After
ifconfig wlan1 down
iwconfig wlan1 mode managed essid huhu
ifconfig wlan1 up
ifconfig wlan1 down
iwconfig wlan1 mode ad-hoc essid huhu_a channel 1
ar9170 crashes (see below for the syslog).
It seems like ar9170_op_bss_info_changed() is called with ar->vif == NULL
(i.e. ((struct ar9170 *)hw->priv)->vif == NULL), while parameter vif != NULL and
changed & (BSS_CHANGED_BEACON | BSS_CHANGED_BEACON_ENABLED) is non-zero.
ar->vif is passed unchecked to ieee80211_beacon_get().
Is this something ar9170 is supposed to handle or a bug in cfg80211/mac80211?
Is a driver's *bss_info_changed proc called while the netdev is closed?
Regards,
Joerg
Aug 2 10:15:42 nc10 kernel: [ 7174.202095] BUG: unable to handle kernel NULL pointer dereference at (null)
Aug 2 10:15:42 nc10 kernel: [ 7174.202118] IP: [<f8ecf27f>] ieee80211_beacon_get+0x1f/0x2a0 [mac80211]
Aug 2 10:15:42 nc10 kernel: [ 7174.202183] *pde = 00000000
Aug 2 10:15:42 nc10 kernel: [ 7174.202194] Oops: 0000 [#1] SMP
Aug 2 10:15:42 nc10 kernel: [ 7174.202206] last sysfs file: /sys/devices/LNXSYSTM:00/device:00/PNP0A08:00/device:23/PNP0C09:00/PNP0C0A:00/power_supply/BAT1/charge_full
Aug 2 10:15:42 nc10 kernel: [ 7174.202573]
Aug 2 10:15:42 nc10 kernel: [ 7174.202586] Pid: 23223, comm: iwconfig Not tainted (2.6.30 #1) NC10
Aug 2 10:15:42 nc10 kernel: [ 7174.202599] EIP: 0060:[<f8ecf27f>] EFLAGS: 00010297 CPU: 1
Aug 2 10:15:42 nc10 kernel: [ 7174.202648] EIP is at ieee80211_beacon_get+0x1f/0x2a0 [mac80211]
Aug 2 10:15:42 nc10 kernel: [ 7174.202660] EAX: 00000000 EBX: f6d461c0 ECX: f66807cc EDX: fffffbb8
Aug 2 10:15:42 nc10 kernel: [ 7174.202672] ESI: f66807cc EDI: 00000200 EBP: f5fb1cf4 ESP: f5fb1cc0
Aug 2 10:15:42 nc10 kernel: [ 7174.202683] DS: 007b ES: 007b FS: 00d8 GS: 0033 SS: 0068
Aug 2 10:15:42 nc10 kernel: [ 7174.202696] Process iwconfig (pid: 23223, ti=f5fb0000 task=d35918e0 task.ti=f5fb0000)
Aug 2 10:15:42 nc10 kernel: [ 7174.202706] Stack:
Aug 2 10:15:42 nc10 kernel: [ 7174.202713] c04e53b8 00000000 c064aac0 f7424018 f77c9000 f7424018 f5fb1f00 fffffbb8
Aug 2 10:15:42 nc10 kernel: [ 7174.202739] 00000000 00000246 f6d46a20 f66807cc 00000200 f5fb1d2c fa03dde6 c01fcde6
Aug 2 10:15:42 nc10 kernel: [ 7174.202767] 00000178 00000174 f6d46a20 f5fb1d14 f5fb1d58 c0145ecc 00000000 f5fb1d2c
Aug 2 10:15:42 nc10 kernel: [ 7174.202797] Call Trace:
Aug 2 10:15:42 nc10 kernel: [ 7174.202807] [<fa03dde6>] ? ar9170_update_beacon+0x16/0x430 [ar9170usb]
Aug 2 10:15:42 nc10 kernel: [ 7174.202836] [<c01fcde6>] ? proc_alloc_inode+0x16/0x70
Aug 2 10:15:42 nc10 kernel: [ 7174.202857] [<c0145ecc>] ? __cancel_work_timer+0x3c/0x160
Aug 2 10:15:42 nc10 kernel: [ 7174.202876] [<fa03b205>] ? ar9170_op_bss_info_changed+0xb5/0x120 [ar9170usb]
Aug 2 10:15:42 nc10 kernel: [ 7174.202901] [<fa03b150>] ? ar9170_op_bss_info_changed+0x0/0x120 [ar9170usb]
Aug 2 10:15:42 nc10 kernel: [ 7174.202926] [<f8ebcf38>] ? ieee80211_bss_info_change_notify+0xf8/0x1c0 [mac80211]
Aug 2 10:15:42 nc10 kernel: [ 7174.202973] [<f8ec1a99>] ? ieee80211_ibss_leave+0x79/0xc0 [mac80211]
Aug 2 10:15:42 nc10 kernel: [ 7174.203020] [<f8ec9f7e>] ? ieee80211_leave_ibss+0xe/0x10 [mac80211]
Aug 2 10:15:42 nc10 kernel: [ 7174.203070] [<f8c5a312>] ? __cfg80211_leave_ibss+0x52/0x80 [cfg80211]
Aug 2 10:15:42 nc10 kernel: [ 7174.203116] [<f8c5a9d6>] ? cfg80211_ibss_wext_siwessid+0x76/0x120 [cfg80211]
Aug 2 10:15:42 nc10 kernel: [ 7174.203158] [<f8c5cdb7>] ? cfg80211_wext_siwessid+0x57/0x70 [cfg80211]
Aug 2 10:15:42 nc10 kernel: [ 7174.203198] [<c04b6ad9>] ? ioctl_standard_call+0x199/0x3a0
Aug 2 10:15:42 nc10 kernel: [ 7174.203218] [<c03fe66d>] ? __dev_get_by_name+0x7d/0xa0
Aug 2 10:15:42 nc10 kernel: [ 7174.203237] [<c04b65ef>] ? wext_handle_ioctl+0x14f/0x220
Aug 2 10:15:42 nc10 kernel: [ 7174.203253] [<f8c5cd60>] ? cfg80211_wext_siwessid+0x0/0x70 [cfg80211]
Aug 2 10:15:42 nc10 kernel: [ 7174.203294] [<c03ff1d0>] ? dev_ioctl+0x460/0x540
Aug 2 10:15:42 nc10 kernel: [ 7174.203312] [<c03ee150>] ? sock_ioctl+0x0/0x260
Aug 2 10:15:42 nc10 kernel: [ 7174.203328] [<c03ee23d>] ? sock_ioctl+0xed/0x260
Aug 2 10:15:42 nc10 kernel: [ 7174.203344] [<c03ee150>] ? sock_ioctl+0x0/0x260
Aug 2 10:15:42 nc10 kernel: [ 7174.203358] [<c01cc048>] ? vfs_ioctl+0x28/0x80
Aug 2 10:15:42 nc10 kernel: [ 7174.203376] [<c01cc112>] ? do_vfs_ioctl+0x72/0x580
Aug 2 10:15:42 nc10 kernel: [ 7174.203392] [<c01a7596>] ? unmap_region+0x106/0x130
Aug 2 10:15:42 nc10 kernel: [ 7174.203408] [<c01a7606>] ? remove_vma+0x46/0x60
Aug 2 10:15:42 nc10 kernel: [ 7174.203423] [<c01a7606>] ? remove_vma+0x46/0x60
Aug 2 10:15:42 nc10 kernel: [ 7174.203437] [<c01a8483>] ? do_munmap+0x223/0x280
Aug 2 10:15:42 nc10 kernel: [ 7174.203453] [<c01cc683>] ? sys_ioctl+0x63/0x70
Aug 2 10:15:42 nc10 kernel: [ 7174.203469] [<c0102fc4>] ? sysenter_do_call+0x12/0x22
Aug 2 10:15:42 nc10 kernel: [ 7174.203487] Code: 7d e4 c6 45 eb fe e9 51 ff ff ff 90 55 89 e5 57 56 53 89 c3 83 ec 28 89 55 d0 8b 40 1c 81 ea 48 04 00 00 8b 00 89 55 e8 89 45 ec
<8b> 82 48 04 00 00 83 f8 03 0f 84 2a 01 00 00 83 f8 01 0f 84 49
Aug 2 10:15:42 nc10 kernel: [ 7174.203631] EIP: [<f8ecf27f>] ieee80211_beacon_get+0x1f/0x2a0 [mac80211] SS:ESP 0068:f5fb1cc0
Aug 2 10:15:42 nc10 kernel: [ 7174.203687] CR2: 0000000000000000
Aug 2 10:15:42 nc10 kernel: [ 7174.203699] ---[ end trace 0732cb3688c4eefe ]---
--
To unsubscribe from this list: send the line "unsubscribe linux-wireless" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
