Public bug reported:
Hardy, kernel 2.6.24-21-generic (version 2.6.24-21.42). Lenovo T61 with
integrated Bluetooth.
If I use GPRS/EDGE dialup over Bluetooth, and if I suspend the laptop
without manually stopping the ppp connection, I get a kernel oops when I
try to use pppd over rfcomm again after a resume:
[ 11.710795] usb 1-1: new full speed USB device using uhci_hcd and address 57
[ 11.750164] usb 1-1: configuration #1 chosen from 1 choice
[ 13.005288] BUG: unable to handle kernel NULL pointer dereference at virtual
address 00000020
[ 13.005301] printing eip: c01d733a *pde = 00000000
[ 13.005310] Oops: 0000 [#2] SMP
[ 13.005317] Modules linked in: sha1_generic ppp_mppe iptable_nat nf_nat
nf_conntrack_ipv4 nf_conntrack nls_cp437 cifs ppp_deflate zlib_deflate bsd_comp
ppp_async crc_ccitt ppp_generic slhc hci_usb af_packet vmnet vsock(F) vmci
vmmon i915 drm rfcomm l2cap bluetooth binfmt_misc ppdev autofs4 ipv6
acpi_cpufreq cpufreq_conservative cpufreq_stats cpufreq_ondemand
cpufreq_userspace cpufreq_powersave freq_table sbs sbshc container bay dock
iptable_filter ip_tables x_tables aes_i586 dm_crypt dm_mod uinput sbp2
parport_pc lp parport joydev pcmcia snd_hda_intel snd_pcm_oss snd_mixer_oss
snd_pcm snd_page_alloc snd_hwdep arc4 snd_seq_dummy ecb snd_seq_oss blkcipher
snd_seq_midi snd_rawmidi snd_seq_midi_event snd_seq snd_timer snd_seq_device
iwl3945 serio_raw sdhci video snd mac80211 intel_agp battery ac yenta_socket
rsrc_nonstatic cfg80211 thinkpad_acpi output psmouse ricoh_mmc mmc_core
wmi_acer pcmcia_core nvram agpgart e1000e soundcore button iTCO_wdt
iTCO_vendor_support shpchp pci_hotplug evdev pcspkr ext3 jbd mbcache usbhid hid
sg sr_mod cdrom sd_mod pata_acpi ata_piix ata_generic libata ohci1394 scsi_mod
ieee1394 ehci_hcd uhci_hcd usbcore e1000 thermal processor fan fuse vesafb
fbcon tileblit font bitblit softcursor
[ 13.005501]
[ 13.005506] Pid: 866, comm: pppd Tainted: GF D (2.6.24-21-generic #1)
[ 13.005512] EIP: 0060:[<c01d733a>] EFLAGS: 00010246 CPU: 1
[ 13.005524] EIP is at sysfs_addrm_start+0x2a/0xb0
[ 13.005529] EAX: c03f8080 EBX: 00000000 ECX: 00000000 EDX: cb5cc000
[ 13.005533] ESI: cb5cdde0 EDI: cb5cddf0 EBP: 00000000 ESP: cb5cddcc
[ 13.005538] DS: 007b ES: 007b FS: 00d8 GS: 0033 SS: 0068
[ 13.005543] Process pppd (pid: 866, ti=cb5cc000 task=f7681140
task.ti=cb5cc000)
[ 13.005548] Stack: c869d160 c869d160 dfb35f30 fffffff4 c01d77ff 00000000
00000000 00000000
[ 13.005561] 00000000 c869d160 c869d160 f7c8d154 00000000 c01d7879
cb5cde08 c02152bf
[ 13.005574] c869d160 c0215783 c03c929e 00000004 eabecb60 cb5cde50
d2849578 c869d160
[ 13.005586] Call Trace:
[ 13.005611] [<c01d77ff>] create_dir+0x3f/0x90
[ 13.005639] [<c01d7879>] sysfs_create_dir+0x29/0x50
[ 13.005655] [<c02152bf>] kobject_get+0xf/0x20
[ 13.005671] [<c0215783>] kobject_add+0x93/0x1b0
[ 13.005699] [<c0215931>] kobject_register+0x21/0x50
[ 13.005715] [<c02159b2>] kobject_kset_add_dir+0x52/0xa0
[ 13.005742] [<c0280007>] device_move+0x37/0x100
[ 13.005767] [<f96afbc4>] rfcomm_tty_open+0x204/0x240 [rfcomm]
[ 13.005802] [<c0125f20>] default_wake_function+0x0/0x10
[ 13.005826] [<c0265323>] tty_open+0x143/0x2f0
[ 13.005850] [<c02651e0>] tty_open+0x0/0x2f0
[ 13.005864] [<c0194973>] chrdev_open+0xa3/0x190
[ 13.005885] [<f887a2cf>] uhci_irq+0x8f/0x160 [uhci_hcd]
[ 13.005912] [<c018fd2f>] __dentry_open+0xbf/0x1c0
[ 13.005934] [<c018fee5>] nameidata_to_filp+0x35/0x40
[ 13.005949] [<c01948d0>] chrdev_open+0x0/0x190
[ 13.005965] [<c018ff40>] do_filp_open+0x50/0x60
[ 13.005986] [<c0106f10>] do_IRQ+0x40/0x70
[ 13.006018] [<c018fbe2>] get_unused_fd_flags+0x52/0xd0
[ 13.006040] [<c018ff9c>] do_sys_open+0x4c/0xe0
[ 13.006063] [<c019006c>] sys_open+0x1c/0x20
[ 13.006077] [<c0104432>] syscall_call+0x7/0xb
[ 13.006103] [<c0310000>] unix_stream_sendmsg+0xc0/0x390
[ 13.006126] =======================
[ 13.006129] Code: 00 83 ec 10 b9 04 00 00 00 89 74 24 08 89 c6 31 c0 89 5c
24 04 89 d3 89 7c 24 0c 89 f7 f3 ab b8 80 80 3f c0 89 16 e8 46 41 14 00 <8b> 53
20 b9 d0 6e 1d c0 a1 44 f8 4d c0 89 1c 24 e8 01 e0 fc ff
[ 13.006199] EIP: [<c01d733a>] sysfs_addrm_start+0x2a/0xb0 SS:ESP
0068:cb5cddcc
[ 13.006211] ---[ end trace e04c8bc371c1b6bd ]---
This happened twice in two days. The second oops is pretty similar:
[ 38.180105] usb 3-1: new full speed USB device using uhci_hcd and address 9
[ 38.260019] usb 3-1: configuration #1 chosen from 1 choice
[ 39.328658] BUG: unable to handle kernel NULL pointer dereference at virtual
address 00000020
[ 39.328671] printing eip: c01d733a *pde = 00000000
[ 39.328679] Oops: 0000 [#2] SMP
[ 39.328686] Modules linked in: sha1_generic ppp_mppe af_packet nls_utf8
hfsplus usb_storage libusual ppp_async crc_ccitt ppp_generic slhc vmnet
vsock(F) vmci vmmon i915 drm rfcomm l2cap binfmt_misc ppdev autofs4 ipv6
acpi_cpufreq cpufreq_conservative cpufreq_stats cpufreq_ondemand
cpufreq_userspace cpufreq_powersave freq_table sbs sbshc container bay dock
iptable_filter ip_tables x_tables aes_i586 dm_crypt dm_mod uinput sbp2
parport_pc lp parport joydev pcmcia arc4 ecb hci_usb blkcipher bluetooth
battery ac iwl3945 mac80211 cfg80211 snd_hda_intel snd_pcm_oss snd_mixer_oss
video output snd_pcm snd_page_alloc snd_hwdep wmi_acer snd_seq_dummy serio_raw
button sdhci evdev thinkpad_acpi snd_seq_oss nvram psmouse snd_seq_midi
yenta_socket rsrc_nonstatic mmc_core snd_rawmidi ricoh_mmc pcmcia_core
intel_agp snd_seq_midi_event e1000e pcspkr iTCO_wdt iTCO_vendor_support agpgart
snd_seq snd_timer snd_seq_device shpchp snd pci_hotplug soundcore ext3 jbd
mbcache sg sr_mod cdrom sd_mod pata_acpi ata_piix ata_generic libata scsi_mod
ohci1394 ieee1394 ehci_hcd uhci_hcd usbcore e1000 thermal processor fan fuse
vesafb fbcon tileblit font bitblit softcursor
[ 39.328859]
[ 39.328865] Pid: 12005, comm: pppd Tainted: GF D (2.6.24-21-generic #1)
[ 39.328871] EIP: 0060:[<c01d733a>] EFLAGS: 00010246 CPU: 1
[ 39.328882] EIP is at sysfs_addrm_start+0x2a/0xb0
[ 39.328887] EAX: c03f8080 EBX: 00000000 ECX: 00000000 EDX: ea258000
[ 39.328892] ESI: ea259de0 EDI: ea259df0 EBP: 00000000 ESP: ea259dcc
[ 39.328897] DS: 007b ES: 007b FS: 00d8 GS: 0033 SS: 0068
[ 39.328903] Process pppd (pid: 12005, ti=ea258000 task=ebd865c0
task.ti=ea258000)
[ 39.328907] Stack: ebfbae20 ebfbae20 f7500900 fffffff4 c01d77ff 00000000
00000000 00000000
[ 39.328921] 00000000 ebfbae20 ebfbae20 f7c8d154 00000000 c01d7879
ea259e08 c02152bf
[ 39.328933] ebfbae20 c0215783 c03c929e 00000004 df8e7c10 ea259e50
d8fdc978 ebfbae20
[ 39.328946] Call Trace:
[ 39.328972] [<c01d77ff>] create_dir+0x3f/0x90
[ 39.328999] [<c01d7879>] sysfs_create_dir+0x29/0x50
[ 39.329013] [<c02152bf>] kobject_get+0xf/0x20
[ 39.329028] [<c0215783>] kobject_add+0x93/0x1b0
[ 39.329055] [<c0215931>] kobject_register+0x21/0x50
[ 39.329071] [<c02159b2>] kobject_kset_add_dir+0x52/0xa0
[ 39.329098] [<c0280007>] device_move+0x37/0x100
[ 39.329124] [<f969fbc4>] rfcomm_tty_open+0x204/0x240 [rfcomm]
[ 39.329160] [<c0125f20>] default_wake_function+0x0/0x10
[ 39.329184] [<c0265323>] tty_open+0x143/0x2f0
[ 39.329207] [<c02651e0>] tty_open+0x0/0x2f0
[ 39.329220] [<c0194973>] chrdev_open+0xa3/0x190
[ 39.329245] [<c018fd2f>] __dentry_open+0xbf/0x1c0
[ 39.329265] [<c018fee5>] nameidata_to_filp+0x35/0x40
[ 39.329278] [<c01948d0>] chrdev_open+0x0/0x190
[ 39.329292] [<c018ff40>] do_filp_open+0x50/0x60
[ 39.329330] [<c018fbe2>] get_unused_fd_flags+0x52/0xd0
[ 39.329351] [<c018ff9c>] do_sys_open+0x4c/0xe0
[ 39.329371] [<c019006c>] sys_open+0x1c/0x20
[ 39.329384] [<c0104432>] syscall_call+0x7/0xb
[ 39.329408] [<c0310000>] unix_stream_sendmsg+0xc0/0x390
[ 39.329430] =======================
[ 39.329433] Code: 00 83 ec 10 b9 04 00 00 00 89 74 24 08 89 c6 31 c0 89 5c
24 04 89 d3 89 7c 24 0c 89 f7 f3 ab b8 80 80 3f c0 89 16 e8 46 41 14 00 <8b> 53
20 b9 d0 6e 1d c0 a1 44 f8 4d c0 89 1c 24 e8 01 e0 fc ff
[ 39.329503] EIP: [<c01d733a>] sysfs_addrm_start+0x2a/0xb0 SS:ESP
0068:ea259dcc
[ 39.329515] ---[ end trace 495310ccc1b7862a ]---
It could be related to bug 223651, although it seems to happen when I
try to start pppd rather than immediately on resume, and the oops looks
different.
** Affects: linux (Ubuntu)
Importance: Undecided
Status: New
--
kernel oops on resume if rfcomm is used during suspend
https://bugs.launchpad.net/bugs/274937
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
