FS#2414 : ath10k crashes quickly on ipq806x R7800 and NBG6817

Status Closed
Percent Complete
100%
Task Type Bug Report
Category Base system
Assigned To No-one
Operating System All
Severity Low
Priority Very Low
Reported Version Trunk
Due in Version Undecided
Due Date Undecided
Private

Attached to Project: OpenWrt/LEDE Project
Opened by Hannu Nyman - 29.07.2019
Last edited by Hauke Mehrtens - 18.08.2019

FS#2414 - ath10k crashes quickly on ipq806x R7800 and NBG6817

After the mac80211 version bump to 5.2-rc7 in 0b2c42ced two weeks weeks ago, ath10k based R7800 always crashes quickly after reboot if the old “non-ct” ath10k wifi driver and firmware is enabled. “wifi down” enables the router to stay alive and to work otherwise normally.

(Note, ath10k-ct works ok with the same OpenWrt build. So this is only about the traditional ath10k)

It looks like the wifi driver crashes right after any wifi client initiates contact with the router. Kernel serial log does not provide much more info except that the crash seems to always happen at ieee80211_sta_register_airtime

[   69.854584] Unable to handle kernel paging request at virtual address fffff9e8
...
[   70.050841] PC is at ieee80211_sta_register_airtime+0x24/0x148 [mac80211]
[   70.055225] LR is at ath10k_htt_t2h_msg_handler+0x678/0x10f4 [ath10k_core]

OpenWrt master, SNAPSHOT r10624-4dcef8263e
QCA9984
firmware ver 10.4-3.9.0.2-00021

I noticed this first two weeks ago, and when I mentioned it on the forum, and slh responded that he has seen the same with nbg6817
https://forum.openwrt.org/t/netgear-r7800-exploration-ipq8065-qca9984/285/1675?u=hnyman

I have since done several builds, but the situation has not corrected itself. The old ath10k just crashes the router, while -ct works ok.

I have not yet done proper regression testing to make sure that it really is the mac80211 version bump commit, but that seems quite likely, as my ath10k build one week earlier with r10443-ea4e1dac71 (20190708) worked quite ok and there were not that many suspects in the relevant time frame.

Any debugging advice?

log:

[   75.991714] Unable to handle kernel paging request at virtual address fffff9e8
[   75.991756] pgd = c0204000
[   75.997955] [fffff9e8] *pgd=5fdfd861, *pte=00000000, *ppte=00000000
[   76.000537] Internal error: Oops: 37 [#1] SMP ARM
[   76.006686] Modules linked in: pppoe ppp_async ath10k_pci ath10k_core ath pptp pppox ppp_mppe ppp_generic mac80211 iptable_nat ipt_REJECT ipt_MASQUERADE cfg80211 xt_time xt_tcpudp xt_tcpmss xt_statistic xt_state xt_recent xt_nat xt_multiport xt_mark xt_mac xt_limit xt_length xt_hl xt_helper xt_esp xt_ecn xt_dscp xt_conntrack xt_connmark xt_connlimit xt_connbytes xt_comment xt_TCPMSS xt_REDIRECT xt_LOG xt_HL xt_FLOWOFFLOAD xt_DSCP xt_CT xt_CLASSIFY usbserial slhc nf_reject_ipv4 nf_nat_redirect nf_nat_masquerade_ipv4 nf_conntrack_ipv4 nf_nat_ipv4 nf_log_ipv4 nf_flow_table_hw nf_flow_table nf_defrag_ipv4 nf_conntrack_rtcache nf_conntrack_netlink iptable_raw iptable_mangle iptable_filter ipt_ah ipt_ECN ip_tables crc_ccitt compat chaoskey fuse sch_cake sch_tbf sch_ingress sch_htb sch_hfsc em_u32 cls_u32
[   76.059974]  cls_tcindex cls_route cls_matchall cls_fw cls_flow cls_basic act_skbedit act_mirred ledtrig_usbport xt_set ip_set_list_set ip_set_hash_netportnet ip_set_hash_netport ip_set_hash_netnet ip_set_hash_netiface ip_set_hash_net ip_set_hash_mac ip_set_hash_ipportnet ip_set_hash_ipportip ip_set_hash_ipport ip_set_hash_ipmark ip_set_hash_ip ip_set_bitmap_port ip_set_bitmap_ipmac ip_set_bitmap_ip ip_set nfnetlink ip6table_nat nf_conntrack_ipv6 nf_defrag_ipv6 nf_nat_ipv6 ip6t_NPT ip6t_MASQUERADE nf_nat_masquerade_ipv6 nf_nat nf_conntrack nf_log_ipv6 nf_log_common ip6table_mangle ip6table_filter ip6_tables ip6t_REJECT x_tables nf_reject_ipv6 msdos ip_gre gre ifb sit tunnel4 ip_tunnel tun vfat fat hfsplus cifs nls_utf8 nls_iso8859_15 nls_iso8859_1 nls_cp850 nls_cp437 nls_cp1250 sha1_generic md5 md4
[   76.130634]  usb_storage leds_gpio xhci_plat_hcd xhci_pci xhci_hcd dwc3 dwc3_of_simple ohci_platform ohci_hcd phy_qcom_dwc3 ahci ehci_platform sd_mod ahci_platform libahci_platform libahci libata scsi_mod ehci_hcd gpio_button_hotplug ext4 mbcache jbd2 exfat crc32c_generic
[   76.154772] CPU: 0 PID: 0 Comm: swapper/0 Not tainted 4.14.132 #0
[   76.177001] Hardware name: Generic DT based system
[   76.182990] task: c0b06d80 task.stack: c0b00000
[   76.187832] PC is at ieee80211_sta_register_airtime+0x24/0x148 [mac80211]
[   76.192211] LR is at ath10k_htt_t2h_msg_handler+0x678/0x10f4 [ath10k_core]
[   76.199052] pc : [<bf75bfac>]    lr : [<bf83e8b0>]    psr: a0000113
[   76.205820] sp : c0b01d54  ip : 00000002  fp : bf869c0c
[   76.211981] r10: 0000003c  r9 : dbdca138  r8 : 00060002
[   76.217192] r7 : 00000000  r6 : dabe1150  r5 : 00000000  r4 : dbdc95c0
[   76.222401] r3 : 00000000  r2 : 00060002  r1 : 00000000  r0 : 00000000
[   76.229003] Flags: NzCv  IRQs on  FIQs on  Mode SVC_32  ISA ARM  Segment none
[   76.235509] Control: 10c5787d  Table: 5c94006a  DAC: 00000051
[   76.242716] Process swapper/0 (pid: 0, stack limit = 0xc0b00210)
[   76.248446] Stack: (0xc0b01d54 to 0xc0b02000)
[   76.254532] 1d40:                                              dbdc95c0 00000000 dabe1150
[   76.258808] 1d60: 00000001 dabe1150 dbdca138 0000003c bf869c0c bf83e8b0 00000002 c0314b10
[   76.266969] 1d80: dbdc9c70 00000001 00000001 dabe114c 00010000 00000000 dbdcd724 bf88f3d8
[   76.275126] 1da0: c0310d28 db393c00 dbdc95c0 00000000 c0b01dd0 c07fb4c4 dbdcd724 00000001
[   76.283286] 1dc0: 00000022 bf88b09c db393c00 00000022 c0b01dd0 c0b01dd0 00000000 dbdcc5c0
[   76.291445] 1de0: bf88f04c dbdcd654 dbdcd71c dbdc95c0 00000014 dbdcd724 dbdcc5c0 00000005
[   76.299605] 1e00: 0004b400 bf85c360 00000000 bf87101c c0b01e24 00000006 00000000 dbdc95c0
[   76.307764] 1e20: 00000001 00000040 0000012c c0b01e80 1cf51000 bf85c448 dbdcd440 dbdc95c0
[   76.315925] 1e40: dbdca440 ffffa880 00000040 bf88cb68 dbdcd440 00000001 00000040 ffffa880
[   76.324084] 1e60: c0b02d00 c06d72e0 dd990080 c0a3f080 c0b255dc c0b047e4 c090afac c090e80c
[   76.332244] 1e80: c0b01e80 c0b01e80 c0b01e88 c0b01e88 dd4cc200 00000000 00000003 c0b0208c
[   76.340405] 1ea0: c0b02080 40000003 ffffe000 00000100 c0b02080 c03015c8 00000000 00000001
[   76.348564] 1ec0: dd408000 c0a38210 c0b2c7c0 0000000a ffffa880 c0b02d00 c07fb764 00200102
[   76.356723] 1ee0: dd4cc268 c0a3e414 00000000 00000000 00000001 dd408000 de803000 00000000
[   76.364883] 1f00: 00000000 c03247cc c0a3e414 c0368f1c c0b03f60 c0b153cc de80200c de802000
[   76.373042] 1f20: c0b01f48 c0301488 c0308630 60000013 ffffffff c0b01f7c 00000000 c0b00000
[   76.381204] 1f40: 00000000 c030c08c 00000001 00000000 00000000 c0315180 ffffe000 c0b03cc0
[   76.389363] 1f60: c0b03c70 00000000 00000000 c0a2da28 00000000 00000000 c0b01f90 c0b01f98
[   76.397522] 1f80: c030862c c0308630 60000013 ffffffff 00000051 00000000 ffffe000 c035dd18
[   76.405681] 1fa0: 000000bf c0b03c40 00000000 c0b2c000 dddfce80 c035e060 c0b2c040 c0a00cf4
[   76.413842] 1fc0: ffffffff ffffffff 00000000 c0a0067c c0a2da28 00000000 00000000 c0b2c1d4
[   76.422001] 1fe0: c0b03c5c c0a2da24 c0b07ee0 4220406a 512f04d0 4220807c 00000000 00000000
[   76.430335] [<bf75bfac>] (ieee80211_sta_register_airtime [mac80211]) from [<00000002>] (0x2)
[   76.438314] Code: e1cd81f0 e1a08002 e1cda1f8 e58de020 (e5102618)
[   76.446965] ---[ end trace 227a38ade964d642 ]---
[   76.452783] Kernel panic - not syncing: Fatal exception in interrupt
[   76.457488] CPU1: stopping
[   76.463817] CPU: 1 PID: 61 Comm: kworker/1:1 Tainted: G      D         4.14.132 #0
[   76.466328] Hardware name: Generic DT based system
[   76.473916] Workqueue: events set_brightness_delayed
[   76.478698] [<c030f2c4>] (unwind_backtrace) from [<c030b4c0>] (show_stack+0x14/0x20)
[   76.483805] [<c030b4c0>] (show_stack) from [<c07dfc18>] (dump_stack+0x88/0x9c)
[   76.491524] [<c07dfc18>] (dump_stack) from [<c030e50c>] (handle_IPI+0xf4/0x1ac)
[   76.498550] [<c030e50c>] (handle_IPI) from [<c03014b8>] (gic_handle_irq+0x9c/0xb8)
[   76.505754] [<c03014b8>] (gic_handle_irq) from [<c030c08c>] (__irq_svc+0x6c/0x90)
[   76.513380] Exception stack(0xdcc5de28 to 0xdcc5de70)
[   76.520959] de20:                   dbdca138 00000000 000004a9 000004a8 dbdca138 dbdc9288
[   76.526009] de40: dca54ca0 bf84cdf8 00000000 00000000 dbdc8be0 00000002 00000008 dcc5de78
[   76.534147] de60: bf84ce24 c07fa42c 20000013 ffffffff
[   76.542300] [<c030c08c>] (__irq_svc) from [<c07fa42c>] (_raw_spin_lock_bh+0x40/0x58)
[   76.547434] [<c07fa42c>] (_raw_spin_lock_bh) from [<bf84ce24>] (ath10k_wmi_tx_beacons_iter+0x2c/0x124 [ath10k_core])
[   76.555459] [<bf84ce24>] (ath10k_wmi_tx_beacons_iter [ath10k_core]) from [<bf78a304>] (ieee80211_delayed_tailroom_dec+0x144/0x1e0 [mac80211])
[   76.565953] [<bf78a304>] (ieee80211_delayed_tailroom_dec [mac80211]) from [<bf78a3b0>] (ieee80211_iterate_active_interfaces_atomic+0x10/0x1c [mac80211])
[   76.578485] [<bf78a3b0>] (ieee80211_iterate_active_interfaces_atomic [mac80211]) from [<bf84cf70>] (ath10k_wmi_cmd_send+0x54/0x1cc [ath10k_core])
[   76.592143] [<bf84cf70>] (ath10k_wmi_cmd_send [ath10k_core]) from [<bf859a50>] (ath10k_leds_set_brightness_blocking+0x90/0xb0 [ath10k_core])
[   76.604992] [<bf859a50>] (ath10k_leds_set_brightness_blocking [ath10k_core]) from [<c06a2164>] (set_brightness_delayed+0x98/0x100)
[   76.617580] [<c06a2164>] (set_brightness_delayed) from [<c0337f34>] (process_one_work+0x28c/0x444)
[   76.629113] [<c0337f34>] (process_one_work) from [<c0338430>] (worker_thread+0x344/0x58c)
[   76.638051] [<c0338430>] (worker_thread) from [<c033e478>] (kthread+0x164/0x16c)
[   76.646300] [<c033e478>] (kthread) from [<c0307d28>] (ret_from_fork+0x14/0x2c)
[   76.653758] Rebooting in 3 seconds..

Longer log:

[   16.856238] Loading modules backported from Linux version v5.2-rc7-0-g6fbc7275c7a9
[   16.860820] Backport generated by backports.git v5.2-rc7-1-0-g021a6ba1
[   16.869804] ip_tables: (C) 2000-2006 Netfilter Core Team
[   16.877980] ctnetlink v0.93: registering with nfnetlink.
[   16.900229] usbcore: registered new interface driver usbserial
[   16.900283] usbcore: registered new interface driver usbserial_generic
[   16.905001] usbserial: USB Serial support registered for generic
[   16.924392] xt_time: kernel timezone is -0000
[   16.954572] PPP generic driver version 2.4.2
[   16.955096] PPP MPPE Compression module registered
[   16.958724] NET: Registered protocol family 24
[   16.963210] PPTP driver version 0.8.5
[   16.975413] ath10k_pci 0000:01:00.0: enabling device (0140 -> 0142)
[   16.976007] ath10k_pci 0000:01:00.0: pci irq msi oper_irq_mode 2 irq_mode 0 reset_mode 0
[   17.139984] ath10k_pci 0000:01:00.0: Direct firmware load for ath10k/QCA9984/hw1.0/firmware-6.bin failed with error -2
[   17.140014] ath10k_pci 0000:01:00.0: Falling back to user helper
[   17.510554] firmware ath10k!QCA9984!hw1.0!firmware-6.bin: firmware_loading_store: map pages failed
[   17.711192] ath10k_pci 0000:01:00.0: qca9984/qca9994 hw1.0 target 0x01000000 chip_id 0x00000000 sub 168c:cafe
[   17.711250] ath10k_pci 0000:01:00.0: kconfig debug 0 debugfs 1 tracing 0 dfs 1 testmode 1
[   17.726722] ath10k_pci 0000:01:00.0: firmware ver 10.4-3.9.0.2-00021 api 5 features no-p2p,mfp,peer-flow-ctrl,btcoex-param,allows-mesh-bcast,no-ps crc32 9626782c
[   19.992079] ath10k_pci 0000:01:00.0: board_file api 2 bmi_id 0:1 crc32 cf58c3bc
[   25.882791] ath10k_pci 0000:01:00.0: unsupported HTC service id: 1536
[   25.995168] ath10k_pci 0000:01:00.0: htt-ver 2.2 wmi-op 6 htt-op 4 cal pre-cal-file max-sta 512 raw 0 hwcrypto 1
[   26.087064] ath10k_pci 0001:01:00.0: enabling device (0140 -> 0142)
[   26.087877] ath10k_pci 0001:01:00.0: pci irq msi oper_irq_mode 2 irq_mode 0 reset_mode 0
[   26.249728] ath10k_pci 0001:01:00.0: Direct firmware load for ath10k/QCA9984/hw1.0/firmware-6.bin failed with error -2
[   26.249768] ath10k_pci 0001:01:00.0: Falling back to user helper
[   26.521969] firmware ath10k!QCA9984!hw1.0!firmware-6.bin: firmware_loading_store: map pages failed
[   26.522200] ath10k_pci 0001:01:00.0: qca9984/qca9994 hw1.0 target 0x01000000 chip_id 0x00000000 sub 168c:cafe
[   26.530085] ath10k_pci 0001:01:00.0: kconfig debug 0 debugfs 1 tracing 0 dfs 1 testmode 1
[   26.542340] ath10k_pci 0001:01:00.0: firmware ver 10.4-3.9.0.2-00021 api 5 features no-p2p,mfp,peer-flow-ctrl,btcoex-param,allows-mesh-bcast,no-ps crc32 9626782c
[   28.817512] ath10k_pci 0001:01:00.0: board_file api 2 bmi_id 0:2 crc32 cf58c3bc
[   34.722258] ath10k_pci 0001:01:00.0: unsupported HTC service id: 1536
[   34.837088] ath10k_pci 0001:01:00.0: htt-ver 2.2 wmi-op 6 htt-op 4 cal pre-cal-file max-sta 512 raw 0 hwcrypto 1
[   34.930704] kmodloader: done loading kernel modules from /etc/modules.d/*
...
[   44.931784] IPv6: ADDRCONF(NETDEV_CHANGE): br-lan: link becomes ready
[   46.178478] ath: EEPROM regdomain: 0x80f6
[   46.178504] ath: EEPROM indicates we should expect a country code
[   46.181468] ath: doing EEPROM country->regdmn map search
[   46.187658] ath: country maps to regdmn code: 0x37
[   46.192928] ath: Country alpha2 being used: FI
[   46.197625] ath: Regpair used: 0x37
[   46.201949] ath: regdomain 0x80f6 dynamically updated by user
[   46.205361] ath: EEPROM regdomain: 0x80f6
[   46.211342] ath: EEPROM indicates we should expect a country code
[   46.215236] ath: doing EEPROM country->regdmn map search
[   46.221397] ath: country maps to regdmn code: 0x37
[   46.226772] ath: Country alpha2 being used: FI
[   46.231293] ath: Regpair used: 0x37
[   46.235804] ath: regdomain 0x80f6 dynamically updated by user
[   56.261988] ath10k_pci 0001:01:00.0: unsupported HTC service id: 1536
[   56.472614] ath10k_pci 0001:01:00.0: Unknown eventid: 36933
[   56.476361] IPv6: ADDRCONF(NETDEV_UP): wlan1: link is not ready
[   62.469949] ath10k_pci 0000:01:00.0: unsupported HTC service id: 1536
[   62.675788] ath10k_pci 0000:01:00.0: Unknown eventid: 36933
[   62.679170] IPv6: ADDRCONF(NETDEV_UP): wlan0: link is not ready
[   62.692506] br-lan: port 2(wlan1) entered blocking state
[   62.692569] br-lan: port 2(wlan1) entered disabled state
[   62.697444] device wlan1 entered promiscuous mode
[   62.711382] br-lan: port 3(wlan0) entered blocking state
[   62.711407] br-lan: port 3(wlan0) entered disabled state
[   62.716036] device wlan0 entered promiscuous mode
[   63.132153] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
[   63.132294] br-lan: port 2(wlan1) entered blocking state
[   63.137642] br-lan: port 2(wlan1) entered forwarding state
[   63.561502] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
[   63.561645] br-lan: port 3(wlan0) entered blocking state
[   63.567005] br-lan: port 3(wlan0) entered forwarding state
[   69.854584] Unable to handle kernel paging request at virtual address fffff9e8
[   69.854619] pgd = c0204000
[   69.860830] [fffff9e8] *pgd=5fdfd861, *pte=00000000, *ppte=00000000
[   69.863399] Internal error: Oops: 37 [#1] SMP ARM
[   69.869551] Modules linked in: pppoe ppp_async ath10k_pci ath10k_core ath pptp pppox ppp_mppe ppp_generic mac80211 iptable_nat ipt_REJECT ipt_MASQUERADE cfg80211 xt_time xt_tcpudp xt_tcpmss xt_statistic xt_state xt_recent xt_nat xt_multiport xt_mark xt_mac xt_limit xt_length xt_hl xt_helper xt_esp xt_ecn xt_dscp xt_conntrack xt_connmark xt_connlimit xt_connbytes xt_comment xt_TCPMSS xt_REDIRECT xt_LOG xt_HL xt_FLOWOFFLOAD xt_DSCP xt_CT xt_CLASSIFY usbserial slhc nf_reject_ipv4 nf_nat_redirect nf_nat_masquerade_ipv4 nf_conntrack_ipv4 nf_nat_ipv4 nf_log_ipv4 nf_flow_table_hw nf_flow_table nf_defrag_ipv4 nf_conntrack_rtcache nf_conntrack_netlink iptable_raw iptable_mangle iptable_filter ipt_ah ipt_ECN ip_tables crc_ccitt compat chaoskey fuse sch_cake sch_tbf sch_ingress sch_htb sch_hfsc em_u32 cls_u32
[   69.922838]  cls_tcindex cls_route cls_matchall cls_fw cls_flow cls_basic act_skbedit act_mirred ledtrig_usbport xt_set ip_set_list_set ip_set_hash_netportnet ip_set_hash_netport ip_set_hash_netnet ip_set_hash_netiface ip_set_hash_net ip_set_hash_mac ip_set_hash_ipportnet ip_set_hash_ipportip ip_set_hash_ipport ip_set_hash_ipmark ip_set_hash_ip ip_set_bitmap_port ip_set_bitmap_ipmac ip_set_bitmap_ip ip_set nfnetlink ip6table_nat nf_conntrack_ipv6 nf_defrag_ipv6 nf_nat_ipv6 ip6t_NPT ip6t_MASQUERADE nf_nat_masquerade_ipv6 nf_nat nf_conntrack nf_log_ipv6 nf_log_common ip6table_mangle ip6table_filter ip6_tables ip6t_REJECT x_tables nf_reject_ipv6 msdos ip_gre gre ifb sit tunnel4 ip_tunnel tun vfat fat hfsplus cifs nls_utf8 nls_iso8859_15 nls_iso8859_1 nls_cp850 nls_cp437 nls_cp1250 sha1_generic md5 md4
[   69.993498]  usb_storage leds_gpio xhci_plat_hcd xhci_pci xhci_hcd dwc3 dwc3_of_simple ohci_platform ohci_hcd phy_qcom_dwc3 ahci ehci_platform sd_mod ahci_platform libahci_platform libahci libata scsi_mod ehci_hcd gpio_button_hotplug ext4 mbcache jbd2 exfat crc32c_generic
[   70.017635] CPU: 0 PID: 7566 Comm: iptables Not tainted 4.14.132 #0
[   70.039864] Hardware name: Generic DT based system
[   70.045855] task: dbd67480 task.stack: da974000
[   70.050841] PC is at ieee80211_sta_register_airtime+0x24/0x148 [mac80211]
[   70.055225] LR is at ath10k_htt_t2h_msg_handler+0x678/0x10f4 [ath10k_core]
[   70.062088] pc : [<bf75bfac>]    lr : [<bf83e8b0>]    psr: a0000113
[   70.068856] sp : da975c2c  ip : 00000002  fp : bf869c0c
[   70.075019] r10: 0000003b  r9 : dbdc2138  r8 : 00060002
[   70.080228] r7 : 00000000  r6 : dabfd650  r5 : 00000000  r4 : dbdc15c0
[   70.085437] r3 : 00000000  r2 : 00060002  r1 : 00000000  r0 : 00000000
[   70.092038] Flags: NzCv  IRQs on  FIQs on  Mode SVC_32  ISA ARM  Segment none
[   70.098546] Control: 10c5787d  Table: 5dba806a  DAC: 00000051
[   70.105750] Process iptables (pid: 7566, stack limit = 0xda974210)
[   70.111480] Stack: (0xda975c2c to 0xda976000)
[   70.117572] 5c20:                            dbdc15c0 00000000 dabfd650 00000001 dabfd650
[   70.122012] 5c40: dbdc2138 0000003b bf869c0c bf83e8b0 00000002 c0314b10 dbdc1c70 00000001
[   70.130172] 5c60: 00000001 dabfd64c 00010000 00000000 dbdc5724 bf88f3d8 c0310d28 da8d2780
[   70.138332] 5c80: dbdc15c0 00000000 da975ca8 c07fb4c4 dbdc5724 00000001 00000022 bf88b09c
[   70.146491] 5ca0: da8d2780 00000022 da975ca8 da975ca8 00000000 dbdc45c0 bf88f04c dbdc5654
[   70.154652] 5cc0: dbdc571c dbdc15c0 00000014 dbdc5724 dbdc45c0 00000005 0004b400 bf85c360
[   70.162812] 5ce0: 00000000 bf87101c da975cfc 00000006 00000000 dbdc15c0 00000001 00000040
[   70.170970] 5d00: 0000012c da975d58 1cf51000 bf85c448 dbdc5440 dbdc15c0 dbdc2440 ffffa61a
[   70.179129] 5d20: 00000040 bf88cb68 dbdc5440 00000001 00000040 ffffa61a c0b02d00 c06d72e0
[   70.187290] 5d40: dd990080 c0a3f080 c0b255dc c0b047e4 c090afac c090e80c da975d58 da975d58
[   70.195451] 5d60: da975d60 da975d60 dd4cc200 00000000 00000003 c0b0208c c0b02080 40000003
[   70.203608] 5d80: ffffe000 00000100 c0b02080 c03015c8 00000000 00000001 dd408000 c0a38210
[   70.211769] 5da0: c0b2c7c0 0000000a ffffa61a c0b02d00 c07fb764 00400104 dd4cc268 c0a3e414
[   70.219928] 5dc0: 00000000 00000000 00000001 dd408000 de803000 da975f08 c0914000 c03247cc
[   70.228091] 5de0: c0a3e414 c0368f1c c0b03f60 c0b153cc de80200c de802000 da975e20 c0301488
[   70.236248] 5e00: c0315140 40000013 ffffffff da975e54 5c13375f da974000 da975f08 c030c08c
[   70.244407] 5e20: dcb1d12c 00000040 00000000 00000212 dcb1d130 b6e4c000 b6e4b000 ddd6bb2c
[   70.252567] 5e40: 5c13375f b6e4c000 da975f08 c0914000 0005fdf9 da975e70 c03f3060 c0315140
[   70.260728] 5e60: 40000013 ffffffff 00000051 bf000000 38e38e39 b6e4c000 00000000 d94e3480
[   70.268886] 5e80: c0b06a84 c0b589c0 dcdd01c0 dbbaadbc dcdd01f8 fffff000 00000000 dbbaadb8
[   70.277047] 5ea0: b6e4c000 b6e4bfff 00000000 00000000 00000000 00000000 db535b48 d94e3480
[   70.285205] 5ec0: ffffffff 00000000 da975f08 00000000 00000000 dcdd01fc 00000000 c03f37e8
[   70.293367] 5ee0: 00000000 0000045c da8e6540 dcdd01c0 00000000 0000045c c0307e44 c03f9d14
[   70.301525] 5f00: d9da8454 00000000 dcdd01c0 00000001 00000000 00000000 ffffffff 00000000
[   70.309685] 5f20: befb4334 0000003b 00000400 dbfc3000 00000000 d9da1660 00000000 d9da16b0
[   70.317845] 5f40: d9da83a0 dcdd01c0 00000000 ffffe000 dcdd01c0 00000000 ffffe000 c031cd90
[   70.326006] 5f60: dcdd01c0 dbd67480 ffffe000 c03231fc 00000002 c041ddac 00000000 000000f8
[   70.334166] 5f80: 00000000 c0323964 00000002 befb4920 00000003 000000f8 c0307e44 c0323978
[   70.342323] 5fa0: 00000002 c0307c40 00000002 befb4920 00000002 befb4320 00000000 00000002
[   70.350483] 5fc0: 00000002 befb4920 00000003 000000f8 00000000 b6e1fce0 00000006 00000000
[   70.358645] 5fe0: 00000001 befb43b8 b6ebca0c b6ece0e8 60000010 00000002 00000000 00000000
[   70.366945] [<bf75bfac>] (ieee80211_sta_register_airtime [mac80211]) from [<00000002>] (0x2)
[   70.374957] Code: e1cd81f0 e1a08002 e1cda1f8 e58de020 (e5102618)
[   70.383600] ---[ end trace b799a93daca2cf67 ]---
[   70.389524] Kernel panic - not syncing: Fatal exception in interrupt
[   70.394141] CPU1: stopping
[   70.400465] CPU: 1 PID: 0 Comm: swapper/1 Tainted: G      D         4.14.132 #0
[   70.402979] Hardware name: Generic DT based system
[   70.410228] [<c030f2c4>] (unwind_backtrace) from [<c030b4c0>] (show_stack+0x14/0x20)
[   70.415074] [<c030b4c0>] (show_stack) from [<c07dfc18>] (dump_stack+0x88/0x9c)
[   70.422965] [<c07dfc18>] (dump_stack) from [<c030e50c>] (handle_IPI+0xf4/0x1ac)
[   70.429991] [<c030e50c>] (handle_IPI) from [<c03014b8>] (gic_handle_irq+0x9c/0xb8)
[   70.437195] [<c03014b8>] (gic_handle_irq) from [<c030c08c>] (__irq_svc+0x6c/0x90)
[   70.444822] Exception stack(0xdd461f80 to 0xdd461fc8)
[   70.452411] 1f80: 00000001 00000000 00000000 c0315180 ffffe000 c0b03cc0 c0b03c70 00000000
[   70.457452] 1fa0: 00000000 512f04d0 00000000 00000000 dd461fc8 dd461fd0 c030862c c0308630
[   70.465581] 1fc0: 60000013 ffffffff
[   70.473742] [<c030c08c>] (__irq_svc) from [<c0308630>] (arch_cpu_idle+0x38/0x44)
[   70.477054] [<c0308630>] (arch_cpu_idle) from [<c035dd18>] (do_idle+0xe8/0x1bc)
[   70.484686] [<c035dd18>] (do_idle) from [<c035e060>] (cpu_startup_entry+0x1c/0x20)
[   70.491712] [<c035e060>] (cpu_startup_entry) from [<423017cc>] (0x423017cc)
[   70.499346] Rebooting in 3 seconds..

Closed by Hauke Mehrtens
18.08.2019 19:23
Reason for closing: Fixed
Additional comments about closing:

This was fixed in https:/ /git.openwrt.org/2ceee0e02362519f08be2a2 88bd8f42ca6cef257

Anton van Bohemen commented on 30.07.2019 08:59

The ath10k (non-ct) firmware has not been updated in a while in OpenWRT. You might want to try a newer version from https://github.com/kvalo/ath10k-firmware/tree/master/QCA9984/hw1.0 The newest 10.4-3.9.0.2 version is 10.4-3.9.0.2-00046, or take the 3.10 series, 10.4-3.10-00047 is now available.

Hannu Nyman commented on 31.07.2019 17:52

I tested with both 10.4-3.9.0.2-00046 and 10.4-3.10-00047 formwares and neither helped.

Hauke Mehrtens commented on 07.08.2019 18:26

This branch still contains some more backports version between 4.19 and 5.2, could you please check with which version this problem started:
https://git.openwrt.org/?p=openwrt/staging/hauke.git;a=shortlog;h=refs/heads/mac80211-5.0

Hannu Nyman commented on 08.08.2019 20:18

Thanks for pointer to those intermediate commits in your staging tree. I checked it out and built minimal versions of the firmware. baseline and three first commits worked ok, but then the chrasing starts :-(

The culprit is the bump to 5.1-rc2-1:

 commit ba5b3ce570ea3abb7a05d00fd6d4d4a32804b0e4
 mac80211: update to version 5.0.5-1
 OK

 commit a9e9bdb8ba26ae3cf9df0a230d8eacd92deac821
 mac80211: Update to version 5.1-rc2-1
 CRASH

https://git.openwrt.org/?p=openwrt/staging/hauke.git;a=commit;h=a9e9bdb8ba26ae3cf9df0a230d8eacd92deac821

Pure guess, but that commit seems to remove some airtime related patches, and like I have said earlier, the crash always happens at:
PC is at ieee80211_sta_register_airtime+0x24/0x148 [mac80211]

Below are three consecutive crashes with that 5.1-rc2-1

[   39.828891] IPv6: ADDRCONF(NETDEV_UP): wlan0: link is not ready
[   39.837092] br-lan: port 2(wlan0) entered blocking state
[   39.837146] br-lan: port 2(wlan0) entered disabled state
[   39.841882] device wlan0 entered promiscuous mode
[   40.773479] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
[   40.773863] br-lan: port 2(wlan0) entered blocking state
[   40.779050] br-lan: port 2(wlan0) entered forwarding state
[   48.851993] Unable to handle kernel paging request at virtual address fffff9e8
[   48.852036] pgd = c0204000
[   48.858215] [fffff9e8] *pgd=5fdfd861, *pte=00000000, *ppte=00000000
[   48.860819] Internal error: Oops: 37 [#1] SMP ARM
[   48.866968] Modules linked in: pppoe ppp_async ath10k_pci ath10k_core ath pppox ppp_generic nf_conntrack_ipv6 mac80211 iptable_nat ipt_REJECT ipt_MASQUERADE cfg80211 xt_time xt_tcpudp xt_state xt_nat xt_multiport xt_mark xt_mac xt_limit xt_conntrack xt_comment xt_TCPMSS xt_REDIRECT xt_LOG xt_FLOWOFFLOAD slhc nf_reject_ipv4 nf_nat_redirect nf_nat_masquerade_ipv4 nf_conntrack_ipv4 nf_nat_ipv4 nf_nat nf_log_ipv4 nf_flow_table_hw nf_flow_table nf_defrag_ipv6 nf_defrag_ipv4 nf_conntrack_rtcache nf_conntrack iptable_mangle iptable_filter ip_tables crc_ccitt compat ledtrig_usbport nf_log_ipv6 nf_log_common ip6table_mangle ip6table_filter ip6_tables ip6t_REJECT x_tables nf_reject_ipv6 leds_gpio xhci_plat_hcd xhci_pci xhci_hcd dwc3 dwc3_of_simple ohci_platform ohci_hcd phy_qcom_dwc3 ahci ehci_platform sd_mod
[   48.920255]  ahci_platform libahci_platform libahci libata scsi_mod ehci_hcd gpio_button_hotplug
[   48.942503] CPU: 0 PID: 0 Comm: swapper/0 Not tainted 4.14.131 #0
[   48.951430] Hardware name: Generic DT based system
[   48.957421] task: c0b06d80 task.stack: c0b00000
[   48.962267] PC is at ieee80211_sta_register_airtime+0x24/0x148 [mac80211]
[   48.966644] LR is at ath10k_htt_t2h_msg_handler+0x678/0x10f4 [ath10k_core]
[   48.973484] pc : [<bf2ecec0>]    lr : [<bf3bb8f8>]    psr: a0000113
[   48.980252] sp : c0b01d54  ip : 00000002  fp : bf3e6bf8
[   48.986413] r10: 00000042  r9 : dc562124  r8 : 00060002
[   48.991622] r7 : 00000000  r6 : dbfec450  r5 : 00000000  r4 : dc5615c0
[   48.996833] r3 : 00000000  r2 : 00060002  r1 : 00000000  r0 : 00000000
[   49.003435] Flags: NzCv  IRQs on  FIQs on  Mode SVC_32  ISA ARM  Segment none
[   49.009941] Control: 10c5787d  Table: 5e98406a  DAC: 00000051
[   49.017145] Process swapper/0 (pid: 0, stack limit = 0xc0b00210)
[   49.022876] Stack: (0xc0b01d54 to 0xc0b02000)
[   49.028963] 1d40:                                              dc5615c0 00000000 dbfec450
[   49.033240] 1d60: 00000001 dbfec450 dc562124 00000042 bf3e6bf8 bf3bb8f8 00000002 c0314b10
[   49.041400] 1d80: dc561c70 00000001 00000001 dbfec44c 00010000 00000000 dc5656d4 bf40c3d8
[   49.049560] 1da0: c0310d28 dcc7ecc0 dc5615c0 00000000 c0b01dd0 c07f44c0 dc5656d4 00000001
[   49.057718] 1dc0: 00000022 bf40809c dcc7ecc0 00000022 c0b01dd0 c0b01dd0 00000000 dc5645c0
[   49.065879] 1de0: bf40c04c dc565604 dc5656cc dc5615c0 00000014 dc5656d4 dc5645c0 00000005
[   49.074040] 1e00: 0004b400 bf3d93b0 00000000 bf3ee01c c0b01e24 00000006 00000000 dc5615c0
[   49.082198] 1e20: 00000001 00000040 0000012c c0b01e80 1cf52000 bf3d9498 dc565400 dc5615c0
[   49.090357] 1e40: 00000040 dc562400 00000040 bf409b48 dc565400 00000001 00000040 ffff9de6
[   49.098516] 1e60: c0b02d00 c06d4be4 dd990080 c0a3e080 c0b2555c c0b047e4 c0903450 c0906b54
[   49.106678] 1e80: c0b01e80 c0b01e80 c0b01e88 c0b01e88 dd4cc200 00000000 00000003 c0b0208c
[   49.114837] 1ea0: c0b02080 40000003 ffffe000 00000100 c0b02080 c03015c8 00000000 00000001
[   49.122997] 1ec0: dd408000 c0a37210 c0b2c7c0 0000000a ffff9de6 c0b02d00 c07f4760 00200102
[   49.131156] 1ee0: dd4cc268 c0a3d414 00000000 00000000 00000001 dd408000 de803000 00000000
[   49.139315] 1f00: 00000000 c03247cc c0a3d414 c0368f1c c0b03f60 c0b153cc de80200c de802000
[   49.147476] 1f20: c0b01f48 c0301488 c0308630 60000013 ffffffff c0b01f7c 00000000 c0b00000
[   49.155636] 1f40: 00000000 c030c08c 00000001 00000000 00000000 c0315180 ffffe000 c0b03cc0
[   49.163796] 1f60: c0b03c70 00000000 00000000 c0a2ca28 00000000 00000000 c0b01f90 c0b01f98
[   49.171954] 1f80: c030862c c0308630 60000013 ffffffff 00000051 00000000 ffffe000 c035dd18
[   49.180115] 1fa0: 000000bf c0b03c40 00000000 c0b2c000 dddfce80 c035e060 c0b2c040 c0a00cf4
[   49.188273] 1fc0: ffffffff ffffffff 00000000 c0a0067c c0a2ca28 00000000 00000000 c0b2c1d4
[   49.196434] 1fe0: c0b03c5c c0a2ca24 c0b07ee0 4220406a 512f04d0 4220807c 00000000 00000000
[   49.204728] [<bf2ecec0>] (ieee80211_sta_register_airtime [mac80211]) from [<00000002>] (0x2)
[   49.212746] Code: e1cd81f0 e1a08002 e1cda1f8 e58de020 (e5102618)
[   49.221385] ---[ end trace 07370a752c04f624 ]---
[   49.227320] Kernel panic - not syncing: Fatal exception in interrupt
[   49.231923] CPU1: stopping
[   49.238246] CPU: 1 PID: 0 Comm: swapper/1 Tainted: G      D         4.14.131 #0
[   49.240759] Hardware name: Generic DT based system
[   49.248010] [<c030f2c4>] (unwind_backtrace) from [<c030b4c0>] (show_stack+0x14/0x20)
[   49.252850] [<c030b4c0>] (show_stack) from [<c07d8d98>] (dump_stack+0x88/0x9c)
[   49.260743] [<c07d8d98>] (dump_stack) from [<c030e50c>] (handle_IPI+0xf4/0x1ac)
[   49.267771] [<c030e50c>] (handle_IPI) from [<c03014b8>] (gic_handle_irq+0x9c/0xb8)
[   49.274975] [<c03014b8>] (gic_handle_irq) from [<c030c08c>] (__irq_svc+0x6c/0x90)
[   49.282601] Exception stack(0xdd461f80 to 0xdd461fc8)
[   49.290191] 1f80: 00000001 00000000 00000000 c0315180 ffffe000 c0b03cc0 c0b03c70 00000000
[   49.295231] 1fa0: 00000000 512f04d0 00000000 00000000 dd461fc8 dd461fd0 c030862c c0308630
[   49.303358] 1fc0: 60000013 ffffffff
[   49.311520] [<c030c08c>] (__irq_svc) from [<c0308630>] (arch_cpu_idle+0x38/0x44)
[   49.314832] [<c0308630>] (arch_cpu_idle) from [<c035dd18>] (do_idle+0xe8/0x1bc)
[   49.322462] [<c035dd18>] (do_idle) from [<c035e060>] (cpu_startup_entry+0x1c/0x20)
[   49.329488] [<c035e060>] (cpu_startup_entry) from [<423017cc>] (0x423017cc)
[   49.337129] Rebooting in 3 seconds..

[   54.653892] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
[   54.654177] br-lan: port 2(wlan1) entered blocking state
[   54.659443] br-lan: port 2(wlan1) entered forwarding state
[   55.091028] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
[   55.091394] br-lan: port 3(wlan0) entered blocking state
[   55.096617] br-lan: port 3(wlan0) entered forwarding state
[   59.703104] Unable to handle kernel paging request at virtual address fffff9e8
[   59.703145] pgd = c0204000
[   59.709326] [fffff9e8] *pgd=5fdfd861, *pte=00000000, *ppte=00000000
[   59.711929] Internal error: Oops: 37 [#1] SMP ARM
[   59.718076] Modules linked in: pppoe ppp_async ath10k_pci ath10k_core ath pppox ppp_generic nf_conntrack_ipv6 mac80211 iptable_nat ipt_REJECT ipt_MASQUERADE cfg80211 xt_time xt_tcpudp xt_state xt_nat xt_multiport xt_mark xt_mac xt_limit xt_conntrack xt_comment xt_TCPMSS xt_REDIRECT xt_LOG xt_FLOWOFFLOAD slhc nf_reject_ipv4 nf_nat_redirect nf_nat_masquerade_ipv4 nf_conntrack_ipv4 nf_nat_ipv4 nf_nat nf_log_ipv4 nf_flow_table_hw nf_flow_table nf_defrag_ipv6 nf_defrag_ipv4 nf_conntrack_rtcache nf_conntrack iptable_mangle iptable_filter ip_tables crc_ccitt compat ledtrig_usbport nf_log_ipv6 nf_log_common ip6table_mangle ip6table_filter ip6_tables ip6t_REJECT x_tables nf_reject_ipv6 leds_gpio xhci_plat_hcd xhci_pci xhci_hcd dwc3 dwc3_of_simple ohci_platform ohci_hcd phy_qcom_dwc3 ahci ehci_platform sd_mod
[   59.771364]  ahci_platform libahci_platform libahci libata scsi_mod ehci_hcd gpio_button_hotplug
[   59.793611] CPU: 0 PID: 0 Comm: swapper/0 Not tainted 4.14.131 #0
[   59.802540] Hardware name: Generic DT based system
[   59.808530] task: c0b06d80 task.stack: c0b00000
[   59.813366] PC is at ieee80211_sta_register_airtime+0x24/0x148 [mac80211]
[   59.817750] LR is at ath10k_htt_t2h_msg_handler+0x678/0x10f4 [ath10k_core]
[   59.824593] pc : [<bf2ecec0>]    lr : [<bf3bb8f8>]    psr: a0000113
[   59.831360] sp : c0b01d54  ip : 00000002  fp : bf3e6bf8
[   59.837521] r10: 00000041  r9 : dc432124  r8 : 00060002
[   59.842732] r7 : 00000000  r6 : db23e850  r5 : 00000000  r4 : dc4315c0
[   59.847942] r3 : 00000000  r2 : 00060002  r1 : 00000000  r0 : 00000000
[   59.854543] Flags: NzCv  IRQs on  FIQs on  Mode SVC_32  ISA ARM  Segment none
[   59.861050] Control: 10c5787d  Table: 5e66c06a  DAC: 00000051
[   59.868254] Process swapper/0 (pid: 0, stack limit = 0xc0b00210)
[   59.873984] Stack: (0xc0b01d54 to 0xc0b02000)
[   59.880070] 1d40:                                              dc4315c0 00000000 db23e850
[   59.884348] 1d60: 00000001 db23e850 dc432124 00000041 bf3e6bf8 bf3bb8f8 00000002 c0314b10
[   59.892506] 1d80: dc431c70 00000001 00000001 db23e84c 00010000 00000000 dc4356d4 bf40c3d8
[   59.900665] 1da0: c0310d28 dcba7180 dc4315c0 00000000 c0b01dd0 c07f44c0 dc4356d4 00000001
[   59.908826] 1dc0: 00000022 bf40809c dcba7180 00000022 c0b01dd0 c0b01dd0 00000000 dc4345c0
[   59.916985] 1de0: bf40c04c dc435604 dc4356cc dc4315c0 00000014 dc4356d4 dc4345c0 00000005
[   59.925146] 1e00: 0004b400 bf3d93b0 00000000 bf3ee01c c0b01e24 00000006 00000000 dc4315c0
[   59.933304] 1e20: 00000001 00000040 0000012c c0b01e80 1cf52000 bf3d9498 dc435400 dc4315c0
[   59.941465] 1e40: 00000040 dc432400 00000040 bf409b48 dc435400 00000001 00000040 ffffa223
[   59.949624] 1e60: c0b02d00 c06d4be4 dd990080 c0a3e080 c0b2555c c0b047e4 c0903450 c0906b54
[   59.957784] 1e80: c0b01e80 c0b01e80 c0b01e88 c0b01e88 dd4cc200 00000000 00000003 c0b0208c
[   59.965943] 1ea0: c0b02080 40000003 ffffe000 00000100 c0b02080 c03015c8 00000000 00000001
[   59.974105] 1ec0: dd408000 c0a37210 c0b2c7c0 0000000a ffffa223 c0b02d00 c07f4760 00200102
[   59.982262] 1ee0: dd4cc268 c0a3d414 00000000 00000000 00000001 dd408000 de803000 00000000
[   59.990422] 1f00: 00000000 c03247cc c0a3d414 c0368f1c c0b03f60 c0b153cc de80200c de802000
[   59.998583] 1f20: c0b01f48 c0301488 c0308630 60000013 ffffffff c0b01f7c 00000000 c0b00000
[   60.006741] 1f40: 00000000 c030c08c 00000001 00000000 00000000 c0315180 ffffe000 c0b03cc0
[   60.014902] 1f60: c0b03c70 00000000 00000000 c0a2ca28 00000000 00000000 c0b01f90 c0b01f98
[   60.023062] 1f80: c030862c c0308630 60000013 ffffffff 00000051 00000000 ffffe000 c035dd18
[   60.031221] 1fa0: 000000bf c0b03c40 00000000 c0b2c000 dddfce80 c035e060 c0b2c040 c0a00cf4
[   60.039381] 1fc0: ffffffff ffffffff 00000000 c0a0067c c0a2ca28 00000000 00000000 c0b2c1d4
[   60.047540] 1fe0: c0b03c5c c0a2ca24 c0b07ee0 4220406a 512f04d0 4220807c 00000000 00000000
[   60.055826] [<bf2ecec0>] (ieee80211_sta_register_airtime [mac80211]) from [<00000002>] (0x2)
[   60.063854] Code: e1cd81f0 e1a08002 e1cda1f8 e58de020 (e5102618)
[   60.072521] ---[ end trace 103314eb49a2e7c4 ]---
[   60.078404] Kernel panic - not syncing: Fatal exception in interrupt
[   60.083030] CPU1: stopping
[   60.089356] CPU: 1 PID: 0 Comm: swapper/1 Tainted: G      D         4.14.131 #0
[   60.091868] Hardware name: Generic DT based system
[   60.099118] [<c030f2c4>] (unwind_backtrace) from [<c030b4c0>] (show_stack+0x14/0x20)
[   60.103959] [<c030b4c0>] (show_stack) from [<c07d8d98>] (dump_stack+0x88/0x9c)
[   60.111852] [<c07d8d98>] (dump_stack) from [<c030e50c>] (handle_IPI+0xf4/0x1ac)
[   60.118880] [<c030e50c>] (handle_IPI) from [<c03014b8>] (gic_handle_irq+0x9c/0xb8)
[   60.126083] [<c03014b8>] (gic_handle_irq) from [<c030c08c>] (__irq_svc+0x6c/0x90)
[   60.133711] Exception stack(0xdd461f80 to 0xdd461fc8)
[   60.141299] 1f80: 00000001 00000000 00000000 c0315180 ffffe000 c0b03cc0 c0b03c70 00000000
[   60.146340] 1fa0: 00000000 512f04d0 00000000 00000000 dd461fc8 dd461fd0 c030862c c0308630
[   60.154469] 1fc0: 60000013 ffffffff
[   60.162631] [<c030c08c>] (__irq_svc) from [<c0308630>] (arch_cpu_idle+0x38/0x44)
[   60.165942] [<c0308630>] (arch_cpu_idle) from [<c035dd18>] (do_idle+0xe8/0x1bc)
[   60.173572] [<c035dd18>] (do_idle) from [<c035e060>] (cpu_startup_entry+0x1c/0x20)
[   60.180600] [<c035e060>] (cpu_startup_entry) from [<423017cc>] (0x423017cc)
[   60.188239] Rebooting in 3 seconds..

[   54.337469] IPv6: ADDRCONF(NETDEV_UP): wlan1: link is not ready
[   54.339862] br-lan: port 2(wlan0) entered blocking state
[   54.344329] br-lan: port 2(wlan0) entered disabled state
[   54.350413] device wlan0 entered promiscuous mode
[   54.358800] br-lan: port 3(wlan1) entered blocking state
[   54.359766] br-lan: port 3(wlan1) entered disabled state
[   54.365620] device wlan1 entered promiscuous mode
[   54.869994] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
[   54.870279] br-lan: port 3(wlan1) entered blocking state
[   54.875550] br-lan: port 3(wlan1) entered forwarding state
[   55.278894] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
[   55.279189] br-lan: port 2(wlan0) entered blocking state
[   55.284365] br-lan: port 2(wlan0) entered forwarding state
[   61.920873] Unable to handle kernel paging request at virtual address fffff9e8
[   61.920917] pgd = c0204000
[   61.927110] [fffff9e8] *pgd=5fdfd861, *pte=00000000, *ppte=00000000
[   61.929702] Internal error: Oops: 37 [#1] SMP ARM
[   61.935850] Modules linked in: pppoe ppp_async ath10k_pci ath10k_core ath pppox ppp_generic nf_conntrack_ipv6 mac80211 iptable_nat ipt_REJECT ipt_MASQUERADE cfg80211 xt_time xt_tcpudp xt_state xt_nat xt_multiport xt_mark xt_mac xt_limit xt_conntrack xt_comment xt_TCPMSS xt_REDIRECT xt_LOG xt_FLOWOFFLOAD slhc nf_reject_ipv4 nf_nat_redirect nf_nat_masquerade_ipv4 nf_conntrack_ipv4 nf_nat_ipv4 nf_nat nf_log_ipv4 nf_flow_table_hw nf_flow_table nf_defrag_ipv6 nf_defrag_ipv4 nf_conntrack_rtcache nf_conntrack iptable_mangle iptable_filter ip_tables crc_ccitt compat ledtrig_usbport nf_log_ipv6 nf_log_common ip6table_mangle ip6table_filter ip6_tables ip6t_REJECT x_tables nf_reject_ipv6 leds_gpio xhci_plat_hcd xhci_pci xhci_hcd dwc3 dwc3_of_simple ohci_platform ohci_hcd phy_qcom_dwc3 ahci ehci_platform sd_mod
[   61.989136]  ahci_platform libahci_platform libahci libata scsi_mod ehci_hcd gpio_button_hotplug
[   62.011384] CPU: 0 PID: 0 Comm: swapper/0 Not tainted 4.14.131 #0
[   62.020311] Hardware name: Generic DT based system
[   62.026304] task: c0b06d80 task.stack: c0b00000
[   62.031150] PC is at ieee80211_sta_register_airtime+0x24/0x148 [mac80211]
[   62.035529] LR is at ath10k_htt_t2h_msg_handler+0x678/0x10f4 [ath10k_core]
[   62.042368] pc : [<bf2ecec0>]    lr : [<bf3bb8f8>]    psr: a0000113
[   62.049133] sp : c0b01d54  ip : 00000002  fp : bf3e6bf8
[   62.055294] r10: 0000003b  r9 : dc58a124  r8 : 00060002
[   62.060503] r7 : 00000000  r6 : db108250  r5 : 00000000  r4 : dc5895c0
[   62.065713] r3 : 00000000  r2 : 00060002  r1 : 00000000  r0 : 00000000
[   62.072315] Flags: NzCv  IRQs on  FIQs on  Mode SVC_32  ISA ARM  Segment none
[   62.078823] Control: 10c5787d  Table: 5df8c06a  DAC: 00000051
[   62.086027] Process swapper/0 (pid: 0, stack limit = 0xc0b00210)
[   62.091755] Stack: (0xc0b01d54 to 0xc0b02000)
[   62.097843] 1d40:                                              dc5895c0 00000000 db108250
[   62.102121] 1d60: 00000001 db108250 dc58a124 0000003b bf3e6bf8 bf3bb8f8 00000002 c0314b10
[   62.110281] 1d80: dc589c70 00000001 00000001 db10824c 00010000 00000000 dc58d6d4 bf40c3d8
[   62.118440] 1da0: c0310d28 dcc71480 dc5895c0 00000000 c0b01dd0 c07f44c0 dc58d6d4 00000001
[   62.126600] 1dc0: 00000022 bf40809c dcc71480 00000022 c0b01dd0 c0b01dd0 00000000 dc58c5c0
[   62.134759] 1de0: bf40c04c dc58d604 dc58d6cc dc5895c0 00000014 dc58d6d4 dc58c5c0 00000005
[   62.142920] 1e00: 0004b400 bf3d93b0 00000000 bf3ee01c c0b01e24 00000006 00000000 dc5895c0
[   62.151080] 1e20: 00000001 00000040 0000012c c0b01e80 1cf52000 bf3d9498 dc58d400 dc5895c0
[   62.159238] 1e40: 00000040 dc58a400 00000040 bf409b48 dc58d400 00000001 00000040 ffffa301
[   62.167397] 1e60: c0b02d00 c06d4be4 dd990080 c0a3e080 c0b2555c c0b047e4 c0903450 c0906b54
[   62.175559] 1e80: c0b01e80 c0b01e80 c0b01e88 c0b01e88 dd4cc200 00000000 00000003 c0b0208c
[   62.183719] 1ea0: c0b02080 40000003 ffffe000 00000100 c0b02080 c03015c8 00000000 00000001
[   62.191878] 1ec0: dd408000 c0a37210 c0b2c7c0 0000000a ffffa301 c0b02d00 c07f4760 00200102
[   62.200036] 1ee0: dd4cc268 c0a3d414 00000000 00000000 00000001 dd408000 de803000 00000000
[   62.208199] 1f00: 00000000 c03247cc c0a3d414 c0368f1c c0b03f60 c0b153cc de80200c de802000
[   62.216356] 1f20: c0b01f48 c0301488 c0308630 60000013 ffffffff c0b01f7c 00000000 c0b00000
[   62.224517] 1f40: 00000000 c030c08c 00000001 00000000 00000000 c0315180 ffffe000 c0b03cc0
[   62.232677] 1f60: c0b03c70 00000000 00000000 c0a2ca28 00000000 00000000 c0b01f90 c0b01f98
[   62.240836] 1f80: c030862c c0308630 60000013 ffffffff 00000051 00000000 ffffe000 c035dd18
[   62.248996] 1fa0: 000000bf c0b03c40 00000000 c0b2c000 dddfce80 c035e060 c0b2c040 c0a00cf4
[   62.257155] 1fc0: ffffffff ffffffff 00000000 c0a0067c c0a2ca28 00000000 00000000 c0b2c1d4
[   62.265316] 1fe0: c0b03c5c c0a2ca24 c0b07ee0 4220406a 512f04d0 4220807c 00000000 00000000
[   62.273608] [<bf2ecec0>] (ieee80211_sta_register_airtime [mac80211]) from [<00000002>] (0x2)
[   62.281628] Code: e1cd81f0 e1a08002 e1cda1f8 e58de020 (e5102618)
[   62.290319] ---[ end trace a8ac8bbf260970f0 ]---
[   62.296197] Kernel panic - not syncing: Fatal exception in interrupt
[   62.300805] CPU1: stopping
[   62.307128] CPU: 1 PID: 0 Comm: swapper/1 Tainted: G      D         4.14.131 #0
[   62.309640] Hardware name: Generic DT based system
[   62.316889] [<c030f2c4>] (unwind_backtrace) from [<c030b4c0>] (show_stack+0x14/0x20)
[   62.321728] [<c030b4c0>] (show_stack) from [<c07d8d98>] (dump_stack+0x88/0x9c)
[   62.329623] [<c07d8d98>] (dump_stack) from [<c030e50c>] (handle_IPI+0xf4/0x1ac)
[   62.336652] [<c030e50c>] (handle_IPI) from [<c03014b8>] (gic_handle_irq+0x9c/0xb8)
[   62.343854] [<c03014b8>] (gic_handle_irq) from [<c030c08c>] (__irq_svc+0x6c/0x90)
[   62.351484] Exception stack(0xdd461f80 to 0xdd461fc8)
[   62.359071] 1f80: 00000001 00000000 00000000 c0315180 ffffe000 c0b03cc0 c0b03c70 00000000
[   62.364112] 1fa0: 00000000 512f04d0 00000000 00000000 dd461fc8 dd461fd0 c030862c c0308630
[   62.372241] 1fc0: 60000013 ffffffff
[   62.380402] [<c030c08c>] (__irq_svc) from [<c0308630>] (arch_cpu_idle+0x38/0x44)
[   62.383713] [<c0308630>] (arch_cpu_idle) from [<c035dd18>] (do_idle+0xe8/0x1bc)
[   62.391344] [<c035dd18>] (do_idle) from [<c035e060>] (cpu_startup_entry+0x1c/0x20)
[   62.398370] [<c035e060>] (cpu_startup_entry) from [<423017cc>] (0x423017cc)
[   62.406008] Rebooting in 3 seconds..

Stefan Lippers-Hollmann commented on 18.08.2019 00:09

I can reproduce this with r10810-552c48ea43, so using

Loading modules backported from Linux version v5.3-rc4-0-gd45331b00ddb
Backport generated by backports.git v5.3-rc4-1-0-g4ec72687

on my ZyXEL NBG6817 (ipq8065) with QCA9984/ ath10k (firmware ver 10.4-3.10-00047 api 5 features no-p2p,mfp,peer-flow-ctrl,btcoex-param,allows-mesh-bcast,no-ps crc32 19ca6df2)

As soon as the first STA device tries associating, ath10k crashes the kernel and the watchdog reboots the router.

The following log is using ipq806x with kernel v4.19.67 and your hostapd v2.9 update, so slightly modified compared to stock HEAD; the router doesn't have a serial console attached - so I'm slightly limited to what logread can fetch:

Sat Aug 17 21:49:31 2019 kern.info kernel: [    0.000000] Booting Linux on physical CPU 0x0
Sat Aug 17 21:49:31 2019 kern.notice kernel: [    0.000000] Linux version 4.19.67 (slh@trident) (gcc version 7.4.0 (OpenWrt GCC 7.4.0 r10810-552c48ea43)) #0 SMP Sat Aug 17 21:09:04 2019
Sat Aug 17 21:49:31 2019 kern.info kernel: [    0.000000] CPU: ARMv7 Processor [512f04d0] revision 0 (ARMv7), cr=10c5787d
Sat Aug 17 21:49:31 2019 kern.info kernel: [    0.000000] CPU: div instructions available: patching division code
Sat Aug 17 21:49:31 2019 kern.info kernel: [    0.000000] CPU: PIPT / VIPT nonaliasing data cache, PIPT instruction cache
Sat Aug 17 21:49:31 2019 kern.info kernel: [    0.000000] OF: fdt: Machine model: ZyXEL NBG6817
[…]
Sat Aug 17 21:49:31 2019 kern.debug kernel: [   17.992741] ath10k_pci 0000:01:00.0: assign IRQ: got 35
Sat Aug 17 21:49:31 2019 kern.info kernel: [   17.993593] ath10k_pci 0000:01:00.0: enabling device (0140 -> 0142)
Sat Aug 17 21:49:31 2019 kern.debug kernel: [   17.993689] ath10k_pci 0000:01:00.0: enabling bus mastering
Sat Aug 17 21:49:31 2019 kern.info kernel: [   17.994268] ath10k_pci 0000:01:00.0: pci irq msi oper_irq_mode 2 irq_mode 0 reset_mode 0
Sat Aug 17 21:49:31 2019 kern.err kernel: [   20.456658] firmware ath10k!QCA9984!hw1.0!firmware-6.bin: firmware_loading_store: map pages failed
Sat Aug 17 21:49:31 2019 kern.info kernel: [   20.669252] ath10k_pci 0000:01:00.0: qca9984/qca9994 hw1.0 target 0x01000000 chip_id 0x00000000 sub 168c:cafe
Sat Aug 17 21:49:31 2019 kern.info kernel: [   20.669301] ath10k_pci 0000:01:00.0: kconfig debug 0 debugfs 1 tracing 0 dfs 1 testmode 1
Sat Aug 17 21:49:31 2019 kern.info kernel: [   20.683815] ath10k_pci 0000:01:00.0: firmware ver 10.4-3.10-00047 api 5 features no-p2p,mfp,peer-flow-ctrl,btcoex-param,allows-mesh-bcast,no-ps crc32 19ca6df2
Sat Aug 17 21:49:31 2019 kern.info kernel: [   22.971064] ath10k_pci 0000:01:00.0: board_file api 2 bmi_id 0:1 crc32 85498734
Sat Aug 17 21:49:31 2019 kern.info kernel: [   28.855520] ath10k_pci 0000:01:00.0: UART prints enabled
Sat Aug 17 21:49:31 2019 kern.warn kernel: [   28.902297] ath10k_pci 0000:01:00.0: unsupported HTC service id: 1536
Sat Aug 17 21:49:31 2019 kern.info kernel: [   29.014947] ath10k_pci 0000:01:00.0: htt-ver 2.2 wmi-op 6 htt-op 4 cal pre-cal-file max-sta 512 raw 0 hwcrypto 1
Sat Aug 17 21:49:31 2019 kern.debug kernel: [   29.070012] ath: EEPROM regdomain: 0x0
Sat Aug 17 21:49:31 2019 kern.debug kernel: [   29.070027] ath: EEPROM indicates default country code should be used
Sat Aug 17 21:49:31 2019 kern.debug kernel: [   29.070037] ath: doing EEPROM country->regdmn map search
Sat Aug 17 21:49:31 2019 kern.debug kernel: [   29.070055] ath: country maps to regdmn code: 0x3a
Sat Aug 17 21:49:31 2019 kern.debug kernel: [   29.070068] ath: Country alpha2 being used: US
Sat Aug 17 21:49:31 2019 kern.debug kernel: [   29.070078] ath: Regpair used: 0x3a
Sat Aug 17 21:49:31 2019 kern.debug kernel: [   29.075827] ath10k_pci 0001:01:00.0: assign IRQ: got 37
Sat Aug 17 21:49:31 2019 kern.info kernel: [   29.076772] ath10k_pci 0001:01:00.0: enabling device (0140 -> 0142)
Sat Aug 17 21:49:31 2019 kern.debug kernel: [   29.076857] ath10k_pci 0001:01:00.0: enabling bus mastering
Sat Aug 17 21:49:31 2019 kern.info kernel: [   29.077420] ath10k_pci 0001:01:00.0: pci irq msi oper_irq_mode 2 irq_mode 0 reset_mode 0
Sat Aug 17 21:49:31 2019 kern.err kernel: [   29.474182] firmware ath10k!QCA9984!hw1.0!firmware-6.bin: firmware_loading_store: map pages failed
Sat Aug 17 21:49:31 2019 kern.info kernel: [   29.474366] ath10k_pci 0001:01:00.0: qca9984/qca9994 hw1.0 target 0x01000000 chip_id 0x00000000 sub 168c:cafe
Sat Aug 17 21:49:31 2019 kern.info kernel: [   29.482150] ath10k_pci 0001:01:00.0: kconfig debug 0 debugfs 1 tracing 0 dfs 1 testmode 1
Sat Aug 17 21:49:31 2019 kern.info kernel: [   29.494785] ath10k_pci 0001:01:00.0: firmware ver 10.4-3.10-00047 api 5 features no-p2p,mfp,peer-flow-ctrl,btcoex-param,allows-mesh-bcast,no-ps crc32 19ca6df2
Sat Aug 17 21:49:31 2019 kern.info kernel: [   31.771809] ath10k_pci 0001:01:00.0: board_file api 2 bmi_id 0:2 crc32 85498734
Sat Aug 17 21:49:31 2019 kern.info kernel: [   37.668354] ath10k_pci 0001:01:00.0: UART prints enabled
Sat Aug 17 21:49:31 2019 kern.warn kernel: [   37.715165] ath10k_pci 0001:01:00.0: unsupported HTC service id: 1536
Sat Aug 17 21:49:31 2019 kern.info kernel: [   37.831125] ath10k_pci 0001:01:00.0: htt-ver 2.2 wmi-op 6 htt-op 4 cal pre-cal-file max-sta 512 raw 0 hwcrypto 1
Sat Aug 17 21:49:31 2019 kern.debug kernel: [   37.885858] ath: EEPROM regdomain: 0x0
Sat Aug 17 21:49:31 2019 kern.debug kernel: [   37.885872] ath: EEPROM indicates default country code should be used
Sat Aug 17 21:49:31 2019 kern.debug kernel: [   37.885882] ath: doing EEPROM country->regdmn map search
Sat Aug 17 21:49:31 2019 kern.debug kernel: [   37.885900] ath: country maps to regdmn code: 0x3a
Sat Aug 17 21:49:31 2019 kern.debug kernel: [   37.885913] ath: Country alpha2 being used: US
Sat Aug 17 21:49:31 2019 kern.debug kernel: [   37.885924] ath: Regpair used: 0x3a
[…]
Sat Aug 17 21:49:40 2019 kern.debug kernel: [   48.654916] ath: EEPROM regdomain: 0x8114
Sat Aug 17 21:49:40 2019 kern.debug kernel: [   48.654944] ath: EEPROM indicates we should expect a country code
Sat Aug 17 21:49:40 2019 kern.debug kernel: [   48.658001] ath: doing EEPROM country->regdmn map search
Sat Aug 17 21:49:40 2019 kern.debug kernel: [   48.664091] ath: country maps to regdmn code: 0x37
Sat Aug 17 21:49:40 2019 kern.debug kernel: [   48.669463] ath: Country alpha2 being used: DE
Sat Aug 17 21:49:40 2019 kern.debug kernel: [   48.674052] ath: Regpair used: 0x37
Sat Aug 17 21:49:40 2019 kern.debug kernel: [   48.678492] ath: regdomain 0x8114 dynamically updated by user
Sat Aug 17 21:49:40 2019 kern.debug kernel: [   48.681900] ath: EEPROM regdomain: 0x8114
Sat Aug 17 21:49:40 2019 kern.debug kernel: [   48.687761] ath: EEPROM indicates we should expect a country code
Sat Aug 17 21:49:40 2019 kern.debug kernel: [   48.691758] ath: doing EEPROM country->regdmn map search
Sat Aug 17 21:49:40 2019 kern.debug kernel: [   48.697853] ath: country maps to regdmn code: 0x37
Sat Aug 17 21:49:40 2019 kern.debug kernel: [   48.703228] ath: Country alpha2 being used: DE
Sat Aug 17 21:49:40 2019 kern.debug kernel: [   48.707818] ath: Regpair used: 0x37
Sat Aug 17 21:49:40 2019 kern.debug kernel: [   48.712229] ath: regdomain 0x8114 dynamically updated by user
[…]
Sat Aug 17 21:49:41 2019 daemon.notice netifd: radio0 (1384): command failed: Not supported (-95)
Sat Aug 17 21:49:41 2019 user.notice mac80211: Failed command: iw phy phy0 set distance 0
Sat Aug 17 21:49:41 2019 daemon.notice netifd: radio1 (1385): command failed: Not supported (-95)
Sat Aug 17 21:49:41 2019 user.notice mac80211: Failed command: iw phy phy1 set distance 0
Sat Aug 17 21:49:41 2019 daemon.notice netifd: radio0 (1384): sh: out of range
Sat Aug 17 21:49:41 2019 daemon.notice netifd: radio1 (1385): sh: out of range
[…]
Sat Aug 17 21:49:42 2019 daemon.err hostapd: Configuration file: /var/run/hostapd-phy1.conf
Sat Aug 17 21:49:42 2019 daemon.err hostapd: Configuration file: /var/run/hostapd-phy0.conf
Sat Aug 17 21:49:42 2019 daemon.notice hostapd: rfkill: Cannot open RFKILL control device
[…]
Sat Aug 17 21:49:48 2019 daemon.notice hostapd: rfkill: Cannot open RFKILL control device
[…]
Sat Aug 17 21:49:54 2019 kern.info kernel: [   63.060906] ath10k_pci 0001:01:00.0: UART prints enabled
Sat Aug 17 21:49:54 2019 kern.warn kernel: [   63.107842] ath10k_pci 0001:01:00.0: unsupported HTC service id: 1536
Sat Aug 17 21:49:54 2019 kern.warn kernel: [   63.319351] ath10k_pci 0001:01:00.0: Unknown eventid: 36933
[…]
Sat Aug 17 21:49:54 2019 kern.info kernel: [   63.322927] IPv6: ADDRCONF(NETDEV_UP): wlan1: link is not ready
[…]
Sat Aug 17 21:49:54 2019 kern.info kernel: [   63.339343] br-lan: port 2(wlan0) entered blocking state
Sat Aug 17 21:49:54 2019 kern.info kernel: [   63.339379] br-lan: port 2(wlan0) entered disabled state
Sat Aug 17 21:49:54 2019 kern.info kernel: [   63.344191] device wlan0 entered promiscuous mode
Sat Aug 17 21:49:54 2019 kern.info kernel: [   63.360588] br-lan: port 3(wlan1) entered blocking state
Sat Aug 17 21:49:54 2019 kern.info kernel: [   63.360620] br-lan: port 3(wlan1) entered disabled state
Sat Aug 17 21:49:54 2019 kern.info kernel: [   63.365388] device wlan1 entered promiscuous mode
Sat Aug 17 21:49:54 2019 daemon.notice hostapd: wlan0: interface state UNINITIALIZED->COUNTRY_UPDATE
Sat Aug 17 21:49:54 2019 daemon.notice hostapd: wlan0: interface state COUNTRY_UPDATE->HT_SCAN
Sat Aug 17 21:49:54 2019 daemon.notice hostapd: wlan1: interface state UNINITIALIZED->COUNTRY_UPDATE
Sat Aug 17 21:49:54 2019 daemon.notice hostapd: wlan1: interface state COUNTRY_UPDATE->HT_SCAN
[…]
Sat Aug 17 21:49:55 2019 daemon.notice hostapd: wlan0: interface state HT_SCAN->DFS
Sat Aug 17 21:49:55 2019 daemon.notice hostapd: wlan0: DFS-CAC-START freq=5600 chan=120 sec_chan=-1, width=1, seg0=122, seg1=0, cac_time=60s
[…]
Sat Aug 17 21:49:56 2019 daemon.notice hostapd: 20/40 MHz operation not permitted on channel pri=1 sec=5 based on overlapping BSSes
Sat Aug 17 21:49:56 2019 daemon.err hostapd: Using interface wlan1 with hwaddr 60:31:xx:xx:xx:xx and ssid "vostok"
Sat Aug 17 21:49:56 2019 kern.info kernel: [   65.446182] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
Sat Aug 17 21:49:56 2019 kern.info kernel: [   65.446645] br-lan: port 3(wlan1) entered blocking state
Sat Aug 17 21:49:56 2019 kern.info kernel: [   65.451711] br-lan: port 3(wlan1) entered forwarding state
Sat Aug 17 21:49:56 2019 daemon.notice hostapd: wlan1: interface state HT_SCAN->ENABLED
Sat Aug 17 21:49:56 2019 daemon.notice hostapd: wlan1: AP-ENABLED
Sat Aug 17 21:49:57 2019 daemon.notice netifd: Network device 'wlan1' link is up
Sat Aug 17 21:49:58 2019 daemon.info hostapd: wlan1: STA 3c:37:xx:xx:xx:xx IEEE 802.11: authenticated
Sat Aug 17 21:49:58 2019 daemon.info hostapd: wlan1: STA 3c:37:xx:xx:xx:xx IEEE 802.11: associated (aid 1)
Sat Aug 17 21:49:58 2019 kern.alert kernel: [   67.062085] Unable to handle kernel paging request at virtual address fffff9e8
Sat Aug 17 21:49:58 2019 kern.alert kernel: [   67.062115] pgd = 0390c121
Sat Aug 17 21:49:58 2019 kern.alert kernel: [   67.068291] [fffff9e8] *pgd=5fffd861, *pte=00000000, *ppte=00000000
Sat Aug 17 21:49:58 2019 kern.emerg kernel: [   67.070948] Internal error: Oops: 37 [#1] SMP ARM
Sat Aug 17 21:49:58 2019 kern.warn kernel: [   67.077046] Modules linked in: pppoe ppp_async iptable_nat ipt_MASQUERADE ath10k_pci ath10k_core ath xt_state xt_nat xt_conntrack xt_REDIRECT xt_FLOWOFFLOAD xt_CT pppox ppp_generic nf_nat_ipv4 nf_nat nf_flow_table_hw nf_flow_table nf_conntrack_rtcache nf_conntrack_netlink nf_conntrack mac80211 ipt_REJECT cfg80211 xt_time xt_tcpudp xt_policy xt_multiport xt_mark xt_mac xt_limit xt_esp xt_comment xt_TCPMSS xt_LOG usblp slhc nf_reject_ipv4 nf_log_ipv4 nf_defrag_ipv6 nf_defrag_ipv4 iptable_mangle iptable_filter ipt_ah ip_tables crc_ccitt compat configs xt_set ip_set_list_set ip_set_hash_netportnet ip_set_hash_netport ip_set_hash_netnet ip_set_hash_netiface ip_set_hash_net ip_set_hash_mac ip_set_hash_ipportnet ip_set_hash_ipportip ip_set_hash_ipport ip_set_hash_ipmark ip_set_hash_ip ip_set_bitmap_port
Sat Aug 17 21:49:58 2019 kern.warn kernel: [   67.129987]  ip_set_bitmap_ipmac ip_set_bitmap_ip ip_set nfnetlink nf_log_ipv6 nf_log_common ip6table_mangle ip6table_filter ip6_tables ip6t_REJECT x_tables nf_reject_ipv6 sit xfrm6_mode_tunnel xfrm6_mode_transport xfrm6_mode_beet ipcomp6 xfrm6_tunnel esp6 ah6 xfrm4_tunnel xfrm4_mode_tunnel xfrm4_mode_transport xfrm4_mode_beet ipcomp esp4 ah4 tunnel6 tunnel4 ip_tunnel xfrm_user xfrm_ipcomp af_key xfrm_algo vfat fat autofs4 nls_utf8 nls_iso8859_1 nls_cp437 sha1_generic md5 echainiv authenc uas usb_storage leds_gpio xhci_plat_hcd xhci_pci xhci_hcd dwc3 dwc3_qcom ohci_platform ohci_hcd ahci ehci_platform sd_mod ahci_platform libahci_platform libahci libata scsi_mod ehci_hcd gpio_button_hotplug f2fs ext4 mbcache jbd2 crc32c_generic crc32_generic
Sat Aug 17 21:49:58 2019 kern.warn kernel: [   67.195616] CPU: 0 PID: 0 Comm: swapper/0 Not tainted 4.19.67 #0
Sat Aug 17 21:49:58 2019 kern.warn kernel: [   67.217845] Hardware name: Generic DT based system
Sat Aug 17 21:49:58 2019 kern.warn kernel: [   67.224179] PC is at ieee80211_sta_register_airtime+0x24/0x148 [mac80211]
Sat Aug 17 21:49:58 2019 kern.warn kernel: [   67.228752] LR is at ath10k_htt_t2h_msg_handler+0x4cc/0xc14 [ath10k_core]

Hauke Mehrtens commented on 18.08.2019 13:43

I checked where this problem occurs:

hauke@hauke-t480:~/openwrt/openwrt$ ./staging_dir/toolchain-arm_cortex-a15+neon-vfpv4_gcc-7.4.0_musl_eabi/bin/arm-openwrt-linux-gdb build_dir/target-arm_cortex-a15+neon-vfpv4_musl_eabi/linux-ipq806x/backports-5.2-rc7-1/net/mac80211/mac80211.ko
GNU gdb (GDB) 8.2.1
....
Reading symbols from build_dir/target-arm_cortex-a15+neon-vfpv4_musl_eabi/linux-ipq806x/backports-5.2-rc7-1/net/mac80211/mac80211.ko...done.
(gdb) list *(ieee80211_sta_register_airtime+0x24)
0x3fd4 is in ieee80211_sta_register_airtime (/home/hauke/openwrt/openwrt/build_dir/target-arm_cortex-a15+neon-vfpv4_musl_eabi/linux-ipq806x/backports-5.2-rc7-1/net/mac80211/sta_info.c:1843).
1838		struct sta_info *sta = container_of(pubsta, struct sta_info, sta);
1839		struct ieee80211_local *local = sta->sdata->local;
1840		u8 ac = ieee80211_ac_from_tid(tid);
1841		u32 airtime = 0;
1842	
1843		if (sta->local->airtime_flags & AIRTIME_USE_TX)
1844			airtime += tx_airtime;
1845		if (sta->local->airtime_flags & AIRTIME_USE_RX)
1846			airtime += rx_airtime;
1847	
(gdb)

This is probably in "if (sta→local→airtime_flags & AIRTIME_USE_TX)".
My assumption is that pubsta is NULL, becasue the invalid access happens at 0xfffff9e8 and container_of() will take the pointer to pubsta, which is probably NULL and substract something to the to the outer pointer.

hauke@hauke-t480:~/openwrt/openwrt$ ./staging_dir/toolchain-arm_cortex-a15+neon-vfpv4_gcc-7.4.0_musl_eabi/bin/arm-openwrt-linux-gdb build_dir/target-arm_cortex-a15+neon-vfpv4_musl_eabi/linux-ipq806x/backports-5.2-rc7-1/drivers/net/wireless/ath/ath10k/ath10k_core.ko 
GNU gdb (GDB) 8.2.1
....
Reading symbols from build_dir/target-arm_cortex-a15+neon-vfpv4_musl_eabi/linux-ipq806x/backports-5.2-rc7-1/drivers/net/wireless/ath/ath10k/ath10k_core.ko...done.
(gdb) list *(ath10k_htt_t2h_msg_handler+0x678)
0x188d4 is in ath10k_htt_t2h_msg_handler (./include/linux/spinlock.h:362).
357		raw_spin_unlock(&lock->rlock);
358	}
359	
360	static __always_inline void spin_unlock_bh(spinlock_t *lock)
361	{
362		raw_spin_unlock_bh(&lock->rlock);
363	}
364	
365	static __always_inline void spin_unlock_irq(spinlock_t *lock)
366	{
(gdb) list *(ath10k_htt_t2h_msg_handler+0x674)
0x188d0 is in ath10k_htt_t2h_msg_handler (/home/hauke/openwrt/openwrt/build_dir/target-arm_cortex-a15+neon-vfpv4_musl_eabi/linux-ipq806x/backports-5.2-rc7-1/drivers/net/wireless/ath/ath10k/htt_rx.c:2325).
2320			}
2321	
2322			tid = FIELD_GET(HTT_TX_PPDU_DUR_INFO0_TID_MASK, info0);
2323			tx_duration = __le32_to_cpu(ppdu_dur->tx_duration);
2324	
2325			ieee80211_sta_register_airtime(peer->sta, tid, tx_duration, 0);
2326	
2327			spin_unlock_bh(&ar->data_lock);
2328			rcu_read_unlock();
2329		}
(gdb)

Could you please try the attached patch and report back if it works better now.

0001-ath10k-Check-if-station-... (6.7 KiB)

Hannu Nyman commented on 18.08.2019 18:02

I started testing the patch with the crashing commit from your 5.0 branch, which has the internediate commits. Is the patch supposed to work with that?

(I will test also with the current HEAD of master, but I wanted a test with no other changes.)

The patch helps the router to stay alive, but no wifi connectivity is reached. The firmware crashes and there are repetitive error message like this:

[   45.978892] IPv6: ADDRCONF(NETDEV_UP): wlan1: link is not ready
[   45.989210] br-lan: port 2(wlan1) entered blocking state
[   45.989312] br-lan: port 2(wlan1) entered disabled state
[   45.993820] device wlan1 entered promiscuous mode
[   46.539836] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
[   46.540070] br-lan: port 2(wlan1) entered blocking state
[   46.545349] br-lan: port 2(wlan1) entered forwarding state
[   52.600002] ath10k_pci 0000:01:00.0: unsupported HTC service id: 1536
[   52.805330] ath10k_pci 0000:01:00.0: Unknown eventid: 36933
[   52.807362] IPv6: ADDRCONF(NETDEV_UP): wlan0: link is not ready
[   52.831636] br-lan: port 3(wlan0) entered blocking state
[   52.831670] br-lan: port 3(wlan0) entered disabled state
[   52.836608] device wlan0 entered promiscuous mode
[   53.595907] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
[   53.596244] br-lan: port 3(wlan0) entered blocking state
[   53.601359] br-lan: port 3(wlan0) entered forwarding state



BusyBox v1.31.0 () built-in shell (ash)

  _______                     ________        __
 |       |.-----.-----.-----.|  |  |  |.----.|  |_
 |   -   ||  _  |  -__|     ||  |  |  ||   _||   _|
 |_______||   __|_____|__|__||________||__|  |____|
          |__| W I R E L E S S   F R E E D O M
 -----------------------------------------------------
 OpenWrt SNAPSHOT, r0+10444-a9e9bdb8ba
 -----------------------------------------------------
root@router1:/#
root@router1:/#
root@router1:/# iwinfo
wlan0     ESSID: "HN5WLAN"
          Access Point: 5C:78:2B:31:5C:78
          Mode: Master  Channel: 36 (5.180 GHz)
          Tx-Power: 23 dBm  Link Quality: unknown/70
          Signal: unknown  Noise: -108 dBm
          Bit Rate: unknown
          Encryption: WPA2 PSK (CCMP)
          Type: nl80211  HW Mode(s): 802.11nac
          Hardware: 168C:0046 168C:CAFE [Qualcomm Atheros QCA9984]
          TX power offset: none
          Frequency offset: none
          Supports VAPs: yes  PHY name: phy0

wlan1     ESSID: "HNWLAN"
          Access Point: 5C:78:2B:32:5C:78
          Mode: Master  Channel: 3 (2.422 GHz)
          Tx-Power: 20 dBm  Link Quality: unknown/70
          Signal: unknown  Noise: -97 dBm
          Bit Rate: unknown
          Encryption: WPA2 PSK (CCMP)
          Type: nl80211  HW Mode(s): 802.11bgn
          Hardware: 168C:0046 168C:CAFE [Qualcomm Atheros QCA9984]
          TX power offset: none
          Frequency offset: none
          Supports VAPs: yes  PHY name: phy1

root@router1:/# [   65.860722] ath10k_pci 0000:01:00.0: SWBA overrun on vdev 0, skipped old beacon
[   65.860819] ath10k_pci 0000:01:00.0: SWBA overrun on vdev 0, skipped old beacon
[   65.866990] ath10k_pci 0000:01:00.0: SWBA overrun on vdev 0, skipped old beacon
[   65.874193] ath10k_pci 0000:01:00.0: SWBA overrun on vdev 0, skipped old beacon
[   65.881566] ath10k_pci 0000:01:00.0: SWBA overrun on vdev 0, skipped old beacon
[   65.888858] ath10k_pci 0000:01:00.0: SWBA overrun on vdev 0, skipped old beacon
[   65.896153] ath10k_pci 0000:01:00.0: SWBA overrun on vdev 0, skipped old beacon
[   65.903334] ath10k_pci 0000:01:00.0: SWBA overrun on vdev 0, skipped old beacon
[   65.911157] ath10k_pci 0001:01:00.0: SWBA overrun on vdev 0, skipped old beacon
[   65.917989] ath10k_pci 0001:01:00.0: SWBA overrun on vdev 0, skipped old beacon
[   85.203697] ath10k_warn: 7 callbacks suppressed
[   85.203703] ath10k_pci 0000:01:00.0: SWBA overrun on vdev 0, skipped old beacon
[   85.207241] ath10k_pci 0000:01:00.0: SWBA overrun on vdev 0, skipped old beacon
[   85.214378] ath10k_pci 0000:01:00.0: SWBA overrun on vdev 0, skipped old beacon
[   85.221713] ath10k_pci 0000:01:00.0: SWBA overrun on vdev 0, skipped old beacon
[   85.228983] ath10k_pci 0000:01:00.0: SWBA overrun on vdev 0, skipped old beacon
[   85.236262] ath10k_pci 0000:01:00.0: SWBA overrun on vdev 0, skipped old beacon
[   85.243498] ath10k_pci 0000:01:00.0: SWBA overrun on vdev 0, skipped old beacon
[   85.250886] ath10k_pci 0000:01:00.0: SWBA overrun on vdev 0, skipped old beacon
[   85.258181] ath10k_pci 0000:01:00.0: SWBA overrun on vdev 0, skipped old beacon
[   85.265460] ath10k_pci 0000:01:00.0: SWBA overrun on vdev 0, skipped old beacon
...
[  120.584821] ath10k_warn: 70 callbacks suppressed
[  120.584839] ath10k_pci 0001:01:00.0: SWBA overrun on vdev 0, skipped old beacon
[  120.588590] ath10k_pci 0001:01:00.0: SWBA overrun on vdev 0, skipped old beacon
[  120.595690] ath10k_pci 0001:01:00.0: SWBA overrun on vdev 0, skipped old beacon
[  120.602887] ath10k_pci 0001:01:00.0: SWBA overrun on vdev 0, skipped old beacon
[  120.610278] ath10k_pci 0001:01:00.0: SWBA overrun on vdev 0, skipped old beacon
[  120.617570] ath10k_pci 0001:01:00.0: SWBA overrun on vdev 0, skipped old beacon
[  120.624842] ath10k_pci 0001:01:00.0: SWBA overrun on vdev 0, skipped old beacon
[  120.632052] ath10k_pci 0001:01:00.0: SWBA overrun on vdev 0, skipped old beacon
[  120.639426] ath10k_pci 0001:01:00.0: SWBA overrun on vdev 0, skipped old beacon
[  120.646735] ath10k_pci 0001:01:00.0: SWBA overrun on vdev 0, skipped old beacon
[  126.049375] ath10k_warn: 31 callbacks suppressed
[  126.049381] ath10k_pci 0000:01:00.0: SWBA overrun on vdev 0, skipped old beacon
[  126.053091] ath10k_pci 0000:01:00.0: SWBA overrun on vdev 0, skipped old beacon
[  126.060166] ath10k_pci 0000:01:00.0: SWBA overrun on vdev 0, skipped old beacon
[  126.067438] ath10k_pci 0000:01:00.0: SWBA overrun on vdev 0, skipped old beacon
[  126.074746] ath10k_pci 0000:01:00.0: SWBA overrun on vdev 0, skipped new beacon
[  126.081970] ath10k_pci 0000:01:00.0: SWBA overrun on vdev 0, skipped old beacon
[  126.089336] ath10k_pci 0000:01:00.0: SWBA overrun on vdev 0, skipped old beacon
[  126.096624] ath10k_pci 0000:01:00.0: SWBA overrun on vdev 0, skipped old beacon
[  126.103846] ath10k_pci 0000:01:00.0: SWBA overrun on vdev 0, skipped old beacon
[  126.111204] ath10k_pci 0000:01:00.0: SWBA overrun on vdev 0, skipped old beacon
[  135.735904] ath10k_warn: 102 callbacks suppressed
[  135.735911] ath10k_pci 0001:01:00.0: SWBA overrun on vdev 0, skipped old beacon
[  135.739623] ath10k_pci 0001:01:00.0: SWBA overrun on vdev 0, skipped old beacon
[  135.746790] ath10k_pci 0001:01:00.0: SWBA overrun on vdev 0, skipped old beacon
[  135.754007] ath10k_pci 0001:01:00.0: SWBA overrun on vdev 0, skipped old beacon
[  135.761370] ath10k_pci 0001:01:00.0: SWBA overrun on vdev 0, skipped old beacon
[  135.768644] ath10k_pci 0001:01:00.0: SWBA overrun on vdev 0, skipped old beacon
[  135.775956] ath10k_pci 0001:01:00.0: SWBA overrun on vdev 0, skipped old beacon
[  135.783179] ath10k_pci 0001:01:00.0: SWBA overrun on vdev 0, skipped old beacon
[  135.790512] ath10k_pci 0001:01:00.0: SWBA overrun on vdev 0, skipped old beacon
[  135.797825] ath10k_pci 0001:01:00.0: SWBA overrun on vdev 0, skipped old beacon
[  142.189782] ath10k_warn: 40 callbacks suppressed
[  142.189802] ath10k_pci 0001:01:00.0: SWBA overrun on vdev 0, skipped old beacon
[  142.193491] ath10k_pci 0001:01:00.0: SWBA overrun on vdev 0, skipped old beacon
[  142.200590] ath10k_pci 0001:01:00.0: SWBA overrun on vdev 0, skipped old beacon
[  142.207866] ath10k_pci 0001:01:00.0: SWBA overrun on vdev 0, skipped old beacon
[  142.215181] ath10k_pci 0001:01:00.0: SWBA overrun on vdev 0, skipped old beacon
[  142.222395] ath10k_pci 0001:01:00.0: SWBA overrun on vdev 0, skipped old beacon
[  142.229735] ath10k_pci 0001:01:00.0: SWBA overrun on vdev 0, skipped old beacon
[  142.237044] ath10k_pci 0001:01:00.0: SWBA overrun on vdev 0, skipped old beacon
[  142.244268] ath10k_pci 0001:01:00.0: SWBA overrun on vdev 0, skipped old beacon
[  142.251636] ath10k_pci 0001:01:00.0: SWBA overrun on vdev 0, skipped old beacon
[  151.683366] ath10k_warn: 35 callbacks suppressed
[  151.683372] ath10k_pci 0001:01:00.0: failed to set mgmt tx rate -108
[  151.687792] ath10k_pci 0001:01:00.0: firmware crashed! (guid n/a)
[  151.693387] ath10k_pci 0001:01:00.0: qca9984/qca9994 hw1.0 target 0x01000000 chip_id 0x00000000 sub 168c:cafe
[  151.699443] ath10k_pci 0001:01:00.0: kconfig debug 0 debugfs 1 tracing 0 dfs 1 testmode 1
[  151.711422] ath10k_pci 0001:01:00.0: firmware ver 10.4-3.9.0.2-00021 api 5 features no-p2p,mfp,peer-flow-ctrl,btcoex-param,allows-mesh-bcast,no-ps crc32 9626782c
[  151.718010] ath10k_pci 0001:01:00.0: board_file api 2 bmi_id 0:2 crc32 cf58c3bc
[  151.731904] ath10k_pci 0001:01:00.0: htt-ver 2.2 wmi-op 6 htt-op 4 cal pre-cal-file max-sta 512 raw 0 hwcrypto 1
[  151.749454] ath10k_pci 0001:01:00.0: failed to get memcpy hi address for firmware address 4: -16
[  151.749481] ath10k_pci 0001:01:00.0: failed to read firmware dump area: -16
[  151.758206] ath10k_pci 0001:01:00.0: Copy Engine register dump:
[  151.764899] ath10k_pci 0001:01:00.0: [00]: 0x0004a000 3735928559 3735928559 3735928559 3735928559
[  151.770736] ath10k_pci 0001:01:00.0: [01]: 0x0004a400 3735928559 3735928559 3735928559 3735928559
[  151.779838] ath10k_pci 0001:01:00.0: [02]: 0x0004a800 3735928559 3735928559 3735928559 3735928559
[  151.788669] ath10k_pci 0001:01:00.0: [03]: 0x0004ac00 3735928559 3735928559 3735928559 3735928559
[  151.797542] ath10k_pci 0001:01:00.0: [04]: 0x0004b000 3735928559 3735928559 3735928559 3735928559
[  151.806383] ath10k_pci 0001:01:00.0: [05]: 0x0004b400 3735928559 3735928559 3735928559 3735928559
[  151.815255] ath10k_pci 0001:01:00.0: [06]: 0x0004b800 3735928559 3735928559 3735928559 3735928559
[  151.824032] ath10k_pci 0001:01:00.0: [07]: 0x0004bc00 3735928559 3735928559 3735928559 3735928559
[  151.832936] ath10k_pci 0001:01:00.0: [08]: 0x0004c000 3735928559 3735928559 3735928559 3735928559
[  151.841809] ath10k_pci 0001:01:00.0: [09]: 0x0004c400 3735928559 3735928559 3735928559 3735928559
[  151.850650] ath10k_pci 0001:01:00.0: [10]: 0x0004c800 3735928559 3735928559 3735928559 3735928559
[  151.859522] ath10k_pci 0001:01:00.0: [11]: 0x0004cc00 3735928559 3735928559 3735928559 3735928559
[  151.868573] ath10k_pci 0000:01:00.0: firmware crashed! (guid n/a)
[  151.877203] ath10k_pci 0000:01:00.0: qca9984/qca9994 hw1.0 target 0x01000000 chip_id 0x00000000 sub 168c:cafe
[  151.883231] ath10k_pci 0000:01:00.0: kconfig debug 0 debugfs 1 tracing 0 dfs 1 testmode 1
[  151.895209] ath10k_pci 0000:01:00.0: firmware ver 10.4-3.9.0.2-00021 api 5 features no-p2p,mfp,peer-flow-ctrl,btcoex-param,allows-mesh-bcast,no-ps crc32 9626782c
[  151.901754] ath10k_pci 0000:01:00.0: board_file api 2 bmi_id 0:1 crc32 cf58c3bc
[  151.915751] ath10k_pci 0000:01:00.0: htt-ver 2.2 wmi-op 6 htt-op 4 cal pre-cal-file max-sta 512 raw 0 hwcrypto 1
[  151.922940] ath10k_pci 0000:01:00.0: firmware register dump:
[  151.933281] ath10k_pci 0000:01:00.0: [00]: 0x0000000A 0x000015B3 0x0096353E 0x00975B31
[  151.938928] ath10k_pci 0000:01:00.0: [04]: 0x0096353E 0x00060034 0x00000019 0x00000000
[  151.946645] ath10k_pci 0000:01:00.0: [08]: 0x00400000 0x00963508 0x004292C8 0x0065D044
[  151.954549] ath10k_pci 0000:01:00.0: [12]: 0x00000009 0xFFFFFFFF 0x009B6B7C 0x009B6BC7
[  151.962394] ath10k_pci 0000:01:00.0: [16]: 0x0096353E 0x0096F44F 0x0096F89F 0x0096F460
[  151.970357] ath10k_pci 0000:01:00.0: [20]: 0x4096353E 0x00401BF0 0x00975A00 0x000FFFFF
[  151.978260] ath10k_pci 0000:01:00.0: [24]: 0x80963F50 0x00401C50 0x00000000 0xC096353E
[  151.986163] ath10k_pci 0000:01:00.0: [28]: 0x809C5B0C 0x00401C70 0x0000001E 0x00402300
[  151.993991] ath10k_pci 0000:01:00.0: [32]: 0x809608C1 0x00401C90 0x0000001E 0x00400000
[  152.001939] ath10k_pci 0000:01:00.0: [36]: 0x409605F5 0x00401CB0 0x0000001E 0x004292C8
[  152.009843] ath10k_pci 0000:01:00.0: [40]: 0x00000000 0x00401CD0 0x00050024 0x00000000
[  152.017747] ath10k_pci 0000:01:00.0: [44]: 0x00000000 0x00000000 0x00000000 0x00000000
[  152.025650] ath10k_pci 0000:01:00.0: [48]: 0x00000000 0x00000000 0x00000000 0x00000000
[  152.033487] ath10k_pci 0000:01:00.0: [52]: 0x00000000 0x00000000 0x00000000 0x00000000
[  152.041458] ath10k_pci 0000:01:00.0: [56]: 0x00000000 0x00000000 0x00000000 0x00000000
[  152.049332] ath10k_pci 0000:01:00.0: Copy Engine register dump:
[  152.057241] ath10k_pci 0000:01:00.0: [00]: 0x0004a000   1   1   3   3
[  152.063003] ath10k_pci 0000:01:00.0: [01]: 0x0004a400  23  23 127   0
[  152.069676] ath10k_pci 0000:01:00.0: [02]: 0x0004a800  36  36  35  36
[  152.076076] ath10k_pci 0000:01:00.0: [03]: 0x0004ac00   8   8   8   8
[  152.082449] ath10k_pci 0000:01:00.0: [04]: 0x0004b000 353 353 249 213
[  152.088946] ath10k_pci 0000:01:00.0: [05]: 0x0004b400  17  17  81 113
[  152.095350] ath10k_pci 0000:01:00.0: [06]: 0x0004b800   5   5   5   5
[  152.101719] ath10k_pci 0000:01:00.0: [07]: 0x0004bc00   1   1   1   1
[  152.108195] ath10k_pci 0000:01:00.0: [08]: 0x0004c000   0   0 127   0
[  152.114626] ath10k_pci 0000:01:00.0: [09]: 0x0004c400   1   1   1   1
[  152.120990] ath10k_pci 0000:01:00.0: [10]: 0x0004c800   0   0   0   0
[  152.127465] ath10k_pci 0000:01:00.0: [11]: 0x0004cc00   0   0   0   0
[  152.133909] ath10k_pci 0001:01:00.0: firmware crashed! (guid n/a)
[  152.140339] ath10k_pci 0001:01:00.0: qca9984/qca9994 hw1.0 target 0x01000000 chip_id 0x00000000 sub 168c:cafe
[  152.146394] ath10k_pci 0001:01:00.0: kconfig debug 0 debugfs 1 tracing 0 dfs 1 testmode 1
[  152.158291] ath10k_pci 0001:01:00.0: firmware ver 10.4-3.9.0.2-00021 api 5 features no-p2p,mfp,peer-flow-ctrl,btcoex-param,allows-mesh-bcast,no-ps crc32 9626782c
[  152.164964] ath10k_pci 0001:01:00.0: board_file api 2 bmi_id 0:2 crc32 cf58c3bc
[  152.178853] ath10k_pci 0001:01:00.0: htt-ver 2.2 wmi-op 6 htt-op 4 cal pre-cal-file max-sta 512 raw 0 hwcrypto 1
[  152.185989] ath10k_pci 0001:01:00.0: failed to get memcpy hi address for firmware address 4: -28
[  152.196409] ath10k_pci 0001:01:00.0: failed to read firmware dump area: -28
[  152.205158] ath10k_pci 0001:01:00.0: Copy Engine register dump:
[  152.211791] ath10k_pci 0001:01:00.0: [00]: 0x0004a000 3735928559 3735928559 3735928559 3735928559
[  152.217751] ath10k_pci 0001:01:00.0: [01]: 0x0004a400 3735928559 3735928559 3735928559 3735928559
[  152.226779] ath10k_pci 0001:01:00.0: [02]: 0x0004a800 3735928559 3735928559 3735928559 3735928559
[  152.235653] ath10k_pci 0001:01:00.0: [03]: 0x0004ac00 3735928559 3735928559 3735928559 3735928559
[  152.244492] ath10k_pci 0001:01:00.0: [04]: 0x0004b000 3735928559 3735928559 3735928559 3735928559
[  152.253287] ath10k_pci 0001:01:00.0: [05]: 0x0004b400 3735928559 3735928559 3735928559 3735928559
[  152.262205] ath10k_pci 0001:01:00.0: [06]: 0x0004b800 3735928559 3735928559 3735928559 3735928559
[  152.271046] ath10k_pci 0001:01:00.0: [07]: 0x0004bc00 3735928559 3735928559 3735928559 3735928559
[  152.279919] ath10k_pci 0001:01:00.0: [08]: 0x0004c000 3735928559 3735928559 3735928559 3735928559
[  152.288759] ath10k_pci 0001:01:00.0: [09]: 0x0004c400 3735928559 3735928559 3735928559 3735928559
[  152.297632] ath10k_pci 0001:01:00.0: [10]: 0x0004c800 3735928559 3735928559 3735928559 3735928559
[  152.306473] ath10k_pci 0001:01:00.0: [11]: 0x0004cc00 3735928559 3735928559 3735928559 3735928559
[  152.318863] ath10k_pci 0000:01:00.0: failed to send pdev bss chan info request
[  152.356493] ieee80211 phy1: Hardware restart was requested
[  152.409236] ieee80211 phy0: Hardware restart was requested
[  158.386695] ath10k_pci 0001:01:00.0: unsupported HTC service id: 1536
[  158.595053] ath10k_pci 0001:01:00.0: Unknown eventid: 36933
[  158.898117] ath10k_pci 0001:01:00.0: device successfully recovered
[  164.864086] ath10k_pci 0000:01:00.0: unsupported HTC service id: 1536
[  165.070208] ath10k_pci 0000:01:00.0: Unknown eventid: 36933
[  165.389416] ath10k_pci 0000:01:00.0: device successfully recovered
[  208.765951] ath10k_pci 0000:01:00.0: SWBA overrun on vdev 0, skipped old beacon
[  208.766024] ath10k_pci 0000:01:00.0: SWBA overrun on vdev 0, skipped old beacon
[  208.772106] ath10k_pci 0000:01:00.0: SWBA overrun on vdev 0, skipped new beacon
[  208.779510] ath10k_pci 0000:01:00.0: SWBA overrun on vdev 0, skipped old beacon
[  208.786780] ath10k_pci 0000:01:00.0: SWBA overrun on vdev 0, skipped old beacon
[  208.793970] ath10k_pci 0000:01:00.0: SWBA overrun on vdev 0, skipped old beacon
[  208.801352] ath10k_pci 0000:01:00.0: SWBA overrun on vdev 0, skipped old beacon
[  208.808670] ath10k_pci 0000:01:00.0: SWBA overrun on vdev 0, skipped old beacon
[  208.815973] ath10k_pci 0000:01:00.0: SWBA overrun on vdev 0, skipped old beacon
[  208.823148] ath10k_pci 0000:01:00.0: SWBA overrun on vdev 0, skipped old beacon
[  216.075178] ath10k_warn: 38 callbacks suppressed
[  216.075195] ath10k_pci 0000:01:00.0: SWBA overrun on vdev 0, skipped old beacon
[  216.078927] ath10k_pci 0000:01:00.0: SWBA overrun on vdev 0, skipped old beacon
[  216.086067] ath10k_pci 0000:01:00.0: SWBA overrun on vdev 0, skipped old beacon
[  216.093249] ath10k_pci 0000:01:00.0: SWBA overrun on vdev 0, skipped old beacon
[  216.100679] ath10k_pci 0000:01:00.0: SWBA overrun on vdev 0, skipped old beacon
[  216.107948] ath10k_pci 0000:01:00.0: SWBA overrun on vdev 0, skipped old beacon
[  216.115216] ath10k_pci 0000:01:00.0: SWBA overrun on vdev 0, skipped old beacon
[  216.122418] ath10k_pci 0000:01:00.0: SWBA overrun on vdev 0, skipped old beacon
[  216.129797] ath10k_pci 0000:01:00.0: SWBA overrun on vdev 0, skipped old beacon
[  216.137074] ath10k_pci 0000:01:00.0: SWBA overrun on vdev 0, skipped old beacon
...
[  372.920458] ath10k_warn: 118 callbacks suppressed
[  372.920476] ath10k_pci 0000:01:00.0: SWBA overrun on vdev 0, skipped old beacon
[  372.924331] ath10k_pci 0000:01:00.0: SWBA overrun on vdev 0, skipped old beacon
[  372.931320] ath10k_pci 0000:01:00.0: SWBA overrun on vdev 0, skipped old beacon
[  372.938742] ath10k_pci 0000:01:00.0: SWBA overrun on vdev 0, skipped old beacon
[  372.946401] ath10k_pci 0001:01:00.0: SWBA overrun on vdev 0, skipped old beacon
[  372.953171] ath10k_pci 0001:01:00.0: SWBA overrun on vdev 0, skipped old beacon
[  372.960548] ath10k_pci 0001:01:00.0: SWBA overrun on vdev 0, skipped old beacon
[  406.499812] ath10k_pci 0000:01:00.0: SWBA overrun on vdev 0, skipped old beacon
[  406.499896] ath10k_pci 0000:01:00.0: SWBA overrun on vdev 0, skipped old beacon
[  406.506082] ath10k_pci 0000:01:00.0: SWBA overrun on vdev 0, skipped old beacon
[  406.513265] ath10k_pci 0000:01:00.0: SWBA overrun on vdev 0, skipped old beacon

Hannu Nyman commented on 18.08.2019 18:39

hauke, with the current HEAD of master (r10821-d1f207ecc9 including mac80211 commit "Update to version 5.3-rc4-1"), your patch seems to work almost ok ;-)

There is wifi connectivity both on 2.4. and 5 GHz radios. And the router stays alive.

There are intermittent bursts of "SWBA overrun on vdev 0, skipped old beacon" errors.
Like this:

[   59.431849] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
[   59.432090] br-lan: port 2(wlan1) entered blocking state
[   59.437368] br-lan: port 2(wlan1) entered forwarding state
[   59.874733] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
[   59.874957] br-lan: port 3(wlan0) entered blocking state
[   59.880262] br-lan: port 3(wlan0) entered forwarding state
[  105.965553] ath10k_pci 0000:01:00.0: SWBA overrun on vdev 0, skipped old beacon
[  105.966089] ath10k_pci 0001:01:00.0: SWBA overrun on vdev 0, skipped old beacon
[  109.514268] ath10k_pci 0000:01:00.0: SWBA overrun on vdev 0, skipped old beacon
[  109.514340] ath10k_pci 0000:01:00.0: SWBA overrun on vdev 0, skipped old beacon
[  109.520520] ath10k_pci 0000:01:00.0: SWBA overrun on vdev 0, skipped old beacon
[  109.527768] ath10k_pci 0000:01:00.0: SWBA overrun on vdev 0, skipped old beacon
[  109.534977] ath10k_pci 0000:01:00.0: SWBA overrun on vdev 0, skipped old beacon
[  109.542325] ath10k_pci 0000:01:00.0: SWBA overrun on vdev 0, skipped old beacon
[  109.549631] ath10k_pci 0000:01:00.0: SWBA overrun on vdev 0, skipped old beacon
[  109.557114] ath10k_pci 0001:01:00.0: SWBA overrun on vdev 0, skipped old beacon
[  113.824299] ath10k_warn: 19 callbacks suppressed
[  113.824315] ath10k_pci 0000:01:00.0: SWBA overrun on vdev 0, skipped old beacon
[  113.828102] ath10k_pci 0000:01:00.0: SWBA overrun on vdev 0, skipped old beacon
[  113.835060] ath10k_pci 0000:01:00.0: SWBA overrun on vdev 0, skipped old beacon
[  113.842436] ath10k_pci 0000:01:00.0: SWBA overrun on vdev 0, skipped old beacon
[  113.849785] ath10k_pci 0000:01:00.0: SWBA overrun on vdev 0, skipped old beacon
[  113.857052] ath10k_pci 0000:01:00.0: SWBA overrun on vdev 0, skipped old beacon
[  113.864236] ath10k_pci 0000:01:00.0: SWBA overrun on vdev 0, skipped old beacon
[  113.871625] ath10k_pci 0000:01:00.0: SWBA overrun on vdev 0, skipped old beacon
[  113.878904] ath10k_pci 0000:01:00.0: SWBA overrun on vdev 0, skipped old beacon
[  113.886215] ath10k_pci 0000:01:00.0: SWBA overrun on vdev 0, skipped old beacon



BusyBox v1.31.0 () built-in shell (ash)

  _______                     ________        __
 |       |.-----.-----.-----.|  |  |  |.----.|  |_
 |   -   ||  _  |  -__|     ||  |  |  ||   _||   _|
 |_______||   __|_____|__|__||________||__|  |____|
          |__| W I R E L E S S   F R E E D O M
 -----------------------------------------------------
 OpenWrt SNAPSHOT, r10821-d1f207ecc9
 -----------------------------------------------------
root@router1:/# [  251.886966] ath10k_warn: 17 callbacks suppressed
[  251.886984] ath10k_pci 0001:01:00.0: SWBA overrun on vdev 0, skipped old beacon
[  251.890725] ath10k_pci 0001:01:00.0: SWBA overrun on vdev 0, skipped old beacon
[  251.897804] ath10k_pci 0001:01:00.0: SWBA overrun on vdev 0, skipped old beacon
[  251.905308] ath10k_pci 0000:01:00.0: SWBA overrun on vdev 0, skipped old beacon
[  251.912393] ath10k_pci 0000:01:00.0: SWBA overrun on vdev 0, skipped old beacon
[  251.919653] ath10k_pci 0000:01:00.0: SWBA overrun on vdev 0, skipped old beacon
[  285.459653] ath10k_pci 0001:01:00.0: SWBA overrun on vdev 0, skipped old beacon
[  285.459709] ath10k_pci 0001:01:00.0: SWBA overrun on vdev 0, skipped old beacon
[  285.465835] ath10k_pci 0001:01:00.0: SWBA overrun on vdev 0, skipped old beacon
[  285.473221] ath10k_pci 0001:01:00.0: SWBA overrun on vdev 0, skipped old beacon
[  285.480816] ath10k_pci 0000:01:00.0: SWBA overrun on vdev 0, skipped old beacon
[  285.487747] ath10k_pci 0000:01:00.0: SWBA overrun on vdev 0, skipped old beacon
[  285.494953] ath10k_pci 0000:01:00.0: SWBA overrun on vdev 0, skipped old beacon
[  285.502336] ath10k_pci 0000:01:00.0: SWBA overrun on vdev 0, skipped old beacon
[  285.509633] ath10k_pci 0000:01:00.0: SWBA overrun on vdev 0, skipped old beacon
[  287.225918] ath10k_pci 0001:01:00.0: SWBA overrun on vdev 0, skipped old beacon

Hauke Mehrtens commented on 18.08.2019 19:23

Thank you for testing.

This patch was meant for current OpenWrt master or backports 5.1 or later.
This problem was introduced in mainline kernel 5.1. I will add this to OpenWrt master and already send it upstream.
I assume that the FW was too new for backports 5.0 and it crashed because of that, if it works with the current master now, I think this is fine.

This was fixed in https://git.openwrt.org/2ceee0e02362519f08be2a288bd8f42ca6cef257

Loading...

Keyboard shortcuts

Available keyboard shortcuts

SHIFT+ALT+l Login Dialog / Logout
SHIFT+ALT+a Add new task
SHIFT+ALT+m My searches
SHIFT+ALT+t focus taskid search

Tasklist

o open selected task
j move cursor down
k move cursor up

Task Details

n Next task
p Previous task
SHIFT+ALT+e ENTER Edit this task
SHIFT+ALT+y Close Task

Task Editing

SHIFT+ALT+s save task