Bug 86211 - Boot failure: Bad RIP value for rtl8192ce
Summary: Boot failure: Bad RIP value for rtl8192ce
Status: RESOLVED CODE_FIX
Alias: None
Product: Networking
Classification: Unclassified
Component: Wireless (show other bugs)
Hardware: All Linux
: P1 normal
Assignee: networking_wireless@kernel-bugs.osdl.org
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2014-10-13 23:36 UTC by S. Gilles
Modified: 2015-02-04 16:03 UTC (History)
2 users (show)

See Also:
Kernel Version: 3.17
Tree: Mainline
Regression: No


Attachments
Kernel config (85.00 KB, text/plain)
2014-10-13 23:36 UTC, S. Gilles
Details
Output of lspci -vvv (25.12 KB, text/plain)
2014-10-13 23:37 UTC, S. Gilles
Details
Output of cat /proc/iomem (2.29 KB, text/plain)
2014-10-13 23:37 UTC, S. Gilles
Details
Output of cat /proc/ioports (1.21 KB, text/plain)
2014-10-13 23:37 UTC, S. Gilles
Details

Description S. Gilles 2014-10-13 23:36:45 UTC
Created attachment 153621 [details]
Kernel config

[1.] When booting, I get a trace in rtl ending with a bad RIP value.

[2.] I have a boot failure (consistent) since about 3.17-rc7, which I have
bisected to

38506ecefab911785d5e1aa5889f6eeb462e0954 is the first bad commit
commit 38506ecefab911785d5e1aa5889f6eeb462e0954
Author: Larry Finger <Larry.Finger@lwfinger.net>
Date:   Mon Sep 22 09:39:19 2014 -0500

    rtlwifi: rtl_pci: Start modification for new drivers
    
    Future patches will move the drivers for RTL8192EE and RTL8821AE
    from staging to the regular wireless tree. Here, the necessary features
    are added to the PCI driver. Other files are touched due to changes
    in the various data structs.
    
    Signed-off-by: Larry Finger <Larry.Finger@lwfinger.net>
    Signed-off-by: John W. Linville <linville@tuxdriver.com>

The trace (hand-retyped, so there may be errors that escaped me):

R10: ffffffff825f2d80 R11: 0000000000000000 R12: ffff8800b4f107c0
R13: ffff8800b4f124b8 R14: 0000000000001000 R15: ffff8800b4c7a000
FS:  000007fc66c938700(0000) GS:ffff88013e200000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000000000000000 CR3: 00000000b5438000 CR4: 00000000000407f0
Stack:
 ffffffffa01e20d6 ffff8800b4f12420 ffff8800b4f107c0 ffff880137d7fcd0
 ffffffffa01c97b5 ffff8800b4f107c0 ffff8800b4c7a8d0 0000000000000000
 ffff880137d7fd30 ffffffff81577304 0000000000000000 ffff8800b4c7a8c0
Call Trace:
 [<ffffffffa01e20d6>] ? rtl_pci_start+0x2b/0x15f [rtl_pci]
 [<ffffffffa01c97b5>] rtl_op_start+0x45/0x64 [rtlwifi]
 [<ffffffff81577304>] ieee80211_do_open+0x152/0xb4b
 [<ffffffff815b52bc>] ? mutex_unlock+0x9/0xb
 [<ffffffff81577d4a>] ieee80211_open+0x4d/0x57
 [<ffffffff8147df7f>] __dev_open+0x8b/0xcb
 [<ffffffff8147e1e1>] __dev_change_flags+0xa4/0x13a
 [<ffffffff8147e297>] dev_change_flags+0x20/0x53
 [<ffffffff814d0204>] devinet_ioctl+0x269/0x568
 [<ffffffff814d19b4>] inet_ioctl+0x81/0x9e
 [<ffffffff814654e6>] sock_do_ioctl+0x20/0x3d
 [<ffffffff81465a56>] sock_ioctl+0x20e/0x21a
 [<ffffffff81136242>] do_vfs_ioctl+0x39e/0x467
 [<ffffffff815b7277>] ? sysret_check+0x1b/0x56
 [<ffffffff810965fe>] ? trace_hardirqs_on_caller+0x16e/0x18a
 [<ffffffff81136343>] SyS_ioctl+0x38/0x5f
 [<ffffffff815b7252>] system_call_fastpath+0x16/0x1b
Code:  Bad RIP value.
RIP  [<          (null)>]           (null)
 RSP <ffff880137d7fc90>
CR2: 0000000000000000
---[ end trace 7307d2524c1e640b ]---

This is extremely easy to test (boot) and seems 100% reproducible.

[3.] rtlwifi, rtl8192ce, rtl8188ce, v3.17

[4.]

[4.1.] This started happening near the end of 3.17's rcs.  A bisect
shows 38506ecefab911785d5e1aa5889f6eeb462e0954 as the first bad
commit.

[4.2] See attached for .config

[5.] I am currently running v3.17-rc6 without this issue.

[6.] N/A (I think)

[7.] N/A, though I can reproduce the issue by booting.

[8]

[8.1.]
$ scripts/ver_linux
If some fields are empty or look unusual you may have an old version.
Compare to the current minimal requirements in Documentation/Changes.
 
Linux number16 3.17.0-rc6+ #88 SMP Mon Oct 13 15:13:06 EDT 2014 x86_64 Intel(R) Core(TM) i5-2520M CPU @ 2.50GHz GenuineIntel GNU/Linux
 
Gnu C                  4.8.3
Gnu make               4.1
binutils               2.24
util-linux             scripts/ver_linux: line 23: fdformat: command not found
mount                  debug
module-init-tools      found
Linux C Library        2.19
Dynamic linker (ldd)   2.19
Procps                 3.3.10
Net-tools              1.60_p20130513023548
Kbd                    2.0.2
Sh-utils               8.23
Modules Loaded         x86_pkg_temp_thermal aesni_intel rtl8192ce lrw gf128mul rtl_pci rtlwifi glue_helper rtl8192c_common ablk_helper snd_hda_codec_hdmi snd_hda_codec_conexant snd_hda_codec_generic sdhci_pci sdhci cryptd mmc_core ehci_pci snd_hda_intel snd_hda_controller snd_hda_codec kvm_intel ehci_hcd snd_pcm snd_timer

[8.2.]
$ cat /proc/cpuinfo
processor       : 0
vendor_id       : GenuineIntel
cpu family      : 6
model           : 42
model name      : Intel(R) Core(TM) i5-2520M CPU @ 2.50GHz
stepping        : 7
microcode       : 0x15
cpu MHz         : 2501.000
cache size      : 3072 KB
physical id     : 0
siblings        : 4
core id         : 0
cpu cores       : 2
apicid          : 0
initial apicid  : 0
fpu             : yes
fpu_exception   : yes
cpuid level     : 13
wp              : yes
flags           : fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat pse36 clflush dts acpi mmx fxsr sse sse2 ss ht tm pbe syscall nx rdtscp lm constant_tsc arch_perfmon pebs bts nopl xtopology nonstop_tsc aperfmperf eagerfpu pni pclmulqdq dtes64 monitor ds_cpl vmx smx est tm2 ssse3 cx16 xtpr pdcm pcid sse4_1 sse4_2 x2apic popcnt tsc_deadline_timer aes xsave avx lahf_lm ida arat epb pln pts dtherm tpr_shadow vnmi flexpriority ept vpid xsaveopt
bugs            :
bogomips        : 4985.46
clflush size    : 64
cache_alignment : 64
address sizes   : 36 bits physical, 48 bits virtual
power management:

[... up to processor : 3 of this]

[8.3.]
$ cat /proc/modules # while running 3.17-rc6
nls_iso8859_1 4537 0 - Live 0xffffffffa0367000
nls_cp437 6239 0 - Live 0xffffffffa0362000
joydev 9000 0 - Live 0xffffffffa035b000
usbhid 23018 0 - Live 0xffffffffa032f000
usb_storage 50113 0 - Live 0xffffffffa0318000
snd_hda_codec_hdmi 33680 1 - Live 0xffffffffa0309000
snd_hda_codec_realtek 54803 1 - Live 0xffffffffa02f4000
snd_hda_codec_generic 43655 1 snd_hda_codec_realtek, Live 0xffffffffa02e2000
snd_hda_intel 16263 4 - Live 0xffffffffa02ce000
snd_hda_controller 20293 1 snd_hda_intel, Live 0xffffffffa02ba000
snd_hda_codec 95158 5 snd_hda_codec_hdmi,snd_hda_codec_realtek,snd_hda_codec_generic,snd_hda_intel,snd_hda_controller, Live 0xffffffffa026c000
x86_pkg_temp_thermal 6119 0 - Live 0xffffffffa0254000
snd_hwdep 6099 1 snd_hda_codec, Live 0xffffffffa0248000
aesni_intel 158751 0 - Live 0xffffffffa018c000
lrw 3702 1 aesni_intel, Live 0xffffffffa017c000
gf128mul 7255 1 lrw, Live 0xffffffffa0168000
glue_helper 5000 1 aesni_intel, Live 0xffffffffa0154000
ablk_helper 2605 1 aesni_intel, Live 0xffffffffa0144000
cryptd 8876 2 aesni_intel,ablk_helper, Live 0xffffffffa0128000
snd_pcm 83773 5 snd_hda_codec_hdmi,snd_hda_intel,snd_hda_controller,snd_hda_codec, Live 0xffffffffa00e8000
kvm_intel 128126 0 - Live 0xffffffffa0048000
snd_timer 18869 2 snd_pcm, Live 0xffffffffa0034000
snd 64492 13 snd_hda_codec_hdmi,snd_hda_codec_generic,snd_hda_intel,snd_hda_codec,snd_hwdep,snd_pcm,snd_timer, Live 0xffffffffa0000000

[8.4.]
See attachments for /proc/ioports and /proc/iomem 

[8.5.]
See attachments for lspci -vvv

[8.6.]
N/A - I don't have /proc/scsi/scsi

[8.7.]
I have no suggestions.
Comment 1 S. Gilles 2014-10-13 23:37:13 UTC
Created attachment 153631 [details]
Output of lspci -vvv
Comment 2 S. Gilles 2014-10-13 23:37:33 UTC
Created attachment 153641 [details]
Output of cat /proc/iomem
Comment 3 S. Gilles 2014-10-13 23:37:52 UTC
Created attachment 153651 [details]
Output of cat /proc/ioports
Comment 4 S. Gilles 2015-02-04 16:03:08 UTC
Appears fixed as of 3.19.0-rc7, probably earlier.

Note You need to log in before you can comment on or make changes to this bug.