The code decodes to:I'll try that patch (probably just doing a git pull). But since the oops is hard to trigger, it will take a while to test, and make sure that fixed the problem.
1d: f3 a5 rep movsl %ds:(%esi),%es:(%edi)
1f: 89 c1 mov %eax,%ecx
21: 83 e1 03 and $0x3,%ecx
24: 74 02 je 0x28
26: f3 a4 rep movsb %ds:(%esi),%es:(%edi)
28: 8b 5d d0 mov -0x30(%ebp),%ebx
0: 8b 9b 90 00 00 00 mov 0x90(%ebx),%ebx <---- BAM!
6: 85 db test %ebx,%ebx
8: 89 5d d8 mov %ebx,-0x28(%ebp)
b: 0f 84 6d 03 00 00 je 0x37e
11: 8b 7d cc mov -0x34(%ebp),%edi
14: 8b .byte 0x8b
Recompiling net/mac80211/mlme.c gives me that this happens on line 675.
ieee80211_compatible_rates net/mac80211/mlme.c:675
ieee80211_send_assoc net/mac80211/mlme.c:767
ieee80211_associate net/mac80211/mlme.c:955
So it is in fact compatible_rates() that crashes (but hidden in your
Oops because of heavy inlining).
So looking at the latest changelog in linus/master, we have this change:
commit 0d580a774b3682b8b2b5c89ab9b813d149ef28e7
Author: Helmut Schaa <hschaa@xxxxxxx>
Date: Tue May 20 09:56:37 2008 +0200
mac80211: fix NULL pointer dereference in ieee80211_compatible_rates
Fix a possible NULL pointer dereference in ieee80211_compatible_rates
introduced in the patch "mac80211: fix association with some APs". If no bss
is available just use all supported rates in the association request.
Signed-off-by: Helmut Schaa <hschaa@xxxxxxx>
Signed-off-by: John W. Linville <linville@xxxxxxxxxxxxx>
So does applying/cherry-picking that fix your problem? (Patch
attached, but not inlined.)
Vegard