Bug 921659 - [abrt]: BUG: unable to handle kernel NULL pointer dereference at 0000000000000040
Summary: [abrt]: BUG: unable to handle kernel NULL pointer dereference at 000000000000...
Keywords:
Status: CLOSED DUPLICATE of bug 957500
Alias: None
Product: Fedora
Classification: Fedora
Component: kernel
Version: 18
Hardware: x86_64
OS: Unspecified
unspecified
unspecified
Target Milestone: ---
Assignee: Kernel Maintainer List
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard: abrt_hash:565c173be64f05190bae0db3aea...
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2013-03-14 15:33 UTC by Greg Martyn
Modified: 2013-05-07 08:58 UTC (History)
7 users (show)

Fixed In Version:
Clone Of:
Environment:
Last Closed: 2013-05-07 08:58:25 UTC
Type: ---
Embargoed:

Attachments (Terms of Use)

Description Greg Martyn 2013-03-14 15:33:56 UTC 
Description of problem:
Crashed after plugging in Kindle. One of my mice stopped working at the same time. The two USB plugs are next to eachother, so maybe that whole hub is shot. I've done that many times before without issue though.

The rest of my system seems to be functioning normally, including another (USB) mouse and keyboard that are plugged into a different hub. (My motherboard has both USB3 and USB2 ports; it looks like the USB3 ones died)

Additional info:
BUG: unable to handle kernel NULL pointer dereference at 0000000000000040
IP: [<ffffffff81492de3>] xhci_free_dev+0x63/0x160
PGD 3aee1d067 PUD 3bc5a5067 PMD 0 
Oops: 0002 [#1] SMP 
Modules linked in: ipt_MASQUERADE lockd sunrpc nf_conntrack_netbios_ns nf_conntrack_broadcast ppdev parport_pc parport fuse ip6table_mangle ip6t_REJECT nf_conntrack_ipv6 nf_defrag_ipv6 iptable_nat nf_nat_ipv4 nf_nat iptable_mangle nf_conntrack_ipv4 nf_defrag_ipv4 xt_conntrack nf_conntrack ebtable_filter ebtables ip6table_filter rfcomm ip6_tables bnep iTCO_wdt iTCO_vendor_support binfmt_misc snd_hda_codec_hdmi snd_hda_codec_realtek eeepc_wmi asus_wmi sparse_keymap coretemp kvm_intel kvm microcode i2c_i801 serio_raw lpc_ich mfd_core btusb bluetooth rfkill snd_hda_intel snd_hda_codec snd_hwdep snd_seq snd_seq_device snd_pcm r8169 uinput bcma mii snd_page_alloc snd_timer e1000e snd mei soundcore i915 crc32c_intel i2c_algo_bit ghash_clmulni_intel drm_kms_helper drm mxm_wmi i2c_core wmi video
CPU 6 
Pid: 55, comm: khubd Not tainted 3.8.2-206.fc18.x86_64 #1 System manufacturer System Product Name/P8Z77-V DELUXE
RIP: 0010:[<ffffffff81492de3>]  [<ffffffff81492de3>] xhci_free_dev+0x63/0x160
RSP: 0018:ffff88040922fd38  EFLAGS: 00010246
RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000000
RDX: ffff8804095fb000 RSI: ffff8802e82e6000 RDI: ffff880404c37c00
RBP: ffff88040922fd78 R08: 0000000000000001 R09: ffffffff818762ae
R10: 0000000000000000 R11: 00000000000004b2 R12: 0000000000000000
R13: ffff8802e82e6000 R14: ffff8804095fb000 R15: 0000000000000040
FS:  0000000000000000(0000) GS:ffff88041fb80000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000000000000040 CR3: 00000003b1bd5000 CR4: 00000000000407e0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000400
Process khubd (pid: 55, threadinfo ffff88040922e000, task ffff8804090ec620)
Stack:
 ffff880404835800 ffff880404c37c00 ffff8804048dc000 0000000000000001
 ffff880404835800 ffff8802e82e6000 ffff8804048dc000 00000000ffffff00
 ffff88040922feb8 ffffffff814623f5 0000000000000000 ffff88041fb8e8f0
Call Trace:
 [<ffffffff814623f5>] hub_thread+0x695/0x1770
 [<ffffffff810828a0>] ? wake_up_bit+0x40/0x40
 [<ffffffff81461d60>] ? usb_remote_wakeup+0x70/0x70
 [<ffffffff81081f90>] kthread+0xc0/0xd0
 [<ffffffff81010000>] ? ftrace_define_fields_xen_mc_entry+0xa0/0xf0
 [<ffffffff81081ed0>] ? kthread_create_on_node+0x120/0x120
 [<ffffffff816584ac>] ret_from_fork+0x7c/0xb0
 [<ffffffff81081ed0>] ? kthread_create_on_node+0x120/0x120
Code: ff ff 83 f8 ed 0f 85 e5 00 00 00 49 63 85 a8 04 00 00 31 db 4d 8b a4 c6 10 01 00 00 4d 8d 7c 24 40 0f 1f 80 00 00 00 00 48 63 c3 <41> 83 27 fb 83 c3 01 48 69 c0 e8 00 00 00 49 81 c7 e8 00 00 00 
RIP  [<ffffffff81492de3>] xhci_free_dev+0x63/0x160
 RSP <ffff88040922fd38>
CR2: 0000000000000040
Comment 1 Greg Martyn 2013-03-14 15:53:37 UTC 
This is reproducable after rebooting. The mouse works fine until I plugin my Kindle. When I plug the kindle in, I get the "NULL pointer dereference", and the mouse stops working.
Comment 2 Josh Boyer 2013-04-11 19:31:44 UTC 
Are you still seeing this with 3.8.6?
Comment 3 Frantisek Hrbata 2013-05-07 08:58:25 UTC 
Code: ff ff 83 f8 ed 0f 85 e5 00 00 00 49 63 85 a8 04 00 00 31 db 4d 8b a4 c6 10 01 00 00 4d 8d 7c 24 40 0f 1f 80 00 00 00 00 48 63 c3 <41> 83 27 fb 83 c3 01 48 69 c0 e8 00 00 00 49 81 c7 e8 00 00 00
All code
========
   0:   ff                      (bad)
   1:   ff 83 f8 ed 0f 85       incl   -0x7af01208(%rbx)
   7:   e5 00                   in     $0x0,%eax
   9:   00 00                   add    %al,(%rax)
   b:   49 63 85 a8 04 00 00    movslq 0x4a8(%r13),%rax
  12:   31 db                   xor    %ebx,%ebx
  14:   4d 8b a4 c6 10 01 00    mov    0x110(%r14,%rax,8),%r12
  1b:   00
  1c:   4d 8d 7c 24 40          lea    0x40(%r12),%r15
  21:   0f 1f 80 00 00 00 00    nopl   0x0(%rax)
  28:   48 63 c3                movslq %ebx,%rax
  2b:*  41 83 27 fb             andl   $0xfffffffb,(%r15)               <-- trapping instruction
  2f:   83 c3 01                add    $0x1,%ebx
  32:   48 69 c0 e8 00 00 00    imul   $0xe8,%rax,%rax
  39:   49 81 c7 e8 00 00 00    add    $0xe8,%r15

Code starting with the faulting instruction
===========================================
   0:   41 83 27 fb             andl   $0xfffffffb,(%r15)
   4:   83 c3 01                add    $0x1,%ebx
   7:   48 69 c0 e8 00 00 00    imul   $0xe8,%rax,%rax
   e:   49 81 c7 e8 00 00 00    add    $0xe8,%r15

virt_dev is NULL

More detailed info is here, but the problem is the same

https://bugzilla.redhat.com/show_bug.cgi?id=957500#c2

*** This bug has been marked as a duplicate of bug 957500 ***
Note You need to log in before you can comment on or make changes to this bug.