4.4-rc4 crash net/80211 related

From: Mika PenttilÃ
Date: Thu Dec 17 2015 - 00:49:14 EST

Next message: Seiichi Ikarashi: "Re: [PATCH 1/3] powercap, intel_rapl, implement get_max_time_window"
Previous message: Andrew Morton: "Re: + arc-convert-to-dma_map_ops.patch added to -mm tree"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hi,

Triggered this with rc4, but the relevant parts are same in rc5:

offending line is :

(gdb) list *(ieee80211_scan_rx+0x158)
0xf68 is in ieee80211_scan_rx (net/mac80211/scan.c:205).
200 if (!(sdata1 &&
201 (ether_addr_equal(mgmt->da, sdata1->vif.addr) ||
202 scan_req->flags & NL80211_SCAN_FLAG_RANDOM_ADDR)) &&
203 !(sdata2 &&
204 (ether_addr_equal(mgmt->da, sdata2->vif.addr) ||
205 sched_scan_req->flags & NL80211_SCAN_FLAG_RANDOM_ADDR)))
206 return;
207
208 elements = mgmt->u.probe_resp.variable;
209 baselen = offsetof(struct ieee80211_mgmt, u.probe_resp.variable);
(gdb)

i.e. sched_scan_req->flags which means sched_scan_req is NULL.

It is not easy to trigger (have been running for days) so its not easy
to say if it's triggering with rc5.

relevant hw info : i.mx6 + ti wl1835 wlan

------

[471559.635143] Unable to handle kernel NULL pointer dereference at
virtual address 00000018

Internal error: Oops: 17 [#1] PREEMPT SMP ARM

CPU: 1 PID: 24194 Comm: kworker/u8:1 Tainted: G W 4.4.0-rc4 #1

[a4c7e1(505x9a.76e9f0872] Hardware name: Freescale i.MX6 Quad/DualLite
(Device Tree)

S[u4r7f1a559.717313] PC is at ieee80211_scan_rx+0x158/0x168

LR is at 0x2f04a578

ce(0xa7efe8)

[471559.729744] pc : [<806a0bb0>] lr : [<2f04a578>] psr: a0030113

[471559.729744] sp : a8aa7da0 ip : 00000066 fp : a800ac00

[471559.742599] r10: a89e6a00 r9 : 00000000 r8 : 00000000

[471559.747913] r7 : a8b00440 r6 : a87764c0 r5 : 0000647b r4 : a8b00440

[471559.754529] r3 : d0fbdb87 r2 : 00009b84 r1 : a8cc76c0 r0 : a84d43e0

[471559.761146] Flags: NzCv IRQs on FIQs on Mode SVC_32 ISA ARM
Segment kernel

[471559.768544] Control: 10c5387d Table: 1b48804a DAC: 00000055

[471559.774379] Process kworker/u8:1 (pid: 24194, stack limit = 0xa8aa6210)

[471559.781081] Stack: (0xa8aa7da0 to 0xa8aa8000)

[471559.785531] 7da0: 0006f631 00000000 afb50401 ab712080 a8aa7dfc
806dc340 ab712080 80042018

[471559.793799] 7dc0: ffffffff 8a14a000 00000002 8003e980 a82d5f48
a82d5f50 a82d5f48 800500d4

[471559.802066] 7de0: 00000000 00000000 5129e9f0 0001ace1 00000001
00000000 a8aa7e3c 806d870c

[471559.810334] 7e00: 00000000 00000000 a8aa7e1c 800455e4 9c119808
ab7120c0 0000625e a82d5f00

[471559.818601] 7e20: ab7120c0 a82d5f48 80b6170c 00000002 00000001
00000000 ab712080 80053738

[471559.826868] 7e40: 9c119808 ab7120c0 00001259 00000000 00001259
00000000 00000001 a84d43e0

[471559.835136] 7e60: 00000050 a8cc76c0 a8b00440 00000000 00000000
806b6ee8 80b5c080 80b5c080

[471559.843403] 7e80: 00000004 00000000 02953182 00000000 a8cc76c0
a84d43e0 00000000 00000000

[471559.851670] 7ea0: 00000000 00000000 00000010 00000010 00000000
00000000 a800ac00 a84d4c40

[471559.859938] 7ec0: a8cc76c0 a84d43e0 a84d4e00 803b37a4 00000000
a89e6a00 a800ac00 803b37c0

[471559.868205] 7ee0: a84d4ecc a84d4c40 a800ac00 a83c2f00 00000000
803b383c a89e6a00 a84d4ecc

[471559.876473] 7f00: a800ac00 800388ac a800ac14 a800ac14 00000001
a800ac00 a89e6a18 a800ac14

[471559.884740] 7f20: a8aa6000 00000088 80b9a73b a89e6a00 a800ac00
80038b1c 80b60100 a800ad64

[471559.893007] 7f40: 80038ad0 00000000 a8a96f40 a89e6a00 80038ad0
00000000 00000000 00000000

[471559.901274] 7f60: 00000000 8003dd78 fffffff5 00000000 00000000
a89e6a00 00000000 00000000

[471559.909542] 7f80: a8aa7f80 a8aa7f80 00000000 00000000 a8aa7f90
a8aa7f90 a8aa7fac a8a96f40

[471559.917809] 7fa0: 8003dc90 00000000 00000000 8000f5a8 00000000
00000000 00000000 00000000

[471559.926076] 7fc0: 00000000 00000000 00000000 00000000 00000000
00000000 00000000 00000000

[471559.934343] 7fe0: 00000000 00000000 00000000 00000000 00000013
00000000 00000000 00000000

[471559.942623] [<806a0bb0>] (ieee80211_scan_rx) from [<806b6ee8>]
(ieee80211_rx_napi+0x680/0x7a0)

[471559.951330] [<806b6ee8>] (ieee80211_rx_napi) from [<803b37c0>]
(wl1271_flush_deferred_work+0x30/0x98)

[471559.960643] [<803b37c0>] (wl1271_flush_deferred_work) from
[<803b383c>] (wl1271_netstack_work+0x14/0x24)

[471559.970216] [<803b383c>] (wl1271_netstack_work) from [<800388ac>]
(process_one_work+0x120/0x344)

[471559.979093] [<800388ac>] (process_one_work) from [<80038b1c>]
(worker_thread+0x4c/0x490)

[471559.987279] [<80038b1c>] (worker_thread) from [<8003dd78>]
(kthread+0xe8/0x104)

[471559.994686] [<8003dd78>] (kthread) from [<8000f5a8>]
(ret_from_fork+0x14/0x2c)

[471560.002000] Code: e0222005 e023300e e1923003 0affffc0 (e5993018)

[471560.008219] ---[ end trace eb084eff56d23079 ]---

[471560.012947] Kernel panic - not syncing: Fatal exception in interrupt

[471560.012954] CPU0: stopping

[471560.012962] CPU: 0 PID: 24339 Comm: compositor Tainted: G D W
4.4.0-rc4 #1

[471560.012965] Hardware name: Freescale i.MX6 Quad/DualLite (Device Tree)

[471560.012988] [<80016be4>] (unwind_backtrace) from [<80012b70>]
(show_stack+0x10/0x14)

[471560.013001] [<80012b70>] (show_stack) from [<802527b8>]
(dump_stack+0x84/0xc4)

[471560.013010] [<802527b8>] (dump_stack) from [<80015aa8>]
(handle_IPI+0x1ac/0x1c0)

[471560.013018] [<80015aa8>] (handle_IPI) from [<80009468>]
(gic_handle_irq+0x84/0x88)

[471560.013025] [<80009468>] (gic_handle_irq) from [<80013600>]
(__irq_svc+0x40/0x74)

[471560.013029] Exception stack(0xa91cbd00 to 0xa91cbd48)

[471560.013036] bd00: ab706080 00000000 00000000 00009221 ab706080
00000000 a8944740 806d870c

[471560.013043] bd20: 80b6170c 00000000 a82d50c0 a91cbd94 00000000
a91cbd50 80042018 806dc338

[471560.013046] bd40: 600d0013 ffffffff

[471560.013062] [<80013600>] (__irq_svc) from [<806dc338>]
(_raw_spin_unlock_irq+0x20/0x54)

[471560.013075] [<806dc338>] (_raw_spin_unlock_irq) from [<80042018>]
(finish_task_switch+0xa8/0x230)

[471560.013084] [<80042018>] (finish_task_switch) from [<806d870c>]
(__schedule+0x1c0/0x500)

[471560.013092] [<806d870c>] (__schedule) from [<806d8c54>]
(schedule+0x4c/0xac)

[471560.013100] [<806d8c54>] (schedule) from [<806db69c>]
(schedule_timeout+0x13c/0x188)

[471560.013108] [<806db69c>] (schedule_timeout) from [<806da578>]
(__down+0x64/0x9c)

[471560.013123] [<806da578>] (__down) from [<80059f14>] (down+0x44/0x58)

[471560.013134] [<80059f14>] (down) from [<8005f394>]
(console_lock+0x20/0x44)

[471560.013149] [<8005f394>] (console_lock) from [<802aac94>]
(do_fb_ioctl+0x274/0x610)

[471560.013160] [<802aac94>] (do_fb_ioctl) from [<800f3840>]
(do_vfs_ioctl+0x43c/0x640)

[471560.013167] [<800f3840>] (do_vfs_ioctl) from [<800f3a78>]
--------------------

Thanks
--Mika

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Seiichi Ikarashi: "Re: [PATCH 1/3] powercap, intel_rapl, implement get_max_time_window"
Previous message: Andrew Morton: "Re: + arc-convert-to-dma_map_ops.patch added to -mm tree"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]