Re: Kernel oops when loading ath5k from compat-wireless in 2.6.27

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Bob Copeland <me@bobcopeland.com>
To: Dan McGee <dpmcgee@gmail.com>
Cc: linux-wireless@vger.kernel.org, mcgrof@gmail.com
Subject: Re: Kernel oops when loading ath5k from compat-wireless in 2.6.27
Date: Fri, 14 Nov 2008 08:18:24 -0500	[thread overview]
Message-ID: <20081114131824.GA10586@hash.localnet> (raw)
In-Reply-To: <449c10960811132146s40aef6c6ue8dfeef5ba29812a@mail.gmail.com>

On Thu, Nov 13, 2008 at 11:46:06PM -0600, Dan McGee wrote:
> 
> GDB disassembly:
> 
> 0x000002cc <ieee80211_register_hw+357>: sbb    %eax,%eax
> 0x000002ce <ieee80211_register_hw+359>: and    $0x100,%edx
> 0x000002d4 <ieee80211_register_hw+365>: and    $0xf,%al
> 0x000002d6 <ieee80211_register_hw+367>: inc    %al
> ^^^ HERE ^^^

I don't think this disassembly is right.  inc %al is not a very likely 
faulting instruction, especially if we just did a successful AND on the
register.  Luis' suggestion to use gdb to directly list the C code is 
good; here's another way:

Run scripts/decodecode on the "Code: ...." portion (output below).
There you can see that the faulting instruction is actually 
"mov (%eax), %eax" which makes sense because %eax in the register dump
is zero, so it's clearly a null pointer dereference.  We're
dereferencing some pointer at offset 0xbc in some structure.

Now you can do objdump -S net/mac80211/main.o to see mixed C and
assembly, and look for a segment of code that matches your disassembly.  
Sometimes that can be a bit confusing with inlines and code scheduling, 
but that's the nature of the beast.

(I haven't had a chance to look at the actual code yet.)

Disassembly of section .text:

00000000 <.text>:
   0:	83 c8 00             	or     $0x0,%eax
   3:	00 00                	add    %al,(%eax)
   5:	21 03                	and    %eax,(%ebx)
   7:	c7 83 b4 00 00 00 1c 	movl   $0xb80d491c,0xb4(%ebx)
   e:	49 0d b8 
  11:	c7 83 0c 02 00 00 ee 	movl   $0xb80c17ee,0x20c(%ebx)
  18:	17 0c b8 
  1b:	8b 46 1c             	mov    0x1c(%esi),%eax
  1e:	8b 40 7c             	mov    0x7c(%eax),%eax
  21:	8b 80 bc 00 00 00    	mov    0xbc(%eax),%eax
  27:	6a 00                	push   $0x0
  29:	6a 00                	push   $0x0
   0:	8b 00                	mov    (%eax),%eax      <--- HERE
   2:	e8 75 64 06 c0       	call   0xc006647c
   7:	5f                   	pop    %edi
   8:	bf f4 ff ff ff       	mov    $0xfffffff4,%edi
   d:	85 c0                	test   %eax,%eax
   f:	89 46 20             	mov    %eax,0x20(%esi)
  12:	5a                   	pop    %edx
  13:	0f                   	.byte 0xf
  14:	84                   	.byte 0x84

-- 
Bob Copeland %% www.bobcopeland.com

     prev parent reply	other threads:[~2008-11-14 13:18 UTC|newest]

Thread overview: 39+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2008-11-14  5:46 Kernel oops when loading ath5k from compat-wireless in 2.6.27 Dan McGee
2008-11-14  6:17 ` Luis R. Rodriguez
2008-11-14 17:02   ` Bob Copeland
2008-11-14 17:37     ` Luis R. Rodriguez
2008-11-14 17:49       ` Bob Copeland
2008-11-14 18:06         ` Luis R. Rodriguez
2008-11-14 18:13           ` Sujith
2008-11-14 18:29             ` Luis R. Rodriguez
2008-11-14 18:33               ` Sujith
2008-11-14 18:37                 ` Luis R. Rodriguez
2008-11-14 19:33                   ` Dan McGee
2008-11-14 20:33                     ` Bob Copeland
2008-11-14 20:41                       ` Luis R. Rodriguez
2008-11-14 21:13                         ` Luis R. Rodriguez
2008-11-15  0:25                           ` Dan McGee
2008-11-15  0:36                             ` Luis R. Rodriguez
2008-11-15  2:05                               ` Dan McGee
2008-11-15  2:29                                 ` Bob Copeland
2008-11-15  2:57                                   ` Dan McGee
2008-11-15  6:30                                     ` Dan McGee
     [not found]                                     ` <449c10960811142229v77ea85f4nf898d447c7e63422@mail.gmail.com>
2008-11-15 18:19                                       ` Bob Copeland
2008-11-16  0:12                                         ` Dan McGee
2008-11-15  0:38                             ` Bob Copeland
2008-11-14 18:34           ` Bob Copeland
2008-11-16  2:11     ` Dan McGee
2008-11-16  2:38       ` Dan McGee
2008-11-16  5:48         ` Luis R. Rodriguez
2008-11-16  5:53           ` Bob Copeland
2008-11-16  6:05             ` Luis R. Rodriguez
2008-11-16  6:06               ` Luis R. Rodriguez
2008-11-16  6:15                 ` Luis R. Rodriguez
2008-11-16 16:20                   ` Bob Copeland
2008-11-16 16:38                     ` Dan McGee
2008-11-16 16:52                       ` Bob Copeland
2008-11-16 18:01                         ` Dan McGee
2008-11-16 18:05                           ` Johannes Berg
2008-11-16 18:20                             ` Luis R. Rodriguez
2008-11-16  5:55         ` Bob Copeland
2008-11-14 13:18 ` Bob Copeland [this message]

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20081114131824.GA10586@hash.localnet \
    --to=me@bobcopeland.com \
    --cc=dpmcgee@gmail.com \
    --cc=linux-wireless@vger.kernel.org \
    --cc=mcgrof@gmail.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.