Re: [BUG] timer.h - Andrew Morton

public inbox for linux-kernel@vger.kernel.org
 help / color / mirror / Atom feed

From: Andrew Morton <akpm@linux-foundation.org>
To: "Christian Schäfer" <schaefer@in.tum.de>
Cc: linux-kernel@vger.kernel.org, linux-wireless@vger.kernel.org
Subject: Re: [BUG] timer.h
Date: Fri, 3 Aug 2007 12:32:40 -0700	[thread overview]
Message-ID: <20070803123240.519c5a38.akpm@linux-foundation.org> (raw)
In-Reply-To: <46B2EA43.8070305@in.tum.de>

On Fri, 03 Aug 2007 10:41:39 +0200
Christian Sch__fer <schaefer@in.tum.de> wrote:

> Christian Sch__fer wrote:
> > today I got the following kernel bug while wpa_supplicant tried to 
> > connect to my AP. Kernel is a self-compiled 2.6.22 running under Ubuntu 
> > Feisty.
> > The wireless device is a r8187 USB, the driver is patched for injection 
> > capability taken from www.aircrack-ng.org.
> > Don't know if this bug is related to the driver or to the kernel, I'm no 
> > expert.
> > 
> > Attached is the full dmesg and .config. Please CC to me, I'm not on the 
> > list.
> 
> I was able to reproduce the bug without a tainted kernel (i.e. without 
> the nvidia binary module). Please let me know if you need more infos.
> 
> 
> ------------[ cut here ]------------
> kernel BUG at include/linux/timer.h:153!
> invalid opcode: 0000 [#1]
> PREEMPT
> Modules linked in: ieee80211_crypt_wep_rtl ieee80211_crypt_tkip_rtl 
> ieee80211_crypt_ccmp_rtl r8187 ieee80211_rtl ieee80211_crypt_rtl 
> speedstep_ich speedstep_lib dm_crypt dm_mod fuse firewire_sbp2 ehci_hcd 
> ohci_hcd pcmcia firmware_class usbhid firewire_ohci firewire_core 
> yenta_socket rsrc_nonstatic pcmcia_core crc_itu_t floppy uhci_hcd usbcore
> CPU:    0
> EIP:    0060:[<f8e45cf4>]    Not tainted VLI
> EFLAGS: 00010286   (2.6.22 #3)
> EIP is at ieee80211_associate_step1_rtl7+0x257/0x28d [ieee80211_rtl]
> eax: f74cfae8   ebx: c045c030   ecx: f74cfcf8   edx: ffffffff
> esi: f74cf3a0   edi: e8fd2e80   ebp: 00000202   esp: f0d5ff68
> ds: 007b   es: 007b   fs: 0000  gs: 0000  ss: 0068
> Process Ieee80211/0 (pid: 2733, ti=f0d5e000 task=f176c0b0 task.ti=f0d5e000)
> Stack: ffffffff e9ee0410 f74cfb88 f74cf3a0 f4c6fc40 f8e4600c f8e4606e 
> f74cfb8c
>         f74cfb88 c01276a6 00000000 00000000 0000001a c0456198 f4c6fc48 
> f4c6fc40
>         c0127c55 00000000 c0127cf2 00000000 f176c0b0 c012a784 f0d5ffc0 
> f0d5ffc0
> Call Trace:
>   [<f8e4600c>] ieee80211_associate_procedure_wq_rtl7+0x0/0x78 
> [ieee80211_rtl]
>   [<f8e4606e>] ieee80211_associate_procedure_wq_rtl7+0x62/0x78 
> [ieee80211_rtl]
>   [<c01276a6>] run_workqueue+0x84/0x135
>   [<c0127c55>] worker_thread+0x0/0xfb
>   [<c0127cf2>] worker_thread+0x9d/0xfb
>   [<c012a784>] autoremove_wake_function+0x0/0x37
>   [<c0127c55>] worker_thread+0x0/0xfb
>   [<c012a4aa>] kthread+0x33/0x54
>   [<c012a477>] kthread+0x0/0x54
>   [<c010490f>] kernel_thread_helper+0x7/0x18
>   =======================
> Code: 51 c7 e9 5b ff ff ff 66 c7 86 c4 05 00 00 00 00 e9 2b ff ff ff 89 
> fa 89 f0 e8 b8 c3 ff ff eb c5 66 c7 86 c4 05 00 00 00 00 eb 9d <0f> 0b 
> eb fe b9 fd 5c e4 f8 ba 1e 00
>   00 00 89 f8 e8 13 ca 4a c7
> EIP: [<f8e45cf4>] ieee80211_associate_step1_rtl7+0x257/0x28d 
> [ieee80211_rtl] SS:ESP 0068:f0d5ff68
> 

You'll need to hunt down the authors of ieee80211_rtl (where'd that come
from?) and tell them not do do add_timer() or an already-pending timer.

Presumably ieee80211_associate_procedure_wq_rtl7() has an add_timer() in
it.  Converting that to mod_timer() would maek the crash go away, but there
might still be deeper problems.

     prev parent reply	other threads:[~2007-08-03 19:33 UTC|newest]

Thread overview: 3+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2007-08-02 15:30 [BUG] timer.h Christian Schäfer
2007-08-03  8:41 ` Christian Schäfer
2007-08-03 19:32   ` Andrew Morton [this message]

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20070803123240.519c5a38.akpm@linux-foundation.org \
    --to=akpm@linux-foundation.org \
    --cc=linux-kernel@vger.kernel.org \
    --cc=linux-wireless@vger.kernel.org \
    --cc=schaefer@in.tum.de \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox