All of lore.kernel.org
 help / color / mirror / Atom feed
* QCN9074 monitor-mode crash
@ 2022-09-19 18:25 Robert Hodaszi
  0 siblings, 0 replies; only message in thread
From: Robert Hodaszi @ 2022-09-19 18:25 UTC (permalink / raw)
  To: ath11k

Hi,

I'm trying to make the monitor-mode working on a QCN9074 module, but it 
is crashing with the following log:

    # BUG: kernel NULL pointer dereference, address: 0000000000000064
    #PF: supervisor read access in kernel mode
    #PF: error_code(0x0000) - not-present page
    PGD 0 P4D 0
    Oops: 0000 [#1] SMP
    CPU: 0 PID: 11 Comm: ksoftirqd/0 Not tainted 5.19.0-ac0 #21
    Hardware name: Digi International TransPort WR64/TransPort WR64,
    BIOS MV64-001 11/07/2018
    RIP: 0010:ath11k_dbring_buf_cleanup+0xcb0/0xd50 [ath11k]
    Code: 0d 83 e0 03 c3 0f 1f 44 00 00 8b 47 70 48 c1 e8 0f 83 e0 0f c3
    0f 1f 44 00 00 8b 47 70 48 c1 e8 13 83 e0 03 c3 0f 1f 44 00 00 <8b>
    47 64 48 c1 e8 08 83
      e0 03 c3 0f 1f 44 00 00 8b 47 64 48 c1 e8
    RSP: 0018:ffffa8cec0073c98 EFLAGS: 00010246
    RAX: ffffffffc04dc100 RBX: ffff88cc54fe2270 RCX: 0300000000000000
    RDX: ffff88cc54273e00 RSI: ffff88cc5900ad60 RDI: 0000000000000000
    RBP: ffff88cc54fe1fc0 R08: 0000000000000000 R09: 0000000000000000
    R10: 0000000000000000 R11: ffffffffa99c6ba0 R12: ffff88cc54273e00
    R13: ffff88cc5900ad60 R14: 0000000000000000 R15: 0000000000000000
    FS:  0000000000000000(0000) GS:ffff88ccb9000000(0000)
    knlGS:0000000000000000
    CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
    CR2: 0000000000000064 CR3: 000000005c40a000 CR4: 00000000001006b0
    Call Trace:
      <TASK>
      ath11k_dp_tx_htt_monitor_mode_ring_config+0x969/0x3a00 [ath11k]
      ath11k_dp_tx_htt_monitor_mode_ring_config+0x1f3a/0x3a00 [ath11k]
      ath11k_dp_rx_process_mon_rings+0x2c3/0x4f0 [ath11k]
      ath11k_dp_service_srng+0x15b/0x720 [ath11k]
      ath11k_pcic_ce_irqs_enable+0x10c/0x160 [ath11k]
      __napi_poll+0x1f/0x100
      net_rx_action+0x12d/0x250
      __do_softirq+0xaa/0x1d2
      ? sort_range+0x20/0x20
      run_ksoftirqd+0x15/0x20
      smpboot_thread_fn+0x9d/0x130
      kthread+0xae/0xd0
      ? kthread_complete_and_exit+0x20/0x20
      ret_from_fork+0x1f/0x30
      </TASK>
    Modules linked in: qrtr_mhi qrtr ath11k_pci mhi ath11k qmi_helpers
    nf_conntrack_netlink arptable_filter arp_tables ip6table_mangle
    ip6table_raw ip6table_nat
    ip6t_ah ip6table_filter ip6_tables xt_TCPMSS xt_mark xt_connmark
    iptable_mangle xt_CT iptable_raw iptable_nat xt_set xt_tcpudp
    xt_conntrack xt_LOG nf_log_sys
    log xt_limit xt_addrtype ip_set_hash_netiface ip_set_hash_net
    ip_set_hash_ip ip_set nfnetlink nf_nat_pptp nf_conntrack_pptp
    nf_nat_tftp nf_conntrack_tftp nf_
    nat_ftp nf_conntrack_ftp nf_nat nf_conntrack nf_defrag_ipv6
    nf_defrag_ipv4 iptable_filter ip_tables x_tables ath10k_pci
    ath10k_core ath i2c_designware_pci i2
    c_ccgx_ucsi i2c_designware_core
    CR2: 0000000000000064
    ---[ end trace 0000000000000000 ]---
    RIP: 0010:ath11k_dbring_buf_cleanup+0xcb0/0xd50 [ath11k]
    Code: 0d 83 e0 03 c3 0f 1f 44 00 00 8b 47 70 48 c1 e8 0f 83 e0 0f c3
    0f 1f 44 00 00 8b 47 70 48 c1 e8 13 83 e0 03 c3 0f 1f 44 00 00 <8b>
    47 64 48 c1 e8 08 83
      e0 03 c3 0f 1f 44 00 00 8b 47 64 48 c1 e8
    RSP: 0018:ffffa8cec0073c98 EFLAGS: 00010246
    RAX: ffffffffc04dc100 RBX: ffff88cc54fe2270 RCX: 0300000000000000
    RDX: ffff88cc54273e00 RSI: ffff88cc5900ad60 RDI: 0000000000000000
    RBP: ffff88cc54fe1fc0 R08: 0000000000000000 R09: 0000000000000000
    R10: 0000000000000000 R11: ffffffffa99c6ba0 R12: ffff88cc54273e00
    R13: ffff88cc5900ad60 R14: 0000000000000000 R15: 0000000000000000
    FS:  0000000000000000(0000) GS:ffff88ccb9000000(0000)
    knlGS:0000000000000000
    CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
    CR2: 0000000000000064 CR3: 000000005c40a000 CR4: 00000000001006b0
    Kernel panic - not syncing: Fatal exception in interrupt
    Kernel Offset: 0x27000000 from 0xffffffff81000000 (relocation range:
    0xffffffff80000000-0xffffffffbfffffff)


This is with the 5.19 kernel. The NULL pointer exception is happening here:

    https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/tree/drivers/net/wireless/ath/ath11k/hw.c#n444

desc is NULL, and it is called from here:

    https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/tree/drivers/net/wireless/ath/ath11k/dp_rx.c?h=v5.19#n2459


I found this commit in the history:

    https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/drivers/net/wireless/ath/ath11k/dp_rx.c?h=v5.19&id=01d2f285e3e5b629df9c61514e7ee07a54d0eed9

This removed setting the RX_FLAG_ONLY_MONITOR flag in 
ath11k_dp_rx_mon_deliver(), so that flag is not set anymore anywhere, 
but ath11k_dp_rx_deliver_msdu() checks that, and calls 
ath11k_dp_rx_h_msdu_start_decap_type(), if it is not set (so basically 
always?). If I add that flag setting back, seems crash is gone, and the 
driver is working as expected. But I don't have deep enough knowledge to 
know, why it was removed.

Please advice!

Thanks,
Robert


-- 
ath11k mailing list
ath11k@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/ath11k

^ permalink raw reply	[flat|nested] only message in thread
only message in thread, other threads:[~2022-09-19 18:25 UTC | newest]

Thread overview: (only message) (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2022-09-19 18:25 QCN9074 monitor-mode crash Robert Hodaszi

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.