rt2800 crash on skb_push, apparently underflows the skb area

Bug #1289378 reported by Antti S. Lankila on 2014-03-07
This bug affects 1 person
Affects Status Importance Assigned to Milestone
linux (Ubuntu)

Bug Description

I have RT2800-based 5 GHz wireless card that serves as access point with hostapd. The hardware has served me well for years, but just yesterday on the 6th, the system has started crashing random. The system is headless, so I have no images of the prior crashes, but I connected up LCD last night and when I woke up, I saw a crash on the screen which I photographed. None of the crashes seem to be logged in dmesg. Based on experience so far, the system crashes unpredictably, the shortest interval that I've seen it crash is 20 minutes and the longest may be about 10 hours. Typically it won't last more than an hour, though.

I found Tuomas Räsänen complaining about a crash that smells like the same issue to me: http://permalink.gmane.org/gmane.linux.drivers.rt2x00.user/2460

Tuomas mentions that the crash occurs on hostapd version 2.x only. According to my dpkg.log, hostapd updated from version 1:1.0-3ubuntu4 to 1:2.1.0ubuntu1 on 6th 09:00, and the first hard crash was sometime between 18:18 and 19:20 that day. I am currently running with rt2800pci removed from kernel, which seems to have worked around the crash. My other wlan card, ath9k, seems to produce no problems.

ProblemType: Bug
DistroRelease: Ubuntu 14.04
Package: linux-image-3.13.0-16-generic 3.13.0-16.36
ProcVersionSignature: Ubuntu 3.13.0-16.36-generic 3.13.5
Uname: Linux 3.13.0-16-generic x86_64
 total 0
 crw-rw---- 1 root audio 116, 1 Mar 7 10:11 seq
 crw-rw---- 1 root audio 116, 33 Mar 7 10:11 timer
AplayDevices: Error: [Errno 2] No such file or directory: 'aplay'
ApportVersion: 2.13.2-0ubuntu5
Architecture: amd64
ArecordDevices: Error: [Errno 2] No such file or directory: 'arecord'
AudioDevicesInUse: Error: command ['fuser', '-v', '/dev/snd/seq', '/dev/snd/timer'] failed with exit code 1:
 country EU:
  (2402 - 2482 @ 40), (N/A, 20)
  (5170 - 5250 @ 40), (N/A, 20)
  (5250 - 5330 @ 40), (N/A, 20), DFS
  (5490 - 5710 @ 40), (N/A, 27), DFS
Date: Fri Mar 7 15:47:11 2014
IwConfig: Error: [Errno 2] No such file or directory: 'iwconfig'

 PATH=(custom, no user)
ProcFB: 0 inteldrmfb
ProcKernelCmdLine: BOOT_IMAGE=/boot/vmlinuz-3.13.0-16-generic root=UUID=f71305f7-0fa2-4521-b633-87103dab6ace ro cgroup_disable=memory elevator=cfq
 linux-restricted-modules-3.13.0-16-generic N/A
 linux-backports-modules-3.13.0-16-generic N/A
 linux-firmware 1.126
RfKill: Error: [Errno 2] No such file or directory: 'rfkill'
SourcePackage: linux
UpgradeStatus: Upgraded to trusty on 2011-04-29 (1042 days ago)
dmi.bios.date: 12/22/2011
dmi.bios.vendor: Intel Corp.
dmi.bios.version: BLH6710H.86A.0146.2011.1222.1415
dmi.board.asset.tag: To be filled by O.E.M.
dmi.board.name: DH67CL
dmi.board.vendor: Intel Corporation
dmi.board.version: AAG10212-210
dmi.chassis.type: 3
dmi.modalias: dmi:bvnIntelCorp.:bvrBLH6710H.86A.0146.2011.1222.1415:bd12/22/2011:svn:pn:pvr:rvnIntelCorporation:rnDH67CL:rvrAAG10212-210:cvn:ct3:cvr:

Antti S. Lankila (alankila) wrote :

This change was made by a bot.

Changed in linux (Ubuntu):
status: New → Confirmed
Joseph Salisbury (jsalisbury) wrote :

Would it be possible for you to test the latest upstream kernel? Refer to https://wiki.ubuntu.com/KernelMainlineBuilds . Please test the latest v3.14 kernel[0].

If this bug is fixed in the mainline kernel, please add the following tag 'kernel-fixed-upstream'.

If the mainline kernel does not fix this bug, please add the tag: 'kernel-bug-exists-upstream'.

If you are unable to test the mainline kernel, for example it will not boot, please add the tag: 'kernel-unable-to-test-upstream'.
Once testing of the upstream kernel is complete, please mark this bug as "Confirmed".

Thanks in advance.

[0] http://kernel.ubuntu.com/~kernel-ppa/mainline/v3.14-rc6-trusty/

Changed in linux (Ubuntu):
importance: Undecided → High
status: Confirmed → Incomplete
Antti S. Lankila (alankila) wrote :

Tested with 3.14-rc6, crash occurred in about 1 hour.

tags: added: kernel-bug-exists-upstream
Joseph Salisbury (jsalisbury) wrote :

This issue appears to be an upstream bug, since you tested the latest upstream kernel. Would it be possible for you to open an upstream bug report[0]? That will allow the upstream Developers to examine the issue, and may provide a quicker resolution to the bug.

Please follow the instructions on the wiki page[0]. The first step is to email the appropriate mailing list. If no response is received, then a bug may be opened on bugzilla.kernel.org.

Once this bug is reported upstream, please add the tag: 'kernel-bug-reported-upstream'.

[0] https://wiki.ubuntu.com/Bugs/Upstream/kernel

Changed in linux (Ubuntu):
status: Incomplete → Triaged
tags: added: kernel-bug-reported-upstream
khushboo (sharma-khushbu850) wrote :

Is this issue resolved? i am also facing crash in skb_push function while adding mac header in data .... can anyone help for this please .... :(

To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.