4.4-rc4 crash net/80211 related

All of lore.kernel.org
 help / color / mirror / Atom feed

* 4.4-rc4 crash net/80211 related
@ 2015-12-17  5:48 Mika Penttilä
  0 siblings, 0 replies; only message in thread
From: Mika Penttilä @ 2015-12-17  5:48 UTC (permalink / raw)
  To: linux-kernel

Hi,

Triggered this with rc4, but the relevant parts are same in rc5:

offending line is :

(gdb) list *(ieee80211_scan_rx+0x158)
0xf68 is in ieee80211_scan_rx (net/mac80211/scan.c:205).
200			if (!(sdata1 &&
201			      (ether_addr_equal(mgmt->da, sdata1->vif.addr) ||
202			       scan_req->flags & NL80211_SCAN_FLAG_RANDOM_ADDR)) &&
203			    !(sdata2 &&
204			      (ether_addr_equal(mgmt->da, sdata2->vif.addr) ||
205			       sched_scan_req->flags & NL80211_SCAN_FLAG_RANDOM_ADDR)))
206				return;
207	
208			elements = mgmt->u.probe_resp.variable;
209			baselen = offsetof(struct ieee80211_mgmt, u.probe_resp.variable);
(gdb)

i.e. sched_scan_req->flags which means sched_scan_req is NULL.

It is not easy to trigger (have been running for days) so its not easy
to say if it's triggering with rc5.

relevant hw info : i.mx6 + ti wl1835 wlan

------

[471559.635143] Unable to handle kernel NULL pointer dereference at
virtual address 00000018

Internal error: Oops: 17 [#1] PREEMPT SMP ARM

CPU: 1 PID: 24194 Comm: kworker/u8:1 Tainted: G        W       4.4.0-rc4 #1

[a4c7e1(505x9a.76e9f0872] Hardware name: Freescale i.MX6 Quad/DualLite
(Device Tree)

S[u4r7f1a559.717313] PC is at ieee80211_scan_rx+0x158/0x168

LR is at 0x2f04a578

ce(0xa7efe8)

[471559.729744] pc : [<806a0bb0>]    lr : [<2f04a578>]    psr: a0030113

[471559.729744] sp : a8aa7da0  ip : 00000066  fp : a800ac00

[471559.742599] r10: a89e6a00  r9 : 00000000  r8 : 00000000

[471559.747913] r7 : a8b00440  r6 : a87764c0  r5 : 0000647b  r4 : a8b00440

[471559.754529] r3 : d0fbdb87  r2 : 00009b84  r1 : a8cc76c0  r0 : a84d43e0

[471559.761146] Flags: NzCv  IRQs on  FIQs on  Mode SVC_32  ISA ARM
Segment kernel

[471559.768544] Control: 10c5387d  Table: 1b48804a  DAC: 00000055

[471559.774379] Process kworker/u8:1 (pid: 24194, stack limit = 0xa8aa6210)

[471559.781081] Stack: (0xa8aa7da0 to 0xa8aa8000)

[471559.785531] 7da0: 0006f631 00000000 afb50401 ab712080 a8aa7dfc
806dc340 ab712080 80042018

[471559.793799] 7dc0: ffffffff 8a14a000 00000002 8003e980 a82d5f48
a82d5f50 a82d5f48 800500d4

[471559.802066] 7de0: 00000000 00000000 5129e9f0 0001ace1 00000001
00000000 a8aa7e3c 806d870c

[471559.810334] 7e00: 00000000 00000000 a8aa7e1c 800455e4 9c119808
ab7120c0 0000625e a82d5f00

[471559.818601] 7e20: ab7120c0 a82d5f48 80b6170c 00000002 00000001
00000000 ab712080 80053738

[471559.826868] 7e40: 9c119808 ab7120c0 00001259 00000000 00001259
00000000 00000001 a84d43e0

[471559.835136] 7e60: 00000050 a8cc76c0 a8b00440 00000000 00000000
806b6ee8 80b5c080 80b5c080

[471559.843403] 7e80: 00000004 00000000 02953182 00000000 a8cc76c0
a84d43e0 00000000 00000000

[471559.851670] 7ea0: 00000000 00000000 00000010 00000010 00000000
00000000 a800ac00 a84d4c40

[471559.859938] 7ec0: a8cc76c0 a84d43e0 a84d4e00 803b37a4 00000000
a89e6a00 a800ac00 803b37c0

[471559.868205] 7ee0: a84d4ecc a84d4c40 a800ac00 a83c2f00 00000000
803b383c a89e6a00 a84d4ecc

[471559.876473] 7f00: a800ac00 800388ac a800ac14 a800ac14 00000001
a800ac00 a89e6a18 a800ac14

[471559.884740] 7f20: a8aa6000 00000088 80b9a73b a89e6a00 a800ac00
80038b1c 80b60100 a800ad64

[471559.893007] 7f40: 80038ad0 00000000 a8a96f40 a89e6a00 80038ad0
00000000 00000000 00000000

[471559.901274] 7f60: 00000000 8003dd78 fffffff5 00000000 00000000
a89e6a00 00000000 00000000

[471559.909542] 7f80: a8aa7f80 a8aa7f80 00000000 00000000 a8aa7f90
a8aa7f90 a8aa7fac a8a96f40

[471559.917809] 7fa0: 8003dc90 00000000 00000000 8000f5a8 00000000
00000000 00000000 00000000

[471559.926076] 7fc0: 00000000 00000000 00000000 00000000 00000000
00000000 00000000 00000000

[471559.934343] 7fe0: 00000000 00000000 00000000 00000000 00000013
00000000 00000000 00000000

[471559.942623] [<806a0bb0>] (ieee80211_scan_rx) from [<806b6ee8>]
(ieee80211_rx_napi+0x680/0x7a0)

[471559.951330] [<806b6ee8>] (ieee80211_rx_napi) from [<803b37c0>]
(wl1271_flush_deferred_work+0x30/0x98)

[471559.960643] [<803b37c0>] (wl1271_flush_deferred_work) from
[<803b383c>] (wl1271_netstack_work+0x14/0x24)

[471559.970216] [<803b383c>] (wl1271_netstack_work) from [<800388ac>]
(process_one_work+0x120/0x344)

[471559.979093] [<800388ac>] (process_one_work) from [<80038b1c>]
(worker_thread+0x4c/0x490)

[471559.987279] [<80038b1c>] (worker_thread) from [<8003dd78>]
(kthread+0xe8/0x104)

[471559.994686] [<8003dd78>] (kthread) from [<8000f5a8>]
(ret_from_fork+0x14/0x2c)

[471560.002000] Code: e0222005 e023300e e1923003 0affffc0 (e5993018)

[471560.008219] ---[ end trace eb084eff56d23079 ]---

[471560.012947] Kernel panic - not syncing: Fatal exception in interrupt

[471560.012954] CPU0: stopping

[471560.012962] CPU: 0 PID: 24339 Comm: compositor Tainted: G      D W
     4.4.0-rc4 #1

[471560.012965] Hardware name: Freescale i.MX6 Quad/DualLite (Device Tree)

[471560.012988] [<80016be4>] (unwind_backtrace) from [<80012b70>]
(show_stack+0x10/0x14)

[471560.013001] [<80012b70>] (show_stack) from [<802527b8>]
(dump_stack+0x84/0xc4)

[471560.013010] [<802527b8>] (dump_stack) from [<80015aa8>]
(handle_IPI+0x1ac/0x1c0)

[471560.013018] [<80015aa8>] (handle_IPI) from [<80009468>]
(gic_handle_irq+0x84/0x88)

[471560.013025] [<80009468>] (gic_handle_irq) from [<80013600>]
(__irq_svc+0x40/0x74)

[471560.013029] Exception stack(0xa91cbd00 to 0xa91cbd48)

[471560.013036] bd00: ab706080 00000000 00000000 00009221 ab706080
00000000 a8944740 806d870c

[471560.013043] bd20: 80b6170c 00000000 a82d50c0 a91cbd94 00000000
a91cbd50 80042018 806dc338

[471560.013046] bd40: 600d0013 ffffffff

[471560.013062] [<80013600>] (__irq_svc) from [<806dc338>]
(_raw_spin_unlock_irq+0x20/0x54)

[471560.013075] [<806dc338>] (_raw_spin_unlock_irq) from [<80042018>]
(finish_task_switch+0xa8/0x230)

[471560.013084] [<80042018>] (finish_task_switch) from [<806d870c>]
(__schedule+0x1c0/0x500)

[471560.013092] [<806d870c>] (__schedule) from [<806d8c54>]
(schedule+0x4c/0xac)

[471560.013100] [<806d8c54>] (schedule) from [<806db69c>]
(schedule_timeout+0x13c/0x188)

[471560.013108] [<806db69c>] (schedule_timeout) from [<806da578>]
(__down+0x64/0x9c)

[471560.013123] [<806da578>] (__down) from [<80059f14>] (down+0x44/0x58)

[471560.013134] [<80059f14>] (down) from [<8005f394>]
(console_lock+0x20/0x44)

[471560.013149] [<8005f394>] (console_lock) from [<802aac94>]
(do_fb_ioctl+0x274/0x610)

[471560.013160] [<802aac94>] (do_fb_ioctl) from [<800f3840>]
(do_vfs_ioctl+0x43c/0x640)

[471560.013167] [<800f3840>] (do_vfs_ioctl) from [<800f3a78>]
--------------------

Thanks
--Mika




^ permalink raw reply	[flat|nested] only message in thread

only message in thread, other threads:[~2015-12-17  5:49 UTC | newest]

Thread overview: (only message) (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2015-12-17  5:48 4.4-rc4 crash net/80211 related Mika Penttilä

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.