2009-05-15 14:40:45

by Ken Lewis

[permalink] [raw]
Subject: Regression: 2.6.30-rc5 and rt2x00 / rt2500pci

I've been looking for a bug in Linux-Next that makes my rt2500pci
wireless card unusable. When testing 2.6.30-rc5, I saw the following
bug while trying to associate with a WPA-PSK encrypted access point.
It's a regression over 2.6.30-rc4 and I'm trying to git-bisect my way
to the source of the problem. I think that a problem in the same area
is stopping my card from associating when using a kernel from
linux-next also.

I've attached my config. System is x86_64 running Debian Sid.

BUG: unable to handle kernel NULL pointer dereference at 0000000000000018
IP: [<ffffffff8066f7ad>] minstrel_alloc_sta+0x43/0xaa
PGD 7e086067 PUD 7f04c067 PMD 0
Oops: 0000 [#1] SMP
last sysfs file: /sys/block/sda/size
CPU 0
Modules linked in:
Pid: 1195, comm: phy0 Not tainted 2.6.30-rc5 #1 MS-1029
RIP: 0010:[<ffffffff8066f7ad>] ?[<ffffffff8066f7ad>]
minstrel_alloc_sta+0x43/0xaa
RSP: 0018:ffff88007f199bf0 ?EFLAGS: 00010206
RAX: 0000000000000000 RBX: ffff88007d0ab660 RCX: ffff88007ef1c0c0
RDX: 000000000000000c RSI: 0000000000000020 RDI: 0000000000000000
RBP: ffff88007f199c10 R08: ffffffff80a96165 R09: 000000000000000d
R10: 0000000000000000 R11: 000000000000000a R12: ffff88007ef1c260
R13: 0000000000000020 R14: ffff88007f82f600 R15: 0000000000000020
FS: ?00007f7869ce3950(0000) GS:ffff880001010000(0000) knlGS:0000000000000000
CS: ?0010 DS: 0018 ES: 0018 CR0: 000000008005003b
CR2: 0000000000000018 CR3: 000000007d55f000 CR4: 00000000000006e0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000400
Process phy0 (pid: 1195, threadinfo ffff88007f198000, task ffff88007f04b3c0)
Stack:
ffff88007f199c10 ffff8800625a1000 ffff88007ef1c260 ffff88007f82f8c0
ffff88007f199c50 ffffffff80658fab 00000000000065c2 0000000000000000
ffff88007f82f600 0000000000000097 ffff880062460001 ffff88006aa12042
Call Trace:
[<ffffffff80658fab>] sta_info_alloc+0x95/0x139
[<ffffffff8065f5ae>] ieee80211_rx_mgmt_assoc_resp+0x2b4/0x97e
[<ffffffff805c849a>] ? dev_hard_start_xmit+0x1e5/0x25f
[<ffffffff80296ac7>] ? virt_to_head_page+0x9/0x2a
[<ffffffff806606a9>] ieee80211_sta_work+0x2b2/0x8e5
[<ffffffff806603f7>] ? ieee80211_sta_work+0x0/0x8e5
[<ffffffff806603f7>] ? ieee80211_sta_work+0x0/0x8e5
[<ffffffff802499ec>] worker_thread+0x125/0x1b8
[<ffffffff8024d3ac>] ? autoremove_wake_function+0x0/0x38
[<ffffffff802498c7>] ? worker_thread+0x0/0x1b8
[<ffffffff802498c7>] ? worker_thread+0x0/0x1b8
[<ffffffff8024d00e>] kthread+0x56/0x83
[<ffffffff8020bfba>] child_rip+0xa/0x20
[<ffffffff8024cfb8>] ? kthread+0x0/0x83
[<ffffffff8020bfb0>] ? child_rip+0x0/0x20
Code: 00 00 e8 50 ff ff ff 31 ff 48 85 c0 48 89 c3 74 75
?49 8b 4c 24 28 31 d2 44 89 ee 48 8b 41 20 83 78 18 00 0f
?49 50 18 48 8b 41 28 <8b> 40 18 39 c2 41 89 c4 44 0f 4d e2
?49 63 fc 48 6b ff 58 e8 14
RIP ?[<ffffffff8066f7ad>] minstrel_alloc_sta+0x43/0xaa
RSP <ffff88007f199bf0>
CR2: 0000000000000018
---[ end trace a2d03a6f3c971461 ]---

Take care.
Ken.


Attachments:
config.txt (48.47 kB)

2009-05-17 15:38:58

by Ken Lewis

[permalink] [raw]
Subject: Re: Regression: 2.6.30-rc5 and rt2x00 / rt2500pci

2009/5/15 John W. Linville <[email protected]>:
> On Fri, May 15, 2009 at 03:40:44PM +0100, Ken Lewis wrote:
>> I've been looking for a bug in Linux-Next that makes my rt2500pci
>> wireless card unusable. ...
>
> Please apply this patch:
>
> ? ? ? ?http://www.kernel.org/pub/linux/kernel/people/linville/wireless-2.6/0002-mac80211-avoid-NULL-ptr-deref-when-finding-max_rate.patch
>
> A pull request was sent to Dave M. a couple of days ago. ?I imagine
> that it will make its way to Linus shortly.

Thank you, John. The patch makes 2.6.30-rc5 work for me -- no more bug
dump and the wireless card works fine.

I'm about to try and see if it *also* makes rt2x00 work when applied
against the linux-next tree (and next-20090515 in particular).

Take care.
Ken.Lewis

2009-05-15 15:00:11

by John W. Linville

[permalink] [raw]
Subject: Re: Regression: 2.6.30-rc5 and rt2x00 / rt2500pci

On Fri, May 15, 2009 at 03:40:44PM +0100, Ken Lewis wrote:
> I've been looking for a bug in Linux-Next that makes my rt2500pci
> wireless card unusable. When testing 2.6.30-rc5, I saw the following
> bug while trying to associate with a WPA-PSK encrypted access point.
> It's a regression over 2.6.30-rc4 and I'm trying to git-bisect my way
> to the source of the problem. I think that a problem in the same area
> is stopping my card from associating when using a kernel from
> linux-next also.

Please apply this patch:

http://www.kernel.org/pub/linux/kernel/people/linville/wireless-2.6/0002-mac80211-avoid-NULL-ptr-deref-when-finding-max_rate.patch

A pull request was sent to Dave M. a couple of days ago. I imagine
that it will make its way to Linus shortly.

John
--
John W. Linville Someday the world will need a hero, and you
[email protected] might be all we have. Be ready.

2009-05-18 13:15:15

by John W. Linville

[permalink] [raw]
Subject: Re: Regression: 2.6.30-rc5 and rt2x00 / rt2500pci

On Sun, May 17, 2009 at 04:38:58PM +0100, Ken Lewis wrote:
> 2009/5/15 John W. Linville <[email protected]>:
> > On Fri, May 15, 2009 at 03:40:44PM +0100, Ken Lewis wrote:
> >> I've been looking for a bug in Linux-Next that makes my rt2500pci
> >> wireless card unusable. ...
> >
> > Please apply this patch:
> >
> > ? ? ? ?http://www.kernel.org/pub/linux/kernel/people/linville/wireless-2.6/0002-mac80211-avoid-NULL-ptr-deref-when-finding-max_rate.patch
> >
> > A pull request was sent to Dave M. a couple of days ago. ?I imagine
> > that it will make its way to Linus shortly.
>
> Thank you, John. The patch makes 2.6.30-rc5 work for me -- no more bug
> dump and the wireless card works fine.
>
> I'm about to try and see if it *also* makes rt2x00 work when applied
> against the linux-next tree (and next-20090515 in particular).

I'm guessing it didn't help with this part, since -next should have
already had the patch...?

John
--
John W. Linville Someday the world will need a hero, and you
[email protected] might be all we have. Be ready.