lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Message-ID:
 <DB7PR02MB3802DA6C4DF13BA6D6A4887CC49AA@DB7PR02MB3802.eurprd02.prod.outlook.com>
Date: Mon, 26 May 2025 00:59:55 +0100
From: Cameron Williams <cang1@...e.co.uk>
To: repk@...plefau.lt, johannes.berg@...el.com,
	linux-wireless@...r.kernel.org, linux-kernel@...r.kernel.org
Subject: [git bisect] kernel panic on insertion/removal of Redpine WiFi module

Hi all
I am seeing a kernel panic when inserting a Redpine RS9113 module to my systems. I have
observed this on stable version 6.12.25 up to and including 6.15.0-rc7 (both x86_64).
Testing on a Raspberry Pi seems to trigger the panic when removing the USB rather than
inserting, though that is using Pi's kernel fork.

I have bisected the commit to 378677eb8f44621ecc9ce659f7af61e5baa94d81
("wifi: mac80211: Purge vif txq in ieee80211_do_stop()").

I am not sure what this commit is doing and how it is affecting the Redpine driver.
This module is mostly found in IoT devices, but I have a sample available if you
need me to test any code changes. The dmesg log is below.
Thank you in advance for any help on this.

=== cut ===
[   67.214584] [    T167] usb 2-2: new high-speed USB device number 3 using xhci_hcd
[   67.345275] [    T167] usb 2-2: New USB device found, idVendor=1618, idProduct=9113, bcdDevice= 0.02
[   67.345294] [    T167] usb 2-2: New USB device strings: Mfr=1, Product=2, SerialNumber=6
[   67.345301] [    T167] usb 2-2: Product: Wireless USB Network Module
[   67.345306] [    T167] usb 2-2: Manufacturer: Redpine Signals, Inc.
[   67.345312] [    T167] usb 2-2: SerialNumber: 000000000001
[   67.430516] [   T1167] rsi_91x: rsi_probe: Initialized os intf ops
[   67.438176] [   T1167] rsi_91x: ================================================
[   67.438180] [   T1167] rsi_91x: ================ RSI Version Info ==============
[   67.438181] [   T1167] rsi_91x: ================================================
[   67.438182] [   T1167] rsi_91x: FW Version	: 1.6.2
[   67.438183] [   T1167] rsi_91x: Operating mode	: 1 [Wi-Fi alone]
[   67.438184] [   T1167] rsi_91x: Firmware file	: rsi/rs9113_wlan_qspi.rps
[   67.438185] [   T1167] rsi_91x: ================================================
[   67.525665] [   T1167] rsi_91x: ***** Firmware Loading successful *****
[   67.525722] [   T1167] usbcore: registered new interface driver RSI-USB WLAN
[   67.543479] [   T1190] rsi_91x: Max Stations Allowed = 32
[   67.550191] [   T1167] RSI-USB WLAN 2-2:1.0 wlp0s20u2: renamed from wlan0
[   67.556261] [    T586] rsi_91x: ===> Interface UP <===
[   67.556286] [    T586] rsi_91x: rsi_disable_ps: Cannot accept disable PS in PS_NONE state
[   67.594527] [    T586] BUG: unable to handle page fault for address: 000000008240a338
[   67.594534] [    T586] #PF: supervisor read access in kernel mode
[   67.594536] [    T586] #PF: error_code(0x0000) - not-present page
[   67.594538] [    T586] PGD 0 P4D 0 
[   67.594540] [    T586] Oops: Oops: 0000 [#1] SMP NOPTI
[   67.594544] [    T586] CPU: 3 UID: 0 PID: 586 Comm: NetworkManager Kdump: loaded Not tainted 6.15.0-rc7 #2 PREEMPT(voluntary)  c20f07b4249bbdea71e46edd15ba51691a5df4d6
[   67.594547] [    T586] Hardware name: Dell Inc. Latitude E7250/0TPHC4, BIOS A19 01/23/2018
[   67.594549] [    T586] RIP: 0010:fq_flow_reset.constprop.0+0x12/0x140 [mac80211]
[   67.594648] [    T586] Code: 00 00 00 00 0f 1f 40 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 0f 1f 44 00 00 41 57 41 56 41 55 41 54 55 48 89 f5 53 <48> 8b 5e 18 4c 8b 3e 48 85 db 74 6c 4c 8d 6e 18 49 39 dd 74 63 49
[   67.594651] [    T586] RSP: 0018:ffffcf7d40dcb418 EFLAGS: 00010202
[   67.594654] [    T586] RAX: ffff8e3e8240a328 RBX: ffff8e3e8240a328 RCX: ffff8e3e82455210
[   67.594656] [    T586] RDX: 000000008240a328 RSI: 000000008240a320 RDI: ffff8e3e824549c0
[   67.594658] [    T586] RBP: 000000008240a320 R08: 0000000000000190 R09: ffffffff967cf0b0
[   67.594660] [    T586] R10: ffff8e3e82455210 R11: 0000000000000246 R12: ffff8e3e8240a338
[   67.594662] [    T586] R13: ffff8e3e82454900 R14: ffff8e3e824549e0 R15: 0000000000000000
[   67.594664] [    T586] FS:  00007f09d9df2280(0000) GS:ffff8e3fffde2000(0000) knlGS:0000000000000000
[   67.594667] [    T586] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   67.594669] [    T586] CR2: 000000008240a338 CR3: 0000000103690002 CR4: 00000000003706f0
[   67.594671] [    T586] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[   67.594673] [    T586] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[   67.594675] [    T586] Call Trace:
[   67.594678] [    T586]  <TASK>
[   67.594681] [    T586]  ieee80211_txq_purge+0x42/0x130 [mac80211 b66c681ff5546b41a64cd4e5f21f037bc2e7ea5d]
[   67.594760] [    T586]  ieee80211_do_stop+0x5a9/0x970 [mac80211 b66c681ff5546b41a64cd4e5f21f037bc2e7ea5d]
[   67.594812] [    T586]  ? synchronize_rcu_expedited+0x1e4/0x220
[   67.594817] [    T586]  ieee80211_stop+0x5b/0x1a0 [mac80211 b66c681ff5546b41a64cd4e5f21f037bc2e7ea5d]
[   67.594864] [    T586]  __dev_close_many+0xd8/0x1c0
[   67.594869] [    T586]  __dev_change_flags+0xe7/0x230
[   67.594873] [    T586]  netif_change_flags+0x26/0x70
[   67.594877] [    T586]  do_setlink.isra.0+0x373/0x1280
[   67.594883] [    T586]  ? __nla_validate_parse+0x5e/0xca0
[   67.594887] [    T586]  ? __alloc_frozen_pages_noprof+0x18d/0x340
[   67.594891] [    T586]  ? __lruvec_stat_mod_folio+0xa4/0xd0
[   67.594895] [    T586]  ? __kmalloc_cache_noprof+0x137/0x3e0
[   67.594898] [    T586]  ? security_capable+0x7d/0x1a0
[   67.594902] [    T586]  rtnl_newlink+0x864/0xbd0
[   67.594906] [    T586]  ? __skb_datagram_iter+0x7b/0x2e0
[   67.594911] [    T586]  ? __wake_up+0x44/0x60
[   67.594915] [    T586]  ? netlink_recvmsg+0x384/0x480
[   67.594919] [    T586]  ? __pfx_rtnl_newlink+0x10/0x10
[   67.594923] [    T586]  rtnetlink_rcv_msg+0x34f/0x3f0
[   67.594927] [    T586]  ? _copy_to_user+0x36/0x50
[   67.594930] [    T586]  ? move_addr_to_user+0x4b/0xf0
[   67.594934] [    T586]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[   67.594938] [    T586]  netlink_rcv_skb+0x4f/0x100
[   67.594943] [    T586]  netlink_unicast+0x27a/0x3d0
[   67.594948] [    T586]  netlink_sendmsg+0x228/0x480
[   67.594952] [    T586]  ____sys_sendmsg+0x35b/0x390
[   67.594957] [    T586]  ___sys_sendmsg+0x99/0xe0
[   67.594963] [    T586]  __sys_sendmsg+0x86/0xe0
[   67.594968] [    T586]  do_syscall_64+0x82/0x820
[   67.594973] [    T586]  ? __sys_recvmsg+0x8e/0xe0
[   67.594986] [    T586]  ? syscall_exit_to_user_mode+0x37/0x1c0
[   67.594990] [    T586]  ? do_syscall_64+0x8e/0x820
[   67.594993] [    T586]  ? syscall_exit_to_user_mode+0x37/0x1c0
[   67.594996] [    T586]  ? do_syscall_64+0x8e/0x820
[   67.594999] [    T586]  ? do_syscall_64+0x8e/0x820
[   67.595002] [    T586]  ? do_syscall_64+0x8e/0x820
[   67.595004] [    T586]  ? do_syscall_64+0x8e/0x820
[   67.595007] [    T586]  entry_SYSCALL_64_after_hwframe+0x76/0x7e
[   67.595011] [    T586] RIP: 0033:0x7f09dacabe22
[   67.595027] [    T586] Code: 08 0f 85 21 41 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 <c3> 66 2e 0f 1f 84 00 00 00 00 00 66 2e 0f 1f 84 00 00 00 00 00 66
[   67.595030] [    T586] RSP: 002b:00007ffd1fc27dd8 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[   67.595034] [    T586] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 00007f09dacabe22
[   67.595036] [    T586] RDX: 0000000000000000 RSI: 00007ffd1fc27e70 RDI: 000000000000000d
[   67.595039] [    T586] RBP: 00007ffd1fc27e10 R08: 0000000000000000 R09: 0000000000000000
[   67.595041] [    T586] R10: 0000000000000000 R11: 0000000000000246 R12: 00005611e474f8e0
[   67.595043] [    T586] R13: 0000000000000055 R14: 00007ffd1fc2800c R15: 0000000000000000
[   67.595047] [    T586]  </TASK>
[   67.595049] [    T586] Modules linked in: rsi_usb rsi_91x btrsi ccm iwlmvm btusb x86_pkg_temp_thermal joydev btrtl intel_powerclamp mousedev btintel coretemp btbcm kvm_intel spi_nor btmtk dell_pc mac80211 cdc_mbim kvm mtd platform_profile bluetooth cdc_wdm cdc_ncm cdc_ether qcserial usbnet mii usb_wwan ext4 irqbypass libarc4 polyval_clmulni polyval_generic ghash_clmulni_intel iwlwifi sha512_ssse3 sha1_ssse3 aesni_intel at24 crypto_simd crc16 dell_laptop mbcache processor_thermal_device_pci_legacy cryptd spi_intel_platform jbd2 intel_soc_dts_iosf iTCO_wdt processor_thermal_device rapl dell_wmi processor_thermal_wt_hint mei_wdt mei_hdcp spi_intel intel_pmc_bxt mei_pxp intel_rapl_msr iTCO_vendor_support ppdev intel_cstate dell_smbios cfg80211 dcdbas dell_smm_hwmon e1000e psmouse processor_thermal_rfim intel_uncore i2c_i801 dell_wmi_descriptor processor_thermal_rapl ptp mei_me i2c_smbus intel_rapl_common wmi_bmof sparse_keymap pcspkr processor_thermal_wt_req lpc_ich mei processor_thermal_power_floor pps_core processor_thermal_mbox
[   67.595135] [    T586]  parport_pc int3403_thermal parport dell_rbtn int3400_thermal rfkill acpi_thermal_rel int3402_thermal acpi_pad int340x_thermal_zone i2c_dev sg dm_mod crypto_user loop nfnetlink bpf_preload ip_tables x_tables crc32c_generic i915 btrfs drm_client_lib i2c_algo_bit drm_buddy ttm intel_gtt drm_display_helper blake2b_generic serio_raw xor drm_kms_helper atkbd raid6_pq libps2 vivaldi_fmap sha256_ssse3 cec video i8042 serio wmi
[   67.595161] [    T586] CR2: 000000008240a338

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ