From: Larry Finger <Larry.Finger@lwfinger.net>
To: Haggai Eran <haggai.eran@gmail.com>
Cc: Florian Schilhabel <florian.c.schilhabel@googlemail.com>,
linux-wireless@vger.kernel.org
Subject: Re: kernel page fault in r8712u
Date: Sat, 16 May 2015 12:41:10 -0500 [thread overview]
Message-ID: <55578136.30501@lwfinger.net> (raw)
In-Reply-To: <CAJ=9CzasMnjhMSWT0P=eenvaeDA04Q2aGhY0z1npD-NDuh7YeQ@mail.gmail.com>
On 05/16/2015 12:16 PM, Haggai Eran wrote:
> On 16 May 2015 at 17:57, Larry Finger <Larry.Finger@lwfinger.net> wrote:
>> The problem appears to be from r8712u. From the stack dump, the problem
>> happens when r8712_free_recvframe() calls __dev_kfree_skb_any(). A
>> complication is that my copy of the kernel source does not show such a call.
>> :(
>>
>> Please use gdb to help with the debugging. From the main directory of your
>> source, enter the command 'gdb drivers/staging/rtl8712/r8712u.ko'. Once it
>> prompts you, enter 'l *r8712_free_recvframe+0x2c'. The first character is
>> ell, not one. That will show the actual line of code. Please post that info.
>
> Here's what I get:
>
> (gdb) l *r8712_free_recvframe+0x2c
> 0x16714 is in r8712_free_recvframe (drivers/staging/rtl8712/rtl8712_recv.c:145).
> 140 struct _adapter *padapter = precvframe->u.hdr.adapter;
> 141 struct recv_priv *precvpriv = &padapter->recvpriv;
> 142
> 143 if (precvframe->u.hdr.pkt) {
> 144
> dev_kfree_skb_any(precvframe->u.hdr.pkt);/*free skb by driver*/
> 145 precvframe->u.hdr.pkt = NULL;
> 146 }
> 147 spin_lock_irqsave(&pfree_recv_queue->lock, irqL);
> 148 list_del_init(&(precvframe->u.hdr.list));
> 149 list_add_tail(&(precvframe->u.hdr.list),
> &pfree_recv_queue->queue);
>
> It seems that dev_kfree_skb_any is an inline function that calls
> __dev_kfree_skb_any,
> so that should explain why that call didn't show up in the stack dump.
Thanks. From your original posting, the bad address for precvframe->u.hdr.pkt is
a9d797d7. I'm a little bothered by that odd address. I would have expected it to
be even, at least. The actual definition should be OK with the alignment, but
there are a number of places where there is a cast. If the alignment of the
object of the cast is wrong, then that might cause the problem. It will take a
while to trace back through your call chain to see if any of these are involved
here.
I will be back to you later.
Larry
next prev parent reply other threads:[~2015-05-16 17:41 UTC|newest]
Thread overview: 15+ messages / expand[flat|nested] mbox.gz Atom feed top
2015-05-16 12:17 kernel page fault in r8712u Haggai Eran
2015-05-16 14:57 ` Larry Finger
2015-05-16 17:16 ` Haggai Eran
2015-05-16 17:41 ` Larry Finger [this message]
2015-05-16 17:54 ` Larry Finger
2015-05-17 4:25 ` Haggai Eran
2015-05-17 10:29 ` Arend van Spriel
2015-05-17 17:20 ` Haggai Eran
2015-05-17 19:22 ` Haggai Eran
2015-05-18 15:31 ` Larry Finger
2015-05-18 17:38 ` Haggai Eran
2015-05-18 18:38 ` Haggai Eran
2015-05-19 4:52 ` Larry Finger
2015-05-19 5:00 ` Haggai Eran
2015-05-19 5:16 ` Haggai Eran
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=55578136.30501@lwfinger.net \
--to=larry.finger@lwfinger.net \
--cc=florian.c.schilhabel@googlemail.com \
--cc=haggai.eran@gmail.com \
--cc=linux-wireless@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.