After successfull station association, if station queues are disabled for
some reason, the related lists are not emptied. So if some new element is
added to the list in iwl_mvm_mac_wake_tx_queue, it can match with the old
one and produce a BUG like this:
[ 46.535263] list_add corruption. prev->next should be next (ffff94c1c318a360), but was 0000000000000000. (prev=ffff94c1d02d3388).
[ 46.535283] ------------[ cut here ]------------
[ 46.535284] kernel BUG at lib/list_debug.c:26!
[ 46.535290] invalid opcode: 0000 [#1] PREEMPT SMP PTI
[ 46.585304] CPU: 0 PID: 623 Comm: wpa_supplicant Not tainted 5.19.0-rc3+ #1
[ 46.592380] Hardware name: Dell Inc. Inspiron 660s/0478VN , BIOS A07 08/24/2012
[ 46.600336] RIP: 0010:__list_add_valid.cold+0x3d/0x3f
[ 46.605475] Code: f2 4c 89 c1 48 89 fe 48 c7 c7 c8 40 67 93 e8 20 cc fd ff 0f 0b 48 89 d1 4c 89 c6 4c 89 ca 48 c7 c7 70 40 67 93 e8 09 cc fd ff <0f> 0b 48 89 fe 48 c7 c7 00 41 67 93 e8 f8 cb fd ff 0f 0b 48 89 d1
[ 46.624469] RSP: 0018:ffffb20800ab76d8 EFLAGS: 00010286
[ 46.629854] RAX: 0000000000000075 RBX: ffff94c1c318a0e0 RCX: 0000000000000000
[ 46.637105] RDX: 0000000000000201 RSI: ffffffff9365e100 RDI: 00000000ffffffff
[ 46.644356] RBP: ffff94c1c5f43370 R08: 0000000000000075 R09: 3064316334396666
[ 46.651607] R10: 3364323064316334 R11: 39666666663d7665 R12: ffff94c1c5f43388
[ 46.658857] R13: ffff94c1d02d3388 R14: ffff94c1c318a360 R15: ffff94c1cf2289c0
[ 46.666108] FS: 00007f65634ff7c0(0000) GS:ffff94c1da200000(0000) knlGS:0000000000000000
[ 46.674331] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 46.680170] CR2: 00007f7dfe984460 CR3: 000000010e894003 CR4: 00000000000606f0
[ 46.687422] Call Trace:
[ 46.689906] <TASK>
[ 46.691950] iwl_mvm_mac_wake_tx_queue+0xec/0x15c [iwlmvm]
[ 46.697601] ieee80211_queue_skb+0x4b3/0x720 [mac80211]
[ 46.702973] ? sta_info_get+0x46/0x60 [mac80211]
[ 46.707703] ieee80211_tx+0xad/0x110 [mac80211]
[ 46.712355] __ieee80211_tx_skb_tid_band+0x71/0x90 [mac80211]
...
In order to avoid this problem, we must also remove the related lists when
station queues are disabled.
Fixes: cfbc6c4c5b91c ("iwlwifi: mvm: support mac80211 TXQs model")
Reported-by: Takayuki Nagata <[email protected]>
Reported-by: Petr Stourac <[email protected]>
Tested-by: Petr Stourac <[email protected]>
Signed-off-by: Jose Ignacio Tornos Martinez <[email protected]>
---
drivers/net/wireless/intel/iwlwifi/mvm/sta.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/drivers/net/wireless/intel/iwlwifi/mvm/sta.c b/drivers/net/wireless/intel/iwlwifi/mvm/sta.c
index c7f9d3870f21..8a38d1bfe9b3 100644
--- a/drivers/net/wireless/intel/iwlwifi/mvm/sta.c
+++ b/drivers/net/wireless/intel/iwlwifi/mvm/sta.c
@@ -1862,6 +1862,7 @@ static void iwl_mvm_disable_sta_queues(struct iwl_mvm *mvm,
iwl_mvm_txq_from_mac80211(sta->txq[i]);
mvmtxq->txq_id = IWL_MVM_INVALID_QUEUE;
+ list_del_init(&mvmtxq->list);
}
}
--
2.35.3
Jose Ignacio Tornos Martinez <[email protected]> writes:
> After successfull station association, if station queues are disabled for
> some reason, the related lists are not emptied. So if some new element is
> added to the list in iwl_mvm_mac_wake_tx_queue, it can match with the old
> one and produce a BUG like this:
>
> [ 46.535263] list_add corruption. prev->next should be next (ffff94c1c318a360), but was 0000000000000000. (prev=ffff94c1d02d3388).
> [ 46.535283] ------------[ cut here ]------------
> [ 46.535284] kernel BUG at lib/list_debug.c:26!
> [ 46.535290] invalid opcode: 0000 [#1] PREEMPT SMP PTI
> [ 46.585304] CPU: 0 PID: 623 Comm: wpa_supplicant Not tainted 5.19.0-rc3+ #1
> [ 46.592380] Hardware name: Dell Inc. Inspiron 660s/0478VN , BIOS A07 08/24/2012
> [ 46.600336] RIP: 0010:__list_add_valid.cold+0x3d/0x3f
> [ 46.605475] Code: f2 4c 89 c1 48 89 fe 48 c7 c7 c8 40 67 93 e8 20 cc fd ff 0f 0b 48 89 d1 4c 89 c6 4c 89 ca 48 c7 c7 70 40 67 93 e8 09 cc fd ff <0f> 0b 48 89 fe 48 c7 c7 00 41 67 93 e8 f8 cb fd ff 0f 0b 48 89 d1
> [ 46.624469] RSP: 0018:ffffb20800ab76d8 EFLAGS: 00010286
> [ 46.629854] RAX: 0000000000000075 RBX: ffff94c1c318a0e0 RCX: 0000000000000000
> [ 46.637105] RDX: 0000000000000201 RSI: ffffffff9365e100 RDI: 00000000ffffffff
> [ 46.644356] RBP: ffff94c1c5f43370 R08: 0000000000000075 R09: 3064316334396666
> [ 46.651607] R10: 3364323064316334 R11: 39666666663d7665 R12: ffff94c1c5f43388
> [ 46.658857] R13: ffff94c1d02d3388 R14: ffff94c1c318a360 R15: ffff94c1cf2289c0
> [ 46.666108] FS: 00007f65634ff7c0(0000) GS:ffff94c1da200000(0000) knlGS:0000000000000000
> [ 46.674331] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
> [ 46.680170] CR2: 00007f7dfe984460 CR3: 000000010e894003 CR4: 00000000000606f0
> [ 46.687422] Call Trace:
> [ 46.689906] <TASK>
> [ 46.691950] iwl_mvm_mac_wake_tx_queue+0xec/0x15c [iwlmvm]
> [ 46.697601] ieee80211_queue_skb+0x4b3/0x720 [mac80211]
> [ 46.702973] ? sta_info_get+0x46/0x60 [mac80211]
> [ 46.707703] ieee80211_tx+0xad/0x110 [mac80211]
> [ 46.712355] __ieee80211_tx_skb_tid_band+0x71/0x90 [mac80211]
> ...
>
> In order to avoid this problem, we must also remove the related lists when
> station queues are disabled.
>
> Fixes: cfbc6c4c5b91c ("iwlwifi: mvm: support mac80211 TXQs model")
> Reported-by: Takayuki Nagata <[email protected]>
> Reported-by: Petr Stourac <[email protected]>
> Tested-by: Petr Stourac <[email protected]>
> Signed-off-by: Jose Ignacio Tornos Martinez <[email protected]>
Gregory, I'll take also this directly to wireless-next, ok?
--
https://patchwork.kernel.org/project/linux-wireless/list/
https://wireless.wiki.kernel.org/en/developers/documentation/submittingpatches
Jose Ignacio Tornos Martinez <[email protected]> wrote:
> After successfull station association, if station queues are disabled for
> some reason, the related lists are not emptied. So if some new element is
> added to the list in iwl_mvm_mac_wake_tx_queue, it can match with the old
> one and produce a BUG like this:
>
> [ 46.535263] list_add corruption. prev->next should be next (ffff94c1c318a360), but was 0000000000000000. (prev=ffff94c1d02d3388).
> [ 46.535283] ------------[ cut here ]------------
> [ 46.535284] kernel BUG at lib/list_debug.c:26!
> [ 46.535290] invalid opcode: 0000 [#1] PREEMPT SMP PTI
> [ 46.585304] CPU: 0 PID: 623 Comm: wpa_supplicant Not tainted 5.19.0-rc3+ #1
> [ 46.592380] Hardware name: Dell Inc. Inspiron 660s/0478VN , BIOS A07 08/24/2012
> [ 46.600336] RIP: 0010:__list_add_valid.cold+0x3d/0x3f
> [ 46.605475] Code: f2 4c 89 c1 48 89 fe 48 c7 c7 c8 40 67 93 e8 20 cc fd ff 0f 0b 48 89 d1 4c 89 c6 4c 89 ca 48 c7 c7 70 40 67 93 e8 09 cc fd ff <0f> 0b 48 89 fe 48 c7 c7 00 41 67 93 e8 f8 cb fd ff 0f 0b 48 89 d1
> [ 46.624469] RSP: 0018:ffffb20800ab76d8 EFLAGS: 00010286
> [ 46.629854] RAX: 0000000000000075 RBX: ffff94c1c318a0e0 RCX: 0000000000000000
> [ 46.637105] RDX: 0000000000000201 RSI: ffffffff9365e100 RDI: 00000000ffffffff
> [ 46.644356] RBP: ffff94c1c5f43370 R08: 0000000000000075 R09: 3064316334396666
> [ 46.651607] R10: 3364323064316334 R11: 39666666663d7665 R12: ffff94c1c5f43388
> [ 46.658857] R13: ffff94c1d02d3388 R14: ffff94c1c318a360 R15: ffff94c1cf2289c0
> [ 46.666108] FS: 00007f65634ff7c0(0000) GS:ffff94c1da200000(0000) knlGS:0000000000000000
> [ 46.674331] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
> [ 46.680170] CR2: 00007f7dfe984460 CR3: 000000010e894003 CR4: 00000000000606f0
> [ 46.687422] Call Trace:
> [ 46.689906] <TASK>
> [ 46.691950] iwl_mvm_mac_wake_tx_queue+0xec/0x15c [iwlmvm]
> [ 46.697601] ieee80211_queue_skb+0x4b3/0x720 [mac80211]
> [ 46.702973] ? sta_info_get+0x46/0x60 [mac80211]
> [ 46.707703] ieee80211_tx+0xad/0x110 [mac80211]
> [ 46.712355] __ieee80211_tx_skb_tid_band+0x71/0x90 [mac80211]
> ...
>
> In order to avoid this problem, we must also remove the related lists when
> station queues are disabled.
>
> Fixes: cfbc6c4c5b91c ("iwlwifi: mvm: support mac80211 TXQs model")
> Reported-by: Takayuki Nagata <[email protected]>
> Reported-by: Petr Stourac <[email protected]>
> Tested-by: Petr Stourac <[email protected]>
> Signed-off-by: Jose Ignacio Tornos Martinez <[email protected]>
Patch applied to wireless-next.git, thanks.
14a3aacf517a wifi: iwlwifi: mvm: fix double list_add at iwl_mvm_mac_wake_tx_queue
--
https://patchwork.kernel.org/project/linux-wireless/patch/[email protected]/
https://wireless.wiki.kernel.org/en/developers/documentation/submittingpatches