Hi Stefan, it is _Larry_ who knows this code, of course. But, having browsed thru this for the first time, On Sat, Aug 13, 2011 at 01:26:49PM +0200, Stefan Assmann wrote: > 01:00.0 Network controller [0280]: Realtek Semiconductor Co., Ltd. Device [10ec:8176] (rev 01) > > This happens with 3.1.0-rc1 > > modprobe -r rtl8192ce > [ 450.710489] BUG: unable to handle kernel NULL pointer dereference at 0000000000000620 > [ 450.710505] IP: [<ffffffffa0224972>] rtl92ce_get_desc+0x53/0x96 [rtl8192ce] > [ 450.710521] PGD 1e4aa6067 PUD 1e4906067 PMD 0 > [ 450.710529] Oops: 0000 [#1] SMP > [ 450.710537] CPU 1 > [ 450.710540] Modules linked in: zd1211rw fuse ebtable_nat ebtables ipt_MASQUERADE iptable_nat nf_nat xt_CHECKSUM iptable_mangle bridge stp llc cpufreq_ondemand sunrpc powernow_k8 freq_table mperf > ip6t_REJECT nf_conntrack_i > pv6 nf_defrag_ipv6 nf_conntrack_ipv4 nf_defrag_ipv4 ip6table_filter xt_state ip6_tables nf_conntrack rfcomm bnep arc4 rtl8192ce(-) rtl8192c_common snd_hda_codec_conexant snd_hda_codec_hdmi rtlwifi > uvcvideo snd_hda_intel snd_ > hda_codec snd_hwdep videodev snd_seq btusb bluetooth media v4l2_compat_ioctl32 snd_seq_device microcode snd_pcm pcspkr joydev serio_raw sp5100_tco mac80211 k10temp i2c_piix4 i2c_core thinkpad_acpi > video snd_timer wmi cfg8021 > 1 snd soundcore atl1c snd_page_alloc rfkill virtio_net kvm_amd kvm btrfs zlib_deflate libcrc32c xts gf128mul dm_crypt [last unloaded: cpufreq_ondemand] > [ 450.710630] > [ 450.710636] Pid: 3949, comm: modprobe Not tainted 3.1.0-rc1.sassmann+ #8 LENOVO 30515QG/30515QG > [ 450.710644] RIP: 0010:[<ffffffffa0224972>] [<ffffffffa0224972>] rtl92ce_get_desc+0x53/0x96 [rtl8192ce] > [ 450.710655] RSP: 0000:ffff8801e490bb78 EFLAGS: 00010046 > [ 450.710659] RAX: ffffffffa02266a0 RBX: ffff88020a939d00 RCX: 0000000000000000 > [ 450.710664] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000620 > [ 450.710668] RBP: ffff8801e490bb88 R08: ffff88021189c200 R09: 0000000000000013 > [ 450.710673] R10: 0000000000000000 R11: ffff88020a938540 R12: ffff8801f452eb00 > [ 450.710677] R13: ffff88020a939d64 R14: 0000000000000086 R15: ffff88020a938540 > [ 450.710683] FS: 00007f2c64ba8720(0000) GS:ffff88021ed00000(0000) knlGS:0000000000000000 > [ 450.710688] CS: 0010 DS: 0000 ES: 0000 CR0: 000000008005003b > [ 450.710692] CR2: 0000000000000620 CR3: 00000001e7f62000 CR4: 00000000000006e0 > [ 450.710697] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 > [ 450.710702] DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000400 > [ 450.710707] Process modprobe (pid: 3949, threadinfo ffff8801e490a000, task ffff8801e7e94560) > [ 450.710711] Stack: > [ 450.710714] 0000000000000000 ffff88020a939d40 ffff8801e490bca8 ffffffffa0248102 > [ 450.710722] ffff8801e490bfd8 0000004000000282 00000031e490bbb8 0000000000000620 > [ 450.710730] ffff8801e490bc48 ffff8801e490bc20 0000000000000000 00000000009e0000 > [ 450.710737] Call Trace: > [ 450.710754] [<ffffffffa0248102>] _rtl_pci_rx_interrupt+0xcf/0x4bf [rtlwifi] > [ 450.710769] [<ffffffffa0248c16>] _rtl_pci_interrupt+0x724/0x7ce [rtlwifi] > [ 450.710778] [<ffffffff810aefaa>] __free_irq+0x145/0x18f > [ 450.710784] [<ffffffff810af097>] free_irq+0x5b/0x73 this seems like a concurrency issue. Right when it is deregistering the IRQ handler, a packet is received. If so, then 1. it should not be reproducible on a quiet network eg when there is no data traffic && there are no APs around. (Or if you've wrapped the adapter in layers of foil! :-) 2. it should be only intermittently reproducible otherwise. My $0.02! ali > [ 450.710797] [<ffffffffa0247c9b>] rtl_pci_disconnect+0x125/0x17a [rtlwifi] > [ 450.710807] [<ffffffff8125f196>] pci_device_remove+0x3d/0x8f > [ 450.710816] [<ffffffff812fc0c7>] __device_release_driver+0x86/0xcf > [ 450.710823] [<ffffffff812fc7a0>] driver_detach+0x82/0xaa > [ 450.710830] [<ffffffff812fbf8c>] bus_remove_driver+0xb7/0xdb > [ 450.710838] [<ffffffff81181198>] ? release_sysfs_dirent+0x92/0xb0 > [ 450.710845] [<ffffffff812fce38>] driver_unregister+0x6a/0x72 > [ 450.710853] [<ffffffff8125f364>] pci_unregister_driver+0x44/0x89 > [ 450.710862] [<ffffffffa0224a20>] cleanup_module+0x10/0x12 [rtl8192ce] > [ 450.710868] [<ffffffff81088ccc>] sys_delete_module+0x1ba/0x22c > [ 450.710875] [<ffffffff810fde39>] ? do_munmap+0x2f2/0x30b > [ 450.710883] [<ffffffff814cb182>] system_call_fastpath+0x16/0x1b > [ 450.710887] Code: c7 c7 98 60 22 a0 48 c7 c2 90 4f 22 a0 31 c0 e8 53 70 29 e1 0f b6 f3 48 c7 c7 a5 60 22 a0 eb 41 84 d2 74 07 80 fa 05 75 12 eb 07 <8b> 07 c1 e8 1f eb 38 8b 07 25 ff 3f 00 00 eb 2f > 48 c7 c6 1a 60 > [ 450.710942] RIP [<ffffffffa0224972>] rtl92ce_get_desc+0x53/0x96 [rtl8192ce] > [ 450.710950] RSP <ffff8801e490bb78> > [ 450.710954] CR2: 0000000000000620 > [ 450.710959] ---[ end trace e7de012f8b8d42f4 ]--- > > Help is appreciated. :) > > Stefan -- To unsubscribe from this list: send the line "unsubscribe linux-wireless" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
