Thread: [zd1211-devs] 2.6.20-rc2-mm1: BUG at crypto/blkcipher.c:317 blkcipher_walk_first, then Oops
Status: Beta
Brought to you by:
mayne
From: Laurent R. <lau...@fr...> - 2006-12-30 11:52:33
|
Hello, I'm using zd1211rw from wireless-dev branch of Daniel Drake's git tree, with WPA encryption. zd1211rw 1-1:1.0: firmware version 4725 zd1211rw 1-1:1.0: zd1211b chip 079b:0062 v4810 full 00-60-b3 AL2230_RF pa0 g--- It used to work fine: it works reliably with 2.6.20-rc1-mm1 or 2.6.20-rc2-dirty (2.6.20-rc2 + "ieee80211softmac: Fix mutex_lock at exit of ieee80211_softmac_get_genie" from Ulrich Kunitz + "ieee80211softmac: Fix errors related to the work_struct changes" from Ulrich Kunitz) But now, it oops with 2.6.20-rc2-mm1 (see BUG output below). The BUG at crypto/blkcipher.c:317 does not happen every time, but it always oops at arc4_crypt (seems to be line 67 "*out++ = *in ^ S[(a + b) & 0xff];", I guess "out" is invalid). Any idea why this happens ? I'm planning to start a bisection over the -mm series to find the offending patch. 2.6.20-rc2-mm1 ~~~~~~~~~~~~~~ BUG: at crypto/blkcipher.c:317 blkcipher_walk_first() [<c0104ddf>] show_trace_log_lvl+0x1a/0x2f [<c01054ab>] show_trace+0x12/0x14 [<c010555d>] dump_stack+0x16/0x18 [<e12a86b1>] blkcipher_walk_first+0x62/0x1a5 [blkcipher] [<e12a880e>] blkcipher_walk_virt+0xc/0xe [blkcipher] [<e124d03e>] crypto_ecb_crypt+0x23/0x75 [ecb] [<e124d0be>] crypto_ecb_decrypt+0x2e/0x34 [ecb] [<e12bdf1d>] ieee80211_tkip_decrypt+0x34c/0x526 [ieee80211_crypt_tkip] [<e12b075d>] ieee80211_rx+0x446/0xaac [ieee80211] [<e12c597f>] zd_mac_rx+0x344/0x390 [zd1211rw] [<e12c7c6a>] handle_rx_packet+0x6a/0x72 [zd1211rw] [<e12c8789>] rx_urb_complete+0x13f/0x156 [zd1211rw] [<e0bafc5d>] usb_hcd_giveback_urb+0x15/0x44 [usbcore] [<e087a741>] uhci_giveback_urb+0x115/0x13c [uhci_hcd] [<e087ad7b>] uhci_scan_schedule+0x509/0x77a [uhci_hcd] [<e087c896>] uhci_irq+0x128/0x13e [uhci_hcd] [<e0bb04e5>] usb_hcd_irq+0x24/0x51 [usbcore] [<c0138a11>] handle_IRQ_event+0x21/0x48 [<c0139ce3>] handle_level_irq+0x8f/0xdc [<c010652c>] do_IRQ+0x85/0xa1 [<c01048ab>] common_interrupt+0x23/0x28 [<c01023a6>] cpu_idle+0x47/0x75 [<c010112d>] rest_init+0x37/0x3a [<c0350af9>] start_kernel+0x308/0x30a [<00000000>] run_init_process+0x3feff000/0x19 ======================= BUG: unable to handle kernel paging request at virtual address e12ac000 printing eip: e12ab048 *pde = 1d17b067 *pte = 00000000 Oops: 0000 [#1] PREEMPT last sysfs file: /devices/pci0000:00/0000:00:04.4/i2c-0/0-002d/beep_mask Modules linked in: michael_mic ieee80211_crypt_tkip aes ieee80211_crypt_ccmp arc4 ecb blkcipher ieee80211_crypt_wep ipv6 zd1211rw firmware_class ieee80211softmac ieee80211 ieee80211_crypt snd_seq_oss snd_seq_midi_event snd_seq snd_pcm_oss snd_mixer_oss af_packet snd_ens1371 gameport snd_rawmidi snd_seq_device snd_ac97_codec ac97_bus via686a snd_pcm snd_timer snd_page_alloc w83781d hwmon_vid snd soundcore i2c_isa i2c_viapro binfmt_misc loop nls_iso8859_15 nls_cp850 vfat fat reiser4 reiserfs via_agp agpgart lp parport_pc parport 8250 serial_core pcspkr rtc dm_mirror dm_mod sd_mod pata_via libata scsi_mod CPU: 0 EIP: 0060:[<e12ab048>] Not tainted VLI EFLAGS: 00010097 (2.6.20-rc2-mm1 #61) EIP is at arc4_crypt+0x48/0x6d [arc4] eax: db3e9272 ebx: 00000090 ecx: e12ac000 edx: db3e936e esi: db3e9396 edi: db3e9351 ebp: c034fc18 esp: c034fbfc ds: 007b es: 007b fs: 00d8 gs: 0000 ss: 0068 Process swapper (pid: 0, ti=c034e000 task=c0326400 task.ti=c034e000) Stack: c035079c 7a34fd04 db3e931c 6e353a88 db3e87b3 c035079c e12ac000 c034fc40 e124d060 db3e92e8 c034fc4c c034fd04 00000001 ffffffff db3e92e8 dc303a88 c034fcf4 c034fc88 e124d0be e12ab000 db3e92e8 e12ab4cc dc303a88 c034fc68 Call Trace: [<c0104ddf>] show_trace_log_lvl+0x1a/0x2f [<c0104e8f>] show_stack_log_lvl+0x9b/0xa3 [<c010506f>] show_registers+0x1d8/0x319 [<c01052bc>] die+0x10c/0x221 [<c0114787>] do_page_fault+0x435/0x506 [<c02ac664>] error_code+0x74/0x7c [<e124d060>] crypto_ecb_crypt+0x45/0x75 [ecb] [<e124d0be>] crypto_ecb_decrypt+0x2e/0x34 [ecb] [<b54e2a8f>] 0xb54e2a8f ======================= Code: f2 8b 5d ec 01 d7 8a 17 88 55 f3 02 93 01 01 00 00 0f b6 f2 88 55 eb 01 de 8a 1e 88 8a EIP: [<e12ab048>] arc4_crypt+0x48/0x6d [arc4] SS:ESP 0068:c034fbfc 2.6.20-rc2-mm1 ~~~~~~~~~~~~~~ BUG: unable to handle kernel paging request at virtual address e14ab000 printing eip: *pde = 1efac067 *pte = 00000000 Oops: 0000 [#1] PREEMPT last sysfs file: /devices/pci0000:00/0000:00:04.4/i2c-0/0-002d/beep_mask Modules linked in: michael_mic ieee80211_crypt_tkip aes ieee80211_crypt_ccmp arc4 ecb blkcipher ieee80211_crypt_wep ipv6 zd1211rw firmware_class ieee80211softmac ieee80211 ieee80211_crypt snd_seq_oss snd_seq_midi_event snd_seq snd_pcm_oss snd_mixer_oss af_packet snd_ens1371 via686a gameport snd_rawmidi snd_seq_device snd_ac97_codec ac97_bus snd_pcm snd_timer w83781d hwmon_vid snd_page_alloc i2c_isa snd soundcore i2c_viapro binfmt_misc loop nls_iso8859_15 nls_cp850 vfat fat reiser4 reiserfs via_agp agpgart lp parport_pc parport 8250 serial_core pcspkr rtc fw_ohci fw_core ohci1394 ieee1394 uhci_hcd usbcore sr_mod cdrom dm_mirror dm_mod sd_mod pata_via libata scsi_mod CPU: 0 EIP: 0060:[<e14aa048>] Not tainted VLI EFLAGS: 00010097 (2.6.20-rc2-mm1 #60) EIP is at arc4_crypt+0x48/0x6d [arc4] eax: dc57db67 ebx: 000000a5 ecx: e14ab000 edx: dc57db67 esi: dc57dc11 edi: dc57dba1 ebp: c034fc18 esp: c034fbfc ds: 007b es: 007b fs: 00d8 gs: 0000 ss: 0068 Process swapper (pid: 0, ti=c034e000 task=c0326400 task.ti=c034e000) Stack: c035079c a534fd04 dc57db6c 67350dcc dc57d003 c035079c e14ab000 c034fc40 e1412060 dc57db38 c034fc4c c034fd04 00000001 ffffffff dc57db38 df9b0dcc c034fcf4 c034fc88 e14120be e14aa000 dc57db38 e14aa4cc df9b0dcc c034fc68 Call Trace: [<c0104ddf>] show_trace_log_lvl+0x1a/0x2f [<c0104e8f>] show_stack_log_lvl+0x9b/0xa3 [<c010506f>] show_registers+0x1d8/0x319 [<c01052bc>] die+0x10c/0x221 [<c0114787>] do_page_fault+0x435/0x506 [<c02ac604>] error_code+0x74/0x7c [<e1412060>] crypto_ecb_crypt+0x45/0x75 [ecb] [<e14120be>] crypto_ecb_decrypt+0x2e/0x34 [ecb] [<a8a61ea0>] 0xa8a61ea0 ======================= Code: f2 8b 5d ec 01 d7 8a 17 88 55 f3 02 93 01 01 00 00 0f b6 f2 88 55 eb 01 de 8a 1e 88 1f 8a 55 f3 01 d3 88 16 0f b6 db 8a 44 18 34 <32> 01 8b 5d e4 88 03 8a 45 f2 8b 75 ec 40 88 86 00 01 00 00 8a EIP: [<e14aa048>] arc4_crypt+0x48/0x6d [arc4] SS:ESP 0068:c034fbfc <0>Kernel panic - not syncing: Fatal exception in interrupt -- laurent |
From: Ulrich K. <ku...@de...> - 2006-12-30 19:43:45
|
On 06-12-30 12:52 Laurent Riffard wrote: > But now, it oops with 2.6.20-rc2-mm1 (see BUG output below). The BUG at > crypto/blkcipher.c:317 does not happen every time, but it always oops at arc4_crypt > (seems to be line 67 "*out++ = *in ^ S[(a + b) & 0xff];", I guess "out" is invalid). > > Any idea why this happens ? There have been reports that the crypto routines have now problems if called in interrupt context. It is patched in the wireless-2.6 branch of my GIT tree. Please notify that it contains the signal strength handling code, which is reported to create issues. Regards, Uli -- Uli Kunitz |
From: Laurent R. <lau...@fr...> - 2006-12-30 20:55:09
|
Le 30.12.2006 20:43, Ulrich Kunitz a =E9crit : > On 06-12-30 12:52 Laurent Riffard wrote: >=20 >> But now, it oops with 2.6.20-rc2-mm1 (see BUG output below). The BUG a= t=20 >> crypto/blkcipher.c:317 does not happen every time, but it always oops = at arc4_crypt=20 >> (seems to be line 67 "*out++ =3D *in ^ S[(a + b) & 0xff];", I guess "o= ut" is invalid). >> >> Any idea why this happens ? >=20 > There have been reports that the crypto routines have now problems > if called in interrupt context. It is patched in the wireless-2.6 > branch of my GIT tree. Please notify that it contains the signal > strength handling code, which is reported to create issues. >=20 > Regards, >=20 > Uli I tested your wireless-2.6 branch and it works fine with 2.6.12-rc2-mm1. =20 Many thanks. Oh, I just tested the in-mm-kernel zd1211rw driver: it works well too. Si= nce it appears=20 to be stable enough, I'm going to switch to this version and I won't use = anymore the=20 git-tree versions. Unless if there is a good reason to use a git-tree ver= sion. --=20 laurent |