The cdc_acm module oopses if I disconnect my Nokia phones USB cable while I have an active connection open. More or less the same as bug 4407, however that bugreport has been marked as fixed, and the patches are in the 2.6.14 release. But the driver seem to still exhibit a similar bug. usb 3-1: USB disconnect, address 4 Unable to handle kernel NULL pointer dereference at virtual address 0000000c printing eip: c018e9fe *pde = 00000000 Oops: 0000 [#1] Modules linked in: cdc_acm nfs lockd sunrpc vfat fat processor tdfx drm usbhid ehci_hcd 3c59x i2c_viapro mii i2c_core uhci_hcd usbcore via_agp agpgart evdev CPU: 0 EIP: 0060:[<c018e9fe>] Not tainted VLI EFLAGS: 00010246 (2.6.14) EIP is at sysfs_hash_and_remove+0x1e/0x107 eax: d7dd01a0 ebx: d76a6a68 ecx: c01bfa10 edx: c81fb188 esi: 00000000 edi: d532df80 ebp: d7fd0bc0 esp: c51c9e1c ds: 007b es: 007b ss: 0068 Process picocom (pid: 8063, threadinfo=c51c8000 task=c4bb3540) Stack: d7fe6d40 d2df290c d2df28c8 d76a6a68 d76a6a60 d532df80 d7fd0bc0 c02064c1 d7dd01a0 d532df80 d7fd0c2c d76a6a60 00000000 00000000 c02c32d2 c0206530 d76a6a60 d23229a0 d883b5ff d76a6a60 0a600000 d23229a0 d883b6f8 d23229a0 Call Trace: [<c02064c1>] class_device_del+0xb1/0x110 [<c0206530>] class_device_unregister+0x10/0x20 [<d883b5ff>] acm_tty_unregister+0x1f/0x70 [cdc_acm] [<d883b6f8>] acm_tty_close+0xa8/0xb0 [cdc_acm] [<c01ef283>] release_dev+0x163/0x720 [<c024b1ae>] netif_receive_skb+0x15e/0x1d0 [<c024b29c>] process_backlog+0x7c/0x100 [<c024b394>] net_rx_action+0x74/0x110 [<c01efcff>] tty_release+0xf/0x20 [<c0158e01>] __fput+0xa1/0x170 [<c0157372>] filp_close+0x52/0x90 [<c011c45b>] put_files_struct+0x7b/0xd0 [<c011d107>] do_exit+0xe7/0x380 [<c011d414>] do_group_exit+0x34/0x70 [<c01030c5>] syscall_call+0x7/0xb Code: 10 83 c4 0c e9 34 b6 fe ff 8d 74 26 00 55 57 56 53 83 ec 0c 8b 44 24 20 8b 50 08 8b 70 50 85 d2 74 7b ff 4a 70 0f 88 e9 00 00 00 <8b> 46 0c 8d 68 fc 8b 4d 04 0f 18 01 90 83 c6 0c 89 c3 39 f0 89 <1>Fixing recursive fault but reboot is needed!
After recompiling with CONFIG_DEBUG_INFO and CONFIG_FRAME_POINTER i was unable to reproduce the above crash, another crash however occured when rmmod cdc_acm a friend pointed me a possible fix which seemed to fix my problems.
Created attachment 6483 [details] Fixes oops when removing cdc_acm module
(Note: patch from andersg@0x63.nu)
I do not see how that patch fixes anything, as it does the same thing the original code does. What are you doing with this active connection? Are you running ppp or some other line dicipline over it?
Try as I might, I just can't reproduce the crash. I'm slowly starting to believe that the problem never occured and I dreamt it all. I've tried numerous ways of reproducing the error (the error did occur on every reboot on that machine when I reported the issue (and did so aswell on the laptop)) but I give up. I'll give it one more go without the extra debugging enabled and see if I start getting crashes again. But I doubt I'll get anything useful out of it.
Please reopen this bug if you are able to reproduce it.