From mboxrd@z Thu Jan 1 00:00:00 1970 From: Ben Greear Date: Tue, 30 Apr 2013 11:05:50 -0700 Subject: [ath9k-devel] 3.9.0-rc8+ (hacked) splat. In-Reply-To: <517D3A9E.6060807@candelatech.com> References: <517B11F3.1090700@candelatech.com> <517B933F.5030309@openwrt.org> <517D3A9E.6060807@candelatech.com> Message-ID: <518007FE.9050007@candelatech.com> List-Id: MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit To: ath9k-devel@lists.ath9k.org On 04/28/2013 08:05 AM, Ben Greear wrote: > On 04/27/2013 01:58 AM, Felix Fietkau wrote: >> On 2013-04-27 1:46 AM, Ben Greear wrote: >>> Was running around 200 stations against a VAP on this system, and >>> then changed the channel from 1 to 36 (by restarting hostapd with new >>> config). >>> >>> Looks like null-pointer de-ref... Anyone seen anything similar? >> I've never seen this one. Please use gdb to figure out the source code >> line that the NULL pointer deref happens in. >> As for the 'keycache entry 228 out of range' stuff, I'm going to send a >> patch for that now. > > Thanks. > > I'm away from the office for a bit, but will build a debugging kernel > and crank on this early next week. Ok, this is against a modified 3.9.0 tree. My patches are here: http://dmz2.candelatech.com/git/gitweb.cgi?p=linux-3.9.dev.y/.git;a=summary I'm going to try reproducing against upstream 3.9.0 (using a smaller number of stations since upstream doesn't have needed optimizations to make it work on my hardware...) (gdb) l *(ath_tx_process_buffer+0x175) 0xc8b5 is in ath_tx_process_buffer (/home/greearb/git/linux-3.9.dev.y/drivers/net/wireless/ath/ath9k/xmit.c:439). 434 } 435 436 an = (struct ath_node *)sta->drv_priv; 437 tidno = ieee80211_get_qos_ctl(hdr)[0] & IEEE80211_QOS_CTL_TID_MASK; 438 tid = ATH_AN_2_TID(an, tidno); 439 seq_first = tid->seq_start; 440 isba = ts->ts_flags & ATH9K_TX_BA; 441 442 /* 443 * The hardware occasionally sends a tx status for the wrong TID. (gdb) [ 444.210612] BUG: unable to handle kernel NULL pointer dereference at 00000540 [ 444.211060] IP: [] ath_tx_process_buffer+0x175/0xb90 [ath9k] [ 444.211060] *pdpt = 000000003013f001 *pde = 0000000000000000 [ 444.211060] Oops: 0000 [#1] PREEMPT SMP [ 444.211060] Modules linked in: iptable_raw xt_CT nf_conntrack_ipv4 nf_defrag_ipv4 nf_nat_ipv4 nf_nat nf_conntrack bridge ip_gre gre 8021q mrp garp stp llc fuse macvlan pktgen nfsv3 nfs_acl nfsv4 auth_rpcgss nfs fscache lockd sunrpc binfmt_misc uinput arc4 ath9k mac80211 snd_hda_codec_realtek snd_hda_intel ath9k_common snd_hda_codec ath9k_hw snd_hwdep snd_seq iTCO_wdt ath snd_seq_device coretemp snd_pcm gpio_ich iTCO_vendor_support cfg80211 snd_timer snd cdc_acm lpc_ich microcode i2c_i801 rfkill pcspkr soundcore serio_raw snd_page_alloc r8169 mii i915 drm_kms_helper drm i2c_algo_bit i2c_core video [last unloaded: iptable_nat] [ 444.211060] Pid: 3601, comm: ip Tainted: G C O 3.9.0+ #2 To Be Filled By O.E.M. To Be Filled By O.E.M./To be filled by O.E.M. [ 444.211060] EIP: 0060:[] EFLAGS: 00010206 CPU: 1 [ 444.211060] EIP is at ath_tx_process_buffer+0x175/0xb90 [ath9k] [ 444.211060] EAX: 00000000 EBX: f27a804c ECX: 00000000 EDX: 000004e4 [ 444.211060] ESI: f4f99e20 EDI: 000004f0 EBP: f1527788 ESP: f152769c [ 444.211060] DS: 007b ES: 007b FS: 00d8 GS: 00e0 SS: 0068 [ 444.211060] CR0: 8005003b CR2: 00000540 CR3: 30301000 CR4: 000007e0 [ 444.211060] DR0: 00000000 DR1: 00000000 DR2: 00000000 DR3: 00000000 [ 444.211060] DR6: ffff0ff0 DR7: 00000400 [ 444.211060] Process ip (pid: 3601, ti=f1526000 task=f090b600 task.ti=f1526000) [ 444.211060] Stack: [ 444.211060] 00000002 00000001 00000000 f864f821 c048eb7b 6c97aee2 00000067 6c97aee2 [ 444.211060] 00000067 00000001 0000049c f79d57c0 f1527700 00000000 f584b8a0 00000040 [ 444.211060] 00000000 f0900100 000004e4 00000001 f27a804c 000004f0 00000005 f152776c [ 444.211060] Call Trace: [ 444.211060] [] ? ath_tx_process_buffer+0xe1/0xb90 [ath9k] [ 444.211060] [] ? find_busiest_group+0x2b/0x440 [ 444.211060] [] ? local_bh_enable_ip+0x71/0xf0 [ 444.211060] [] ? trace_hardirqs_on_caller+0xa1/0x180 [ 444.211060] [] ath_drain_txq_list+0xab/0xd0 [ath9k] [ 444.211060] [] ath_draintxq+0x53/0xf0 [ath9k] [ 444.211060] [] ? ath9k_ioread32+0x2d/0x80 [ath9k] [ 444.211060] [] ath_drain_all_txq+0xf6/0x150 [ath9k] [ 444.211060] [] ? ath9k_hw_kill_interrupts+0x9f/0xd0 [ath9k_hw] [ 444.211060] [] ath_prepare_reset+0x4a/0x70 [ath9k] [ 444.211060] [] ath_reset_internal+0x84/0x1e0 [ath9k] [ 444.211060] [] ath9k_config+0x1c3/0x550 [ath9k] [ 444.211060] [] ieee80211_hw_config+0x46/0x2b0 [mac80211] [ 444.211060] [] ? ieee80211_hw_config+0xee/0x2b0 [mac80211] [ 444.211060] [] ieee80211_free_chanctx+0x183/0x1b0 [mac80211] [ 444.211060] [] __ieee80211_vif_release_channel+0x1b3/0x2a0 [mac80211] [ 444.211060] [] ieee80211_vif_release_channel+0x44/0x60 [mac80211] [ 444.211060] [] ieee80211_stop_ap+0x19f/0x290 [mac80211] [ 444.211060] [] cfg80211_stop_ap+0xcc/0x190 [cfg80211] [ 444.211060] [] cfg80211_netdev_notifier_call+0x591/0x740 [cfg80211] [ 444.211060] [] ? packet_seq_start+0x70/0x70 [ 444.211060] [] ? packet_notifier+0xb8/0x1b0 [ 444.211060] [] ? packet_notifier+0xd1/0x1b0 [ 444.211060] [] ? packet_seq_start+0x70/0x70 [ 444.211060] [] notifier_call_chain+0x43/0x60 [ 444.211060] [] raw_notifier_call_chain+0x1f/0x30 [ 444.211060] [] call_netdevice_notifiers+0x2c/0x60 [ 444.211060] [] ? netpoll_rx_disable+0x5c/0x90 [ 444.211060] [] __dev_close_many+0x34/0xb0 [ 444.211060] [] ? find_skb+0x90/0x90 [ 444.211060] [] __dev_close+0x43/0x80 [ 444.211060] [] __dev_change_flags+0x82/0x150 [ 444.211060] [] ? cpuacct_charge+0x90/0xc0 [ 444.211060] [] dev_change_flags+0x23/0x60 [ 444.211060] [] do_setlink+0x21c/0x7a0 [ 444.211060] [] ? cpuacct_charge+0x90/0xc0 [ 444.211060] [] ? cpuacct_charge+0xa9/0xc0 [ 444.211060] [] ? nla_parse+0x22/0xd0 [ 444.211060] [] rtnl_newlink+0x539/0x5c0 [ 444.211060] [] ? mark_held_locks+0x64/0xf0 [ 444.211060] [] ? __mutex_lock_common+0x34b/0x430 [ 444.992227] [] ? security_capable+0x1c/0x30 [ 444.992227] [] ? ns_capable+0x2a/0x60 [ 444.992227] [] ? rtnl_configure_link+0xb0/0xb0 [ 444.992227] [] rtnetlink_rcv_msg+0x27b/0x2f0 [ 444.992227] [] ? rtnetlink_rcv+0x30/0x30 [ 444.992227] [] netlink_rcv_skb+0x86/0xb0 [ 444.992227] [] rtnetlink_rcv+0x1c/0x30 [ 444.992227] [] netlink_unicast+0x17d/0x1f0 [ 444.992227] [] netlink_sendmsg+0x204/0x310 [ 444.992227] [] sock_sendmsg+0xba/0xf0 [ 444.992227] [] ? might_fault+0x7d/0x90 [ 444.992227] [] ? _copy_from_user+0x3d/0x130 [ 444.992227] [] ? verify_iovec+0x5b/0xb0 [ 444.992227] [] __sys_sendmsg+0x2c5/0x2e0 [ 444.992227] [] ? _raw_spin_lock+0x4a/0x50 [ 444.992227] [] ? lock_release_non_nested+0x59/0x2e0 [ 444.992227] [] ? might_fault+0x33/0x90 [ 444.992227] [] sys_sendmsg+0x3b/0x60 [ 444.992227] [] sys_socketcall+0x10f/0x2d0 [ 444.992227] [] ? do_device_not_available+0x21/0x40 [ 444.992227] [] ? restore_all+0xf/0xf [ 444.992227] [] sysenter_do_call+0x12/0x38 [ 444.992227] Code: 00 03 66 81 fa 00 03 0f 45 c7 0f b6 00 83 e0 0f 0f b6 c8 6b d1 70 03 95 5c ff ff ff 89 8d 54 ff ff ff 8d 7a 0c 89 bd 68 ff ff ff <0f> b7 52 5c 66 89 95 2c ff ff ff 8b 55 84 f6 42 0c 01 0f 85 e3 [ 444.992227] EIP: [] ath_tx_process_buffer+0x175/0xb90 [ath9k] SS:ESP 0068:f152769c [ 444.992227] CR2: 0000000000000540 [ 445.246540] ---[ end trace 7315411fcce19c5d ]--- Thanks, Ben -- Ben Greear Candela Technologies Inc http://www.candelatech.com