Bug 867537

Summary: selinux_file_permission: BUG: unable to handle kernel NULL pointer dereference at 0000000b
Product: [Fedora] Fedora Reporter: freetux
Component: kernelAssignee: Eric Paris <eparis>
Status: CLOSED WONTFIX QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: 17CC: gansalmon, greearb, itamar, jonathan, joydebnag, kernel-maint, madhu.chinakonda
Target Milestone: ---   
Target Release: ---   
Hardware: i686   
OS: Unspecified   
Whiteboard: abrt_hash:e616da24a5921a35e408471d18cc22b7e0c0c036
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2013-08-01 00:09:33 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description freetux 2012-10-17 16:37:51 UTC 
Additional info:
libreport version: 2.0.14
abrt_version:   2.0.13
cmdline:        BOOT_IMAGE=/vmlinuz-3.6.1-1.fc17.i686.PAE root=/dev/mapper/vg_pinkfloyd-lv_root ro rd.md=0 rd.dm=0 SYSFONT=True rd.luks.uuid=luks-2b8f6beb-7b54-45e0-a273-fe7b5bd77927 rd.lvm.lv=vg_pinkfloyd/lv_root LANG=fr_FR.UTF-8 rd.lvm.lv=vg_pinkfloyd/lv_swap KEYTABLE=fr-latin9 rhgb quiet
kernel:         3.6.1-1.fc17.i686.PAE

backtrace:
:BUG: unable to handle kernel NULL pointer dereference at 0000000b
:IP: [<c062e0f3>] selinux_file_permission+0x33/0x110
:*pdpt = 0000000030728001 *pde = 0000000000000000 
:Oops: 0000 [#1] SMP 
:Modules linked in: fuse lockd sunrpc bnep bluetooth ip6t_REJECT nf_conntrack_ipv6 nf_defrag_ipv6 ip6table_filter nf_conntrack_ipv4 nf_defrag_ipv4 ip6_tables xt_state nf_conntrack uvcvideo videobuf2_vmalloc arc4 coretemp videobuf2_memops videobuf2_core snd_hda_codec_si3054 snd_hda_codec_realtek ath5k videodev ath microcode asus_laptop media snd_hda_intel mac80211 snd_hda_codec sparse_keymap cfg80211 snd_hwdep snd_seq rfkill atl2 sp5100_tco snd_seq_device snd_pcm serio_raw i2c_piix4 input_polldev snd_page_alloc snd_timer snd soundcore uinput xts gf128mul ata_generic pata_acpi dm_crypt usb_storage pata_atiixp video radeon i2c_algo_bit drm_kms_helper ttm drm i2c_core
:Pid: 1173, comm: kwin Not tainted 3.6.1-1.fc17.i686.PAE #1 ASUSTeK Computer Inc. F5RL                /F5RL      
:EIP: 0060:[<c062e0f3>] EFLAGS: 00010202 CPU: 1
:EIP is at selinux_file_permission+0x33/0x110
:EAX: 00000007 EBX: f077ab40 ECX: f0f83c9c EDX: 00000002
:ESI: f2d86ae0 EDI: f06a2660 EBP: f0589ec4 ESP: f0589eb4
: DS: 007b ES: 007b FS: 00d8 GS: 00e0 SS: 0068
:CR0: 8005003b CR2: 0000000b CR3: 3054b000 CR4: 000007f0
:DR0: 00000000 DR1: 00000000 DR2: 00000000 DR3: 00000000
:DR6: ffff0ff0 DR7: 00000400
:Process kwin (pid: 1173, ti=f0588000 task=f3b36480 task.ti=f0588000)
:Stack:
: 00000000 f077ab40 00000002 f077ab40 f0589ee4 c0627394 c0685541 00000003
: bf8f20c8 f077ab40 00000000 00000000 f0589f0c c0554c73 00000000 f0589f2c
: f0589f44 00000001 f0f83c9c 00000020 f0589f2c 00000001 f0589f78 c055573e
:Call Trace:
: [<c0627394>] security_file_permission+0x24/0xb0
: [<c0685541>] ? _copy_from_user+0x41/0x60
: [<c0554c73>] rw_verify_area+0x63/0x110
: [<c055573e>] do_readv_writev+0x5e/0x190
: [<c0496ca6>] ? ktime_get_ts+0x46/0x150
: [<c04bcd56>] ? __audit_syscall_exit+0x356/0x3b0
: [<c05558a7>] vfs_writev+0x37/0x60
: [<c0555a0d>] sys_writev+0x3d/0xa0
: [<c09793df>] sysenter_do_call+0x12/0x28
: [<c0970000>] ? arp_ignore+0x70/0x74
:Code: f4 89 75 f8 89 7d fc 66 66 66 66 90 89 c3 8b 40 0c 8b 73 70 8b 48 20 64 a1 90 1f cc c0 8b 80 e0 02 00 00 85 d2 8b 79 24 8b 40 58 <8b> 40 04 0f 84 94 00 00 00 39 06 74 68 64 a1 90 1f cc c0 f6 43
:EIP: [<c062e0f3>] selinux_file_permission+0x33/0x110 SS:ESP 0068:f0589eb4
:CR2: 000000000000000b
Comment 1 Dave Jones 2012-10-17 19:07:33 UTC 
it's a different trace to your other report in bug 867536, (though suspiciously, also a dereference of 0xb).

Again, memtest would be helpful to rule out here.
Comment 2 Josh Boyer 2013-01-02 15:45:02 UTC 
*** Bug 867536 has been marked as a duplicate of this bug. ***
Comment 3 Josh Boyer 2013-03-07 19:52:02 UTC 
*** Bug 877580 has been marked as a duplicate of this bug. ***
Comment 4 Josh Boyer 2013-03-07 19:52:16 UTC 
*** Bug 892277 has been marked as a duplicate of this bug. ***
Comment 5 Fedora End Of Life 2013-07-03 22:20:32 UTC 
This message is a reminder that Fedora 17 is nearing its end of life.
Approximately 4 (four) weeks from now Fedora will stop maintaining
and issuing updates for Fedora 17. It is Fedora's policy to close all
bug reports from releases that are no longer maintained. At that time
this bug will be closed as WONTFIX if it remains open with a Fedora 
'version' of '17'.

Package Maintainer: If you wish for this bug to remain open because you
plan to fix it in a currently maintained version, simply change the 'version' 
to a later Fedora version prior to Fedora 17's end of life.

Bug Reporter:  Thank you for reporting this issue and we are sorry that 
we may not be able to fix it before Fedora 17 is end of life. If you 
would still like  to see this bug fixed and are able to reproduce it 
against a later version  of Fedora, you are encouraged  change the 
'version' to a later Fedora version prior to Fedora 17's end of life.

Although we aim to fix as many bugs as possible during every release's 
lifetime, sometimes those efforts are overtaken by events. Often a 
more recent Fedora release includes newer upstream software that fixes 
bugs or makes them obsolete.
Comment 6 Fedora End Of Life 2013-08-01 00:09:39 UTC 
Fedora 17 changed to end-of-life (EOL) status on 2013-07-30. Fedora 17 is 
no longer maintained, which means that it will not receive any further 
security or bug fix updates. As a result we are closing this bug.

If you can reproduce this bug against a currently maintained version of 
Fedora please feel free to reopen this bug against that version.

Thank you for reporting this bug and we are sorry it could not be fixed.