Bug 123730

Summary: oops in prism54 driver
Product: [Fedora] Fedora Reporter: Laurent GUERBY <laurent>
Component: kernelAssignee: Dave Jones <davej>
Status: CLOSED NEXTRELEASE QA Contact: Brian Brock <bbrock>
Severity: medium Docs Contact:
Priority: medium    
Version: 2CC: bostjan, laurent, pfrields
Target Milestone: ---   
Target Release: ---   
Hardware: i386   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2005-04-16 04:52:49 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Laurent GUERBY 2004-05-20 11:59:52 UTC 
I plug my WG511 card into my ACER Aspire 1353LM laptop
then I issue iwconfig, here are the results with the
standard FC2 kernel and the latest from Arjan.

The machine does not freeze, but sometimes stopped when I tried
to reboot it later (bad state?). 

I once managed to get this working in FC1 or FC2t1 I don't
remenber the details unfortunately.

Let me know if I should try and/or report more things.

Laurent

uname -a
Linux localhost.localdomain 2.6.5-1.358 #1 Sat May 8 09:04:50 EDT 2004
i686 athlon i386 GNU/Linux

May 20 13:17:04 localhost kernel: kernel BUG at
drivers/net/wireless/prism54/oid_mgt.c:333!
May 20 13:17:04 localhost kernel: invalid operand: 0000 [#1]
May 20 13:17:04 localhost kernel: CPU:    0
May 20 13:17:04 localhost kernel: EIP:    0060:[<1e9c8d1c>]    Not tainted
May 20 13:17:04 localhost kernel: EFLAGS: 00010206   (2.6.5-1.358)
May 20 13:17:04 localhost kernel: EIP is at mgt_get_request+0x49/0x233
[prism54]
May 20 13:17:04 localhost kernel: eax: 00000003   ebx: 00000014   ecx:
00000014   edx: 00000120
May 20 13:17:04 localhost kernel: esi: 00000014   edi: 0d4737fc   ebp:
00000000   esp: 0b923ea8
May 20 13:17:04 localhost kernel: ds: 007b   es: 007b   ss: 0068
May 20 13:17:04 localhost kernel: Process iwconfig (pid: 3357,
threadinfo=0b923000 task=0d499930)
May 20 13:17:04 localhost kernel: Stack: 12000003 00000000 1799135c
fffffffb 00000018 12297ba0 00000000 00000014
May 20 13:17:04 localhost kernel:        12297ba0 0d4737fc 00000000
1e9c6607 00000000 0b923ef0 00000000 00000001
May 20 13:17:04 localhost kernel:        00000014 0b923f54 00000014
0228b4e4 00000001 0b923f44 00008b2b 0223db68
May 20 13:17:04 localhost kernel: Call Trace:
May 20 13:17:04 localhost kernel:  [<1e9c6607>]
prism54_get_encode+0x10a/0x157 [prism54]
May 20 13:17:04 localhost kernel:  [<0223db68>]
wireless_process_ioctl+0x2bf/0x59a
May 20 13:17:04 localhost kernel:  [<1e9c64fd>]
prism54_get_encode+0x0/0x157 [prism54]
May 20 13:17:04 localhost kernel:  [<0223701b>] dev_ioctl+0x24e/0x283
May 20 13:17:04 localhost kernel:  [<0222ff8f>] sock_ioctl+0x52/0x280
May 20 13:17:04 localhost kernel:  [<0227ecc1>] schedule+0x3ed/0x44d
May 20 13:17:04 localhost kernel:  [<0214ea0e>] sys_ioctl+0x1f2/0x224
May 20 13:17:04 localhost kernel:
May 20 13:17:04 localhost kernel: Code: 0f 0b 4d 01 9a a8 9c 1e 8b 44
24 14 8b 58 14 83 c8 ff 85 db



uname -a
Linux localhost.localdomain 2.6.6-1.374 #1 Wed May 19 12:44:14 EDT
2004 i686 athlon i386 GNU/Linux


May 20 13:49:32 localhost kernel: Loaded prism54 driver, version 1.1
May 20 13:49:32 localhost kernel: PCI: Enabling device 0000:02:00.0
(0000 -> 0002)
May 20 13:49:34 localhost kernel: eth1: timeout waiting for mgmt response
May 20 13:49:36 localhost last message repeated 2 times
May 20 13:49:36 localhost dhclient: sit0: unknown hardware address
type 776
May 20 13:49:37 localhost dhclient: sit0: unknown hardware address
type 776
May 20 13:49:41 localhost dhclient: DHCPDISCOVER on eth1 to
255.255.255.255 port 67 interval 6
May 20 13:49:47 localhost dhclient: DHCPDISCOVER on eth1 to
255.255.255.255 port 67 interval 7
May 20 13:49:54 localhost dhclient: DHCPDISCOVER on eth1 to
255.255.255.255 port 67 interval 12
May 20 13:50:06 localhost dhclient: DHCPDISCOVER on eth1 to
255.255.255.255 port 67 interval 15
May 20 13:50:21 localhost dhclient: DHCPDISCOVER on eth1 to
255.255.255.255 port 67 interval 18
May 20 13:50:39 localhost dhclient: DHCPDISCOVER on eth1 to
255.255.255.255 port 67 interval 3
May 20 13:50:42 localhost dhclient: No DHCPOFFERS received.
May 20 13:51:08 localhost kernel: eth1: Out of memory, cannot handle
oid 0x5a003168
May 20 13:51:09 localhost kernel: eth1: timeout waiting for mgmt response
May 20 13:51:10 localhost kernel: eth1: timeout waiting for mgmt response
May 20 13:51:10 localhost kernel: slab error in
cache_free_debugcheck(): cache `size-32': double free, or memory
outside object was overwritten
May 20 13:51:10 localhost kernel:  [<021464ab>] kfree+0x184/0x288
May 20 13:51:10 localhost kernel:  [<0229523a>]
wireless_process_ioctl+0x35d/0x59a
May 20 13:51:10 localhost kernel:  [<0229523a>]
wireless_process_ioctl+0x35d/0x59a
May 20 13:51:10 localhost kernel:  [<1e9f1784>]
prism54_get_encode+0x0/0x157 [prism54]
May 20 13:51:10 localhost kernel:  [<0228cf06>] dev_ioctl+0x24e/0x283
May 20 13:51:10 localhost kernel:  [<022846ae>] sock_ioctl+0xc1/0x38d
May 20 13:51:10 localhost kernel:  [<02172e9e>] sys_ioctl+0x29a/0x33c
May 20 13:51:10 localhost kernel:  [<02108243>] do_IRQ+0x2f7/0x303
May 20 13:51:10 localhost kernel:
May 20 13:51:10 localhost kernel: 150e4798: redzone 1: 0x170fc2a5,
redzone 2: 0x42ea170f.
May 20 13:51:11 localhost kernel: eth1: timeout waiting for mgmt response
Comment 1 petrosyan 2004-05-20 17:45:54 UTC 
I also get kernel OOPS with 3COM OfficeConnect 3CRSHPW196 wireless
card which uses Atmel at76c50x firmware.

It used to work fine with older kernels, such as 2.6.5-1.327 from
FC2Test3.
Comment 2 Jørgen Wahlberg 2004-05-20 22:38:12 UTC 
I also get oops using the 3CRSHPW196 card and the Atmel firmware
installed from
http://thekelleys.org.uk/atmel/atmel-firmware-1.0-1.i386.rpm

When inserting the card or doing a cardctl insert i get the following
in /var/log/messages

May 20 18:21:34 jwlaptop cardmgr[3687]: socket 1: 3Com 3CRSHPW_96
Wireless LAN PC Card
May 20 18:21:35 jwlaptop kernel: eth1: MAC address 00:04:75:f6:93:96
May 20 18:21:35 jwlaptop kernel: eth1: Atmel at76c50x wireless.
Version 0.96 simon.uk
May 20 18:21:35 jwlaptop kernel: eth1: 3com 3CRSHPW196 index 0x01: Vcc
3.3, irq 3, io 0x0100-0x011f
May 20 18:21:35 jwlaptop kernel: ip_tables: (C) 2000-2002 Netfilter
core team
May 20 18:21:35 jwlaptop kernel: Unable to handle kernel NULL pointer
dereference at virtual address 00000000
May 20 18:21:35 jwlaptop kernel:  printing eip:
May 20 18:21:35 jwlaptop kernel: 0216c0bf
May 20 18:21:35 jwlaptop kernel: *pde = 00000000
May 20 18:21:35 jwlaptop kernel: Oops: 0000 [#1]
May 20 18:21:35 jwlaptop kernel: CPU:    0
May 20 18:21:35 jwlaptop kernel: EIP:    0060:[<0216c0bf>]    Not tainted
May 20 18:21:35 jwlaptop kernel: EFLAGS: 00010286   (2.6.5-1.358) 
May 20 18:21:35 jwlaptop kernel: EIP is at object_path_length+0x10/0x25
May 20 18:21:35 jwlaptop kernel: eax: 00000000   ebx: 00000001   ecx:
ffffffff   edx: 23d966a4
May 20 18:21:35 jwlaptop kernel: esi: 00000000   edi: 00000000   ebp:
00000003   esp: 0d535e00
May 20 18:21:35 jwlaptop kernel: ds: 007b   es: 007b   ss: 0068
May 20 18:21:35 jwlaptop kernel: Process ip (pid: 4275,
threadinfo=0d535000 task=0d6008b0)
May 20 18:21:35 jwlaptop kernel: Stack: 022db0e0 022db080 0216c145
022dad28 1cb6ec80 022a8be7 23d966a4 022db0e0 
May 20 18:21:35 jwlaptop kernel:        11279110 022db080 00000000
021d9e0b 0cdc6790 022db120 0cdc67d4 11279110 
May 20 18:21:35 jwlaptop kernel:        021db8ae 23d96680 060b4228
0d535e74 022c9d44 0212e95c 00000007 0d535ec3 
May 20 18:21:35 jwlaptop kernel: Call Trace:
May 20 18:21:35 jwlaptop kernel:  [<0216c145>]
sysfs_create_link+0x28/0x117
May 20 18:21:35 jwlaptop kernel:  [<021d9e0b>] class_device_add+0xd7/0xfb
May 20 18:21:35 jwlaptop kernel:  [<021db8ae>]
fw_register_class_device+0xe5/0x120
May 20 18:21:35 jwlaptop kernel:  [<0212e95c>]
buffered_rmqueue+0x124/0x147
May 20 18:21:35 jwlaptop kernel:  [<021db907>]
fw_setup_class_device+0x1e/0x90
May 20 18:21:35 jwlaptop kernel:  [<021db9e1>] request_firmware+0x68/0x139
May 20 18:21:35 jwlaptop kernel:  [<23de1481>]
reset_atmel_card+0x105/0x535 [atmel]
May 20 18:21:35 jwlaptop kernel:  [<23dde503>] atmel_open+0xb6/0x178
[atmel]
May 20 18:21:35 jwlaptop kernel:  [<02235a97>] dev_open+0x5f/0xcc
May 20 18:21:35 jwlaptop kernel:  [<022369cc>] dev_change_flags+0x48/0xee
May 20 18:21:35 jwlaptop kernel:  [<02267a19>] devinet_ioctl+0x255/0x4a1
May 20 18:21:35 jwlaptop kernel:  [<022694a8>] inet_ioctl+0x47/0x73
May 20 18:21:35 jwlaptop kernel:  [<022301a5>] sock_ioctl+0x268/0x280
May 20 18:21:35 jwlaptop kernel:  [<0223054f>] sys_socket+0x2a/0x3d
May 20 18:21:35 jwlaptop kernel:  [<0214ea0e>] sys_ioctl+0x1f2/0x224
May 20 18:21:35 jwlaptop kernel: 
May 20 18:21:35 jwlaptop kernel: Code: f2 ae f7 d1 49 8b 52 24 8d 5c
19 01 85 d2 75 e9 89 d8 5b 5f 

I ended up using the 2.6.5-1.327 kernel from test3 which works fine
for me.

I am not a kernel hacker, but after some googling I am pretty sure
this problem is the same as being discussed in the linux kernel
mailing list thread you can find here: http://lkml.org/lkml/2004/4/23/4
Comment 3 Arjan van de Ven 2004-05-21 07:15:10 UTC 
 Jørgen: since that is an entirely different driver/card, please use a
separate bugzilla instead.
Comment 4 Dave Jones 2005-04-16 04:52:49 UTC 
Fedora Core 2 has now reached end of life, and no further updates will be
provided by Red Hat.  The Fedora legacy project will be producing further kernel
updates for security problems only.

If this bug has not been fixed in the latest Fedora Core 2 update kernel, please
try to reproduce it under Fedora Core 3, and reopen if necessary, changing the
product version accordingly.

Thank you.