Bug 196813 - ath10k __sta_info_destroy_part2 crash
Summary: ath10k __sta_info_destroy_part2 crash
Status: NEW
Alias: None
Product: Drivers
Classification: Unclassified
Component: network-wireless (show other bugs)
Hardware: All Linux
: P1 normal
Assignee: drivers_network-wireless@kernel-bugs.osdl.org
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2017-09-03 07:41 UTC by Anton Kochkov
Modified: 2021-05-23 18:55 UTC (History)
2 users (show)

See Also:
Kernel Version: 4.13_rc4
Subsystem:
Regression: No
Bisected commit-id:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Description Anton Kochkov 2017-09-03 07:41:58 UTC 
[   55.296867] wlp2s0: authenticate with 8c:ab:8e:d1:ed:78
[   55.334098] wlp2s0: send auth to 8c:ab:8e:d1:ed:78 (try 1/3)
[   55.334830] wlp2s0: authenticated
[   55.335031] wlp2s0: associate with 8c:ab:8e:d1:ed:78 (try 1/3)
[   55.347454] wlp2s0: RX AssocResp from 8c:ab:8e:d1:ed:78 (capab=0x31 status=0 aid=3)
[   55.350719] wlp2s0: associated
[   55.350799] IPv6: ADDRCONF(NETDEV_CHANGE): wlp2s0: link becomes ready
[   55.355616] ath: EEPROM regdomain: 0x809c
[   55.355619] ath: EEPROM indicates we should expect a country code
[   55.355620] ath: doing EEPROM country->regdmn map search
[   55.355622] ath: country maps to regdmn code: 0x52
[   55.355624] ath: Country alpha2 being used: CN
[   55.355625] ath: Regpair used: 0x52
[   55.355628] ath: regdomain 0x809c dynamically updated by country IE
[19557.148318] wlp2s0: deauthenticating from 8c:ab:8e:d1:ed:78 by local choice (Reason: 3=DEAUTH_LEAVING)
[19560.159273] ath10k_pci 0000:02:00.0: failed to set PS Mode 0 for vdev 0: -11
[19560.159277] ath10k_pci 0000:02:00.0: failed to setup powersave: -11
[19560.159281] ath10k_pci 0000:02:00.0: failed to setup ps on vdev 0: -11
[19565.535228] ath10k_pci 0000:02:00.0: failed to flush transmit queue (skip 0 ar-state 1): 0
[19568.543254] ath10k_pci 0000:02:00.0: failed to install key for vdev 0 peer 8c:ab:8e:d1:ed:78: -11
[19568.543259] wlp2s0: failed to remove key (0, 8c:ab:8e:d1:ed:78) from hardware (-11)
[19571.551243] ath10k_pci 0000:02:00.0: failed to delete peer 8c:ab:8e:d1:ed:78 for vdev 0: -11
[19571.551251] ath10k_pci 0000:02:00.0: found sta peer 8c:ab:8e:d1:ed:78 (ptr ffff88046a38b000 id 43) entry on vdev 0 after it was supposedly removed
[19571.551289] ------------[ cut here ]------------
[19571.551325] WARNING: CPU: 0 PID: 15228 at net/mac80211/sta_info.c:975 __sta_info_destroy_part2+0x112/0x120 [mac80211]
[19571.551326] Modules linked in: ctr ccm 8021q garp stp llc arc4 snd_hda_codec_hdmi snd_hda_codec_realtek snd_hda_codec_generic x86_pkg_temp_thermal coretemp ath10k_pci dell_laptop ath10k_core dell_wmi ath iTCO_wdt sparse_keymap nouveau dell_smbios iTCO_vendor_support dcdbas wmi_bmof uvcvideo snd_hda_intel kvm_intel i915 snd_hda_codec mxm_wmi videobuf2_vmalloc videobuf2_memops dell_smm_hwmon snd_hda_core ttm mac80211 videobuf2_v4l2 btusb kvm iosf_mbi btrtl efi_pstore btbcm snd_hwdep videobuf2_core drm_kms_helper btintel drm irqbypass snd_pcm bluetooth cfg80211 crc32c_intel snd_timer syscopyarea videodev ecdh_generic sysfillrect snd sysimgblt ghash_clmulni_intel rfkill soundcore fb_sys_fops cryptd serio_raw i2c_i801 efivars pcspkr wmi dell_smo8800 video efivarfs xts cbc libiscsi scsi_transport_iscsi
[19571.551425]  vmxnet3 virtio_net virtio_ring virtio tg3 sky2 r8169 pcnet32 mii igb ptp pps_core i2c_algo_bit i2c_core e1000 bnx2 atl1c fuse xfs nfs lockd grace sunrpc fscache jfs reiserfs btrfs ext4 jbd2 ext2 mbcache linear raid10 raid1 raid0 dm_raid raid456 async_raid6_recov async_memcpy async_pq async_xor async_tx xor raid6_pq libcrc32c dm_snapshot dm_bufio dm_crypt dm_mirror dm_region_hash dm_log dm_mod dax firewire_core crc_itu_t sl811_hcd xhci_pci xhci_hcd usb_storage aic94xx libsas lpfc qla2xxx megaraid_sas megaraid_mbox megaraid_mm aacraid sx8 hpsa cciss 3w_9xxx 3w_xxxx 3w_sas mptsas scsi_transport_sas mptfc scsi_transport_fc mptspi mptscsih mptbase imm parport sym53c8xx initio arcmsr aic7xxx aic79xx scsi_transport_spi sr_mod cdrom sg sd_mod pdc_adma sata_inic162x sata_mv ata_piix ahci libahci
[19571.551538]  sata_qstor sata_vsc sata_uli sata_sis sata_sx4 sata_nv sata_via sata_svw sata_sil24 sata_sil sata_promise pata_via pata_jmicron pata_marvell pata_sis pata_netcell pata_pdc202xx_old pata_atiixp pata_amd pata_ali pata_it8213 pata_pcmcia pata_serverworks pata_oldpiix pata_artop pata_it821x pata_hpt3x2n pata_hpt3x3 pata_hpt37x pata_hpt366 pata_cmd64x pata_sil680 pata_pdc2027x
[19571.551580] CPU: 0 PID: 15228 Comm: wpa_supplicant Not tainted 4.13.0-rc4 #1
[19571.551582] Hardware name: Dell Inc. XPS 15 9560/05FFDN, BIOS 1.3.3 05/08/2017
[19571.551585] task: ffff88044b5a0cc0 task.stack: ffffc900003e0000
[19571.551613] RIP: 0010:__sta_info_destroy_part2+0x112/0x120 [mac80211]
[19571.551615] RSP: 0018:ffffc900003e3ac8 EFLAGS: 00010286
[19571.551619] RAX: 00000000fffffff5 RBX: ffff8804677cc000 RCX: 0000000000000000
[19571.551621] RDX: ffff88044b5a0cc0 RSI: 0000000000000000 RDI: ffff880461f42438
[19571.551622] RBP: ffffc900003e3ae0 R08: 0000000000000001 R09: 00000000000003aa
[19571.551624] R10: ffffc900003e3978 R11: 00000000000003aa R12: ffff880461f40780
[19571.551626] R13: ffff880469b648c0 R14: ffff880469b648c0 R15: ffff880461f40cd0
[19571.551629] FS:  00007f8e404bc680(0000) GS:ffff88047f400000(0000) knlGS:0000000000000000
[19571.551631] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[19571.551634] CR2: 00007fe731e54e58 CR3: 000000044b5cb000 CR4: 00000000003406f0
[19571.551635] Call Trace:
[19571.551664]  __sta_info_flush+0xe2/0x160 [mac80211]
[19571.551699]  ieee80211_set_disassoc+0xb7/0x3b0 [mac80211]
[19571.551734]  ieee80211_mgd_deauth+0x124/0x410 [mac80211]
[19571.551767]  ieee80211_deauth+0x18/0x20 [mac80211]
[19571.551806]  cfg80211_mlme_deauth+0xa0/0x1b0 [cfg80211]
[19571.551839]  cfg80211_disconnect+0x9b/0x1b0 [cfg80211]
[19571.551873]  cfg80211_mgd_wext_siwap+0x158/0x190 [cfg80211]
[19571.551904]  cfg80211_wext_siwap+0xe0/0x1a0 [cfg80211]
[19571.551912]  ? iw_handler_get_private+0x60/0x60
[19571.551917]  ioctl_standard_call+0x52/0xd0
[19571.551922]  ? call_commit_handler.part.4+0x30/0x30
[19571.551927]  wireless_process_ioctl+0x138/0x170
[19571.551932]  wext_handle_ioctl+0x69/0xb0
[19571.551938]  dev_ioctl+0xe1/0x570
[19571.551944]  ? __update_load_avg_cfs_rq.isra.4+0x5/0x170
[19571.551948]  ? set_next_entity+0x162/0x610
[19571.551955]  sock_ioctl+0x126/0x2c0
[19571.551960]  ? sock_ioctl+0x126/0x2c0
[19571.551966]  do_vfs_ioctl+0x94/0x5b0
[19571.551973]  ? security_file_ioctl+0x43/0x60
[19571.551978]  SyS_ioctl+0x79/0x90
[19571.551985]  entry_SYSCALL_64_fastpath+0x1c/0xac
[19571.551988] RIP: 0033:0x7f8e3f0d6bd7
[19571.551990] RSP: 002b:00007ffc026dadf8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[19571.551994] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007f8e3f0d6bd7
[19571.551996] RDX: 00007ffc026dae00 RSI: 0000000000008b14 RDI: 0000000000000004
[19571.551998] RBP: 0000000002058990 R08: 0000000000000000 R09: 0000000002058bd0
[19571.552000] R10: 0000000000000020 R11: 0000000000000246 R12: 00000000020589a8
[19571.552001] R13: 0000000000000000 R14: 00000000020589b9 R15: 0000000000000004
[19571.552005] Code: 5d c3 0f ff 80 bb 04 01 00 00 00 74 84 45 31 c0 b9 01 00 00 00 48 89 da 4c 89 ee 4c 89 e7 e8 c6 b4 ff ff 85 c0 0f 84 66 ff ff ff <0f> ff e9 5f ff ff ff 0f 1f 80 00 00 00 00 e8 6b 92 6e e0 55 48 
[19571.552074] ---[ end trace 300072717738cb73 ]---
[19574.559239] ath10k_pci 0000:02:00.0: failed to recalculate rts/cts prot for vdev 0: -11
[19577.567262] ath10k_pci 0000:02:00.0: failed to set cts protection for vdev 0: -11
[19580.575180] ath10k_pci 0000:02:00.0: failed to set erp slot for vdev 0: -11
[19583.583248] ath10k_pci 0000:02:00.0: failed to set preamble for vdev 0: -11
[19586.591187] ath10k_pci 0000:02:00.0: failed to down vdev 0: -11
[19589.599259] ath10k_pci 0000:02:00.0: failed to submit vdev param txbf 0x0: -11
[19589.599264] ath10k_pci 0000:02:00.0: failed to recalc txbf for vdev 0: -11
[19592.607255] ath10k_pci 0000:02:00.0: failed to set vdev wmm params on vdev 0: -11
[19595.615266] ath10k_pci 0000:02:00.0: failed to set vdev wmm params on vdev 0: -11
[19598.623268] ath10k_pci 0000:02:00.0: failed to set vdev wmm params on vdev 0: -11
[19601.631279] ath10k_pci 0000:02:00.0: failed to set vdev wmm params on vdev 0: -11
[19604.639253] ath10k_pci 0000:02:00.0: failed to stop WMI vdev 0: -11
[19604.639257] ath10k_pci 0000:02:00.0: failed to stop vdev 0: -11
[19610.079228] ath10k_pci 0000:02:00.0: failed to flush transmit queue (skip 0 ar-state 1): 0
[19613.087266] ath10k_pci 0000:02:00.0: failed to update channel list: -11
Comment 1 EP 2021-04-28 19:24:14 UTC 
Experiencing a very similar crash with ath11k/ath11k_pci
Managed to recover by reloading the modules.

[77445.321221] wlp113s0: HW problem - can not stop rx aggregation for 12:34:45:67:cb:52 tid 1
[77445.321222] ath11k_pci 0000:71:00.0: failed to send WMI_PEER_REORDER_QUEUE_SETUP
[77445.321223] wlp113s0: HW problem - can not stop rx aggregation for 12:34:45:67:cb:52 tid 5
[77445.321225] wlp113s0: HW problem - can not stop rx aggregation for 12:34:45:67:cb:52 tid 6
[77445.356104] wlp113s0: failed to remove key (0, (edited) 12:34:45:67:cb:52) from hardware (-108)
77445.356165] ------------[ cut here ]------------
[77445.356166] WARNING: CPU: 7 PID: 755 at net/mac80211/sta_info.c:1092 __sta_info_destroy_part2+0x15d/0x180 [mac80211]
[77445.356191] Modules linked in: uas usb_storage ccm michael_mic rfcomm uvcvideo videobuf2_vmalloc cmac videobuf2_memops videobuf2_v4l2 algif_hash videobuf2_common algif_skcipher videodev af_alg mc overlay bnep snd_soc_skl_hda_dsp snd_soc_hdac_hdmi qrtr_mhi snd_hda_codec_hdmi snd_hda_codec_realtek snd_hda_codec_generic snd_soc_dmic snd_sof_pci_intel_tgl snd_sof_intel_hda_common snd_soc_hdac_hda soundwire_intel soundwire_generic_allocation soundwire_cadence snd_sof_intel_hda snd_sof_pci snd_sof snd_sof_xtensa_dsp snd_hda_ext_core snd_soc_acpi_intel_match snd_soc_acpi soundwire_bus snd_soc_core snd_compress qrtr ac97_bus ns snd_pcm_dmaengine ath11k_pci x86_pkg_temp_thermal ath11k snd_hda_intel intel_powerclamp mei_hdcp intel_rapl_msr nls_iso8859_1 dell_laptop qmi_helpers snd_intel_dspcfg coretemp ledtrig_audio snd_intel_sdw_acpi dell_smm_hwmon kvm_intel mac80211 snd_hda_codec kvm snd_hda_core snd_hwdep intel_cstate hid_sensor_als cfg80211 snd_pcm dell_wmi hid_sensor_trigger snd_timer
[77445.356216]  dell_smbios hci_uart industrialio_triggered_buffer kfifo_buf mhi snd pcspkr dcdbas hid_sensor_iio_common btqca processor_thermal_device input_leds industrialio soundcore serio_raw efi_pstore processor_thermal_rfim btrtl libarc4 dell_wmi_sysman 8250_dw dell_wmi_descriptor processor_thermal_mbox btbcm ucsi_acpi processor_thermal_rapl typec_ucsi btintel mei_me wmi_bmof intel_rapl_common cros_ec_ishtp hid_multitouch intel_pmt_telemetry mei joydev cros_ec intel_pmt_class intel_soc_dts_iosf typec bluetooth ecdh_generic ecc mac_hid int3403_thermal int340x_thermal_zone intel_hid int3400_thermal acpi_thermal_rel acpi_pad sparse_keymap acpi_tad msr drivetemp ip_tables x_tables autofs4 dm_crypt hid_sensor_hub intel_ishtp_loader intel_ishtp_hid wacom usbhid hid_generic nvme crct10dif_pclmul crc32_pclmul i915 rtsx_pci_sdmmc ghash_clmulni_intel nvme_core aesni_intel crypto_simd cryptd psmouse i2c_algo_bit drm_kms_helper syscopyarea sysfillrect sysimgblt fb_sys_fops cec i2c_i801 rc_core
[77445.356248]  i2c_smbus intel_ish_ipc rtsx_pci intel_ishtp drm thunderbolt intel_lpss_pci intel_lpss vmd idma64 xhci_pci i2c_hid_acpi xhci_pci_renesas intel_pmt i2c_hid wmi hid video pinctrl_tigerlake
[77445.356255] CPU: 7 PID: 755 Comm: wpa_supplicant Not tainted 5.12.0-051200-generic #202104252130
[77445.356257] Hardware name: Dell Inc. XPS 13 9310/0MRT12, BIOS 2.2.0 04/06/2021
[77445.356258] RIP: 0010:__sta_info_destroy_part2+0x15d/0x180 [mac80211]
[77445.356270] Code: 24 1c 01 00 00 00 0f 84 52 ff ff ff 45 31 c0 b9 01 00 00 00 4c 89 e2 48 89 de 4c 89 ef e8 8b a5 ff ff 85 c0 0f 84 34 ff ff ff <0f> 0b e9 2d ff ff ff be 03 00 00 00 4c 89 e7 e8 4f ec ff ff 85 c0
[77445.356272] RSP: 0018:ffffac85c0d137e8 EFLAGS: 00010282
[77445.356273] RAX: 00000000ffffff94 RBX: ffff90abcbf56940 RCX: 0000000000000000
[77445.356274] RDX: ffff90abc5820000 RSI: 0000000080200011 RDI: ffff90abc7623638
[77445.356274] RBP: ffffac85c0d13808 R08: 0000000000000001 R09: 0000000000000001
[77445.356275] R10: 0000000000000000 R11: 00000000565d6000 R12: ffff90ac8836a000
[77445.356275] R13: ffff90abc7620800 R14: 0000000000000000 R15: ffff90abcbf56940
[77445.356276] FS:  00007f8c80f631c0(0000) GS:ffff90b32f7c0000(0000) knlGS:0000000000000000
[77445.356277] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[77445.356278] CR2: 0000398c0154ff24 CR3: 000000010581e002 CR4: 0000000000770ee0
[77445.356278] PKRU: 55555554
[77445.356279] Call Trace:
[77445.356281]  __sta_info_flush+0x12e/0x180 [mac80211]
[77445.356294]  ieee80211_set_disassoc+0xf9/0x4c0 [mac80211]
[77445.356314]  ieee80211_mgd_deauth+0x106/0x300 [mac80211]
[77445.356330]  ? validate_nla+0x432/0x640
[77445.356334]  ieee80211_deauth+0x18/0x20 [mac80211]
[77445.356349]  cfg80211_mlme_deauth+0xb2/0x1b0 [cfg80211]
[77445.356373]  nl80211_deauthenticate+0xe6/0x130 [cfg80211]
[77445.356385]  genl_family_rcv_msg_doit+0xe7/0x150
[77445.356389]  genl_family_rcv_msg+0xb2/0x160
[77445.356390]  ? nl80211_disassociate+0x130/0x130 [cfg80211]
[77445.356402]  genl_rcv_msg+0x4c/0xa0
[77445.356404]  ? genl_family_rcv_msg+0x160/0x160
[77445.356404]  netlink_rcv_skb+0x55/0x100
[77445.356406]  genl_rcv+0x29/0x40
[77445.356407]  netlink_unicast+0x221/0x330
[77445.356408]  netlink_sendmsg+0x233/0x460
[77445.356409]  ? _copy_from_user+0x42/0x80
[77445.356410]  sock_sendmsg+0x65/0x70
[77445.356412]  ____sys_sendmsg+0x257/0x2a0
[77445.356413]  ? import_iovec+0x31/0x40
[77445.356415]  ? sendmsg_copy_msghdr+0x7e/0xa0
[77445.356417]  ___sys_sendmsg+0x82/0xc0
[77445.356418]  ? __check_object_size.part.0+0x3a/0x150
[77445.356421]  ? _copy_to_user+0x31/0x50
[77445.356422]  ? sock_getsockopt+0x11a/0xce0
[77445.356423]  ? fpu__restore_sig+0x2d/0x40
[77445.356426]  ? unix_ioctl+0x5f/0x70
[77445.356428]  ? sock_do_ioctl+0x40/0x140
[77445.356429]  ? __cond_resched+0x1a/0x50
[77445.356431]  ? __cond_resched+0x1a/0x50
[77445.356432]  __sys_sendmsg+0x62/0xb0
[77445.356433]  ? __sys_setsockopt+0xeb/0x1e0
[77445.356435]  __x64_sys_sendmsg+0x1f/0x30
[77445.356436]  do_syscall_64+0x38/0x90
[77445.356437]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[77445.356439] RIP: 0033:0x7f8c813b52c3
[77445.356440] Code: 64 89 02 48 c7 c0 ff ff ff ff eb b7 66 2e 0f 1f 84 00 00 00 00 00 90 64 8b 04 25 18 00 00 00 85 c0 75 14 b8 2e 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 55 c3 0f 1f 40 00 48 83 ec 28 89 54 24 1c 48
[77445.356441] RSP: 002b:00007ffffb61f338 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[77445.356442] RAX: ffffffffffffffda RBX: 0000563c64879650 RCX: 00007f8c813b52c3
[77445.356443] RDX: 0000000000000000 RSI: 00007ffffb61f370 RDI: 0000000000000006
[77445.356443] RBP: 0000563c648cd0d0 R08: 0000000000000004 R09: 0000563c6486f010
[77445.356444] R10: 00007ffffb61f444 R11: 0000000000000246 R12: 0000563c64879560
[77445.356444] R13: 00007ffffb61f370 R14: 00007ffffb61f444 R15: 0000563c6487c8f0
[77445.356446] ---[ end trace c13fc53194108991 ]---
77445.356743] ath11k_pci 0000:71:00.0: failed to clear rx_filter for monitor status ring: (-108)
Comment 2 EP 2021-04-28 19:32:00 UTC 
Forgot to mention, running 5.12.0-051200-generic.

Relevant section of lspci:
0000:71:00.0 Unassigned class [ff00]: Qualcomm QCA6390 Wireless Network Adapter [AX500-DBS (2x2)]
	Subsystem: Rivet Networks Device a501
	Flags: bus master, fast devsel, latency 0, IRQ 198, IOMMU group 18
	Memory at a6100000 (64-bit, non-prefetchable) [size=1M]
	Capabilities: <access denied>
	Kernel driver in use: ath11k_pci
	Kernel modules: ath11k_pci
Note You need to log in before you can comment on or make changes to this bug.