Bug 983441

Summary: [abrt] kernel BUG at kernel/timer.c:729!
Product: [Fedora] Fedora Reporter: RenĂ© <rene.schaffrath+rhbz>
Component: kernelAssignee: Kernel Maintainer List <kernel-maint>
Status: CLOSED DUPLICATE QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: 19CC: gansalmon, itamar, jonathan, kernel-maint, madhu.chinakonda
Target Milestone: ---   
Target Release: ---   
Hardware: x86_64   
OS: Unspecified   
Whiteboard: abrt_hash:da29e10a49f8f3d1f67f294ac436523edd3fc7fd
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2013-07-11 12:47:07 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description René 2013-07-11 08:49:25 UTC 
Description of problem:
Since upgrade to Fedora 19, shutting down a Windows KVM guest crashes host. The same VM worked without issues on Fedora 18.

Additional info:
reporter:       libreport-2.1.5
kernel BUG at kernel/timer.c:729!
invalid opcode: 0000 [#1] SMP 
Modules linked in: ebtable_nat xt_CHECKSUM tun bridge stp llc nf_conntrack_netbios_ns nf_conntrack_broadcast ipt_MASQUERADE ip6table_nat nf_nat_ipv6 ip6table_mangle ip6t_REJECT nf_conntrack_ipv6 nf_defrag_ipv6 iptable_nat nf_nat_ipv4 nf_nat iptable_mangle nf_conntrack_ipv4 nf_defrag_ipv4 xt_conntrack nf_conntrack ebtable_filter ebtables rfcomm ip6table_filter bnep ip6_tables uvcvideo videobuf2_vmalloc videobuf2_memops videobuf2_core btusb videodev bluetooth media snd_hda_codec_hdmi snd_hda_codec_realtek iTCO_wdt iTCO_vendor_support arc4 iwldvm acpi_cpufreq mperf coretemp mac80211 kvm_intel kvm snd_hda_intel snd_hda_codec microcode snd_hwdep snd_seq snd_seq_device joydev snd_pcm iwlwifi i2c_i801 snd_page_alloc snd_timer cfg80211 sdhci_pci sdhci lpc_ich mmc_core mfd_core e1000e mei ptp
 pps_core wmi thinkpad_acpi snd tpm_tis soundcore tpm rfkill tpm_bios uinput binfmt_misc dm_crypt crc32_pclmul crc32c_intel i915 ghash_clmulni_intel i2c_algo_bit drm_kms_helper drm i2c_core video
CPU 3 
Pid: 2567, comm: qemu-system-x86 Not tainted 3.9.9-301.fc19.x86_64 #1 LENOVO 2355HMG/2355HMG
RIP: 0010:[<ffffffff8163cdcb>]  [<ffffffff8163cdcb>] __mod_timer.part.39+0x4/0x6
RSP: 0018:ffff8801f3bedc08  EFLAGS: 00010246
RAX: 0000000000000000 RBX: ffff880229b6e4c0 RCX: ffffffff81ce2b70
RDX: 0000000000000000 RSI: 00000000fffdc427 RDI: ffff880229b6e4c0
RBP: ffff8801f3bedc08 R08: 00000000eb7fe8ab R09: 00000000eb0d0cfa
R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000
R13: 00000000fffdc427 R14: ffff880209024818 R15: 0000000000000000
FS:  00007f1db3305a40(0000) GS:ffff88023e2c0000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: fffff88000c1e158 CR3: 00000001ff757000 CR4: 00000000001427e0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000400
Process qemu-system-x86 (pid: 2567, threadinfo ffff8801f3bec000, task ffff8801ea3fddc0)
Stack:
 ffff8801f3bedc48 ffffffff8106d905 0000000000000000 ffff880229b6e240
 ffff880229b6e240 ffff880229b6e480 ffff880209024818 0000000000000000
 ffff8801f3bedc78 ffffffffa0676d25 0000000000000000 ffff880209024800
Call Trace:
 [<ffffffff8106d905>] mod_timer+0x1f5/0x210
 [<ffffffffa0676d25>] br_multicast_del_pg.isra.20+0x105/0x130 [bridge]
 [<ffffffffa0677948>] br_multicast_disable_port+0x58/0xc0 [bridge]
 [<ffffffffa0670cca>] br_stp_disable_port+0x9a/0xf0 [bridge]
 [<ffffffffa066f4e8>] br_device_event+0x208/0x210 [bridge]
 [<ffffffff8164ae3c>] notifier_call_chain+0x4c/0x70
 [<ffffffff810858f6>] raw_notifier_call_chain+0x16/0x20
 [<ffffffff81536ded>] call_netdevice_notifiers+0x2d/0x60
 [<ffffffff81537057>] dev_close_many+0xb7/0x100
 [<ffffffff815382a8>] rollback_registered_many+0xa8/0x210
 [<ffffffff81538441>] rollback_registered+0x31/0x40
 [<ffffffff81539418>] unregister_netdevice_queue+0x48/0x90
 [<ffffffffa06912f0>] __tun_detach+0x110/0x2b0 [tun]
 [<ffffffffa06914bd>] tun_chr_close+0x2d/0x50 [tun]
 [<ffffffff8119b1f1>] __fput+0xe1/0x230
 [<ffffffff8119b3fe>] ____fput+0xe/0x10
 [<ffffffff8107cf7f>] task_work_run+0x9f/0xe0
 [<ffffffff810139e1>] do_notify_resume+0x61/0xa0
 [<ffffffff8164f5d2>] int_signal+0x12/0x17
Code: ad de 49 89 44 24 08 49 8b 44 24 18 83 e0 03 4c 09 f0 49 89 44 24 18 e8 54 f7 a2 ff eb 95 5b 41 5c 41 5d 41 5e 5d c3 55 48 89 e5 <0f> 0b 0f 1f 44 00 00 55 48 89 e5 41 55 49 89 fd 41 54 53 53 48 
RIP  [<ffffffff8163cdcb>] __mod_timer.part.39+0x4/0x6
 RSP <ffff8801f3bedc08>
Comment 1 Josh Boyer 2013-07-11 12:47:07 UTC 

*** This bug has been marked as a duplicate of bug 980254 ***