This is a 100% reproduceable bug. The kernel version is 2.1.35.
It is just a clean kernel tree with the isdn patch for the HiSax
from Joerg Lehrke, which renames all "queue_task_irq_off"
to "queue_task".
The kernel crashes if a standard phone call comes in
on the ISDN bus (first syslog-dump) and if one tries to establish
an isdn link (second syslog-dump). Both syslog dumps are from
a 2.1.35 kernel with the below .config.
No keyboard or remote telnet access... And just the same with
2.1.36. Switching back to 2.1.29 everything works fine.
My computer has a Teles 16.3. Everything seems
to be fine in 2.1.29, but I don't know about the kernels
2.1.30 to 2.1.34.
I included the important parts of syslog and my .config.
I hope that it will help.
Have fun hacking,
Thomas Maier-Komor
1st syslog dump (crash due to incoming call):
Apr 23 17:08:36 troll kernel: Unable to handle kernel NULL pointer
dereference at virtual address 00000000
Apr 23 17:08:36 troll kernel: current->tss.cr3 = 00101000, ^Xr3 =
00101000
Apr 23 17:08:36 troll kernel: *pde = 00000000
Apr 23 17:08:36 troll kernel: Oops: 0000
Apr 23 17:08:36 troll kernel: CPU: 0
Apr 23 17:08:36 troll kernel: EIP: 0010:[aitqueue_lock+0/-1072693248]
Apr 23 17:08:36 troll kernel: EFLAGS: 00010246
Apr 23 17:08:36 troll kernel: eax: 00000000 ebx: 00000000 ecx:
c01d4e24 edx: c308bdf6
Apr 23 17:08:36 troll kernel: esi: c3fc088c edi: 00000000 ebp:
c018ff7c esp: c01c9c14
Apr 23 17:08:36 troll kernel: ds: 0018 es: 0018 ss: 0018
Apr 23 17:08:36 troll kernel: Process swapper (pid: 0, process nr: 0,
stackpage=c01c7df0)
Apr 23 17:08:36 troll kernel: Stack: c018ff93 c3fc07f4 00000005 c308bdf6
c01959d3 c3fc088c 00000000 c308bdf6
Apr 23 17:08:36 troll kernel: c308be0c c3fc07f4 00000001 c308bdf6
c308bf11 c01bcde8 0201a8c0 c01ae658
Apr 23 17:08:36 troll kernel: c3fbe04c c01bc9ae c01c9c7c c01ae658
c3fbe082 00000046 00000046 c02f3198
Apr 23 17:08:36 troll kernel: Call Trace:
Apr 23 17:08:36 troll kernel: Code: <1>Unable to handle kernel NULL
pointer dereference at virtual address 00000000
Apr 23 17:08:36 troll kernel: current->tss.cr3 = 00101000, ^Xr3 =
00101000
Apr 23 17:08:36 troll kernel: *pde = 00000000
Apr 23 17:08:36 troll kernel: Oops: 0000
Apr 23 17:08:36 troll kernel: CPU: 0
Apr 23 17:08:36 troll kernel: EIP:
0010:[aitqueue_lock+2147483647/-1072693248]
Apr 23 17:08:36 troll kernel: EFLAGS: 00010286
Apr 23 17:08:36 troll kernel: eax: 00000010 ebx: 00000000 ecx:
00000000 edx: 00000010
Apr 23 17:08:36 troll kernel: esi: 00000000 edi: c01ca000 ebp:
c01c9be0 esp: c01c9b70
Apr 23 17:08:36 troll kernel: ds: 0018 es: 0018 ss: 0018
Apr 23 17:08:36 troll kernel: Process swapper (pid: 0, process nr: 0,
stackpage=c01c7df0)
Apr 23 17:08:36 troll kernel: Stack: 00000018 c01c9be0 00000000 c01c9be0
c01cb1a0 c4800000 c5000000 c4800000
Apr 23 17:08:36 troll kerneld: error: exit: Identifier removed
Apr 23 17:08:36 troll kernel: c01d0018 c010a297 c01c9be0 c01b0440
c01b0fda 00000000 00000000 c010feae
Apr 23 17:08:36 troll kernel: c01b0fda c01c9be0 00000000 c01cb1a0
c3fc088c 00000000 c018ff7c 00000000
Apr 23 17:08:36 troll kernel: Call Trace:
[aitqueue_lock+2147483647/-1072693248]
[aitqueue_lock+2147483647/-1072693248]
[aitqueue_lock+2147483647/-1072693248]
Apr 23 17:08:36 troll kernel: Code: 64 8a 04 0e 0f a1 88 c2 81 e2 ff 00
00 00 89 54 24 10 52 68
Apr 23 17:08:36 troll kernel: kfree of non-kmalloced memory: c01c9e38,
next= 00000000, order=0
Apr 23 17:08:36 troll kernel: kfree of non-kmalloced memory: c01c9e28,
next= 00000000, order=0
Apr 23 17:08:36 troll kernel: kfree of non-kmalloced memory: c01caf3c,
next= 00000000, order=0
Apr 23 17:08:36 troll kernel: idle task may not sleep
2nd syslog dump (crash due to dial request):
Apr 24 04:42:57 troll kernel: Unable to handle kernel NULL pointer
dereference at virtual address 00000000
Apr 24 04:42:57 troll kernel: current->tss.cr3 = 00101000, ^Xr3 =
00101000
Apr 24 04:42:57 troll kernel: *pde = 00000000
Apr 24 04:42:57 troll kernel: Oops: 0000
Apr 24 04:42:57 troll kernel: CPU: 0
Apr 24 04:42:57 troll kernel: EIP: 0010:[aitqueue_lock+0/-1072693248]
Apr 24 04:42:57 troll kernel: EFLAGS: 00010293
Apr 24 04:42:57 troll kernel: eax: 00000000 ebx: c3fc010c ecx:
c01d59b0 edx: 00000041
Apr 24 04:42:57 troll kernel: esi: c3fc0484 edi: 00000005 ebp:
c0192de8 esp: c01c9ad8
Apr 24 04:42:57 troll kernel: ds: 0018 es: 0018 ss: 0018
Apr 24 04:42:57 troll kernel: Process swapper (pid: 0, process nr: 0,
stackpage=c01c7df0)
Apr 24 04:42:57 troll kernel: Stack: c0192e70 c3fc02c0 00000018 00000000
00000001 c01959d3 c3fc0484 00000005
Apr 24 04:42:57 troll kernel: 00000000 c3fc049c c3fc049c 00000003
c0194378 c3fc1410 0000003a c3fc1410
Apr 24 04:42:57 troll kernel: c018ff2c c3fc00f0 c3fc049c c3fc049c
c3fc00f0 c01de0a0 00002a1b 00000097
Apr 24 04:42:57 troll kernel: Call Trace:
Apr 24 04:42:57 troll kernel: Code: <1>Unable to handle kernel NULL
pointer dereference at virtual address 00000000
Apr 24 04:42:57 troll kernel: current->tss.cr3 = 00101000, ^Xr3 =
00101000
Apr 24 04:42:57 troll kernel: *pde = 00000000
Apr 24 04:42:57 troll kernel: Oops: 0000
Apr 24 04:42:57 troll kernel: CPU: 0
Apr 24 04:42:57 troll kernel: EIP:
0010:[aitqueue_lock+2147483647/-1072693248]
Apr 24 04:42:57 troll kernel: EFLAGS: 00010282
Apr 24 04:42:57 troll kernel: eax: 00000010 ebx: 00000000 ecx:
00000000 edx: 00000010
Apr 24 04:42:57 troll kernel: esi: 00000000 edi: c01ca000 ebp:
c01c9aa4 esp: c01c9a34
Apr 24 04:42:57 troll kernel: ds: 0018 es: 0018 ss: 0018
Apr 24 04:42:57 troll kernel: Process swapper (pid: 0, process nr: 0,
stackpage=c01c7df0)
Apr 24 04:42:57 troll kernel: Stack: 00000018 c01c9aa4 00000000 c01c9aa4
c01cb1a0 c4800000 c5000000 c4800000
Apr 24 04:42:57 troll kerneld: error: exit: Identifier removed
Apr 24 04:42:57 troll kernel: c01d0018 c010a297 c01c9aa4 c01b0440
c01b0fda 00000000 00000000 c010feae
Apr 24 04:42:57 troll kernel: c01b0fda c01c9aa4 00000000 c01cb1a0
c3fc0484 00000005 c0192de8 c019ec2c
Apr 24 04:42:57 troll kernel: Call Trace:
[aitqueue_lock+2147483647/-1072693248]
[aitqueue_lock+2147483647/-1072693248]
[aitqueue_lock+2147483647/-1072693248]
Apr 24 04:42:57 troll kernel: Code: 64 8a 04 0e 0f a1 88 c2 81 e2 ff 00
00 00 89 54 24 10 52 68
Apr 24 04:42:57 troll kernel: kfree of non-kmalloced memory: c01c9e38,
next= 00000000, order=0
Apr 24 04:42:57 troll kernel: kfree of non-kmalloced memory: c01c9e28,
next= 00000000, order=0
Apr 24 04:42:57 troll kernel: kfree of non-kmalloced memory: c01caf3c,
next= 00000000, order=0
Apr 24 04:42:57 troll kernel: idle task may not sleep
Apr 24 04:46:28 troll kernel: Cannot find map file.
.config:
CONFIG_EXPERIMENTAL=y
CONFIG_MODULES=y
CONFIG_KERNELD=y
CONFIG_NET=y
CONFIG_PCI=y
CONFIG_PCI_OPTIMIZE=y
CONFIG_SYSVIPC=y
CONFIG_SYSCTL=y
CONFIG_BINFMT_AOUT=m
CONFIG_BINFMT_ELF=y
CONFIG_M586=y
CONFIG_VIDEO_SELECT=y
CONFIG_PNP_PARPORT=y
CONFIG_PNP=y
CONFIG_PNP_PARPORT_AUTOPROBE=y
CONFIG_BLK_DEV_FD=m
CONFIG_BLK_DEV_IDE=m
CONFIG_BLK_DEV_IDEDISK=m
CONFIG_BLK_DEV_LOOP=m
CONFIG_BLK_DEV_RAM=m
CONFIG_INET=y
CONFIG_IP_ACCT=y
CONFIG_INET_RARP=m
CONFIG_PATH_MTU_DISCOVERY=y
CONFIG_IP_NOSR=y
CONFIG_SKB_LARGE=y
CONFIG_IPX=m
CONFIG_SCSI=y
CONFIG_BLK_DEV_SD=y
CONFIG_SCSI_NCR53C7xx=y
CONFIG_SCSI_NCR53C7xx_sync=y
CONFIG_SCSI_NCR53C7xx_FAST=y
CONFIG_SCSI_NCR53C7xx_DISCONNECT=y
CONFIG_NETDEVICES=y
CONFIG_DUMMY=m
CONFIG_NET_ETHERNET=y
CONFIG_NET_ISA=y
CONFIG_NE2000=m
CONFIG_ISDN=y
CONFIG_ISDN_PPP=y
CONFIG_ISDN_PPP_VJ=y
CONFIG_ISDN_MPP=y
CONFIG_ISDN_AUDIO=y
CONFIG_ISDN_DRV_HISAX=y
CONFIG_HISAX_16_3=y
CONFIG_CD_NO_IDESCSI=y
CONFIG_MCDX=m
CONFIG_MINIX_FS=m
CONFIG_EXT2_FS=y
CONFIG_FAT_FS=m
CONFIG_MSDOS_FS=m
CONFIG_VFAT_FS=m
CONFIG_UMSDOS_FS=m
CONFIG_PROC_FS=y
CONFIG_NFS_FS=m
CONFIG_SUNRPC=m
CONFIG_LOCKD=m
CONFIG_SMB_FS=m
CONFIG_SMB_WIN95=y
CONFIG_ISO9660_FS=m
CONFIG_AUTOFS_FS=y
CONFIG_VT=y
CONFIG_VT_CONSOLE=y
CONFIG_SERIAL=y
CONFIG_PRINTER=y
CONFIG_PRINTER_READBACK=y
CONFIG_APM=y
CONFIG_APM_DO_ENABLE=y
CONFIG_APM_CPU_IDLE=y
CONFIG_APM_DISPLAY_BLANK=y
CONFIG_RTC=y
CONFIG_SOUND=m
CONFIG_SB=y
CONFIG_ADLIB=y
CONFIG_MPU401=y
CONFIG_YM3812=y
SBC_BASE=220
SBC_IRQ=7
SBC_DMA=1
SB_DMA2=5
SB_MPU_BASE=330
SB_MPU_IRQ=-1
MPU_BASE=330
MPU_IRQ=9