[REGRESSION] wlcore wlcore_op_get_expected_throughput null ptr dereference

From: John Stultz
Date: Wed Jul 27 2016 - 23:47:06 EST

Next message: Li, Liang Z: "RE: [PATCH v2 repost 4/7] virtio-balloon: speed up inflate/deflate process"
Previous message: Theodore Ts'o: "Re: [BUG -next] "random: make /dev/urandom scalable for silly userspace programs" causes crash"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

So after rebasing my HiKey tree ontop of Linus' HEAD today, I started
having trouble with the wlcore wifi.

The first issue was that the firmware I was using was deemed too old,
but after updating to .69, I then started hitting null pointer crashes
when wifi was initialized.

[ 7.326224] wlcore: wl18xx HW: 183x or 180x, PG 2.2 (ROM 0x11)
[ 7.336328] wlcore: loaded
...
[ 26.254559] wlcore: PHY firmware version: Rev 8.2.0.0.236
[ 26.308764] wlcore: firmware booted (Rev 8.9.0.0.69)
...
[ 60.297307] wlan0: send auth to 04:a1:51:da:5b:a7 (try 1/3)
[ 60.316271] wlan0: authenticated
[ 60.320853] wl18xx_driver wl18xx.2.auto wlan0: disabling HT as
WMM/QoS is not supported by the AP
[ 60.329858] wl18xx_driver wl18xx.2.auto wlan0: disabling VHT as
WMM/QoS is not supported by the AP
[ 60.342624] wlan0: associate with 04:a1:51:da:5b:a7 (try 1/3)
[ 60.352475] wlan0: RX AssocResp from 04:a1:51:da:5b:a7
(capab=0x1411 status=0 aid=1)
[ 60.417880] wlan0: associated
[ 60.444554] wlcore: Association completed.
[ 60.507987] Unable to handle kernel NULL pointer dereference at
virtual address 00000aea
[ 60.516180] pgd = ffffffc07365b000
[ 60.519645] [00000aea] *pgd=0000000000000000, *pud=0000000000000000
[ 60.526027] Internal error: Oops: 96000005 [#1] PREEMPT SMP
[ 60.531616] CPU: 0 PID: 2306 Comm: wpa_supplicant Not tainted
4.7.0-05982-g3bd0464 #550
[ 60.539623] Hardware name: HiKey Development Board (DT)
[ 60.544853] task: ffffffc0788fa580 ti: ffffffc058be4000 task.ti:
ffffffc058be4000
[ 60.552357] PC is at wlcore_op_get_expected_throughput+0xc/0x1c
[ 60.558287] LR is at sta_set_sinfo+0x608/0x7d0
[ 60.562735] pc : [<ffffff80085dd404>] lr : [<ffffff80089424bc>]
pstate: 80000145
[ 60.570132] sp : ffffffc058be7640
[ 60.573448] x29: ffffffc058be7640 x28: ffffffc058be4000
[ 60.578776] x27: ffffffc0481211f8 x26: 0000000000000008
[ 60.584103] x25: 00000000ffff161d x24: ffffffc0481217f8
[ 60.589430] x23: 0000000000000000 x22: ffffffc0792d86e0
[ 60.594756] x21: ffffffc0784e6880 x20: ffffffc048121000
[ 60.600083] x19: ffffffc058be7720 x18: 00000000ffffffff
[ 60.605409] x17: 0000000000000000 x16: ffffff80081bdcd8
[ 60.610735] x15: 00000000004fbc5c x14: 0000000000000241
[ 60.616061] x13: aaaaaaaaaaaaaaab x12: ffffff8008f79000
[ 60.621388] x11: ffffffc058be73c8 x10: 0000000000000860
[ 60.626714] x9 : ffffffc058be4000 x8 : 0000000040000000
[ 60.632039] x7 : 0000000000210d00 x6 : ffffffc048121448
[ 60.637366] x5 : ffffffc058be7a70 x4 : 000000000000001e
[ 60.642692] x3 : 000000000000000a x2 : 0000000000000000
[ 60.648017] x1 : 0000000000000000 x0 : 0000000000000000
[ 60.653342]
[ 60.654836] Process wpa_supplicant (pid: 2306, stack limit =
0xffffffc058be4020)
[ 60.662236] Stack: (0xffffffc058be7640 to 0xffffffc058be8000)
...
[ 61.278789] Call trace:
[ 61.281232] Exception stack(0xffffffc058be7470 to 0xffffffc058be75a0)
[ 61.287669] 7460:
ffffffc058be7720 0000008000000000
[ 61.295497] 7480: ffffffc058be7640 ffffff80085dd404
ffffff80081081f8 ffffffc058be74f0
[ 61.303325] 74a0: ffffffc058be74e0 ffffff80081081f8
ffffffc058be74d0 ffffff800899cd68
[ 61.311152] 74c0: ffffffc058be74d0 ffffff800810758c
ffffffc058be74e0 ffffff800899cf10
[ 61.318980] 74e0: ffffffc058be74f0 ffffff800810823c
ffffffc058be7570 ffffff80081083c0
[ 61.326806] 7500: 0000000000000140 ffffffc07856d400
0000000000000000 0000000000000000
[ 61.334633] 7520: 0000000000000000 000000000000000a
000000000000001e ffffffc058be7a70
[ 61.342461] 7540: ffffffc048121448 0000000000210d00
0000000040000000 ffffffc058be4000
[ 61.350289] 7560: 0000000000000860 ffffffc058be73c8
ffffff8008f79000 aaaaaaaaaaaaaaab
[ 61.358117] 7580: 0000000000000241 00000000004fbc5c
ffffff80081bdcd8 0000000000000000
[ 61.365946] [<ffffff80085dd404>] wlcore_op_get_expected_throughput+0xc/0x1c
[ 61.372908] [<ffffff8008955470>] ieee80211_get_station+0x4c/0x6c
[ 61.378915] [<ffffff800892722c>] nl80211_get_station+0x68/0x144
[ 61.384835] [<ffffff800879e35c>] genl_family_rcv_msg+0x1ec/0x340
[ 61.390838] [<ffffff800879e540>] genl_rcv_msg+0x90/0xd8
[ 61.396059] [<ffffff800879dc68>] netlink_rcv_skb+0xec/0x100
[ 61.401627] [<ffffff800879e15c>] genl_rcv+0x34/0x48
[ 61.406501] [<ffffff800879c4a8>] netlink_unicast+0x164/0x258
[ 61.412156] [<ffffff800879cd0c>] netlink_sendmsg+0x310/0x374
[ 61.417812] [<ffffff800874f6d4>] sock_sendmsg+0x44/0x50
[ 61.423033] [<ffffff800874f9e8>] ___sys_sendmsg+0x24c/0x25c
[ 61.428601] [<ffffff8008750e2c>] __sys_sendmsg+0x44/0x88
[ 61.433907] [<ffffff8008750e80>] SyS_sendmsg+0x10/0x20
[ 61.439043] [<ffffff8008082ef0>] el0_svc_naked+0x24/0x28
[ 61.444352] Code: d65f03c0 39438001 f9407800 8b011c00 (396ba801)
[ 61.450537] ---[ end trace d464b2870b6d1378 ]---

Digging in it seems like commit 5f6d4ca3c196814bef0cbbb195acd9ecc178588b
("wlcore: Add support for get_expected_throughput opcode") is to
blame, and reverting that seems to resolve the issue.

thanks
-john

Next message: Li, Liang Z: "RE: [PATCH v2 repost 4/7] virtio-balloon: speed up inflate/deflate process"
Previous message: Theodore Ts'o: "Re: [BUG -next] "random: make /dev/urandom scalable for silly userspace programs" causes crash"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]