Description of problem: Was running Win7 64-bit inside KVM. Had Samba running locally so the VM could access the local file system. Tried to save a file in Word inside the VM to the local system through Samba when this happened. Additional info: reporter: libreport-2.1.5 BUG: unable to handle kernel NULL pointer dereference at 000000000000001c IP: [<ffffffff81141253>] put_compound_page+0xc3/0x290 PGD 0 Oops: 0000 [#1] SMP Modules linked in: ebtable_nat xt_CHECKSUM ipt_MASQUERADE bridge stp llc nf_conntrack_netbios_ns nf_conntrack_broadcast ip6table_mangle ip6t_REJECT nf_conntrack_ipv6 nf_defrag_ipv6 lockd iptable_nat nf_nat_ipv4 nf_nat sunrpc iptable_mangle nf_conntrack_ipv4 nf_defrag_ipv4 xt_conntrack nf_conntrack ebtable_filter ebtables ip6table_filter ip6_tables iTCO_wdt iTCO_vendor_support vhost_net acpi_cpufreq mperf uvcvideo videobuf2_vmalloc snd_hda_codec_hdmi videobuf2_memops videobuf2_core videodev media samsung_laptop snd_hda_codec_realtek tun macvtap coretemp macvlan arc4 btusb iwldvm mac80211 mei i2c_i801 snd_hda_intel snd_hda_codec snd_hwdep r8169 kvm_intel mii iwlwifi kvm bluetooth snd_seq snd_seq_device snd_pcm snd_page_alloc snd_timer snd cfg80211 rfkill joydev soundcore lpc_ich mfd_core microcode uinput binfmt_misc hid_logitech_dj nouveau i915 mxm_wmi wmi i2c_algo_bit crc32_pclmul drm_kms_helper ttm crc32c_intel drm ghash_clmulni_intel i2c_core video CPU 6 Pid: 2327, comm: vhost-2326 Not tainted 3.9.5-201.fc18.x86_64 #1 SAMSUNG ELECTRONICS CO., LTD. 700Z3C/700Z5C/700Z3C/700Z5C RIP: 0010:[<ffffffff81141253>] [<ffffffff81141253>] put_compound_page+0xc3/0x290 RSP: 0018:ffff880207043bc8 EFLAGS: 00010286 RAX: ffff88004e4ce800 RBX: ffff88004e4cd200 RCX: ffffea00028f801c RDX: 0000000000000140 RSI: 0000000000000246 RDI: ffff88004e4cd200 RBP: ffff880207043be8 R08: ffff8802098b4518 R09: 0000000000000010 R10: 0000000000000000 R11: 00007f21c0000000 R12: 0000000000000000 R13: ffffffffa041cb2c R14: ffff88006d660500 R15: ffff880200e38800 FS: 0000000000000000(0000) GS:ffff88023f380000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 000000000000001c CR3: 00000001ff6bb000 CR4: 00000000001427e0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000400 Process vhost-2326 (pid: 2327, threadinfo ffff880207042000, task ffff88023029c650) Stack: ffffea000294ca00 ffff88004e4cd200 ffff88006d660500 ffffffffa041cb2c ffff880207043c08 ffffffff81141893 ffffea0002951ac0 0000000000000012 ffff880207043c28 ffffffff81545e3f ffff88006d660500 ffff88006d660500 Call Trace: [<ffffffffa041cb2c>] ? tun_get_user+0x69c/0x7a0 [tun] [<ffffffff81141893>] put_page+0x53/0x60 [<ffffffff81545e3f>] skb_release_data+0x8f/0x110 [<ffffffff81545ede>] __kfree_skb+0x1e/0xa0 [<ffffffff81545f96>] kfree_skb+0x36/0xa0 [<ffffffffa041cb2c>] tun_get_user+0x69c/0x7a0 [tun] [<ffffffffa065ab2a>] ? vhost_signal+0x8a/0x170 [vhost_net] [<ffffffffa041cc87>] tun_sendmsg+0x57/0x80 [tun] [<ffffffffa065bd87>] handle_tx+0x287/0x680 [vhost_net] [<ffffffffa065c1b5>] handle_tx_kick+0x15/0x20 [vhost_net] [<ffffffffa065895d>] vhost_worker+0xed/0x190 [vhost_net] [<ffffffffa0658870>] ? vhost_work_flush+0x110/0x110 [vhost_net] [<ffffffff81082ae0>] kthread+0xc0/0xd0 [<ffffffff81010000>] ? ftrace_define_fields_xen_mc_flush+0x20/0xb0 [<ffffffff81082a20>] ? kthread_create_on_node+0x120/0x120 [<ffffffff8166a22c>] ret_from_fork+0x7c/0xb0 [<ffffffff81082a20>] ? kthread_create_on_node+0x120/0x120 Code: c7 a2 07 9f 81 e8 7e dd f1 ff 48 89 df e8 06 f7 ff ff 85 c0 74 98 66 90 eb 8c 4c 8b 67 30 48 8b 07 f6 c4 80 74 cb 4c 39 e7 74 c6 <41> 8b 54 24 1c 49 8d 4c 24 1c 85 d2 74 b8 8d 72 01 89 d0 f0 0f RIP [<ffffffff81141253>] put_compound_page+0xc3/0x290 RSP <ffff880207043bc8> CR2: 000000000000001c
Created attachment 762142 [details] File: dmesg
*** This bug has been marked as a duplicate of bug 975065 ***