Bug 160665

Summary:	ipw2100 panics the system
Product:	[Fedora] Fedora	Reporter:	Kaj J. Niemi <kajtzu>
Component:	kernel	Assignee:	Dave Jones <davej>
Status:	CLOSED RAWHIDE	QA Contact:	Brian Brock <bbrock>
Severity:	medium	Docs Contact:
Priority:	high
Version:	rawhide	CC:	dcbw, pfrields, wtogami
Target Milestone:	---	Keywords:	Regression
Target Release:	---
Hardware:	All
OS:	Linux
Whiteboard:
Fixed In Version:		Doc Type:	Bug Fix
Doc Text:		Story Points:	---
Clone Of:		Environment:
Last Closed:	2005-10-06 06:04:27 UTC	Type:	---
Regression:	---	Mount Type:	---
Documentation:	---	CRM:
Verified Versions:		Category:	---
oVirt Team:	---	RHEL 7.3 requirements from Atomic Host:
Cloudforms Team:	---	Target Upstream Version:
Embargoed:

Description Kaj J. Niemi 2005-06-16 14:19:52 UTC

Description of problem:
With kernel-2.6.11-1.1383_FC5 the ipw2100 driver crashes again when
NetworkManager starts. This is on a IBM T40p laptop.

Yes, the log says tainted (due to vmware being loaded) but it really happens
without vmware as well. If you want I can reinstall the kernel, boot untainted
again and paste the results.

Jun 16 16:50:20 d108 kernel: divide error: 0000 [#1]
Jun 16 16:50:20 d108 kernel: Modules linked in: lp vmnet(U) radeon drm
parport_pc parport vmmon(U) pcmcia loop sunrpc dm_mod video ibm_acpi button
battery ac yenta_socket rsrc_nonstatic pcmcia_core uhci_hcd ehci_hcd shpchp
hw_random tpm_atmel tpm i2c_i801 i2c_core snd_intel8x0m snd_intel8x0
snd_ac97_codec snd_seq_dummy snd_seq_oss snd_seq_midi_event snd_seq
snd_seq_device snd_pcm_oss snd_mixer_oss snd_pcm snd_timer snd soundcore
snd_page_alloc ipw2100 ieee80211 ieee80211_crypt e1000 floppy ext3 jbd
Jun 16 16:50:20 d108 kernel: CPU:    0
Jun 16 16:50:20 d108 kernel: EIP:    0060:[<f8ba00e6>]    Tainted: P      VLI
Jun 16 16:50:20 d108 kernel: EFLAGS: 00010093   (2.6.11-1.1383_FC5)
Jun 16 16:50:20 d108 kernel: EIP is at ieee80211_wx_get_scan+0x736/0xbe6 [ieee80211]
Jun 16 16:50:20 d108 kernel: eax: fffcb4f2   ebx: 00034b0e   ecx: 00000e4a  
edx: ffffffff
Jun 16 16:50:20 d108 kernel: esi: 00000076   edi: 00000000   ebp: f006deb1  
esp: f006dda0
Jun 16 16:50:20 d108 kernel: ds: 007b   es: 007b   ss: 0068
Jun 16 16:50:20 d108 kernel: Process NetworkManager (pid: 3537,
threadinfo=f006d000 task=f0e69000)
Jun 16 16:50:20 d108 kernel: Stack: badc0ded f006deae 0000001e f8ba10e5 00000024
f8ba10e4 00000000 00000000
Jun 16 16:50:20 d108 kernel:        00000000 f7450007 f006df54 c19ae280 c19ae3cc
00000286 f004c000 de8c0000
Jun 16 16:50:20 d108 kernel:        00000000 f004b099 f004b05c f7450000 00000000
00000000 00000000 00000000
Jun 16 16:50:20 d108 kernel: Call Trace:
Jun 16 16:50:20 d108 kernel:  [<c0166662>] do_wp_page+0x2ca/0x627
Jun 16 16:50:20 d108 kernel:  [<c015aaed>] check_poison_obj+0x24/0x17b
Jun 16 16:50:20 d108 kernel:  [<c015ca09>] cache_alloc_debugcheck_after+0x31/0x11d
Jun 16 16:50:20 d108 kernel:  [<c016836e>] handle_mm_fault+0x240/0x322
Jun 16 16:50:20 d108 kernel:  [<c0150067>] register_kprobe+0xfd/0x209
Jun 16 16:50:20 d108 kernel:  [<c0312fe0>] wireless_process_ioctl+0x58d/0x6c3
Jun 16 16:50:20 d108 kernel:  [<f8bea993>] ipw2100_wx_get_scan+0x0/0xb [ipw2100]
Jun 16 16:50:20 d108 kernel:  [<c03082e3>] dev_ioctl+0x237/0x280
Jun 16 16:50:20 d108 kernel:  [<c02fbe84>] sock_ioctl+0x0/0x244
Jun 16 16:50:20 d108 kernel:  [<c0193ef9>] do_ioctl+0x19/0x55
Jun 16 16:50:20 d108 kernel:  [<c0194027>] vfs_ioctl+0x50/0x1aa
Jun 16 16:50:20 d108 kernel:  [<c01941de>] sys_ioctl+0x5d/0x6b
Jun 16 16:50:20 d108 kernel:  [<c0103a51>] syscall_call+0x7/0xb
Jun 16 16:50:20 d108 kernel: Code: 0f be 41 5c 29 c3 8d 04 3f 01 f8 8d 04 c7 01
c0 01 c0 89 d1 c1 e1 04 29 d1 8d 34 1b 89 da c1 e2 06 29 f2 01 d1 0f af d9 29 d8
99 <f7> ff 89 c2 b8 64 00 00 00 80 fa 65 0f 42 c2 88 84 24 30 01 00



Version-Release number of selected component (if applicable):
kernel-2.6.11-1.1383_FC5


How reproducible:
Always

Steps to Reproduce:
1. boot
2. wait until NetworkManager starts
3. that's it

Comment 1 Dan Williams 2005-06-18 23:48:55 UTC

ACK

2.6.11-1.1383_FC5 #1 Wed Jun 15 19:18:28 EDT 2005 i686 i686 i386 GNU/Linux

ipw2100-1.3.fw

For me, it dies when NetworkManager attempts to ioctl SIOCGIWMODE.  Will try to
get a backtrace.  This does not happen when booted into kernel-2.6.11-1.1315_FC4.

Comment 2 Dan Williams 2005-06-19 00:15:20 UTC

Jun 18 19:46:08 localhost kernel: divide error: 0000 [#1]
Jun 18 19:46:08 localhost kernel: Modules linked in: parport_pc lp parport
autofs4 i2c_dev i2c_core sunrpc pcmcia video button battery ac md5 ipv6
yenta_socket rsrc_nonstatic pcmcia_core uhci_hcd tpm_atmel tpm snd_intel8x0
snd_ac97_codec snd_seq_dummy snd_seq_oss snd_seq_midi_event snd_seq
snd_seq_device snd_pcm_oss snd_mixer_oss snd_pcm snd_timer snd soundcore
snd_page_alloc ipw2100 ieee80211 ieee80211_crypt 3c59x mii floppy dm_snapshot
dm_zero dm_mirror ext3 jbd dm_mod
Jun 18 19:46:08 localhost kernel: CPU:    0
Jun 18 19:46:08 localhost kernel: EIP:    0060:[<e08cf0e6>]    Not tainted VLI
Jun 18 19:46:08 localhost kernel: EFLAGS: 00010097   (2.6.11-1.1383_FC5)
Jun 18 19:46:08 localhost kernel: EIP is at ieee80211_wx_get_scan+0x736/0xbe6
[ieee80211]
Jun 18 19:46:08 localhost kernel: eax: fff9a388   ebx: 00065c78   ecx: 000013dc
  edx: ffffffff
Jun 18 19:46:08 localhost kernel: esi: 000000a4   edi: 00000000   ebp: d5584ebc
  esp: d5584da0
Jun 18 19:46:08 localhost kernel: ds: 007b   es: 007b   ss: 0068
Jun 18 19:46:08 localhost kernel: Process NetworkManager (pid: 3481,
threadinfo=d5584000 task=d22cc000)
Jun 18 19:46:08 localhost kernel: Stack: d5584eb9 00000013 e08d00e5 00000036
e08d00e4 00000000 00000000 00000000
Jun 18 19:46:08 localhost kernel:        de970007 d5584f54 df609280 df6093cc
00000286 ce210000 4e8c0000 00000004
Jun 18 19:46:08 localhost kernel:        ce20f0a2 ce20f05a de970000 00000000
00000000 00000000 00000000 00000000
Jun 18 19:46:08 localhost kernel: Call Trace:
Jun 18 19:46:08 localhost kernel:  [<c0166662>] do_wp_page+0x2ca/0x627
Jun 18 19:46:08 localhost kernel:  [<c015aaed>] check_poison_obj+0x24/0x17b
Jun 18 19:46:08 localhost kernel:  [<c016836e>] handle_mm_fault+0x240/0x322
Jun 18 19:46:08 localhost kernel:  [<c015cf00>] kmem_ptr_validate+0x19/0x4a
Jun 18 19:46:08 localhost kernel:  [<c0312fe0>] wireless_process_ioctl+0x58d/0x6c3
Jun 18 19:46:08 localhost kernel:  [<e092f993>] ipw2100_wx_get_scan+0x0/0xb
[ipw2100]
Jun 18 19:46:08 localhost kernel:  [<c03082e3>] dev_ioctl+0x237/0x280
Jun 18 19:46:08 localhost kernel:  [<c02fbe84>] sock_ioctl+0x0/0x244
Jun 18 19:46:08 localhost kernel:  [<c0193ef9>] do_ioctl+0x19/0x55
Jun 18 19:46:08 localhost kernel:  [<c0194027>] vfs_ioctl+0x50/0x1aa
Jun 18 19:46:08 localhost kernel:  [<c01941de>] sys_ioctl+0x5d/0x6b
Jun 18 19:46:08 localhost kernel:  [<c0103a51>] syscall_call+0x7/0xb
Jun 18 19:46:08 localhost kernel: Code: 0f be 41 5c 29 c3 8d 04 3f 01 f8 8d 04
c7 01 c0 01 c0 89 d1 c1 e1 04 29 d1 8d 34 1b 89 da c1 e2 06 29 f2 01 d1 0f af d9
29 d8 99 <f7> ff 89 c2 b8 64 00 00 00 80 fa 65 0f 42 c2 88 84 24 30 01 00

Comment 3 Dan Williams 2005-06-19 00:15:44 UTC

Jun 18 19:54:06 localhost kernel: divide error: 0000 [#1]
Jun 18 19:54:06 localhost kernel: Modules linked in: parport_pc lp parport
autofs4 i2c_dev i2c_core sunrpc pcmcia video button battery ac md5 ipv6
yenta_socket rsrc_nonstatic pcmcia_core uhci_hcd tpm_atmel tpm snd_intel8x0
snd_ac97_codec snd_seq_dummy snd_seq_oss snd_seq_midi_event snd_seq
snd_seq_device snd_pcm_oss snd_mixer_oss snd_pcm snd_timer snd soundcore
snd_page_alloc ipw2100 ieee80211 ieee80211_crypt 3c59x mii floppy dm_snapshot
dm_zero dm_mirror ext3 jbd dm_mod
Jun 18 19:54:06 localhost kernel: CPU:    0
Jun 18 19:54:06 localhost kernel: EIP:    0060:[<e08cf0e6>]    Not tainted VLI
Jun 18 19:54:06 localhost kernel: EFLAGS: 00010083   (2.6.11-1.1383_FC5)
Jun 18 19:54:06 localhost kernel: EIP is at ieee80211_wx_get_scan+0x736/0xbe6
[ieee80211]
Jun 18 19:54:06 localhost kernel: eax: fffc9820   ebx: 000367e0   ecx: 00000e88
  edx: ffffffff
Jun 18 19:54:06 localhost kernel: esi: 00000078   edi: 00000000   ebp: d6677ebc
  esp: d6677da0
Jun 18 19:54:06 localhost kernel: ds: 007b   es: 007b   ss: 0068
Jun 18 19:54:06 localhost kernel: Process NetworkManager (pid: 3040,
threadinfo=d6677000 task=d53b6550)
Jun 18 19:54:06 localhost kernel: Stack: d6677eb9 00000013 e08d00e5 00000036
e08d00e4 00000000 00000000 00000000
Jun 18 19:54:06 localhost kernel:        defd0007 d6677f54 dec54280 dec543cc
00000286 d53e5000 7e8c0000 00000004
Jun 18 19:54:06 localhost kernel:        d53e40a2 d53e405a defd0000 00000000
00000000 00000000 00000000 00000000
Jun 18 19:54:06 localhost kernel: Call Trace:
Jun 18 19:54:06 localhost kernel:  [<c0166662>] do_wp_page+0x2ca/0x627
Jun 18 19:54:06 localhost kernel:  [<c015aaed>] check_poison_obj+0x24/0x17b
Jun 18 19:54:06 localhost kernel:  [<c016836e>] handle_mm_fault+0x240/0x322
Jun 18 19:54:06 localhost kernel:  [<c015cf00>] kmem_ptr_validate+0x19/0x4a
Jun 18 19:54:06 localhost kernel:  [<c0312fe0>] wireless_process_ioctl+0x58d/0x6c3
Jun 18 19:54:06 localhost kernel:  [<e092f993>] ipw2100_wx_get_scan+0x0/0xb
[ipw2100]
Jun 18 19:54:06 localhost kernel:  [<c03082e3>] dev_ioctl+0x237/0x280
Jun 18 19:54:06 localhost kernel:  [<c02fbe84>] sock_ioctl+0x0/0x244
Jun 18 19:54:06 localhost kernel:  [<c0193ef9>] do_ioctl+0x19/0x55
Jun 18 19:54:06 localhost kernel:  [<c0194027>] vfs_ioctl+0x50/0x1aa
Jun 18 19:54:06 localhost kernel:  [<c01941de>] sys_ioctl+0x5d/0x6b
Jun 18 19:54:06 localhost kernel:  [<c0103a51>] syscall_call+0x7/0xb
Jun 18 19:54:06 localhost kernel: Code: 0f be 41 5c 29 c3 8d 04 3f 01 f8 8d 04
c7 01 c0 01 c0 89 d1 c1 e1 04 29 d1 8d 34 1b 89 da c1 e2 06 29 f2 01 d1 0f af d9
29 d8 99 <f7> ff 89 c2 b8 64 00 00 00 80 fa 65 0f 42 c2 88 84 24 30 01 00

Comment 4 Dan Williams 2005-06-19 00:16:13 UTC

Jun 18 20:03:24 localhost kernel: Unable to handle kernel paging request at
virtual address 7661737a
Jun 18 20:03:24 localhost kernel:  printing eip:
Jun 18 20:03:24 localhost kernel: e08cf642
Jun 18 20:03:24 localhost kernel: *pde = 00000000
Jun 18 20:03:24 localhost kernel: Oops: 0000 [#1]
Jun 18 20:03:24 localhost kernel: Modules linked in: parport_pc lp parport
autofs4 i2c_dev i2c_core sunrpc pcmcia video button battery ac md5 ipv6
yenta_socket rsrc_nonstatic pcmcia_core uhci_hcd tpm_atmel tpm snd_intel8x0
snd_ac97_codec snd_seq_dummy snd_seq_oss snd_seq_midi_event snd_seq
snd_seq_device snd_pcm_oss snd_mixer_oss snd_pcm snd_timer snd soundcore
snd_page_alloc ipw2100 ieee80211 ieee80211_crypt 3c59x mii floppy dm_snapshot
dm_zero dm_mirror ext3 jbd dm_mod
Jun 18 20:03:24 localhost kernel: CPU:    0
Jun 18 20:03:24 localhost kernel: EIP:    0060:[<e08cf642>]    Not tainted VLI
Jun 18 20:03:24 localhost kernel: EFLAGS: 00010206   (2.6.11-1.1383_FC5)
Jun 18 20:03:24 localhost kernel: EIP is at ieee80211_wx_set_encode+0xac/0x4ee
[ieee80211]
Jun 18 20:03:24 localhost kernel: eax: df20349c   ebx: 00000001   ecx: df20349c
  edx: 76617372
Jun 18 20:03:24 localhost kernel: esi: df20349c   edi: 00008b2a   ebp: 00000000
  esp: d4467e30
Jun 18 20:03:24 localhost kernel: ds: 007b   es: 007b   ss: 0068
Jun 18 20:03:24 localhost kernel: Process iwconfig (pid: 2990,
threadinfo=d4467000 task=d3eb2000)
Jun 18 20:03:24 localhost kernel: Stack: 000084d2 d4467eb0 d4467f54 df203280
df203000 00000000 00000000 df20349c
Jun 18 20:03:24 localhost kernel:        c03caaa0 043caaa0 00000004 00000000
00000000 00000000 00000000 00000000
Jun 18 20:03:24 localhost kernel:        00000000 00000000 00000000 00000000
00000000 00000000 00000000 00000000
Jun 18 20:03:24 localhost kernel: Call Trace:
Jun 18 20:03:24 localhost kernel:  [<c0312fe0>] wireless_process_ioctl+0x58d/0x6c3
Jun 18 20:03:24 localhost kernel:  [<e092f99e>] ipw2100_wx_set_encode+0x0/0xb
[ipw2100]
Jun 18 20:03:24 localhost kernel:  [<c03082e3>] dev_ioctl+0x237/0x280
Jun 18 20:03:24 localhost kernel:  [<c02fbe84>] sock_ioctl+0x0/0x244
Jun 18 20:03:24 localhost kernel:  [<c0193ef9>] do_ioctl+0x19/0x55
Jun 18 20:03:24 localhost kernel:  [<c0194027>] vfs_ioctl+0x50/0x1aa
Jun 18 20:03:24 localhost kernel:  [<c01941de>] sys_ioctl+0x5d/0x6b
Jun 18 20:03:24 localhost kernel:  [<c0103a51>] syscall_call+0x7/0xb
Jun 18 20:03:24 localhost kernel: Code: 89 4c 24 1c 66 85 d2 0f 88 fd 01 00 00
80 4c 24 27 04 80 4c 24 28 04 66 81 8c 24 ae 00 00 00 00 01 8b 44 24 1c 8b 10 85
d2 74 26 <8b> 42 08 85 c0 74 1f 8b 30 bf 18 01 8d e0 ac ae 75 08 84 c0 75

Comment 5 Dan Williams 2005-06-19 00:21:00 UTC

-> linville, davej's on vacation, right?  this bug sucks :)

Comment 6 John W. Linville 2005-06-20 18:05:01 UTC

Dave is planning to rebase again soon...please reopen if post-2.6.12-based 
kernels continue to have this problem...until then, I recommend sticking w/ an 
FC4 kernel, or one of my FC4-based test kernels 
(http://people.redhat.com/linville/kernels/fc4/)...

Comment 7 Kaj J. Niemi 2005-06-21 20:10:19 UTC

John, this is still an issue with 2.6.12-1.1387_FC5.

Jun 21 23:02:36 localhost kernel: divide error: 0000 [#1]
Jun 21 23:02:36 localhost kernel: Modules linked in: sunrpc dm_mod video
ibm_acpi button battery ac yenta_socket rsrc_nonstatic pcmcia_core uhci_hcd
ehci_hcd shpchp hw_random tpm_atmel tpm i2c_i801 i2c_core snd_intel8x0m
snd_intel8x0 snd_ac97_codec snd_seq_dummy snd_seq_oss snd_seq_midi_event snd_seq
snd_seq_device snd_pcm_oss snd_mixer_oss snd_pcm snd_timer snd soundcore
snd_page_alloc
ipw2100 ieee80211 ieee80211_crypt e1000 floppy ext3 jbd
Jun 21 23:02:36 localhost kernel: CPU:    0
Jun 21 23:02:36 localhost kernel: EIP:    0060:[<f8ba00d6>]    Not tainted VLI
Jun 21 23:02:36 localhost kernel: EFLAGS: 00010097   (2.6.12-1.1387_FC5)
Jun 21 23:02:36 localhost kernel: EIP is at ieee80211_wx_get_scan+0x736/0xbe6
[ieee80211]
Jun 21 23:02:36 localhost kernel: eax: fffa6412   ebx: 00059bee   ecx: 000012a6
  edx: ffffffff
Jun 21 23:02:36 localhost kernel: esi: 0000009a   edi: 00000000   ebp: c1ab5ebc
  esp: c1ab5da0
Jun 21 23:02:36 localhost kernel: ds: 007b   es: 007b   ss: 0068
Jun 21 23:02:36 localhost kernel: Process NetworkManager (pid: 2233,
threadinfo=c1ab5000 task=f7f6f550)
Jun 21 23:02:36 localhost kernel: Stack: c1ab5eb9 00000013 f8ba10e5 00000036
f8ba10e4 00000000 00000000 00000000
Jun 21 23:02:36 localhost kernel:        f6820007 c1ab5f54 c1b57280 c1b573cc
00000286 f6543000 5e8c0000 00000004
Jun 21 23:02:36 localhost kernel:        f65420a3 f654205b f6820000 00000000
00000000 00000000 00000000 00000000
Jun 21 23:02:36 localhost kernel: Call Trace:
Jun 21 23:02:36 localhost kernel:  [<c01666f3>] do_wp_page+0x2ca/0x626
Jun 21 23:02:36 localhost kernel:  [<c015ab9d>] check_poison_obj+0x24/0x17b
Jun 21 23:02:36 localhost kernel:  [<c01683f6>] handle_mm_fault+0x240/0x31d
Jun 21 23:02:36 localhost kernel:  [<c0150067>] register_aggr_kprobe+0x110/0x113
Jun 21 23:02:36 localhost kernel:  [<c0313a30>] wireless_process_ioctl+0x58d/0x6c3
Jun 21 23:02:36 localhost kernel:  [<f8bea983>] ipw2100_wx_get_scan+0x0/0xb
[ipw2100]
Jun 21 23:02:36 localhost kernel:  [<c0307e93>] dev_ioctl+0x237/0x280
Jun 21 23:02:36 localhost kernel:  [<c02fbc1c>] sock_ioctl+0x0/0x247
Jun 21 23:02:36 localhost kernel:  [<c0193f29>] do_ioctl+0x19/0x55
Jun 21 23:02:36 localhost kernel:  [<c0194057>] vfs_ioctl+0x50/0x1aa
Jun 21 23:02:36 localhost kernel:  [<c019420e>] sys_ioctl+0x5d/0x6b
Jun 21 23:02:36 localhost kernel:  [<c0103a51>] syscall_call+0x7/0xb
Jun 21 23:02:36 localhost kernel: Code: 0f be 41 5c 29 c3 8d 04 3f 01 f8 8d 04
c7 01 c0 01 c0 89 d1 c1 e1 04 29 d1 8d 34 1b 89 da c1 e2 06 29 f2 01 d1 0f af d9
29 d8 99 <f7> ff 89 c2 b8 64 00 00
00 80 fa 65 0f 42 c2 88 84 24 30 01 00

Comment 8 Dave Jones 2005-06-22 04:53:05 UTC

ok, the combination of ipw2100-1.1.0 and ipw2200-1.0.4 is incompatible. The
ieee80211 code from ipw2200 makes ipw2100 go nuts as above. The ieee80211 from
ipw2200 unfortunatly breaks the compile for ipw2100.

I'm contemplating just dropping back to the older release as we did for the FC4
release until Intel sort this mess out. The 80211 stuff really needs seperating
out, and having the drivers dependant upon specific versions of it.

Comment 9 Dave Jones 2005-10-06 06:04:27 UTC

we now use the in-kernel ipw drivers, which don't have this issue.
(Ok, they're an earlier version, but hopefully this won't get reintroduced as
they get updated).