Return-path: Received: from yx-out-2324.google.com ([74.125.44.29]:31028 "EHLO yx-out-2324.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1750734AbYKNFqI (ORCPT ); Fri, 14 Nov 2008 00:46:08 -0500 Received: by yx-out-2324.google.com with SMTP id 8so570955yxm.1 for ; Thu, 13 Nov 2008 21:46:07 -0800 (PST) Message-ID: <449c10960811132146s40aef6c6ue8dfeef5ba29812a@mail.gmail.com> (sfid-20081114_064624_181159_88900B00) Date: Thu, 13 Nov 2008 23:46:06 -0600 From: "Dan McGee" To: linux-wireless@vger.kernel.org Subject: Kernel oops when loading ath5k from compat-wireless in 2.6.27 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Sender: linux-wireless-owner@vger.kernel.org List-ID: Also reported here a few times, I've been seeing this bug every time I try to load up the ath5k module in my kernel: http://www.kerneloops.org/search.php?search=ieee80211_register_hw&btnG=Function+Search If you guys have any suggestions, I'd love to hear them. I disassembled the code in question but am not very good with these things. It looks to be somewhere between lines 804-825 in net/mac80211/main.c. -Dan ath5k_pci 0000:01:00.0: PCI INT A -> GSI 18 (level, low) -> IRQ 18 ath5k_pci 0000:01:00.0: setting latency timer to 64 ath5k_pci 0000:01:00.0: registered as '' BUG: unable to handle kernel NULL pointer dereference at 00000000 IP: [] :mac80211:ieee80211_register_hw+0x10f/0x2d6 *pde = 00000000 Oops: 0000 [#1] PREEMPT Modules linked in: ath5k(+) mac80211 Pid: 818, comm: modprobe Not tainted (2.6.27.6eee #3) EIP: 0060:[] EFLAGS: 00010286 CPU: 0 EIP is at ieee80211_register_hw+0x10f/0x2d6 [mac80211] EAX: 00000000 EBX: b7345000 ECX: 00000001 EDX: 00000001 ESI: b681c180 EDI: 00000000 EBP: b7183000 ESP: b7365e00 DS: 007b ES: 007b FS: 0000 GS: 0033 SS: 0068 Process modprobe (pid: 818, ti=b7364000 task=b71f7130 task.ti=b7364000) Stack: 00000000 00000000 b681cd00 b681cd00 b681fe06 b80ea639 b7365e70 b681cd00 00000005 b7064458 b7365e70 b7064400 781689c9 b7007000 b8060000 b681cd00 b681c180 00000000 b681fde4 b7183000 0c0c45e9 0000001a b681cde8 b7183000 Call Trace: [] ath5k_pci_probe+0xc27/0x1150 [ath5k] [<781689c9>] find_inode+0x1b/0x56 [<781e0b0e>] pci_device_probe+0x36/0x55 [<78252342>] driver_probe_device+0xa1/0x132 [<7825240a>] __driver_attach+0x37/0x55 [<78251d86>] bus_for_each_dev+0x35/0x5c [<782521f1>] driver_attach+0x11/0x13 [<782523d3>] __driver_attach+0x0/0x55 [<7825184b>] bus_add_driver+0x91/0x1a7 [] init_ath5k_pci+0x0/0x2f [ath5k] [<78252571>] driver_register+0x7d/0xd6 [] init_ath5k_pci+0x0/0x2f [ath5k] [<781e0d11>] __pci_register_driver+0x35/0x60 [] init_ath5k_pci+0x1a/0x2f [ath5k] [<7810111f>] _stext+0x37/0xfb [<78137d76>] sys_init_module+0x87/0x175 [<78102de9>] sysenter_do_call+0x12/0x25 ======================= Code: 83 c8 00 00 00 21 03 c7 83 b4 00 00 00 1c 49 0d b8 c7 83 0c 02 00 00 ee 17 0c b8 8b 46 1c 8b 40 7c 8b 80 bc 00 00 00 6a 00 6a 00 <8b> 00 e8 75 64 06 c0 5f bf f4 ff ff ff 85 c0 89 46 20 5a 0f 84 EIP: [] ieee80211_register_hw+0x10f/0x2d6 [mac80211] SS:ESP 0068:b7365e00 ---[ end trace 0b0fad82f83782b1 ]--- GDB disassembly: 0x0000028f : cmpl $0xd,0x30(%esi) 0x00000293 : mov $0xd,%eax 0x00000298 : cmovae 0x30(%esi),%eax 0x0000029c : cmpl $0x9,(%esi) 0x0000029f : mov %eax,0x9c(%esi) 0x000002a5 : jg 0x2ad 0x000002a7 : movl $0x64,(%esi) 0x000002ad : cmpw $0x0,0x44(%esi) 0x000002b2 : jne 0x2ba 0x000002b4 : movw $0x1,0x44(%esi) 0x000002ba : mov 0x2c(%esi),%ecx 0x000002bd : mov 0x44(%esi),%eax 0x000002c0 : mov %ecx,%edx 0x000002c2 : mov %ax,0xc(%esi) ---Type to continue, or q to quit--- 0x000002c6 : mov %cl,%al 0x000002c8 : and $0xe0,%al 0x000002ca : cmp $0x1,%al 0x000002cc : sbb %eax,%eax 0x000002ce : and $0x100,%edx 0x000002d4 : and $0xf,%al 0x000002d6 : inc %al ^^^ HERE ^^^ 0x000002d8 : or 0x98(%esi),%al 0x000002de : cmp $0x1,%edx 0x000002e1 : sbb %edx,%edx 0x000002e3 : and $0x3c,%dl 0x000002e6 : add $0x4,%dl 0x000002e9 : or %al,%dl 0x000002eb : test %cl,%cl 0x000002ed : mov %dl,0x98(%esi) 0x000002f3 : jns 0x2fe 0x000002f5 : or $0x8,%dl 0x000002f8 : mov %dl,0x98(%esi) 0x000002fe : mov %esi,%eax 0x00000300 : call 0x301 0x00000305 : test %eax,%eax 0x00000307 : mov %eax,%edi 0x00000309 : js 0x41b 0x0000030f : call 0x310 0x00000314 : mov 0x54(%esi),%eax 0x00000317 : mov %eax,%edx GCC assembly compile: call ieee80211_rx_bss_list_init movl $1, %edx movl $1, %ecx movl $ieee80211_master_start_xmit, 412(%ebx) movl $ieee80211_master_open, 508(%ebx) movl $ieee80211_master_stop, 512(%ebx) movw $801, 200(%ebx) movl $ieee80211_header_ops, 180(%ebx) movl $ieee80211_master_set_multicast_list, 524(%ebx) movl 28(%esi), %eax movl 124(%eax), %eax movl 188(%eax), %eax pushl $0 pushl $0 movl (%eax), %eax call __create_workqueue_key popl %edi movl $-12, %edi testl %eax, %eax movl %eax, 32(%esi) popl %edx je .L34 cmpl $13, 48(%esi) movl $13, %eax cmovae 48(%esi), %eax cmpl $9, (%esi) movl %eax, 156(%esi) jg .L35 movl $100, (%esi) .L35: cmpw $0, 68(%esi) jne .L36 movw $1, 68(%esi) .L36: movl 44(%esi), %ecx movl 68(%esi), %eax movl %ecx, %edx movw %ax, 12(%esi) movb %cl, %al andb $-32, %al cmpb $1, %al sbbl %eax, %eax andl $256, %edx andb $15, %al incb %al ^^^ HERE ^^^ orb 152(%esi), %al cmpl $1, %edx sbbl %edx, %edx andb $60, %dl addb $4, %dl orb %al, %dl testb %cl, %cl movb %dl, 152(%esi) jns .L41 orb $8, %dl movb %dl, 152(%esi) .L41: movl %esi, %eax call sta_info_start testl %eax, %eax movl %eax, %edi js .L42 call rtnl_lock movl 84(%esi), %eax movl %eax, %edx call dev_alloc_name testl %eax, %eax movl %eax, %edi js .L43 movl 28(%esi), %edx movl 84(%esi), %ecx movl (%edx), %eax movl %eax, 308(%ecx) movw 4(%edx), %ax movw %ax, 312(%ecx) movl 28(%esi), %eax movl 84(%esi), %edx movl 124(%eax), %eax movl %eax, 688(%edx) movl 84(%esi), %eax call register_netdevice testl %eax, %eax movl %eax, %edi js .L43 movl 36(%esi), %edx movl %esi, %eax call ieee80211_init_rate_ctrl_alg