Description of problem: Wireless chipset 5100/5300AGN kernel panics when laptop is booted up with the RF Kill switch on. Version-Release number of selected component (if applicable): How reproducible: In a laptop which has 5100/5300 chipset. Boot up the laptop with RF Kill switch on After booting wait for a few mins. Kernel panics. Steps to Reproduce: 1. Switch on the RF Kill switch 2. Boot the laptop 3. Login if possible. Kernel panic Actual results: Kernel panic Expected results: Kernel should not panic Additional info: Attaching the following: 1. Screen shot 2. lspci -vv
Created attachment 330327 [details] Kernel panic screen shot
Created attachment 330328 [details] lspci -vv output
Note: Removing iwl5100-firmware and booting with RF Kill on, does not panic the kernel.
Initial core analysis (via CAS): Your corefile is ready for you You may view it at core-i386.gsslab.rdu.redhat.com Login with kerberos name/password $ cd /cores/20090203111715/work /cores/20090203111715/work$ ./crash Backtrace KERNEL: /cores/20090203111715/work/vmlinux DUMPFILE: /cores/20090203111715/work/vmcore CPUS: 2 DATE: Thu Jan 29 22:13:00 2009 UPTIME: 00:02:27 LOAD AVERAGE: 0.36, 0.18, 0.06 TASKS: 121 NODENAME: shazarik.csb RELEASE: 2.6.18-128.el5 VERSION: #1 SMP Wed Dec 17 11:42:39 EST 2008 MACHINE: i686 (2394 Mhz) MEMORY: 2 GB PANIC: "Oops: 0000 [#1]" (check log for details) PID: 1153 TASK: f718e550 CPU: 0 COMMAND: "iwlagn" #0 [f718fdd8] crash_kexec at c0442d02 #1 [f718fe1c] die at c04064c6 #2 [f718fe4c] do_page_fault at c0611187 #3 [f718fe84] error_code (via page_fault) at c0405a87 EAX: f5552020 EBX: f5552010 ECX: 00000000 EDX: f5552f00 EBP: 00000008 DS: 007b ESI: f76f7800 ES: 007b EDI: f5552000 CS: 0060 EIP: c05bdd98 ERR: ffffffff EFLAGS: 00010283 #4 [f718feb8] wireless_send_event at c05bdd98 #5 [f718fee0] ieee80211_scan_completed at f8c0f6f7 #6 [f718ff0c] ieee80211_sta_work at f8c12f25 #7 [f718ff70] run_workqueue at c0431897 #8 [f718ff8c] worker_thread at c0432149 #9 [f718ffcc] kthread at c043455b #10 [f718ffe4] kernel_thread_helper at c0405c51 PID: 0 TASK: ca0ab550 CPU: 1 COMMAND: "swapper" #0 [ca0afea0] crash_nmi_callback at c04193c1 #1 [ca0afeec] do_nmi at c0406828 #2 [ca0aff14] nmi at c0405b29 EAX: 00001000 EBX: 00001050 ECX: 00000008 EDX: 00001050 EBP: ca0aff7c DS: 007b ESI: ca0aff64 ES: 007b EDI: 00000000 CS: 0060 EIP: c0508d2a ERR: 00001000 EFLAGS: 00000046 #3 [ca0aff48] acpi_os_read_port at c0508d2a #4 [ca0aff58] acpi_hw_register_read at c0515316 #5 [ca0aff74] acpi_set_register at c05155a6 #6 [ca0aff90] acpi_processor_idle at c05265e6 #7 [ca0affb4] cpu_idle at c0403ca6 ZONE NAME SIZE FREE MEM_MAP START_PADDR START_MAPNR 0 DMA 4096 3048 c9000000 0 0 AREA SIZE FREE_AREA_STRUCT BLOCKS PAGES 0 4k c0682284 2 2 1 8k c0682290 5 10 2 16k c068229c 3 12 3 32k c06822a8 4 32 4 64k c06822b4 3 48 5 128k c06822c0 2 64 6 256k c06822cc 1 64 7 512k c06822d8 0 0 8 1024k c06822e4 1 256 9 2048k c06822f0 1 512 10 4096k c06822fc 2 2048 ZONE NAME SIZE FREE MEM_MAP START_PADDR START_MAPNR 1 DMA32 0 0 0 0 0 ZONE NAME SIZE FREE MEM_MAP START_PADDR START_MAPNR 2 Normal 225280 165871 c9020000 1000000 4096 AREA SIZE FREE_AREA_STRUCT BLOCKS PAGES 0 4k c0684784 1 1 1 8k c0684790 5 10 2 16k c068479c 1 4 3 32k c06847a8 0 0 4 64k c06847b4 0 0 5 128k c06847c0 1 32 6 256k c06847cc 1 64 7 512k c06847d8 1 128 8 1024k c06847e4 1 256 9 2048k c06847f0 1 512 10 4096k c06847fc 161 164864 ZONE NAME SIZE FREE MEM_MAP START_PADDR START_MAPNR 3 HighMem 281600 189156 c9700000 38000000 229376 AREA SIZE FREE_AREA_STRUCT BLOCKS PAGES 0 4k c0685a04 0 0 1 8k c0685a10 0 0 2 16k c0685a1c 1 4 3 32k c0685a28 0 0 4 64k c0685a34 0 0 5 128k c0685a40 1 32 6 256k c0685a4c 1 64 7 512k c0685a58 1 128 8 1024k c0685a64 0 0 9 2048k c0685a70 1 512 10 4096k c0685a7c 184 188416 nr_free_pages: 358075 (verified) Linux version 2.6.18-128.el5 (mockbuild.redhat.com) (gcc version 4.1.2 20080704 (Red Hat 4.1.2-44)) #1 SMP Wed Dec 17 11:42:39 EST 2008 BIOS-provided physical RAM map: BIOS-e820: 0000000000000000 - 000000000009ec00 (usable) BIOS-e820: 000000000009ec00 - 00000000000a0000 (reserved) BIOS-e820: 00000000000dc000 - 0000000000100000 (reserved) BIOS-e820: 0000000000100000 - 000000007c6a1000 (usable) BIOS-e820: 000000007c6a1000 - 000000007c6a7000 (reserved) BIOS-e820: 000000007c6a7000 - 000000007c7b7000 (usable) BIOS-e820: 000000007c7b7000 - 000000007c80f000 (reserved) BIOS-e820: 000000007c80f000 - 000000007c8c7000 (usable) BIOS-e820: 000000007c8c7000 - 000000007c8d2000 (ACPI NVS) BIOS-e820: 000000007c8d2000 - 000000007c8d5000 (ACPI data) BIOS-e820: 000000007c8d5000 - 000000007c8d9000 (reserved) BIOS-e820: 000000007c8d9000 - 000000007c8dd000 (ACPI NVS) BIOS-e820: 000000007c8dd000 - 000000007c8e0000 (reserved) BIOS-e820: 000000007c8e0000 - 000000007c907000 (ACPI NVS) BIOS-e820: 000000007c907000 - 000000007c908000 (ACPI data) BIOS-e820: 000000007c908000 - 000000007cb0f000 (reserved) BIOS-e820: 000000007cb0f000 - 000000007cb9f000 (ACPI NVS) BIOS-e820: 000000007cb9f000 - 000000007cbff000 (ACPI data) BIOS-e820: 000000007cbff000 - 000000007cc00000 (usable) BIOS-e820: 000000007cc00000 - 000000007f000000 (reserved) BIOS-e820: 00000000e0000000 - 00000000f0000000 (reserved) BIOS-e820: 00000000fec00000 - 00000000fec10000 (reserved) BIOS-e820: 00000000fed00000 - 00000000fed00400 (reserved) BIOS-e820: 00000000fed10000 - 00000000fed14000 (reserved) BIOS-e820: 00000000fed18000 - 00000000fed1a000 (reserved) BIOS-e820: 00000000fed1c000 - 00000000fed90000 (reserved) BIOS-e820: 00000000fee00000 - 00000000fee01000 (reserved) BIOS-e820: 00000000ff800000 - 0000000100000000 (reserved) 1100MB HIGHMEM available. 896MB LOWMEM available. found SMP MP-table at 000f73c0 Using x86 segment limits to approximate NX protection On node 0 totalpages: 510976 DMA zone: 4096 pages, LIFO batch:0 Normal zone: 225280 pages, LIFO batch:31 HighMem zone: 281600 pages, LIFO batch:31 DMI present. Using APIC driver default ACPI: RSDP (v002 LENOVO ) @ 0x000f7380 ACPI: XSDT (v001 LENOVO TP-6D 0x00001100 LTP 0x00000000) @ 0x7cb7bec3 ACPI: FADT (v003 LENOVO TP-6D 0x00001100 LNVO 0x00000001) @ 0x7cb7c000 ACPI: SSDT (v001 LENOVO TP-6D 0x00001100 MSFT 0x03000000) @ 0x7cb7c1b4 ACPI: ECDT (v001 LENOVO TP-6D 0x00001100 LNVO 0x00000001) @ 0x7cb89d04 ACPI: MADT (v001 LENOVO TP-6D 0x00001100 LNVO 0x00000001) @ 0x7cb89d56 ACPI: MCFG (v001 LENOVO TP-6D 0x00001100 LNVO 0x00000001) @ 0x7cb89dce ACPI: HPET (v001 LENOVO TP-6D 0x00001100 LNVO 0x00000001) @ 0x7cb89e0a ACPI: BOOT (v001 LENOVO TP-6D 0x00001100 LTP 0x00000001) @ 0x7cb89f38 ACPI: ASF! (v016 LENOVO TP-6D 0x00001100 PTL 0x00000001) @ 0x7cb89f60 ACPI: SSDT (v001 LENOVO TP-6D 0x00001100 INTL 0x20050513) @ 0x7cb8d203 ACPI: TCPA (v000 0x00000000 0x00000000) @ 0x7c907000 ACPI: SSDT (v001 PmRef CpuPm 0x00003000 INTL 0x20050624) @ 0x7c8d4000 ACPI: SSDT (v001 PmRef Cpu0Tst 0x00003000 INTL 0x20050624) @ 0x7c8d3000 ACPI: SSDT (v001 PmRef ApTst 0x00003000 INTL 0x20050624) @ 0x7c8d2000 ACPI: DSDT (v001 LENOVO TP-6D 0x00001100 MSFT 0x03000000) @ 0x00000000 ACPI: PM-Timer IO Port: 0x1008 ACPI: Local APIC address 0xfee00000 ACPI: LAPIC (acpi_id[0x00] lapic_id[0x00] enabled) Processor #0 7:7 APIC version 20 ACPI: LAPIC (acpi_id[0x01] lapic_id[0x01] enabled) Processor #1 7:7 APIC version 20 ACPI: LAPIC (acpi_id[0x02] lapic_id[0x02] disabled) ACPI: LAPIC (acpi_id[0x03] lapic_id[0x03] disabled) ACPI: LAPIC_NMI (acpi_id[0x00] high edge lint[0x1]) ACPI: LAPIC_NMI (acpi_id[0x01] high edge lint[0x1]) ACPI: IOAPIC (id[0x01] address[0xfec00000] gsi_base[0]) IOAPIC[0]: apic_id 1, version 32, address 0xfec00000, GSI 0-23 ACPI: INT_SRC_OVR (bus 0 bus_irq 0 global_irq 2 dfl dfl) ACPI: INT_SRC_OVR (bus 0 bus_irq 9 global_irq 9 high level) ACPI: IRQ0 used by override. ACPI: IRQ2 used by override. ACPI: IRQ9 used by override. Enabling APIC mode: Flat. Using 1 I/O APICs ACPI: HPET id: 0x8086a201 base: 0xfed00000 Using ACPI (MADT) for SMP configuration information Allocating PCI resources starting at 80000000 (gap: 7f000000:61000000) Detected 2394.186 MHz processor. Built 1 zonelists. Total pages: 510976 Kernel command line: ro root=/dev/HelpdeskRHEL5/Root rhgb quiet crashkernel=128M@16M mapped APIC to ffffd000 (fee00000) mapped IOAPIC to ffffc000 (fec00000) Enabling fast FPU save and restore... done. Enabling unmasked SIMD FPU exception support... done. Initializing CPU#0 CPU 0 irqstacks, hard=c0754000 soft=c0734000 PID hash table entries: 4096 (order: 12, 16384 bytes) Console: colour VGA+ 80x25 Dentry cache hash table entries: 131072 (order: 7, 524288 bytes) Inode-cache hash table entries: 65536 (order: 6, 262144 bytes) Memory: 1883864k/2043904k available (2122k kernel code, 155160k reserved, 884k data, 228k init, 1122728k highmem) Checking if this processor honours the WP bit even in supervisor mode... Ok. hpet0: at MMIO 0xfed00000 (virtual 0xf8800000), IRQs 2, 8, 0, 0 hpet0: 4 64-bit timers, 14318180 Hz Using HPET for base-timer Calibrating delay using timer specific routine.. 4791.57 BogoMIPS (lpj=2395786) Security Framework v1.0.0 initialized SELinux: Initializing. SELinux: Starting in permissive mode selinux_register_security: Registering secondary module capability Capability LSM initialized as secondary Mount-cache hash table entries: 512 CPU: After generic identify, caps: bfebfbff 20100000 00000000 00000000 0008e3fd 00000000 00000001 CPU: After vendor identify, caps: bfebfbff 20100000 00000000 00000000 0008e3fd 00000000 00000001 monitor/mwait feature present. using mwait in idle threads. CPU: L1 I cache: 32K, L1 D cache: 32K CPU: L2 cache: 3072K CPU: Physical Processor ID: 0 CPU: Processor Core ID: 0 CPU: After all inits, caps: bfebf3ff 20100000 00000000 00000940 0008e3fd 00000000 00000001 Intel machine check architecture supported. Intel machine check reporting enabled on CPU#0. Checking 'hlt' instruction... OK. SMP alternatives: switching to UP code ACPI: Core revision 20060707 CPU0: Intel(R) Core(TM)2 Duo CPU P8600 @ 2.40GHz stepping 06 SMP alternatives: switching to SMP code Booting processor 1/1 eip 3000 CPU 1 irqstacks, hard=c0755000 soft=c0735000 Initializing CPU#1 Calibrating delay using timer specific routine.. 4787.98 BogoMIPS (lpj=2393990) CPU: After generic identify, caps: bfebfbff 20100000 00000000 00000000 0008e3fd 00000000 00000001 CPU: After vendor identify, caps: bfebfbff 20100000 00000000 00000000 0008e3fd 00000000 00000001 monitor/mwait feature present. CPU: L1 I cache: 32K, L1 D cache: 32K CPU: L2 cache: 3072K CPU: Physical Processor ID: 0 CPU: Processor Core ID: 1 CPU: After all inits, caps: bfebf3ff 20100000 00000000 00000940 0008e3fd 00000000 00000001 Intel machine check architecture supported. Intel machine check reporting enabled on CPU#1. CPU1: Intel(R) Core(TM)2 Duo CPU P8600 @ 2.40GHz stepping 06 Total of 2 processors activated (9579.55 BogoMIPS). ENABLING IO-APIC IRQs ..TIMER: vector=0x31 apic1=0 pin1=2 apic2=-1 pin2=-1 checking TSC synchronization across 2 CPUs: passed. Brought up 2 CPUs sizeof(vma)=84 bytes sizeof(page)=32 bytes sizeof(inode)=340 bytes sizeof(dentry)=136 bytes sizeof(ext3inode)=492 bytes sizeof(buffer_head)=52 bytes sizeof(skbuff)=172 bytes migration_cost=21 checking if image is initramfs... it is Freeing initrd memory: 3133k freed NET: Registered protocol family 16 ACPI: ACPI Dock Station Driver ACPI: \_SB_.PCI0.SATA.PRT1: found ejectable bay ACPI: \_SB_.PCI0.SATA.PRT1: Adding notify handler ACPI: \_SB_.PCI0.SATA.PRT1: Is dependent on dock ACPI: Bay [\_SB_.PCI0.SATA.PRT1] Added ACPI: bus type pci registered PCI: Using MMCONFIG Setting up standard PCI resources ACPI: Found ECDT ACPI: Interpreter enabled ACPI: Using IOAPIC for interrupt routing ACPI: PCI Interrupt Link [LNKA] (IRQs 3 4 5 6 7 9 10 *11) ACPI: PCI Interrupt Link [LNKB] (IRQs 3 4 5 6 7 9 10 *11) ACPI: PCI Interrupt Link [LNKC] (IRQs 3 4 5 6 7 9 10 *11) ACPI: PCI Interrupt Link [LNKD] (IRQs 3 4 5 6 7 9 10 *11) ACPI: PCI Interrupt Link [LNKE] (IRQs 3 4 5 6 7 9 10 *11) ACPI: PCI Interrupt Link [LNKF] (IRQs 3 4 5 6 7 9 10 *11) ACPI: PCI Interrupt Link [LNKG] (IRQs 3 4 5 6 7 9 10 *11) ACPI: PCI Interrupt Link [LNKH] (IRQs 3 4 5 6 7 9 10 *11) ACPI: PCI Root Bridge [PCI0] (0000:00) Boot video device is 0000:00:02.0 PCI: Transparent bridge - 0000:00:1e.0 ACPI: PCI Interrupt Routing Table [\_SB_.PCI0._PRT] ACPI: Embedded Controller [EC] (gpe 17) interrupt mode. ACPI: Power Resource [PUBS] (on) ACPI: PCI Interrupt Routing Table [\_SB_.PCI0.EXP0._PRT] ACPI: PCI Interrupt Routing Table [\_SB_.PCI0.EXP1._PRT] ACPI: PCI Interrupt Routing Table [\_SB_.PCI0.EXP3._PRT] Linux Plug and Play Support v0.97 (c) Adam Belay pnp: PnP ACPI init pnp: PnP ACPI: found 10 devices usbcore: registered new driver usbfs usbcore: registered new driver hub PCI: Using ACPI for IRQ routing PCI: If a device doesn't work, try "pci=routeirq". If it helps, post a report NetLabel: Initializing NetLabel: domain hash size = 128 NetLabel: protocols = UNLABELED CIPSOv4 NetLabel: unlabeled traffic allowed by default PCI: Ignore bogus resource 6 [0:0] of 0000:00:02.0 PCI: Bridge: 0000:00:1c.0 IO window: disabled. MEM window: disabled. PREFETCH window: disabled. PCI: Bridge: 0000:00:1c.1 IO window: disabled. MEM window: f2500000-f25fffff PREFETCH window: disabled. PCI: Bridge: 0000:00:1c.3 IO window: 2000-2fff MEM window: f0000000-f1ffffff PREFETCH window: f2900000-f29fffff PCI: Bridge: 0000:00:1e.0 IO window: disabled. MEM window: disabled. PREFETCH window: disabled. ACPI: PCI Interrupt 0000:00:1c.0[A] -> GSI 20 (level, low) -> IRQ 169 PCI: Setting latency timer of device 0000:00:1c.0 to 64 ACPI: PCI Interrupt 0000:00:1c.1[B] -> GSI 21 (level, low) -> IRQ 177 PCI: Setting latency timer of device 0000:00:1c.1 to 64 ACPI: PCI Interrupt 0000:00:1c.3[D] -> GSI 23 (level, low) -> IRQ 185 PCI: Setting latency timer of device 0000:00:1c.3 to 64 PCI: Setting latency timer of device 0000:00:1e.0 to 64 NET: Registered protocol family 2 IP route cache hash table entries: 32768 (order: 5, 131072 bytes) TCP established hash table entries: 131072 (order: 8, 1048576 bytes) TCP bind hash table entries: 65536 (order: 7, 524288 bytes) TCP: Hash tables configured (established 131072 bind 65536) TCP reno registered Simple Boot Flag at 0x35 set to 0x1 apm: BIOS not found. audit: initializing netlink socket (disabled) type=2000 audit(1233304832.824:1): initialized highmem bounce pool size: 64 pages Total HugeTLB memory allocated, 0 VFS: Disk quotas dquot_6.5.1 Dquot-cache hash table entries: 1024 (order 0, 4096 bytes) SELinux: Registering netfilter hooks Initializing Cryptographic API alg: No test for crc32c (crc32c-generic) ksign: Installing public key data Loading keyring - Added public key 31B497468CDD12CF - User ID: Red Hat, Inc. (Kernel Module GPG key) io scheduler noop registered io scheduler anticipatory registered io scheduler deadline registered io scheduler cfq registered (default) PCI: Setting latency timer of device 0000:00:1c.0 to 64 assign_interrupt_mode Found MSI capability Allocate Port Service[0000:00:1c.0:pcie00] Allocate Port Service[0000:00:1c.0:pcie02] Allocate Port Service[0000:00:1c.0:pcie03] PCI: Setting latency timer of device 0000:00:1c.1 to 64 assign_interrupt_mode Found MSI capability Allocate Port Service[0000:00:1c.1:pcie00] Allocate Port Service[0000:00:1c.1:pcie02] Allocate Port Service[0000:00:1c.1:pcie03] PCI: Setting latency timer of device 0000:00:1c.3 to 64 assign_interrupt_mode Found MSI capability Allocate Port Service[0000:00:1c.3:pcie00] Allocate Port Service[0000:00:1c.3:pcie02] Allocate Port Service[0000:00:1c.3:pcie03] pci_hotplug: PCI Hot Plug PCI Core version: 0.5 ACPI (exconfig-0456): Dynamic SSDT Load - OemId [ PmRef] OemTableId [ Cpu0Ist] [20060707] ACPI (exconfig-0456): Dynamic SSDT Load - OemId [ PmRef] OemTableId [ Cpu0Cst] [20060707] ACPI: CPU0 (power states: C1[C1] C2[C2] C3[C3]) ACPI: Processor [CPU0] (supports 8 throttling states) ACPI (exconfig-0456): Dynamic SSDT Load - OemId [ PmRef] OemTableId [ ApIst] [20060707] ACPI (exconfig-0456): Dynamic SSDT Load - OemId [ PmRef] OemTableId [ ApCst] [20060707] ACPI: CPU1 (power states: C1[C1] C2[C2] C3[C3]) ACPI: Processor [CPU1] (supports 8 throttling states) ACPI: Thermal Zone [THM0] (44 C) ACPI: Thermal Zone [THM1] (40 C) Real Time Clock Driver v1.12ac hpet_resources: 0xfed00000 is busy Non-volatile memory driver v1.2 Linux agpgart interface v0.101 (c) Dave Jones agpgart: Detected an Intel Mobile Intel(r) GM45 Express Chipset. agpgart: Detected 32764K stolen memory. agpgart: AGP aperture is 256M @ 0xd0000000 Serial: 8250/16550 driver $Revision: 1.90 $ 4 ports, IRQ sharing enabled ACPI: PCI Interrupt 0000:00:03.3[B] -> GSI 17 (level, low) -> IRQ 225 0000:00:03.3: ttyS0 at I/O 0x1830 (irq = 225) is a 16550A RAMDISK driver initialized: 16 RAM disks of 16384K size 4096 blocksize Uniform Multi-Platform E-IDE driver Revision: 7.00alpha2 ide: Assuming 33MHz system bus speed for PIO modes; override with idebus=xx Probing IDE interface ide0... Probing IDE interface ide1... ide-floppy driver 0.99.newide usbcore: registered new driver hiddev usbcore: registered new driver usbhid drivers/usb/input/hid-core.c: v2.6:USB HID core driver PNP: PS/2 Controller [PNP0303:KBD,PNP0f13:MOU] at 0x60,0x64 irq 1,12 serio: i8042 KBD port at 0x60,0x64 irq 1 serio: i8042 AUX port at 0x60,0x64 irq 12 mice: PS/2 mouse device common for all mice md: md driver 0.90.3 MAX_MD_DEVS=256, MD_SB_DISKS=27 md: bitmap version 4.39 TCP bic registered Initializing IPsec netlink socket NET: Registered protocol family 1 NET: Registered protocol family 17 Using IPI No-Shortcut mode ACPI: (supports S0 S3 S4 S5) Freeing unused kernel memory: 228k freed Write protecting the kernel read-only data: 397k Time: tsc clocksource has been installed. Time: hpet clocksource has been installed. input: AT Translated Set 2 keyboard as /class/input/input0 ACPI: PCI Interrupt 0000:00:1a.7[D] -> GSI 23 (level, low) -> IRQ 185 PCI: Setting latency timer of device 0000:00:1a.7 to 64 ehci_hcd 0000:00:1a.7: EHCI Host Controller ehci_hcd 0000:00:1a.7: new USB bus registered, assigned bus number 1 ehci_hcd 0000:00:1a.7: debug port 1 PCI: cache line size of 32 is not supported by device 0000:00:1a.7 ehci_hcd 0000:00:1a.7: irq 185, io mem 0xf2826c00 ehci_hcd 0000:00:1a.7: USB 2.0 started, EHCI 1.00, driver 10 Dec 2004 usb usb1: configuration #1 chosen from 1 choice hub 1-0:1.0: USB hub found hub 1-0:1.0: 6 ports detected ACPI: PCI Interrupt 0000:00:1d.7[D] -> GSI 19 (level, low) -> IRQ 233 PCI: Setting latency timer of device 0000:00:1d.7 to 64 ehci_hcd 0000:00:1d.7: EHCI Host Controller ehci_hcd 0000:00:1d.7: new USB bus registered, assigned bus number 2 ehci_hcd 0000:00:1d.7: debug port 1 PCI: cache line size of 32 is not supported by device 0000:00:1d.7 ehci_hcd 0000:00:1d.7: irq 233, io mem 0xf2827000 ehci_hcd 0000:00:1d.7: USB 2.0 started, EHCI 1.00, driver 10 Dec 2004 usb usb2: configuration #1 chosen from 1 choice hub 2-0:1.0: USB hub found hub 2-0:1.0: 6 ports detected ohci_hcd: 2005 April 22 USB 1.1 'Open' Host Controller (OHCI) Driver (PCI) USB Universal Host Controller Interface driver v3.0 ACPI: PCI Interrupt 0000:00:1a.0[A] -> GSI 20 (level, low) -> IRQ 169 PCI: Setting latency timer of device 0000:00:1a.0 to 64 uhci_hcd 0000:00:1a.0: UHCI Host Controller uhci_hcd 0000:00:1a.0: new USB bus registered, assigned bus number 3 uhci_hcd 0000:00:1a.0: irq 169, io base 0x00001860 usb usb3: configuration #1 chosen from 1 choice hub 3-0:1.0: USB hub found hub 3-0:1.0: 2 ports detected IBM TrackPoint firmware: 0x0e, buttons: 3/3 input: TPPS/2 IBM TrackPoint as /class/input/input1 ACPI: PCI Interrupt 0000:00:1a.1[B] -> GSI 21 (level, low) -> IRQ 177 PCI: Setting latency timer of device 0000:00:1a.1 to 64 uhci_hcd 0000:00:1a.1: UHCI Host Controller uhci_hcd 0000:00:1a.1: new USB bus registered, assigned bus number 4 uhci_hcd 0000:00:1a.1: irq 177, io base 0x00001880 usb usb4: configuration #1 chosen from 1 choice hub 4-0:1.0: USB hub found hub 4-0:1.0: 2 ports detected ACPI: PCI Interrupt 0000:00:1a.2[C] -> GSI 22 (level, low) -> IRQ 50 PCI: Setting latency timer of device 0000:00:1a.2 to 64 uhci_hcd 0000:00:1a.2: UHCI Host Controller uhci_hcd 0000:00:1a.2: new USB bus registered, assigned bus number 5 uhci_hcd 0000:00:1a.2: irq 50, io base 0x000018a0 usb usb5: configuration #1 chosen from 1 choice hub 5-0:1.0: USB hub found hub 5-0:1.0: 2 ports detected ACPI: PCI Interrupt 0000:00:1d.0[A] -> GSI 16 (level, low) -> IRQ 58 PCI: Setting latency timer of device 0000:00:1d.0 to 64 uhci_hcd 0000:00:1d.0: UHCI Host Controller uhci_hcd 0000:00:1d.0: new USB bus registered, assigned bus number 6 uhci_hcd 0000:00:1d.0: irq 58, io base 0x000018c0 usb usb6: configuration #1 chosen from 1 choice hub 6-0:1.0: USB hub found hub 6-0:1.0: 2 ports detected ACPI: PCI Interrupt 0000:00:1d.1[B] -> GSI 17 (level, low) -> IRQ 225 PCI: Setting latency timer of device 0000:00:1d.1 to 64 uhci_hcd 0000:00:1d.1: UHCI Host Controller uhci_hcd 0000:00:1d.1: new USB bus registered, assigned bus number 7 uhci_hcd 0000:00:1d.1: irq 225, io base 0x000018e0 usb usb7: configuration #1 chosen from 1 choice hub 7-0:1.0: USB hub found hub 7-0:1.0: 2 ports detected usb 4-1: new full speed USB device using uhci_hcd and address 2 ACPI: PCI Interrupt 0000:00:1d.2[C] -> GSI 18 (level, low) -> IRQ 66 PCI: Setting latency timer of device 0000:00:1d.2 to 64 uhci_hcd 0000:00:1d.2: UHCI Host Controller uhci_hcd 0000:00:1d.2: new USB bus registered, assigned bus number 8 uhci_hcd 0000:00:1d.2: irq 66, io base 0x00001c00 usb usb8: configuration #1 chosen from 1 choice hub 8-0:1.0: USB hub found hub 8-0:1.0: 2 ports detected usb 4-1: configuration #1 chosen from 1 choice SCSI subsystem initialized libata version 3.00 loaded. ahci 0000:00:1f.2: version 3.0 ACPI: PCI Interrupt 0000:00:1f.2[B] -> GSI 16 (level, low) -> IRQ 58 ahci 0000:00:1f.2: AHCI 0001.0200 32 slots 4 ports 3 Gbps 0x3 impl SATA mode ahci 0000:00:1f.2: flags: 64bit ncq sntf stag pm led clo pio slum part PCI: Setting latency timer of device 0000:00:1f.2 to 64 scsi0 : ahci scsi1 : ahci scsi2 : ahci scsi3 : ahci ata1: SATA max UDMA/133 abar m2048@0xf2826000 port 0xf2826100 irq 74 ata2: SATA max UDMA/133 abar m2048@0xf2826000 port 0xf2826180 irq 74 ata3: DUMMY ata4: DUMMY ata1: SATA link up 1.5 Gbps (SStatus 113 SControl 300) ata1.00: ACPI cmd ef/02:00:00:00:00:a0 succeeded ata1.00: ACPI cmd f5/00:00:00:00:00:a0 filtered out ata1.00: ACPI cmd ef/5f:00:00:00:00:a0 succeeded ata1.00: ACPI cmd ef/10:03:00:00:00:a0 succeeded ata1.00: ATA-7: ST9160823AS, 3.CME, max UDMA/100 ata1.00: 312581808 sectors, multi 16: LBA48 NCQ (depth 31/32) ata1.00: ACPI cmd ef/02:00:00:00:00:a0 succeeded ata1.00: ACPI cmd f5/00:00:00:00:00:a0 filtered out ata1.00: ACPI cmd ef/5f:00:00:00:00:a0 succeeded ata1.00: ACPI cmd ef/10:03:00:00:00:a0 succeeded ata1.00: configured for UDMA/100 ata1.00: configured for UDMA/100 ata1: EH complete ata2: SATA link down (SStatus 0 SControl 300) Vendor: ATA Model: ST9160823AS Rev: 3.CM Type: Direct-Access ANSI SCSI revision: 05 SCSI device sda: 312581808 512-byte hdwr sectors (160042 MB) sda: Write Protect is off sda: Mode Sense: 00 3a 00 00 SCSI device sda: drive cache: write back SCSI device sda: 312581808 512-byte hdwr sectors (160042 MB) sda: Write Protect is off sda: Mode Sense: 00 3a 00 00 SCSI device sda: drive cache: write back sda: sda1 sda2 sd 0:0:0:0: Attached scsi disk sda device-mapper: uevent: version 1.0.3 device-mapper: ioctl: 4.11.5-ioctl (2007-12-12) initialised: dm-devel device-mapper: dm-raid45: initialized v0.2429 kjournald starting. Commit interval 5 seconds EXT3-fs: mounted filesystem with ordered data mode. type=1404 audit(1233304857.378:2): enforcing=1 old_enforcing=0 auid=4294967295 ses=4294967295 security: 3 users, 6 roles, 1914 types, 234 bools, 1 sens, 1024 cats security: 61 classes, 69084 rules SELinux: Completing initialization. SELinux: Setting up existing superblocks. SELinux: initialized (dev dm-0, type ext3), uses xattr SELinux: initialized (dev usbfs, type usbfs), uses genfs_contexts SELinux: initialized (dev tmpfs, type tmpfs), uses transition SIDs SELinux: initialized (dev debugfs, type debugfs), uses genfs_contexts SELinux: initialized (dev selinuxfs, type selinuxfs), uses genfs_contexts SELinux: initialized (dev mqueue, type mqueue), uses transition SIDs SELinux: initialized (dev hugetlbfs, type hugetlbfs), uses genfs_contexts SELinux: initialized (dev devpts, type devpts), uses transition SIDs SELinux: initialized (dev eventpollfs, type eventpollfs), uses task SIDs SELinux: initialized (dev inotifyfs, type inotifyfs), uses genfs_contexts SELinux: initialized (dev tmpfs, type tmpfs), uses transition SIDs SELinux: initialized (dev futexfs, type futexfs), uses genfs_contexts SELinux: initialized (dev anon_inodefs, type anon_inodefs), uses genfs_contexts SELinux: initialized (dev pipefs, type pipefs), uses task SIDs SELinux: initialized (dev sockfs, type sockfs), uses task SIDs SELinux: initialized (dev cpuset, type cpuset), uses genfs_contexts SELinux: initialized (dev proc, type proc), uses genfs_contexts SELinux: initialized (dev bdev, type bdev), uses genfs_contexts SELinux: initialized (dev rootfs, type rootfs), uses genfs_contexts SELinux: initialized (dev sysfs, type sysfs), uses genfs_contexts type=1403 audit(1233304857.627:3): policy loaded auid=4294967295 ses=4294967295 iwlagn: Intel(R) Wireless WiFi Link AGN driver for Linux, 1.3.27ks iwlagn: Copyright(c) 2003-2008 Intel Corporation ACPI: PCI Interrupt 0000:03:00.0[A] -> GSI 17 (level, low) -> IRQ 225 PCI: Setting latency timer of device 0000:03:00.0 to 64 iwlagn: Detected Intel Wireless WiFi Link 5100AGN REV=0x54 iwlagn: Tunable channels: 13 802.11bg, 24 802.11a channels ACPI: PCI interrupt for device 0000:03:00.0 disabled phy0: Selected rate control algorithm 'iwl-agn-rs' e1000e: Intel(R) PRO/1000 Network Driver - 0.3.3.3-k4 e1000e: Copyright (c) 1999-2008 Intel Corporation. ACPI: PCI Interrupt 0000:00:19.0[A] -> GSI 20 (level, low) -> IRQ 169 PCI: Setting latency timer of device 0000:00:19.0 to 64 sd 0:0:0:0: Attached scsi generic sg0 type 0 eth0: (PCI Express:2.5GB/s:Width x1) 00:1f:16:11:4a:99 eth0: Intel(R) PRO/1000 Network Connection eth0: MAC: 6, PHY: 8, PBA No: 1008ff-0ff ACPI: PCI Interrupt 0000:00:1f.3[A] -> GSI 23 (level, low) -> IRQ 185 ACPI: PCI Interrupt 0000:00:1b.0[B] -> GSI 17 (level, low) -> IRQ 225 PCI: Setting latency timer of device 0000:00:1b.0 to 64 floppy0: no floppy controllers found lp: driver loaded but no devices found SELinux: initialized (dev ramfs, type ramfs), uses genfs_contexts ACPI: AC Adapter [AC] (on-line) ACPI: Battery Slot [BAT0] (battery present) ACPI: Power Button (FF) [PWRF] ACPI: Lid Switch [LID] ACPI: Sleep Button (CM) [SLPB] thinkpad_acpi: ThinkPad ACPI Extras v0.19 thinkpad_acpi: http://ibm-acpi.sf.net/ thinkpad_acpi: ThinkPad BIOS 6DET33WW (1.10 ), EC 7XHT21WW-1.03 thinkpad_acpi: Lenovo ThinkPad X200 thinkpad_acpi: radio switch found; radios are disabled thinkpad_acpi: detected a 16-level brightness capable ThinkPad input: ThinkPad Extra Buttons as /class/input/input2 input: Video Bus as /class/input/input3 ACPI: Video Device [VID] (multi-head: yes rom: no post: no) input: Video Bus as /class/input/input4 ACPI: Video Device [VID1] (multi-head: yes rom: no post: no) md: Autodetecting RAID arrays. md: autorun ... md: ... autorun DONE. device-mapper: multipath: version 1.0.5 loaded EXT3 FS on dm-0, internal journal kjournald starting. Commit interval 5 seconds EXT3 FS on dm-2, internal journal EXT3-fs: mounted filesystem with ordered data mode. SELinux: initialized (dev dm-2, type ext3), uses xattr kjournald starting. Commit interval 5 seconds EXT3 FS on sda1, internal journal EXT3-fs: mounted filesystem with ordered data mode. SELinux: initialized (dev sda1, type ext3), uses xattr SELinux: initialized (dev tmpfs, type tmpfs), uses transition SIDs Adding 2621432k swap on /dev/HelpdeskRHEL5/Swap. Priority:-1 extents:1 across:2621432k SELinux: initialized (dev binfmt_misc, type binfmt_misc), uses genfs_contexts IA-32 Microcode Update Driver: v1.14a <tigran> ip_tables: (C) 2000-2006 Netfilter Core Team Netfilter messages via NETLINK v0.30. ip_conntrack version 2.4 (8192 buckets, 65536 max) - 228 bytes per conntrack ieee80211_crypt: registered algorithm 'NULL' ieee80211: 802.11 data/management/control stack, git-1.1.13 ieee80211: Copyright (C) 2004-2005 Intel Corporation <jketreno.com> ipw3945: Intel(R) PRO/Wireless 3945 Network Connection driver for Linux, 1.2.0d ipw3945: Copyright(c) 2003-2006 Intel Corporation eth0: Link is Up 1000 Mbps Full Duplex, Flow Control: RX/TX SELinux: initialized (dev rpc_pipefs, type rpc_pipefs), uses genfs_contexts Bluetooth: Core ver 2.10 NET: Registered protocol family 31 Bluetooth: HCI device and connection manager initialized Bluetooth: HCI socket layer initialized Bluetooth: L2CAP ver 2.8 Bluetooth: L2CAP socket layer initialized Bluetooth: RFCOMM socket layer initialized Bluetooth: RFCOMM TTY layer initialized Bluetooth: RFCOMM ver 1.8 Bluetooth: HIDP (Human Interface Emulation) ver 1.1 SELinux: initialized (dev autofs, type autofs), uses genfs_contexts SELinux: initialized (dev autofs, type autofs), uses genfs_contexts SELinux: initialized (dev autofs, type autofs), uses genfs_contexts cisco_ipsec: module license 'Proprietary' taints kernel. Cisco Systems VPN Client Version 4.8.00 (0490) kernel module loaded PCI: Enabling device 0000:03:00.0 (0100 -> 0102) ACPI: PCI Interrupt 0000:03:00.0[A] -> GSI 17 (level, low) -> IRQ 225 PM: Writing back config space on device 0000:03:00.0 at offset 1 (was 100102, writing 100106) iwlagn: Radio disabled by HW RF Kill switch [drm] Initialized drm 1.0.1 20051102 ACPI: PCI Interrupt 0000:00:02.0[A] -> GSI 16 (level, low) -> IRQ 58 [drm] Initialized i915 1.8.0 20060929 on minor 0 set status page addr 0x01fff000 BUG: unable to handle kernel NULL pointer dereference at virtual address 00000070 printing eip: c05bdd98 *pde = 70d71067 Oops: 0000 [#1] SMP last sysfs file: /class/backlight/thinkpad_screen/brightness Modules linked in: i915 drm cisco_ipsec(PU) autofs4 hidp rfcomm l2cap bluetooth sunrpc ipw3945(U) ieee80211 ieee80211_crypt ip_conntrack_netbios_ns ipt_REJECT xt_state ip_conntrack nfnetlink xt_tcpudp iptable_filter ip_tables x_tables cpufreq_ondemand acpi_cpufreq dm_multipath scsi_dh video thinkpad_acpi hwmon backlight sbs i2c_ec button battery asus_acpi ac parport_pc lp parport snd_hda_intel snd_seq_dummy snd_seq_oss snd_seq_midi_event snd_seq snd_seq_device snd_pcm_oss snd_mixer_oss testmgr_cipher snd_pcm testmgr snd_timer i2c_i801 aead snd_page_alloc serio_raw crypto_blkcipher crypto_algapi crypto_api snd_hwdep sg i2c_core arc4 snd e1000e soundcore iwlagn iwlcore mac80211 cfg80211 dm_raid45 dm_message dm_region_hash dm_mem_cache dm_snapshot dm_zero dm_mirror dm_log dm_mod ahci libata sd_mod scsi_mod ext3 jbd uhci_hcd ohci_hcd ehci_hcd CPU: 0 EIP: 0060:[<c05bdd98>] Tainted: P VLI EFLAGS: 00010283 (2.6.18-128.el5 #1) EIP is at wireless_send_event+0x1c0/0x2be eax: f5552020 ebx: f5552010 ecx: 00000000 edx: f5552f00 esi: f76f7800 edi: f5552000 ebp: 00000008 esp: f718febc ds: 007b es: 007b ss: 0068 Process iwlagn (pid: 1153, ti=f718f000 task=f718e550 task.ti=f718f000) Stack: f718feec 00000000 f70583a0 00000000 00000008 f71ebd94 f73c0100 f718fefc 00000000 f8c0f6fc 00000000 f73c0100 00000000 00000000 00000000 00000000 f71ebd94 f73c0100 f7032ec0 f71eb800 f8c12f2a c06793c0 f778b200 00002000 Call Trace: [<f8c0f6fc>] ieee80211_scan_completed+0x39/0x193 [mac80211] [<f8c12f2a>] ieee80211_sta_work+0xd6/0x620 [mac80211] [<c060e7bd>] schedule+0x9c9/0xa52 [<c043189a>] run_workqueue+0x78/0xb5 [<f8c12e54>] ieee80211_sta_work+0x0/0x620 [mac80211] [<c043214e>] worker_thread+0xd9/0x10b [<c041e3d7>] default_wake_function+0x0/0xc [<c0432075>] worker_thread+0x0/0x10b [<c043455d>] kthread+0xc0/0xeb [<c043449d>] kthread+0x0/0xeb [<c0405c53>] kernel_thread_helper+0x7/0x10 ======================= Code: c7 47 04 10 00 c7 07 20 00 00 00 66 c7 47 06 00 00 c7 47 0c 00 00 00 00 c7 47 08 00 00 00 00 c6 47 10 00 c6 43 01 00 8b 4c 24 04 <8b> 41 70 66 89 43 02 8b 41 40 89 43 04 89 c8 e8 7d 59 ff ff 31 EIP: [<c05bdd98>] wireless_send_event+0x1c0/0x2be SS:ESP 0068:f718febc This event sent from IssueTracker by mbelangia issue 261012
Updating PM score.
Hi, I'm not sure if we are on the same page because BZ#477671 fixes another issue. Did I miss something? Partial Analysis: BUG: unable to handle kernel NULL pointer dereference at virtual address 00000070 printing eip: c05bdd98 #4 [f718feb8] wireless_send_event at c05bdd98 ^^^^^^^^ /usr/src/debug/kernel-2.6.18/linux-2.6.18.i686/net/core/wireless.c: 1878 0xc05bdd94 <wireless_send_event+444>: mov 0x4(%esp),%ecx 0xc05bdd98 <wireless_send_event+448>: mov 0x70(%ecx),%eax <----- ^^^^^^^^^^ 0xc05bdd9b <wireless_send_event+451>: mov %ax,0x2(%ebx) ECX: 00000000 static inline int rtnetlink_fill_iwinfo() ... 1878 r->ifi_type = dev->type; struct net_device: [0x70] short unsigned int type; so dev was NULL and it comes from 0x4(%esp). #4 [f718feb8] wireless_send_event at c05bdd98 [RA: f8c0f6fc SP: f718febc FP: f718fee0 SIZE: 40] crash> rd -32 f718fec0 1 f718fec0: 00000000 The dev comes from: 3806 void ieee80211_scan_completed(struct ieee80211_hw *hw) ... 3809 struct net_device *dev = local->scan_dev; ... 3815 wireless_send_event(dev, SIOCGIWSCAN, &wrqu, NULL); struct ieee80211_hw @ 0xf73c0100 crash> ieee80211_local.scan_dev 0xf73c0100 scan_dev = 0x0, crash> ieee80211_local 0xf73c0100 | grep sta_sw_scanning sta_sw_scanning = 0x0, crash> ieee80211_local 0xf73c0100 | grep sta_hw sta_hw_scanning = 0x0, It seems to me that we need to backport this fix: commit 5bc75728fd43bb15b46f16ef465bcf9d487393cf Author: Johannes Berg <johannes> Date: Thu Sep 11 00:01:51 2008 +0200 mac80211: fix scan vs. interface removal race When we remove an interface, we can currently end up having a pointer to it left in local->scan_sdata after it has been set down, and then with a hardware scan the scan completion can try to access it which is a bug. Alternatively, a scan that started as a hardware scan may terminate as though it was a software scan, if the timing is just right. On SMP systems, software scan also has a similar problem, just canceling the delayed work and setting a flag isn't enough since it may be running concurrently; in this case we would also never restore state of other interfaces. This patch hopefully fixes the problems by always invoking ieee80211_scan_completed or requiring it to be invoked by the driver, I suspect the drivers that have ->hw_scan() are buggy. The bug will not manifest itself unless you remove the interface while hw-scanning which will also turn off the hw, and then add a new interface which will be unusable until you scan once. Signed-off-by: Johannes Berg <johannes> Signed-off-by: John W. Linville <linville> http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=5bc75728fd43bb15b46f16ef465bcf9d487393cf Flavio Internal Status set to 'Waiting on Support' This event sent from IssueTracker by fleitner issue 261012
Please backport. We have this. We can test. We have tried: kernel-2.6.18-128.1.1.el5.x86_64 kernel-2.6.18-128.1.2.el5.x86_64 kernel-2.6.18-128.el5.x86_64 kernel-2.6.18-120.el5.x86_64 The only one that works is kernel-2.6.18-120.el5.x86_64 All others crash.
Kernels w/ backported version of patch from comment 6 are available here: http://people.redhat.com/linville/kernels/rhel5/ Please give them a try and post the results here...thanks!
Hardware is Thinkpad T400 with: 03:00.0 Network controller: Intel Corporation PRO/Wireless 5100 AGN [Shiloh] Network Connection It does not panic anymore. Instead it displays a bug in console about every minute: BUG: warning at net/mac80211/mlme.c:3813/ieee80211_scan_completed() (Not tainted) Call Trace: [<ffffffff8825d531>] :mac80211:ieee80211_scan_completed+0x54/0x23e [<ffffffff8826128c>] :mac80211:ieee80211_sta_work+0xf9/0x73e [<ffffffff800630a7>] thread_return+0x62/0xfe [<ffffffff88261193>] :mac80211:ieee80211_sta_work+0x0/0x73e [<ffffffff8004d9e1>] run_workqueue+0x94/0xe4 [<ffffffff8004a24c>] worker_thread+0x0/0x122 [<ffffffff8009da1f>] keventd_create_kthread+0x0/0xc4 [<ffffffff8004a33c>] worker_thread+0xf0/0x122 [<ffffffff8008a4e4>] default_wake_function+0x0/0xe [<ffffffff8009da1f>] keventd_create_kthread+0x0/0xc4 [<ffffffff8009da1f>] keventd_create_kthread+0x0/0xc4 [<ffffffff80032bd4>] kthread+0xfe/0x132 [<ffffffff8005dfb1>] child_rip+0xa/0x11 [<ffffffff8009da1f>] keventd_create_kthread+0x0/0xc4 [<ffffffff80032ad6>] kthread+0x0/0x132 [<ffffffff8005dfa7>] child_rip+0x0/0x11
Well, it still panics. I got panic when restarting the computer.
If I turn on the WLAN with the switch, then click WLAN off from NetworkManager I get kernel panic.
Created attachment 334621 [details] Kernel panic screenshot with the patch
The panic in comment 12 is cut-off on the top. Any chance you could capture a complete log using e.g. netconsole? The BUG in comment 9 is a by-product of the backported patch. I'll see if I can rework it. I don't know if it is responsible for comment 12 or if that is a separate issue.
Created attachment 334708 [details] jwltest-mac80211-fix-scan-vs.-interface-removal-race.patch
Created attachment 334709 [details] jwltest-iwlwifi-fix-resume-while-txpower-off.patch
Ok, please try the jwltest.79 kernels at the same location as in comment 8. Do they resolve the issue(s) for you?
Hi John, Thanks for the new kernel. 2.6.18-134.el5.jwltest.79 works for me.
Works here too, thank you! I hope these changes will be included in official kernel soon.
134.el5.jwltest.79 works for me as well on the Vaio laptop. Was able to boot the machine with the kill switch enabled (WiFi off) then turn the kill switch off and pick up/utilize the wireless radio. I was also able to disable the wireless networking via NetworkManager.
in kernel-2.6.18-135.el5 You can download this test kernel from http://people.redhat.com/dzickus/el5 Please do NOT transition this bugzilla state to VERIFIED until our QE team has sent specific instructions indicating when to do so. However feel free to provide a comment indicating that this fix has been verified.
Thinkpad T400 seems to be now working with kernel-2.6.18-135.el5.x86_64.rpm
Thanks John I've been experiencing this problem and it has gone away with your patch, as well as more stability problems seemingly unrelated to kill switch state. Unfortunately, I started to get panics that are probably related to unloading the module or something. The following NULL check fixed the regression for me: diff -up linux-2.6.18.i386/net/mac80211/mlme.c.null linux-2.6.18.i386/net/mac80211/mlme.c --- linux-2.6.18.i386/net/mac80211/mlme.c.null 2009-04-06 16:02:24.000000000 +0200 +++ linux-2.6.18.i386/net/mac80211/mlme.c 2009-04-06 16:22:06.000000000 +0200 @@ -3869,7 +3869,7 @@ void ieee80211_scan_completed(struct iee done: sdata = IEEE80211_DEV_TO_SUB_IF(dev); - if (sdata->vif.type == IEEE80211_IF_TYPE_IBSS) { + if (dev && sdata->vif.type == IEEE80211_IF_TYPE_IBSS) { struct ieee80211_if_sta *ifsta = &sdata->u.sta; if (!(ifsta->flags & IEEE80211_STA_BSSID_SET) || (!ifsta->state == IEEE80211_IBSS_JOINED &&
Created attachment 338499 [details] jwltest-mac80211-scan-completed-done-null-deref.patch Slightly revised version of above patch...
Lubomir, any problems with my version of the patch? Test kernels w/ above patch are available at the same location as in comment 8...
After discussion, I have revised the revised patch. New patch and test kernels available at locations above. Are these acceptable?
(In reply to comment #31) > Lubomir, any problems with my version of the patch? > > Test kernels w/ above patch are available at the same location as in comment > 8... Thanks, works now!
The other day I got a panic with kernel-2.6.18-135.el5.x86_64 when resuming from suspend. Usually it worked. Maybe that was fixed by the previous patch. Now I'm running kernel-2.6.18-138.el5.x86_64 on Thinkpad T400. Sometimes when suspending from Power Manager the suspend does not work. It stops to "Disabling non boot CPUs..." and after waiting a while, a minute maybe, I see: iwlagn: No space for Tx iwlagn: Error sending REPLY_STATISTICS_CMD: enqueue_hcmd failed: -28 and the computer just hangs there. The message did appear before on occasions I did not make note of but I'm wondering if it causes the suspend to not work properly. The suspend seems to work better if WLAN is disabled from the switch.
Moving back to POST to pickup latest fix.
Oh, I need jwltest kernel...
Please open a new bug for the problem described in comment 35...thanks!
The new bug number is 495697
in kernel-2.6.18-140.el5 You can download this test kernel from http://people.redhat.com/dzickus/el5 Please do NOT transition this bugzilla state to VERIFIED until our QE team has sent specific instructions indicating when to do so. However feel free to provide a comment indicating that this fix has been verified.
I have not seen panics with kernel-2.6.18-140.el5
An advisory has been issued which should help the problem described in this bug report. This report is therefore being closed with a resolution of ERRATA. For more information on therefore solution and/or where to find the updated files, please follow the link below. You may reopen this bug report if the solution does not work for you. http://rhn.redhat.com/errata/RHSA-2009-1243.html