Bug 1562991 - [abrt] xhci_dbc_tty_unregister_driver: BUG: unable to handle kernel NULL pointer dereference at 0000000000000034
Summary: [abrt] xhci_dbc_tty_unregister_driver: BUG: unable to handle kernel NULL poin...
Keywords:
Status: CLOSED DUPLICATE of bug 1565131
Alias: None
Product: Fedora
Classification: Fedora
Component: kernel
Version: 28
Hardware: x86_64
OS: Unspecified
unspecified
unspecified
Target Milestone: ---
Assignee: Kernel Maintainer List
QA Contact: Fedora Extras Quality Assurance
URL: https://retrace.fedoraproject.org/faf...
Whiteboard: abrt_hash:06b0415604efa2ae579eda3e9f5...
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2018-04-02 21:03 UTC by sebby2k
Modified: 2018-04-16 16:52 UTC (History)
18 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2018-04-16 16:52:59 UTC
Type: ---
Embargoed:


Attachments (Terms of Use)
File: dmesg (103.68 KB, text/plain)
2018-04-02 21:03 UTC, sebby2k
no flags Details
journalctl during oops when undocking ThinkPad X1 Carbon 6th Gen from Lenovo Thinkpad Thunderbolt 3 Dock (35.16 KB, text/plain)
2018-04-09 18:52 UTC, redhat-bugs2eran
no flags Details

Description sebby2k 2018-04-02 21:03:00 UTC
Description of problem:
connecting and disconnecting thunderbolt port replicator caused this crash

Additional info:
reporter:       libreport-2.9.4
BUG: unable to handle kernel NULL pointer dereference at 0000000000000034
IP: tty_unregister_driver+0x9/0x80
PGD 0 P4D 0 
Oops: 0000 [#1] SMP PTI
Modules linked in: fuse rfcomm xt_CHECKSUM ipt_MASQUERADE nf_nat_masquerade_ipv4 tun xt_addrtype ip6t_rpfilter ip6t_REJECT nf_reject_ipv6 ip_set nfnetlink ebtable_nat ebtable_broute ip6table_nat nf_conntrack_ipv6 nf_defrag_ipv6 nf_nat_ipv6 ip6table_mangle xt_conntrack ip6table_raw br_netfilter bridge stp llc devlink overlay ip6table_security iptable_nat nf_conntrack_ipv4 nf_defrag_ipv4 nf_nat_ipv4 nf_nat nf_conntrack libcrc32c iptable_mangle iptable_raw iptable_security ebtable_filter ebtables ip6table_filter ip6_tables cmac bnep sunrpc vfat fat snd_hda_codec_hdmi snd_soc_skl snd_soc_skl_ipc snd_hda_ext_core snd_hda_codec_realtek snd_soc_sst_dsp snd_soc_sst_ipc arc4 snd_soc_acpi snd_hda_codec_generic snd_soc_core snd_compress snd_pcm_dmaengine ac97_bus intel_rapl x86_pkg_temp_thermal
 intel_powerclamp coretemp iTCO_wdt iTCO_vendor_support iwlmvm kvm_intel wmi_bmof kvm intel_wmi_thunderbolt mac80211 snd_hda_intel irqbypass intel_cstate intel_uncore snd_hda_codec intel_rapl_perf snd_usb_audio snd_hda_core snd_usbmidi_lib snd_rawmidi snd_hwdep snd_seq iwlwifi uvcvideo snd_seq_device cdc_ether snd_pcm videobuf2_vmalloc usbnet joydev btusb videobuf2_memops e1000e r8152 btrtl btbcm btintel mii cfg80211 tpm_crb videobuf2_v4l2 videobuf2_common bluetooth ptp snd_timer pps_core videodev i2c_i801 thunderbolt media nvmem_core mei_me thinkpad_acpi ucsi_acpi tpm_tis typec_ucsi processor_thermal_device tpm_tis_core ecdh_generic mei intel_pch_thermal intel_soc_dts_iosf typec tpm shpchp wmi snd soundcore int3403_thermal rfkill int340x_thermal_zone int3400_thermal acpi_thermal_rel
 acpi_pad dm_crypt uas usb_storage i915 i2c_algo_bit drm_kms_helper crct10dif_pclmul drm crc32_pclmul crc32c_intel nvme ghash_clmulni_intel nvme_core serio_raw video
CPU: 2 PID: 8382 Comm: kworker/u16:0 Not tainted 4.16.0-0.rc7.git0.1.fc28.x86_64 #1
Hardware name: LENOVO 20L9001EUS/20L9001EUS, BIOS N27ET20W (1.06 ) 01/22/2018
Workqueue: pciehp-1 pciehp_power_thread
RIP: 0010:tty_unregister_driver+0x9/0x80
RSP: 0018:ffffa179c5b2bcc8 EFLAGS: 00010246
RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000000
RDX: ffff912eb6983f80 RSI: fffff0f9c9caf640 RDI: 0000000000000000
RBP: ffff912eb4694230 R08: ffff912eb2bd9dd0 R09: 00000001801e0013
R10: ffff912eb5a5e938 R11: 0000000000000000 R12: ffff912eb4694000
R13: ffff912eb4694398 R14: 0000000000000060 R15: ffff912e23701010
FS:  0000000000000000(0000) GS:ffff912ec0480000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000000000000034 CR3: 000000015d20a002 CR4: 00000000003606e0
Call Trace:
 xhci_dbc_tty_unregister_driver+0x11/0x30
 xhci_dbc_exit+0x2a/0x40
 xhci_stop+0x50/0x1c0
 usb_remove_hcd+0xf9/0x240
 usb_hcd_pci_remove+0x67/0x130
 pci_device_remove+0x3b/0xb0
 device_release_driver_internal+0x15a/0x220
 pci_stop_bus_device+0x80/0xa0
 pci_stop_bus_device+0x2b/0xa0
 pci_stop_bus_device+0x3c/0xa0
 pci_stop_and_remove_bus_device+0xe/0x20
 pciehp_unconfigure_device+0xb8/0x160
 pciehp_disable_slot+0x51/0xd0
 pciehp_power_thread+0x82/0xa0
 process_one_work+0x187/0x340
 worker_thread+0x2e/0x380
 ? pwq_unbound_release_workfn+0xd0/0xd0
 kthread+0x112/0x130
 ? kthread_create_worker_on_cpu+0x70/0x70
 ? do_syscall_64+0x74/0x180
 ? SyS_exit+0x13/0x20
 ret_from_fork+0x35/0x40
Code: 31 e4 e8 2b 09 dd ff 48 83 4d 68 01 eb a6 e8 9f 2a b7 ff 0f 1f 44 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 53 48 89 fb <8b> 77 34 8b 7f 2c c1 e7 14 0b 7b 30 e8 96 2c d5 ff 48 c7 c7 60 
RIP: tty_unregister_driver+0x9/0x80 RSP: ffffa179c5b2bcc8
CR2: 0000000000000034

Comment 1 sebby2k 2018-04-02 21:03:20 UTC
Created attachment 1416494 [details]
File: dmesg

Comment 2 redhat-bugs2eran 2018-04-09 18:49:51 UTC
The same Oops is observed when undocking a ThinkPad X1 Carbon 6th Gen from a Thunderbolt docking station (Lenovo Thinkpad Thunderbolt 3 Dock). Running Fedora 18 beta.

The journalctl excerpt (which includes dmesg and userspace undock-related action) is attached.

Comment 3 redhat-bugs2eran 2018-04-09 18:52:59 UTC
Created attachment 1419524 [details]
journalctl during oops when undocking ThinkPad X1 Carbon 6th Gen from Lenovo Thinkpad Thunderbolt 3 Dock

Comment 4 sebby2k 2018-04-13 22:55:26 UTC
Description of problem:
crash happened when going into standby 

Version-Release number of selected component:
kernel-core-4.16.1-300.fc28

Additional info:
reporter:       libreport-2.9.4
cmdline:        BOOT_IMAGE=/vmlinuz-4.16.1-300.fc28.x86_64 root=/dev/mapper/fedora_skyline-root ro rd.lvm.lv=fedora_skyline/root rd.luks.uuid=luks-b66e85a5-f7b1-4d87-8fab-a01687e35056 rd.lvm.lv=fedora_skyline/swap rhgb quiet LANG=en_US.UTF-8
crash_function: xhci_dbc_tty_unregister_driver
kernel:         4.16.1-300.fc28.x86_64
runlevel:       N 5
type:           Kerneloops

Truncated backtrace:
BUG: unable to handle kernel NULL pointer dereference at 0000000000000034
IP: tty_unregister_driver+0x9/0x80
PGD 0 P4D 0 
Oops: 0000 [#1] SMP PTI
Modules linked in: rpcsec_gss_krb5 auth_rpcgss nfsv4 dns_resolver nfs lockd grace fscache vhost_net vhost tap fuse rfcomm veth xt_nat xt_CHECKSUM ipt_MASQUERADE nf_nat_masquerade_ipv4 tun xt_addrtype ip6t_rpfilter ip6t_REJECT nf_reject_ipv6 xt_conntrack br_netfilter devlink ip_set nfnetlink overlay ebtable_nat ebtable_broute bridge stp llc ip6table_nat nf_conntrack_ipv6 nf_defrag_ipv6 nf_nat_ipv6 ip6table_mangle ip6table_raw ip6table_security iptable_nat nf_conntrack_ipv4 nf_defrag_ipv4 nf_nat_ipv4 nf_nat cmac nf_conntrack libcrc32c iptable_mangle iptable_raw iptable_security ebtable_filter ebtables ip6table_filter ip6_tables bnep sunrpc vfat fat snd_hda_codec_hdmi arc4 intel_rapl snd_soc_skl x86_pkg_temp_thermal intel_powerclamp snd_soc_skl_ipc snd_hda_ext_core coretemp kvm_intel snd_soc_sst_dsp
 snd_soc_sst_ipc snd_soc_acpi iTCO_wdt iTCO_vendor_support snd_soc_core kvm wmi_bmof snd_hda_codec_realtek iwlmvm snd_hda_codec_generic intel_wmi_thunderbolt snd_compress snd_pcm_dmaengine ac97_bus irqbypass intel_cstate snd_hda_intel mac80211 snd_hda_codec intel_uncore snd_usb_audio intel_rapl_perf snd_hda_core snd_usbmidi_lib uvcvideo snd_hwdep snd_rawmidi snd_seq iwlwifi videobuf2_vmalloc videobuf2_memops btusb videobuf2_v4l2 snd_seq_device btrtl btbcm snd_pcm btintel i2c_i801 videobuf2_common cfg80211 bluetooth videodev thunderbolt snd_timer mei_me joydev tpm_crb media nvmem_core mei ucsi_acpi thinkpad_acpi ecdh_generic typec_ucsi shpchp processor_thermal_device intel_pch_thermal intel_soc_dts_iosf snd typec tpm_tis tpm_tis_core tpm soundcore rfkill int3403_thermal wmi int340x_thermal_zone
 int3400_thermal acpi_pad acpi_thermal_rel dm_crypt r8152 mii i915 i2c_algo_bit nvme drm_kms_helper e1000e crct10dif_pclmul crc32_pclmul crc32c_intel nvme_core drm ptp ghash_clmulni_intel pps_core serio_raw video uas usb_storage
CPU: 1 PID: 14111 Comm: kworker/u16:4 Not tainted 4.16.1-300.fc28.x86_64 #1
Hardware name: LENOVO 20L9001EUS/20L9001EUS, BIOS N27ET20W (1.06 ) 01/22/2018
Workqueue: pciehp-1 pciehp_power_thread
RIP: 0010:tty_unregister_driver+0x9/0x80
RSP: 0018:ffffbc1a056abcc8 EFLAGS: 00010246
RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000000
RDX: ffff95871a578000 RSI: ffffe371c9c7b3c0 RDI: 0000000000000000
RBP: ffff958736554230 R08: ffff958731ecf088 R09: 00000001801e0007
R10: ffff958735aa7b78 R11: 0000000000000000 R12: ffff958736554000
R13: ffff958736554398 R14: 0000000000000060 R15: ffff9586255d81d0
FS:  0000000000000000(0000) GS:ffff958740440000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000000000000034 CR3: 000000001420a005 CR4: 00000000003626e0
Call Trace:
 xhci_dbc_tty_unregister_driver+0x11/0x30
 xhci_dbc_exit+0x2a/0x40
 xhci_stop+0x50/0x1c0
 usb_remove_hcd+0xf9/0x240
 usb_hcd_pci_remove+0x67/0x130
 pci_device_remove+0x3b/0xb0
 device_release_driver_internal+0x15a/0x220
 pci_stop_bus_device+0x80/0xa0
 pci_stop_bus_device+0x2b/0xa0
 pci_stop_bus_device+0x3c/0xa0
 pci_stop_and_remove_bus_device+0xe/0x20
 pciehp_unconfigure_device+0xb8/0x160
 pciehp_disable_slot+0x51/0xd0
 pciehp_power_thread+0x82/0xa0
 process_one_work+0x187/0x340
 worker_thread+0x2e/0x380
 ? pwq_unbound_release_workfn+0xd0/0xd0
 kthread+0x112/0x130
 ? kthread_create_worker_on_cpu+0x70/0x70
 ? do_syscall_64+0x74/0x180
 ? SyS_exit_group+0x10/0x10
 ret_from_fork+0x35/0x40
Code: 31 e4 e8 1b 0b dd ff 48 83 4d 68 01 eb a6 e8 ef 2d b7 ff 0f 1f 44 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 53 48 89 fb <8b> 77 34 8b 7f 2c c1 e7 14 0b 7b 30 e8 16 2f d5 ff 48 c7 c7 60 
RIP: tty_unregister_driver+0x9/0x80 RSP: ffffbc1a056abcc8
CR2: 0000000000000034

Comment 5 redhat-bugs2eran 2018-04-14 01:40:00 UTC
On my setup the Oops happens when undocking (see above), but then the system remains functional... until the the next attempt to suspend to RAM, and *then* it hangs and needs a hard poweroff.

I'm not sure if the hang is during suspend or resume; I think I've seen both happen.

Comment 6 Laura Abbott 2018-04-16 16:52:59 UTC

*** This bug has been marked as a duplicate of bug 1565131 ***


Note You need to log in before you can comment on or make changes to this bug.