Skip to content

L
linux
Switch branch/tag
Find file BlameHistoryPermalink
  • Mohammed Shafi Shajakhan's avatar
    ath9k: Fix kernel panic in AR2427 · 61e1b0b0
    Mohammed Shafi Shajakhan authored 
    Kernel panic occurs just after AR2427 establishes connection with AP.
Unless aggregation is enabled we don't initialize the TID structure.
Thus accesing the elements of the TID structure when aggregation is
disabled, leads to NULL pointer dereferencing.

[  191.320358] Call Trace:
[  191.320364]  [<fd250ea7>] ? ath9k_tx+0xa7/0x200 [ath9k]
[  191.320376]  [<fd1ec7fc>] ? __ieee80211_tx+0x5c/0x1e0 [mac80211]
[  191.320386]  [<fd1edd2b>] ? ieee80211_tx+0x7b/0x90 [mac80211]
[  191.320395]  [<fd1edddd>] ? ieee80211_xmit+0x9d/0x1d0 [mac80211]
[  191.320401]  [<c014218f>] ? wake_up_state+0xf/0x20
[  191.320405]  [<c015dbc8>] ? signal_wake_up+0x28/0x40
[  191.320410]  [<c012a578>] ? default_spin_lock_flags+0x8/0x10
[  191.320420]  [<fd1ee308>] ? ieee80211_subif_start_xmit+0x2e8/0x7c0
[mac80211]
[  191.320425]  [<c058f905>] ? do_page_fault+0x295/0x3a0
[  191.320431]  [<c04c4a3d>] ? dev_hard_start_xmit+0x1ad/0x210
[  191.320436]  [<c04d96b5>] ? sch_direct_xmit+0x105/0x170
[  191.320445]  [<fd1f161a>] ? get_sta_flags+0x2a/0x40 [mac80211]
[  191.320449]  [<c04c780f>] ? dev_queue_xmit+0x37f/0x4b0
[  191.320452]  [<c04d75b0>] ? eth_header+0x0/0xb0
[  191.320456]  [<c04cc479>] ? neigh_resolve_output+0xe9/0x310
[  191.320461]  [<c053d295>] ? ip6_output_finish+0xa5/0x110
[  191.320464]  [<c053e354>] ? ip6_output2+0x134/0x250
[  191.320468]  [<c053f7dd>] ? ip6_output+0x6d/0x100
[  191.320471]  [<c0559665>] ? mld_sendpack+0x395/0x3e0
[  191.320475]  [<c0557f81>] ? add_grhead+0x31/0xa0
[  191.320478]  [<c055a83c>] ? mld_send_cr+0x1bc/0x2b0
[  191.320482]  [<c01535d9>] ? irq_exit+0x39/0x70
[  191.320485]  [<c055a940>] ? mld_ifc_timer_expire+0x10/0x40
[  191.320489]  [<c015b92e>] ? run_timer_softirq+0x13e/0x2c0
[  191.320493]  [<c0103a30>] ? common_interrupt+0x30/0x40
[  191.320498]  [<c055a930>] ? mld_ifc_timer_expire+0x0/0x40
[  191.320502]  [<c0153358>] ? __do_softirq+0x98/0x1b0
[  191.320506]  [<c01534b5>] ? do_softirq+0x45/0x50
[  191.320509]  [<c0153605>] ? irq_exit+0x65/0x70
[  191.320513]  [<c05917dc>] ? smp_apic_timer_interrupt+0x5c/0x8b
[  191.320516]  [<c0103df1>] ? apic_timer_interrupt+0x31/0x40
[  191.320521]  [<c016007b>] ? k_getrusage+0x12b/0x2f0
[  191.320525]  [<c039e384>] ? acpi_idle_enter_simple+0x117/0x148
[  191.320529]  [<c04a20da>] ? cpuidle_idle_call+0x7a/0x100
[  191.320532]  [<c01021d4>] ? cpu_idle+0x94/0xd0
[  191.320536]  [<c057ab88>] ? rest_init+0x58/0x60
[  191.320541]  [<c07a58ec>] ? start_kernel+0x351/0x357
[  191.320544]  [<c07a53c7>] ? unknown_bootoption+0x0/0x19e
[  191.320548]  [<c07a50aa>] ? i386_start_kernel+0xaa/0xb1
[  191.320550] Code: 03 66 3d 00 03 0f 84 7c 02 00 00 83 c3 18 0f b6 03
8b 4d e0 89 c3 83 e3 0f 6b c3 48 89 5d d8 8d 04 06 8d 50 0c 89 55 d0 8b
40 20 <8b> 00 3b 01 0f 85 8e 02 00 00 f6 47 20 40 0f 84 29 ff ff ff 8b
[  191.320634] EIP: [<fd2586d4>] ath_tx_start+0x474/0x770 [ath9k] SS:ESP
0068:c0761a90
[  191.320642] CR2: 0000000000000000
[  191.320647] ---[ end trace 9296ef23b9076ece ]---
[  191.320650] Kernel panic - not syncing: Fatal exception in interrupt

Cc: stable@kernel.org
Signed-off-by: default avatarMohammed Shafi Shajakhan <mshajakhan@atheros.com>
Signed-off-by: default avatarJohn W. Linville <linville@tuxdriver.com>
    61e1b0b0
xmit.c 63.7 KB
GitLab Nexedi Edition | About GitLab | About Nexedi | 沪ICP备2021021310号-2 | 沪ICP备2021021310号-7