Note: This is a public test instance of Red Hat Bugzilla. The data contained within is a snapshot of the live data so any changes you make will not be reflected in the production Bugzilla. Email is disabled so feel free to test any aspect of the site that you want. File any problems you find or give feedback at bugzilla.redhat.com.
Bug 216274
Summary: | rfcomm oops | ||||||
---|---|---|---|---|---|---|---|
Product: | [Fedora] Fedora | Reporter: | David Woodhouse <dwmw2> | ||||
Component: | kernel | Assignee: | Kernel Maintainer List <kernel-maint> | ||||
Status: | CLOSED INSUFFICIENT_DATA | QA Contact: | Brian Brock <bbrock> | ||||
Severity: | medium | Docs Contact: | |||||
Priority: | medium | ||||||
Version: | 6 | CC: | jonstanley, marcel, wtogami | ||||
Target Milestone: | --- | ||||||
Target Release: | --- | ||||||
Hardware: | All | ||||||
OS: | Linux | ||||||
Whiteboard: | |||||||
Fixed In Version: | Doc Type: | Bug Fix | |||||
Doc Text: | Story Points: | --- | |||||
Clone Of: | Environment: | ||||||
Last Closed: | 2008-02-08 04:29:16 UTC | Type: | --- | ||||
Regression: | --- | Mount Type: | --- | ||||
Documentation: | --- | CRM: | |||||
Verified Versions: | Category: | --- | |||||
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||
Cloudforms Team: | --- | Target Upstream Version: | |||||
Embargoed: | |||||||
Bug Depends On: | |||||||
Bug Blocks: | 427887 | ||||||
Attachments: |
|
Description
David Woodhouse
2006-11-18 15:41:41 UTC
open("/dev/rfcomm4", O_RDWR|O_NOCTTY) = 7 ioctl(7, TCGETS, {B115200 -opost -isig -icanon -echo ...}) = 0 ioctl(7, TCSETSW I can't see the actual kernel version in the oops. What kernel is this, because the latest Fedora Core 6 kernel might already fix this. REGS: eb2d9be0 TRAP: 0300 Not tainted (2.6.18-1.2849.fc6) (gdb) list *rfcomm_send_rpn+0x44 0x240 is in rfcomm_send_rpn (net/bluetooth/rfcomm/core.c:842). 837 " flwc_s 0x%x xon_c 0x%x xoff_c 0x%x p_mask 0x%x", 838 s, cr, dlci, bit_rate, data_bits, stop_bits, parity, 839 flow_ctrl_settings, xon_char, xoff_char, param_mask); 840 841 hdr = (void *) ptr; ptr += sizeof(*hdr); 842 hdr->addr = __addr(s->initiator, 0); 843 hdr->ctrl = __ctrl(RFCOMM_UIH, 0); 844 hdr->len = __len8(sizeof(*mcc) + sizeof(*rpn)); 845 846 mcc = (void *) ptr; ptr += sizeof(*mcc); Looks like 's' is zero. The fault was at address 0x18. (Sorry, snipped that bit) Unable to handle kernel paging request for data at address 0x00000018 Will reproduce with debugging enabled. Created attachment 141568 [details]
Patch to check for session pointer
rfcomm_tty_open: tty ea723800 id 4 rfcomm_tty_open: dev c0d46f60 dst DF:12:10:F7:15:00 channel 1 opened 1 rfcomm_tty_ioctl: tty ea723800 cmd 0x402c7413 rfcomm_tty_ioctl: TCGETS is not supported rfcomm_tty_ioctl: tty ea723800 cmd 0x802c7415 rfcomm_tty_chars_in_buffer: tty ea723800 dev c0d46f60 rfcomm_tty_wait_until_sent: tty ea723800 timeout 2147483647 rfcomm_tty_set_termios: tty ea723800 termios e5c37d08 rfcomm_tty_set_termios: Parity is OFF rfcomm_tty_set_termios: XOFF custom rfcomm_tty_set_termios: XON custom rfcomm_send_rpn: 00000000 cr 1 dlci 2 bit_r 0x3 data_b 0x3 stop_b 0x0 parity 0x0 flwc_s 0x0 xon_c 0x0 xoff_c 0x0 p_mask 0x61 Unable to handle kernel paging request for data at address 0x00000018 Faulting instruction address: 0xf284f360 Oops: Kernel access of bad area, sig: 11 [#1] Modules linked in: arc4(U) ieee80211_crypt_wep(U) udf(U) drm(U) hidp(U) hci_usb(U) rfcomm(U) l2cap(U) bluetooth(U) ipv6(U) nls_utf8(U) hfsplus(U) dm_mirror(U) dm_mod(U) therm_adt746x(U) parport_pc(U) lp(U) parport(U) snd_aoa_i2sbus(U) snd_powermac(U) snd_seq_dummy(U) snd_seq_oss(U) snd_seq_midi_event(U) snd_seq(U) snd_seq_device(U) snd_pcm_oss(U) snd_mixer_oss(U) snd_pcm(U) snd_timer(U) snd_page_alloc(U) snd(U) soundcore(U) ohci1394(U) snd_aoa_soundbus(U) ieee1394(U) ide_cd(U) bcm43xx(U) cdrom(U) sungem(U) sungem_phy(U) ieee80211softmac(U) ieee80211(U) ieee80211_crypt(U) ext3(U) jbd(U) ehci_hcd(U) ohci_hcd(U) uhci_hcd(U) NIP: F284F360 LR: F284F358 CTR: 00000001 REGS: e5c37ba0 TRAP: 0300 Not tainted (2.6.18-1.2849.fc6) MSR: 00009032 <EE,ME,IR,DR> CR: 28004422 XER: 00000000 DAR: 00000018, DSISR: 40000000 TASK = eb587930[3784] 'gpsdrive' THREAD: e5c36000 GPR00: F284F358 E5C37C50 EB587930 00000080 C02FD4D8 FFFFFFFF C03D0000 00000000 GPR08: C03DFA4C F2850000 FFFFFFEF C03D0000 00000000 1007D1A0 10070000 10070000 GPR16: 10070000 10070000 0EF67250 00000061 00000000 00000000 00000003 00000000 GPR24: 00000000 00000002 00000001 00000000 00000003 00000000 E5C37D08 ECAE82A0 NIP [F284F360] rfcomm_send_rpn+0x84/0x138 [rfcomm] LR [F284F358] rfcomm_send_rpn+0x7c/0x138 [rfcomm] Call Trace: [E5C37C50] [F284F358] rfcomm_send_rpn+0x7c/0x138 [rfcomm] (unreliable) [E5C37CC0] [F2854904] rfcomm_tty_set_termios+0x2d8/0x2ec [rfcomm] [E5C37D00] [C019CE24] change_termios+0x278/0x2c8 [E5C37D50] [C019D2C0] set_termios+0x284/0x2c0 [E5C37DA0] [C019D8AC] n_tty_ioctl+0x5b0/0xc00 [E5C37E00] [C0199AEC] tty_ioctl+0xea8/0xf44 [E5C37ED0] [C00A433C] do_ioctl+0x6c/0x84 [E5C37EE0] [C00A4734] vfs_ioctl+0x3e0/0x414 [E5C37F10] [C00A47D0] sys_ioctl+0x68/0x98 [E5C37F40] [C0011C0C] ret_from_syscall+0x0/0x38 --- Exception: c01 at 0xf551de4 LR = 0x1003653c Instruction dump: 7ec8b378 92e1000c 7f89e378 7faaeb78 92a10010 38847db4 386383d8 92810014 92610018 48006725 3d20f285 3940ffef <81780018> 39297904 579c07be 57bd177a <6>rfcomm_tty_close: tty ea723800 dev c0d46f60 dlc cfc16540 opened 2 rfcomm_tty_close: tty ea723800 dev c0d46f60 dlc cfc16540 opened 1 There have been a lot of RFCOMM fixes. Please re-test the latest Linus' kernel. (This is a mass-update to all current FC6 kernel bugs in NEW state) Hello, I'm reviewing this bug list as part of the kernel bug triage project, an attempt to isolate current bugs in the Fedora kernel. http://fedoraproject.org/wiki/KernelBugTriage I am CC'ing myself to this bug, however this version of Fedora is no longer maintained. Please attempt to reproduce this bug with a current version of Fedora (presently Fedora 8). If the bug no longer exists, please close the bug or I'll do so in a few days if there is no further information lodged. Thanks for using Fedora! Per the previous comment in this bug, I am closing it as INSUFFICIENT_DATA, since no information has been lodged for over 30 days. Please re-open this bug or file a new one if you can provide the requested data, and thanks for filing the original report! |