subject:"\[Kernel\-packages\] \[Bug 1341275\] Re\: Kernel panic in rtl8821ae with 3.13.0\-30"

[Kernel-packages] [Bug 1341275] Re: Kernel panic in rtl8821ae with 3.13.0-30

2014-08-08 Thread Christopher M. Penalver

TJ, thank you for your comment. Unfortunately, this is scoped to the original 
reporter David Coles, not you, your hardware, or your problem. Hence, please do 
not adjust the Bug Title, Tags, or Status of this report. If you are having a 
problem in Ubuntu, so your hardware and problem may be tracked, could you 
please file a new report with Ubuntu by executing the following in a terminal 
while booted into the default Ubuntu kernel (not a mainline one) via:
ubuntu-bug linux

For more on this, please read the official Ubuntu documentation:
Ubuntu Bug Control and Ubuntu Bug Squad: 
https://wiki.ubuntu.com/Bugs/BestPractices#X.2BAC8-Reporting.Focus_on_One_Issue
Ubuntu Kernel Team: 
https://wiki.ubuntu.com/KernelTeam/KernelTeamBugPolicies#Filing_Kernel_Bug_reports
Ubuntu Community: 
https://help.ubuntu.com/community/ReportingBugs#Bug_reporting_etiquette

When opening up the new report, please feel free to subscribe me to it.

Thank you for your understanding.

Helpful bug reporting tips:
https://wiki.ubuntu.com/ReportingBugs

** Changed in: linux (Ubuntu)
   Status: Triaged = Incomplete

** Summary changed:

- Kernel panic in rtl8821ae with 3.13.0-30
+ 10ec:8821 [Gigabyte GB-BXi7-4470R] Kernel panic in rtl8821ae

** Tags added: needs-reverse-bisect

-- 
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1341275

Title:
  10ec:8821 [Gigabyte GB-BXi7-4470R] Kernel panic in rtl8821ae

Status in “linux” package in Ubuntu:
  Incomplete

Bug description:
  After updating the system to linux-image-3.13.0-30-generic (trusty-
  updates), the encounters a kernel panic during boot in the rtl8821ae
  module. This prevents the system from booting.

  This appears to be an issue relating to the mPCI WiFi+BT module
  (Realtek Semiconductor Co., Ltd. RTL8821AE 802.11ac PCIe Wireless
  Network Adapter) included with the system.

  A workaround is to boot using the older linux-image-3.13.0-24-generic
  (trusty).

  ProblemType: Bug
  DistroRelease: Ubuntu 14.04
  Package: linux-image-3.13.0-30-generic 3.13.0-30.55
  ProcVersionSignature: Ubuntu 3.13.0-24.47-generic 3.13.9
  Uname: Linux 3.13.0-24-generic x86_64
  ApportVersion: 2.14.1-0ubuntu3.2
  Architecture: amd64
  AudioDevicesInUse:
   USERPID ACCESS COMMAND
   /dev/snd/controlC1:  dcoles 2324 F pulseaudio
   /dev/snd/pcmC1D0p:   dcoles 2324 F...m pulseaudio
   /dev/snd/controlC0:  dcoles 2324 F pulseaudio
  CurrentDesktop: GNOME
  Date: Sun Jul 13 20:35:13 2014
  HibernationDevice: RESUME=UUID=489d6aeb-add6-485d-8056-de392a8591b7
  InstallationDate: Installed on 2014-03-14 (120 days ago)
  InstallationMedia: Ubuntu 14.04 LTS Trusty Tahr - Alpha amd64 (20140310)
  MachineType: GIGABYTE M4HM87P-00
  ProcEnviron:
   TERM=xterm
   PATH=(custom, no user)
   XDG_RUNTIME_DIR=set
   LANG=en_US.UTF-8
   SHELL=/bin/bash
  ProcFB: 0 inteldrmfb
  ProcKernelCmdLine: BOOT_IMAGE=/vmlinuz-3.13.0-24-generic.efi.signed 
root=/dev/mapper/ubuntu--vg-root ro quiet splash
  RelatedPackageVersions:
   linux-restricted-modules-3.13.0-24-generic N/A
   linux-backports-modules-3.13.0-24-generic  N/A
   linux-firmware 1.127.4
  SourcePackage: linux
  StagingDrivers: rtl8821ae
  UpgradeStatus: No upgrade log present (probably fresh install)
  dmi.bios.date: 02/06/2014
  dmi.bios.vendor: American Megatrends Inc.
  dmi.bios.version: F3
  dmi.board.asset.tag: To be filled by O.E.M.
  dmi.board.name: M4HM87P-00
  dmi.board.vendor: GIGABYTE
  dmi.board.version: 1.x
  dmi.chassis.asset.tag: To Be Filled By O.E.M.
  dmi.chassis.type: 3
  dmi.chassis.vendor: To Be Filled By O.E.M.
  dmi.chassis.version: To Be Filled By O.E.M.
  dmi.modalias: 
dmi:bvnAmericanMegatrendsInc.:bvrF3:bd02/06/2014:svnGIGABYTE:pnM4HM87P-00:pvr1.x:rvnGIGABYTE:rnM4HM87P-00:rvr1.x:cvnToBeFilledByO.E.M.:ct3:cvrToBeFilledByO.E.M.:
  dmi.product.name: M4HM87P-00
  dmi.product.version: 1.x
  dmi.sys.vendor: GIGABYTE

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1341275/+subscriptions

-- 
Mailing list: https://launchpad.net/~kernel-packages
Post to : kernel-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~kernel-packages
More help   : https://help.launchpad.net/ListHelp

Re: [Kernel-packages] [Bug 1341275] Re: Kernel panic in rtl8821ae with 3.13.0-30

2014-08-08 Thread TJ

On 08/08/14 11:00, Christopher M. Penalver wrote:
 TJ, thank you for your comment. Unfortunately, this is scoped to the original 
 reporter David Coles, not you...

Christopher. I was triaging the bug as it affects other users, it is not 
specific to the original reporters motherboard. I worked on this in detail 
yesterday supporting another user with the identical 
failure on Asus X551MA.

As a kernel hacker I investigated the bug in detail and diagnosed the
cause.  My additions to this report are in light of my findings.

RIP [a042ffe5] rtl8821ae_rx_query_desc+0x1d5/0xa50 [rtl8821ae]

No changes were introduced in the rtl8821ae module between 3.13.0-24 and
3.13.0-30. The only changes were in mac80211, which rtl8821ae depends on
(along with cfg80211):

# check rtl8821ae
$ gitlog Ubuntu-3.13.0-24.47..Ubuntu-3.13.0-30.55 -- drivers/staging/rtl8821ae
# check mac80211
$ gitlog Ubuntu-3.13.0-24.47..Ubuntu-3.13.0-30.55 -- net/mac80211
7049ad3 Mon May 19 18:45:30 2014 +0100 Michael Braun mac80211: fix WPA with 
VLAN on AP side with ps-sta again
5d31275 Mon May 19 18:45:30 2014 +0100 Johannes Berg mac80211: fix suspend vs. 
authentication race
56f2ea4 Mon May 19 18:45:29 2014 +0100 Johannes Berg mac80211: fix potential 
use-after-free
22bf70f Tue Apr 15 15:27:46 2014 +0100 Johannes Berg mac80211: add length check 
in ieee80211_is_robust_mgmt_frame()
# check mac80211
$ gitlog Ubuntu-3.13.0-24.47..Ubuntu-3.13.0-30.55 -- net/wireless/
$

The faulting location is in function rx_query_desc() at offset 0x1d5.

$ objdump -d
/lib/modules/3.13.0-30-generic/kernel/drivers/staging/rtl8821ae/rtl8821ae.ko

00033e40 rtl8821ae_rx_query_desc:

Faulting instruction is at 0x33e40 + 0x1d5 = 0x34015

Now I examine the debug-symbols of the module with:

$ gdb -d drivers/staging/rtl8821ae -d
drivers/staging/rtl8821ae/rtl8821ae
/usr/lib/debug/modules/3.13.0-30-generic/kernel/drivers/staging/rtl8821ae/rtl8821ae.dbgsym.ko

(gdb) info line rtl8821ae_rx_query_desc
Line 539 of 
/build/buildd/linux-3.13.0/drivers/staging/rtl8821ae/rtl8821ae/trx.c starts 
at address 0x33e40 rtl8821ae_rx_query_desc
and ends at 0x33e65 rtl8821ae_rx_query_desc+37.
(gdb) x/i 0x34015
0x34015 rtl8821ae_rx_query_desc+469:   movzwl (%rdi),%esi
(gdb) disas rtl8821ae_rx_query_desc
...
0x00033ffe +446:   je 0x34641 rtl8821ae_rx_query_desc+2049
0x00034004 +452:   cmpl   $0x18,0x68(%rdx)
0x00034008 +456:   jbe0x34268 rtl8821ae_rx_query_desc+1064
0x0003400e +462:   mov0xd8(%rdx),%rdi   /* 
hdr-frame_control */
0x00034015 +469:   movzwl (%rdi),%esi   /* FAULT %rdi 
invalid */
0x00034018 +472:   mov%esi,%ecx
0x0003401a +474:   and$0xfc,%cx
0x0003401f +479:   cmp$0xa0,%cx
0x00034024 +484:   je 0x34068 rtl8821ae_rx_query_desc+552
...
(gdb) info line *0x34015
Line 2194 of /build/buildd/linux-3.13.0/include/linux/ieee80211.h starts at 
address 0x34015 rtl8821ae_rx_query_desc+469
and ends at 0x34018 rtl8821ae_rx_query_desc+472.

 include/linux/ieee80211.h -
/**
  * _ieee80211_is_robust_mgmt_frame - check if frame is a robust management 
frame
  * @hdr: the frame (buffer must include at least the first octet of payload)
  */
static inline bool _ieee80211_is_robust_mgmt_frame(struct ieee80211_hdr *hdr)
{
   if (ieee80211_is_disassoc(hdr-frame_control) ||  /* LINE 2194 */
   ieee80211_is_deauth(hdr-frame_control))
 return true;


/**
  * ieee80211_is_disassoc - check if IEEE80211_FTYPE_MGMT  
IEEE80211_STYPE_DISASSOC
  * @fc: frame control bytes in little-endian byteorder
  */
static inline int ieee80211_is_disassoc(__le16 fc)
{
   return (fc  cpu_to_le16(IEEE80211_FCTL_FTYPE | IEEE80211_FCTL_STYPE)) ==
  cpu_to_le16(IEEE80211_FTYPE_MGMT | IEEE80211_STYPE_DISASSOC);
}

- drivers/staging/rtl8821ae/rtl8821ae/trx.c::rtl8821ae_rx_query_desc() -
...
 if ((ieee80211_is_robust_mgmt_frame(hdr)) /* FAULT LOCATION */
   (ieee80211_has_protected(hdr-frame_control)))
   rx_status-flag = ~RX_FLAG_DECRYPTED;
 else
   rx_status-flag |= RX_FLAG_DECRYPTED;
   }
...
- 8- -

On investigation it appears that gdb may have an incorrect debug reference for 
the location of ieee80211_is_robust_mgmt_frame() since the
location it references is for the underscore-prefix function 
_ieee80211_is_robust_mgmt_frame(). This may be due to both functions being 
inline.

The changes introduced in commit:

22bf70f Tue Apr 15 15:27:46 2014 +0100 Johannes Berg mac80211: add
length check in ieee80211_is_robust_mgmt_frame()

include renaming the existing

ieee80211_is_robust_mgmt_frame(struct ieee80211_hdr *hdr)

to

_ieee80211_is_robust_mgmt_frame(struct ieee80211_hdr *hdr)

and replacing the original function with one taking an skb, not
ieee80211_hdr:

+ * ieee80211_is_robust_mgmt_frame - check if skb contains a robust mgmt frame
+ * @skb: the skb containing the frame,

[Kernel-packages] [Bug 1341275] Re: Kernel panic in rtl8821ae with 3.13.0-30

Re: [Kernel-packages] [Bug 1341275] Re: Kernel panic in rtl8821ae with 3.13.0-30

2 matches

Site Navigation

Mail list logo

Footer information