Bug 1001666

Summary: [abrt] WARNING: at drivers/net/wireless/brcm80211/brcmsmac/mac80211_if.c:827 brcms_ops_ampdu_action+0x1b2/0x1c0 [brcmsmac]()
Product: [Fedora] Fedora Reporter: bugzilla.ebv
Component: kernelAssignee: fedora-kernel-wireless-brcm80211
Status: CLOSED WONTFIX QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: 18CC: arend, bugzilla.ebv, gansalmon, hauke, itamar, jogreene, jonathan, kernel-maint, madhu.chinakonda, marcelo.barbosa, marcosmds
Target Milestone: ---Flags: hauke: needinfo-
Target Release: ---   
Hardware: x86_64   
OS: Unspecified   
Whiteboard: abrt_hash:71276345f5dd39b35ad2277231028ea6db8924df
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2014-02-05 22:20:12 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Attachments:
Description Flags
File: dmesg none

Description bugzilla.ebv 2013-08-27 13:37:04 UTC 
Additional info:
reporter:       libreport-2.1.6
WARNING: at drivers/net/wireless/brcm80211/brcmsmac/mac80211_if.c:827 brcms_ops_ampdu_action+0x1b2/0x1c0 [brcmsmac]()
Modules linked in: ipt_MASQUERADE nf_conntrack_netbios_ns nf_conntrack_broadcast ip6table_mangle ip6t_REJECT nf_conntrack_ipv6 nf_defrag_ipv6 iptable_nat nf_nat_ipv4 nf_nat iptable_mangle bnep nf_conntrack_ipv4 nf_defrag_ipv4 bluetooth xt_conntrack nf_conntrack be2iscsi ebtable_filter ebtables ip6table_filter ip6_tables iscsi_boot_sysfs bnx2i cnic uio cxgb4i cxgb4 cxgb3i cxgb3 mdio libcxgbi ib_iser rdma_cm ib_addr iw_cm ib_cm ib_sa ib_mad ib_core iscsi_tcp libiscsi_tcp libiscsi scsi_transport_iscsi snd_hda_codec_hdmi snd_hda_codec_realtek snd_hda_intel snd_hda_codec uvcvideo videobuf2_vmalloc snd_hwdep arc4 snd_seq snd_seq_device broadcom tg3 snd_pcm snd_page_alloc snd_timer brcmsmac cordic brcmutil acpi_cpufreq mperf coretemp mac80211 acer_wmi videobuf2_memops videobuf2_core videodev cfg80211 snd iTCO_wdt sparse_keymap soundcore rfkill vhost_net ptp pps_core iTCO_vendor_support media lpc_ich mfd_core mei_me mei microcode i2c_i801 bcma tun macvtap macvlan kvm_intel kvm uinput radeon i2c_algo_bit drm_kms_helper crc32c_intel ttm drm i2c_core mxm_wmi video wmi
CPU: 0 PID: 62 Comm: kworker/u16:2 Not tainted 3.10.9-100.fc18.x86_64 #1
Hardware name: Acer             Aspire 5741G    /Aspire 5741G    , BIOS V1.06 04/22/2010
Workqueue: phy0 ieee80211_iface_work [mac80211]
 0000000000000009 ffff88014d487c38 ffffffff81656206 ffff88014d487c78
 ffffffff8105d670 0000000000000000 ffff880151515800 0000000000000000
 0000000000000040 ffff8801514ca200 0000000000000000 ffff88014d487c88
Call Trace:
 [<ffffffff81656206>] dump_stack+0x19/0x1b
 [<ffffffff8105d670>] warn_slowpath_common+0x70/0xa0
 [<ffffffff8105d6ba>] warn_slowpath_null+0x1a/0x20
 [<ffffffffa042b242>] brcms_ops_ampdu_action+0x1b2/0x1c0 [brcmsmac]
 [<ffffffffa03a8dae>] ? ieee80211_process_addba_request+0x18e/0x620 [mac80211]
 [<ffffffffa03a8dae>] ? ieee80211_process_addba_request+0x18e/0x620 [mac80211]
 [<ffffffffa03a8e4b>] ieee80211_process_addba_request+0x22b/0x620 [mac80211]
 [<ffffffffa03acea0>] ieee80211_iface_work+0x2e0/0x360 [mac80211]
 [<ffffffff8107b54a>] process_one_work+0x17a/0x400
 [<ffffffff8107c9ac>] worker_thread+0x11c/0x370
 [<ffffffff8107c890>] ? manage_workers.isra.21+0x2b0/0x2b0
 [<ffffffff81082ab0>] kthread+0xc0/0xd0
 [<ffffffff81010000>] ? perf_trace_xen_mmu_flush_tlb_others+0xa0/0x110
 [<ffffffff810829f0>] ? kthread_create_on_node+0x120/0x120
 [<ffffffff816647ac>] ret_from_fork+0x7c/0xb0
 [<ffffffff810829f0>] ? kthread_create_on_node+0x120/0x120
Comment 1 bugzilla.ebv 2013-08-27 13:37:17 UTC 
Created attachment 790975 [details]
File: dmesg
Comment 2 Justin M. Forbes 2013-10-18 20:59:05 UTC 
*********** MASS BUG UPDATE **************

We apologize for the inconvenience.  There is a large number of bugs to go through and several of them have gone stale.  Due to this, we are doing a mass bug update across all of the Fedora 18 kernel bugs.

Fedora 18 has now been rebased to 3.11.4-101.fc18.  Please test this kernel update (or newer) and let us know if you issue has been resolved or if it is still present with the newer kernel.

If you have moved on to Fedora 19, and are still experiencing this issue, please change the version to Fedora 19.

If you experience different issues, please open a new bug report for those.
Comment 3 John Greene 2013-10-28 16:50:46 UTC 
Is this easily repeatable?  I checked on upstream, nothing really obvious to address this, but can try a later kernel?
Comment 4 Arend van Spriel 2013-10-29 09:07:49 UTC 
Looking at the dmesg it seems like a race condition. mac80211 does a addba, but brcmsmac has not initialized the data structure for that.

I noticed in brcms_ops_sta_add(), which is responsible for initializing the data structure, the following comment:

	/*
	 * minstrel_ht initiates addBA on our behalf by calling
	 * ieee80211_start_tx_ba_session()
	 */

There is no lock taken in brcms_ops_sta_add() during this initialization so mac80211 can freely move on and call brcms_ops_ampdu_action() on interface worker thread.
Comment 5 John Greene 2013-11-01 15:36:36 UTC 
(In reply to Arend van Spriel from comment #4)
> Looking at the dmesg it seems like a race condition. mac80211 does a addba,
> but brcmsmac has not initialized the data structure for that.
> 
> I noticed in brcms_ops_sta_add(), which is responsible for initializing the
> data structure, the following comment:
> 
> 	/*
> 	 * minstrel_ht initiates addBA on our behalf by calling
> 	 * ieee80211_start_tx_ba_session()
> 	 */
> 
> There is no lock taken in brcms_ops_sta_add() during this initialization so
> mac80211 can freely move on and call brcms_ops_ampdu_action() on interface
> worker thread.

I'll see about this one. Thanks Arend.
Comment 6 John Greene 2013-11-11 19:33:02 UTC 
*** Bug 1028776 has been marked as a duplicate of this bug. ***
Comment 7 Fedora End Of Life 2013-12-21 14:31:50 UTC 
This message is a reminder that Fedora 18 is nearing its end of life.
Approximately 4 (four) weeks from now Fedora will stop maintaining
and issuing updates for Fedora 18. It is Fedora's policy to close all
bug reports from releases that are no longer maintained. At that time
this bug will be closed as WONTFIX if it remains open with a Fedora 
'version' of '18'.

Package Maintainer: If you wish for this bug to remain open because you
plan to fix it in a currently maintained version, simply change the 'version' 
to a later Fedora version prior to Fedora 18's end of life.

Thank you for reporting this issue and we are sorry that we may not be 
able to fix it before Fedora 18 is end of life. If you would still like 
to see this bug fixed and are able to reproduce it against a later version 
of Fedora, you are encouraged  change the 'version' to a later Fedora 
version prior to Fedora 18's end of life.

Although we aim to fix as many bugs as possible during every release's 
lifetime, sometimes those efforts are overtaken by events. Often a 
more recent Fedora release includes newer upstream software that fixes 
bugs or makes them obsolete.
Comment 8 Fedora End Of Life 2014-02-05 22:20:12 UTC 
Fedora 18 changed to end-of-life (EOL) status on 2014-01-14. Fedora 18 is
no longer maintained, which means that it will not receive any further
security or bug fix updates. As a result we are closing this bug.

If you can reproduce this bug against a currently maintained version of
Fedora please feel free to reopen this bug against that version. If you
are unable to reopen this bug, please file a new report against the
current release. If you experience problems, please add a comment to this
bug.

Thank you for reporting this bug and we are sorry it could not be fixed.
Comment 9 Red Hat Bugzilla 2023-09-15 01:24:25 UTC 
The needinfo request[s] on this closed bug have been removed as they have been unresolved for 365 days