From: Larry Finger <larry.finger@lwfinger.net>
To: Johannes Berg <johannes@sipsolutions.net>
Cc: wireless <linux-wireless@vger.kernel.org>,
John Linville <linville@tuxdriver.com>,
Stefano Brivio <stefano.brivio@polimi.it>
Subject: Re: Kernel Panic in mac80211
Date: Thu, 24 Jan 2008 21:35:13 -0700 [thread overview]
Message-ID: <47996701.8000804@lwfinger.net> (raw)
In-Reply-To: <1201185235.3454.93.camel@johannes.berg>
Johannes Berg wrote:
> On Thu, 2008-01-24 at 00:16 -0700, Larry Finger wrote:
>> I have been having "random" kernel panics where the "Caps Lock" LED is flashing at ~1 Hz. These
>> crashes only occur for the wireless-2.6 tree and have been happening for roughly 3 weeks. After
>> running a memory test to ensure that these panics were not caused by a hardware problem, I enabled
>> netconsole logging and caught the following crash report for my x86_64 system:
>
>> Code: f6 44 02 08 10 74 12 45 85 ed 78 05 44 39 e9 7f 08 89 8f 24
>> RIP [<ffffffff88202940>] :mac80211:rate_control_pid_tx_status+0x426/0x45a
>
> Damn, I've seen that too but blamed it on my own patching. Stefano, any
> idea? IIRC some sta struct was NULL in pid_tx_status.
The problem is not a NULL in one of the structs, but a runaway loop. The error occurs in the
following loop in rate_control_pid_adjust_rate():
while (newidx != sta->txrate) {
if (rate_supported(sta, mode, newidx) &&
(maxrate < 0 || newidx <= maxrate)) {
sta->txrate = newidx;
break;
}
newidx += back;
}
The panic triggers in rate_supported(), which is compiled in-line, with newidx having a value of 576
at the time of the panic!! I'm not sure of the fix, but I think newindex should always be <=
mode->num_rates. The following patch should cure the crash, but may not be the best fix.
Index: wireless-2.6/net/mac80211/rc80211_pid_algo.c
===================================================================
--- wireless-2.6.orig/net/mac80211/rc80211_pid_algo.c
+++ wireless-2.6/net/mac80211/rc80211_pid_algo.c
@@ -123,6 +123,8 @@ static void rate_control_pid_adjust_rate
}
newidx += back;
+ if (newidx < 0 || newidx >= mode->num_rates)
+ return;
}
#ifdef CONFIG_MAC80211_DEBUGFS
This patch has been compile tested at the moment, but it will get further testing after this E-mail
is sent.
Larry
next prev parent reply other threads:[~2008-01-25 4:36 UTC|newest]
Thread overview: 6+ messages / expand[flat|nested] mbox.gz Atom feed top
2008-01-24 7:16 Kernel Panic in mac80211 Larry Finger
2008-01-24 14:33 ` Johannes Berg
2008-01-25 4:35 ` Larry Finger [this message]
2008-01-25 5:24 ` Stefano Brivio
2008-01-25 7:12 ` Larry Finger
2008-01-25 20:59 ` Johannes Berg
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=47996701.8000804@lwfinger.net \
--to=larry.finger@lwfinger.net \
--cc=johannes@sipsolutions.net \
--cc=linux-wireless@vger.kernel.org \
--cc=linville@tuxdriver.com \
--cc=stefano.brivio@polimi.it \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.