All of lore.kernel.org
 help / color / mirror / Atom feed
* [REGRESSION] wlcore wlcore_op_get_expected_throughput null ptr dereference
@ 2016-07-28  3:46 John Stultz
  0 siblings, 0 replies; only message in thread
From: John Stultz @ 2016-07-28  3:46 UTC (permalink / raw)
  To: Maxim Altshul, Kalle Valo; +Cc: lkml

So after rebasing my HiKey tree ontop of Linus' HEAD today, I started
having trouble with the wlcore wifi.

The first issue was that the firmware I was using was deemed too old,
but after updating to .69, I then started hitting null pointer crashes
when wifi was initialized.


[    7.326224] wlcore: wl18xx HW: 183x or 180x, PG 2.2 (ROM 0x11)
[    7.336328] wlcore: loaded
...
[   26.254559] wlcore: PHY firmware version: Rev 8.2.0.0.236
[   26.308764] wlcore: firmware booted (Rev 8.9.0.0.69)
...
[   60.297307] wlan0: send auth to 04:a1:51:da:5b:a7 (try 1/3)
[   60.316271] wlan0: authenticated
[   60.320853] wl18xx_driver wl18xx.2.auto wlan0: disabling HT as
WMM/QoS is not supported by the AP
[   60.329858] wl18xx_driver wl18xx.2.auto wlan0: disabling VHT as
WMM/QoS is not supported by the AP
[   60.342624] wlan0: associate with 04:a1:51:da:5b:a7 (try 1/3)
[   60.352475] wlan0: RX AssocResp from 04:a1:51:da:5b:a7
(capab=0x1411 status=0 aid=1)
[   60.417880] wlan0: associated
[   60.444554] wlcore: Association completed.
[   60.507987] Unable to handle kernel NULL pointer dereference at
virtual address 00000aea
[   60.516180] pgd = ffffffc07365b000
[   60.519645] [00000aea] *pgd=0000000000000000, *pud=0000000000000000
[   60.526027] Internal error: Oops: 96000005 [#1] PREEMPT SMP
[   60.531616] CPU: 0 PID: 2306 Comm: wpa_supplicant Not tainted
4.7.0-05982-g3bd0464 #550
[   60.539623] Hardware name: HiKey Development Board (DT)
[   60.544853] task: ffffffc0788fa580 ti: ffffffc058be4000 task.ti:
ffffffc058be4000
[   60.552357] PC is at wlcore_op_get_expected_throughput+0xc/0x1c
[   60.558287] LR is at sta_set_sinfo+0x608/0x7d0
[   60.562735] pc : [<ffffff80085dd404>] lr : [<ffffff80089424bc>]
pstate: 80000145
[   60.570132] sp : ffffffc058be7640
[   60.573448] x29: ffffffc058be7640 x28: ffffffc058be4000
[   60.578776] x27: ffffffc0481211f8 x26: 0000000000000008
[   60.584103] x25: 00000000ffff161d x24: ffffffc0481217f8
[   60.589430] x23: 0000000000000000 x22: ffffffc0792d86e0
[   60.594756] x21: ffffffc0784e6880 x20: ffffffc048121000
[   60.600083] x19: ffffffc058be7720 x18: 00000000ffffffff
[   60.605409] x17: 0000000000000000 x16: ffffff80081bdcd8
[   60.610735] x15: 00000000004fbc5c x14: 0000000000000241
[   60.616061] x13: aaaaaaaaaaaaaaab x12: ffffff8008f79000
[   60.621388] x11: ffffffc058be73c8 x10: 0000000000000860
[   60.626714] x9 : ffffffc058be4000 x8 : 0000000040000000
[   60.632039] x7 : 0000000000210d00 x6 : ffffffc048121448
[   60.637366] x5 : ffffffc058be7a70 x4 : 000000000000001e
[   60.642692] x3 : 000000000000000a x2 : 0000000000000000
[   60.648017] x1 : 0000000000000000 x0 : 0000000000000000
[   60.653342]
[   60.654836] Process wpa_supplicant (pid: 2306, stack limit =
0xffffffc058be4020)
[   60.662236] Stack: (0xffffffc058be7640 to 0xffffffc058be8000)
...
[   61.278789] Call trace:
[   61.281232] Exception stack(0xffffffc058be7470 to 0xffffffc058be75a0)
[   61.287669] 7460:
ffffffc058be7720 0000008000000000
[   61.295497] 7480: ffffffc058be7640 ffffff80085dd404
ffffff80081081f8 ffffffc058be74f0
[   61.303325] 74a0: ffffffc058be74e0 ffffff80081081f8
ffffffc058be74d0 ffffff800899cd68
[   61.311152] 74c0: ffffffc058be74d0 ffffff800810758c
ffffffc058be74e0 ffffff800899cf10
[   61.318980] 74e0: ffffffc058be74f0 ffffff800810823c
ffffffc058be7570 ffffff80081083c0
[   61.326806] 7500: 0000000000000140 ffffffc07856d400
0000000000000000 0000000000000000
[   61.334633] 7520: 0000000000000000 000000000000000a
000000000000001e ffffffc058be7a70
[   61.342461] 7540: ffffffc048121448 0000000000210d00
0000000040000000 ffffffc058be4000
[   61.350289] 7560: 0000000000000860 ffffffc058be73c8
ffffff8008f79000 aaaaaaaaaaaaaaab
[   61.358117] 7580: 0000000000000241 00000000004fbc5c
ffffff80081bdcd8 0000000000000000
[   61.365946] [<ffffff80085dd404>] wlcore_op_get_expected_throughput+0xc/0x1c
[   61.372908] [<ffffff8008955470>] ieee80211_get_station+0x4c/0x6c
[   61.378915] [<ffffff800892722c>] nl80211_get_station+0x68/0x144
[   61.384835] [<ffffff800879e35c>] genl_family_rcv_msg+0x1ec/0x340
[   61.390838] [<ffffff800879e540>] genl_rcv_msg+0x90/0xd8
[   61.396059] [<ffffff800879dc68>] netlink_rcv_skb+0xec/0x100
[   61.401627] [<ffffff800879e15c>] genl_rcv+0x34/0x48
[   61.406501] [<ffffff800879c4a8>] netlink_unicast+0x164/0x258
[   61.412156] [<ffffff800879cd0c>] netlink_sendmsg+0x310/0x374
[   61.417812] [<ffffff800874f6d4>] sock_sendmsg+0x44/0x50
[   61.423033] [<ffffff800874f9e8>] ___sys_sendmsg+0x24c/0x25c
[   61.428601] [<ffffff8008750e2c>] __sys_sendmsg+0x44/0x88
[   61.433907] [<ffffff8008750e80>] SyS_sendmsg+0x10/0x20
[   61.439043] [<ffffff8008082ef0>] el0_svc_naked+0x24/0x28
[   61.444352] Code: d65f03c0 39438001 f9407800 8b011c00 (396ba801)
[   61.450537] ---[ end trace d464b2870b6d1378 ]---


Digging in it seems like commit 5f6d4ca3c196814bef0cbbb195acd9ecc178588b
("wlcore: Add support for get_expected_throughput opcode") is to
blame, and reverting that seems to resolve the issue.

thanks
-john

^ permalink raw reply	[flat|nested] only message in thread

only message in thread, other threads:[~2016-07-28  3:47 UTC | newest]

Thread overview: (only message) (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2016-07-28  3:46 [REGRESSION] wlcore wlcore_op_get_expected_throughput null ptr dereference John Stultz

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.