Hi,
please help me!
I have the following problem with Bluez/RFcomm:
- I use a shell script that calls 'rfcomm listen rfcomm0 3' repeatedly to
wait for a client to connect.
- Everything works fine, except that every once in a while (unfortunately
pretty often, like twice a day), the linux kernel crashes with the following
message in syslog:
Nov 18 20:31:48 localhost hcid[23340]: link_key_request
(sba=00:02:72:C5:88:A1, dba=00:12:37:8D:A3:D5)
Nov 18 20:32:28 localhost kernel: BUG: unable to handle kernel NULL pointer
dereference at virtual address 0000003c
Nov 18 20:32:28 localhost kernel: printing eip:
Nov 18 20:32:28 localhost kernel: e1ce8e85
Nov 18 20:32:28 localhost kernel: *pde = 00000000
Nov 18 20:32:28 localhost kernel: Oops: 0000 [#1]
Nov 18 20:32:28 localhost kernel: SMP
Nov 18 20:32:28 localhost kernel: Modules linked in: dv1394 ohci1394 eth1394
nvidia rfcomm l2cap lirc_serial cx8800 cx88xx bttv video_buf ir_common
compat_ioctl32 btcx_risc lirc_i2c lirc_dev ipv6 dm_mod sd_mod hci_usb
bluetooth raw1394 msp3400 mousedev saa7127 tsdev saa7115 usb_storage
snd_intel8x0 tuner snd_ac97_codec snd_ac97_bus scsi_mod snd_pcm_oss ivtv
snd_mixer_oss firmware_class snd_pcm i2c_algo_bit snd_timer ide_cd cdrom
tveeprom videodev rtc sis_agp psmouse v4l1_compat v4l2_common ohci_hcd snd
evdev parport_pc parport i2c_sis96x 8250_pnp ns558 i2c_core serio_raw sis900
mii ehci_hcd agpgart shpchp pci_hotplug analog usbcore ieee1394 pcspkr
gameport soundcore snd_page_alloc ext3 jbd mbcache ide_disk ide_generic
via82cxxx trm290 triflex slc90e66 sis5513 siimage serverworks sc1200 rz1000
piix pdc202xx_old pdc202xx_new opti621 ns87415 it821x hpt366 hpt34x generic
cy82c693 cs5535 cs5530 cs5520 cmd64x atiixp amd74xx alim15x3 aec62xx
ide_core
Nov 18 20:32:28 localhost kernel: CPU: 0
Nov 18 20:32:28 localhost kernel: EIP: 0060:[<e1ce8e85>] Tainted: PF
M VLI
Nov 18 20:32:28 localhost kernel: EFLAGS: 00010246 (2.6.18.2 #1)
Nov 18 20:32:28 localhost kernel: EIP is at
rfcomm_tty_chars_in_buffer+0x6/0x19 [rfcomm]
Nov 18 20:32:28 localhost kernel: eax: 00000000 ebx: c4591000 ecx:
00000000 edx: dda3bc00
Nov 18 20:32:28 localhost kernel: esi: 00000000 edi: c6c54a40 ebp:
c459100c esp: cd6bdc00
Nov 18 20:32:28 localhost kernel: ds: 007b es: 007b ss: 0068
Nov 18 20:32:28 localhost kernel: Process rfcomm (pid: 23351, ti=cd6bc000
task=ca605570 task.ti=cd6bc000)
Nov 18 20:32:28 localhost kernel: Stack: b01fb6e7 00124d5e c4591000 b01fb5f2
c6c54a40 b01f7943 00000000 00000000
Nov 18 20:32:28 localhost kernel: 00000000 cd6bdea0 c6c54a40 cd6bde98
b0167131 cd6bdfb0 afc02110 afc02118
Nov 18 20:32:28 localhost kernel: 00000000 cd6bde98 cd6bde98 cd6bde98
cd6bdea8 00000000 b0167bdf 00000000
Nov 18 20:32:28 localhost kernel: Call Trace:
Nov 18 20:32:28 localhost kernel: [<b01fb6e7>] normal_poll+0xf5/0x11a
Nov 18 20:32:28 localhost kernel: [<b01fb5f2>] normal_poll+0x0/0x11a
Nov 18 20:32:28 localhost kernel: [<b01f7943>] tty_poll+0x48/0x60
Nov 18 20:32:28 localhost kernel: [<b0167131>] do_sys_poll+0x1a7/0x341
Nov 18 20:32:28 localhost kernel: [<b0167bdf>] __pollwait+0x0/0xb2
Nov 18 20:32:28 localhost kernel: [<b0117295>]
default_wake_function+0x0/0xc
Nov 18 20:32:28 localhost kernel: [<b0117295>]
default_wake_function+0x0/0xc
Nov 18 20:32:28 localhost kernel: [<b016b0ed>] dput+0x1a/0x117
Nov 18 20:32:28 localhost kernel: [<b016489e>] __link_path_walk+0xb95/0xcce
Nov 18 20:32:28 localhost kernel: [<b0159351>]
__find_get_block_slow+0xfb/0x105
Nov 18 20:32:28 localhost kernel: [<b014490d>]
blockable_page_cache_readahead+0x46/0x99
Nov 18 20:32:28 localhost kernel: [<b016ad20>] __d_lookup+0x2f/0xd7
Nov 18 20:32:28 localhost kernel: [<b011728b>] try_to_wake_up+0x355/0x35f
Nov 18 20:32:28 localhost kernel: [<b01431e7>]
get_page_from_freelist+0x74/0x328
Nov 18 20:32:28 localhost kernel: [<b0115d79>] __wake_up_common+0x2f/0x53
Nov 18 20:32:28 localhost kernel: [<b016ad89>] __d_lookup+0x98/0xd7
Nov 18 20:32:28 localhost kernel: [<b01629b2>] do_lookup+0x4f/0x135
Nov 18 20:32:28 localhost kernel: [<b016b0ed>] dput+0x1a/0x117
Nov 18 20:32:28 localhost kernel: [<b016489e>] __link_path_walk+0xb95/0xcce
Nov 18 20:32:28 localhost kernel: [<b016e6df>] mntput_no_expire+0x11/0x68
Nov 18 20:32:28 localhost kernel: [<b0164a7e>] link_path_walk+0xa7/0xb1
Nov 18 20:32:28 localhost kernel: [<b01b774e>] memmove+0xe/0x22
Nov 18 20:32:28 localhost kernel: [<b02019d2>] scrup+0x8c/0xb9
Nov 18 20:32:28 localhost kernel: [<b011cde5>]
release_console_sem+0x17b/0x1b5
Nov 18 20:32:28 localhost kernel: [<b02045de>] do_con_write+0x1462/0x1493
Nov 18 20:32:28 localhost kernel: [<b01100ff>] __cpu_disable+0x1d/0xee
Nov 18 20:32:28 localhost kernel: [<b01f9c91>] tty_open+0x179/0x2f0
Nov 18 20:32:28 localhost kernel: [<b011cde5>]
release_console_sem+0x17b/0x1b5
Nov 18 20:32:28 localhost kernel: [<b013f453>] find_get_page+0x18/0x38
Nov 18 20:32:28 localhost kernel: [<b01419bf>] filemap_nopage+0x191/0x30a
Nov 18 20:32:28 localhost kernel: [<b0149d94>]
__handle_mm_fault+0x3fa/0x72e
Nov 18 20:32:28 localhost kernel: [<b01f692e>] tty_ldisc_deref+0x14/0x59
Nov 18 20:32:28 localhost kernel: [<b0115026>] do_page_fault+0x184/0x460
Nov 18 20:32:28 localhost kernel: [<b0167300>] sys_poll+0x35/0x38
Nov 18 20:32:28 localhost kernel: [<b0102c73>] syscall_call+0x7/0xb
Nov 18 20:32:28 localhost kernel: Code: 88 84 01 00 00 8b 59 3c 8b 53 5c 85
d2 b8 01 00 00 00 0f 44 d0 8b 49 64 0f af 53 50 30 c0 29 ca 0f 49 c2 5b c3
8b 80 84 01 00 00 <8b> 50 3c 8d 42 0c 31 c9 39 42 0c 74 03 8b 4a 50 89 c8 c3
c3 c3
Nov 18 20:32:28 localhost kernel: EIP: [<e1ce8e85>]
rfcomm_tty_chars_in_buffer+0x6/0x19 [rfcomm] SS:ESP 0068:cd6bdc00
Nov 18 20:32:28 localhost sdpd[23342]: terminating...
- I use kernel version 2.6.18.2
- I use debian unstable
- bluez-utils version 3.7-1
- the communication between client and bluez uses 9600 Baud and standard
parameters
Any help would be highly appreciated!
Thanks,
Axel
On Mon, Nov 20, 2006 at 10:35:04AM +0100, Marcel Holtmann wrote:
> Hi Stefan,
> =
> > > BT_DBG("tty %p dev %p", tty, dev);
> > =
> > dev used
> =
> and? It will print "(nil)" which is fine. And it is debug output anyway.
> This is not a dereference.
Ok, it just popped into my eye.
I trust you that you know much better than me what you're doing there... :-)
-- =
Stefan Seyfried
QA / R&D Team Mobile Devices | "Any ideas, John?"
SUSE LINUX Products GmbH, N=FCrnberg | "Well, surrounding them's out." =
-------------------------------------------------------------------------
Take Surveys. Earn Cash. Influence the Future of IT
Join SourceForge.net's Techsay panel and you'll get the chance to share your
opinions on IT & business topics through brief surveys - and earn cash
http://www.techsay.com/default.php?page=3Djoin.php&p=3Dsourceforge&CID=3DDE=
VDEV
_______________________________________________
Bluez-devel mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/bluez-devel
Hi Stefan,
> > so you have something to reproduce this. That is good. Please try out
> > the attached patch and report back if it fixes this for you.
>
> just in case this is supposed to go in...
>
> > diff --git a/net/bluetooth/rfcomm/tty.c b/net/bluetooth/rfcomm/tty.c
> > index b8e3a5f..46c03f8 100644
> > --- a/net/bluetooth/rfcomm/tty.c
> > +++ b/net/bluetooth/rfcomm/tty.c
> > @@ -915,12 +915,14 @@ static void rfcomm_tty_unthrottle(struct
> > static int rfcomm_tty_chars_in_buffer(struct tty_struct *tty)
> > {
> > struct rfcomm_dev *dev = (struct rfcomm_dev *) tty->driver_data;
> > - struct rfcomm_dlc *dlc = dev->dlc;
> >
> > BT_DBG("tty %p dev %p", tty, dev);
>
> dev used
and? It will print "(nil)" which is fine. And it is debug output anyway.
This is not a dereference.
Regards
Marcel
-------------------------------------------------------------------------
Take Surveys. Earn Cash. Influence the Future of IT
Join SourceForge.net's Techsay panel and you'll get the chance to share your
opinions on IT & business topics through brief surveys - and earn cash
http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV
_______________________________________________
Bluez-devel mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/bluez-devel
On Mon, Nov 20, 2006 at 09:28:07AM +0100, Marcel Holtmann wrote:
> so you have something to reproduce this. That is good. Please try out
> the attached patch and report back if it fixes this for you.
just in case this is supposed to go in...
> diff --git a/net/bluetooth/rfcomm/tty.c b/net/bluetooth/rfcomm/tty.c
> index b8e3a5f..46c03f8 100644
> --- a/net/bluetooth/rfcomm/tty.c
> +++ b/net/bluetooth/rfcomm/tty.c
> @@ -915,12 +915,14 @@ static void rfcomm_tty_unthrottle(struct
> static int rfcomm_tty_chars_in_buffer(struct tty_struct *tty)
> {
> struct rfcomm_dev *dev =3D (struct rfcomm_dev *) tty->driver_data;
> - struct rfcomm_dlc *dlc =3D dev->dlc;
> =
> BT_DBG("tty %p dev %p", tty, dev);
dev used
=
> - if (!skb_queue_empty(&dlc->tx_queue))
> - return dlc->mtu;
> + if (!dev || !dev->dlc)
dev checked.
> + return 0;
> +
> + if (!skb_queue_empty(&dev->dlc->tx_queue))
> + return dev->dlc->mtu;
> =
> return 0;
> }
> @@ -928,11 +930,12 @@ static int rfcomm_tty_chars_in_buffer(st
> static void rfcomm_tty_flush_buffer(struct tty_struct *tty)
> {
> struct rfcomm_dev *dev =3D (struct rfcomm_dev *) tty->driver_data;
> - if (!dev)
> - return;
> =
> BT_DBG("tty %p dev %p", tty, dev);
dev used
=
> + if (!dev || !dev->dlc)
dev checked....
-- =
Stefan Seyfried
QA / R&D Team Mobile Devices | "Any ideas, John?"
SUSE LINUX Products GmbH, N=FCrnberg | "Well, surrounding them's out." =
-------------------------------------------------------------------------
Take Surveys. Earn Cash. Influence the Future of IT
Join SourceForge.net's Techsay panel and you'll get the chance to share your
opinions on IT & business topics through brief surveys - and earn cash
http://www.techsay.com/default.php?page=3Djoin.php&p=3Dsourceforge&CID=3DDE=
VDEV
_______________________________________________
Bluez-devel mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/bluez-devel
_______________________________________________
Bluez-devel mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/bluez-devel