[rt2x00-users] [RFT] rt2x00: Tear down BA session on QoS frame failure
Andreas Hartmann
andihartmann at 01019freenet.de
Fri Apr 20 15:41:47 EST 2012
Helmut Schaa wrote:
> On Thu, Apr 19, 2012 at 2:10 PM, Andreas Hartmann
> <andihartmann at 01019freenet.de> wrote:
>> The crash didn't disappear :-(. But I have to say, that the machine does
>> not crash with this small patch, as long as ieee80211_stop_tx_ba_session
>> isn't called by rt2x00lib_txdone().
>
> Yeah, understood. I'm still not sure why it's crashing at that point ...
I managed to get a (usable) dump. This said, there would be a NULL
pointer dereference in ieee80211_stop_tx_ba_session.
Therefore I searched for a NULL pointer in ieee80211_stop_tx_ba_session
and found this:
struct ieee80211_sub_if_data *sdata = sta->sdata;
if (!sdata) {
printk(KERN_DEBUG "sdata is null\n");
return -EINVAL;
}
But I'm not sure, if it is always sdata, which is null, because as you
already know, I was able to go before rcu_dereference_protected_tid_tx,
too, without a crash. Strange.
These are the essentials of a dump:
BUG: unable to handle kernel NULL pointer dereference at 00000000000002a0
ieee80211_stop_tx_ba_session
PID: 0, comm: swapper
RIP: 0010 ieee80211_stop_tx_ba_session [mac80211]
Call Trace:
rtx200lib_txdone
rt2800_txdone_entry
rt2800pci_txdone
rt2800pci_txstatus_tasklet
tasklet_action
__do_softirq
call_softirq
do_softirq
irq_exit
do_IRQ
common_interrupt
arch_local_irqenable
acpi_idle_enter_simple
cpuidle_idle_call
cpu_idle
start_kernel
x86_64_start_kernel
Kernel panic - not syncing: Fatal exception in interrupt
Hope that helps to get things clearer.
Regards,
Andreas
More information about the users
mailing list