysctls
- bpf: add bpf_jit_limit knob to restrict unpriv allocations
- xtensa: add missing isync to the cpu_reset TLB code
- ALSA: hda - Apply workaround for another AMD chip 1022:1487
- ALSA: hda - Fix a memory leak bug
- HID: holtek: test for sanity of intfdata
- HID: hiddev: avoid opening a disconnected device
- HID: hiddev: do cleanup in failure of opening a device
- Input: kbtab - sanity check for endpoint type
- Input: iforce - add sanity checks
- net: usb: pegasus: fix improper read if get_registers() fail
- netfilter: ebtables: also count base chain policies
- clk: at91: generated: Truncate divisor to GENERATED_MAX_DIV + 1
- clk: renesas: cpg-mssr: Fix reset control race condition
- xen/pciback: remove set but not used variable 'old_state'
- irqchip/gic-v3-its: Free unused vpt_page when alloc vpe table fail
- irqchip/irq-imx-gpcv2: Forward irq type to parent
- perf header: Fix divide by zero error if f_header.attr_size==0
- perf header: Fix use of unitialized value warning
- libata: zpodd: Fix small read overflow in zpodd_get_mech_type()
- drm/bridge: lvds-encoder: Fix build error while CONFIG_DRM_KMS_HELPER=m
- scsi: hpsa: correct scsi command status issue after reset
- scsi: qla2xxx: Fix possible fcport null-pointer dereferences
- ata: libahci: do not complain in case of deferred probe
- kbuild: modpost: handle KBUILD_EXTRA_SYMBOLS only for external modules
- arm64/efi: fix variable 'si' set but not used
- arm64: unwind: Prohibit probing on return_address()
- arm64/mm: fix variable 'pud' set but not used
- IB/core: Add mitigation for Spectre V1
- IB/mad: Fix use-after-free in ib mad completion handling
- drm: msm: Fix add_gpu_components
- ocfs2: remove set but not used variable 'last_hash'
- asm-generic: fix -Wtype-limits compiler warnings
- KVM: arm/arm64: Sync ICH_VMCR_EL2 back when about to block
- staging: comedi: dt3000: Fix signed integer overflow 'divider * base'
- staging: comedi: dt3000: Fix rounding up of timer divisor
- iio: adc: max9611: Fix temperature reading in probe
- USB: core: Fix races in character device registration and deregistraion
- usb: gadget: udc: renesas_usb3: Fix sysfs interface of "role"
- usb: cdc-acm: make sure a refcount is taken early enough
- USB: CDC: fix sanity checks in CDC union parser
- USB: serial: option: add D-Link DWM-222 device ID
- USB: serial: option: Add support for ZTE MF871A
- USB: serial: option: add the BroadMobi BM818 card
- USB: serial: option: Add Motorola modem UARTs
- bpf: fix bpf_jit_limit knob for PAGE_SIZE >= 64K
- arm64: ftrace: Ensure module ftrace trampoline is coherent with I-side
- netfilter: conntrack: Use consistent ct id hash calculation
- Input: psmouse - fix build error of multiple definition
- iommu/amd: Move iommu_init_pci() to .init section
- bnx2x: Fix VF's VLAN reconfiguration in reload.
- net/mlx4_en: fix a memory leak bug
- net/packet: fix race in tpacket_snd()
- sctp: fix the transport error_count check
- xen/netback: Reset nr_frags before freeing skb
- net/mlx5e: Only support tx/rx pause setting for port owner
- net/mlx5e: Use flow keys dissector to parse packets for ARFS
- team: Add vlan tx offload to hw_enc_features
- bonding: Add vlan tx offload to hw_enc_features
- mmc: sdhci-of-arasan: Do now show error message in case of deffered probe
- xfrm: policy: remove pcpu policy cache
- mm/hmm: fix bad subpage pointer in try_to_unmap_one
- mm: mempolicy: make the behavior consistent when MPOL_MF_MOVE* and
MPOL_MF_STRICT were specified
- mm: mempolicy: handle vma with unmovable pages mapped correctly in mbind
- riscv: Make __fstate_clean() work correctly.
- Revert "kmemleak: allow to coexist with fault injection"
- sctp: fix memleak in sctp_send_reset_streams
* Bionic update: upstream stable patchset 2019-08-16 (LP: #1840520)
- iio: adc: max9611: Fix misuse of GENMASK macro
- crypto: ccp - Fix oops by properly managing allocated structures
- crypto: ccp - Ignore tag length when decrypting GCM ciphertext
- usb: usbfs: fix double-free of usb memory upon submiturb error
- usb: iowarrior: fix deadlock on disconnect
- sound: fix a memory leak bug
- mmc: cavium: Set the correct dma max segment size for mmc_host
- mmc: cavium: Add the missing dma unmap when the dma has finished.
- loop: set PF_MEMALLOC_NOIO for the worker thread
- Input: synaptics - enable RMI mode for HP Spectre X360
- lkdtm: support llvm-objcopy
- crypto: ccp - Validate buffer lengths for copy operations
- crypto: ccp - Add support for valid authsize values less than 16
- perf annotate: Fix s390 gap between kernel end and module start
- perf db-export: Fix thread__exec_comm()
- perf record: Fix module size on s390
- usb: host: xhci-rcar: Fix timeout in xhci_suspend()
- usb: yurex: Fix use-after-free in yurex_delete
- can: rcar_canfd: fix possible IRQ storm on high load
- can: peak_usb: fix potential double kfree_skb()
- netfilter: nfnetlink: avoid deadlock due to synchronous request_module
- vfio-ccw: Set pa_nr to 0 if memory allocation fails for pa_iova_pfn
- netfilter: Fix rpfilter dropping vrf packets by mistake
- netfilter: nft_hash: fix symhash with modulus one
- scripts/sphinx-pre-install: fix script for RHEL/CentOS
- iscsi_ibft: make ISCSI_IBFT dependson ACPI instead of ISCSI_IBFT_FIND
- mac80211: don't warn about CW params when not using them
- hwmon: (nct6775) Fix register address and added missed tolerance for
nct6106
- drm: silence variable 'conn' set but not used
- cpufreq/pasemi: fix use-after-free in pas_cpufreq_cpu_init()
- s390/qdio: add sanity checks to the fast-requeue path
- ALSA: compress: Fix regression on compressed capture streams
- ALSA: compress: Prevent bypasses of set_params
- ALSA: compress: Don't allow paritial drain operations on capture streams
- ALSA: compress: Be more restrictive about when a drain is allowed
- perf tools: Fix proper buffer size for feature processing
- perf probe: Avoid calling freeing routine multiple times for same pointer
- drbd: dynamically allocate shash descriptor
- ACPI/IORT: Fix off-by-one check in iort_dev_find_its_id()
- ARM: davinci: fix sleep.S build error on ARMv4
- scsi: megaraid_sas: fix panic on loading firmware crashdump
- scsi: ibmvfc: fix WARN_ON during event pool release
- scsi: scsi_dh_alua: always use a 2 second delay before retrying RTPG
- test_firmware: fix a memory leak bug
- tty/ldsem, locking/rwsem: Add missing ACQUIRE to read_failed sleep loop
- perf/core: Fix creating kernel counters for PMUs that override event->cpu
- HID: sony: Fix race condition between rumble and device remove.
- can: peak_usb: pcan_usb_pro: Fix info-leaks to USB devices
- can: peak_usb: pcan_usb_fd: Fix info-leaks to USB devices
- hwmon: (nct7802) Fix wrong detection of in4 presence
- drm/i915: Fix wrong escape clock divisor init for GLK
- ALSA: firewire: fix a memory leak bug
- ALSA: hda - Don't override global PCM hw info flag
- ALSA: hda - Workaround for crackled sound on AMD controller (1022:1457)
- mac80211: don't WARN on short WMM parameters from AP
- SMB3: Fix deadlock in validate negotiate hits reconnect
- smb3: send CAP_DFS capability during session setup
- NFSv4: Only pass the delegation to setattr if we're sending a truncate
- NFSv4: Fix an Oops in nfs4_do_setattr
- KVM: Fix leak vCPU's VMCS value into other pCPU
- mwifiex: fix 802.11n/WPA detection
- iwlwifi: don't unmap as page memory that was mapped as single
- iwlwifi: mvm: fix an out-of-bound access
- iwlwifi: mvm: don't send GEO_TX_POWER_LIMIT on version < 41
- iwlwifi: mvm: fix version check for GEO_TX_POWER_LIMIT support
- iio: cros_ec_accel_legacy: Fix incorrect channel setting
- staging: android: ion: Bail out upon SIGKILL when allocating memory.
- x86/purgatory: Use CFLAGS_REMOVE rather than reset KBUILD_CFLAGS
- usb: typec: tcpm: free log buf memory when remove debug file
- usb: typec: tcpm: remove tcpm dir if no children
- usb: typec: tcpm: Add NULL check before dereferencing config
- netfilter: conntrack: always store window size un-scaled
- drm/amd/display: Wait for backlight programming completion in set
backlight
level
- drm/amd/display: use encoder's engine id to find matched free audio device
- drm/amd/display: Fix dc_create failure handling and 666 color depths
- drm/amd/display: Only enable audio if speaker allocation exists
- drm/amd/display: Increase size of audios array
- allocate_flower_entry: should check for null deref
- s390/dma: provide proper ARCH_ZONE_DMA_BITS value
- ALSA: hiface: fix multiple memory leak bugs
* Bionic update: upstream stable patchset 2019-08-15 (LP: #1840378)
- scsi: fcoe: Embed fc_rport_priv in fcoe_rport structure
- ARM: dts: Add pinmuxing for i2c2 and i2c3 for LogicPD SOM-LV
- ARM: dts: Add pinmuxing for i2c2 and i2c3 for LogicPD torpedo
- HID: wacom: fix bit shift for Cintiq Companion 2
- HID: Add quirk for HP X1200 PIXART OEM mouse
- RDMA: Directly cast the sockaddr union to sockaddr
- IB: directly cast the sockaddr union to aockaddr
- atm: iphase: Fix Spectre v1 vulnerability
- ife: error out when nla attributes are empty
- ip6_tunnel: fix possible use-after-free on xmit
- net: bridge: delete local fdb on device init failure
- net: bridge: mcast: don't delete permanent entries when fast leave is
enabled
- net: fix ifindex collision during namespace removal
- net/mlx5: Use reversed order when unregister devices
- net: phylink: Fix flow control for fixed-link
- net: sched: Fix a possible null-pointer dereference in dequeue_func()
- NFC: nfcmrvl: fix gpio-handling regression
- tipc: compat: allow tipc commands without arguments
- compat_ioctl: pppoe: fix PPPOEIOCSFWD handling
- net/mlx5e: Prevent encap flow counter update async to user query
- tun: mark small packets as owned by the tap sock
- mvpp2: refactor MTU change code
- bnx2x: Disable multi-cos feature.
- cgroup: Call cgroup_release() before __exit_signal()
- cgroup: Implement css_task_iter_skip()
- cgroup: Include dying leaders with live threads in PROCS iterations
- cgroup: css_task_iter_skip()'d iterators must be advanced before accessed
- cgroup: Fix css_task_iter_advance_css_set() cset skip condition
- spi: bcm2835: Fix 3-wire mode if DMA is enabled
- driver core: Establish order of operations for device_add and device_del
via
bitflag
- drivers/base: Introduce kill_device()
- libnvdimm/bus: Prevent duplicate device_unregister() calls
- libnvdimm/region: Register badblocks before namespaces
- libnvdimm/bus: Prepare the nd_ioctl() path to be re-entrant
- libnvdimm/bus: Fix wait_nvdimm_bus_probe_idle() ABBA deadlock
- ipip: validate header length in ipip_tunnel_xmit
- mvpp2: fix panic on module removal
- net/mlx5: Fix modify_cq_in alignment
- r8169: don't use MSI before RTL8168d
* VIMC module not available (CONFIG_VIDEO_VIMC not set) (LP: #1831482)
- [Config] Enable VIMC module
* reboot will introduce an alarm 'beep ...' during BIOS phase (LP: #1840395)
- ALSA: hda - Let all conexant codec enter D3 when rebooting
- ALSA: hda - Add a generic reboot_notify
* Include Sunix serial/parallel driver (LP: #1826716)
- serial: 8250_pci: Add support for Sunix serial boards
- parport: parport_serial: Add support for Sunix Multi I/O boards
* Intel HDMI audio print "Unable to sync register" errors (LP: #1840394)
- ALSA: hda - Don't resume forcibly i915 HDMI/DP codec
* Support cpufreq, thermal sensors & cooling cells on iMX6Q based Nitrogen6x
board (LP: #1840437)
- arm: imx: Add MODULE_ALIAS for cpufreq
- ARM: dts: imx: Add missing OPP properties for CPUs
- ARM: dts: imx7d: use operating-points-v2 for cpu
- ARM: dts: imx7d: remove "operating-points" property for cpu1
- ARM: dts: imx: add cooling-cells for cpufreq cooling device
- ARM: dts: imx6: add thermal sensor and cooling cells
* hns3: ring buffer race leads can cause corruption (LP: #1840717)
- net: hns3: minor optimization for ring_space
- net: hns3: fix data race between ring->next_to_clean
- net: hns3: optimize the barrier using when cleaning TX BD
* Bionic build broken if CONFIG_MODVERSIONS enabled (LP: #1840321)
- Revert "genksyms: Teach parser about 128-bit built-in types"
* [bionic] drm/i915: softpin broken, needs to be fixed for 32bit mesa
(LP: #1815172)
- SAUCE: drm/i915: Partially revert d6edad3777c28ea
* Goodix touchpad may drop first input event (LP: #1840075)
- mfd: intel-lpss: Remove D3cold delay
* NULL pointer dereference when Inserting the VIMC module (LP: #1840028)
- media: vimc: fix component match compare
* Fix touchpad IRQ storm after S3 (LP: #1841396)
- pinctrl: intel: remap the pin number to gpio offset for irq enabled pin
* [SRU][B/OEM-B/OEM-OSP1/D] UBUNTU: SAUCE: enable middle button for one more
ThinkPad (LP: #1841722)
- SAUCE: Input: elantech - enable middle button for one more ThinkPad
* Test 391/u and 391/p from ubuntu_bpf failed on B (LP: #1841704)
- SAUCE: Fix "bpf: improve verifier branch analysis"
* crypto/testmgr.o fails to build due to struct cipher_testvec not having data
members: ctext, ptext, len (LP: #1841264)
- SAUCE: Revert "crypto: testmgr - add AES-CFB tests"
* Bionic QEMU with Bionic Kernel hangs in AMD FX-8350 with cpu-host as
passthrough (LP: #1834522)
- KVM: SVM: install RSM intercept
- KVM: x86: SVM: Set EMULTYPE_NO_REEXECUTE for RSM emulation
-- Kleber Sacilotto de Souza <kleber.so...@canonical.com> Tue, 17 Sep
2019 18:12:26 +0200
** Changed in: linux (Ubuntu Bionic)
Status: Fix Committed => Fix Released
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2018-20976
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1840028
Title:
NULL pointer dereference when Inserting the VIMC module
Status in linux package in Ubuntu:
Fix Released
Status in linux source package in Bionic:
Fix Released
Status in linux source package in Disco:
Fix Committed
Status in linux source package in Eoan:
Fix Released
Bug description:
== SRU Justification ==
When trying to insert a vimc module on a system has other devices being
registered in the component framework, if the device is not necessarily a
platform_device, nor have a platform_data it will trigger a NULL pointer
deference issue.
Issue found on a bare metal node with config vimc enabled.
ubuntu@amaura:~$ sudo modprobe vimc
Killed
dmesg output:
[ 2855.340272] media: Linux media interface: v0.10
[ 2855.344927] Linux video capture interface: v2.00
[ 2855.346146] BUG: unable to handle kernel NULL pointer dereference at
0000000000000000
[ 2855.346172] IP: strcmp+0xe/0x30
[ 2855.346181] PGD 0 P4D 0
[ 2855.346189] Oops: 0000 [#1] SMP PTI
[ 2855.346198] Modules linked in: vimc(+) videodev media ppdev intel_rapl
x86_pkg_temp_thermal intel_powerclamp coretemp kvm_intel binfmt_misc kvm
irqbypass intel_cstate intel_rapl_perf ipmi_si joydev ipmi_devintf
ipmi_msghandler intel_pch_thermal input_leds parport_pc lpc_ich shpchp parport
mac_hid sch_fq_codel ib_iser rdma_cm iw_cm ib_cm ib_core iscsi_tcp libiscsi_tcp
libiscsi scsi_transport_iscsi ip_tables x_tables autofs4 btrfs zstd_compress
raid10 raid456 async_raid6_recov async_memcpy async_pq async_xor async_tx xor
raid6_pq libcrc32c raid1 raid0 multipath linear hid_generic usbhid hid
crct10dif_pclmul crc32_pclmul ghash_clmulni_intel pcbc i915 mgag200 ttm
drm_kms_helper aesni_intel syscopyarea aes_x86_64 sysfillrect crypto_simd igb
sysimgblt glue_helper fb_sys_fops cryptd dca drm i2c_algo_bit
[ 2855.346366] ahci ptp libahci pps_core video
[ 2855.346379] CPU: 4 PID: 1505 Comm: modprobe Not tainted 4.15.0-58-generic
#64
[ 2855.346395] Hardware name: Intel Corporation S1200RP/S1200RP, BIOS
S1200RP.86B.03.02.0003.070120151022 07/01/2015
[ 2855.346418] RIP: 0010:strcmp+0xe/0x30
[ 2855.346428] RSP: 0018:ffffb63501f93a00 EFLAGS: 00010202
[ 2855.346440] RAX: ffffffffc0c860f0 RBX: 0000000000000000 RCX:
0000000000000000
[ 2855.346456] RDX: ffffa097d85ec440 RSI: ffffffffc0c8723f RDI:
0000000000000001
[ 2855.346473] RBP: ffffb63501f93a00 R08: ffffa097e09270a0 R09:
ffffa097d265ca80
[ 2855.346489] R10: ffffe84b51559600 R11: 0000000000000200 R12:
ffffa097dcdbf718
[ 2855.346505] R13: ffffa097d265ca80 R14: ffffa097d2f2b380 R15:
0000000000000000
[ 2855.346521] FS: 00007fd7f4e4b540(0000) GS:ffffa097e0900000(0000)
knlGS:0000000000000000
[ 2855.346539] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 2855.346553] CR2: 0000000000000000 CR3: 00000004580fc001 CR4:
00000000003606e0
[ 2855.346569] DR0: 0000000000000000 DR1: 0000000000000000 DR2:
0000000000000000
[ 2855.346585] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7:
0000000000000400
[ 2855.346601] Call Trace:
[ 2855.346611] vimc_comp_compare+0x15/0x20 [vimc]
[ 2855.346624] try_to_bring_up_master+0xa3/0x260
[ 2855.346635] ? vimc_remove+0x90/0x90 [vimc]
[ 2855.346646] component_master_add_with_match+0x8b/0xd0
[ 2855.346659] vimc_probe+0x325/0x3c9 [vimc]
[ 2855.346672] ? acpi_dev_pm_attach+0x25/0xd0
[ 2855.346683] platform_drv_probe+0x3e/0xa0
[ 2855.346693] driver_probe_device+0x30c/0x490
[ 2855.346704] __driver_attach+0xa7/0xf0
[ 2855.346714] ? driver_probe_device+0x490/0x490
[ 2855.346725] bus_for_each_dev+0x70/0xc0
[ 2855.346735] driver_attach+0x1e/0x20
[ 2855.346744] bus_add_driver+0x1c7/0x270
[ 2855.346754] ? 0xffffffffc0c8b000
[ 2855.346763] driver_register+0x60/0xe0
[ 2855.346772] ? 0xffffffffc0c8b000
[ 2855.346781] __platform_driver_register+0x36/0x40
[ 2855.346793] vimc_init+0x46/0x1000 [vimc]
[ 2855.347306] do_one_initcall+0x52/0x19f
[ 2855.347810] ? __vunmap+0x8e/0xc0
[ 2855.348322] ? _cond_resched+0x19/0x40
[ 2855.348811] ? kmem_cache_alloc_trace+0x14e/0x1b0
[ 2855.349290] ? do_init_module+0x27/0x209
[ 2855.349768] do_init_module+0x5f/0x209
[ 2855.350246] load_module+0x193b/0x1f30
[ 2855.350710] ? ima_post_read_file+0x96/0xa0
[ 2855.351159] SYSC_finit_module+0xfc/0x120
[ 2855.351592] ? SYSC_finit_module+0xfc/0x120
[ 2855.352010] SyS_finit_module+0xe/0x10
[ 2855.352412] do_syscall_64+0x73/0x130
[ 2855.352797] entry_SYSCALL_64_after_hwframe+0x3d/0xa2
[ 2855.353169] RIP: 0033:0x7fd7f4959839
[ 2855.353538] RSP: 002b:00007ffd7e3fd5c8 EFLAGS: 00000246 ORIG_RAX:
0000000000000139
[ 2855.353915] RAX: ffffffffffffffda RBX: 0000563c3b02eea0 RCX:
00007fd7f4959839
[ 2855.354286] RDX: 0000000000000000 RSI: 0000563c39de5d2e RDI:
0000000000000005
[ 2855.354647] RBP: 0000563c39de5d2e R08: 0000000000000000 R09:
0000563c3b02eea0
[ 2855.355009] R10: 0000000000000005 R11: 0000000000000246 R12:
0000000000000000
[ 2855.355369] R13: 0000563c3b02ef20 R14: 0000000000040000 R15:
0000563c3b02eea0
[ 2855.355728] Code: 01 c8 c3 c6 44 07 ff 00 eb 91 31 c0 eb c9 48 c7 c0 f9 ff
ff ff c3 0f 1f 80 00 00 00 00 55 48 89 e5 eb 04 84 c0 74 18 48 83 c7 01 <0f> b6
47 ff 48 83 c6 01 3a 46 ff 74 eb 19 c0 83 c8 01 5d c3 31
[ 2855.356503] RIP: strcmp+0xe/0x30 RSP: ffffb63501f93a00
[ 2855.356885] CR2: 0000000000000000
[ 2855.357259] ---[ end trace bfba48c80f803d2d ]---
== Fix ==
* ee1c71a8 (media: vimc: fix component match compare)
This patch can be cherry-picked in to B/D/E.
VIMC support was requested to enabled on these kernels (lp:1831482).
== Test ==
Test kernels could be found here:
https://people.canonical.com/~phlin/kernel/lp-1840028-null-ptr-vimc/
Tested with node "amaura", patch works as expected, the vimc module
can be inserted / removed without any issue.
== Regression Potential ==
Low, this patch is specific for vimc and we have positive test result with it.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1840028/+subscriptions
--
Mailing list: https://launchpad.net/~kernel-packages
Post to : kernel-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~kernel-packages
More help : https://help.launchpad.net/ListHelp
