From: Tom Hughes <tom@compton.nu>
To: Johannes Berg <johannes@sipsolutions.net>,
linux-wireless@vger.kernel.org
Cc: stable@vger.kernel.org
Subject: Re: Null pointer dereference when station associates [introduced by 4.0.5?]
Date: Mon, 29 Jun 2015 09:30:26 +0100 [thread overview]
Message-ID: <55910222.8020906@compton.nu> (raw)
In-Reply-To: <1435565678.2156.9.camel@sipsolutions.net>
On 29/06/15 09:14, Johannes Berg wrote:
> On Sat, 2015-06-27 at 16:34 +0100, Tom Hughes wrote:
>>
>> Interestingly from what I can see this is trying to create a file
>> for the station at a path something like:
>>
>> ieee80211/phy0/netdev:XXXX/stations/XXXXXX
>
> indeed.
>
>> but in my (currently working) boot under 4.0.4 there is no netdev
>> directory under phy0 in debugfs... but then maybe that is the problem
>> as well if the inode pointer was null?
>>
>
> This is pretty strange - if the dentry pointer (sdata
> ->debugfs.subdir_stations) was NULL or an ERR_PTR(), the code would
> return pretty much immediately.
>
> So it looks like that pointer is valid, but it's ->d_inode was NULL?
>
> I'm not really sure how that could happen.
Indeed I'm a bit puzzled... I can't see anything obvious in the kernel
logs indicating a problem, but here's a listing of the phy0 directory:
[root@gosford]/home/tom# uname -a
Linux gosford.compton.nu 4.0.4-301.fc22.i686+PAE #1 SMP Thu May 21 13:27:48 UTC 2015 i686 i686 i386 GNU/Linux
[root@gosford]/home/tom# ls /sys/kernel/debug/ieee80211/phy0
ath9k keys rc statistics
fragmentation_threshold long_retry_limit reset total_ps_buffered
ht40allow_map power rts_threshold user_power
hwflags queues short_retry_limit wep_iv
with no netdev directory at all.
Interestingly I just tried a different machine running on more or less
the same kernel with a USB wireless stick and that did get a netdev
directory...
> Since 4.0.4 was stable, and 4.0.5 crashes, you'd think there's
> something wrong between those two kernels and there were no changes to
> mac80211 related to these code paths in there.
Well 4.0.4 did hit it eventually, but it had been running stably
for a month first. I then rebooted (because networking is basically
wedged after this happens) and got 4.0.5 which hit it immediately as
did several more reboots before I went back to the older kernel.
Tom
--
Tom Hughes (tom@compton.nu)
http://compton.nu/
next prev parent reply other threads:[~2015-06-29 8:30 UTC|newest]
Thread overview: 9+ messages / expand[flat|nested] mbox.gz Atom feed top
2015-06-27 15:34 Null pointer dereference when station associates Tom Hughes
2015-06-29 8:14 ` Null pointer dereference when station associates [introduced by 4.0.5?] Johannes Berg
2015-06-29 8:30 ` Tom Hughes [this message]
2015-06-29 9:20 ` Tom Hughes
2015-06-29 9:44 ` Tom Hughes
2015-06-29 10:24 ` Tom Hughes
2015-06-29 10:28 ` Tom Hughes
2015-06-29 18:41 ` [PATCH] Clear subdir_stations when stations directory is removed (was Re: Null pointer dereference when station associates [introduced by 4.0.5?]) Tom Hughes
2015-07-17 8:53 ` Johannes Berg
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=55910222.8020906@compton.nu \
--to=tom@compton.nu \
--cc=johannes@sipsolutions.net \
--cc=linux-wireless@vger.kernel.org \
--cc=stable@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.