lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date:	Thu, 21 Feb 2008 16:49:13 +0000
From:	kelk1@...cast.net (Quel Qun)
To:	"Dave Young" <hidave.darkstar@...il.com>,
	"Thomas Gleixner" <tglx@...utronix.de>
Cc:	"Marcel Holtmann" <marcel@...tmann.org>,
	LKML <linux-kernel@...r.kernel.org>,
	"Jiri Kosina" <jkosina@...e.cz>, "Ingo Molnar" <mingo@...e.hu>
Subject: Re: Kernel oops with bluetooth usb dongle


 -------------- Original message ----------------------
From: "Dave Young" <hidave.darkstar@...il.com>
> On Wed, Feb 20, 2008 at 4:11 PM, Thomas Gleixner <tglx@...utronix.de> wrote:
> > On Wed, 20 Feb 2008, Thomas Gleixner wrote:
> >  > On Tue, 19 Feb 2008, Marcel Holtmann wrote:
> >
> > > > I don't really have any idea. Nothing has been changed in this area for a
> >  > > couple of years. The command TX timeout is the timeout that indicates a
> >  > > missing answer to a command sent down to the Bluetooth chip.
> >  > >
> >  > > However this involves some atomic and tasklet stuff. Did we have some 
> changes
> >  > > that I missed and might now render this usage as broken.
> >  >
> >  > Not that I'm aware off, but this might as well be some old use after
> >  > free bug which got exposed by some unrelated change. The good news is
> >  > that it is reproducible. I'll hack up some nasty debug patch which
> >  > lets us - hopefully - decode where the timer was armed.
> >
> >  Quel, before I do that, is there any chance that you retest with the
> >  latest mainline git version ?
> >
> >  
> http://www.kernel.org/pub/linux/kernel/v2.6/snapshots/patch-2.6.25-rc2-git4.bz2
> 
> And please test with this patch as well:
> 
> http://lkml.org/lkml/2008/2/20/121
> 
Same kind of result unfortunately with this last patch on top of git4:

hci_cmd_task: hci0 command tx timeout
BUG: unable to handle kernel paging request at 6b6b6b6b
IP: [<c012d22f>] get_next_timer_interrupt+0xf6/0x1fc
*pde = 00000000 
Oops: 0000 [#1] SMP 
Modules linked in: hidp rfcomm l2cap nfsd exportfs nfs lockd nfs_acl sunrpc autofs4 af_packet binfmt_misc loop nls_iso8859_1 nls_cp437 vfat fat fuse snd_pcm_oss snd_mixer_oss snd_intel8x0 hci_usb snd_ac97_codec ac97_bus snd_pcm snd_timer i2c_i801 bluetooth parport_pc sr_mod snd parport i2c_core soundcore rtc_cmos pcspkr iTCO_wdt snd_page_alloc iTCO_vendor_support thermal processor button dcdbas evdev tg3 sg ide_disk piix ide_core ata_piix ahci libata sd_mod scsi_mod ext3 jbd uhci_hcd ohci_hcd ehci_hcd usbcore [last unloaded: scsi_wait_scan]

Pid: 0, comm: swapper Not tainted (2.6.25-rc2-git4kk1 #1)
EIP: 0060:[<c012d22f>] EFLAGS: 00010002 CPU: 0
EIP is at get_next_timer_interrupt+0xf6/0x1fc
EAX: 6b6b6b6b EBX: 3fffa098 ECX: c0430714 EDX: 6b6b6b6b
ESI: 00000021 EDI: c043060c EBP: c03aff58 ESP: c03aff20
 DS: 007b ES: 007b FS: 00d8 GS: 0000 SS: 0068
Process swapper (pid: 0, ti=c03ae000 task=c03803a0 task.ti=c03ae000)
Stack: ffffa100 ffffa098 c042fe00 00000000 00000001 00000021 00ffffa1 c043060c 
       c043080c c0430a0c c0430c0c c18090c0 299c0e00 ffffa098 c03aff9c c013fa28 
       29ab5040 c03803a0 c0380510 c180c200 299c44e8 00000040 299c0e00 00000040 
Call Trace:
 [<c013fa28>] ? tick_nohz_stop_sched_tick+0x130/0x337
 [<c013fd2b>] ? tick_nohz_restart_sched_tick+0xfc/0x139
 [<c0103918>] ? default_idle+0x0/0x7f
 [<c0103789>] ? cpu_idle+0x34/0x100
 [<c02e2d39>] ? rest_init+0x49/0x50
 =======================
Code: 8d e0 8b 45 e0 83 e0 3f 89 45 dc 89 c6 8b 04 f7 8b 10 0f 18 02 90 8d 0c f7 39 c8 0f 84 82 00 00 00 8b 40 08 39 d8 0f 48 d8 89 d0 <8b> 12 0f 18 02 90 39 c1 75 ec c7 45 d4 01 00 00 00 8b 7d dc 85 
EIP: [<c012d22f>] get_next_timer_interrupt+0xf6/0x1fc SS:ESP 0068:c03aff20
---[ end trace bb6b2d4df944b938 ]---
Kernel panic - not syncing: Attempted to kill the idle task!

# addr2line -e vmlinux c012d22f
/usr/src/linux-2.6.25-rc2kk1/kernel/timer.c:721

721:			list_for_each_entry(nte, varp->vec + slot, entry) {
722:				found = 1;
723:				if (time_before(nte->expires, expires))
724:					expires = nte->expires;
725:			}

--
Eric
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists