When I run gpsdrive configured to use a GPS received on /dev/rfcomm4 it causes an oops: Oops: Kernel access of bad area, sig: 11 [#1] Modules linked in: arc4(U) ieee80211_crypt_wep(U) udf(U) drm(U) hidp(U) hci_usb(U) rfcomm(U) l2cap(U) bluetooth(U) ipv6(U) nls_utf8(U) hfsplus(U) dm_mirror(U) dm_mod(U) therm_adt746x(U) parport_pc(U) lp(U) parport(U) snd_aoa_i2sbus(U) snd_powermac(U) snd_seq_dummy(U) snd_seq_oss(U) snd_seq_midi_event(U) snd_seq(U) snd_seq_device(U) snd_pcm_oss(U) snd_mixer_oss(U) snd_pcm(U) sungem(U) sungem_phy(U) snd_timer(U) snd_page_alloc(U) snd(U) ide_cd(U) soundcore(U) snd_aoa_soundbus(U) ohci1394(U) cdrom(U) bcm43xx(U) ieee1394(U) ieee80211softmac(U) ieee80211(U) ieee80211_crypt(U) ext3(U) jbd(U) ehci_hcd(U) ohci_hcd(U) uhci_hcd(U) NIP: F285A240 LR: F285E8E8 CTR: C0195D1C REGS: eb2d9be0 TRAP: 0300 Not tainted (2.6.18-1.2849.fc6) MSR: 00009032 <EE,ME,IR,DR> CR: 28004444 XER: 20000000 DAR: 00000018, DSISR: 40000000 TASK = eb4ead30[3616] 'gpsdrive' THREAD: eb2d8000 GPR00: F285E8E8 EB2D9C90 EB4EAD30 00000000 00000001 0000000E 00000003 0000000B GPR08: 00000003 00000000 00000000 F2860A58 EC9A5820 1007D1A0 10070000 10070000 GPR16: 10070000 10070000 0EF67250 0EF671B8 0EF67320 00000000 00000001 7FD374D8 GPR24: FFFFFFEF 802C7415 00000000 00000000 00002580 00000000 EB2D9D08 00000000 NIP [F285A240] rfcomm_send_rpn+0x44/0xd4 [rfcomm] LR [F285E8E8] rfcomm_tty_set_termios+0x1dc/0x1f0 [rfcomm] Call Trace: [EB2D9C90] [C002E3FC] try_to_wake_up+0x18c/0x1a4 (unreliable) [EB2D9CD0] [F285E8E8] rfcomm_tty_set_termios+0x1dc/0x1f0 [rfcomm] [EB2D9D00] [C019CE24] change_termios+0x278/0x2c8 [EB2D9D50] [C019D2C0] set_termios+0x284/0x2c0 [EB2D9DA0] [C019D8AC] n_tty_ioctl+0x5b0/0xc00 [EB2D9E00] [C0199AEC] tty_ioctl+0xea8/0xf44 [EB2D9ED0] [C00A433C] do_ioctl+0x6c/0x84 [EB2D9EE0] [C00A4734] vfs_ioctl+0x3e0/0x414 [EB2D9F10] [C00A47D0] sys_ioctl+0x68/0x98 [EB2D9F40] [C0011C0C] ret_from_syscall+0x0/0x38 --- Exception: c01 at 0xf551de4 LR = 0x1003653c Instruction dump: 5508177a 7d083b78 55291eb8 bf010020 3b00ffef 54a7163a 90010044 7d084b78 60e70003 8b61004b 38a0000e 8b41004f <83a30018> a3210052 57bd083c 9b610011 Further attempts to open /dev/rfcomm4 give -EIO. Will reboot and attempt to strace gpsdrive when this happens -- it seems repeatable.
open("/dev/rfcomm4", O_RDWR|O_NOCTTY) = 7 ioctl(7, TCGETS, {B115200 -opost -isig -icanon -echo ...}) = 0 ioctl(7, TCSETSW
I can't see the actual kernel version in the oops. What kernel is this, because the latest Fedora Core 6 kernel might already fix this.
REGS: eb2d9be0 TRAP: 0300 Not tainted (2.6.18-1.2849.fc6) (gdb) list *rfcomm_send_rpn+0x44 0x240 is in rfcomm_send_rpn (net/bluetooth/rfcomm/core.c:842). 837 " flwc_s 0x%x xon_c 0x%x xoff_c 0x%x p_mask 0x%x", 838 s, cr, dlci, bit_rate, data_bits, stop_bits, parity, 839 flow_ctrl_settings, xon_char, xoff_char, param_mask); 840 841 hdr = (void *) ptr; ptr += sizeof(*hdr); 842 hdr->addr = __addr(s->initiator, 0); 843 hdr->ctrl = __ctrl(RFCOMM_UIH, 0); 844 hdr->len = __len8(sizeof(*mcc) + sizeof(*rpn)); 845 846 mcc = (void *) ptr; ptr += sizeof(*mcc); Looks like 's' is zero. The fault was at address 0x18. (Sorry, snipped that bit) Unable to handle kernel paging request for data at address 0x00000018 Will reproduce with debugging enabled.
Created attachment 141568 [details] Patch to check for session pointer
rfcomm_tty_open: tty ea723800 id 4 rfcomm_tty_open: dev c0d46f60 dst DF:12:10:F7:15:00 channel 1 opened 1 rfcomm_tty_ioctl: tty ea723800 cmd 0x402c7413 rfcomm_tty_ioctl: TCGETS is not supported rfcomm_tty_ioctl: tty ea723800 cmd 0x802c7415 rfcomm_tty_chars_in_buffer: tty ea723800 dev c0d46f60 rfcomm_tty_wait_until_sent: tty ea723800 timeout 2147483647 rfcomm_tty_set_termios: tty ea723800 termios e5c37d08 rfcomm_tty_set_termios: Parity is OFF rfcomm_tty_set_termios: XOFF custom rfcomm_tty_set_termios: XON custom rfcomm_send_rpn: 00000000 cr 1 dlci 2 bit_r 0x3 data_b 0x3 stop_b 0x0 parity 0x0 flwc_s 0x0 xon_c 0x0 xoff_c 0x0 p_mask 0x61 Unable to handle kernel paging request for data at address 0x00000018 Faulting instruction address: 0xf284f360 Oops: Kernel access of bad area, sig: 11 [#1] Modules linked in: arc4(U) ieee80211_crypt_wep(U) udf(U) drm(U) hidp(U) hci_usb(U) rfcomm(U) l2cap(U) bluetooth(U) ipv6(U) nls_utf8(U) hfsplus(U) dm_mirror(U) dm_mod(U) therm_adt746x(U) parport_pc(U) lp(U) parport(U) snd_aoa_i2sbus(U) snd_powermac(U) snd_seq_dummy(U) snd_seq_oss(U) snd_seq_midi_event(U) snd_seq(U) snd_seq_device(U) snd_pcm_oss(U) snd_mixer_oss(U) snd_pcm(U) snd_timer(U) snd_page_alloc(U) snd(U) soundcore(U) ohci1394(U) snd_aoa_soundbus(U) ieee1394(U) ide_cd(U) bcm43xx(U) cdrom(U) sungem(U) sungem_phy(U) ieee80211softmac(U) ieee80211(U) ieee80211_crypt(U) ext3(U) jbd(U) ehci_hcd(U) ohci_hcd(U) uhci_hcd(U) NIP: F284F360 LR: F284F358 CTR: 00000001 REGS: e5c37ba0 TRAP: 0300 Not tainted (2.6.18-1.2849.fc6) MSR: 00009032 <EE,ME,IR,DR> CR: 28004422 XER: 00000000 DAR: 00000018, DSISR: 40000000 TASK = eb587930[3784] 'gpsdrive' THREAD: e5c36000 GPR00: F284F358 E5C37C50 EB587930 00000080 C02FD4D8 FFFFFFFF C03D0000 00000000 GPR08: C03DFA4C F2850000 FFFFFFEF C03D0000 00000000 1007D1A0 10070000 10070000 GPR16: 10070000 10070000 0EF67250 00000061 00000000 00000000 00000003 00000000 GPR24: 00000000 00000002 00000001 00000000 00000003 00000000 E5C37D08 ECAE82A0 NIP [F284F360] rfcomm_send_rpn+0x84/0x138 [rfcomm] LR [F284F358] rfcomm_send_rpn+0x7c/0x138 [rfcomm] Call Trace: [E5C37C50] [F284F358] rfcomm_send_rpn+0x7c/0x138 [rfcomm] (unreliable) [E5C37CC0] [F2854904] rfcomm_tty_set_termios+0x2d8/0x2ec [rfcomm] [E5C37D00] [C019CE24] change_termios+0x278/0x2c8 [E5C37D50] [C019D2C0] set_termios+0x284/0x2c0 [E5C37DA0] [C019D8AC] n_tty_ioctl+0x5b0/0xc00 [E5C37E00] [C0199AEC] tty_ioctl+0xea8/0xf44 [E5C37ED0] [C00A433C] do_ioctl+0x6c/0x84 [E5C37EE0] [C00A4734] vfs_ioctl+0x3e0/0x414 [E5C37F10] [C00A47D0] sys_ioctl+0x68/0x98 [E5C37F40] [C0011C0C] ret_from_syscall+0x0/0x38 --- Exception: c01 at 0xf551de4 LR = 0x1003653c Instruction dump: 7ec8b378 92e1000c 7f89e378 7faaeb78 92a10010 38847db4 386383d8 92810014 92610018 48006725 3d20f285 3940ffef <81780018> 39297904 579c07be 57bd177a <6>rfcomm_tty_close: tty ea723800 dev c0d46f60 dlc cfc16540 opened 2 rfcomm_tty_close: tty ea723800 dev c0d46f60 dlc cfc16540 opened 1
There have been a lot of RFCOMM fixes. Please re-test the latest Linus' kernel.
(This is a mass-update to all current FC6 kernel bugs in NEW state) Hello, I'm reviewing this bug list as part of the kernel bug triage project, an attempt to isolate current bugs in the Fedora kernel. http://fedoraproject.org/wiki/KernelBugTriage I am CC'ing myself to this bug, however this version of Fedora is no longer maintained. Please attempt to reproduce this bug with a current version of Fedora (presently Fedora 8). If the bug no longer exists, please close the bug or I'll do so in a few days if there is no further information lodged. Thanks for using Fedora!
Per the previous comment in this bug, I am closing it as INSUFFICIENT_DATA, since no information has been lodged for over 30 days. Please re-open this bug or file a new one if you can provide the requested data, and thanks for filing the original report!