Kernel panic in gtxl_xlate_trtype() function due to unsigned Kernel module sccp
Issue
- System crashes with following messages in the kernel ring buffer :
BUG: unable to handle kernel NULL pointer dereference at 000000000000001c
IP: [<ffffffffa0889a8f>] gtxl_xlate_trtype+0xff/0x510 [sccp] <<===
PGD 419d07067 PUD 0
Oops: 0000 [#1] SMP
last sysfs file: /sys/devices/system/cpu/online
CPU 1
Modules linked in: bluetooth rfkill iptable_filter ip_tables bridge stp llc nfs lockd fscache nfs_acl auth_rpcgss streams_inet(U) hcpdriver(P)(U) streams_hdcx(F)(U) isupmod(
P)(U) rtcmod(P)(U) tcmod(P)(U) tcap(P)(U) sccp(P)(U) upm(P)(U) etmod(P)(U) dramod(P)(U) nimod(P)(U) trmod(P)(U) pmmod(P)(U) vbrd(P)(U) adaxm(P)(U) dkm(P)(U) mux(P)(U) spm(P)
(U) autofs4 sunrpc streams_timod(U) vsock(U) ip6t_REJECT nf_conntrack_ipv6 nf_defrag_ipv6 xt_state nf_conntrack ip6table_filter ip6_tables ipv6 streams(U) specfs(U) ppdev pa
rport_pc parport vmware_balloon microcode vmci(U) i2c_piix4 i2c_core sg shpchp ext4 mbcache jbd2 sd_mod crc_t10dif sr_mod cdrom vmw_pvscsi vmxnet3 pata_acpi ata_generic ata_
piix dm_mirror dm_region_hash dm_log dm_mod [last unloaded: mperf]
Pid: 16119, comm: sccp-625604b0 Tainted: PF --------------- 2.6.32-279.el6.x86_64 #1 VMware, Inc. VMware Virtual Platform/440BX Desktop Reference Platform
RIP: 0010:[<ffffffffa0889a8f>] [<ffffffffa0889a8f>] gtxl_xlate_trtype+0xff/0x510 [sccp]
RSP: 0018:ffff8802b9b1fa50 EFLAGS: 00010246
RAX: 0000000000000018 RBX: ffff8802b9b1fe40 RCX: 0000000000000000
RDX: ffff8803b52604a0 RSI: 0000000059b71cd1 RDI: 00000000ffae86d6
RBP: ffff8802b9b1fb40 R08: 0000000000000001 R09: 0000000000000001
R10: ffff88042630cc08 R11: 0000000000000001 R12: ffff8802b9b1fbd0
R13: ffff8802b9b1fb98 R14: ffff8802b9b1fbd4 R15: ffff8803b52604a8
FS: 00007f406a896700(0000) GS:ffff880028280000(0000) knlGS:00000000ea1feb70
CS: 0010 DS: 0018 ES: 0018 CR0: 000000008005003b
CR2: 000000000000001c CR3: 0000000416c69000 CR4: 00000000000406e0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000400
Process sccp-625604b0 (pid: 16119, threadinfo ffff8802b9b1e000, task ffff88000c8b6ae0)
Stack:
ffff8802b9b1faa8 0000000000000001 ffff8803b52604a0 0000000000000001
<d> 0000000059b71cd1 000000002649bd28 ffffffffffffff5d ffffffffa0847fd0
<d> 0000000100000010 ffff8803b52604a0 ffff8802b9b1fab0 0000000000000018
Call Trace:
[<ffffffffa0847fd0>] ? MTP_GET_SP_REC+0x50/0xb0 [upm]
[<ffffffffa0810af9>] ? itu14_spcsize+0x9/0x10 [upm]
[<ffffffffa0889ee8>] gtxl_xlate_gt+0x48/0x80 [sccp]
[<ffffffffa08728e8>] scrc+0xb28/0xd20 [sccp]
[<ffffffffa0847fce>] ? MTP_GET_SP_REC+0x4e/0xb0 [upm]
[<ffffffffa0810af9>] ? itu14_spcsize+0x9/0x10 [upm]
[<ffffffffa086dc84>] sclc+0x464/0x1310 [sccp]
[<ffffffffa07c5769>] ? dra_find_record+0xc9/0x1e0 [dramod]
[<ffffffffa0847fce>] ? MTP_GET_SP_REC+0x4e/0xb0 [upm]
[<ffffffffa0811159>] ? itu14_labelsize+0x9/0x10 [upm]
[<ffffffffa086ca90>] sccp_udata2sclc+0xf0/0x130 [sccp]
[<ffffffffa086843e>] process_sccpuwsrv_msg+0x1ae/0x2b0 [sccp]
[<ffffffffa04212ba>] ? cmn_get_task+0x1da/0x3e0 [spm]
[<ffffffffa0426bc0>] cmn_run_task_thread+0x60/0xa0 [spm]
[<ffffffffa0426b60>] ? cmn_run_task_thread+0x0/0xa0 [spm]
[<ffffffff81091d66>] kthread+0x96/0xa0
[<ffffffff8100c14a>] child_rip+0xa/0x20
[<ffffffff81091cd0>] ? kthread+0x0/0xa0
[<ffffffff8100c140>] ? child_rip+0x0/0x20
Code: 95 68 ff ff ff 48 89 14 24 8b 95 54 ff ff ff e8 08 f5 ff ff 85 c0 78 86 48 8b 85 68 ff ff ff 48 8b 95 58 ff ff ff 4d 8d 74 24 04 <8b> 70 04 48 8b 03 48 83 c2 04 0f b6 38 e8 6f 2e ff ff 4c 89 f6
RIP [<ffffffffa0889a8f>] gtxl_xlate_trtype+0xff/0x510 [sccp]
RSP <ffff8802b9b1fa50>
CR2: 000000000000001c
Environment
- Red Hat Enterprise Linux 6
Subscriber exclusive content
A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.
