Description of problem: Trying to boot the 2.6.27-0.398.rc9.fc10.x86_64 kernel produces a bug output. How reproducible: Everytime. Steps to Reproduce: 1. Boot 2. Wait for udev to start probing things Actual results: ------------[ cut here ]------------ kernel BUG at net/mac80211/ieee80211_i.h:764! invalid opcode: 0000 [1] SMP CPU 0 Modules linked in: b43 rfkill input_polldev snd_atiixp_modem snd_atiixp snd_seq_dummy snd_ac97_codec ac97_bus snd_seq_oss snd_seq_midi_event snd_seq snd_seq_device snd_pcm_oss snd_mixer_oss radeon snd_pcm drm snd_timer i2c_algo_bit video output snd tifm_7xx1 sdhci_pci sdhci tifm_core firewire_ohci battery ac yenta_socket mmc_core 8139cp rsrc_nonstatic shpchp soundcore wmi ssb 8139too firewire_core pcspkr i2c_piix4 mii crc_itu_t joydev i2c_core snd_page_alloc k8temp hwmon pata_atiixp pata_acpi ata_generic Pid: 1378, comm: udevd Not tainted 2.6.27-0.398.rc9.fc10.x86_64 #1 RIP: 0010:[<ffffffff8134e874>] [<ffffffff8134e874>] netdev_notify+0x43/0x94 RSP: 0018:ffff8800331b5c98 EFLAGS: 00010246 RAX: ffff880033210060 RBX: ffff8800354ea800 RCX: ffffffff81537f50 RDX: ffffffff81537f00 RSI: 000000000000000a RDI: ffffffff81537f50 RBP: ffff8800331b5cc8 R08: ffff8800331b5bc8 R09: 0000000000000292 R10: ffff8800331dc280 R11: 0000000300000000 R12: 00000000fffffffb R13: ffffffff815382e0 R14: ffff8800354ea800 R15: 000000000000000a FS: 00007f567e10b780(0000) GS:ffffffff81677700(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 000000008005003b CR2: 00007fff8612ebc0 CR3: 0000000035968000 CR4: 00000000000006e0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000400 Process udevd (pid: 1378, threadinfo ffff8800331b4000, task ffff880035f25d00) Stack: ffff8800331b5cc8 ffffffff812ca295 0000000000000000 00000000fffffffc 0000000000000000 00000000fffffffb ffff8800331b5d08 ffffffff813708df ffff8800331b5cf8 ffff8800354ea800 0000000000000000 ffff8800354ea810 Call Trace: [<ffffffff812ca295>] ? fib_rules_event+0x1b/0xfe [<ffffffff813708df>] notifier_call_chain+0x38/0x60 [<ffffffff8105c9c4>] raw_notifier_call_chain+0x14/0x16 [<ffffffff812bdcbf>] dev_change_name+0x1a2/0x1ce [<ffffffff812bdf36>] dev_ifsioc+0x24b/0x308 [<ffffffff8136c494>] ? mutex_lock+0x27/0x38 [<ffffffff812be507>] dev_ioctl+0x514/0x626 [<ffffffff810111c4>] ? mcount_call+0x5/0x31 [<ffffffff813048c3>] ? udp_ioctl+0x12/0x8b [<ffffffff812af681>] sock_ioctl+0x202/0x211 [<ffffffff810d4a2f>] vfs_ioctl+0x2f/0x7d [<ffffffff810d4ccf>] do_vfs_ioctl+0x252/0x26f [<ffffffff810d4d46>] sys_ioctl+0x5a/0x7c [<ffffffff810113aa>] system_call_fastpath+0x16/0x1b Code: 70 48 8b 82 00 02 00 00 48 85 c0 74 64 48 8b 00 48 85 c0 74 5c 48 8b 15 9b 96 1e 00 48 39 50 08 75 4f 48 39 98 10 03 00 00 75 04 <0f> 0b eb fe 4c 8d 65 d0 48 89 da 48 c7 c6 7d 12 4c 81 31 c0 4c RIP [<ffffffff8134e874>] netdev_notify+0x43/0x94 RSP <ffff8800331b5c98> ---[ end trace 789c1e6982921e6b ]---
This bug has been triaged
static inline struct ieee80211_sub_if_data * IEEE80211_DEV_TO_SUB_IF(struct net_device *dev) { struct ieee80211_local *local = wdev_priv(dev->ieee80211_ptr); BUG_ON(!local || local->mdev == dev); return netdev_priv(dev); }
I think this is an issue that was inadvertedly fixed by "mac80211: make master iface not wireless"; the code in netdev_notify() should, in 2.6.27, check if it's the master interface and if not refuse to work. I'll check out the code for 2.6.27 and post a patch for -stable.
Johannes' patch has been checked-in to the rawhide kernels...
Kernel -13 is the first 2.6.27 kernel to work for me. Thanks everyone. Closing.