Re: Kernel oops when loading ath5k from compat-wireless in 2.6.27

linux-wireless.vger.kernel.org archive mirror
 help / color / mirror / Atom feed

From: Bob Copeland <me@bobcopeland.com>
To: Dan McGee <dpmcgee@gmail.com>
Cc: linux-wireless@vger.kernel.org, mcgrof@gmail.com
Subject: Re: Kernel oops when loading ath5k from compat-wireless in 2.6.27
Date: Fri, 14 Nov 2008 08:18:24 -0500	[thread overview]
Message-ID: <20081114131824.GA10586@hash.localnet> (raw)
In-Reply-To: <449c10960811132146s40aef6c6ue8dfeef5ba29812a@mail.gmail.com>

On Thu, Nov 13, 2008 at 11:46:06PM -0600, Dan McGee wrote:
> 
> GDB disassembly:
> 
> 0x000002cc <ieee80211_register_hw+357>: sbb    %eax,%eax
> 0x000002ce <ieee80211_register_hw+359>: and    $0x100,%edx
> 0x000002d4 <ieee80211_register_hw+365>: and    $0xf,%al
> 0x000002d6 <ieee80211_register_hw+367>: inc    %al
> ^^^ HERE ^^^

I don't think this disassembly is right.  inc %al is not a very likely 
faulting instruction, especially if we just did a successful AND on the
register.  Luis' suggestion to use gdb to directly list the C code is 
good; here's another way:

Run scripts/decodecode on the "Code: ...." portion (output below).
There you can see that the faulting instruction is actually 
"mov (%eax), %eax" which makes sense because %eax in the register dump
is zero, so it's clearly a null pointer dereference.  We're
dereferencing some pointer at offset 0xbc in some structure.

Now you can do objdump -S net/mac80211/main.o to see mixed C and
assembly, and look for a segment of code that matches your disassembly.  
Sometimes that can be a bit confusing with inlines and code scheduling, 
but that's the nature of the beast.

(I haven't had a chance to look at the actual code yet.)

Disassembly of section .text:

00000000 <.text>:
   0:	83 c8 00             	or     $0x0,%eax
   3:	00 00                	add    %al,(%eax)
   5:	21 03                	and    %eax,(%ebx)
   7:	c7 83 b4 00 00 00 1c 	movl   $0xb80d491c,0xb4(%ebx)
   e:	49 0d b8 
  11:	c7 83 0c 02 00 00 ee 	movl   $0xb80c17ee,0x20c(%ebx)
  18:	17 0c b8 
  1b:	8b 46 1c             	mov    0x1c(%esi),%eax
  1e:	8b 40 7c             	mov    0x7c(%eax),%eax
  21:	8b 80 bc 00 00 00    	mov    0xbc(%eax),%eax
  27:	6a 00                	push   $0x0
  29:	6a 00                	push   $0x0
   0:	8b 00                	mov    (%eax),%eax      <--- HERE
   2:	e8 75 64 06 c0       	call   0xc006647c
   7:	5f                   	pop    %edi
   8:	bf f4 ff ff ff       	mov    $0xfffffff4,%edi
   d:	85 c0                	test   %eax,%eax
   f:	89 46 20             	mov    %eax,0x20(%esi)
  12:	5a                   	pop    %edx
  13:	0f                   	.byte 0xf
  14:	84                   	.byte 0x84

-- 
Bob Copeland %% www.bobcopeland.com

     prev parent reply	other threads:[~2008-11-14 13:18 UTC|newest]

Thread overview: 39+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2008-11-14  5:46 Kernel oops when loading ath5k from compat-wireless in 2.6.27 Dan McGee
2008-11-14  6:17 ` Luis R. Rodriguez
2008-11-14 17:02   ` Bob Copeland
2008-11-14 17:37     ` Luis R. Rodriguez
2008-11-14 17:49       ` Bob Copeland
2008-11-14 18:06         ` Luis R. Rodriguez
2008-11-14 18:13           ` Sujith
2008-11-14 18:29             ` Luis R. Rodriguez
2008-11-14 18:33               ` Sujith
2008-11-14 18:37                 ` Luis R. Rodriguez
2008-11-14 19:33                   ` Dan McGee
2008-11-14 20:33                     ` Bob Copeland
2008-11-14 20:41                       ` Luis R. Rodriguez
2008-11-14 21:13                         ` Luis R. Rodriguez
2008-11-15  0:25                           ` Dan McGee
2008-11-15  0:36                             ` Luis R. Rodriguez
2008-11-15  2:05                               ` Dan McGee
2008-11-15  2:29                                 ` Bob Copeland
2008-11-15  2:57                                   ` Dan McGee
2008-11-15  6:30                                     ` Dan McGee
     [not found]                                     ` <449c10960811142229v77ea85f4nf898d447c7e63422@mail.gmail.com>
2008-11-15 18:19                                       ` Bob Copeland
2008-11-16  0:12                                         ` Dan McGee
2008-11-15  0:38                             ` Bob Copeland
2008-11-14 18:34           ` Bob Copeland
2008-11-16  2:11     ` Dan McGee
2008-11-16  2:38       ` Dan McGee
2008-11-16  5:48         ` Luis R. Rodriguez
2008-11-16  5:53           ` Bob Copeland
2008-11-16  6:05             ` Luis R. Rodriguez
2008-11-16  6:06               ` Luis R. Rodriguez
2008-11-16  6:15                 ` Luis R. Rodriguez
2008-11-16 16:20                   ` Bob Copeland
2008-11-16 16:38                     ` Dan McGee
2008-11-16 16:52                       ` Bob Copeland
2008-11-16 18:01                         ` Dan McGee
2008-11-16 18:05                           ` Johannes Berg
2008-11-16 18:20                             ` Luis R. Rodriguez
2008-11-16  5:55         ` Bob Copeland
2008-11-14 13:18 ` Bob Copeland [this message]

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20081114131824.GA10586@hash.localnet \
    --to=me@bobcopeland.com \
    --cc=dpmcgee@gmail.com \
    --cc=linux-wireless@vger.kernel.org \
    --cc=mcgrof@gmail.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).