Ubuntu
linux package

Bug #871270
Comment #0

Comment 0 for bug 871270

Revision history for this message

Rafał Likus (lemiel) wrote on 2011-10-09: kernel oops: NULL pointer dereference with OXmPCI954

I have a PCI card with OXmPCI954 chip - four UARTs for RS 232.
When I connect to ttyS4 or ttyS5 port null modem cable and connect together pins 2 and 3 (TxD with RxD) and give command
cat </dev/ttyS5
I got kernel stop working.

Kernel / Ubuntu version:
Linux version 2.6.38-11-generic-pae (buildd@zirconium) (gcc version 4.5.2 (Ubuntu/Linaro 4.5.2-8ubuntu4) ) #50-Ubuntu SMP Mon Sep 12 22:21:04 UTC 2011 (Ubuntu 2.6.38-11.50-generic-pae 2.6.38.8)

I also cannot get it working when connected to onboard 16550A UARTs via cat and echo commands pair.

The card is initialized like there:
[ 0.300502] serial8250: ttyS1 at I/O 0x2f8 (irq = 3) is a 16550A
[ 0.341799] 00:08: ttyS0 at I/O 0x3f8 (irq = 4) is a 16550A
[ 0.428855] 00:09: ttyS1 at I/O 0x2f8 (irq = 3) is a 16550A
[ 0.448363] serial 0000:00:08.0: PCI INT A -> GSI 19 (level, low) -> IRQ 19
[ 0.448486] ttyS4: detected caps 00000700 should be 00000500
[ 0.448496] 0000:00:08.0: ttyS4 at I/O 0xdc00 (irq = 19) is a 16C950/954
[ 0.448608] ttyS5: detected caps 00000700 should be 00000500
[ 0.448614] 0000:00:08.0: ttyS5 at I/O 0xdc08 (irq = 19) is a 16C950/954
[ 0.448719] ttyS6: detected caps 00000700 should be 00000500
[ 0.448726] 0000:00:08.0: ttyS6 at I/O 0xdc10 (irq = 19) is a 16C950/954
[ 0.448829] ttyS7: detected caps 00000700 should be 00000500
[ 0.448836] 0000:00:08.0: ttyS7 at I/O 0xdc18 (irq = 19) is a 16C950/954

And after this cat from port this shows up in kernel.log:
[ 135.803584] BUG: unable to handle kernel NULL pointer dereference at 0000009c
[ 135.803985] IP: [<c1336679>] uart_dtr_rts+0x79/0x130
[ 135.804264] *pdpt = 000000002bff0001 *pde = 000000002d047067 *pte = 0000000000000000
[ 135.804703] Oops: 0000 [#1] SMP
[ 135.804895] last sysfs file: /sys/devices/virtual/sound/timer/uevent
[ 135.805224] Modules linked in: cryptd aes_i586 aes_generic vesafb snd_emu10k1_synth snd_emux_synth snd_seq_virmidi snd_seq_midi_emul snd_hda_codec_hdmi snd_emu10k1 snd_hda_intel snd_via82xx snd_hda_codec snd_ac97_codec arc4 ac97_bus snd_pcm snd_mpu401_uart ath5k snd_util_mem snd_hwdep snd_seq_midi ath binfmt_misc snd_rawmidi mac80211 ppdev snd_seq_midi_event snd_seq i2c_viapro via_ircc fglrx(P) snd_timer irda snd_seq_device cfg80211 snd_page_alloc snd crc_ccitt emu10k1_gp parport_pc shpchp soundcore gameport lp parport hid_a4tech usbhid hid pata_via floppy
[ 135.806725]
[ 135.806725] Pid: 1782, comm: bash Tainted: P 2.6.38-11-generic-pae #50-Ubuntu MSI MS-6712/MS-6712
[ 135.806725] EIP: 0060:[<c1336679>] EFLAGS: 00010286 CPU: 0
[ 135.806725] EIP is at uart_dtr_rts+0x79/0x130
[ 135.806725] EAX: c179dc80 EBX: c19502e4 ECX: 00000000 EDX: ffffffff
[ 135.806725] ESI: f598c334 EDI: 00000000 EBP: ec57fd78 ESP: ec57fd6c
[ 135.806725] DS: 007b ES: 007b FS: 00d8 GS: 00e0 SS: 0068
[ 135.806725] Process bash (pid: 1782, ti=ec57e000 task=f1d2d860 task.ti=ec57e000)
[ 135.806725] Stack:
[ 135.806725] f598c334 f0dac800 f1d2d860 ec57fdc4 c1322a44 f598c33c 00000000 f598c348
[ 135.806725] ebfe1b40 ec57fd9c 00000060 c19502e4 f598c334 fffffff4 00000000 f1d2d860
[ 135.806725] c1076dd0 ec57fdb0 ec57fdb0 f598c334 f0dac800 ebfe1b40 ec57fde8 c13340f0
[ 135.806725] Call Trace:
[ 135.806725] [<c1322a44>] tty_port_block_til_ready+0x164/0x290
[ 135.806725] [<c1076dd0>] ? autoremove_wake_function+0x0/0x50
[ 135.806725] [<c13340f0>] uart_open+0x120/0x1b0
[ 135.806725] [<c1336f20>] ? serial8250_pm+0x0/0x30
[ 135.806725] [<c131bcf5>] tty_open+0x155/0x420
[ 135.806725] [<c11362f5>] chrdev_open+0xa5/0x1c0
[ 135.806725] [<c1130af1>] __dentry_open+0xc1/0x280
[ 135.806725] [<c1131e5e>] nameidata_to_filp+0x6e/0x80
[ 135.806725] [<c1136250>] ? chrdev_open+0x0/0x1c0
[ 135.806725] [<c113f30f>] finish_open+0xaf/0x1a0
[ 135.806725] [<c113ebb8>] ? do_path_lookup+0x68/0x120
[ 135.806725] [<c113f957>] do_filp_open+0x207/0x6e0
[ 135.806725] [<c1535bf0>] ? do_page_fault+0x0/0x490
[ 135.806725] [<c1131ec6>] do_sys_open+0x56/0x120
[ 135.806725] [<c1131fbe>] sys_open+0x2e/0x40
[ 135.806725] [<c1532874>] syscall_call+0x7/0xb
[ 135.806725] Code: 3e 0f ba 6e 38 1d 19 c0 85 c0 75 28 8b 9e a0 00 00 00 8b 3e 8b 43 68 85 c0 74 10 0f bf 50 2a 3b 93 88 00 00 00 0f 84 97 00 00 00 <f6> 87 9c 00 00 00 02 74 56 8b 1c 24 8b 74 24 04 8b 7c 24 08 89
[ 135.806725] EIP: [<c1336679>] uart_dtr_rts+0x79/0x130 SS:ESP 0068:ec57fd6c
[ 135.806725] CR2: 000000000000009c
[ 135.818900] ---[ end trace f56dd99cd0df62c0 ]---
imklog 4.6.4, log source = /proc/kmsg started.
[ 0.000000] Initializing cgroup subsys cpuset
[ 0.000000] Initializing cgroup subsys cpu
[ 0.000000] Linux version 2.6.38-11-generic-pae (buildd@zirconium) (gcc version 4.5.2 (Ubuntu/Linaro 4.5.2-8ubuntu4) ) #50-Ubuntu SMP Mon Sep 12 22:21:04 UTC 2011 (Ubuntu 2.6.38-11.50-generic-pae 2.6.38.8)

I also cannot get it working when connected to onboard 16550A UARTs via cat and echo commands pair.

The card is initialized like there:
[    0.300502] serial8250: ttyS1 at I/O 0x2f8 (irq = 3) is a 16550A
[    0.341799] 00:08: ttyS0 at I/O 0x3f8 (irq = 4) is a 16550A
[    0.428855] 00:09: ttyS1 at I/O 0x2f8 (irq = 3) is a 16550A
[    0.448363] serial 0000:00:08.0: PCI INT A -> GSI 19 (level, low) -> IRQ 19
[    0.448486] ttyS4: detected caps 00000700 should be 00000500
[    0.448496] 0000:00:08.0: ttyS4 at I/O 0xdc00 (irq = 19) is a 16C950/954
[    0.448608] ttyS5: detected caps 00000700 should be 00000500
[    0.448614] 0000:00:08.0: ttyS5 at I/O 0xdc08 (irq = 19) is a 16C950/954
[    0.448719] ttyS6: detected caps 00000700 should be 00000500
[    0.448726] 0000:00:08.0: ttyS6 at I/O 0xdc10 (irq = 19) is a 16C950/954
[    0.448829] ttyS7: detected caps 00000700 should be 00000500
[    0.448836] 0000:00:08.0: ttyS7 at I/O 0xdc18 (irq = 19) is a 16C950/954

And after this cat from port this shows up in kernel.log:
[  135.803584] BUG: unable to handle kernel NULL pointer dereference at 0000009c
[  135.803985] IP: [<c1336679>] uart_dtr_rts+0x79/0x130
[  135.804264] *pdpt = 000000002bff0001 *pde = 000000002d047067 *pte = 0000000000000000 
[  135.804703] Oops: 0000 [#1] SMP 
[  135.804895] last sysfs file: /sys/devices/virtual/sound/timer/uevent
[  135.805224] Modules linked in: cryptd aes_i586 aes_generic vesafb snd_emu10k1_synth snd_emux_synth snd_seq_virmidi snd_seq_midi_emul snd_hda_codec_hdmi snd_emu10k1 snd_hda_intel snd_via82xx snd_hda_codec snd_ac97_codec arc4 ac97_bus snd_pcm snd_mpu401_uart ath5k snd_util_mem snd_hwdep snd_seq_midi ath binfmt_misc snd_rawmidi mac80211 ppdev snd_seq_midi_event snd_seq i2c_viapro via_ircc fglrx(P) snd_timer irda snd_seq_device cfg80211 snd_page_alloc snd crc_ccitt emu10k1_gp parport_pc shpchp soundcore gameport lp parport hid_a4tech usbhid hid pata_via floppy
[  135.806725] 
[  135.806725] Pid: 1782, comm: bash Tainted: P            2.6.38-11-generic-pae #50-Ubuntu MSI MS-6712/MS-6712
[  135.806725] EIP: 0060:[<c1336679>] EFLAGS: 00010286 CPU: 0
[  135.806725] EIP is at uart_dtr_rts+0x79/0x130
[  135.806725] EAX: c179dc80 EBX: c19502e4 ECX: 00000000 EDX: ffffffff
[  135.806725] ESI: f598c334 EDI: 00000000 EBP: ec57fd78 ESP: ec57fd6c
[  135.806725]  DS: 007b ES: 007b FS: 00d8 GS: 00e0 SS: 0068
[  135.806725] Process bash (pid: 1782, ti=ec57e000 task=f1d2d860 task.ti=ec57e000)
[  135.806725] Stack:
[  135.806725]  f598c334 f0dac800 f1d2d860 ec57fdc4 c1322a44 f598c33c 00000000 f598c348
[  135.806725]  ebfe1b40 ec57fd9c 00000060 c19502e4 f598c334 fffffff4 00000000 f1d2d860
[  135.806725]  c1076dd0 ec57fdb0 ec57fdb0 f598c334 f0dac800 ebfe1b40 ec57fde8 c13340f0
[  135.806725] Call Trace:
[  135.806725]  [<c1322a44>] tty_port_block_til_ready+0x164/0x290
[  135.806725]  [<c1076dd0>] ? autoremove_wake_function+0x0/0x50
[  135.806725]  [<c13340f0>] uart_open+0x120/0x1b0
[  135.806725]  [<c1336f20>] ? serial8250_pm+0x0/0x30
[  135.806725]  [<c131bcf5>] tty_open+0x155/0x420
[  135.806725]  [<c11362f5>] chrdev_open+0xa5/0x1c0
[  135.806725]  [<c1130af1>] __dentry_open+0xc1/0x280
[  135.806725]  [<c1131e5e>] nameidata_to_filp+0x6e/0x80
[  135.806725]  [<c1136250>] ? chrdev_open+0x0/0x1c0
[  135.806725]  [<c113f30f>] finish_open+0xaf/0x1a0
[  135.806725]  [<c113ebb8>] ? do_path_lookup+0x68/0x120
[  135.806725]  [<c113f957>] do_filp_open+0x207/0x6e0
[  135.806725]  [<c1535bf0>] ? do_page_fault+0x0/0x490
[  135.806725]  [<c1131ec6>] do_sys_open+0x56/0x120
[  135.806725]  [<c1131fbe>] sys_open+0x2e/0x40
[  135.806725]  [<c1532874>] syscall_call+0x7/0xb
[  135.806725] Code: 3e 0f ba 6e 38 1d 19 c0 85 c0 75 28 8b 9e a0 00 00 00 8b 3e 8b 43 68 85 c0 74 10 0f bf 50 2a 3b 93 88 00 00 00 0f 84 97 00 00 00 <f6> 87 9c 00 00 00 02 74 56 8b 1c 24 8b 74 24 04 8b 7c 24 08 89 
[  135.806725] EIP: [<c1336679>] uart_dtr_rts+0x79/0x130 SS:ESP 0068:ec57fd6c
[  135.806725] CR2: 000000000000009c
[  135.818900] ---[ end trace f56dd99cd0df62c0 ]---
imklog 4.6.4, log source = /proc/kmsg started.
[    0.000000] Initializing cgroup subsys cpuset
[    0.000000] Initializing cgroup subsys cpu
[    0.000000] Linux version 2.6.38-11-generic-pae (buildd@zirconium) (gcc version 4.5.2 (Ubuntu/Linaro 4.5.2-8ubuntu4) ) #50-Ubuntu SMP Mon Sep 12 22:21:04 UTC 2011 (Ubuntu 2.6.38-11.50-generic-pae 2.6.38.8)

Ubuntulinux package

Comment 0 for bug 871270

Ubuntu
linux package