From: Bob Copeland <me@bobcopeland.com>
To: Dan McGee <dpmcgee@gmail.com>
Cc: mcgrof@gmail.com, m.sujith@gmail.com,
linux-wireless@vger.kernel.org, mb@bu3sch.de,
johannes@sipsolutions.net
Subject: Re: Kernel oops when loading ath5k from compat-wireless in 2.6.27
Date: Sat, 15 Nov 2008 13:19:42 -0500 [thread overview]
Message-ID: <20081115181941.GD10702@hash.localnet> (raw)
In-Reply-To: <449c10960811142229v77ea85f4nf898d447c7e63422@mail.gmail.com>
On Sat, Nov 15, 2008 at 12:29:34AM -0600, Dan McGee wrote:
> On Fri, Nov 14, 2008 at 8:57 PM, Dan McGee <dpmcgee@gmail.com> wrote:
> >
> > BUG: unable to handle kernel NULL pointer dereference at 00000082
> > IP: [<7818ca71>] sysfs_find_dirent+0x9/0x23
> > Oops: 0000 [#1] PREEMPT
> > Modules linked in: ath5k(+) mac80211
So, just to recap, this is with Luis' patch; now you get a null pointer
dereference in sysfs instead of in ieee80211_register_hw? It does look
like we're deep in register_netdevice now. If you revert his patch, you
can still get the error in register_hw every time?
> > Pid: 818 comm: modprobe Not tainted (2.6.27.6eee #1)
> > EIP: 0060:[<7818ca71>] EFLAGS: 00010206 CPU: 0
> > EIP is at sysfs_find_dirent+0x9/0x23
> > EAX: 00000001 EBX: 00000072 ECX: 00000001 EDX: b730b4f0
> > ESI: b730b4f0 EDI: fffffff4 EBP: b7311490 ESP: b73ffd34
EBX is 00000072, definitely not a pointer.
> And I had the code completely wrong, oops. Looks like we are bailing
> on the strcmp call in this function or something along those lines? I
> wish I could be a bigger help with debugging this stuff.
Yep, or at least in the setup code for that. Don't worry, you're being
a big help; I think we just don't have a good enough theory yet to
propose decent debugging patches.
> struct sysfs_dirent *sysfs_find_dirent(struct sysfs_dirent *parent_sd,
> const unsigned char *name)
> {
> 1bc: 56 push %esi
> 1bd: 89 d6 mov %edx,%esi
> 1bf: 53 push %ebx
> struct sysfs_dirent *sd;
>
> for (sd = parent_sd->s_dir.children; sd; sd = sd->s_sibling)
> 1c0: 8b 58 18 mov 0x18(%eax),%ebx
> 1c3: eb 11 jmp 1d6 <sysfs_find_dirent+0x1a>
> if (!strcmp(sd->s_name, name))
> 1c5: 8b 43 10 mov 0x10(%ebx),%eax
EBX appears to be sd (it's initialized at line 1c0 to parent_sd + 0x18,
which is &parent_sd->s_dir.children, then it jumps to the loop test).
Thus EAX must be sd->s_sibling, which we hope to use for strcmp.
So, while traversing the sibling pointers, one of them happens to be
00000072 (instead of what should probably have been NULL). 0x72 is not
a poison value I'm aware of. At this point, things have gone south, but
the real problem happened earlier.
Can you post your .config?
--
Bob Copeland %% www.bobcopeland.com
next prev parent reply other threads:[~2008-11-15 18:20 UTC|newest]
Thread overview: 39+ messages / expand[flat|nested] mbox.gz Atom feed top
2008-11-14 5:46 Kernel oops when loading ath5k from compat-wireless in 2.6.27 Dan McGee
2008-11-14 6:17 ` Luis R. Rodriguez
2008-11-14 17:02 ` Bob Copeland
2008-11-14 17:37 ` Luis R. Rodriguez
2008-11-14 17:49 ` Bob Copeland
2008-11-14 18:06 ` Luis R. Rodriguez
2008-11-14 18:13 ` Sujith
2008-11-14 18:29 ` Luis R. Rodriguez
2008-11-14 18:33 ` Sujith
2008-11-14 18:37 ` Luis R. Rodriguez
2008-11-14 19:33 ` Dan McGee
2008-11-14 20:33 ` Bob Copeland
2008-11-14 20:41 ` Luis R. Rodriguez
2008-11-14 21:13 ` Luis R. Rodriguez
2008-11-15 0:25 ` Dan McGee
2008-11-15 0:36 ` Luis R. Rodriguez
2008-11-15 2:05 ` Dan McGee
2008-11-15 2:29 ` Bob Copeland
2008-11-15 2:57 ` Dan McGee
2008-11-15 6:30 ` Dan McGee
[not found] ` <449c10960811142229v77ea85f4nf898d447c7e63422@mail.gmail.com>
2008-11-15 18:19 ` Bob Copeland [this message]
2008-11-16 0:12 ` Dan McGee
2008-11-15 0:38 ` Bob Copeland
2008-11-14 18:34 ` Bob Copeland
2008-11-16 2:11 ` Dan McGee
2008-11-16 2:38 ` Dan McGee
2008-11-16 5:48 ` Luis R. Rodriguez
2008-11-16 5:53 ` Bob Copeland
2008-11-16 6:05 ` Luis R. Rodriguez
2008-11-16 6:06 ` Luis R. Rodriguez
2008-11-16 6:15 ` Luis R. Rodriguez
2008-11-16 16:20 ` Bob Copeland
2008-11-16 16:38 ` Dan McGee
2008-11-16 16:52 ` Bob Copeland
2008-11-16 18:01 ` Dan McGee
2008-11-16 18:05 ` Johannes Berg
2008-11-16 18:20 ` Luis R. Rodriguez
2008-11-16 5:55 ` Bob Copeland
2008-11-14 13:18 ` Bob Copeland
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20081115181941.GD10702@hash.localnet \
--to=me@bobcopeland.com \
--cc=dpmcgee@gmail.com \
--cc=johannes@sipsolutions.net \
--cc=linux-wireless@vger.kernel.org \
--cc=m.sujith@gmail.com \
--cc=mb@bu3sch.de \
--cc=mcgrof@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).