Kernel Oops when Fragmentation is Set
Username: Tom Li
Origin: https://bugs.openwrt.org/index.php?do=details&task_id=1443
When fragmentation is set for wireless on ar71xx, kernel oops keep bombard the kernel log buffer with a bunch of error messages.
[10600.002288] ------------[ cut here ]------------ [10600.006927] WARNING: CPU: 0 PID: 7 at compat-wireless-2017-01-31/net/mac80211/tx.c:946 0x80e289c4 mac80211@80e00000+0x60780 [10600.018367] Modules linked in: ath9k ath9k_common pppoe ppp_async iptable_nat ath9k_hw ath pppox ppp_generic nf_nat_ipv4 nf_conntrack_ipv6 nf_conntrack_ipv4 mac80211 ipt_REJECT ipt_MASQUERADE cfg80211 xt_time xt_tcpudp xt_tcpmss xt_statistic xt_state xt_recent xt_nat xt_multiport xt_mark xt_mac xt_limit xt_length xt_hl xt_helper xt_ecn xt_dscp xt_conntrack xt_connmark xt_connlimit xt_connbytes xt_comment xt_TCPMSS xt_REDIRECT xt_LOG xt_HL xt_DSCP xt_CT xt_CLASSIFY slhc nf_reject_ipv4 nf_nat_redirect nf_nat_masquerade_ipv4 nf_nat nf_log_ipv4 nf_defrag_ipv6 nf_defrag_ipv4 nf_conntrack_rtcache iptable_mangle iptable_filter ipt_ECN ip_tables crc_ccitt compat sch_cake nf_conntrack act_skbedit act_mirred em_u32 cls_u32 cls_tcindex cls_flow cls_route cls_fw sch_tbf sch_htb sch_hfsc sch_ingress ip6t_REJECT nf_reject_ipv6 nf_log_ipv6 nf_log_common ip6table_mangle ip6table_filter ip6_tables x_tables ifb gpio_button_hotplug [10600.099694] CPU: 0 PID: 7 Comm: kworker/u2:1 Tainted: G W 4.4.71 #0 [10600.107090] Workqueue: phy0 0x80e13adc [mac80211@80e00000+0x60780] [10600.113263] Stack : 80a7f000 0000001a 80dd4b40 800a71dc 00000000 00000000 00000000 00000000 [10600.113263] 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 [10600.113263] 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 [10600.113263] 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 [10600.113263] 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 [10600.113263] ... [10600.148989] Call Trace:[<800a71dc>] 0x800a71dc [10600.153474] [<80071a50>] 0x80071a50 [10600.156954] [<80071a50>] 0x80071a50 [10600.160435] [<80081804>] 0x80081804 [10600.163949] [<80e289c4>] 0x80e289c4 [mac80211@80e00000+0x60780] [10600.169876] [<800818bc>] 0x800818bc [10600.173398] [<80e289c4>] 0x80e289c4 [mac80211@80e00000+0x60780] [10600.179349] [<80e2b6e0>] 0x80e2b6e0 [mac80211@80e00000+0x60780] [10600.185347] [<80de9d1c>] 0x80de9d1c [ath9k@80de0000+0x16650] [10600.190999] [<80de8520>] 0x80de8520 [ath9k@80de0000+0x16650] [10600.196672] [<80de9e04>] 0x80de9e04 [ath9k@80de0000+0x16650] [10600.202323] [<80e22550>] 0x80e22550 [mac80211@80e00000+0x60780] [10600.208254] [<81bdc5d0>] 0x81bdc5d0 [cls_u32@81bdc000+0x1a00] [10600.214050] [<80de85b0>] 0x80de85b0 [ath9k@80de0000+0x16650] [10600.219736] [<80dea9b4>] 0x80dea9b4 [ath9k@80de0000+0x16650] [10600.225410] [<80de7fbc>] 0x80de7fbc [ath9k@80de0000+0x16650] [10600.231113] [<80deb4f4>] 0x80deb4f4 [ath9k@80de0000+0x16650] [10600.236786] [<80260400>] 0x80260400 [10600.240328] [<80debea8>] 0x80debea8 [ath9k@80de0000+0x16650] [10600.246034] [<80de4a7c>] 0x80de4a7c [ath9k@80de0000+0x16650] [10600.251692] [<800843c4>] 0x800843c4 [10600.255188] [<80083d80>] 0x80083d80 [10600.258692] [<80dea69c>] 0x80dea69c [ath9k@80de0000+0x16650] [10600.264362] [<80083ea8>] 0x80083ea8 [10600.267845] [<80083f50>] 0x80083f50 [10600.271345] [<80e31598>] 0x80e31598 [mac80211@80e00000+0x60780] [10600.277285] [<80e0e3dc>] 0x80e0e3dc [mac80211@80e00000+0x60780] [10600.283211] [<8009f02c>] 0x8009f02c [10600.286708] [<80e0f47c>] 0x80e0f47c [mac80211@80e00000+0x60780] [10600.292633] [<80e0ef8c>] 0x80e0ef8c [mac80211@80e00000+0x60780] [10600.298567] [<80e13d00>] 0x80e13d00 [mac80211@80e00000+0x60780] [10600.304499] [<8009f4a8>] 0x8009f4a8 [10600.308024] [<800930b8>] 0x800930b8 [10600.311565] [<80093ecc>] 0x80093ecc [10600.315075] [<80093c1c>] 0x80093c1c [10600.318567] [<80093c1c>] 0x80093c1c [10600.322047] [<80098284>] 0x80098284 [10600.325575] [<800981ac>] 0x800981ac [10600.329065] [<80060878>] 0x80060878 [10600.332562] [10600.334054] ---[ end trace 881b2fdc0bf96a94 ]--- [10600.338693] ------------[ cut here ]------------
This kernel oops is triggered by a warning at
compat-wireless-2017-01-31/net/mac80211/tx.c:946
:
941 /* 942 * Warn when submitting a fragmented A-MPDU frame and drop it. 943 * This scenario is handled in ieee80211_tx_prepare but extra 944 * caution taken here as fragmented ampdu may cause Tx stop. 945 */ 946 if (WARN_ON(info->flags & IEEE80211_TX_CTL_AMPDU)) 947 return TX_DROP;
It seems a fragmented A-MPDU frame is submitted to ieee80211_tx_h_fragment incorrectly by the driver?