[Kernel-packages] [Bug 1341275] Re: Kernel panic in rtl8821ae with 3.13.0-30
TJ, thank you for your comment. Unfortunately, this is scoped to the original reporter David Coles, not you, your hardware, or your problem. Hence, please do not adjust the Bug Title, Tags, or Status of this report. If you are having a problem in Ubuntu, so your hardware and problem may be tracked, could you please file a new report with Ubuntu by executing the following in a terminal while booted into the default Ubuntu kernel (not a mainline one) via: ubuntu-bug linux For more on this, please read the official Ubuntu documentation: Ubuntu Bug Control and Ubuntu Bug Squad: https://wiki.ubuntu.com/Bugs/BestPractices#X.2BAC8-Reporting.Focus_on_One_Issue Ubuntu Kernel Team: https://wiki.ubuntu.com/KernelTeam/KernelTeamBugPolicies#Filing_Kernel_Bug_reports Ubuntu Community: https://help.ubuntu.com/community/ReportingBugs#Bug_reporting_etiquette When opening up the new report, please feel free to subscribe me to it. Thank you for your understanding. Helpful bug reporting tips: https://wiki.ubuntu.com/ReportingBugs ** Changed in: linux (Ubuntu) Status: Triaged = Incomplete ** Summary changed: - Kernel panic in rtl8821ae with 3.13.0-30 + 10ec:8821 [Gigabyte GB-BXi7-4470R] Kernel panic in rtl8821ae ** Tags added: needs-reverse-bisect -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/1341275 Title: 10ec:8821 [Gigabyte GB-BXi7-4470R] Kernel panic in rtl8821ae Status in “linux” package in Ubuntu: Incomplete Bug description: After updating the system to linux-image-3.13.0-30-generic (trusty- updates), the encounters a kernel panic during boot in the rtl8821ae module. This prevents the system from booting. This appears to be an issue relating to the mPCI WiFi+BT module (Realtek Semiconductor Co., Ltd. RTL8821AE 802.11ac PCIe Wireless Network Adapter) included with the system. A workaround is to boot using the older linux-image-3.13.0-24-generic (trusty). ProblemType: Bug DistroRelease: Ubuntu 14.04 Package: linux-image-3.13.0-30-generic 3.13.0-30.55 ProcVersionSignature: Ubuntu 3.13.0-24.47-generic 3.13.9 Uname: Linux 3.13.0-24-generic x86_64 ApportVersion: 2.14.1-0ubuntu3.2 Architecture: amd64 AudioDevicesInUse: USERPID ACCESS COMMAND /dev/snd/controlC1: dcoles 2324 F pulseaudio /dev/snd/pcmC1D0p: dcoles 2324 F...m pulseaudio /dev/snd/controlC0: dcoles 2324 F pulseaudio CurrentDesktop: GNOME Date: Sun Jul 13 20:35:13 2014 HibernationDevice: RESUME=UUID=489d6aeb-add6-485d-8056-de392a8591b7 InstallationDate: Installed on 2014-03-14 (120 days ago) InstallationMedia: Ubuntu 14.04 LTS Trusty Tahr - Alpha amd64 (20140310) MachineType: GIGABYTE M4HM87P-00 ProcEnviron: TERM=xterm PATH=(custom, no user) XDG_RUNTIME_DIR=set LANG=en_US.UTF-8 SHELL=/bin/bash ProcFB: 0 inteldrmfb ProcKernelCmdLine: BOOT_IMAGE=/vmlinuz-3.13.0-24-generic.efi.signed root=/dev/mapper/ubuntu--vg-root ro quiet splash RelatedPackageVersions: linux-restricted-modules-3.13.0-24-generic N/A linux-backports-modules-3.13.0-24-generic N/A linux-firmware 1.127.4 SourcePackage: linux StagingDrivers: rtl8821ae UpgradeStatus: No upgrade log present (probably fresh install) dmi.bios.date: 02/06/2014 dmi.bios.vendor: American Megatrends Inc. dmi.bios.version: F3 dmi.board.asset.tag: To be filled by O.E.M. dmi.board.name: M4HM87P-00 dmi.board.vendor: GIGABYTE dmi.board.version: 1.x dmi.chassis.asset.tag: To Be Filled By O.E.M. dmi.chassis.type: 3 dmi.chassis.vendor: To Be Filled By O.E.M. dmi.chassis.version: To Be Filled By O.E.M. dmi.modalias: dmi:bvnAmericanMegatrendsInc.:bvrF3:bd02/06/2014:svnGIGABYTE:pnM4HM87P-00:pvr1.x:rvnGIGABYTE:rnM4HM87P-00:rvr1.x:cvnToBeFilledByO.E.M.:ct3:cvrToBeFilledByO.E.M.: dmi.product.name: M4HM87P-00 dmi.product.version: 1.x dmi.sys.vendor: GIGABYTE To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1341275/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp
Re: [Kernel-packages] [Bug 1341275] Re: Kernel panic in rtl8821ae with 3.13.0-30
On 08/08/14 11:00, Christopher M. Penalver wrote: TJ, thank you for your comment. Unfortunately, this is scoped to the original reporter David Coles, not you... Christopher. I was triaging the bug as it affects other users, it is not specific to the original reporters motherboard. I worked on this in detail yesterday supporting another user with the identical failure on Asus X551MA. As a kernel hacker I investigated the bug in detail and diagnosed the cause. My additions to this report are in light of my findings. RIP [a042ffe5] rtl8821ae_rx_query_desc+0x1d5/0xa50 [rtl8821ae] No changes were introduced in the rtl8821ae module between 3.13.0-24 and 3.13.0-30. The only changes were in mac80211, which rtl8821ae depends on (along with cfg80211): # check rtl8821ae $ gitlog Ubuntu-3.13.0-24.47..Ubuntu-3.13.0-30.55 -- drivers/staging/rtl8821ae # check mac80211 $ gitlog Ubuntu-3.13.0-24.47..Ubuntu-3.13.0-30.55 -- net/mac80211 7049ad3 Mon May 19 18:45:30 2014 +0100 Michael Braun mac80211: fix WPA with VLAN on AP side with ps-sta again 5d31275 Mon May 19 18:45:30 2014 +0100 Johannes Berg mac80211: fix suspend vs. authentication race 56f2ea4 Mon May 19 18:45:29 2014 +0100 Johannes Berg mac80211: fix potential use-after-free 22bf70f Tue Apr 15 15:27:46 2014 +0100 Johannes Berg mac80211: add length check in ieee80211_is_robust_mgmt_frame() # check mac80211 $ gitlog Ubuntu-3.13.0-24.47..Ubuntu-3.13.0-30.55 -- net/wireless/ $ The faulting location is in function rx_query_desc() at offset 0x1d5. $ objdump -d /lib/modules/3.13.0-30-generic/kernel/drivers/staging/rtl8821ae/rtl8821ae.ko 00033e40 rtl8821ae_rx_query_desc: Faulting instruction is at 0x33e40 + 0x1d5 = 0x34015 Now I examine the debug-symbols of the module with: $ gdb -d drivers/staging/rtl8821ae -d drivers/staging/rtl8821ae/rtl8821ae /usr/lib/debug/modules/3.13.0-30-generic/kernel/drivers/staging/rtl8821ae/rtl8821ae.dbgsym.ko (gdb) info line rtl8821ae_rx_query_desc Line 539 of /build/buildd/linux-3.13.0/drivers/staging/rtl8821ae/rtl8821ae/trx.c starts at address 0x33e40 rtl8821ae_rx_query_desc and ends at 0x33e65 rtl8821ae_rx_query_desc+37. (gdb) x/i 0x34015 0x34015 rtl8821ae_rx_query_desc+469: movzwl (%rdi),%esi (gdb) disas rtl8821ae_rx_query_desc ... 0x00033ffe +446: je 0x34641 rtl8821ae_rx_query_desc+2049 0x00034004 +452: cmpl $0x18,0x68(%rdx) 0x00034008 +456: jbe0x34268 rtl8821ae_rx_query_desc+1064 0x0003400e +462: mov0xd8(%rdx),%rdi /* hdr-frame_control */ 0x00034015 +469: movzwl (%rdi),%esi /* FAULT %rdi invalid */ 0x00034018 +472: mov%esi,%ecx 0x0003401a +474: and$0xfc,%cx 0x0003401f +479: cmp$0xa0,%cx 0x00034024 +484: je 0x34068 rtl8821ae_rx_query_desc+552 ... (gdb) info line *0x34015 Line 2194 of /build/buildd/linux-3.13.0/include/linux/ieee80211.h starts at address 0x34015 rtl8821ae_rx_query_desc+469 and ends at 0x34018 rtl8821ae_rx_query_desc+472. include/linux/ieee80211.h - /** * _ieee80211_is_robust_mgmt_frame - check if frame is a robust management frame * @hdr: the frame (buffer must include at least the first octet of payload) */ static inline bool _ieee80211_is_robust_mgmt_frame(struct ieee80211_hdr *hdr) { if (ieee80211_is_disassoc(hdr-frame_control) || /* LINE 2194 */ ieee80211_is_deauth(hdr-frame_control)) return true; /** * ieee80211_is_disassoc - check if IEEE80211_FTYPE_MGMT IEEE80211_STYPE_DISASSOC * @fc: frame control bytes in little-endian byteorder */ static inline int ieee80211_is_disassoc(__le16 fc) { return (fc cpu_to_le16(IEEE80211_FCTL_FTYPE | IEEE80211_FCTL_STYPE)) == cpu_to_le16(IEEE80211_FTYPE_MGMT | IEEE80211_STYPE_DISASSOC); } - drivers/staging/rtl8821ae/rtl8821ae/trx.c::rtl8821ae_rx_query_desc() - ... if ((ieee80211_is_robust_mgmt_frame(hdr)) /* FAULT LOCATION */ (ieee80211_has_protected(hdr-frame_control))) rx_status-flag = ~RX_FLAG_DECRYPTED; else rx_status-flag |= RX_FLAG_DECRYPTED; } ... - 8- - On investigation it appears that gdb may have an incorrect debug reference for the location of ieee80211_is_robust_mgmt_frame() since the location it references is for the underscore-prefix function _ieee80211_is_robust_mgmt_frame(). This may be due to both functions being inline. The changes introduced in commit: 22bf70f Tue Apr 15 15:27:46 2014 +0100 Johannes Berg mac80211: add length check in ieee80211_is_robust_mgmt_frame() include renaming the existing ieee80211_is_robust_mgmt_frame(struct ieee80211_hdr *hdr) to _ieee80211_is_robust_mgmt_frame(struct ieee80211_hdr *hdr) and replacing the original function with one taking an skb, not ieee80211_hdr: + * ieee80211_is_robust_mgmt_frame - check if skb contains a robust mgmt frame + * @skb: the skb containing the frame,