From: Larry Finger <larry.finger@lwfinger.net>
To: bert hubert <bert.hubert@netherlabs.nl>,
Larry Finger <Larry.Finger@lwfinger.net>,
John Linville <linville@tuxdriver.com>,
Michael Buesch <mb@bu3sch.de>,
netdev@vger.kernel.org, Bcm43xx-dev@lists.berlios.de,
Stefano Brivio <st3@riseup.net>
Subject: Re: fix for 2.9.20-rc2 null pointer dereference in SoftMAC? was Re: [PATCH] softmac: Fix for work struct changes
Date: Tue, 26 Dec 2006 10:26:57 -0600 [thread overview]
Message-ID: <45914D51.10205@lwfinger.net> (raw)
In-Reply-To: <20061226144533.GA12583@outpost.ds9a.nl>
bert hubert wrote:
> On Sun, Dec 10, 2006 at 03:37:27PM -0600, Larry Finger wrote:
>> casted to (void*). This compiled correctly but resulted in a
>> softlock, because mutex_lock was called with the wrong memory
>> address. The patch fixes the problem. Another issue was a wrong
>
> (quickly, between christmas dinner preparations)
> Does this explain the following, which happens reliably in stock 2.6.20-rc2 (in-kernel zd1211rw):
>
> Dec 24 22:07:25 localhost kernel: [ 120.238914] SoftMAC: Open Authentication completed with 00:0e:a6:16:28:a9
> Dec 24 22:07:25 localhost kernel: [ 120.239005] BUG: unable to handle kernel NULL pointer dereference at virtual address 00000006
> Dec 24 22:07:25 localhost kernel: [ 120.239132] printing eip:
> Dec 24 22:07:25 localhost kernel: [ 120.239191] c04cf8c5
> Dec 24 22:07:25 localhost kernel: [ 120.239249] *pde = 00000000
> Dec 24 22:07:25 localhost kernel: [ 120.239308] Oops: 0002 [#1]
> Dec 24 22:07:25 localhost kernel: [ 120.239367] Modules linked in: capability commoncap cpufreq_userspace cpufreq_stats cpufreq_powersave cpufreq_ondemand freq_table cpufreq_conservative zd1211rw ieee80211softmac usbhid ieee80211 ieee80211_crypt psmouse
> Dec 24 22:07:25 localhost kernel: [ 120.239850] CPU: 0
> Dec 24 22:07:25 localhost kernel: [ 120.239851] EIP: 0060:[__mutex_lock_slowpath+30/89] Not tainted VLI
> Dec 24 22:07:25 localhost kernel: [ 120.239853] EFLAGS: 00010286 (2.6.20-rc2 #7)
> Dec 24 22:07:25 localhost kernel: [ 120.240043] EIP is at __mutex_lock_slowpath+0x1e/0x59
> Dec 24 22:07:25 localhost kernel: [ 120.240106] eax: f5b449e0 ebx: f5b449dc ecx: 00000006 edx: 00000004
> Dec 24 22:07:25 localhost kernel: [ 120.240173] esi: c19005a0 edi: f5b44a40 ebp: f8862ce8 esp: c1909ec0
> Dec 24 22:07:25 localhost kernel: [ 120.240241] ds: 007b es: 007b ss: 0068
> Dec 24 22:07:25 localhost kernel: [ 120.240305] Process events/0 (pid: 4, ti=c1908000 task=c19005a0 task.ti=c1908000)
> Dec 24 22:07:25 localhost kernel: [ 120.240372] Stack: f5b449e0 00000006 00000020 f5b449a0 f5b44a40 c04cf7d8 f8862943 f72b8500
> Dec 24 22:07:25 localhost kernel: [ 120.240676] 00000286 f5b44314 f5b449dc f5b44a40 00000001 00000000 f5e6c9c0 f5e6c9c0
> Dec 24 22:07:25 localhost kernel: [ 120.240981] 00000000 f5b44a40 f8862ce8 f8862d50 00000004 00100100 00200200 00000004
> Dec 24 22:07:25 localhost kernel: [ 120.241284] Call Trace:
> Dec 24 22:07:25 localhost kernel: [ 120.241399] [mutex_lock+9/10] mutex_lock+0x9/0xa
> Dec 24 22:07:25 localhost kernel: [ 120.241485] [<f8862943>] ieee80211softmac_assoc_work+0x1b/0x3c0 [ieee80211softmac]
> Dec 24 22:07:25 localhost kernel: [ 120.241614] [<f8862ce8>] ieee80211softmac_assoc_notify_auth+0x0/0x1e [ieee80211softmac]
> Dec 24 22:07:25 localhost kernel: [ 120.241741] [<f8862d50>] ieee80211softmac_notify_callback+0x40/0x48 [ieee80211softmac]
> Dec 24 22:07:25 localhost kernel: [ 120.241866] [<f8862d10>] ieee80211softmac_notify_callback+0x0/0x48 [ieee80211softmac]
> Dec 24 22:07:25 localhost kernel: [ 120.241992] [<f8862ce8>] ieee80211softmac_assoc_notify_auth+0x0/0x1e [ieee80211softmac]
> Dec 24 22:07:25 localhost kernel: [ 120.242118] [<f8862d10>] ieee80211softmac_notify_callback+0x0/0x48 [ieee80211softmac]
> Dec 24 22:07:25 localhost kernel: [ 120.242243] [run_workqueue+139/311] run_workqueue+0x8b/0x137
> Dec 24 22:07:25 localhost kernel: [ 120.242336] [worker_thread+0/302] worker_thread+0x0/0x12e
> Dec 24 22:07:25 localhost kernel: [ 120.242422] [worker_thread+261/302] worker_thread+0x105/0x12e
> Dec 24 22:07:25 localhost kernel: [ 120.242509] [default_wake_function+0/12] default_wake_function+0x0/0xc
> Dec 24 22:07:25 localhost kernel: [ 120.242596] [kthread+155/191] kthread+0x9b/0xbf
> Dec 24 22:07:25 localhost kernel: [ 120.242682] [kthread+0/191] kthread+0x0/0xbf
> Dec 24 22:07:25 localhost kernel: [ 120.242767] [kernel_thread_helper+7/16] kernel_thread_helper+0x7/0x10
> Dec 24 22:07:25 localhost kernel: [ 120.242856] =======================
> Dec 24 22:07:25 localhost kernel: [ 120.242915] Code: 00 00 00 31 d2 89 d0 83 c4 0c 5b 5e c3 56 53 83 ec 0c 89 c3 65 8b 35 08 00 00 00 8d 40 04 8b 48 04 89
> 60 04 89 04 24 89 4c 24 04 <89> 21 89 74 24 08 83 c8 ff 87 03 48 74 0d c7 06 02 00 00 00 e8
> Dec 24 22:07:25 localhost kernel: [ 120.244531] EIP: [__mutex_lock_slowpath+30/89] __mutex_lock_slowpath+0x1e/0x59 SS:ESP 0068:c1909ec0
>
> This happens after starting wpa_supplicant on a zd1211rw device.
Yes, this error applies to any interface using softmac, not just bcm43xx.
Larry
prev parent reply other threads:[~2006-12-26 16:27 UTC|newest]
Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top
2006-12-10 21:37 [PATCH] softmac: Fix for work struct changes Larry Finger
2006-12-26 14:45 ` fix for 2.9.20-rc2 null pointer dereference in SoftMAC? was " bert hubert
2006-12-26 16:26 ` Larry Finger [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=45914D51.10205@lwfinger.net \
--to=larry.finger@lwfinger.net \
--cc=Bcm43xx-dev@lists.berlios.de \
--cc=bert.hubert@netherlabs.nl \
--cc=linville@tuxdriver.com \
--cc=mb@bu3sch.de \
--cc=netdev@vger.kernel.org \
--cc=st3@riseup.net \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.