435066 – mac80211 crash on boot

Bug 435066 - mac80211 crash on boot

Summary: mac80211 crash on boot

Keywords:
Status:	CLOSED CURRENTRELEASE
Alias:	None
Product:	Fedora
Classification:	Fedora
Component:	kernel
Sub Component:
Version:	8
Hardware:	x86_64
OS:	Linux
Priority:	low
Severity:	low
Target Milestone:	---
Assignee:	John W. Linville
QA Contact:	Fedora Extras Quality Assurance
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2008-02-27 04:20 UTC by Jan Kratochvil
Modified:	2008-08-02 23:40 UTC (History)
CC List:	1 user (show)
Fixed In Version:	kernel-2.6.25-0.65.rc2.git7.fc9.x86_64
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed:	2008-02-29 06:23:52 UTC
Type:	---
Embargoed:
Dependent Products:

Attachments	(Terms of Use)

Description Jan Kratochvil 2008-02-27 04:20:22 UTC

Description of problem:
Tried a new kernel and it crashed on iwconfig of my iwl3945 card.

Version-Release number of selected component (if applicable):
kernel-2.6.23.15-137.fc8.x86_64

kernel-2.6.23.14-107.fc8.x86_64 (this one works for me)

How reproducible:
Tried only once.

Steps to Reproduce:
My startup scripts contain these iwconfig commands:
  modprobe iwl3945
  sleep 2
  iwconfig wlan0 essid "foo"
  iwconfig wlan0 ap "00:4F:62:17:E3:55" 
  iwconfig wlan0 rts 0
  iwconfig wlan0 rate 2M

Actual results:
Unable to handle kernel NULL pointer dereference at 0000000000000028 RIP:
 [<ffffffff88468b05>] :mac80211:ieee80211_ioctl_siwrate+0x71/0xc0
PGD 4fe9f067 PUD 507f5067 PMD 0
Oops: 0000 [1] SMP
CPU 0
Modules linked in: iwl3945 mac80211 nf_conntrack_sane nf_conntrack_proto_udplite
nf_conntrack_proto_sctp nf_conntrack_netlink nf_nat_tftp nf_conntrack_tftp
nf_nat_snmp_basic nf_nat_sip nf_conntrack_sip nf_nat_pptp nf_conntrack_pptp
nf_conntrack_proto_gre nf_nat_proto_gre nf_nat_irc nf_conntrack_irc nf_nat_h323
nf_conntrack_h323 nf_nat_ftp nf_conntrack_ftp nf_nat_amanda ts_kmp
nf_conntrack_amanda nfsd exportfs lockd nfs_acl auth_rpcgss sunrpc tun rfcomm
l2cap ipv6 nf_conntrack_netbios_ns iptable_mangle ipt_MASQUERADE iptable_nat
nf_nat ipt_REJECT nf_conntrack_ipv4 xt_conntrack nf_conntrack nfnetlink
xt_tcpudp iptable_filter ip_tables x_tables cpufreq_ondemand acpi_cpufreq
dm_mirror dm_mod uinput kvm_intel kvm snd_usb_audio snd_seq_dummy snd_hda_intel
snd_seq_oss snd_seq_midi_event snd_seq snd_pcm_oss snd_mixer_oss snd_pcm
iTCO_wdt iTCO_vendor_support arc4 snd_timer ac thinkpad_acpi video ecb blkcipher
snd_usb_lib output i2c_i801 battery snd_rawmidi hci_usb button i2c_core pcspkr snd
_seq_device snd_page_alloc joydev snd_hwdep bluetooth snd cfg80211 hwmon
soundcore sg sr_mod cdrom ata_piix ahci libata sd_mod scsi_mod ext3 jbd mbcache
uhci_hcd ohci_hcd ehci_hcd
Pid: 10104, comm: iwconfig Not tainted 2.6.23.15-137.fc8 #1
RIP: 0010:[<ffffffff88468b05>]  [<ffffffff88468b05>]
:mac80211:ieee80211_ioctl_siwrate+0x71/0xc0
RSP: 0018:ffff810056b81cf8  EFLAGS: 00010202
RAX: ffff81007c86e920 RBX: 00000000000186a0 RCX: ffff81005786c780
RDX: ffff81007c86e920 RSI: ffff81007e760060 RDI: 0000000000000000
RBP: ffff810056b81e58 R08: ffff810056b81e58 R09: 0000000000000003
R10: 0000000000000014 R11: 0000000000000246 R12: 00000000ffffffa1
R13: ffffffff812983c0 R14: 0000000000008b20 R15: 0000000000000003
FS:  00002aaaaaac2f60(0000) GS:ffffffff813be000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000000000000028 CR3: 000000005189a000 CR4: 00000000000026e0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000400
Process iwconfig (pid: 10104, threadinfo ffff810056b80000, task ffff810069550000)
Stack:  0000000000000180 ffffffff81257c1c ffffffff88468a94 ffff81005786c000
 ffff81000000f2b0 ffff81004fe9f770 ffff810058456d10 0000000000000000
 ffff81000abdc4e0 ffffffff00000000 ffff81000abdc4e0 ffffffff8107e7c2
Call Trace:
 [<ffffffff81257c1c>] ioctl_standard_call+0x66/0x2ef
 [<ffffffff88468a94>] :mac80211:ieee80211_ioctl_siwrate+0x0/0xc0
 [<ffffffff8107e7c2>] __do_fault+0x44f/0x489
 [<ffffffff81257f56>] wext_handle_ioctl+0xb1/0x39d
 [<ffffffff88468a94>] :mac80211:ieee80211_ioctl_siwrate+0x0/0xc0
 [<ffffffff811f21cf>] dev_ioctl+0x418/0x43e
 [<ffffffff81121027>] __up_read+0x19/0x7f
 [<ffffffff811e5846>] sock_ioctl+0x1db/0x1e5
 [<ffffffff810a768d>] do_ioctl+0x21/0x6b
 [<ffffffff810a791a>] vfs_ioctl+0x243/0x25c
 [<ffffffff810a798c>] sys_ioctl+0x59/0x79
 [<ffffffff8100bd45>] tracesys+0xd5/0xda


Code: 44 8b 4f 28 31 f6 31 d2 eb 35 48 8b 47 18 8b 04 10 48 83 c2
RIP  [<ffffffff88468b05>] :mac80211:ieee80211_ioctl_siwrate+0x71/0xc0
 RSP <ffff810056b81cf8>
CR2: 0000000000000028

Expected results:
No crash.

Additional info:
I can try rebooting it again if it is required.

Comment 1 John W. Linville 2008-02-27 13:40:30 UTC

Before we go further, could you recreate this on a more recent kernel?

   http://koji.fedoraproject.org/koji/buildinfo?buildID=39121

Comment 2 Jan Kratochvil 2008-02-29 06:23:52 UTC

OK, it works now on:
  kernel-2.6.25-0.65.rc2.git7.fc9.x86_64
(although this crashes inside KVM different ways, out of the scope of this Bug)

Note You need to log in before you can comment on or make changes to this bug.