* [regression] mhi: rmmod ath11k_pci crashing on v5.11
@ 2021-02-09 14:48 ` Kalle Valo
0 siblings, 0 replies; 6+ messages in thread
From: Kalle Valo @ 2021-02-09 14:48 UTC (permalink / raw)
To: Loic Poulain
Cc: Manivannan Sadhasivam, Bhaumik Bhatt, ath11k, linux-arm-msm,
Hemant Kumar
Hi Loic,
I noticed that v5.11-rc6 was crashing on my ath11k test box with
QCA6390. The box was down for few weeks so I only noticed it late in the
cycle. After some manual testing I found out that reverting this commit
fixes the issue:
a7f422f2f89e bus: mhi: Fix channel close issue on driver remove
The crash happens when I issue 'sudo rmmod ath11k_pci' and it happens
every time. Through netconsole I get:
Feb 9 16:43:30 nuc1 [ 313.202778] ath11k_pci 0000:06:00.0: qmi failed set mode request, mode: 4, err = -110
Feb 9 16:43:30 nuc1 [ 313.202932] ath11k_pci 0000:06:00.0: qmi failed to send wlan mode off
Feb 9 16:43:30 nuc1 [ 313.225017] ------------[ cut here ]------------
Feb 9 16:43:30 nuc1 [ 313.225118] DMA-API: ath11k_pci 0000:06:00.0: device driver tries to free DMA memory it has not allocated [device address=0x00000000fffbc000] [size=2047 bytes]
Feb 9 16:43:30 nuc1 [ 313.225146] WARNING: CPU: 2 PID: 94 at kernel/dma/debug.c:963 check_unmap+0x54a/0x8b0
Feb 9 16:43:30 nuc1 [ 313.225173] Modules linked in: ath11k_pci(-) ath11k mac80211 libarc4 cfg80211 qmi_helpers qrtr_mhi mhi qrtr ns mos7840 usbserial nvme nvme_core
Feb 9 16:43:30 nuc1 [ 313.225222] CPU: 2 PID: 94 Comm: kworker/u17:0 Not tainted 5.11.0-rc6 #362
Feb 9 16:43:30 nuc1 [ 313.225243] Hardware name: Intel(R) Client Systems NUC8i7HVK/NUC8i7HVB, BIOS HNKBLi70.86A.0049.2018.0801.1601 08/01/2018
Feb 9 16:43:30 nuc1 [ 313.225263] Workqueue: mhi_hiprio_wq mhi_pm_st_worker [mhi]
Feb 9 16:43:30 nuc1 [ 313.225290] RIP: 0010:check_unmap+0x54a/0x8b0
Feb 9 16:43:30 nuc1 [ 313.225312] Code: 4d 85 e4 75 03 4c 8b 27 4c 89 04 24 e8 8f 78 66 00 4c 8b 04 24 48 89 c6 4c 89 e9 4c 89 e2 48 c7 c7 c8 be 16 8f e8 26 39 ae 00 <0f> 0b 44 8b 1d 6d c2 9b 01 45 85 db 0f 84 5f 02 00 00 48 83 c4 18
Feb 9 16:43:30 nuc1 [ 313.225333] RSP: 0018:ffffbab5c08f3ab0 EFLAGS: 00010282
Feb 9 16:43:30 nuc1 [ 313.225355] RAX: 0000000000000000 RBX: 00000000fffbc000 RCX: ffff99dbf55d9fb8
Feb 9 16:43:30 nuc1 [ 313.225375] RDX: 00000000ffffffd8 RSI: 0000000000000027 RDI: ffff99dbf55d9fb0
Feb 9 16:43:30 nuc1 [ 313.225395] RBP: ffffbab5c08f3b00 R08: 0000000000000001 R09: 0000000000000000
Feb 9 16:43:30 nuc1 [ 313.225415] R10: 0000000000000003 R11: 3fffffffffffffff R12: ffff99da84c525d0
Feb 9 16:43:30 nuc1 [ 313.225434] R13: 00000000fffbc000 R14: ffffffff90b96c90 R15: 0000000000000000
Feb 9 16:43:30 nuc1 [ 313.225453] FS: 0000000000000000(0000) GS:ffff99dbf5400000(0000) knlGS:0000000000000000
Feb 9 16:43:30 nuc1 [ 313.225479] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
Feb 9 16:43:30 nuc1 [ 313.225500] CR2: 0000556d03a34250 CR3: 000000010d9e2003 CR4: 00000000003706e0
Feb 9 16:43:30 nuc1 [ 313.225520] Call Trace:
Feb 9 16:43:30 nuc1 [ 313.225541] ? __lock_acquire+0x3bd/0x6d0
Feb 9 16:43:30 nuc1 [ 313.225565] debug_dma_free_coherent+0xb0/0xf0
Feb 9 16:43:30 nuc1 [ 313.225594] ? mhi_driver_remove+0x11d/0x290 [mhi]
Feb 9 16:43:30 nuc1 [ 313.225620] ? __mutex_lock+0x6ca/0x8f0
Feb 9 16:43:30 nuc1 [ 313.225643] ? qcom_mhi_qrtr_remove+0x18/0x30 [qrtr_mhi]
Feb 9 16:43:30 nuc1 [ 313.225668] dma_free_attrs+0x48/0xb0
Feb 9 16:43:30 nuc1 [ 313.225710] mhi_driver_remove+0x21e/0x290 [mhi]
Feb 9 16:43:30 nuc1 [ 313.225742] __device_release_driver+0x17b/0x230
Feb 9 16:43:30 nuc1 [ 313.225767] device_release_driver+0x21/0x30
Feb 9 16:43:30 nuc1 [ 313.225797] bus_remove_device+0xed/0x160
Feb 9 16:43:30 nuc1 [ 313.225829] device_del+0x187/0x3e0
Feb 9 16:43:30 nuc1 [ 313.225858] ? kobject_cleanup+0x4f/0x140
Feb 9 16:43:30 nuc1 [ 313.225892] mhi_destroy_device+0x5e/0x90 [mhi]
Feb 9 16:43:30 nuc1 [ 313.225927] ? mhi_unmap_single_use_bb+0x50/0x50 [mhi]
Feb 9 16:43:30 nuc1 [ 313.225962] device_for_each_child+0x53/0x90
Feb 9 16:43:30 nuc1 [ 313.225996] mhi_pm_disable_transition+0xe4/0x4c0 [mhi]
Feb 9 16:43:30 nuc1 [ 313.226034] ? do_wait_intr_irq+0xc0/0xc0
Feb 9 16:43:30 nuc1 [ 313.226072] mhi_pm_st_worker+0x178/0x260 [mhi]
Feb 9 16:43:30 nuc1 [ 313.226115] process_one_work+0x279/0x5b0
Feb 9 16:43:30 nuc1 [ 313.226155] worker_thread+0x1c5/0x300
Feb 9 16:43:30 nuc1 [ 313.226182] ? process_one_work+0x5b0/0x5b0
Feb 9 16:43:30 nuc1 [ 313.226205] kthread+0x135/0x150
Feb 9 16:43:30 nuc1 [ 313.226227] ? __kthread_bind_mask+0x60/0x60
Feb 9 16:43:30 nuc1 [ 313.226252] ret_from_fork+0x22/0x30
Feb 9 16:43:30 nuc1 [ 313.226282] irq event stamp: 22013
Feb 9 16:43:30 nuc1 [ 313.226302] hardirqs last enabled at (22021): [<ffffffff8dcdac78>] console_unlock+0x368/0x440
Feb 9 16:43:30 nuc1 [ 313.226324] hardirqs last disabled at (22028): [<ffffffff8dcdac6e>] console_unlock+0x35e/0x440
Feb 9 16:43:30 nuc1 [ 313.226345] softirqs last enabled at (21486): [<ffffffffc0446263>] __mhi_unprepare_channel+0x173/0x1b0 [mhi]
Feb 9 16:43:30 nuc1 [ 313.226368] softirqs last disabled at (21482): [<ffffffffc044608d>] mhi_reset_chan+0x2d/0x90 [mhi]
Feb 9 16:43:30 nuc1 [ 313.226391] ---[ end trace 7ed7d298f27ad9e8 ]---
Feb 9 16:43:30 nuc1 [ 313.226415] page:00000000c0d397ee refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x173bec
Feb 9 16:43:30 nuc1 [ 313.226439] flags: 0x200000000000000()
Feb 9 16:43:30 nuc1 [ 313.226462] raw: 0200000000000000 ffffdb57c58ff808 ffffdb57c5cf1888 0000000000000000
Feb 9 16:43:30 nuc1 [ 313.226485] raw: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000000
Feb 9 16:43:30 nuc1 [ 313.226506] page dumped because: VM_BUG_ON_PAGE(page_ref_count(page) == 0)
Feb 9 16:43:30 nuc1 [ 313.226532] ------------[ cut here ]------------
Feb 9 16:43:30 nuc1 [ 313.226554] kernel BUG at include/linux/mm.h:723!
Feb 9 16:43:30 nuc1 [ 313.226578] invalid opcode: 0000 [#1] SMP DEBUG_PAGEALLOC PTI
Feb 9 16:43:30 nuc1 [ 313.226594] CPU: 2 PID: 94 Comm: kworker/u17:0 Tainted: G W 5.11.0-rc6 #362
Feb 9 16:43:30 nuc1 [ 313.226607] Hardware name: Intel(R) Client Systems NUC8i7HVK/NUC8i7HVB, BIOS HNKBLi70.86A.0049.2018.0801.1601 08/01/2018
Feb 9 16:43:30 nuc1 [ 313.226621] Workqueue: mhi_hiprio_wq mhi_pm_st_worker [mhi]
Feb 9 16:43:30 nuc1 [ 313.226638] RIP: 0010:__free_pages+0x7e/0x90
Feb 9 16:43:30 nuc1 [ 313.226651] Code: 28 d8 ff ff eb d1 85 f6 75 09 5b 5d 41 5c e9 b9 fe ff ff 5b 31 d2 5d 41 5c e9 0e d8 ff ff 48 c7 c6 30 b5 14 8f e8 c2 9d fd ff <0f> 0b 5b 5d 41 5c c3 66 66 2e 0f 1f 84 00 00 00 00 00 48 85 ff 75
Feb 9 16:43:30 nuc1 [ 313.226665] RSP: 0018:ffffbab5c08f3c20 EFLAGS: 00010246
Feb 9 16:43:30 nuc1 [ 313.226683] RAX: 000000000000003e RBX: ffff99dade8bd028 RCX: ffff99dbf55d9fb8
Feb 9 16:43:30 nuc1 [ 313.226700] RDX: 0000000000000000 RSI: 0000000000000027 RDI: ffff99dbf55d9fb0
Feb 9 16:43:30 nuc1 [ 313.226712] RBP: ffffdb57c5cefb00 R08: 0000000000000001 R09: 0000000000000000
Feb 9 16:43:30 nuc1 [ 313.226725] R10: 0000000000000003 R11: 3fffffffffffffff R12: ffff99dade8bd000
Feb 9 16:43:30 nuc1 [ 313.226736] R13: ffffbab5c1ec8480 R14: ffffbab5c1ec8420 R15: ffffbab5c1ec85a0
Feb 9 16:43:30 nuc1 [ 313.226747] FS: 0000000000000000(0000) GS:ffff99dbf5400000(0000) knlGS:0000000000000000
Feb 9 16:43:30 nuc1 [ 313.226760] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
Feb 9 16:43:30 nuc1 [ 313.226774] CR2: 0000556d03a34250 CR3: 000000010d9e2003 CR4: 00000000003706e0
Feb 9 16:43:30 nuc1 [ 313.226788] Call Trace:
Feb 9 16:43:30 nuc1 [ 313.226801] mhi_driver_remove+0x21e/0x290 [mhi]
Feb 9 16:43:30 nuc1 [ 313.226818] __device_release_driver+0x17b/0x230
Feb 9 16:43:30 nuc1 [ 313.226833] device_release_driver+0x21/0x30
Feb 9 16:43:30 nuc1 [ 313.226845] bus_remove_device+0xed/0x160
Feb 9 16:43:30 nuc1 [ 313.226859] device_del+0x187/0x3e0
Feb 9 16:43:30 nuc1 [ 313.226871] ? kobject_cleanup+0x4f/0x140
Feb 9 16:43:30 nuc1 [ 313.226884] mhi_destroy_device+0x5e/0x90 [mhi]
Feb 9 16:43:30 nuc1 [ 313.226901] ? mhi_unmap_single_use_bb+0x50/0x50 [mhi]
Feb 9 16:43:30 nuc1 [ 313.226917] device_for_each_child+0x53/0x90
Feb 9 16:43:30 nuc1 [ 313.226931] mhi_pm_disable_transition+0xe4/0x4c0 [mhi]
Feb 9 16:43:30 nuc1 [ 313.226947] ? do_wait_intr_irq+0xc0/0xc0
Feb 9 16:43:30 nuc1 [ 313.226962] mhi_pm_st_worker+0x178/0x260 [mhi]
Feb 9 16:43:30 nuc1 [ 313.226978] process_one_work+0x279/0x5b0
Feb 9 16:43:30 nuc1 [ 313.226993] worker_thread+0x1c5/0x300
Feb 9 16:43:30 nuc1 [ 313.227007] ? process_one_work+0x5b0/0x5b0
Feb 9 16:43:30 nuc1 [ 313.227022] kthread+0x135/0x150
Feb 9 16:43:30 nuc1 [ 313.227036] ? __kthread_bind_mask+0x60/0x60
Feb 9 16:43:30 nuc1 [ 313.227049] ret_from_fork+0x22/0x30
Feb 9 16:43:30 nuc1 [ 313.227064] Modules linked in: ath11k_pci(-) ath11k mac80211 libarc4 cfg80211 qmi_helpers qrtr_mhi mhi qrtr ns mos7840 usbserial nvme nvme_core
Feb 9 16:43:30 nuc1 [ 313.227242] ---[ end trace 7ed7d298f27ad9e9 ]---
Feb 9 16:43:30 nuc1 [ 313.227263] RIP: 0010:__free_pages+0x7e/0x90
Feb 9 16:43:30 nuc1 [ 313.227282] Code: 28 d8 ff ff eb d1 85 f6 75 09 5b 5d 41 5c e9 b9 fe ff ff 5b 31 d2 5d 41 5c e9 0e d8 ff ff 48 c7 c6 30 b5 14 8f e8 c2 9d fd ff <0f> 0b 5b 5d 41 5c c3 66 66 2e 0f 1f 84 00 00 00 00 00 48 85 ff 75
Feb 9 16:43:30 nuc1 [ 313.227300] RSP: 0018:ffffbab5c08f3c20 EFLAGS: 00010246
Feb 9 16:43:30 nuc1 [ 313.227318] RAX: 000000000000003e RBX: ffff99dade8bd028 RCX: ffff99dbf55d9fb8
Feb 9 16:43:30 nuc1 [ 313.227336] RDX: 0000000000000000 RSI: 0000000000000027 RDI: ffff99dbf55d9fb0
Feb 9 16:43:30 nuc1 [ 313.227353] RBP: ffffdb57c5cefb00 R08: 0000000000000001 R09: 0000000000000000
Feb 9 16:43:30 nuc1 [ 313.227370] R10: 0000000000000003 R11: 3fffffffffffffff R12: ffff99dade8bd000
Feb 9 16:43:30 nuc1 [ 313.227388] R13: ffffbab5c1ec8480 R14: ffffbab5c1ec8420 R15: ffffbab5c1ec85a0
Feb 9 16:43:30 nuc1 [ 313.227414] FS: 0000000000000000(0000) GS:ffff99dbf5400000(0000) knlGS:0000000000000000
Feb 9 16:43:30 nuc1 [ 313.227432] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
Feb 9 16:43:30 nuc1 [ 313.227446] CR2: 0000556d03a34250 CR3: 000000010d9e2003 CR4: 00000000003706e0
Feb 9 16:43:30 nuc1 [ 313.227463] Kernel panic - not syncing: Fatal exception
Feb 9 16:43:30 nuc1 [ 313.228478] Kernel Offset: 0xcc00000 from 0xffffffff81000000 (relocation range: 0xffffffff80000000-0xffffffffbfffffff)
Feb 9 16:43:30 nuc1 [ 313.228492] Rebooting in 10 seconds..
And this is the commit in question:
commit a7f422f2f89e7d48aa66e6488444a4c7f01269d5
Author: Loic Poulain <loic.poulain@linaro.org>
AuthorDate: Fri Oct 9 11:07:14 2020 +0200
Commit: Manivannan Sadhasivam <manivannan.sadhasivam@linaro.org>
CommitDate: Wed Nov 18 15:20:34 2020 +0530
bus: mhi: Fix channel close issue on driver remove
Some MHI device drivers need to stop the channels in their driver
remove callback (e.g. module unloading), but the unprepare function
is aborted because MHI core moved the channels to suspended state
prior calling driver remove callback. This prevents the driver to
send a proper MHI RESET CHAN command to the device. Device is then
unaware of the stopped state of these channels.
This causes issue when driver tries to start the channels again (e.g.
module is reloaded), since device considers channels as already
started (inconsistent state).
Fix this by allowing channel reset when channel is suspended.
Signed-off-by: Loic Poulain <loic.poulain@linaro.org>
Reviewed-by: Manivannan Sadhasivam <manivannan.sadhasivam@linaro.org>
Reviewed-by: Bhaumik Bhatt <bbhatt@codeaurora.org>
Signed-off-by: Manivannan Sadhasivam <manivannan.sadhasivam@linaro.org>
^ permalink raw reply [flat|nested] 6+ messages in thread
* [regression] mhi: rmmod ath11k_pci crashing on v5.11
@ 2021-02-09 14:48 ` Kalle Valo
0 siblings, 0 replies; 6+ messages in thread
From: Kalle Valo @ 2021-02-09 14:48 UTC (permalink / raw)
To: Loic Poulain
Cc: linux-arm-msm, Hemant Kumar, ath11k, Bhaumik Bhatt,
Manivannan Sadhasivam
Hi Loic,
I noticed that v5.11-rc6 was crashing on my ath11k test box with
QCA6390. The box was down for few weeks so I only noticed it late in the
cycle. After some manual testing I found out that reverting this commit
fixes the issue:
a7f422f2f89e bus: mhi: Fix channel close issue on driver remove
The crash happens when I issue 'sudo rmmod ath11k_pci' and it happens
every time. Through netconsole I get:
Feb 9 16:43:30 nuc1 [ 313.202778] ath11k_pci 0000:06:00.0: qmi failed set mode request, mode: 4, err = -110
Feb 9 16:43:30 nuc1 [ 313.202932] ath11k_pci 0000:06:00.0: qmi failed to send wlan mode off
Feb 9 16:43:30 nuc1 [ 313.225017] ------------[ cut here ]------------
Feb 9 16:43:30 nuc1 [ 313.225118] DMA-API: ath11k_pci 0000:06:00.0: device driver tries to free DMA memory it has not allocated [device address=0x00000000fffbc000] [size=2047 bytes]
Feb 9 16:43:30 nuc1 [ 313.225146] WARNING: CPU: 2 PID: 94 at kernel/dma/debug.c:963 check_unmap+0x54a/0x8b0
Feb 9 16:43:30 nuc1 [ 313.225173] Modules linked in: ath11k_pci(-) ath11k mac80211 libarc4 cfg80211 qmi_helpers qrtr_mhi mhi qrtr ns mos7840 usbserial nvme nvme_core
Feb 9 16:43:30 nuc1 [ 313.225222] CPU: 2 PID: 94 Comm: kworker/u17:0 Not tainted 5.11.0-rc6 #362
Feb 9 16:43:30 nuc1 [ 313.225243] Hardware name: Intel(R) Client Systems NUC8i7HVK/NUC8i7HVB, BIOS HNKBLi70.86A.0049.2018.0801.1601 08/01/2018
Feb 9 16:43:30 nuc1 [ 313.225263] Workqueue: mhi_hiprio_wq mhi_pm_st_worker [mhi]
Feb 9 16:43:30 nuc1 [ 313.225290] RIP: 0010:check_unmap+0x54a/0x8b0
Feb 9 16:43:30 nuc1 [ 313.225312] Code: 4d 85 e4 75 03 4c 8b 27 4c 89 04 24 e8 8f 78 66 00 4c 8b 04 24 48 89 c6 4c 89 e9 4c 89 e2 48 c7 c7 c8 be 16 8f e8 26 39 ae 00 <0f> 0b 44 8b 1d 6d c2 9b 01 45 85 db 0f 84 5f 02 00 00 48 83 c4 18
Feb 9 16:43:30 nuc1 [ 313.225333] RSP: 0018:ffffbab5c08f3ab0 EFLAGS: 00010282
Feb 9 16:43:30 nuc1 [ 313.225355] RAX: 0000000000000000 RBX: 00000000fffbc000 RCX: ffff99dbf55d9fb8
Feb 9 16:43:30 nuc1 [ 313.225375] RDX: 00000000ffffffd8 RSI: 0000000000000027 RDI: ffff99dbf55d9fb0
Feb 9 16:43:30 nuc1 [ 313.225395] RBP: ffffbab5c08f3b00 R08: 0000000000000001 R09: 0000000000000000
Feb 9 16:43:30 nuc1 [ 313.225415] R10: 0000000000000003 R11: 3fffffffffffffff R12: ffff99da84c525d0
Feb 9 16:43:30 nuc1 [ 313.225434] R13: 00000000fffbc000 R14: ffffffff90b96c90 R15: 0000000000000000
Feb 9 16:43:30 nuc1 [ 313.225453] FS: 0000000000000000(0000) GS:ffff99dbf5400000(0000) knlGS:0000000000000000
Feb 9 16:43:30 nuc1 [ 313.225479] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
Feb 9 16:43:30 nuc1 [ 313.225500] CR2: 0000556d03a34250 CR3: 000000010d9e2003 CR4: 00000000003706e0
Feb 9 16:43:30 nuc1 [ 313.225520] Call Trace:
Feb 9 16:43:30 nuc1 [ 313.225541] ? __lock_acquire+0x3bd/0x6d0
Feb 9 16:43:30 nuc1 [ 313.225565] debug_dma_free_coherent+0xb0/0xf0
Feb 9 16:43:30 nuc1 [ 313.225594] ? mhi_driver_remove+0x11d/0x290 [mhi]
Feb 9 16:43:30 nuc1 [ 313.225620] ? __mutex_lock+0x6ca/0x8f0
Feb 9 16:43:30 nuc1 [ 313.225643] ? qcom_mhi_qrtr_remove+0x18/0x30 [qrtr_mhi]
Feb 9 16:43:30 nuc1 [ 313.225668] dma_free_attrs+0x48/0xb0
Feb 9 16:43:30 nuc1 [ 313.225710] mhi_driver_remove+0x21e/0x290 [mhi]
Feb 9 16:43:30 nuc1 [ 313.225742] __device_release_driver+0x17b/0x230
Feb 9 16:43:30 nuc1 [ 313.225767] device_release_driver+0x21/0x30
Feb 9 16:43:30 nuc1 [ 313.225797] bus_remove_device+0xed/0x160
Feb 9 16:43:30 nuc1 [ 313.225829] device_del+0x187/0x3e0
Feb 9 16:43:30 nuc1 [ 313.225858] ? kobject_cleanup+0x4f/0x140
Feb 9 16:43:30 nuc1 [ 313.225892] mhi_destroy_device+0x5e/0x90 [mhi]
Feb 9 16:43:30 nuc1 [ 313.225927] ? mhi_unmap_single_use_bb+0x50/0x50 [mhi]
Feb 9 16:43:30 nuc1 [ 313.225962] device_for_each_child+0x53/0x90
Feb 9 16:43:30 nuc1 [ 313.225996] mhi_pm_disable_transition+0xe4/0x4c0 [mhi]
Feb 9 16:43:30 nuc1 [ 313.226034] ? do_wait_intr_irq+0xc0/0xc0
Feb 9 16:43:30 nuc1 [ 313.226072] mhi_pm_st_worker+0x178/0x260 [mhi]
Feb 9 16:43:30 nuc1 [ 313.226115] process_one_work+0x279/0x5b0
Feb 9 16:43:30 nuc1 [ 313.226155] worker_thread+0x1c5/0x300
Feb 9 16:43:30 nuc1 [ 313.226182] ? process_one_work+0x5b0/0x5b0
Feb 9 16:43:30 nuc1 [ 313.226205] kthread+0x135/0x150
Feb 9 16:43:30 nuc1 [ 313.226227] ? __kthread_bind_mask+0x60/0x60
Feb 9 16:43:30 nuc1 [ 313.226252] ret_from_fork+0x22/0x30
Feb 9 16:43:30 nuc1 [ 313.226282] irq event stamp: 22013
Feb 9 16:43:30 nuc1 [ 313.226302] hardirqs last enabled at (22021): [<ffffffff8dcdac78>] console_unlock+0x368/0x440
Feb 9 16:43:30 nuc1 [ 313.226324] hardirqs last disabled at (22028): [<ffffffff8dcdac6e>] console_unlock+0x35e/0x440
Feb 9 16:43:30 nuc1 [ 313.226345] softirqs last enabled at (21486): [<ffffffffc0446263>] __mhi_unprepare_channel+0x173/0x1b0 [mhi]
Feb 9 16:43:30 nuc1 [ 313.226368] softirqs last disabled at (21482): [<ffffffffc044608d>] mhi_reset_chan+0x2d/0x90 [mhi]
Feb 9 16:43:30 nuc1 [ 313.226391] ---[ end trace 7ed7d298f27ad9e8 ]---
Feb 9 16:43:30 nuc1 [ 313.226415] page:00000000c0d397ee refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x173bec
Feb 9 16:43:30 nuc1 [ 313.226439] flags: 0x200000000000000()
Feb 9 16:43:30 nuc1 [ 313.226462] raw: 0200000000000000 ffffdb57c58ff808 ffffdb57c5cf1888 0000000000000000
Feb 9 16:43:30 nuc1 [ 313.226485] raw: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000000
Feb 9 16:43:30 nuc1 [ 313.226506] page dumped because: VM_BUG_ON_PAGE(page_ref_count(page) == 0)
Feb 9 16:43:30 nuc1 [ 313.226532] ------------[ cut here ]------------
Feb 9 16:43:30 nuc1 [ 313.226554] kernel BUG at include/linux/mm.h:723!
Feb 9 16:43:30 nuc1 [ 313.226578] invalid opcode: 0000 [#1] SMP DEBUG_PAGEALLOC PTI
Feb 9 16:43:30 nuc1 [ 313.226594] CPU: 2 PID: 94 Comm: kworker/u17:0 Tainted: G W 5.11.0-rc6 #362
Feb 9 16:43:30 nuc1 [ 313.226607] Hardware name: Intel(R) Client Systems NUC8i7HVK/NUC8i7HVB, BIOS HNKBLi70.86A.0049.2018.0801.1601 08/01/2018
Feb 9 16:43:30 nuc1 [ 313.226621] Workqueue: mhi_hiprio_wq mhi_pm_st_worker [mhi]
Feb 9 16:43:30 nuc1 [ 313.226638] RIP: 0010:__free_pages+0x7e/0x90
Feb 9 16:43:30 nuc1 [ 313.226651] Code: 28 d8 ff ff eb d1 85 f6 75 09 5b 5d 41 5c e9 b9 fe ff ff 5b 31 d2 5d 41 5c e9 0e d8 ff ff 48 c7 c6 30 b5 14 8f e8 c2 9d fd ff <0f> 0b 5b 5d 41 5c c3 66 66 2e 0f 1f 84 00 00 00 00 00 48 85 ff 75
Feb 9 16:43:30 nuc1 [ 313.226665] RSP: 0018:ffffbab5c08f3c20 EFLAGS: 00010246
Feb 9 16:43:30 nuc1 [ 313.226683] RAX: 000000000000003e RBX: ffff99dade8bd028 RCX: ffff99dbf55d9fb8
Feb 9 16:43:30 nuc1 [ 313.226700] RDX: 0000000000000000 RSI: 0000000000000027 RDI: ffff99dbf55d9fb0
Feb 9 16:43:30 nuc1 [ 313.226712] RBP: ffffdb57c5cefb00 R08: 0000000000000001 R09: 0000000000000000
Feb 9 16:43:30 nuc1 [ 313.226725] R10: 0000000000000003 R11: 3fffffffffffffff R12: ffff99dade8bd000
Feb 9 16:43:30 nuc1 [ 313.226736] R13: ffffbab5c1ec8480 R14: ffffbab5c1ec8420 R15: ffffbab5c1ec85a0
Feb 9 16:43:30 nuc1 [ 313.226747] FS: 0000000000000000(0000) GS:ffff99dbf5400000(0000) knlGS:0000000000000000
Feb 9 16:43:30 nuc1 [ 313.226760] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
Feb 9 16:43:30 nuc1 [ 313.226774] CR2: 0000556d03a34250 CR3: 000000010d9e2003 CR4: 00000000003706e0
Feb 9 16:43:30 nuc1 [ 313.226788] Call Trace:
Feb 9 16:43:30 nuc1 [ 313.226801] mhi_driver_remove+0x21e/0x290 [mhi]
Feb 9 16:43:30 nuc1 [ 313.226818] __device_release_driver+0x17b/0x230
Feb 9 16:43:30 nuc1 [ 313.226833] device_release_driver+0x21/0x30
Feb 9 16:43:30 nuc1 [ 313.226845] bus_remove_device+0xed/0x160
Feb 9 16:43:30 nuc1 [ 313.226859] device_del+0x187/0x3e0
Feb 9 16:43:30 nuc1 [ 313.226871] ? kobject_cleanup+0x4f/0x140
Feb 9 16:43:30 nuc1 [ 313.226884] mhi_destroy_device+0x5e/0x90 [mhi]
Feb 9 16:43:30 nuc1 [ 313.226901] ? mhi_unmap_single_use_bb+0x50/0x50 [mhi]
Feb 9 16:43:30 nuc1 [ 313.226917] device_for_each_child+0x53/0x90
Feb 9 16:43:30 nuc1 [ 313.226931] mhi_pm_disable_transition+0xe4/0x4c0 [mhi]
Feb 9 16:43:30 nuc1 [ 313.226947] ? do_wait_intr_irq+0xc0/0xc0
Feb 9 16:43:30 nuc1 [ 313.226962] mhi_pm_st_worker+0x178/0x260 [mhi]
Feb 9 16:43:30 nuc1 [ 313.226978] process_one_work+0x279/0x5b0
Feb 9 16:43:30 nuc1 [ 313.226993] worker_thread+0x1c5/0x300
Feb 9 16:43:30 nuc1 [ 313.227007] ? process_one_work+0x5b0/0x5b0
Feb 9 16:43:30 nuc1 [ 313.227022] kthread+0x135/0x150
Feb 9 16:43:30 nuc1 [ 313.227036] ? __kthread_bind_mask+0x60/0x60
Feb 9 16:43:30 nuc1 [ 313.227049] ret_from_fork+0x22/0x30
Feb 9 16:43:30 nuc1 [ 313.227064] Modules linked in: ath11k_pci(-) ath11k mac80211 libarc4 cfg80211 qmi_helpers qrtr_mhi mhi qrtr ns mos7840 usbserial nvme nvme_core
Feb 9 16:43:30 nuc1 [ 313.227242] ---[ end trace 7ed7d298f27ad9e9 ]---
Feb 9 16:43:30 nuc1 [ 313.227263] RIP: 0010:__free_pages+0x7e/0x90
Feb 9 16:43:30 nuc1 [ 313.227282] Code: 28 d8 ff ff eb d1 85 f6 75 09 5b 5d 41 5c e9 b9 fe ff ff 5b 31 d2 5d 41 5c e9 0e d8 ff ff 48 c7 c6 30 b5 14 8f e8 c2 9d fd ff <0f> 0b 5b 5d 41 5c c3 66 66 2e 0f 1f 84 00 00 00 00 00 48 85 ff 75
Feb 9 16:43:30 nuc1 [ 313.227300] RSP: 0018:ffffbab5c08f3c20 EFLAGS: 00010246
Feb 9 16:43:30 nuc1 [ 313.227318] RAX: 000000000000003e RBX: ffff99dade8bd028 RCX: ffff99dbf55d9fb8
Feb 9 16:43:30 nuc1 [ 313.227336] RDX: 0000000000000000 RSI: 0000000000000027 RDI: ffff99dbf55d9fb0
Feb 9 16:43:30 nuc1 [ 313.227353] RBP: ffffdb57c5cefb00 R08: 0000000000000001 R09: 0000000000000000
Feb 9 16:43:30 nuc1 [ 313.227370] R10: 0000000000000003 R11: 3fffffffffffffff R12: ffff99dade8bd000
Feb 9 16:43:30 nuc1 [ 313.227388] R13: ffffbab5c1ec8480 R14: ffffbab5c1ec8420 R15: ffffbab5c1ec85a0
Feb 9 16:43:30 nuc1 [ 313.227414] FS: 0000000000000000(0000) GS:ffff99dbf5400000(0000) knlGS:0000000000000000
Feb 9 16:43:30 nuc1 [ 313.227432] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
Feb 9 16:43:30 nuc1 [ 313.227446] CR2: 0000556d03a34250 CR3: 000000010d9e2003 CR4: 00000000003706e0
Feb 9 16:43:30 nuc1 [ 313.227463] Kernel panic - not syncing: Fatal exception
Feb 9 16:43:30 nuc1 [ 313.228478] Kernel Offset: 0xcc00000 from 0xffffffff81000000 (relocation range: 0xffffffff80000000-0xffffffffbfffffff)
Feb 9 16:43:30 nuc1 [ 313.228492] Rebooting in 10 seconds..
And this is the commit in question:
commit a7f422f2f89e7d48aa66e6488444a4c7f01269d5
Author: Loic Poulain <loic.poulain@linaro.org>
AuthorDate: Fri Oct 9 11:07:14 2020 +0200
Commit: Manivannan Sadhasivam <manivannan.sadhasivam@linaro.org>
CommitDate: Wed Nov 18 15:20:34 2020 +0530
bus: mhi: Fix channel close issue on driver remove
Some MHI device drivers need to stop the channels in their driver
remove callback (e.g. module unloading), but the unprepare function
is aborted because MHI core moved the channels to suspended state
prior calling driver remove callback. This prevents the driver to
send a proper MHI RESET CHAN command to the device. Device is then
unaware of the stopped state of these channels.
This causes issue when driver tries to start the channels again (e.g.
module is reloaded), since device considers channels as already
started (inconsistent state).
Fix this by allowing channel reset when channel is suspended.
Signed-off-by: Loic Poulain <loic.poulain@linaro.org>
Reviewed-by: Manivannan Sadhasivam <manivannan.sadhasivam@linaro.org>
Reviewed-by: Bhaumik Bhatt <bbhatt@codeaurora.org>
Signed-off-by: Manivannan Sadhasivam <manivannan.sadhasivam@linaro.org>
--
ath11k mailing list
ath11k@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/ath11k
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [regression] mhi: rmmod ath11k_pci crashing on v5.11
2021-02-09 14:48 ` Kalle Valo
@ 2021-02-09 15:21 ` Loic Poulain
-1 siblings, 0 replies; 6+ messages in thread
From: Loic Poulain @ 2021-02-09 15:21 UTC (permalink / raw)
To: Kalle Valo
Cc: Manivannan Sadhasivam, Bhaumik Bhatt, ath11k, linux-arm-msm,
Hemant Kumar
Hi Kalle,
On Tue, 9 Feb 2021 at 15:48, Kalle Valo <kvalo@codeaurora.org> wrote:
>
> Hi Loic,
>
> I noticed that v5.11-rc6 was crashing on my ath11k test box with
> QCA6390. The box was down for few weeks so I only noticed it late in the
> cycle. After some manual testing I found out that reverting this commit
> fixes the issue:
>
> a7f422f2f89e bus: mhi: Fix channel close issue on driver remove
>
> The crash happens when I issue 'sudo rmmod ath11k_pci' and it happens
> every time. Through netconsole I get:
>
> Feb 9 16:43:30 nuc1 [ 313.202778] ath11k_pci 0000:06:00.0: qmi failed set mode request, mode: 4, err = -110
> Feb 9 16:43:30 nuc1 [ 313.202932] ath11k_pci 0000:06:00.0: qmi failed to send wlan mode off
> Feb 9 16:43:30 nuc1 [ 313.225017] ------------[ cut here ]------------
> Feb 9 16:43:30 nuc1 [ 313.225118] DMA-API: ath11k_pci 0000:06:00.0: device driver tries to free DMA memory it has not allocated [device address=0x00000000fffbc000] [size=2047 bytes]
> Feb 9 16:43:30 nuc1 [ 313.225146] WARNING: CPU: 2 PID: 94 at kernel/dma/debug.c:963 check_unmap+0x54a/0x8b0
> Feb 9 16:43:30 nuc1 [ 313.225173] Modules linked in: ath11k_pci(-) ath11k mac80211 libarc4 cfg80211 qmi_helpers qrtr_mhi mhi qrtr ns mos7840 usbserial nvme nvme_core
> Feb 9 16:43:30 nuc1 [ 313.225222] CPU: 2 PID: 94 Comm: kworker/u17:0 Not tainted 5.11.0-rc6 #362
> Feb 9 16:43:30 nuc1 [ 313.225243] Hardware name: Intel(R) Client Systems NUC8i7HVK/NUC8i7HVB, BIOS HNKBLi70.86A.0049.2018.0801.1601 08/01/2018
> Feb 9 16:43:30 nuc1 [ 313.225263] Workqueue: mhi_hiprio_wq mhi_pm_st_worker [mhi]
> Feb 9 16:43:30 nuc1 [ 313.225290] RIP: 0010:check_unmap+0x54a/0x8b0
> Feb 9 16:43:30 nuc1 [ 313.225312] Code: 4d 85 e4 75 03 4c 8b 27 4c 89 04 24 e8 8f 78 66 00 4c 8b 04 24 48 89 c6 4c 89 e9 4c 89 e2 48 c7 c7 c8 be 16 8f e8 26 39 ae 00 <0f> 0b 44 8b 1d 6d c2 9b 01 45 85 db 0f 84 5f 02 00 00 48 83 c4 18
> Feb 9 16:43:30 nuc1 [ 313.225333] RSP: 0018:ffffbab5c08f3ab0 EFLAGS: 00010282
> Feb 9 16:43:30 nuc1 [ 313.225355] RAX: 0000000000000000 RBX: 00000000fffbc000 RCX: ffff99dbf55d9fb8
> Feb 9 16:43:30 nuc1 [ 313.225375] RDX: 00000000ffffffd8 RSI: 0000000000000027 RDI: ffff99dbf55d9fb0
> Feb 9 16:43:30 nuc1 [ 313.225395] RBP: ffffbab5c08f3b00 R08: 0000000000000001 R09: 0000000000000000
> Feb 9 16:43:30 nuc1 [ 313.225415] R10: 0000000000000003 R11: 3fffffffffffffff R12: ffff99da84c525d0
> Feb 9 16:43:30 nuc1 [ 313.225434] R13: 00000000fffbc000 R14: ffffffff90b96c90 R15: 0000000000000000
> Feb 9 16:43:30 nuc1 [ 313.225453] FS: 0000000000000000(0000) GS:ffff99dbf5400000(0000) knlGS:0000000000000000
> Feb 9 16:43:30 nuc1 [ 313.225479] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
> Feb 9 16:43:30 nuc1 [ 313.225500] CR2: 0000556d03a34250 CR3: 000000010d9e2003 CR4: 00000000003706e0
> Feb 9 16:43:30 nuc1 [ 313.225520] Call Trace:
> Feb 9 16:43:30 nuc1 [ 313.225541] ? __lock_acquire+0x3bd/0x6d0
> Feb 9 16:43:30 nuc1 [ 313.225565] debug_dma_free_coherent+0xb0/0xf0
> Feb 9 16:43:30 nuc1 [ 313.225594] ? mhi_driver_remove+0x11d/0x290 [mhi]
> Feb 9 16:43:30 nuc1 [ 313.225620] ? __mutex_lock+0x6ca/0x8f0
> Feb 9 16:43:30 nuc1 [ 313.225643] ? qcom_mhi_qrtr_remove+0x18/0x30 [qrtr_mhi]
> Feb 9 16:43:30 nuc1 [ 313.225668] dma_free_attrs+0x48/0xb0
> Feb 9 16:43:30 nuc1 [ 313.225710] mhi_driver_remove+0x21e/0x290 [mhi]
> Feb 9 16:43:30 nuc1 [ 313.225742] __device_release_driver+0x17b/0x230
Ok, I think it's because there are two paths leading to
'mhi_deinit_chan_ctxt' and causing double page free (driver's remove
callback via channel_unprepare and mhi_driver_remove via deinit loop).
Checking and going to provide a fix.
Regards,
Loic
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [regression] mhi: rmmod ath11k_pci crashing on v5.11
@ 2021-02-09 15:21 ` Loic Poulain
0 siblings, 0 replies; 6+ messages in thread
From: Loic Poulain @ 2021-02-09 15:21 UTC (permalink / raw)
To: Kalle Valo
Cc: linux-arm-msm, Hemant Kumar, ath11k, Bhaumik Bhatt,
Manivannan Sadhasivam
Hi Kalle,
On Tue, 9 Feb 2021 at 15:48, Kalle Valo <kvalo@codeaurora.org> wrote:
>
> Hi Loic,
>
> I noticed that v5.11-rc6 was crashing on my ath11k test box with
> QCA6390. The box was down for few weeks so I only noticed it late in the
> cycle. After some manual testing I found out that reverting this commit
> fixes the issue:
>
> a7f422f2f89e bus: mhi: Fix channel close issue on driver remove
>
> The crash happens when I issue 'sudo rmmod ath11k_pci' and it happens
> every time. Through netconsole I get:
>
> Feb 9 16:43:30 nuc1 [ 313.202778] ath11k_pci 0000:06:00.0: qmi failed set mode request, mode: 4, err = -110
> Feb 9 16:43:30 nuc1 [ 313.202932] ath11k_pci 0000:06:00.0: qmi failed to send wlan mode off
> Feb 9 16:43:30 nuc1 [ 313.225017] ------------[ cut here ]------------
> Feb 9 16:43:30 nuc1 [ 313.225118] DMA-API: ath11k_pci 0000:06:00.0: device driver tries to free DMA memory it has not allocated [device address=0x00000000fffbc000] [size=2047 bytes]
> Feb 9 16:43:30 nuc1 [ 313.225146] WARNING: CPU: 2 PID: 94 at kernel/dma/debug.c:963 check_unmap+0x54a/0x8b0
> Feb 9 16:43:30 nuc1 [ 313.225173] Modules linked in: ath11k_pci(-) ath11k mac80211 libarc4 cfg80211 qmi_helpers qrtr_mhi mhi qrtr ns mos7840 usbserial nvme nvme_core
> Feb 9 16:43:30 nuc1 [ 313.225222] CPU: 2 PID: 94 Comm: kworker/u17:0 Not tainted 5.11.0-rc6 #362
> Feb 9 16:43:30 nuc1 [ 313.225243] Hardware name: Intel(R) Client Systems NUC8i7HVK/NUC8i7HVB, BIOS HNKBLi70.86A.0049.2018.0801.1601 08/01/2018
> Feb 9 16:43:30 nuc1 [ 313.225263] Workqueue: mhi_hiprio_wq mhi_pm_st_worker [mhi]
> Feb 9 16:43:30 nuc1 [ 313.225290] RIP: 0010:check_unmap+0x54a/0x8b0
> Feb 9 16:43:30 nuc1 [ 313.225312] Code: 4d 85 e4 75 03 4c 8b 27 4c 89 04 24 e8 8f 78 66 00 4c 8b 04 24 48 89 c6 4c 89 e9 4c 89 e2 48 c7 c7 c8 be 16 8f e8 26 39 ae 00 <0f> 0b 44 8b 1d 6d c2 9b 01 45 85 db 0f 84 5f 02 00 00 48 83 c4 18
> Feb 9 16:43:30 nuc1 [ 313.225333] RSP: 0018:ffffbab5c08f3ab0 EFLAGS: 00010282
> Feb 9 16:43:30 nuc1 [ 313.225355] RAX: 0000000000000000 RBX: 00000000fffbc000 RCX: ffff99dbf55d9fb8
> Feb 9 16:43:30 nuc1 [ 313.225375] RDX: 00000000ffffffd8 RSI: 0000000000000027 RDI: ffff99dbf55d9fb0
> Feb 9 16:43:30 nuc1 [ 313.225395] RBP: ffffbab5c08f3b00 R08: 0000000000000001 R09: 0000000000000000
> Feb 9 16:43:30 nuc1 [ 313.225415] R10: 0000000000000003 R11: 3fffffffffffffff R12: ffff99da84c525d0
> Feb 9 16:43:30 nuc1 [ 313.225434] R13: 00000000fffbc000 R14: ffffffff90b96c90 R15: 0000000000000000
> Feb 9 16:43:30 nuc1 [ 313.225453] FS: 0000000000000000(0000) GS:ffff99dbf5400000(0000) knlGS:0000000000000000
> Feb 9 16:43:30 nuc1 [ 313.225479] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
> Feb 9 16:43:30 nuc1 [ 313.225500] CR2: 0000556d03a34250 CR3: 000000010d9e2003 CR4: 00000000003706e0
> Feb 9 16:43:30 nuc1 [ 313.225520] Call Trace:
> Feb 9 16:43:30 nuc1 [ 313.225541] ? __lock_acquire+0x3bd/0x6d0
> Feb 9 16:43:30 nuc1 [ 313.225565] debug_dma_free_coherent+0xb0/0xf0
> Feb 9 16:43:30 nuc1 [ 313.225594] ? mhi_driver_remove+0x11d/0x290 [mhi]
> Feb 9 16:43:30 nuc1 [ 313.225620] ? __mutex_lock+0x6ca/0x8f0
> Feb 9 16:43:30 nuc1 [ 313.225643] ? qcom_mhi_qrtr_remove+0x18/0x30 [qrtr_mhi]
> Feb 9 16:43:30 nuc1 [ 313.225668] dma_free_attrs+0x48/0xb0
> Feb 9 16:43:30 nuc1 [ 313.225710] mhi_driver_remove+0x21e/0x290 [mhi]
> Feb 9 16:43:30 nuc1 [ 313.225742] __device_release_driver+0x17b/0x230
Ok, I think it's because there are two paths leading to
'mhi_deinit_chan_ctxt' and causing double page free (driver's remove
callback via channel_unprepare and mhi_driver_remove via deinit loop).
Checking and going to provide a fix.
Regards,
Loic
--
ath11k mailing list
ath11k@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/ath11k
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [regression] mhi: rmmod ath11k_pci crashing on v5.11
2021-02-09 15:21 ` Loic Poulain
@ 2021-02-09 15:25 ` Kalle Valo
-1 siblings, 0 replies; 6+ messages in thread
From: Kalle Valo @ 2021-02-09 15:25 UTC (permalink / raw)
To: Loic Poulain
Cc: linux-arm-msm, Hemant Kumar, ath11k, Bhaumik Bhatt,
Manivannan Sadhasivam
Loic Poulain <loic.poulain@linaro.org> writes:
> On Tue, 9 Feb 2021 at 15:48, Kalle Valo <kvalo@codeaurora.org> wrote:
>>
>> Hi Loic,
>>
>> I noticed that v5.11-rc6 was crashing on my ath11k test box with
>> QCA6390. The box was down for few weeks so I only noticed it late in the
>> cycle. After some manual testing I found out that reverting this commit
>> fixes the issue:
>>
>> a7f422f2f89e bus: mhi: Fix channel close issue on driver remove
>>
>> The crash happens when I issue 'sudo rmmod ath11k_pci' and it happens
>> every time. Through netconsole I get:
>>
>> Feb 9 16:43:30 nuc1 [ 313.202778] ath11k_pci 0000:06:00.0: qmi
>> failed set mode request, mode: 4, err = -110
>> Feb 9 16:43:30 nuc1 [ 313.202932] ath11k_pci 0000:06:00.0: qmi
>> failed to send wlan mode off
>> Feb 9 16:43:30 nuc1 [ 313.225017] ------------[ cut here ]------------
>> Feb 9 16:43:30 nuc1 [ 313.225118] DMA-API: ath11k_pci 0000:06:00.0:
>> device driver tries to free DMA memory it has not allocated [device
>> address=0x00000000fffbc000] [size=2047 bytes]
>> Feb 9 16:43:30 nuc1 [ 313.225146] WARNING: CPU: 2 PID: 94 at
>> kernel/dma/debug.c:963 check_unmap+0x54a/0x8b0
>> Feb 9 16:43:30 nuc1 [ 313.225173] Modules linked in: ath11k_pci(-)
>> ath11k mac80211 libarc4 cfg80211 qmi_helpers qrtr_mhi mhi qrtr ns
>> mos7840 usbserial nvme nvme_core
>> Feb 9 16:43:30 nuc1 [ 313.225222] CPU: 2 PID: 94 Comm: kworker/u17:0
>> Not tainted 5.11.0-rc6 #362
>> Feb 9 16:43:30 nuc1 [ 313.225243] Hardware name: Intel(R) Client
>> Systems NUC8i7HVK/NUC8i7HVB, BIOS HNKBLi70.86A.0049.2018.0801.1601
>> 08/01/2018
>> Feb 9 16:43:30 nuc1 [ 313.225263] Workqueue: mhi_hiprio_wq mhi_pm_st_worker [mhi]
>> Feb 9 16:43:30 nuc1 [ 313.225290] RIP: 0010:check_unmap+0x54a/0x8b0
>> Feb 9 16:43:30 nuc1 [ 313.225312] Code: 4d 85 e4 75 03 4c 8b 27 4c
>> 89 04 24 e8 8f 78 66 00 4c 8b 04 24 48 89 c6 4c 89 e9 4c 89 e2 48 c7
>> c7 c8 be 16 8f e8 26 39 ae 00 <0f> 0b 44 8b 1d 6d c2 9b 01 45 85 db
>> 0f 84 5f 02 00 00 48 83 c4 18
>> Feb 9 16:43:30 nuc1 [ 313.225333] RSP: 0018:ffffbab5c08f3ab0 EFLAGS: 00010282
>> Feb 9 16:43:30 nuc1 [ 313.225355] RAX: 0000000000000000 RBX:
>> 00000000fffbc000 RCX: ffff99dbf55d9fb8
>> Feb 9 16:43:30 nuc1 [ 313.225375] RDX: 00000000ffffffd8 RSI:
>> 0000000000000027 RDI: ffff99dbf55d9fb0
>> Feb 9 16:43:30 nuc1 [ 313.225395] RBP: ffffbab5c08f3b00 R08:
>> 0000000000000001 R09: 0000000000000000
>> Feb 9 16:43:30 nuc1 [ 313.225415] R10: 0000000000000003 R11:
>> 3fffffffffffffff R12: ffff99da84c525d0
>> Feb 9 16:43:30 nuc1 [ 313.225434] R13: 00000000fffbc000 R14:
>> ffffffff90b96c90 R15: 0000000000000000
>> Feb 9 16:43:30 nuc1 [ 313.225453] FS: 0000000000000000(0000)
>> GS:ffff99dbf5400000(0000) knlGS:0000000000000000
>> Feb 9 16:43:30 nuc1 [ 313.225479] CS: 0010 DS: 0000 ES: 0000 CR0:
>> 0000000080050033
>> Feb 9 16:43:30 nuc1 [ 313.225500] CR2: 0000556d03a34250 CR3:
>> 000000010d9e2003 CR4: 00000000003706e0
>> Feb 9 16:43:30 nuc1 [ 313.225520] Call Trace:
>> Feb 9 16:43:30 nuc1 [ 313.225541] ? __lock_acquire+0x3bd/0x6d0
>> Feb 9 16:43:30 nuc1 [ 313.225565] debug_dma_free_coherent+0xb0/0xf0
>> Feb 9 16:43:30 nuc1 [ 313.225594] ? mhi_driver_remove+0x11d/0x290 [mhi]
>> Feb 9 16:43:30 nuc1 [ 313.225620] ? __mutex_lock+0x6ca/0x8f0
>> Feb 9 16:43:30 nuc1 [ 313.225643] ? qcom_mhi_qrtr_remove+0x18/0x30 [qrtr_mhi]
>> Feb 9 16:43:30 nuc1 [ 313.225668] dma_free_attrs+0x48/0xb0
>> Feb 9 16:43:30 nuc1 [ 313.225710] mhi_driver_remove+0x21e/0x290 [mhi]
>> Feb 9 16:43:30 nuc1 [ 313.225742] __device_release_driver+0x17b/0x230
>
> Ok, I think it's because there are two paths leading to
> 'mhi_deinit_chan_ctxt' and causing double page free (driver's remove
> callback via channel_unprepare and mhi_driver_remove via deinit loop).
> Checking and going to provide a fix.
Great, thank you. Feel free to send me any test patches, it's very easy
for me to reproduce the crash.
--
https://patchwork.kernel.org/project/linux-wireless/list/
https://wireless.wiki.kernel.org/en/developers/documentation/submittingpatches
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [regression] mhi: rmmod ath11k_pci crashing on v5.11
@ 2021-02-09 15:25 ` Kalle Valo
0 siblings, 0 replies; 6+ messages in thread
From: Kalle Valo @ 2021-02-09 15:25 UTC (permalink / raw)
To: Loic Poulain
Cc: linux-arm-msm, Bhaumik Bhatt, Manivannan Sadhasivam, ath11k,
Hemant Kumar
Loic Poulain <loic.poulain@linaro.org> writes:
> On Tue, 9 Feb 2021 at 15:48, Kalle Valo <kvalo@codeaurora.org> wrote:
>>
>> Hi Loic,
>>
>> I noticed that v5.11-rc6 was crashing on my ath11k test box with
>> QCA6390. The box was down for few weeks so I only noticed it late in the
>> cycle. After some manual testing I found out that reverting this commit
>> fixes the issue:
>>
>> a7f422f2f89e bus: mhi: Fix channel close issue on driver remove
>>
>> The crash happens when I issue 'sudo rmmod ath11k_pci' and it happens
>> every time. Through netconsole I get:
>>
>> Feb 9 16:43:30 nuc1 [ 313.202778] ath11k_pci 0000:06:00.0: qmi
>> failed set mode request, mode: 4, err = -110
>> Feb 9 16:43:30 nuc1 [ 313.202932] ath11k_pci 0000:06:00.0: qmi
>> failed to send wlan mode off
>> Feb 9 16:43:30 nuc1 [ 313.225017] ------------[ cut here ]------------
>> Feb 9 16:43:30 nuc1 [ 313.225118] DMA-API: ath11k_pci 0000:06:00.0:
>> device driver tries to free DMA memory it has not allocated [device
>> address=0x00000000fffbc000] [size=2047 bytes]
>> Feb 9 16:43:30 nuc1 [ 313.225146] WARNING: CPU: 2 PID: 94 at
>> kernel/dma/debug.c:963 check_unmap+0x54a/0x8b0
>> Feb 9 16:43:30 nuc1 [ 313.225173] Modules linked in: ath11k_pci(-)
>> ath11k mac80211 libarc4 cfg80211 qmi_helpers qrtr_mhi mhi qrtr ns
>> mos7840 usbserial nvme nvme_core
>> Feb 9 16:43:30 nuc1 [ 313.225222] CPU: 2 PID: 94 Comm: kworker/u17:0
>> Not tainted 5.11.0-rc6 #362
>> Feb 9 16:43:30 nuc1 [ 313.225243] Hardware name: Intel(R) Client
>> Systems NUC8i7HVK/NUC8i7HVB, BIOS HNKBLi70.86A.0049.2018.0801.1601
>> 08/01/2018
>> Feb 9 16:43:30 nuc1 [ 313.225263] Workqueue: mhi_hiprio_wq mhi_pm_st_worker [mhi]
>> Feb 9 16:43:30 nuc1 [ 313.225290] RIP: 0010:check_unmap+0x54a/0x8b0
>> Feb 9 16:43:30 nuc1 [ 313.225312] Code: 4d 85 e4 75 03 4c 8b 27 4c
>> 89 04 24 e8 8f 78 66 00 4c 8b 04 24 48 89 c6 4c 89 e9 4c 89 e2 48 c7
>> c7 c8 be 16 8f e8 26 39 ae 00 <0f> 0b 44 8b 1d 6d c2 9b 01 45 85 db
>> 0f 84 5f 02 00 00 48 83 c4 18
>> Feb 9 16:43:30 nuc1 [ 313.225333] RSP: 0018:ffffbab5c08f3ab0 EFLAGS: 00010282
>> Feb 9 16:43:30 nuc1 [ 313.225355] RAX: 0000000000000000 RBX:
>> 00000000fffbc000 RCX: ffff99dbf55d9fb8
>> Feb 9 16:43:30 nuc1 [ 313.225375] RDX: 00000000ffffffd8 RSI:
>> 0000000000000027 RDI: ffff99dbf55d9fb0
>> Feb 9 16:43:30 nuc1 [ 313.225395] RBP: ffffbab5c08f3b00 R08:
>> 0000000000000001 R09: 0000000000000000
>> Feb 9 16:43:30 nuc1 [ 313.225415] R10: 0000000000000003 R11:
>> 3fffffffffffffff R12: ffff99da84c525d0
>> Feb 9 16:43:30 nuc1 [ 313.225434] R13: 00000000fffbc000 R14:
>> ffffffff90b96c90 R15: 0000000000000000
>> Feb 9 16:43:30 nuc1 [ 313.225453] FS: 0000000000000000(0000)
>> GS:ffff99dbf5400000(0000) knlGS:0000000000000000
>> Feb 9 16:43:30 nuc1 [ 313.225479] CS: 0010 DS: 0000 ES: 0000 CR0:
>> 0000000080050033
>> Feb 9 16:43:30 nuc1 [ 313.225500] CR2: 0000556d03a34250 CR3:
>> 000000010d9e2003 CR4: 00000000003706e0
>> Feb 9 16:43:30 nuc1 [ 313.225520] Call Trace:
>> Feb 9 16:43:30 nuc1 [ 313.225541] ? __lock_acquire+0x3bd/0x6d0
>> Feb 9 16:43:30 nuc1 [ 313.225565] debug_dma_free_coherent+0xb0/0xf0
>> Feb 9 16:43:30 nuc1 [ 313.225594] ? mhi_driver_remove+0x11d/0x290 [mhi]
>> Feb 9 16:43:30 nuc1 [ 313.225620] ? __mutex_lock+0x6ca/0x8f0
>> Feb 9 16:43:30 nuc1 [ 313.225643] ? qcom_mhi_qrtr_remove+0x18/0x30 [qrtr_mhi]
>> Feb 9 16:43:30 nuc1 [ 313.225668] dma_free_attrs+0x48/0xb0
>> Feb 9 16:43:30 nuc1 [ 313.225710] mhi_driver_remove+0x21e/0x290 [mhi]
>> Feb 9 16:43:30 nuc1 [ 313.225742] __device_release_driver+0x17b/0x230
>
> Ok, I think it's because there are two paths leading to
> 'mhi_deinit_chan_ctxt' and causing double page free (driver's remove
> callback via channel_unprepare and mhi_driver_remove via deinit loop).
> Checking and going to provide a fix.
Great, thank you. Feel free to send me any test patches, it's very easy
for me to reproduce the crash.
--
https://patchwork.kernel.org/project/linux-wireless/list/
https://wireless.wiki.kernel.org/en/developers/documentation/submittingpatches
--
ath11k mailing list
ath11k@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/ath11k
^ permalink raw reply [flat|nested] 6+ messages in thread
end of thread, other threads:[~2021-02-09 15:27 UTC | newest]
Thread overview: 6+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2021-02-09 14:48 [regression] mhi: rmmod ath11k_pci crashing on v5.11 Kalle Valo
2021-02-09 14:48 ` Kalle Valo
2021-02-09 15:21 ` Loic Poulain
2021-02-09 15:21 ` Loic Poulain
2021-02-09 15:25 ` Kalle Valo
2021-02-09 15:25 ` Kalle Valo
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.