2017-08-24 07:17:14 |
Jesse Sung |
bug |
|
|
added bug |
2017-08-24 07:19:23 |
Jesse Sung |
bug |
|
|
added subscriber Canonical Hardware Enablement Team |
2017-08-24 07:19:29 |
Jesse Sung |
tags |
|
originate-from-1654549 plano |
|
2017-08-24 07:32:33 |
Jesse Sung |
hwe-next: assignee |
|
Jesse Sung (wenchien) |
|
2017-08-24 07:32:36 |
Jesse Sung |
hwe-next: status |
New |
In Progress |
|
2017-08-24 07:57:45 |
Stefan Bader |
nominated for series |
|
Ubuntu Xenial |
|
2017-08-24 07:57:45 |
Stefan Bader |
bug task added |
|
linux (Ubuntu Xenial) |
|
2017-08-24 09:08:37 |
Jesse Sung |
description |
When it's in AP mode, there's quite a chance to find kernel oops during reboot.
[ 30.701441] BUG: unable to handle kernel NULL pointer dereference at 00000000000000f0
[ 30.709511] IP: [<ffffffffc05781b9>] mwifiex_get_cfp+0x49/0x150 [mwifiex]
[ 30.716494] PGD 0
[ 30.718575] Oops: 0000 [#1] SMP
[ 30.721918] Modules linked in: ipt_MASQUERADE nf_nat_masquerade_ipv4 iptable_nat nf_conntrack_ipv4 nf_defrag_ipv4 nf_nat_ipv4 nf_nat nf_conni
[ 30.836915] CPU: 1 PID: 679 Comm: kworker/u5:0 Not tainted 4.4.0-57-generic #78-Ubuntu
[ 30.845018] Hardware name: Dell Inc. Edge Gateway 5000/ , BIOS 01.05.00 10/18/2016
[ 30.853218] Workqueue: MWIFIEX_WORK_QUEUE mwifiex_main_work_queue [mwifiex]
[ 30.860362] task: ffff880077c11980 ti: ffff880075e48000 task.ti: ffff880075e48000
[ 30.868018] RIP: 0010:[<ffffffffc05781b9>] [<ffffffffc05781b9>] mwifiex_get_cfp+0x49/0x150 [mwifiex]
[ 30.877484] RSP: 0018:ffff880075e4bbf8 EFLAGS: 00010202
[ 30.882920] RAX: 0000000000000000 RBX: 0000000000000004 RCX: 0000000000000004
[ 30.890221] RDX: 0010000000110010 RSI: 0000000000000004 RDI: 0000000000000004
[ 30.897520] RBP: ffff880075e4bc28 R08: 0000000000000003 R09: 0000000000000001
[ 30.904821] R10: 0000000000000001 R11: 00000000000002ff R12: 0000000000000095
[ 30.912123] R13: 0000000000000000 R14: ffff880075e40000 R15: 0000000000000095
[ 30.919425] FS: 0000000000000000(0000) GS:ffff880071300000(0000) knlGS:0000000000000000
[ 30.927701] CS: 0010 DS: 0000 ES: 0000 CR0: 000000008005003b
[ 30.933581] CR2: 00000000000000f0 CR3: 0000000001e0a000 CR4: 00000000001006e0
[ 30.940882] Stack:
[ 30.942944] 0000000000000118 ffff880075e40000 ffff8800750c4000 ffff880075e3ed59
[ 30.950592] 0000000000000095 ffff880075e3ee01 ffff880075e4bcd0 ffffffffc05846fc
[ 30.958232] 0000000000000000 ffff880075e4bc50 ffffffff8140bcb5 ffff880075e4bc70
[ 30.965873] Call Trace:
[ 30.968397] [<ffffffffc05846fc>] mwifiex_parse_single_response_buf+0x1fc/0x560 [mwifiex]
[ 30.976772] [<ffffffff8140bcb5>] ? find_next_bit+0x15/0x20
[ 30.982490] [<ffffffffc0584d9c>] mwifiex_handle_event_ext_scan_report+0x15c/0x340 [mwifiex]
[ 30.991139] [<ffffffffc058f4c6>] mwifiex_process_sta_event+0x276/0xb40 [mwifiex]
[ 30.998806] [<ffffffffc0578952>] mwifiex_process_event+0x102/0x1c0 [mwifiex]
[ 31.006120] [<ffffffffc057677e>] mwifiex_main_process+0x5de/0x8d0 [mwifiex]
[ 31.013346] [<ffffffffc0576a8f>] mwifiex_main_work_queue+0x1f/0x30 [mwifiex]
[ 31.020650] [<ffffffff8109a575>] process_one_work+0x165/0x480
[ 31.026624] [<ffffffff8109a8db>] worker_thread+0x4b/0x4c0
[ 31.032240] [<ffffffff8109a890>] ? process_one_work+0x480/0x480
[ 31.038387] [<ffffffff810a0c08>] kthread+0xd8/0xf0
[ 31.043384] [<ffffffff810a0b30>] ? kthread_create_on_node+0x1e0/0x1e0
[ 31.050071] [<ffffffff8183788f>] ret_from_fork+0x3f/0x70
[ 31.055596] [<ffffffff810a0b30>] ? kthread_create_on_node+0x1e0/0x1e0
[ 31.062276] Code: 85 c9 0f 84 ef 00 00 00 40 0f b6 de 49 89 fe 41 89 cd 89 df 41 89 d4 e8 46 f1 00 00 84 c0 49 8b 86 e0 13 00 00 0f 84 98 00
[ 31.082756] RIP [<ffffffffc05781b9>] mwifiex_get_cfp+0x49/0x150 [mwifiex]
[ 31.089820] RSP <ffff880075e4bbf8>
[ 31.093392] CR2: 00000000000000f0
[ 31.096787] ---[ end trace f3a762be5787f138 ]--- |
When it's in AP mode, there's quite a chance to find kernel oops during reboot.
This is caused by the wiphy may be NULL for some reason. It's likely a bug in mwifiex. We've already pinged Marvell and Murata. Before there's a real fix available, we should check wiphy before accessing it.
I've tried a 4.13-rc6 kernel. Though it has oops for NULL pointer deference too, it happens in a different function in mwifiex. Thus the workaround for Xenial may or may not help for other series. Will need to reproduce this issue with Zesty and then we can decide whether this workaround should be applied to Zesty.
[ 30.701441] BUG: unable to handle kernel NULL pointer dereference at 00000000000000f0
[ 30.709511] IP: [<ffffffffc05781b9>] mwifiex_get_cfp+0x49/0x150 [mwifiex]
[ 30.716494] PGD 0
[ 30.718575] Oops: 0000 [#1] SMP
[ 30.721918] Modules linked in: ipt_MASQUERADE nf_nat_masquerade_ipv4 iptable_nat nf_conntrack_ipv4 nf_defrag_ipv4 nf_nat_ipv4 nf_nat nf_conni
[ 30.836915] CPU: 1 PID: 679 Comm: kworker/u5:0 Not tainted 4.4.0-57-generic #78-Ubuntu
[ 30.845018] Hardware name: Dell Inc. Edge Gateway 5000/ , BIOS 01.05.00 10/18/2016
[ 30.853218] Workqueue: MWIFIEX_WORK_QUEUE mwifiex_main_work_queue [mwifiex]
[ 30.860362] task: ffff880077c11980 ti: ffff880075e48000 task.ti: ffff880075e48000
[ 30.868018] RIP: 0010:[<ffffffffc05781b9>] [<ffffffffc05781b9>] mwifiex_get_cfp+0x49/0x150 [mwifiex]
[ 30.877484] RSP: 0018:ffff880075e4bbf8 EFLAGS: 00010202
[ 30.882920] RAX: 0000000000000000 RBX: 0000000000000004 RCX: 0000000000000004
[ 30.890221] RDX: 0010000000110010 RSI: 0000000000000004 RDI: 0000000000000004
[ 30.897520] RBP: ffff880075e4bc28 R08: 0000000000000003 R09: 0000000000000001
[ 30.904821] R10: 0000000000000001 R11: 00000000000002ff R12: 0000000000000095
[ 30.912123] R13: 0000000000000000 R14: ffff880075e40000 R15: 0000000000000095
[ 30.919425] FS: 0000000000000000(0000) GS:ffff880071300000(0000) knlGS:0000000000000000
[ 30.927701] CS: 0010 DS: 0000 ES: 0000 CR0: 000000008005003b
[ 30.933581] CR2: 00000000000000f0 CR3: 0000000001e0a000 CR4: 00000000001006e0
[ 30.940882] Stack:
[ 30.942944] 0000000000000118 ffff880075e40000 ffff8800750c4000 ffff880075e3ed59
[ 30.950592] 0000000000000095 ffff880075e3ee01 ffff880075e4bcd0 ffffffffc05846fc
[ 30.958232] 0000000000000000 ffff880075e4bc50 ffffffff8140bcb5 ffff880075e4bc70
[ 30.965873] Call Trace:
[ 30.968397] [<ffffffffc05846fc>] mwifiex_parse_single_response_buf+0x1fc/0x560 [mwifiex]
[ 30.976772] [<ffffffff8140bcb5>] ? find_next_bit+0x15/0x20
[ 30.982490] [<ffffffffc0584d9c>] mwifiex_handle_event_ext_scan_report+0x15c/0x340 [mwifiex]
[ 30.991139] [<ffffffffc058f4c6>] mwifiex_process_sta_event+0x276/0xb40 [mwifiex]
[ 30.998806] [<ffffffffc0578952>] mwifiex_process_event+0x102/0x1c0 [mwifiex]
[ 31.006120] [<ffffffffc057677e>] mwifiex_main_process+0x5de/0x8d0 [mwifiex]
[ 31.013346] [<ffffffffc0576a8f>] mwifiex_main_work_queue+0x1f/0x30 [mwifiex]
[ 31.020650] [<ffffffff8109a575>] process_one_work+0x165/0x480
[ 31.026624] [<ffffffff8109a8db>] worker_thread+0x4b/0x4c0
[ 31.032240] [<ffffffff8109a890>] ? process_one_work+0x480/0x480
[ 31.038387] [<ffffffff810a0c08>] kthread+0xd8/0xf0
[ 31.043384] [<ffffffff810a0b30>] ? kthread_create_on_node+0x1e0/0x1e0
[ 31.050071] [<ffffffff8183788f>] ret_from_fork+0x3f/0x70
[ 31.055596] [<ffffffff810a0b30>] ? kthread_create_on_node+0x1e0/0x1e0
[ 31.062276] Code: 85 c9 0f 84 ef 00 00 00 40 0f b6 de 49 89 fe 41 89 cd 89 df 41 89 d4 e8 46 f1 00 00 84 c0 49 8b 86 e0 13 00 00 0f 84 98 00
[ 31.082756] RIP [<ffffffffc05781b9>] mwifiex_get_cfp+0x49/0x150 [mwifiex]
[ 31.089820] RSP <ffff880075e4bbf8>
[ 31.093392] CR2: 00000000000000f0
[ 31.096787] ---[ end trace f3a762be5787f138 ]--- |
|
2017-08-28 15:11:21 |
Kleber Sacilotto de Souza |
linux (Ubuntu Xenial): status |
New |
Fix Committed |
|
2017-09-01 08:27:39 |
Kleber Sacilotto de Souza |
tags |
originate-from-1654549 plano |
originate-from-1654549 plano verification-needed-xenial |
|
2017-09-06 06:53:38 |
Jesse Sung |
tags |
originate-from-1654549 plano verification-needed-xenial |
originate-from-1654549 plano verification-done-xenial |
|
2017-09-18 10:11:08 |
Launchpad Janitor |
linux (Ubuntu Xenial): status |
Fix Committed |
Fix Released |
|
2017-09-18 10:11:08 |
Launchpad Janitor |
cve linked |
|
2017-1000251 |
|
2017-12-21 07:36:43 |
Jesse Sung |
linux (Ubuntu): status |
In Progress |
Fix Released |
|
2017-12-21 07:36:48 |
Jesse Sung |
hwe-next: status |
In Progress |
Fix Released |
|