Bug 208628
| Summary: | kernel oops with bluetooth/rfcomm | ||||||
|---|---|---|---|---|---|---|---|
| Product: | [Fedora] Fedora | Reporter: | denis ivanov <youonly> | ||||
| Component: | kernel | Assignee: | Kernel Maintainer List <kernel-maint> | ||||
| Status: | CLOSED ERRATA | QA Contact: | Fedora Extras Quality Assurance <extras-qa> | ||||
| Severity: | medium | Docs Contact: | |||||
| Priority: | medium | ||||||
| Version: | 6 | CC: | davej, jeff, wtogami | ||||
| Target Milestone: | --- | ||||||
| Target Release: | --- | ||||||
| Hardware: | i686 | ||||||
| OS: | Linux | ||||||
| Whiteboard: | |||||||
| Fixed In Version: | Doc Type: | Bug Fix | |||||
| Doc Text: | Story Points: | --- | |||||
| Clone Of: | Environment: | ||||||
| Last Closed: | 2007-11-16 22:36:20 UTC | Type: | --- | ||||
| Regression: | --- | Mount Type: | --- | ||||
| Documentation: | --- | CRM: | |||||
| Verified Versions: | Category: | --- | |||||
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||
| Cloudforms Team: | --- | Target Upstream Version: | |||||
| Embargoed: | |||||||
| Attachments: |
|
||||||
*** Bug 208626 has been marked as a duplicate of this bug. *** Created attachment 138312 [details]
Attempt to fix the NULL pointer dereference
This patch might prevent the NULL pointer dereference. Looks like some rewrites
of the TTY layer have an impact on the RFCOMM TTY support.
I've had a similar problem on the built-in adapter on my HP nc8230:
BUG: unable to handle kernel paging request at virtual address 6f746b77
printing eip: c043a487 *pde = 00000000
Oops: 0002 [#1] SMP
Modules linked in: radeon drm nf_conntrack_netbios_ns ipt_REJECT
nf_conntrack_ipv4 xt_state nf_conntrack nfnetlink xt_tcpudp iptable_filter ip_t
ables x_tables hidp rfcomm l2cap ipv6 cpufreq_ondemand acpi_cpufreq sbs
snd_intel8x0m snd_seq_dummy snd_intel8x0 snd_ac97_codec ac97_bus snd_seq_oss
snd_seq_midi_event snd_seq
snd_seq_device snd_pcm_oss snd_mixer_oss firewire_ohci firewire_core snd_pcm
ipw2200 ieee80211 sdhci crc_itu_t tifm_7xx1 keyspan usbserial snd_timer mmc_core
ieee80211_crypt ti
fm_core snd video tg3 output irda soundcore iTCO_wdt crc_ccitt joydev
iTCO_vendor_support snd_page_alloc serio_raw battery button ac parport_pc
tpm_infineon parport hci_usb tpm
sr_mod bluetooth tpm_bios sg cdrom dm_snapshot dm_zero dm_mirror dm_mod
ata_piix ata_generic libata sd_mod scsi_mod ext3 jbd mbcache ehci_hcd ohci_hcd
uhci_hcd
CPU: 0
EIP: 0060:[<c043a487>] Not tainted VLI
EFLAGS: 00010087 (2.6.23.1-42.fc8 #1)
EIP is at run_workqueue+0x4d/0x109
eax: f7c84484 ebx: f7c84480 ecx: dcc6e8b4 edx: 6f746b73
esi: dcc6e8b0 edi: 702c276c ebp: 00000000 esp: c18e6f9c
ds: 007b es: 007b fs: 00d8 gs: 0000 ss: 0068
Process events/0 (pid: 6, ti=c18e6000 task=f7c06000 task.ti=c18e6000)
Stack: c18e6fbc f7c8448c c043d5cf f7c84480 f7c84480 c043ad10 c18e6fd0 c043adca
00000000 f7c06000 c043d485 c18e6fc8 c18e6fc8 f7c84480 00000000 c043d3be
c043d386 00000000 c0405dbb c18edf1c 00000000 00000000 00000000 00000000
Call Trace:
[<c043d5cf>] prepare_to_wait+0x24/0x3f
[<c043ad10>] worker_thread+0x0/0xc4
[<c043adca>] worker_thread+0xba/0xc4
[<c043d485>] autoremove_wake_function+0x0/0x35
[<c043d3be>] kthread+0x38/0x5e
[<c043d386>] kthread+0x0/0x5e
[<c0405dbb>] kernel_thread_helper+0x7/0x10
=======================
Code: 44 24 04 ad 8f 62 c0 c7 04 24 9c 35 6b c0 e8 7c 3a ff ff e8 1a c8 fc ff e9
a4 00 00 00 8d 71 fc 8b 7e 0c 89 73 18 8b 41 04 8b 11 <89> 42 0
4 89 10 b0 01 89 09 89 49 04 86 03 fb 90 8d b4 26 00 00
EIP: [<c043a487>] run_workqueue+0x4d/0x109 SS:ESP 0068:c18e6f9c
Oops, I didn't see that this bug is from 2006... perhaps it's best closed? I see in the kernel sources that Marcel's patch has already been applied. (In reply to comment #5) > Oops, I didn't see that this bug is from 2006... perhaps it's best closed? I > see in the kernel sources that Marcel's patch has already been applied. Yes, please open a new bug. |
Description of problem: I used bluetooth (usb dongle)/rfcomm and wvdial to go online with my nokia. Currently installed kernel is kernel-2.6.18-1.2693.fc6 (from devel tree of fc6). Today morning got ppp0 down and zombie wvdial (killall -9 wvdial can't kill!). BUG: unable to handle kernel NULL pointer dereference at virtual address 00000018 Version-Release number of selected component (if applicable): kernel-2.6.18-1.2693.fc6 bluez-libs-3.0-3 wvdial-1.54.0-5.2.2.1 How reproducible: unable to reproduce for this moment Steps to Reproduce: 1. 2. 3. Actual results: Expected results: Additional info: dmesg: BUG: unable to handle kernel NULL pointer dereference at virtual address 00000018 printing eip: f8b51231 *pde = 2e505067 Oops: 0000 [#1] SMP last sysfs file: /class/tty/rfcomm0/dev Modules linked in: ppp_deflate zlib_deflate ppp_async crc_ccitt ppp_generic slhc i915 drm ipt_REJECT ipt_owner xt_multiport iptable_filter ip_tables x_tables tun ipw3945(U) ieee80211 ieee80211_crypt pcc_acpi(U) ipv6 rfcomm l2cap cpufreq_ondemand cryptoloop aes_i586 loop dm_mirror dm_mod video sbs i2c_ec battery asus_acpi ac parport_pc lp parport snd_hda_intel snd_hda_codec snd_seq_dummy snd_seq_oss joydev snd_seq_midi_event snd_seq snd_seq_device snd_pcm_oss snd_mixer_oss snd_pcm sg snd_timer snd i2c_i801 pcspkr i2c_core soundcore snd_page_alloc sdhci sky2 mmc_core hci_usb bluetooth serio_raw ext3 jbd ahci libata usb_storage sd_mod scsi_mod ohci_hcd uhci_hcd ehci_hcd CPU: 1 EIP: 0060:[<f8b51231>] Not tainted VLI EFLAGS: 00210282 (2.6.18-1.2693.fc6 #1) EIP is at rfcomm_send_rpn+0xb/0xa7 [rfcomm] eax: 00000000 ebx: 00000003 ecx: 00000004 edx: 00000001 esi: 00000003 edi: 00000001 ebp: d036bd98 esp: d036bd7c ds: 007b es: 007b ss: 0068 Process wvdial (pid: 32058, ti=d036b000 task=cd8f8ab0 task.ti=d036b000) Stack: 00000000 c06981d4 cd8f8ab0 00000000 00000003 00000003 00000003 d036bdf4 f8b54559 00000003 00000003 00000000 00000000 00000000 00000011 00000013 00000001 d036be08 d7b26234 00000030 00000000 0001c200 d036bd00 00200286 Call Trace: [<f8b54559>] rfcomm_tty_set_termios+0x1bb/0x1c6 [rfcomm] [<c0537362>] set_termios+0x2f1/0x336 [<c05374c8>] n_tty_ioctl+0x121/0x45a [<c0534b31>] tty_ioctl+0xcaa/0xd0b [<c0483172>] do_ioctl+0x4e/0x67 [<c04833e3>] vfs_ioctl+0x258/0x26b [<c048343d>] sys_ioctl+0x47/0x62 [<c0403fb7>] syscall_call+0x7/0xb DWARF2 unwinder stuck at syscall_call+0x7/0xb Leftover inexact backtrace: [<c0405389>] show_stack_log_lvl+0x8a/0x95 [<c04054c1>] show_registers+0x12d/0x19a [<c04056be>] die+0x190/0x293 [<c0615d8d>] do_page_fault+0x3dc/0x4a4 [<c0404be9>] error_code+0x39/0x40 [<f8b54559>] rfcomm_tty_set_termios+0x1bb/0x1c6 [rfcomm] [<c0537362>] set_termios+0x2f1/0x336 [<c05374c8>] n_tty_ioctl+0x121/0x45a [<c0534b31>] tty_ioctl+0xcaa/0xd0b [<c0483172>] do_ioctl+0x4e/0x67 [<c04833e3>] vfs_ioctl+0x258/0x26b [<c048343d>] sys_ioctl+0x47/0x62 [<c0403fb7>] syscall_call+0x7/0xb Code: 83 f2 ef 0f b6 d2 8a 92 c0 4f b5 f8 f7 d2 88 55 ef 8d 55 e8 e8 56 ff ff ff 83 c4 10 5b 5e 5d c3 55 89 e5 57 89 d7 56 53 83 ec 10 <8b> 70 18 8a 5d 0c c1 e1 02 83 c9 03 88 4d e9 01 f6 83 ce 01 83 EIP: [<f8b51231>] rfcomm_send_rpn+0xb/0xa7 [rfcomm] SS:ESP 0068:d036bd7c cat /proc/version Linux version 2.6.18-1.2693.fc6 (brewbuilder.redhat.com) (gcc version 4.1.1 20060920 (Red Hat 4.1.1-24)) #1 SMP Fri Sep 22 18:03:54 EDT 2006 cat /proc/cpuinfo |grep name model name : Genuine Intel(R) CPU T2400 @ 1.83GHz model name : Genuine Intel(R) CPU T2400 @ 1.83GHz lspci |grep -i usb 00:1d.0 USB Controller: Intel Corporation 82801G (ICH7 Family) USB UHCI #1 (rev 02) 00:1d.1 USB Controller: Intel Corporation 82801G (ICH7 Family) USB UHCI #2 (rev 02) 00:1d.2 USB Controller: Intel Corporation 82801G (ICH7 Family) USB UHCI #3 (rev 02) 00:1d.3 USB Controller: Intel Corporation 82801G (ICH7 Family) USB UHCI #4 (rev 02) 00:1d.7 USB Controller: Intel Corporation 82801G (ICH7 Family) USB2 EHCI Controller (rev 02) 0e:00.0 USB Controller: VIA Technologies, Inc. VT82xxxxx UHCI USB 1.1 Controller (rev 61) 0e:00.1 USB Controller: VIA Technologies, Inc. VT82xxxxx UHCI USB 1.1 Controller (rev 61) cat /proc/modules: cat /proc/modules ipw3945 199128 1 - Live 0xf8b6d000 ieee80211 35729 1 ipw3945, Live 0xf8b3d000 ieee80211_crypt 10561 1 ieee80211, Live 0xf8a37000 ppp_deflate 10433 0 - Live 0xf8c59000 zlib_deflate 23001 1 ppp_deflate, Live 0xf8c71000 ppp_async 16857 1 - Live 0xf8c6b000 crc_ccitt 6337 1 ppp_async, Live 0xf8c56000 ppp_generic 33541 6 ppp_deflate,ppp_async, Live 0xf8c61000 slhc 10945 1 ppp_generic, Live 0xf8c52000 i915 24129 2 - Live 0xf8bb7000 drm 74613 3 i915, Live 0xf8c39000 ipt_REJECT 9921 3 - Live 0xf8b9f000 ipt_owner 6209 1 - Live 0xf8b5c000 xt_multiport 7617 5 - Live 0xf8b1f000 iptable_filter 7361 1 - Live 0xf8aaa000 ip_tables 17925 1 iptable_filter, Live 0xf8ba6000 x_tables 18901 4 ipt_REJECT,ipt_owner,xt_multiport,ip_tables, Live 0xf8b51000 ipv6 274593 46 - Live 0xf8bbf000 rfcomm 47209 5 - Live 0xf8b60000 l2cap 32721 7 rfcomm, Live 0xf8b48000 cpufreq_ondemand 11341 2 - Live 0xf8af7000 dm_mirror 34449 0 - Live 0xf8b33000 dm_mod 63865 1 dm_mirror, Live 0xf8b22000 video 21701 0 - Live 0xf8b06000 sbs 20877 0 - Live 0xf8aff000 i2c_ec 9409 1 sbs, Live 0xf8af3000 battery 14789 0 - Live 0xf8aa5000 asus_acpi 21337 0 - Live 0xf8ac2000 ac 9669 0 - Live 0xf8a4b000 parport_pc 32229 0 - Live 0xf8ab9000 lp 17577 0 - Live 0xf89c5000 parport 41769 2 parport_pc,lp, Live 0xf8aad000 snd_hda_intel 23141 1 - Live 0xf8a98000 snd_hda_codec 158065 1 snd_hda_intel, Live 0xf8acb000 snd_seq_dummy 8133 0 - Live 0xf89e2000 snd_seq_oss 38737 0 - Live 0xf8a58000 snd_seq_midi_event 12105 1 snd_seq_oss, Live 0xf89bc000 snd_seq 59161 5 snd_seq_dummy,snd_seq_oss,snd_seq_midi_event, Live 0xf8a88000 snd_seq_device 13141 3 snd_seq_dummy,snd_seq_oss,snd_seq, Live 0xf8a15000 snd_pcm_oss 47457 0 - Live 0xf8a7b000 snd_mixer_oss 21065 2 snd_pcm_oss, Live 0xf8a30000 snd_pcm 82669 3 snd_hda_intel,snd_hda_codec,snd_pcm_oss, Live 0xf8a65000 joydev 13825 0 - Live 0xf8a10000 snd_timer 27741 2 snd_seq,snd_pcm, Live 0xf8a28000 snd 59269 9 snd_hda_intel,snd_hda_codec,snd_seq_oss,snd_seq,snd_seq_device,snd_pcm_oss,snd_mixer_oss,snd_pcm,snd_timer, Live 0xf8a3b000 sg 39269 0 - Live 0xf8a1d000 soundcore 14369 2 snd, Live 0xf89dd000 pcspkr 7489 0 - Live 0xf88fd000 snd_page_alloc 14665 2 snd_hda_intel,snd_pcm, Live 0xf89d8000 sdhci 23393 0 - Live 0xf8a09000 sky2 45269 0 - Live 0xf89cb000 i2c_i801 12237 0 - Live 0xf8991000 mmc_core 31305 1 sdhci, Live 0xf8997000 i2c_core 26321 2 i2c_ec,i2c_i801, Live 0xf8832000 hci_usb 22029 3 - Live 0xf8985000 serio_raw 11589 0 - Live 0xf8981000 bluetooth 60485 7 rfcomm,l2cap,hci_usb, Live 0xf88c8000 ext3 139001 3 - Live 0xf89e6000 jbd 64545 1 ext3, Live 0xf88ec000 ahci 23621 2 - Live 0xf88c1000 libata 105825 1 ahci, Live 0xf89a1000 usb_storage 75201 0 - Live 0xf88d8000 sd_mod 25537 3 - Live 0xf8878000 scsi_mod 142761 5 sg,ahci,libata,usb_storage,sd_mod, Live 0xf8854000 ohci_hcd 25701 0 - Live 0xf884c000 uhci_hcd 28501 0 - Live 0xf8844000 ehci_hcd 36437 0 - Live 0xf883a000