firmware icon indicating copy to clipboard operation
firmware copied to clipboard
verified publisher icon linux4wilc

WILC1000 Kernel Panic

Open mmader87 opened this issue 4 years ago • 5 comments

The following kernel panic was observed while shutting down Linux. This kernel panic occurs intermittently. Running v15.5 of the WILC1000 firmware/kernel driver.

[ 190.921835] Unable to handle kernel NULL pointer dereference at virtual address 0000000000000000 [ 190.930624] Mem abort info: [ 190.933414] ESR = 0x96000004 [ 190.936465] EC = 0x25: DABT (current EL), IL = 32 bits [ 190.941772] SET = 0, FnV = 0 [ 190.944822] EA = 0, S1PTW = 0 [ 190.947959] Data abort info: [ 190.950835] ISV = 0, ISS = 0x00000004 [ 190.954666] CM = 0, WnR = 0 [ 190.957631] user pgtable: 4k pages, 48-bit VAs, pgdp=0000000052363000 [ 190.964067] [0000000000000000] pgd=0000000000000000 [ 190.968944] Internal error: Oops: 96000004 [#1] PREEMPT SMP [ 190.974513] Modules linked in: usb_f_eem g_ether usb_f_rndis u_ether libcomposite ci_hdrc_imx ci_hdrc usbmisc_imx ulpi roles udc_core imx219 spi_imx imx_sdma phy_generic hx280enc hantrodec_845s wilc_spi crc_itu_t crc7 ti_ads7950 industrialio_triggered_buffer kfifo_buf rtc_ds1307 galcore(O) drs bq27xxx_battery_i2c bq27xxx_battery bq25896_charger ipv6 nf_defrag_ipv6 [ 191.006774] CPU: 0 PID: 481 Comm: K_TXQ_TASK Tainted: G O 5.4.3-imx8mm+g8649ed67a58b #1 [ 191.016075] Hardware name: Variscite VAR-SOM-MX8MM (DT) [ 191.021297] pstate: a0000085 (NzCv daIf -PAN -UAO) [ 191.026110] pc : wilc_wlan_txq_remove_from_head+0x6c/0xd0 [wilc_spi] [ 191.032467] lr : wilc_wlan_txq_remove_from_head+0x24/0xd0 [wilc_spi] [ 191.038816] sp : ffff8000117dbb60 [ 191.042126] x29: ffff8000117dbb60 x28: 0000000000000001 [ 191.047435] x27: ffff00001226ae00 x26: 00000000000000e4 [ 191.052744] x25: ffff8000117dbdac x24: ffff8000117dbd94 [ 191.058052] x23: ffff8000117dbc90 x22: ffff000013bacfe8 [ 191.063361] x21: 0000000000000000 x20: ffff000013bac7c0 [ 191.068669] x19: ffff000013bb1620 x18: 0000000000000000 [ 191.073978] x17: 0000000000000000 x16: 0000000000000000 [ 191.079286] x15: 0000000000000000 x14: 0000000000000000 [ 191.084594] x13: 008b20f22653787e x12: 0000000000000001 [ 191.089903] x11: 0000000000000000 x10: 0000000000000002 [ 191.095211] x9 : ffff000017da86d0 x8 : ffff000017da7d00 [ 191.100520] x7 : ffff0000165fa940 x6 : ffff000015f691e0 [ 191.105828] x5 : 0000000000000001 x4 : dead000000000100 [ 191.111136] x3 : dead000000000122 x2 : 0000000000005d90 [ 191.116445] x1 : 0000000000000000 x0 : 00000000000000e4 [ 191.121753] Call trace: [ 191.124205] wilc_wlan_txq_remove_from_head+0x6c/0xd0 [wilc_spi] [ 191.130215] wilc_wlan_handle_txq+0x87c/0xd50 [wilc_spi] [ 191.135531] wilc_txq_task+0xc0/0x288 [wilc_spi] [ 191.140152] kthread+0xf0/0x120 [ 191.143295] ret_from_fork+0x10/0x18 [ 191.146871] Code: d37ef673 cb000273 8b130e93 f9479a75 (a94002a2) [ 191.152962] ---[ end trace 9ea645e4cc8174c3 ]---

mmader87 avatar Oct 21 '21 12:10 mmader87

Interesting.

We've seen a similar oops at runtime if you cycle the interface down, up, then run a scan, repeatedly in a loop. The same NULL dereference and PC is at [ 191.026110] pc : wilc_wlan_txq_remove_from_head+0x6c/0xd0 [wilc_spi]

Have not seen this at shutdown though.

ts-kris avatar Oct 22 '21 16:10 ts-kris

I think I have a fix for the null dereference but I want to beat it up some so I'll try that! Does this script look like what you did to test it out?

#!/bin/sh

while : do ifconfig wlan0 up sleep 1 wpa_cli -i wlan0 scan sleep 1 ifconfig wlan0 down sleep 1 done

These were the two small changes I made:

image

image

mmader87 avatar Oct 25 '21 14:10 mmader87

The loop I was using to test is:

while true; do ifconfig wlan0 down; ifconfig wlan0 up; iw dev wlan0 scan; done

No 'sleep's and using 'iw' instead of 'wpa_cli' Let me know how testing goes on that.

ts-kris avatar Oct 25 '21 16:10 ts-kris

The testing seems to be going smoothly for me. The only thing I see now is this warning... at least it isn't a panic.

[ 4248.970436] ------------[ cut here ]------------ [ 4248.975054] Trying to free already-free IRQ 176 [ 4248.979606] WARNING: CPU: 2 PID: 2490 at kernel/irq/manage.c:1707 __free_irq+0x17c/0x2b8 [ 4248.987694] Modules linked in: usb_f_eem g_ether usb_f_rndis u_ether libcomposite ci_hdrc_imx ci_hdrc phy_generic ulpi usbmisc_imx roles udc_core imx219 spi_imx imx_sdma hantrodec_845s hx280enc wilc_spi crc_itu_t crc7 ti_ads7950 industrialio_triggered_buffer kfifo_buf rtc_ds1307 galcore(O) drs bq27xxx_battery_i2c bq27xxx_battery bq25896_charger ipv6 nf_defrag_ipv6 [ 4249.019970] CPU: 2 PID: 2490 Comm: ifconfig Tainted: G O 5.4.3-imx8mm+g3ced8df99eaa #1 [ 4249.029186] Hardware name: Variscite VAR-SOM-MX8MM (DT) [ 4249.034410] pstate: 40000085 (nZcv daIf -PAN -UAO) [ 4249.039200] pc : __free_irq+0x17c/0x2b8 [ 4249.043034] lr : __free_irq+0x17c/0x2b8 [ 4249.046867] sp : ffff80001116b970 [ 4249.050179] x29: ffff80001116b970 x28: 0000ffffc2741002 [ 4249.055490] x27: ffff000013d09600 x26: 0000000000000000 [ 4249.060800] x25: 00000000000000b0 x24: ffff000015eac188 [ 4249.066111] x23: ffff000015eac0d4 x22: 0000000000000000 [ 4249.071421] x21: ffff000013fb87c0 x20: ffff000015eac000 [ 4249.076732] x19: ffff000013fb87c0 x18: 0000000000000010 [ 4249.082042] x17: 0000000000000000 x16: 0000000000000000 [ 4249.087353] x15: ffff000009783a60 x14: ffffffffffffffff [ 4249.092663] x13: ffff80009116b6d7 x12: ffff80001116b6df [ 4249.097974] x11: ffff800010c1c000 x10: ffff800010c9ebd0 [ 4249.103284] x9 : 0000000000000000 x8 : ffff800010c9f000 [ 4249.108595] x7 : ffff8000104f4fa8 x6 : 00000000000014f9 [ 4249.113905] x5 : ffff000017d9e838 x4 : 0000000000000001 [ 4249.119215] x3 : ffff000017d9e838 x2 : 0000000000000007 [ 4249.124525] x1 : e1d91dfa2c8f8100 x0 : 0000000000000000 [ 4249.129837] Call trace: [ 4249.132283] __free_irq+0x17c/0x2b8 [ 4249.135771] free_irq+0x30/0x70 [ 4249.138935] wilc_wlan_deinitialize+0x11c/0x248 [wilc_spi] [ 4249.144431] wilc_mac_close+0xa0/0x118 [wilc_spi] [ 4249.149137] __dev_close_many+0xa4/0x128 [ 4249.153061] __dev_change_flags+0xac/0x1b8 [ 4249.157156] dev_change_flags+0x20/0x60 [ 4249.160993] devinet_ioctl+0x63c/0x6f8 [ 4249.164743] inet_ioctl+0x2f4/0x360 [ 4249.168231] sock_do_ioctl+0x44/0x2b0 [ 4249.171892] sock_ioctl+0x264/0x528 [ 4249.175384] do_vfs_ioctl+0x964/0xb48 [ 4249.179045] ksys_ioctl+0x44/0x90 [ 4249.182359] __arm64_sys_ioctl+0x1c/0x28 [ 4249.186285] el0_svc_common.constprop.0+0x68/0x160 [ 4249.191075] el0_svc_handler+0x20/0x80 [ 4249.194824] el0_svc+0x8/0xc [ 4249.197703] ---[ end trace 767f9f663bc86596 ]---

mmader87 avatar Oct 25 '21 17:10 mmader87

@mmader87 For what it's worth, we've seen this resolved in the latest driver and firmware version.

ts-kris avatar Jun 17 '22 18:06 ts-kris