Hide Forgot
Additional info: reporter: libreport-2.1.6 WARNING: at drivers/net/wireless/brcm80211/brcmsmac/mac80211_if.c:827 brcms_ops_ampdu_action+0x1b2/0x1c0 [brcmsmac]() Modules linked in: ipt_MASQUERADE nf_conntrack_netbios_ns nf_conntrack_broadcast ip6table_mangle ip6t_REJECT nf_conntrack_ipv6 nf_defrag_ipv6 iptable_nat nf_nat_ipv4 nf_nat iptable_mangle bnep nf_conntrack_ipv4 nf_defrag_ipv4 bluetooth xt_conntrack nf_conntrack be2iscsi ebtable_filter ebtables ip6table_filter ip6_tables iscsi_boot_sysfs bnx2i cnic uio cxgb4i cxgb4 cxgb3i cxgb3 mdio libcxgbi ib_iser rdma_cm ib_addr iw_cm ib_cm ib_sa ib_mad ib_core iscsi_tcp libiscsi_tcp libiscsi scsi_transport_iscsi snd_hda_codec_hdmi snd_hda_codec_realtek snd_hda_intel snd_hda_codec uvcvideo videobuf2_vmalloc snd_hwdep arc4 snd_seq snd_seq_device broadcom tg3 snd_pcm snd_page_alloc snd_timer brcmsmac cordic brcmutil acpi_cpufreq mperf coretemp mac80211 acer_wmi videobuf2_memops videobuf2_core videodev cfg80211 snd iTCO_wdt sparse_keymap soundcore rfkill vhost_net ptp pps_core iTCO_vendor_support media lpc_ich mfd_core mei_me mei microcode i2c_i801 bcma tun macvtap macvlan kvm_intel kvm uinput radeon i2c_algo_bit drm_kms_helper crc32c_intel ttm drm i2c_core mxm_wmi video wmi CPU: 0 PID: 62 Comm: kworker/u16:2 Not tainted 3.10.9-100.fc18.x86_64 #1 Hardware name: Acer Aspire 5741G /Aspire 5741G , BIOS V1.06 04/22/2010 Workqueue: phy0 ieee80211_iface_work [mac80211] 0000000000000009 ffff88014d487c38 ffffffff81656206 ffff88014d487c78 ffffffff8105d670 0000000000000000 ffff880151515800 0000000000000000 0000000000000040 ffff8801514ca200 0000000000000000 ffff88014d487c88 Call Trace: [<ffffffff81656206>] dump_stack+0x19/0x1b [<ffffffff8105d670>] warn_slowpath_common+0x70/0xa0 [<ffffffff8105d6ba>] warn_slowpath_null+0x1a/0x20 [<ffffffffa042b242>] brcms_ops_ampdu_action+0x1b2/0x1c0 [brcmsmac] [<ffffffffa03a8dae>] ? ieee80211_process_addba_request+0x18e/0x620 [mac80211] [<ffffffffa03a8dae>] ? ieee80211_process_addba_request+0x18e/0x620 [mac80211] [<ffffffffa03a8e4b>] ieee80211_process_addba_request+0x22b/0x620 [mac80211] [<ffffffffa03acea0>] ieee80211_iface_work+0x2e0/0x360 [mac80211] [<ffffffff8107b54a>] process_one_work+0x17a/0x400 [<ffffffff8107c9ac>] worker_thread+0x11c/0x370 [<ffffffff8107c890>] ? manage_workers.isra.21+0x2b0/0x2b0 [<ffffffff81082ab0>] kthread+0xc0/0xd0 [<ffffffff81010000>] ? perf_trace_xen_mmu_flush_tlb_others+0xa0/0x110 [<ffffffff810829f0>] ? kthread_create_on_node+0x120/0x120 [<ffffffff816647ac>] ret_from_fork+0x7c/0xb0 [<ffffffff810829f0>] ? kthread_create_on_node+0x120/0x120
Created attachment 790975 [details] File: dmesg
*********** MASS BUG UPDATE ************** We apologize for the inconvenience. There is a large number of bugs to go through and several of them have gone stale. Due to this, we are doing a mass bug update across all of the Fedora 18 kernel bugs. Fedora 18 has now been rebased to 3.11.4-101.fc18. Please test this kernel update (or newer) and let us know if you issue has been resolved or if it is still present with the newer kernel. If you have moved on to Fedora 19, and are still experiencing this issue, please change the version to Fedora 19. If you experience different issues, please open a new bug report for those.
Is this easily repeatable? I checked on upstream, nothing really obvious to address this, but can try a later kernel?
Looking at the dmesg it seems like a race condition. mac80211 does a addba, but brcmsmac has not initialized the data structure for that. I noticed in brcms_ops_sta_add(), which is responsible for initializing the data structure, the following comment: /* * minstrel_ht initiates addBA on our behalf by calling * ieee80211_start_tx_ba_session() */ There is no lock taken in brcms_ops_sta_add() during this initialization so mac80211 can freely move on and call brcms_ops_ampdu_action() on interface worker thread.
(In reply to Arend van Spriel from comment #4) > Looking at the dmesg it seems like a race condition. mac80211 does a addba, > but brcmsmac has not initialized the data structure for that. > > I noticed in brcms_ops_sta_add(), which is responsible for initializing the > data structure, the following comment: > > /* > * minstrel_ht initiates addBA on our behalf by calling > * ieee80211_start_tx_ba_session() > */ > > There is no lock taken in brcms_ops_sta_add() during this initialization so > mac80211 can freely move on and call brcms_ops_ampdu_action() on interface > worker thread. I'll see about this one. Thanks Arend.
*** Bug 1028776 has been marked as a duplicate of this bug. ***
This message is a reminder that Fedora 18 is nearing its end of life. Approximately 4 (four) weeks from now Fedora will stop maintaining and issuing updates for Fedora 18. It is Fedora's policy to close all bug reports from releases that are no longer maintained. At that time this bug will be closed as WONTFIX if it remains open with a Fedora 'version' of '18'. Package Maintainer: If you wish for this bug to remain open because you plan to fix it in a currently maintained version, simply change the 'version' to a later Fedora version prior to Fedora 18's end of life. Thank you for reporting this issue and we are sorry that we may not be able to fix it before Fedora 18 is end of life. If you would still like to see this bug fixed and are able to reproduce it against a later version of Fedora, you are encouraged change the 'version' to a later Fedora version prior to Fedora 18's end of life. Although we aim to fix as many bugs as possible during every release's lifetime, sometimes those efforts are overtaken by events. Often a more recent Fedora release includes newer upstream software that fixes bugs or makes them obsolete.
Fedora 18 changed to end-of-life (EOL) status on 2014-01-14. Fedora 18 is no longer maintained, which means that it will not receive any further security or bug fix updates. As a result we are closing this bug. If you can reproduce this bug against a currently maintained version of Fedora please feel free to reopen this bug against that version. If you are unable to reopen this bug, please file a new report against the current release. If you experience problems, please add a comment to this bug. Thank you for reporting this bug and we are sorry it could not be fixed.