[BPI-R3] Crash in sta_set_sinfo+0xa18

aredridel · April 7, 2023, 2:12am

Has anyone seen a crash like this?

I’ve got two BPI-R3 running the latest snapshots of OpenWRT; there’s a mesh network between them (wpad-mesh-wolfssl to manage it; the hostapd in this trace is from that package)

It crashes frequently, I suspect when devices move between the two APs. It’s worse with 802.11r turned on.

[  127.035755] Unable to handle kernel NULL pointer dereference at virtual address 0000000000000008
[  127.044543] Mem abort info:
[  127.047322]   ESR = 0x0000000096000005
[  127.051054]   EC = 0x25: DABT (current EL), IL = 32 bits
[  127.056356]   SET = 0, FnV = 0
[  127.059394]   EA = 0, S1PTW = 0
[  127.062518]   FSC = 0x05: level 1 translation fault
[  127.067387] Data abort info:
[  127.070254]   ISV = 0, ISS = 0x00000005
[  127.074078]   CM = 0, WnR = 0
[  127.077033] user pgtable: 4k pages, 39-bit VAs, pgdp=0000000044ef3000
[  127.083452] [0000000000000008] pgd=0000000000000000, p4d=0000000000000000, pud=0000000000000000
[  127.092139] Internal error: Oops: 96000005 [#1] SMP
[  127.097000] Modules linked in: pppoe ppp_async nft_fib_inet nf_flow_table_ipv6 nf_flow_table_ipv4 nf_flow_table_inet pppox ppp_generic nft_reject_ipv6 nft_reject_ipv4 nft_reject_inet nft_reject_bridge nft_reject nft_redir nft_quota nft_objref nft_numgen nft_nat nft_meta_bridge nft_masq nft_log nft_limit nft_hash nft_fwd_netdev nft_flow_offload nft_fib_ipv6 nft_fib_ipv4 nft_fib nft_dup_netdev nft_ct nft_counter nft_compat nft_chain_nat nf_tables nf_nat nf_flow_table nf_conntrack_bridge nf_conntrack mt7915e mt76_connac_lib mt76 mac80211 iptable_mangle iptable_filter ipt_REJECT ip_tables cfg80211 xt_time xt_tcpudp xt_multiport xt_mark xt_mac xt_limit xt_comment xt_TCPMSS xt_LOG x_tables slhc sfp nfnetlink nf_reject_ipv6 nf_reject_ipv4 nf_log_syslog nf_dup_netdev nf_defrag_ipv6 nf_defrag_ipv4 mdio_i2c libcrc32c crc_ccitt compat crypto_safexcel pwm_fan hwmon i2c_gpio i2c_algo_bit tun sha1_generic seqiv md5 des_generic libdes authencesn authenc leds_gpio xhci_plat_hcd xhci_pci xhci_mtk_hcd
[  127.097141]  xhci_hcd gpio_button_hotplug usbcore usb_common
[  127.189709] CPU: 3 PID: 1566 Comm: hostapd Not tainted 5.15.104 #0
[  127.195870] Hardware name: Bananapi BPI-R3 (DT)
[  127.200382] pstate: 60000005 (nZCv daif -PAN -UAO -TCO -DIT -SSBS BTYPE=--)
[  127.207323] pc : sta_set_sinfo+0xa18/0xbb0 [mac80211]
[  127.212401] lr : sta_set_sinfo+0x5b8/0xbb0 [mac80211]
[  127.217450] sp : ffffffc00a1437a0
[  127.220748] x29: ffffffc00a1437a0 x28: 0000000000000001 x27: ffffffc00a143dd0
[  127.227864] x26: ffffff800007e880 x25: ffffff8006670900 x24: ffffff80049de735
[  127.234978] x23: 000000000000dad4 x22: ffffff8006452d00 x21: 0000058d1783bf82
[  127.242093] x20: ffffff80049de000 x19: ffffff800b4b1b00 x18: 0000000000000000
[  127.249209] x17: 00000000000015e0 x16: ffffffc008f05000 x15: 0000000000000af0
[  127.256324] x14: ffffff80049dedf8 x13: ffffff80049dedf8 x12: 0000000000000000
[  127.263439] x11: 0000000000000000 x10: ffffff80049dee00 x9 : 0000000000000000
[  127.270554] x8 : ffffff800b4b1c00 x7 : 0000000000002314 x6 : ffffff8003af03a0
[  127.277669] x5 : ffffff8003af0880 x4 : 0000000000000003 x3 : ffffff800b4b1b44
[  127.284784] x2 : 0000000000000000 x1 : 0000000000000001 x0 : 0000000000000004
[  127.291899] Call trace:
[  127.294332]  sta_set_sinfo+0xa18/0xbb0 [mac80211]
[  127.299038]  sta_set_sinfo+0xb10/0xbb0 [mac80211]
[  127.303741]  sta_info_destroy_addr_bss+0x4c/0x70 [mac80211]
[  127.309310]  ieee80211_color_change_finish+0x1bf8/0x1e80 [mac80211]
[  127.315573]  cfg80211_check_station_change+0x1384/0x4720 [cfg80211]
[  127.321834]  genl_family_rcv_msg_doit+0xb4/0x110
[  127.326437]  genl_rcv_msg+0xd0/0x1c0
[  127.329997]  netlink_rcv_skb+0x58/0x120
[  127.333816]  genl_rcv+0x34/0x50
[  127.336942]  netlink_unicast+0x1f0/0x2ec
[  127.340848]  netlink_sendmsg+0x19c/0x3d0
[  127.344753]  ____sys_sendmsg+0x21c/0x260
[  127.348660]  ___sys_sendmsg+0x80/0xf0
[  127.352307]  __sys_sendmsg+0x44/0xa0
[  127.355865]  __arm64_sys_sendmsg+0x20/0x30
[  127.359944]  invoke_syscall.constprop.0+0x4c/0xe0
[  127.364631]  do_el0_svc+0x40/0xd0
[  127.367930]  el0_svc+0x14/0x50
[  127.370973]  el0t_64_sync_handler+0xe0/0x110
[  127.375227]  el0t_64_sync+0x158/0x15c
[  127.378878] Code: d3441c42 12000c00 8b020cc2 f9409c42 (f9400446) 
[  127.384951] ---[ end trace b902af5b08d1a620 ]---
[  127.393978] Kernel panic - not syncing: Oops: Fatal exception
[  127.399708] SMP: stopping secondary CPUs
[  127.403615] Kernel Offset: disabled
[  127.407086] CPU features: 0x00000000,20000802
[  127.411427] Memory Limit: none
[  127.418816] Rebooting in 3 seconds..

While I’m at it, any way to get it to reboot into the same system? It wouldn’t be so bad if I didn’t have to go reboot the device manually afterward.

frank-w · April 7, 2023, 9:44am

I do not know openwrt specific bootup enough to ensure boot to same system instead of recovery,but maybe i can help to fix the issue itself

https://elixir.bootlin.com/linux/latest/source/net/mac80211/sta_info.c#L2505

You can try to add some debug information in this function to check which pointer is Null

printk(KERN_ALERT "DEBUG: Passed %s %d val:0x%0x\n",__FUNCTION__,__LINE__,(unsigned int)val);

val needs to be replaced by the possible value which can be Null (without the last access)

E.g.

printk(KERN_ALERT "DEBUG: Passed %s %d sdata:0x%0x\n",__FUNCTION__,__LINE__,(unsigned int)sdata);
printk(KERN_ALERT "DEBUG: Passed %s %d sdata->local:0x%0x\n",__FUNCTION__,__LINE__,(unsigned int)sdata->local);
sinfo->generation = sdata->local->sta_generation;

aredridel · April 7, 2023, 1:13pm

Heh, that’s the easy part (I speak enough C to just do that) but I don’t actually know what the process for building and booting a custom kernel is in a way that would leave my existing configuration likely to work. Any tips?

frank-w · April 7, 2023, 6:42pm

It should be possible change it in the patched source of openwrt and recompile. But i don’t use openwrt so i do not know the build tools enough

rincewind · April 8, 2023, 12:27am

https://openwrt.org/docs/guide-developer/start#using_the_toolchain

dangowrt · April 8, 2023, 7:58pm

OpenWrt uses out-of-tree drivers for Wi-Fi build using compat-backport. That allows us to use bleeding-edge wifi drivers on top of Linux stable kernel. Hence, if you want to add printf’s to anywhere in the wifi drivers, it will have to happen via package/kernel/mac80211/patches/. The easiest and most convenient way is probably doing this using quilt, and that will roughly look like this:

make package/mac80211/{clean,prepare} QUILT=1
cd build_dir/target-*/linux-*/backports-*
quilt push -a
quilt new patches/subsys/999-my-custom-patch.patch
quilt add ${files_to_be_edited}
# now edit files
quilt refresh
cd ../../../..
make package/mac80211/compile V=99
# if it build successfully, proceed building the complete image
make -j$(nproc)

aredridel · April 8, 2023, 10:35pm

Alrighty, let me give it a spin, thank you for the TL;DR version, that’s super helpful.

frank-w · September 29, 2023, 2:10pm

another user stumbled over this here: https://github.com/openwrt/openwrt/issues/12143#issuecomment-1740868809

@aredridel have you found out why this happens?

hboterman · September 29, 2023, 7:23pm

That’s right and like @aredridel I activated wifi roaming on my four BPiR3. I will try disable that on Monday.

jcdutton · April 3, 2024, 12:29pm

This bug was tracked down by me, and is fixed as described in this thread:

github.com/openwrt/openwrt

Bananapi BPI-R3 freezes randomly

opened 01:47PM - 31 Jul 23 UTC

hagier

bug

### Describe the bug After random time between couple minutes and 24 hours, m…y router freezes completely. I can see that WiFi LEDs are not blinking anymore and I cannot connect to it using ethernet cable. I tried saving kernel logs between freezes and restarts but I can't see absolutely no errors at all. I tried installing stable releases and SNAPSHOTs but no luck at all. I even started controlling temperature from sensor but I cannot see anything abnormal. I don't know what more can I do to find a source of a problem. I've tried many configurations and solutions for two weeks now and looks like nothing's really changed. I decided to open a bug report because I'm not able to find a solution on my own. System log between crashes (freeze happened around 14:30): ``` Mon Jul 31 12:15:16 2023 kern.info kernel: [ 21.052057] IPv6: ADDRCONF(NETDEV_CHANGE): phy0-ap0: link becomes ready Mon Jul 31 12:15:16 2023 kern.info kernel: [ 21.058780] br-lanpriv: port 2(phy0-ap0) entered blocking state Mon Jul 31 12:15:16 2023 kern.info kernel: [ 21.064702] br-lanpriv: port 2(phy0-ap0) entered listening state Mon Jul 31 12:15:16 2023 daemon.notice netifd: Network device 'phy0-ap0' link is up Mon Jul 31 12:15:16 2023 kern.info kernel: [ 21.162727] br-laniot: port 6(phy0-ap1) entered blocking state Mon Jul 31 12:15:16 2023 kern.info kernel: [ 21.168565] br-laniot: port 6(phy0-ap1) entered disabled state Mon Jul 31 12:15:16 2023 kern.info kernel: [ 21.174680] device phy0-ap1 entered promiscuous mode Mon Jul 31 12:15:17 2023 daemon.notice netifd: Network device 'phy0-ap1' link is up Mon Jul 31 12:15:17 2023 daemon.notice netifd: Network device 'phy0-ap1' link is down Mon Jul 31 12:15:17 2023 kern.info kernel: [ 21.272669] br-laniot: port 6(phy0-ap1) entered blocking state Mon Jul 31 12:15:17 2023 kern.info kernel: [ 21.278507] br-laniot: port 6(phy0-ap1) entered listening state Mon Jul 31 12:15:17 2023 daemon.notice netifd: Network device 'phy0-ap1' link is up Mon Jul 31 12:15:17 2023 kern.info kernel: [ 21.431937] IPv6: ADDRCONF(NETDEV_CHANGE): phy0-ap1: link becomes ready Mon Jul 31 12:15:17 2023 kern.info kernel: [ 21.502160] br-languest: port 2(phy0-ap2) entered blocking state Mon Jul 31 12:15:17 2023 kern.info kernel: [ 21.508176] br-languest: port 2(phy0-ap2) entered disabled state Mon Jul 31 12:15:17 2023 kern.info kernel: [ 21.514434] device phy0-ap2 entered promiscuous mode Mon Jul 31 14:44:09 2023 kern.info kernel: [ 21.581588] br-languest: port 2(phy0-ap2) entered blocking state Mon Jul 31 14:44:09 2023 kern.info kernel: [ 21.587599] br-languest: port 2(phy0-ap2) entered listening state Mon Jul 31 14:44:09 2023 daemon.notice netifd: Network device 'phy0-ap2' link is up Mon Jul 31 14:44:09 2023 kern.info kernel: [ 21.762001] IPv6: ADDRCONF(NETDEV_CHANGE): phy0-ap2: link becomes ready Mon Jul 31 14:44:09 2023 kern.info kernel: [ 21.911775] br-lanmgmt: port 2(phy0-ap3) entered blocking state Mon Jul 31 14:44:09 2023 kern.info kernel: [ 21.917705] br-lanmgmt: port 2(phy0-ap3) entered disabled state Mon Jul 31 14:44:09 2023 kern.info kernel: [ 21.923889] device phy0-ap3 entered promiscuous mode Mon Jul 31 14:44:09 2023 kern.info kernel: [ 21.931070] br-lanmgmt: port 2(phy0-ap3) entered blocking state Mon Jul 31 14:44:09 2023 kern.info kernel: [ 21.937002] br-lanmgmt: port 2(phy0-ap3) entered listening state Mon Jul 31 14:44:09 2023 daemon.notice netifd: Network device 'phy0-ap3' link is up ``` Kernel log between crashes (last lines from previous log are recorded hours before freeze): ``` [ 48.267590] br-vlan: topology change detected, sending tcn bpdu [ 52.310271] br-lanmgmt: port 1(br-vlan.99) entered learning state [ 52.316439] br-laniot: port 5(br-vlan.50) entered learning state [ 52.322531] br-languest: port 1(br-vlan.20) entered learning state [ 52.328797] br-lanpriv: port 1(br-vlan.10) entered learning state [ 60.630269] br-lanpriv: port 1(br-vlan.10) entered forwarding state [ 60.636542] br-lanpriv: topology change detected, propagating [ 60.642372] br-languest: port 1(br-vlan.20) entered forwarding state [ 60.648742] br-languest: topology change detected, propagating [ 60.654631] br-laniot: port 5(br-vlan.50) entered forwarding state [ 60.660815] br-laniot: topology change detected, propagating [ 60.666525] br-lanmgmt: port 1(br-vlan.99) entered forwarding state [ 60.672794] br-lanmgmt: topology change detected, propagating [ 0.000000] Booting Linux on physical CPU 0x0000000000 [0x410fd034] [ 0.000000] Linux version 5.15.120 (builder@buildhost) (aarch64-openwrt-linux-musl-gcc (OpenWrt GCC 12.3.0 r23627-dcdcfc1511) 12.3.0, GNU ld (GNU Binutils) 2.40.0) #0 SMP Thu Jul 27 11:46:26 2023 [ 0.000000] Machine model: Bananapi BPI-R3 [ 0.000000] Zone ranges: [ 0.000000] DMA [mem 0x0000000040000000-0x00000000bfffffff] [ 0.000000] DMA32 empty [ 0.000000] Normal empty [ 0.000000] Movable zone start for each node [ 0.000000] Early memory node ranges [ 0.000000] node 0: [mem 0x0000000040000000-0x0000000042ffffff] [ 0.000000] node 0: [mem 0x0000000043000000-0x000000004302ffff] [ 0.000000] node 0: [mem 0x0000000043030000-0x000000004fbfffff] [ 0.000000] node 0: [mem 0x000000004fc00000-0x000000004ffbffff] [ 0.000000] node 0: [mem 0x000000004ffc0000-0x00000000bfffffff] [ 0.000000] Initmem setup node 0 [mem 0x0000000040000000-0x00000000bfffffff] [ 0.000000] psci: probing for conduit method from DT. [ 0.000000] psci: PSCIv1.1 detected in firmware. [ 0.000000] psci: Using standard PSCI v0.2 function IDs [ 0.000000] psci: MIGRATE_INFO_TYPE not supported. [ 0.000000] psci: SMC Calling Convention v1.2 [ 0.000000] percpu: Embedded 17 pages/cpu s30040 r8192 d31400 u69632 [ 0.000000] pcpu-alloc: s30040 r8192 d31400 u69632 alloc=17*4096 [ 0.000000] pcpu-alloc: [0] 0 [0] 1 [0] 2 [0] 3 [ 0.000000] Detected VIPT I-cache on CPU0 [ 0.000000] CPU features: detected: GIC system register CPU interface [ 0.000000] CPU features: kernel page table isolation disabled by kernel configuration [ 0.000000] Built 1 zonelists, mobility grouping on. Total pages: 516096 [ 0.000000] Kernel command line: root=/dev/mmcblk0p65 [ 0.000000] Dentry cache hash table entries: 262144 (order: 9, 2097152 bytes, linear) [ 0.000000] Inode-cache hash table entries: 131072 (order: 8, 1048576 bytes, linear) [ 0.000000] mem auto-init: stack:off, heap alloc:off, heap free:off [ 0.000000] Memory: 2040204K/2097152K available (8384K kernel code, 912K rwdata, 2280K rodata, 448K init, 303K bss, 56948K reserved, 0K cma-reserved) [ 0.000000] SLUB: HWalign=64, Order=0-3, MinObjects=0, CPUs=4, Nodes=1 [ 0.000000] rcu: Hierarchical RCU implementation. [ 0.000000] Tracing variant of Tasks RCU enabled. [ 0.000000] rcu: RCU calculated value of scheduler-enlistment delay is 10 jiffies. [ 0.000000] NR_IRQS: 64, nr_irqs: 64, preallocated irqs: 0 [ 0.000000] GICv3: GIC: Using split EOI/Deactivate mode [ 0.000000] GICv3: 640 SPIs implemented [ 0.000000] GICv3: 0 Extended SPIs implemented [ 0.000000] GICv3: Distributor has no Range Selector support [ 0.000000] Root IRQ handler: gic_handle_irq [ 0.000000] GICv3: 16 PPIs implemented [ 0.000000] GICv3: CPU0: found redistributor 0 region 0:0x000000000c080000 [ 0.000000] arch_timer: cp15 timer(s) running at 13.00MHz (phys). [ 0.000000] clocksource: arch_sys_counter: mask: 0xffffffffffffff max_cycles: 0x2ff89eacb, max_idle_ns: 440795202429 ns [ 0.000001] sched_clock: 56 bits at 13MHz, resolution 76ns, wraps every 4398046511101ns [ 0.000122] Calibrating delay loop (skipped), value calculated using timer frequency.. 26.00 BogoMIPS (lpj=130000) [ 0.000130] pid_max: default: 32768 minimum: 301 [ 0.000341] Mount-cache hash table entries: 4096 (order: 3, 32768 bytes, linear) [ 0.000354] Mountpoint-cache hash table entries: 4096 (order: 3, 32768 bytes, linear) [ 0.001395] rcu: Hierarchical SRCU implementation. [ 0.001684] smp: Bringing up secondary CPUs ... [ 0.001942] Detected VIPT I-cache on CPU1 [ 0.001966] GICv3: CPU1: found redistributor 1 region 0:0x000000000c0a0000 [ 0.001992] CPU1: Booted secondary processor 0x0000000001 [0x410fd034] [ 0.002254] Detected VIPT I-cache on CPU2 [ 0.002267] GICv3: CPU2: found redistributor 2 region 0:0x000000000c0c0000 [ 0.002279] CPU2: Booted secondary processor 0x0000000002 [0x410fd034] [ 0.002516] Detected VIPT I-cache on CPU3 [ 0.002526] GICv3: CPU3: found redistributor 3 region 0:0x000000000c0e0000 [ 0.002535] CPU3: Booted secondary processor 0x0000000003 [0x410fd034] [ 0.002561] smp: Brought up 1 node, 4 CPUs [ 0.002576] SMP: Total of 4 processors activated. [ 0.002579] CPU features: detected: 32-bit EL0 Support [ 0.002582] CPU features: detected: CRC32 instructions [ 0.002606] CPU features: emulated: Privileged Access Never (PAN) using TTBR0_EL1 switching [ 0.002658] CPU: All CPU(s) started at EL2 [ 0.002668] alternatives: patching kernel code [ 0.005578] clocksource: jiffies: mask: 0xffffffff max_cycles: 0xffffffff, max_idle_ns: 19112604462750000 ns [ 0.005601] futex hash table entries: 1024 (order: 4, 65536 bytes, linear) [ 0.005748] pinctrl core: initialized pinctrl subsystem [ 0.006386] NET: Registered PF_NETLINK/PF_ROUTE protocol family [ 0.006638] DMA: preallocated 256 KiB GFP_KERNEL pool for atomic allocations [ 0.006669] DMA: preallocated 256 KiB GFP_KERNEL|GFP_DMA pool for atomic allocations [ 0.006695] DMA: preallocated 256 KiB GFP_KERNEL|GFP_DMA32 pool for atomic allocations [ 0.006955] thermal_sys: Registered thermal governor 'fair_share' [ 0.006958] thermal_sys: Registered thermal governor 'bang_bang' [ 0.006962] thermal_sys: Registered thermal governor 'step_wise' [ 0.006964] thermal_sys: Registered thermal governor 'user_space' [ 0.007144] ASID allocator initialised with 65536 entries [ 0.007453] pstore: Registered ramoops as persistent store backend [ 0.007457] ramoops: using 0x10000@0x42ff0000, ecc: 0 [ 0.017363] cryptd: max_cpu_qlen set to 1000 [ 0.018947] 1.8vd: supplied by 12vd [ 0.019111] 3.3vd: supplied by 12vd [ 0.019368] SCSI subsystem initialized [ 0.019514] libata version 3.00 loaded. [ 0.020413] clocksource: Switched to clocksource arch_sys_counter [ 0.020871] NET: Registered PF_INET protocol family [ 0.020978] IP idents hash table entries: 32768 (order: 6, 262144 bytes, linear) [ 0.021637] tcp_listen_portaddr_hash hash table entries: 1024 (order: 2, 16384 bytes, linear) [ 0.021657] Table-perturb hash table entries: 65536 (order: 6, 262144 bytes, linear) [ 0.021665] TCP established hash table entries: 16384 (order: 5, 131072 bytes, linear) [ 0.021733] TCP bind hash table entries: 16384 (order: 6, 262144 bytes, linear) [ 0.021895] TCP: Hash tables configured (established 16384 bind 16384) [ 0.021969] UDP hash table entries: 1024 (order: 3, 32768 bytes, linear) [ 0.021997] UDP-Lite hash table entries: 1024 (order: 3, 32768 bytes, linear) [ 0.022116] NET: Registered PF_UNIX/PF_LOCAL protocol family [ 0.022137] PCI: CLS 0 bytes, default 64 [ 0.024123] workingset: timestamp_bits=46 max_order=19 bucket_order=0 [ 0.026773] squashfs: version 4.0 (2009/01/31) Phillip Lougher [ 0.026788] jffs2: version 2.2 (NAND) (SUMMARY) (LZMA) (RTIME) (CMODE_PRIORITY) (c) 2001-2006 Red Hat, Inc. [ 0.048926] Block layer SCSI generic (bsg) driver version 0.4 loaded (major 251) [ 0.049980] pwm-mediatek 10048000.pwm: clock: top fail: -517 [ 0.050255] mtk-pcie-gen3 11280000.pcie: host bridge /soc/pcie@11280000 ranges: [ 0.050275] mtk-pcie-gen3 11280000.pcie: Parsing ranges property... [ 0.050285] mtk-pcie-gen3 11280000.pcie: MEM 0x0020000000..0x002fffffff -> 0x0020000000 [ 0.050368] /soc/pcie@11280000: Failed to get clk index: 0 ret: -517 [ 0.050379] mtk-pcie-gen3 11280000.pcie: failed to get clocks [ 0.053211] Serial: 8250/16550 driver, 16 ports, IRQ sharing enabled [ 0.054654] printk: console [ttyS0] disabled [ 0.074826] 11002000.serial: ttyS0 at MMIO 0x11002000 (irq = 122, base_baud = 2500000) is a ST16650V2 [ 0.762238] printk: console [ttyS0] enabled [ 0.787015] 11003000.serial: ttyS1 at MMIO 0x11003000 (irq = 123, base_baud = 1625000) is a ST16650V2 [ 0.816737] 11004000.serial: ttyS2 at MMIO 0x11004000 (irq = 124, base_baud = 1625000) is a ST16650V2 [ 0.826575] mtk_rng 1020f000.rng: registered RNG driver [ 0.826637] hwrng: no data available [ 0.832080] cacheinfo: Unable to detect cache hierarchy for CPU 0 [ 0.843597] loop: module loaded [ 0.846748] Loading iSCSI transport class v2.0-870. [ 0.853118] spi-nand spi0.0: Winbond SPI NAND was found. [ 0.858426] spi-nand spi0.0: 128 MiB, block size: 128 KiB, page size: 2048, OOB size: 64 [ 0.866687] 4 fixed-partitions partitions found on MTD device spi0.0 [ 0.873034] Creating 4 MTD partitions on "spi0.0": [ 0.877809] 0x000000580000-0x000008000000 : "ubi" [ 1.009454] 0x000000380000-0x000000580000 : "fip" [ 1.016551] 0x000000080000-0x000000380000 : "reserved" [ 1.025098] 0x000000000000-0x000000080000 : "bl2" [ 1.163658] mtk_soc_eth 15100000.ethernet eth0: mediatek frame engine at 0xffffffc009780000, irq 136 [ 1.173450] mtk_soc_eth 15100000.ethernet eth1: mediatek frame engine at 0xffffffc009780000, irq 136 [ 1.182993] i2c_dev: i2c /dev entries driver [ 1.188744] mtk-wdt 1001c000.watchdog: Watchdog enabled (timeout=31 sec, nowayout=0) [ 1.197310] NET: Registered PF_INET6 protocol family [ 1.202921] Segment Routing with IPv6 [ 1.206595] In-situ OAM (IOAM) with IPv6 [ 1.210544] NET: Registered PF_PACKET protocol family [ 1.215598] bridge: filtering via arp/ip/ip6tables is no longer available by default. Update your scripts to load br_netfilter if you need this. [ 1.228625] 8021q: 802.1Q VLAN Support v1.8 [ 1.233629] pstore: Using crash dump compression: deflate [ 1.244773] mtk-pcie-gen3 11280000.pcie: host bridge /soc/pcie@11280000 ranges: [ 1.252119] mtk-pcie-gen3 11280000.pcie: Parsing ranges property... [ 1.258373] mtk-pcie-gen3 11280000.pcie: MEM 0x0020000000..0x002fffffff -> 0x0020000000 [ 1.315010] mtk-msdc 11230000.mmc: phase: [map:ffffffff] [maxlen:32] [final:10] [ 1.323944] mmc0: new HS400 MMC card at address 0001 [ 1.329692] mmcblk0: mmc0:0001 008GB0 7.28 GiB [ 1.335994] Alternate GPT is invalid, using primary GPT. [ 1.342064] FIT: Selected configuration: "config-mt7986a-bananapi-bpi-r3" (OpenWrt bananapi_bpi-r3) [ 1.351098] FIT: kernel sub-image 0x00001000..0x00530902 "kernel-1" (ARM64 OpenWrt Linux-5.15.120) [ 1.360996] FIT: flat_dt sub-image 0x00531000..0x005389fc "fdt-1" (ARM64 OpenWrt bananapi_bpi-r3 device tree blob) [ 1.372195] FIT: flat_dt sub-image 0x00539000..0x005391dc "fdt-mt7986a-bananapi-bpi-r3-emmc" (ARM64 OpenWrt bananapi_bpi-r3 device tree overlay mt7986a-bananapi-bpi-r3-emmc) [ 1.388514] FIT: flat_dt sub-image 0x0053a000..0x0053a390 "fdt-mt7986a-bananapi-bpi-r3-nand" (ARM64 OpenWrt bananapi_bpi-r3 device tree overlay mt7986a-bananapi-bpi-r3-nand) [ 1.404829] FIT: flat_dt sub-image 0x0053b000..0x0053b38f "fdt-mt7986a-bananapi-bpi-r3-nor" (ARM64 OpenWrt bananapi_bpi-r3 device tree overlay mt7986a-bananapi-bpi-r3-nor) [ 1.420970] FIT: flat_dt sub-image 0x0053c000..0x0053c146 "fdt-mt7986a-bananapi-bpi-r3-sd" (ARM64 OpenWrt bananapi_bpi-r3 device tree overlay mt7986a-bananapi-bpi-r3-sd) [ 1.436936] FIT: filesystem sub-image 0x0053d000..0x00e9cfff "rootfs-1" (ARM64 OpenWrt bananapi_bpi-r3 rootfs) [ 1.447523] FIT: selecting configured loadable "rootfs-1" to be root filesystem [ 1.454829] mmcblk0: p1 p2 p3 p4 p5 p65(rootfs-1) p66(rootfs_data) p128 [ 1.462750] mmcblk0boot0: mmc0:0001 008GB0 4.00 MiB [ 1.468513] mmcblk0boot1: mmc0:0001 008GB0 4.00 MiB [ 1.473740] mmcblk0rpmb: mmc0:0001 008GB0 4.00 MiB, chardev (250:0) [ 1.488533] mtk-pcie-gen3 11280000.pcie: PCIe link down, ltssm reg val: 0x1000001 [ 1.496040] mtk-pcie-gen3: probe of 11280000.pcie failed with error -110 [ 1.524873] mt7530-mdio mdio-bus:1f: configuring for fixed/2500base-x link mode [ 1.534014] mt7530-mdio mdio-bus:1f: Link is Up - 2.5Gbps/Full - flow control rx/tx [ 1.542699] mt7530-mdio mdio-bus:1f wan (uninitialized): PHY [mt7530-0:00] driver [MediaTek MT7531 PHY] (irq=144) [ 1.563045] mt7530-mdio mdio-bus:1f lan1 (uninitialized): PHY [mt7530-0:01] driver [MediaTek MT7531 PHY] (irq=145) [ 1.583088] mt7530-mdio mdio-bus:1f lan2 (uninitialized): PHY [mt7530-0:02] driver [MediaTek MT7531 PHY] (irq=146) [ 1.603111] mt7530-mdio mdio-bus:1f lan3 (uninitialized): PHY [mt7530-0:03] driver [MediaTek MT7531 PHY] (irq=147) [ 1.623118] mt7530-mdio mdio-bus:1f lan4 (uninitialized): PHY [mt7530-0:04] driver [MediaTek MT7531 PHY] (irq=148) [ 1.634221] DSA: tree 0 setup [ 1.639359] UBI: auto-attach mtd0 [ 1.642686] ubi0: default fastmap pool size: 45 [ 1.647200] ubi0: default fastmap WL pool size: 22 [ 1.651991] ubi0: attaching mtd0 [ 5.264941] ubi0: scanning is finished [ 5.310054] ubi0: attached mtd0 (name "ubi", size 122 MiB) [ 5.315546] ubi0: PEB size: 131072 bytes (128 KiB), LEB size: 126976 bytes [ 5.322405] ubi0: min./max. I/O unit sizes: 2048/2048, sub-page size 2048 [ 5.329172] ubi0: VID header offset: 2048 (aligned 2048), data offset: 4096 [ 5.336115] ubi0: good PEBs: 980, bad PEBs: 0, corrupted PEBs: 0 [ 5.342104] ubi0: user volume: 5, internal volumes: 1, max. volumes count: 128 [ 5.349304] ubi0: max/mean erase counter: 2/1, WL threshold: 4096, image sequence number: 0 [ 5.357633] ubi0: available PEBs: 0, total reserved PEBs: 980, PEBs reserved for bad PEB handling: 20 [ 5.366835] ubi0: background thread "ubi_bgt0d" started, PID 561 [ 5.378790] FIT: Selected configuration: "config-mt7986a-bananapi-bpi-r3" (OpenWrt bananapi_bpi-r3) [ 5.387830] FIT: kernel sub-image 0x00001000..0x004eae92 "kernel-1" (ARM64 OpenWrt Linux-5.15.118) [ 5.397731] FIT: flat_dt sub-image 0x004eb000..0x004f29fc "fdt-1" (ARM64 OpenWrt bananapi_bpi-r3 device tree blob) [ 5.408931] FIT: flat_dt sub-image 0x004f3000..0x004f31dc "fdt-mt7986a-bananapi-bpi-r3-emmc" (ARM64 OpenWrt bananapi_bpi-r3 device tree overlay mt7986a-bananapi-bpi-r3-emmc) [ 5.425268] FIT: flat_dt sub-image 0x004f4000..0x004f4390 "fdt-mt7986a-bananapi-bpi-r3-nand" (ARM64 OpenWrt bananapi_bpi-r3 device tree overlay mt7986a-bananapi-bpi-r3-nand) [ 5.441582] FIT: flat_dt sub-image 0x004f5000..0x004f538f "fdt-mt7986a-bananapi-bpi-r3-nor" (ARM64 OpenWrt bananapi_bpi-r3 device tree overlay mt7986a-bananapi-bpi-r3-nor) [ 5.457721] FIT: flat_dt sub-image 0x004f6000..0x004f6146 "fdt-mt7986a-bananapi-bpi-r3-sd" (ARM64 OpenWrt bananapi_bpi-r3 device tree overlay mt7986a-bananapi-bpi-r3-sd) [ 5.473684] FIT: filesystem sub-image 0x004f7000..0x00a6cfff "rootfs-1" (ARM64 OpenWrt bananapi_bpi-r3 rootfs) [ 5.484271] FIT: selecting configured loadable "rootfs-1" to be root filesystem [ 5.491562] ubiblock0_2: p1(rootfs-1) [ 5.491681] block ubiblock0_2: created from ubi0:2(fit) [ 5.503820] VFS: Mounted root (squashfs filesystem) readonly on device 259:0. [ 5.511101] Freeing unused kernel memory: 448K [ 5.560500] Run /sbin/init as init process [ 5.564580] with arguments: [ 5.567531] /sbin/init [ 5.570221] with environment: [ 5.573353] HOME=/ [ 5.575698] TERM=linux [ 5.665969] init: Console is alive [ 5.669456] init: - watchdog - [ 5.928075] kmodloader: loading kernel modules from /etc/modules-boot.d/* [ 5.947390] usbcore: registered new interface driver usbfs [ 5.952921] usbcore: registered new interface driver hub [ 5.958245] usbcore: registered new device driver usb [ 5.966905] xhci-mtk 11200000.usb: supply vbus not found, using dummy regulator [ 5.974317] xhci-mtk 11200000.usb: supply vusb33 not found, using dummy regulator [ 5.982462] xhci-mtk 11200000.usb: xHCI Host Controller [ 5.987681] xhci-mtk 11200000.usb: new USB bus registered, assigned bus number 1 [ 5.998133] xhci-mtk 11200000.usb: hcc params 0x01403f99 hci version 0x110 quirks 0x0000000000210010 [ 6.007299] xhci-mtk 11200000.usb: irq 128, io mem 0x11200000 [ 6.013118] xhci-mtk 11200000.usb: xHCI Host Controller [ 6.018329] xhci-mtk 11200000.usb: new USB bus registered, assigned bus number 2 [ 6.025715] xhci-mtk 11200000.usb: Host supports USB 3.2 Enhanced SuperSpeed [ 6.033113] hub 1-0:1.0: USB hub found [ 6.036867] hub 1-0:1.0: 2 ports detected [ 6.041131] usb usb2: We don't know the algorithms for LPM for this host, disabling LPM. [ 6.049443] hub 2-0:1.0: USB hub found [ 6.053201] hub 2-0:1.0: 1 port detected [ 6.059695] kmodloader: done loading kernel modules from /etc/modules-boot.d/* [ 6.077154] init: - preinit - [ 6.248011] mtk_soc_eth 15100000.ethernet eth0: configuring for fixed/2500base-x link mode [ 6.256452] mtk_soc_eth 15100000.ethernet eth0: Link is Up - 2.5Gbps/Full - flow control rx/tx [ 6.264879] mt7530-mdio mdio-bus:1f lan1: configuring for phy/gmii link mode [ 6.276826] mt7530-mdio mdio-bus:1f lan1: Link is Up - 1Gbps/Full - flow control rx/tx [ 6.284847] IPv6: ADDRCONF(NETDEV_CHANGE): lan1: link becomes ready [ 6.500418] usb 1-1: new high-speed USB device number 2 using xhci-mtk [ 6.681139] hub 1-1:1.0: USB hub found [ 6.684980] hub 1-1:1.0: 4 ports detected [ 6.689256] random: procd: uninitialized urandom read (4 bytes read) [ 8.355833] F2FS-fs (mmcblk0p66): recover_inode: ino = 22c, name = debug.log, inline = 1 [ 8.363974] F2FS-fs (mmcblk0p66): recover_data: ino = 22c (i_size: recover) recovered = 0, err = 0 [ 8.372918] F2FS-fs (mmcblk0p66): recover_inode: ino = 22c, name = debug.log, inline = 1 [ 8.381010] F2FS-fs (mmcblk0p66): recover_data: ino = 22c (i_size: recover) recovered = 0, err = 0 [ 8.389945] F2FS-fs (mmcblk0p66): recover_inode: ino = 22c, name = debug.log, inline = 1 [ 8.398036] F2FS-fs (mmcblk0p66): recover_data: ino = 22c (i_size: recover) recovered = 0, err = 0 [ 8.406974] F2FS-fs (mmcblk0p66): recover_inode: ino = 22c, name = debug.log, inline = 1 [ 8.415066] F2FS-fs (mmcblk0p66): recover_data: ino = 22c (i_size: recover) recovered = 0, err = 0 [ 8.424004] F2FS-fs (mmcblk0p66): recover_inode: ino = 22c, name = debug.log, inline = 1 [ 8.432096] F2FS-fs (mmcblk0p66): recover_data: ino = 22c (i_size: recover) recovered = 0, err = 0 [ 8.441034] F2FS-fs (mmcblk0p66): recover_inode: ino = 22c, name = debug.log, inline = 1 [ 8.449121] F2FS-fs (mmcblk0p66): recover_data: ino = 22c (i_size: recover) recovered = 0, err = 0 [ 8.458059] F2FS-fs (mmcblk0p66): recover_inode: ino = 22c, name = debug.log, inline = 1 [ 8.466149] F2FS-fs (mmcblk0p66): recover_data: ino = 22c (i_size: recover) recovered = 0, err = 0 [ 8.475096] F2FS-fs (mmcblk0p66): recover_inode: ino = 22c, name = debug.log, inline = 1 [ 8.483187] F2FS-fs (mmcblk0p66): recover_data: ino = 22c (i_size: recover) recovered = 0, err = 0 [ 8.492126] F2FS-fs (mmcblk0p66): recover_inode: ino = 22c, name = debug.log, inline = 1 [ 8.500212] F2FS-fs (mmcblk0p66): recover_data: ino = 22c (i_size: recover) recovered = 0, err = 0 [ 8.509150] F2FS-fs (mmcblk0p66): recover_inode: ino = 22c, name = debug.log, inline = 1 [ 8.517241] F2FS-fs (mmcblk0p66): recover_data: ino = 22c (i_size: recover) recovered = 0, err = 0 [ 8.526179] F2FS-fs (mmcblk0p66): recover_inode: ino = 22c, name = debug.log, inline = 1 [ 8.534270] F2FS-fs (mmcblk0p66): recover_data: ino = 22c (i_size: recover) recovered = 0, err = 0 [ 8.545410] F2FS-fs (mmcblk0p66): checkpoint: version = 351eda4a [ 8.551513] F2FS-fs (mmcblk0p66): Mounted with checkpoint version = 351eda4a [ 8.560470] mount_root: switching to f2fs overlay [ 8.567438] overlayfs: null uuid detected in lower fs '/', falling back to xino=off,index=off,nfs_export=off. [ 8.582833] urandom-seed: Seeding with /etc/urandom.seed [ 8.613069] mt7530-mdio mdio-bus:1f lan1: Link is Down [ 8.623570] procd: - early - [ 8.626497] procd: - watchdog - [ 9.148581] procd: - watchdog - [ 9.152799] procd: - ubus - [ 9.167667] random: ubusd: uninitialized urandom read (4 bytes read) [ 9.205660] random: ubusd: uninitialized urandom read (4 bytes read) [ 9.212242] random: ubusd: uninitialized urandom read (4 bytes read) [ 9.220031] procd: - init - [ 9.362830] kmodloader: loading kernel modules from /etc/modules.d/* [ 9.374884] i2c-gpio i2c-gpio-0: using lines 427 (SDA) and 428 (SCL) [ 9.381676] i2c-gpio i2c-gpio-1: using lines 429 (SDA) and 430 (SCL) [ 9.389855] GACT probability on [ 9.393547] Mirror/redirect action on [ 9.399674] u32 classifier [ 9.402423] input device check on [ 9.406069] Actions configured [ 9.414018] crypto-safexcel 10320000.crypto: EIP97:230(0,1,4,4)-HIA:270(0,5,5),PE:150/433(alg:7fcdfc00)/0/0/0 [ 9.429296] Loading modules backported from Linux version v6.1.24-0-g0102425ac76b [ 9.436833] Backport generated by backports.git v5.15.92-1-44-gd6ea70fafd36 [ 9.448242] sfp sfp-1: Host maximum power 1.0W [ 9.453458] sfp sfp-2: Host maximum power 1.0W [ 9.464230] xt_time: kernel timezone is -0000 [ 9.493398] urngd: v1.0.2 started. [ 9.598658] random: crng init done [ 9.602072] random: 23 urandom warning(s) missed due to ratelimiting [ 9.933814] mt798x-wmac 18000000.wifi: HW/SW Version: 0x8a108a10, Build Time: 20221012174743a [ 9.933814] [ 10.040789] mt798x-wmac 18000000.wifi: WM Firmware Version: ____000000, Build Time: 20221012174805 [ 10.110913] mt798x-wmac 18000000.wifi: WA Firmware Version: DEV_000000, Build Time: 20221012174937 [ 12.880613] PPP generic driver version 2.4.2 [ 12.885593] NET: Registered PF_PPPOX protocol family [ 12.893117] kmodloader: done loading kernel modules from /etc/modules.d/* [ 15.191460] mtk_soc_eth 15100000.ethernet eth0: Link is Down [ 15.203210] mtk_soc_eth 15100000.ethernet eth0: configuring for fixed/2500base-x link mode [ 15.211694] mtk_soc_eth 15100000.ethernet eth0: Link is Up - 2.5Gbps/Full - flow control rx/tx [ 15.214794] mt7530-mdio mdio-bus:1f lan1: configuring for phy/gmii link mode [ 15.231165] br-laniot: port 1(lan1) entered blocking state [ 15.236655] br-laniot: port 1(lan1) entered disabled state [ 15.244321] device lan1 entered promiscuous mode [ 15.248937] device eth0 entered promiscuous mode [ 15.255666] IPv6: ADDRCONF(NETDEV_CHANGE): eth0: link becomes ready [ 15.314903] mt7530-mdio mdio-bus:1f lan2: configuring for phy/gmii link mode [ 15.324740] br-laniot: port 2(lan2) entered blocking state [ 15.330224] br-laniot: port 2(lan2) entered disabled state [ 15.337387] device lan2 entered promiscuous mode [ 15.472458] mt7530-mdio mdio-bus:1f lan3: configuring for phy/gmii link mode [ 15.482559] br-laniot: port 3(lan3) entered blocking state [ 15.484263] mt7530-mdio mdio-bus:1f lan3: Link is Up - 100Mbps/Full - flow control off [ 15.488043] br-laniot: port 3(lan3) entered disabled state [ 15.503269] device lan3 entered promiscuous mode [ 15.570491] br-laniot: port 3(lan3) entered blocking state [ 15.575977] br-laniot: port 3(lan3) entered listening state [ 15.585225] mt7530-mdio mdio-bus:1f lan4: configuring for phy/gmii link mode [ 15.595345] br-laniot: port 4(lan4) entered blocking state [ 15.597056] mt7530-mdio mdio-bus:1f lan4: Link is Up - 1Gbps/Full - flow control rx/tx [ 15.600853] br-laniot: port 4(lan4) entered disabled state [ 15.616260] device lan4 entered promiscuous mode [ 15.622745] br-laniot: port 4(lan4) entered blocking state [ 15.628229] br-laniot: port 4(lan4) entered listening state [ 16.000474] br-languest: port 1(br-vlan.20) entered blocking state [ 16.006665] br-languest: port 1(br-vlan.20) entered disabled state [ 16.013113] device br-vlan.20 entered promiscuous mode [ 16.018249] device br-vlan entered promiscuous mode [ 16.162117] br-laniot: port 5(br-vlan.50) entered blocking state [ 16.168131] br-laniot: port 5(br-vlan.50) entered disabled state [ 16.175028] device br-vlan.50 entered promiscuous mode [ 16.251418] br-lanmgmt: port 1(br-vlan.99) entered blocking state [ 16.257519] br-lanmgmt: port 1(br-vlan.99) entered disabled state [ 16.263862] device br-vlan.99 entered promiscuous mode [ 16.337753] br-lanpriv: port 1(br-vlan.10) entered blocking state [ 16.343930] br-lanpriv: port 1(br-vlan.10) entered disabled state [ 16.350259] device br-vlan.10 entered promiscuous mode [ 16.596694] mt7530-mdio mdio-bus:1f wan: configuring for phy/gmii link mode [ 16.608594] mt7530-mdio mdio-bus:1f wan: Link is Up - 1Gbps/Full - flow control off [ 16.617701] IPv6: ADDRCONF(NETDEV_CHANGE): wan: link becomes ready [ 17.683007] mt7530-mdio mdio-bus:1f lan1: Link is Up - 1Gbps/Full - flow control rx/tx [ 17.862511] br-lanpriv: port 2(phy0-ap0) entered blocking state [ 17.868436] br-lanpriv: port 2(phy0-ap0) entered disabled state [ 17.874618] device phy0-ap0 entered promiscuous mode [ 17.879669] br-lanpriv: port 2(phy0-ap0) entered blocking state [ 17.885632] br-lanpriv: port 2(phy0-ap0) entered listening state [ 17.892081] br-laniot: port 1(lan1) entered blocking state [ 17.897573] br-laniot: port 1(lan1) entered listening state [ 18.000650] br-lanpriv: port 2(phy0-ap0) entered disabled state [ 19.658668] IPv6: ADDRCONF(NETDEV_CHANGE): mesh0: link becomes ready [ 19.771691] br-lanpriv: port 3(phy1-ap0) entered blocking state [ 19.777623] br-lanpriv: port 3(phy1-ap0) entered disabled state [ 19.783781] device phy1-ap0 entered promiscuous mode [ 19.791020] br-lanpriv: port 3(phy1-ap0) entered blocking state [ 19.796942] br-lanpriv: port 3(phy1-ap0) entered listening state [ 20.011973] IPv6: ADDRCONF(NETDEV_CHANGE): phy1-ap0: link becomes ready [ 21.052057] IPv6: ADDRCONF(NETDEV_CHANGE): phy0-ap0: link becomes ready [ 21.058780] br-lanpriv: port 2(phy0-ap0) entered blocking state [ 21.064702] br-lanpriv: port 2(phy0-ap0) entered listening state [ 21.162727] br-laniot: port 6(phy0-ap1) entered blocking state [ 21.168565] br-laniot: port 6(phy0-ap1) entered disabled state [ 21.174680] device phy0-ap1 entered promiscuous mode [ 21.272669] br-laniot: port 6(phy0-ap1) entered blocking state [ 21.278507] br-laniot: port 6(phy0-ap1) entered listening state [ 21.431937] IPv6: ADDRCONF(NETDEV_CHANGE): phy0-ap1: link becomes ready [ 21.502160] br-languest: port 2(phy0-ap2) entered blocking state [ 21.508176] br-languest: port 2(phy0-ap2) entered disabled state [ 21.514434] device phy0-ap2 entered promiscuous mode [ 21.581588] br-languest: port 2(phy0-ap2) entered blocking state [ 21.587599] br-languest: port 2(phy0-ap2) entered listening state [ 21.762001] IPv6: ADDRCONF(NETDEV_CHANGE): phy0-ap2: link becomes ready [ 21.911775] br-lanmgmt: port 2(phy0-ap3) entered blocking state [ 21.917705] br-lanmgmt: port 2(phy0-ap3) entered disabled state [ 21.923889] device phy0-ap3 entered promiscuous mode [ 21.931070] br-lanmgmt: port 2(phy0-ap3) entered blocking state [ 21.937002] br-lanmgmt: port 2(phy0-ap3) entered listening state [ 22.017211] IPv6: ADDRCONF(NETDEV_CHANGE): phy0-ap3: link becomes ready [ 24.150408] br-laniot: port 4(lan4) entered learning state [ 24.155976] br-laniot: port 3(lan3) entered learning state [ 26.070398] br-laniot: port 1(lan1) entered learning state [ 27.990384] br-lanpriv: port 3(phy1-ap0) entered learning state [ 29.270375] br-lanpriv: port 2(phy0-ap0) entered learning state [ 29.887597] br-vlan: port 1(mesh0.sta1) entered blocking state [ 29.893528] br-vlan: port 1(mesh0.sta1) entered disabled state [ 29.899586] device mesh0.sta1 entered promiscuous mode [ 29.905597] br-vlan: port 1(mesh0.sta1) entered blocking state [ 29.910386] br-languest: port 2(phy0-ap2) entered learning state [ 29.911451] br-vlan: port 1(mesh0.sta1) entered listening state [ 29.917466] br-laniot: port 6(phy0-ap1) entered learning state [ 30.550387] br-lanmgmt: port 2(phy0-ap3) entered learning state [ 30.905565] br-vlan: port 2(mesh0.sta2) entered blocking state [ 30.911468] br-vlan: port 2(mesh0.sta2) entered disabled state [ 30.917518] device mesh0.sta2 entered promiscuous mode [ 30.922822] br-vlan: port 2(mesh0.sta2) entered blocking state [ 30.928647] br-vlan: port 2(mesh0.sta2) entered listening state [ 32.470350] br-laniot: port 3(lan3) entered forwarding state [ 32.476016] br-laniot: topology change detected, propagating [ 32.481730] br-laniot: port 4(lan4) entered forwarding state [ 32.482467] IPv6: ADDRCONF(NETDEV_CHANGE): br-laniot: link becomes ready [ 32.487375] br-laniot: topology change detected, propagating [ 32.952794] br-vlan: port 2(mesh0.sta2) received tcn bpdu [ 32.958195] br-vlan: topology change detected, sending tcn bpdu [ 33.970926] br-vlan: port 2(mesh0.sta2) received tcn bpdu [ 33.976329] br-vlan: topology change detected, sending tcn bpdu [ 34.390346] br-laniot: port 1(lan1) entered forwarding state [ 34.396012] br-laniot: topology change detected, propagating [ 36.310327] br-lanpriv: port 3(phy1-ap0) entered forwarding state [ 36.316428] br-lanpriv: topology change detected, propagating [ 36.322287] IPv6: ADDRCONF(NETDEV_CHANGE): br-lanpriv: link becomes ready [ 37.590338] br-lanpriv: port 2(phy0-ap0) entered forwarding state [ 37.596440] br-lanpriv: topology change detected, propagating [ 38.230311] br-laniot: port 6(phy0-ap1) entered forwarding state [ 38.230311] br-vlan: port 1(mesh0.sta1) entered learning state [ 38.230333] br-laniot: topology change detected, propagating [ 38.247853] br-languest: port 2(phy0-ap2) entered forwarding state [ 38.254037] br-languest: topology change detected, propagating [ 38.259982] IPv6: ADDRCONF(NETDEV_CHANGE): br-languest: link becomes ready [ 38.880308] br-lanmgmt: port 2(phy0-ap3) entered forwarding state [ 38.886403] br-lanmgmt: topology change detected, propagating [ 38.892255] IPv6: ADDRCONF(NETDEV_CHANGE): br-lanmgmt: link becomes ready [ 39.510305] br-vlan: port 2(mesh0.sta2) entered learning state [ 46.550261] br-vlan: port 1(mesh0.sta1) entered forwarding state [ 46.556272] br-vlan: topology change detected, sending tcn bpdu [ 46.562815] IPv6: ADDRCONF(NETDEV_CHANGE): br-vlan: link becomes ready [ 46.569798] br-lanpriv: port 1(br-vlan.10) entered blocking state [ 46.575934] br-lanpriv: port 1(br-vlan.10) entered listening state [ 46.582415] br-languest: port 1(br-vlan.20) entered blocking state [ 46.588608] br-languest: port 1(br-vlan.20) entered listening state [ 46.595229] br-laniot: port 5(br-vlan.50) entered blocking state [ 46.601262] br-laniot: port 5(br-vlan.50) entered listening state [ 46.607651] br-lanmgmt: port 1(br-vlan.99) entered blocking state [ 46.613778] br-lanmgmt: port 1(br-vlan.99) entered listening state [ 47.830255] br-vlan: port 2(mesh0.sta2) entered forwarding state [ 47.836260] br-vlan: topology change detected, sending tcn bpdu [ 48.439771] br-vlan: port 2(mesh0.sta2) received tcn bpdu [ 48.445179] br-vlan: topology change detected, sending tcn bpdu [ 49.079508] br-vlan: port 2(mesh0.sta2) received tcn bpdu [ 49.084914] br-vlan: topology change detected, sending tcn bpdu [ 54.870053] br-lanmgmt: port 1(br-vlan.99) entered learning state [ 54.876237] br-laniot: port 5(br-vlan.50) entered learning state [ 54.882322] br-languest: port 1(br-vlan.20) entered learning state [ 54.888595] br-lanpriv: port 1(br-vlan.10) entered learning state [ 63.185561] br-lanpriv: port 1(br-vlan.10) entered forwarding state [ 63.191834] br-lanpriv: topology change detected, propagating [ 63.197667] br-languest: port 1(br-vlan.20) entered forwarding state [ 63.204040] br-languest: topology change detected, propagating [ 63.209930] br-laniot: port 5(br-vlan.50) entered forwarding state [ 63.216115] br-laniot: topology change detected, propagating [ 63.221821] br-lanmgmt: port 1(br-vlan.99) entered forwarding state [ 63.228092] br-lanmgmt: topology change detected, propagating ``` ``` [34598.682136] device mesh0.sta1 left promiscuous mode [34598.687023] br-vlan: port 2(mesh0.sta1) entered disabled state [34719.192372] br-vlan: port 2(mesh0.sta1) entered blocking state [34719.198216] br-vlan: port 2(mesh0.sta1) entered disabled state [34719.204347] device mesh0.sta1 entered promiscuous mode [34719.209636] br-vlan: port 2(mesh0.sta1) entered blocking state [34719.215490] br-vlan: port 2(mesh0.sta1) entered listening state [34727.363390] br-vlan: port 2(mesh0.sta1) entered learning state [34735.665088] br-vlan: port 2(mesh0.sta1) entered forwarding state [34735.671098] br-vlan: topology change detected, sending tcn bpdu [39787.544550] Unable to handle kernel access to user memory outside uaccess routines at virtual address 0000000000000008 [39787.555257] Mem abort info: [39787.558067] ESR = 0x0000000096000005 [39787.561817] EC = 0x25: DABT (current EL), IL = 32 bits [39787.567148] SET = 0, FnV = 0 [39787.570283] EA = 0, S1PTW = 0 [39787.573442] FSC = 0x05: level 1 translation fault [39787.578381] Data abort info: [39787.581320] ISV = 0, ISS = 0x00000005 [39787.585195] CM = 0, WnR = 0 [39787.588187] user pgtable: 4k pages, 39-bit VAs, pgdp=0000000046ce8000 [39787.594665] [0000000000000008] pgd=080000004347f003, p4d=080000004347f003, pud=080000004347f003, pmd=0000000000000000 [39787.605355] Internal error: Oops: 96000005 [#1] SMP [39787.610227] Modules linked in: pppoe ppp_async nft_fib_inet nf_flow_table_ipv6 nf_flow_table_ipv4 nf_flow_table_inet pppox ppp_generic nft_reject_ipv6 nft_reject_ipv4 nft_reject_inet nft_reject nft_redir nft_quota nft_objref nft_numgen nft_nat nft_masq nft_log nft_limit nft_hash nft_flow_offload nft_fib_ipv6 nft_fib_ipv4 nft_fib nft_ct nft_counter nft_chain_nat nf_tables nf_nat nf_flow_table nf_conntrack_netlink nf_conntrack mt7915e mt76_connac_lib mt76 mac80211 iptable_mangle iptable_filter ipt_REJECT ipt_ECN ip_tables cfg80211 xt_time xt_tcpudp xt_tcpmss xt_statistic xt_multiport xt_mark xt_mac xt_limit xt_length xt_hl xt_ecn xt_dscp xt_comment xt_TCPMSS xt_LOG xt_HL xt_DSCP xt_CLASSIFY x_tables slhc sfp sch_cake nfnetlink nf_reject_ipv6 nf_reject_ipv4 nf_log_syslog nf_defrag_ipv6 nf_defrag_ipv4 mdio_i2c libcrc32c crc_ccitt compat cls_flower act_vlan crypto_safexcel cls_bpf act_bpf sch_tbf sch_ingress sch_htb sch_hfsc em_u32 cls_u32 cls_route cls_matchall cls_fw cls_flow cls_basic [39787.610381] act_skbedit act_mirred act_gact pwm_fan i2c_gpio i2c_algo_bit ifb sha1_generic seqiv md5 des_generic libdes authencesn authenc leds_gpio xhci_plat_hcd xhci_pci xhci_mtk_hcd xhci_hcd gpio_button_hotplug usbcore usb_common [39787.717889] CPU: 2 PID: 3629 Comm: reader#1 Not tainted 5.15.120 #0 [39787.724139] Hardware name: Bananapi BPI-R3 (DT) [39787.728652] pstate: 60400005 (nZCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--) [39787.735594] pc : sta_set_sinfo+0xa1c/0xc40 [mac80211] [39787.740670] lr : sta_set_sinfo+0x5bc/0xc40 [mac80211] [39787.745719] sp : ffffffc00c9635e0 [39787.749017] x29: ffffffc00c9635e0 x28: 0000000000000001 x27: ffffffc00c963dd0 [39787.756134] x26: ffffff800007c880 x25: ffffff800355c900 x24: ffffff8005bda735 [39787.763250] x23: 00000000005ee0ea x22: 0000000000000000 x21: 0000058d1783bf82 [39787.770365] x20: ffffff8005bda000 x19: ffffffc00c963728 x18: 0000000000000000 [39787.777481] x17: 0000000000000000 x16: 0000000000000000 x15: 0000007fb381f420 [39787.784597] x14: 0000000000000000 x13: 0000000000000000 x12: 0000000000000000 [39787.791712] x11: 0000000000000002 x10: 000000000007443b x9 : 0000000000000000 [39787.798827] x8 : ffffffc00c963810 x7 : ffffff8003d00880 x6 : 000000000000003f [39787.805942] x5 : ffffff8003d003a0 x4 : 0000000000000000 x3 : 0000000000000000 [39787.813057] x2 : ffffffc00c96376c x1 : 0000000000000001 x0 : 0000000000000000 [39787.820172] Call trace: [39787.822604] sta_set_sinfo+0xa1c/0xc40 [mac80211] [39787.827323] ieee80211_color_change_finish+0x1b64/0x1e80 [mac80211] [39787.833589] nl80211_put_sta_rate+0x1030/0x11b4 [cfg80211] [39787.839071] netlink_dump+0x104/0x360 [39787.842722] __netlink_dump_start+0x158/0x2ac [39787.847062] genl_family_rcv_msg_dumpit+0x64/0xf4 [39787.851749] genl_rcv_msg+0x188/0x1c0 [39787.855396] netlink_rcv_skb+0x58/0x120 [39787.859217] genl_rcv+0x34/0x50 [39787.862344] netlink_unicast+0x1f0/0x2ec [39787.866251] netlink_sendmsg+0x19c/0x3d0 [39787.870157] ____sys_sendmsg+0x27c/0x2b0 [39787.874066] ___sys_sendmsg+0x80/0xf0 [39787.877713] __sys_sendmsg+0x44/0xa0 [39787.881274] __arm64_sys_sendmsg+0x20/0x30 [39787.885354] invoke_syscall.constprop.0+0x4c/0xe0 [39787.890042] do_el0_svc+0x40/0xd0 [39787.893341] el0_svc+0x14/0x50 [39787.896382] el0t_64_sync_handler+0xe0/0x110 [39787.900635] el0t_64_sync+0x15c/0x160 [39787.904285] Code: d3441c63 12000c00 8b030ca3 f9409c63 (f9400465) [39787.910358] ---[ end trace 21b229869bdf6b1c ]--- [39787.920649] Kernel panic - not syncing: Oops: Fatal exception [39787.926380] SMP: stopping secondary CPUs [39787.930287] Kernel Offset: disabled [39787.933758] CPU features: 0x00000000,20000802 [39787.938098] Memory Limit: none [39787.946695] Rebooting in 3 seconds.. ``` ### OpenWrt version SNAPSHOT r23643-ca8868a511 ### OpenWrt target/subtarget mediatek/filogic ### Device Bananapi BPI-R3 ### Image kind Official downloaded image ### Steps to reproduce _No response_ ### Actual behaviour Freezes happen between ~1 minute to ~24 hours of uptime. ### Expected behaviour _No response_ ### Additional info I have a setup with 4 routers. Main router (Banana BPI R3) provides 2.4 GHz WiFi connection for multiple LAN networks and WDS uplink for other routers on 5GHz. Other routers are configured as dumb APs connecting with WDS and providing 2.4GHz WiFi connections. Everything works flawlessly until random freezes. After restarting main router others are connecting without any problem. ### Diffconfig _No response_ ### Terms - [X] I am reporting an issue for OpenWrt, not an unsupported fork.

Patch here:

github.com

openwrt/openwrt/blob/v23.05.3/package/kernel/mac80211/patches/subsys/780-avoid-crashing-missing-band.patch

From: David Bauer <[email protected]>
Date: Thu, 30 Nov 2023 07:32:52 +0100
Subject: [PATCH] mac80211: avoid crashing on invalid band info

Frequent crashes have been observed on MT7916 based platforms. While the
root of these crashes are currently unknown, they happen when decoding
rate information of connected STAs in AP mode. The rate-information is
associated with a band which is not available on the PHY.

Check for this condition in order to avoid crashing the whole system.
This patch should be removed once the roout cause has been found and
fixed.

Link: https://github.com/freifunk-gluon/gluon/issues/2980

Signed-off-by: David Bauer <[email protected]>
---

--- a/net/mac80211/sta_info.c
+++ b/net/mac80211/sta_info.c

This file has been truncated. show original

jcdutton · April 3, 2024, 12:30pm

Also, be cautious. The openwrt stack traces are a bit of a wild goose chase. Although the offsets are mostly the correct, the function names are wrong.

frank-w · April 3, 2024, 1:25pm

How to debug if the function names are wrong? This is the most popular information…imho that means the debug-symbols in kernel are wrong (i don’t think so) and gdb or addr2func is also wrong. But crash in one function does not mean the rootcause is also there.

jcdutton · April 3, 2024, 1:36pm

The stack trace from openwrt is a little messed up.

Say we have, looking at an objdump of the .o file:

0x00000000: functionA (0x100 bytes long.

0x00000100: functionB (0x200 bytes long)

The openwrt stack trace might have something like this:

functionA+0x150/0x300

As you can see, that is outside of functionA.

you would need to translate it to:

functionB+0x50/0x200 to get the actual function that has the problem in it.

In this case functionB has the actual problem, even though the openwrt stacktrace called in functionA.

So, as long as you have the associated .o or .ko file that contains functionA and matches the kernel you were actually running, you can objdump the .o file to find where the actual function name and offset is.

So, as i say, its a bit messed up on openwrt.

I have not observed this problem yet with mainline kernels.