[Kernel-packages] [Bug 1354469] Re: [3.13.0-30.55] rtl8821ae Kernel PANIC due to calling incorrect function
The kernel 3.13.0-35.62 fixes the problem with ethernet and wifi on Asus R510L notebook. Thank you for fixing. Regards, BN -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/1354469 Title: [3.13.0-30.55] rtl8821ae Kernel PANIC due to calling incorrect function Status in “linux” package in Ubuntu: Fix Released Status in “linux” source package in Trusty: Fix Released Status in “linux” source package in Utopic: Fix Released Bug description: I had a support incident with a user of an Asus X551MA containing a Realtek RTL8821AE WiFi card. After the kernel update from 3.13.0-24 to 3.13.0-30 there was a kernel Panic as soon as the wifi card began scanning (photograph attached). I investigated the bug in detail and diagnosed the cause to commit 22bf70f which modifies a function prototype called by the RTL8821ae driver but does not update the driver to call the alternative function. Corrective patch attached. RIP [a042ffe5] rtl8821ae_rx_query_desc+0x1d5/0xa50 [rtl8821ae] No changes were introduced in the rtl8821ae module between 3.13.0-24 and 3.13.0-30. The only changes were in mac80211, which rtl8821ae depends on (along with cfg80211): # check rtl8821ae $ gitlog Ubuntu-3.13.0-24.47..Ubuntu-3.13.0-30.55 -- drivers/staging/rtl8821ae # check mac80211 $ gitlog Ubuntu-3.13.0-24.47..Ubuntu-3.13.0-30.55 -- net/mac80211 7049ad3 Mon May 19 18:45:30 2014 +0100 Michael Braun mac80211: fix WPA with VLAN on AP side with ps-sta again 5d31275 Mon May 19 18:45:30 2014 +0100 Johannes Berg mac80211: fix suspend vs. authentication race 56f2ea4 Mon May 19 18:45:29 2014 +0100 Johannes Berg mac80211: fix potential use-after-free 22bf70f Tue Apr 15 15:27:46 2014 +0100 Johannes Berg mac80211: add length check in ieee80211_is_robust_mgmt_frame() # check cfg80211 $ gitlog Ubuntu-3.13.0-24.47..Ubuntu-3.13.0-30.55 -- net/wireless/ $ The faulting location is in function rx_query_desc() at offset 0x1d5. $ objdump -d /lib/modules/3.13.0-30-generic/kernel/drivers/staging/rtl8821ae/rtl8821ae.ko 00033e40 rtl8821ae_rx_query_desc: Faulting instruction is at 0x33e40 + 0x1d5 = 0x34015 Now I examine the debug-symbols of the module with: $ gdb -d drivers/staging/rtl8821ae -d drivers/staging/rtl8821ae/rtl8821ae /usr/lib/debug/modules/3.13.0-30-generic/kernel/drivers/staging/rtl8821ae/rtl8821ae.dbgsym.ko (gdb) info line rtl8821ae_rx_query_desc Line 539 of /build/buildd/linux-3.13.0/drivers/staging/rtl8821ae/rtl8821ae/trx.c starts at address 0x33e40 rtl8821ae_rx_query_desc and ends at 0x33e65 rtl8821ae_rx_query_desc+37. (gdb) x/i 0x34015 0x34015 rtl8821ae_rx_query_desc+469: movzwl (%rdi),%esi (gdb) disas rtl8821ae_rx_query_desc ... 0x00033ffe +446: je 0x34641 rtl8821ae_rx_query_desc+2049 0x00034004 +452: cmpl $0x18,0x68(%rdx) 0x00034008 +456: jbe0x34268 rtl8821ae_rx_query_desc+1064 0x0003400e +462: mov0xd8(%rdx),%rdi /* hdr-frame_control */ 0x00034015 +469: movzwl (%rdi),%esi /* FAULT %rdi invalid */ 0x00034018 +472: mov%esi,%ecx 0x0003401a +474: and$0xfc,%cx 0x0003401f +479: cmp$0xa0,%cx 0x00034024 +484: je 0x34068 rtl8821ae_rx_query_desc+552 ... (gdb) info line *0x34015 Line 2194 of /build/buildd/linux-3.13.0/include/linux/ieee80211.h starts at address 0x34015 rtl8821ae_rx_query_desc+469 and ends at 0x34018 rtl8821ae_rx_query_desc+472. include/linux/ieee80211.h - /** * _ieee80211_is_robust_mgmt_frame - check if frame is a robust management frame * @hdr: the frame (buffer must include at least the first octet of payload) */ static inline bool _ieee80211_is_robust_mgmt_frame(struct ieee80211_hdr *hdr) { if (ieee80211_is_disassoc(hdr-frame_control) || /* LINE 2194 */ ieee80211_is_deauth(hdr-frame_control)) return true; /** * ieee80211_is_disassoc - check if IEEE80211_FTYPE_MGMT IEEE80211_STYPE_DISASSOC * @fc: frame control bytes in little-endian byteorder */ static inline int ieee80211_is_disassoc(__le16 fc) { return (fc cpu_to_le16(IEEE80211_FCTL_FTYPE | IEEE80211_FCTL_STYPE)) == cpu_to_le16(IEEE80211_FTYPE_MGMT | IEEE80211_STYPE_DISASSOC); } - drivers/staging/rtl8821ae/rtl8821ae/trx.c::rtl8821ae_rx_query_desc() - ... if ((ieee80211_is_robust_mgmt_frame(hdr)) /* FAULT LOCATION */ (ieee80211_has_protected(hdr-frame_control))) rx_status-flag = ~RX_FLAG_DECRYPTED; else rx_status-flag |= RX_FLAG_DECRYPTED; } ... - 8- - On investigation it appears that gdb may have an incorrect debug reference for the location of
[Kernel-packages] [Bug 1354469] Re: [3.13.0-30.55] rtl8821ae Kernel PANIC due to calling incorrect function
This bug was fixed in the package linux - 3.13.0-35.62 --- linux (3.13.0-35.62) trusty; urgency=low [ Joseph Salisbury ] * Release Tracking Bug - LP: #1357148 [ Brad Figg ] * Start new release [ dann frazier ] * SAUCE: (no-up) Fix build failure on arm64 - LP: #1353657 * [debian] Allow for package revisions condusive for branching [ David Henningsson ] * SAUCE: Call broadwell specific functions from the hda driver - LP: #1317865 [ Edward Lin ] * SAUCE: (no-up) Add use native backlight quirk for Dell Inspiron 5547/5447 - LP: #1332437 [ Imre Deak ] * SAUCE: drm/i915: move power domain init earlier during system resume - LP: #1353405 [ Jani Nikula ] * SAUCE: drm/i915: use lane count and link rate from VBT as minimums for eDP - LP: #1338582 * SAUCE: drm/i915/dp: force eDP lane count to max available lanes on BDW - LP: #1338582 * SAUCE: drm/i915: provide interface for audio driver to query cdclk - LP: #1188091 * SAUCE: drm/i915: demote opregion excessive timeout WARN_ONCE to DRM_INFO_ONCE - LP: #1351014 [ Joseph Salisbury ] * [Config] updateconfigs after Linux 3.13.11.6 updates [ Luis Henriques ] * Revert [Packaging] linux-udeb-flavour -- standardise on linux prefix [ Ming Lei ] * Revert SAUCE: (no-up) ata: Fix the dma state machine lockup for the IDENTIFY DEVICE PIO mode command. - LP: #1335645 [ Paulo Zanoni ] * SAUCE: drm/i915: consider the source max DP lane count too - LP: #1338582 [ Tim Gardner ] * [Config] CONFIG_GPIO_SYSFS=y - LP: #1342153 * [Config] CONFIG_KEYS_DEBUG_PROC_KEYS=y - LP: #1344405 * [Config] updateconfigs * [Config] CONFIG_SCSI_IPR_TRACE=y, CONFIG_SCSI_IPR_DUMP=y - LP: #1343109 * [Config] CONFIG_CONTEXT_TRACKING_FORCE=n - LP: #1349028 [ Timo Aaltonen ] * SAUCE: Fix a typo in hda i915_bdw support. - LP: #1343140 [ Upstream Kernel Changes ] * Revert net/mlx4_en: Fix bad use of dev_id - LP: #1347012 * Revert ACPI / AC: Remove AC's proc directory. - LP: #1356913 * Revert mac80211: move bufferable MMPDU check to fix AP mode scan - LP: #1356913 * mm, pcp: allow restoring percpu_pagelist_fraction default - LP: #1347088 * net: Fix permission check in netlink_connect() - LP: #1312989 * netlink: Rename netlink_capable netlink_allowed - LP: #1312989 * net: Move the permission check in sock_diag_put_filterinfo to packet_diag_dump - LP: #1312989 * net: Add variants of capable for use on on sockets - LP: #1312989 * net: Add variants of capable for use on netlink messages - LP: #1312989 * net: Use netlink_ns_capable to verify the permisions of netlink messages - LP: #1312989 * netlink: Only check file credentials for implicit destinations - LP: #1312989 * igb: fix stats for i210 rx_fifo_errors - LP: #1338893 * HID: use multi input quirk for 22b9:2968 - LP: #1339567 * crypto/nx: disable NX on little endian builds - LP: #1338666 * ACPI / video: Add Dell Inspiron 5737 to the blacklist - LP: #1250401 * Input: elantech - deal with clickpads reporting right button events - LP: #1188025 * net/mlx4_core: Enforce irq affinity changes immediatly - LP: #1326108 * cpumask: Utility function to set n'th cpu - local cpu first - LP: #1326108 * net/mlx4_en: Use affinity hint - LP: #1326108 * net/mlx4_en: Don't use irq_affinity_notifier to track changes in IRQ affinity map - LP: #1326108 * net/mlx4_en: IRQ affinity hint is not cleared on port down - LP: #1326108 * Subject: net: Allow tc changes in user namespaces - LP: #1344049 * net-gro: restore frag0 optimization - LP: #1344323 * Bluetooth: Fix redundant encryption request for reauthentication - LP: #1347088 * Bluetooth: Fix check for connection encryption - LP: #1347088 * introduce for_each_thread() to replace the buggy while_each_thread() - LP: #1347088 * NFS: Don't declare inode uptodate unless all attributes were checked - LP: #1347088 * usb: dwc3: gadget: clear stall when disabling endpoint - LP: #1347088 * ACPICA: utstring: Check array index bound before use. - LP: #1347088 * mtip32xx: Increase timeout for STANDBY IMMEDIATE command - LP: #1347088 * mtip32xx: Remove dfs_parent after pci unregister - LP: #1347088 * mtip32xx: Fix ERO and NoSnoop values in PCIe upstream on AMD systems - LP: #1347088 * extcon: max77693: Fix two NULL pointer exceptions on missing pdata - LP: #1347088 * extcon: max8997: Fix NULL pointer exception on missing pdata - LP: #1347088 * builddeb: use $OBJCOPY variable instead of objcopy - LP: #1347088 * bluetooth: hci_ldisc: fix deadlock condition - LP: #1347088 * powerpc/pseries: Fix overwritten PE state - LP: #1347088 * PCI: Add new ID for Intel GPU spurious interrupt quirk - LP: #1347088 * x86-32, espfix: Remove
[Kernel-packages] [Bug 1354469] Re: [3.13.0-30.55] rtl8821ae Kernel PANIC due to calling incorrect function
Is there anything I can do to apply this patch right away, or is this going to be released fairly soon? I have a new laptop with this exact problem, and would like to get it deployed soon. It appears I am too late to use Proposed. -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/1354469 Title: [3.13.0-30.55] rtl8821ae Kernel PANIC due to calling incorrect function Status in “linux” package in Ubuntu: Fix Released Status in “linux” source package in Trusty: Fix Committed Status in “linux” source package in Utopic: Fix Released Bug description: I had a support incident with a user of an Asus X551MA containing a Realtek RTL8821AE WiFi card. After the kernel update from 3.13.0-24 to 3.13.0-30 there was a kernel Panic as soon as the wifi card began scanning (photograph attached). I investigated the bug in detail and diagnosed the cause to commit 22bf70f which modifies a function prototype called by the RTL8821ae driver but does not update the driver to call the alternative function. Corrective patch attached. RIP [a042ffe5] rtl8821ae_rx_query_desc+0x1d5/0xa50 [rtl8821ae] No changes were introduced in the rtl8821ae module between 3.13.0-24 and 3.13.0-30. The only changes were in mac80211, which rtl8821ae depends on (along with cfg80211): # check rtl8821ae $ gitlog Ubuntu-3.13.0-24.47..Ubuntu-3.13.0-30.55 -- drivers/staging/rtl8821ae # check mac80211 $ gitlog Ubuntu-3.13.0-24.47..Ubuntu-3.13.0-30.55 -- net/mac80211 7049ad3 Mon May 19 18:45:30 2014 +0100 Michael Braun mac80211: fix WPA with VLAN on AP side with ps-sta again 5d31275 Mon May 19 18:45:30 2014 +0100 Johannes Berg mac80211: fix suspend vs. authentication race 56f2ea4 Mon May 19 18:45:29 2014 +0100 Johannes Berg mac80211: fix potential use-after-free 22bf70f Tue Apr 15 15:27:46 2014 +0100 Johannes Berg mac80211: add length check in ieee80211_is_robust_mgmt_frame() # check cfg80211 $ gitlog Ubuntu-3.13.0-24.47..Ubuntu-3.13.0-30.55 -- net/wireless/ $ The faulting location is in function rx_query_desc() at offset 0x1d5. $ objdump -d /lib/modules/3.13.0-30-generic/kernel/drivers/staging/rtl8821ae/rtl8821ae.ko 00033e40 rtl8821ae_rx_query_desc: Faulting instruction is at 0x33e40 + 0x1d5 = 0x34015 Now I examine the debug-symbols of the module with: $ gdb -d drivers/staging/rtl8821ae -d drivers/staging/rtl8821ae/rtl8821ae /usr/lib/debug/modules/3.13.0-30-generic/kernel/drivers/staging/rtl8821ae/rtl8821ae.dbgsym.ko (gdb) info line rtl8821ae_rx_query_desc Line 539 of /build/buildd/linux-3.13.0/drivers/staging/rtl8821ae/rtl8821ae/trx.c starts at address 0x33e40 rtl8821ae_rx_query_desc and ends at 0x33e65 rtl8821ae_rx_query_desc+37. (gdb) x/i 0x34015 0x34015 rtl8821ae_rx_query_desc+469: movzwl (%rdi),%esi (gdb) disas rtl8821ae_rx_query_desc ... 0x00033ffe +446: je 0x34641 rtl8821ae_rx_query_desc+2049 0x00034004 +452: cmpl $0x18,0x68(%rdx) 0x00034008 +456: jbe0x34268 rtl8821ae_rx_query_desc+1064 0x0003400e +462: mov0xd8(%rdx),%rdi /* hdr-frame_control */ 0x00034015 +469: movzwl (%rdi),%esi /* FAULT %rdi invalid */ 0x00034018 +472: mov%esi,%ecx 0x0003401a +474: and$0xfc,%cx 0x0003401f +479: cmp$0xa0,%cx 0x00034024 +484: je 0x34068 rtl8821ae_rx_query_desc+552 ... (gdb) info line *0x34015 Line 2194 of /build/buildd/linux-3.13.0/include/linux/ieee80211.h starts at address 0x34015 rtl8821ae_rx_query_desc+469 and ends at 0x34018 rtl8821ae_rx_query_desc+472. include/linux/ieee80211.h - /** * _ieee80211_is_robust_mgmt_frame - check if frame is a robust management frame * @hdr: the frame (buffer must include at least the first octet of payload) */ static inline bool _ieee80211_is_robust_mgmt_frame(struct ieee80211_hdr *hdr) { if (ieee80211_is_disassoc(hdr-frame_control) || /* LINE 2194 */ ieee80211_is_deauth(hdr-frame_control)) return true; /** * ieee80211_is_disassoc - check if IEEE80211_FTYPE_MGMT IEEE80211_STYPE_DISASSOC * @fc: frame control bytes in little-endian byteorder */ static inline int ieee80211_is_disassoc(__le16 fc) { return (fc cpu_to_le16(IEEE80211_FCTL_FTYPE | IEEE80211_FCTL_STYPE)) == cpu_to_le16(IEEE80211_FTYPE_MGMT | IEEE80211_STYPE_DISASSOC); } - drivers/staging/rtl8821ae/rtl8821ae/trx.c::rtl8821ae_rx_query_desc() - ... if ((ieee80211_is_robust_mgmt_frame(hdr)) /* FAULT LOCATION */ (ieee80211_has_protected(hdr-frame_control))) rx_status-flag = ~RX_FLAG_DECRYPTED; else rx_status-flag |= RX_FLAG_DECRYPTED; } ... - 8- - On
[Kernel-packages] [Bug 1354469] Re: [3.13.0-30.55] rtl8821ae Kernel PANIC due to calling incorrect function
The one line fix is obviously the right thing here. ** Tags removed: verification-needed-trusty ** Tags added: verification-done-trusty -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/1354469 Title: [3.13.0-30.55] rtl8821ae Kernel PANIC due to calling incorrect function Status in “linux” package in Ubuntu: Fix Released Status in “linux” source package in Trusty: Fix Committed Status in “linux” source package in Utopic: Fix Released Bug description: I had a support incident with a user of an Asus X551MA containing a Realtek RTL8821AE WiFi card. After the kernel update from 3.13.0-24 to 3.13.0-30 there was a kernel Panic as soon as the wifi card began scanning (photograph attached). I investigated the bug in detail and diagnosed the cause to commit 22bf70f which modifies a function prototype called by the RTL8821ae driver but does not update the driver to call the alternative function. Corrective patch attached. RIP [a042ffe5] rtl8821ae_rx_query_desc+0x1d5/0xa50 [rtl8821ae] No changes were introduced in the rtl8821ae module between 3.13.0-24 and 3.13.0-30. The only changes were in mac80211, which rtl8821ae depends on (along with cfg80211): # check rtl8821ae $ gitlog Ubuntu-3.13.0-24.47..Ubuntu-3.13.0-30.55 -- drivers/staging/rtl8821ae # check mac80211 $ gitlog Ubuntu-3.13.0-24.47..Ubuntu-3.13.0-30.55 -- net/mac80211 7049ad3 Mon May 19 18:45:30 2014 +0100 Michael Braun mac80211: fix WPA with VLAN on AP side with ps-sta again 5d31275 Mon May 19 18:45:30 2014 +0100 Johannes Berg mac80211: fix suspend vs. authentication race 56f2ea4 Mon May 19 18:45:29 2014 +0100 Johannes Berg mac80211: fix potential use-after-free 22bf70f Tue Apr 15 15:27:46 2014 +0100 Johannes Berg mac80211: add length check in ieee80211_is_robust_mgmt_frame() # check cfg80211 $ gitlog Ubuntu-3.13.0-24.47..Ubuntu-3.13.0-30.55 -- net/wireless/ $ The faulting location is in function rx_query_desc() at offset 0x1d5. $ objdump -d /lib/modules/3.13.0-30-generic/kernel/drivers/staging/rtl8821ae/rtl8821ae.ko 00033e40 rtl8821ae_rx_query_desc: Faulting instruction is at 0x33e40 + 0x1d5 = 0x34015 Now I examine the debug-symbols of the module with: $ gdb -d drivers/staging/rtl8821ae -d drivers/staging/rtl8821ae/rtl8821ae /usr/lib/debug/modules/3.13.0-30-generic/kernel/drivers/staging/rtl8821ae/rtl8821ae.dbgsym.ko (gdb) info line rtl8821ae_rx_query_desc Line 539 of /build/buildd/linux-3.13.0/drivers/staging/rtl8821ae/rtl8821ae/trx.c starts at address 0x33e40 rtl8821ae_rx_query_desc and ends at 0x33e65 rtl8821ae_rx_query_desc+37. (gdb) x/i 0x34015 0x34015 rtl8821ae_rx_query_desc+469: movzwl (%rdi),%esi (gdb) disas rtl8821ae_rx_query_desc ... 0x00033ffe +446: je 0x34641 rtl8821ae_rx_query_desc+2049 0x00034004 +452: cmpl $0x18,0x68(%rdx) 0x00034008 +456: jbe0x34268 rtl8821ae_rx_query_desc+1064 0x0003400e +462: mov0xd8(%rdx),%rdi /* hdr-frame_control */ 0x00034015 +469: movzwl (%rdi),%esi /* FAULT %rdi invalid */ 0x00034018 +472: mov%esi,%ecx 0x0003401a +474: and$0xfc,%cx 0x0003401f +479: cmp$0xa0,%cx 0x00034024 +484: je 0x34068 rtl8821ae_rx_query_desc+552 ... (gdb) info line *0x34015 Line 2194 of /build/buildd/linux-3.13.0/include/linux/ieee80211.h starts at address 0x34015 rtl8821ae_rx_query_desc+469 and ends at 0x34018 rtl8821ae_rx_query_desc+472. include/linux/ieee80211.h - /** * _ieee80211_is_robust_mgmt_frame - check if frame is a robust management frame * @hdr: the frame (buffer must include at least the first octet of payload) */ static inline bool _ieee80211_is_robust_mgmt_frame(struct ieee80211_hdr *hdr) { if (ieee80211_is_disassoc(hdr-frame_control) || /* LINE 2194 */ ieee80211_is_deauth(hdr-frame_control)) return true; /** * ieee80211_is_disassoc - check if IEEE80211_FTYPE_MGMT IEEE80211_STYPE_DISASSOC * @fc: frame control bytes in little-endian byteorder */ static inline int ieee80211_is_disassoc(__le16 fc) { return (fc cpu_to_le16(IEEE80211_FCTL_FTYPE | IEEE80211_FCTL_STYPE)) == cpu_to_le16(IEEE80211_FTYPE_MGMT | IEEE80211_STYPE_DISASSOC); } - drivers/staging/rtl8821ae/rtl8821ae/trx.c::rtl8821ae_rx_query_desc() - ... if ((ieee80211_is_robust_mgmt_frame(hdr)) /* FAULT LOCATION */ (ieee80211_has_protected(hdr-frame_control))) rx_status-flag = ~RX_FLAG_DECRYPTED; else rx_status-flag |= RX_FLAG_DECRYPTED; } ... - 8- - On investigation it appears that gdb may have an incorrect debug reference for the location of
[Kernel-packages] [Bug 1354469] Re: [3.13.0-30.55] rtl8821ae Kernel PANIC due to calling incorrect function
** Branch linked: lp:ubuntu/precise-proposed/linux-lts-trusty -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/1354469 Title: [3.13.0-30.55] rtl8821ae Kernel PANIC due to calling incorrect function Status in “linux” package in Ubuntu: Fix Released Status in “linux” source package in Trusty: Fix Committed Status in “linux” source package in Utopic: Fix Released Bug description: I had a support incident with a user of an Asus X551MA containing a Realtek RTL8821AE WiFi card. After the kernel update from 3.13.0-24 to 3.13.0-30 there was a kernel Panic as soon as the wifi card began scanning (photograph attached). I investigated the bug in detail and diagnosed the cause to commit 22bf70f which modifies a function prototype called by the RTL8821ae driver but does not update the driver to call the alternative function. Corrective patch attached. RIP [a042ffe5] rtl8821ae_rx_query_desc+0x1d5/0xa50 [rtl8821ae] No changes were introduced in the rtl8821ae module between 3.13.0-24 and 3.13.0-30. The only changes were in mac80211, which rtl8821ae depends on (along with cfg80211): # check rtl8821ae $ gitlog Ubuntu-3.13.0-24.47..Ubuntu-3.13.0-30.55 -- drivers/staging/rtl8821ae # check mac80211 $ gitlog Ubuntu-3.13.0-24.47..Ubuntu-3.13.0-30.55 -- net/mac80211 7049ad3 Mon May 19 18:45:30 2014 +0100 Michael Braun mac80211: fix WPA with VLAN on AP side with ps-sta again 5d31275 Mon May 19 18:45:30 2014 +0100 Johannes Berg mac80211: fix suspend vs. authentication race 56f2ea4 Mon May 19 18:45:29 2014 +0100 Johannes Berg mac80211: fix potential use-after-free 22bf70f Tue Apr 15 15:27:46 2014 +0100 Johannes Berg mac80211: add length check in ieee80211_is_robust_mgmt_frame() # check cfg80211 $ gitlog Ubuntu-3.13.0-24.47..Ubuntu-3.13.0-30.55 -- net/wireless/ $ The faulting location is in function rx_query_desc() at offset 0x1d5. $ objdump -d /lib/modules/3.13.0-30-generic/kernel/drivers/staging/rtl8821ae/rtl8821ae.ko 00033e40 rtl8821ae_rx_query_desc: Faulting instruction is at 0x33e40 + 0x1d5 = 0x34015 Now I examine the debug-symbols of the module with: $ gdb -d drivers/staging/rtl8821ae -d drivers/staging/rtl8821ae/rtl8821ae /usr/lib/debug/modules/3.13.0-30-generic/kernel/drivers/staging/rtl8821ae/rtl8821ae.dbgsym.ko (gdb) info line rtl8821ae_rx_query_desc Line 539 of /build/buildd/linux-3.13.0/drivers/staging/rtl8821ae/rtl8821ae/trx.c starts at address 0x33e40 rtl8821ae_rx_query_desc and ends at 0x33e65 rtl8821ae_rx_query_desc+37. (gdb) x/i 0x34015 0x34015 rtl8821ae_rx_query_desc+469: movzwl (%rdi),%esi (gdb) disas rtl8821ae_rx_query_desc ... 0x00033ffe +446: je 0x34641 rtl8821ae_rx_query_desc+2049 0x00034004 +452: cmpl $0x18,0x68(%rdx) 0x00034008 +456: jbe0x34268 rtl8821ae_rx_query_desc+1064 0x0003400e +462: mov0xd8(%rdx),%rdi /* hdr-frame_control */ 0x00034015 +469: movzwl (%rdi),%esi /* FAULT %rdi invalid */ 0x00034018 +472: mov%esi,%ecx 0x0003401a +474: and$0xfc,%cx 0x0003401f +479: cmp$0xa0,%cx 0x00034024 +484: je 0x34068 rtl8821ae_rx_query_desc+552 ... (gdb) info line *0x34015 Line 2194 of /build/buildd/linux-3.13.0/include/linux/ieee80211.h starts at address 0x34015 rtl8821ae_rx_query_desc+469 and ends at 0x34018 rtl8821ae_rx_query_desc+472. include/linux/ieee80211.h - /** * _ieee80211_is_robust_mgmt_frame - check if frame is a robust management frame * @hdr: the frame (buffer must include at least the first octet of payload) */ static inline bool _ieee80211_is_robust_mgmt_frame(struct ieee80211_hdr *hdr) { if (ieee80211_is_disassoc(hdr-frame_control) || /* LINE 2194 */ ieee80211_is_deauth(hdr-frame_control)) return true; /** * ieee80211_is_disassoc - check if IEEE80211_FTYPE_MGMT IEEE80211_STYPE_DISASSOC * @fc: frame control bytes in little-endian byteorder */ static inline int ieee80211_is_disassoc(__le16 fc) { return (fc cpu_to_le16(IEEE80211_FCTL_FTYPE | IEEE80211_FCTL_STYPE)) == cpu_to_le16(IEEE80211_FTYPE_MGMT | IEEE80211_STYPE_DISASSOC); } - drivers/staging/rtl8821ae/rtl8821ae/trx.c::rtl8821ae_rx_query_desc() - ... if ((ieee80211_is_robust_mgmt_frame(hdr)) /* FAULT LOCATION */ (ieee80211_has_protected(hdr-frame_control))) rx_status-flag = ~RX_FLAG_DECRYPTED; else rx_status-flag |= RX_FLAG_DECRYPTED; } ... - 8- - On investigation it appears that gdb may have an incorrect debug reference for the location of ieee80211_is_robust_mgmt_frame() since the location it references is for the
[Kernel-packages] [Bug 1354469] Re: [3.13.0-30.55] rtl8821ae Kernel PANIC due to calling incorrect function
This bug is awaiting verification that the kernel in -proposed solves the problem. Please test the kernel and update this bug with the results. If the problem is solved, change the tag 'verification-needed- trusty' to 'verification-done-trusty'. If verification is not done by 5 working days from today, this fix will be dropped from the source code, and this bug will be closed. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you! ** Tags added: verification-needed-trusty -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/1354469 Title: [3.13.0-30.55] rtl8821ae Kernel PANIC due to calling incorrect function Status in “linux” package in Ubuntu: Fix Released Status in “linux” source package in Trusty: Fix Committed Status in “linux” source package in Utopic: Fix Released Bug description: I had a support incident with a user of an Asus X551MA containing a Realtek RTL8821AE WiFi card. After the kernel update from 3.13.0-24 to 3.13.0-30 there was a kernel Panic as soon as the wifi card began scanning (photograph attached). I investigated the bug in detail and diagnosed the cause to commit 22bf70f which modifies a function prototype called by the RTL8821ae driver but does not update the driver to call the alternative function. Corrective patch attached. RIP [a042ffe5] rtl8821ae_rx_query_desc+0x1d5/0xa50 [rtl8821ae] No changes were introduced in the rtl8821ae module between 3.13.0-24 and 3.13.0-30. The only changes were in mac80211, which rtl8821ae depends on (along with cfg80211): # check rtl8821ae $ gitlog Ubuntu-3.13.0-24.47..Ubuntu-3.13.0-30.55 -- drivers/staging/rtl8821ae # check mac80211 $ gitlog Ubuntu-3.13.0-24.47..Ubuntu-3.13.0-30.55 -- net/mac80211 7049ad3 Mon May 19 18:45:30 2014 +0100 Michael Braun mac80211: fix WPA with VLAN on AP side with ps-sta again 5d31275 Mon May 19 18:45:30 2014 +0100 Johannes Berg mac80211: fix suspend vs. authentication race 56f2ea4 Mon May 19 18:45:29 2014 +0100 Johannes Berg mac80211: fix potential use-after-free 22bf70f Tue Apr 15 15:27:46 2014 +0100 Johannes Berg mac80211: add length check in ieee80211_is_robust_mgmt_frame() # check cfg80211 $ gitlog Ubuntu-3.13.0-24.47..Ubuntu-3.13.0-30.55 -- net/wireless/ $ The faulting location is in function rx_query_desc() at offset 0x1d5. $ objdump -d /lib/modules/3.13.0-30-generic/kernel/drivers/staging/rtl8821ae/rtl8821ae.ko 00033e40 rtl8821ae_rx_query_desc: Faulting instruction is at 0x33e40 + 0x1d5 = 0x34015 Now I examine the debug-symbols of the module with: $ gdb -d drivers/staging/rtl8821ae -d drivers/staging/rtl8821ae/rtl8821ae /usr/lib/debug/modules/3.13.0-30-generic/kernel/drivers/staging/rtl8821ae/rtl8821ae.dbgsym.ko (gdb) info line rtl8821ae_rx_query_desc Line 539 of /build/buildd/linux-3.13.0/drivers/staging/rtl8821ae/rtl8821ae/trx.c starts at address 0x33e40 rtl8821ae_rx_query_desc and ends at 0x33e65 rtl8821ae_rx_query_desc+37. (gdb) x/i 0x34015 0x34015 rtl8821ae_rx_query_desc+469: movzwl (%rdi),%esi (gdb) disas rtl8821ae_rx_query_desc ... 0x00033ffe +446: je 0x34641 rtl8821ae_rx_query_desc+2049 0x00034004 +452: cmpl $0x18,0x68(%rdx) 0x00034008 +456: jbe0x34268 rtl8821ae_rx_query_desc+1064 0x0003400e +462: mov0xd8(%rdx),%rdi /* hdr-frame_control */ 0x00034015 +469: movzwl (%rdi),%esi /* FAULT %rdi invalid */ 0x00034018 +472: mov%esi,%ecx 0x0003401a +474: and$0xfc,%cx 0x0003401f +479: cmp$0xa0,%cx 0x00034024 +484: je 0x34068 rtl8821ae_rx_query_desc+552 ... (gdb) info line *0x34015 Line 2194 of /build/buildd/linux-3.13.0/include/linux/ieee80211.h starts at address 0x34015 rtl8821ae_rx_query_desc+469 and ends at 0x34018 rtl8821ae_rx_query_desc+472. include/linux/ieee80211.h - /** * _ieee80211_is_robust_mgmt_frame - check if frame is a robust management frame * @hdr: the frame (buffer must include at least the first octet of payload) */ static inline bool _ieee80211_is_robust_mgmt_frame(struct ieee80211_hdr *hdr) { if (ieee80211_is_disassoc(hdr-frame_control) || /* LINE 2194 */ ieee80211_is_deauth(hdr-frame_control)) return true; /** * ieee80211_is_disassoc - check if IEEE80211_FTYPE_MGMT IEEE80211_STYPE_DISASSOC * @fc: frame control bytes in little-endian byteorder */ static inline int ieee80211_is_disassoc(__le16 fc) { return (fc cpu_to_le16(IEEE80211_FCTL_FTYPE | IEEE80211_FCTL_STYPE)) == cpu_to_le16(IEEE80211_FTYPE_MGMT | IEEE80211_STYPE_DISASSOC); } -
[Kernel-packages] [Bug 1354469] Re: [3.13.0-30.55] rtl8821ae Kernel PANIC due to calling incorrect function
** Branch linked: lp:ubuntu/trusty-proposed/linux-keystone -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/1354469 Title: [3.13.0-30.55] rtl8821ae Kernel PANIC due to calling incorrect function Status in “linux” package in Ubuntu: Fix Released Status in “linux” source package in Trusty: Fix Committed Status in “linux” source package in Utopic: Fix Released Bug description: I had a support incident with a user of an Asus X551MA containing a Realtek RTL8821AE WiFi card. After the kernel update from 3.13.0-24 to 3.13.0-30 there was a kernel Panic as soon as the wifi card began scanning (photograph attached). I investigated the bug in detail and diagnosed the cause to commit 22bf70f which modifies a function prototype called by the RTL8821ae driver but does not update the driver to call the alternative function. Corrective patch attached. RIP [a042ffe5] rtl8821ae_rx_query_desc+0x1d5/0xa50 [rtl8821ae] No changes were introduced in the rtl8821ae module between 3.13.0-24 and 3.13.0-30. The only changes were in mac80211, which rtl8821ae depends on (along with cfg80211): # check rtl8821ae $ gitlog Ubuntu-3.13.0-24.47..Ubuntu-3.13.0-30.55 -- drivers/staging/rtl8821ae # check mac80211 $ gitlog Ubuntu-3.13.0-24.47..Ubuntu-3.13.0-30.55 -- net/mac80211 7049ad3 Mon May 19 18:45:30 2014 +0100 Michael Braun mac80211: fix WPA with VLAN on AP side with ps-sta again 5d31275 Mon May 19 18:45:30 2014 +0100 Johannes Berg mac80211: fix suspend vs. authentication race 56f2ea4 Mon May 19 18:45:29 2014 +0100 Johannes Berg mac80211: fix potential use-after-free 22bf70f Tue Apr 15 15:27:46 2014 +0100 Johannes Berg mac80211: add length check in ieee80211_is_robust_mgmt_frame() # check cfg80211 $ gitlog Ubuntu-3.13.0-24.47..Ubuntu-3.13.0-30.55 -- net/wireless/ $ The faulting location is in function rx_query_desc() at offset 0x1d5. $ objdump -d /lib/modules/3.13.0-30-generic/kernel/drivers/staging/rtl8821ae/rtl8821ae.ko 00033e40 rtl8821ae_rx_query_desc: Faulting instruction is at 0x33e40 + 0x1d5 = 0x34015 Now I examine the debug-symbols of the module with: $ gdb -d drivers/staging/rtl8821ae -d drivers/staging/rtl8821ae/rtl8821ae /usr/lib/debug/modules/3.13.0-30-generic/kernel/drivers/staging/rtl8821ae/rtl8821ae.dbgsym.ko (gdb) info line rtl8821ae_rx_query_desc Line 539 of /build/buildd/linux-3.13.0/drivers/staging/rtl8821ae/rtl8821ae/trx.c starts at address 0x33e40 rtl8821ae_rx_query_desc and ends at 0x33e65 rtl8821ae_rx_query_desc+37. (gdb) x/i 0x34015 0x34015 rtl8821ae_rx_query_desc+469: movzwl (%rdi),%esi (gdb) disas rtl8821ae_rx_query_desc ... 0x00033ffe +446: je 0x34641 rtl8821ae_rx_query_desc+2049 0x00034004 +452: cmpl $0x18,0x68(%rdx) 0x00034008 +456: jbe0x34268 rtl8821ae_rx_query_desc+1064 0x0003400e +462: mov0xd8(%rdx),%rdi /* hdr-frame_control */ 0x00034015 +469: movzwl (%rdi),%esi /* FAULT %rdi invalid */ 0x00034018 +472: mov%esi,%ecx 0x0003401a +474: and$0xfc,%cx 0x0003401f +479: cmp$0xa0,%cx 0x00034024 +484: je 0x34068 rtl8821ae_rx_query_desc+552 ... (gdb) info line *0x34015 Line 2194 of /build/buildd/linux-3.13.0/include/linux/ieee80211.h starts at address 0x34015 rtl8821ae_rx_query_desc+469 and ends at 0x34018 rtl8821ae_rx_query_desc+472. include/linux/ieee80211.h - /** * _ieee80211_is_robust_mgmt_frame - check if frame is a robust management frame * @hdr: the frame (buffer must include at least the first octet of payload) */ static inline bool _ieee80211_is_robust_mgmt_frame(struct ieee80211_hdr *hdr) { if (ieee80211_is_disassoc(hdr-frame_control) || /* LINE 2194 */ ieee80211_is_deauth(hdr-frame_control)) return true; /** * ieee80211_is_disassoc - check if IEEE80211_FTYPE_MGMT IEEE80211_STYPE_DISASSOC * @fc: frame control bytes in little-endian byteorder */ static inline int ieee80211_is_disassoc(__le16 fc) { return (fc cpu_to_le16(IEEE80211_FCTL_FTYPE | IEEE80211_FCTL_STYPE)) == cpu_to_le16(IEEE80211_FTYPE_MGMT | IEEE80211_STYPE_DISASSOC); } - drivers/staging/rtl8821ae/rtl8821ae/trx.c::rtl8821ae_rx_query_desc() - ... if ((ieee80211_is_robust_mgmt_frame(hdr)) /* FAULT LOCATION */ (ieee80211_has_protected(hdr-frame_control))) rx_status-flag = ~RX_FLAG_DECRYPTED; else rx_status-flag |= RX_FLAG_DECRYPTED; } ... - 8- - On investigation it appears that gdb may have an incorrect debug reference for the location of ieee80211_is_robust_mgmt_frame() since the location it references is for the
[Kernel-packages] [Bug 1354469] Re: [3.13.0-30.55] rtl8821ae Kernel PANIC due to calling incorrect function
** Also affects: linux (Ubuntu Trusty) Importance: Undecided Status: New ** Also affects: linux (Ubuntu Utopic) Importance: High Status: Triaged ** Changed in: linux (Ubuntu Utopic) Status: Triaged = Fix Released ** Changed in: linux (Ubuntu Trusty) Status: New = In Progress ** Changed in: linux (Ubuntu Trusty) Assignee: (unassigned) = Tim Gardner (timg-tpi) ** Patch added: rtl8821ae: fixup staging driver for revised ieee80211_is_robust_mgmt_frame https://bugs.launchpad.net/ubuntu/trusty/+source/linux/+bug/1354469/+attachment/4174625/+files/0001-rtl8821ae-fixup-staging-driver-for-revised-ieee80211.patch -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/1354469 Title: [3.13.0-30.55] rtl8821ae Kernel PANIC due to calling incorrect function Status in “linux” package in Ubuntu: Fix Released Status in “linux” source package in Trusty: In Progress Status in “linux” source package in Utopic: Fix Released Bug description: I had a support incident with a user of an Asus X551MA containing a Realtek RTL8821AE WiFi card. After the kernel update from 3.13.0-24 to 3.13.0-30 there was a kernel Panic as soon as the wifi card began scanning (photograph attached). I investigated the bug in detail and diagnosed the cause to commit 22bf70f which modifies a function prototype called by the RTL8821ae driver but does not update the driver to call the alternative function. Corrective patch attached. RIP [a042ffe5] rtl8821ae_rx_query_desc+0x1d5/0xa50 [rtl8821ae] No changes were introduced in the rtl8821ae module between 3.13.0-24 and 3.13.0-30. The only changes were in mac80211, which rtl8821ae depends on (along with cfg80211): # check rtl8821ae $ gitlog Ubuntu-3.13.0-24.47..Ubuntu-3.13.0-30.55 -- drivers/staging/rtl8821ae # check mac80211 $ gitlog Ubuntu-3.13.0-24.47..Ubuntu-3.13.0-30.55 -- net/mac80211 7049ad3 Mon May 19 18:45:30 2014 +0100 Michael Braun mac80211: fix WPA with VLAN on AP side with ps-sta again 5d31275 Mon May 19 18:45:30 2014 +0100 Johannes Berg mac80211: fix suspend vs. authentication race 56f2ea4 Mon May 19 18:45:29 2014 +0100 Johannes Berg mac80211: fix potential use-after-free 22bf70f Tue Apr 15 15:27:46 2014 +0100 Johannes Berg mac80211: add length check in ieee80211_is_robust_mgmt_frame() # check cfg80211 $ gitlog Ubuntu-3.13.0-24.47..Ubuntu-3.13.0-30.55 -- net/wireless/ $ The faulting location is in function rx_query_desc() at offset 0x1d5. $ objdump -d /lib/modules/3.13.0-30-generic/kernel/drivers/staging/rtl8821ae/rtl8821ae.ko 00033e40 rtl8821ae_rx_query_desc: Faulting instruction is at 0x33e40 + 0x1d5 = 0x34015 Now I examine the debug-symbols of the module with: $ gdb -d drivers/staging/rtl8821ae -d drivers/staging/rtl8821ae/rtl8821ae /usr/lib/debug/modules/3.13.0-30-generic/kernel/drivers/staging/rtl8821ae/rtl8821ae.dbgsym.ko (gdb) info line rtl8821ae_rx_query_desc Line 539 of /build/buildd/linux-3.13.0/drivers/staging/rtl8821ae/rtl8821ae/trx.c starts at address 0x33e40 rtl8821ae_rx_query_desc and ends at 0x33e65 rtl8821ae_rx_query_desc+37. (gdb) x/i 0x34015 0x34015 rtl8821ae_rx_query_desc+469: movzwl (%rdi),%esi (gdb) disas rtl8821ae_rx_query_desc ... 0x00033ffe +446: je 0x34641 rtl8821ae_rx_query_desc+2049 0x00034004 +452: cmpl $0x18,0x68(%rdx) 0x00034008 +456: jbe0x34268 rtl8821ae_rx_query_desc+1064 0x0003400e +462: mov0xd8(%rdx),%rdi /* hdr-frame_control */ 0x00034015 +469: movzwl (%rdi),%esi /* FAULT %rdi invalid */ 0x00034018 +472: mov%esi,%ecx 0x0003401a +474: and$0xfc,%cx 0x0003401f +479: cmp$0xa0,%cx 0x00034024 +484: je 0x34068 rtl8821ae_rx_query_desc+552 ... (gdb) info line *0x34015 Line 2194 of /build/buildd/linux-3.13.0/include/linux/ieee80211.h starts at address 0x34015 rtl8821ae_rx_query_desc+469 and ends at 0x34018 rtl8821ae_rx_query_desc+472. include/linux/ieee80211.h - /** * _ieee80211_is_robust_mgmt_frame - check if frame is a robust management frame * @hdr: the frame (buffer must include at least the first octet of payload) */ static inline bool _ieee80211_is_robust_mgmt_frame(struct ieee80211_hdr *hdr) { if (ieee80211_is_disassoc(hdr-frame_control) || /* LINE 2194 */ ieee80211_is_deauth(hdr-frame_control)) return true; /** * ieee80211_is_disassoc - check if IEEE80211_FTYPE_MGMT IEEE80211_STYPE_DISASSOC * @fc: frame control bytes in little-endian byteorder */ static inline int ieee80211_is_disassoc(__le16 fc) { return (fc cpu_to_le16(IEEE80211_FCTL_FTYPE | IEEE80211_FCTL_STYPE)) ==
[Kernel-packages] [Bug 1354469] Re: [3.13.0-30.55] rtl8821ae Kernel PANIC due to calling incorrect function
** Changed in: linux (Ubuntu Trusty) Status: In Progress = Fix Committed -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/1354469 Title: [3.13.0-30.55] rtl8821ae Kernel PANIC due to calling incorrect function Status in “linux” package in Ubuntu: Fix Released Status in “linux” source package in Trusty: Fix Committed Status in “linux” source package in Utopic: Fix Released Bug description: I had a support incident with a user of an Asus X551MA containing a Realtek RTL8821AE WiFi card. After the kernel update from 3.13.0-24 to 3.13.0-30 there was a kernel Panic as soon as the wifi card began scanning (photograph attached). I investigated the bug in detail and diagnosed the cause to commit 22bf70f which modifies a function prototype called by the RTL8821ae driver but does not update the driver to call the alternative function. Corrective patch attached. RIP [a042ffe5] rtl8821ae_rx_query_desc+0x1d5/0xa50 [rtl8821ae] No changes were introduced in the rtl8821ae module between 3.13.0-24 and 3.13.0-30. The only changes were in mac80211, which rtl8821ae depends on (along with cfg80211): # check rtl8821ae $ gitlog Ubuntu-3.13.0-24.47..Ubuntu-3.13.0-30.55 -- drivers/staging/rtl8821ae # check mac80211 $ gitlog Ubuntu-3.13.0-24.47..Ubuntu-3.13.0-30.55 -- net/mac80211 7049ad3 Mon May 19 18:45:30 2014 +0100 Michael Braun mac80211: fix WPA with VLAN on AP side with ps-sta again 5d31275 Mon May 19 18:45:30 2014 +0100 Johannes Berg mac80211: fix suspend vs. authentication race 56f2ea4 Mon May 19 18:45:29 2014 +0100 Johannes Berg mac80211: fix potential use-after-free 22bf70f Tue Apr 15 15:27:46 2014 +0100 Johannes Berg mac80211: add length check in ieee80211_is_robust_mgmt_frame() # check cfg80211 $ gitlog Ubuntu-3.13.0-24.47..Ubuntu-3.13.0-30.55 -- net/wireless/ $ The faulting location is in function rx_query_desc() at offset 0x1d5. $ objdump -d /lib/modules/3.13.0-30-generic/kernel/drivers/staging/rtl8821ae/rtl8821ae.ko 00033e40 rtl8821ae_rx_query_desc: Faulting instruction is at 0x33e40 + 0x1d5 = 0x34015 Now I examine the debug-symbols of the module with: $ gdb -d drivers/staging/rtl8821ae -d drivers/staging/rtl8821ae/rtl8821ae /usr/lib/debug/modules/3.13.0-30-generic/kernel/drivers/staging/rtl8821ae/rtl8821ae.dbgsym.ko (gdb) info line rtl8821ae_rx_query_desc Line 539 of /build/buildd/linux-3.13.0/drivers/staging/rtl8821ae/rtl8821ae/trx.c starts at address 0x33e40 rtl8821ae_rx_query_desc and ends at 0x33e65 rtl8821ae_rx_query_desc+37. (gdb) x/i 0x34015 0x34015 rtl8821ae_rx_query_desc+469: movzwl (%rdi),%esi (gdb) disas rtl8821ae_rx_query_desc ... 0x00033ffe +446: je 0x34641 rtl8821ae_rx_query_desc+2049 0x00034004 +452: cmpl $0x18,0x68(%rdx) 0x00034008 +456: jbe0x34268 rtl8821ae_rx_query_desc+1064 0x0003400e +462: mov0xd8(%rdx),%rdi /* hdr-frame_control */ 0x00034015 +469: movzwl (%rdi),%esi /* FAULT %rdi invalid */ 0x00034018 +472: mov%esi,%ecx 0x0003401a +474: and$0xfc,%cx 0x0003401f +479: cmp$0xa0,%cx 0x00034024 +484: je 0x34068 rtl8821ae_rx_query_desc+552 ... (gdb) info line *0x34015 Line 2194 of /build/buildd/linux-3.13.0/include/linux/ieee80211.h starts at address 0x34015 rtl8821ae_rx_query_desc+469 and ends at 0x34018 rtl8821ae_rx_query_desc+472. include/linux/ieee80211.h - /** * _ieee80211_is_robust_mgmt_frame - check if frame is a robust management frame * @hdr: the frame (buffer must include at least the first octet of payload) */ static inline bool _ieee80211_is_robust_mgmt_frame(struct ieee80211_hdr *hdr) { if (ieee80211_is_disassoc(hdr-frame_control) || /* LINE 2194 */ ieee80211_is_deauth(hdr-frame_control)) return true; /** * ieee80211_is_disassoc - check if IEEE80211_FTYPE_MGMT IEEE80211_STYPE_DISASSOC * @fc: frame control bytes in little-endian byteorder */ static inline int ieee80211_is_disassoc(__le16 fc) { return (fc cpu_to_le16(IEEE80211_FCTL_FTYPE | IEEE80211_FCTL_STYPE)) == cpu_to_le16(IEEE80211_FTYPE_MGMT | IEEE80211_STYPE_DISASSOC); } - drivers/staging/rtl8821ae/rtl8821ae/trx.c::rtl8821ae_rx_query_desc() - ... if ((ieee80211_is_robust_mgmt_frame(hdr)) /* FAULT LOCATION */ (ieee80211_has_protected(hdr-frame_control))) rx_status-flag = ~RX_FLAG_DECRYPTED; else rx_status-flag |= RX_FLAG_DECRYPTED; } ... - 8- - On investigation it appears that gdb may have an incorrect debug reference for the location of ieee80211_is_robust_mgmt_frame() since the location it
[Kernel-packages] [Bug 1354469] Re: [3.13.0-30.55] rtl8821ae Kernel PANIC due to calling incorrect function
Ubuntu 14.04.1, amd64 PC: ASUS VIVO PC VM40B (mini PC with Celeron 1007U @ 1.50GHz) It is not 100% repeatable but in many cases I get kernel panic related to WiFi, rtl8821ae module during boot (rtl8821ae_rx_query_desc). When I disable WiFi in BIOS, PC boots fine. When I am lucky and I boot with enabled WiFi and there is no kernel panic, WiFi doesn't work, I cannot connect to my WiFi network. $ uname -a Linux vivo 3.13.0-32-generic #57-Ubuntu SMP Tue Jul 15 03:51:08 UTC 2014 x86_64 x86_64 x86_64 GNU/Linux $lspci | grep RTL8821AE 02:00.0 Network controller: Realtek Semiconductor Co., Ltd. RTL8821AE 802.11ac PCIe Wireless Network Adapter -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/1354469 Title: [3.13.0-30.55] rtl8821ae Kernel PANIC due to calling incorrect function Status in “linux” package in Ubuntu: Triaged Bug description: I had a support incident with a user of an Asus X551MA containing a Realtek RTL8821AE WiFi card. After the kernel update from 3.13.0-24 to 3.13.0-30 there was a kernel Panic as soon as the wifi card began scanning (photograph attached). I investigated the bug in detail and diagnosed the cause to commit 22bf70f which modifies a function prototype called by the RTL8821ae driver but does not update the driver to call the alternative function. Corrective patch attached. RIP [a042ffe5] rtl8821ae_rx_query_desc+0x1d5/0xa50 [rtl8821ae] No changes were introduced in the rtl8821ae module between 3.13.0-24 and 3.13.0-30. The only changes were in mac80211, which rtl8821ae depends on (along with cfg80211): # check rtl8821ae $ gitlog Ubuntu-3.13.0-24.47..Ubuntu-3.13.0-30.55 -- drivers/staging/rtl8821ae # check mac80211 $ gitlog Ubuntu-3.13.0-24.47..Ubuntu-3.13.0-30.55 -- net/mac80211 7049ad3 Mon May 19 18:45:30 2014 +0100 Michael Braun mac80211: fix WPA with VLAN on AP side with ps-sta again 5d31275 Mon May 19 18:45:30 2014 +0100 Johannes Berg mac80211: fix suspend vs. authentication race 56f2ea4 Mon May 19 18:45:29 2014 +0100 Johannes Berg mac80211: fix potential use-after-free 22bf70f Tue Apr 15 15:27:46 2014 +0100 Johannes Berg mac80211: add length check in ieee80211_is_robust_mgmt_frame() # check cfg80211 $ gitlog Ubuntu-3.13.0-24.47..Ubuntu-3.13.0-30.55 -- net/wireless/ $ The faulting location is in function rx_query_desc() at offset 0x1d5. $ objdump -d /lib/modules/3.13.0-30-generic/kernel/drivers/staging/rtl8821ae/rtl8821ae.ko 00033e40 rtl8821ae_rx_query_desc: Faulting instruction is at 0x33e40 + 0x1d5 = 0x34015 Now I examine the debug-symbols of the module with: $ gdb -d drivers/staging/rtl8821ae -d drivers/staging/rtl8821ae/rtl8821ae /usr/lib/debug/modules/3.13.0-30-generic/kernel/drivers/staging/rtl8821ae/rtl8821ae.dbgsym.ko (gdb) info line rtl8821ae_rx_query_desc Line 539 of /build/buildd/linux-3.13.0/drivers/staging/rtl8821ae/rtl8821ae/trx.c starts at address 0x33e40 rtl8821ae_rx_query_desc and ends at 0x33e65 rtl8821ae_rx_query_desc+37. (gdb) x/i 0x34015 0x34015 rtl8821ae_rx_query_desc+469: movzwl (%rdi),%esi (gdb) disas rtl8821ae_rx_query_desc ... 0x00033ffe +446: je 0x34641 rtl8821ae_rx_query_desc+2049 0x00034004 +452: cmpl $0x18,0x68(%rdx) 0x00034008 +456: jbe0x34268 rtl8821ae_rx_query_desc+1064 0x0003400e +462: mov0xd8(%rdx),%rdi /* hdr-frame_control */ 0x00034015 +469: movzwl (%rdi),%esi /* FAULT %rdi invalid */ 0x00034018 +472: mov%esi,%ecx 0x0003401a +474: and$0xfc,%cx 0x0003401f +479: cmp$0xa0,%cx 0x00034024 +484: je 0x34068 rtl8821ae_rx_query_desc+552 ... (gdb) info line *0x34015 Line 2194 of /build/buildd/linux-3.13.0/include/linux/ieee80211.h starts at address 0x34015 rtl8821ae_rx_query_desc+469 and ends at 0x34018 rtl8821ae_rx_query_desc+472. include/linux/ieee80211.h - /** * _ieee80211_is_robust_mgmt_frame - check if frame is a robust management frame * @hdr: the frame (buffer must include at least the first octet of payload) */ static inline bool _ieee80211_is_robust_mgmt_frame(struct ieee80211_hdr *hdr) { if (ieee80211_is_disassoc(hdr-frame_control) || /* LINE 2194 */ ieee80211_is_deauth(hdr-frame_control)) return true; /** * ieee80211_is_disassoc - check if IEEE80211_FTYPE_MGMT IEEE80211_STYPE_DISASSOC * @fc: frame control bytes in little-endian byteorder */ static inline int ieee80211_is_disassoc(__le16 fc) { return (fc cpu_to_le16(IEEE80211_FCTL_FTYPE | IEEE80211_FCTL_STYPE)) == cpu_to_le16(IEEE80211_FTYPE_MGMT | IEEE80211_STYPE_DISASSOC); } -
[Kernel-packages] [Bug 1354469] Re: [3.13.0-30.55] rtl8821ae Kernel PANIC due to calling incorrect function
** Description changed: I had a support incident with a user of an Asus X551MA containing a Realtek RTL8821AE WiFi card. After the kernel update from 3.13.0-24 to 3.13.0-30 there was a kernel Panic as soon as the wifi card began scanning (photograph attached). - I investigated the bug in detail and diagnosed the cause to commit + I investigated the bug in detail and diagnosed the cause to commit 22bf70f which modifies a function prototype called by the RTL8821ae driver but does not update the driver to call the alternative function. Corrective patch attached. RIP [a042ffe5] rtl8821ae_rx_query_desc+0x1d5/0xa50 [rtl8821ae] No changes were introduced in the rtl8821ae module between 3.13.0-24 and 3.13.0-30. The only changes were in mac80211, which rtl8821ae depends on (along with cfg80211): # check rtl8821ae $ gitlog Ubuntu-3.13.0-24.47..Ubuntu-3.13.0-30.55 -- drivers/staging/rtl8821ae # check mac80211 $ gitlog Ubuntu-3.13.0-24.47..Ubuntu-3.13.0-30.55 -- net/mac80211 7049ad3 Mon May 19 18:45:30 2014 +0100 Michael Braun mac80211: fix WPA with VLAN on AP side with ps-sta again 5d31275 Mon May 19 18:45:30 2014 +0100 Johannes Berg mac80211: fix suspend vs. authentication race 56f2ea4 Mon May 19 18:45:29 2014 +0100 Johannes Berg mac80211: fix potential use-after-free 22bf70f Tue Apr 15 15:27:46 2014 +0100 Johannes Berg mac80211: add length check in ieee80211_is_robust_mgmt_frame() - # check mac80211 + # check cfg80211 $ gitlog Ubuntu-3.13.0-24.47..Ubuntu-3.13.0-30.55 -- net/wireless/ $ The faulting location is in function rx_query_desc() at offset 0x1d5. $ objdump -d /lib/modules/3.13.0-30-generic/kernel/drivers/staging/rtl8821ae/rtl8821ae.ko 00033e40 rtl8821ae_rx_query_desc: Faulting instruction is at 0x33e40 + 0x1d5 = 0x34015 Now I examine the debug-symbols of the module with: $ gdb -d drivers/staging/rtl8821ae -d drivers/staging/rtl8821ae/rtl8821ae /usr/lib/debug/modules/3.13.0-30-generic/kernel/drivers/staging/rtl8821ae/rtl8821ae.dbgsym.ko (gdb) info line rtl8821ae_rx_query_desc Line 539 of /build/buildd/linux-3.13.0/drivers/staging/rtl8821ae/rtl8821ae/trx.c starts at address 0x33e40 rtl8821ae_rx_query_desc - and ends at 0x33e65 rtl8821ae_rx_query_desc+37. + and ends at 0x33e65 rtl8821ae_rx_query_desc+37. (gdb) x/i 0x34015 - 0x34015 rtl8821ae_rx_query_desc+469: movzwl (%rdi),%esi + 0x34015 rtl8821ae_rx_query_desc+469: movzwl (%rdi),%esi (gdb) disas rtl8821ae_rx_query_desc ... - 0x00033ffe +446: je 0x34641 rtl8821ae_rx_query_desc+2049 - 0x00034004 +452: cmpl $0x18,0x68(%rdx) - 0x00034008 +456: jbe0x34268 rtl8821ae_rx_query_desc+1064 - 0x0003400e +462: mov0xd8(%rdx),%rdi /* hdr-frame_control */ - 0x00034015 +469: movzwl (%rdi),%esi /* FAULT %rdi invalid */ - 0x00034018 +472: mov%esi,%ecx - 0x0003401a +474: and$0xfc,%cx - 0x0003401f +479: cmp$0xa0,%cx - 0x00034024 +484: je 0x34068 rtl8821ae_rx_query_desc+552 + 0x00033ffe +446: je 0x34641 rtl8821ae_rx_query_desc+2049 + 0x00034004 +452: cmpl $0x18,0x68(%rdx) + 0x00034008 +456: jbe0x34268 rtl8821ae_rx_query_desc+1064 + 0x0003400e +462: mov0xd8(%rdx),%rdi /* hdr-frame_control */ + 0x00034015 +469: movzwl (%rdi),%esi /* FAULT %rdi invalid */ + 0x00034018 +472: mov%esi,%ecx + 0x0003401a +474: and$0xfc,%cx + 0x0003401f +479: cmp$0xa0,%cx + 0x00034024 +484: je 0x34068 rtl8821ae_rx_query_desc+552 ... (gdb) info line *0x34015 Line 2194 of /build/buildd/linux-3.13.0/include/linux/ieee80211.h starts at address 0x34015 rtl8821ae_rx_query_desc+469 - and ends at 0x34018 rtl8821ae_rx_query_desc+472. + and ends at 0x34018 rtl8821ae_rx_query_desc+472. include/linux/ieee80211.h - /** - * _ieee80211_is_robust_mgmt_frame - check if frame is a robust management frame - * @hdr: the frame (buffer must include at least the first octet of payload) - */ + * _ieee80211_is_robust_mgmt_frame - check if frame is a robust management frame + * @hdr: the frame (buffer must include at least the first octet of payload) + */ static inline bool _ieee80211_is_robust_mgmt_frame(struct ieee80211_hdr *hdr) { -if (ieee80211_is_disassoc(hdr-frame_control) || /* LINE 2194 */ -ieee80211_is_deauth(hdr-frame_control)) - return true; - + if (ieee80211_is_disassoc(hdr-frame_control) || /* LINE 2194 */ + ieee80211_is_deauth(hdr-frame_control)) + return true; /** - * ieee80211_is_disassoc - check if IEEE80211_FTYPE_MGMT IEEE80211_STYPE_DISASSOC - * @fc: frame control bytes in little-endian byteorder - */ + *
[Kernel-packages] [Bug 1354469] Re: [3.13.0-30.55] rtl8821ae Kernel PANIC due to calling incorrect function
** Tags added: patch -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/1354469 Title: [3.13.0-30.55] rtl8821ae Kernel PANIC due to calling incorrect function Status in “linux” package in Ubuntu: Triaged Bug description: I had a support incident with a user of an Asus X551MA containing a Realtek RTL8821AE WiFi card. After the kernel update from 3.13.0-24 to 3.13.0-30 there was a kernel Panic as soon as the wifi card began scanning (photograph attached). I investigated the bug in detail and diagnosed the cause to commit 22bf70f which modifies a function prototype called by the RTL8821ae driver but does not update the driver to call the alternative function. Corrective patch attached. RIP [a042ffe5] rtl8821ae_rx_query_desc+0x1d5/0xa50 [rtl8821ae] No changes were introduced in the rtl8821ae module between 3.13.0-24 and 3.13.0-30. The only changes were in mac80211, which rtl8821ae depends on (along with cfg80211): # check rtl8821ae $ gitlog Ubuntu-3.13.0-24.47..Ubuntu-3.13.0-30.55 -- drivers/staging/rtl8821ae # check mac80211 $ gitlog Ubuntu-3.13.0-24.47..Ubuntu-3.13.0-30.55 -- net/mac80211 7049ad3 Mon May 19 18:45:30 2014 +0100 Michael Braun mac80211: fix WPA with VLAN on AP side with ps-sta again 5d31275 Mon May 19 18:45:30 2014 +0100 Johannes Berg mac80211: fix suspend vs. authentication race 56f2ea4 Mon May 19 18:45:29 2014 +0100 Johannes Berg mac80211: fix potential use-after-free 22bf70f Tue Apr 15 15:27:46 2014 +0100 Johannes Berg mac80211: add length check in ieee80211_is_robust_mgmt_frame() # check cfg80211 $ gitlog Ubuntu-3.13.0-24.47..Ubuntu-3.13.0-30.55 -- net/wireless/ $ The faulting location is in function rx_query_desc() at offset 0x1d5. $ objdump -d /lib/modules/3.13.0-30-generic/kernel/drivers/staging/rtl8821ae/rtl8821ae.ko 00033e40 rtl8821ae_rx_query_desc: Faulting instruction is at 0x33e40 + 0x1d5 = 0x34015 Now I examine the debug-symbols of the module with: $ gdb -d drivers/staging/rtl8821ae -d drivers/staging/rtl8821ae/rtl8821ae /usr/lib/debug/modules/3.13.0-30-generic/kernel/drivers/staging/rtl8821ae/rtl8821ae.dbgsym.ko (gdb) info line rtl8821ae_rx_query_desc Line 539 of /build/buildd/linux-3.13.0/drivers/staging/rtl8821ae/rtl8821ae/trx.c starts at address 0x33e40 rtl8821ae_rx_query_desc and ends at 0x33e65 rtl8821ae_rx_query_desc+37. (gdb) x/i 0x34015 0x34015 rtl8821ae_rx_query_desc+469: movzwl (%rdi),%esi (gdb) disas rtl8821ae_rx_query_desc ... 0x00033ffe +446: je 0x34641 rtl8821ae_rx_query_desc+2049 0x00034004 +452: cmpl $0x18,0x68(%rdx) 0x00034008 +456: jbe0x34268 rtl8821ae_rx_query_desc+1064 0x0003400e +462: mov0xd8(%rdx),%rdi /* hdr-frame_control */ 0x00034015 +469: movzwl (%rdi),%esi /* FAULT %rdi invalid */ 0x00034018 +472: mov%esi,%ecx 0x0003401a +474: and$0xfc,%cx 0x0003401f +479: cmp$0xa0,%cx 0x00034024 +484: je 0x34068 rtl8821ae_rx_query_desc+552 ... (gdb) info line *0x34015 Line 2194 of /build/buildd/linux-3.13.0/include/linux/ieee80211.h starts at address 0x34015 rtl8821ae_rx_query_desc+469 and ends at 0x34018 rtl8821ae_rx_query_desc+472. include/linux/ieee80211.h - /** * _ieee80211_is_robust_mgmt_frame - check if frame is a robust management frame * @hdr: the frame (buffer must include at least the first octet of payload) */ static inline bool _ieee80211_is_robust_mgmt_frame(struct ieee80211_hdr *hdr) { if (ieee80211_is_disassoc(hdr-frame_control) || /* LINE 2194 */ ieee80211_is_deauth(hdr-frame_control)) return true; /** * ieee80211_is_disassoc - check if IEEE80211_FTYPE_MGMT IEEE80211_STYPE_DISASSOC * @fc: frame control bytes in little-endian byteorder */ static inline int ieee80211_is_disassoc(__le16 fc) { return (fc cpu_to_le16(IEEE80211_FCTL_FTYPE | IEEE80211_FCTL_STYPE)) == cpu_to_le16(IEEE80211_FTYPE_MGMT | IEEE80211_STYPE_DISASSOC); } - drivers/staging/rtl8821ae/rtl8821ae/trx.c::rtl8821ae_rx_query_desc() - ... if ((ieee80211_is_robust_mgmt_frame(hdr)) /* FAULT LOCATION */ (ieee80211_has_protected(hdr-frame_control))) rx_status-flag = ~RX_FLAG_DECRYPTED; else rx_status-flag |= RX_FLAG_DECRYPTED; } ... - 8- - On investigation it appears that gdb may have an incorrect debug reference for the location of ieee80211_is_robust_mgmt_frame() since the location it references is for the underscore-prefix function _ieee80211_is_robust_mgmt_frame(). This may be due to both functions being inline. The changes introduced in commit: 22bf70f Tue Apr
[Kernel-packages] [Bug 1354469] Re: [3.13.0-30.55] rtl8821ae Kernel PANIC due to calling incorrect function
Hello, I can confirm the kernel panics after loading rtl8821ae module, while ubuntu boots on Asus R510L notebook. $ sudo lspci|grep -i rtl 02:00.1 Ethernet controller: Realtek Semiconductor Co., Ltd. RTL8111/8168/8411 PCI Express Gigabit Ethernet Controller (rev 12) 03:00.0 Network controller: Realtek Semiconductor Co., Ltd. RTL8821AE 802.11ac PCIe Wireless Network Adapter After blacklisting the rtl8821ae module the computer starts fine but without the network (wlan or ethernet): $ cat /etc/modprobe.d/blacklist-asus_rtl.conf blacklist rtl8821ae 02:00.1 Ethernet controller: Realtek Semiconductor Co., Ltd. RTL8111/8168/8411 PCI Express Gigabit Ethernet Controller (rev 12) Subsystem: ASUSTeK Computer Inc. Device 200f Flags: bus master, fast devsel, latency 0, IRQ 65 I/O ports at e000 [size=256] Memory at f7914000 (64-bit, non-prefetchable) [size=4K] Memory at f791 (64-bit, non-prefetchable) [size=16K] Capabilities: [40] Power Management version 3 Capabilities: [50] MSI: Enable+ Count=1/1 Maskable- 64bit+ Capabilities: [70] Express Endpoint, MSI 01 Capabilities: [b0] MSI-X: Enable- Count=4 Masked- Capabilities: [d0] Vital Product Data Capabilities: [100] Advanced Error Reporting Capabilities: [160] Device Serial Number 34-80-75-removed Capabilities: [170] Latency Tolerance Reporting Capabilities: [178] L1 PM Substates Kernel driver in use: r8169 03:00.0 Network controller: Realtek Semiconductor Co., Ltd. RTL8821AE 802.11ac PCIe Wireless Network Adapter Subsystem: AzureWave Device 2161 Flags: bus master, fast devsel, latency 0, IRQ 10 I/O ports at d000 [size=256] Memory at f780 (64-bit, non-prefetchable) [size=16K] Capabilities: [40] Power Management version 3 Capabilities: [50] MSI: Enable- Count=1/1 Maskable- 64bit+ Capabilities: [70] Express Endpoint, MSI 00 Capabilities: [100] Advanced Error Reporting Capabilities: [140] Device Serial Number 00-e0-4c-ff-removed Capabilities: [150] Latency Tolerance Reporting Capabilities: [158] L1 PM Substates Regards, BemNum -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/1354469 Title: [3.13.0-30.55] rtl8821ae Kernel PANIC due to calling incorrect function Status in “linux” package in Ubuntu: Triaged Bug description: I had a support incident with a user of an Asus X551MA containing a Realtek RTL8821AE WiFi card. After the kernel update from 3.13.0-24 to 3.13.0-30 there was a kernel Panic as soon as the wifi card began scanning (photograph attached). I investigated the bug in detail and diagnosed the cause to commit 22bf70f which modifies a function prototype called by the RTL8821ae driver but does not update the driver to call the alternative function. Corrective patch attached. RIP [a042ffe5] rtl8821ae_rx_query_desc+0x1d5/0xa50 [rtl8821ae] No changes were introduced in the rtl8821ae module between 3.13.0-24 and 3.13.0-30. The only changes were in mac80211, which rtl8821ae depends on (along with cfg80211): # check rtl8821ae $ gitlog Ubuntu-3.13.0-24.47..Ubuntu-3.13.0-30.55 -- drivers/staging/rtl8821ae # check mac80211 $ gitlog Ubuntu-3.13.0-24.47..Ubuntu-3.13.0-30.55 -- net/mac80211 7049ad3 Mon May 19 18:45:30 2014 +0100 Michael Braun mac80211: fix WPA with VLAN on AP side with ps-sta again 5d31275 Mon May 19 18:45:30 2014 +0100 Johannes Berg mac80211: fix suspend vs. authentication race 56f2ea4 Mon May 19 18:45:29 2014 +0100 Johannes Berg mac80211: fix potential use-after-free 22bf70f Tue Apr 15 15:27:46 2014 +0100 Johannes Berg mac80211: add length check in ieee80211_is_robust_mgmt_frame() # check cfg80211 $ gitlog Ubuntu-3.13.0-24.47..Ubuntu-3.13.0-30.55 -- net/wireless/ $ The faulting location is in function rx_query_desc() at offset 0x1d5. $ objdump -d /lib/modules/3.13.0-30-generic/kernel/drivers/staging/rtl8821ae/rtl8821ae.ko 00033e40 rtl8821ae_rx_query_desc: Faulting instruction is at 0x33e40 + 0x1d5 = 0x34015 Now I examine the debug-symbols of the module with: $ gdb -d drivers/staging/rtl8821ae -d drivers/staging/rtl8821ae/rtl8821ae /usr/lib/debug/modules/3.13.0-30-generic/kernel/drivers/staging/rtl8821ae/rtl8821ae.dbgsym.ko (gdb) info line rtl8821ae_rx_query_desc Line 539 of /build/buildd/linux-3.13.0/drivers/staging/rtl8821ae/rtl8821ae/trx.c starts at address 0x33e40 rtl8821ae_rx_query_desc and ends at 0x33e65 rtl8821ae_rx_query_desc+37. (gdb) x/i 0x34015 0x34015 rtl8821ae_rx_query_desc+469: movzwl (%rdi),%esi (gdb) disas rtl8821ae_rx_query_desc ... 0x00033ffe +446: je 0x34641 rtl8821ae_rx_query_desc+2049 0x00034004 +452: cmpl $0x18,0x68(%rdx)