Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Crash when switch to iwd (ubuntu 22.10) #441

Closed
iafilius opened this issue Apr 9, 2023 · 6 comments
Closed

Crash when switch to iwd (ubuntu 22.10) #441

iafilius opened this issue Apr 9, 2023 · 6 comments

Comments

@iafilius
Copy link

iafilius commented Apr 9, 2023

Hi Larry ea,

Running ubuntu 22.10 and the v5.2.2.4 to run a hotspot on my realtek micro usb rtl8188
This worked perfectly fine until i switched from wpa_supplicant to more
recent iwd.

The summary of the issue is: while having iwd running fine with one wireless
adapter (AX200), then inserting the RTL8188 usb adapter results in a kernel
crash dump, and also leaves iwd in unusable state.

I'm not sure if this is an iwd or driver issue, or combination.

Using your v5.2.2.4 driver from git

$ uname -a
Linux host 5.19.0-38-generic #39-Ubuntu SMP PREEMPT_DYNAMIC Fri Mar 17 17:33:16 UTC 2023 x86_64 x86_64 x86_64 GNU/Linux


$ git status
On branch v5.2.2.4
Your branch is up to date with 'origin/v5.2.2.4'.

~/git/rtl8188eu$ cat .git/config 
[core]
        repositoryformatversion = 0
        filemode = true
        bare = false
        logallrefupdates = true
[remote "origin"]
        url = https://github.com/lwfinger/rtl8188eu.git
        fetch = +refs/heads/*:refs/remotes/origin/*
[branch "master"]
        remote = origin
        merge = refs/heads/master
[branch "v5.2.2.4"]
        remote = origin
        merge = refs/heads/v5.2.2.4

user@host:~/git/rtl8188eu$ git pull
Already up to date.


user@host:~/git/rtl8188eu$ sudo make  install
install -p -m 644 8188eu.ko  /lib/modules/5.19.0-38-generic/kernel/drivers/staging/r8188eu/
/sbin/depmod -a 5.19.0-38-generic

had blacklisted original module:
/etc/modprobe.d/50-8188eu.conf:blacklist r8188eu

iwd (iwctl) is running/operating just fine

user@host:~/git/rtl8188eu$ ps aux|grep iwd
root        2005  0.0  0.0  15824  5040 ?        Ss   19:34   0:00 /usr/libexec/iwd

The oops/call trace at the moment of inserting

user@host:~/git/rtl8188eu$ dmesg -TW
[za apr  8 19:40:36 2023] usb 1-1.2: new high-speed USB device number 6 using ehci-pci
[za apr  8 19:40:36 2023] usb 1-1.2: New USB device found, idVendor=0bda, idProduct=0179, bcdDevice= 0.00
[za apr  8 19:40:36 2023] usb 1-1.2: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[za apr  8 19:40:36 2023] usb 1-1.2: Product: 802.11n NIC
[za apr  8 19:40:36 2023] usb 1-1.2: Manufacturer: Realtek
[za apr  8 19:40:36 2023] usb 1-1.2: SerialNumber: 00E02D0B3D19
[za apr  8 19:40:37 2023] RTW: rtl8188eu v5.2.2.4_25483.20171222
[za apr  8 19:40:37 2023] RTW: hal_com_config_channel_plan chplan:0x20
[za apr  8 19:40:37 2023] RTW: rtw_regsty_chk_target_tx_power_valid return false for band:0, path:0, rs:0, t:-1
[za apr  8 19:40:37 2023] usbcore: registered new interface driver rtl8188eu
[za apr  8 19:40:38 2023] BUG: kernel NULL pointer dereference, address: 0000000000000000
[za apr  8 19:40:38 2023] #PF: supervisor read access in kernel mode
[za apr  8 19:40:38 2023] #PF: error_code(0x0000) - not-present page
[za apr  8 19:40:38 2023] PGD 0 P4D 0 
[za apr  8 19:40:38 2023] Oops: 0000 [#1] PREEMPT SMP PTI
[za apr  8 19:40:38 2023] CPU: 2 PID: 2005 Comm: iwd Tainted: G           OE     5.19.0-38-generic #39-Ubuntu
[za apr  8 19:40:38 2023] Hardware name: LENOVO 2349G7G/2349G7G, BIOS G1ETC2WW (2.82 ) 08/07/2019
[za apr  8 19:40:38 2023] RIP: 0010:memcmp+0x2e/0x60
[za apr  8 19:40:38 2023] Code: 06 48 39 07 75 17 48 83 c7 08 48 83 c6 08 48 83 ea 08 48 83 fa 07 77 e6 48 85 d2 74 2b 31 c9 eb 09 48 83 c1 01 48 39 ca 74 0e <0f> b6 04 0f 44 0f b6 04 0e 44 29 c0 74 e9 31 d2 31 c9 31 f6 31 ff
[za apr  8 19:40:38 2023] RSP: 0018:ffffc151025b3678 EFLAGS: 00010246
[za apr  8 19:40:38 2023] RAX: 0000000000000001 RBX: ffff9c8e9e3d2400 RCX: 0000000000000000
[za apr  8 19:40:38 2023] RDX: 0000000000000007 RSI: ffffffffc1853e97 RDI: 0000000000000000
[za apr  8 19:40:38 2023] RBP: ffffc151025b39e0 R08: 0000000000000000 R09: 0000000000000000
[za apr  8 19:40:38 2023] R10: 0000000000000000 R11: 0000000000000000 R12: ffffc1510008b000
[za apr  8 19:40:38 2023] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000005
[za apr  8 19:40:38 2023] FS:  00007f9fbffa9740(0000) GS:ffff9c91ae680000(0000) knlGS:0000000000000000
[za apr  8 19:40:38 2023] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[za apr  8 19:40:38 2023] CR2: 0000000000000000 CR3: 0000000152730006 CR4: 00000000001706e0
[za apr  8 19:40:38 2023] Call Trace:
[za apr  8 19:40:38 2023]  <TASK>
[za apr  8 19:40:38 2023]  ? cfg80211_rtw_scan+0x311/0xc76 [8188eu]
[za apr  8 19:40:38 2023]  rdev_scan+0x2d/0xe0 [cfg80211]
[za apr  8 19:40:38 2023]  cfg80211_scan+0xf6/0x140 [cfg80211]
[za apr  8 19:40:38 2023]  nl80211_trigger_scan+0x412/0x8d0 [cfg80211]
[za apr  8 19:40:38 2023]  genl_family_rcv_msg_doit+0x108/0x180
[za apr  8 19:40:38 2023]  genl_rcv_msg+0xf0/0x200
[za apr  8 19:40:38 2023]  ? nl80211_send_scan_start+0xc0/0xc0 [cfg80211]
[za apr  8 19:40:38 2023]  ? genl_get_cmd+0x120/0x120
[za apr  8 19:40:38 2023]  netlink_rcv_skb+0x57/0x110
[za apr  8 19:40:38 2023]  genl_rcv+0x28/0x50
[za apr  8 19:40:38 2023]  netlink_unicast+0x247/0x390
[za apr  8 19:40:38 2023]  netlink_sendmsg+0x25e/0x4e0
[za apr  8 19:40:38 2023]  sock_sendmsg+0x6d/0x70
[za apr  8 19:40:38 2023]  __sys_sendto+0x142/0x1a0
[za apr  8 19:40:38 2023]  __x64_sys_sendto+0x24/0x40
[za apr  8 19:40:38 2023]  do_syscall_64+0x5b/0x90
[za apr  8 19:40:38 2023]  ? __x64_sys_epoll_ctl+0x6e/0xb0
[za apr  8 19:40:38 2023]  ? exit_to_user_mode_prepare+0x30/0xb0
[za apr  8 19:40:38 2023]  ? syscall_exit_to_user_mode+0x29/0x50
[za apr  8 19:40:38 2023]  ? do_syscall_64+0x67/0x90
[za apr  8 19:40:38 2023]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[za apr  8 19:40:38 2023] RIP: 0033:0x7f9fbfd2081d
[za apr  8 19:40:38 2023] Code: eb bd 66 2e 0f 1f 84 00 00 00 00 00 90 f3 0f 1e fa 80 3d cd dd 0d 00 00 41 89 ca 74 20 45 31 c9 45 31 c0 b8 2c 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 6b c3 66 2e 0f 1f 84 00 00 00 00 00 55 48 83
[za apr  8 19:40:38 2023] RSP: 002b:00007fff69dbd068 EFLAGS: 00000246 ORIG_RAX: 000000000000002c
[za apr  8 19:40:38 2023] RAX: ffffffffffffffda RBX: 00005557bf6f8a20 RCX: 00007f9fbfd2081d
[za apr  8 19:40:38 2023] RDX: 0000000000000038 RSI: 00005557bf71fd00 RDI: 0000000000000004
[za apr  8 19:40:38 2023] RBP: 00005557bf71a6e0 R08: 0000000000000000 R09: 0000000000000000
[za apr  8 19:40:38 2023] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fff69dbd0cc
[za apr  8 19:40:38 2023] R13: 00005557bf702600 R14: 00005557bf6f87a0 R15: 00005557bd9853d6
[za apr  8 19:40:38 2023]  </TASK>
[za apr  8 19:40:38 2023] Modules linked in: 8188eu(OE) tls snd_seq_dummy snd_hrtimer xt_CHECKSUM rfcomm bnep bridge stp llc btusb btrtl btbcm btintel btmtk ccm algif_aead des_generic libdes algif_skcipher cmac md4 algif_hash af_alg bluetooth ecdh_generic ecc lz4 lz4_compress zram bbswitch(OE) ip6t_REJECT nf_reject_ipv6 xt_hl ip6_tables ip6t_rt ipt_REJECT nf_reject_ipv4 xt_LOG nf_log_syslog xt_multiport nft_limit xt_limit xt_addrtype xt_tcpudp nft_chain_nat xt_MASQUERADE nf_nat xt_comment xt_conntrack nf_conntrack nf_defrag_ipv6 nf_defrag_ipv4 nft_compat sunrpc nf_tables nfnetlink binfmt_misc snd_hda_codec_hdmi intel_rapl_msr intel_rapl_common snd_ctl_led x86_pkg_temp_thermal snd_hda_codec_realtek mei_pxp mei_hdcp snd_hda_codec_generic intel_powerclamp coretemp snd_hda_intel snd_intel_dspcfg kvm_intel snd_intel_sdw_acpi snd_hda_codec kvm snd_hda_core snd_hwdep iwlmvm snd_pcm rapl intel_cstate snd_seq_midi mac80211 snd_seq_midi_event joydev input_leds snd_rawmidi think_lmi wmi_bmof
[za apr  8 19:40:38 2023]  firmware_attributes_class serio_raw libarc4 at24 snd_seq thinkpad_acpi snd_seq_device nvram snd_timer iwlwifi ledtrig_audio platform_profile snd mei_me cfg80211 soundcore mei mac_hid pkcs8_key_parser msr parport_pc ppdev lp parport ramoops reed_solomon pstore_blk pstore_zone efi_pstore ip_tables x_tables autofs4 btrfs blake2b_generic raid10 raid456 async_raid6_recov async_memcpy async_pq async_xor async_tx xor raid6_pq libcrc32c raid1 raid0 multipath linear i915 mxm_wmi drm_buddy drm_ttm_helper i2c_algo_bit ttm drm_display_helper cec rc_core drm_kms_helper syscopyarea sysfillrect sysimgblt crct10dif_pclmul crc32_pclmul ghash_clmulni_intel aesni_intel crypto_simd cryptd fb_sys_fops sdhci_pci cqhci i2c_i801 ahci psmouse sdhci i2c_smbus drm libahci e1000e xhci_pci lpc_ich xhci_pci_renesas wmi video [last unloaded: nouveau]
[za apr  8 19:40:38 2023] CR2: 0000000000000000
[za apr  8 19:40:38 2023] ---[ end trace 0000000000000000 ]---
[za apr  8 19:40:38 2023] RIP: 0010:memcmp+0x2e/0x60
[za apr  8 19:40:38 2023] Code: 06 48 39 07 75 17 48 83 c7 08 48 83 c6 08 48 83 ea 08 48 83 fa 07 77 e6 48 85 d2 74 2b 31 c9 eb 09 48 83 c1 01 48 39 ca 74 0e <0f> b6 04 0f 44 0f b6 04 0e 44 29 c0 74 e9 31 d2 31 c9 31 f6 31 ff
[za apr  8 19:40:38 2023] RSP: 0018:ffffc151025b3678 EFLAGS: 00010246
[za apr  8 19:40:38 2023] RAX: 0000000000000001 RBX: ffff9c8e9e3d2400 RCX: 0000000000000000
[za apr  8 19:40:38 2023] RDX: 0000000000000007 RSI: ffffffffc1853e97 RDI: 0000000000000000
[za apr  8 19:40:38 2023] RBP: ffffc151025b39e0 R08: 0000000000000000 R09: 0000000000000000
[za apr  8 19:40:38 2023] R10: 0000000000000000 R11: 0000000000000000 R12: ffffc1510008b000
[za apr  8 19:40:38 2023] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000005
[za apr  8 19:40:38 2023] FS:  00007f9fbffa9740(0000) GS:ffff9c91ae680000(0000) knlGS:0000000000000000
[za apr  8 19:40:38 2023] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[za apr  8 19:40:38 2023] CR2: 0000000000000000 CR3: 0000000152730006 CR4: 00000000001706e0

Check which module was loaded:

user@host:~/git/rtl8188eu$ lsmod|grep 8188
8188eu               1748992  0
cfg80211             1040384  4 iwlmvm,8188eu,iwlwifi,mac80211

iwctl does not longer see/work with iwd after crash

$ sudo iwctl 
Terminate
Waiting for IWD to start...
<nothing>

I had the system to reboot always after, either due to console/screen frozen, or no longer reachable though ssh.

The issue is reproducible for 100% for me.

Could you have a look please?

Regards,
@lwfinger
Copy link
Owner

lwfinger commented Apr 9, 2023

This kind of error usualy kills the system:

[za apr 8 19:40:38 2023] BUG: kernel NULL pointer dereference, address: 0000000000000000
[za apr 8 19:40:38 2023] #PF: supervisor read access in kernel mode
[za apr 8 19:40:38 2023] #PF: error_code(0x0000) - not-present page

I added a statement that should prevent this, but I have no idea if it will work.

@iafilius
Copy link
Author

iafilius commented Apr 10, 2023
edited
Loading

Hello Larry thanks for quick response.

just tried it with the update, but same seems to happen while inserting.

cmd summary

git pull
make clean
make all
sudo make install

dmesg -TW

[ma apr 10 08:11:32 2023] usb 1-1.2: new high-speed USB device number 6 using ehci-pci
[ma apr 10 08:11:32 2023] usb 1-1.2: New USB device found, idVendor=0bda, idProduct=0179, bcdDevice= 0.00
[ma apr 10 08:11:32 2023] usb 1-1.2: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ma apr 10 08:11:32 2023] usb 1-1.2: Product: 802.11n NIC
[ma apr 10 08:11:32 2023] usb 1-1.2: Manufacturer: Realtek
[ma apr 10 08:11:32 2023] usb 1-1.2: SerialNumber: 00E02D0B3D19
[ma apr 10 08:11:32 2023] RTW: hal_com_config_channel_plan chplan:0x20
[ma apr 10 08:11:32 2023] RTW: rtw_regsty_chk_target_tx_power_valid return false for band:0, path:0, rs:0, t:-1
[ma apr 10 08:11:33 2023] BUG: kernel NULL pointer dereference, address: 0000000000000000
[ma apr 10 08:11:33 2023] #PF: supervisor read access in kernel mode
[ma apr 10 08:11:33 2023] #PF: error_code(0x0000) - not-present page
[ma apr 10 08:11:33 2023] PGD 0 P4D 0 
[ma apr 10 08:11:33 2023] Oops: 0000 [#1] PREEMPT SMP PTI
[ma apr 10 08:11:33 2023] CPU: 3 PID: 1922 Comm: iwd Tainted: G           OE     5.19.0-38-generic #39-Ubuntu
[ma apr 10 08:11:33 2023] Hardware name: LENOVO 2349G7G/2349G7G, BIOS G1ETC2WW (2.82 ) 08/07/2019
[ma apr 10 08:11:33 2023] RIP: 0010:memcmp+0x2e/0x60
[ma apr 10 08:11:33 2023] Code: 06 48 39 07 75 17 48 83 c7 08 48 83 c6 08 48 83 ea 08 48 83 fa 07 77 e6 48 85 d2 74 2b 31 c9 eb 09 48 83 c1 01 48 39 ca 74 0e <0f> b6 04 0f 44 0f b6 04 0e 44 29 c0 74 e9 31 d2 31 c9 31 f6 31 ff
[ma apr 10 08:11:33 2023] RSP: 0018:ffffc06080f676c0 EFLAGS: 00010246
[ma apr 10 08:11:33 2023] RAX: 0000000000000001 RBX: ffff9e6a3accb600 RCX: 0000000000000000
[ma apr 10 08:11:33 2023] RDX: 0000000000000007 RSI: ffffffffc16c5e97 RDI: 0000000000000000
[ma apr 10 08:11:33 2023] RBP: ffffc06080f67a28 R08: 0000000000000000 R09: 0000000000000000
[ma apr 10 08:11:33 2023] R10: 0000000000000000 R11: 0000000000000000 R12: ffffc0608246f000
[ma apr 10 08:11:33 2023] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000005
[ma apr 10 08:11:33 2023] FS:  00007feb7b348740(0000) GS:ffff9e6c2e6c0000(0000) knlGS:0000000000000000
[ma apr 10 08:11:33 2023] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ma apr 10 08:11:33 2023] CR2: 0000000000000000 CR3: 000000011f30c001 CR4: 00000000001706e0
[ma apr 10 08:11:33 2023] Call Trace:
[ma apr 10 08:11:33 2023]  <TASK>
[ma apr 10 08:11:33 2023]  ? cfg80211_rtw_scan+0x311/0xc76 [8188eu]
[ma apr 10 08:11:33 2023]  rdev_scan+0x2d/0xe0 [cfg80211]
[ma apr 10 08:11:33 2023]  cfg80211_scan+0xf6/0x140 [cfg80211]
[ma apr 10 08:11:33 2023]  nl80211_trigger_scan+0x412/0x8d0 [cfg80211]
[ma apr 10 08:11:33 2023]  genl_family_rcv_msg_doit+0x108/0x180
[ma apr 10 08:11:33 2023]  genl_rcv_msg+0xf0/0x200
[ma apr 10 08:11:33 2023]  ? nl80211_send_scan_start+0xc0/0xc0 [cfg80211]
[ma apr 10 08:11:33 2023]  ? genl_get_cmd+0x120/0x120
[ma apr 10 08:11:33 2023]  netlink_rcv_skb+0x57/0x110
[ma apr 10 08:11:33 2023]  genl_rcv+0x28/0x50
[ma apr 10 08:11:33 2023]  netlink_unicast+0x247/0x390
[ma apr 10 08:11:33 2023]  netlink_sendmsg+0x25e/0x4e0
[ma apr 10 08:11:33 2023]  sock_sendmsg+0x6d/0x70
[ma apr 10 08:11:33 2023]  __sys_sendto+0x142/0x1a0
[ma apr 10 08:11:33 2023]  __x64_sys_sendto+0x24/0x40
[ma apr 10 08:11:33 2023]  do_syscall_64+0x5b/0x90
[ma apr 10 08:11:33 2023]  ? do_syscall_64+0x67/0x90
[ma apr 10 08:11:33 2023]  ? syscall_exit_to_user_mode+0x29/0x50
[ma apr 10 08:11:33 2023]  ? do_syscall_64+0x67/0x90
[ma apr 10 08:11:33 2023]  ? do_syscall_64+0x67/0x90
[ma apr 10 08:11:33 2023]  ? sysvec_apic_timer_interrupt+0x4b/0xd0
[ma apr 10 08:11:33 2023]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ma apr 10 08:11:33 2023] RIP: 0033:0x7feb7b12081d
[ma apr 10 08:11:33 2023] Code: eb bd 66 2e 0f 1f 84 00 00 00 00 00 90 f3 0f 1e fa 80 3d cd dd 0d 00 00 41 89 ca 74 20 45 31 c9 45 31 c0 b8 2c 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 6b c3 66 2e 0f 1f 84 00 00 00 00 00 55 48 83
[ma apr 10 08:11:33 2023] RSP: 002b:00007ffd1726f958 EFLAGS: 00000246 ORIG_RAX: 000000000000002c
[ma apr 10 08:11:33 2023] RAX: ffffffffffffffda RBX: 000055e6e452aa20 RCX: 00007feb7b12081d
[ma apr 10 08:11:33 2023] RDX: 0000000000000038 RSI: 000055e6e4545d80 RDI: 0000000000000004
[ma apr 10 08:11:33 2023] RBP: 000055e6e4542f60 R08: 0000000000000000 R09: 0000000000000000
[ma apr 10 08:11:33 2023] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffd1726f9bc
[ma apr 10 08:11:33 2023] R13: 000055e6e4534600 R14: 000055e6e452a7a0 R15: 000055e6e2e6f3d6
[ma apr 10 08:11:33 2023]  </TASK>
[ma apr 10 08:11:33 2023] Modules linked in: tls 8188eu(OE) snd_seq_dummy snd_hrtimer xt_CHECKSUM rfcomm bnep bridge stp llc btusb btrtl btbcm btintel btmtk ccm algif_aead des_generic libdes algif_skcipher bluetooth cmac ecdh_generic ecc lz4 lz4_compress md4 zram algif_hash af_alg bbswitch(OE) ip6t_REJECT nf_reject_ipv6 xt_hl ip6_tables ip6t_rt ipt_REJECT nf_reject_ipv4 xt_LOG nf_log_syslog xt_multiport nft_limit xt_limit xt_addrtype xt_tcpudp nft_chain_nat xt_MASQUERADE nf_nat xt_comment xt_conntrack nf_conntrack nf_defrag_ipv6 nf_defrag_ipv4 sunrpc nft_compat nf_tables binfmt_misc nfnetlink intel_rapl_msr intel_rapl_common x86_pkg_temp_thermal intel_powerclamp coretemp mei_pxp mei_hdcp iwlmvm kvm_intel mac80211 kvm libarc4 rapl iwlwifi snd_ctl_led intel_cstate snd_hda_codec_realtek snd_hda_codec_generic snd_hda_codec_hdmi input_leds joydev cfg80211 serio_raw think_lmi snd_hda_intel firmware_attributes_class snd_intel_dspcfg snd_intel_sdw_acpi at24 wmi_bmof snd_seq_midi snd_hda_codec
[ma apr 10 08:11:33 2023]  snd_seq_midi_event snd_rawmidi snd_hda_core snd_hwdep snd_seq snd_pcm snd_seq_device thinkpad_acpi nvram snd_timer ledtrig_audio platform_profile snd mei_me mac_hid soundcore mei pkcs8_key_parser msr parport_pc ppdev lp parport ramoops reed_solomon pstore_blk pstore_zone efi_pstore ip_tables x_tables autofs4 btrfs blake2b_generic raid10 raid456 async_raid6_recov async_memcpy async_pq async_xor async_tx xor raid6_pq libcrc32c raid1 raid0 multipath linear i915 mxm_wmi drm_buddy i2c_algo_bit drm_ttm_helper ttm drm_display_helper crct10dif_pclmul cec crc32_pclmul ghash_clmulni_intel rc_core aesni_intel drm_kms_helper crypto_simd cryptd syscopyarea sysfillrect psmouse ahci sysimgblt sdhci_pci fb_sys_fops cqhci i2c_i801 xhci_pci sdhci libahci i2c_smbus drm lpc_ich e1000e xhci_pci_renesas wmi video [last unloaded: nouveau]
[ma apr 10 08:11:33 2023] CR2: 0000000000000000
[ma apr 10 08:11:33 2023] ---[ end trace 0000000000000000 ]---
[ma apr 10 08:11:33 2023] RIP: 0010:memcmp+0x2e/0x60
[ma apr 10 08:11:33 2023] Code: 06 48 39 07 75 17 48 83 c7 08 48 83 c6 08 48 83 ea 08 48 83 fa 07 77 e6 48 85 d2 74 2b 31 c9 eb 09 48 83 c1 01 48 39 ca 74 0e <0f> b6 04 0f 44 0f b6 04 0e 44 29 c0 74 e9 31 d2 31 c9 31 f6 31 ff
[ma apr 10 08:11:33 2023] RSP: 0018:ffffc06080f676c0 EFLAGS: 00010246
[ma apr 10 08:11:33 2023] RAX: 0000000000000001 RBX: ffff9e6a3accb600 RCX: 0000000000000000
[ma apr 10 08:11:33 2023] RDX: 0000000000000007 RSI: ffffffffc16c5e97 RDI: 0000000000000000
[ma apr 10 08:11:33 2023] RBP: ffffc06080f67a28 R08: 0000000000000000 R09: 0000000000000000
[ma apr 10 08:11:33 2023] R10: 0000000000000000 R11: 0000000000000000 R12: ffffc0608246f000
[ma apr 10 08:11:33 2023] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000005
[ma apr 10 08:11:33 2023] FS:  00007feb7b348740(0000) GS:ffff9e6c2e6c0000(0000) knlGS:0000000000000000
[ma apr 10 08:11:33 2023] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ma apr 10 08:11:33 2023] CR2: 0000000000000000 CR3: 000000011f30c001 CR4: 00000000001706e0

Trying to get source of crash, performed:

objdump -dSlr 8188eu.ko > 8188eu.ko.disasm

Finding location of cfg80211_rtw_scan and adding offset from kernel crash

00000000000833f9=location of cfg80211_rtw_scan
printf "0x%X\n" $((0x00000000000833f9 + 0x311))
0x8370A

relevant code snippet from disassembled code

/home/arfi/git/rtl8188eu/ioctl_cfg80211.c:2370
        if (!rtw_p2p_chk_state(pwdinfo, P2P_STATE_NONE) && !rtw_p2p_chk_state(pwdinfo, P2P_STATE_IDLE)) {
   83695:       83 f8 01                cmp    $0x1,%eax
   83698:       0f 87 d2 04 00 00       ja     83b70 <cfg80211_rtw_scan+0x777>
/home/arfi/git/rtl8188eu/ioctl_cfg80211.c:2382
        memset(ssid, 0, sizeof(NDIS_802_11_SSID) * RTW_SSID_SCAN_AMOUNT);
   8369e:       48 c7 85 ec fc ff ff    movq   $0x0,-0x314(%rbp)
   836a5:       00 00 00 00 
   836a9:       48 c7 85 28 fe ff ff    movq   $0x0,-0x1d8(%rbp)
   836b0:       00 00 00 00 
   836b4:       48 8d bd f0 fc ff ff    lea    -0x310(%rbp),%rdi
   836bb:       b9 28 00 00 00          mov    $0x28,%ecx
   836c0:       b8 00 00 00 00          mov    $0x0,%eax
   836c5:       f3 48 ab                rep stos %rax,%es:(%rdi)
/home/arfi/git/rtl8188eu/ioctl_cfg80211.c:2384
        for (i = 0; i < request->n_ssids && i < RTW_SSID_SCAN_AMOUNT; i++) {
   836c8:       8b 43 08                mov    0x8(%rbx),%eax
   836cb:       89 85 a0 fc ff ff       mov    %eax,-0x360(%rbp)
   836d1:       85 c0                   test   %eax,%eax
   836d3:       0f 8e 4b 06 00 00       jle    83d24 <cfg80211_rtw_scan+0x92b>
   836d9:       4c 89 ad b0 fc ff ff    mov    %r13,-0x350(%rbp)
   836e0:       48 8d 85 f0 fc ff ff    lea    -0x310(%rbp),%rax
   836e7:       48 89 85 a8 fc ff ff    mov    %rax,-0x358(%rbp)
   836ee:       44 8b b5 c4 fc ff ff    mov    -0x33c(%rbp),%r14d
   836f5:       e9 86 05 00 00          jmp    83c80 <cfg80211_rtw_scan+0x887>
memcmp():
/usr/src/linux-headers-5.19.0-38-generic/./include/linux/fortify-string.h:421
   836fa:       ba 07 00 00 00          mov    $0x7,%edx
   836ff:       48 c7 c6 00 00 00 00    mov    $0x0,%rsi
                        83702: R_X86_64_32S     .rodata.str1.1+0x57df
   83706:       4c 89 ef                mov    %r13,%rdi
   83709:       e8 00 00 00 00          call   8370e <cfg80211_rtw_scan+0x315>
                        8370a: R_X86_64_PLT32   memcmp-0x4
   8370e:       89 85 b8 fc ff ff       mov    %eax,-0x348(%rbp)

points to ioctl_cfg80211.c:2384

	/* parsing request ssids, n_ssids */
	for (i = 0; i < request->n_ssids && i < RTW_SSID_SCAN_AMOUNT; i++) {
		#ifdef CONFIG_DEBUG_CFG80211
		RTW_INFO("ssid=%s, len=%d\n", ssids[i].ssid, ssids[i].ssid_len);
		#endif
		memcpy(ssid[i].Ssid, ssids[i].ssid, ssids[i].ssid_len);
		ssid[i].SsidLength = ssids[i].ssid_len;
	}

But don't see a memcmp in there. Looks like i lost track to find the crash location.

@iafilius
Copy link
Author

iafilius commented Apr 10, 2023
edited
Loading

Small update with my latest findings:

Added a check if address where *ssids point is is nonzero.
And this prevents the hard crashing.

ioctl_cfg80211.c in section starting at line 2289

			if(&*ssids != NULL) {
				if (!memcmp(ssids->ssid, "DIRECT-", 7) &&
...

when adding a printk for ssid like:

printk(KERN_INFO "ssids  %p\n",ssids );

it sprints

ssids  0000000000000000

in slow pace, but "never" something else.
Update: after a while i see the ssids debug printing something else then just zero's, looks just started when I actually activating and testing the interface

@lwfinger
Copy link
Owner

Yes, the code was reaching this point before it was fully up. I used a different test than yours, but it should do the same thing.

@iafilius
Copy link
Author

tested your latest commit from few hours back (b5d6467), and I can confirm working with that/no kernel panics.
If you want to have double checked if your previous patch should cover it or not, i can re-check it. After many tests/filesystem recoveries etc, i'm no longer that sure anymore.

While i briefly tested as client and hotspot and all looks working as before trying iwd, i noticed another alert in the dmesg output. (after fresh reload kernel/fresh compiled driver)

dmesg during boot (wlan1 is rtl8188):

ma apr 10 21:51:27 2023] RTW: rtw_set_802_11_connect(wlan1)  fw_state=0x00000008
[ma apr 10 21:51:27 2023] ------------[ cut here ]------------
[ma apr 10 21:51:27 2023] WARNING: CPU: 5 PID: 2019 at /home/arfi/git/rtl8188eu/rtw_mlme.c:2345 rtw_sta_mstatus_report+0x72/0xc5 [8188eu]
[ma apr 10 21:51:27 2023]  snd_seq_device firmware_attributes_class wmi_bmof iwlwifi at24 snd_timer serio_raw platform_profile snd cfg80211 mei_me soundcore mac_hid mei pkcs8_key_parser msr parport_pc ppdev lp parport ramoops reed_solomon pstore_blk pstore_zone efi_pstore ip_tables x_tables autofs4 btrfs blake2b_generic raid10 raid456 async_raid6_recov async_memcpy async_pq async_xor async_tx xor raid6_pq libcrc32c raid1 raid0 multipath linear i915 mxm_wmi drm_buddy drm_ttm_helper i2c_algo_bit ttm drm_display_helper cec rc_core crct10dif_pclmul drm_kms_helper crc32_pclmul ghash_clmulni_intel aesni_intel crypto_simd syscopyarea sysfillrect cryptd sysimgblt sdhci_pci fb_sys_fops ahci xhci_pci cqhci i2c_i801 psmouse i2c_smbus sdhci libahci e1000e drm lpc_ich xhci_pci_renesas wmi video [last unloaded: nouveau]
[ma apr 10 21:51:27 2023] CPU: 5 PID: 2019 Comm: iwd Kdump: loaded Tainted: G           OE     5.19.0-38-generic #39-Ubuntu
[ma apr 10 21:51:27 2023] Hardware name: LENOVO 2349G7G/2349G7G, BIOS G1ETC2WW (2.82 ) 08/07/2019
[ma apr 10 21:51:27 2023] RIP: 0010:rtw_sta_mstatus_report+0x72/0xc5 [8188eu]
[ma apr 10 21:51:27 2023] Code: 89 df e8 ba e2 ff ff 48 8b 5d f8 c9 31 c0 31 d2 31 c9 31 f6 31 ff 45 31 c0 45 31 c9 c3 cc cc cc cc 83 3d a1 d1 12 00 03 77 04 <0f> 0b eb d9 0f b6 8b 04 01 00 00 48 8b 93 40 47 00 00 0f b6 83 09
[ma apr 10 21:51:27 2023] RSP: 0018:ffffb31140ab7ab0 EFLAGS: 00010297
[ma apr 10 21:51:27 2023] RAX: 0000000000000000 RBX: ffffb3114901d000 RCX: 0000000000000000
[ma apr 10 21:51:27 2023] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[ma apr 10 21:51:27 2023] RBP: ffffb31140ab7ab8 R08: 0000000000000000 R09: 0000000000000000
[ma apr 10 21:51:27 2023] R10: 0000000000000000 R11: 0000000000000000 R12: ffff89245ebff000
[ma apr 10 21:51:27 2023] R13: 0000000000000003 R14: ffff892456efe3a0 R15: ffff892456efe000
[ma apr 10 21:51:27 2023] FS:  00007f8483ee8740(0000) GS:ffff89276e740000(0000) knlGS:0000000000000000
[ma apr 10 21:51:27 2023] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ma apr 10 21:51:27 2023] CR2: 00005604532c6098 CR3: 000000011d99a006 CR4: 00000000001706e0
[ma apr 10 21:51:27 2023] Call Trace:
[ma apr 10 21:51:27 2023]  <TASK>
[ma apr 10 21:51:27 2023]  cfg80211_rtw_disconnect+0x5a/0xfb [8188eu]
[ma apr 10 21:51:27 2023]  cfg80211_disconnect+0x136/0x200 [cfg80211]
[ma apr 10 21:51:27 2023]  nl80211_disconnect+0x71/0xc0 [cfg80211]
[ma apr 10 21:51:27 2023]  genl_family_rcv_msg_doit+0x108/0x180
[ma apr 10 21:51:27 2023]  genl_rcv_msg+0xf0/0x200
[ma apr 10 21:51:27 2023]  ? nl80211_register_mgmt+0x110/0x110 [cfg80211]
[ma apr 10 21:51:27 2023]  ? genl_get_cmd+0x120/0x120
[ma apr 10 21:51:27 2023]  netlink_rcv_skb+0x57/0x110
[ma apr 10 21:51:27 2023]  genl_rcv+0x28/0x50
[ma apr 10 21:51:27 2023]  netlink_unicast+0x247/0x390
[ma apr 10 21:51:27 2023]  netlink_sendmsg+0x25e/0x4e0
[ma apr 10 21:51:27 2023]  sock_sendmsg+0x6d/0x70
[ma apr 10 21:51:27 2023]  __sys_sendto+0x142/0x1a0
[ma apr 10 21:51:27 2023]  __x64_sys_sendto+0x24/0x40
[ma apr 10 21:51:27 2023]  do_syscall_64+0x5b/0x90
[ma apr 10 21:51:27 2023]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ma apr 10 21:51:27 2023] RIP: 0033:0x7f8483d2081d
[ma apr 10 21:51:27 2023] Code: eb bd 66 2e 0f 1f 84 00 00 00 00 00 90 f3 0f 1e fa 80 3d cd dd 0d 00 00 41 89 ca 74 20 45 31 c9 45 31 c0 b8 2c 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 6b c3 66 2e 0f 1f 84 00 00 00 00 00 55 48 83
[ma apr 10 21:51:27 2023] RSP: 002b:00007ffe9557fe88 EFLAGS: 00000246 ORIG_RAX: 000000000000002c
[ma apr 10 21:51:27 2023] RAX: ffffffffffffffda RBX: 0000560a5926ea20 RCX: 00007f8483d2081d
[ma apr 10 21:51:27 2023] RDX: 0000000000000024 RSI: 0000560a5928ce50 RDI: 0000000000000004
[ma apr 10 21:51:27 2023] RBP: 0000560a59294a70 R08: 0000000000000000 R09: 0000000000000000
[ma apr 10 21:51:27 2023] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffe9557fef8
[ma apr 10 21:51:27 2023] R13: 0000560a59278600 R14: 0000560a5926e7a0 R15: 0000560a5848a3d6
[ma apr 10 21:51:27 2023]  </TASK>
[ma apr 10 21:51:27 2023] ---[ end trace 0000000000000000 ]---


git/rtl8188eu$ gdb -q 8188eu.ko
Reading symbols from 8188eu.ko...
(gdb) list *(rtw_sta_mstatus_report+0x72)
0x1c869 is in rtw_sta_mstatus_report (/home/arfi/git/rtl8188eu/rtw_mlme.c:2345).
2340			psta = rtw_get_stainfo(&adapter->stapriv, tgt_network->network.MacAddress);
2341			if (psta)
2342				rtw_sta_mstatus_disc_rpt(adapter, psta->mac_id);
2343			else {
2344				RTW_INFO("%s "ADPT_FMT" - mac_addr: "MAC_FMT" psta == NULL\n", __func__, ADPT_ARG(adapter), MAC_ARG(tgt_network->network.MacAddress));
2345				rtw_warn_on(1);
2346			}
2347		}
2348	}
2349

As far i can see this wasn't triggered when system was using wpasupplicant.
Perhaps open a new issue for it ? as original topic is fully solved.

@lwfinger
Copy link
Owner

No, a new issue is not needed. I think this is likely a case where the driver tried to get the station status report before the station was fully available. Frankly, I see no need for the warning, and I will remove it.

I will now close this issue.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@lwfinger @iafilius