Bug 482990
| Summary: | RHEL 5.3 GA kernel panics when RF Kill is on in 5100/5300 AGN | ||
|---|---|---|---|
| Product: | Red Hat Enterprise Linux 5 | Reporter: | Huzaifa S. Sidhpurwala <huzaifas> |
| Component: | kernel | Assignee: | John W. Linville <linville> |
| Status: | CLOSED ERRATA | QA Contact: | Red Hat Kernel QE team <kernel-qe> |
| Severity: | urgent | Docs Contact: | |
| Priority: | urgent | ||
| Version: | 5.3 | CC: | anton.fang, codezilla, dhoward, dzickus, eteo, jpirko, jturner, lkundrak, lwang, mmilgram, peterm, tao, walicki |
| Target Milestone: | rc | Keywords: | ZStream |
| Target Release: | 5.4 | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | Bug Fix | |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2009-09-02 08:08:57 UTC | Type: | --- |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
| Bug Depends On: | 518583 | ||
| Bug Blocks: | 483701, 489846 | ||
| Attachments: | |||
|
Description
Huzaifa S. Sidhpurwala
2009-01-29 07:56:21 UTC
Created attachment 330327 [details]
Kernel panic screen shot
Created attachment 330328 [details]
lspci -vv output
Note: Removing iwl5100-firmware and booting with RF Kill on, does not panic the kernel. Initial core analysis (via CAS):
Your corefile is ready for you
You may view it at core-i386.gsslab.rdu.redhat.com
Login with kerberos name/password
$ cd /cores/20090203111715/work
/cores/20090203111715/work$ ./crash
Backtrace
KERNEL: /cores/20090203111715/work/vmlinux
DUMPFILE: /cores/20090203111715/work/vmcore
CPUS: 2
DATE: Thu Jan 29 22:13:00 2009
UPTIME: 00:02:27
LOAD AVERAGE: 0.36, 0.18, 0.06
TASKS: 121
NODENAME: shazarik.csb
RELEASE: 2.6.18-128.el5
VERSION: #1 SMP Wed Dec 17 11:42:39 EST 2008
MACHINE: i686 (2394 Mhz)
MEMORY: 2 GB
PANIC: "Oops: 0000 [#1]" (check log for details)
PID: 1153 TASK: f718e550 CPU: 0 COMMAND: "iwlagn"
#0 [f718fdd8] crash_kexec at c0442d02
#1 [f718fe1c] die at c04064c6
#2 [f718fe4c] do_page_fault at c0611187
#3 [f718fe84] error_code (via page_fault) at c0405a87
EAX: f5552020 EBX: f5552010 ECX: 00000000 EDX: f5552f00 EBP:
00000008
DS: 007b ESI: f76f7800 ES: 007b EDI: f5552000
CS: 0060 EIP: c05bdd98 ERR: ffffffff EFLAGS: 00010283
#4 [f718feb8] wireless_send_event at c05bdd98
#5 [f718fee0] ieee80211_scan_completed at f8c0f6f7
#6 [f718ff0c] ieee80211_sta_work at f8c12f25
#7 [f718ff70] run_workqueue at c0431897
#8 [f718ff8c] worker_thread at c0432149
#9 [f718ffcc] kthread at c043455b
#10 [f718ffe4] kernel_thread_helper at c0405c51
PID: 0 TASK: ca0ab550 CPU: 1 COMMAND: "swapper"
#0 [ca0afea0] crash_nmi_callback at c04193c1
#1 [ca0afeec] do_nmi at c0406828
#2 [ca0aff14] nmi at c0405b29
EAX: 00001000 EBX: 00001050 ECX: 00000008 EDX: 00001050 EBP:
ca0aff7c
DS: 007b ESI: ca0aff64 ES: 007b EDI: 00000000
CS: 0060 EIP: c0508d2a ERR: 00001000 EFLAGS: 00000046
#3 [ca0aff48] acpi_os_read_port at c0508d2a
#4 [ca0aff58] acpi_hw_register_read at c0515316
#5 [ca0aff74] acpi_set_register at c05155a6
#6 [ca0aff90] acpi_processor_idle at c05265e6
#7 [ca0affb4] cpu_idle at c0403ca6
ZONE NAME SIZE FREE MEM_MAP START_PADDR START_MAPNR
0 DMA 4096 3048 c9000000 0 0
AREA SIZE FREE_AREA_STRUCT BLOCKS PAGES
0 4k c0682284 2 2
1 8k c0682290 5 10
2 16k c068229c 3 12
3 32k c06822a8 4 32
4 64k c06822b4 3 48
5 128k c06822c0 2 64
6 256k c06822cc 1 64
7 512k c06822d8 0 0
8 1024k c06822e4 1 256
9 2048k c06822f0 1 512
10 4096k c06822fc 2 2048
ZONE NAME SIZE FREE MEM_MAP START_PADDR START_MAPNR
1 DMA32 0 0 0 0 0
ZONE NAME SIZE FREE MEM_MAP START_PADDR START_MAPNR
2 Normal 225280 165871 c9020000 1000000 4096
AREA SIZE FREE_AREA_STRUCT BLOCKS PAGES
0 4k c0684784 1 1
1 8k c0684790 5 10
2 16k c068479c 1 4
3 32k c06847a8 0 0
4 64k c06847b4 0 0
5 128k c06847c0 1 32
6 256k c06847cc 1 64
7 512k c06847d8 1 128
8 1024k c06847e4 1 256
9 2048k c06847f0 1 512
10 4096k c06847fc 161 164864
ZONE NAME SIZE FREE MEM_MAP START_PADDR START_MAPNR
3 HighMem 281600 189156 c9700000 38000000 229376
AREA SIZE FREE_AREA_STRUCT BLOCKS PAGES
0 4k c0685a04 0 0
1 8k c0685a10 0 0
2 16k c0685a1c 1 4
3 32k c0685a28 0 0
4 64k c0685a34 0 0
5 128k c0685a40 1 32
6 256k c0685a4c 1 64
7 512k c0685a58 1 128
8 1024k c0685a64 0 0
9 2048k c0685a70 1 512
10 4096k c0685a7c 184 188416
nr_free_pages: 358075 (verified)
Linux version 2.6.18-128.el5 (mockbuild.redhat.com) (gcc
version 4.1.2 20080704 (Red Hat 4.1.2-44)) #1 SMP Wed Dec 17 11:42:39 EST
2008
BIOS-provided physical RAM map:
BIOS-e820: 0000000000000000 - 000000000009ec00 (usable)
BIOS-e820: 000000000009ec00 - 00000000000a0000 (reserved)
BIOS-e820: 00000000000dc000 - 0000000000100000 (reserved)
BIOS-e820: 0000000000100000 - 000000007c6a1000 (usable)
BIOS-e820: 000000007c6a1000 - 000000007c6a7000 (reserved)
BIOS-e820: 000000007c6a7000 - 000000007c7b7000 (usable)
BIOS-e820: 000000007c7b7000 - 000000007c80f000 (reserved)
BIOS-e820: 000000007c80f000 - 000000007c8c7000 (usable)
BIOS-e820: 000000007c8c7000 - 000000007c8d2000 (ACPI NVS)
BIOS-e820: 000000007c8d2000 - 000000007c8d5000 (ACPI data)
BIOS-e820: 000000007c8d5000 - 000000007c8d9000 (reserved)
BIOS-e820: 000000007c8d9000 - 000000007c8dd000 (ACPI NVS)
BIOS-e820: 000000007c8dd000 - 000000007c8e0000 (reserved)
BIOS-e820: 000000007c8e0000 - 000000007c907000 (ACPI NVS)
BIOS-e820: 000000007c907000 - 000000007c908000 (ACPI data)
BIOS-e820: 000000007c908000 - 000000007cb0f000 (reserved)
BIOS-e820: 000000007cb0f000 - 000000007cb9f000 (ACPI NVS)
BIOS-e820: 000000007cb9f000 - 000000007cbff000 (ACPI data)
BIOS-e820: 000000007cbff000 - 000000007cc00000 (usable)
BIOS-e820: 000000007cc00000 - 000000007f000000 (reserved)
BIOS-e820: 00000000e0000000 - 00000000f0000000 (reserved)
BIOS-e820: 00000000fec00000 - 00000000fec10000 (reserved)
BIOS-e820: 00000000fed00000 - 00000000fed00400 (reserved)
BIOS-e820: 00000000fed10000 - 00000000fed14000 (reserved)
BIOS-e820: 00000000fed18000 - 00000000fed1a000 (reserved)
BIOS-e820: 00000000fed1c000 - 00000000fed90000 (reserved)
BIOS-e820: 00000000fee00000 - 00000000fee01000 (reserved)
BIOS-e820: 00000000ff800000 - 0000000100000000 (reserved)
1100MB HIGHMEM available.
896MB LOWMEM available.
found SMP MP-table at 000f73c0
Using x86 segment limits to approximate NX protection
On node 0 totalpages: 510976
DMA zone: 4096 pages, LIFO batch:0
Normal zone: 225280 pages, LIFO batch:31
HighMem zone: 281600 pages, LIFO batch:31
DMI present.
Using APIC driver default
ACPI: RSDP (v002 LENOVO ) @ 0x000f7380
ACPI: XSDT (v001 LENOVO TP-6D 0x00001100 LTP 0x00000000) @ 0x7cb7bec3
ACPI: FADT (v003 LENOVO TP-6D 0x00001100 LNVO 0x00000001) @ 0x7cb7c000
ACPI: SSDT (v001 LENOVO TP-6D 0x00001100 MSFT 0x03000000) @ 0x7cb7c1b4
ACPI: ECDT (v001 LENOVO TP-6D 0x00001100 LNVO 0x00000001) @ 0x7cb89d04
ACPI: MADT (v001 LENOVO TP-6D 0x00001100 LNVO 0x00000001) @ 0x7cb89d56
ACPI: MCFG (v001 LENOVO TP-6D 0x00001100 LNVO 0x00000001) @ 0x7cb89dce
ACPI: HPET (v001 LENOVO TP-6D 0x00001100 LNVO 0x00000001) @ 0x7cb89e0a
ACPI: BOOT (v001 LENOVO TP-6D 0x00001100 LTP 0x00000001) @ 0x7cb89f38
ACPI: ASF! (v016 LENOVO TP-6D 0x00001100 PTL 0x00000001) @ 0x7cb89f60
ACPI: SSDT (v001 LENOVO TP-6D 0x00001100 INTL 0x20050513) @ 0x7cb8d203
ACPI: TCPA (v000 0x00000000 0x00000000) @ 0x7c907000
ACPI: SSDT (v001 PmRef CpuPm 0x00003000 INTL 0x20050624) @ 0x7c8d4000
ACPI: SSDT (v001 PmRef Cpu0Tst 0x00003000 INTL 0x20050624) @ 0x7c8d3000
ACPI: SSDT (v001 PmRef ApTst 0x00003000 INTL 0x20050624) @ 0x7c8d2000
ACPI: DSDT (v001 LENOVO TP-6D 0x00001100 MSFT 0x03000000) @ 0x00000000
ACPI: PM-Timer IO Port: 0x1008
ACPI: Local APIC address 0xfee00000
ACPI: LAPIC (acpi_id[0x00] lapic_id[0x00] enabled)
Processor #0 7:7 APIC version 20
ACPI: LAPIC (acpi_id[0x01] lapic_id[0x01] enabled)
Processor #1 7:7 APIC version 20
ACPI: LAPIC (acpi_id[0x02] lapic_id[0x02] disabled)
ACPI: LAPIC (acpi_id[0x03] lapic_id[0x03] disabled)
ACPI: LAPIC_NMI (acpi_id[0x00] high edge lint[0x1])
ACPI: LAPIC_NMI (acpi_id[0x01] high edge lint[0x1])
ACPI: IOAPIC (id[0x01] address[0xfec00000] gsi_base[0])
IOAPIC[0]: apic_id 1, version 32, address 0xfec00000, GSI 0-23
ACPI: INT_SRC_OVR (bus 0 bus_irq 0 global_irq 2 dfl dfl)
ACPI: INT_SRC_OVR (bus 0 bus_irq 9 global_irq 9 high level)
ACPI: IRQ0 used by override.
ACPI: IRQ2 used by override.
ACPI: IRQ9 used by override.
Enabling APIC mode: Flat. Using 1 I/O APICs
ACPI: HPET id: 0x8086a201 base: 0xfed00000
Using ACPI (MADT) for SMP configuration information
Allocating PCI resources starting at 80000000 (gap: 7f000000:61000000)
Detected 2394.186 MHz processor.
Built 1 zonelists. Total pages: 510976
Kernel command line: ro root=/dev/HelpdeskRHEL5/Root rhgb quiet
crashkernel=128M@16M
mapped APIC to ffffd000 (fee00000)
mapped IOAPIC to ffffc000 (fec00000)
Enabling fast FPU save and restore... done.
Enabling unmasked SIMD FPU exception support... done.
Initializing CPU#0
CPU 0 irqstacks, hard=c0754000 soft=c0734000
PID hash table entries: 4096 (order: 12, 16384 bytes)
Console: colour VGA+ 80x25
Dentry cache hash table entries: 131072 (order: 7, 524288 bytes)
Inode-cache hash table entries: 65536 (order: 6, 262144 bytes)
Memory: 1883864k/2043904k available (2122k kernel code, 155160k reserved,
884k data, 228k init, 1122728k highmem)
Checking if this processor honours the WP bit even in supervisor mode...
Ok.
hpet0: at MMIO 0xfed00000 (virtual 0xf8800000), IRQs 2, 8, 0, 0
hpet0: 4 64-bit timers, 14318180 Hz
Using HPET for base-timer
Calibrating delay using timer specific routine.. 4791.57 BogoMIPS
(lpj=2395786)
Security Framework v1.0.0 initialized
SELinux: Initializing.
SELinux: Starting in permissive mode
selinux_register_security: Registering secondary module capability
Capability LSM initialized as secondary
Mount-cache hash table entries: 512
CPU: After generic identify, caps: bfebfbff 20100000 00000000 00000000
0008e3fd 00000000 00000001
CPU: After vendor identify, caps: bfebfbff 20100000 00000000 00000000
0008e3fd 00000000 00000001
monitor/mwait feature present.
using mwait in idle threads.
CPU: L1 I cache: 32K, L1 D cache: 32K
CPU: L2 cache: 3072K
CPU: Physical Processor ID: 0
CPU: Processor Core ID: 0
CPU: After all inits, caps: bfebf3ff 20100000 00000000 00000940 0008e3fd
00000000 00000001
Intel machine check architecture supported.
Intel machine check reporting enabled on CPU#0.
Checking 'hlt' instruction... OK.
SMP alternatives: switching to UP code
ACPI: Core revision 20060707
CPU0: Intel(R) Core(TM)2 Duo CPU P8600 @ 2.40GHz stepping 06
SMP alternatives: switching to SMP code
Booting processor 1/1 eip 3000
CPU 1 irqstacks, hard=c0755000 soft=c0735000
Initializing CPU#1
Calibrating delay using timer specific routine.. 4787.98 BogoMIPS
(lpj=2393990)
CPU: After generic identify, caps: bfebfbff 20100000 00000000 00000000
0008e3fd 00000000 00000001
CPU: After vendor identify, caps: bfebfbff 20100000 00000000 00000000
0008e3fd 00000000 00000001
monitor/mwait feature present.
CPU: L1 I cache: 32K, L1 D cache: 32K
CPU: L2 cache: 3072K
CPU: Physical Processor ID: 0
CPU: Processor Core ID: 1
CPU: After all inits, caps: bfebf3ff 20100000 00000000 00000940 0008e3fd
00000000 00000001
Intel machine check architecture supported.
Intel machine check reporting enabled on CPU#1.
CPU1: Intel(R) Core(TM)2 Duo CPU P8600 @ 2.40GHz stepping 06
Total of 2 processors activated (9579.55 BogoMIPS).
ENABLING IO-APIC IRQs
..TIMER: vector=0x31 apic1=0 pin1=2 apic2=-1 pin2=-1
checking TSC synchronization across 2 CPUs: passed.
Brought up 2 CPUs
sizeof(vma)=84 bytes
sizeof(page)=32 bytes
sizeof(inode)=340 bytes
sizeof(dentry)=136 bytes
sizeof(ext3inode)=492 bytes
sizeof(buffer_head)=52 bytes
sizeof(skbuff)=172 bytes
migration_cost=21
checking if image is initramfs... it is
Freeing initrd memory: 3133k freed
NET: Registered protocol family 16
ACPI: ACPI Dock Station Driver
ACPI: \_SB_.PCI0.SATA.PRT1: found ejectable bay
ACPI: \_SB_.PCI0.SATA.PRT1: Adding notify handler
ACPI: \_SB_.PCI0.SATA.PRT1: Is dependent on dock
ACPI: Bay [\_SB_.PCI0.SATA.PRT1] Added
ACPI: bus type pci registered
PCI: Using MMCONFIG
Setting up standard PCI resources
ACPI: Found ECDT
ACPI: Interpreter enabled
ACPI: Using IOAPIC for interrupt routing
ACPI: PCI Interrupt Link [LNKA] (IRQs 3 4 5 6 7 9 10 *11)
ACPI: PCI Interrupt Link [LNKB] (IRQs 3 4 5 6 7 9 10 *11)
ACPI: PCI Interrupt Link [LNKC] (IRQs 3 4 5 6 7 9 10 *11)
ACPI: PCI Interrupt Link [LNKD] (IRQs 3 4 5 6 7 9 10 *11)
ACPI: PCI Interrupt Link [LNKE] (IRQs 3 4 5 6 7 9 10 *11)
ACPI: PCI Interrupt Link [LNKF] (IRQs 3 4 5 6 7 9 10 *11)
ACPI: PCI Interrupt Link [LNKG] (IRQs 3 4 5 6 7 9 10 *11)
ACPI: PCI Interrupt Link [LNKH] (IRQs 3 4 5 6 7 9 10 *11)
ACPI: PCI Root Bridge [PCI0] (0000:00)
Boot video device is 0000:00:02.0
PCI: Transparent bridge - 0000:00:1e.0
ACPI: PCI Interrupt Routing Table [\_SB_.PCI0._PRT]
ACPI: Embedded Controller [EC] (gpe 17) interrupt mode.
ACPI: Power Resource [PUBS] (on)
ACPI: PCI Interrupt Routing Table [\_SB_.PCI0.EXP0._PRT]
ACPI: PCI Interrupt Routing Table [\_SB_.PCI0.EXP1._PRT]
ACPI: PCI Interrupt Routing Table [\_SB_.PCI0.EXP3._PRT]
Linux Plug and Play Support v0.97 (c) Adam Belay
pnp: PnP ACPI init
pnp: PnP ACPI: found 10 devices
usbcore: registered new driver usbfs
usbcore: registered new driver hub
PCI: Using ACPI for IRQ routing
PCI: If a device doesn't work, try "pci=routeirq". If it helps, post a
report
NetLabel: Initializing
NetLabel: domain hash size = 128
NetLabel: protocols = UNLABELED CIPSOv4
NetLabel: unlabeled traffic allowed by default
PCI: Ignore bogus resource 6 [0:0] of 0000:00:02.0
PCI: Bridge: 0000:00:1c.0
IO window: disabled.
MEM window: disabled.
PREFETCH window: disabled.
PCI: Bridge: 0000:00:1c.1
IO window: disabled.
MEM window: f2500000-f25fffff
PREFETCH window: disabled.
PCI: Bridge: 0000:00:1c.3
IO window: 2000-2fff
MEM window: f0000000-f1ffffff
PREFETCH window: f2900000-f29fffff
PCI: Bridge: 0000:00:1e.0
IO window: disabled.
MEM window: disabled.
PREFETCH window: disabled.
ACPI: PCI Interrupt 0000:00:1c.0[A] -> GSI 20 (level, low) -> IRQ 169
PCI: Setting latency timer of device 0000:00:1c.0 to 64
ACPI: PCI Interrupt 0000:00:1c.1[B] -> GSI 21 (level, low) -> IRQ 177
PCI: Setting latency timer of device 0000:00:1c.1 to 64
ACPI: PCI Interrupt 0000:00:1c.3[D] -> GSI 23 (level, low) -> IRQ 185
PCI: Setting latency timer of device 0000:00:1c.3 to 64
PCI: Setting latency timer of device 0000:00:1e.0 to 64
NET: Registered protocol family 2
IP route cache hash table entries: 32768 (order: 5, 131072 bytes)
TCP established hash table entries: 131072 (order: 8, 1048576 bytes)
TCP bind hash table entries: 65536 (order: 7, 524288 bytes)
TCP: Hash tables configured (established 131072 bind 65536)
TCP reno registered
Simple Boot Flag at 0x35 set to 0x1
apm: BIOS not found.
audit: initializing netlink socket (disabled)
type=2000 audit(1233304832.824:1): initialized
highmem bounce pool size: 64 pages
Total HugeTLB memory allocated, 0
VFS: Disk quotas dquot_6.5.1
Dquot-cache hash table entries: 1024 (order 0, 4096 bytes)
SELinux: Registering netfilter hooks
Initializing Cryptographic API
alg: No test for crc32c (crc32c-generic)
ksign: Installing public key data
Loading keyring
- Added public key 31B497468CDD12CF
- User ID: Red Hat, Inc. (Kernel Module GPG key)
io scheduler noop registered
io scheduler anticipatory registered
io scheduler deadline registered
io scheduler cfq registered (default)
PCI: Setting latency timer of device 0000:00:1c.0 to 64
assign_interrupt_mode Found MSI capability
Allocate Port Service[0000:00:1c.0:pcie00]
Allocate Port Service[0000:00:1c.0:pcie02]
Allocate Port Service[0000:00:1c.0:pcie03]
PCI: Setting latency timer of device 0000:00:1c.1 to 64
assign_interrupt_mode Found MSI capability
Allocate Port Service[0000:00:1c.1:pcie00]
Allocate Port Service[0000:00:1c.1:pcie02]
Allocate Port Service[0000:00:1c.1:pcie03]
PCI: Setting latency timer of device 0000:00:1c.3 to 64
assign_interrupt_mode Found MSI capability
Allocate Port Service[0000:00:1c.3:pcie00]
Allocate Port Service[0000:00:1c.3:pcie02]
Allocate Port Service[0000:00:1c.3:pcie03]
pci_hotplug: PCI Hot Plug PCI Core version: 0.5
ACPI (exconfig-0456): Dynamic SSDT Load - OemId [ PmRef] OemTableId [
Cpu0Ist] [20060707]
ACPI (exconfig-0456): Dynamic SSDT Load - OemId [ PmRef] OemTableId [
Cpu0Cst] [20060707]
ACPI: CPU0 (power states: C1[C1] C2[C2] C3[C3])
ACPI: Processor [CPU0] (supports 8 throttling states)
ACPI (exconfig-0456): Dynamic SSDT Load - OemId [ PmRef] OemTableId [
ApIst] [20060707]
ACPI (exconfig-0456): Dynamic SSDT Load - OemId [ PmRef] OemTableId [
ApCst] [20060707]
ACPI: CPU1 (power states: C1[C1] C2[C2] C3[C3])
ACPI: Processor [CPU1] (supports 8 throttling states)
ACPI: Thermal Zone [THM0] (44 C)
ACPI: Thermal Zone [THM1] (40 C)
Real Time Clock Driver v1.12ac
hpet_resources: 0xfed00000 is busy
Non-volatile memory driver v1.2
Linux agpgart interface v0.101 (c) Dave Jones
agpgart: Detected an Intel Mobile Intel(r) GM45 Express Chipset.
agpgart: Detected 32764K stolen memory.
agpgart: AGP aperture is 256M @ 0xd0000000
Serial: 8250/16550 driver $Revision: 1.90 $ 4 ports, IRQ sharing enabled
ACPI: PCI Interrupt 0000:00:03.3[B] -> GSI 17 (level, low) -> IRQ 225
0000:00:03.3: ttyS0 at I/O 0x1830 (irq = 225) is a 16550A
RAMDISK driver initialized: 16 RAM disks of 16384K size 4096 blocksize
Uniform Multi-Platform E-IDE driver Revision: 7.00alpha2
ide: Assuming 33MHz system bus speed for PIO modes; override with
idebus=xx
Probing IDE interface ide0...
Probing IDE interface ide1...
ide-floppy driver 0.99.newide
usbcore: registered new driver hiddev
usbcore: registered new driver usbhid
drivers/usb/input/hid-core.c: v2.6:USB HID core driver
PNP: PS/2 Controller [PNP0303:KBD,PNP0f13:MOU] at 0x60,0x64 irq 1,12
serio: i8042 KBD port at 0x60,0x64 irq 1
serio: i8042 AUX port at 0x60,0x64 irq 12
mice: PS/2 mouse device common for all mice
md: md driver 0.90.3 MAX_MD_DEVS=256, MD_SB_DISKS=27
md: bitmap version 4.39
TCP bic registered
Initializing IPsec netlink socket
NET: Registered protocol family 1
NET: Registered protocol family 17
Using IPI No-Shortcut mode
ACPI: (supports S0 S3 S4 S5)
Freeing unused kernel memory: 228k freed
Write protecting the kernel read-only data: 397k
Time: tsc clocksource has been installed.
Time: hpet clocksource has been installed.
input: AT Translated Set 2 keyboard as /class/input/input0
ACPI: PCI Interrupt 0000:00:1a.7[D] -> GSI 23 (level, low) -> IRQ 185
PCI: Setting latency timer of device 0000:00:1a.7 to 64
ehci_hcd 0000:00:1a.7: EHCI Host Controller
ehci_hcd 0000:00:1a.7: new USB bus registered, assigned bus number 1
ehci_hcd 0000:00:1a.7: debug port 1
PCI: cache line size of 32 is not supported by device 0000:00:1a.7
ehci_hcd 0000:00:1a.7: irq 185, io mem 0xf2826c00
ehci_hcd 0000:00:1a.7: USB 2.0 started, EHCI 1.00, driver 10 Dec 2004
usb usb1: configuration #1 chosen from 1 choice
hub 1-0:1.0: USB hub found
hub 1-0:1.0: 6 ports detected
ACPI: PCI Interrupt 0000:00:1d.7[D] -> GSI 19 (level, low) -> IRQ 233
PCI: Setting latency timer of device 0000:00:1d.7 to 64
ehci_hcd 0000:00:1d.7: EHCI Host Controller
ehci_hcd 0000:00:1d.7: new USB bus registered, assigned bus number 2
ehci_hcd 0000:00:1d.7: debug port 1
PCI: cache line size of 32 is not supported by device 0000:00:1d.7
ehci_hcd 0000:00:1d.7: irq 233, io mem 0xf2827000
ehci_hcd 0000:00:1d.7: USB 2.0 started, EHCI 1.00, driver 10 Dec 2004
usb usb2: configuration #1 chosen from 1 choice
hub 2-0:1.0: USB hub found
hub 2-0:1.0: 6 ports detected
ohci_hcd: 2005 April 22 USB 1.1 'Open' Host Controller (OHCI) Driver
(PCI)
USB Universal Host Controller Interface driver v3.0
ACPI: PCI Interrupt 0000:00:1a.0[A] -> GSI 20 (level, low) -> IRQ 169
PCI: Setting latency timer of device 0000:00:1a.0 to 64
uhci_hcd 0000:00:1a.0: UHCI Host Controller
uhci_hcd 0000:00:1a.0: new USB bus registered, assigned bus number 3
uhci_hcd 0000:00:1a.0: irq 169, io base 0x00001860
usb usb3: configuration #1 chosen from 1 choice
hub 3-0:1.0: USB hub found
hub 3-0:1.0: 2 ports detected
IBM TrackPoint firmware: 0x0e, buttons: 3/3
input: TPPS/2 IBM TrackPoint as /class/input/input1
ACPI: PCI Interrupt 0000:00:1a.1[B] -> GSI 21 (level, low) -> IRQ 177
PCI: Setting latency timer of device 0000:00:1a.1 to 64
uhci_hcd 0000:00:1a.1: UHCI Host Controller
uhci_hcd 0000:00:1a.1: new USB bus registered, assigned bus number 4
uhci_hcd 0000:00:1a.1: irq 177, io base 0x00001880
usb usb4: configuration #1 chosen from 1 choice
hub 4-0:1.0: USB hub found
hub 4-0:1.0: 2 ports detected
ACPI: PCI Interrupt 0000:00:1a.2[C] -> GSI 22 (level, low) -> IRQ 50
PCI: Setting latency timer of device 0000:00:1a.2 to 64
uhci_hcd 0000:00:1a.2: UHCI Host Controller
uhci_hcd 0000:00:1a.2: new USB bus registered, assigned bus number 5
uhci_hcd 0000:00:1a.2: irq 50, io base 0x000018a0
usb usb5: configuration #1 chosen from 1 choice
hub 5-0:1.0: USB hub found
hub 5-0:1.0: 2 ports detected
ACPI: PCI Interrupt 0000:00:1d.0[A] -> GSI 16 (level, low) -> IRQ 58
PCI: Setting latency timer of device 0000:00:1d.0 to 64
uhci_hcd 0000:00:1d.0: UHCI Host Controller
uhci_hcd 0000:00:1d.0: new USB bus registered, assigned bus number 6
uhci_hcd 0000:00:1d.0: irq 58, io base 0x000018c0
usb usb6: configuration #1 chosen from 1 choice
hub 6-0:1.0: USB hub found
hub 6-0:1.0: 2 ports detected
ACPI: PCI Interrupt 0000:00:1d.1[B] -> GSI 17 (level, low) -> IRQ 225
PCI: Setting latency timer of device 0000:00:1d.1 to 64
uhci_hcd 0000:00:1d.1: UHCI Host Controller
uhci_hcd 0000:00:1d.1: new USB bus registered, assigned bus number 7
uhci_hcd 0000:00:1d.1: irq 225, io base 0x000018e0
usb usb7: configuration #1 chosen from 1 choice
hub 7-0:1.0: USB hub found
hub 7-0:1.0: 2 ports detected
usb 4-1: new full speed USB device using uhci_hcd and address 2
ACPI: PCI Interrupt 0000:00:1d.2[C] -> GSI 18 (level, low) -> IRQ 66
PCI: Setting latency timer of device 0000:00:1d.2 to 64
uhci_hcd 0000:00:1d.2: UHCI Host Controller
uhci_hcd 0000:00:1d.2: new USB bus registered, assigned bus number 8
uhci_hcd 0000:00:1d.2: irq 66, io base 0x00001c00
usb usb8: configuration #1 chosen from 1 choice
hub 8-0:1.0: USB hub found
hub 8-0:1.0: 2 ports detected
usb 4-1: configuration #1 chosen from 1 choice
SCSI subsystem initialized
libata version 3.00 loaded.
ahci 0000:00:1f.2: version 3.0
ACPI: PCI Interrupt 0000:00:1f.2[B] -> GSI 16 (level, low) -> IRQ 58
ahci 0000:00:1f.2: AHCI 0001.0200 32 slots 4 ports 3 Gbps 0x3 impl SATA
mode
ahci 0000:00:1f.2: flags: 64bit ncq sntf stag pm led clo pio slum part
PCI: Setting latency timer of device 0000:00:1f.2 to 64
scsi0 : ahci
scsi1 : ahci
scsi2 : ahci
scsi3 : ahci
ata1: SATA max UDMA/133 abar m2048@0xf2826000 port 0xf2826100 irq 74
ata2: SATA max UDMA/133 abar m2048@0xf2826000 port 0xf2826180 irq 74
ata3: DUMMY
ata4: DUMMY
ata1: SATA link up 1.5 Gbps (SStatus 113 SControl 300)
ata1.00: ACPI cmd ef/02:00:00:00:00:a0 succeeded
ata1.00: ACPI cmd f5/00:00:00:00:00:a0 filtered out
ata1.00: ACPI cmd ef/5f:00:00:00:00:a0 succeeded
ata1.00: ACPI cmd ef/10:03:00:00:00:a0 succeeded
ata1.00: ATA-7: ST9160823AS, 3.CME, max UDMA/100
ata1.00: 312581808 sectors, multi 16: LBA48 NCQ (depth 31/32)
ata1.00: ACPI cmd ef/02:00:00:00:00:a0 succeeded
ata1.00: ACPI cmd f5/00:00:00:00:00:a0 filtered out
ata1.00: ACPI cmd ef/5f:00:00:00:00:a0 succeeded
ata1.00: ACPI cmd ef/10:03:00:00:00:a0 succeeded
ata1.00: configured for UDMA/100
ata1.00: configured for UDMA/100
ata1: EH complete
ata2: SATA link down (SStatus 0 SControl 300)
Vendor: ATA Model: ST9160823AS Rev: 3.CM
Type: Direct-Access ANSI SCSI revision: 05
SCSI device sda: 312581808 512-byte hdwr sectors (160042 MB)
sda: Write Protect is off
sda: Mode Sense: 00 3a 00 00
SCSI device sda: drive cache: write back
SCSI device sda: 312581808 512-byte hdwr sectors (160042 MB)
sda: Write Protect is off
sda: Mode Sense: 00 3a 00 00
SCSI device sda: drive cache: write back
sda: sda1 sda2
sd 0:0:0:0: Attached scsi disk sda
device-mapper: uevent: version 1.0.3
device-mapper: ioctl: 4.11.5-ioctl (2007-12-12) initialised:
dm-devel
device-mapper: dm-raid45: initialized v0.2429
kjournald starting. Commit interval 5 seconds
EXT3-fs: mounted filesystem with ordered data mode.
type=1404 audit(1233304857.378:2): enforcing=1 old_enforcing=0
auid=4294967295 ses=4294967295
security: 3 users, 6 roles, 1914 types, 234 bools, 1 sens, 1024 cats
security: 61 classes, 69084 rules
SELinux: Completing initialization.
SELinux: Setting up existing superblocks.
SELinux: initialized (dev dm-0, type ext3), uses xattr
SELinux: initialized (dev usbfs, type usbfs), uses genfs_contexts
SELinux: initialized (dev tmpfs, type tmpfs), uses transition SIDs
SELinux: initialized (dev debugfs, type debugfs), uses genfs_contexts
SELinux: initialized (dev selinuxfs, type selinuxfs), uses genfs_contexts
SELinux: initialized (dev mqueue, type mqueue), uses transition SIDs
SELinux: initialized (dev hugetlbfs, type hugetlbfs), uses genfs_contexts
SELinux: initialized (dev devpts, type devpts), uses transition SIDs
SELinux: initialized (dev eventpollfs, type eventpollfs), uses task SIDs
SELinux: initialized (dev inotifyfs, type inotifyfs), uses genfs_contexts
SELinux: initialized (dev tmpfs, type tmpfs), uses transition SIDs
SELinux: initialized (dev futexfs, type futexfs), uses genfs_contexts
SELinux: initialized (dev anon_inodefs, type anon_inodefs), uses
genfs_contexts
SELinux: initialized (dev pipefs, type pipefs), uses task SIDs
SELinux: initialized (dev sockfs, type sockfs), uses task SIDs
SELinux: initialized (dev cpuset, type cpuset), uses genfs_contexts
SELinux: initialized (dev proc, type proc), uses genfs_contexts
SELinux: initialized (dev bdev, type bdev), uses genfs_contexts
SELinux: initialized (dev rootfs, type rootfs), uses genfs_contexts
SELinux: initialized (dev sysfs, type sysfs), uses genfs_contexts
type=1403 audit(1233304857.627:3): policy loaded auid=4294967295
ses=4294967295
iwlagn: Intel(R) Wireless WiFi Link AGN driver for Linux, 1.3.27ks
iwlagn: Copyright(c) 2003-2008 Intel Corporation
ACPI: PCI Interrupt 0000:03:00.0[A] -> GSI 17 (level, low) -> IRQ 225
PCI: Setting latency timer of device 0000:03:00.0 to 64
iwlagn: Detected Intel Wireless WiFi Link 5100AGN REV=0x54
iwlagn: Tunable channels: 13 802.11bg, 24 802.11a channels
ACPI: PCI interrupt for device 0000:03:00.0 disabled
phy0: Selected rate control algorithm 'iwl-agn-rs'
e1000e: Intel(R) PRO/1000 Network Driver - 0.3.3.3-k4
e1000e: Copyright (c) 1999-2008 Intel Corporation.
ACPI: PCI Interrupt 0000:00:19.0[A] -> GSI 20 (level, low) -> IRQ 169
PCI: Setting latency timer of device 0000:00:19.0 to 64
sd 0:0:0:0: Attached scsi generic sg0 type 0
eth0: (PCI Express:2.5GB/s:Width x1) 00:1f:16:11:4a:99
eth0: Intel(R) PRO/1000 Network Connection
eth0: MAC: 6, PHY: 8, PBA No: 1008ff-0ff
ACPI: PCI Interrupt 0000:00:1f.3[A] -> GSI 23 (level, low) -> IRQ 185
ACPI: PCI Interrupt 0000:00:1b.0[B] -> GSI 17 (level, low) -> IRQ 225
PCI: Setting latency timer of device 0000:00:1b.0 to 64
floppy0: no floppy controllers found
lp: driver loaded but no devices found
SELinux: initialized (dev ramfs, type ramfs), uses genfs_contexts
ACPI: AC Adapter [AC] (on-line)
ACPI: Battery Slot [BAT0] (battery present)
ACPI: Power Button (FF) [PWRF]
ACPI: Lid Switch [LID]
ACPI: Sleep Button (CM) [SLPB]
thinkpad_acpi: ThinkPad ACPI Extras v0.19
thinkpad_acpi: http://ibm-acpi.sf.net/
thinkpad_acpi: ThinkPad BIOS 6DET33WW (1.10 ), EC 7XHT21WW-1.03
thinkpad_acpi: Lenovo ThinkPad X200
thinkpad_acpi: radio switch found; radios are disabled
thinkpad_acpi: detected a 16-level brightness capable ThinkPad
input: ThinkPad Extra Buttons as /class/input/input2
input: Video Bus as /class/input/input3
ACPI: Video Device [VID] (multi-head: yes rom: no post: no)
input: Video Bus as /class/input/input4
ACPI: Video Device [VID1] (multi-head: yes rom: no post: no)
md: Autodetecting RAID arrays.
md: autorun ...
md: ... autorun DONE.
device-mapper: multipath: version 1.0.5 loaded
EXT3 FS on dm-0, internal journal
kjournald starting. Commit interval 5 seconds
EXT3 FS on dm-2, internal journal
EXT3-fs: mounted filesystem with ordered data mode.
SELinux: initialized (dev dm-2, type ext3), uses xattr
kjournald starting. Commit interval 5 seconds
EXT3 FS on sda1, internal journal
EXT3-fs: mounted filesystem with ordered data mode.
SELinux: initialized (dev sda1, type ext3), uses xattr
SELinux: initialized (dev tmpfs, type tmpfs), uses transition SIDs
Adding 2621432k swap on /dev/HelpdeskRHEL5/Swap. Priority:-1 extents:1
across:2621432k
SELinux: initialized (dev binfmt_misc, type binfmt_misc), uses
genfs_contexts
IA-32 Microcode Update Driver: v1.14a <tigran>
ip_tables: (C) 2000-2006 Netfilter Core Team
Netfilter messages via NETLINK v0.30.
ip_conntrack version 2.4 (8192 buckets, 65536 max) - 228 bytes per
conntrack
ieee80211_crypt: registered algorithm 'NULL'
ieee80211: 802.11 data/management/control stack, git-1.1.13
ieee80211: Copyright (C) 2004-2005 Intel Corporation
<jketreno.com>
ipw3945: Intel(R) PRO/Wireless 3945 Network Connection driver for Linux,
1.2.0d
ipw3945: Copyright(c) 2003-2006 Intel Corporation
eth0: Link is Up 1000 Mbps Full Duplex, Flow Control: RX/TX
SELinux: initialized (dev rpc_pipefs, type rpc_pipefs), uses
genfs_contexts
Bluetooth: Core ver 2.10
NET: Registered protocol family 31
Bluetooth: HCI device and connection manager initialized
Bluetooth: HCI socket layer initialized
Bluetooth: L2CAP ver 2.8
Bluetooth: L2CAP socket layer initialized
Bluetooth: RFCOMM socket layer initialized
Bluetooth: RFCOMM TTY layer initialized
Bluetooth: RFCOMM ver 1.8
Bluetooth: HIDP (Human Interface Emulation) ver 1.1
SELinux: initialized (dev autofs, type autofs), uses genfs_contexts
SELinux: initialized (dev autofs, type autofs), uses genfs_contexts
SELinux: initialized (dev autofs, type autofs), uses genfs_contexts
cisco_ipsec: module license 'Proprietary' taints kernel.
Cisco Systems VPN Client Version 4.8.00 (0490) kernel module loaded
PCI: Enabling device 0000:03:00.0 (0100 -> 0102)
ACPI: PCI Interrupt 0000:03:00.0[A] -> GSI 17 (level, low) -> IRQ 225
PM: Writing back config space on device 0000:03:00.0 at offset 1 (was
100102, writing 100106)
iwlagn: Radio disabled by HW RF Kill switch
[drm] Initialized drm 1.0.1 20051102
ACPI: PCI Interrupt 0000:00:02.0[A] -> GSI 16 (level, low) -> IRQ 58
[drm] Initialized i915 1.8.0 20060929 on minor 0
set status page addr 0x01fff000
BUG: unable to handle kernel NULL pointer dereference at virtual address
00000070
printing eip:
c05bdd98
*pde = 70d71067
Oops: 0000 [#1]
SMP
last sysfs file: /class/backlight/thinkpad_screen/brightness
Modules linked in: i915 drm cisco_ipsec(PU) autofs4 hidp rfcomm l2cap
bluetooth sunrpc ipw3945(U) ieee80211 ieee80211_crypt
ip_conntrack_netbios_ns ipt_REJECT xt_state ip_conntrack nfnetlink
xt_tcpudp iptable_filter ip_tables x_tables cpufreq_ondemand acpi_cpufreq
dm_multipath scsi_dh video thinkpad_acpi hwmon backlight sbs i2c_ec button
battery asus_acpi ac parport_pc lp parport snd_hda_intel snd_seq_dummy
snd_seq_oss snd_seq_midi_event snd_seq snd_seq_device snd_pcm_oss
snd_mixer_oss testmgr_cipher snd_pcm testmgr snd_timer i2c_i801 aead
snd_page_alloc serio_raw crypto_blkcipher crypto_algapi crypto_api
snd_hwdep sg i2c_core arc4 snd e1000e soundcore iwlagn iwlcore mac80211
cfg80211 dm_raid45 dm_message dm_region_hash dm_mem_cache dm_snapshot
dm_zero dm_mirror dm_log dm_mod ahci libata sd_mod scsi_mod ext3 jbd
uhci_hcd ohci_hcd ehci_hcd
CPU: 0
EIP: 0060:[<c05bdd98>] Tainted: P VLI
EFLAGS: 00010283 (2.6.18-128.el5 #1)
EIP is at wireless_send_event+0x1c0/0x2be
eax: f5552020 ebx: f5552010 ecx: 00000000 edx: f5552f00
esi: f76f7800 edi: f5552000 ebp: 00000008 esp: f718febc
ds: 007b es: 007b ss: 0068
Process iwlagn (pid: 1153, ti=f718f000 task=f718e550 task.ti=f718f000)
Stack: f718feec 00000000 f70583a0 00000000 00000008 f71ebd94 f73c0100
f718fefc
00000000 f8c0f6fc 00000000 f73c0100 00000000 00000000 00000000
00000000
f71ebd94 f73c0100 f7032ec0 f71eb800 f8c12f2a c06793c0 f778b200
00002000
Call Trace:
[<f8c0f6fc>] ieee80211_scan_completed+0x39/0x193 [mac80211]
[<f8c12f2a>] ieee80211_sta_work+0xd6/0x620 [mac80211]
[<c060e7bd>] schedule+0x9c9/0xa52
[<c043189a>] run_workqueue+0x78/0xb5
[<f8c12e54>] ieee80211_sta_work+0x0/0x620 [mac80211]
[<c043214e>] worker_thread+0xd9/0x10b
[<c041e3d7>] default_wake_function+0x0/0xc
[<c0432075>] worker_thread+0x0/0x10b
[<c043455d>] kthread+0xc0/0xeb
[<c043449d>] kthread+0x0/0xeb
[<c0405c53>] kernel_thread_helper+0x7/0x10
=======================
Code: c7 47 04 10 00 c7 07 20 00 00 00 66 c7 47 06 00 00 c7 47 0c 00 00 00
00 c7 47 08 00 00 00 00 c6 47 10 00 c6 43 01 00 8b 4c 24 04 <8b> 41 70 66
89 43 02 8b 41 40 89 43 04 89 c8 e8 7d 59 ff ff 31
EIP: [<c05bdd98>] wireless_send_event+0x1c0/0x2be SS:ESP 0068:f718febc
This event sent from IssueTracker by mbelangia
issue 261012
Updating PM score. Hi, I'm not sure if we are on the same page because BZ#477671 fixes another issue. Did I miss something? Partial Analysis: BUG: unable to handle kernel NULL pointer dereference at virtual address 00000070 printing eip: c05bdd98 #4 [f718feb8] wireless_send_event at c05bdd98 ^^^^^^^^ /usr/src/debug/kernel-2.6.18/linux-2.6.18.i686/net/core/wireless.c: 1878 0xc05bdd94 <wireless_send_event+444>: mov 0x4(%esp),%ecx 0xc05bdd98 <wireless_send_event+448>: mov 0x70(%ecx),%eax <----- ^^^^^^^^^^ 0xc05bdd9b <wireless_send_event+451>: mov %ax,0x2(%ebx) ECX: 00000000 static inline int rtnetlink_fill_iwinfo() ... 1878 r->ifi_type = dev->type; struct net_device: [0x70] short unsigned int type; so dev was NULL and it comes from 0x4(%esp). #4 [f718feb8] wireless_send_event at c05bdd98 [RA: f8c0f6fc SP: f718febc FP: f718fee0 SIZE: 40] crash> rd -32 f718fec0 1 f718fec0: 00000000 The dev comes from: 3806 void ieee80211_scan_completed(struct ieee80211_hw *hw) ... 3809 struct net_device *dev = local->scan_dev; ... 3815 wireless_send_event(dev, SIOCGIWSCAN, &wrqu, NULL); struct ieee80211_hw @ 0xf73c0100 crash> ieee80211_local.scan_dev 0xf73c0100 scan_dev = 0x0, crash> ieee80211_local 0xf73c0100 | grep sta_sw_scanning sta_sw_scanning = 0x0, crash> ieee80211_local 0xf73c0100 | grep sta_hw sta_hw_scanning = 0x0, It seems to me that we need to backport this fix: commit 5bc75728fd43bb15b46f16ef465bcf9d487393cf Author: Johannes Berg <johannes> Date: Thu Sep 11 00:01:51 2008 +0200 mac80211: fix scan vs. interface removal race When we remove an interface, we can currently end up having a pointer to it left in local->scan_sdata after it has been set down, and then with a hardware scan the scan completion can try to access it which is a bug. Alternatively, a scan that started as a hardware scan may terminate as though it was a software scan, if the timing is just right. On SMP systems, software scan also has a similar problem, just canceling the delayed work and setting a flag isn't enough since it may be running concurrently; in this case we would also never restore state of other interfaces. This patch hopefully fixes the problems by always invoking ieee80211_scan_completed or requiring it to be invoked by the driver, I suspect the drivers that have ->hw_scan() are buggy. The bug will not manifest itself unless you remove the interface while hw-scanning which will also turn off the hw, and then add a new interface which will be unusable until you scan once. Signed-off-by: Johannes Berg <johannes> Signed-off-by: John W. Linville <linville> http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=5bc75728fd43bb15b46f16ef465bcf9d487393cf Flavio Internal Status set to 'Waiting on Support' This event sent from IssueTracker by fleitner issue 261012 Please backport. We have this. We can test. We have tried: kernel-2.6.18-128.1.1.el5.x86_64 kernel-2.6.18-128.1.2.el5.x86_64 kernel-2.6.18-128.el5.x86_64 kernel-2.6.18-120.el5.x86_64 The only one that works is kernel-2.6.18-120.el5.x86_64 All others crash. Kernels w/ backported version of patch from comment 6 are available here: http://people.redhat.com/linville/kernels/rhel5/ Please give them a try and post the results here...thanks! Hardware is Thinkpad T400 with: 03:00.0 Network controller: Intel Corporation PRO/Wireless 5100 AGN [Shiloh] Network Connection It does not panic anymore. Instead it displays a bug in console about every minute: BUG: warning at net/mac80211/mlme.c:3813/ieee80211_scan_completed() (Not tainted) Call Trace: [<ffffffff8825d531>] :mac80211:ieee80211_scan_completed+0x54/0x23e [<ffffffff8826128c>] :mac80211:ieee80211_sta_work+0xf9/0x73e [<ffffffff800630a7>] thread_return+0x62/0xfe [<ffffffff88261193>] :mac80211:ieee80211_sta_work+0x0/0x73e [<ffffffff8004d9e1>] run_workqueue+0x94/0xe4 [<ffffffff8004a24c>] worker_thread+0x0/0x122 [<ffffffff8009da1f>] keventd_create_kthread+0x0/0xc4 [<ffffffff8004a33c>] worker_thread+0xf0/0x122 [<ffffffff8008a4e4>] default_wake_function+0x0/0xe [<ffffffff8009da1f>] keventd_create_kthread+0x0/0xc4 [<ffffffff8009da1f>] keventd_create_kthread+0x0/0xc4 [<ffffffff80032bd4>] kthread+0xfe/0x132 [<ffffffff8005dfb1>] child_rip+0xa/0x11 [<ffffffff8009da1f>] keventd_create_kthread+0x0/0xc4 [<ffffffff80032ad6>] kthread+0x0/0x132 [<ffffffff8005dfa7>] child_rip+0x0/0x11 Well, it still panics. I got panic when restarting the computer. If I turn on the WLAN with the switch, then click WLAN off from NetworkManager I get kernel panic. Created attachment 334621 [details]
Kernel panic screenshot with the patch
The panic in comment 12 is cut-off on the top. Any chance you could capture a complete log using e.g. netconsole? The BUG in comment 9 is a by-product of the backported patch. I'll see if I can rework it. I don't know if it is responsible for comment 12 or if that is a separate issue. Created attachment 334708 [details]
jwltest-mac80211-fix-scan-vs.-interface-removal-race.patch
Created attachment 334709 [details]
jwltest-iwlwifi-fix-resume-while-txpower-off.patch
Ok, please try the jwltest.79 kernels at the same location as in comment 8. Do they resolve the issue(s) for you? Hi John, Thanks for the new kernel. 2.6.18-134.el5.jwltest.79 works for me. Works here too, thank you! I hope these changes will be included in official kernel soon. 134.el5.jwltest.79 works for me as well on the Vaio laptop. Was able to boot the machine with the kill switch enabled (WiFi off) then turn the kill switch off and pick up/utilize the wireless radio. I was also able to disable the wireless networking via NetworkManager. in kernel-2.6.18-135.el5 You can download this test kernel from http://people.redhat.com/dzickus/el5 Please do NOT transition this bugzilla state to VERIFIED until our QE team has sent specific instructions indicating when to do so. However feel free to provide a comment indicating that this fix has been verified. Thinkpad T400 seems to be now working with kernel-2.6.18-135.el5.x86_64.rpm Thanks John I've been experiencing this problem and it has gone away with your patch, as well as more stability problems seemingly unrelated to kill switch state.
Unfortunately, I started to get panics that are probably related to unloading the module or something. The following NULL check fixed the regression for me:
diff -up linux-2.6.18.i386/net/mac80211/mlme.c.null linux-2.6.18.i386/net/mac80211/mlme.c
--- linux-2.6.18.i386/net/mac80211/mlme.c.null 2009-04-06 16:02:24.000000000 +0200
+++ linux-2.6.18.i386/net/mac80211/mlme.c 2009-04-06 16:22:06.000000000 +0200
@@ -3869,7 +3869,7 @@ void ieee80211_scan_completed(struct iee
done:
sdata = IEEE80211_DEV_TO_SUB_IF(dev);
- if (sdata->vif.type == IEEE80211_IF_TYPE_IBSS) {
+ if (dev && sdata->vif.type == IEEE80211_IF_TYPE_IBSS) {
struct ieee80211_if_sta *ifsta = &sdata->u.sta;
if (!(ifsta->flags & IEEE80211_STA_BSSID_SET) ||
(!ifsta->state == IEEE80211_IBSS_JOINED &&
Created attachment 338499 [details]
jwltest-mac80211-scan-completed-done-null-deref.patch
Slightly revised version of above patch...
Lubomir, any problems with my version of the patch? Test kernels w/ above patch are available at the same location as in comment 8... After discussion, I have revised the revised patch. New patch and test kernels available at locations above. Are these acceptable? (In reply to comment #31) > Lubomir, any problems with my version of the patch? > > Test kernels w/ above patch are available at the same location as in comment > 8... Thanks, works now! The other day I got a panic with kernel-2.6.18-135.el5.x86_64 when resuming from suspend. Usually it worked. Maybe that was fixed by the previous patch. Now I'm running kernel-2.6.18-138.el5.x86_64 on Thinkpad T400. Sometimes when suspending from Power Manager the suspend does not work. It stops to "Disabling non boot CPUs..." and after waiting a while, a minute maybe, I see: iwlagn: No space for Tx iwlagn: Error sending REPLY_STATISTICS_CMD: enqueue_hcmd failed: -28 and the computer just hangs there. The message did appear before on occasions I did not make note of but I'm wondering if it causes the suspend to not work properly. The suspend seems to work better if WLAN is disabled from the switch. Moving back to POST to pickup latest fix. Oh, I need jwltest kernel... Please open a new bug for the problem described in comment 35...thanks! The new bug number is 495697 in kernel-2.6.18-140.el5 You can download this test kernel from http://people.redhat.com/dzickus/el5 Please do NOT transition this bugzilla state to VERIFIED until our QE team has sent specific instructions indicating when to do so. However feel free to provide a comment indicating that this fix has been verified. I have not seen panics with kernel-2.6.18-140.el5 An advisory has been issued which should help the problem described in this bug report. This report is therefore being closed with a resolution of ERRATA. For more information on therefore solution and/or where to find the updated files, please follow the link below. You may reopen this bug report if the solution does not work for you. http://rhn.redhat.com/errata/RHSA-2009-1243.html |