Bug 867952

Summary: [abrt]: BUG: unable to handle kernel NULL pointer dereference at 0000000000000028
Product: [Fedora] Fedora Reporter: lars <lars>
Component: kernelAssignee: Stanislaw Gruszka <sgruszka>
Status: CLOSED NEXTRELEASE QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: 17CC: gansalmon, itamar, jforbes, jonathan, jwboyer, kernel-maint, madhu.chinakonda, sgruszka, zeleny.ales
Target Milestone: ---   
Target Release: ---   
Hardware: x86_64   
OS: Unspecified   
Whiteboard: abrt_hash:01fd66877466b5cba515672533216ad0a735d84f
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2012-10-29 15:31:46 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Attachments:
Description Flags
Call trace with debug kernel
none
0001-USB-fix-port-probing-and-removal-in-garmin_gps.patch none

Description lars@bistromatic.de 2012-10-18 16:27:07 UTC 
Description of problem:
Start libvirtd
Start Windows XP VM via virt-manager


Additional info:
libreport version: 2.0.14
abrt_version:   2.0.13
cmdline:        BOOT_IMAGE=/vmlinuz-3.6.1-1.fc17.x86_64 root=UUID=d04ae641-b162-4c9b-a304-cc8b64c04872 ro rd.md=0 rd.lvm=0 rd.dm=0 KEYTABLE=us SYSFONT=latarcyrheb-sun16 rhgb rd.luks=0 LANG=en_US.UTF-8
kernel:         3.6.1-1.fc17.x86_64

backtrace:
:BUG: unable to handle kernel NULL pointer dereference at 0000000000000028
:IP: [<ffffffff8106b773>] lock_timer_base.isra.39+0x23/0x70
:PGD 0 
:Oops: 0000 [#1] SMP 
:Modules linked in: ebtable_nat ebtables ipt_MASQUERADE iptable_nat nf_nat xt_CHECKSUM iptable_mangle bridge stp llc fuse it87 hwmon_vid ip6t_REJECT nf_conntrack_ipv6 nf_defrag_ipv6 ip6table_filter ip6_tables nf_conntrack_netbios_ns nf_conntrack_broadcast nf_conntrack_ipv4 nf_defrag_ipv4 xt_state nf_conntrack garmin_gps rc_dib0700_rc5 raid1 iTCO_wdt iTCO_vendor_support ppdev dvb_usb_dib0700 dib8000 dib7000m dib0090 dib0070 dib7000p dib3000mc dibx000_common dvb_usb dvb_core rc_core snd_hda_codec_hdmi coretemp microcode usblp i2c_i801 lpc_ich mfd_core snd_hda_codec_realtek snd_seq snd_seq_device r8169 mii snd_hda_intel snd_hda_codec snd_hwdep snd_pcm snd_page_alloc snd_timer snd soundcore parport_pc parport vhost_net tun macvtap macvlan kvm_intel kvm uinput nfsd auth_rpcgss nfs_acl lockd sunrpc firewire_ohci firewire_core crc_itu_t radeon i2c_algo_bit drm_kms_helper ttm drm i2c_core
:CPU 1 
:Pid: 2167, comm: qemu-kvm Not tainted 3.6.1-1.fc17.x86_64 #1 Gigabyte Technology Co., Ltd. EP35-DS3P/EP35-DS3P
:RIP: 0010:[<ffffffff8106b773>]  [<ffffffff8106b773>] lock_timer_base.isra.39+0x23/0x70
:RSP: 0018:ffff8801ed09bbf8  EFLAGS: 00010282
:RAX: ffff8801ed09bfd8 RBX: 0000000000000010 RCX: 0000000000000000
:RDX: 0000000000001010 RSI: ffff8801ed09bc30 RDI: 0000000000000028
:RBP: ffff8801ed09bc18 R08: ffff8802135af228 R09: 0000000000000000
:R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000010
:R13: 0000000000000028 R14: ffff8801ed09bc30 R15: 0000000000000000
:FS:  00007fd75e71ca00(0000) GS:ffff88021fc80000(0000) knlGS:0000000000000000
:CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
:CR2: 0000000000000028 CR3: 00000002128bd000 CR4: 00000000000027f0
:DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
:DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000400
:Process qemu-kvm (pid: 2167, threadinfo ffff8801ed09a000, task ffff8801fa28ae20)
:Stack:
: 0000000000000010 0000000000000010 ffff8802016a8008 ffff8802016a8000
: ffff8801ed09bc48 ffffffff8106c130 ffff8802135af220 ffff8802135af220
: 0000000000000010 0000000000000000 ffff8801ed09bc68 ffffffff8106c1ba
:Call Trace:
: [<ffffffff8106c130>] try_to_del_timer_sync+0x20/0x70
: [<ffffffff8106c1ba>] del_timer_sync+0x3a/0x60
: [<ffffffffa04a003e>] garmin_disconnect+0x3e/0x50 [garmin_gps]
: [<ffffffff8146f17d>] usb_serial_disconnect+0xdd/0x130
: [<ffffffff8143bdcd>] usb_unbind_interface+0x5d/0x1a0
: [<ffffffff813be74c>] __device_release_driver+0x7c/0xe0
: [<ffffffff813bea8c>] device_release_driver+0x2c/0x40
: [<ffffffff8143bfa0>] usb_driver_release_interface+0x90/0xa0
: [<ffffffff8143bfe7>] usb_forced_unbind_intf+0x37/0x60
: [<ffffffff81430120>] usb_reset_device+0xc0/0x190
: [<ffffffff8144363e>] usbdev_do_ioctl+0x2de/0x1070
: [<ffffffff81083120>] ? lock_hrtimer_base.isra.22+0x30/0x60
: [<ffffffff814443fe>] usbdev_ioctl+0xe/0x20
: [<ffffffff811a0bc9>] do_vfs_ioctl+0x99/0x580
: [<ffffffff81280f5a>] ? inode_has_perm.isra.31.constprop.61+0x2a/0x30
: [<ffffffff81282387>] ? file_has_perm+0x97/0xb0
: [<ffffffff8107e46b>] ? sys_timer_settime+0xbb/0x1b0
: [<ffffffff811a1149>] sys_ioctl+0x99/0xa0
: [<ffffffff816226e9>] system_call_fastpath+0x16/0x1b
:Code: 0f 1f 84 00 00 00 00 00 55 48 89 e5 48 83 ec 20 48 89 5d e0 4c 89 65 e8 4c 89 6d f0 4c 89 75 f8 66 66 66 66 90 49 89 fd 49 89 f6 <49> 8b 5d 00 49 89 dc 49 83 e4 fe 74 31 4c 89 e7 e8 28 f0 5a 00 
:RIP  [<ffffffff8106b773>] lock_timer_base.isra.39+0x23/0x70
: RSP <ffff8801ed09bbf8>
:CR2: 0000000000000028
Comment 1 Stanislaw Gruszka 2012-10-23 13:01:05 UTC 
Please install kernel-debug and try to reproduce this problem. Some more informative warning should be printed in dmesg then (about timer usage after free).
Comment 2 lars@bistromatic.de 2012-10-24 10:14:29 UTC 
Created attachment 632677 [details]
Call trace with debug kernel

This trace was generated using 3.6.2-4.fc17.x86_64.debug.

Everything else unchanged:

start libvirtd
start Windows XP VM via virt-manager
oops
Comment 3 Stanislaw Gruszka 2012-10-25 10:30:02 UTC 
This should be fixed by upstream commit:

commit db5c8b524444d4fc6b1f32d368a50a3729e50002
Author: Alan Stern <stern.edu>
Date:   Wed Oct 10 14:10:21 2012 -0400

    USB: fix port probing and removal in garmin_gps
Comment 4 Stanislaw Gruszka 2012-10-25 11:16:31 UTC 
I lunched test kernel build with above patch, please test (when it finish to compile):
http://koji.fedoraproject.org/koji/taskinfo?taskID=4625107
Comment 5 lars@bistromatic.de 2012-10-25 21:07:59 UTC 
Thanks for the fast work. That kernel fixes the problem. Everything works as expected.
Comment 6 Aleš Zelený 2012-10-28 18:30:52 UTC 
Conencted Garmin GPS was swithed to USB drive mode.

Package: kernel
OS Release: Fedora release 17 (Beefy Miracle)
Comment 7 Stanislaw Gruszka 2012-10-29 09:37:08 UTC 
Created attachment 634941 [details]
0001-USB-fix-port-probing-and-removal-in-garmin_gps.patch
Comment 8 Stanislaw Gruszka 2012-10-29 09:38:58 UTC 
Josh, please apply above patch as fix to this bug. It is already committed upstream, should be committed to 3.6 -stable soon.
Comment 9 Justin M. Forbes 2012-10-29 15:31:46 UTC 
This patch is included in 3.6.4 stable, and should make it to all releases this week.