ar9170usb crashes during iwconfig for ad-hoc mode

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Joerg Albert <jal2@gmx.de>
To: "linux-wireless@vger.kernel.org" <linux-wireless@vger.kernel.org>
Subject: ar9170usb crashes during iwconfig for ad-hoc mode
Date: Sun, 02 Aug 2009 15:23:13 +0200	[thread overview]
Message-ID: <4A759341.1090006@gmx.de> (raw)

After
	ifconfig wlan1 down
	iwconfig wlan1 mode managed essid huhu
	ifconfig wlan1 up
	ifconfig wlan1 down
	iwconfig wlan1 mode ad-hoc essid huhu_a channel 1

ar9170 crashes (see below for the syslog).

It seems like ar9170_op_bss_info_changed() is called with ar->vif == NULL
(i.e. ((struct ar9170 *)hw->priv)->vif == NULL), while parameter vif != NULL and
changed & (BSS_CHANGED_BEACON | BSS_CHANGED_BEACON_ENABLED) is non-zero.
ar->vif is passed unchecked to ieee80211_beacon_get().

Is this something ar9170 is supposed to handle or a bug in cfg80211/mac80211?
Is a driver's *bss_info_changed proc called while the netdev is closed?

Regards,
Joerg

Aug  2 10:15:42 nc10 kernel: [ 7174.202095] BUG: unable to handle kernel NULL pointer dereference at (null)
Aug  2 10:15:42 nc10 kernel: [ 7174.202118] IP: [<f8ecf27f>] ieee80211_beacon_get+0x1f/0x2a0 [mac80211]
Aug  2 10:15:42 nc10 kernel: [ 7174.202183] *pde = 00000000
Aug  2 10:15:42 nc10 kernel: [ 7174.202194] Oops: 0000 [#1] SMP
Aug  2 10:15:42 nc10 kernel: [ 7174.202206] last sysfs file: /sys/devices/LNXSYSTM:00/device:00/PNP0A08:00/device:23/PNP0C09:00/PNP0C0A:00/power_supply/BAT1/charge_full
Aug  2 10:15:42 nc10 kernel: [ 7174.202573]
Aug  2 10:15:42 nc10 kernel: [ 7174.202586] Pid: 23223, comm: iwconfig Not tainted (2.6.30 #1) NC10

Aug  2 10:15:42 nc10 kernel: [ 7174.202599] EIP: 0060:[<f8ecf27f>] EFLAGS: 00010297 CPU: 1
Aug  2 10:15:42 nc10 kernel: [ 7174.202648] EIP is at ieee80211_beacon_get+0x1f/0x2a0 [mac80211]
Aug  2 10:15:42 nc10 kernel: [ 7174.202660] EAX: 00000000 EBX: f6d461c0 ECX: f66807cc EDX: fffffbb8
Aug  2 10:15:42 nc10 kernel: [ 7174.202672] ESI: f66807cc EDI: 00000200 EBP: f5fb1cf4 ESP: f5fb1cc0
Aug  2 10:15:42 nc10 kernel: [ 7174.202683]  DS: 007b ES: 007b FS: 00d8 GS: 0033 SS: 0068
Aug  2 10:15:42 nc10 kernel: [ 7174.202696] Process iwconfig (pid: 23223, ti=f5fb0000 task=d35918e0 task.ti=f5fb0000)
Aug  2 10:15:42 nc10 kernel: [ 7174.202706] Stack:
Aug  2 10:15:42 nc10 kernel: [ 7174.202713]  c04e53b8 00000000 c064aac0 f7424018 f77c9000 f7424018 f5fb1f00 fffffbb8
Aug  2 10:15:42 nc10 kernel: [ 7174.202739]  00000000 00000246 f6d46a20 f66807cc 00000200 f5fb1d2c fa03dde6 c01fcde6
Aug  2 10:15:42 nc10 kernel: [ 7174.202767]  00000178 00000174 f6d46a20 f5fb1d14 f5fb1d58 c0145ecc 00000000 f5fb1d2c
Aug  2 10:15:42 nc10 kernel: [ 7174.202797] Call Trace:
Aug  2 10:15:42 nc10 kernel: [ 7174.202807]  [<fa03dde6>] ? ar9170_update_beacon+0x16/0x430 [ar9170usb]
Aug  2 10:15:42 nc10 kernel: [ 7174.202836]  [<c01fcde6>] ? proc_alloc_inode+0x16/0x70
Aug  2 10:15:42 nc10 kernel: [ 7174.202857]  [<c0145ecc>] ? __cancel_work_timer+0x3c/0x160
Aug  2 10:15:42 nc10 kernel: [ 7174.202876]  [<fa03b205>] ? ar9170_op_bss_info_changed+0xb5/0x120 [ar9170usb]
Aug  2 10:15:42 nc10 kernel: [ 7174.202901]  [<fa03b150>] ? ar9170_op_bss_info_changed+0x0/0x120 [ar9170usb]
Aug  2 10:15:42 nc10 kernel: [ 7174.202926]  [<f8ebcf38>] ? ieee80211_bss_info_change_notify+0xf8/0x1c0 [mac80211]
Aug  2 10:15:42 nc10 kernel: [ 7174.202973]  [<f8ec1a99>] ? ieee80211_ibss_leave+0x79/0xc0 [mac80211]
Aug  2 10:15:42 nc10 kernel: [ 7174.203020]  [<f8ec9f7e>] ? ieee80211_leave_ibss+0xe/0x10 [mac80211]
Aug  2 10:15:42 nc10 kernel: [ 7174.203070]  [<f8c5a312>] ? __cfg80211_leave_ibss+0x52/0x80 [cfg80211]
Aug  2 10:15:42 nc10 kernel: [ 7174.203116]  [<f8c5a9d6>] ? cfg80211_ibss_wext_siwessid+0x76/0x120 [cfg80211]
Aug  2 10:15:42 nc10 kernel: [ 7174.203158]  [<f8c5cdb7>] ? cfg80211_wext_siwessid+0x57/0x70 [cfg80211]
Aug  2 10:15:42 nc10 kernel: [ 7174.203198]  [<c04b6ad9>] ? ioctl_standard_call+0x199/0x3a0
Aug  2 10:15:42 nc10 kernel: [ 7174.203218]  [<c03fe66d>] ? __dev_get_by_name+0x7d/0xa0
Aug  2 10:15:42 nc10 kernel: [ 7174.203237]  [<c04b65ef>] ? wext_handle_ioctl+0x14f/0x220
Aug  2 10:15:42 nc10 kernel: [ 7174.203253]  [<f8c5cd60>] ? cfg80211_wext_siwessid+0x0/0x70 [cfg80211]
Aug  2 10:15:42 nc10 kernel: [ 7174.203294]  [<c03ff1d0>] ? dev_ioctl+0x460/0x540
Aug  2 10:15:42 nc10 kernel: [ 7174.203312]  [<c03ee150>] ? sock_ioctl+0x0/0x260
Aug  2 10:15:42 nc10 kernel: [ 7174.203328]  [<c03ee23d>] ? sock_ioctl+0xed/0x260
Aug  2 10:15:42 nc10 kernel: [ 7174.203344]  [<c03ee150>] ? sock_ioctl+0x0/0x260
Aug  2 10:15:42 nc10 kernel: [ 7174.203358]  [<c01cc048>] ? vfs_ioctl+0x28/0x80
Aug  2 10:15:42 nc10 kernel: [ 7174.203376]  [<c01cc112>] ? do_vfs_ioctl+0x72/0x580
Aug  2 10:15:42 nc10 kernel: [ 7174.203392]  [<c01a7596>] ? unmap_region+0x106/0x130
Aug  2 10:15:42 nc10 kernel: [ 7174.203408]  [<c01a7606>] ? remove_vma+0x46/0x60
Aug  2 10:15:42 nc10 kernel: [ 7174.203423]  [<c01a7606>] ? remove_vma+0x46/0x60
Aug  2 10:15:42 nc10 kernel: [ 7174.203437]  [<c01a8483>] ? do_munmap+0x223/0x280
Aug  2 10:15:42 nc10 kernel: [ 7174.203453]  [<c01cc683>] ? sys_ioctl+0x63/0x70
Aug  2 10:15:42 nc10 kernel: [ 7174.203469]  [<c0102fc4>] ? sysenter_do_call+0x12/0x22
Aug  2 10:15:42 nc10 kernel: [ 7174.203487] Code: 7d e4 c6 45 eb fe e9 51 ff ff ff 90 55 89 e5 57 56 53 89 c3 83 ec 28 89 55 d0 8b 40 1c 81 ea 48 04 00 00 8b 00 89 55 e8 89 45 ec 
<8b> 82 48 04 00 00 83 f8 03 0f 84 2a 01 00 00 83 f8 01 0f 84 49
Aug  2 10:15:42 nc10 kernel: [ 7174.203631] EIP: [<f8ecf27f>] ieee80211_beacon_get+0x1f/0x2a0 [mac80211] SS:ESP 0068:f5fb1cc0
Aug  2 10:15:42 nc10 kernel: [ 7174.203687] CR2: 0000000000000000
Aug  2 10:15:42 nc10 kernel: [ 7174.203699] ---[ end trace 0732cb3688c4eefe ]---

next             reply	other threads:[~2009-08-02 13:23 UTC|newest]

Thread overview: 8+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2009-08-02 13:23 Joerg Albert [this message]
2009-08-02 22:28 ` ar9170usb crashes during iwconfig for ad-hoc mode Joerg Albert
2009-08-03  8:44   ` Johannes Berg
2009-08-03  8:47     ` Johannes Berg
2009-08-03 12:36       ` Joerg Albert
2009-08-03 13:09         ` Christian Lamparter
2009-08-03 20:46           ` Joerg Albert
2009-08-03 14:25         ` Johannes Berg

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=4A759341.1090006@gmx.de \
    --to=jal2@gmx.de \
    --cc=linux-wireless@vger.kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.