Bug 797762 - [abrt] kernel: BUG: unable to handle kernel NULL pointer dereference at 0000000000000740
Summary: [abrt] kernel: BUG: unable to handle kernel NULL pointer dereference at 00000...
Keywords:
Status: CLOSED INSUFFICIENT_DATA
Alias: None
Product: Fedora
Classification: Fedora
Component: kernel
Version: 16
Hardware: x86_64
OS: Unspecified
unspecified
unspecified
Target Milestone: ---
Assignee: John W. Linville
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard: abrt_hash:298ee51dd81656a444d63e3d0b2...
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2012-02-27 09:16 UTC by Fabian Deutsch
Modified: 2012-09-04 17:18 UTC (History)
6 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2012-09-04 17:18:49 UTC
Type: ---

Attachments (Terms of Use)
Trial patch to disable interrupts when unloading driver (597 bytes, patch)
2012-02-27 16:06 UTC, Larry Finger 		no flags Details | Diff
View All Add an attachment (proposed patch, testcase, etc.)

Description Fabian Deutsch 2012-02-27 09:16:50 UTC 
libreport version: 2.0.8
abrt_version:   2.0.7
cmdline:        rd.lvm.lv=vg_apu/lv_root rd.md=0 rd.dm=0  KEYTABLE=de quiet SYSFONT=latarcyrheb-sun16 rhgb root=/dev/mapper/vg_apu-lv_root rd.luks=0 rd.lvm.lv=vg_apu/lv_swap ro LANG=en_US.UTF-8
kernel:         3.2.7-1.fc16.x86_64
reason:         BUG: unable to handle kernel NULL pointer dereference at 0000000000000740
time:           Mo 27 Feb 2012 10:15:36 CET

backtrace:
:BUG: unable to handle kernel NULL pointer dereference at 0000000000000740
:IP: [<ffffffffa02b6d39>] rtl92ce_get_desc+0x19/0xd0 [rtl8192ce]
:PGD c4443067 PUD 9f74d067 PMD 0 
:Oops: 0000 [#1] SMP 
:CPU 0 
:Modules linked in: tcp_lp ppdev parport_pc lp parport fuse ebtable_nat ebtables ipt_MASQUERADE iptable_nat nf_nat xt_CHECKSUM iptable_mangle bridge be2iscsi iscsi_boot_sysfs bnx2i cnic uio cxgb4i cxgb4 lockd fcoe libfcoe cxgb3i libfc libcxgbi scsi_transport_fc cxgb3 scsi_tgt 8021q garp stp llc mdio ib_iser rdma_cm ib_cm iw_cm ib_sa ib_mad ib_core ib_addr iscsi_tcp libiscsi_tcp libiscsi scsi_transport_iscsi rfcomm bnep ip6t_REJECT ip6t_ipv6header nf_conntrack_ipv6 nf_defrag_ipv6 ip6table_filter ip6_tables nf_conntrack_ipv4 nf_defrag_ipv4 xt_state nf_conntrack btrfs zlib_deflate libcrc32c vfat fat btusb bluetooth snd_hda_codec_conexant snd_hda_codec_hdmi snd_hda_intel snd_hda_codec snd_hwdep snd_seq vhost_net snd_seq_device uvcvideo videodev media v4l2_compat_ioctl32 snd_pcm thinkpad_acpi macvtap joydev macvlan tun virtio_net kvm_amd kvm snd_timer sp5100_tco i2c_piix4 arc4 rtl8192ce(-) rtl8192c_common rtlwifi mac80211 serio_raw uinput snd_page_alloc snd k10temp soundco
:re atl1c cfg80211 sunrpc rfkill binfmt_misc microcode video wmi radeon ttm drm_kms_helper drm i2c_algo_bit i2c_core [last unloaded: scsi_wait_scan]
:Pid: 3049, comm: rmmod Not tainted 3.2.7-1.fc16.x86_64 #1 LENOVO 30515QG/30515QG
:RIP: 0010:[<ffffffffa02b6d39>]  [<ffffffffa02b6d39>] rtl92ce_get_desc+0x19/0xd0 [rtl8192ce]
:RSP: 0000:ffff88009795fb58  EFLAGS: 00010046
:RAX: ffffffffa02ba2a0 RBX: 0000000000000000 RCX: 0000000000000000
:RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000740
:RBP: ffff88009795fb68 R08: ffff8801182e2200 R09: ffff88011a4000a0
:R10: 000000000000005a R11: ffffffd8fffffff8 R12: ffff8800c4437f00
:R13: 0000000000000740 R14: 000000000000003a R15: 000000000000003a
:FS:  00007f0577ac9700(0000) GS:ffff88011ec00000(0000) knlGS:0000000000000000
:CS:  0010 DS: 0000 ES: 0000 CR0: 000000008005003b
:CR2: 0000000000000740 CR3: 00000000c5e1c000 CR4: 00000000000006f0
:DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
:DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000400
:Process rmmod (pid: 3049, threadinfo ffff88009795e000, task ffff8800bd5f5c80)
:Stack:
: ffffffff811369c9 ffff88011730a540 ffff88009795fca8 ffffffffa029b8e7
: 0000000000000282 000000010015000a ffff88009795ffd8 ffff88011730a810
: ffff88009795fbc8 ffffffff81054732 0000000000000000 ffff880117308d40
:Call Trace:
: [<ffffffff811369c9>] ? __mod_zone_page_state+0x49/0x50
: [<ffffffffa029b8e7>] _rtl_pci_rx_interrupt+0x187/0x650 [rtlwifi]
: [<ffffffff81054732>] ? complete+0x52/0x60
: [<ffffffffa029ce69>] _rtl_pci_interrupt+0x409/0x930 [rtlwifi]
: [<ffffffff810decfd>] __free_irq+0x17d/0x220
: [<ffffffff810def25>] free_irq+0x55/0xd0
: [<ffffffffa029c656>] rtl_pci_disconnect+0x176/0x1a0 [rtlwifi]
: [<ffffffff812dd156>] pci_device_remove+0x46/0x110
: [<ffffffff813932dc>] __device_release_driver+0x7c/0xe0
: [<ffffffff81393bb8>] driver_detach+0xb8/0xc0
: [<ffffffff8139311a>] bus_remove_driver+0x8a/0x100
: [<ffffffff81394372>] driver_unregister+0x62/0xa0
: [<ffffffff812dc004>] pci_unregister_driver+0x44/0xa0
: [<ffffffffa02b6e5c>] rtl92ce_module_exit+0x10/0x1b4 [rtl8192ce]
: [<ffffffff810aa9ee>] sys_delete_module+0x18e/0x250
: [<ffffffff810c0065>] ? cgroup_iter_start+0xa5/0x150
: [<ffffffff815e9d82>] system_call_fastpath+0x16/0x1b
:Code: ff 09 d0 89 07 48 83 c4 08 5b 5d c3 66 0f 1f 44 00 00 55 48 89 e5 53 48 83 ec 08 66 66 66 66 90 40 84 f6 89 d3 74 13 84 d2 75 57 <8b> 07 48 83 c4 08 5b 5d c1 e8 1f c3 0f 1f 00 84 d2 74 ed 80 fa 
:RIP  [<ffffffffa02b6d39>] rtl92ce_get_desc+0x19/0xd0 [rtl8192ce]
: RSP <ffff88009795fb58>
:CR2: 0000000000000740

comment:
:This problem can be triggered by unloading the rtl8192ce module:
:$ sudo rmmod rtl8192ce

smolt_data:
:
:
:Allgemein
:=================================
:UUID: d56c1a00-2354-4b57-b228-a859aacf8c9d
:OS: Fedora release 16 (Verne)
:Standard-Runlevel: Unknown
:Sprache: de_DE.utf8
:Plattform: x86_64
:BogoMIPS: 3193.45
:CPU-Anbieter: AuthenticAMD
:CPU-Modell: AMD E-350 Processor
:CPU-Stepping: 0
:CPU Familie: 20
:CPU-Modellnummer: 1
:Anzahl der CPUs: 2
:CPU-Geschwindigkeit: 1600
:Systemspeicher: 3554
:System-Swap: 5599
:Anbieter: LENOVO
:System: 30515QG ThinkPad X120e
:Form-Faktor: Notebook
:Kernel: 3.2.7-1.fc16.x86_64
:SELinux aktiviert: 1
:SELinux-Richtlinie: targeted
:SELinux erzwingen: Enforcing
:MythTV Remote: Unknown
:MythTV Role: Unknown
:MythTV Theme: Unknown
:MythTV Plugin: 
:MythTV Tuner: -1
:
:
:Geräte
:=================================
:(4130:5396:4130:4660) pci, pcieport, PCI/PCI, Family 14h Processor Root Port
:(4098:17297:6058:8684) pci, ahci, STORAGE, SB7x0/SB8x0/SB9x0 SATA Controller [AHCI mode]
:(4130:5397:4130:4660) pci, pcieport, PCI/PCI, Family 14h Processor Root Port
:(4130:5392:4130:5392) pci, None, HOST/PCI, Pavilion DM1Z-3000 Host bridge
:(4098:4884:4098:4884) pci, snd_hda_intel, MULTIMEDIA, Wrestler HDMI Audio [Radeon HD 6250/6310]
:(4098:38914:6058:8684) pci, radeon, VIDEO, AMD Radeon HD 6310 GraphicsATI
:(4130:5912:0:0) pci, None, HOST/PCI, Family 12h/14h Processor Function 6
:(4130:5892:0:0) pci, None, HOST/PCI, Family 12h/14h Processor Function 4
:(4130:5913:0:0) pci, None, HOST/PCI, Family 12h/14h Processor Function 7
:(4130:5910:0:0) pci, None, HOST/PCI, Family 12h/14h Processor Function 5
:(4130:5889:0:0) pci, None, HOST/PCI, Family 12h/14h Processor Function 1
:(4130:5888:0:0) pci, None, HOST/PCI, Family 12h/14h Processor Function 0
:(4130:5891:0:0) pci, k10temp, HOST/PCI, Family 12h/14h Processor Function 3
:(4130:5890:0:0) pci, None, HOST/PCI, Family 12h/14h Processor Function 2
:(6505:4227:6505:4227) pci, atl1c, ETHERNET, AR8151 v2.0 Gigabit Ethernet
:(4332:21001:6058:8684) pci, None, MISC, N/A
:(4098:17285:0:0) pci, None, SERIAL, SBx00 SMBus Controller
:(4098:17309:6058:8684) pci, None, PCI/ISA, SB7x0/SB8x0/SB9x0 LPC host controller
:(4098:17283:6058:8684) pci, snd_hda_intel, MULTIMEDIA, SBx00 Azalia (Intel HDA)
:(4098:17284:0:0) pci, None, PCI/PCI, SBx00 PCI to PCI Bridge
:(4098:17302:6058:8684) pci, ehci_hcd, USB, SB7x0/SB8x0/SB9x0 USB EHCI Controller
:(4332:33142:4332:33173) pci, None, NETWORK, RTL8188CE 802.11b/g/n WiFi Adapter
:(4098:17303:6058:8684) pci, ohci_hcd, USB, SB7x0/SB8x0/SB9x0 USB OHCI0 Controller
:(4098:17302:6058:8684) pci, ehci_hcd, USB, SB7x0/SB8x0/SB9x0 USB EHCI Controller
:(4098:17303:6058:8684) pci, ohci_hcd, USB, SB7x0/SB8x0/SB9x0 USB OHCI0 Controller
:(4130:5395:4130:4660) pci, pcieport, PCI/PCI, Family 14h Processor Root Port
:
:
:Dateisysteminformationen
:=================================
:device mtpt type bsize frsize blocks bfree bavail file ffree favail
:-------------------------------------------------------------------
:/dev/mapper/vg_apu-lv_root / ext4 4096 4096 13092026 10990741 10859719 3276800 3015227 3015227
:/dev/sda2 /boot ext4 1024 1024 508745 411410 385810 128016 127940 127940
:/dev/sda1 WITHHELD vfat 8192 8192 1498694 1498647 1498647 0 0 0
:/dev/mapper/vg_apu-lv_home /home btrfs 4096 4096 34865152 21795904 20265216 0 0 0
:
Comment 1 Josh Boyer 2012-02-27 14:39:59 UTC 
Larry, have you seen anything like this before?  The Fedora 3.2.7 kernel is using compat-wireless-3.3-rc1-2 with the following patches applied:

ApplyPatch compat-wireless-config-fixups.patch
ApplyPatch compat-wireless-pr_fmt-warning-avoidance.patch
ApplyPatch compat-wireless-integrated-build.patch

ApplyPatch compat-wireless-rtl8192cu-Fix-WARNING-on-suspend-resume.patch

# Pending upstream fixes
ApplyPatch mac80211-fix-debugfs-key-station-symlink.patch
ApplyPatch brcmsmac-fix-tx-queue-flush-infinite-loop.patch
ApplyPatch mac80211-Use-the-right-headroom-size-for-mesh-mgmt-f.patch
ApplyPatch b43-add-option-to-avoid-duplicating-device-support-w.patch
ApplyPatch mac80211-update-oper_channel-on-ibss-join.patch
ApplyPatch mac80211-set-bss_conf.idle-when-vif-is-connected.patch
ApplyPatch iwlwifi-fix-PCI-E-transport-inta-race.patch
ApplyPatch bcma-Fix-mem-leak-in-bcma_bus_scan.patch
ApplyPatch rt2800lib-fix-wrong-128dBm-when-signal-is-stronger-t.patch
ApplyPatch iwlwifi-make-Tx-aggregation-enabled-on-ra-be-at-DEBU.patch
ApplyPatch ssb-fix-cardbus-slot-in-hostmode.patch
ApplyPatch iwlwifi-don-t-mess-up-QoS-counters-with-non-QoS-fram.patch
ApplyPatch mac80211-timeout-a-single-frame-in-the-rx-reorder-bu.patch
ApplyPatch ath9k-use-WARN_ON_ONCE-in-ath_rc_get_highest_rix.patch
ApplyPatch mwifiex-handle-association-failure-case-correctly.patch
ApplyPatch ath9k-Fix-kernel-panic-during-driver-initilization.patch
ApplyPatch mwifiex-add-NULL-checks-in-driver-unload-path.patch
ApplyPatch ath9k-fix-a-WEP-crypto-related-regression.patch
ApplyPatch ath9k_hw-fix-a-RTS-CTS-timeout-regression.patch
ApplyPatch bcma-don-t-fail-for-bad-SPROM-CRC.patch
ApplyPatch zd1211rw-firmware-needs-duration_id-set-to-zero-for-.patch
ApplyPatch mac80211-Fix-a-rwlock-bad-magic-bug.patch
ApplyPatch rtlwifi-Modify-rtl_pci_init-to-return-0-on-success.patch
ApplyPatch mac80211-call-rate-control-only-after-init.patch
ApplyPatch mac80211-do-not-call-rate-control-.tx_status-before-.patch
ApplyPatch mwifiex-clear-previous-security-setting-during-assoc.patch
ApplyPatch ath9k-stop-on-rates-with-idx-1-in-ath9k-rate-control.patch
ApplyPatch ath9k_hw-prevent-writes-to-const-data-on-AR9160.patch
ApplyPatch rt2x00-fix-a-possible-NULL-pointer-dereference.patch
ApplyPatch iwlwifi-fix-key-removal.patch
ApplyPatch mac80211-zero-initialize-count-field-in-ieee80211_tx.patch
ApplyPatch mac80211-Fix-a-warning-on-changing-to-monitor-mode-f.patch
ApplyPatch brcm80211-smac-fix-endless-retry-of-A-MPDU-transmiss.patch
ApplyPatch brcm80211-smac-only-print-block-ack-timeout-message-.patch

ApplyPatch rt2x00_fix_MCU_request_failures.patch
Comment 2 Larry Finger 2012-02-27 16:06:14 UTC 
Created attachment 566079 [details]
Trial patch to disable interrupts when unloading driver

Please test this patch to see if it fixes the problem.
Comment 3 John W. Linville 2012-02-27 20:48:24 UTC 
Test kernels with the above patch are available here:

http://koji.fedoraproject.org/koji/taskinfo?taskID=3824317

Please give them a try and post the results here...thanks!
Comment 4 Dave Jones 2012-03-22 17:16:15 UTC 
[mass update]
kernel-3.3.0-4.fc16 has been pushed to the Fedora 16 stable repository.
Please retest with this update.
Comment 5 Dave Jones 2012-03-22 17:18:16 UTC 
[mass update]
kernel-3.3.0-4.fc16 has been pushed to the Fedora 16 stable repository.
Please retest with this update.
Comment 6 Dave Jones 2012-03-22 17:26:42 UTC 
[mass update]
kernel-3.3.0-4.fc16 has been pushed to the Fedora 16 stable repository.
Please retest with this update.
Note You need to log in before you can comment on or make changes to this bug.