Bug 428818 - Kernel oops (wvdial via rfcomm/bluetooth)
Kernel oops (wvdial via rfcomm/bluetooth)
Status: CLOSED CURRENTRELEASE
Product: Fedora
Classification: Fedora
Component: kernel (Show other bugs)
rawhide
i386 Linux
low Severity high
: ---
: ---
Assigned To: Kernel Maintainer List
Fedora Extras Quality Assurance
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2008-01-15 08:32 EST by denis ivanov
Modified: 2008-01-30 12:22 EST (History)
0 users

See Also:
Fixed In Version: kernel-2.6.24-2.fc9.i686
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2008-01-30 12:22:50 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description denis ivanov 2008-01-15 08:32:05 EST
Description of problem:

BUG: unable to handle kernel NULL pointer dereference at virtual address 00000098
printing eip: c063cd09 *pde = 7f097067
Oops: 0002 [#1] SMP

Pid: 2289, comm: wvdial Not tainted (2.6.24-0.150.rc7.git4.fc9 #1)
EIP: 0060:[<c063cd09>] EFLAGS: 00010006 CPU: 1
EIP is at mutex_lock_nested+0x82/0x282
EAX: 012801e4 EBX: f2e6a8f0 ECX: 00000000 EDX: f2262000
ESI: 00000094 EDI: 00000246 EBP: f2b6be20 ESP: f2b6bde8
 DS: 007b ES: 007b FS: 00d8 GS: 0033 SS: 0068
Process wvdial (pid: 2289, ti=f2b6b000 task=f2262000 task.ti=f2b6b000)
Stack: c063cc6a f2e7b098 f2b6be00 c04ce5a7 00000000 f2262000 f2b6be18 00000246
       f2e7a000 f2e6a8f0 f2b6be20 f2e6a8f0 c073dba0 f235de70 f2b6be34 c04ce5a7
       f79a0b58 f737e7d0 f235de70 f2b6be58 c04ce77f f727a9a8 f737e7d0 c6349120
Call Trace:
 [<c040649a>] show_trace_log_lvl+0x1a/0x2f
 [<c040654a>] show_stack_log_lvl+0x9b/0xa3
 [<c04065f9>] show_registers+0xa7/0x178
 [<c04067ff>] die+0x135/0x220
 [<c063ff63>] do_page_fault+0x553/0x631
 [<c063e5ea>] error_code+0x72/0x78
 [<c04ce5a7>] sysfs_get_dentry+0x3e/0x78
 [<c04ce77f>] sysfs_move_dir+0x59/0x1cd
 [<c0504579>] kobject_move+0xa9/0xf4
 [<c0579ece>] device_move+0x52/0xed
 [<f8c2f139>] rfcomm_tty_close+0x29/0x7e [rfcomm]
 [<c055811d>] release_dev+0x1fc/0x5a9
 [<c05584dc>] tty_release+0x12/0x1c
 [<c0493644>] __fput+0xbe/0x16a
 [<c0493907>] fput+0x17/0x19
 [<c0490d3e>] filp_close+0x54/0x5c
 [<c0491f5e>] sys_close+0x76/0xb2
 [<c0405252>] syscall_call+0x7/0xb
 =======================
Code: c0 ba 87 00 00 00 b8 62 d8 6d c0 e8 12 43 dc ff 9c 58 0f 1f 84 00 00 00 00
00 89 c7 fa 0f 1f 84 00 00 00 00 00 90 e8 d5 d8 e0 ff <f0> fe 4e 04 79 0a f3 90
80 7e 04 00 7e f8 eb f0 39 76 34 74 26
EIP: [<c063cd09>] mutex_lock_nested+0x82/0x282 SS:ESP 0068:f2b6bde8
---[ end trace e2b7a88b349f76c2 ]---


Version-Release number of selected component (if applicable):

fedora rawhide on core duo
kernel-2.6.24-0.150.rc7.git4.fc9

Linux linux 2.6.24-0.150.rc7.git4.fc9 #1 SMP Sat Jan 12 11:44:09 EST 2008 i686
i686 i386 GNU/Linux


How reproducible:

my wvdial reconnects automatically when bluetooth phone on the range

after few (10-20) reconnects kernel oops coming and even killall -9 wvdial can't
kill process to restart new...
 

Additional info:

Kernel 2.6.23.1 no have this problem
kernel-2.6.24-0.138.rc7.fc9 have the same oops
Comment 1 denis ivanov 2008-01-15 08:54:21 EST
More strange oops...

=============================================================================
BUG kmalloc-192 (Tainted: G      D): Poison overwritten
-----------------------------------------------------------------------------

INFO: 0xf1c6e1e8-0xf1c6e200. First byte 0x69 instead of 0x6b
INFO: Allocated in rfcomm_dev_ioctl+0xc2/0x5b1 [rfcomm] age=38440225 cpu=0 pid=2282
INFO: Freed in rfcomm_dev_destruct+0x82/0x91 [rfcomm] age=1770370 cpu=1 pid=7764
INFO: Slab 0xc1ae3810 used=11 fp=0xf1c6e1e0 flags=0x400000c3
INFO: Object 0xf1c6e1e0 @offset=480 fp=0xf1c6e0f0

Bytes b4 0xf1c6e1d0:  54 1e 00 00 3e da 2b 02 5a 5a 5a 5a 5a 5a 5a 5a
T...>�+.ZZZZZZZZ
  Object 0xf1c6e1e0:  6b 6b 6b 6b 6b 6b 6b 6b 69 6b 6b 6b 6b 6b 6b 6b
kkkkkkkkikkkkkkk
  Object 0xf1c6e1f0:  6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b
kkkkkkkkkkkkkkkk
  Object 0xf1c6e200:  69 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b
ikkkkkkkkkkkkkkk
  Object 0xf1c6e210:  6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b
kkkkkkkkkkkkkkkk
  Object 0xf1c6e220:  6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b
kkkkkkkkkkkkkkkk
  Object 0xf1c6e230:  6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b
kkkkkkkkkkkkkkkk
  Object 0xf1c6e240:  6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b
kkkkkkkkkkkkkkkk
  Object 0xf1c6e250:  6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b
kkkkkkkkkkkkkkkk
 Redzone 0xf1c6e2a0:  bb bb bb bb                                     ����     
      
 Padding 0xf1c6e2c8:  5a 5a 5a 5a 5a 5a 5a 5a                         ZZZZZZZZ 
      
Pid: 17481, comm: sh Tainted: G      D 2.6.24-0.150.rc7.git4.fc9 #1
 [<c040649a>] show_trace_log_lvl+0x1a/0x2f
 [<c0406d55>] show_trace+0x12/0x14
 [<c0407075>] dump_stack+0x6c/0x72
 [<c048d6a6>] print_trailer+0x110/0x118
 [<c048d73a>] check_bytes_and_report+0x8c/0xab
 [<c048d995>] check_object+0xc9/0x1be
 [<c048e79a>] __slab_alloc+0x43b/0x45e
 [<c048f56a>] __kmalloc+0x94/0x102
 [<c04a2084>] d_alloc+0x48/0x188
 [<c0499040>] do_lookup+0x85/0x13f
 [<c049a7f3>] __link_path_walk+0x2d4/0xb59
 [<c049b0c3>] link_path_walk+0x4b/0xc0
 [<c049b151>] path_walk+0x19/0x1b
 [<c049b3dd>] do_path_lookup+0x181/0x1e4
 [<c049bd75>] __path_lookup_intent_open+0x44/0x75
 [<c049be19>] path_lookup_open+0x21/0x27
 [<c049bf05>] open_namei+0x6a/0x554
 [<c049106f>] do_filp_open+0x26/0x3b
 [<c04910c9>] do_sys_open+0x45/0xc4
 [<c0491180>] sys_open+0x1c/0x1e
 [<c0405252>] syscall_call+0x7/0xb
 =======================
FIX kmalloc-192: Restoring 0xf1c6e1e8-0xf1c6e200=0x6b

FIX kmalloc-192: Marking all objects used
Comment 2 denis ivanov 2008-01-18 13:20:17 EST
kernel-2.6.24-0.155.rc7.git6.fc9

the same problem
Comment 3 denis ivanov 2008-01-23 12:57:13 EST
kernel-2.6.24-0.157.rc8.fc9

the same and some new

After the kernel oops (see below) I'm trying to rfcomm bind and have new errors
in dmesg:

 =======================
kobject_add failed for rfcomm2 with -EEXIST, don't try to register things with
the same name in the same directory.
Pid: 23018, comm: rfcomm Tainted: G      D 2.6.24-0.157.rc8.fc9 #1
 [<c04064b6>] show_trace_log_lvl+0x1a/0x2f
 [<c0406d71>] show_trace+0x12/0x14
 [<c0407091>] dump_stack+0x6c/0x72
 [<c050477e>] kobject_add+0x14d/0x17b
 [<c057a723>] device_add+0x8a/0x451
 [<c057aafc>] device_register+0x12/0x15
 [<c057ad6b>] device_create+0x77/0x98
 [<c0556a57>] tty_register_device+0xb8/0xc0
 [<f8c88a57>] rfcomm_dev_ioctl+0x243/0x5b1 [rfcomm]
 [<f8c8745d>] rfcomm_sock_ioctl+0x21/0x31 [rfcomm]
 [<c05cb81b>] sock_ioctl+0x1ca/0x1eb
 [<c049d026>] do_ioctl+0x22/0x67
 [<c049d2b4>] vfs_ioctl+0x249/0x25c
 [<c049d309>] sys_ioctl+0x42/0x5d
 [<c040526e>] syscall_call+0x7/0xb
Comment 4 denis ivanov 2008-01-28 06:27:05 EST
Seems no bug with kernel-2.6.24-2.fc9.i686

Let me test it with few days. ;)

Also please can somebody inform me where is better to report kernel bugs?
Seems nobody read this bug report... ?
Comment 5 denis ivanov 2008-01-30 12:22:50 EST
Seems no more oops with 2.6.24 release.
Closing the bug.

Note You need to log in before you can comment on or make changes to this bug.