m76: crash when creating an additional monitor interface
Username: Alexander Couzens
Origin: https://bugs.openwrt.org/index.php?do=details&task_id=2283
OpenWrt: b65a270c
mt76: 4.14.108+2019-03-27-a11b6734-1
While debugging an unicast wifi bug, I tried to create a mon0 interface
iw wlan0 interface add mon0 type monitor.
Modules: mt7603e@830f0000+87a0 mt76@83128000+6060 mac80211@83080000+6a240 iptable_raw@83111000+2e0 iptable_nat@831c5000+340 iptable_mangle@83bd7000+400 iptable_filter@83135000+360 ipt_REJECT@831c3000+3a0 ipt_MASQUERADE@8311f000+280 ipt_ECN@83bca000+560 ip_tables@831c0000+2650 cfg80211@83000000+35fb0 xt_time@83bbd000+6c0 xt_tcpudp@83baa000+6e0 xt_tcpmss@831ac000+400 xt_statistic@8311d000+320 xt_state@83151000+2a0xt_recent@831ae000+1bf0 xt_nat@83bd0000+5e0 xt_multiport@83bd6000+4e0 xt_mark@83134000+280 xt_mac@83bd3000+240 xt_limit@8315f000+480 xt_length@83125000+2a0 xt_hl@83132000+300 xt_helper@83126000+340 xt_ecn@83127000+520 xt_dscp@8313c000+3c0 xt_conntrack@83ba8000+8e0 xt_connmark@8311c000+420 xt_connlimit@83136000+1110 xt_connbytes@83bcd000+620 xt_comment@83117000+1c0 xt_TCPMSS@83bd2000+800 xt_REDIRECT@83bce000+2a0 xt_LOG@83bcc000+280 xt_HL@83bc9000+520 xt_FLOWOFFLOAD@83bc7000+ab0 xt_DSCP@8313b000+5c0 xt_CT@8313d000+9e0 xt_CLASSIFY@83131000+220 x_tables@83bc0000+30f0 nf_reject_ipv4@83130000+780 nf_nat_redirect@8311e000+560 nf_nat_masquerade_ipv4@83bac000+590 nf_conntrack_ipv4@83bb8000+1100 nf_nat_ipv4@83bba000+c70 nf_nat@83120000+2250 nf_log_ipv4@83bad000+dc0 nf_log_common@83116000+980 nf_flow_table_hw@83bbe000+820 nf_flow_table@83ba4000+3310 nf_defrag_ipv4@83153000+3e0 nf_conntrack_rtcache@83112000+8a0 compat@83118000+1700 act_connmark@83113000+850 nf_conntrack@83100000+d2c0 sch_tbf@8314e000+1680 sch_ingress@8314a000+4a0 sch_htb@83ba0000+36d0 sch_hfsc@83158000+39e0 em_u32@831ba000+200 cls_u32@83154000+2330 cls_tcindex@8314c000+15c0 cls_route@831be000+1540 cls_matchall@831a3000+a20 cls_fw@83144000+1000 cls_flow@83148000+1780 cls_basic@831bb000+d00 act_skbedit@831b4000+9f0 act_mirred@831b5000+e50 ifb@831a0000+be0 l2tp_ip@8316e000+1410 l2tp_eth@831a4000+a00 l2tp_netlink@831a6000+1f90 l2tp_core@831a8000+3110 udp_tunnel@83b99000+920 leds_gpio@83b4f000+b20 gpio_button_hotplug@83b50000+1900
<6>[ 0.191477] UDP hash table entries: 256 (order: 0, 4096 bytes)
<6>[ 0.197077] UDP-Lite hash table entries: 256 (order: 0, 4096 bytes)
<6>[ 0.203431] NET: Registered protocol family 1
<7>[ 0.207612] PCI: CLS 0 bytes, default 32
<4>[ 0.210849] Crashlog allocated RAM at address 0x3f00000
<6>[ 0.217463] workingset: timestamp_bits=30 max_order=14 bucket_order=0
<6>[ 0.229138] squashfs: version 4.0 (2009/01/31) Phillip Lougher
<6>[ 0.234765] jffs2: version 2.2 (NAND) (SUMMARY) (LZMA) (RTIME) (CMODE_PRIORITY) (c) 2001-2006 Red Hat, Inc.
<6>[ 0.254072] io scheduler noop registered
<6>[ 0.257804] io scheduler deadline registered (default)
<6>[ 0.263580] Serial: 8250/16550 driver, 3 ports, IRQ sharing disabled
<6>[ 0.270756] console [ttyS0] disabled
<6>[ 0.274257] 10000c00.uartlite: ttyS0 at MMIO 0x10000c00 (irq = 28, base_baud = 2500000) is a 16550A
<6>[ 0.282984] console [ttyS0] enabled
<6>[ 0.289970] bootconsole [early0] disabled
<3>[ 0.298544] cacheinfo: Failed to find cpu0 device node
<4>[ 0.303799] cacheinfo: Unable to detect cache hierarchy for CPU 0
<6>[ 0.310628] spi-mt7621 10000b00.spi: sys_freq: 193333333
<6>[ 0.329261] m25p80 spi0.0: s25fl064k (8192 Kbytes)
<5>[ 0.334207] 4 fixed-partitions partitions found on MTD device spi0.0
<5>[ 0.340643] Creating 4 MTD partitions on "spi0.0":
<5>[ 0.345526] 0x000000000000-0x000000020000 : "boot"
<5>[ 0.351255] 0x000000020000-0x0000007c0000 : "firmware"
<5>[ 0.359405] 2 tplink-fw partitions found on MTD device firmware
<5>[ 0.365482] Creating 2 MTD partitions on "firmware":
<5>[ 0.370527] 0x000000000000-0x00000014f3a3 : "kernel"
<5>[ 0.376451] 0x00000014f3a4-0x0000007a0000 : "rootfs"
<5>[ 0.382277] mtd: device 3 (rootfs) set to be root filesystem
<5>[ 0.389534] 1 squashfs-split partitions found on MTD device rootfs
<5>[ 0.395888] 0x000000390000-0x0000007a0000 : "rootfs_data"
<5>[ 0.402220] 0x0000007c0000-0x0000007d0000 : "config"
<5>[ 0.408051] 0x0000007d0000-0x000000800000 : "factory"
<6>[ 0.414688] libphy: Fixed MDIO Bus: probed
<6>[ 0.431000] rt3050-esw 10110000.esw: link changed 0x00
<6>[ 0.437801] mtk_soc_eth 10100000.ethernet eth0: mediatek frame engine at 0xb0100000, irq 5
<6>[ 0.447188] NET: Registered protocol family 17
<6>[ 0.451831] 8021q: 802.1Q VLAN Support v1.8
<6>[ 0.468953] VFS: Mounted root (squashfs filesystem) readonly on device 31:3.
<6>[ 0.476929] Freeing unused kernel memory: 136K
<4>[ 0.481474] This architecture does not have kernel memory protection.
<14>[ 1.719920] init: Console is alive
<14>[ 1.723707] init: - watchdog -
<5>[ 2.267376] random: fast init done
<14>[ 3.000227] kmodloader: loading kernel modules from /etc/modules-boot.d/*
<14>[ 3.073195] kmodloader: done loading kernel modules from /etc/modules-boot.d/*
<14>[ 3.091032] init: - preinit -
<6>[ 4.256850] rt3050-esw 10110000.esw: link changed 0x00
<5>[ 4.687762] random: procd: uninitialized urandom read (4 bytes read)
<13>[ 4.780523] mount_root: jffs2 not ready yet, using temporary tmpfs overlay
<12>[ 4.822673] urandom-seed: Seed file not found (/etc/urandom.seed)
<14>[ 4.918017] procd: - early -
<14>[ 4.921055] procd: - watchdog -
<14>[ 5.550307] procd: - watchdog -
<14>[ 5.553880] procd: - ubus -
<5>[ 5.600493] random: ubusd: uninitialized urandom read (4 bytes read)
<5>[ 5.667639] random: ubusd: uninitialized urandom read (4 bytes read)
<14>[ 5.675598] procd: - init -
<14>[ 6.002174] kmodloader: loading kernel modules from /etc/modules.d/*
<6>[ 6.011883] l2tp_core: L2TP core driver, V2.0
<6>[ 6.017941] l2tp_netlink: L2TP netlink interface
<6>[ 6.024375] l2tp_eth: L2TP ethernet pseudowire support (L2TPv3)
<6>[ 6.032295] l2tp_ip: L2TP IP encapsulation support (L2TPv3)
<6>[ 6.044769] Mirror/redirect action on
<6>[ 6.141161] u32 classifier
<6>[ 6.143986] input device check on
<6>[ 6.147693] Actions configured
<6>[ 6.239795] nf_conntrack version 0.5.0 (1024 buckets, 4096 max)
<6>[ 6.260517] Loading modules backported from Linux version v4.19.23-0-g67d52fae61c1
<6>[ 6.268272] Backport generated by backports.git v4.19.23-1-0-g480a925a
<6>[ 6.488990] xt_time: kernel timezone is -0000
<6>[ 6.514755] ip_tables: (C) 2000-2006 Netfilter Core Team
<6>[ 6.566528] mt76_wmac 10300000.wmac: ASIC revision: 76280001
<6>[ 7.593554] mt76_wmac 10300000.wmac: Firmware Version: 20151201
<6>[ 7.599575] mt76_wmac 10300000.wmac: Build Time: 20151201183641
<6>[ 7.621350] mt76_wmac 10300000.wmac: firmware init done
<6>[ 7.728549] rt3050-esw 10110000.esw: link changed 0x01
<7>[ 7.792147] ieee80211 phy0: Selected rate control algorithm 'minstrel_ht'
<14>[ 7.802137] kmodloader: done loading kernel modules from /etc/modules.d/*
<4>[ 9.177342] urandom_read: 6 callbacks suppressed
<5>[ 9.177353] random: jshn: uninitialized urandom read (4 bytes read)
<6>[ 11.971477] rt3050-esw 10110000.esw: link changed 0x00
<6>[ 15.521829] rt3050-esw 10110000.esw: link changed 0x01
<6>[ 40.298153] rt3050-esw 10110000.esw: link changed 0x00
<6>[ 43.783225] rt3050-esw 10110000.esw: link changed 0x01
<6>[ 44.432507] device eth0 entered promiscuous mode
<6>[ 50.910274] br-lan: port 1(eth0.1) entered blocking state
<6>[ 50.915855] br-lan: port 1(eth0.1) entered disabled state
<6>[ 50.921660] device eth0.1 entered promiscuous mode
<6>[ 50.939619] br-lan: port 1(eth0.1) entered blocking state
<6>[ 50.945176] br-lan: port 1(eth0.1) entered forwarding state
<6>[ 51.073380] br-lan: port 1(eth0.1) entered disabled state
<6>[ 51.080911] device eth0.1 left promiscuous mode
<6>[ 51.085686] br-lan: port 1(eth0.1) entered disabled state
<6>[ 51.170750] br-lan: port 1(eth0.1) entered blocking state
<6>[ 51.176313] br-lan: port 1(eth0.1) entered disabled state
<6>[ 51.182108] device eth0.1 entered promiscuous mode
<6>[ 51.234695] br-lan: port 1(eth0.1) entered blocking state
<6>[ 51.240185] br-lan: port 1(eth0.1) entered forwarding state
<6>[ 54.284409] br-lan: port 2(wlan0) entered blocking state
<6>[ 54.290155] br-lan: port 2(wlan0) entered disabled state
<6>[ 54.295937] device wlan0 entered promiscuous mode
<6>[ 55.227079] br-lan: port 2(wlan0) entered blocking state
<6>[ 55.232548] br-lan: port 2(wlan0) entered forwarding state
<6>[ 65.499313] device wlan0 left promiscuous mode
<6>[ 65.504001] br-lan: port 2(wlan0) entered disabled state
<6>[ 67.659749] br-lan: port 2(wlan0) entered blocking state
<6>[ 67.665252] br-lan: port 2(wlan0) entered disabled state
<6>[ 67.670929] device wlan0 entered promiscuous mode
<6>[ 67.675848] br-lan: port 2(wlan0) entered blocking state
<6>[ 67.681236] br-lan: port 2(wlan0) entered forwarding state
<6>[ 67.687263] br-lan: port 2(wlan0) entered disabled state
<6>[ 70.171904] br-lan: port 2(wlan0) entered blocking state
<6>[ 70.177326] br-lan: port 2(wlan0) entered forwarding state
<4>[ 74.063128] jffs2_scan_eraseblock(): End of filesystem marker found at 0x0
<4>[ 74.076565] jffs2_build_filesystem(): unlocking the mtd device...
<4>[ 74.076626] done.
<4>[ 74.084920] jffs2_build_filesystem(): erasing all blocks after the end marker...
<5>[ 75.341427] random: crng init done
<4>[ 89.806667] done.
<5>[ 89.808667] jffs2: notice: (2808) jffs2_build_xattr_subsystem: complete building xattr subsystem, 0 of xdatum (0 unchecked, 0 orphan) and 0 of xref (0 dead, 0 orphan) found.
<4>[ 90.097054] overlayfs: upper fs does not support tmpfile.
<6>[95491.758861] device wlan0 left promiscuous mode
<6>[95491.763556] br-lan: port 2(wlan0) entered disabled state
<6>[95496.123525] br-lan: port 2(wlan0) entered blocking state
<6>[95496.128998] br-lan: port 2(wlan0) entered disabled state
<6>[95496.134779] device wlan0 entered promiscuous mode
<6>[95496.139678] br-lan: port 2(wlan0) entered blocking state
<6>[95496.145064] br-lan: port 2(wlan0) entered forwarding state
<6>[95496.151480] br-lan: port 2(wlan0) entered disabled state
<6>[95497.434477] br-lan: port 2(wlan0) entered blocking state
<6>[95497.439926] br-lan: port 2(wlan0) entered forwarding state
<6>[181891.461089] device wlan0 left promiscuous mode
<6>[181891.465866] br-lan: port 2(wlan0) entered disabled state
<6>[181895.862824] br-lan: port 2(wlan0) entered blocking state
<6>[181895.868387] br-lan: port 2(wlan0) entered disabled state
<6>[181895.874262] device wlan0 entered promiscuous mode
<6>[181897.223872] br-lan: port 2(wlan0) entered blocking state
<6>[181897.229417] br-lan: port 2(wlan0) entered forwarding state
<6>[268291.119138] device wlan0 left promiscuous mode
<6>[268291.123910] br-lan: port 2(wlan0) entered disabled state
<6>[268296.605568] br-lan: port 2(wlan0) entered blocking state
<6>[268296.611162] br-lan: port 2(wlan0) entered disabled state
<6>[268296.616932] device wlan0 entered promiscuous mode
<6>[268298.034899] br-lan: port 2(wlan0) entered blocking state
<6>[268298.040440] br-lan: port 2(wlan0) entered forwarding state
<6>[354690.783285] device wlan0 left promiscuous mode
<6>[354690.788153] br-lan: port 2(wlan0) entered disabled state
<6>[354695.110340] br-lan: port 2(wlan0) entered blocking state
<6>[354695.115924] br-lan: port 2(wlan0) entered disabled state
<6>[354695.121790] device wlan0 entered promiscuous mode
<6>[354696.496658] br-lan: port 2(wlan0) entered blocking state
<6>[354696.502208] br-lan: port 2(wlan0) entered forwarding state
<6>[441090.473174] device wlan0 left promiscuous mode
<6>[441090.478041] br-lan: port 2(wlan0) entered disabled state
<6>[441094.831626] br-lan: port 2(wlan0) entered blocking state
<6>[441094.837188] br-lan: port 2(wlan0) entered disabled state
<6>[441094.843056] device wlan0 entered promiscuous mode
<6>[441094.848063] br-lan: port 2(wlan0) entered blocking state
<6>[441094.853538] br-lan: port 2(wlan0) entered forwarding state
<6>[441094.860044] br-lan: port 2(wlan0) entered disabled state
<6>[441096.143580] br-lan: port 2(wlan0) entered blocking state
<6>[441096.149126] br-lan: port 2(wlan0) entered forwarding state
<6>[527490.172730] device wlan0 left promiscuous mode
<6>[527490.177478] br-lan: port 2(wlan0) entered disabled state
<6>[527494.541946] br-lan: port 2(wlan0) entered blocking state
<6>[527494.547517] br-lan: port 2(wlan0) entered disabled state
<6>[527494.553391] device wlan0 entered promiscuous mode
<6>[527495.938895] br-lan: port 2(wlan0) entered blocking state
<6>[527495.944394] br-lan: port 2(wlan0) entered forwarding state
<1>[592589.839671] CPU 0 Unable to handle kernel paging request at virtual address 000002c8, epc == 830af554, ra == 83082384
<4>[592589.850591] Oops[#1]:
<4>[592589.852986] CPU: 0 PID: 0 Comm: swapper Not tainted 4.14.108 #0
<4>[592589.859074] task: 803cb430 task.stack: 803c6000
<4>[592589.863748] $ 0 : 00000000 80410000 00000000 00000000
<4>[592589.869140] $ 4 : 00000000 838cbd80 00000000 00000000
<4>[592589.874531] $ 8 : 838cb1c8 82f18516 00000010 43420000
<4>[592589.879922] $12 : 087f0000 00000000 000a9a0e 00000004
<4>[592589.885312] $16 : 838cbd80 00000000 830ecbc0 830ecbc0
<4>[592589.890703] $20 : 83b61bf0 830f73ac 00000001 00000000
<4>[592589.896093] $24 : 00000010 801bcbe0
<4>[592589.901484] $28 : 803c6000 83807e18 830ede88 83082384
<4>[592589.906876] Hi : 005a1ac2
<4>[592589.909878] Lo : ef14c145
<4>[592589.912889] epc : 830af554 0x830af554 [mac80211@83080000+0x6a240]
<4>[592589.919330] ra : 83082384 0x83082384 [mac80211@83080000+0x6a240]
<4>[592589.925764] Status: 1100e403 KERNEL EXL IE
<4>[592589.930096] Cause : 00800008 (ExcCode 02)
<4>[592589.934243] BadVA : 000002c8
<4>[592589.937246] PrId : 00019655 (MIPS 24KEc)
<4>[592589.941392] Modules linked in: mt7603e mt76 mac80211 iptable_raw iptable_nat iptable_mangle iptable_filter ipt_REJECT ipt_MASQUERADE ipt_ECN ip_tables cfg80211 xt_time xt_tcpudp xt_tcpmss xt_statistic xt_state xt_recent xt_nat xt_multiport xt_mark xt_mac xt_limit xt_length xt_hl xt_helper xt_ecn xt_dscp xt_conntrack xt_connmark xt_connlimit xt_connbytes xt_comment xt_TCPMSS xt_REDIRECT xt_LOG xt_HL xt_FLOWOFFLOAD xt_DSCP xt_CT xt_CLASSIFY x_tables nf_reject_ipv4 nf_nat_redirect nf_nat_masquerade_ipv4 nf_conntrack_ipv4 nf_nat_ipv4 nf_nat nf_log_ipv4 nf_log_common nf_flow_table_hw nf_flow_table nf_defrag_ipv4 nf_conntrack_rtcache compat act_connmark nf_conntrack sch_tbf sch_ingress sch_htb sch_hfsc em_u32 cls_u32 cls_tcindex cls_route cls_matchall cls_fw cls_flow cls_basic act_skbedit act_mirred ifb
<4>[592590.013247] l2tp_ip l2tp_eth l2tp_netlink l2tp_core udp_tunnel leds_gpio gpio_button_hotplug
<4>[592590.021995] Process swapper (pid: 0, threadinfo=803c6000, task=803cb430, tls=00000000)
<4>[592590.030101] Stack : 83807e7c 0000008a 00000000 838cbd80 838cbd80 83082384 00000050 830ecbc0
<4>[592590.038670] 83b61bf0 830f73ac 830ed4e0 00000000 838cb180 00000000 00000000 830ecbc0
<4>[592590.047239] 83b61bf0 830f73ac 830ed4e0 00000001 830ecbc0 830adb78 00000cfc 0000033f
<4>[592590.055808] 8381b800 00000080 00000000 00000000 00060036 00000000 830ed4e0 83b61bf0
<4>[592590.064376] 00000004 00000003 00000006 830f73f0 83807ee0 80058f30 803dfc40 00000003
<4>[592590.072945] ...
<4>[592590.075510] Call Trace:
<4>[592590.075556] [<83082384>] 0x83082384 [mac80211@83080000+0x6a240]
<4>[592590.084214] [<830f73ac>] 0x830f73ac [mt7603e@830f0000+0x87a0]
<4>[592590.090146] [<830f73ac>] 0x830f73ac [mt7603e@830f0000+0x87a0]
<4>[592590.096068] [<830adb78>] 0x830adb78 [mac80211@83080000+0x6a240]
<4>[592590.102173] [<830f73f0>] 0x830f73f0 [mt7603e@830f0000+0x87a0]
<4>[592590.108088] [<80058f30>] 0x80058f30
<4>[592590.111724] [<830b4d80>] 0x830b4d80 [mac80211@83080000+0x6a240]
<4>[592590.117809] [<80009e70>] 0x80009e70
<4>[592590.121449] [<830f7548>] 0x830f7548 [mt7603e@830f0000+0x87a0]
<4>[592590.127377] [<8002d078>] 0x8002d078
<4>[592590.130998] [<80009e70>] 0x80009e70
<4>[592590.134619] [<80351a20>] 0x80351a20
<4>[592590.138240] [<8005d978>] 0x8005d978
<4>[592590.141866] [<80058f30>] 0x80058f30
<4>[592590.145491] [<80009e70>] 0x80009e70
<4>[592590.149109]
<4>[592590.150701] Code: 27bdffe8 afbf0014 afb00010 <8c9002c8> 8caa00a4 1080001e 8e090438 8e030044 0123402a
<4>[592590.160690]
<4>[592590.162335] ---[ end trace 25bbd90279e222f9 ]---
===================================