Additional info: reporter: libreport-2.1.5 BUG: unable to handle kernel NULL pointer dereference at (null) IP: [<ffffffffa0232cec>] cfg80211_chandef_valid+0xc/0x140 [cfg80211] PGD 0 Oops: 0000 [#1] SMP Modules linked in: fuse ebtable_nat ipt_MASQUERADE nf_conntrack_netbios_ns nf_conntrack_broadcast ip6table_mangle ip6t_REJECT nf_conntrack_ipv6 nf_defrag_ipv6 iptable_nat nf_nat_ipv4 nf_nat iptable_mangle bnep bluetooth nf_conntrack_ipv4 nf_defrag_ipv4 xt_conntrack nf_conntrack ebtable_filter ebtables ip6table_filter ip6_tables be2iscsi iscsi_boot_sysfs bnx2i cnic uio cxgb4i cxgb4 cxgb3i cxgb3 mdio libcxgbi ib_iser rdma_cm ib_addr iw_cm ib_cm ib_sa ib_mad ib_core iscsi_tcp libiscsi_tcp libiscsi scsi_transport_iscsi iTCO_wdt iTCO_vendor_support arc4 brcmsmac snd_hda_codec_via snd_hda_intel snd_hda_codec cordic snd_hwdep brcmutil snd_seq snd_seq_device snd_pcm mac80211 uvcvideo videobuf2_vmalloc videobuf2_memops videobuf2_core cfg80211 rfkill videodev snd_page_alloc snd_timer media snd i2c_i801 mperf coretemp lpc_ich microcode mfd_core soundcore bcma uinput i915 r8169 i2c_algo_bit drm_kms_helper drm mii i2c_core video usb_storage sunrpc CPU 1 Pid: 602, comm: NetworkManager Not tainted 3.9.9-201.fc18.x86_64 #1 THD(Thread technology) DX1/DX1 RIP: 0010:[<ffffffffa0232cec>] [<ffffffffa0232cec>] cfg80211_chandef_valid+0xc/0x140 [cfg80211] RSP: 0018:ffff8800797b9918 EFLAGS: 00010206 RAX: 0000000000000000 RBX: ffff8800797b9990 RCX: ffff8800797b9990 RDX: 0000099e00000000 RSI: ffff8800797b9990 RDI: ffff8800797b9990 RBP: ffff8800797b9918 R08: 0000000000000e70 R09: ffff880077d7a058 R10: 0000000000000000 R11: 0000000000000004 R12: ffff88001e509a00 R13: 0000000000000000 R14: ffff880077d7a014 R15: ffff880078cd8000 FS: 00007f342043e840(0000) GS:ffff88007f280000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 0000000000000000 CR3: 00000000797c0000 CR4: 00000000000007e0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000400 Process NetworkManager (pid: 602, threadinfo ffff8800797b8000, task ffff88007a695dc0) Stack: ffff8800797b9958 ffffffffa021a26e ffff8800797b9948 ffffffff81321649 ffff88001e509a00 ffff88007b4bc810 ffff88001e509a00 ffff88007b4bc810 ffff8800797b99d8 ffffffffa021c293 ffff88007c801900 ffff880078cd8260 Call Trace: [<ffffffffa021a26e>] nl80211_send_chandef+0x1e/0x150 [cfg80211] [<ffffffff81321649>] ? __nla_put+0x29/0x40 [<ffffffffa021c293>] nl80211_send_iface+0x2a3/0x330 [cfg80211] [<ffffffffa021c55b>] nl80211_get_interface+0x5b/0xb0 [cfg80211] [<ffffffff815802a0>] genl_rcv_msg+0x250/0x2d0 [<ffffffff81580050>] ? genl_rcv+0x40/0x40 [<ffffffff8157fc41>] netlink_rcv_skb+0xb1/0xc0 [<ffffffff81580035>] genl_rcv+0x25/0x40 [<ffffffff8157f561>] netlink_unicast+0x1a1/0x220 [<ffffffff8157f8e1>] netlink_sendmsg+0x301/0x3c0 [<ffffffff8153aa30>] sock_sendmsg+0xb0/0xe0 [<ffffffff8153c511>] ? sock_recvmsg+0xc1/0xf0 [<ffffffff81198b28>] ? mem_cgroup_charge_common+0xa8/0x120 [<ffffffff8153c43c>] ___sys_sendmsg+0x3ac/0x3c0 [<ffffffff811b28b0>] ? __pollwait+0xf0/0xf0 [<ffffffff811b28b0>] ? __pollwait+0xf0/0xf0 [<ffffffff811b28b0>] ? __pollwait+0xf0/0xf0 [<ffffffff8101b3e9>] ? read_tsc+0x9/0x20 [<ffffffff8153e409>] __sys_sendmsg+0x49/0x90 [<ffffffff8153e462>] sys_sendmsg+0x12/0x20 [<ffffffff8166afd9>] system_call_fastpath+0x16/0x1b Code: 48 8d 82 a0 fd 82 ff 48 8d 55 fa 48 89 01 e8 fc bb ff ff c9 c3 00 41 49 02 00 0f 1f 44 04 00 0f 1f 44 00 00 48 00 07 55 48 89 e5 <48> 85 08 0f 84 f3 00 00 00 0f 01 50 04 31 c0 83 7f 08 08 76 07 RIP [<ffffffffa0232cec>] cfg80211_chandef_valid+0xc/0x140 [cfg80211] RSP <ffff8800797b9918>
Created attachment 773823 [details] File: dmesg
This bug is strange. I do not see NULL pointer dereference, %rdi is ffff8800797b9990, and dissembled corresponding code looks like below: objdump -d -r --prefix-addresses /lib/modules/3.9.9-201.fc18.x86_64/kernel/net/wireless/cfg80211.ko | grep -A 3 -B 3 "<cfg80211_chandef_valid+0xc>" > 0000000000024ce5 <cfg80211_chandef_valid+0x5> mov (%rdi),%rax > 0000000000024ce8 <cfg80211_chandef_valid+0x8> push %rbp > 0000000000024ce9 <cfg80211_chandef_valid+0x9> mov %rsp,%rbp > 0000000000024cec <cfg80211_chandef_valid+0xc> test %rax,%rax <- RIP HERE > 0000000000024cef <cfg80211_chandef_valid+0xf> je 0000000000024de8 <cfg80211_chandef_valid+0x108> > 0000000000024cf5 <cfg80211_chandef_valid+0x15> movzwl 0x4(%rax),%edx > 0000000000024cf9 <cfg80211_chandef_valid+0x19> xor %eax,%eax So this looks like CPU state corruption or some memory corruption. I looked at some other bugs you reported (bug 986226 and bug 987780), both have some pointer corrupted i.e. ff0088007b454960 instead of ffff88007b454960, so that's real problem on your system. Please run memtest to see if your memory works correctly, if memtest will not find any problems, please install kernel-debug and run on that kernel , it could detect issues, i.e. driver that corrupt memory.
*** Bug 986226 has been marked as a duplicate of this bug. ***
*** Bug 987780 has been marked as a duplicate of this bug. ***
The needinfo request[s] on this closed bug have been removed as they have been unresolved for 1000 days