I am encountering null pointer dereference when a station associates with my Fedora 22 box which is running as an access point. Wireless card is: 02:00.0 Network controller: Qualcomm Atheros AR928X Wireless Network Adapter (PCI-Express) (rev 01) Subsystem: Qualcomm Atheros Device 3099 Kernel driver in use: ath9k Kernel modules: ath9k relevant software: hostapd-2.4-2.fc22.i686 kernel-PAE-core-4.0.4-301.fc22.i686 kernel-PAE-core-4.0.5-300.fc22.i686 The machine had been running under the 4.0.4 kernel for about a month until it hit this error yesterday. Rebooting it came up in 4.0.5 and each time it hit the error almost immediately. Going back to 4.0.4 it has been stable so far. The actual trace, from the 4.0.5 kernel is: Jun 26 14:51:00 gosford.compton.nu hostapd[820]: wlp2s0: STA cc:fa:00:aa:4e:59 IEEE 802.11: authentication OK (open system) Jun 26 14:51:00 gosford.compton.nu hostapd[820]: wlp2s0: STA cc:fa:00:aa:4e:59 MLME: MLME-AUTHENTICATE.indication(cc:fa:00:aa:4e:59, OPEN_SYSTEM) Jun 26 14:51:00 gosford.compton.nu hostapd[820]: wlp2s0: STA cc:fa:00:aa:4e:59 MLME: MLME-DELETEKEYS.request(cc:fa:00:aa:4e:59) Jun 26 14:51:00 gosford.compton.nu hostapd[820]: wlp2s0: STA cc:fa:00:aa:4e:59 IEEE 802.11: authenticated Jun 26 14:51:00 gosford.compton.nu hostapd[820]: wlp2s0: STA cc:fa:00:aa:4e:59 IEEE 802.11: association OK (aid 1) Jun 26 14:51:00 gosford.compton.nu hostapd[820]: wlp2s0: STA cc:fa:00:aa:4e:59 IEEE 802.11: associated (aid 1) Jun 26 14:51:00 gosford.compton.nu hostapd[820]: wlp2s0: STA cc:fa:00:aa:4e:59 MLME: MLME-ASSOCIATE.indication(cc:fa:00:aa:4e:59) Jun 26 14:51:00 gosford.compton.nu hostapd[820]: wlp2s0: STA cc:fa:00:aa:4e:59 MLME: MLME-DELETEKEYS.request(cc:fa:00:aa:4e:59) Jun 26 14:51:00 gosford.compton.nu kernel: BUG: unable to handle kernel NULL pointer dereference at 0000006c Jun 26 14:51:00 gosford.compton.nu kernel: IP: [<c0a92202>] mutex_lock+0x12/0x30 Jun 26 14:51:00 gosford.compton.nu kernel: *pdpt = 0000000034070001 *pde = 0000000000000000 Jun 26 14:51:00 gosford.compton.nu kernel: Oops: 0002 [#1] SMP Jun 26 14:51:00 gosford.compton.nu kernel: Modules linked in: 8021q garp mrp pppoe pppox ppp_generic slhc ip6t_REJECT nf_nat_ftp nf_reject_ipv6 nf_conntrack_ftp nf_log_ipv4 nf_conntrack_ipv6 nf_defrag_ipv6 ipt_MASQUERADE nf_log_ipv6 nf Jun 26 14:51:00 gosford.compton.nu kernel: CPU: 1 PID: 820 Comm: hostapd Not tainted 4.0.5-300.fc22.i686+PAE #1 Jun 26 14:51:00 gosford.compton.nu kernel: Hardware name: /D945GSEJT , BIOS JT94510H.86A.0025.2009.0306.1639 03/06/2009 Jun 26 14:51:00 gosford.compton.nu kernel: task: f6a2c080 ti: f41c2000 task.ti: f41c2000 Jun 26 14:51:00 gosford.compton.nu kernel: EIP: 0060:[<c0a92202>] EFLAGS: 00210286 CPU: 1 Jun 26 14:51:00 gosford.compton.nu kernel: EIP is at mutex_lock+0x12/0x30 Jun 26 14:51:00 gosford.compton.nu kernel: EAX: 0000006c EBX: 0000006c ECX: c0f66a68 EDX: 80000000 Jun 26 14:51:00 gosford.compton.nu kernel: ESI: f41c3716 EDI: f3e843e0 EBP: f41c36b4 ESP: f41c36b0 Jun 26 14:51:00 gosford.compton.nu kernel: DS: 007b ES: 007b FS: 00d8 GS: 00e0 SS: 0068 Jun 26 14:51:00 gosford.compton.nu kernel: CR0: 80050033 CR2: 0000006c CR3: 34102000 CR4: 000007f0 Jun 26 14:51:00 gosford.compton.nu kernel: Stack: Jun 26 14:51:00 gosford.compton.nu kernel: f47e1000 f41c36d0 c0678ab4 00000012 f41c3728 00000002 f3aa5000 f73a2540 Jun 26 14:51:00 gosford.compton.nu kernel: f41c36f0 c0679203 f3aa5000 f73a2540 f3e843e0 f3aa5000 f73a2540 f3e843e0 Jun 26 14:51:00 gosford.compton.nu kernel: f41c3738 f8a938ae f41c3716 00000012 f8ab0237 f3aa5620 00000001 f41c3716 Jun 26 14:51:00 gosford.compton.nu kernel: Call Trace: Jun 26 14:51:01 gosford.compton.nu kernel: [<c0678ab4>] start_creating+0x44/0xc0 Jun 26 14:51:01 gosford.compton.nu kernel: [<c0679203>] debugfs_create_dir+0x13/0xf0 Jun 26 14:51:01 gosford.compton.nu kernel: [<f8a938ae>] ieee80211_sta_debugfs_add+0x6e/0x490 [mac80211] Jun 26 14:51:01 gosford.compton.nu kernel: [<f898a7a0>] ? ath9k_del_ps_key.isra.18+0x70/0x70 [ath9k] Jun 26 14:51:01 gosford.compton.nu kernel: [<f8a47084>] sta_info_insert_finish+0x514/0x830 [mac80211] Jun 26 14:51:01 gosford.compton.nu kernel: [<c049294d>] ? __enqueue_entity+0x6d/0x80 Jun 26 14:51:01 gosford.compton.nu kernel: [<c0443b6f>] ? native_smp_send_reschedule+0x3f/0x60 Jun 26 14:51:01 gosford.compton.nu kernel: [<c048a838>] ? resched_curr+0x68/0xb0 Jun 26 14:51:01 gosford.compton.nu kernel: [<f8990012>] ? ath_buf_set_rate+0x362/0x410 [ath9k] Jun 26 14:51:01 gosford.compton.nu kernel: [<c049533e>] ? update_curr+0x5e/0x190 Jun 26 14:51:01 gosford.compton.nu kernel: [<c0492afa>] ? sched_slice.isra.50+0x4a/0xb0 Jun 26 14:51:01 gosford.compton.nu kernel: [<c0490a67>] ? __update_cpu_load+0xc7/0x100 Jun 26 14:51:01 gosford.compton.nu kernel: [<c048ca46>] ? scheduler_tick+0x86/0xc0 Jun 26 14:51:01 gosford.compton.nu kernel: [<c04cb57a>] ? ktime_get+0x4a/0x120 Jun 26 14:51:01 gosford.compton.nu kernel: [<c0445c8b>] ? lapic_next_event+0x1b/0x20 Jun 26 14:51:01 gosford.compton.nu kernel: [<c04d399d>] ? clockevents_program_event+0x8d/0x140 Jun 26 14:51:01 gosford.compton.nu kernel: [<c04d5619>] ? tick_program_event+0x29/0x30 Jun 26 14:51:01 gosford.compton.nu kernel: [<c04c67fd>] ? hrtimer_interrupt+0x11d/0x280 Jun 26 14:51:01 gosford.compton.nu kernel: [<c046abfe>] ? irq_exit+0x6e/0xb0 Jun 26 14:51:01 gosford.compton.nu kernel: [<c0446978>] ? smp_apic_timer_interrupt+0x38/0x50 Jun 26 14:51:01 gosford.compton.nu kernel: [<c0a9507c>] ? apic_timer_interrupt+0x34/0x3c Jun 26 14:51:01 gosford.compton.nu kernel: [<c059498d>] ? kmem_cache_alloc_trace+0x1bd/0x1f0 Jun 26 14:51:01 gosford.compton.nu kernel: [<f8aa203d>] ? minstrel_ht_update_rates+0x8d/0xc0 [mac80211] Jun 26 14:51:01 gosford.compton.nu kernel: [<f8aa28a9>] ? minstrel_ht_update_caps+0x369/0x450 [mac80211] Jun 26 14:51:01 gosford.compton.nu kernel: [<f8a4792e>] sta_info_insert_rcu+0x5e/0xa0 [mac80211] Jun 26 14:51:01 gosford.compton.nu kernel: [<f8a5f87f>] ieee80211_add_station+0xbf/0x2e0 [mac80211] Jun 26 14:51:01 gosford.compton.nu kernel: [<f8930ae5>] nl80211_new_station+0x355/0x3d0 [cfg80211] Jun 26 14:51:01 gosford.compton.nu kernel: [<f892b140>] ? nl80211_new_key+0x250/0x250 [cfg80211] Jun 26 14:51:01 gosford.compton.nu kernel: [<c09c4f69>] genl_rcv_msg+0x219/0x390 Jun 26 14:51:01 gosford.compton.nu kernel: [<c09c3f41>] ? netlink_unicast+0x151/0x1b0 Jun 26 14:51:01 gosford.compton.nu kernel: [<c09c4d50>] ? genl_rcv+0x30/0x30 Jun 26 14:51:01 gosford.compton.nu kernel: [<c09c46fe>] netlink_rcv_skb+0x8e/0xb0 Jun 26 14:51:01 gosford.compton.nu kernel: [<c09c4d41>] genl_rcv+0x21/0x30 Jun 26 14:51:01 gosford.compton.nu kernel: [<c09c3efe>] netlink_unicast+0x10e/0x1b0 Jun 26 14:51:01 gosford.compton.nu kernel: [<c09c43fd>] netlink_sendmsg+0x45d/0x5c0 Jun 26 14:51:01 gosford.compton.nu kernel: [<c097ceb3>] do_sock_sendmsg+0x83/0xa0 Jun 26 14:51:01 gosford.compton.nu kernel: [<c097e937>] ___sys_sendmsg+0x1e7/0x240 Jun 26 14:51:01 gosford.compton.nu kernel: [<c097dce0>] ? sock_poll+0x100/0x100 Jun 26 14:51:01 gosford.compton.nu kernel: [<c05be6d2>] ? __d_alloc+0x22/0x130 Jun 26 14:51:01 gosford.compton.nu kernel: [<c059498d>] ? kmem_cache_alloc_trace+0x1bd/0x1f0 Jun 26 14:51:01 gosford.compton.nu kernel: [<c0697f82>] ? selinux_file_alloc_security+0x32/0x50 Jun 26 14:51:01 gosford.compton.nu kernel: [<c0697f82>] ? selinux_file_alloc_security+0x32/0x50 Jun 26 14:51:01 gosford.compton.nu kernel: [<c0697f82>] ? selinux_file_alloc_security+0x32/0x50 Jun 26 14:51:01 gosford.compton.nu kernel: [<c068e8b4>] ? security_file_alloc+0x14/0x20 Jun 26 14:51:01 gosford.compton.nu kernel: [<c05c24f2>] ? __fdget+0x12/0x20 Jun 26 14:51:01 gosford.compton.nu kernel: [<c097f334>] __sys_sendmsg+0x44/0x80 Jun 26 14:51:01 gosford.compton.nu kernel: [<c097ffce>] SYSC_socketcall+0x7fe/0x9c0 Jun 26 14:51:01 gosford.compton.nu kernel: [<c05557f8>] ? ondemand_readahead+0x188/0x240 Jun 26 14:51:01 gosford.compton.nu kernel: [<c055592a>] ? page_cache_async_readahead+0x7a/0x90 Jun 26 14:51:01 gosford.compton.nu kernel: [<c054bdbd>] ? filemap_fault+0xcd/0x460 Jun 26 14:51:01 gosford.compton.nu kernel: [<c097cce8>] ? sock_destroy_inode+0x28/0x30 Jun 26 14:51:01 gosford.compton.nu kernel: [<c097cce8>] ? sock_destroy_inode+0x28/0x30 Jun 26 14:51:01 gosford.compton.nu kernel: [<c05c083f>] ? destroy_inode+0x2f/0x60 Jun 26 14:51:01 gosford.compton.nu kernel: [<c05c0946>] ? evict+0xd6/0x150 Jun 26 14:51:01 gosford.compton.nu kernel: [<c05bc694>] ? dentry_free+0x44/0x90 Jun 26 14:51:01 gosford.compton.nu kernel: [<c05bc694>] ? dentry_free+0x44/0x90 Jun 26 14:51:01 gosford.compton.nu kernel: [<c05bd1c8>] ? dput+0x1b8/0x1f0 Jun 26 14:51:01 gosford.compton.nu kernel: [<c05c4c00>] ? mntput+0x20/0x40 Jun 26 14:51:01 gosford.compton.nu kernel: [<c05a8598>] ? __fput+0x158/0x1d0 Jun 26 14:51:01 gosford.compton.nu kernel: [<c0980263>] SyS_socketcall+0x13/0x20 Jun 26 14:51:01 gosford.compton.nu kernel: [<c0a9475f>] sysenter_do_call+0x12/0x12 Jun 26 14:51:01 gosford.compton.nu kernel: Code: 00 00 c3 8d b6 00 00 00 00 31 c0 5d c3 8d b6 00 00 00 00 8d bf 00 00 00 00 55 89 e5 53 3e 8d 74 26 00 89 c3 e8 40 ef ff ff 89 d8 <f0> ff 08 79 05 e8 14 07 00 00 64 a1 98 00 e9 c0 89 43 1 Jun 26 14:51:01 gosford.compton.nu kernel: EIP: [<c0a92202>] mutex_lock+0x12/0x30 SS:ESP 0068:f41c36b0 Jun 26 14:51:01 gosford.compton.nu kernel: CR2: 000000000000006c Jun 26 14:51:01 gosford.compton.nu kernel: ---[ end trace c87c66d31a89c7e4 ]--- Jun 26 14:51:01 gosford.compton.nu systemd[1]: hostapd.service: main process exited, code=killed, status=9/KILL Jun 26 14:51:01 gosford.compton.nu systemd[1]: Unit hostapd.service entered failed state. Looking at the code, it seems it faulted in start_creating in the debugfs code because d_inode(parent) was null when it tried to lock the inode's mutex. Interestingly from what I can see this is trying to create a file for the station at a path something like: ieee80211/phy0/netdev:XXXX/stations/XXXXXX but in my (currently working) boot under 4.0.4 there is no netdev directory under phy0 in debugfs... but then maybe that is the problem as well if the inode pointer was null? I'm assuming this is actually a mac80211 problem rather than a debugfs problem for now, which is why I'm seeking help here. Tom -- Tom Hughes (tom@xxxxxxxxxx) http://compton.nu/ -- To unsubscribe from this list: send the line "unsubscribe linux-wireless" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
