Return-path: Received: from 91-65-240-14-dynip.superkabel.de ([91.65.240.14]:39511 "EHLO charon.n2.diac24.net" rhost-flags-OK-FAIL-OK-OK) by vger.kernel.org with ESMTP id S1756170AbXEOPfO (ORCPT ); Tue, 15 May 2007 11:35:14 -0400 Date: Tue, 15 May 2007 17:28:42 +0200 From: David LAMPARTER To: linux-wireless@vger.kernel.org Cc: netdev@vger.kernel.org Subject: Panic in ieee_80211_ibss_add_sta when trying to join ad-hoc network (rt2500pci) Message-ID: <20070515152842.GA26481@charon.n2.diac24.net> Mime-Version: 1.0 Content-Type: multipart/mixed; boundary="NMuMz9nt05w80d4+" Sender: linux-wireless-owner@vger.kernel.org List-ID: --NMuMz9nt05w80d4+ Content-Type: text/plain; charset=utf-8 Content-Disposition: inline Hello, while trying to get my wireless to work (a Ralink RT2560, as sold in a Fujitsu-Siemens Amilo A 1630), I've been hitting the following Panic twice: BUG: unable to handle kernel NULL pointer derference at virtual address 00000218 [...] EIP is at ieee80211_ibss_add_sta+0xae/0x130 [...] EIP: [] ieee_80211_ibss_add_sta+0xae/0x130 SS:ESP 0068:f641dc38 Kernel panic - not syncing: Fatal exception in interrupt The bug seems to be triggered as soon as the stack tries to join my router's ad-hoc; it happen either directly when doing "ip l s wlan0 up" as well as when doing "iwconfig wlan0 essid equinox" (when it did not immediately find the network). Kernel version is 2.6.21-ge42d23f4 (git checkout from git://git.kernel.org/pub/scm/linux/kernel/git/linville/wireless-dev, about a few hours old.) Full information set available at http://celeste.diac24.net/rtpanic/ (includes pictures of the panics, in case I have a typo somewhere) Requests for more information / patches welcome, but expect delayed response. More information attached. Greetings, David Lamparter --NMuMz9nt05w80d4+ Content-Type: text/plain; charset=utf-8 Content-Description: panic text Content-Disposition: inline; filename=bugtext BUG: unable to handle kernel NULL pointer derference at virtual address 00000218 printing eip: c05773fe *pde = 00000000 Oops: 0000 [#1] PREEMPT Modules linked in: rt2500pci rt2x00pci rt2x00lib radeon drm CPU: 0 EIP: 0060:[] Not tainted VLI EFLAGS: 0010286 (2.6.21-ge42d23f3 #8) EIP is at ieee80211_ibss_add_sta+0xae/0x130 eax: f76292c0 ebx: f78c381c ecx: 00000000 edx: 00000102 esi: f6a091a0 edi: f76292c0 ebp: f6bb8000 esp: f641dc38 ds: 007b es: 007b fs: 0000 gs: 0033 ss: 0068 Process ip (pid: 1621, ti=f641c000 task=f78f8c30 task.ti=f641c000) Stack: 00000020 f782f800 00000000 00000001 000000e3 0000000f 000000ae 000000eb f6bb8000 f6a091a0 c193e8c0 f78c3822 f6bb83a0 00000002 f78c3812 c0569b8a f78c381c df82f5ea f7e90458 f7cfea10 00000001 f7cfea28 00000018 00000000 Call Trace: [] __ieee80211_rx+0xa5a/0xc10 [] dentry_iput+0xda/0x120 [] ieee80211_tasklet_handler+0xaf/0xe0 [] _atomic_dec_and_loc+0x2f/0x50 [] tasklet_action+0x33/0x70 [] __do_softirq+0x52/0xa0 [] do_softirq+0x45/0x50 [] local_bh_enable+0x53/0xa0 [] dev_mc_upload+0x3b/0x50 [] dev_open+0x5c/0x80 [] ieee80211_open+0x317/0x420 [] __do_softirq+0x66/0xa0 [] dev_open+0x39/0x80 [] dev_change_flags+0x5c/0x140 [] devinet_ioctl+0x563/0x6e0 [] sock_ioctl+0x0/0x1c0 [] sock_ioctl+0xaf/0x1c0 [] sock_ioctl+0x0/0x1c0 [] do_ioctl+0x2b/0x90 [] vfs_ioctl+0x5c/0x2b0 [] sys_ioctl+0x3d/0x70 [] sysenter_past_esp+0x5f/0x85 ======================= Code: 00 00 00 c7 04 24 5c 09 6d c0 89 44 24 04 e8 fa 5f ba ff 89 d9 89 ea 89 f0 c7 04 24 20 00 00 00 e8 48 d1 ff ff 85 c0 89 c7 74 95 18 02 00 00 8b 97 8c 00 00 00 89 f1 89 47 64 8b 87 88 00 00 EIP: [] ieee_80211_ibss_add_sta+0xae/0x130 SS:ESP 0068:f641dc38 Kernel panic - not syncing: Fatal exception in interrupt --NMuMz9nt05w80d4+ Content-Type: text/plain; charset=utf-8 Content-Description: kernel version Content-Disposition: inline; filename=proc_version Linux version 2.6.21-ge42d23f4 (root@neptune) (gcc version 4.1.2) #8 PREEMPT Tue May 15 14:08:04 CEST 2007 --NMuMz9nt05w80d4+ Content-Type: text/plain; charset=utf-8 Content-Description: lspci output Content-Disposition: attachment; filename=lspci 00:00.0 Host bridge: Silicon Integrated Systems [SiS] 755 Host (rev 01) Subsystem: Silicon Integrated Systems [SiS] 755 Host Control: I/O+ Mem+ BusMaster+ SpecCycle- MemWINV- VGASnoop- ParErr- Stepping- SERR- FastB2B- Status: Cap+ 66MHz- UDF- FastB2B- ParErr- DEVSEL=medium >TAbort- SERR- TAbort- SERR- TAbort- Reset- FastB2B- 00:02.0 ISA bridge: Silicon Integrated Systems [SiS] SiS963 [MuTIOL Media IO] (rev 25) Control: I/O+ Mem+ BusMaster+ SpecCycle+ MemWINV- VGASnoop- ParErr- Stepping- SERR- FastB2B- Status: Cap- 66MHz- UDF- FastB2B- ParErr- DEVSEL=medium >TAbort- SERR- TAbort- SERR- TAbort- SERR- TAbort- SERR- TAbort- SERR- TAbort- SERR- TAbort- SERR- TAbort- SERR- TAbort- SERR- TAbort- SERR- TAbort- SERR- Reset- 16bInt+ PostWrite+ 16-bit legacy interface ports at 0001 00:09.1 CardBus bridge: O2 Micro, Inc. OZ711M1/MC1 4-in-1 MemoryCardBus Controller (rev 20) Subsystem: Fujitsu Siemens Computer GmbH Unknown device 105f Control: I/O+ Mem+ BusMaster+ SpecCycle- MemWINV- VGASnoop- ParErr- Stepping+ SERR- FastB2B- Status: Cap+ 66MHz- UDF- FastB2B- ParErr- DEVSEL=slow >TAbort- SERR- Reset- 16bInt+ PostWrite+ 16-bit legacy interface ports at 0001 00:09.2 System peripheral: O2 Micro, Inc. OZ711Mx 4-in-1 MemoryCardBus Accelerator Subsystem: Fujitsu Siemens Computer GmbH Unknown device 105f Control: I/O+ Mem+ BusMaster- SpecCycle- MemWINV- VGASnoop- ParErr- Stepping- SERR+ FastB2B- Status: Cap+ 66MHz- UDF- FastB2B- ParErr- DEVSEL=slow >TAbort- SERR- TAbort- SERR- TAbort- SERR- TAbort- SERR- TAbort- SERR- TAbort- SERR- TAbort- SERR-