iwlist ath0 scan corrupts the kernel

Bug #35837 reported by Thomas Neumann on 2006-03-21
6
Affects Status Importance Assigned to Milestone
kernel-image-2.6.7-i386 (Ubuntu)
Medium
Unassigned

Bug Description

On a IBM Thinkpad T41p the atheros driver (?) can be corrupted by calling

iwlist ath0 scan

The first call fails, all futher calls hang. (The KDE wirelesse application causes the same effect). The system cannot be shut down cleanly afterwards, deconfiguring the network card takes forever. This happens with different kernel versions, for example the current (output of uname -a)

Linux mpino5400 2.6.15-19-686 #1 SMP PREEMPT Mon Mar 20 17:33:20 UTC 2006 i686 GNU/Linux

I am not sure if this is really an atheros problem or a ReiserFS problem, as /var/log/messages includes the following backtrace:

kernel: [4294769.889000] f8b3c2f3
kernel: [4294769.889000] PREEMPT SMP
kernel: [4294769.889000] Modules linked in: radeon drm rfcomm l2cap uinput speedstep_centrino ipv6 cpufreq_powersave cpufreq_stats cpufreq_userspace cpufreq_ondemand cpufreq_conservative freq_table tc1100_wmi video acpi_sbs battery ibm_acpi i2c_acpi_ec i2c_core container button pcc_acpi sony_acpi ac dev_acpi hotkey dm_mod md_mod parport_pc lp parport af_packet pcmcia ath_pci ath_rate_sample wlan joydev e1000 ath_hal yenta_socket rsrc_nonstatic hci_usb snd_intel8x0 snd_ac97_codec snd_ac97_bus snd_pcm_oss snd_mixer_oss snd_pcm bluetooth pcmcia_core snd_timer psmouse hw_random snd soundcore snd_page_alloc serio_raw intel_agp agpgart shpchp pci_hotplug tsdev evdev usbhid reiserfs ehci_hcd uhci_hcd usbcore ide_cd cdrom ide_disk piix generic thermal processor fan capability commoncap vga16fb vgastate fbcon tileblit font bitblit softcursor
kernel: [4294769.889000] CPU: 0
kernel: [4294769.889000] EIP: 0060:[pg0+946766579/1069196288] Tainted: P VLI
kernel: [4294769.889000] EFLAGS: 00010246 (2.6.15-19-686)
kernel: [4294769.889000] EIP is at read_ap_result+0x1c3/0x55b [wlan]
kernel: [4294769.889000] eax: 0000ffff ebx: f0cefe94 ecx: 00000000 edx: f7b04000
kernel: [4294769.889000] esi: f7b040f5 edi: f06a201c ebp: f06a201c esp: f0cefd70
kernel: [4294769.889000] ds: 007b es: 007b ss: 0068
kernel: [4294769.889000] Process iwlist (pid: 5120, threadinfo=f0cee000 task=f0cf9a90)
kernel: [4294769.889000] Stack: f0cefd8c f5019f74 f8969612 f0cefd8c dfd15c00 00000001 f74f4760 f06a3000
kernel: [4294769.889000] 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000
kernel: [4294769.889000] 00000001 00000000 c01978ad f7a2eddc f5019f74 c012a16b f0cefdd8 441fc2fe
kernel: [4294769.889000] Call Trace:
kernel: [4294769.889000] [pg0+944854546/1069196288] reiserfs_dirty_inode+0xa2/0xb0 [reiserfs]
kernel: [4294769.889000] [__mark_inode_dirty+109/464] __mark_inode_dirty+0x6d/0x1d0
kernel: [4294769.889000] [current_fs_time+91/128] current_fs_time+0x5b/0x80
kernel: [4294769.889000] [zap_pte_range+482/784] zap_pte_range+0x1e2/0x310
kernel: [4294769.889000] [prio_tree_remove+169/224] prio_tree_remove+0xa9/0xe0
kernel: [4294769.889000] [pg0+946745764/1069196288] ieee80211_iterate_nodes+0x6c/0xbc [wlan]
kernel: [4294769.889000] [pg0+946766128/1069196288] read_ap_result+0x0/0x55b [wlan]
kernel: [4294769.889000] [pg0+946773398/1069196288] ieee80211_ioctl_giwscan+0x5c/0xa8 [wlan]
kernel: [4294769.889000] [pg0+946766128/1069196288] read_ap_result+0x0/0x55b [wlan]
kernel: [4294769.889000] [wireless_process_ioctl+1639/2000] wireless_process_ioctl+0x667/0x7d0
kernel: [4294769.889000] [pg0+947316091/1069196288] ath_ioctl_giwscan+0x0/0x18 [ath_pci]
kernel: [4294769.889000] [dev_ioctl+653/752] dev_ioctl+0x28d/0x2f0
kernel: [4294769.889000] [do_ioctl+59/160] do_ioctl+0x3b/0xa0
kernel: [4294769.889000] [vfs_ioctl+107/560] vfs_ioctl+0x6b/0x230
kernel: [4294769.889000] [sys_ioctl+136/160] sys_ioctl+0x88/0xa0
kernel: [4294769.889000] [sysenter_past_esp+84/117] sysenter_past_esp+0x54/0x75
kernel: [4294769.889000] Code: 8b 43 04 89 42 04 89 ca 8b 84 24 dc 00 00 00 89 50 10 c7 03 00 00 00 00 66 c7 43 02 05 8b 8b 94 24 e0 00 00 00 8b 82 28 01 00 00 <0f> b7 00 69 c0 a0 86 01 00 89 43 04 66 c7 43 08 01 00 8b 8c 24
kernel: [4294769.889000] <6>note: iwlist[5120] exited with preempt_count 1

Carthik Sharma (carthik) wrote :

Hi,

Does this error occur when using the latest kernel provided in Dapper?

Thank you for the bug report.

Changed in kernel-image-2.6.7-i386:
status: Unconfirmed → Needs Info
Thomas Neumann (tneumann) wrote :
Download full text (3.3 KiB)

Yes, it does (2.6.15-21-686). The stack trace is slightly different though, I included the current trace below.

[4966901.978000] f8b2c313
[4966901.978000] PREEMPT SMP
[4966901.978000] Modules linked in: nls_cp437 isofs udf radeon drm vmnet vmmon rfcomm l2cap nvram uinput ipv6 speedstep_centrino cpufreq_powersave cpufreq_stats cpufreq_userspace cpufreq_ondemand cpufreq_conservative freq_table tc1100_wmi video acpi_sbs battery ibm_acpi i2c_acpi_ec i2c_core container button pcc_acpi sony_acpi ac dev_acpi hotkey dm_mod md_mod lp af_packet pcmcia irtty_sir sir_dev nsc_ircc irda crc_ccitt joydev parport_pc parport rtc floppy hci_usb ath_pci ath_rate_sample bluetooth wlan ath_hal e1000 yenta_socket rsrc_nonstatic pcmcia_core snd_intel8x0 snd_ac97_codec snd_ac97_bus snd_pcm_oss snd_mixer_oss snd_pcm snd_timer snd soundcore psmouse serio_raw snd_page_alloc pcspkr hw_random shpchp pci_hotplug intel_agp agpgart tsdev evdev usbhid reiserfs ide_generic ehci_hcd uhci_hcd usbcore ide_cd cdrom ide_disk piix generic thermal processor fan capability commoncap vga16fb vgastate fbcon tileblit font bitblit softcursor
[4966901.978000] CPU: 0
[4966901.978000] EIP: 0060:[pg0+946696979/1069192192] Tainted: P VLI
[4966901.978000] EFLAGS: 00210246 (2.6.15-21-686)
[4966901.978000] EIP is at read_ap_result+0x1c3/0x55b [wlan]
[4966901.978000] eax: 0000ffff ebx: d2b01e94 ecx: 00000000 edx: f788f000
[4966901.978000] esi: f788f0f5 edi: e161701c ebp: e161701c esp: d2b01d70
[4966901.978000] ds: 007b es: 007b ss: 0068
[4966901.978000] Process iwlist (pid: 19682, threadinfo=d2b00000 task=e07c8030)
[4966901.978000] Stack: d2b01d8c ef13deb4 f8969612 d2b01d8c dfd19000 00000001 f7b88760 e1618000
[4966901.978000] 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000
[4966901.978000] 00000080 280ce8da 00000003 0000000a 00000055 c1906f40 d2b01e04 c011eddd
[4966901.978000] Call Trace:
[4966901.978000] [pg0+944850450/1069192192] reiserfs_dirty_inode+0xa2/0xb0 [reiserfs]
[4966901.978000] [scheduler_tick+205/960] scheduler_tick+0xcd/0x3c0
[4966901.978000] [__rcu_process_callbacks+98/240] __rcu_process_callbacks+0x62/0xf0
[4966901.978000] [rcu_process_callbacks+99/112] rcu_process_callbacks+0x63/0x70
[4966901.978000] [pg0+946676164/1069192192] ieee80211_iterate_nodes+0x6c/0xbc [wlan]
[4966901.978000] [pg0+946696528/1069192192] read_ap_result+0x0/0x55b [wlan]
[4966901.978000] [pg0+946703813/1069192192] ieee80211_ioctl_giwscan+0x5c/0xa8 [wlan]
[4966901.978000] [pg0+946696528/1069192192] read_ap_result+0x0/0x55b [wlan]
[4966901.978000] [wireless_process_ioctl+1639/2000] wireless_process_ioctl+0x667/0x7d0
[4966901.978000] [pg0+947279227/1069192192] ath_ioctl_giwscan+0x0/0x18 [ath_pci]
[4966901.978000] [dev_ioctl+653/752] dev_ioctl+0x28d/0x2f0
[4966901.978000] [do_ioctl+59/160] do_ioctl+0x3b/0xa0
[4966901.978000] [vfs_ioctl+107/560] vfs_ioctl+0x6b/0x230
[4966901.978000] [sys_ioctl+136/160] sys_ioctl+0x88/0xa0
[4966901.978000] [sysenter_past_esp+84/117] sysenter_past_esp+0x54/0x75
[4966901.978000] Code: 8b 43 04 89 42 04 89 ca 8b 84 24 dc 00 00 00 89 50 10 c7 03 00 00 00 00 66 c7 4...

Read more...

Carthik Sharma (carthik) wrote :

Assigning to the kernel team since there is no assignee. Please let me know if this is not the right thing to have done. Thanks.

Changed in kernel-image-2.6.7-i386:
assignee: nobody → ubuntu-kernel-team

Does this still happen on newer versions of Ubuntu (hardy or intrepid)?

Thomas Neumann (tneumann) wrote :

I no longer have the laptop, so unfortunately I cannot test this on hardy/intrepid.

Changed in kernel-image-2.6.7-i386:
status: Incomplete → New

Per a decision made by the Ubuntu Kernel Team, bugs will longer be assigned to the ubuntu-kernel-team in Launchpad as part of the bug triage process. The ubuntu-kernel-team is being unassigned from this bug report. Refer to https://wiki.ubuntu.com/KernelTeamBugPolicies for more information. Thanks.

Martin Meredith (mez) wrote :

Cannot reproduce by andylockran, who has similar hardware, this bug was last known in dapper, so closing. Please reopen if this can be reproduced in a newer version of Ubuntu

Changed in kernel-image-2.6.7-i386:
status: New → Invalid
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers