linux-kernel.vger.kernel.org archive mirror
 help / color / mirror / Atom feed
* 3.5.0 iwlagn AP crash...
@ 2012-07-22  9:15 Daniel J Blueman
  2012-07-22 10:10 ` Daniel J Blueman
  0 siblings, 1 reply; 4+ messages in thread
From: Daniel J Blueman @ 2012-07-22  9:15 UTC (permalink / raw)
  To: Intel Linux Wireless, Johannes Berg; +Cc: Linux Kernel

Hi Johannes et al,

When running my Centrino Wireless-N 130 BGN (rev 0xb0) card in nl80211
AP mode with hostapd on linux 3.5.0, I immediately hit this fatal
pagefault [1].

I can cook a debug kernel, reproduce, disassemble the code and do some
quick analysis, if that helps get the ball rolling?

Thanks!
  Daniel

--- [1]

BUG: unable to handle kernel NULL pointer dereference at      (null)
IP: [<ffffffffa02e869d>] ieee80211_ave_rssi+0xd/0x50 [mac80211]
PGD 116616067 PUD 115c22067 PMD 0
Oops: 0000 [#1] SMP
CPU 0
Modules linked in:
 netconsole configfs snd_hda_codec_hdmi snd_hda_codec_realtek xt_hl
ip6t_rt nf_conntrack_ipv6 nf_defrag_ipv6 ipt_REJECT snd_hda_intel
snd_hda_codec snd_hwdep xt_limit xt_tcpudp xt_addrtype snd_pcm
ir_lirc_codec lirc_dev ir_mce_kbd_decoder ir_sanyo_decoder
ir_sony_decoder xt_state ir_jvc_decoder snd_seq_midi snd_rawmidi
ip6table_filter ip6_tables joydev ir_rc6_decoder snd_seq_midi_event
nf_conntrack_netbios_ns nf_conntrack_broadcast snd_seq hid_generic
arc4 ir_rc5_decoder nf_nat_ftp nf_nat snd_timer nf_conntrack_ipv4
snd_seq_device nf_defrag_ipv4 usbhid i915 hid coretemp drm_kms_helper
iwlwifi mac80211 nf_conntrack_ftp ir_nec_decoder drm i2c_algo_bit
rts5139(C) kvm_intel btusb snd nf_conntrack kvm psmouse bluetooth
cfg80211 mac_hid ghash_clmulni_intel rc_rc6_mce lpc_ich soundcore
iptable_filter snd_page_alloc mei ip_tables x_tables nuvoton_cir
rc_core serio_raw cryptd microcode video r8169
Pid: 0, comm: swapper/0 Tainted: G     C  3.5.0-030500-generic
#201207211835 ZOTAC XXXXXX
/XXXXXX
RIP: 0010:[<ffffffffa02e869d>] [<ffffffffa02e869d>]
ieee80211_ave_rssi+0xd/0x50 [mac80211]
RSP: 0018:ffff88011fa03c60 EFLAGS: 00010286
RDX: 0000000000000000 RSI: ffff880115b26008 RDI: 0000000000000000
RBP: ffff88011fa03c70 R08: ffffffffa03b82e8 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000001 R12: ffff880115b26008
R13: ffff880115b26008 R14: ffff880117bd1f50 R15: ffff880115b26000
FS: 0000000000000000(0000) GS:ffff88011fa00000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 000000008005003b
CR2: 0000000000000000 CR3: 0000000116371000 CR4: 00000000000407f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000400
Process swapper/0 (pid: 0, threadinfo ffffffff81c00000, task ffffffff81c13440)
Stack:
 ffff880100000000 ffff880100000000 ffff88011fa03c90 ffffffffa037d997
 ffff880117bd1f50 ffff880115b26000 ffff88011fa03cc0 ffffffffa037de09
 ffff880117bd1f40 0000000000000000 ffff880117bd1f40 ffff88011fa03d98
Call Trace:
 <IRQ>
 [<ffffffffa037d997>] iwlagn_fill_txpower_mode+0x27/0x100 [iwlwifi]
 [<ffffffffa037de09>] iwlagn_bt_coex_profile_notif+0x189/0x250 [iwlwifi]
 [<ffffffffa03888ac>] iwl_rx_dispatch+0xbc/0x120 [iwlwifi]
 [<ffffffffa039824f>] iwl_rx_handle+0xcf/0x190 [iwlwifi]
 [<ffffffffa03986e3>] iwl_irq_tasklet+0x353/0x9b0 [iwlwifi]
 [<ffffffff8105bfc4>] tasklet_action+0x64/0xe0
 [<ffffffff8105b9f8>] __do_softirq+0xa8/0x210
 [<ffffffff8168b32e>] ? _raw_spin_lock+0xe/0x20
 [<ffffffff81694f9c>] call_softirq+0x1c/0x30
 [<ffffffff81016245>] do_softirq+0x65/0xa0
 [<ffffffff8105bdde>] irq_exit+0x8e/0xb0
 [<ffffffff816957f3>] do_IRQ+0x63/0xe0
 [<ffffffff8168b7ea>] common_interrupt+0x6a/0x6a
 <EOI>
 [<ffffffff81040af9>] ? default_spin_lock_flags+0x9/0x10
 [<ffffffff8138a52a>] ? intel_idle+0xea/0x150
 [<ffffffff8138a50c>] ? intel_idle+0xcc/0x150
 [<ffffffff81523649>] cpuidle_enter+0x19/0x20
 [<ffffffff81523c6c>] cpuidle_idle_call+0xac/0x2a0
 [<ffffffff8101d81f>] cpu_idle+0xcf/0x120
 [<ffffffff8164efde>] rest_init+0x72/0x74
 [<ffffffff81cf2c4b>] start_kernel+0x3b7/0x3c4
 [<ffffffff81cf2726>] ? repair_env_string+0x5a/0x5a
 [<ffffffff81cf2397>] x86_64_start_reservations+0x131/0x135
 [<ffffffff81cf2120>] ? early_idt_handlers+0x120/0x120
 [<ffffffff81cf2468>] x86_64_start_kernel+0xcd/0xdc
Code: 48 89 45 d8 48 8b 5d d8 4c 39 e3 75 c1 90 48 83 c4 10 5b 41 5c
41 5d 41 5e 5d c3 0f 1f 00 55 48 89 e5 48 83 ec 10 66 66 90 3f 02 75
05 8b 47 8c c9 c3 31 c0 80 3d 85 52 04 00 01 74 f3
RIP [<ffffffffa02e869d>] ieee80211_ave_rssi+0xd/0x50 [mac80211]
 RSP <ffff88011fa03c60>
CR2: 0000000000000000
-- 
Daniel J Blueman

^ permalink raw reply	[flat|nested] 4+ messages in thread
* Re: 3.5.0 iwlagn AP crash...
  2012-07-22  9:15 3.5.0 iwlagn AP crash Daniel J Blueman
@ 2012-07-22 10:10 ` Daniel J Blueman
  2012-07-23  6:54   ` Berg, Johannes
  2012-07-23  6:56   ` Berg, Johannes
  0 siblings, 2 replies; 4+ messages in thread
From: Daniel J Blueman @ 2012-07-22 10:10 UTC (permalink / raw)
  To: Intel Linux Wireless, Johannes Berg; +Cc: Linux Kernel

On 22 July 2012 17:15, Daniel J Blueman <daniel@quora.org> wrote:
> Hi Johannes et al,
>
> When running my Centrino Wireless-N 130 BGN (rev 0xb0) card in nl80211
> AP mode with hostapd on linux 3.5.0, I immediately hit this fatal
> pagefault [1].
>
> I can cook a debug kernel, reproduce, disassemble the code and do some
> quick analysis, if that helps get the ball rolling?
>
> Thanks!
>   Daniel
>
> --- [1]
>
> BUG: unable to handle kernel NULL pointer dereference at      (null)
> IP: [<ffffffffa02e869d>] ieee80211_ave_rssi+0xd/0x50 [mac80211]

>From my debug kernel, sdata is clearly NULL:

(gdb) list *0xffffffff815b74f8
0xffffffff815b74f8 is in ieee80211_ave_rssi (net/mac80211/util.c:1801).
1796	int ieee80211_ave_rssi(struct ieee80211_vif *vif)
1797	{
1798		struct ieee80211_sub_if_data *sdata = vif_to_sdata(vif);
1799		struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
1800	
1801		if (WARN_ON_ONCE(sdata->vif.type != NL80211_IFTYPE_STATION)) {
1802			/* non-managed type inferfaces */
1803			return 0;
1804		}
1805		return ifmgd->ave_beacon_signal;
-- 
Daniel J Blueman

^ permalink raw reply	[flat|nested] 4+ messages in thread
* RE: 3.5.0 iwlagn AP crash...
  2012-07-22 10:10 ` Daniel J Blueman
@ 2012-07-23  6:54   ` Berg, Johannes
  2012-07-23  6:56   ` Berg, Johannes
  1 sibling, 0 replies; 4+ messages in thread
From: Berg, Johannes @ 2012-07-23  6:54 UTC (permalink / raw)
  To: Daniel J Blueman, Intel Linux Wireless; +Cc: Linux Kernel

> > When running my Centrino Wireless-N 130 BGN (rev 0xb0) card in nl80211
> > AP mode with hostapd on linux 3.5.0, I immediately hit this fatal
> > pagefault [1].
> >
> > I can cook a debug kernel, reproduce, disassemble the code and do some
> > quick analysis, if that helps get the ball rolling?

> > BUG: unable to handle kernel NULL pointer dereference at      (null)
> > IP: [<ffffffffa02e869d>] ieee80211_ave_rssi+0xd/0x50 [mac80211]
> 
> From my debug kernel, sdata is clearly NULL:
> 
> (gdb) list *0xffffffff815b74f8
> 0xffffffff815b74f8 is in ieee80211_ave_rssi (net/mac80211/util.c:1801).
> 1796	int ieee80211_ave_rssi(struct ieee80211_vif *vif)
> 1797	{
> 1798		struct ieee80211_sub_if_data *sdata = vif_to_sdata(vif);

I'll look into it, thanks.

johannes
Intel GmbH
Dornacher Strasse 1
85622 Feldkirchen/Muenchen, Deutschland
Sitz der Gesellschaft: Feldkirchen bei Muenchen
Geschaeftsfuehrer: Douglas Lusk, Peter Gleissner, Hannes Schwaderer, Christian Lamprechter
Registergericht: Muenchen HRB 47456
Ust.-IdNr./VAT Registration No.: DE129385895
Citibank Frankfurt a.M. (BLZ 502 109 00) 600119052


^ permalink raw reply	[flat|nested] 4+ messages in thread
* RE: 3.5.0 iwlagn AP crash...
  2012-07-22 10:10 ` Daniel J Blueman
  2012-07-23  6:54   ` Berg, Johannes
@ 2012-07-23  6:56   ` Berg, Johannes
  1 sibling, 0 replies; 4+ messages in thread
From: Berg, Johannes @ 2012-07-23  6:56 UTC (permalink / raw)
  To: Daniel J Blueman, Intel Linux Wireless
  Cc: Linux Kernel, linux-wireless, gregkh

> > > BUG: unable to handle kernel NULL pointer dereference at      (null)
> > > IP: [<ffffffffa02e869d>] ieee80211_ave_rssi+0xd/0x50 [mac80211]
> >
> > From my debug kernel, sdata is clearly NULL:
> >
> > (gdb) list *0xffffffff815b74f8
> > 0xffffffff815b74f8 is in ieee80211_ave_rssi (net/mac80211/util.c:1801).
> > 1796	int ieee80211_ave_rssi(struct ieee80211_vif *vif)
> > 1797	{
> > 1798		struct ieee80211_sub_if_data *sdata = vif_to_sdata(vif);
> 
> I'll look into it, thanks.

We had a fix, but it seems I missed putting it into 3.5:

commit e19ebcab01cc130fa832764d453b263460ec3b91
Author: Ilan Peer <ilan.peer@intel.com>
Date:   Thu May 10 15:53:14 2012 +0300

    iwlwifi: Check BSS ctx active before call mac80211

I'll ask Greg to include it in 3.5 stable.

johannes
Intel GmbH
Dornacher Strasse 1
85622 Feldkirchen/Muenchen, Deutschland
Sitz der Gesellschaft: Feldkirchen bei Muenchen
Geschaeftsfuehrer: Douglas Lusk, Peter Gleissner, Hannes Schwaderer, Christian Lamprechter
Registergericht: Muenchen HRB 47456
Ust.-IdNr./VAT Registration No.: DE129385895
Citibank Frankfurt a.M. (BLZ 502 109 00) 600119052


^ permalink raw reply	[flat|nested] 4+ messages in thread
end of thread, other threads:[~2012-07-23  6:57 UTC | newest]

Thread overview: 4+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2012-07-22  9:15 3.5.0 iwlagn AP crash Daniel J Blueman
2012-07-22 10:10 ` Daniel J Blueman
2012-07-23  6:54   ` Berg, Johannes
2012-07-23  6:56   ` Berg, Johannes

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).