Bug 1411132

Summary: [abrt] BUG: unable to handle kernel NULL pointer dereference at 00000008 [rt2x00lib]
Product: [Fedora] Fedora Reporter: Yonatan <yonatan.el.amigo>
Component: kernelAssignee: Stanislaw Gruszka <sgruszka>
Status: CLOSED INSUFFICIENT_DATA QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: 25CC: cz172638, gansalmon, ichavero, itamar, jonathan, kernel-maint, madhu.chinakonda, mchehab
Target Milestone: ---Flags: jforbes: needinfo?
Target Release: ---   
Hardware: i686   
OS: Unspecified   
URL: https://retrace.fedoraproject.org/faf/reports/bthash/8babb02ca118da6bda0400908ed055efe96b3279
Whiteboard: abrt_hash:2b19d093bd08bf105e5fc59c8ffd5267ea7c699f;VARIANT_ID=workstation;
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2017-04-28 17:18:24 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Description Flags
File: dmesg none

Description Yonatan 2017-01-08 16:26:32 UTC
Additional info:
reporter:       libreport-2.8.0
BUG: unable to handle kernel NULL pointer dereference at 00000008
IP: [<f8788a44>] rt2x00usb_flush_entry+0x34/0x50 [rt2x00usb]
*pdpt = 0000000031815001 *pde = 0000000000000000 
Oops: 0000 [#1] SMP
Modules linked in: fuse xt_CHECKSUM ipt_MASQUERADE nf_nat_masquerade_ipv4 tun nf_conntrack_netbios_ns nf_conntrack_broadcast xt_CT ip6t_rpfilter ip6t_REJECT nf_reject_ipv6 xt_conntrack ip_set nfnetlink ebtable_broute bridge stp llc ebtable_nat ip6table_mangle ip6table_nat nf_conntrack_ipv6 nf_defrag_ipv6 nf_nat_ipv6 ip6table_security ip6table_raw iptable_mangle iptable_nat nf_conntrack_ipv4 nf_defrag_ipv4 nf_nat_ipv4 nf_nat nf_conntrack iptable_security iptable_raw ebtable_filter ebtables ip6table_filter ip6_tables arc4 rt2800usb rt2x00usb ppdev rt2800lib rt2x00lib mac80211 cfg80211 rfkill kvm_amd kvm irqbypass snd_hda_codec_via snd_hda_codec_generic k10temp snd_hda_intel snd_hda_codec snd_hda_core snd_hwdep snd_seq parport_pc snd_seq_device acpi_cpufreq snd_pcm parport tpm_tis snd_timer
 snd soundcore tpm_tis_core i2c_nforce2 tpm nfsd auth_rpcgss nfs_acl lockd grace sunrpc binfmt_misc ata_generic nouveau video mxm_wmi wmi i2c_algo_bit drm_kms_helper ttm pata_acpi drm forcedeth serio_raw pata_amd sata_nv fjes
CPU: 0 PID: 780 Comm: NetworkManager Not tainted 4.8.15-300.fc25.i686+PAE #1
Hardware name: To Be Filled By O.E.M. To Be Filled By O.E.M./N68-VS3 UCC, BIOS P1.10 03/04/2011
task: f1828000 task.stack: f2fec000
EIP: 0060:[<f8788a44>] EFLAGS: 00010286 CPU: 0
EIP is at rt2x00usb_flush_entry+0x34/0x50 [rt2x00usb]
EAX: 00000000 EBX: d5589984 ECX: dceb9b3c EDX: 00000206
ESI: d5589f5c EDI: dee08e40 EBP: f2fed960 ESP: f2fed954
 DS: 007b ES: 007b FS: 00d8 GS: 00e0 SS: 0068
CR0: 80050033 CR2: 00000008 CR3: 32e8fc80 CR4: 000006f0
 00000984 00000057 f3e82e00 f2fed990 f86d0419 00001004 f2fed9b0 00000004
 00000064 dee091f4 f3e82e2c 00000000 f3e82e00 f3e82e00 dee08e40 f2fed9ac
 f8788a03 00000000 f8788a10 f3e82e00 00000001 dee08e40 f2fed9cc f86d0bdf
Call Trace:
 [<f86d0419>] rt2x00queue_for_each_entry+0x89/0x150 [rt2x00lib]
 [<f8788a03>] rt2x00usb_flush_queue+0x93/0xa0 [rt2x00usb]
 [<f8788a10>] ? rt2x00usb_flush_queue+0xa0/0xa0 [rt2x00usb]
 [<f86d0bdf>] rt2x00queue_flush_queue+0x2f/0x90 [rt2x00lib]
 [<f86d051a>] ? rt2x00queue_stop_queue+0x3a/0x50 [rt2x00lib]
 [<f86d0e20>] rt2x00queue_flush_queues+0x50/0x60 [rt2x00lib]
 [<f86ce155>] rt2x00lib_disable_radio+0x55/0xa0 [rt2x00lib]
 [<f86ceb2b>] rt2x00lib_stop+0x1b/0x40 [rt2x00lib]
 [<f86ced35>] rt2x00mac_stop+0x25/0x30 [rt2x00lib]
 [<f879a64e>] drv_stop+0x2e/0xf0 [mac80211]
 [<f87cb0ed>] ieee80211_stop_device+0x3d/0x40 [mac80211]
 [<f87ae8b3>] ieee80211_do_stop+0x4b3/0x7b0 [mac80211]
 [<dcb578e8>] ? _raw_spin_unlock_bh+0x18/0x20
 [<dca69a8f>] ? dev_deactivate_many+0x1bf/0x1f0
 [<f87aebc7>] ieee80211_stop+0x17/0x20 [mac80211]
 [<dca3adf1>] __dev_close_many+0x81/0xe0

Comment 1 Yonatan 2017-01-08 16:27:17 UTC
Created attachment 1238405 [details]
File: dmesg

Comment 2 Stanislaw Gruszka 2017-01-11 15:58:29 UTC
Note to myself:

Reading symbols from /usr/lib/debug/lib/modules/4.8.15-300.fc25.i686/kernel/drivers/net/wireless/ralink/rt2x00/rt2x00usb.ko.debug...done.
(gdb) l *(rt2x00usb_flush_entry+0x34)
0xa74 is at drivers/net/wireless/ralink/rt2x00/rt2x00usb.c:468.
463		usb_kill_urb(entry_priv->urb);
465		/*
466		 * Kill guardian urb (if required by driver).
467		 */
468		if ((entry->queue->qid == QID_BEACON) &&
469		    (rt2x00_has_cap_flag(rt2x00dev, REQUIRE_BEACON_GUARD)))
470			usb_kill_urb(bcn_priv->guardian_urb);
472		return false;

Comment 3 Justin M. Forbes 2017-04-11 14:45:53 UTC
*********** MASS BUG UPDATE **************

We apologize for the inconvenience.  There is a large number of bugs to go through and several of them have gone stale.  Due to this, we are doing a mass bug update across all of the Fedora 25 kernel bugs.

Fedora 25 has now been rebased to 4.10.9-200.fc25.  Please test this kernel update (or newer) and let us know if you issue has been resolved or if it is still present with the newer kernel.

If you have moved on to Fedora 26, and are still experiencing this issue, please change the version to Fedora 26.

If you experience different issues, please open a new bug report for those.

Comment 4 Justin M. Forbes 2017-04-28 17:18:24 UTC
*********** MASS BUG UPDATE **************
This bug is being closed with INSUFFICIENT_DATA as there has not been a response in 2 weeks. If you are still experiencing this issue, please reopen and attach the 
relevant data from the latest kernel you are running and any data that might have been requested previously.