Latest working kernel version: 2.6.26-rc2 Earliest failing kernel version: 2.6.26-rc3 Distribution: Debian Hardware Environment: Lenovo Thinkpad R61 (8943-DLG) Software Environment: Problem Description: iwl3945 trying to associate to an AP leads to a kernel oops. The current (2008/05/19) linuxwireless.org compat-wireless driver is affected, too.
Created attachment 16207 [details] Dmesg output (2.6.26-rc3)
Reply-To: akpm@linux-foundation.org On Mon, 19 May 2008 15:56:01 -0700 (PDT) bugme-daemon@bugzilla.kernel.org wrote: > http://bugzilla.kernel.org/show_bug.cgi?id=10755 > > Summary: iwl3945 regression - NULL deref in ieee80211_associate > Product: Drivers > Version: 2.5 > KernelVersion: 2.6.26-rc3 > Platform: All > OS/Version: Linux > Tree: Mainline > Status: NEW > Severity: normal > Priority: P1 > Component: network-wireless > AssignedTo: drivers_network-wireless@kernel-bugs.osdl.org > ReportedBy: jckn@gmx.net > > > Latest working kernel version: 2.6.26-rc2 > Earliest failing kernel version: 2.6.26-rc3 > Distribution: Debian > Hardware Environment: Lenovo Thinkpad R61 (8943-DLG) > Software Environment: > Problem Description: iwl3945 trying to associate to an AP leads to a kernel > oops. The current (2008/05/19) linuxwireless.org compat-wireless driver is > affected, too. > A post-2.6.25 regression. EIP is at ieee80211_associate+0x253/0x640 [mac80211] and it might not be iwl3945-specific.
Jan, can you attach your net/mac80211/mlme.o to this bug?
Andrew Morton wrote: > On Mon, 19 May 2008 15:56:01 -0700 (PDT) > bugme-daemon@bugzilla.kernel.org wrote: > >> http://bugzilla.kernel.org/show_bug.cgi?id=10755 >> >> Summary: iwl3945 regression - NULL deref in ieee80211_associate >> Product: Drivers >> Version: 2.5 >> KernelVersion: 2.6.26-rc3 >> Platform: All >> OS/Version: Linux >> Tree: Mainline >> Status: NEW >> Severity: normal >> Priority: P1 >> Component: network-wireless >> AssignedTo: drivers_network-wireless@kernel-bugs.osdl.org >> ReportedBy: jckn@gmx.net >> >> >> Latest working kernel version: 2.6.26-rc2 >> Earliest failing kernel version: 2.6.26-rc3 >> Distribution: Debian >> Hardware Environment: Lenovo Thinkpad R61 (8943-DLG) >> Software Environment: >> Problem Description: iwl3945 trying to associate to an AP leads to a kernel >> oops. The current (2008/05/19) linuxwireless.org compat-wireless driver is >> affected, too. >> > > A post-2.6.25 regression. > > EIP is at ieee80211_associate+0x253/0x640 [mac80211] > > and it might not be iwl3945-specific. This bug looks like the one I found and reported in http://marc.info/?l=linux-wireless&m=121097330013277&w=2. I found it for b43 - it is clearly not iwl3945 specific. The patch is in version 4 and probably not the final one, but it fixes the oops. You will find the patch at http://marc.info/?l=linux-wireless&m=121120929012836&w=2. We know that bss is NULL when mac80211 tries to associate; however, I had only one of these that happened after my interface had been connected to my AP for ~18 hours, then got disassociated, followed by the oops. It sounds as if jckn@gmx.net might be getting this systematically and there is hope to find the root cause so as to prevent the problem rather than covering over the symptoms as is done with the patch. In any case, there is a fix in the works. I have added Johannes and Helmut to the CC list. Larry
Yes, I can reliably reproduce the bug - I'm getting this right after bootup (i.e. without having been associated before). Shall I try to investigate, or are the cause and the circumstances of this bug already known?
Created attachment 16213 [details] net/mac80211/mlme.o from my 2.6.26-rc3 build tree
Jan, can you apply the patch here: http://marc.info/?l=linux-wireless&m=121127020512169&w=2 Does it resolve the issue for you?
*** Bug 10758 has been marked as a duplicate of this bug. ***
Regressions list annotation: References : http://marc.info/?l=linux-kernel&m=121114227216807&w=2 Handled-By : John W. Linville <mailto:linville@tuxdriver.com> Handled-By : Helmut Schaa <hschaa@suse.de> Patch : http://marc.info/?l=linux-wireless&m=121127020512169&w=2
Yes, that patch fixes the bug - but I gather from the thread on linux-wireless that this is merely a workaround? I thought this is a rc2->rc3 regression? Or is bss (now) allowed to be NULL down there? Anyway, let me know if I can help.
Sent upstream via Dave M. yesterday evening...
Which commit is this in the Linus' tree?
commit 0d580a774b3682b8b2b5c89ab9b813d149ef28e7 Author: Helmut Schaa <hschaa@suse.de> Date: Tue May 20 09:56:37 2008 +0200 mac80211: fix NULL pointer dereference in ieee80211_compatible_rates