Most recent kernel where this bug did not occur: v2.6.16.16 - haven't tried earlier versions. Just now started using IRDA for phone management. Distribution: Debian Unstable/Uptodate. Kernel is vanilla v2.6.16.16 + squashfs 3.0 patch applied. Otherwise clean tree. Hardware Environment: Evo N800v, Software Environment: Linux huh 2.6.16.16-evo #1 Fri May 12 12:17:14 EEST 2006 i686 GNU/Linux Gnu C 4.0.4 Gnu make 3.81 binutils 2.16.91 util-linux 2.12r mount 2.12r module-init-tools 3.2.2 e2fsprogs 1.39-WIP reiserfsprogs 3.6.19 xfsprogs 2.7.16 pcmcia-cs 3.2.8 nfs-utils 1.0.7 Linux C Library 2.3.6 Dynamic linker (ldd) 2.3.6 Procps 3.2.6 Net-tools 1.60 Console-tools 0.2.3 Sh-utils 5.94 udev 092 Modules Loaded option radeon drm nfsd lockd sunrpc ipv6 deflate zlib_deflate zlib_inflate twofish serpent aes blowfish des sha256 sha1 md5 crypto_null dm_mod irnet ppp_generic slhc irlan ircomm_tty ircomm pl2303 usbserial pcmcia firmware_class snd_intel8x0 snd_ac97_codec snd_ac97_bus snd_pcm_oss snd_mixer_oss irtty_sir sir_dev pcspkr snd_pcm snd_timer irda 8250_pnp ohci_hcd ide_cd crc_ccitt floppy ehci_hcd 8250 serial_core yenta_socket cdrom snd rsrc_nonstatic soundcore pcmcia_core snd_page_alloc intel_agp agpgart Problem Description: Recently I've started using IRDA, to manage phone/calendar & co on Nokia 6310 phone. For this task I am using IRDA and xgnokii management software. Sometimes for no reason I am getting oopses at random addresses. System is not locking up or so. It always prints oops followed by messages : May 14 00:40:52 huh kernel: <1>Fixing recursive fault but reboot is needed! After reboot it takes again some time - ooops is reported at different location (mostly random, but backtrace is same). Steps to reproduce: It is quite simple, attempt to download phonebook, calendar, then attempt to upload. Sometimes it happens during logo download/upload. Oops will be added in the next comments.
1st oops kernel 2.6.16.16-evo (+squashfs 3.0) May 14 00:37:12 huh kernel: agpgart: Putting AGP V2 device at 0000:01:00.0 into 4x mode May 14 00:39:47 huh kernel: IrLAP, no activity on link! May 14 00:40:20 huh kernel: IrLAP, no activity on link! May 14 00:40:29 huh last message repeated 3 times May 14 00:40:52 huh kernel: Unable to handle kernel paging request at virtual address aa583269 May 14 00:40:52 huh kernel: printing eip: May 14 00:40:52 huh kernel: c98e8fff May 14 00:40:52 huh kernel: *pde = 00000000 May 14 00:40:52 huh kernel: Oops: 0002 [#1] May 14 00:40:52 huh kernel: Modules linked in: irnet ppp_generic slhc irlan ircomm_tty ircomm nsc_ircc radeon drm nfsd lockd sunrpc ipv6 deflate zlib_deflate zlib_inflate twofish serpent aes blowfish des sha256 sha1 md5 crypto_null dm_mod pcmcia firmware_class serial_core snd_intel8x0 pcspkr irtty_sir sir_dev irda snd_ac97_codec snd_ac97_bus snd_pcm_oss snd_mixer_oss crc_ccitt ehci_hcd ide_cd floppy cdrom ohci_hcd snd_pcm snd_timer yenta_socket rsrc_nonstatic snd soundcore snd_page_alloc pcmcia_core intel_agp agpgart May 14 00:40:52 huh kernel: CPU: 0 May 14 00:40:52 huh kernel: EIP: 0060:[pg0+155574271/1068971008] Not tainted VLI May 14 00:40:52 huh kernel: EFLAGS: 00210092 (2.6.16.16-evo #1) May 14 00:40:52 huh kernel: EIP is at 0xc98e8fff May 14 00:40:52 huh kernel: eax: c98e9da4 ebx: c98e9da4 ecx: 000093ff edx: 00000001 May 14 00:40:52 huh kernel: esi: c98e9de8 edi: c98e9ddc ebp: c98e9df0 esp: c98e9ddc May 14 00:40:52 huh kernel: ds: 007b es: 007b ss: 0068 May 14 00:40:52 huh kernel: Process xgnokii (pid: 7924, threadinfo=c98e9000 task=c994c580) May 14 00:40:52 huh kernel: Stack: <0>c0114069 00000000 00000000 ce90e000 c9344500 c7713980 c02e4548 00000000 May 14 00:40:52 huh kernel: e1970eb0 c9344500 e1980880 c02e2388 c6d6b4f0 c9344524 c6d6b4f0 c02e2729 May 14 00:40:52 huh kernel: c9344524 00000008 c014cdd6 00000000 c6d6b494 dffc4640 c9344524 c7713980 May 14 00:40:52 huh kernel: Call Trace: May 14 00:40:52 huh kernel: [__wake_up+30/39] __wake_up+0x1e/0x27 May 14 00:40:52 huh kernel: [sock_def_wakeup+33/37] sock_def_wakeup+0x21/0x25 May 14 00:40:52 huh kernel: [pg0+558784176/1068971008] irda_release+0x2e/0x10d [irda] May 14 00:40:52 huh kernel: [sock_release+20/114] sock_release+0x14/0x72 May 14 00:40:52 huh kernel: [sock_close+30/56] sock_close+0x1e/0x38 May 14 00:40:52 huh kernel: [__fput+160/356] __fput+0xa0/0x164 May 14 00:40:52 huh kernel: [filp_close+62/98] filp_close+0x3e/0x62 May 14 00:40:52 huh kernel: [put_files_struct+124/210] put_files_struct+0x7c/0xd2 May 14 00:40:52 huh kernel: [do_exit+276/1883] do_exit+0x114/0x75b May 14 00:40:52 huh kernel: [__dequeue_signal+255/418] __dequeue_signal+0xff/0x1a2 May 14 00:40:52 huh kernel: [do_group_exit+39/88] do_group_exit+0x27/0x58 May 14 00:40:52 huh kernel: [get_signal_to_deliver+514/952] get_signal_to_deliver+0x202/0x3b8 May 14 00:40:52 huh kernel: [do_notify_resume+134/1638] do_notify_resume+0x86/0x666 May 14 00:40:52 huh kernel: [sys_recv+55/59] sys_recv+0x37/0x3b May 14 00:40:52 huh kernel: [sys_socketcall+357/625] sys_socketcall+0x165/0x271 May 14 00:40:52 huh kernel: [work_notifysig+19/25] work_notifysig+0x13/0x19 May 14 00:40:52 huh kernel: Code: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 <00> 80 c5 94 c9 e0 8f 3a c0 00 00 00 00 00 00 00 00 00 00 00 00 May 14 00:40:52 huh kernel: <1>Fixing recursive fault but reboot is needed! M
2nd v2.6.17-rc4 (smth) vanilla kernel, no custom patches at all May 14 00:52:50 huh kernel: agpgart: Putting AGP V2 device at 0000:00:00.0 into 4x mode May 14 00:52:50 huh kernel: agpgart: Putting AGP V2 device at 0000:01:00.0 into 4x mode May 14 00:54:59 huh kernel: IrLAP, no activity on link! May 14 00:55:08 huh last message repeated 3 times May 14 00:56:15 huh kernel: BUG: unable to handle kernel paging request at virtual address 00100100 May 14 00:56:15 huh kernel: printing eip: May 14 00:56:15 huh kernel: c0114262 May 14 00:56:15 huh kernel: *pde = 00000000 May 14 00:56:15 huh kernel: Oops: 0000 [#1] May 14 00:56:15 huh kernel: Modules linked in: nsc_ircc radeon drm nfsd lockd sunrpc ipv6 deflate zlib_deflate zlib_inflate twofish serpent aes blowfish des sha256 sha1 md5 crypto_null dm_mod irnet ppp_generic slhc irlan ircomm_tty ircomm pcmcia firmware_class snd_intel8x0 snd_ac97_codec snd_ac97_bus irtty_sir snd_pcm_oss snd_mixer_oss sir_dev snd_pcm irda ehci_hcd ohci_hcd yenta_socket rsrc_nonstatic pcmcia_core floppy snd_timer pcspkr crc_ccitt serial_core snd soundcore snd_page_alloc ide_cd intel_agp agpgart cdrom May 14 00:56:15 huh kernel: CPU: 0 May 14 00:56:15 huh kernel: EIP: 0060:[__wake_up_common+70/87] Not tainted VLI May 14 00:56:15 huh kernel: EFLAGS: 00010046 (2.6.17-rc4 #1) May 14 00:56:15 huh kernel: EIP is at __wake_up_common+0x46/0x57 May 14 00:56:15 huh kernel: eax: 00000000 ebx: ca887da0 ecx: 00000020 edx: 00000001 May 14 00:56:15 huh kernel: esi: 00100100 edi: 00000000 ebp: d3709ddc esp: d3709dc0 May 14 00:56:15 huh kernel: ds: 007b es: 007b ss: 0068 May 14 00:56:15 huh kernel: Process xgnokii (pid: 5990, threadinfo=d3709000 task=dff51520) May 14 00:56:15 huh kernel: Stack: <0>00000000 00000000 00000001 ce26aa98 00000000 00000286 ce26aaa4 d3709df4 May 14 00:56:15 huh kernel: c0114291 00000000 00000000 cfe8fe00 ce26aa80 ccc97780 c02ec894 00000000 May 14 00:56:15 huh kernel: e194c6f0 ce26aa80 e195e680 c02ead6c cc132a70 ce26aaa4 cc132a70 c02eade8 May 14 00:56:15 huh kernel: Call Trace: May 14 00:56:15 huh kernel: <c0114291> __wake_up+0x1e/0x27 <c02ec894> sock_def_wakeup+0x21/0x25 May 14 00:56:15 huh kernel: <e194c6f0> irda_release+0x2e/0x10d [irda] <c02ead6c> sock_release+0x14/0x72 May 14 00:56:15 huh kernel: <c02eade8> sock_close+0x1e/0x38 <c014e737> __fput+0xa0/0x163 May 14 00:56:15 huh kernel: <c014c13d> filp_close+0x3e/0x62 <c0118aee> put_files_struct+0x7c/0xd2 May 14 00:56:15 huh kernel: <c0119796> do_exit+0x11d/0x7a0 <c01208e3> __dequeue_signal+0xfc/0x19f May 14 00:56:15 huh kernel: <c034f05d> schedule_timeout+0x6e/0xac <c0119e40> do_group_exit+0x27/0x58 May 14 00:56:15 huh kernel: <c01215f4> get_signal_to_deliver+0x21d/0x351 <c010256b> do_notify_resume+0x1a9/0x65e May 14 00:56:15 huh kernel: <c0220276> shm_close+0x17/0x84 <c0114c95> default_wake_function+0x0/0xc May 14 00:56:15 huh kernel: <c02ea132> sock_ioctl+0x87/0x1fa <c02ea0ab> sock_ioctl+0x0/0x1fa May 14 00:56:15 huh kernel: <c012b873> sys_futex+0x6a/0x120 <c0102bba> work_notifysig+0x13/0x19 May 14 00:56:15 huh kernel: Code: 04 eb 31 89 d6 8d 58 f4 8b 78 f4 8b 45 0c 89 04 24 8b 4d 08 8b 55 ec 89 d8 ff 53 08 85 c0 74 0b 83 e7 01 74 06 83 6d e8 01 74 09 <8b> 16 89 f0 3b 75 f0 75 cf 83 c4 10 5b 5e 5f 5d c3 55 89 e5 56 May 14 00:56:15 huh kernel: EIP: [__wake_up_common+70/87] __wake_up_common+0x46/0x57 SS:ESP 0068:d3709dc0 May 14 00:56:15 huh kernel: <1>Fixing recursive fault but reboot is needed! M
IRDA H/W , builtin irda adapter, as printed in dmesg: May 14 00:48:16 huh kernel: nsc-ircc, chip->init May 14 00:48:16 huh kernel: nsc-ircc, Found chip at base=0x02e May 14 00:48:16 huh kernel: nsc-ircc, driver loaded (Dag Brattli) May 14 00:48:16 huh kernel: IrDA: Registered device irda0 May 14 00:48:16 huh kernel: nsc-ircc, Found dongle: HP HSDL-1100/HSDL-2100
bugme-daemon@bugzilla.kernel.org wrote: > > http://bugzilla.kernel.org/show_bug.cgi?id=6579 > > Summary: Kernel Oops, IRDA stack related > Kernel Version: v2.6.16.16 + squashfs v3.0 patch > Status: NEW > Severity: normal > Owner: drivers_other@kernel-bugs.osdl.org > Submitter: zilvinas@gemtek.lt > > > Most recent kernel where this bug did not occur: > v2.6.16.16 - haven't tried earlier versions. Just now started using IRDA for > phone management. > > Distribution: > Debian Unstable/Uptodate. Kernel is vanilla v2.6.16.16 + squashfs 3.0 patch > applied. Otherwise clean tree. > > Hardware Environment: > Evo N800v, > Software Environment: > Linux huh 2.6.16.16-evo #1 Fri May 12 12:17:14 EEST 2006 i686 GNU/Linux > > Gnu C 4.0.4 > Gnu make 3.81 > binutils 2.16.91 > util-linux 2.12r > mount 2.12r > module-init-tools 3.2.2 > e2fsprogs 1.39-WIP > reiserfsprogs 3.6.19 > xfsprogs 2.7.16 > pcmcia-cs 3.2.8 > nfs-utils 1.0.7 > Linux C Library 2.3.6 > Dynamic linker (ldd) 2.3.6 > Procps 3.2.6 > Net-tools 1.60 > Console-tools 0.2.3 > Sh-utils 5.94 > udev 092 > Modules Loaded option radeon drm nfsd lockd sunrpc ipv6 deflate > zlib_deflate zlib_inflate twofish serpent aes blowfish des sha256 sha1 md5 > crypto_null dm_mod irnet ppp_generic slhc irlan ircomm_tty ircomm pl2303 > usbserial pcmcia firmware_class snd_intel8x0 snd_ac97_codec snd_ac97_bus > snd_pcm_oss snd_mixer_oss irtty_sir sir_dev pcspkr snd_pcm snd_timer irda > 8250_pnp ohci_hcd ide_cd crc_ccitt floppy ehci_hcd 8250 serial_core yenta_socket > cdrom snd rsrc_nonstatic soundcore pcmcia_core snd_page_alloc intel_agp agpgart > > Problem Description: > > Recently I've started using IRDA, to manage phone/calendar & co on Nokia 6310 > phone. For this task I am using IRDA and xgnokii management software. Sometimes > for no reason I am getting oopses at random addresses. System is not locking up > or so. It always prints oops followed by messages : > > May 14 00:40:52 huh kernel: <1>Fixing recursive fault but reboot is needed! > > After reboot it takes again some time - ooops is reported at different location > (mostly random, but backtrace is same). > > Steps to reproduce: > It is quite simple, attempt to download phonebook, calendar, then attempt to > upload. Sometimes it happens during logo download/upload. > > Oops will be added in the next comments. > It's hitting list_head poisoning in irda_release->sock_def_wakeup->__wake_up_common. Appears to be a post-2.6.16 regression.
I am also hitting this bug quite easily. I can reproduce it by just sending a file to two (Sharp GX15 & GX17) phones using ircp. Is anyone working on fixing this bug? Who is supposed to maintain this kernel subsystem and fix the bug? My crash details: linux-image-2.6.18-1-686_2.6.18-3 Linux localhost 2.6.18-1-686 #1 SMP Sat Oct 21 17:21:28 UTC 2006 i686 GNU/Linux nsc_ircc_pnp_probe() : From PnP, found firbase 0x2F8 ; irq 3 ; dma 1. nsc-ircc, chip->init nsc-ircc, Found chip at base=0x02e nsc-ircc, driver loaded (Dag Brattli) IrDA: Registered device irda0 nsc-ircc, Using dongle: IBM31T1100 or Temic TFDS6000/TFDS6500 irlap_change_speed(), setting speed to 9600 IrCOMM protocol (Dag Brattli) ircomm_tty_attach_cable() ircomm_tty_ias_register() irlap_change_speed(), setting speed to 115200 ircomm_param_service_type(), services in common=06 ircomm_param_service_type(), resulting service type=0x04 ircomm_param_port_type(), port type=1 ircomm_tty_check_modem_status() ircomm_tty_close() ircomm_tty_shutdown() ircomm_tty_detach_cable() ircomm_close() irlap_change_speed(), setting speed to 115200 IrLAP, no activity on link! irlap_change_speed(), setting speed to 9600 irlap_change_speed(), setting speed to 115200 irlap_change_speed(), setting speed to 9600 irlap_change_speed(), setting speed to 115200 IrLAP, no activity on link! IrLAP, no activity on link! IrLAP, no activity on link! IrLAP, no activity on link! irlap_change_speed(), setting speed to 9600 irda_poll(), POLLHUP BUG: unable to handle kernel NULL pointer dereference at virtual address 00000075 printing eip: dc718413 *pde = 00000000 Oops: 0000 [#1] SMP Modules linked in: ircomm_tty ircomm nsc_ircc binfmt_misc speedstep_centrino freq_table rfcomm l2cap bluetooth tunnel4 ipcomp esp4 ah4 i915 drm irtty_sir sir_dev ipv6 ppdev parport_pc lp parport button ac battery deflate zlib_deflate twofish serpent aes blowfish des sha256 sha1 crypto_null i8xx_tco dm_snapshot dm_mirror dm_mod cpufreq_userspace cpufreq_conservative cpufreq_ondemand cpufreq_powersave ide_generic ide_cd cdrom shpchp pci_hotplug snd_intel8x0 snd_seq_dummy snd_seq_oss snd_seq_midi snd_rawmidi snd_seq_midi_event joydev pcmcia snd_seq tsdev snd_intel8x0m snd_ac97_codec snd_ac97_bus snd_pcm_oss snd_mixer_oss snd_seq_device ipw2200 intel_agp snd_pcm snd_timer snd soundcore i2c_i801 yenta_socket rsrc_nonstatic pcmcia_core ieee80211 ieee80211_crypt agpgart pcspkr rtc snd_page_alloc i2c_core evdev psmouse serio_raw eth1394 firmware_class irda crc_ccitt ext3 jbd mbcache ide_disk ohci1394 ieee1394 uhci_hcd ehci_hcd usbcore piix generic ide_core 8139too 8139cp mii thermal processor fan CPU: 0 EIP: 0060:[<dc718413>] Not tainted VLI EFLAGS: 00010093 (2.6.18-1-686 #1) EIP is at 0xdc718413 eax: c868de28 ebx: c868de28 ecx: 00000000 edx: 00000001 esi: dd214148 edi: 00000000 ebp: c868df2c esp: c868df0c ds: 007b es: 007b ss: 0068 Process ircp (pid: 32743, ti=c868c000 task=c3820aa0 task.ti=c868c000) Stack: c0116251 00000000 00000001 cda2a3d8 c868defc cda2a3d8 00000000 00000000 c868df50 c01166a2 00000000 00000000 00000001 00000296 cda2a3d8 d416b400 cda2a3c0 cb811a5c c0222358 00000000 cda2a3c0 d416b400 df991785 cda2a3c0 Call Trace: [<c0116251>] __wake_up_common+0x2f/0x53 [<c01166a2>] __wake_up+0x2a/0x3d [<c0222358>] sock_def_wakeup+0x2e/0x39 [<df991785>] irda_release+0x49/0x129 [irda] [<df990bf5>] __lock_irda_stream_release+0xf/0x1a [irda] [<c0220847>] sock_release+0x11/0x86 [<c0220b0f>] sock_close+0x26/0x2a [<c015af41>] __fput+0x8a/0x13f [<c0158aaa>] filp_close+0x4e/0x54 [<c0102c11>] sysenter_past_esp+0x56/0x79 Code: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 43 6f 6e 6e 65 63 74 69 6e 67 2e 2e 2e 66 61 69 6c 65 64 <0a> 61 75 72 61 6e 74 65 2e 70 6e 67 20 6f 6e 65 0a 2e 64 6f 6e EIP: [<dc718413>] 0xdc718413 SS:ESP 0068:c868df0c
I'm maintaining the IrDA subsystem, and there is a fix for that bug, see: http://marc.theaimsgroup.com/?l=linux-netdev&m=115792756816966&w=2 Please try it and let us know if it works for you as well. This fix should make it soon to Linus' kernel, as it's been pushed some time ago into davem's tree. Once it get there, I'll close this bug.
The fix is on Linus' tree, closing this bug.