Return-path: Received: from mail-wi0-f173.google.com ([209.85.212.173]:43015 "EHLO mail-wi0-f173.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1757990Ab3JONAZ convert rfc822-to-8bit (ORCPT ); Tue, 15 Oct 2013 09:00:25 -0400 Received: by mail-wi0-f173.google.com with SMTP id i19so958817wiw.6 for ; Tue, 15 Oct 2013 06:00:24 -0700 (PDT) MIME-Version: 1.0 In-Reply-To: <20131015123112.GB6417@localhost.localdomain> References: <20131015123112.GB6417@localhost.localdomain> Date: Tue, 15 Oct 2013 15:00:24 +0200 Message-ID: (sfid-20131015_150029_034054_DC0F5B55) Subject: Re: [PATCH 3.12] rt2x00: check if device is still available on rt2x00mac_flush() From: Helmut Schaa To: Stanislaw Gruszka Cc: linux-wireless , rt2x00 Users List Content-Type: text/plain; charset=US-ASCII Sender: linux-wireless-owner@vger.kernel.org List-ID: On Tue, Oct 15, 2013 at 2:31 PM, Stanislaw Gruszka wrote: > Fix random kernel panic with below messages when remove dongle. > > [ 2212.355447] BUG: unable to handle kernel NULL pointer dereference at 0000000000000250 > [ 2212.355527] IP: [] rt2x00usb_kick_tx_entry+0x12/0x160 [rt2x00usb] > [ 2212.355599] PGD 0 > [ 2212.355626] Oops: 0000 [#1] SMP > [ 2212.355664] Modules linked in: rt2800usb rt2x00usb rt2800lib crc_ccitt rt2x00lib mac80211 cfg80211 tun arc4 fuse rfcomm bnep snd_hda_codec_realtek snd_hda_intel snd_hda_codec btusb uvcvideo bluetooth snd_hwdep x86_pkg_temp_thermal snd_seq coretemp aesni_intel aes_x86_64 snd_seq_device glue_helper snd_pcm ablk_helper videobuf2_vmalloc sdhci_pci videobuf2_memops videobuf2_core sdhci videodev mmc_core serio_raw snd_page_alloc microcode i2c_i801 snd_timer hid_multitouch thinkpad_acpi lpc_ich mfd_core snd tpm_tis wmi tpm tpm_bios soundcore acpi_cpufreq i915 i2c_algo_bit drm_kms_helper drm i2c_core video [last unloaded: cfg80211] > [ 2212.356224] CPU: 0 PID: 34 Comm: khubd Not tainted 3.12.0-rc3-wl+ #3 > [ 2212.356268] Hardware name: LENOVO 3444CUU/3444CUU, BIOS G6ET93WW (2.53 ) 02/04/2013 > [ 2212.356319] task: ffff880212f687c0 ti: ffff880212f66000 task.ti: ffff880212f66000 > [ 2212.356392] RIP: 0010:[] [] rt2x00usb_kick_tx_entry+0x12/0x160 [rt2x00usb] > [ 2212.356481] RSP: 0018:ffff880212f67750 EFLAGS: 00010202 > [ 2212.356519] RAX: 000000000000000c RBX: 000000000000000c RCX: 0000000000000293 > [ 2212.356568] RDX: ffff8801f4dc219a RSI: 0000000000000000 RDI: 0000000000000240 > [ 2212.356617] RBP: ffff880212f67778 R08: ffffffffa02667e0 R09: 0000000000000002 > [ 2212.356665] R10: 0001f95254ab4b40 R11: ffff880212f675be R12: ffff8801f4dc2150 > [ 2212.356712] R13: 0000000000000000 R14: ffffffffa02667e0 R15: 000000000000000d > [ 2212.356761] FS: 0000000000000000(0000) GS:ffff88021e200000(0000) knlGS:0000000000000000 > [ 2212.356813] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 > [ 2212.356852] CR2: 0000000000000250 CR3: 0000000001a0c000 CR4: 00000000001407f0 > [ 2212.356899] Stack: > [ 2212.356917] 000000000000000c ffff8801f4dc2150 0000000000000000 ffffffffa02667e0 > [ 2212.356980] 000000000000000d ffff880212f677b8 ffffffffa03a31ad ffff8801f4dc219a > [ 2212.357038] ffff8801f4dc2150 0000000000000000 ffff8800b93217a0 ffff8801f49bc800 > [ 2212.357099] Call Trace: > [ 2212.357122] [] ? rt2x00usb_interrupt_txdone+0x90/0x90 [rt2x00usb] > [ 2212.357174] [] rt2x00queue_for_each_entry+0xed/0x170 [rt2x00lib] > [ 2212.357244] [] rt2x00usb_kick_queue+0x5c/0x60 [rt2x00usb] > [ 2212.357314] [] rt2x00queue_flush_queue+0x62/0xa0 [rt2x00lib] > [ 2212.357386] [] rt2x00mac_flush+0x30/0x70 [rt2x00lib] > [ 2212.357470] [] ieee80211_flush_queues+0xbd/0x140 [mac80211] > [ 2212.357555] [] ieee80211_set_disassoc+0x2d2/0x3d0 [mac80211] > [ 2212.357645] [] ieee80211_mgd_deauth+0x1d3/0x240 [mac80211] > [ 2212.357718] [] ? try_to_wake_up+0xec/0x290 > [ 2212.357788] [] ieee80211_deauth+0x18/0x20 [mac80211] > [ 2212.357872] [] cfg80211_mlme_deauth+0x9c/0x140 [cfg80211] > [ 2212.357913] [] cfg80211_mlme_down+0x5c/0x60 [cfg80211] > [ 2212.357962] [] cfg80211_disconnect+0x188/0x1a0 [cfg80211] > [ 2212.358014] [] ? __cfg80211_stop_sched_scan+0x1c/0x130 [cfg80211] > [ 2212.358067] [] cfg80211_leave+0xc4/0xe0 [cfg80211] > [ 2212.358124] [] cfg80211_netdev_notifier_call+0x3ab/0x5e0 [cfg80211] > [ 2212.358177] [] ? inetdev_event+0x38/0x510 > [ 2212.358217] [] ? __wake_up+0x44/0x50 > [ 2212.358254] [] notifier_call_chain+0x4c/0x70 > [ 2212.358293] [] raw_notifier_call_chain+0x16/0x20 > [ 2212.358361] [] call_netdevice_notifiers_info+0x35/0x60 > [ 2212.358429] [] __dev_close_many+0x49/0xd0 > [ 2212.358487] [] dev_close_many+0x88/0x100 > [ 2212.358546] [] rollback_registered_many+0xb0/0x220 > [ 2212.358612] [] unregister_netdevice_many+0x19/0x60 > [ 2212.358694] [] ieee80211_remove_interfaces+0x112/0x190 [mac80211] > [ 2212.358791] [] ieee80211_unregister_hw+0x4f/0x100 [mac80211] > [ 2212.361994] [] rt2x00lib_remove_dev+0x161/0x1a0 [rt2x00lib] > [ 2212.365240] [] rt2x00usb_disconnect+0x2e/0x70 [rt2x00usb] > [ 2212.368470] [] usb_unbind_interface+0x64/0x1c0 > [ 2212.371734] [] __device_release_driver+0x7f/0xf0 > [ 2212.374999] [] device_release_driver+0x23/0x30 > [ 2212.378131] [] bus_remove_device+0x108/0x180 > [ 2212.381358] [] device_del+0x135/0x1d0 > [ 2212.384454] [] usb_disable_device+0xb0/0x270 > [ 2212.387451] [] usb_disconnect+0xad/0x1d0 > [ 2212.390294] [] hub_thread+0x63d/0x1660 > [ 2212.393034] [] ? wake_up_atomic_t+0x30/0x30 > [ 2212.395728] [] ? hub_port_debounce+0x130/0x130 > [ 2212.398412] [] kthread+0xc0/0xd0 > [ 2212.401058] [] ? insert_kthread_work+0x40/0x40 > [ 2212.403639] [] ret_from_fork+0x7c/0xb0 > [ 2212.406193] [] ? insert_kthread_work+0x40/0x40 > [ 2212.408732] Code: 24 58 08 00 00 bf 80 00 00 00 e8 3a c3 e0 e0 5b 41 5c 5d c3 0f 1f 44 00 00 0f 1f 44 00 00 55 48 89 e5 41 57 41 56 41 55 41 54 53 <48> 8b 47 10 48 89 fb 4c 8b 6f 28 4c 8b 20 49 8b 04 24 4c 8b 30 > [ 2212.414671] RIP [] rt2x00usb_kick_tx_entry+0x12/0x160 [rt2x00usb] > [ 2212.417646] RSP > [ 2212.420547] CR2: 0000000000000250 > [ 2212.441024] ---[ end trace 5442918f33832bce ]--- > > Cc: stable@vger.kernel.org > Signed-off-by: Stanislaw Gruszka Good catch Stanislaw! Fix looks good to me. Acked-by: Helmut Schaa > --- > drivers/net/wireless/rt2x00/rt2x00mac.c | 3 +++ > 1 files changed, 3 insertions(+), 0 deletions(-) > > diff --git a/drivers/net/wireless/rt2x00/rt2x00mac.c b/drivers/net/wireless/rt2x00/rt2x00mac.c > index 51f17cf..7c15785 100644 > --- a/drivers/net/wireless/rt2x00/rt2x00mac.c > +++ b/drivers/net/wireless/rt2x00/rt2x00mac.c > @@ -754,6 +754,9 @@ void rt2x00mac_flush(struct ieee80211_hw *hw, u32 queues, bool drop) > struct rt2x00_dev *rt2x00dev = hw->priv; > struct data_queue *queue; > > + if (!test_bit(DEVICE_STATE_PRESENT, &rt2x00dev->flags)) > + return; > + > tx_queue_for_each(rt2x00dev, queue) > rt2x00queue_flush_queue(queue, drop); > } > -- > 1.7.4.4 > > -- > To unsubscribe from this list: send the line "unsubscribe linux-wireless" in > the body of a message to majordomo@vger.kernel.org > More majordomo info at http://vger.kernel.org/majordomo-info.html