#1143: Oops: On driver_unregister cleanup path
----------------------------+-----------------------------------------------
Reporter: mentor | Owner:
Type: defect | Status: new
Priority: major | Milestone: version 0.9.3
Component: madwifi: other | Version: trunk
Keywords: | Patch_attached: 0
----------------------------+-----------------------------------------------
This script causes various oopses with the current madwifi and current
Linux from wireless-dev:
modprobe ath_pci autocreate=ap
ifconfig ath0 up
wlanconfig ath1 create wlandev wifi0 wlanmode wds
ifconfig ath1 up
iwconfig ath1 ap 00:01:02:03:04:05
iwconfig
ifconfig ath1 down
ifconfig ath0 down
rmmod ath_pci
First time it was "vap not stopped" bug, then an attempt to use a
spinlock on freed memory. The "6b" pattern is a clear sign that freed
memory is involved.
It's a x86_64 kernel with most debugging options enabled. The MAC
address is made up.
Swapping the line setting the "ap" and the previous line setting the IP
address on ath1 causes the problem to disappear, but it may be just a
different timing. The script is run on serial console, so the iwconfig
output can provide a delay necessary to trigger the bug.
I'm not filing the bug yet because my immediate concern is that we are
about to release 0.9.3 with this bug, and it requires attention now.
First oops:
{{{
VAP not stopped<0>------------[ cut here ]------------
kernel BUG at /home/proski/src/madwifi/ath/if_ath.c:1216!
invalid opcode: 0000 [1]
CPU 0
Modules linked in: ath_pci wlan_scan_ap ath_rate_sample wlan ath_hal(P)
Pid: 6512, comm: rmmod Tainted: P 2.6.20-rc6 #20
RIP: 0010:[<ffffffff8806f1d8>]
[<ffffffff8806f1d8>] :ath_pci:ath_vap_delete+0x48/0x350
RSP: 0018:ffff81001d355d18 EFLAGS: 00010296
RAX: 0000000000000012 RBX: 0000000000000004 RCX: ffffffff805d7688
RDX: ffff81001b291100 RSI: 0000000000000001 RDI: ffffffff805d7640
RBP: ffff81001d355d48 R08: ffffffff80679978 R09: 0000000000000000
R10: ffff81001d355c38 R11: 0000000000000246 R12: ffff81001dbc8000
R13: ffff81001c135520 R14: ffff81001dbc8520 R15: ffff81001dbc8000
FS: 00002b2a12635240(0000) GS:ffffffff8061b000(0000)
knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 000000008005003b
CR2: 00002b90d575b0a0 CR3: 000000001d988000 CR4: 00000000000006e0
Process rmmod (pid: 6512, threadinfo ffff81001d354000, task
ffff81001b291100)
Stack: ffff81001b5c0000 ffff81001dbc8520 ffff81001dbc8000
ffff81001b5c0000
ffffffff8807f548 ffffffff8807f660 ffff81001d355d68 ffffffff88037ea6
ffff81001dbc8520 ffff81001dbc8520 ffff81001d355da8 ffffffff8806dbd1
Call Trace:
[<ffffffff88037ea6>] :wlan:ieee80211_ifdetach+0x26/0x80
[<ffffffff8806dbd1>] :ath_pci:ath_detach+0x81/0x110
[<ffffffff804b5625>] wait_for_completion+0xd5/0xe0
[<ffffffff880778be>] :ath_pci:ath_pci_remove+0x2e/0xa0
[<ffffffff80354d2f>] pci_device_remove+0x2f/0x60
[<ffffffff803d8553>] __device_release_driver+0x93/0xb0
[<ffffffff803d8bb3>] driver_detach+0xe3/0x130
[<ffffffff803d7fe3>] bus_remove_driver+0x83/0xb0
[<ffffffff803d8c45>] driver_unregister+0x15/0x30
[<ffffffff80354f55>] pci_unregister_driver+0x25/0x80
[<ffffffff88077ce5>] :ath_pci:exit_ath_pci+0x15/0x2c
[<ffffffff80250b4b>] sys_delete_module+0x1ab/0x1f0
[<ffffffff804b7840>] trace_hardirqs_on_thunk+0x35/0x37
[<ffffffff80209b1e>] system_call+0x7e/0x83
}}}
Second oops:
{{{
general protection fault: 0000 [1]
CPU 0
Modules linked in: ath_pci wlan_scan_ap ath_rate_sample wlan ath_hal(P)
Pid: 3857, comm: ifconfig Tainted: P 2.6.20-rc6 #20
RIP: 0010:[<ffffffff8034a81e>] [<ffffffff8034a81e>]
_raw_spin_lock+0x1e/0x130
RSP: 0018:ffff81001dc99be8 EFLAGS: 00010086
RAX: ffff81001d500080 RBX: 6b6b6b6b6b6b6b73 RCX: 0000000000000000
RDX: 0000000000000000 RSI: 0000000000000000 RDI: 6b6b6b6b6b6b6b73
RBP: ffff81001dc99c08 R08: 0000000000000002 R09: 0000000000000001
R10: 0000000000000001 R11: 0000000000000246 R12: 0000000000000286
R13: 6b6b6b6b6b6b6b73 R14: ffff81001b8e0108 R15: ffff81001b8f0520
FS: 00002abed66833b0(0000) GS:ffffffff8061b000(0000)
knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 000000008005003b
CR2: 00000000006b9fb0 CR3: 000000001d75c000 CR4: 00000000000006e0
Process ifconfig (pid: 3857, threadinfo ffff81001dc98000, task
ffff81001d500080)
Stack: 6b6b6b6b6b6b6b73 0000000000000286 6b6b6b6b6b6b6b73
ffff81001b8e0108
ffff81001dc99c28 ffffffff804b82ee 6b6b6b6b6b6b6b6b ffff81001da4d000
ffff81001dc99c58 ffffffff88041322 ffff81001b8f2128 0000000000000001
Call Trace:
[<ffffffff804b82ee>] _spin_lock_irqsave+0x3e/0x50
[<ffffffff88041322>] :wlan:ieee80211_free_node+0x32/0x90
[<ffffffff8806ac2a>] :ath_pci:ath_tx_draintxq+0x16a/0x1b0
[<ffffffff80227b90>] default_wake_function+0x0/0x10
[<ffffffff8806ada4>] :ath_pci:ath_draintxq+0x134/0x160
[<ffffffff8806b30e>] :ath_pci:ath_stop_locked+0xde/0x1c0
[<ffffffff8806b45e>] :ath_pci:ath_stop+0x6e/0x90
[<ffffffff80460d62>] dev_close+0x62/0x90
[<ffffffff88048c6e>] :wlan:ieee80211_stop+0xae/0x110
[<ffffffff80460d62>] dev_close+0x62/0x90
[<ffffffff8046017d>] dev_change_flags+0x6d/0x150
[<ffffffff8049c48c>] devinet_ioctl+0x30c/0x730
[<ffffffff8049cb9c>] inet_ioctl+0x4c/0x70
[<ffffffff80455180>] sock_ioctl+0x210/0x240
[<ffffffff804b819b>] _spin_unlock_irq+0x2b/0x40
[<ffffffff8028deab>] do_ioctl+0x1b/0x60
[<ffffffff8028e151>] vfs_ioctl+0x261/0x280
[<ffffffff8028e1ba>] sys_ioctl+0x4a/0x80
[<ffffffff80209b1e>] system_call+0x7e/0x83
}}}
--
Ticket URL: <http://madwifi.org/ticket/1143>
MadWifi <http://madwifi.org/>
Multiband Atheros Driver for Wireless Fidelity-------------------------------------------------------------------------
Using Tomcat but need to do more? Need to support web services, security?
Get stuff done quickly with pre-integrated technology to make your job easier.
Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo
http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642
_______________________________________________
Madwifi-tickets mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/madwifi-tickets
