From mboxrd@z Thu Jan  1 00:00:00 1970
From: Ben Greear <greearb@candelatech.com>
Date: Fri, 26 Apr 2013 16:46:59 -0700
Subject: [ath9k-devel] 3.9.0-rc8+ (hacked) splat.
Message-ID: <517B11F3.1090700@candelatech.com>
List-Id: <ath9k-devel.lists.ath9k.org>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
To: ath9k-devel@lists.ath9k.org

Was running around 200 stations against a VAP on this system, and
then changed the channel from 1 to 36 (by restarting hostapd with new
config).

Looks like null-pointer de-ref...  Anyone seen anything similar?

[17789.100382] ath: wiphy0: keyreset: keycache entry 228 out of range
[17789.107940] ath: wiphy0: keyreset: keycache entry 228 out of range
[17789.115530] ath: wiphy0: keyreset: keycache entry 228 out of range
[17789.122708] BUG: unable to handle kernel NULL pointer dereference at 000003c4
[17789.123477] IP: [<f8bbff21>] ath_tx_process_buffer+0x121/0xaa0 [ath9k]
[17789.123477] *pdpt = 000000002e017001 *pde = 0000000000000000
[17789.123477] Oops: 0000 [#1] PREEMPT SMP
[17789.123477] Modules linked in: iptable_raw xt_CT bridge nf_conntrack_ipv4 nf]
[17789.123477] Pid: 15, comm: ksoftirqd/1 Tainted: G        WC   3.9.0-rc8+ #18.
[17789.123477] EIP: 0060:[<f8bbff21>] EFLAGS: 00010206 CPU: 1
[17789.123477] EIP is at ath_tx_process_buffer+0x121/0xaa0 [ath9k]
[17789.123477] EAX: 00000000 EBX: f39bbd8c ECX: 00000000 EDX: 00000384
[17789.123477] ESI: f39b1680 EDI: 00000390 EBP: f5cebe44 ESP: f5cebd78
[17789.123477]  DS: 007b ES: 007b FS: 00d8 GS: 00e0 SS: 0068
[17789.123477] CR0: 8005003b CR2: 000003c4 CR3: 30b46000 CR4: 000007e0
[17789.123477] DR0: 00000000 DR1: 00000000 DR2: 00000000 DR3: 00000000
[17789.123477] DR6: ffff0ff0 DR7: 00000400
[17789.123477] Process ksoftirqd/1 (pid: 15, ti=f5cea000 task=f5cb4ce0 task.ti=)
[17789.123477] Stack:
[17789.123477]  f5c01480 f6750ac0 f5cebda4 c0549559 c08c0ddd c08c0ddd f6750ac0 0
[17789.123477]  f1756700 f1756700 0000033c f5cebdb0 c08c0ddd 00000001 f5cebdc0 0
[17789.123477]  00000000 00000000 00000384 00000003 f39bbd8c 00000390 0100be8c 0
[17789.123477] Call Trace:
[17789.123477]  [<c0549559>] ? kmem_cache_free+0xe9/0x120
[17789.123477]  [<c08c0ddd>] ? __kfree_skb+0x3d/0x90
[17789.123477]  [<c08c0ddd>] ? __kfree_skb+0x3d/0x90
[17789.123477]  [<c08c0ddd>] ? __kfree_skb+0x3d/0x90
[17789.123477]  [<f8bc0d2e>] ? ath_txq_unlock_complete+0x7e/0x90 [ath9k]
[17789.123477]  [<f8bc0ee1>] ath_tx_edma_tasklet+0x1a1/0x2a0 [ath9k]
[17789.123477]  [<f8bbb06f>] ath9k_tasklet+0x10f/0x170 [ath9k]
[17789.123477]  [<c04590d3>] tasklet_action+0xa3/0xb0
[17789.123477]  [<c045948a>] __do_softirq+0xaa/0x230
[17789.123477]  [<c09c0b33>] ? common_interrupt+0x33/0x38
[17789.123477]  [<c045963d>] run_ksoftirqd+0x2d/0x50
[17789.123477]  [<c0479f11>] smpboot_thread_fn+0x141/0x260
[17789.123477]  [<c04721a4>] kthread+0xa4/0xb0
[17789.123477]  [<c0479dd0>] ? smpboot_park_threads+0x70/0x70
[17789.123477]  [<c0470303>] ? parse_args+0x3/0x460
[17789.123477]  [<c09c05b7>] ret_from_kernel_thread+0x1b/0x28
[17789.123477]  [<c0472100>] ? kthread_freezable_should_stop+0x50/0x50
[17789.123477] Code: 66 81 e2 00 03 66 81 fa 00 03 0f 45 c7 0f b6 00 83 e0 0f 0f
[17789.123477] EIP: [<f8bbff21>] ath_tx_process_buffer+0x121/0xaa0 [ath9k] SS:E8
[17789.123477] CR2: 00000000000003c4
[17789.574609] ---[ end trace 7e9b62ed3d3df574 ]---


-- 
Ben Greear <greearb@candelatech.com>
Candela Technologies Inc  http://www.candelatech.com