Bug 446416

Summary: General Protection Fault
Product: [Fedora] Fedora Reporter: Neal Becker <ndbecker2>
Component: kernelAssignee: John W. Linville <linville>
Status: CLOSED CANTFIX QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: high Docs Contact:
Priority: high    
Version: 9CC: kernel-maint, nhorman
Target Milestone: ---   
Target Release: ---   
Hardware: x86_64   
OS: Linux   
URL: http://www.kerneloops.org/search.php?search=fput
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2008-08-19 18:49:14 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Neal Becker 2008-05-14 15:12:16 UTC
Description of problem:

May 14 11:01:15 nbecker1 kernel: general protection fault: 0000 [1] SMP 
May 14 11:01:15 nbecker1 kernel: CPU 0 
May 14 11:01:15 nbecker1 kernel: Modules linked in: bridge bnep rfcomm l2cap
vboxdrv autofs4 coretemp hwmon fuse sunrpc nf_conntrack_ipv4 ipt_REJECT
iptable_filter ip_tables nf_conntrack_netbios_ns nf_conntrack_ipv6 xt_state
nf_conntrack xt_tcpudp ip6t_ipv6header ip6t_REJECT ip6table_filter ip6_tables
x_tables cpufreq_ondemand acpi_cpufreq freq_table loop dm_mirror dm_multipath
dm_mod ipv6 snd_hda_intel snd_seq_dummy snd_seq_oss arc4 snd_seq_midi_event
snd_seq snd_seq_device ecb hci_usb snd_pcm_oss snd_mixer_oss snd_pcm
crypto_blkcipher video snd_timer snd_page_alloc ricoh_mmc snd_hwdep iwl4965
iwlcore rfkill sdhci mac80211 mmc_core r8169 firewire_ohci firewire_core
crc_itu_t snd i2c_i801 output i2c_core wmi bluetooth ac soundcore battery button
cfg80211 iTCO_wdt sr_mod iTCO_vendor_support pcspkr joydev cdrom sg ata_piix
ahci libata sd_mod scsi_mod raid456 async_xor async_memcpy async_tx xor raid0
ext3 jbd mbcache uhci_hcd ohci_hcd ehci_hcd [last unloaded: microcode]
May 14 11:01:15 nbecker1 kernel: Pid: 2656, comm: wpa_supplicant Not tainted
2.6.25-14.fc9.x86_64 #1
May 14 11:01:15 nbecker1 kernel: RIP: 0010:[fput+4/22]  [fput+4/22] fput+0x4/0x16
May 14 11:01:15 nbecker1 kernel: RSP: 0018:ffff8100700999d8  EFLAGS: 00010296
May 14 11:01:15 nbecker1 kernel: RAX: ffff81007f43c2f8 RBX: 0000000000000003
RCX: ffff81007f43c2f8
May 14 11:01:15 nbecker1 kernel: RDX: ffff810070099b60 RSI: 0000000000000296
RDI: 5a422e006f146d80
May 14 11:01:15 nbecker1 kernel: RBP: ffff8100700999d8 R08: ffff810070098000
R09: 0000000000000000
May 14 11:01:15 nbecker1 kernel: R10: ffff8100700999c8 R11: 0000000000000000
R12: ffff810070099b60
May 14 11:01:15 nbecker1 kernel: R13: ffff810070099ab8 R14: 0000000000000000
R15: 000000000000000a
May 14 11:01:15 nbecker1 kernel: FS:  00007f4423f977a0(0000)
GS:ffffffff813f6000(0000) knlGS:0000000000000000
May 14 11:01:15 nbecker1 kernel: CS:  0010 DS: 0000 ES: 0000 CR0: 000000008005003b
May 14 11:01:15 nbecker1 kernel: CR2: 00000035baf664f8 CR3: 00000000694df000
CR4: 00000000000006e0
May 14 11:01:15 nbecker1 kernel: DR0: 0000000000000000 DR1: 0000000000000000
DR2: 0000000000000000
May 14 11:01:15 nbecker1 kernel: DR3: 0000000000000000 DR6: 00000000ffff0ff0
DR7: 0000000000000400
May 14 11:01:15 nbecker1 kernel: Process wpa_supplicant (pid: 2656, threadinfo
ffff810070098000, task ffff810069540000)
May 14 11:01:15 nbecker1 kernel: Stack:  ffff810070099a08 ffffffff810b173c
0000000000000040 0000000000000300
May 14 11:01:15 nbecker1 kernel:  ffff81006f146d80 0000000000000001
ffff810070099d38 ffffffff810b22c5
May 14 11:01:15 nbecker1 kernel:  ffffffff812d2f60 000000407c879000
ffff810070099f40 ffff810070099e98
May 14 11:01:15 nbecker1 kernel: Call Trace:
May 14 11:01:15 nbecker1 kernel:  [poll_freewait+57/137] poll_freewait+0x39/0x89
May 14 11:01:15 nbecker1 kernel:  [do_select+1243/1286] do_select+0x4db/0x506
May 14 11:01:15 nbecker1 kernel:  [__pollwait+0/225] ? __pollwait+0x0/0xe1
May 14 11:01:15 nbecker1 kernel:  [default_wake_function+0/15] ?
default_wake_function+0x0/0xf
May 14 11:01:15 nbecker1 kernel:  [default_wake_function+0/15] ?
default_wake_function+0x0/0xf
May 14 11:01:15 nbecker1 kernel:  [default_wake_function+0/15] ?
default_wake_function+0x0/0xf
May 14 11:01:15 nbecker1 kernel:  [__wake_up+67/79] ? __wake_up+0x43/0x4f
May 14 11:01:15 nbecker1 kernel:  [netlink_recvmsg+690/720] ?
netlink_recvmsg+0x2b2/0x2d0
May 14 11:01:15 nbecker1 kernel:  [sock_recvmsg+270/307] ? sock_recvmsg+0x10e/0x133
May 14 11:01:15 nbecker1 kernel:  [sock_sendmsg+253/288] ? sock_sendmsg+0xfd/0x120
May 14 11:01:15 nbecker1 kernel:  [core_sys_select+422/596]
core_sys_select+0x1a6/0x254
May 14 11:01:15 nbecker1 kernel:  [generic_file_aio_write+114/195] ?
generic_file_aio_write+0x72/0xc3
May 14 11:01:15 nbecker1 kernel:  [do_sync_write+231/301] ? do_sync_write+0xe7/0x12d
May 14 11:01:15 nbecker1 kernel:  [move_addr_to_user+102/132] ?
move_addr_to_user+0x66/0x84
May 14 11:01:15 nbecker1 kernel:  [sys_recvfrom+163/248] ? sys_recvfrom+0xa3/0xf8
May 14 11:01:15 nbecker1 kernel:  [sys_select+181/343] sys_select+0xb5/0x157
May 14 11:01:15 nbecker1 kernel:  [syscall_trace_enter+181/185] ?
syscall_trace_enter+0xb5/0xb9
May 14 11:01:15 nbecker1 kernel:  [tracesys+213/218] tracesys+0xd5/0xda
May 14 11:01:15 nbecker1 kernel: 
May 14 11:01:15 nbecker1 kernel: 
May 14 11:01:15 nbecker1 kernel: Code: 0c 01 00 4d 85 ff 74 13 41 c7 87 c4 00 00
00 00 00 00 00 4c 89 ff e8 68 4f 01 00 5e 5b 41 5c 41 5d 41 5e 41 5f c9 c3 55 48
89 e5 <f0> ff 4f 28 0f 94 c0 84 c0 74 05 e8 63 fe ff ff c9 c3 55 48 8b 
May 14 11:01:15 nbecker1 kernel: RIP  [fput+4/22] fput+0x4/0x16
May 14 11:01:15 nbecker1 kernel:  RSP <ffff8100700999d8>
May 14 11:01:15 nbecker1 kernel: ---[ end trace e3bc86dab3741ed2 ]---

Version-Release number of selected component (if applicable):
kernel-2.6.25-14.fc9.x86_64

How reproducible:

unknown

Steps to Reproduce:
1.
2.
3.
  
Actual results:


Expected results:


Additional info:

Comment 1 Arjan van de Ven 2008-05-15 03:59:06 UTC
This bug only seems to happen with wpa_supplicant, and it's a corruption of the
poll structure... sounds like something in the wifi stack is corrupting data
structures...

Comment 2 John W. Linville 2008-05-20 19:19:56 UTC
Can you recreate this issue with the test kernels here?

   http://koji.fedoraproject.org/koji/buildinfo?buildID=49743

Comment 3 John W. Linville 2008-08-19 18:49:14 UTC
Closed due to lack of response...