OpenWrt/LEDE Project

Attached to Project: OpenWrt/LEDE Project
Opened by HeadLessHUN - 10.05.2018
Last edited by Mathias Kresin - 25.06.2018

Kernel oops if (hw) flow offload is enabled, and try to transmit data on a wireguard interface.

- Device:

  Xiaomi mi router 3G (R3G)

- Version:

  Latest trunk (r6865-419238f) custom build, but others have them this bug as well.

- Steps to reproduce

  1. Enable flow offload software or hardware doesn't matter both of them has this bug.
  2. Setup a wireguard and transmit data on a wireguard interface.
  3. router will reboot because of the kernel crash.
 

I wasn’t able to catch stack trace but somebody could, so here it is.

[   59.290912] CPU 3 Unable to handle kernel paging request at virtual address 00000010, epc == 8f122d44, ra == 8f122d1c
[   59.301505] Oops[#1]:
[   59.303770] CPU: 3 PID: 0 Comm: swapper/3 Not tainted 4.14.34 #0
[   59.309748] task: 8fc44b00 task.stack: 8fc70000
[   59.314252] $ 0   : 00000000 00000001 00000000 fffffffe
[   59.319465] $ 4   : 00000000 805c0000 8f243864 00000020
[   59.324689] $ 8   : 8f243874 c0000000 f0000000 ff000000
[   59.329906] $12   : ffff0000 00000007 00000018 c66b9a56
[   59.335116] $16   : 8e80c840 8f796000 8d810000 00000000
[   59.340325] $20   : 8e94e800 80550000 805568e8 ffffffff
[   59.345534] $24   : 00000000 8000cf54
[   59.350745] $28   : 8fc70000 8fc15ae8 8d810054 8f122d1c
[   59.355955] Hi    : 00002665
[   59.358815] Lo    : 94af5487
[   59.361721] epc   : 8f122d44 noise_handshake_begin_session+0xd04/0x12b0 [wireguard]
[   59.369348] ra    : 8f122d1c noise_handshake_begin_session+0xcdc/0x12b0 [wireguard]
[   59.376962] Status: 11007c03      KERNEL EXL IE
[   59.381136] Cause : 40800008 (ExcCode 02)
[   59.385133] BadVA : 00000010
[   59.388002] PrId  : 0001992f (MIPS 1004Kc)
[   59.392074] Modules linked in: pppoe ppp_async pppox ppp_generic nf_conntrack_ipv6 mt76x2e mt7603e mt76 mac80211 iptable_nat ipt_REJECT$
[   59.462829]  sch_htb sch_hfsc sch_ingress ledtrig_usbport ip6t_REJECT nf_reject_ipv6 nf_log_ipv6 nf_log_common ip6table_mangle ip6table$
[   59.488504] Process swapper/3 (pid: 0, threadinfo=8fc70000, task=8fc44b00, tls=00000000)
[   59.496553] Stack : 00000001 8e9e8958 8f11cc80 8e343400 8fd4c000 401d5829 00000040 8e80c840
[   59.504891]         805b1718 00000003 8e80c840 00000000 8d810000 00000000 8e94e800 80550000
[   59.513227]         805568e8 ffffffff 8d810054 8032ad50 8d810000 8032a918 00000000 00000000
[   59.521566]         00000000 80550000 8e80c840 805561b8 8d810000 805b1718 00000003 805788f8
[   59.529900]         8e94e800 00000001 8ead5d80 8032b5fc 8feffa08 8d810000 00000001 8fc15b94
[   59.538232]         ...
[   59.540682] Call Trace:
[   59.543144] [<8f122d44>] noise_handshake_begin_session+0xd04/0x12b0 [wireguard]
[   59.550437] [<8032b5fc>] __dev_queue_xmit+0x6f0/0x85c
[   59.555487] [<8033b6c0>] neigh_xmit+0x104/0x1ec
[   59.560011] [<8e9ca718>] nf_flow_offload_ip_hook+0x564/0x5ac [nf_flow_table]
[   59.567048] [<80366c64>] nf_hook_slow+0x58/0x104
[   59.571669] [<80325d34>] __netif_receive_skb_core+0x5f0/0xc5c
[   59.577387] [<8032c028>] netif_receive_skb_internal+0xd8/0xf0
[   59.583115] [<8041c824>] br_pass_frame_up+0xdc/0x144
[   59.588055] [<8041cdb8>] br_handle_frame_finish+0x52c/0x570
[   59.593603] [<8041d184>] br_handle_frame+0x330/0x3dc
[   59.598545] [<80325ecc>] __netif_receive_skb_core+0x788/0xc5c
[   59.604278] [<80328c90>] process_backlog+0x98/0x160
[   59.609135] [<8032c494>] net_rx_action+0x150/0x30c
[   59.613931] [<8044d610>] __do_softirq+0x128/0x2ec
[   59.618624] [<800328e0>] irq_exit+0x98/0xcc
[   59.622809] [<80239abc>] plat_irq_dispatch+0xfc/0x138
[   59.627844] [<8000b5a8>] except_vec_vi_end+0xb8/0xc4
[   59.632790] [<8000cf70>] r4k_wait_irqoff+0x1c/0x24
[   59.637581] [<8006620c>] do_idle+0xe4/0x168
[   59.641748] [<80066488>] cpu_startup_entry+0x24/0x2c
[   59.646687] Code: 8e020048  00431024  00402025 <8c420010> 8c420014  0040f809  27b30018  0040a825  8e02009c
[   59.656413]
[   59.658074] ---[ end trace 05987436b60c7b6c ]---