* Panic in ieee_80211_ibss_add_sta when trying to join ad-hoc network (rt2500pci)
@ 2007-05-15 15:28 David LAMPARTER
2007-05-15 17:12 ` John W. Linville
0 siblings, 1 reply; 5+ messages in thread
From: David LAMPARTER @ 2007-05-15 15:28 UTC (permalink / raw)
To: linux-wireless-u79uwXL29TY76Z2rM5mHXA; +Cc: netdev-u79uwXL29TY76Z2rM5mHXA
[-- Attachment #1: Type: text/plain, Size: 1091 bytes --]
Hello,
while trying to get my wireless to work (a Ralink RT2560, as
sold in a Fujitsu-Siemens Amilo A 1630), I've been hitting the
following Panic twice:
BUG: unable to handle kernel NULL pointer derference at virtual address 00000218
[...]
EIP is at ieee80211_ibss_add_sta+0xae/0x130
[...]
EIP: [<c05773fe>] ieee_80211_ibss_add_sta+0xae/0x130 SS:ESP 0068:f641dc38
Kernel panic - not syncing: Fatal exception in interrupt
The bug seems to be triggered as soon as the stack tries to
join my router's ad-hoc; it happen either directly when
doing "ip l s wlan0 up" as well as when doing
"iwconfig wlan0 essid equinox" (when it did not immediately
find the network).
Kernel version is 2.6.21-ge42d23f4 (git checkout from
git://git.kernel.org/pub/scm/linux/kernel/git/linville/wireless-dev,
about a few hours old.)
Full information set available at http://celeste.diac24.net/rtpanic/
(includes pictures of the panics, in case I have a typo somewhere)
Requests for more information / patches welcome, but expect delayed
response.
More information attached.
Greetings,
David Lamparter
[-- Attachment #2: panic text --]
[-- Type: text/plain, Size: 2030 bytes --]
BUG: unable to handle kernel NULL pointer derference at virtual address 00000218
printing eip:
c05773fe
*pde = 00000000
Oops: 0000 [#1]
PREEMPT
Modules linked in: rt2500pci rt2x00pci rt2x00lib radeon drm
CPU: 0
EIP: 0060:[<c05773fe>] Not tainted VLI
EFLAGS: 0010286 (2.6.21-ge42d23f3 #8)
EIP is at ieee80211_ibss_add_sta+0xae/0x130
eax: f76292c0 ebx: f78c381c ecx: 00000000 edx: 00000102
esi: f6a091a0 edi: f76292c0 ebp: f6bb8000 esp: f641dc38
ds: 007b es: 007b fs: 0000 gs: 0033 ss: 0068
Process ip (pid: 1621, ti=f641c000 task=f78f8c30 task.ti=f641c000)
Stack: 00000020 f782f800 00000000 00000001 000000e3 0000000f 000000ae 000000eb
f6bb8000 f6a091a0 c193e8c0 f78c3822 f6bb83a0 00000002 f78c3812 c0569b8a
f78c381c df82f5ea f7e90458 f7cfea10 00000001 f7cfea28 00000018 00000000
Call Trace:
[<c0569b8a>] __ieee80211_rx+0xa5a/0xc10
[<c0180b5a>] dentry_iput+0xda/0x120
[<c056c34f>] ieee80211_tasklet_handler+0xaf/0xe0
[<c02f3c9f>] _atomic_dec_and_loc+0x2f/0x50
[<c0121c43>] tasklet_action+0x33/0x70
[<c0121b72>] __do_softirq+0x52/0xa0
[<c0121c05>] do_softirq+0x45/0x50
[<c0122023>] local_bh_enable+0x53/0xa0
[<c047f74b>] dev_mc_upload+0x3b/0x50
[<c047d16c>] dev_open+0x5c/0x80
[<c056d017>] ieee80211_open+0x317/0x420
[<c0121b86>] __do_softirq+0x66/0xa0
[<c047d149>] dev_open+0x39/0x80
[<c047b8cc>] dev_change_flags+0x5c/0x140
[<c04c3613>] devinet_ioctl+0x563/0x6e0
[<c0472310>] sock_ioctl+0x0/0x1c0
[<c04723bf>] sock_ioctl+0xaf/0x1c0
[<c0472310>] sock_ioctl+0x0/0x1c0
[<c017b81b>] do_ioctl+0x2b/0x90
[<c017b8dc>] vfs_ioctl+0x5c/0x2b0
[<c017bb6d>] sys_ioctl+0x3d/0x70
[<c010406e>] sysenter_past_esp+0x5f/0x85
=======================
Code: 00 00 00 c7 04 24 5c 09 6d c0 89 44 24 04 e8 fa 5f ba ff 89 d9 89 ea 89 f0 c7 04 24 20 00 00 00 e8 48 d1 ff ff 85 c0 89 c7 74 95 <a1> 18 02 00 00 8b 97 8c 00 00 00 89 f1 89 47 64 8b 87 88 00 00
EIP: [<c05773fe>] ieee_80211_ibss_add_sta+0xae/0x130 SS:ESP 0068:f641dc38
Kernel panic - not syncing: Fatal exception in interrupt
[-- Attachment #3: kernel version --]
[-- Type: text/plain, Size: 107 bytes --]
Linux version 2.6.21-ge42d23f4 (root@neptune) (gcc version 4.1.2) #8 PREEMPT Tue May 15 14:08:04 CEST 2007
[-- Attachment #4: lspci output --]
[-- Type: text/plain, Size: 12945 bytes --]
00:00.0 Host bridge: Silicon Integrated Systems [SiS] 755 Host (rev 01)
Subsystem: Silicon Integrated Systems [SiS] 755 Host
Control: I/O+ Mem+ BusMaster+ SpecCycle- MemWINV- VGASnoop- ParErr- Stepping- SERR- FastB2B-
Status: Cap+ 66MHz- UDF- FastB2B- ParErr- DEVSEL=medium >TAbort- <TAbort- <MAbort+ >SERR- <PERR-
Latency: 32
Region 0: Memory at e0000000 (32-bit, non-prefetchable) [size=128M]
Capabilities: [a0] AGP version 3.0
Status: RQ=32 Iso- ArqSz=2 Cal=3 SBA+ ITACoh- GART64- HTrans- 64bit- FW- AGP3+ Rate=x4,x8
Command: RQ=1 ArqSz=0 Cal=0 SBA+ AGP+ GART64- 64bit- FW- Rate=x8
Capabilities: [d0] HyperTransport: Slave or Primary Interface
!!! Possibly incomplete decoding
Command: BaseUnitID=0 UnitCnt=9 MastHost- DefDir-
Link Control 0: CFlE- CST- CFE- <LkFail- Init+ EOC+ TXO- <CRCErr=0
Link Config 0: MLWI=16bit MLWO=16bit LWI=16bit LWO=16bit
Link Control 1: CFlE- CST- CFE- <LkFail+ Init- EOC+ TXO+ <CRCErr=0
Link Config 1: MLWI=N/C MLWO=N/C LWI=N/C LWO=N/C
Revision ID: 1.02
Capabilities: [f0] HyperTransport: Interrupt Discovery and Configuration
00:01.0 PCI bridge: Silicon Integrated Systems [SiS] SG86C202 (prog-if 00 [Normal decode])
Control: I/O+ Mem+ BusMaster+ SpecCycle- MemWINV- VGASnoop- ParErr- Stepping- SERR+ FastB2B-
Status: Cap- 66MHz+ UDF- FastB2B- ParErr- DEVSEL=medium >TAbort- <TAbort- <MAbort- >SERR- <PERR-
Latency: 64
Bus: primary=00, secondary=01, subordinate=01, sec-latency=64
I/O behind bridge: 0000c000-0000cfff
Memory behind bridge: fea00000-feafffff
Prefetchable memory behind bridge: ee900000-fe8fffff
Secondary status: 66MHz+ FastB2B- ParErr- DEVSEL=medium >TAbort- <TAbort- <MAbort- <SERR- <PERR-
BridgeCtl: Parity- SERR+ NoISA- VGA+ MAbort- >Reset- FastB2B-
00:02.0 ISA bridge: Silicon Integrated Systems [SiS] SiS963 [MuTIOL Media IO] (rev 25)
Control: I/O+ Mem+ BusMaster+ SpecCycle+ MemWINV- VGASnoop- ParErr- Stepping- SERR- FastB2B-
Status: Cap- 66MHz- UDF- FastB2B- ParErr- DEVSEL=medium >TAbort- <TAbort- <MAbort- >SERR- <PERR-
Latency: 0
00:02.1 SMBus: Silicon Integrated Systems [SiS] SiS961/2 SMBus Controller
Control: I/O+ Mem- BusMaster- SpecCycle- MemWINV- VGASnoop- ParErr- Stepping- SERR- FastB2B-
Status: Cap- 66MHz- UDF- FastB2B+ ParErr- DEVSEL=medium >TAbort- <TAbort- <MAbort- >SERR- <PERR-
Interrupt: pin B routed to IRQ 0
Region 4: I/O ports at 0c00 [size=32]
00:02.5 IDE interface: Silicon Integrated Systems [SiS] 5513 [IDE] (prog-if 80 [Master])
Subsystem: Fujitsu Siemens Computer GmbH Unknown device 105f
Control: I/O+ Mem- BusMaster+ SpecCycle- MemWINV- VGASnoop- ParErr- Stepping- SERR- FastB2B-
Status: Cap- 66MHz- UDF- FastB2B- ParErr- DEVSEL=medium >TAbort- <TAbort- <MAbort- >SERR- <PERR-
Latency: 128
Region 0: [virtual] Memory at 000001f0 (32-bit, non-prefetchable) [disabled] [size=8]
Region 1: [virtual] Memory at 000003f0 (type 3, non-prefetchable) [disabled] [size=1]
Region 2: [virtual] Memory at 00000170 (32-bit, non-prefetchable) [disabled] [size=8]
Region 3: [virtual] Memory at 00000370 (type 3, non-prefetchable) [disabled] [size=1]
Region 4: I/O ports at ffa0 [size=16]
00:02.6 Modem: Silicon Integrated Systems [SiS] AC'97 Modem Controller (rev a0) (prog-if 00 [Generic])
Subsystem: Fujitsu Siemens Computer GmbH Unknown device 105f
Control: I/O+ Mem- BusMaster+ SpecCycle- MemWINV- VGASnoop- ParErr- Stepping- SERR+ FastB2B-
Status: Cap+ 66MHz- UDF- FastB2B+ ParErr- DEVSEL=medium >TAbort- <TAbort- <MAbort- >SERR- <PERR-
Latency: 64 (13000ns min, 2750ns max)
Interrupt: pin C routed to IRQ 22
Region 0: I/O ports at e400 [size=256]
Region 1: I/O ports at e000 [size=128]
Capabilities: [48] Power Management version 2
Flags: PMEClk- DSI- D1+ D2+ AuxCurrent=55mA PME(D0-,D1-,D2-,D3hot+,D3cold+)
Status: D0 PME-Enable- DSel=0 DScale=0 PME-
00:02.7 Multimedia audio controller: Silicon Integrated Systems [SiS] AC'97 Sound Controller (rev a0)
Subsystem: Fujitsu Siemens Computer GmbH Unknown device 105f
Control: I/O+ Mem- BusMaster+ SpecCycle- MemWINV- VGASnoop- ParErr- Stepping- SERR+ FastB2B-
Status: Cap+ 66MHz- UDF- FastB2B+ ParErr- DEVSEL=medium >TAbort- <TAbort- <MAbort- >SERR- <PERR-
Latency: 64 (13000ns min, 2750ns max)
Interrupt: pin C routed to IRQ 22
Region 0: I/O ports at e800 [size=256]
Region 1: I/O ports at ec00 [size=128]
Capabilities: [48] Power Management version 2
Flags: PMEClk- DSI- D1+ D2+ AuxCurrent=55mA PME(D0-,D1-,D2-,D3hot+,D3cold+)
Status: D0 PME-Enable- DSel=0 DScale=0 PME-
00:03.0 USB Controller: Silicon Integrated Systems [SiS] USB 1.0 Controller (rev 0f) (prog-if 10 [OHCI])
Subsystem: Fujitsu Siemens Computer GmbH Unknown device 105f
Control: I/O+ Mem+ BusMaster+ SpecCycle- MemWINV+ VGASnoop- ParErr- Stepping- SERR+ FastB2B-
Status: Cap- 66MHz- UDF- FastB2B+ ParErr- DEVSEL=medium >TAbort- <TAbort- <MAbort- >SERR- <PERR-
Latency: 64 (20000ns max)
Interrupt: pin A routed to IRQ 20
Region 0: Memory at febfd000 (32-bit, non-prefetchable) [size=4K]
00:03.1 USB Controller: Silicon Integrated Systems [SiS] USB 1.0 Controller (rev 0f) (prog-if 10 [OHCI])
Subsystem: Fujitsu Siemens Computer GmbH Unknown device 105f
Control: I/O+ Mem+ BusMaster+ SpecCycle- MemWINV+ VGASnoop- ParErr- Stepping- SERR+ FastB2B-
Status: Cap- 66MHz- UDF- FastB2B+ ParErr- DEVSEL=medium >TAbort- <TAbort- <MAbort- >SERR- <PERR-
Latency: 64 (20000ns max)
Interrupt: pin B routed to IRQ 21
Region 0: Memory at febfe000 (32-bit, non-prefetchable) [size=4K]
00:03.3 USB Controller: Silicon Integrated Systems [SiS] USB 2.0 Controller (prog-if 20 [EHCI])
Subsystem: Fujitsu Siemens Computer GmbH Unknown device 105f
Control: I/O- Mem+ BusMaster+ SpecCycle- MemWINV- VGASnoop- ParErr- Stepping- SERR+ FastB2B-
Status: Cap+ 66MHz- UDF- FastB2B+ ParErr- DEVSEL=medium >TAbort- <TAbort- <MAbort- >SERR- <PERR-
Latency: 64 (20000ns max)
Interrupt: pin D routed to IRQ 19
Region 0: Memory at febff000 (32-bit, non-prefetchable) [size=4K]
Capabilities: [50] Power Management version 2
Flags: PMEClk- DSI- D1- D2- AuxCurrent=375mA PME(D0+,D1-,D2-,D3hot+,D3cold+)
Status: D0 PME-Enable- DSel=0 DScale=0 PME-
00:04.0 Ethernet controller: Silicon Integrated Systems [SiS] SiS900 PCI Fast Ethernet (rev 91)
Subsystem: Fujitsu Siemens Computer GmbH Unknown device 105f
Control: I/O+ Mem+ BusMaster+ SpecCycle- MemWINV- VGASnoop- ParErr- Stepping- SERR+ FastB2B-
Status: Cap+ 66MHz- UDF- FastB2B+ ParErr- DEVSEL=medium >TAbort- <TAbort- <MAbort- >SERR- <PERR-
Latency: 64 (13000ns min, 2750ns max)
Interrupt: pin A routed to IRQ 18
Region 0: I/O ports at d800 [size=256]
Region 1: Memory at febfc000 (32-bit, non-prefetchable) [size=4K]
Expansion ROM at febc0000 [disabled] [size=128K]
Capabilities: [40] Power Management version 2
Flags: PMEClk- DSI- D1+ D2+ AuxCurrent=0mA PME(D0+,D1+,D2+,D3hot+,D3cold+)
Status: D0 PME-Enable- DSel=0 DScale=0 PME-
00:06.0 FireWire (IEEE 1394): Texas Instruments TSB43AB22/A IEEE-1394a-2000 Controller (PHY/Link) (prog-if 10 [OHCI])
Subsystem: Fujitsu Siemens Computer GmbH Unknown device 105f
Control: I/O- Mem+ BusMaster+ SpecCycle- MemWINV+ VGASnoop- ParErr- Stepping- SERR+ FastB2B-
Status: Cap+ 66MHz- UDF- FastB2B- ParErr- DEVSEL=medium >TAbort- <TAbort- <MAbort- >SERR- <PERR-
Latency: 64 (500ns min, 1000ns max), Cache Line Size 10
Interrupt: pin A routed to IRQ 5
Region 0: Memory at febfb800 (32-bit, non-prefetchable) [size=2K]
Region 1: Memory at febf4000 (32-bit, non-prefetchable) [size=16K]
Capabilities: [44] Power Management version 2
Flags: PMEClk- DSI- D1+ D2+ AuxCurrent=0mA PME(D0+,D1+,D2+,D3hot+,D3cold-)
Status: D0 PME-Enable- DSel=0 DScale=0 PME-
00:09.0 CardBus bridge: O2 Micro, Inc. OZ711M1/MC1 4-in-1 MemoryCardBus Controller (rev 20)
Subsystem: Fujitsu Siemens Computer GmbH Unknown device 105f
Control: I/O+ Mem+ BusMaster+ SpecCycle- MemWINV- VGASnoop- ParErr- Stepping+ SERR- FastB2B-
Status: Cap+ 66MHz- UDF- FastB2B- ParErr- DEVSEL=slow >TAbort- <TAbort- <MAbort- >SERR- <PERR-
Latency: 168, Cache Line Size 10
Interrupt: pin A routed to IRQ 16
Region 0: Memory at 60000000 (32-bit, non-prefetchable) [size=4K]
Bus: primary=00, secondary=02, subordinate=05, sec-latency=176
Memory window 0: 50000000-53fff000 (prefetchable)
Memory window 1: 54000000-57fff000
I/O window 0: 00001000-000010ff
I/O window 1: 00001400-000014ff
BridgeCtl: Parity- SERR- ISA- VGA- MAbort- >Reset- 16bInt+ PostWrite+
16-bit legacy interface ports at 0001
00:09.1 CardBus bridge: O2 Micro, Inc. OZ711M1/MC1 4-in-1 MemoryCardBus Controller (rev 20)
Subsystem: Fujitsu Siemens Computer GmbH Unknown device 105f
Control: I/O+ Mem+ BusMaster+ SpecCycle- MemWINV- VGASnoop- ParErr- Stepping+ SERR- FastB2B-
Status: Cap+ 66MHz- UDF- FastB2B- ParErr- DEVSEL=slow >TAbort- <TAbort- <MAbort- >SERR- <PERR-
Latency: 168, Cache Line Size 10
Interrupt: pin A routed to IRQ 16
Region 0: Memory at 60001000 (32-bit, non-prefetchable) [size=4K]
Bus: primary=00, secondary=06, subordinate=09, sec-latency=176
Memory window 0: 58000000-5bfff000 (prefetchable)
Memory window 1: 5c000000-5ffff000
I/O window 0: 00001800-000018ff
I/O window 1: 00001c00-00001cff
BridgeCtl: Parity- SERR- ISA- VGA- MAbort- >Reset- 16bInt+ PostWrite+
16-bit legacy interface ports at 0001
00:09.2 System peripheral: O2 Micro, Inc. OZ711Mx 4-in-1 MemoryCardBus Accelerator
Subsystem: Fujitsu Siemens Computer GmbH Unknown device 105f
Control: I/O+ Mem+ BusMaster- SpecCycle- MemWINV- VGASnoop- ParErr- Stepping- SERR+ FastB2B-
Status: Cap+ 66MHz- UDF- FastB2B- ParErr- DEVSEL=slow >TAbort- <TAbort- <MAbort- >SERR- <PERR-
Interrupt: pin A routed to IRQ 11
Region 0: Memory at febfa000 (32-bit, non-prefetchable) [size=4K]
Capabilities: [a0] Power Management version 2
Flags: PMEClk- DSI- D1+ D2+ AuxCurrent=0mA PME(D0+,D1+,D2+,D3hot+,D3cold+)
Status: D0 PME-Enable- DSel=0 DScale=0 PME-
00:0b.0 Network controller: RaLink RT2500 802.11g Cardbus/mini-PCI (rev 01)
Subsystem: Micro-Star International Co., Ltd. Unknown device 6833
Control: I/O+ Mem+ BusMaster+ SpecCycle- MemWINV+ VGASnoop- ParErr- Stepping- SERR+ FastB2B-
Status: Cap+ 66MHz- UDF- FastB2B- ParErr- DEVSEL=slow >TAbort- <TAbort- <MAbort- >SERR- <PERR-
Latency: 64, Cache Line Size 10
Interrupt: pin A routed to IRQ 18
Region 0: Memory at febf8000 (32-bit, non-prefetchable) [size=8K]
Capabilities: [40] Power Management version 2
Flags: PMEClk- DSI- D1- D2- AuxCurrent=0mA PME(D0-,D1-,D2-,D3hot-,D3cold-)
Status: D0 PME-Enable- DSel=0 DScale=0 PME-
00:18.0 Host bridge: Advanced Micro Devices [AMD] K8 [Athlon64/Opteron] HyperTransport Technology Configuration
Control: I/O- Mem- BusMaster- SpecCycle- MemWINV- VGASnoop- ParErr- Stepping- SERR- FastB2B-
Status: Cap+ 66MHz- UDF- FastB2B- ParErr- DEVSEL=fast >TAbort- <TAbort- <MAbort- >SERR- <PERR-
Capabilities: [80] HyperTransport: Host or Secondary Interface
!!! Possibly incomplete decoding
Command: WarmRst+ DblEnd-
Link Control: CFlE- CST- CFE- <LkFail- Init+ EOC- TXO- <CRCErr=0
Link Config: MLWI=16bit MLWO=16bit LWI=16bit LWO=16bit
Revision ID: 1.02
00:18.1 Host bridge: Advanced Micro Devices [AMD] K8 [Athlon64/Opteron] Address Map
Control: I/O- Mem- BusMaster- SpecCycle- MemWINV- VGASnoop- ParErr- Stepping- SERR- FastB2B-
Status: Cap- 66MHz- UDF- FastB2B- ParErr- DEVSEL=fast >TAbort- <TAbort- <MAbort- >SERR- <PERR-
00:18.2 Host bridge: Advanced Micro Devices [AMD] K8 [Athlon64/Opteron] DRAM Controller
Control: I/O- Mem- BusMaster- SpecCycle- MemWINV- VGASnoop- ParErr- Stepping- SERR- FastB2B-
Status: Cap- 66MHz- UDF- FastB2B- ParErr- DEVSEL=fast >TAbort- <TAbort- <MAbort- >SERR- <PERR-
00:18.3 Host bridge: Advanced Micro Devices [AMD] K8 [Athlon64/Opteron] Miscellaneous Control
Control: I/O- Mem- BusMaster- SpecCycle- MemWINV- VGASnoop- ParErr- Stepping- SERR- FastB2B-
Status: Cap- 66MHz- UDF- FastB2B- ParErr- DEVSEL=fast >TAbort- <TAbort- <MAbort- >SERR- <PERR-
01:00.0 VGA compatible controller: ATI Technologies Inc RV350 [Mobility Radeon 9600 M10] (prog-if 00 [VGA])
Subsystem: Fujitsu Siemens Computer GmbH Unknown device 105f
Control: I/O+ Mem+ BusMaster+ SpecCycle- MemWINV- VGASnoop- ParErr- Stepping- SERR+ FastB2B-
Status: Cap+ 66MHz+ UDF- FastB2B+ ParErr- DEVSEL=medium >TAbort- <TAbort- <MAbort- >SERR- <PERR-
Latency: 64 (2000ns min), Cache Line Size 10
Interrupt: pin A routed to IRQ 17
Region 0: Memory at f0000000 (32-bit, prefetchable) [size=128M]
Region 1: I/O ports at c800 [size=256]
Region 2: Memory at feaf0000 (32-bit, non-prefetchable) [size=64K]
Expansion ROM at feac0000 [disabled] [size=128K]
Capabilities: [58] AGP version 3.0
Status: RQ=256 Iso- ArqSz=0 Cal=0 SBA+ ITACoh- GART64- HTrans- 64bit- FW+ AGP3+ Rate=x4,x8
Command: RQ=32 ArqSz=2 Cal=0 SBA+ AGP+ GART64- 64bit- FW- Rate=x8
Capabilities: [50] Power Management version 2
Flags: PMEClk- DSI- D1+ D2+ AuxCurrent=0mA PME(D0-,D1-,D2-,D3hot-,D3cold-)
Status: D0 PME-Enable- DSel=0 DScale=0 PME-
[-- Attachment #5: config.gz --]
[-- Type: application/x-gunzip, Size: 12947 bytes --]
[-- Attachment #6: relevant .config --]
[-- Type: text/plain, Size: 442 bytes --]
CONFIG_CFG80211=y
CONFIG_NL80211=y
CONFIG_MAC80211=y
CONFIG_MAC80211_LEDS=y
# CONFIG_MAC80211_DEBUG is not set
# CONFIG_IEEE80211 is not set
# CONFIG_WLAN_PRE80211 is not set
CONFIG_WLAN_80211=y
# CONFIG_BCM43XX_MAC80211 is not set
CONFIG_RT2X00=m
CONFIG_RT2X00_LIB=m
CONFIG_RT2X00_LIB_PCI=m
# CONFIG_RT2400PCI is not set
CONFIG_RT2500PCI=m
# CONFIG_RT2500USB is not set
# CONFIG_RT2X00_DEBUG is not set
# CONFIG_ZD1211RW_MAC80211 is not set
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: Panic in ieee_80211_ibss_add_sta when trying to join ad-hoc network (rt2500pci)
2007-05-15 15:28 Panic in ieee_80211_ibss_add_sta when trying to join ad-hoc network (rt2500pci) David LAMPARTER
@ 2007-05-15 17:12 ` John W. Linville
2007-05-15 18:52 ` Michael Wu
2007-05-15 19:33 ` mac80211 ad-hoc: carrier not set up [was: Panic in ieee_80211_ibss_add_sta] David Lamparter
0 siblings, 2 replies; 5+ messages in thread
From: John W. Linville @ 2007-05-15 17:12 UTC (permalink / raw)
To: David LAMPARTER; +Cc: linux-wireless, netdev
On Tue, May 15, 2007 at 05:28:42PM +0200, David LAMPARTER wrote:
> BUG: unable to handle kernel NULL pointer derference at virtual address 00000218
> [...]
> EIP is at ieee80211_ibss_add_sta+0xae/0x130
> [...]
> EIP: [<c05773fe>] ieee_80211_ibss_add_sta+0xae/0x130 SS:ESP 0068:f641dc38
> Kernel panic - not syncing: Fatal exception in interrupt
>
> The bug seems to be triggered as soon as the stack tries to
> join my router's ad-hoc; it happen either directly when
> doing "ip l s wlan0 up" as well as when doing
> "iwconfig wlan0 essid equinox" (when it did not immediately
> find the network).
Probably because of this:
struct ieee80211_sub_if_data *sdata = NULL;
...
sta->supp_rates = sdata->u.sta.supp_rates_bits;
Patch below...does this work better? Looks like upstream needs
it too...
John
---
Avoid sdata null pointer dereference in ieee80211_ibss_add_sta.
Signed-off-by: John W. Linville <linville@tuxdriver.com>
---
net/mac80211/ieee80211_sta.c | 3 +--
1 file changed, 1 insertion(+), 2 deletions(-)
diff --git a/net/mac80211/ieee80211_sta.c b/net/mac80211/ieee80211_sta.c
index a36c6f3..dd36cc6 100644
--- a/net/mac80211/ieee80211_sta.c
+++ b/net/mac80211/ieee80211_sta.c
@@ -3154,7 +3154,7 @@ struct sta_info * ieee80211_ibss_add_sta(struct net_device *dev,
{
struct ieee80211_local *local = wdev_priv(dev->ieee80211_ptr);
struct sta_info *sta;
- struct ieee80211_sub_if_data *sdata = NULL;
+ struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev);
/* TODO: Could consider removing the least recently used entry and
* allow new one to be added. */
--
John W. Linville
linville@tuxdriver.com
^ permalink raw reply related [flat|nested] 5+ messages in thread
* Re: Panic in ieee_80211_ibss_add_sta when trying to join ad-hoc network (rt2500pci)
2007-05-15 17:12 ` John W. Linville
@ 2007-05-15 18:52 ` Michael Wu
2007-05-15 19:33 ` mac80211 ad-hoc: carrier not set up [was: Panic in ieee_80211_ibss_add_sta] David Lamparter
1 sibling, 0 replies; 5+ messages in thread
From: Michael Wu @ 2007-05-15 18:52 UTC (permalink / raw)
To: John W. Linville; +Cc: David LAMPARTER, linux-wireless, netdev, Jiri Benc
[-- Attachment #1: Type: text/plain, Size: 231 bytes --]
On Tuesday 15 May 2007 13:12, John W. Linville wrote:\
> Patch below...does this work better? Looks like upstream needs
> it too...
>
ACK. Looks like I forgot to set sdata after removing the code that set it.
Thanks,
-Michael Wu
[-- Attachment #2: Type: application/pgp-signature, Size: 189 bytes --]
^ permalink raw reply [flat|nested] 5+ messages in thread
* mac80211 ad-hoc: carrier not set up [was: Panic in ieee_80211_ibss_add_sta]
2007-05-15 17:12 ` John W. Linville
2007-05-15 18:52 ` Michael Wu
@ 2007-05-15 19:33 ` David Lamparter
2007-05-15 21:59 ` Ivo van Doorn
1 sibling, 1 reply; 5+ messages in thread
From: David Lamparter @ 2007-05-15 19:33 UTC (permalink / raw)
To: John W. Linville; +Cc: linux-wireless, netdev
On Tue, May 15, 2007 at 01:12:02PM -0400, John W. Linville wrote:
> Patch below...does this work better? Looks like upstream needs
> it too...
Yup, this fixes it. Thanks for the quick fix.
However, ad-hoc still does not work, since the network device's
carrier status does not seem to be properly set. (It remains
in NO-CARRIER even after "wlan0: Selected IBSS BSSID
92:68:a2:db:de:45 based on configured SSID". I dirtily hacked
around that with the following two-liner:
--- wireless-dev/net/mac80211/ieee80211_sta.c.orig 2007-05-15 20:19:55.000000000 +0200
+++ wireless-dev/net/mac80211/ieee80211_sta.c 2007-05-15 21:19:38.362587215 +0200
@@ -2448,6 +2448,7 @@
mod_timer(&ifsta->timer, jiffies + IEEE80211_IBSS_MERGE_INTERVAL);
ieee80211_rx_bss_put(dev, bss);
+ netif_carrier_on(dev);
return res;
}
@@ -2648,6 +2649,7 @@
ifsta->ssid_set = len ? 1 : 0;
if (sdata->type == IEEE80211_IF_TYPE_IBSS && !ifsta->bssid_set) {
+ netif_carrier_off(dev);
ifsta->ibss_join_req = jiffies;
ifsta->state = IEEE80211_IBSS_SEARCH;
return ieee80211_sta_find_ibss(dev, ifsta);
However, I have NO CLUE WHAT I'M DOING THERE! Make a proper fix!
(Especially, I think it needs more netif_carrier_off calls in
different places.)
Anyway, thanks for my now-working wireless,
David Lamparter
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: mac80211 ad-hoc: carrier not set up [was: Panic in ieee_80211_ibss_add_sta]
2007-05-15 19:33 ` mac80211 ad-hoc: carrier not set up [was: Panic in ieee_80211_ibss_add_sta] David Lamparter
@ 2007-05-15 21:59 ` Ivo van Doorn
0 siblings, 0 replies; 5+ messages in thread
From: Ivo van Doorn @ 2007-05-15 21:59 UTC (permalink / raw)
To: David Lamparter; +Cc: John W. Linville, linux-wireless, netdev
Hi,
> However, ad-hoc still does not work, since the network device's
> carrier status does not seem to be properly set. (It remains
> in NO-CARRIER even after "wlan0: Selected IBSS BSSID
> 92:68:a2:db:de:45 based on configured SSID". I dirtily hacked
> around that with the following two-liner:
I was aware of the recent rt2x00 adhoc breakage but hadn't looked into it yet,
the below suggestion about the netif_carrier does make sense though,
since the last report it was working was before rt2x00 removed the ieee80211_netif
calls, and the first report of its breakage was some time after the removal.
(Since a lot of code has been moved around in between the ieee80211_netif wasn't
the first thing that I would have thought of as a probable cause. ;) )
> --- wireless-dev/net/mac80211/ieee80211_sta.c.orig 2007-05-15 20:19:55.000000000 +0200
> +++ wireless-dev/net/mac80211/ieee80211_sta.c 2007-05-15 21:19:38.362587215 +0200
> @@ -2448,6 +2448,7 @@
> mod_timer(&ifsta->timer, jiffies + IEEE80211_IBSS_MERGE_INTERVAL);
>
> ieee80211_rx_bss_put(dev, bss);
> + netif_carrier_on(dev);
>
> return res;
> }
> @@ -2648,6 +2649,7 @@
>
> ifsta->ssid_set = len ? 1 : 0;
> if (sdata->type == IEEE80211_IF_TYPE_IBSS && !ifsta->bssid_set) {
> + netif_carrier_off(dev);
> ifsta->ibss_join_req = jiffies;
> ifsta->state = IEEE80211_IBSS_SEARCH;
> return ieee80211_sta_find_ibss(dev, ifsta);
>
>
> However, I have NO CLUE WHAT I'M DOING THERE! Make a proper fix!
> (Especially, I think it needs more netif_carrier_off calls in
> different places.)
>
>
> Anyway, thanks for my now-working wireless,
Ivo
^ permalink raw reply [flat|nested] 5+ messages in thread
end of thread, other threads:[~2007-05-15 22:01 UTC | newest]
Thread overview: 5+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2007-05-15 15:28 Panic in ieee_80211_ibss_add_sta when trying to join ad-hoc network (rt2500pci) David LAMPARTER
2007-05-15 17:12 ` John W. Linville
2007-05-15 18:52 ` Michael Wu
2007-05-15 19:33 ` mac80211 ad-hoc: carrier not set up [was: Panic in ieee_80211_ibss_add_sta] David Lamparter
2007-05-15 21:59 ` Ivo van Doorn
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).