[ath9k-devel] Kernel crash on rmmod of ath9k in 3.9.1

All of lore.kernel.org
 help / color / mirror / Atom feed

* [ath9k-devel] Kernel crash on rmmod of ath9k in 3.9.1
@ 2013-05-08 19:33 Ben Greear
  0 siblings, 0 replies; only message in thread
From: Ben Greear @ 2013-05-08 19:33 UTC (permalink / raw)
  To: ath9k-devel

The crash below is from a hacked 3.9.1 kernel, but I reproduced it
on an upstream 3.9.1 (with only a regdomain over-ride hack applied).

ath9k_htc and ath9k are loaded, but this appears to be and ath9k
and/or relayfs issue.

I haven't had time to debug further yet..curious if anyone else
sees similar bugs...

Memory poisioning is on, seems to be some use of free'd memory
somewhere...

[ 1331.097846] BUG: unable to handle kernel paging request at 6b6b6b8b
[ 1331.098170] IP: [<c063d0d6>] debugfs_remove+0x26/0x80
[ 1331.098170] *pdpt = 000000002f9aa001 *pde = 0000000000000000
[ 1331.098170] Oops: 0000 [#1] PREEMPT SMP
[ 1331.098170] Modules linked in: iptable_raw xt_CT nf_conntrack_ipv4 nf_defrag]
[ 1331.098170] Pid: 4794, comm: rmmod Tainted: G        WC   3.9.1+ #5 To Be Fi.
[ 1331.098170] EIP: 0060:[<c063d0d6>] EFLAGS: 00010202 CPU: 0
[ 1331.098170] EIP is at debugfs_remove+0x26/0x80
[ 1331.098170] EAX: f2f3acd0 EBX: f2f3acd0 ECX: 00000006 EDX: f8622348
[ 1331.098170] ESI: 6b6b6b6b EDI: 00000001 EBP: ee251e14 ESP: ee251e0c
[ 1331.098170]  DS: 007b ES: 007b FS: 00d8 GS: 00e0 SS: 0068
[ 1331.098170] CR0: 8005003b CR2: 6b6b6b8b CR3: 2e7b7000 CR4: 000007e0
[ 1331.098170] DR0: 00000000 DR1: 00000000 DR2: 00000000 DR3: 00000000
[ 1331.098170] DR6: ffff0ff0 DR7: 00000400
[ 1331.098170] Process rmmod (pid: 4794, ti=ee250000 task=efaa2560 task.ti=ee25)
[ 1331.098170] Stack:
[ 1331.098170]  f241e170 0000000a ee251e1c f861394d ee251e28 c04e3088 f241e170 4
[ 1331.098170]  c04e30fe f45482b0 ee251e54 c04e3187 f25e86b0 ee251e54 f8618748 0
[ 1331.098170]  0000000a 00000001 ee251e68 f860065b f2509e20 f25085a0 f5b6e8a4 8
[ 1331.098170] Call Trace:
[ 1331.098170]  [<f861394d>] remove_buf_file_handler+0xd/0x20 [ath9k]
[ 1331.098170]  [<c04e3088>] relay_remove_buf+0x18/0x30
[ 1331.098170]  [<c04e30fe>] relay_close_buf+0x2e/0x40
[ 1331.098170]  [<c04e3187>] relay_close+0x77/0xf0
[ 1331.098170]  [<f8618748>] ? dpd_exit+0x38/0x40 [ath9k]
[ 1331.098170]  [<f860065b>] ath9k_deinit_softc+0x8b/0xa0 [ath9k]
[ 1331.098170]  [<f86006b8>] ath9k_deinit_device+0x48/0x60 [ath9k]
[ 1331.098170]  [<f86107f1>] ath_pci_remove+0x31/0x50 [ath9k]
[ 1331.098170]  [<c06dbff8>] pci_device_remove+0x38/0xc0
[ 1331.098170]  [<c079daa4>] __device_release_driver+0x64/0xc0
[ 1331.098170]  [<c079db97>] driver_detach+0x97/0xa0
[ 1331.098170]  [<c079cacc>] bus_remove_driver+0x6c/0xe0
[ 1331.098170]  [<c079c197>] ? bus_put+0x17/0x20
[ 1331.098170]  [<c079cae3>] ? bus_remove_driver+0x83/0xe0
[ 1331.098170]  [<c079e709>] driver_unregister+0x49/0x80
[ 1331.098170]  [<c06dc138>] pci_unregister_driver+0x18/0x80
[ 1331.098170]  [<f8610602>] ath_pci_exit+0x12/0x20 [ath9k]
[ 1331.098170]  [<f8619ce0>] ath9k_exit+0x17/0x337 [ath9k]
[ 1331.098170]  [<c09e537d>] ? mutex_unlock+0xd/0x10
[ 1331.098170]  [<c04bd36c>] sys_delete_module+0x17c/0x250
[ 1331.098170]  [<c0540dc4>] ? do_munmap+0x244/0x2d0
[ 1331.098170]  [<c0540e96>] ? vm_munmap+0x46/0x60
[ 1331.098170]  [<c09e8dc4>] ? restore_all+0xf/0xf
[ 1331.098170]  [<c09ebf50>] ? __do_page_fault+0x4c0/0x4c0
[ 1331.098170]  [<c04b18e4>] ? trace_hardirqs_on_caller+0xf4/0x180
[ 1331.098170]  [<c09ef28d>] sysenter_do_call+0x12/0x38
[ 1331.098170] Code: 90 8d 74 26 00 55 89 e5 83 ec 08 89 1c 24 89 74 24 04 3e 82
[ 1331.098170] EIP: [<c063d0d6>] debugfs_remove+0x26/0x80 SS:ESP 0068:ee251e0c
[ 1331.098170] CR2: 000000006b6b6b8b
[ 1331.727971] ---[ end trace b5bb9f2066cef7f9 ]---

(gdb) l *(remove_buf_file_handler+0xd)
0x1594d is in remove_buf_file_handler (/home/greearb/git/linux-3.9.dev.y/drivers/net/wireless/ath/ath9k/debug.c:1237).
1232	static int remove_buf_file_handler(struct dentry *dentry)
1233	{
1234		debugfs_remove(dentry);
1235	
1236		return 0;
1237	}
1238	
1239	void ath_debug_send_fft_sample(struct ath_softc *sc,
1240				       struct fft_sample_tlv *fft_sample_tlv)
1241	{
(gdb) l *(ath9k_deinit_softc+0x8b)
0x265b is in ath9k_deinit_softc (/home/greearb/git/linux-3.9.dev.y/drivers/net/wireless/ath/ath9k/init.c:944).
939	
940		ath9k_eeprom_release(sc);
941	
942		if (config_enabled(CONFIG_ATH9K_DEBUGFS) && sc->rfs_chan_spec_scan) {
943			relay_close(sc->rfs_chan_spec_scan);
944			sc->rfs_chan_spec_scan = NULL;
945		}
946	}
947	
948	void ath9k_deinit_device(struct ath_softc *sc)
(gdb)

          (gdb) l *(debugfs_remove+0x26)
0xc063d0d6 is in debugfs_remove (/home/greearb/git/linux-3.9.dev.y/fs/debugfs/inode.c:511).
506	
507		if (IS_ERR_OR_NULL(dentry))
508			return;
509	
510		parent = dentry->d_parent;
511		if (!parent || !parent->d_inode)
512			return;
513	
514		mutex_lock(&parent->d_inode->i_mutex);
515		ret = __debugfs_remove(dentry, parent);
(gdb)

-- 
Ben Greear <greearb@candelatech.com>
Candela Technologies Inc  http://www.candelatech.com

^ permalink raw reply	[flat|nested] only message in thread

only message in thread, other threads:[~2013-05-08 19:33 UTC | newest]

Thread overview: (only message) (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2013-05-08 19:33 [ath9k-devel] Kernel crash on rmmod of ath9k in 3.9.1 Ben Greear

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.