search

openwrt / openwrt

This repository is a mirror of https://git.openwrt.org/openwrt/openwrt.git It is for reference only and is not active for check-ins. We will continue to accept Pull Requests here. They will be merged via staging trees then into openwrt.git.
Other
20.2k stars 10.47k forks source link

FS#1443 - Kernel Oops when Fragmentation is Set #7947

Closed openwrt-bot closed 4 years ago

openwrt-bot commented 6 years ago

biergaizi:

When fragmentation is set for wireless on ar71xx, kernel oops keep bombard the kernel log buffer with a bunch of error messages. [10600.002288] ------------[ cut here ]------------ [10600.006927] WARNING: CPU: 0 PID: 7 at compat-wireless-2017-01-31/net/mac80211/tx.c:946 0x80e289c4 [mac80211@80e00000+0x60780]() [10600.018367] Modules linked in: ath9k ath9k_common pppoe ppp_async iptable_nat ath9k_hw ath pppox ppp_generic nf_nat_ipv4 nf_conntrack_ipv6 nf_conntrack_ipv4 mac80211 ipt_REJECT ipt_MASQUERADE cfg80211 xt_time xt_tcpudp xt_tcpmss xt_statistic xt_state xt_recent xt_nat xt_multiport xt_mark xt_mac xt_limit xt_length xt_hl xt_helper xt_ecn xt_dscp xt_conntrack xt_connmark xt_connlimit xt_connbytes xt_comment xt_TCPMSS xt_REDIRECT xt_LOG xt_HL xt_DSCP xt_CT xt_CLASSIFY slhc nf_reject_ipv4 nf_nat_redirect nf_nat_masquerade_ipv4 nf_nat nf_log_ipv4 nf_defrag_ipv6 nf_defrag_ipv4 nf_conntrack_rtcache iptable_mangle iptable_filter ipt_ECN ip_tables crc_ccitt compat sch_cake nf_conntrack act_skbedit act_mirred em_u32 cls_u32 cls_tcindex cls_flow cls_route cls_fw sch_tbf sch_htb sch_hfsc sch_ingress ip6t_REJECT nf_reject_ipv6 nf_log_ipv6 nf_log_common ip6table_mangle ip6table_filter ip6_tables x_tables ifb gpio_button_hotplug [10600.099694] CPU: 0 PID: 7 Comm: kworker/u2:1 Tainted: G W 4.4.71 #0 [10600.107090] Workqueue: phy0 0x80e13adc [mac80211@80e00000+0x60780] [10600.113263] Stack : 80a7f000 0000001a 80dd4b40 800a71dc 00000000 00000000 00000000 00000000 [10600.113263] 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 [10600.113263] 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 [10600.113263] 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 [10600.113263] 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 [10600.113263] ... [10600.148989] Call Trace:[<800a71dc>] 0x800a71dc [10600.153474] [<80071a50>] 0x80071a50 [10600.156954] [<80071a50>] 0x80071a50 [10600.160435] [<80081804>] 0x80081804 [10600.163949] [<80e289c4>] 0x80e289c4 [mac80211@80e00000+0x60780] [10600.169876] [<800818bc>] 0x800818bc [10600.173398] [<80e289c4>] 0x80e289c4 [mac80211@80e00000+0x60780] [10600.179349] [<80e2b6e0>] 0x80e2b6e0 [mac80211@80e00000+0x60780] [10600.185347] [<80de9d1c>] 0x80de9d1c [ath9k@80de0000+0x16650] [10600.190999] [<80de8520>] 0x80de8520 [ath9k@80de0000+0x16650] [10600.196672] [<80de9e04>] 0x80de9e04 [ath9k@80de0000+0x16650] [10600.202323] [<80e22550>] 0x80e22550 [mac80211@80e00000+0x60780] [10600.208254] [<81bdc5d0>] 0x81bdc5d0 [cls_u32@81bdc000+0x1a00] [10600.214050] [<80de85b0>] 0x80de85b0 [ath9k@80de0000+0x16650] [10600.219736] [<80dea9b4>] 0x80dea9b4 [ath9k@80de0000+0x16650] [10600.225410] [<80de7fbc>] 0x80de7fbc [ath9k@80de0000+0x16650] [10600.231113] [<80deb4f4>] 0x80deb4f4 [ath9k@80de0000+0x16650] [10600.236786] [<80260400>] 0x80260400 [10600.240328] [<80debea8>] 0x80debea8 [ath9k@80de0000+0x16650] [10600.246034] [<80de4a7c>] 0x80de4a7c [ath9k@80de0000+0x16650] [10600.251692] [<800843c4>] 0x800843c4 [10600.255188] [<80083d80>] 0x80083d80 [10600.258692] [<80dea69c>] 0x80dea69c [ath9k@80de0000+0x16650] [10600.264362] [<80083ea8>] 0x80083ea8 [10600.267845] [<80083f50>] 0x80083f50 [10600.271345] [<80e31598>] 0x80e31598 [mac80211@80e00000+0x60780] [10600.277285] [<80e0e3dc>] 0x80e0e3dc [mac80211@80e00000+0x60780] [10600.283211] [<8009f02c>] 0x8009f02c [10600.286708] [<80e0f47c>] 0x80e0f47c [mac80211@80e00000+0x60780] [10600.292633] [<80e0ef8c>] 0x80e0ef8c [mac80211@80e00000+0x60780] [10600.298567] [<80e13d00>] 0x80e13d00 [mac80211@80e00000+0x60780] [10600.304499] [<8009f4a8>] 0x8009f4a8 [10600.308024] [<800930b8>] 0x800930b8 [10600.311565] [<80093ecc>] 0x80093ecc [10600.315075] [<80093c1c>] 0x80093c1c [10600.318567] [<80093c1c>] 0x80093c1c [10600.322047] [<80098284>] 0x80098284 [10600.325575] [<800981ac>] 0x800981ac [10600.329065] [<80060878>] 0x80060878 [10600.332562] [10600.334054] ---[ end trace 881b2fdc0bf96a94 ]--- [10600.338693] ------------[ cut here ]------------

This kernel oops is triggered by a warning at compat-wireless-2017-01-31/net/mac80211/tx.c:946 :

941 / 942 Warn when submitting a fragmented A-MPDU frame and drop it. 943 This scenario is handled in ieee80211_tx_prepare but extra 944 caution taken here as fragmented ampdu may cause Tx stop. 945 */ 946 if (WARN_ON(info->flags & IEEE80211_TX_CTL_AMPDU)) 947 return TX_DROP;

It seems a fragmented A-MPDU frame is submitted to ieee80211_tx_h_fragment incorrectly by the driver?

openwrt-bot commented 6 years ago

biergaizi:

Still occurs in the latest trunk.

[ 4777.620819] ------------[ cut here ]------------ [ 4777.625609] WARNING: CPU: 0 PID: 0 at backports-2017-11-01/net/mac80211/tx.c:942 ieee80211_probereq_get+0x448/0x1648 [mac80211] [ 4777.637081] Modules linked in: ath9k ath9k_common pppoe ppp_async ath9k_hw ath pppox ppp_generic nf_conntrack_ipv6 mac80211 iptable_nat ipt_REJECT ipt_MASQUERADE cfg80211 xt_time xt_tcpudp xt_state xt_nat xt_multiport xt_mark xt_mac xt_limit xt_conntrack xt_comment xt_TCPMSS xt_REDIRECT xt_LOG xt_CT slhc nf_reject_ipv4 nf_nat_redirect nf_nat_masquerade_ipv4 nf_conntrack_ipv4 nf_nat_ipv4 nf_nat nf_log_ipv4 nf_defrag_ipv6 nf_defrag_ipv4 nf_conntrack_rtcache nf_conntrack iptable_mangle iptable_filter ip_tables crc_ccitt compat ip6t_REJECT nf_reject_ipv6 nf_log_ipv6 nf_log_common ip6table_mangle ip6table_filter ip6_tables x_tables gpio_button_hotplug [ 4777.694583] CPU: 0 PID: 0 Comm: swapper Not tainted 4.9.87 #0 [ 4777.700319] Stack : 804d74fa 00000031 00000000 00000001 8047b6d4 8047b347 8042cb38 00000000 [ 4777.708716] 804d3640 000003ae 0000001a 80d60b80 80d4e008 800a8e50 80432368 80480000 [ 4777.717102] 00000003 000003ae 80430520 81809b1c 80d4e008 800d75bc 804d74fa 00000073 [ 4777.725492] 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 [ 4777.733899] 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 [ 4777.742297] ... [ 4777.744744] Call Trace: [ 4777.747208] [<8006aef0>] show_stack+0x70/0x8c [ 4777.751580] [<8007fc74>] __warn+0x110/0x118 [ 4777.755757] [<8007fd10>] warn_slowpath_null+0x1c/0x2c [ 4777.760926] [<80e27b7c>] ieee80211_probereq_get+0x448/0x1648 [mac80211] [ 4777.767581] ---[ end trace 4dfad80db5fe28ce ]---