Redpine: Driver crash with network-manager 1.10 and above

Bug #1813869 reported by Siva Rebbagondla on 2019-01-30
This bug affects 2 people
Affects Status Importance Assigned to Milestone
linux (Ubuntu)

Bug Description

SRU Justification:

      Kernel crash upon inserting Redpine driver

Test case:
      1) Install network-manager v(1.10) snap.
      2) Insert Redpine modules.
      3) Observe the behavior.

       Redpine driver crashes the entire kernel and below is the crash log.
       ... skipping ...
       [ 49.130185] BUG: unable to handle kernel NULL pointer dereference at 0000000000000134
       [ 49.138969] IP: [<ffffffffc0517c03>] rsi_prepare_mgmt_desc+0xd3/0x2d0 [ven_rsi_91x]
       [ 49.244030] CPU: 0 PID: 31 Comm: kworker/u4:1 Not tainted 4.4.0-139-generic #165-Ubuntu
       [ 49.252988] Hardware name: Dell Inc. Edge Gateway 3001/, BIOS 01.00.00 04/17/2017
       [ 49.261374] Workqueue: rsi_scan_worker rsi_scan_start [ven_rsi_91x]
       [ 49.268385] task: ffff880078538cc0 ti: ffff8800785e4000 task.ti: ffff8800785e4000
       [ 49.276765] rsi_prepare_mgmt_desc+0xd3/0x2d0 [ven_rsi_91x]
       [ 49.387307] [<ffffffffc0516457>] rsi_send_probe_request+0x2c7/0x350 [ven_rsi_91x]
       [ 49.395784] [<ffffffffc0516702>] rsi_scan_start+0x222/0x380 [ven_rsi_91x]
       [ 49.403486] [<ffffffff818530c1>] ? __schedule+0x301/0x7f0
       [ 49.409633] [<ffffffff8109ee4b>] process_one_work+0x16b/0x490
       [ 49.416164] [<ffffffff8109f1bb>] worker_thread+0x4b/0x4d0
       [ 49.422306] [<ffffffff8109f170>] ? process_one_work+0x490/0x490
       [ 49.429032] [<ffffffff810a5587>] kthread+0xe7/0x100
       [ 49.434589] [<ffffffff818530c1>] ? __schedule+0x301/0x7f0
       [ 49.440731] [<ffffffff810a54a0>] ? kthread_create_on_node+0x1e0/0x1e0
       [ 49.448042] [<ffffffff81857bf5>] ret_from_fork+0x55/0x80
       [ 49.454086] [<ffffffff810a54a0>] ? kthread_create_on_node+0x1e0/0x1e0

Root cause analysis:
       In nm-1.10 and above versions, MAC spoof is enabled by default. In Redpine
       driver, this handling is missed. Hence, Added the fix for the same.

       Copied the Custom MAC address into driver global structure.

Regression Petential:
        This is a very direct issue Since the driver is crashing upon inserting the
        modules. we ran the multiple times insertion and deletion of modules and connected
        to third-party AP, did data transfer.

CVE References

This bug is missing log files that will aid in diagnosing the problem. While running an Ubuntu kernel (not a mainline or third-party kernel) please enter the following command in a terminal window:

apport-collect 1813869

and then change the status of the bug to 'Confirmed'.

If, due to the nature of the issue you have encountered, you are unable to run this command, please add a comment stating that fact and change the bug status to 'Confirmed'.

This change has been made by an automated script, maintained by the Ubuntu Kernel Team.

Changed in linux (Ubuntu):
status: New → Incomplete
tags: added: xenial
Stefan Bader (smb) on 2019-02-04
Changed in linux (Ubuntu Xenial):
importance: Undecided → Medium
Changed in linux (Ubuntu Xenial):
status: New → Fix Committed
Brad Figg (brad-figg) wrote :

This bug is awaiting verification that the kernel in -proposed solves the problem. Please test the kernel and update this bug with the results. If the problem is solved, change the tag 'verification-needed-xenial' to 'verification-done-xenial'. If the problem still exists, change the tag 'verification-needed-xenial' to 'verification-failed-xenial'.

If verification is not done by 5 working days from today, this fix will be dropped from the source code, and this bug will be closed.

See for documentation how to enable and use -proposed. Thank you!

tags: added: verification-needed-xenial
Terry Rudd (terrykrudd) wrote :

Final reminder: We are at the end of the SRU Cycle and request that you please provide verification the kernel in proposed resolves the problem for which this bug was submitted. -Thank you!

Hi All,

Updated to new kernel in -proposed(4.4.0-143.169 #105 in edge/redpine-fix).
Verified the functionality, didn't observed Redpine driver crash with
this new snap.

I am attaching driver logs and snap details.

Thank you

tags: added: verification-done-xenial
removed: verification-needed-xenial
Siva Rebbagondla (siva8118) wrote :


Please add logs to the bug and Kernel version that you have verified.


Sorry I've hide the comment, now I've opened it again, you can find the logs in comment #4.

Launchpad Janitor (janitor) wrote :
Download full text (16.2 KiB)

This bug was fixed in the package linux - 4.4.0-143.169

linux (4.4.0-143.169) xenial; urgency=medium

  * linux: 4.4.0-143.169 -proposed tracker (LP: #1814647)

  * x86/kvm: Backport fixup and missing commits (LP: #1811646)
    - KVM: x86: avoid vmalloc(0) in the KVM_SET_CPUID
    - kvm: nVMX: VMCLEAR an active shadow VMCS after last use
    - X86/nVMX: Properly set spec_ctrl and pred_cmd before merging MSRs
    - KVM/VMX: Optimize vmx_vcpu_run() and svm_vcpu_run() by marking the RDMSR
      path as unlikely()
    - kvm: x86: IA32_ARCH_CAPABILITIES is always supported
    - KVM: SVM: Add MSR-based feature support for serializing LFENCE
    - KVM: X86: Allow userspace to define the microcode version
    - KVM: x86: SVM: Call x86_spec_ctrl_set_guest/host() with interrupts disabled
    - KVM: VMX: fixes for vmentry_l1d_flush module parameter
    - kvm: svm: Ensure an IBPB on all affected CPUs when freeing a vmcb
    - kvm: vmx: Scrub hardware GPRs at VM-exit
    - SAUCE: [Fix] x86/KVM/VMX: Add L1D flush logic
    - SAUCE: KVM: Move code fragments, cleanup and re-indent

  * linux-buildinfo: pull out ABI information into its own package
    (LP: #1806380)
    - [Packaging] limit preparation to linux-libc-dev in headers
    - [Packaging] commonise debhelper invocation
    - [Packaging] ABI -- accumulate abi information at the end of the build
    - [Packaging] buildinfo -- add basic build information
    - [Packaging] buildinfo -- add firmware information to the flavour ABI
    - [Packaging] buildinfo -- add compiler information to the flavour ABI
    - [Packaging] buildinfo -- add buildinfo support to getabis
    - [Config] buildinfo -- add retpoline version markers
    - [Packaging] getabis -- handle all known package combinations
    - [Packaging] getabis -- support parsing a simple version

  * signing: only install a signed kernel (LP: #1764794)
    - [Packaging] update to Debian like control scripts
    - [Packaging] switch to triggers for postinst.d postrm.d handling
    - [Packaging] signing -- switch to raw-signing tarballs
    - [Packaging] signing -- switch to linux-image as signed when available
    - [Packaging] printenv -- add signing options
    - [Packaging] fix invocation of header postinst hooks
    - [Packaging] signing -- add support for signing Opal kernel binaries
    - [Debian] Use src_pkg_name when constructing udeb control files
    - [Debian] Dynamically determine linux udebs package name
    - [Packaging] handle both linux-lts* and linux-hwe* as backports
    - [Config] linux-source-* is in the primary linux namespace
    - [Packaging] lookup the upstream tag
    - [Packaging] zfs/spl -- enhance provides information
    - [Packaging] switch up to debhelper 9
    - [Packaging] autopkgtest -- disable d-i when dropping flavours
    - [debian] support for ship_extras_package=false
    - [Debian] do_common_tools should always be on
    - [debian] do not force do_tools_common
    - [Packaging] Add linux-tools-host package for VM host tools
    - [Packaging] signing should be conditional
    - [Packaging] skip cloud tools packaging when not building package
    - [Packaging] add acpidbg
    - [debian] prep linu...

Changed in linux (Ubuntu Xenial):
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers