Re: [Bug] mt7921e driver in 5.16 causes kernel panic

From: Ben Greear
Date: Tue Jan 11 2022 - 19:10:59 EST

Next message: pr-tracker-bot: "Re: [GIT PULL] erofs updates for 5.17-rc1"
Previous message: Kunihiko Hayashi: "Re: [patch] genirq/msi: Populate sysfs entry only once"
In reply to: Khalid Aziz: "Re: [Bug] mt7921e driver in 5.16 causes kernel panic"
Next in thread: sean.wang: "Re: [Bug] mt7921e driver in 5.16 causes kernel panic"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On 1/11/22 3:58 PM, Khalid Aziz wrote:

On 1/11/22 16:31, Ben Greear wrote:

On 1/11/22 3:17 PM, Khalid Aziz wrote:

I am seeing an intermittent bug in mt7921e driver. When the driver module is loaded
and is being initialized, almost every other time it seems to write to some wild
memory location. This results in driver failing to initialize with message
"Timeout for driver own" and at the same time I start to see "Bad page state" messages
for random processes. Here is the relevant part of dmesg:

Please see if this helps?

From: Ben Greear <greearb@xxxxxxxxxxxxxxx>

If the nic fails to start, it is possible that the
reset_work has already been scheduled. Ensure the
work item is canceled so we do not have use-after-free
crash in case cleanup is called before the work item
is executed.

This fixes crash on my x86_64 apu2 when mt7921k radio
fails to work. Radio still fails, but OS does not
crash.

Signed-off-by: Ben Greear <greearb@xxxxxxxxxxxxxxx>
---
  drivers/net/wireless/mediatek/mt76/mt7921/main.c | 1 +
  1 file changed, 1 insertion(+)

diff --git a/drivers/net/wireless/mediatek/mt76/mt7921/main.c b/drivers/net/wireless/mediatek/mt76/mt7921/main.c
index 6073bedaa1c08..9b33002dcba4a 100644
--- a/drivers/net/wireless/mediatek/mt76/mt7921/main.c
+++ b/drivers/net/wireless/mediatek/mt76/mt7921/main.c
@@ -272,6 +272,7 @@ static void mt7921_stop(struct ieee80211_hw *hw)

      cancel_delayed_work_sync(&dev->pm.ps_work);
      cancel_work_sync(&dev->pm.wake_work);
+    cancel_work_sync(&dev->reset_work);
      mt76_connac_free_pending_tx_skbs(&dev->pm, NULL);

      mt7921_mutex_acquire(dev);

Hi Ben,

Unfortunately that did not help. I still saw the same messages and a kernel panic. I do not see this bug if I power down the laptop before booting it up, so mt7921_stop() would make sense as the reasonable place to fix it.

I think there are bugs around soft power cycle in these radios. (And today someone reported
to me same type of problem in some 7915 radio, though my 7915 radios work in that regard for me.) The patch above
fixes a crash I saw on a system with 7921k radio when the radio fails to boot properly for some reason
or another. I guess there must be more bugs in the radio bringup logic and you are hitting something
different from what I hit.

Thanks,
Ben

--
Ben Greear <greearb@xxxxxxxxxxxxxxx>
Candela Technologies Inc http://www.candelatech.com

Next message: pr-tracker-bot: "Re: [GIT PULL] erofs updates for 5.17-rc1"
Previous message: Kunihiko Hayashi: "Re: [patch] genirq/msi: Populate sysfs entry only once"
In reply to: Khalid Aziz: "Re: [Bug] mt7921e driver in 5.16 causes kernel panic"
Next in thread: sean.wang: "Re: [Bug] mt7921e driver in 5.16 causes kernel panic"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]