From: Justin Madru <jdm64@gawab.com>
To: Vegard Nossum <vegard.nossum@gmail.com>
Cc: lkml <linux-kernel@vger.kernel.org>
Subject: Re: Oops in mac80211 with 2.6.26-rc3 triggered playing a video
Date: Mon, 26 May 2008 10:01:35 -0700 [thread overview]
Message-ID: <483AECEF.9030509@gawab.com> (raw)
In-Reply-To: <19f34abd0805260049j621c882r970444b65e384355@mail.gmail.com>
Vegard Nossum wrote:
> The code decodes to:
>
> 1d: f3 a5 rep movsl %ds:(%esi),%es:(%edi)
> 1f: 89 c1 mov %eax,%ecx
> 21: 83 e1 03 and $0x3,%ecx
> 24: 74 02 je 0x28
> 26: f3 a4 rep movsb %ds:(%esi),%es:(%edi)
> 28: 8b 5d d0 mov -0x30(%ebp),%ebx
> 0: 8b 9b 90 00 00 00 mov 0x90(%ebx),%ebx <---- BAM!
> 6: 85 db test %ebx,%ebx
> 8: 89 5d d8 mov %ebx,-0x28(%ebp)
> b: 0f 84 6d 03 00 00 je 0x37e
> 11: 8b 7d cc mov -0x34(%ebp),%edi
> 14: 8b .byte 0x8b
>
> Recompiling net/mac80211/mlme.c gives me that this happens on line 675.
>
> ieee80211_compatible_rates net/mac80211/mlme.c:675
> ieee80211_send_assoc net/mac80211/mlme.c:767
> ieee80211_associate net/mac80211/mlme.c:955
>
> So it is in fact compatible_rates() that crashes (but hidden in your
> Oops because of heavy inlining).
>
> So looking at the latest changelog in linus/master, we have this change:
>
> commit 0d580a774b3682b8b2b5c89ab9b813d149ef28e7
> Author: Helmut Schaa <hschaa@suse.de>
> Date: Tue May 20 09:56:37 2008 +0200
>
> mac80211: fix NULL pointer dereference in ieee80211_compatible_rates
>
> Fix a possible NULL pointer dereference in ieee80211_compatible_rates
> introduced in the patch "mac80211: fix association with some APs". If no bss
> is available just use all supported rates in the association request.
>
> Signed-off-by: Helmut Schaa <hschaa@suse.de>
> Signed-off-by: John W. Linville <linville@tuxdriver.com>
>
> So does applying/cherry-picking that fix your problem? (Patch
> attached, but not inlined.)
>
> Vegard
I'll try that patch (probably just doing a git pull). But since the oops
is hard to trigger, it will take a while to test, and make sure that
fixed the problem.
How did you "decode" the oops and find what file and line number that
had the problem?
I tried to follow Documentation/oops-tracing.txt but I didn't know where
to start.
Justin Madru
next prev parent reply other threads:[~2008-05-26 17:01 UTC|newest]
Thread overview: 6+ messages / expand[flat|nested] mbox.gz Atom feed top
2008-05-26 4:41 Oops in mac80211 with 2.6.26-rc3 triggered playing a video Justin Madru
2008-05-26 7:49 ` Vegard Nossum
2008-05-26 17:01 ` Justin Madru [this message]
2008-05-26 17:52 ` Vegard Nossum
2008-05-26 18:46 ` Carlos R. Mafra
2008-05-29 17:38 ` Justin Madru
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=483AECEF.9030509@gawab.com \
--to=jdm64@gawab.com \
--cc=linux-kernel@vger.kernel.org \
--cc=vegard.nossum@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.