Crash in mlme.c, wireless-testing 2.6.39-wl + hacks

linux-wireless.vger.kernel.org archive mirror
 help / color / mirror / Atom feed

From: Ben Greear <greearb@candelatech.com>
To: "linux-wireless@vger.kernel.org" <linux-wireless@vger.kernel.org>
Subject: Crash in mlme.c, wireless-testing 2.6.39-wl + hacks
Date: Thu, 30 Jun 2011 14:22:49 -0700	[thread overview]
Message-ID: <4E0CE929.7040300@candelatech.com> (raw)

We see occasional crashes in mlme.c when testing a certain
configuration:  30 stations, configured for in-kernel authentication,
re-configure them for supplicant, let them associate, delete one of
them.

I added a BUG_ON in __cfg80211_mlme_deauth to check for null
bssid and it hit.

Please note this is hacked code, so it's possible it's something
I am doing.  I'm going to add some extra checks in this method to
keep from crashing, but it may be a while until I can test against
clean upstream kernels for this particular config.


kernel BUG at /home/greearb/git/linux.wireless-testing-ct/net/wireless/mlme.c:606!
invalid opcode: 0000 [#1] PREEMPT
last sysfs file: /sys/devices/pci0000:00/0000:00:0c.0/net/sta0/flags
Modules linked in: padlock_aes aes_i586 aes_generic xt_TPROXY nf_tproxy_core xt_socket ip]

Pid: 28023, comm: ip Tainted: P            2.6.39-wlc3+ #44    /CN700-8237R+
EIP: 0060:[<f889e2d8>] EFLAGS: 00010202 CPU: 0
EIP is at __cfg80211_mlme_deauth+0x5a/0xfe [cfg80211]
EAX: 00000001 EBX: f69aac00 ECX: 00000000 EDX: efdf3408
ESI: f6bdc000 EDI: f5c19a04 EBP: f5c19a10 ESP: f5c199e0
  DS: 007b ES: 007b FS: 0000 GS: 0033 SS: 0068
Process ip (pid: 28023, ti=f5c18000 task=f12b5100 task.ti=f5c18000)
Stack:
  c08d6ee4 efdf3000 f6bdc000 efdf3408 00000000 00000000 00000000 00000000
  00000003 efdf3408 f6bdc000 efdf3000 f5c19a48 f88a1230 00000000 00000000
  00000003 00000000 efdf3434 00000009 00000003 0174586e 00000000 efdf3408
Call Trace:
  [<f88a1230>] __cfg80211_disconnect+0xf4/0x17a [cfg80211]
  [<f888f322>] cfg80211_netdev_notifier_call+0x275/0x4a4 [cfg80211]
  [<c07462c7>] ? _raw_spin_unlock_irqrestore+0x25/0x28
  [<c072a68e>] ? packet_notifier+0x14f/0x158
  [<c0748618>] notifier_call_chain+0x26/0x48
  [<c043ccd1>] raw_notifier_call_chain+0x1a/0x1c
  [<c06bba81>] call_netdevice_notifiers+0x44/0x4b
  [<c06bbadd>] __dev_close_many+0x55/0xb2
  [<c042a706>] ? _local_bh_enable_ip+0x74/0x76
  [<c042a710>] ? local_bh_enable_ip+0x8/0xa
  [<c06bbb59>] __dev_close+0x1f/0x2c
  [<c06b9b82>] __dev_change_flags+0xa6/0x11b
  [<c06bc2d3>] dev_change_flags+0x13/0x3f
  [<c06c627b>] do_setlink+0x256/0x653
  [<c06c6970>] rtnl_newlink+0x24f/0x48f
  [<c06c67c6>] ? rtnl_newlink+0xa5/0x48f
  [<c0746900>] ? page_fault+0x10/0x10
  [<c056d775>] ? might_fault+0x14/0x16
  [<c06c6721>] ? rtnl_setlink+0xa9/0xa9
  [<c06c5d58>] rtnetlink_rcv_msg+0x188/0x19e
  [<c06c5bd0>] ? rtnetlink_rcv+0x22/0x22
  [<c06d3636>] netlink_rcv_skb+0x30/0x76
  [<c06c5bc9>] rtnetlink_rcv+0x1b/0x22
  [<c06d3457>] netlink_unicast+0xc1/0x11d
  [<c06b55a8>] ? copy_from_user+0x8/0xa
  [<c06d3b32>] netlink_sendmsg+0x212/0x229
  [<c06ad2bb>] __sock_sendmsg+0x54/0x5b
  [<c06ad744>] sock_sendmsg+0x94/0xab
  [<c056d775>] ? might_fault+0x14/0x16
  [<c056d8ce>] ? _copy_from_user+0x31/0x115
  [<c06b55a8>] ? copy_from_user+0x8/0xa
  [<c06b58d7>] ? verify_iovec+0x3e/0x77
  [<c06adf89>] sys_sendmsg+0x14d/0x19a
  [<c0484be9>] ? __do_fault+0x2b2/0x2de
  [<c048559d>] ? handle_pte_fault+0x264/0x5bc
  [<c0485984>] ? handle_mm_fault+0x8f/0x9e
  [<c06ade33>] ? sys_recvmsg+0x44/0x4d
  [<c06af1a4>] sys_socketcall+0x227/0x289
  [<c0488a15>] ? sys_brk+0xd0/0xd8
  [<c0749c50>] sysenter_do_call+0x12/0x22

-- 
Ben Greear <greearb@candelatech.com>
Candela Technologies Inc  http://www.candelatech.com

next             reply	other threads:[~2011-06-30 21:22 UTC|newest]

Thread overview: 5+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2011-06-30 21:22 Ben Greear [this message]
2011-06-30 21:30 ` Crash in mlme.c, wireless-testing 2.6.39-wl + hacks Johannes Berg
2011-06-30 21:38   ` Ben Greear
2011-07-01  8:10     ` Johannes Berg
2011-07-01 13:00       ` Ben Greear

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=4E0CE929.7040300@candelatech.com \
    --to=greearb@candelatech.com \
    --cc=linux-wireless@vger.kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).