* Linux 2.6.28-10 Oops in hci_send_to_sock
@ 2011-02-26 5:57 lundman
0 siblings, 0 replies; 3+ messages in thread
From: lundman @ 2011-02-26 5:57 UTC (permalink / raw)
To: linux-bluetooth
I apologies to bring up such an old kernel, but with embedded devices, I
do not have the ability to change kernel. I am trying to start
bluetooth, but I get a kernel panic. I have one device attached.
# insmod bluetooth.ko
# insmod l2cap.ko
# insmod btusb.ko
# insmod sco.ko
# insmod uinput.ko
# ./bluetoothd -d -n
[snip]
bluetoothd[1786]: src/main.c:main() Entering main loop
bluetoothd[1786]: plugins/hciops.c:init_known_adapters()
bluetoothd[1786]: HCI dev 0 registered
bluetoothd[1786]: plugins/hciops.c:device_devreg_setup() hci0
bluetoothd[1786]: plugins/hciops.c:init_device() hci0
bluetoothd[1786]: Listening for HCI events on hci0
bluetoothd[1786]: plugins/hciops.c:init_device() child 1789 forked
# BUG: unable to handle kernel NULL pointer dereference at 00000008
IP: [<cf107ca2>] hci_send_to_sock+0x70/0x12c [bluetooth]
*pdpt = 000000000a197001 *pde = 0000000000000000
Oops: 0000 [#1] PREEMPT
last sysfs file: /sys/class/misc/uinput/dev
Modules linked in: uinput sco btusb l2cap bluetooth fusion pvrsrvkm
alsa_shim sx
Pid: 0, comm: swapper Not tainted (2.6.28 #1)
EIP: 0060:[<cf107ca2>] EFLAGS: 00010246 CPU: 0
EIP is at hci_send_to_sock+0x70/0x12c [bluetooth]
EAX: 00000001 EBX: 00000000 ECX: 00000204 EDX: ca1eb600
ESI: cc3cbf74 EDI: 00000008 EBP: cc3cbe00 ESP: c056fef8
DS: 007b ES: 007b FS: 0000 GS: 0000 SS: 0068
Process swapper (pid: 0, ti=c056e000 task=c0531380 task.ti=c056e000)
Stack:
ca1eb600 ca3a6400 cc3cbe08 00000000 ca1eb600 ca3a6400 0000000a cf103299
cc011380 00000001 00000040 cc011490 0000012c 00000000 00000000 00000014
00000102 0000000a c011ee03 00000001 c011ec7e cfb49f40 cfb2b989 00000004
Call Trace:
[<cf103299>] hci_rx_task+0x2a/0x209 [bluetooth]
[<c011ee03>] tasklet_action+0x34/0x69
[<c011ec7e>] __do_softirq+0x53/0xe7
[<cfb2b989>] SystemISRWrapper+0xe/0x24 [pvrsrvkm]
[<c013a8dc>] handle_IRQ_event+0x25/0x4a
[<c011ed39>] do_softirq+0x27/0x29
[<c011ef52>] irq_exit+0x32/0x34
[<c0104ed8>] do_IRQ+0x4c/0x94
[<c01039bf>] common_interrupt+0x23/0x28
[<c0108a16>] mwait_idle+0x2d/0x32
[<c0101b0c>] cpu_idle+0x1e/0x63
Code: 74 01 00 00 89 ca 83 e2 1f 80 f9 ff 0f 45 c2 0f a3 06 19 c0 85 c0
74 7f 8
EIP: [<cf107ca2>] hci_send_to_sock+0x70/0x12c [bluetooth] SS:ESP
0068:c056fef8
Kernel panic - not syncing: Fatal exception in interrupt
I was hoping I could jog someones memory, and maybe get references to
some existing patches maybe, that I can apply to the kernel module by hand?
Thanks for any reply,
Lund
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: Linux 2.6.28-10 Oops in hci_send_to_sock
@ 2011-02-27 6:25 lundman
2011-03-03 2:37 ` Jorgen Lundman
0 siblings, 1 reply; 3+ messages in thread
From: lundman @ 2011-02-27 6:25 UTC (permalink / raw)
To: linux-bluetooth
Linux-2.6.28 CE41xx kernel, sodaville board.
I turned on more debugging, and added a print for each SK and peppered
the logic a little:
[code]
void hci_send_to_sock(struct hci_dev *hdev, struct sk_buff *skb)
{
[snip]
BT_DBG("filter");
/* Apply filter */
flt = &hci_pi(sk)->filter;
[snip]
BT_DBG("type");
if (bt_cb(skb)->pkt_type == HCI_EVENT_PKT) {
register int evt = (*(__u8 *)skb->data & HCI_FLT_EVENT_BITS);
if (!hci_test_bit(evt, &flt->event_mask))
continue;
if (flt->opcode &&
((evt == HCI_EV_CMD_COMPLETE &&
flt->opcode != get_unaligned((__le16
*)(skb->data + 3))) ||
(evt == HCI_EV_CMD_STATUS &&
flt->opcode !=
get_unaligned((__le16 *)(skb->data + 4)))))
continue;
}
BT_DBG("clone");
[/code]
When I start bluetoothd, the panic looks like:
[code]
hci_send_to_sock: hdev 00000000 len 8
usbcore: registered new interface driver btusb
hci_sock_create: sock cbd6dd80
hci_sock_bind: sock cbd6dd80 sk cab87c00
hci_sock_sendmsg: sock cbd6dd80 sk cab87c00
hci_sock_release: sock cbd6dd80 sk cab87c00
hci_sock_create: sock cbd6dd80
hci_sock_setsockopt: sk cab87e00, opt 2
hci_sock_bind: sock cbd6dd80 sk cab87e00
hci_sock_ioctl: cmd 800448d2 arg b7f37208
hci_sock_create: sock cbdb9000
hci_sock_bind: sock cbdb9000 sk ca2cd400
hci_dev_get: 0
hci_sock_setsockopt: sk ca2cd400, opt 2
hci_sock_ioctl: cmd 400448e2 arg bff12038
hci_dev_get: 0
hci_sock_ioctl: cmd 400448c9 arg 0
hci_dev_get: 0
hci_dev_open: hci0 cc308c00
btusb_open: hci0
btusb_submit_intr_urb: hci0
__hci_request: hci0 start
btusb_intr_complete: hci0 urb ca3bec80 status 0 count 6
hci_rx_task: hci0
hci_send_to_sock: hdev cc308c00 len 6
hci_send_to_sock: skb ca2cd400
hci_send_to_sock: filter
hci_send_to_sock: type
BUG: unable to handle kernel NULL pointer dereference at 00000008
IP: [<cf108fc8>] hci_send_to_sock+0x83/0x153 [bluetooth]
*pdpt = 000000000a3d6001 *pde = 0000000000000000
Oops: 0000 [#1] PREEMPT
last sysfs file: /sys/class/vc/vcsa1/dev
Modules linked in: btusb bluetooth fusion pvrsrvkm alsa_shim
snd_usb_audio snd_x
Pid: 1783, comm: bluetoothd Not tainted (2.6.28 #1)
EIP: 0060:[<cf108fc8>] EFLAGS: 00010246 CPU: 0
EIP is at hci_send_to_sock+0x83/0x153 [bluetooth]
EAX: 00000008 EBX: ca2cd400 ECX: 00000004 EDX: ffffffff
ESI: ca2cd408 EDI: 00000102 EBP: cc2a1480 ESP: ca3cbd4c
DS: 007b ES: 007b FS: 0000 GS: 0033 SS: 0068
Process bluetoothd (pid: 1783, ti=ca3ca000 task=ca0e6e60 task.ti=ca3ca000)
Call Trace:
[<cf103ef1>] hci_rx_task+0x54/0x286 [bluetooth]
[<c011ee03>] tasklet_action+0x34/0x69
[<c011ec7e>] __do_softirq+0x53/0xe7
[<cfb2b989>] SystemISRWrapper+0xe/0x24 [pvrsrvkm]
[<c013a8dc>] handle_IRQ_event+0x25/0x4a
[<c011ed39>] do_softirq+0x27/0x29
[<c011ef52>] irq_exit+0x32/0x34
[<c0104ed8>] do_IRQ+0x4c/0x94
[<c0298eef>] serial8250_console_putchar+0x0/0x1d
[<c01039bf>] common_interrupt+0x23/0x28
[<c011b494>] vprintk+0x1d3/0x300
[<c011b525>] vprintk+0x264/0x300
[<c013fe13>] filemap_fault+0x119/0x466
[<c011b5dc>] printk+0x1b/0x1f
[<cf102fba>] __hci_request+0x48/0xfb [bluetooth]
[<cf1034e8>] hci_init_req+0x0/0x158 [bluetooth]
[<c01179c5>] default_wake_function+0x0/0x8
[<cf103902>] hci_dev_open+0x9a/0x197 [bluetooth]
[<c035c98f>] sock_ioctl+0xb0/0x1fc
[<c035c8df>] sock_ioctl+0x0/0x1fc
[<c016d5f6>] vfs_ioctl+0x1f/0x6d
[<c016d7a7>] do_vfs_ioctl+0x52/0x471
[<c0111f41>] do_page_fault+0x1b2/0x881
[<c0111d8f>] do_page_fault+0x0/0x881
[<c043a1c2>] error_code+0x6a/0x70
[<c016dbfa>] sys_ioctl+0x34/0x50
[<c0102e71>] sysenter_do_call+0x12/0x25
[<c0430000>] pci_scan_bridge+0x40/0x3c7
[/code]
Somewhere between 'type' and 'clone', anyone want to throw me a bone?;)
Lund
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: Linux 2.6.28-10 Oops in hci_send_to_sock
2011-02-27 6:25 lundman
@ 2011-03-03 2:37 ` Jorgen Lundman
0 siblings, 0 replies; 3+ messages in thread
From: Jorgen Lundman @ 2011-03-03 2:37 UTC (permalink / raw)
To: linux-bluetooth
> register int evt = (*(__u8 *)skb->data & HCI_FLT_EVENT_BITS);
Ok, so skb->data has value 8, this is probably because the kernel sk_buff and
the one I use to compile are too different. Sure enough. Intel uses a vastly
different kernel not easily obtainable. But once I had it, this issue went away.
Sorry for the noise.
Lund
--
Jorgen Lundman | <lundman@lundman.net>
Unix Administrator | +81 (0)3 -5456-2687 ext 1017 (work)
Shibuya-ku, Tokyo | +81 (0)90-5578-8500 (cell)
Japan | +81 (0)3 -3375-1767 (home)
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2011-03-03 2:37 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2011-02-26 5:57 Linux 2.6.28-10 Oops in hci_send_to_sock lundman
-- strict thread matches above, loose matches on Subject: below --
2011-02-27 6:25 lundman
2011-03-03 2:37 ` Jorgen Lundman
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).