Bug 852760

Summary: abrt links kernel null pointer dereference to completely unrelated bugzilla ticket
Product: [Fedora] Fedora Reporter: Jonathan Kamens <h1k6zn2m>
Component: abrtAssignee: Jakub Filak <jfilak>
Status: CLOSED ERRATA QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: unspecified Docs Contact:
Priority: high    
Version: 17CC: abrt-devel-list, dvlasenk, iprikryl, jberan, jfilak, jmoskovc, kklic, martin.wilck, mcsontos, mmilata, mtoman, sanjay.ankur
Target Milestone: ---   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2012-12-20 15:40:19 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 756771    

Description Jonathan Kamens 2012-08-29 14:03:10 UTC 
I experienced the below kernel oops when attempting to rmmod rtl8192ce (that's a different defect which I shall file separately). I attempted to report the oops through the abrt applet, and for some inexplicable reason, abrt decided it was the same as bug 824107, which is as far as I can tell a completely unrelated oops. The logic for determining when two kernel oopses are identical clearly needs some work.

Ref:

BUG: unable to handle kernel NULL pointer dereference at 00000000000002c0
IP: [<ffffffffa031aae2>] rtl92ce_get_desc+0x12/0x50 [rtl8192ce]
PGD 1e4943067 PUD 1ebdbd067 PMD 0 
Oops: 0000 [#1] SMP 
CPU 1 
Modules linked in: nls_utf8 udf crc_itu_t fuse lockd sunrpc rfcomm bnep tpm_bios ip6t_REJECT nf_conntrack_ipv6 nf_conntrack_ipv4 nf_defrag_ipv6 nf_defrag_ipv4 xt_state nf_conntrack ip6table_filter ip6_tables snd_hda_codec_hdmi snd_hda_codec_conexant arc4 coretemp kvm_intel kvm microcode snd_usb_audio snd_usbmidi_lib snd_rawmidi snd_seq_device i2c_i801 uvcvideo videobuf2_vmalloc videobuf2_memops videobuf2_core videodev btusb bluetooth media rtl8192ce(-) rtlwifi rtl8192c_common mac80211 lpc_ich snd_hda_intel mfd_core snd_hda_codec snd_hwdep snd_pcm snd_page_alloc snd_timer cfg80211 e1000e mei thinkpad_acpi snd soundcore rfkill uinput crc32c_intel ghash_clmulni_intel sdhci_pci sdhci mmc_core wmi i915 video i2c_algo_bit drm_kms_helper drm i2c_core [last unloaded: scsi_wait_scan]
Pid: 5659, comm: rmmod Not tainted 3.5.2-3.fc17.x86_64 #1 LENOVO 4177CTO/4177CTO
RIP: 0010:[<ffffffffa031aae2>]  [<ffffffffa031aae2>] rtl92ce_get_desc+0x12/0x50 [rtl8192ce]
RSP: 0018:ffff880126105b78  EFLAGS: 00010046
RAX: ffffffffa031c2a0 RBX: 00000000000002c0 RCX: 0000000000000000
RDX: 0000000000000000 RSI: 0000000000000000 RDI: 00000000000002c0
RBP: ffff880126105b78 R08: 0000000000000040 R09: ffff880215400000
R10: 000000000db55f01 R11: 0000000000000008 R12: ffff88021111bc00
R13: 0000000000000016 R14: ffff88020e9c9f20 R15: 0000000000000016
FS:  00007f0bc6a85740(0000) GS:ffff88021e240000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 000000008005003b
CR2: 00000000000002c0 CR3: 00000001efc3a000 CR4: 00000000000407e0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000400
Process rmmod (pid: 5659, threadinfo ffff880126104000, task ffff88020e79c530)
Stack:
 ffff880126105ca8 ffffffffa0300bbd ffff880126105ca8 ffff88020e9ca200
 ffff88020e9ccdd8 ffff88020db553c0 ffff88020e9c8560 000000400836d540
 ffff880215802300 ffff880126105c20 ffff880126105c18 0000000000000000
Call Trace:
 [<ffffffffa0300bbd>] _rtl_pci_rx_interrupt+0x19d/0x640 [rtlwifi]
 [<ffffffffa0301c12>] _rtl_pci_interrupt+0x2d2/0x2f0 [rtlwifi]
 [<ffffffff810e3e09>] __free_irq+0x189/0x220
 [<ffffffff810e3ef4>] free_irq+0x54/0xc0
 [<ffffffffa0301f86>] rtl_pci_disconnect+0x196/0x1c0 [rtlwifi]
 [<ffffffff812f7c1f>] pci_device_remove+0x3f/0x110
 [<ffffffff813b510c>] __device_release_driver+0x7c/0xe0
 [<ffffffff813b59d8>] driver_detach+0xb8/0xc0
 [<ffffffff813b4c32>] bus_remove_driver+0x92/0x110
 [<ffffffff813b5ed2>] driver_unregister+0x62/0xa0
 [<ffffffff812f73b4>] pci_unregister_driver+0x44/0xa0
 [<ffffffffa031ab8c>] rtl92ce_driver_exit+0x10/0x484 [rtl8192ce]
 [<ffffffff810b8c6e>] sys_delete_module+0x16e/0x2d0
 [<ffffffff81185d56>] ? filp_close+0x66/0xa0
 [<ffffffff81614969>] system_call_fastpath+0x16/0x1b
Code: 3f 00 00 81 e2 00 c0 ff ff 09 d0 89 07 c3 66 66 2e 0f 1f 84 00 00 00 00 00 55 48 89 e5 66 66 66 66 90 40 84 f6 74 12 84 d2 75 1e <8b> 07 5d c1 e8 1f c3 0f 1f 80 00 00 00 00 84 d2 74 ee 80 fa 05 
RIP  [<ffffffffa031aae2>] rtl92ce_get_desc+0x12/0x50 [rtl8192ce]
 RSP <ffff880126105b78>
CR2: 00000000000002c0
Comment 1 Jonathan Kamens 2012-08-29 14:09:09 UTC 
Correcting version where I encountered this to F18.
Comment 2 Jonathan Kamens 2012-08-29 14:09:39 UTC 
Sorry, I'm an idiot. Don't know what I'm thinking this morning. I encountered this on F17, not F18. It may be a bug on F18 as well, but just to be clear, I can't confirm that.
Comment 3 Jakub Filak 2012-09-06 09:13:56 UTC 
*** Bug 854422 has been marked as a duplicate of this bug. ***
Comment 4 Jakub Filak 2012-09-06 12:02:01 UTC 
commit 87a0d2ba45e8c8d82a2912d73f70c2100fef7f39
Author: Jakub Filak <jfilak>
Date:   Thu Sep 6 11:21:30 2012 +0200

    rhbz#852760: fix loop condition in generation of oops duphash
    
    Signed-off-by: Jakub Filak <jfilak>
Comment 5 Jakub Filak 2012-09-06 13:37:28 UTC 
*** Bug 831197 has been marked as a duplicate of this bug. ***
Comment 6 Fedora Update System 2012-09-24 14:30:59 UTC 
abrt-2.0.13-1.fc18,libreport-2.0.14-1.fc18,btparser-0.19-1.fc18 has been submitted as an update for Fedora 18.
https://admin.fedoraproject.org/updates/abrt-2.0.13-1.fc18,libreport-2.0.14-1.fc18,btparser-0.19-1.fc18
Comment 7 Fedora Update System 2012-09-24 20:03:05 UTC 
Package abrt-2.0.13-1.fc18, libreport-2.0.14-1.fc18, btparser-0.19-1.fc18:
* should fix your issue,
* was pushed to the Fedora 18 testing repository,
* should be available at your local mirror within two days.
Update it with:
# su -c 'yum update --enablerepo=updates-testing abrt-2.0.13-1.fc18 libreport-2.0.14-1.fc18 btparser-0.19-1.fc18'
as soon as you are able to.
Please go to the following url:
https://admin.fedoraproject.org/updates/FEDORA-2012-14679/abrt-2.0.13-1.fc18,libreport-2.0.14-1.fc18,btparser-0.19-1.fc18
then log in and leave karma (feedback).
Comment 8 Fedora Update System 2012-09-25 10:05:30 UTC 
abrt-2.0.13-1.fc17,libreport-2.0.14-1.fc17,btparser-0.19-1.fc17 has been submitted as an update for Fedora 17.
https://admin.fedoraproject.org/updates/abrt-2.0.13-1.fc17,libreport-2.0.14-1.fc17,btparser-0.19-1.fc17
Comment 9 Martin Wilck 2012-10-16 15:08:58 UTC 
abrt 2.0.13-1.fc17 still generates false duplicates.

See https://bugzilla.redhat.com/show_bug.cgi?id=758635#c15, https://bugzilla.redhat.com/show_bug.cgi?id=758635#c16. 

bug #758635 was classified as a duplicate of bug #739315, but it's clearly not, as a simple comparison of the crash function reveals:

crash_function: shell_network_agent_set_password (758635)
crash_function: st_widget_get_theme_node (739315)

Looking at the long list of duplicates in https://bugzilla.redhat.com/show_bug.cgi?id=758635#c15, I strongly suggest checking them all manually, as aber clearly isn't yet up to the task of understanding and meaningfully comparing complex backtraces.
Comment 10 Jakub Filak 2012-11-21 16:09:51 UTC 
(In reply to comment #9)
> abrt 2.0.13-1.fc17 still generates false duplicates.
> 
> See https://bugzilla.redhat.com/show_bug.cgi?id=758635#c15,
> https://bugzilla.redhat.com/show_bug.cgi?id=758635#c16. 
> 
> bug #758635 was classified as a duplicate of bug #739315, but it's clearly
> not, as a simple comparison of the crash function reveals:
> 
> crash_function: shell_network_agent_set_password (758635)
> crash_function: st_widget_get_theme_node (739315)
> 
> Looking at the long list of duplicates in
> https://bugzilla.redhat.com/show_bug.cgi?id=758635#c15, I strongly suggest
> checking them all manually, as aber clearly isn't yet up to the task of
> understanding and meaningfully comparing complex backtraces.

Hello Martin,

sorry for the late response. Your are probably right but it is another issue. AFAIK abrt doesn't generate false duplicates for kernel oopses.
Comment 11 Martin Wilck 2012-11-26 11:55:01 UTC 
(In reply to comment #10)

> sorry for the late response. Your are probably right but it is another
> issue. AFAIK abrt doesn't generate false duplicates for kernel oopses.

Are you suggesting that I open a new bugzilla?
Comment 12 Fedora Update System 2012-12-20 15:40:26 UTC 
abrt-2.0.13-1.fc18, libreport-2.0.14-1.fc18, btparser-0.19-1.fc18 has been pushed to the Fedora 18 stable repository.  If problems still persist, please make note of it in this bug report.