Created attachment 289093 [details]
Crash due to bug in ath9k
I've upgraded my XUbuntu to 20.04. Since then I've encountered several crashes.
Apparently, there's a bug in ath9k...
See attached kernel trace
I believe you're hitting a double-free in a kfree_skb() added by this commit, which first appeared in 5.4:
Author: Navid Emamdoost <email@example.com>
Date: Fri Sep 6 13:59:30 2019 -0500
ath9k: release allocated buffer if timed out
It would seem that this patch is buggy and probably should be reverted. IIUC, we've already "submitted" the SKB to another layer at that point, and that layer should be responsible for freeing it (e.g., in hif_usb_regout_cb).
I wonder about the author's other patches, which all seem to be the same sort of mechanical (likely-untested) "leak-fixing" patches...
It looks like this is already reverted in linux-next:
Author: Qiujun Huang <firstname.lastname@example.org>
Date: Sat Apr 4 12:18:34 2020 +0800
ath9k: Fix use-after-free Read in htc_connect_service
It's on its way to 5.8:
If you have the ability to apply that patch to your own kernel, you might give it a try. Hopefully we can get it queued to -stable eventually.
*** Bug 207797 has been marked as a duplicate of this bug. ***
For the record, the patch was merged to v5.4.47 (and other newer kernels)