From: Arnaldo Carvalho de Melo <acme@ghostprotocols.net>
To: Dan Williams <dcbw@redhat.com>
Cc: Andrew Morton <akpm@linux-foundation.org>,
bugme-daemon@bugzilla.kernel.org, netdev@vger.kernel.org,
linux-wireless@vger.kernel.org, zairasai@googlemail.com
Subject: Re: [Bugme-new] [Bug 9179] New: 2.6.23.1 / USB_ZD1201: Kernel panic with zd1201 driver
Date: Wed, 17 Oct 2007 20:49:29 -0200 [thread overview]
Message-ID: <20071017224929.GB9773@ghostprotocols.net> (raw)
In-Reply-To: <1192654011.15090.3.camel@localhost.localdomain>
Em Wed, Oct 17, 2007 at 04:46:51PM -0400, Dan Williams escreveu:
> On Wed, 2007-10-17 at 13:27 -0700, Andrew Morton wrote:
> > On Wed, 17 Oct 2007 11:34:57 -0700 (PDT)
> > bugme-daemon@bugzilla.kernel.org wrote:
> >
> > > http://bugzilla.kernel.org/show_bug.cgi?id=9179
> > >
> > > Summary: 2.6.23.1 / USB_ZD1201: Kernel panic with zd1201 driver
> > > Product: Drivers
> > > Version: 2.5
> > > KernelVersion: 2.6.23.1
> > > Platform: All
> > > OS/Version: Linux
> > > Tree: Mainline
> > > Status: NEW
> > > Severity: normal
> > > Priority: P1
> > > Component: network-wireless
> > > AssignedTo: drivers_network-wireless@kernel-bugs.osdl.org
> > > ReportedBy: zairasai@googlemail.com
> > >
> > >
> > > [1.] One line summary of the problem:
> > >
> > > 2.6.23.1 / USB_ZD1201: Kernel panic with zd1201 driver
> > >
> > >
> > >
> > >
> > > [2.] Full description of the problem:
> > >
> > > The zd1201-driver (symbol: USB_ZD1201) triggers a kernel panic during
> > > initialization of the WLAN device, showing the following message:
> > >
> > > EIP: [<e095e1d1>] zd1201_usbrx+0x6e1/0xbb0 [zd1201] SS:ESP 0068:c0469d7c
> > > Kernel panic - not syncing: Fatal exception in interrupt
> > >
> > > According to the init output during bootup, the panic seems to occur right when
> > > the WLAN device receives an IP address from the DHCP-Server of the
> > > WLAN/DSL-Router. The WLAN device is (in my case) a 'Belkin F5D6051' based on
> > > the ZyDAS 1201 chip.
> > >
> > > As far as i know, the only recent change in 'drivers/net/wireless/zd1201.c' was
> > > done in patch-2.6.22, so the bug probably affects all kernel versions later
> > > than 2.6.21.7, but at least the ones i've tested (which are listed in the
> > > summary below). It also recently came up in some different
> > > distribution-specific forums/bugtrackers, so it does not seem to be specific to
> > > my machine/setup. A link to another report on this problem is included at the
> > > end of this report.
> > >
> > > Below is an extract of patch-2.6.22, showing that the lines 330 and 388 have
> > > been removed from 'drivers/net/wireless/zd1201.c'. I put those two lines back,
> > > which made things work as expected again; however, that is only meant as a
> > > hint, since i don't know why they were taken out or what other implications my
> > > change might have.
> > >
> > > patch-2.6.22, lines 586509-586528:
> > > {{{
> > > diff --git a/drivers/net/wireless/zd1201.c b/drivers/net/wireless/zd1201.c
> > > index 6cb66a3..935b144 100644
> > > --- a/drivers/net/wireless/zd1201.c
> > > +++ b/drivers/net/wireless/zd1201.c
> > > @@ -327,7 +327,6 @@ static void zd1201_usbrx(struct urb *urb)
> > > memcpy(skb_put(skb, 6), &data[datalen-8], 6);
> > > memcpy(skb_put(skb, 2), &data[datalen-24], 2);
> > > memcpy(skb_put(skb, len), data, len);
> > > - skb->dev = zd->dev;
> > > skb->dev->last_rx = jiffies;
> > > skb->protocol = eth_type_trans(skb, zd->dev);
> > > zd->stats.rx_packets++;
> > > @@ -385,7 +384,6 @@ static void zd1201_usbrx(struct urb *urb)
> > > memcpy(skb_put(skb, 2), &data[6], 2);
> > > memcpy(skb_put(skb, len), data+8, len);
> > > }
> > > - skb->dev = zd->dev;
> > > skb->dev->last_rx = jiffies;
> > > skb->protocol = eth_type_trans(skb, zd->dev);
> > > zd->stats.rx_packets++;
> > > }}}
> > >
> >
> > Arnaldo, we have a pretty solid report here that your
> > 4c13eb6657fe9ef7b4dc8f1a405c902e9e5234e0 made this driver go crash.
>
> In 2.6.22 and later, eth_type_trans() sets skb->dev. It looks like the
> lines tha tset last_rx in the patch above should be moved below the
> eth_type_trans() lines, otherwise they'll likely oops.
>
> Something like this is probably in order?
I think so, its strange that this bisects to me, but Dan's change should
fix it.
- Arnaldo
WARNING: multiple messages have this Message-ID (diff)
From: Arnaldo Carvalho de Melo <acme-f8uhVLnGfZaxAyOMLChx1axOck334EZe@public.gmane.org>
To: Dan Williams <dcbw-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>
Cc: Andrew Morton
<akpm-de/tnXTf+JLsfHDXvbKv3WD2FQJk+8+b@public.gmane.org>,
bugme-daemon-590EEB7GvNiWaY/ihj7yzEB+6BGkLq7r@public.gmane.org,
netdev-u79uwXL29TY76Z2rM5mHXA@public.gmane.org,
linux-wireless-u79uwXL29TY76Z2rM5mHXA@public.gmane.org,
zairasai-gM/Ye1E23mwN+BqQ9rBEUg@public.gmane.org
Subject: Re: [Bugme-new] [Bug 9179] New: 2.6.23.1 / USB_ZD1201: Kernel panic with zd1201 driver
Date: Wed, 17 Oct 2007 20:49:29 -0200 [thread overview]
Message-ID: <20071017224929.GB9773@ghostprotocols.net> (raw)
In-Reply-To: <1192654011.15090.3.camel-bi+AKbBUZKY6gyzm1THtWbp2dZbC/Bob@public.gmane.org>
Em Wed, Oct 17, 2007 at 04:46:51PM -0400, Dan Williams escreveu:
> On Wed, 2007-10-17 at 13:27 -0700, Andrew Morton wrote:
> > On Wed, 17 Oct 2007 11:34:57 -0700 (PDT)
> > bugme-daemon-590EEB7GvNiWaY/ihj7yzEB+6BGkLq7r@public.gmane.org wrote:
> >
> > > http://bugzilla.kernel.org/show_bug.cgi?id=9179
> > >
> > > Summary: 2.6.23.1 / USB_ZD1201: Kernel panic with zd1201 driver
> > > Product: Drivers
> > > Version: 2.5
> > > KernelVersion: 2.6.23.1
> > > Platform: All
> > > OS/Version: Linux
> > > Tree: Mainline
> > > Status: NEW
> > > Severity: normal
> > > Priority: P1
> > > Component: network-wireless
> > > AssignedTo: drivers_network-wireless-ztI5WcYan/vQLgFONoPN62D2FQJk+8+b@public.gmane.org
> > > ReportedBy: zairasai-gM/Ye1E23mwN+BqQ9rBEUg@public.gmane.org
> > >
> > >
> > > [1.] One line summary of the problem:
> > >
> > > 2.6.23.1 / USB_ZD1201: Kernel panic with zd1201 driver
> > >
> > >
> > >
> > >
> > > [2.] Full description of the problem:
> > >
> > > The zd1201-driver (symbol: USB_ZD1201) triggers a kernel panic during
> > > initialization of the WLAN device, showing the following message:
> > >
> > > EIP: [<e095e1d1>] zd1201_usbrx+0x6e1/0xbb0 [zd1201] SS:ESP 0068:c0469d7c
> > > Kernel panic - not syncing: Fatal exception in interrupt
> > >
> > > According to the init output during bootup, the panic seems to occur right when
> > > the WLAN device receives an IP address from the DHCP-Server of the
> > > WLAN/DSL-Router. The WLAN device is (in my case) a 'Belkin F5D6051' based on
> > > the ZyDAS 1201 chip.
> > >
> > > As far as i know, the only recent change in 'drivers/net/wireless/zd1201.c' was
> > > done in patch-2.6.22, so the bug probably affects all kernel versions later
> > > than 2.6.21.7, but at least the ones i've tested (which are listed in the
> > > summary below). It also recently came up in some different
> > > distribution-specific forums/bugtrackers, so it does not seem to be specific to
> > > my machine/setup. A link to another report on this problem is included at the
> > > end of this report.
> > >
> > > Below is an extract of patch-2.6.22, showing that the lines 330 and 388 have
> > > been removed from 'drivers/net/wireless/zd1201.c'. I put those two lines back,
> > > which made things work as expected again; however, that is only meant as a
> > > hint, since i don't know why they were taken out or what other implications my
> > > change might have.
> > >
> > > patch-2.6.22, lines 586509-586528:
> > > {{{
> > > diff --git a/drivers/net/wireless/zd1201.c b/drivers/net/wireless/zd1201.c
> > > index 6cb66a3..935b144 100644
> > > --- a/drivers/net/wireless/zd1201.c
> > > +++ b/drivers/net/wireless/zd1201.c
> > > @@ -327,7 +327,6 @@ static void zd1201_usbrx(struct urb *urb)
> > > memcpy(skb_put(skb, 6), &data[datalen-8], 6);
> > > memcpy(skb_put(skb, 2), &data[datalen-24], 2);
> > > memcpy(skb_put(skb, len), data, len);
> > > - skb->dev = zd->dev;
> > > skb->dev->last_rx = jiffies;
> > > skb->protocol = eth_type_trans(skb, zd->dev);
> > > zd->stats.rx_packets++;
> > > @@ -385,7 +384,6 @@ static void zd1201_usbrx(struct urb *urb)
> > > memcpy(skb_put(skb, 2), &data[6], 2);
> > > memcpy(skb_put(skb, len), data+8, len);
> > > }
> > > - skb->dev = zd->dev;
> > > skb->dev->last_rx = jiffies;
> > > skb->protocol = eth_type_trans(skb, zd->dev);
> > > zd->stats.rx_packets++;
> > > }}}
> > >
> >
> > Arnaldo, we have a pretty solid report here that your
> > 4c13eb6657fe9ef7b4dc8f1a405c902e9e5234e0 made this driver go crash.
>
> In 2.6.22 and later, eth_type_trans() sets skb->dev. It looks like the
> lines tha tset last_rx in the patch above should be moved below the
> eth_type_trans() lines, otherwise they'll likely oops.
>
> Something like this is probably in order?
I think so, its strange that this bisects to me, but Dan's change should
fix it.
- Arnaldo
next prev parent reply other threads:[~2007-10-17 22:49 UTC|newest]
Thread overview: 6+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <bug-9179-10286@http.bugzilla.kernel.org/>
2007-10-17 20:27 ` [Bugme-new] [Bug 9179] New: 2.6.23.1 / USB_ZD1201: Kernel panic with zd1201 driver Andrew Morton
2007-10-17 20:46 ` Dan Williams
2007-10-17 20:46 ` Dan Williams
2007-10-17 22:49 ` Arnaldo Carvalho de Melo [this message]
2007-10-17 22:49 ` Arnaldo Carvalho de Melo
2007-10-17 21:10 ` [PATCH] zd1201: avoid null ptr access of skb->dev John W. Linville
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20071017224929.GB9773@ghostprotocols.net \
--to=acme@ghostprotocols.net \
--cc=akpm@linux-foundation.org \
--cc=bugme-daemon@bugzilla.kernel.org \
--cc=dcbw@redhat.com \
--cc=linux-wireless@vger.kernel.org \
--cc=netdev@vger.kernel.org \
--cc=zairasai@googlemail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.