[PATCH] ath11k: enable IEEE80211_HW_SINGLE_SCAN_ON_ALL_BANDS for WCN6855
Sven Eckelmann
sven at narfation.org
Mon Dec 6 12:03:02 PST 2021
On Monday, 6 December 2021 08:10:40 CET Wen Gong wrote:
> > On Monday, 6 December 2021 04:29:39 CET Wen Gong wrote:
> > [...]
> >> I did test in my setup, not see the crash.
> >>
> >> I am afraid you also need this patch("ath11k: change to use dynamic
> >> memory for channel list of scan",
> >>
> >> https://patchwork.kernel.org/project/linux-wireless/patch/20211129110939.15711-1-quic_wgong@quicinc.com
> >> )
> >>
> >> Could you apply this patch and try again?
> > Tried it and I see the same problem.
> Could you tell what is your test steps?
Start kernel with commit a93789ae541c ("ath11k: Avoid NULL ptr
access during mgmt tx cleanup") + patches:
* ath11k: enable IEEE80211_HW_SINGLE_SCAN_ON_ALL_BANDS for WCN6855
* ath11k: change to use dynamic memory for channel list of scan
You can find the config in the first mail. But I have now enabled KASAN inline
to hopefully create some better error messages.
The firmware + board data (see mail "ath11k: incorrect board_id retrieval")
was prepared like this:
git clone https://github.com/kvalo/ath11k-firmware /root/ath11k-firmware
mkdir -p /lib/firmware/ath11k/WCN6855/hw2.0/
cp /root/ath11k-firmware/WCN6855/hw2.0/*.bin /lib/firmware/ath11k/WCN6855/hw2.0/
cp /root/ath11k-firmware/WCN6855/hw2.0/1.1/WLAN.HSP.1.1-02892.1-QCAHSPSWPL_V1_V2_SILICONZ_LITE-1/*.bin /lib/firmware/ath11k/WCN6855/hw2.0/
git clone https://github.com/qca/qca-swiss-army-knife /root/qca-swiss-army-knife
apt install python2
python2 /root/qca-swiss-army-knife/tools/scripts/ath11k/ath11k-bdencoder -e /lib/firmware/ath11k/WCN6855/hw2.0/board-2.bin
rm /lib/firmware/ath11k/WCN6855/hw2.0/board-2.bin
cp 'bus=pci,vendor=17cb,device=1103,subsystem-vendor=17cb,subsystem-device=3374,qmi-chip-id=2,qmi-board-id=266.bin' /lib/firmware/ath11k/WCN6855/hw2.0/board.bin
Then I am just starting up the device as usual, and start wpa_supplicant (with
defconfig + CONFIG_MESH=y) from commit 14ab4a816c68 ("Reject
ap_vendor_elements if its length is odd")
cat << "EOF" > station_test.cfg
network={
ssid="MyTestAP"
key_mgmt=WPA-PSK FT-PSK
proto=RSN
psk="testtest"
}
EOF
ip link set up dev wlp6s0
~/hostap/wpa_supplicant/wpa_supplicant -D nl80211 -i wlp6s0 -c station_test.cfg
The actual SSID + PSK is valid and multiple access points (4) have this BSS on
2.4GHz + 5GHz.
So you are basically always calling dev_kfree_skb_any in ath11k_ce_tx_process_cb
because wcn6855 hw2.0 has credit_flow has set. But it seems like one of the
entries returned by ath11k_ce_completed_send_next is bogus and causes this
problems during the ath11k_ce_tx_process_cb. And for some reason, this is
triggered here by this firmware feature.
./scripts/faddr2line --list vmlinux consume_skb+0x9f/0x1c0
consume_skb+0x9f/0x1c0:
__kfree_skb at net/core/skbuff.c:757
752 */
753
754 void __kfree_skb(struct sk_buff *skb)
755 {
756 skb_release_all(skb);
>757< kfree_skbmem(skb);
758 }
759 EXPORT_SYMBOL(__kfree_skb);
760
761 /**
762 * kfree_skb - free an sk_buff
(inlined by) consume_skb at net/core/skbuff.c:912
907 {
908 if (!skb_unref(skb))
909 return;
910
911 trace_consume_skb(skb);
>912< __kfree_skb(skb);
913 }
914 EXPORT_SYMBOL(consume_skb);
915 #endif
916
917 /**
(inlined by) consume_skb at net/core/skbuff.c:906
901 *
902 * Drop a ref to the buffer and free it if the usage count has hit zero
903 * Functions identically to kfree_skb, but kfree_skb assumes that the frame
904 * is being dropped after a failure and notes that
905 */
>906< void consume_skb(struct sk_buff *skb)
907 {
908 if (!skb_unref(skb))
909 return;
910
911 trace_consume_skb(skb);
./scripts/faddr2line --list vmlinux skb_release_data+0x1b0/0x5c0
skb_release_data+0x1b0/0x5c0:
skb_zcopy_clear at include/linux/skbuff.h:1549
1544 {
1545 struct ubuf_info *uarg = skb_zcopy(skb);
1546
1547 if (uarg) {
1548 if (!skb_zcopy_is_nouarg(skb))
>1549< uarg->callback(skb, uarg, zerocopy_success);
1550
1551 skb_shinfo(skb)->flags &= ~SKBFL_ALL_ZEROCOPY;
1552 }
1553 }
1554
(inlined by) skb_release_data at net/core/skbuff.c:669
664 if (skb->cloned &&
665 atomic_sub_return(skb->nohdr ? (1 << SKB_DATAREF_SHIFT) + 1 : 1,
666 &shinfo->dataref))
667 goto exit;
668
>669< skb_zcopy_clear(skb, true);
670
671 for (i = 0; i < shinfo->nr_frags; i++)
672 __skb_frag_unref(&shinfo->frags[i], skb->pp_recycle);
673
674 if (shinfo->frag_list)
But I didn't like the inlined code. So I've changed the compilation flags
slightly:
diff --git a/net/core/Makefile b/net/core/Makefile
index 6bdcb2cafed8..5eda226c5f27 100644
--- a/net/core/Makefile
+++ b/net/core/Makefile
@@ -37,3 +37,4 @@ obj-$(CONFIG_NET_SOCK_MSG) += skmsg.o
obj-$(CONFIG_BPF_SYSCALL) += sock_map.o
obj-$(CONFIG_BPF_SYSCALL) += bpf_sk_storage.o
obj-$(CONFIG_OF) += of_net.o
+ccflags-y += -fno-inline -O1 -fno-optimize-sibling-calls
Now the stacktrace is a lot more readable. And the returned
crash location makes a lot more sense:
./scripts/faddr2line --list vmlinux 'skb_zcopy_clear+0x34/0x8f'
skb_zcopy_clear+0x34/0x8f:
skb_zcopy_clear at include/linux/skbuff.h:1549
1544 {
1545 struct ubuf_info *uarg = skb_zcopy(skb);
1546
1547 if (uarg) {
1548 if (!skb_zcopy_is_nouarg(skb))
>1549< uarg->callback(skb, uarg, zerocopy_success);
1550
1551 skb_shinfo(skb)->flags &= ~SKBFL_ALL_ZEROCOPY;
1552 }
1553 }
1554
Or with the assembler:
(gdb) disassemble /m *(skb_zcopy_clear+0x34/0x8f)
Dump of assembler code for function skb_zcopy_clear:
1544 {
0x000000000000072a <+0>: push %r12
0x000000000000072c <+2>: push %rbp
0x000000000000072d <+3>: push %rbx
0x000000000000072e <+4>: mov %rdi,%rbx
0x0000000000000731 <+7>: mov %esi,%r12d
1545 struct ubuf_info *uarg = skb_zcopy(skb);
0x0000000000000734 <+10>: call 0x5d3 <skb_zcopy>
1546
1547 if (uarg) {
0x0000000000000739 <+15>: test %rax,%rax
0x000000000000073c <+18>: je 0x7a0 <skb_zcopy_clear+118>
0x000000000000073e <+20>: mov %rax,%rbp
1548 if (!skb_zcopy_is_nouarg(skb))
0x0000000000000741 <+23>: mov %rbx,%rdi
0x0000000000000744 <+26>: call 0x6f6 <skb_zcopy_is_nouarg>
0x0000000000000749 <+31>: test %al,%al
0x000000000000074b <+33>: jne 0x777 <skb_zcopy_clear+77>
1549 uarg->callback(skb, uarg, zerocopy_success);
0x000000000000074d <+35>: mov %rbp,%rdx
0x0000000000000750 <+38>: shr $0x3,%rdx
0x0000000000000754 <+42>: movabs $0xdffffc0000000000,%rax
0x000000000000075e <+52>: cmpb $0x0,(%rdx,%rax,1)
0x0000000000000762 <+56>: jne 0x7a5 <skb_zcopy_clear+123>
0x0000000000000764 <+58>: movzbl %r12b,%edx
0x0000000000000768 <+62>: mov 0x0(%rbp),%rax
0x000000000000076c <+66>: mov %rbp,%rsi
0x000000000000076f <+69>: mov %rbx,%rdi
0x0000000000000772 <+72>: call 0x777 <skb_zcopy_clear+77>
0x00000000000007a5 <+123>: mov %rbp,%rdi
0x00000000000007a8 <+126>: call 0x7ad <skb_zcopy_clear+131>
0x00000000000007ad <+131>: jmp 0x764 <skb_zcopy_clear+58>
1550
1551 skb_shinfo(skb)->flags &= ~SKBFL_ALL_ZEROCOPY;
0x0000000000000777 <+77>: mov %rbx,%rdi
0x000000000000077a <+80>: call 0x518 <skb_end_pointer>
0x000000000000077f <+85>: mov %rax,%rbx
0x0000000000000782 <+88>: mov %rax,%rdx
0x0000000000000785 <+91>: shr $0x3,%rdx
0x0000000000000789 <+95>: movabs $0xdffffc0000000000,%rax
0x0000000000000793 <+105>: movzbl (%rdx,%rax,1),%eax
0x0000000000000797 <+109>: test %al,%al
0x0000000000000799 <+111>: je 0x79d <skb_zcopy_clear+115>
0x000000000000079b <+113>: jle 0x7af <skb_zcopy_clear+133>
0x000000000000079d <+115>: andb $0xf8,(%rbx)
0x00000000000007af <+133>: mov %rbx,%rdi
0x00000000000007b2 <+136>: call 0x7b7 <skb_zcopy_clear+141>
0x00000000000007b7 <+141>: jmp 0x79d <skb_zcopy_clear+115>
1552 }
1553 }
0x00000000000007a0 <+118>: pop %rbx
0x00000000000007a1 <+119>: pop %rbp
0x00000000000007a2 <+120>: pop %r12
0x00000000000007a4 <+122>: ret
End of assembler dump.
To make it even easier to read, just disable the inline KASAN and reduce the
optimization level for this for it:
diff --git a/include/linux/skbuff.h b/include/linux/skbuff.h
index 059b6266dcd7..819cc58ab051 100644
--- a/include/linux/skbuff.h
+++ b/include/linux/skbuff.h
@@ -1540,6 +1540,8 @@ static inline void net_zcopy_put_abort(struct ubuf_info *uarg, bool have_uref)
}
/* Release a reference on a zerocopy structure */
+#pragma GCC push_options
+#pragma GCC optimize ("O0")
static inline void skb_zcopy_clear(struct sk_buff *skb, bool zerocopy_success)
{
struct ubuf_info *uarg = skb_zcopy(skb);
@@ -1551,6 +1553,7 @@ static inline void skb_zcopy_clear(struct sk_buff *skb, bool zerocopy_success)
skb_shinfo(skb)->flags &= ~SKBFL_ALL_ZEROCOPY;
}
}
+#pragma GCC pop_options
static inline void skb_mark_not_on_list(struct sk_buff *skb)
{
This creates this nice, unoptimized function which crashes at +63:
$ gdb net/core/skbuff.o -q
Reading symbols from net/core/skbuff.o...
(gdb) disassemble /m *(skb_zcopy_clear+0x3f/0x70)
Dump of assembler code for function skb_zcopy_clear:
1546 {
0x0000000000000000 <+0>: push %rbp
0x0000000000000001 <+1>: mov %rsp,%rbp
0x0000000000000004 <+4>: sub $0x18,%rsp
0x0000000000000008 <+8>: mov %rdi,-0x10(%rbp)
0x000000000000000c <+12>: mov %esi,%eax
0x000000000000000e <+14>: mov %al,-0x14(%rbp)
1547 struct ubuf_info *uarg = skb_zcopy(skb);
0x0000000000000011 <+17>: mov -0x10(%rbp),%rax
0x0000000000000015 <+21>: mov %rax,%rdi
0x0000000000000018 <+24>: call 0x29e <skb_zcopy>
0x000000000000001d <+29>: mov %rax,-0x8(%rbp)
1548
1549 if (uarg) {
0x0000000000000021 <+33>: cmpq $0x0,-0x8(%rbp)
0x0000000000000026 <+38>: je 0x6d <skb_zcopy_clear+109>
1550 if (!skb_zcopy_is_nouarg(skb))
0x0000000000000028 <+40>: mov -0x10(%rbp),%rax
0x000000000000002c <+44>: mov %rax,%rdi
0x000000000000002f <+47>: call 0x2df <skb_zcopy_is_nouarg>
0x0000000000000034 <+52>: xor $0x1,%eax
0x0000000000000037 <+55>: test %al,%al
0x0000000000000039 <+57>: je 0x59 <skb_zcopy_clear+89>
1551 uarg->callback(skb, uarg, zerocopy_success);
0x000000000000003b <+59>: mov -0x8(%rbp),%rax
0x000000000000003f <+63>: mov (%rax),%r8
0x0000000000000042 <+66>: movzbl -0x14(%rbp),%edx
0x0000000000000046 <+70>: mov -0x8(%rbp),%rcx
0x000000000000004a <+74>: mov -0x10(%rbp),%rax
0x000000000000004e <+78>: mov %rcx,%rsi
0x0000000000000051 <+81>: mov %rax,%rdi
0x0000000000000054 <+84>: call 0x59 <skb_zcopy_clear+89>
1552
1553 skb_shinfo(skb)->flags &= ~SKBFL_ALL_ZEROCOPY;
0x0000000000000059 <+89>: mov -0x10(%rbp),%rax
0x000000000000005d <+93>: mov %rax,%rdi
0x0000000000000060 <+96>: call 0x27f <skb_end_pointer>
0x0000000000000065 <+101>: movzbl (%rax),%edx
0x0000000000000068 <+104>: and $0xfffffff8,%edx
0x000000000000006b <+107>: mov %dl,(%rax)
1554 }
1555 }
0x000000000000006d <+109>: nop
0x000000000000006e <+110>: leave
0x000000000000006f <+111>: ret
End of assembler dump.
The question now: What is causing the unclean state of the skb and thus
doesn't let it get rejected by skb_zcopy_is_nouarg before the uarg
callback is tried.
Kind regards,
Sven
-------------- next part --------------
A non-text attachment was scrubbed...
Name: screenlog.0.zip
Type: application/zip
Size: 20103 bytes
Desc: not available
URL: <http://lists.infradead.org/pipermail/ath11k/attachments/20211206/540196a2/attachment-0001.zip>
-------------- next part --------------
general protection fault, probably for non-canonical address 0xe0080c4200016463: 0000 [#1] PREEMPT SMP KASAN NOPTI
KASAN: maybe wild-memory-access in range [0x00408210000b2318-0x00408210000b231f]
CPU: 0 PID: 0 Comm: swapper/0 Not tainted 5.16.0-rc1+ #3
Hardware name: PC Engines APU/APU, BIOS 4.0 09/08/2014
RIP: 0010:skb_release_data (./include/linux/skbuff.h:1549 net/core/skbuff.c:669)
Code: 00 00 48 8b 75 28 48 85 f6 0f 84 d2 00 00 00 40 f6 c6 01 0f 85 a3 00 00 00 48 b8 00 00 00 00 00 fc ff df 48 89 f2 48 c1 ea 03 <80> 3c 02 00 0f 85 d3 03 00 00 48 8b 06 ba 01 00 00 00 48 89 df 0f
All code
========
0: 00 00 add %al,(%rax)
2: 48 8b 75 28 mov 0x28(%rbp),%rsi
6: 48 85 f6 test %rsi,%rsi
9: 0f 84 d2 00 00 00 je 0xe1
f: 40 f6 c6 01 test $0x1,%sil
13: 0f 85 a3 00 00 00 jne 0xbc
19: 48 b8 00 00 00 00 00 movabs $0xdffffc0000000000,%rax
20: fc ff df
23: 48 89 f2 mov %rsi,%rdx
26: 48 c1 ea 03 shr $0x3,%rdx
2a:* 80 3c 02 00 cmpb $0x0,(%rdx,%rax,1) <-- trapping instruction
2e: 0f 85 d3 03 00 00 jne 0x407
34: 48 8b 06 mov (%rsi),%rax
37: ba 01 00 00 00 mov $0x1,%edx
3c: 48 89 df mov %rbx,%rdi
3f: 0f .byte 0xf
Code starting with the faulting instruction
===========================================
0: 80 3c 02 00 cmpb $0x0,(%rdx,%rax,1)
4: 0f 85 d3 03 00 00 jne 0x3dd
a: 48 8b 06 mov (%rsi),%rax
d: ba 01 00 00 00 mov $0x1,%edx
12: 48 89 df mov %rbx,%rdi
15: 0f .byte 0xf
RSP: 0018:ffff8880c7c09c50 EFLAGS: 00010216
RAX: dffffc0000000000 RBX: ffff888004c6bdc0 RCX: 1ffff1100076945d
RDX: 0008104200016463 RSI: 00408210000b231a RDI: ffff888003b4a2e8
RBP: ffff888003b4a2c0 R08: 0000000000000000 R09: ffff888004c6be97
R10: ffffed100098d7d2 R11: 0000000000000001 R12: ffff888003b4a2c0
R13: ffff888004c6be7c R14: ffff88800c641e58 R15: ffff888004c6be80
FS: 0000000000000000(0000) GS:ffff8880c7c00000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 000055d3a95f6778 CR3: 0000000017c20000 CR4: 00000000000006f0
Call Trace:
<IRQ>
? _raw_write_lock_irq (kernel/locking/spinlock.c:177)
consume_skb (net/core/skbuff.c:757 net/core/skbuff.c:912 net/core/skbuff.c:906)
ath11k_ce_tx_process_cb (drivers/net/wireless/ath/ath11k/ce.c:515) ath11k
? __local_bh_enable_ip (./arch/x86/include/asm/preempt.h:103 kernel/softirq.c:390)
? ath11k_ce_alloc_pipes (drivers/net/wireless/ath/ath11k/ce.c:500) ath11k
? ath11k_hal_srng_access_end (drivers/net/wireless/ath/ath11k/hal.c:849) ath11k
ath11k_ce_per_engine_service (drivers/net/wireless/ath/ath11k/ce.c:694) ath11k
? _raw_spin_lock_irqsave (./arch/x86/include/asm/atomic.h:202 ./include/linux/atomic/atomic-instrumented.h:513 ./include/asm-generic/qspinlock.h:82 ./include/linux/spinlock.h:185 ./include/linux/spinlock_api_smp.h:111 kernel/locking/spinlock.c:162)
? __lock_text_start (kernel/locking/spinlock.c:161)
? ath11k_ce_tx_process_cb (drivers/net/wireless/ath/ath11k/ce.c:689) ath11k
? __wake_up_bit (kernel/sched/wait_bit.c:192)
? __irq_put_desc_unlock (kernel/irq/irqdesc.c:819)
ath11k_pci_ce_tasklet (drivers/net/wireless/ath/ath11k/pci.c:637) ath11k_pci
? tasklet_clear_sched (kernel/softirq.c:752)
tasklet_action_common.constprop.0 (kernel/softirq.c:783)
__do_softirq (./arch/x86/include/asm/jump_label.h:27 ./include/linux/jump_label.h:212 ./include/trace/events/irq.h:142 kernel/softirq.c:559)
__irq_exit_rcu (kernel/softirq.c:432 kernel/softirq.c:636)
common_interrupt (arch/x86/kernel/irq.c:240 (discriminator 14))
</IRQ>
<TASK>
asm_common_interrupt (./arch/x86/include/asm/idtentry.h:629)
RIP: 0010:cpuidle_enter_state (drivers/cpuidle/cpuidle.c:259)
Code: ff e8 8e 95 db fe 80 3c 24 00 74 17 9c 58 0f 1f 44 00 00 f6 c4 02 0f 85 8e 06 00 00 31 ff e8 a1 b9 ef fe fb 66 0f 1f 44 00 00 <45> 85 ed 0f 88 52 03 00 00 4d 63 e5 4b 8d 04 64 49 8d 04 84 48 8d
All code
========
0: ff (bad)
1: e8 8e 95 db fe callq 0xfffffffffedb9594
6: 80 3c 24 00 cmpb $0x0,(%rsp)
a: 74 17 je 0x23
c: 9c pushfq
d: 58 pop %rax
e: 0f 1f 44 00 00 nopl 0x0(%rax,%rax,1)
13: f6 c4 02 test $0x2,%ah
16: 0f 85 8e 06 00 00 jne 0x6aa
1c: 31 ff xor %edi,%edi
1e: e8 a1 b9 ef fe callq 0xfffffffffeefb9c4
23: fb sti
24: 66 0f 1f 44 00 00 nopw 0x0(%rax,%rax,1)
2a:* 45 85 ed test %r13d,%r13d <-- trapping instruction
2d: 0f 88 52 03 00 00 js 0x385
33: 4d 63 e5 movslq %r13d,%r12
36: 4b 8d 04 64 lea (%r12,%r12,2),%rax
3a: 49 8d 04 84 lea (%r12,%rax,4),%rax
3e: 48 rex.W
3f: 8d .byte 0x8d
Code starting with the faulting instruction
===========================================
0: 45 85 ed test %r13d,%r13d
3: 0f 88 52 03 00 00 js 0x35b
9: 4d 63 e5 movslq %r13d,%r12
c: 4b 8d 04 64 lea (%r12,%r12,2),%rax
10: 49 8d 04 84 lea (%r12,%rax,4),%rax
14: 48 rex.W
15: 8d .byte 0x8d
RSP: 0018:ffffffff89a07de0 EFLAGS: 00000246
RAX: dffffc0000000000 RBX: ffff888003b44000 RCX: 1ffffffff129775c
RDX: 1ffff11018f88331 RSI: ffffffff89031b00 RDI: ffff8880c7c41988
RBP: ffffffff89ee0d20 R08: 0000000000000002 R09: ffff8880c7c41c2b
R10: ffffed1018f88385 R11: 0000000000000001 R12: 0000000000000002
R13: 0000000000000002 R14: 00000024aa5bda97 R15: ffffffff89ee0e08
? _raw_spin_unlock_irqrestore (./arch/x86/include/asm/preempt.h:103 ./include/linux/spinlock_api_smp.h:152 kernel/locking/spinlock.c:194)
? tick_nohz_idle_stop_tick (./include/linux/hrtimer.h:419 kernel/time/tick-sched.c:920 kernel/time/tick-sched.c:1062 kernel/time/tick-sched.c:1083)
cpuidle_enter (drivers/cpuidle/cpuidle.c:353)
do_idle (kernel/sched/idle.c:158 kernel/sched/idle.c:239 kernel/sched/idle.c:306)
? arch_cpu_idle_exit+0x40/0x40
cpu_startup_entry (kernel/sched/idle.c:402 (discriminator 1))
start_kernel (init/main.c:1137)
secondary_startup_64_no_verify (arch/x86/kernel/head_64.S:283)
</TASK>
Modules linked in: qrtr_mhi qrtr ath11k_pci mhi ath11k qmi_helpers mac80211 kvm_amd btusb btrtl ccp btbcm rng_core btintel libarc4 evdev leds_apu bluetooth kvm snd_pcm snd_timer jitterentropy_rng cfg80211 snd sha512_ssse3 sha512_generic sg soundcore irqbypass ctr pcspkr drbg ansi_cprng k10temp ecdh_generic rfkill ecc sp5100_tco watchdog acpi_cpufreq button drm fuse configfs ip_tables x_tables autofs4 ext4 crc32c_generic crc16 mbcache jbd2 sd_mod t10_pi crc_t10dif crct10dif_generic crct10dif_common uas usb_storage ohci_pci ahci libahci ohci_hcd ehci_pci ehci_hcd libata r8169 realtek mdio_devres usbcore scsi_mod i2c_piix4 usb_common scsi_common libphy
---[ end trace dc622588d92d6988 ]---
RIP: 0010:skb_release_data (./include/linux/skbuff.h:1549 net/core/skbuff.c:669)
Code: 00 00 48 8b 75 28 48 85 f6 0f 84 d2 00 00 00 40 f6 c6 01 0f 85 a3 00 00 00 48 b8 00 00 00 00 00 fc ff df 48 89 f2 48 c1 ea 03 <80> 3c 02 00 0f 85 d3 03 00 00 48 8b 06 ba 01 00 00 00 48 89 df 0f
All code
========
0: 00 00 add %al,(%rax)
2: 48 8b 75 28 mov 0x28(%rbp),%rsi
6: 48 85 f6 test %rsi,%rsi
9: 0f 84 d2 00 00 00 je 0xe1
f: 40 f6 c6 01 test $0x1,%sil
13: 0f 85 a3 00 00 00 jne 0xbc
19: 48 b8 00 00 00 00 00 movabs $0xdffffc0000000000,%rax
20: fc ff df
23: 48 89 f2 mov %rsi,%rdx
26: 48 c1 ea 03 shr $0x3,%rdx
2a:* 80 3c 02 00 cmpb $0x0,(%rdx,%rax,1) <-- trapping instruction
2e: 0f 85 d3 03 00 00 jne 0x407
34: 48 8b 06 mov (%rsi),%rax
37: ba 01 00 00 00 mov $0x1,%edx
3c: 48 89 df mov %rbx,%rdi
3f: 0f .byte 0xf
Code starting with the faulting instruction
===========================================
0: 80 3c 02 00 cmpb $0x0,(%rdx,%rax,1)
4: 0f 85 d3 03 00 00 jne 0x3dd
a: 48 8b 06 mov (%rsi),%rax
d: ba 01 00 00 00 mov $0x1,%edx
12: 48 89 df mov %rbx,%rdi
15: 0f .byte 0xf
RSP: 0018:ffff8880c7c09c50 EFLAGS: 00010216
RAX: dffffc0000000000 RBX: ffff888004c6bdc0 RCX: 1ffff1100076945d
RDX: 0008104200016463 RSI: 00408210000b231a RDI: ffff888003b4a2e8
RBP: ffff888003b4a2c0 R08: 0000000000000000 R09: ffff888004c6be97
R10: ffffed100098d7d2 R11: 0000000000000001 R12: ffff888003b4a2c0
R13: ffff888004c6be7c R14: ffff88800c641e58 R15: ffff888004c6be80
FS: 0000000000000000(0000) GS:ffff8880c7c00000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 000055d3a95f6778 CR3: 0000000017c20000 CR4: 00000000000006f0
Kernel panic - not syncing: Fatal exception in interrupt
Kernel Offset: 0x5c00000 from 0xffffffff81000000 (relocation range: 0xffffffff80000000-0xffffffffbfffffff)
---[ end Kernel panic - not syncing: Fatal exception in interrupt ]---
-------------- next part --------------
general protection fault, probably for non-canonical address 0xe0080c4200016463: 0000 [#1] PREEMPT SMP KASAN NOPTI
KASAN: maybe wild-memory-access in range [0x00408210000b2318-0x00408210000b231f]
CPU: 0 PID: 0 Comm: swapper/0 Not tainted 5.16.0-rc1+ #1
Hardware name: PC Engines APU/APU, BIOS 4.0 09/08/2014
RIP: 0010:skb_zcopy_clear (./include/linux/skbuff.h:1549)
Code: e8 9a fe ff ff 48 85 c0 74 62 48 89 c5 48 89 df e8 ad ff ff ff 84 c0 75 2a 48 89 ea 48 c1 ea 03 48 b8 00 00 00 00 00 fc ff df <80> 3c 02 00 75 41 41 0f b6 d4 48 8b 45 00 48 89 ee 48 89 df 0f ae
All code
========
0: e8 9a fe ff ff callq 0xfffffffffffffe9f
5: 48 85 c0 test %rax,%rax
8: 74 62 je 0x6c
a: 48 89 c5 mov %rax,%rbp
d: 48 89 df mov %rbx,%rdi
10: e8 ad ff ff ff callq 0xffffffffffffffc2
15: 84 c0 test %al,%al
17: 75 2a jne 0x43
19: 48 89 ea mov %rbp,%rdx
1c: 48 c1 ea 03 shr $0x3,%rdx
20: 48 b8 00 00 00 00 00 movabs $0xdffffc0000000000,%rax
27: fc ff df
2a:* 80 3c 02 00 cmpb $0x0,(%rdx,%rax,1) <-- trapping instruction
2e: 75 41 jne 0x71
30: 41 0f b6 d4 movzbl %r12b,%edx
34: 48 8b 45 00 mov 0x0(%rbp),%rax
38: 48 89 ee mov %rbp,%rsi
3b: 48 89 df mov %rbx,%rdi
3e: 0f .byte 0xf
3f: ae scas %es:(%rdi),%al
Code starting with the faulting instruction
===========================================
0: 80 3c 02 00 cmpb $0x0,(%rdx,%rax,1)
4: 75 41 jne 0x47
6: 41 0f b6 d4 movzbl %r12b,%edx
a: 48 8b 45 00 mov 0x0(%rbp),%rax
e: 48 89 ee mov %rbp,%rsi
11: 48 89 df mov %rbx,%rdi
14: 0f .byte 0xf
15: ae scas %es:(%rdi),%al
RSP: 0018:ffff8880c3a09c30 EFLAGS: 00010216
RAX: dffffc0000000000 RBX: ffff88800c233b40 RCX: ffffffff9fce961b
RDX: 0008104200016463 RSI: 0000000000000001 RDI: ffff888015edeae8
RBP: 00408210000b231a R08: 0000000000000000 R09: ffff88800c233c17
R10: ffffed1001846782 R11: 0000000000000001 R12: 0000000000000001
R13: ffff88800c233bbe R14: ffff88800b701e58 R15: dffffc0000000000
FS: 0000000000000000(0000) GS:ffff8880c3a00000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007fdccf1c75c0 CR3: 00000000063a4000 CR4: 00000000000006f0
Call Trace:
<IRQ>
skb_release_data (net/core/skbuff.c:671)
skb_release_all (net/core/skbuff.c:743)
__kfree_skb (net/core/skbuff.c:757)
consume_skb (net/core/skbuff.c:912)
__dev_kfree_skb_any (net/core/dev.c:3038)
ath11k_ce_tx_process_cb (drivers/net/wireless/ath/ath11k/ce.c:515) ath11k
? __local_bh_enable_ip (./arch/x86/include/asm/preempt.h:103 kernel/softirq.c:390)
? ath11k_ce_alloc_pipes (drivers/net/wireless/ath/ath11k/ce.c:500) ath11k
? ath11k_hal_srng_access_end (drivers/net/wireless/ath/ath11k/hal.c:849) ath11k
ath11k_ce_per_engine_service (drivers/net/wireless/ath/ath11k/ce.c:694) ath11k
? _raw_spin_lock_irqsave (./arch/x86/include/asm/atomic.h:202 ./include/linux/atomic/atomic-instrumented.h:513 ./include/asm-generic/qspinlock.h:82 ./include/linux/spinlock.h:185 ./include/linux/spinlock_api_smp.h:111 kernel/locking/spinlock.c:162)
? __lock_text_start (kernel/locking/spinlock.c:161)
? ath11k_ce_tx_process_cb (drivers/net/wireless/ath/ath11k/ce.c:689) ath11k
? __wake_up_bit (kernel/sched/wait_bit.c:192)
? __irq_put_desc_unlock (kernel/irq/irqdesc.c:819)
ath11k_pci_ce_tasklet (drivers/net/wireless/ath/ath11k/pci.c:637) ath11k_pci
? tasklet_clear_sched (kernel/softirq.c:752)
tasklet_action_common.constprop.0 (kernel/softirq.c:783)
__do_softirq (./arch/x86/include/asm/jump_label.h:27 ./include/linux/jump_label.h:212 ./include/trace/events/irq.h:142 kernel/softirq.c:559)
__irq_exit_rcu (kernel/softirq.c:432 kernel/softirq.c:636)
common_interrupt (arch/x86/kernel/irq.c:240 (discriminator 14))
</IRQ>
<TASK>
asm_common_interrupt (./arch/x86/include/asm/idtentry.h:629)
RIP: 0010:cpuidle_enter_state (drivers/cpuidle/cpuidle.c:259)
Code: ff e8 8e 95 db fe 80 3c 24 00 74 17 9c 58 0f 1f 44 00 00 f6 c4 02 0f 85 8e 06 00 00 31 ff e8 a1 b9 ef fe fb 66 0f 1f 44 00 00 <45> 85 ed 0f 88 52 03 00 00 4d 63 e5 4b 8d 04 64 49 8d 04 84 48 8d
All code
========
0: ff (bad)
1: e8 8e 95 db fe callq 0xfffffffffedb9594
6: 80 3c 24 00 cmpb $0x0,(%rsp)
a: 74 17 je 0x23
c: 9c pushfq
d: 58 pop %rax
e: 0f 1f 44 00 00 nopl 0x0(%rax,%rax,1)
13: f6 c4 02 test $0x2,%ah
16: 0f 85 8e 06 00 00 jne 0x6aa
1c: 31 ff xor %edi,%edi
1e: e8 a1 b9 ef fe callq 0xfffffffffeefb9c4
23: fb sti
24: 66 0f 1f 44 00 00 nopw 0x0(%rax,%rax,1)
2a:* 45 85 ed test %r13d,%r13d <-- trapping instruction
2d: 0f 88 52 03 00 00 js 0x385
33: 4d 63 e5 movslq %r13d,%r12
36: 4b 8d 04 64 lea (%r12,%r12,2),%rax
3a: 49 8d 04 84 lea (%r12,%rax,4),%rax
3e: 48 rex.W
3f: 8d .byte 0x8d
Code starting with the faulting instruction
===========================================
0: 45 85 ed test %r13d,%r13d
3: 0f 88 52 03 00 00 js 0x35b
9: 4d 63 e5 movslq %r13d,%r12
c: 4b 8d 04 64 lea (%r12,%r12,2),%rax
10: 49 8d 04 84 lea (%r12,%rax,4),%rax
14: 48 rex.W
15: 8d .byte 0x8d
RSP: 0018:ffffffffa1407de0 EFLAGS: 00000246
RAX: dffffc0000000000 RBX: ffff888003b20800 RCX: 1ffffffff41d935c
RDX: 1ffff11018748331 RSI: ffffffffa0a31b00 RDI: ffff8880c3a41988
RBP: ffffffffa18e0d20 R08: 0000000000000002 R09: ffff8880c3a41c2b
R10: ffffed1018748385 R11: 0000000000000001 R12: 0000000000000002
R13: 0000000000000002 R14: 0000001dfc72dae5 R15: ffffffffa18e0e08
? _raw_spin_unlock_irqrestore (./arch/x86/include/asm/preempt.h:103 ./include/linux/spinlock_api_smp.h:152 kernel/locking/spinlock.c:194)
? tick_nohz_idle_stop_tick (./include/linux/hrtimer.h:419 kernel/time/tick-sched.c:920 kernel/time/tick-sched.c:1062 kernel/time/tick-sched.c:1083)
cpuidle_enter (drivers/cpuidle/cpuidle.c:353)
do_idle (kernel/sched/idle.c:158 kernel/sched/idle.c:239 kernel/sched/idle.c:306)
? arch_cpu_idle_exit+0x40/0x40
cpu_startup_entry (kernel/sched/idle.c:402 (discriminator 1))
start_kernel (init/main.c:1137)
secondary_startup_64_no_verify (arch/x86/kernel/head_64.S:283)
</TASK>
Modules linked in: qrtr_mhi qrtr ath11k_pci mhi ath11k qmi_helpers mac80211 kvm_amd btusb btrtl btbcm ccp btintel libarc4 rng_core evdev bluetooth cfg80211 kvm leds_apu jitterentropy_rng sha512_ssse3 sha512_generic snd_pcm ctr sg drbg snd_timer irqbypass ansi_cprng snd ecdh_generic rfkill soundcore ecc pcspkr k10temp sp5100_tco watchdog button acpi_cpufreq drm fuse configfs ip_tables x_tables autofs4 ext4 crc32c_generic crc16 mbcache jbd2 sd_mod t10_pi crc_t10dif crct10dif_generic crct10dif_common uas usb_storage ohci_pci ahci libahci libata ehci_pci ohci_hcd r8169 ehci_hcd realtek mdio_devres scsi_mod usbcore i2c_piix4 usb_common scsi_common libphy
---[ end trace bd73d57ff2669c03 ]---
RIP: 0010:skb_zcopy_clear (./include/linux/skbuff.h:1549)
Code: e8 9a fe ff ff 48 85 c0 74 62 48 89 c5 48 89 df e8 ad ff ff ff 84 c0 75 2a 48 89 ea 48 c1 ea 03 48 b8 00 00 00 00 00 fc ff df <80> 3c 02 00 75 41 41 0f b6 d4 48 8b 45 00 48 89 ee 48 89 df 0f ae
All code
========
0: e8 9a fe ff ff callq 0xfffffffffffffe9f
5: 48 85 c0 test %rax,%rax
8: 74 62 je 0x6c
a: 48 89 c5 mov %rax,%rbp
d: 48 89 df mov %rbx,%rdi
10: e8 ad ff ff ff callq 0xffffffffffffffc2
15: 84 c0 test %al,%al
17: 75 2a jne 0x43
19: 48 89 ea mov %rbp,%rdx
1c: 48 c1 ea 03 shr $0x3,%rdx
20: 48 b8 00 00 00 00 00 movabs $0xdffffc0000000000,%rax
27: fc ff df
2a:* 80 3c 02 00 cmpb $0x0,(%rdx,%rax,1) <-- trapping instruction
2e: 75 41 jne 0x71
30: 41 0f b6 d4 movzbl %r12b,%edx
34: 48 8b 45 00 mov 0x0(%rbp),%rax
38: 48 89 ee mov %rbp,%rsi
3b: 48 89 df mov %rbx,%rdi
3e: 0f .byte 0xf
3f: ae scas %es:(%rdi),%al
Code starting with the faulting instruction
===========================================
0: 80 3c 02 00 cmpb $0x0,(%rdx,%rax,1)
4: 75 41 jne 0x47
6: 41 0f b6 d4 movzbl %r12b,%edx
a: 48 8b 45 00 mov 0x0(%rbp),%rax
e: 48 89 ee mov %rbp,%rsi
11: 48 89 df mov %rbx,%rdi
14: 0f .byte 0xf
15: ae scas %es:(%rdi),%al
RSP: 0018:ffff8880c3a09c30 EFLAGS: 00010216
RAX: dffffc0000000000 RBX: ffff88800c233b40 RCX: ffffffff9fce961b
RDX: 0008104200016463 RSI: 0000000000000001 RDI: ffff888015edeae8
RBP: 00408210000b231a R08: 0000000000000000 R09: ffff88800c233c17
R10: ffffed1001846782 R11: 0000000000000001 R12: 0000000000000001
R13: ffff88800c233bbe R14: ffff88800b701e58 R15: dffffc0000000000
FS: 0000000000000000(0000) GS:ffff8880c3a00000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007fdccf1c75c0 CR3: 00000000063a4000 CR4: 00000000000006f0
Kernel panic - not syncing: Fatal exception in interrupt
Kernel Offset: 0x1d800000 from 0xffffffff81000000 (relocation range: 0xffffffff80000000-0xffffffffbfffffff)
---[ end Kernel panic - not syncing: Fatal exception in interrupt ]---
-------------- next part --------------
general protection fault, probably for non-canonical address 0xe0080c4200016463: 0000 [#1] PREEMPT SMP KASAN NOPTI
KASAN: maybe wild-memory-access in range [0x00408210000b2318-0x00408210000b231f]
CPU: 0 PID: 0 Comm: swapper/0 Not tainted 5.16.0-rc1+ #1
Hardware name: PC Engines APU/APU, BIOS 4.0 09/08/2014
RIP: 0010:skb_zcopy_clear+0x34/0x8f
Code: e8 9a fe ff ff 48 85 c0 74 62 48 89 c5 48 89 df e8 ad ff ff ff 84 c0 75 2a 48 89 ea 48 c1 ea 03 48 b8 00 00 00 00 00 fc ff df <80> 3c 02 00 75 41 41 0f b6 d4 48 8b 45 00 48 89 ee 48 89 df 0f ae
RSP: 0018:ffff8880c3a09c30 EFLAGS: 00010216
RAX: dffffc0000000000 RBX: ffff88800c233b40 RCX: ffffffff9fce961b
RDX: 0008104200016463 RSI: 0000000000000001 RDI: ffff888015edeae8
RBP: 00408210000b231a R08: 0000000000000000 R09: ffff88800c233c17
R10: ffffed1001846782 R11: 0000000000000001 R12: 0000000000000001
R13: ffff88800c233bbe R14: ffff88800b701e58 R15: dffffc0000000000
FS: 0000000000000000(0000) GS:ffff8880c3a00000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007fdccf1c75c0 CR3: 00000000063a4000 CR4: 00000000000006f0
Call Trace:
<IRQ>
skb_release_data+0x91/0x1de
skb_release_all+0x3e/0x47
__kfree_skb+0xe/0x18
consume_skb+0x24/0x26
__dev_kfree_skb_any+0x2a/0x2b
ath11k_ce_tx_process_cb+0x3ef/0x8d0 [ath11k]
? __local_bh_enable_ip+0x37/0x80
? ath11k_ce_alloc_pipes+0x5c0/0x5c0 [ath11k]
? ath11k_hal_srng_access_end+0x1d7/0x5d0 [ath11k]
ath11k_ce_per_engine_service+0x96b/0xc60 [ath11k]
? _raw_spin_lock_irqsave+0x9a/0xf0
? __lock_text_start+0x8/0x8
? ath11k_ce_tx_process_cb+0x8d0/0x8d0 [ath11k]
? __wake_up_bit+0x100/0x100
? __irq_put_desc_unlock+0x18/0x90
ath11k_pci_ce_tasklet+0x64/0x100 [ath11k_pci]
? tasklet_clear_sched+0x47/0xe0
tasklet_action_common.constprop.0+0x240/0x2d0
__do_softirq+0x1b0/0x5b9
__irq_exit_rcu+0xc6/0x170
common_interrupt+0xa9/0xc0
</IRQ>
<TASK>
asm_common_interrupt+0x1e/0x40
RIP: 0010:cpuidle_enter_state+0x196/0xa60
Code: ff e8 8e 95 db fe 80 3c 24 00 74 17 9c 58 0f 1f 44 00 00 f6 c4 02 0f 85 8e 06 00 00 31 ff e8 a1 b9 ef fe fb 66 0f 1f 44 00 00 <45> 85 ed 0f 88 52 03 00 00 4d 63 e5 4b 8d 04 64 49 8d 04 84 48 8d
RSP: 0018:ffffffffa1407de0 EFLAGS: 00000246
RAX: dffffc0000000000 RBX: ffff888003b20800 RCX: 1ffffffff41d935c
RDX: 1ffff11018748331 RSI: ffffffffa0a31b00 RDI: ffff8880c3a41988
RBP: ffffffffa18e0d20 R08: 0000000000000002 R09: ffff8880c3a41c2b
R10: ffffed1018748385 R11: 0000000000000001 R12: 0000000000000002
R13: 0000000000000002 R14: 0000001dfc72dae5 R15: ffffffffa18e0e08
? _raw_spin_unlock_irqrestore+0x25/0x40
? tick_nohz_idle_stop_tick+0x599/0xa60
cpuidle_enter+0x4a/0xa0
do_idle+0x3d7/0x530
? arch_cpu_idle_exit+0x40/0x40
cpu_startup_entry+0x19/0x20
start_kernel+0x38d/0x3ab
secondary_startup_64_no_verify+0xb0/0xbb
</TASK>
Modules linked in: qrtr_mhi qrtr ath11k_pci mhi ath11k qmi_helpers mac80211 kvm_amd btusb btrtl btbcm ccp btintel libarc4 rng_core evdev bluetooth cfg80211 kvm leds_apu jitterentropy_rng sha512_ssse3 sha512_generic snd_pcm ctr sg drbg snd_timer irqbypass ansi_cprng snd ecdh_generic rfkill soundcore ecc pcspkr k10temp sp5100_tco watchdog button acpi_cpufreq drm fuse configfs ip_tables x_tables autofs4 ext4 crc32c_generic crc16 mbcache jbd2 sd_mod t10_pi crc_t10dif crct10dif_generic crct10dif_common uas usb_storage ohci_pci ahci libahci libata ehci_pci ohci_hcd r8169 ehci_hcd realtek mdio_devres scsi_mod usbcore i2c_piix4 usb_common scsi_common libphy
---[ end trace bd73d57ff2669c03 ]---
RIP: 0010:skb_zcopy_clear+0x34/0x8f
Code: e8 9a fe ff ff 48 85 c0 74 62 48 89 c5 48 89 df e8 ad ff ff ff 84 c0 75 2a 48 89 ea 48 c1 ea 03 48 b8 00 00 00 00 00 fc ff df <80> 3c 02 00 75 41 41 0f b6 d4 48 8b 45 00 48 89 ee 48 89 df 0f ae
RSP: 0018:ffff8880c3a09c30 EFLAGS: 00010216
RAX: dffffc0000000000 RBX: ffff88800c233b40 RCX: ffffffff9fce961b
RDX: 0008104200016463 RSI: 0000000000000001 RDI: ffff888015edeae8
RBP: 00408210000b231a R08: 0000000000000000 R09: ffff88800c233c17
R10: ffffed1001846782 R11: 0000000000000001 R12: 0000000000000001
R13: ffff88800c233bbe R14: ffff88800b701e58 R15: dffffc0000000000
FS: 0000000000000000(0000) GS:ffff8880c3a00000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007fdccf1c75c0 CR3: 00000000063a4000 CR4: 00000000000006f0
Kernel panic - not syncing: Fatal exception in interrupt
Kernel Offset: 0x1d800000 from 0xffffffff81000000 (relocation range: 0xffffffff80000000-0xffffffffbfffffff)
---[ end Kernel panic - not syncing: Fatal exception in interrupt ]---
-------------- next part --------------
general protection fault, probably for non-canonical address 0x408210000b231a: 0000 [#1] PREEMPT SMP NOPTI
CPU: 0 PID: 0 Comm: swapper/0 Not tainted 5.16.0-rc1+ #1
Hardware name: PC Engines APU/APU, BIOS 4.0 09/08/2014
RIP: 0010:skb_zcopy_clear+0x3f/0x70
Code: 48 89 c7 e8 81 02 00 00 48 89 45 f8 48 83 7d f8 00 74 45 48 8b 45 f0 48 89 c7 e8 ab 02 00 00 83 f0 01 84 c0 74 1e 48 8b 45 f8 <4c> 8b 00 0f b6 55 ec 48 8b 4d f8 48 8b 45 f0 48 89 ce 48 89 c7 e8
RSP: 0018:ffffb58e80003de8 EFLAGS: 00010202
RAX: 00408210000b231a RBX: ffff8aa303097b00 RCX: 0000000000000000
RDX: 0000000000000102 RSI: 0000000000000001 RDI: ffff8aa303097b00
RBP: ffffb58e80003e00 R08: 0000000000000212 R09: ffffffff922d24e8
R10: 0000000000000000 R11: 00000000db69d000 R12: ffff8aa310c69ac0
R13: ffff8aa303097b00 R14: ffff8aa3062235d8 R15: 0000000000000005
FS: 0000000000000000(0000) GS:ffff8aa31ac00000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 000055dac9d55408 CR3: 00000001090fa000 CR4: 00000000000006f0
Call Trace:
<IRQ>
skb_release_data+0x4b/0xa2
skb_release_all+0x20/0x22
__kfree_skb+0xe/0x18
consume_skb+0x24/0x26
__dev_kfree_skb_any+0x2a/0x2b
ath11k_ce_tx_process_cb+0x157/0x220 [ath11k]
ath11k_ce_per_engine_service+0x3c0/0x3d0 [ath11k]
? _raw_spin_lock_irqsave+0x26/0x50
ath11k_pci_ce_tasklet+0x1c/0x40 [ath11k_pci]
tasklet_action_common.constprop.0+0xaf/0xe0
__do_softirq+0xec/0x2e9
__irq_exit_rcu+0xbc/0x110
common_interrupt+0xb8/0xd0
</IRQ>
<TASK>
asm_common_interrupt+0x1e/0x40
RIP: 0010:cpuidle_enter_state+0xda/0x370
Code: 31 ff e8 d9 c6 9e ff 45 84 ff 74 17 9c 58 0f 1f 44 00 00 f6 c4 02 0f 85 78 02 00 00 31 ff e8 bd 97 a5 ff fb 66 0f 1f 44 00 00 <45> 85 f6 0f 88 11 01 00 00 49 63 c6 4c 2b 2c 24 48 8d 14 40 48 8d
RSP: 0018:ffffffff92203e60 EFLAGS: 00000246
RAX: ffff8aa31ac00000 RBX: 0000000000000002 RCX: 000000000000001f
RDX: 0000000000000000 RSI: ffffffff91b70667 RDI: ffffffff91b55729
RBP: ffff8aa300906c00 R08: 0000000955084e02 R09: 0000000000000018
R10: 0000000000000001 R11: 0000000000001015 R12: ffffffff923d05c0
R13: 0000000955084e02 R14: 0000000000000002 R15: 0000000000000000
cpuidle_enter+0x29/0x40
do_idle+0x200/0x2b0
cpu_startup_entry+0x19/0x20
start_kernel+0x6b7/0x6dc
secondary_startup_64_no_verify+0xb0/0xbb
</TASK>
Modules linked in: qrtr_mhi qrtr ath11k_pci mhi ath11k qmi_helpers mac80211 btusb btrtl btbcm btintel bluetooth libarc4 kvm_amd cfg80211 ccp rng_core jitterentropy_rng kvm sha512_ssse3 sha512_generic evdev ctr snd_pcm drbg sg snd_timer ansi_cprng leds_apu irqbypass ecdh_generic snd rfkill ecc soundcore pcspkr k10temp sp5100_tco watchdog button acpi_cpufreq drm fuse configfs ip_tables x_tables autofs4 ext4 crc32c_generic crc16 mbcache jbd2 sd_mod t10_pi crc_t10dif crct10dif_generic crct10dif_common uas usb_storage ohci_pci ahci libahci ohci_hcd ehci_pci ehci_hcd libata r8169 realtek mdio_devres scsi_mod usbcore i2c_piix4 usb_common scsi_common libphy
---[ end trace 23d792ef4816c4de ]---
RIP: 0010:skb_zcopy_clear+0x3f/0x70
Code: 48 89 c7 e8 81 02 00 00 48 89 45 f8 48 83 7d f8 00 74 45 48 8b 45 f0 48 89 c7 e8 ab 02 00 00 83 f0 01 84 c0 74 1e 48 8b 45 f8 <4c> 8b 00 0f b6 55 ec 48 8b 4d f8 48 8b 45 f0 48 89 ce 48 89 c7 e8
RSP: 0018:ffffb58e80003de8 EFLAGS: 00010202
RAX: 00408210000b231a RBX: ffff8aa303097b00 RCX: 0000000000000000
RDX: 0000000000000102 RSI: 0000000000000001 RDI: ffff8aa303097b00
RBP: ffffb58e80003e00 R08: 0000000000000212 R09: ffffffff922d24e8
R10: 0000000000000000 R11: 00000000db69d000 R12: ffff8aa310c69ac0
R13: ffff8aa303097b00 R14: ffff8aa3062235d8 R15: 0000000000000005
FS: 0000000000000000(0000) GS:ffff8aa31ac00000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 000055dac9d55408 CR3: 00000001090fa000 CR4: 00000000000006f0
Kernel panic - not syncing: Fatal exception in interrupt
Kernel Offset: 0xfa00000 from 0xffffffff81000000 (relocation range: 0xffffffff80000000-0xffffffffbfffffff)
---[ end Kernel panic - not syncing: Fatal exception in interrupt ]---
-------------- next part --------------
general protection fault, probably for non-canonical address 0x408210000b231a: 0000 [#1] PREEMPT SMP NOPTI
CPU: 0 PID: 0 Comm: swapper/0 Not tainted 5.16.0-rc1+ #1
Hardware name: PC Engines APU/APU, BIOS 4.0 09/08/2014
RIP: 0010:skb_zcopy_clear (./include/linux/skbuff.h:1551)
Code: 48 89 c7 e8 81 02 00 00 48 89 45 f8 48 83 7d f8 00 74 45 48 8b 45 f0 48 89 c7 e8 ab 02 00 00 83 f0 01 84 c0 74 1e 48 8b 45 f8 <4c> 8b 00 0f b6 55 ec 48 8b 4d f8 48 8b 45 f0 48 89 ce 48 89 c7 e8
All code
========
0: 48 89 c7 mov %rax,%rdi
3: e8 81 02 00 00 callq 0x289
8: 48 89 45 f8 mov %rax,-0x8(%rbp)
c: 48 83 7d f8 00 cmpq $0x0,-0x8(%rbp)
11: 74 45 je 0x58
13: 48 8b 45 f0 mov -0x10(%rbp),%rax
17: 48 89 c7 mov %rax,%rdi
1a: e8 ab 02 00 00 callq 0x2ca
1f: 83 f0 01 xor $0x1,%eax
22: 84 c0 test %al,%al
24: 74 1e je 0x44
26: 48 8b 45 f8 mov -0x8(%rbp),%rax
2a:* 4c 8b 00 mov (%rax),%r8 <-- trapping instruction
2d: 0f b6 55 ec movzbl -0x14(%rbp),%edx
31: 48 8b 4d f8 mov -0x8(%rbp),%rcx
35: 48 8b 45 f0 mov -0x10(%rbp),%rax
39: 48 89 ce mov %rcx,%rsi
3c: 48 89 c7 mov %rax,%rdi
3f: e8 .byte 0xe8
Code starting with the faulting instruction
===========================================
0: 4c 8b 00 mov (%rax),%r8
3: 0f b6 55 ec movzbl -0x14(%rbp),%edx
7: 48 8b 4d f8 mov -0x8(%rbp),%rcx
b: 48 8b 45 f0 mov -0x10(%rbp),%rax
f: 48 89 ce mov %rcx,%rsi
12: 48 89 c7 mov %rax,%rdi
15: e8 .byte 0xe8
RSP: 0018:ffffb58e80003de8 EFLAGS: 00010202
RAX: 00408210000b231a RBX: ffff8aa303097b00 RCX: 0000000000000000
RDX: 0000000000000102 RSI: 0000000000000001 RDI: ffff8aa303097b00
RBP: ffffb58e80003e00 R08: 0000000000000212 R09: ffffffff922d24e8
R10: 0000000000000000 R11: 00000000db69d000 R12: ffff8aa310c69ac0
R13: ffff8aa303097b00 R14: ffff8aa3062235d8 R15: 0000000000000005
FS: 0000000000000000(0000) GS:ffff8aa31ac00000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 000055dac9d55408 CR3: 00000001090fa000 CR4: 00000000000006f0
Call Trace:
<IRQ>
skb_release_data (net/core/skbuff.c:671)
skb_release_all (net/core/skbuff.c:743)
__kfree_skb (net/core/skbuff.c:757)
consume_skb (net/core/skbuff.c:912)
__dev_kfree_skb_any (net/core/dev.c:3038)
ath11k_ce_tx_process_cb (drivers/net/wireless/ath/ath11k/ce.c:515) ath11k
ath11k_ce_per_engine_service (drivers/net/wireless/ath/ath11k/ce.c:694) ath11k
? _raw_spin_lock_irqsave (./arch/x86/include/asm/atomic.h:202 ./include/linux/atomic/atomic-instrumented.h:513 ./include/asm-generic/qspinlock.h:82 ./include/linux/spinlock.h:185 ./include/linux/spinlock_api_smp.h:111 kernel/locking/spinlock.c:162)
ath11k_pci_ce_tasklet (drivers/net/wireless/ath/ath11k/pci.c:637) ath11k_pci
tasklet_action_common.constprop.0 (./arch/x86/include/asm/bitops.h:75 ./include/asm-generic/bitops/instrumented-atomic.h:42 kernel/softirq.c:879 kernel/softirq.c:787)
__do_softirq (./arch/x86/include/asm/jump_label.h:27 ./include/linux/jump_label.h:212 ./include/trace/events/irq.h:142 kernel/softirq.c:559)
__irq_exit_rcu (kernel/softirq.c:432 kernel/softirq.c:636)
common_interrupt (arch/x86/kernel/irq.c:240 (discriminator 14))
</IRQ>
<TASK>
asm_common_interrupt (./arch/x86/include/asm/idtentry.h:629)
RIP: 0010:cpuidle_enter_state (drivers/cpuidle/cpuidle.c:259)
Code: 31 ff e8 d9 c6 9e ff 45 84 ff 74 17 9c 58 0f 1f 44 00 00 f6 c4 02 0f 85 78 02 00 00 31 ff e8 bd 97 a5 ff fb 66 0f 1f 44 00 00 <45> 85 f6 0f 88 11 01 00 00 49 63 c6 4c 2b 2c 24 48 8d 14 40 48 8d
All code
========
0: 31 ff xor %edi,%edi
2: e8 d9 c6 9e ff callq 0xffffffffff9ec6e0
7: 45 84 ff test %r15b,%r15b
a: 74 17 je 0x23
c: 9c pushfq
d: 58 pop %rax
e: 0f 1f 44 00 00 nopl 0x0(%rax,%rax,1)
13: f6 c4 02 test $0x2,%ah
16: 0f 85 78 02 00 00 jne 0x294
1c: 31 ff xor %edi,%edi
1e: e8 bd 97 a5 ff callq 0xffffffffffa597e0
23: fb sti
24: 66 0f 1f 44 00 00 nopw 0x0(%rax,%rax,1)
2a:* 45 85 f6 test %r14d,%r14d <-- trapping instruction
2d: 0f 88 11 01 00 00 js 0x144
33: 49 63 c6 movslq %r14d,%rax
36: 4c 2b 2c 24 sub (%rsp),%r13
3a: 48 8d 14 40 lea (%rax,%rax,2),%rdx
3e: 48 rex.W
3f: 8d .byte 0x8d
Code starting with the faulting instruction
===========================================
0: 45 85 f6 test %r14d,%r14d
3: 0f 88 11 01 00 00 js 0x11a
9: 49 63 c6 movslq %r14d,%rax
c: 4c 2b 2c 24 sub (%rsp),%r13
10: 48 8d 14 40 lea (%rax,%rax,2),%rdx
14: 48 rex.W
15: 8d .byte 0x8d
RSP: 0018:ffffffff92203e60 EFLAGS: 00000246
RAX: ffff8aa31ac00000 RBX: 0000000000000002 RCX: 000000000000001f
RDX: 0000000000000000 RSI: ffffffff91b70667 RDI: ffffffff91b55729
RBP: ffff8aa300906c00 R08: 0000000955084e02 R09: 0000000000000018
R10: 0000000000000001 R11: 0000000000001015 R12: ffffffff923d05c0
R13: 0000000955084e02 R14: 0000000000000002 R15: 0000000000000000
cpuidle_enter (drivers/cpuidle/cpuidle.c:353)
do_idle (kernel/sched/idle.c:158 kernel/sched/idle.c:239 kernel/sched/idle.c:306)
cpu_startup_entry (kernel/sched/idle.c:402 (discriminator 1))
start_kernel (init/main.c:1137)
secondary_startup_64_no_verify (arch/x86/kernel/head_64.S:283)
</TASK>
Modules linked in: qrtr_mhi qrtr ath11k_pci mhi ath11k qmi_helpers mac80211 btusb btrtl btbcm btintel bluetooth libarc4 kvm_amd cfg80211 ccp rng_core jitterentropy_rng kvm sha512_ssse3 sha512_generic evdev ctr snd_pcm drbg sg snd_timer ansi_cprng leds_apu irqbypass ecdh_generic snd rfkill ecc soundcore pcspkr k10temp sp5100_tco watchdog button acpi_cpufreq drm fuse configfs ip_tables x_tables autofs4 ext4 crc32c_generic crc16 mbcache jbd2 sd_mod t10_pi crc_t10dif crct10dif_generic crct10dif_common uas usb_storage ohci_pci ahci libahci ohci_hcd ehci_pci ehci_hcd libata r8169 realtek mdio_devres scsi_mod usbcore i2c_piix4 usb_common scsi_common libphy
---[ end trace 23d792ef4816c4de ]---
RIP: 0010:skb_zcopy_clear (./include/linux/skbuff.h:1551)
Code: 48 89 c7 e8 81 02 00 00 48 89 45 f8 48 83 7d f8 00 74 45 48 8b 45 f0 48 89 c7 e8 ab 02 00 00 83 f0 01 84 c0 74 1e 48 8b 45 f8 <4c> 8b 00 0f b6 55 ec 48 8b 4d f8 48 8b 45 f0 48 89 ce 48 89 c7 e8
All code
========
0: 48 89 c7 mov %rax,%rdi
3: e8 81 02 00 00 callq 0x289
8: 48 89 45 f8 mov %rax,-0x8(%rbp)
c: 48 83 7d f8 00 cmpq $0x0,-0x8(%rbp)
11: 74 45 je 0x58
13: 48 8b 45 f0 mov -0x10(%rbp),%rax
17: 48 89 c7 mov %rax,%rdi
1a: e8 ab 02 00 00 callq 0x2ca
1f: 83 f0 01 xor $0x1,%eax
22: 84 c0 test %al,%al
24: 74 1e je 0x44
26: 48 8b 45 f8 mov -0x8(%rbp),%rax
2a:* 4c 8b 00 mov (%rax),%r8 <-- trapping instruction
2d: 0f b6 55 ec movzbl -0x14(%rbp),%edx
31: 48 8b 4d f8 mov -0x8(%rbp),%rcx
35: 48 8b 45 f0 mov -0x10(%rbp),%rax
39: 48 89 ce mov %rcx,%rsi
3c: 48 89 c7 mov %rax,%rdi
3f: e8 .byte 0xe8
Code starting with the faulting instruction
===========================================
0: 4c 8b 00 mov (%rax),%r8
3: 0f b6 55 ec movzbl -0x14(%rbp),%edx
7: 48 8b 4d f8 mov -0x8(%rbp),%rcx
b: 48 8b 45 f0 mov -0x10(%rbp),%rax
f: 48 89 ce mov %rcx,%rsi
12: 48 89 c7 mov %rax,%rdi
15: e8 .byte 0xe8
RSP: 0018:ffffb58e80003de8 EFLAGS: 00010202
RAX: 00408210000b231a RBX: ffff8aa303097b00 RCX: 0000000000000000
RDX: 0000000000000102 RSI: 0000000000000001 RDI: ffff8aa303097b00
RBP: ffffb58e80003e00 R08: 0000000000000212 R09: ffffffff922d24e8
R10: 0000000000000000 R11: 00000000db69d000 R12: ffff8aa310c69ac0
R13: ffff8aa303097b00 R14: ffff8aa3062235d8 R15: 0000000000000005
FS: 0000000000000000(0000) GS:ffff8aa31ac00000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 000055dac9d55408 CR3: 00000001090fa000 CR4: 00000000000006f0
Kernel panic - not syncing: Fatal exception in interrupt
Kernel Offset: 0xfa00000 from 0xffffffff81000000 (relocation range: 0xffffffff80000000-0xffffffffbfffffff)
---[ end Kernel panic - not syncing: Fatal exception in interrupt ]---
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: This is a digitally signed message part.
URL: <http://lists.infradead.org/pipermail/ath11k/attachments/20211206/540196a2/attachment-0001.sig>
More information about the ath11k
mailing list