Bug 90331 - p54usb kernel panic on recent mainline kernels
Summary: p54usb kernel panic on recent mainline kernels
Status: RESOLVED CODE_FIX
Alias: None
Product: Drivers
Classification: Unclassified
Component: network-wireless (show other bugs)
Hardware: All Linux
: P1 normal
Assignee: drivers_network-wireless@kernel-bugs.osdl.org
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2014-12-26 04:11 UTC by Christopher Chavez
Modified: 2014-12-30 02:27 UTC (History)
4 users (show)

See Also:
Kernel Version: 3.17-rc1
Subsystem:
Regression: Yes
Bisected commit-id:


Attachments

Description Christopher Chavez 2014-12-26 04:11:33 UTC
Kernel panic occurs for devices using p54usb on recent mainline kernels: cf. mailing list discussion http://thread.gmane.org/gmane.linux.kernel.wireless.general/132327/

Currently bisecting near 3.17-rc1.

In my case, the panic seems to occur as soon as connecting to an AP using WPA2.

For another's case, not until long packet transmission. Quote:
>
>I did not get the entire traceback, but I got a reference to
>p54_tx_80211+0x3de 
>from p54common.ko. Using gdb to disassemble this reference, the erring code is 
>as follows:
>
>(gdb) l *p54_tx_80211+0x3de
>0x3c9e is in p54_tx_80211 (drivers/net/wireless/p54/txrx.c:913).
>908                             memcpy(skb_put(skb, 8),
>&(info->control.hw_key->key
>909                                    
>[NL80211_TKIP_DATA_OFFSET_TX_MIC_KEY]), 8);
>910                     }
>911                     /* reserve some space for ICV */
>912                     len += info->control.hw_key->icv_len;
>913                     memset(skb_put(skb, info->control.hw_key->icv_len), 0,
>914                            info->control.hw_key->icv_len);
>915             } else {
>916                     txhdr->key_type = 0;
>917                     txhdr->key_len = 0;
>
>At present I do not know why there is a problem with skb_put() here. Perhaps 
>someone else will know before I find it.
Comment 1 Larry Finger 2014-12-29 00:42:57 UTC
Christian Lamparter has a fix for this that will be sent to Kalle in the near future. This bug report can be marked RESOLVED/CODE FIX and closed.

Note You need to log in before you can comment on or make changes to this bug.