Bug 797762

Summary: [abrt] kernel: BUG: unable to handle kernel NULL pointer dereference at 0000000000000740
Product: [Fedora] Fedora Reporter: Fabian Deutsch <fabian.deutsch>
Component: kernelAssignee: John W. Linville <linville>
Status: CLOSED INSUFFICIENT_DATA QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: 16CC: gansalmon, itamar, jonathan, kernel-maint, larry.finger, madhu.chinakonda
Target Milestone: ---   
Target Release: ---   
Hardware: x86_64   
OS: Unspecified   
Whiteboard: abrt_hash:298ee51dd81656a444d63e3d0b2f842b7ea7af10
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2012-09-04 17:18:49 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Attachments:
Description Flags
Trial patch to disable interrupts when unloading driver none

Description Fabian Deutsch 2012-02-27 09:16:50 UTC 
libreport version: 2.0.8
abrt_version:   2.0.7
cmdline:        rd.lvm.lv=vg_apu/lv_root rd.md=0 rd.dm=0  KEYTABLE=de quiet SYSFONT=latarcyrheb-sun16 rhgb root=/dev/mapper/vg_apu-lv_root rd.luks=0 rd.lvm.lv=vg_apu/lv_swap ro LANG=en_US.UTF-8
kernel:         3.2.7-1.fc16.x86_64
reason:         BUG: unable to handle kernel NULL pointer dereference at 0000000000000740
time:           Mo 27 Feb 2012 10:15:36 CET

backtrace:
:BUG: unable to handle kernel NULL pointer dereference at 0000000000000740
:IP: [<ffffffffa02b6d39>] rtl92ce_get_desc+0x19/0xd0 [rtl8192ce]
:PGD c4443067 PUD 9f74d067 PMD 0 
:Oops: 0000 [#1] SMP 
:CPU 0 
:Modules linked in: tcp_lp ppdev parport_pc lp parport fuse ebtable_nat ebtables ipt_MASQUERADE iptable_nat nf_nat xt_CHECKSUM iptable_mangle bridge be2iscsi iscsi_boot_sysfs bnx2i cnic uio cxgb4i cxgb4 lockd fcoe libfcoe cxgb3i libfc libcxgbi scsi_transport_fc cxgb3 scsi_tgt 8021q garp stp llc mdio ib_iser rdma_cm ib_cm iw_cm ib_sa ib_mad ib_core ib_addr iscsi_tcp libiscsi_tcp libiscsi scsi_transport_iscsi rfcomm bnep ip6t_REJECT ip6t_ipv6header nf_conntrack_ipv6 nf_defrag_ipv6 ip6table_filter ip6_tables nf_conntrack_ipv4 nf_defrag_ipv4 xt_state nf_conntrack btrfs zlib_deflate libcrc32c vfat fat btusb bluetooth snd_hda_codec_conexant snd_hda_codec_hdmi snd_hda_intel snd_hda_codec snd_hwdep snd_seq vhost_net snd_seq_device uvcvideo videodev media v4l2_compat_ioctl32 snd_pcm thinkpad_acpi macvtap joydev macvlan tun virtio_net kvm_amd kvm snd_timer sp5100_tco i2c_piix4 arc4 rtl8192ce(-) rtl8192c_common rtlwifi mac80211 serio_raw uinput snd_page_alloc snd k10temp soundco
:re atl1c cfg80211 sunrpc rfkill binfmt_misc microcode video wmi radeon ttm drm_kms_helper drm i2c_algo_bit i2c_core [last unloaded: scsi_wait_scan]
:Pid: 3049, comm: rmmod Not tainted 3.2.7-1.fc16.x86_64 #1 LENOVO 30515QG/30515QG
:RIP: 0010:[<ffffffffa02b6d39>]  [<ffffffffa02b6d39>] rtl92ce_get_desc+0x19/0xd0 [rtl8192ce]
:RSP: 0000:ffff88009795fb58  EFLAGS: 00010046
:RAX: ffffffffa02ba2a0 RBX: 0000000000000000 RCX: 0000000000000000
:RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000740
:RBP: ffff88009795fb68 R08: ffff8801182e2200 R09: ffff88011a4000a0
:R10: 000000000000005a R11: ffffffd8fffffff8 R12: ffff8800c4437f00
:R13: 0000000000000740 R14: 000000000000003a R15: 000000000000003a
:FS:  00007f0577ac9700(0000) GS:ffff88011ec00000(0000) knlGS:0000000000000000
:CS:  0010 DS: 0000 ES: 0000 CR0: 000000008005003b
:CR2: 0000000000000740 CR3: 00000000c5e1c000 CR4: 00000000000006f0
:DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
:DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000400
:Process rmmod (pid: 3049, threadinfo ffff88009795e000, task ffff8800bd5f5c80)
:Stack:
: ffffffff811369c9 ffff88011730a540 ffff88009795fca8 ffffffffa029b8e7
: 0000000000000282 000000010015000a ffff88009795ffd8 ffff88011730a810
: ffff88009795fbc8 ffffffff81054732 0000000000000000 ffff880117308d40
:Call Trace:
: [<ffffffff811369c9>] ? __mod_zone_page_state+0x49/0x50
: [<ffffffffa029b8e7>] _rtl_pci_rx_interrupt+0x187/0x650 [rtlwifi]
: [<ffffffff81054732>] ? complete+0x52/0x60
: [<ffffffffa029ce69>] _rtl_pci_interrupt+0x409/0x930 [rtlwifi]
: [<ffffffff810decfd>] __free_irq+0x17d/0x220
: [<ffffffff810def25>] free_irq+0x55/0xd0
: [<ffffffffa029c656>] rtl_pci_disconnect+0x176/0x1a0 [rtlwifi]
: [<ffffffff812dd156>] pci_device_remove+0x46/0x110
: [<ffffffff813932dc>] __device_release_driver+0x7c/0xe0
: [<ffffffff81393bb8>] driver_detach+0xb8/0xc0
: [<ffffffff8139311a>] bus_remove_driver+0x8a/0x100
: [<ffffffff81394372>] driver_unregister+0x62/0xa0
: [<ffffffff812dc004>] pci_unregister_driver+0x44/0xa0
: [<ffffffffa02b6e5c>] rtl92ce_module_exit+0x10/0x1b4 [rtl8192ce]
: [<ffffffff810aa9ee>] sys_delete_module+0x18e/0x250
: [<ffffffff810c0065>] ? cgroup_iter_start+0xa5/0x150
: [<ffffffff815e9d82>] system_call_fastpath+0x16/0x1b
:Code: ff 09 d0 89 07 48 83 c4 08 5b 5d c3 66 0f 1f 44 00 00 55 48 89 e5 53 48 83 ec 08 66 66 66 66 90 40 84 f6 89 d3 74 13 84 d2 75 57 <8b> 07 48 83 c4 08 5b 5d c1 e8 1f c3 0f 1f 00 84 d2 74 ed 80 fa 
:RIP  [<ffffffffa02b6d39>] rtl92ce_get_desc+0x19/0xd0 [rtl8192ce]
: RSP <ffff88009795fb58>
:CR2: 0000000000000740

comment:
:This problem can be triggered by unloading the rtl8192ce module:
:$ sudo rmmod rtl8192ce

smolt_data:
:
:
:Allgemein
:=================================
:UUID: d56c1a00-2354-4b57-b228-a859aacf8c9d
:OS: Fedora release 16 (Verne)
:Standard-Runlevel: Unknown
:Sprache: de_DE.utf8
:Plattform: x86_64
:BogoMIPS: 3193.45
:CPU-Anbieter: AuthenticAMD
:CPU-Modell: AMD E-350 Processor
:CPU-Stepping: 0
:CPU Familie: 20
:CPU-Modellnummer: 1
:Anzahl der CPUs: 2
:CPU-Geschwindigkeit: 1600
:Systemspeicher: 3554
:System-Swap: 5599
:Anbieter: LENOVO
:System: 30515QG ThinkPad X120e
:Form-Faktor: Notebook
:Kernel: 3.2.7-1.fc16.x86_64
:SELinux aktiviert: 1
:SELinux-Richtlinie: targeted
:SELinux erzwingen: Enforcing
:MythTV Remote: Unknown
:MythTV Role: Unknown
:MythTV Theme: Unknown
:MythTV Plugin: 
:MythTV Tuner: -1
:
:
:Geräte
:=================================
:(4130:5396:4130:4660) pci, pcieport, PCI/PCI, Family 14h Processor Root Port
:(4098:17297:6058:8684) pci, ahci, STORAGE, SB7x0/SB8x0/SB9x0 SATA Controller [AHCI mode]
:(4130:5397:4130:4660) pci, pcieport, PCI/PCI, Family 14h Processor Root Port
:(4130:5392:4130:5392) pci, None, HOST/PCI, Pavilion DM1Z-3000 Host bridge
:(4098:4884:4098:4884) pci, snd_hda_intel, MULTIMEDIA, Wrestler HDMI Audio [Radeon HD 6250/6310]
:(4098:38914:6058:8684) pci, radeon, VIDEO, AMD Radeon HD 6310 GraphicsATI
:(4130:5912:0:0) pci, None, HOST/PCI, Family 12h/14h Processor Function 6
:(4130:5892:0:0) pci, None, HOST/PCI, Family 12h/14h Processor Function 4
:(4130:5913:0:0) pci, None, HOST/PCI, Family 12h/14h Processor Function 7
:(4130:5910:0:0) pci, None, HOST/PCI, Family 12h/14h Processor Function 5
:(4130:5889:0:0) pci, None, HOST/PCI, Family 12h/14h Processor Function 1
:(4130:5888:0:0) pci, None, HOST/PCI, Family 12h/14h Processor Function 0
:(4130:5891:0:0) pci, k10temp, HOST/PCI, Family 12h/14h Processor Function 3
:(4130:5890:0:0) pci, None, HOST/PCI, Family 12h/14h Processor Function 2
:(6505:4227:6505:4227) pci, atl1c, ETHERNET, AR8151 v2.0 Gigabit Ethernet
:(4332:21001:6058:8684) pci, None, MISC, N/A
:(4098:17285:0:0) pci, None, SERIAL, SBx00 SMBus Controller
:(4098:17309:6058:8684) pci, None, PCI/ISA, SB7x0/SB8x0/SB9x0 LPC host controller
:(4098:17283:6058:8684) pci, snd_hda_intel, MULTIMEDIA, SBx00 Azalia (Intel HDA)
:(4098:17284:0:0) pci, None, PCI/PCI, SBx00 PCI to PCI Bridge
:(4098:17302:6058:8684) pci, ehci_hcd, USB, SB7x0/SB8x0/SB9x0 USB EHCI Controller
:(4332:33142:4332:33173) pci, None, NETWORK, RTL8188CE 802.11b/g/n WiFi Adapter
:(4098:17303:6058:8684) pci, ohci_hcd, USB, SB7x0/SB8x0/SB9x0 USB OHCI0 Controller
:(4098:17302:6058:8684) pci, ehci_hcd, USB, SB7x0/SB8x0/SB9x0 USB EHCI Controller
:(4098:17303:6058:8684) pci, ohci_hcd, USB, SB7x0/SB8x0/SB9x0 USB OHCI0 Controller
:(4130:5395:4130:4660) pci, pcieport, PCI/PCI, Family 14h Processor Root Port
:
:
:Dateisysteminformationen
:=================================
:device mtpt type bsize frsize blocks bfree bavail file ffree favail
:-------------------------------------------------------------------
:/dev/mapper/vg_apu-lv_root / ext4 4096 4096 13092026 10990741 10859719 3276800 3015227 3015227
:/dev/sda2 /boot ext4 1024 1024 508745 411410 385810 128016 127940 127940
:/dev/sda1 WITHHELD vfat 8192 8192 1498694 1498647 1498647 0 0 0
:/dev/mapper/vg_apu-lv_home /home btrfs 4096 4096 34865152 21795904 20265216 0 0 0
:
Comment 1 Josh Boyer 2012-02-27 14:39:59 UTC 
Larry, have you seen anything like this before?  The Fedora 3.2.7 kernel is using compat-wireless-3.3-rc1-2 with the following patches applied:

ApplyPatch compat-wireless-config-fixups.patch
ApplyPatch compat-wireless-pr_fmt-warning-avoidance.patch
ApplyPatch compat-wireless-integrated-build.patch

ApplyPatch compat-wireless-rtl8192cu-Fix-WARNING-on-suspend-resume.patch

# Pending upstream fixes
ApplyPatch mac80211-fix-debugfs-key-station-symlink.patch
ApplyPatch brcmsmac-fix-tx-queue-flush-infinite-loop.patch
ApplyPatch mac80211-Use-the-right-headroom-size-for-mesh-mgmt-f.patch
ApplyPatch b43-add-option-to-avoid-duplicating-device-support-w.patch
ApplyPatch mac80211-update-oper_channel-on-ibss-join.patch
ApplyPatch mac80211-set-bss_conf.idle-when-vif-is-connected.patch
ApplyPatch iwlwifi-fix-PCI-E-transport-inta-race.patch
ApplyPatch bcma-Fix-mem-leak-in-bcma_bus_scan.patch
ApplyPatch rt2800lib-fix-wrong-128dBm-when-signal-is-stronger-t.patch
ApplyPatch iwlwifi-make-Tx-aggregation-enabled-on-ra-be-at-DEBU.patch
ApplyPatch ssb-fix-cardbus-slot-in-hostmode.patch
ApplyPatch iwlwifi-don-t-mess-up-QoS-counters-with-non-QoS-fram.patch
ApplyPatch mac80211-timeout-a-single-frame-in-the-rx-reorder-bu.patch
ApplyPatch ath9k-use-WARN_ON_ONCE-in-ath_rc_get_highest_rix.patch
ApplyPatch mwifiex-handle-association-failure-case-correctly.patch
ApplyPatch ath9k-Fix-kernel-panic-during-driver-initilization.patch
ApplyPatch mwifiex-add-NULL-checks-in-driver-unload-path.patch
ApplyPatch ath9k-fix-a-WEP-crypto-related-regression.patch
ApplyPatch ath9k_hw-fix-a-RTS-CTS-timeout-regression.patch
ApplyPatch bcma-don-t-fail-for-bad-SPROM-CRC.patch
ApplyPatch zd1211rw-firmware-needs-duration_id-set-to-zero-for-.patch
ApplyPatch mac80211-Fix-a-rwlock-bad-magic-bug.patch
ApplyPatch rtlwifi-Modify-rtl_pci_init-to-return-0-on-success.patch
ApplyPatch mac80211-call-rate-control-only-after-init.patch
ApplyPatch mac80211-do-not-call-rate-control-.tx_status-before-.patch
ApplyPatch mwifiex-clear-previous-security-setting-during-assoc.patch
ApplyPatch ath9k-stop-on-rates-with-idx-1-in-ath9k-rate-control.patch
ApplyPatch ath9k_hw-prevent-writes-to-const-data-on-AR9160.patch
ApplyPatch rt2x00-fix-a-possible-NULL-pointer-dereference.patch
ApplyPatch iwlwifi-fix-key-removal.patch
ApplyPatch mac80211-zero-initialize-count-field-in-ieee80211_tx.patch
ApplyPatch mac80211-Fix-a-warning-on-changing-to-monitor-mode-f.patch
ApplyPatch brcm80211-smac-fix-endless-retry-of-A-MPDU-transmiss.patch
ApplyPatch brcm80211-smac-only-print-block-ack-timeout-message-.patch

ApplyPatch rt2x00_fix_MCU_request_failures.patch
Comment 2 Larry Finger 2012-02-27 16:06:14 UTC 
Created attachment 566079 [details]
Trial patch to disable interrupts when unloading driver

Please test this patch to see if it fixes the problem.
Comment 3 John W. Linville 2012-02-27 20:48:24 UTC 
Test kernels with the above patch are available here:

http://koji.fedoraproject.org/koji/taskinfo?taskID=3824317

Please give them a try and post the results here...thanks!
Comment 4 Dave Jones 2012-03-22 17:16:15 UTC 
[mass update]
kernel-3.3.0-4.fc16 has been pushed to the Fedora 16 stable repository.
Please retest with this update.
Comment 5 Dave Jones 2012-03-22 17:18:16 UTC 
[mass update]
kernel-3.3.0-4.fc16 has been pushed to the Fedora 16 stable repository.
Please retest with this update.
Comment 6 Dave Jones 2012-03-22 17:26:42 UTC 
[mass update]
kernel-3.3.0-4.fc16 has been pushed to the Fedora 16 stable repository.
Please retest with this update.