Modify

Opened 3 years ago

Closed 3 years ago

#18388 closed defect (fixed)

ath9k oops in rate_control_set_rates kernel 3.10.34

Reported by: mehlis@… Owned by: developers
Priority: normal Milestone:
Component: kernel Version: Attitude Adjustment 12.09
Keywords: ath9k oops rate_control_set_rates Cc:

Description

I got those on my tplink 4300 and tplink3600:

is there a patch already? please point me to the fix commit.

[ 3111.210000] CPU 0 Unable to handle kernel paging request at virtual address 00000048, epc == 86f92c8c, ra == 86f81ff0
[ 3111.220000] Oops[#1]:
[ 3111.220000] CPU: 0 PID: 5743 Comm: kworker/u2:2 Not tainted 3.10.34 #1
[ 3111.220000] Workqueue: phy1 ieee80211_ibss_leave [mac80211]
[ 3111.220000] task: 850214f0 ti: 86bce000 task.ti: 86bce000
[ 3111.220000] $ 0   : 00000000 00000000 ffffffff 00000012
[ 3111.220000] $ 4   : 8692cac0 00000000 86a49e80 86a49e92
[ 3111.220000] $ 8   : 00000001 86fc73d0 00000000 00000000
[ 3111.220000] $12   : 00000000 00000001 0000000f 00000000
[ 3111.220000] $16   : 85f120c0 8509e000 8692cac0 86881a30
[ 3111.220000] $20   : 00000000 00000800 00000001 00000000
[ 3111.220000] $24   : 00004000 80073e84                  
[ 3111.220000] $28   : 86bce000 86bcf958 00000018 86f81ff0
[ 3111.220000] Hi    : 00000000
[ 3111.220000] Lo    : 00000000
[ 3111.220000] epc   : 86f92c8c rate_control_set_rates+0x0/0x168 [mac80211]
[ 3111.220000]     Not tainted
[ 3111.220000] ra    : 86f81ff0 ieee80211_tx_status+0x400/0xd84 [mac80211]
[ 3111.220000] Status: 1100dc03 KERNEL EXL IE 
[ 3111.220000] Cause : 00800008
[ 3111.220000] BadVA : 00000048
[ 3111.220000] PrId  : 0001974c (MIPS 74Kc)
[ 3111.220000] Modules linked in: ath9k ath9k_common pppoe ppp_async iptable_nat ath9k_hw ath rndis_host pppox ppp_generic pl2303 nf_nat_ipv4 nf_conntrack_ipv4 mac80211 ipt_MASQUERADE ftdi_sio ebtable_nat ebtable_filter ebtable_broute cp210x cfg80211 cdc_ether xt_time xt_tcpudp xt_tcpmss xt_statistic xt_state xt_policy xt_nat xt_multiport xt_mark xt_mac xt_limit xt_length xt_hl xt_esp xt_ecn xt_dscp xt_conntrack xt_comment xt_TCPMSS xt_REDIRECT xt_LOG xt_HL xt_DSCP xt_CT xt_CLASSIFY usbserial usbnet slhc rfcomm nf_nat_irc nf_nat_ftp nf_nat nf_defrag_ipv4 nf_conntrack_irc nf_conntrack_ftp macvlan iptable_raw iptable_mangle iptable_filter ipt_ah ipt_REJECT ipt_ECN ip_tables hidp hci_uart ebtables ebt_vlan ebt_stp ebt_snat ebt_redirect ebt_pkttype ebt_mark_m ebt_mark ebt_limit ebt_ip ebt_dnat ebt_arpreply ebt_arp ebt_among ebt_802_3 crc_ccitt compat btusb bnep bluetooth hid evdev input_core ledtrig_usbdev batman_adv libcrc32c crc16 ip6t_REJECT ip6t_rt ip6t_hbh ip6t_mh ip6t_ipv6header ip6t_frag ip6t_eui64 ip6t_ah ip6table_raw ip6table_mangle ip6table_filter ip6_tables x_tables nf_conntrack_ipv6 nf_conntrack nf_defrag_ipv6 ip_gre gre ipcomp6 xfrm6_tunnel xfrm6_mode_tunnel xfrm6_mode_transport xfrm6_mode_beet esp6 ah6 ipcomp xfrm4_tunnel xfrm4_mode_tunnel xfrm4_mode_transport xfrm4_mode_beet esp4 ah4 ipip tunnel6 tunnel4 ip_tunnel tun af_key xfrm_user xfrm_ipcomp xfrm_algo ipv6 chainiv eseqiv crypto_wq sha1_generic krng rng crypto_null md5 mcespi hmac des_generic deflate zlib_inflate zlib_deflate cbc authenc aead arc4 crypto_blkcipher uhci_hcd ohci_hcd ehci_pci ehci_platform ehci_hcd gpio_button_hotplug usbcore nls_base usb_common crc32c crypto_hash
[ 3111.220000] Process kworker/u2:2 (pid: 5743, threadinfo=86bce000, task=850214f0, tls=00000000)
[ 3111.220000] Stack : 00000001 00000000 86bcfa10 00000001 85f120c0 00000000 00000000 00000000
          00000010 00000000 00000000 8692e774 8687d188 00000800 8788a030 8687d440
          86f4e480 86f4e480 86bcf9d8 8692d440 8692de98 8692d440 86930010 00100100
          00200200 00000006 00000018 86867fb4 86930010 868660dc 8692ded0 8693ea28
          86bcf9d8 86bcf9d8 00000000 00100100 00200200 8692ded0 8693ea28 8686af10
          ...
[ 3111.220000] Call Trace:
[ 3111.220000] [<86f92c8c>] rate_control_set_rates+0x0/0x168 [mac80211]
[ 3111.220000] [<86f81ff0>] ieee80211_tx_status+0x400/0xd84 [mac80211]
[ 3111.220000] [<86867fb4>] ath_txq_unlock_complete+0xa4/0xbc [ath9k]
[ 3111.220000] [<8686af10>] ath_tx_edma_tasklet+0x258/0x298 [ath9k]
[ 3111.220000] [<8686424c>] ath9k_tasklet+0x1d4/0x230 [ath9k]
[ 3111.220000] [<8007e0c0>] tasklet_action+0x84/0xcc
[ 3111.220000] [<8007d8c0>] __do_softirq+0xd0/0x1b8
[ 3111.220000] [<8007da48>] do_softirq+0x48/0x68
[ 3111.220000] [<8007dc7c>] irq_exit+0x54/0x70
[ 3111.220000] [<80060830>] ret_from_irq+0x0/0x4
[ 3111.220000] [<80064888>] __bzero+0x4c/0x164
[ 3111.220000] [<86fc2280>] minstrel_remove_sta_debugfs+0xe8c/0x1674 [mac80211]
[ 3111.220000] 
[ 3111.220000] 
Code: 8fb00014  08019c54  27bd0020 <8ca40048> 10800009  aca60048  27bdffe8  afbf0014  0c02ccaa 
[ 3111.590000] ---[ end trace c403514238d2a762 ]---
[ 3111.600000] Kernel panic - not syncing: Fatal exception in interrupt
[ 3111.600000] Rebooting in 3 seconds..
[ 1236.870000] CPU 0 Unable to handle kernel paging request at virtual address 00000048, epc == 86f92c8c, ra == 86f81ff0
[ 1236.880000] Oops[#1]:
[ 1236.880000] CPU: 0 PID: 382 Comm: kworker/u2:2 Not tainted 3.10.34 #1
[ 1236.880000] Workqueue: phy1 ieee80211_ibss_leave [mac80211]
[ 1236.880000] task: 8790f240 ti: 87b60000 task.ti: 87b60000
[ 1236.880000] $ 0   : 00000000 00000000 ffffffff 00000012
[ 1236.880000] $ 4   : 86934ac0 00000000 86972880 86972892
[ 1236.880000] $ 8   : 00000001 86fc73d0 00000000 00000000
[ 1236.880000] $12   : 00000000 00000001 0000000f 00000000
[ 1236.880000] $16   : 86b15780 86a0e000 86934ac0 86f6c830
[ 1236.880000] $20   : 00000003 00000800 00000001 00000000
[ 1236.880000] $24   : 00004000 00000000                  
[ 1236.880000] $28   : 87b60000 87b61958 00000018 86f81ff0
[ 1236.880000] Hi    : 00000000
[ 1236.880000] Lo    : 00000000
[ 1236.880000] epc   : 86f92c8c rate_control_set_rates+0x0/0x168 [mac80211]
[ 1236.880000]     Not tainted
[ 1236.880000] ra    : 86f81ff0 ieee80211_tx_status+0x400/0xd84 [mac80211]
[ 1236.880000] Status: 1100dc03 KERNEL EXL IE 
[ 1236.880000] Cause : 00800008
[ 1236.880000] BadVA : 00000048
[ 1236.880000] PrId  : 0001974c (MIPS 74Kc)
[ 1236.880000] Modules linked in: ath9k ath9k_common pppoe ppp_async iptable_nat ath9k_hw ath rndis_host pppox ppp_generic pl2303 nf_nat_ipv4 nf_conntrack_ipv4 mac80211 ipt_MASQUERADE ftdi_sio ebtable_nat ebtable_filter ebtable_broute cp210x cfg80211 cdc_ether xt_time xt_tcpudp xt_tcpmss xt_statistic xt_state xt_policy xt_nat xt_multiport xt_mark xt_mac xt_limit xt_length xt_hl xt_esp xt_ecn xt_dscp xt_conntrack xt_comment xt_TCPMSS xt_REDIRECT xt_LOG xt_HL xt_DSCP xt_CT xt_CLASSIFY usbserial usbnet slhc rfcomm nf_nat_irc nf_nat_ftp nf_nat nf_defrag_ipv4 nf_conntrack_irc nf_conntrack_ftp macvlan iptable_raw iptable_mangle iptable_filter ipt_ah ipt_REJECT ipt_ECN ip_tables hidp hci_uart ebtables ebt_vlan ebt_stp ebt_snat ebt_redirect ebt_pkttype ebt_mark_m ebt_mark ebt_limit ebt_ip ebt_dnat ebt_arpreply ebt_arp ebt_among ebt_802_3 crc_ccitt compat btusb bnep bluetooth hid evdev input_core ledtrig_usbdev batman_adv libcrc32c crc16 ip6t_REJECT ip6t_rt ip6t_hbh ip6t_mh ip6t_ipv6header ip6t_frag ip6t_eui64 ip6t_ah ip6table_raw ip6table_mangle ip6table_filter ip6_tables x_tables nf_conntrack_ipv6 nf_conntrack nf_defrag_ipv6 ip_gre gre ipcomp6 xfrm6_tunnel xfrm6_mode_tunnel xfrm6_mode_transport xfrm6_mode_beet esp6 ah6 ipcomp xfrm4_tunnel xfrm4_mode_tunnel xfrm4_mode_transport xfrm4_mode_beet esp4 ah4 ipip tunnel6 tunnel4 ip_tunnel tun af_key xfrm_user xfrm_ipcomp xfrm_algo ipv6 chainiv eseqiv crypto_wq sha1_generic krng rng crypto_null md5 mcespi hmac des_generic deflate zlib_inflate zlib_deflate cbc authenc aead arc4 crypto_blkcipher uhci_hcd ohci_hcd ehci_pci ehci_platform ehci_hcd gpio_button_hotplug usbcore nls_base usb_common crc32c crypto_hash
[ 1236.880000] Process kworker/u2:2 (pid: 382, threadinfo=87b60000, task=8790f240, tls=00000000)
[ 1236.880000] Stack : 00000001 00000000 87b61a10 00000001 86b15780 00000000 00000000 00000003
          00000010 00000000 00000001 86936774 8687d188 00000800 8788a030 8790f240
          85e48cc0 8790f240 87b619d8 86935440 86935e98 86935440 86938010 00100100
          00200200 00000006 00000018 86867fb4 00000001 00000000 86935ed8 86955528
          87b619d8 87b619d8 00000000 00100100 00200200 86935ed8 86955528 8686af10
          ...
[ 1236.880000] Call Trace:
[ 1236.880000] [<86f92c8c>] rate_control_set_rates+0x0/0x168 [mac80211]
[ 1236.880000] [<86f81ff0>] ieee80211_tx_status+0x400/0xd84 [mac80211]
[ 1236.880000] [<86867fb4>] ath_txq_unlock_complete+0xa4/0xbc [ath9k]
[ 1236.880000] [<8686af10>] ath_tx_edma_tasklet+0x258/0x298 [ath9k]
[ 1236.880000] [<8686424c>] ath9k_tasklet+0x1d4/0x230 [ath9k]
[ 1236.880000] [<8007e0c0>] tasklet_action+0x84/0xcc
[ 1236.880000] [<8007d8c0>] __do_softirq+0xd0/0x1b8
[ 1236.880000] [<8007da48>] do_softirq+0x48/0x68
[ 1236.880000] [<8007dc7c>] irq_exit+0x54/0x70
[ 1236.880000] [<80060830>] ret_from_irq+0x0/0x4
[ 1236.880000] [<800648a4>] __bzero+0x68/0x164
[ 1236.880000] [<86fc2280>] minstrel_remove_sta_debugfs+0xe8c/0x1674 [mac80211]
[ 1236.880000] 
[ 1236.880000] 
Code: 8fb00014  08019c54  27bd0020 <8ca40048> 10800009  aca60048  27bdffe8  afbf0014  0c02ccaa 
[ 1237.260000] ---[ end trace e867b37493d8a989 ]---
[ 1237.260000] Kernel panic - not syncing: Fatal exception in interrupt
[ 1237.260000] Rebooting in 3 seconds..
}}

Attachments (0)

Change History (13)

comment:1 Changed 3 years ago by nbd

  • Resolution set to worksforme
  • Status changed from new to closed

You seem to be using a trunk version that is quite old. Please update to latest Barrier Breaker or trunk.

comment:2 Changed 3 years ago by mehlis@…

  • Resolution worksforme deleted
  • Status changed from closed to reopened

comment:3 Changed 3 years ago by anonymous

same problem reported here: /ticket/18431.html

comment:4 Changed 3 years ago by anonymous

Found a patch for this problem: http://www.spinics.net/lists/linux-wireless/msg133693.html

I have applied it via

wget http://article.gmane.org/gmane.linux.kernel.wireless.general/134816/raw -O package/kernel/mac80211/patches/331-mac80211-fix-rate_control_set_rates-crash.patch
make package/mac80211/clean
make -j5

Seems to fix it

comment:5 Changed 3 years ago by mehlis@…

I'm rolling out this fix to customers, will update this ticket with results from that in 24 hours!

comment:6 Changed 3 years ago by anonymous

however imho that patch seems to paper over the real bug: a race condition without proper serialization

comment:7 Changed 3 years ago by nbd

please try copying http://nbd.name/990-mac80211-rate-lock.patch to package/kernel/mac80211/patches and check if that fixes the problem

comment:8 Changed 3 years ago by anonymous

just for documentation the stacktrace in trunk from today without any patches:

[  310.870000] CPU 0 Unable to handle kernel paging request at virtual address 00000048, epc == 86e93c68, ra == 86e8233c
[  310.880000] Oops[#1]:
[  310.880000] CPU: 0 PID: 273 Comm: kworker/u2:2 Not tainted 3.18.7 #5
[  310.880000] Workqueue: phy1 ieee80211_ibss_leave [mac80211]
[  310.880000] task: 878e5838 ti: 87986000 task.ti: 87986000
[  310.880000] $ 0   : 00000000 00000000 ffffffff 00000012
[  310.880000] $ 4   : 86960ae0 00000000 85eddb80 85eddb92
[  310.880000] $ 8   : 00000000 00000001 00000009 86ece004
[  310.880000] $12   : 00000038 00000000 00000000 00000001
[  310.880000] $16   : 00000000 86960ae0 86960ae0 85cd4430
[  310.880000] $20   : 00000800 00000001 00000000 85190198
[  310.880000] $24   : 00000000 00000000                  
[  310.880000] $28   : 87986000 87987920 00000018 86e8233c
[  310.880000] Hi    : 00000000
[  310.880000] Lo    : 00000000
[  310.880000] epc   : 86e93c68 rate_control_set_rates+0x18/0x124 [mac80211]
[  310.880000]     Not tainted
[  310.880000] ra    : 86e8233c ieee80211_tx_status+0x3a4/0xcc8 [mac80211]
[  310.880000] Status: 1100dc03 KERNEL EXL IE 
[  310.880000] Cause : 00800008
[  310.880000] BadVA : 00000048
[  310.880000] PrId  : 0001974c (MIPS 74Kc)
[  310.880000] Modules linked in: iptable_nat ath9k nf_nat_ipv4 nf_conntrack_ipv6 nf_conntrack_ipv4 ipt_REJECT ipt_MASQUERADE ebtable_nat ebtable_filter ebtable_broute ath9k_common xt_time xt_tcpudp xt_tcpmss xt_string xt_statistic xt_state xt_recent xt_quota xt_policy xt_pkttype xt_physdev xt_owner xt_nat xt_multiport xt_mark xt_mac xt_limit xt_length xt_id xt_hl xt_helper xt_esp xt_ecn xt_dscp xt_conntrack xt_connmark xt_connlimit xt_connbytes xt_comment xt_addrtype xt_TCPMSS xt_REDIRECT xt_NETMAP xt_LOG xt_IPMARK xt_HL xt_DSCP xt_CT xt_CLASSIFY ts_kmp ts_fsm ts_bm nf_reject_ipv4 nf_nat_masquerade_ipv4 nf_nat nf_log_ipv4 nf_defrag_ipv6 nf_defrag_ipv4 nf_conntrack_rtcache nf_conntrack_netlink nf_conntrack macvlan iptable_raw iptable_mangle iptable_filter ipt_ah ipt_ECN ip_tables ebtables ebt_vlan ebt_stp ebt_snat ebt_redirect ebt_pkttype ebt_mark_m ebt_mark ebt_limit ebt_ip ebt_dnat ebt_arpreply ebt_arp ebt_among ebt_802_3 crc_ccitt compat_xtables ath9k_hw arptable_filter arpt_mangle arp_tables em_cmp sch_teql em_nbyte sch_codel sch_dsmark em_meta sch_gred sch_htb cls_basic act_ipt sch_red act_police em_text sch_tbf sch_sfq sch_prio act_skbedit act_mirred em_u32 cls_u32 cls_tcindex cls_flow cls_route cls_fw sch_hfsc sch_ingress ath10k_pci ath10k_core ath mac80211 cfg80211 compat ledtrig_usbdev batman_adv libcrc32c crc16 xt_set ip_set_list_set ip_set_hash_netport ip_set_hash_netiface ip_set_hash_net ip_set_hash_ipportnet ip_set_hash_ipportip ip_set_hash_ipport ip_set_hash_ip ip_set_bitmap_port ip_set_bitmap_ipmac ip_set_bitmap_ip ip_set nfnetlink ip6t_REJECT nf_reject_ipv6 nf_log_ipv6 nf_log_common ip6table_raw ip6table_mangle ip6table_filter ip6_tables x_tables ipcomp6 xfrm6_tunnel xfrm6_mode_tunnel xfrm6_mode_transport xfrm6_mode_beet esp6 ah6 ipcomp xfrm4_tunnel xfrm4_mode_tunnel xfrm4_mode_transport xfrm4_mode_beet esp4 ah4 ipip tunnel6 tunnel4 ip_tunnel af_key xfrm_user xfrm_ipcomp xfrm_algo ipv6 chainiv eseqiv crypto_wq sha1_generic krng rng md5 hmac des_generic deflate zlib_inflate zlib_deflate cbc authenc aead arc4 crypto_blkcipher uhci_hcd ehci_pci ehci_platform ehci_hcd gpio_button_hotplug usbcore nls_base usb_common crc32c_generic crypto_hash
[  310.880000] Process kworker/u2:2 (pid: 273, threadinfo=87986000, task=878e5838, tls=00000000)
[  310.880000] Stack : 85190180 87ac6000 00000000 85cd4430 00000800 85190180 87ac6000 85190180
          87ac6000 86e8233c 879879f8 00000001 00000097 00000001 85190198 00000020
          00000000 00000000 87987ad8 86922010 87987970 00000000 86922168 00000000
          869616c0 00000800 879879c0 869616c0 869616c0 8696d800 86922010 00100100
          00200200 00000006 00000018 86807328 00000000 00000000 869620c8 86962078
          ...
[  310.880000] Call Trace:
[  310.880000] [<86e93c68>] rate_control_set_rates+0x18/0x124 [mac80211]
[  310.880000] [<86e8233c>] ieee80211_tx_status+0x3a4/0xcc8 [mac80211]
[  310.880000] [<86807328>] ath_txq_unlock_complete+0xac/0xc4 [ath9k]
[  310.880000] [<8680a69c>] ath_tx_edma_tasklet+0x248/0x288 [ath9k]
[  310.880000] [<86803cf8>] ath9k_tasklet+0x1d4/0x230 [ath9k]
[  310.880000] [<802819cc>] tasklet_action+0x84/0xcc
[  310.880000] [<80091290>] __do_softirq+0xf8/0x230
[  310.880000] [<8019c93c>] irq_exit+0x54/0x70
[  310.880000] [<80060830>] ret_from_irq+0x0/0x4
[  310.880000] [<80064ec4>] __bzero+0x48/0x164
[  310.880000] [<86ec8300>] minstrel_remove_sta_debugfs+0x1238/0x1bc0 [mac80211]
[  310.880000] 
[  310.880000] 
Code: afbf0024  00808821  00a08021 <8ca40048> 10800003  aca60048  0c03f4aa  00002821  8e05fc74 
[  311.300000] ---[ end trace e069d4fc8d1af39b ]---
[  311.310000] Kernel panic - not syncing: Fatal exception in interrupt
[  311.310000] Rebooting in 3 seconds..

comment:9 Changed 3 years ago by mehlis@…

@ndb: I integrated your patch and couldn't see the problem anymore in my dev setup. Wifi works as expected. I hope to give some customer experience by the end of this week (or the next one).

comment:11 Changed 3 years ago by anonymous

The patch from nbd didn't work for me and it crashed in less than an hour.

I am currently testing the patch from https://patchwork.kernel.org/patch/5982631/raw/
It didn't crash yet but I will report back when it does

comment:12 Changed 3 years ago by anonymous

The patch from nbd didn't work for me and it crashed in less than an hour.

I am currently testing the patch from https://patchwork.kernel.org/patch/5982631/raw/
It didn't crash yet but I will report back when it does

comment:13 Changed 3 years ago by nbd

  • Resolution set to fixed
  • Status changed from reopened to closed

fixed in r44655

Add Comment

Modify Ticket

Action
as closed .
The resolution will be deleted. Next status will be 'reopened'.
Author


E-mail address and user name can be saved in the Preferences.

 
Note: See TracTickets for help on using tickets.