[Bugme-new] [Bug 19982] New: NULL pointer dereferencing

bugzilla-daemon at bugzilla.kernel.org bugzilla-daemon at bugzilla.kernel.org
Sun Oct 10 05:04:45 PDT 2010


https://bugzilla.kernel.org/show_bug.cgi?id=19982

           Summary: NULL pointer dereferencing
           Product: Drivers
           Version: 2.5
    Kernel Version: 2.6.32 - 2.6.35
          Platform: All
        OS/Version: Linux
              Tree: Mainline
            Status: NEW
          Severity: high
          Priority: P1
         Component: Bluetooth
        AssignedTo: drivers_bluetooth at kernel-bugs.osdl.org
        ReportedBy: franchukrom at mail.ru
        Regression: Yes


My smartphone sometimes reboots (when some programs eats all available memory).

When it reboots when Internet is connected using bluetooth, bluetooth does not
work more, wvdial freezes and killall wvdial -s 9 does not work. I found that
it writes following text to /var/log/kern.log:
Sep 30 20:45:26 debiankomp kernel: [ 5141.956200] BUG: unable to handle kernel
NULL pointer dereference at 00000038
Sep 30 20:45:26 debiankomp kernel: [ 5141.956213] IP: [<c11d38a5>]
__sock_sendmsg+0x45/0x4e
Sep 30 20:45:26 debiankomp kernel: [ 5141.956232] *pde = 00000000 
Sep 30 20:45:26 debiankomp kernel: [ 5141.956238] Oops: 0000 [#1] SMP 
Sep 30 20:45:26 debiankomp kernel: [ 5141.956244] last sysfs file:
/sys/devices/pci0000:00/0000:00:1f.1/host1/target1:0:0/1:0:0:0/block/sr0/uevent
Sep 30 20:45:26 debiankomp kernel: [ 5141.956252] Modules linked in: udf
crc_itu_t nls_cp437 vfat fat usb_storage ppp_deflate zlib_deflate bsd_comp
ppp_async crc_ccitt ppp_generic slhc binfmt_misc rfcomm l2cap crc16 ppdev lp
ext2 nls_utf8 isofs fuse loop snd_cmipci gameport snd_pcm_oss snd_mixer_oss
nvidia(P) snd_pcm dst snd_page_alloc snd_opl3_lib snd_hwdep snd_mpu401_uart
dvb_bt8xx dvb_core ir_sony_decoder ir_jvc_decoder snd_seq_midi snd_rawmidi
ir_rc6_decoder snd_seq_midi_event snd_seq ir_rc5_decoder bt878 bttv v4l2_common
ir_nec_decoder snd_timer snd_seq_device videodev v4l1_compat i2c_algo_bit
videobuf_dma_sg videobuf_core btcx_risc ir_common ir_core snd tveeprom
processor button soundcore parport_pc parport btusb bluetooth usblp rfkill
evdev tpm_tis tpm tpm_bios pcspkr shpchp i2c_i801 rng_core i2c_core pci_hotplug
ext3 jbd mbcache sg usbhid hid sd_mod sr_mod crc_t10dif cdrom ata_generic
ata_piix libata uhci_hcd ehci_hcd fan 8139cp 8139too usbcore scsi_mod mii
thermal floppy thermal_sys nls_base [last unloaded:
Sep 30 20:45:26 debiankomp kernel: scsi_wait_scan]
Sep 30 20:45:26 debiankomp kernel: [ 5141.956390] 
Sep 30 20:45:26 debiankomp kernel: [ 5141.956399] Pid: 1889, comm: wvdial
Tainted: P            2.6.35-trunk-686 #1 845PE-W83637F/ 
Sep 30 20:45:26 debiankomp kernel: [ 5141.956405] EIP: 0060:[<c11d38a5>]
EFLAGS: 00010246 CPU: 0
Sep 30 20:45:26 debiankomp kernel: [ 5141.956412] EIP is at
__sock_sendmsg+0x45/0x4e
Sep 30 20:45:26 debiankomp kernel: [ 5141.956416] EAX: f680dc7c EBX: 00000000
ECX: f680dd48 EDX: f4e33800
Sep 30 20:45:26 debiankomp kernel: [ 5141.956422] ESI: f4e33800 EDI: f680dc7c
EBP: f680dd48 ESP: f680dc60
Sep 30 20:45:26 debiankomp kernel: [ 5141.956427]  DS: 007b ES: 007b FS: 00d8
GS: 00e0 SS: 0068
Sep 30 20:45:26 debiankomp kernel: [ 5141.956433] Process wvdial (pid: 1889,
ti=f680c000 task=f5491ce0 task.ti=f680c000)
Sep 30 20:45:26 debiankomp kernel: [ 5141.956437] Stack:
Sep 30 20:45:26 debiankomp kernel: [ 5141.956440]  00000004 f680dc7c f680c000
f680dd64 f617c400 c11d3ad4 00000004 c2008140
Sep 30 20:45:26 debiankomp kernel: [ 5141.956452] <0> f708f5a0 00000000
00000001 ffffffff 00000000 00000000 00000000 00000000
Sep 30 20:45:26 debiankomp kernel: [ 5141.956463] <0> 00000000 f5491ce0
00000000 00000000 f6e360e0 c10cedce f680dcec 00000000
Sep 30 20:45:26 debiankomp kernel: [ 5141.956476] Call Trace:
Sep 30 20:45:26 debiankomp kernel: [ 5141.956485]  [<c11d3ad4>] ?
sock_sendmsg+0x78/0x8f
Sep 30 20:45:26 debiankomp kernel: [ 5141.956495]  [<c10cedce>] ?
__find_get_block+0x14f/0x159
Sep 30 20:45:26 debiankomp kernel: [ 5141.956504]  [<c1088e7d>] ?
find_get_page+0x1d/0x6d
Sep 30 20:45:26 debiankomp kernel: [ 5141.956513]  [<c1020631>] ?
kmap_atomic_prot+0xa6/0xc1
Sep 30 20:45:26 debiankomp kernel: [ 5141.956520]  [<c10cee03>] ?
__getblk+0x2b/0x2f7
Sep 30 20:45:26 debiankomp kernel: [ 5141.956540]  [<c11d3b12>] ?
kernel_sendmsg+0x27/0x35
Sep 30 20:45:26 debiankomp kernel: [ 5141.956552]  [<f956d0df>] ?
rfcomm_send_frame+0x2e/0x35 [rfcomm]
Sep 30 20:45:26 debiankomp kernel: [ 5141.956562]  [<f956d138>] ?
rfcomm_send_disc+0x52/0x54 [rfcomm]
Sep 30 20:45:26 debiankomp kernel: [ 5141.956571]  [<f956d55a>] ?
__rfcomm_dlc_close+0x4e/0x199 [rfcomm]
Sep 30 20:45:26 debiankomp kernel: [ 5141.956581]  [<c12763be>] ?
mutex_lock+0xb/0x24
Sep 30 20:45:26 debiankomp kernel: [ 5141.956590]  [<f956d96e>] ?
rfcomm_dlc_close+0x1d/0x2e [rfcomm]
Sep 30 20:45:26 debiankomp kernel: [ 5141.956601]  [<f95709f8>] ?
rfcomm_tty_close+0x3b/0xa6 [rfcomm]
Sep 30 20:45:26 debiankomp kernel: [ 5141.956611]  [<c1194166>] ?
tty_release+0x1d7/0x4c6
Sep 30 20:45:26 debiankomp kernel: [ 5141.956618]  [<c1275ba7>] ?
schedule+0x4a0/0x4df
Sep 30 20:45:26 debiankomp kernel: [ 5141.956628]  [<c11d9505>] ?
skb_dequeue+0x40/0x46
Sep 30 20:45:26 debiankomp kernel: [ 5141.956637]  [<f9570c64>] ?
rfcomm_tty_open+0x201/0x23a [rfcomm]
Sep 30 20:45:26 debiankomp kernel: [ 5141.956646]  [<c102aeb4>] ?
default_wake_function+0x0/0x8
Sep 30 20:45:26 debiankomp kernel: [ 5141.956653]  [<c1194c40>] ?
tty_open+0x334/0x459
Sep 30 20:45:26 debiankomp kernel: [ 5141.956662]  [<c10b6c82>] ?
chrdev_open+0xfa/0x110
Sep 30 20:45:26 debiankomp kernel: [ 5141.956669]  [<c10b3428>] ?
__dentry_open+0x131/0x21a
Sep 30 20:45:26 debiankomp kernel: [ 5141.956676]  [<c10b35a1>] ?
nameidata_to_filp+0x29/0x39
Sep 30 20:45:26 debiankomp kernel: [ 5141.956682]  [<c10b6b88>] ?
chrdev_open+0x0/0x110
Sep 30 20:45:26 debiankomp kernel: [ 5141.956691]  [<c10bc572>] ?
do_last+0x35f/0x446
Sep 30 20:45:26 debiankomp kernel: [ 5141.956697]  [<c10bdaf3>] ?
do_filp_open+0x1a0/0x49c
Sep 30 20:45:26 debiankomp kernel: [ 5141.956705]  [<c10b3204>] ?
do_sys_open+0x49/0xdd
Sep 30 20:45:26 debiankomp kernel: [ 5141.956712]  [<c10b32dc>] ?
sys_open+0x1e/0x23
Sep 30 20:45:26 debiankomp kernel: [ 5141.956720]  [<c1002f1f>] ?
sysenter_do_call+0x12/0x28
Sep 30 20:45:26 debiankomp kernel: [ 5141.956725] Code: c7 43 18 00 00 00 00 89
6b 1c 8b 44 24 14 89 43 0c 89 c1 89 f0 e8 29 03 f3 ff 85 c0 75 11 8b 5e 18 89
f8 89 e9 ff 74 24 14 89 f2 <ff> 53 38 5f 5b 5e 5f 5d c3 55 57 89 d7 56 89 ce 53
89 f2 83 ec 
Sep 30 20:45:26 debiankomp kernel: [ 5141.956785] EIP: [<c11d38a5>]
__sock_sendmsg+0x45/0x4e SS:ESP 0068:f680dc60
Sep 30 20:45:26 debiankomp kernel: [ 5141.956795] CR2: 0000000000000038
Sep 30 20:45:26 debiankomp kernel: [ 5141.956802] ---[ end trace
c02da668bc28d534 ]---


My hardware: bluetooth ASUS BT-211 (ath3k kernel module) (but it fails on other
bluetooth adapters: i tested ASUS BT-211 and three different other bluetooth
adapters), Intel Celeron 1.8 Ghz (Northwood), 1280 MB RAM (DDR1), NVIDIA
GeForce 4 MX 440 AGP 8x (with proprietary driver). But I got the same bug on
different computers with different hardware.

I found that this bug does not affects debian lenny kernel 2.6.26 and debian
etch kernel 2.6.18. But I can not use these kernels now because my new ASUS
BT-211 does not works with it.

-- 
Configure bugmail: https://bugzilla.kernel.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.


More information about the Bugme-new mailing list