libreport version: 2.0.8 abrt_version: 2.0.7 cmdline: BOOT_IMAGE=/boot/vmlinuz-3.1.6-1.fc16.x86_64 root=UUID=61557a57-b302-4279-9d7a-a59511370c52 ro rd.md=0 rd.lvm=0 rd.dm=0 KEYTABLE=us quiet SYSFONT=latarcyrheb-sun16 rhgb rd.luks=0 LANG=en_US.UTF-8 acpi=off kernel: 3.1.6-1.fc16.x86_64 reason: BUG: unable to handle kernel paging request at fffffffffffffbb0 time: Fri 06 Jan 2012 09:54:44 AM EST backtrace: Text file, 4344 bytes smolt_data: : : :General :================================= :UUID: 19eb1e7f-88ea-49b6-819a-137efe693091 :OS: Fedora release 16 (Verne) :Default run level: Unknown :Language: en_US.UTF-8 :Platform: x86_64 :BogoMIPS: 4789.43 :CPU Vendor: GenuineIntel :CPU Model: Intel(R) Core(TM) i7-2760QM CPU @ 2.40GHz :CPU Stepping: 7 :CPU Family: 6 :CPU Model Num: 42 :Number of CPUs: 4 :CPU Speed: 2394 :System Memory: 7868 :System Swap: 15999 :Vendor: Dell Inc. :System: Latitude E6420 01 :Form factor: Laptop :Kernel: 3.1.6-1.fc16.x86_64 :SELinux Enabled: 1 :SELinux Policy: targeted :SELinux Enforce: Enforcing :MythTV Remote: Unknown :MythTV Role: Unknown :MythTV Theme: Unknown :MythTV Plugin: :MythTV Tuner: -1 : : :Devices :================================= :(32902:260:4136:1171) pci, agpgart-intel, HOST/PCI, 2nd Generation Core Processor Family DRAM Controller :(32902:257:4136:1171) pci, pcieport, PCI/PCI, Xeon E3-1200/2nd Generation Core Processor Family PCI Express Root Port :(4631:33313:4136:1171) pci, sdhci-pci, BASE, N/A :(4631:33329:4136:1171) pci, None, STORAGE, N/A :(32902:7202:4136:1171) pci, i801_smbus, SERIAL, 6 Series/C200 Series Chipset Family SMBus Controller :(32902:10282:4136:1171) pci, ahci, RAID, Mobile 82801 SATA RAID Controller :(32902:7247:4136:1171) pci, None, PCI/ISA, QM67 Express Chipset Family LPC Controller :(32902:5378:4136:1171) pci, e1000e, ETHERNET, 82579LM Gigabit Network Connection :(32902:7188:4136:1171) pci, pcieport, PCI/PCI, 6 Series/C200 Series Chipset Family PCI Express Root Port 3 :(32902:7213:4136:1171) pci, ehci_hcd, USB, 6 Series/C200 Series Chipset Family USB Enhanced Host Controller #2 :(32902:7206:4136:1171) pci, ehci_hcd, USB, 6 Series/C200 Series Chipset Family USB Enhanced Host Controller #1 :(32902:7226:4136:1171) pci, None, SIMPLE, 6 Series/C200 Series Chipset Family MEI Controller #1 :(32902:135:32902:4897) pci, iwlwifi, NETWORK, Centrino Advanced-N + WiMAX 6250 2x2 AGN :(32902:294:4136:1171) pci, i915, VIDEO, 2nd Generation Core Processor Family Integrated Graphics Controller :(32902:7190:4136:1171) pci, pcieport, PCI/PCI, 6 Series/C200 Series Chipset Family PCI Express Root Port 4 :(32902:7184:4136:1171) pci, pcieport, PCI/PCI, 6 Series/C200 Series Chipset Family PCI Express Root Port 1 :(32902:7186:4136:1171) pci, pcieport, PCI/PCI, 6 Series/C200 Series Chipset Family PCI Express Root Port 2 :(32902:7200:4136:1171) pci, snd_hda_intel, MULTIMEDIA, 6 Series/C200 Series Chipset Family High Definition Audio Controller :(32902:7229:4136:1171) pci, serial, 16550_SERIAL, 6 Series/C200 Series Chipset Family KT Controller :(4318:3592:4136:5267) pci, snd_hda_intel, MULTIMEDIA, HDMI Audio stub :(4318:4182:4136:5267) pci, None, VIDEO, GF108 [Quadro NVS 4200M] :(32902:7194:4136:1171) pci, pcieport, PCI/PCI, 6 Series/C200 Series Chipset Family PCI Express Root Port 6 : : :Filesystem Information :================================= :device mtpt type bsize frsize blocks bfree bavail file ffree favail :------------------------------------------------------------------- :/dev/sda3 / ext4 4096 4096 25197932 23162901 21882901 6406144 6130060 6130060 :/dev/sda6 WITHHELD ext4 4096 4096 65751059 64785916 61445948 16703488 16703476 16703476 :/dev/mapper/luks-3a528dfc-726f-4431-ae49-2a164778ff76 /home ext4 4096 4096 25197420 22933799 21653825 6406144 6390335 6390335 :
Created attachment 551169 [details] File: backtrace
BUG: unable to handle kernel paging request at fffffffffffffbb0 IP: [<ffffffffa01d12fd>] ieee80211_stop_tx_ba_cb_irqsafe+0x1d/0xa0 [mac80211] PGD 1a07067 PUD 1a08067 PMD 0 Oops: 0000 [#1] SMP CPU 2 Modules linked in: tcp_lp ppdev parport_pc lp parport fuse ebtable_nat ebtables ipt_MASQUERADE iptable_nat nf_nat xt_CHECKSUM iptable_mangle tun bridge stp llc lockd nf_conntrack_ipv4 nf_defrag_ipv4 ip6t_REJECT nf_conntrack_ipv6 nf_defrag_ipv6 xt_state nf_conntrack ip6table_filter ip6_tables xts gf128mul dm_crypt virtio_net kvm_intel kvm snd_hda_codec_hdmi snd_hda_codec_idt snd_hda_intel snd_hda_codec snd_hwdep snd_seq snd_seq_device snd_pcm i2400m_usb i2400m iTCO_wdt iTCO_vendor_support uvcvideo wimax videodev media v4l2_compat_ioctl32 e1000e arc4 dell_laptop snd_timer snd soundcore iwlwifi mac80211 cfg80211 rfkill snd_page_alloc uinput sunrpc joydev dcdbas microcode i2c_i801 sdhci_pci sdhci mmc_core i915 drm_kms_helper drm i2c_algo_bit i2c_core video [last unloaded: scsi_wait_scan] Pid: 1097, comm: wpa_supplicant Not tainted 3.1.6-1.fc16.x86_64 #1 Dell Inc. Latitude E6420/032T9K RIP: 0010:[<ffffffffa01d12fd>] [<ffffffffa01d12fd>] ieee80211_stop_tx_ba_cb_irqsafe+0x1d/0xa0 [mac80211] RSP: 0018:ffff88021bcc3658 EFLAGS: 00010282 RAX: 0000000000000000 RBX: ffff88021ad58000 RCX: 0000000000000000 RDX: 0000000000000000 RSI: ffff88021ad5422c RDI: 0000000000000000 RBP: ffff88021bcc3678 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000001 R12: 0000000000000282 R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 FS: 00007fb4a4ebb7c0(0000) GS:ffff88023dd00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: fffffffffffffbb0 CR3: 000000021bc36000 CR4: 00000000000406e0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000400 Process wpa_supplicant (pid: 1097, threadinfo ffff88021bcc2000, task ffff880214615cc0) Stack: ffff88021ad58000 0000000000000282 0000000000000000 0000000000000000 ffff88021bcc3688 ffffffffa0228778 ffff88021bcc36d8 ffffffffa0234868 0000000100000000 000000000000000b 0000000000000000 ffff88021ad524e0 Call Trace: [<ffffffffa0228778>] iwl_stop_tx_ba_trans_ready+0x48/0x50 [iwlwifi] [<ffffffffa0234868>] iwl_trans_pcie_tx_agg_disable+0x148/0x1b0 [iwlwifi] [<ffffffffa021dcc3>] iwlagn_tx_agg_stop+0x43/0x90 [iwlwifi] [<ffffffff815d3bbd>] ? mutex_lock+0x1d/0x50 [<ffffffffa02146e2>] iwlagn_mac_ampdu_action+0xd2/0x2f0 [iwlwifi] [<ffffffffa01d19fb>] ___ieee80211_stop_tx_ba_session+0xeb/0x180 [mac80211] [<ffffffffa01d1eaf>] __ieee80211_stop_tx_ba_session+0x4f/0x80 [mac80211] [<ffffffffa01d0c72>] ieee80211_sta_tear_down_BA_sessions+0x42/0x70 [mac80211] [<ffffffffa01d4c6e>] ieee80211_set_disassoc+0xee/0x260 [mac80211] [<ffffffffa01d8320>] ieee80211_mgd_deauth+0x1c0/0x220 [mac80211] [<ffffffffa01de95e>] ieee80211_deauth+0x1e/0x20 [mac80211] [<ffffffffa01aa29e>] __cfg80211_mlme_deauth+0x11e/0x140 [cfg80211] [<ffffffffa01aa333>] cfg80211_mlme_deauth+0x73/0xa0 [cfg80211] [<ffffffffa019b70e>] nl80211_deauthenticate+0xbe/0xf0 [cfg80211] [<ffffffff814ed2f5>] genl_rcv_msg+0x1d5/0x250 [<ffffffff814ed120>] ? genl_rcv+0x40/0x40 [<ffffffff814ecbb9>] netlink_rcv_skb+0xa9/0xd0 [<ffffffff814ed105>] genl_rcv+0x25/0x40 [<ffffffff814ec4c8>] netlink_unicast+0x2a8/0x2f0 [<ffffffff814b9ea7>] ? memcpy_fromiovec+0x67/0xb0 [<ffffffff814ec7d2>] netlink_sendmsg+0x2c2/0x360 [<ffffffff814ac2fe>] sock_sendmsg+0x10e/0x130 [<ffffffff8115d40f>] ? kmem_cache_free+0x2f/0x110 [<ffffffff814aed21>] ? move_addr_to_kernel+0x71/0x80 [<ffffffff814ba1a6>] ? verify_iovec+0x56/0xd0 [<ffffffff814ad896>] __sys_sendmsg+0x396/0x3b0 [<ffffffff8107ecb7>] ? __set_task_blocked+0x37/0x80 [<ffffffff8108125f>] ? set_current_blocked+0x3f/0x60 [<ffffffff810980ed>] ? ktime_get_ts+0xad/0xe0 [<ffffffff81184f12>] ? poll_select_copy_remaining+0xf2/0x140 [<ffffffff814afcb9>] sys_sendmsg+0x49/0x90 [<ffffffff815dccc2>] system_call_fastpath+0x16/0x1b Code: 00 00 00 e8 86 99 01 00 5d c3 0f 1f 40 00 55 48 89 e5 48 83 ec 20 48 89 5d e0 4c 89 65 e8 4c 89 6d f0 4c 89 75 f8 66 66 66 66 90 <4c> 8b af b0 fb ff ff 48 89 fb 31 ff 49 89 f4 41 89 d6 e8 7c 59 RIP [<ffffffffa01d12fd>] ieee80211_stop_tx_ba_cb_irqsafe+0x1d/0xa0 [mac80211] RSP <ffff88021bcc3658>
Wey-yi, this kernel is using a compat-wireless-3.2-rc6 snapshot. It is possible that this NULL pointer dereference is in the wild with kernel 3.2.
John, is this cause by our driver name changes from iwlagn to iwlwifi? we found the problem and we have a patch ready to send to compat-wireless today. Thanks Wey
I doubt if that is it -- we aren't even building the "native" drivers in these kernels (i.e. we only build the compat-wireless ones). So I don't think there is any iwlagn<->iwlwifi confusion. Any other thoughts?
hmm, I agree, it shall only show up if the "native" already part of kernel. is there any procedure for us to reproduce this issue? we are also using compat-wireless for our internal testing. (but not the Open Source version of compat) Thanks Wey
I'm guessing that "vif = priv->contexts[ctx].vif" is assiging a bad vif value? void iwl_stop_tx_ba_trans_ready(struct iwl_priv *priv, enum iwl_rxon_context_id ctx, u8 sta_id, u8 tid) { struct ieee80211_vif *vif; u8 *addr = priv->stations[sta_id].sta.sta.addr; if (ctx == NUM_IWL_RXON_CTX) ctx = priv->stations[sta_id].ctxid; vif = priv->contexts[ctx].vif; ieee80211_stop_tx_ba_cb_irqsafe(vif, addr, tid); }
Created attachment 551931 [details] iwlwifi-partially-remove-stop_tx_ba_trans_ready.patch 3.3-rc1 commit: commit fdf426a34afe7b1c17a6783f273062e3464cceaa Author: Emmanuel Grumbach <emmanuel.grumbach> Date: Wed Dec 7 10:11:00 2011 +0200 iwlwifi: kill iwl_{start,stop}_tx_ba_trans_ready remove functions, which can confuse vif's. This is partial backport of that commit to 3.2-rc6. I did not test the patch, but I think it should help with the oops (and do not cause an other crach :-)
Test kernels with the above patch are building here: http://koji.fedoraproject.org/koji/taskinfo?taskID=3640359 Please give try to recreate this problem when they are finished building, and report the results here...thanks!
Rueben, is this still a problem in the latest builds ?
Hi Dave, I haven't seen this any more with the latest update. Thanks.