Bug 782770

Summary: [abrt] kernel: BUG: unable to handle kernel NULL pointer dereference at 000000000000006c
Product: [Fedora] Fedora Reporter: Niclas Ekstedt <nekstedt>
Component: kernelAssignee: John W. Linville <linville>
Status: CLOSED ERRATA QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: 16CC: gansalmon, itamar, jonathan, kernel-maint, larry.finger, madhu.chinakonda
Target Milestone: ---   
Target Release: ---   
Hardware: x86_64   
OS: Unspecified   
Whiteboard: abrt_hash:492543a441e58160d8741580c5d0f64d04be2f96
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2012-03-01 18:11:37 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Attachments:
Description Flags
File: backtrace none

Description Niclas Ekstedt 2012-01-18 12:11:20 UTC 
libreport version: 2.0.8
abrt_version:   2.0.7
cmdline:        BOOT_IMAGE=/vmlinuz-3.1.9-1.fc16.x86_64 root=/dev/mapper/VolGroup-lv_root ro rd.md=0 rd.dm=0 rd.lvm.lv=VolGroup/lv_swap KEYTABLE=sv-latin1 quiet SYSFONT=latarcyrheb-sun16 rhgb rd.lvm.lv=VolGroup/lv_root rd.luks.uuid=luks-ca9d28f8-abd9-4f5a-a6f1-47f0ee875c57 LANG=en_US.UTF-8
comment:        I was in KDE|System Settings|Local and changed the country from "System Country (United States of America)" to Sweden. When I clicked "Apply" the system crashed.
kernel:         3.1.9-1.fc16.x86_64
reason:         BUG: unable to handle kernel NULL pointer dereference at 000000000000006c
time:           Wed 18 Jan 2012 12:43:56 PM CET

backtrace:      Text file, 4501 bytes

smolt_data:
:
:
:General
:=================================
:UUID: fad41cfa-c04e-4a99-a15d-691b6bbe4a62
:OS: Fedora release 16 (Verne)
:Default run level: Unknown
:Language: en_US.UTF-8
:Platform: x86_64
:BogoMIPS: 4787.97
:CPU Vendor: GenuineIntel
:CPU Model: Intel(R) Core(TM) i5 CPU       M 520  @ 2.40GHz
:CPU Stepping: 5
:CPU Family: 6
:CPU Model Num: 37
:Number of CPUs: 4
:CPU Speed: 2400
:System Memory: 7847
:System Swap: 9887
:Vendor: LENOVO
:System: 4349W3C ThinkPad T510
:Form factor: Notebook
:Kernel: 3.1.9-1.fc16.x86_64
:SELinux Enabled: 1
:SELinux Policy: targeted
:SELinux Enforce: Enforcing
:MythTV Remote: Unknown
:MythTV Role: Unknown
:MythTV Theme: Unknown
:MythTV Plugin: 
:MythTV Tuner: -1
:
:
:Devices
:=================================
:(4480:59426:6058:8499) pci, sdhci-pci, BASE, MMC/SD Host Controller
:(4480:57904:6058:8500) pci, None, BASE, Memory Stick Host Controller
:(4480:59442:6058:8502) pci, firewire_ohci, FIREWIRE, FireWire Host Controller
:(32902:11362:6058:8598) pci, None, HOST/PCI, Core Processor QuickPath Architecture Generic Non-core Registers
:(32902:11521:6058:8598) pci, None, HOST/PCI, Core Processor QuickPath Architecture System Address Decoder
:(32902:68:6058:8595) pci, None, HOST/PCI, Core Processor DRAM Controller
:(32902:69:6058:8596) pci, pcieport, PCI/PCI, Core Processor PCI Express x16 Root Port
:(32902:11536:6058:8598) pci, None, HOST/PCI, Core Processor QPI Link 0
:(32902:11537:6058:8598) pci, None, HOST/PCI, Core Processor QPI Physical 0
:(32902:11538:6058:8598) pci, None, HOST/PCI, Core Processor Reserved
:(32902:11539:6058:8598) pci, None, HOST/PCI, Core Processor Reserved
:(32902:15152:6058:8551) pci, i801_smbus, SERIAL, 5 Series/3400 Series Chipset SMBus Controller
:(32902:15151:6058:8552) pci, ahci, STORAGE, 5 Series/3400 Series Chipset 6 port SATA AHCI Controller
:(32902:15111:6058:8550) pci, None, PCI/ISA, Mobile 5 Series Chipset LPC Interface Controller
:(32902:15154:6058:8592) pci, intel ips, NONE, 5 Series/3400 Series Chipset Thermal Subsystem
:(32902:4330:6058:8531) pci, e1000e, ETHERNET, 82577LM Gigabit Network Connection
:(32902:9288:6058:8549) pci, None, PCI/PCI, 82801 Mobile PCI Bridge
:(32902:15164:6058:8547) pci, ehci_hcd, USB, 5 Series/3400 Series Chipset USB2 Enhanced Host Controller
:(32902:15156:6058:8547) pci, ehci_hcd, USB, 5 Series/3400 Series Chipset USB2 Enhanced Host Controller
:(32902:15204:6058:8543) pci, None, SIMPLE, 5 Series/3400 Series Chipset HECI Controller
:(4332:33138:4332:57376) pci, rtl8192se, NETWORK, RTL8191SEvB Wireless LAN Controller
:(32902:15176:6058:8548) pci, pcieport, PCI/PCI, 5 Series/3400 Series Chipset PCI Express Root Port 4
:(32902:15170:6058:8548) pci, pcieport, PCI/PCI, 5 Series/3400 Series Chipset PCI Express Root Port 1
:(32902:15172:6058:8548) pci, pcieport, PCI/PCI, 5 Series/3400 Series Chipset PCI Express Root Port 2
:(32902:15178:6058:8548) pci, pcieport, PCI/PCI, 5 Series/3400 Series Chipset PCI Express Root Port 5
:(32902:15190:6058:8542) pci, snd_hda_intel, MULTIMEDIA, 5 Series/3400 Series Chipset High Definition Audio
:(32902:15207:6058:8546) pci, serial, 16550_SERIAL, 5 Series/3400 Series Chipset KT Controller
:(4318:3043:6058:8591) pci, snd_hda_intel, MULTIMEDIA, High Definition Audio Controller
:(4318:2668:6058:8540) pci, nouveau, VIDEO, GT218 [NVS 3100M]
:
:
:Filesystem Information
:=================================
:device mtpt type bsize frsize blocks bfree bavail file ffree favail
:-------------------------------------------------------------------
:/dev/mapper/VolGroup-lv_root / ext4 4096 4096 74296528 70660574 66886520 18874368 18705638 18705638
:/dev/sda1 /boot ext4 1024 1024 495844 458757 433157 128016 127796 127796
:
Comment 1 Niclas Ekstedt 2012-01-18 12:11:24 UTC 
Created attachment 556008 [details]
File: backtrace
Comment 2 Josh Boyer 2012-01-18 16:14:48 UTC 
Larry, have you seen something like this before?  The 3.1.9-1 kernel does not
contain the patch from bug 728740, but we are using the compat-wireless drivers
from 3.2.

BUG: unable to handle kernel NULL pointer dereference at 000000000000006c
IP: [<ffffffff814b673d>] skb_put+0xd/0x90
PGD 218c62067 PUD 21fdf4067 PMD 0 
Oops: 0000 [#1] SMP 
CPU 2 
Modules linked in: ppdev parport_pc lp parport nf_conntrack_ipv6 nf_defrag_ipv6 ip6table_filter ip6_tables nf_conntrack_ipv4 nf_defrag_ipv4 xt_state nf_conntrack snd_seq_dummy tcp_lp usb_storage fuse binfmt_misc lockd rfcomm bnep ip6t_REJECT snd_hda_codec_hdmi snd_hda_codec_conexant arc4 rtl8192se snd_hda_intel snd_hda_codec snd_hwdep btusb snd_seq snd_seq_device rtlwifi snd_pcm mac80211 bluetooth cfg80211 i2c_i801 snd_timer thinkpad_acpi iTCO_wdt e1000e snd intel_ips rfkill snd_page_alloc iTCO_vendor_support joydev soundcore microcode uinput sunrpc xts gf128mul dm_crypt sdhci_pci sdhci mmc_core firewire_ohci firewire_core crc_itu_t nouveau ttm drm_kms_helper drm i2c_algo_bit i2c_core mxm_wmi wmi video [last unloaded: nf_conntrack]
Pid: 1319, comm: wpa_supplicant Not tainted 3.1.9-1.fc16.x86_64 #1 LENOVO 4349W3C/4349W3C
RIP: 0010:[<ffffffff814b673d>]  [<ffffffff814b673d>] skb_put+0xd/0x90
RSP: 0018:ffff88021fd056d8  EFLAGS: 00010286
RAX: 0000000000000000 RBX: 0000000000000000 RCX: 00000000004f6f6a
RDX: 00000000004f6f69 RSI: 000000000000c808 RDI: 0000000000000000
RBP: ffff88021fd056f8 R08: ffffffff814b6a26 R09: 00000000ffffffff
R10: 0000000000000000 R11: 0000000000000001 R12: 0000000000000000
R13: 000000000000c808 R14: 000000000000c808 R15: 0000000000000001
FS:  00007f738c0aa7c0(0000) GS:ffff88023bd00000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007f4e88c044d0 CR3: 000000022194f000 CR4: 00000000000006e0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000400
Process wpa_supplicant (pid: 1319, threadinfo ffff88021fd04000, task ffff88021937c590)
Stack:
 000000000000c808 0000000000000001 ffff88021fd056f8 ffffffff814b70dd
 ffff88021fd057a8 ffffffffa03097a7 000000000000c808 000000000000c808
 ffff88021fd05fd8 ffff88021fd05fd8 ffff88021fd05fd8 ffffc9001182ba0e
Call Trace:
 [<ffffffff814b70dd>] ? dev_alloc_skb+0x1d/0x40
 [<ffffffffa03097a7>] rtl92s_download_fw+0x3f7/0xe80 [rtl8192se]
 [<ffffffffa030d69e>] rtl92se_hw_init+0x6ce/0x1cf0 [rtl8192se]
 [<ffffffffa0461f60>] rtl_ps_enable_nic+0x40/0xe0 [rtlwifi]
 [<ffffffffa03126b7>] rtl92s_phy_set_rf_power_state+0x497/0x860 [rtl8192se]
 [<ffffffffa046428d>] ? rtl_pci_disable_aspm+0xfd/0x1d0 [rtlwifi]
 [<ffffffffa0461d47>] rtl_ps_set_rf_state+0x67/0x100 [rtlwifi]
 [<ffffffffa0461e24>] _rtl_ps_inactive_ps+0x44/0xd0 [rtlwifi]
 [<ffffffffa046221c>] rtl_ips_nic_on+0x7c/0x90 [rtlwifi]
 [<ffffffffa045ee25>] rtl_op_config+0x205/0x3a0 [rtlwifi]
 [<ffffffffa03d1352>] ieee80211_hw_config+0xe2/0x160 [mac80211]
 [<ffffffffa03e36be>] ieee80211_recalc_idle+0x4e/0x60 [mac80211]
 [<ffffffffa03d62b3>] __ieee80211_start_scan+0x103/0x240 [mac80211]
 [<ffffffff8115e2ec>] ? __kmalloc+0x12c/0x190
 [<ffffffffa03d6eb9>] ieee80211_request_scan+0x39/0x60 [mac80211]
 [<ffffffffa03e59ec>] ieee80211_scan+0x6c/0x90 [mac80211]
 [<ffffffffa0280588>] nl80211_trigger_scan+0x368/0x620 [cfg80211]
 [<ffffffff814ed755>] genl_rcv_msg+0x1d5/0x250
 [<ffffffff814ed580>] ? genl_rcv+0x40/0x40
 [<ffffffff814ed019>] netlink_rcv_skb+0xa9/0xd0
 [<ffffffff814ed565>] genl_rcv+0x25/0x40
 [<ffffffff814ec928>] netlink_unicast+0x2a8/0x2f0
 [<ffffffff814ba2d7>] ? memcpy_fromiovec+0x67/0xb0
 [<ffffffff814ecc32>] netlink_sendmsg+0x2c2/0x360
 [<ffffffff814ac72e>] sock_sendmsg+0x10e/0x130
 [<ffffffff8126bb04>] ? context_struct_compute_av+0x314/0x3e0
 [<ffffffff8115f4fc>] ? kmem_cache_alloc+0x10c/0x140
 [<ffffffff81255f77>] ? avc_alloc_node+0x27/0x140
 [<ffffffff8115d58f>] ? kmem_cache_free+0x2f/0x110
 [<ffffffff814af151>] ? move_addr_to_kernel+0x71/0x80
 [<ffffffff814ba5d6>] ? verify_iovec+0x56/0xd0
 [<ffffffff814adcc6>] __sys_sendmsg+0x396/0x3b0
 [<ffffffff8107ee67>] ? __set_task_blocked+0x37/0x80
 [<ffffffff810813bf>] ? set_current_blocked+0x3f/0x60
 [<ffffffff8101c591>] ? fpu_finit+0x21/0x40
 [<ffffffff8117d642>] ? path_put+0x22/0x30
 [<ffffffff8101d7a8>] ? restore_i387_xstate+0xd8/0x1a0
 [<ffffffff814b00e9>] sys_sendmsg+0x49/0x90
 [<ffffffff815dd1c2>] system_call_fastpath+0x16/0x1b
Code: 00 00 00 89 f1 48 8b 75 08 48 89 3c 24 48 c7 c7 60 42 83 81 e8 a1 41 11 00 0f 0b 0f 1f 00 55 48 89 e5 48 83 ec 20 66 66 66 66 90 <8b> 4f 6c 48 8b 87 d8 00 00 00 8b 97 cc 00 00 00 85 c9 75 19 8d 
RIP  [<ffffffff814b673d>] skb_put+0xd/0x90
 RSP <ffff88021fd056d8>
Comment 3 Larry Finger 2012-01-18 17:27:41 UTC 
The patch to fix that problem was recently merged into the mainline kernel as commit d90db4b. As it was marked with a Cc to Stable, it should be backported.

Your compat-wireless choice is likely too old. The patch has been in wireless-testing for some time, and will be in the bleeding-edge version of compat-wireless.
Comment 4 Niclas Ekstedt 2012-01-21 20:41:52 UTC 
I made a few changes to applications in the Kicker menu (Right click Kick Off Application Menu and select Edit Applications). When I saved these changes the system crashed.

Package: kernel
OS Release: Fedora release 16 (Verne)
Comment 5 Josh Boyer 2012-03-01 18:11:37 UTC 
The commit Larry referenced in comment #3 went into 3.3-rc1.  The 3.2.x kernels in Fedora are using the compat-wireless-3.3-rc1 release, so that should be included in there.

If you see this bug again with a 3.2.7 or newer kernel, please reopen.