From: Larry Finger <Larry.Finger@lwfinger.net>
To: Miles Lane <miles.lane@gmail.com>
Cc: Michael Buesch <mb@bu3sch.de>,
Vegard Nossum <vegard.nossum@gmail.com>,
Andrew Morton <akpm@linux-foundation.org>,
Linux Kernel Mailing List <linux-kernel@vger.kernel.org>,
linux-wireless <linux-wireless@vger.kernel.org>,
FUJITA Tomonori <fujita.tomonori@lab.ntt.co.jp>
Subject: Re: BUG: NULL pointer dereference at 00000000 -- IP: [<f8e783d5>] :b43:b43_dma_mapping_error+0x16/0x155
Date: Wed, 11 Jun 2008 00:08:02 -0500 [thread overview]
Message-ID: <484F5DB2.4050705@lwfinger.net> (raw)
In-Reply-To: <a44ae5cd0806101857q54074c83w2eb470682b58a6cc@mail.gmail.com>
Miles Lane wrote:
> On Tue, Jun 10, 2008 at 7:15 PM, Larry Finger <Larry.Finger@lwfinger.net> wrote:
>> Miles Lane wrote:
>>> I got a slightly different BUG with this patch applied:
>>>
>>> BUG: unable to handle kernel NULL pointer dereference at 00000000
>>> IP: [<f89e3d41>] :b43:b43_dma_mapping_error+0x16/0x97
>>> *pde = 00000000
>>> Oops: 0000 [#1] PREEMPT DEBUG_PAGEALLOC
>>> last sysfs file:
>>>
>>> /sys/devices/pci0000:00/0000:00:08.0/0000:01:06.0/ssb0:0/firmware/ssb0:0/loading
>>> Modules linked in: sbs sbshc wmi battery iptable_filter ip_tables
>>> x_tables ac sbp2 rtc arc4 ecb crypto_blkcipher cryptomgr crypto_algapi
>>> b43 mac80211 cfg80211 led_class snd_intel8x0 snd_ac97_codec ac97_bus
>>> snd_pcm_oss snd_mixer_oss snd_pcm snd_seq_dummy snd_seq_oss
>>> snd_seq_midi_event snd_seq snd_timer snd_seq_device snd soundcore
>>> snd_page_alloc i2c_nforce2 i2c_core button ohci1394 3c59x ieee1394
>>> forcedeth ehci_hcd ohci_hcd usbcore thermal processor fan thermal_sys
>> Miles,
>>
>> If you have time, please cd to the kernel root directory and run the command
>> 'objdump -d -l drivers/net/wireless/b43/dma.o > dmadump'. You may have to
>> install the objdump package. In the file dmadump, find the line that
>> contains b43_dma_mapping_error. On my system it is 0000000000000085
>> <b43_dma_mapping_error>: Note, I use x86_64 and yours will likely be
>> different.
>>
>> Note the address (0x85 in my case), add the offset (0x16) and find the line
>> with the error. You can use KCalc in hexadecimal mode if you are not
>> comfortable with doing addition in base 16. Please report the source line
>> and instruction that failed.
>
> For me, the line is:
> "000000ab <b43_dma_mapping_error>:"
> so, 0xab + 0x16 = 0xc1
> and here's the dump giving some context around that line:
> b43_dma_mapping_error():
> ab: 55 push %ebp
> ac: 89 e5 mov %esp,%ebp
> ae: 57 push %edi
> af: 89 d7 mov %edx,%edi
> b1: 56 push %esi
> b2: 89 ce mov %ecx,%esi
> b4: 53 push %ebx
> b5: 83 ec 08 sub $0x8,%esp
> b8: 8a 55 08 mov 0x8(%ebp),%dl
> bb: 88 55 ef mov %dl,-0x11(%ebp)
> be: 8b 50 58 mov 0x58(%eax),%edx
> c1: 8b 12 mov (%edx),%edx
> c3: 8b 52 08 mov 0x8(%edx),%edx
> c6: 89 55 f0 mov %edx,-0x10(%ebp)
> c9: 8b 40 34 mov 0x34(%eax),%eax
> cc: 83 f8 1e cmp $0x1e,%eax
> cf: 74 07 je d8 <b43_dma_mapping_error+0x2d>
> d1: 83 f8 20 cmp $0x20,%eax
> d4: 75 5b jne 131 <b43_dma_mapping_error+0x86>
> d6: eb 15 jmp ed <b43_dma_mapping_error+0x42>
The line that fails is
if (unlikely(dma_mapping_error(ring->dev->dev->dma_dev, addr)))
The value at 0x58(%eax) is zero, which corresponds to the "struct
b43_wldev *dev" line in struct b43_dmaring. In other words, ring->dev
is NULL, which causes the error. I'll leave it to FUJITA Tomonori to
figure out why.
Larry
next prev parent reply other threads:[~2008-06-11 5:07 UTC|newest]
Thread overview: 22+ messages / expand[flat|nested] mbox.gz Atom feed top
2008-06-10 14:09 BUG: NULL pointer dereference at 00000000 -- IP: [<f8e783d5>] :b43:b43_dma_mapping_error+0x16/0x155 Miles Lane
2008-06-10 14:23 ` Michael Buesch
2008-06-10 14:29 ` Vegard Nossum
2008-06-10 14:34 ` Michael Buesch
2008-06-10 14:37 ` Michael Buesch
2008-06-10 14:42 ` Miles Lane
2008-06-10 15:09 ` Vegard Nossum
2008-06-10 14:42 ` Vegard Nossum
2008-06-10 14:50 ` Michael Buesch
2008-06-10 22:09 ` Miles Lane
2008-06-10 22:15 ` Michael Buesch
2008-06-10 22:29 ` Miles Lane
2008-06-10 23:15 ` Larry Finger
2008-06-11 1:57 ` Miles Lane
2008-06-11 5:08 ` Larry Finger [this message]
2008-06-11 5:57 ` Miles Lane
2008-06-12 5:18 ` FUJITA Tomonori
2008-06-11 0:58 ` FUJITA Tomonori
2008-06-11 10:05 ` Michael Buesch
2008-06-11 12:23 ` Larry Finger
2008-06-12 5:18 ` FUJITA Tomonori
2008-06-12 9:14 ` Michael Buesch
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=484F5DB2.4050705@lwfinger.net \
--to=larry.finger@lwfinger.net \
--cc=akpm@linux-foundation.org \
--cc=fujita.tomonori@lab.ntt.co.jp \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-wireless@vger.kernel.org \
--cc=mb@bu3sch.de \
--cc=miles.lane@gmail.com \
--cc=vegard.nossum@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.