330621 – ath5k driver causes a null pointer dereference on network start

Bug 330621 - ath5k driver causes a null pointer dereference on network start

Summary: ath5k driver causes a null pointer dereference on network start

Keywords:
Status:	CLOSED DUPLICATE of bug 254192
Alias:	None
Product:	Fedora
Classification:	Fedora
Component:	kernel
Sub Component:
Version:	6
Hardware:	i386
OS:	Linux
Priority:	low
Severity:	high
Target Milestone:	---
Assignee:	Kernel Maintainer List
QA Contact:	Fedora Extras Quality Assurance
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2007-10-13 13:26 UTC by Joseph Davidson
Modified:	2007-11-30 22:12 UTC (History)
CC List:	0 users
Fixed In Version:
Clone Of:
Environment:
Last Closed:	2007-10-15 18:16:37 UTC
Type:	---
Embargoed:
Dependent Products:

Attachments	(Terms of Use)

Description Joseph Davidson 2007-10-13 13:26:25 UTC

Description of problem:
Starting network causes ath5k driver to crash inside the kernel. 

Loading the device driver and calling iwconfig doesn't seem to trigger
this bug.  Only the process of calling ifup.   

Version-Release number of selected component (if applicable):
2.6.23-6.fc8-i586

How reproducible:
Every time network service is started on interface. 

Steps to Reproduce:
Attempt to bring up wlan0 
  
Actual results:
Oct 12 18:28:55 localhost kernel: BUG: unable to handle kernel NULL pointer 
dereference at virtual address 00000000
Oct 12 18:28:55 localhost kernel: printing eip: f899f331 *pde = 27743067 *pte 
= 00000000 
Oct 12 18:28:55 localhost kernel: Oops: 0000 [#1] SMP 
Oct 12 18:28:55 localhost kernel: Modules linked in: autofs4 rfcomm l2cap 
bluetooth sunrpc dm_mirror dm_multipath dm_mod ipv6 floppy snd_emu10k1_synth 
snd_emux_synth snd_seq_virmidi snd_seq_midi_emul snd_emu10k1 snd_rawmidi 
snd_ac97_codec ac97_bus snd_seq_dummy arc4 ecb snd_seq_oss blkcipher 
snd_seq_midi_event snd_seq snd_pcm_oss snd_mixer_oss snd_pcm rc80211_simple 
snd_seq_device snd_timer snd_page_alloc snd_util_mem snd_hwdep snd 
firewire_ohci firewire_core ath5k parport_pc emu10k1_gp crc_itu_t parport 
soundcore mac80211 gameport cfg80211 k8temp hwmon i2c_nforce2 forcedeth 
i2c_core button sg sr_mod cdrom ata_generic pata_amd libata sd_mod scsi_mod 
ext3 jbd mbcache uhci_hcd ohci_hcd ehci_hcd
Oct 12 18:28:55 localhost kernel: CPU:    0
Oct 12 18:28:55 localhost kernel: EIP:    0060:[<f899f331>]    Not tainted VLI
Oct 12 18:28:55 localhost kernel: EFLAGS: 00210246   (2.6.23-6.fc8 #1)
Oct 12 18:28:55 localhost kernel: EIP is at ath5k_hw_reset+0x39c/0xcd0 [ath5k]
Oct 12 18:28:55 localhost kernel: eax: 00000000   ebx: f7b6a000   ecx: 
00000000   edx: 00000005
Oct 12 18:28:55 localhost kernel: esi: 00000000   edi: 00000000   ebp: 
e7536e10   esp: e7536dac
Oct 12 18:28:55 localhost kernel: ds: 007b   es: 007b   fs: 00d8  gs: 0033  
ss: 0068
Oct 12 18:28:55 localhost kernel: Process ip (pid: 2933, ti=e7536000 
task=e7928000 task.ti=e7536000)
Oct 12 18:28:55 localhost kernel: Stack: c0502278 e7536df4 f89994e0 f77b9190 
f7e6d060 00000002 f77baf4c f77baf44 
Oct 12 18:28:55 localhost kernel:        00000000 00000000 00000001 f8969801 
00000003 00000001 00000002 00000014 
Oct 12 18:28:55 localhost kernel:        e7536df4 00000000 00000000 00000000 
f77b8fe0 f7b6a600 f7b6a000 f77b8fe0 
Oct 12 18:28:55 localhost kernel: Call Trace:
Oct 12 18:28:55 localhost kernel:  [<c0406463>] show_trace_log_lvl+0x1a/0x2f
Oct 12 18:28:55 localhost kernel:  [<c0406513>] show_stack_log_lvl+0x9b/0xa3
Oct 12 18:28:55 localhost kernel:  [<c04066d3>] show_registers+0x1b8/0x289
Oct 12 18:28:55 localhost kernel:  [<c04068af>] die+0x10b/0x23e
Oct 12 18:28:55 localhost kernel:  [<c063638c>] do_page_fault+0x51c/0x5ed
Oct 12 18:28:55 localhost kernel:  [<c0634ab2>] error_code+0x72/0x78
Oct 12 18:28:55 localhost kernel:  [<f8999a82>] ath_init+0x74/0xfb [ath5k]
Oct 12 18:28:55 localhost kernel:  [<f8999b9f>] ath_open+0xb/0xd [ath5k]
Oct 12 18:28:55 localhost kernel:  [<f89565d8>] ieee80211_open+0x259/0x320 
[mac80211]
Oct 12 18:28:55 localhost kernel:  [<c05cfdca>] dev_open+0x31/0x6c
Oct 12 18:28:55 localhost kernel:  [<c05cdf21>] dev_change_flags+0xa3/0x156
Oct 12 18:28:55 localhost kernel:  [<c060e80d>] devinet_ioctl+0x207/0x50e
Oct 12 18:28:55 localhost kernel:  [<c060eebb>] inet_ioctl+0x86/0xa4
Oct 12 18:28:55 localhost kernel:  [<c05c40f6>] sock_ioctl+0x1ac/0x1c9
Oct 12 18:28:55 localhost kernel:  [<c049434e>] do_ioctl+0x22/0x68
Oct 12 18:28:55 localhost kernel:  [<c04945dd>] vfs_ioctl+0x249/0x25c
Oct 12 18:28:55 localhost kernel:  [<c0494639>] sys_ioctl+0x49/0x64
Oct 12 18:28:55 localhost kernel:  [<c040522e>] syscall_call+0x7/0xb
Oct 12 18:28:55 localhost kernel:  =======================
Oct 12 18:28:55 localhost kernel: Code: 00 00 03 5a 08 89 fa c7 44 24 04 00 00 
00 00 0f b6 46 1c 89 04 24 8b 45 ac e8 50 cf ff ff 89 da 0f b7 c0 e8 a9 4a b6 
c7 ff 45 e8 <0f> b7 07 83 c6 14 39 45 e8 72 b0 8b 4d ac 83 79 48 01 76 51 66 
Oct 12 18:28:55 localhost kernel: EIP: [<f899f331>] ath5k_hw_reset+0x39c/0xcd0 
[ath5k] SS:ESP 0068:e7536dac


Expected results:
Network should be working. 

Additional info:
$ /sbin/lspci
00:00.0 Host bridge: nVidia Corporation nForce3 250Gb Host Bridge (rev a1)
00:01.0 ISA bridge: nVidia Corporation nForce3 250Gb LPC Bridge (rev a2)
00:01.1 SMBus: nVidia Corporation nForce 250Gb PCI System Management (rev a1)
00:02.0 USB Controller: nVidia Corporation CK8S USB Controller (rev a1)
00:02.1 USB Controller: nVidia Corporation CK8S USB Controller (rev a1)
00:02.2 USB Controller: nVidia Corporation nForce3 EHCI USB 2.0 Controller 
(rev a2)
00:05.0 Bridge: nVidia Corporation CK8S Ethernet Controller (rev a2)
00:08.0 IDE interface: nVidia Corporation CK8S Parallel ATA Controller (v2.5) 
(rev a2)
00:0b.0 PCI bridge: nVidia Corporation nForce3 250Gb AGP Host to PCI Bridge 
(rev a2)
00:0e.0 PCI bridge: nVidia Corporation nForce3 250Gb PCI-to-PCI Bridge (rev 
a2)
00:18.0 Host bridge: Advanced Micro Devices [AMD] K8 [Athlon64/Opteron] 
HyperTransport Technology Configuration
00:18.1 Host bridge: Advanced Micro Devices [AMD] K8 [Athlon64/Opteron] 
Address Map
00:18.2 Host bridge: Advanced Micro Devices [AMD] K8 [Athlon64/Opteron] DRAM 
Controller
00:18.3 Host bridge: Advanced Micro Devices [AMD] K8 [Athlon64/Opteron] 
Miscellaneous Control
01:00.0 VGA compatible controller: nVidia Corporation NV40 [GeForce 6800] (rev 
a1)
02:07.0 Ethernet controller: Atheros Communications, Inc. AR5005G 802.11abg 
NIC (rev 01)
02:08.0 Multimedia audio controller: Creative Labs SB Audigy (rev 04)
02:08.1 Input device controller: Creative Labs SB Audigy Game Port (rev 04)
02:08.2 FireWire (IEEE 1394): Creative Labs SB Audigy FireWire Port (rev 04)
02:0c.0 FireWire (IEEE 1394): VIA Technologies, Inc. IEEE 1394 Host Controller 
(rev 46)

Comment 1 Joseph Davidson 2007-10-14 01:46:41 UTC

I've spent a some time digging into this a bit more...

It appears that ath5k_hw_get_rate_table() is returning NULL.   
It is getting passed mode value of 5, and the 
hal->ah_capabilities.cap_mode == 6

So the function returns NULL with this if statement: 
	if (!test_bit(mode, hal->ah_capabilities.cap_mode))
		return NULL;

Some more information on the hwardware
This card is Dynex DX-WGDTC (purchased at BestBuy) 
02:07.0 Ethernet controller: Atheros Communications, Inc. AR5005G 802.11abg 
NIC (rev 01)
        Subsystem: Unknown device 17f9:0018
        Flags: bus master, medium devsel, latency 168, IRQ 20
        Memory at eb000000 (32-bit, non-prefetchable) [size=64K]
        Capabilities: [44] Power Management version 2

Comment 2 Chuck Ebbert 2007-10-15 18:16:37 UTC


*** This bug has been marked as a duplicate of 254192 ***

Note You need to log in before you can comment on or make changes to this bug.