Commit e3554197fc8fbb9656f62c18f9c9edd396394e16 causes a null pointer error.
kernel: p54pci 0000:07:00.0: enabling device (0000 -> 0002)
kernel: ieee80211 phy1: p54 detected a LM86 firmware
kernel: p54: rx_mtu reduced from 3240 to 2376
kernel: ieee80211 phy1: FW rev 2.13.1.0 - Softmac protocol 5.5
kernel: ieee80211 phy1: cryptographic accelerator WEP:YES, TKIP:YES, CCMP:YES
kernel: BUG: unable to handle kernel NULL pointer dereference at 00000000
kernel: *pde = 00000000
kernel: Oops: 0000 [#1] PREEMPT SMP
kernel: CPU: 0 PID: 5 Comm: kworker/0:0 Not tainted 4.19.0.bisect-14.#871
kernel: Hardware name: IBM 2378RVU/2378RVU, BIOS 1RETDKWW (3.16 ) 04/19/2005
kernel: Workqueue: events request_firmware_work_func
kernel: EIP: p54_tx_pending+0xff/0x128 [p54common]
kernel: Code: 8b 4d dc 89 7e 30 89 56 34 0f b6 53 56 01 d7 89 79 04 8b 96 a0 00
00 00 f6 42 01 80 75 0c 80 7a 28 00 75 06 89 bb d4 01 00 00 <8b> 10 89 46 04 89
16 89 30 8b 45 ec 89 72 04 8b 55 e8 ff 43 2c e8
kernel: EAX: 00000000 EBX: ec6a2d60 ECX: ed4de568 EDX: ed4de568
kernel: ESI: ec4e0980 EDI: 00020264 EBP: c0071eb8 ESP: c0071e94
kernel: DS: 007b ES: 007b FS: 00d8 GS: 0000 SS: 0068 EFLAGS: 00010082
kernel: CR0: 80050033 CR2: 00000000 CR3: 2f715000 CR4: 00000690
kernel: Call Trace:
kernel: p54_tx+0x1a/0x1d [p54common]
kernel: p54_download_eeprom+0xa6/0xfb [p54common]
kernel: p54_read_eeprom+0x5c/0x99 [p54common]
kernel: p54p_firmware_step2+0x50/0xcd [p54pci]
kernel: request_firmware_work_func+0x2a/0x51
kernel: process_one_work+0x16b/0x28e
kernel: worker_thread+0x180/0x222
kernel: kthread+0xce/0xd0
kernel: ? cancel_delayed_work+0x5e/0x5e
kernel: ? kthread_create_worker_on_cpu+0x1c/0x1c
kernel: ret_from_fork+0x19/0x24
kernel: Modules linked in: p54pci p54common crc_ccitt mac80211 ipw2200 libipw
lib80211 cfg80211 uhci_hcd pcmcia ehci_pci yenta_socket ehci_hcd rfkill
i2c_i801 pcmcia_rsrc e1000 usbcore i2c_core pcmcia_core lpc_ich usb_common
mfd_core floppy autofs4
kernel: CR2: 0000000000000000
kernel: ---[ end trace ddc1a265fd4f4bc6 ]---
kernel: EIP: p54_tx_pending+0xff/0x128 [p54common]
kernel: Code: 8b 4d dc 89 7e 30 89 56 34 0f b6 53 56 01 d7 89 79 04 8b 96 a0 00
00 00 f6 42 01 80 75 0c 80 7a 28 00 75 06 89 bb d4 01 00 00 <8b> 10 89 46 04 89
16 89 30 8b 45 ec 89 72 04 8b 55 e8 ff 43 2c e8
kernel: EAX: 00000000 EBX: ec6a2d60 ECX: ed4de568 EDX: ed4de568
kernel: ESI: ec4e0980 EDI: 00020264 EBP: c0071eb8 ESP: c16252e8
kernel: DS: 007b ES: 007b FS: 00d8 GS: 0000 SS: 0068 EFLAGS: 00010082
kernel: CR0: 80050033 CR2: 00000000 CR3: 2f715000 CR4: 00000690
kernel: note: kworker/0:0[5] exited with preempt_count 1
Reverting the patch fixes the problem.
Signed-off-by: Matthew Whitehead <tedheads...@gmail.com>
---
drivers/net/wireless/intersil/p54/txrx.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/drivers/net/wireless/intersil/p54/txrx.c
b/drivers/net/wireless/intersil/p54/txrx.c
index 79078456..3a4214d 100644
--- a/drivers/net/wireless/intersil/p54/txrx.c
+++ b/drivers/net/wireless/intersil/p54/txrx.c
@@ -121,8 +121,8 @@ static int p54_assign_address(struct p54_common *priv,
struct sk_buff *skb)
}
if (unlikely(!target_skb)) {
if (priv->rx_end - last_addr >= len) {
- target_skb = skb_peek_tail(&priv->tx_queue);
- if (target_skb) {
+ target_skb = priv->tx_queue.prev;
+ if (!skb_queue_empty(&priv->tx_queue)) {
info = IEEE80211_SKB_CB(target_skb);
range = (void *)info->rate_driver_data;
target_addr = range->end_addr;
--
1.8.3.1
