OpenWrt/LEDE Project

  • Status Unconfirmed
  • Percent Complete
    0%
  • Task Type Bug Report
  • Category Kernel
  • Assigned To No-one
  • Operating System All
  • Severity High
  • Priority Very Low
  • Reported Version Trunk
  • Due in Version Undecided
  • Due Date Undecided
  • Private
Attached to Project: OpenWrt/LEDE Project
Opened by Antonio - 23.07.2020

FS#3244 - ath9k_htc: Kernel oops in snapshot on RaspberryPi 4 (at least) when clients are connected

- Device: Raspberry Pi4
- Snapshot kernel 5.4 with 5.7 backport
- Install ath9k_htc dongle and connect WiFi client

So, I have been able to tackle down who is causing a kernel panic and reboot of my RPi4 with current snapshots.

It is the ath9k_htc dongle I use but only if there are clients connected to it
Apparently it corrupts memory so the kernel panic look quite different among them, here two caputer with serial:

```
[75789.085223] Unable to handle kernel access to user memory outside uaccess routines at virtual address 0000000000000008
[75789.095930] Mem abort info:
[75789.098716] ESR = 0×96000045 [75789.101763] EC = 0×25: DABT (current EL), IL = 32 bits
[75789.107068] SET = 0, FnV = 0
[75789.110113] EA = 0, S1PTW = 0
[75789.113246] Data abort info:
[75789.116118] ISV = 0, ISS = 0×00000045 [75789.119945] CM = 0, WnR = 1
[75789.122906] user pgtable: 4k pages, 39-bit VAs, pgdp=00000000f6f67000
[75789.129339] [0000000000000008] pgd=0000000000000000, pud=0000000000000000
[75789.136124] Internal error: Oops: 96000045 [#1] SMP
[75789.140994] Modules linked in: ath9k_htc ath9k_common xt_connlimit rt2800usb rt2800lib rt2500usb pppoe ppp_async nf_conncount iptable_nat brcmfmac ath9k_hw ath xt_state xt_nat xt_helper xt_conntrack xt_connmark xt_connbytes xt_REDIRECT xt_MASQUERADE xt_FLOWOFFLOAD xt_CT rtl8812au rt2x00usb rt2x00lib pppox ppp_generic nf_nat nf_flow_table_hw nf_flow_table nf_conntrack_rtcache nf_conntrack_netlink nf_conntrack mt76x2u mt76x2e mt76x2_common mt76x02_usb mt76x02_lib mt7603e mt7601u mt76_usb mt76 mac80211 ipt_REJECT cfg80211 xt_time xt_tcpudp xt_tcpmss xt_statistic xt_recent xt_multiport xt_mark xt_mac xt_limit xt_length xt_hl xt_ecn xt_dscp xt_comment xt_TCPMSS xt_LOG xt_HL xt_DSCP xt_CLASSIFY wireguard usbhid slhc sch_cake nf_reject_ipv4 nf_log_ipv4 nf_defrag_ipv6 nf_defrag_ipv4 iptable_raw iptable_mangle iptable_filter ipt_ECN ip_tables hid_generic crc_ccitt compat brcmutil sch_tbf sch_ingress sch_htb sch_hfsc em_u32 cls_u32 cls_tcindex cls_route cls_matchall cls_fw cls_flow cls_basic
[75789.141074] act_skbedit act_mirred snd_bcm2835(C) hid evdev ledtrig_heartbeat xt_set ip_set_list_set ip_set_hash_netportnet ip_set_hash_netport ip_set_hash_netnet ip_set_hash_netiface ip_set_hash_net ip_set_hash_mac ip_set_hash_ipportnet ip_set_hash_ipportip ip_set_hash_ipport ip_set_hash_ipmark ip_set_hash_ip ip_set_bitmap_port ip_set_bitmap_ipmac ip_set_bitmap_ip ip_set nfnetlink nf_log_ipv6 nf_log_common ip6table_mangle ip6table_filter ip6_tables ip6t_REJECT x_tables nf_reject_ipv6 ifb nat46 ip6_udp_tunnel udp_tunnel sit tunnel4 ip_tunnel tun snd_rawmidi snd_seq_device snd_pcm_oss snd_pcm snd_timer snd_mixer_oss snd_hwdep snd_compress snd soundcore nls_utf8 md5 vfat fat nls_iso8859_1 nls_cp437
[75789.289825] CPU: 3 PID: 721 Comm: hostapd Tainted: G C 5.4.51 #0
[75789.297125] Hardware name: Raspberry Pi 4 Model B Rev 1.2 (DT)
[75789.302950] pstate: 20400085 (nzCv daIf +PAN -UAO)
[75789.307739] pc : skb_try_recv_from_queue+0×164/0x1a0
[75789.312869] lr :
skb_try_recv_datagram+0xb0/0x1a8
[75789.317737] sp : ffffffc011553aa0
[75789.321041] x29: ffffffc011553aa0 x28: ffffffc011553bbc
[75789.326344] x27: 0000000000000000 x26: ffffff80f2ccb8d0
[75789.331646] x25: 0000000000000000 x24: ffffffc011553b90
[75789.336949] x23: 0000000000000000 x22: 0000000000000000
[75789.342251] x21: ffffffc011553bbc x20: 0000000000000000
[75789.347553] x19: ffffff80f1e51000 x18: 0000000000000000
[75789.352855] x17: 0000000000000000 x16: 0000000000000000
[75789.358157] x15: 0000000000000000 x14: 0000000000000000
[75789.363459] x13: 0000000000000000 x12: 0000000000000000
[75789.368762] x11: 0000000000000000 x10: 00000055b6805320
[75789.374064] x9 : ffffff80f5090800 x8 : 0000000000000040
[75789.379366] x7 : ffffffc01056a890 x6 : ffffffc011553b90
[75789.384668] x5 : ffffffc011553b4c x4 : ffffffc011553bbc
[75789.389970] x3 : 0000000000000000 x2 : 0000000000000000
[75789.395272] x1 : ffffff80f2ccb8d0 x0 : ffffff80f2ccb800
[75789.400575] Call trace:
[75789.403014] skb_try_recv_from_queue+0×164/0x1a0
[75789.407796]
skb_try_recv_datagram+0xb0/0x1a8
[75789.412318] skb_recv_datagram+0×84/0xa8
[75789.416405] skb_recv_datagram+0×28/0×30 [75789.420320] netlink_recvmsg+0×48/0×330 [75789.424147] sock_recvmsg+0x1c/0×28 [75789.427626]
sys_recvmsg+0×84/0x3e8
[75789.431452]
_sys_recvmsg+0×64/0×88 [75789.435107] sys_recvmsg+0×40/0×80 [75789.438673] arm64_sys_recvmsg+0×20/0×28 [75789.442762] el0_svc_handler+0xd4/0×130 [75789.446588] el0_svc+0×8/0xc
[75789.449464] Code: 51000442 b9001022 a9400662 a9007e7f (f9000441)
[75789.455549] —[ end trace 49dce345634ad00c ]— [75789.460156] Kernel panic - not syncing: Fatal exception
[75789.465373] SMP: stopping secondary CPUs
[75789.469289] Kernel Offset: disabled
[75789.472768] CPU features: 0×0002,20006000
[75789.476766] Memory Limit: none
[75789.479813] Rebooting in 3 seconds..
```

```
[22276.297087] Unable to handle kernel access to user memory with fs=KERNEL_DS at virtual address 000000000000004c
[22276.307207] Mem abort info:
[22276.309997] ESR = 0×96000005 [22276.313075] EC = 0×25: DABT (current EL), IL = 32 bits
[22276.318389] SET = 0, FnV = 0
[22276.321436] EA = 0, S1PTW = 0
[22276.324575] Data abort info:
[22276.327453] ISV = 0, ISS = 0×00000005 [22276.331287] CM = 0, WnR = 0
[22276.334255] user pgtable: 4k pages, 39-bit VAs, pgdp=00000000f1f36000
[22276.340696] [000000000000004c] pgd=00000000f40b0003, pud=00000000f40b0003, pmd=0000000000000000
[22276.349401] Internal error: Oops: 96000005 [#1] SMP
[22276.354272] Modules linked in: ath9k_htc ath9k_common xt_connlimit rt2800usb rt2800lib rt2500usb pppoe ppp_async nf_conncount iptable_nat brcmfmac ath9k_hw ath xt_state xt_nat xt_helper xt_conntrack xt_connmark xt_connbytes xt_REDIRECT xt_MASQUERADE xt_FLOWOFFLOAD xt_CT rtl8812au rt2x00usb rt2x00lib pppox ppp_generic nf_nat nf_flow_table_hw nf_flow_table nf_conntrack_rtcache nf_conntrack_netlink nf_conntrack mt76x2u mt76x2e mt76x2_common mt76x02_usb mt76x02_lib mt7603e mt7601u mt76_usb mt76 mac80211 ipt_REJECT cfg80211 xt_time xt_tcpudp xt_tcpmss xt_statistic xt_recent xt_multiport xt_mark xt_mac xt_limit xt_length xt_hl xt_ecn xt_dscp xt_comment xt_TCPMSS xt_LOG xt_HL xt_DSCP xt_CLASSIFY wireguard usbhid slhc sch_cake nf_reject_ipv4 nf_log_ipv4 nf_defrag_ipv6 nf_defrag_ipv4 iptable_raw iptable_mangle iptable_filter ipt_ECN ip_tables hid_generic crc_ccitt compat brcmutil sch_tbf sch_ingress sch_htb sch_hfsc em_u32 cls_u32 cls_tcindex cls_route cls_matchall cls_fw cls_flow cls_basic
[22276.354354] act_skbedit act_mirred snd_bcm2835(C) hid evdev ledtrig_heartbeat xt_set ip_set_list_set ip_set_hash_netportnet ip_set_hash_netport ip_set_hash_netnet ip_set_hash_netiface ip_set_hash_net ip_set_hash_mac ip_set_hash_ipportnet ip_set_hash_ipportip ip_set_hash_ipport ip_set_hash_ipmark ip_set_hash_ip ip_set_bitmap_port ip_set_bitmap_ipmac ip_set_bitmap_ip ip_set nfnetlink nf_log_ipv6 nf_log_common ip6table_mangle ip6table_filter ip6_tables ip6t_REJECT x_tables nf_reject_ipv6 ifb nat46 ip6_udp_tunnel udp_tunnel sit tunnel4 ip_tunnel tun snd_rawmidi snd_seq_device snd_pcm_oss snd_pcm snd_timer snd_mixer_oss snd_hwdep snd_compress snd soundcore nls_utf8 md5 vfat fat nls_iso8859_1 nls_cp437
[22276.503133] CPU: 2 PID: 1883 Comm: sh Tainted: G C 5.4.51 #0
[22276.510088] Hardware name: Raspberry Pi 4 Model B Rev 1.2 (DT)
[22276.515916] pstate: 60400005 (nZCv daif +PAN -UAO)
[22276.520710] pc : vfs_read+0xc/0×158 [22276.524192] lr : kernel_read+0×40/0×88 [22276.527933] sp : ffffffc016943c80
[22276.531240] x29: ffffffc016943c80 x28: 0000000000000000
[22276.536546] x27: 0000000000000002 x26: ffffffc01080bf60
[22276.541853] x25: ffffff80f50d8c80 x24: ffffffc010960cd8
[22276.547158] x23: 00000000fffffff8 x22: ffffff80f52d8438
[22276.552463] x21: ffffff80f52d8400 x20: 0000007fffffffff
[22276.557769] x19: ffffff80f2c68000 x18: 0000000000000000
[22276.563074] x17: 0000000000000000 x16: 0000000000000000
[22276.568379] x15: 00000000008a4000 x14: 0000000000000001
[22276.573684] x13: 0000000000000b90 x12: 0000000000000b90
[22276.578989] x11: 0000000000474470 x10: 0000000000474470
[22276.584295] x9 : 0000000000064470 x8 : 000000046474e552
[22276.589600] x7 : 0000000000000000 x6 : 0000000000000000
[22276.594906] x5 : 0000000000000000 x4 : 0000000000000020
[22276.600211] x3 : ffffffc016943da8 x2 : 000000000000001a
[22276.605516] x1 : ffffff80f50d8c80 x0 : 0000000000000008
[22276.610821] Call trace:
[22276.613263] vfs_read+0xc/0×158 [22276.616397] kernel_read+0×40/0×88 [22276.619795] load_elf_binary+0xf4/0xd08
[22276.623624] search_binary_handler.part.55+0xac/0×278 [22276.628669] do_execve_file+0x4c4/0x6a8
[22276.632671]
arm64_sys_execve+0×38/0×48 [22276.636676] el0_svc_handler+0xd4/0×130 [22276.640505] el0_svc+0×8/0xc
[22276.643386] Code: d503201f a9bc7bfd 910003fd a90363f7 (b9404404)
[22276.649475] —[ end trace 081a8415f22be558 ]— [22276.654086] Kernel panic - not syncing: Fatal exception
[22276.659307] SMP: stopping secondary CPUs
[22276.663223] Kernel Offset: disabled
[22276.666705] CPU features: 0×0002,20006000
[22276.670706] Memory Limit: none
[22276.673756] Rebooting in 3 seconds..
```

I have tried two different RPi4 hardware and two different SD cards. No other devices are connected to the USB ports,ath9k_htc dongle is connected to USB 2.0 port.

With 19.07.x on a Orangepi PC2 device, the same dongle behaved correctly

 


Loading...

Available keyboard shortcuts

Tasklist

Task Details

Task Editing