Bug 158406

Summary:	kernel panic when network manager starts with ipw2100
Product:	[Fedora] Fedora	Reporter:	Kaj J. Niemi <kajtzu>
Component:	kernel	Assignee:	John W. Linville <linville>
Status:	CLOSED CURRENTRELEASE	QA Contact:	Brian Brock <bbrock>
Severity:	medium	Docs Contact:
Priority:	medium
Version:	rawhide	CC:	davej, petrosyan, wtogami
Target Milestone:	---
Target Release:	---
Hardware:	All
OS:	Linux
Whiteboard:
Fixed In Version:		Doc Type:	Bug Fix
Doc Text:		Story Points:	---
Clone Of:		Environment:
Last Closed:	2005-05-26 12:19:25 UTC	Type:	---
Regression:	---	Mount Type:	---
Documentation:	---	CRM:
Verified Versions:		Category:	---
oVirt Team:	---	RHEL 7.3 requirements from Atomic Host:
Cloudforms Team:	---	Target Upstream Version:
Embargoed:

Description Kaj J. Niemi 2005-05-21 22:25:09 UTC

Description of problem:
With 2.6.11-1.1329_FC4 (and 2.6.11-1.1323_FC4 as well) starting NetworkManager
makes the kernel panic. I guess this is related to the ipw2100 1.1.0 update.
Before 1323, 1312 worked well.

May 22 01:17:01 localhost NetworkManager: <information> starting...
May 22 01:17:01 localhost NetworkManager: <information> eth0: Driver 'e1000'
does not support carrier detection.        You must switch to it manually.
May 22 01:17:01 localhost NetworkManager: <information> eth0: Driver support
level for 'e1000' is fully-supported
May 22 01:17:01 localhost NetworkManager: <information> nm_device_new(): waiting
for device's worker thread to start
May 22 01:17:01 localhost NetworkManager: <information> nm_device_new():
device's worker thread started, continuing.
May 22 01:17:01 localhost NetworkManager: <information> Now managing wired
device 'eth0'.
May 22 01:17:01 localhost NetworkManager: <information> eth1: Driver 'ipw2100'
does not support wireless scanning.      NetworkManager will not be able to
fully use the card.
May 22 01:17:02 localhost kernel: divide error: 0000 [#1]
May 22 01:17:02 localhost kernel: Modules linked in: parport_pc lp parport
pcmcia sunrpc dm_mod video ibm_acpi button battery ac yenta_socket
rsrc_nonstatic pcmcia_core uhci_hcd ehci_hcd shpchp hw_random tpm_atmel tpm
i2c_i801 i2c_core snd_intel8x0m snd_intel8x0 snd_ac97_codec snd_seq_dummy
snd_seq_oss snd_seq_midi_event snd_seq snd_seq_device snd_pcm_oss snd_mixer_oss
snd_pcm snd_timer snd soundcore snd_page_alloc ipw2100 ieee80211 ieee80211_crypt
e1000 floppy ext3 jbd
May 22 01:17:02 localhost kernel: CPU:    0
May 22 01:17:02 localhost kernel: EIP:    0060:[<f88e00f1>]    Not tainted VLI
May 22 01:17:02 localhost kernel: EFLAGS: 00010087   (2.6.11-1.1329_FC4)
May 22 01:17:02 localhost kernel: EIP is at ieee80211_wx_get_scan+0x741/0xbf1
[ieee80211]
May 22 01:17:02 localhost kernel: eax: fff9f200   ebx: 00060e00   ecx: 00001360
  edx: ffffffff
May 22 01:17:02 localhost kernel: esi: 000000a0   edi: 00000000   ebp: f6ec7ea6
  esp: f6ec7da0
May 22 01:17:02 localhost kernel: ds: 007b   es: 007b   ss: 0068
May 22 01:17:02 localhost kernel: Process NetworkManager (pid: 2317,
threadinfo=f6ec7000 task=c1a59000)
May 22 01:17:02 localhost kernel: Stack: f6ec7ea3 00000029 f88e1105 0000000b
f88e1104 00000000 00000000 00000000
May 22 01:17:02 localhost kernel:        f7450007 f6ec7f54 f7d7a280 f7d7a3cc
00000286 f6f16000 7e8c0000 00000000
May 22 01:17:02 localhost kernel:        f6f1508a f6f15058 f7450000 00000000
00000000 00000000 00000000 00000000
May 22 01:17:02 localhost kernel: Call Trace:
May 22 01:17:02 localhost kernel:  [<c015a977>] check_poison_obj+0x24/0x17c
May 22 01:17:02 localhost kernel:  [<c015c889>]
cache_alloc_debugcheck_after+0x31/0x11d
May 22 01:17:02 localhost kernel:  [<c0373dfd>] schedule+0x31d/0x7b3
May 22 01:17:02 localhost kernel:  [<c015ce00>] __kmalloc+0x4f/0xd0
May 22 01:17:02 localhost kernel:  [<c0315ac0>] wireless_process_ioctl+0x58d/0x6c3
May 22 01:17:02 localhost kernel:  [<f892a993>] ipw2100_wx_get_scan+0x0/0xb
[ipw2100]
May 22 01:17:02 localhost kernel:  [<c030ae43>] dev_ioctl+0x242/0x28b
May 22 01:17:02 localhost kernel:  [<c02fe9f4>] sock_ioctl+0x0/0x244
May 22 01:17:02 localhost kernel:  [<c0193c89>] do_ioctl+0x19/0x55
May 22 01:17:02 localhost kernel:  [<c0193db7>] vfs_ioctl+0x50/0x1aa
May 22 01:17:02 localhost kernel:  [<c0193f6e>] sys_ioctl+0x5d/0x6b
May 22 01:17:02 localhost kernel:  [<c0103a51>] syscall_call+0x7/0xb
May 22 01:17:02 localhost kernel: Code: 0f be 41 5c 29 c3 8d 04 3f 01 f8 8d 04
c7 01 c0 01 c0 89 d1 c1 e1 04 29 d1 8d 34 1b 89 da c1 e2 06 29 f2 01 d1 0f af d9
29 d8 99 <f7> ff 89 c2 b8 64 00
00 00 80 fa 65 0f 42 c2 88 84 24 30 01 00



How reproducible:
Always

Steps to Reproduce:
1. Reboot with 1329
2. Wait until network manager starts


Thanks :)

Comment 1 Kaj J. Niemi 2005-05-21 22:54:05 UTC

Same thing with 1336.

May 22 01:48:45 localhost kernel: divide error: 0000 [#1]
May 22 01:48:45 localhost kernel: Modules linked in: parport_pc lp parport
pcmcia radeon drm sunrpc dm_mod video ibm_acpi button battery ac yenta_socket
rsrc_nonstatic pcmcia_core uhci_hcd ehci_hcd shpchp hw_random tpm_atmel tpm
i2c_i801 i2c_core snd_intel8x0m snd_intel8x0 snd_ac97_codec snd_seq_dummy
snd_seq_oss snd_seq_midi_event snd_seq snd_seq_device snd_pcm_oss snd_mixer_oss
snd_pcm snd_timer snd soundcore snd_page_alloc ipw2100 ieee80211 ieee80211_crypt
e1000 floppy ext3 jbd
May 22 01:48:45 localhost kernel: CPU:    0
May 22 01:48:45 localhost kernel: EIP:    0060:[<f88e00f1>]    Not tainted VLI
May 22 01:48:45 localhost kernel: EFLAGS: 00010093   (2.6.11-1.1336_FC4)
May 22 01:48:45 localhost kernel: EIP is at ieee80211_wx_get_scan+0x741/0xbf1
[ieee80211]
May 22 01:48:45 localhost kernel: eax: fff9cb02   ebx: 000634fe   ecx: 0000139e
  edx: ffffffff
May 22 01:48:45 localhost kernel: esi: 000000a2   edi: 00000000   ebp: f70eaea6
  esp: f70eada0
May 22 01:48:45 localhost kernel: ds: 007b   es: 007b   ss: 0068
May 22 01:48:45 localhost kernel: Process NetworkManager (pid: 2458,
threadinfo=f70ea000 task=f7d8c550)
May 22 01:48:45 localhost kernel: Stack: f70eaea3 00000029 f88e1105 0000000b
f88e1104 00000000 00000000 00000000
May 22 01:48:45 localhost kernel:        f7450007 f70eaf54 f7d83280 f7d833cc
00000286 f60f9000 ae8c0000 00000000
May 22 01:48:45 localhost kernel:        f60f808a f60f8058 f7450000 00000000
00000000 00000000 00000000 00000000
May 22 01:48:45 localhost kernel: Call Trace:
May 22 01:48:45 localhost kernel:  [<c015acc7>] check_poison_obj+0x24/0x17c
May 22 01:48:45 localhost kernel:  [<c015cbd9>]
cache_alloc_debugcheck_after+0x31/0x11d
May 22 01:48:45 localhost kernel:  [<c037413d>] schedule+0x31d/0x7b3
May 22 01:48:45 localhost kernel:  [<c015d100>] kmem_ptr_validate+0x49/0x4a
May 22 01:48:45 localhost kernel:  [<c0315e50>] wireless_process_ioctl+0x58d/0x6c3
May 22 01:48:45 localhost kernel:  [<f892a993>] ipw2100_wx_get_scan+0x0/0xb
[ipw2100]
May 22 01:48:45 localhost kernel:  [<c030b1d3>] dev_ioctl+0x242/0x28b
May 22 01:48:45 localhost kernel:  [<c02fed84>] sock_ioctl+0x0/0x244
May 22 01:48:45 localhost kernel:  [<c0193fd9>] do_ioctl+0x19/0x55
May 22 01:48:45 localhost kernel:  [<c0194107>] vfs_ioctl+0x50/0x1aa
May 22 01:48:45 localhost kernel:  [<c01942be>] sys_ioctl+0x5d/0x6b
May 22 01:48:45 localhost kernel:  [<c0103a51>] syscall_call+0x7/0xb
May 22 01:48:45 localhost kernel: Code: 0f be 41 5c 29 c3 8d 04 3f 01 f8 8d 04
c7 01 c0 01 c0 89 d1 c1 e1 04 29 d1 8d 34 1b 89 da c1 e2 06 29 f2 01 d1 0f af d9
29 d8 99 <f7> ff 89 c2 b8 64 00
00 00 80 fa 65 0f 42 c2 88 84 24 30 01 00

Comment 2 Dave Jones 2005-05-22 04:54:45 UTC

*** Bug 158339 has been marked as a duplicate of this bug. ***

Comment 3 Dave Jones 2005-05-22 05:10:59 UTC

Fixed in CVS, will be in builds 1338 and higher.

Comment 4 Kaj J. Niemi 2005-05-22 12:15:33 UTC

Still panics at the same point with 1340. Below what's being written to syslog.

May 22 15:10:19 localhost kernel: divide error: 0000 [#1]
May 22 15:10:19 localhost kernel: Modules linked in: parport_pc lp parport
pcmcia radeon drm sunrpc dm_mod video ibm_acpi button battery ac yenta_socket
rsrc_nonstatic pcmcia_core uhci_hcd ehci_hcd shpchp hw_random tpm_atmel tpm
i2c_i801 i2c_core snd_intel8x0m snd_intel8x0 snd_ac97_codec snd_seq_dummy
snd_seq_oss snd_seq_midi_event snd_seq snd_seq_device snd_pcm_oss snd_mixer_oss
snd_pcm snd_timer snd soundcore snd_page_alloc ipw2100 ieee80211 ieee80211_crypt
e1000 floppy ext3 jbd
May 22 15:10:19 localhost kernel: CPU:    0
May 22 15:10:19 localhost kernel: EIP:    0060:[<f88e00f1>]    Not tainted VLI
May 22 15:10:19 localhost kernel: EFLAGS: 00010083   (2.6.11-1.1340_FC4)
May 22 15:10:19 localhost kernel: EIP is at ieee80211_wx_get_scan+0x741/0xbf1
[ieee80211]
May 22 15:10:19 localhost kernel: eax: fff95320   ebx: 0006ace0   ecx: 00001458
  edx: ffffffff
May 22 15:10:19 localhost kernel: esi: 000000a8   edi: 00000000   ebp: f6122ea6
  esp: f6122da0
May 22 15:10:19 localhost kernel: ds: 007b   es: 007b   ss: 0068
May 22 15:10:19 localhost kernel: Process NetworkManager (pid: 2546,
threadinfo=f6122000 task=c1b2daa0)
May 22 15:10:19 localhost kernel: Stack: f6122ea3 00000029 f88e1105 0000000b
f88e1104 00000000 00000000 00000000
May 22 15:10:19 localhost kernel:        f7460007 f6122f54 f7d84280 f7d843cc
00000286 f6b06000 2e8c0000 00000000
May 22 15:10:19 localhost kernel:        f6b0508a f6b05058 f7460000 00000000
00000000 00000000 00000000 00000000
May 22 15:10:19 localhost kernel: Call Trace:
May 22 15:10:19 localhost kernel:  [<c015acc7>] check_poison_obj+0x24/0x17c
May 22 15:10:19 localhost kernel:  [<c015cbd9>]
cache_alloc_debugcheck_after+0x31/0x11d
May 22 15:10:19 localhost kernel:  [<c037413d>] schedule+0x31d/0x7b3

Comment 5 Kaj J. Niemi 2005-05-22 12:16:51 UTC

It's a IBM T40p where this is happening in case you're wondering.

Comment 6 Kaj J. Niemi 2005-05-22 12:26:46 UTC

It looks like you fixed it in rev 1.6 of linux-2.6.9-ipw2100.patch but rev 1.7
backs out the change...

Comment 7 petrosyan 2005-05-23 12:07:39 UTC

this bug still happens with kernel-2.6.11-1.1341_FC4

Comment 8 Dave Jones 2005-05-23 19:54:39 UTC

The commit that backed out the change also committed it to the end of
linux-2.6.9-ieee80211.patch  (It was previously committed to the wrong patch).

I see another case of the same bug though. Though I'm puzzled why 'HZ' is 100.
In kernel, it should be 1000.

Comment 9 petrosyan 2005-05-24 04:24:55 UTC

kernel-2.6.11-1.1349_FC4 still panics when starting NetworkManager

Comment 10 Dave Jones 2005-05-25 00:40:37 UTC

Has the panic changed to the same as the one in bug #158569 ? If so I'll close
this one, and work on that different bug there.

*sigh*, its like bug whack-a-mole.

Comment 11 petrosyan 2005-05-25 02:46:34 UTC

I really have no way of differentiating between these two bugs, because my
computer freezes completely and the beginning of the panic message scrolls off
the screen.

Comment 12 Kaj J. Niemi 2005-05-25 09:14:23 UTC

Hmm. I still get the original panic in this ticket, not the one mentioned in bug
#158569. Easiest way to reproduce is to boot single, start network, start
messagebus, start haldaemon, start NetworkManager.

divide error: 0000 [#1]
Modules linked in: sunrpc dm_mod video ibm_acpi button battery ac yenta_socket
rsrc_nonstatic pcmcia_core uhci_hcd ehci_hcd shpchp hw_random tpm_atmel tpm
i2c_i801 i2c_core snd_intel8x0m snd_intel8x0 snd_ac97_codec snd_seq_dummy
snd_seq_oss snd_seq_midi_event snd_seq snd_seq_device snd_pcm_oss snd_mixer_oss
snd_pcm snd_timer snd soundcore snd_page_alloc ipw2100 ieee80211 ieee80211_crypt
e1000 floppy ext3 jbd
CPU:    0
EIP:    0060:[<f8ba00e6>]    Not tainted VLI
EFLAGS: 00010097   (2.6.11-1.1355_FC4)
EIP is at ieee80211_wx_get_scan+0x736/0xbe6 [ieee80211]
eax: fffb5d48   ebx: 0004a2b8   ecx: 000010f4   edx: ffffffff
esi: 0000008c   edi: 00000000   ebp: f70aeeb1   esp: f70aeda0
ds: 007b   es: 007b   ss: 0068
Process NetworkManager (pid: 2092, threadinfo=f70ae000 task=f7d54000)
Stack: f70aeeae 0000001e f8ba10e5 00000024 f8ba10e4 00000000 00000000 00000000
       f7490007 f70aef54 c1a86280 c1a863cc 00000286 f715e000 ee8c0000 00000000
       f715d099 f715d05c f7490000 00000000 00000000 00000000 00000000 00000000
Call Trace:
 [<c0372d4d>] schedule+0x31d/0x7b3
 [<c0314aa0>] wireless_process_ioctl+0x58d/0x6c3
 [<f8bea993>] ipw2100_wx_get_scan+0x0/0xb [ipw2100]
 [<c0309e23>] dev_ioctl+0x242/0x28b
 [<c02fd9d4>] sock_ioctl+0x0/0x244
 [<c0192db9>] do_ioctl+0x19/0x55
 [<c0192ee7>] vfs_ioctl+0x50/0x1aa
 [<c019309e>] sys_ioctl+0x5d/0x6b
 [<c0103a51>] syscall_call+0x7/0xb
Code: 0f be 41 5c 29 c3 8d 04 3f 01 f8 8d 04 c7 01 c0 01 c0 89 d1 c1 e1 04 29 d1
8d 34 1b 89 da c1 e2 06 29 f2 01 d1 0f af
d9 29 d8 99 <f7> ff 89 c2 b8 64 00 00 00 80 fa 65 0f 42 c2 88 84 24 30 01 00

Comment 13 John W. Linville 2005-05-25 23:59:57 UTC

I think there may be a problem w/ the recent ipw2100 update to 1.1.0 in FC4.  
Please attempt to recreate this problem using the test kernels from here: 
 
   http://people.redhat.com/linville/kernels/fc4/ 
 
Please post your results.  Thanks!

Comment 14 petrosyan 2005-05-26 00:41:11 UTC

kernel-2.6.11-1.1355.2.2_FC4.jwltest.4 fixes this bug for me

Comment 15 petrosyan 2005-05-26 03:44:32 UTC

kernel-2.6.11-1.1363_FC4 also fixes this bug

Comment 16 Kaj J. Niemi 2005-05-26 07:39:23 UTC

1363 fixes the panicing. Thanks! :)

Comment 18 Dave Jones 2005-05-26 23:58:52 UTC

For now I've reverted back to the old version of the driver. I'll look at
updating again it in an update after release. Theres just not enough time
between now and FC4 release to get all the issues hammered out.