Bug 1431863

Summary: NULL pointer dereference in timecounter_read+0x13/0x60
Product: [Fedora] Fedora Reporter: postmodern <postmodern.mod3>
Component: kernelAssignee: Kernel Maintainer List <kernel-maint>
Status: CLOSED INSUFFICIENT_DATA QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: 25CC: bart.vanassche+redhat, cz172638, gansalmon, ichavero, itamar, jonathan, kernel-maint, madhu.chinakonda, mchehab
Target Milestone: ---   
Target Release: ---   
Hardware: x86_64   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2017-04-28 17:14:51 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description postmodern 2017-03-13 21:48:07 UTC 
Description of problem: random kernel panic while system was idling.


Version-Release number of selected component (if applicable): 4.9.13-201.fc25


How reproducible: first time observed


Steps to Reproduce: N/A


Additional info:

Mar 13 14:16:27 thinkpad kernel: BUG: unable to handle kernel NULL pointer dereference at           (null)
Mar 13 14:16:27 thinkpad kernel: IP: [<ffffffff9411ffd3>] timecounter_read+0x13/0x60
Mar 13 14:16:27 thinkpad kernel: PGD 0 
Mar 13 14:16:27 thinkpad kernel: 
Mar 13 14:16:27 thinkpad kernel: Oops: 0000 [#1] SMP
Mar 13 14:16:27 thinkpad kernel: Modules linked in: fuse ccm xt_CHECKSUM ipt_MASQUERADE nf_nat_masquerade_ipv4 tun nf_conntrack_netbios_ns nf_conntrack_broadcast xt_CT ip6t_rpfilter ip6t_REJECT nf_reject_ipv6
Mar 13 14:16:27 thinkpad kernel:  iTCO_wdt mei_wdt iTCO_vendor_support ac97_bus snd_hda_intel iwlmvm kvm snd_hda_codec mac80211 snd_hda_core irqbypass intel_cstate snd_hwdep intel_uncore snd_seq intel_rapl_pe
Mar 13 14:16:27 thinkpad kernel: CPU: 1 PID: 12811 Comm: kworker/1:0 Not tainted 4.9.13-201.fc25.x86_64 #1
Mar 13 14:16:27 thinkpad kernel: Hardware name: LENOVO 20F6CTO1WW/20F6CTO1WW, BIOS R02ET50W (1.23 ) 09/20/2016
Mar 13 14:16:27 thinkpad kernel: Workqueue: events e1000e_systim_overflow_work [e1000e]
Mar 13 14:16:27 thinkpad kernel: task: ffff9efc48898000 task.stack: ffffae8dc1fc4000
Mar 13 14:16:27 thinkpad kernel: RIP: 0010:[<ffffffff9411ffd3>]  [<ffffffff9411ffd3>] timecounter_read+0x13/0x60
Mar 13 14:16:27 thinkpad kernel: RSP: 0018:ffffae8dc1fc7da8  EFLAGS: 00010046
Mar 13 14:16:27 thinkpad kernel: RAX: 0000000000000000 RBX: ffff9efc49993780 RCX: dead000000000200
Mar 13 14:16:27 thinkpad kernel: RDX: 0000000000000001 RSI: ffffae8dc1fc7df0 RDI: 0000000000000000
Mar 13 14:16:27 thinkpad kernel: RBP: ffffae8dc1fc7db0 R08: ffff9efc499936d8 R09: 0000000000000000
Mar 13 14:16:27 thinkpad kernel: R10: 0000000000006fe8 R11: 00000000000000be R12: ffff9efc49993760
Mar 13 14:16:27 thinkpad kernel: R13: ffffae8dc1fc7df0 R14: 0000000000000246 R15: ffff9efc499936d0
Mar 13 14:16:27 thinkpad kernel: FS:  0000000000000000(0000) GS:ffff9efc61480000(0000) knlGS:0000000000000000
Mar 13 14:16:27 thinkpad kernel: CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
Mar 13 14:16:27 thinkpad kernel: CR2: 0000000000000000 CR3: 00000002d5e07000 CR4: 00000000003406e0
Mar 13 14:16:27 thinkpad kernel: DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
Mar 13 14:16:27 thinkpad kernel: DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Mar 13 14:16:27 thinkpad kernel: Stack:
Mar 13 14:16:27 thinkpad kernel:  ffff9efc499937b0 ffffae8dc1fc7de0 ffffffffc04cd3be ffff9efc499936d0
Mar 13 14:16:27 thinkpad kernel:  ffff9efc61498d40 ffff9efc6149d600 ffff9efc499936d8 ffffae8dc1fc7e10
Mar 13 14:16:27 thinkpad kernel:  ffffffffc04cd581 ffffffff94818b5d ffff9efc49a4fa80 00000000ca529748
Mar 13 14:16:27 thinkpad kernel: Call Trace:
Mar 13 14:16:27 thinkpad kernel:  [<ffffffffc04cd3be>] e1000e_phc_gettime+0x2e/0x60 [e1000e]
Mar 13 14:16:27 thinkpad kernel:  [<ffffffffc04cd581>] e1000e_systim_overflow_work+0x31/0xa0 [e1000e]
Mar 13 14:16:27 thinkpad kernel:  [<ffffffff94818b5d>] ? __schedule+0x22d/0x6d0
Mar 13 14:16:27 thinkpad kernel:  [<ffffffff940bd4d4>] process_one_work+0x184/0x430
Mar 13 14:16:27 thinkpad kernel:  [<ffffffff940bd7ce>] worker_thread+0x4e/0x480
Mar 13 14:16:27 thinkpad kernel:  [<ffffffff940bd780>] ? process_one_work+0x430/0x430
Mar 13 14:16:27 thinkpad kernel:  [<ffffffff940bd780>] ? process_one_work+0x430/0x430
Mar 13 14:16:27 thinkpad kernel:  [<ffffffff940c3549>] kthread+0xd9/0xf0
Mar 13 14:16:27 thinkpad kernel:  [<ffffffff940c3470>] ? kthread_park+0x60/0x60
Mar 13 14:16:27 thinkpad kernel:  [<ffffffff9481ded5>] ret_from_fork+0x25/0x30
Mar 13 14:16:27 thinkpad kernel: Code: 00 48 d3 e0 48 83 e8 01 48 89 43 18 5b 41 5c 41 5d 5d c3 0f 1f 44 00 00 0f 1f 44 00 00 55 48 89 e5 53 48 8b 07 48 89 fb 48 89 c7 <ff> 10 48 8b 0b 48 89 c2 48 2b 53 08 8b
Mar 13 14:16:27 thinkpad kernel: RIP  [<ffffffff9411ffd3>] timecounter_read+0x13/0x60
Mar 13 14:16:27 thinkpad kernel:  RSP <ffffae8dc1fc7da8>
Mar 13 14:16:27 thinkpad kernel: CR2: 0000000000000000
Mar 13 14:16:27 thinkpad kernel: ---[ end trace ef17fa2a98dca6cb ]---
Mar 13 14:16:27 thinkpad kernel: BUG: unable to handle kernel paging request at 00000000ca529748
Mar 13 14:16:27 thinkpad kernel: IP: [<ffffffff940e7bfb>] __wake_up_common+0x2b/0x80
Comment 1 postmodern 2017-03-13 22:16:45 UTC 
Seems I'm not the only one encountering this bug recently.
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1668356
Comment 2 Justin M. Forbes 2017-04-11 14:42:08 UTC 
*********** MASS BUG UPDATE **************

We apologize for the inconvenience.  There is a large number of bugs to go through and several of them have gone stale.  Due to this, we are doing a mass bug update across all of the Fedora 25 kernel bugs.

Fedora 25 has now been rebased to 4.10.9-200.fc25.  Please test this kernel update (or newer) and let us know if you issue has been resolved or if it is still present with the newer kernel.

If you have moved on to Fedora 26, and are still experiencing this issue, please change the version to Fedora 26.

If you experience different issues, please open a new bug report for those.
Comment 3 Justin M. Forbes 2017-04-28 17:14:51 UTC 
*********** MASS BUG UPDATE **************
This bug is being closed with INSUFFICIENT_DATA as there has not been a response in 2 weeks. If you are still experiencing this issue, please reopen and attach the 
relevant data from the latest kernel you are running and any data that might have been requested previously.
Comment 4 Bart Van Assche 2018-04-21 14:51:37 UTC 
Just ran into this with kernel v4.15.17:

Apr 20 11:54:59 thinkpad-bart kernel: BUG: unable to handle kernel NULL pointer dereference at 0000000000000000
Apr 20 11:54:59 thinkpad-bart kernel: IP: timecounter_read+0xa/0x50
Apr 20 11:54:59 thinkpad-bart kernel: PGD 0 P4D 0 
Apr 20 11:54:59 thinkpad-bart kernel: Oops: 0000 [#1] SMP
Apr 20 11:54:59 thinkpad-bart kernel: Hardware name: LENOVO 20FB002LUS/20FB002LUS, BIOS N1FET52W (1.26 ) 06/15/2017
Apr 20 11:54:59 thinkpad-bart kernel: Workqueue: events e1000e_systim_overflow_work [e1000e]
Apr 20 11:54:59 thinkpad-bart kernel: RIP: 0010:timecounter_read+0xa/0x50
Apr 20 11:54:59 thinkpad-bart kernel: RSP: 0018:ffffa9fd81ecfe38 EFLAGS: 00010046
Apr 20 11:54:59 thinkpad-bart kernel: RAX: 0000000000000000 RBX: ffffa3994d397678 RCX: ffffa3996141eae0
Apr 20 11:54:59 thinkpad-bart kernel: RDX: 0000000000000001 RSI: ffffa9fd81ecfe80 RDI: 0000000000000000
Apr 20 11:54:59 thinkpad-bart kernel: RBP: ffffa9fd81ecfe70 R08: 0000000000000331 R09: 0000000000000000
Apr 20 11:54:59 thinkpad-bart kernel: R10: 0000000000000001 R11: 0000000000000000 R12: ffffa3994d397658
Apr 20 11:54:59 thinkpad-bart kernel: R13: ffffa9fd81ecfe80 R14: 0000000000000282 R15: ffffa399101fcf00
Apr 20 11:54:59 thinkpad-bart kernel: FS:  0000000000000000(0000) GS:ffffa39961400000(0000) knlGS:0000000000000000
Apr 20 11:54:59 thinkpad-bart kernel: CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
Apr 20 11:54:59 thinkpad-bart kernel: CR2: 0000000000000000 CR3: 0000000246e09004 CR4: 00000000003606f0
Apr 20 11:54:59 thinkpad-bart kernel: DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
Apr 20 11:54:59 thinkpad-bart kernel: DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Apr 20 11:54:59 thinkpad-bart kernel: Call Trace:
Apr 20 11:54:59 thinkpad-bart kernel:  e1000e_phc_gettime+0x2b/0x60 [e1000e]
Apr 20 11:54:59 thinkpad-bart kernel:  e1000e_systim_overflow_work+0x18/0x70 [e1000e]
Apr 20 11:54:59 thinkpad-bart kernel:  process_one_work+0x1c4/0x3b0
Apr 20 11:54:59 thinkpad-bart kernel:  worker_thread+0x26/0x3c0
Apr 20 11:54:59 thinkpad-bart kernel:  kthread+0x10c/0x130
Apr 20 11:54:59 thinkpad-bart kernel:  ret_from_fork+0x1f/0x30

(gdb) list *(e1000e_phc_gettime+0x2a)
0x1f88a is in e1000e_phc_gettime (drivers/net/ethernet/intel/e1000e/ptp.c:197).
192                                                          ptp_clock_info);
193             unsigned long flags;
194             u64 ns;
195
196             spin_lock_irqsave(&adapter->systim_lock, flags);
197             ns = timecounter_read(&adapter->tc);
198             spin_unlock_irqrestore(&adapter->systim_lock, flags);
199
200             *ts = ns_to_timespec64(ns);
201

(gdb) disas timecounter_read            
Dump of assembler code for function timecounter_read:
   0x0000000000000040 <+0>:     push   %rbx
   0x0000000000000041 <+1>:     mov    (%rdi),%rax
   0x0000000000000044 <+4>:     mov    %rdi,%rbx
   0x0000000000000047 <+7>:     mov    %rax,%rdi
   0x000000000000004a <+10>:    callq  *(%rax)