Note: This is a public test instance of Red Hat Bugzilla. The data contained within is a snapshot of the live data so any changes you make will not be reflected in the production Bugzilla. Email is disabled so feel free to test any aspect of the site that you want. File any problems you find or give feedback at bugzilla.redhat.com.

Bug 466264

Summary: kernel BUG at net/mac80211/ieee80211_i.h:764
Product: [Fedora] Fedora Reporter: Steve Grubb <sgrubb>
Component: kernelAssignee: John W. Linville <linville>
Status: CLOSED RAWHIDE QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: medium Docs Contact:
Priority: medium    
Version: rawhideCC: gene-redhat, johannes, kernel-maint
Target Milestone: ---   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2008-10-16 18:08:49 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 466414    

Description Steve Grubb 2008-10-09 14:07:21 UTC 
Description of problem:
Trying to boot the 2.6.27-0.398.rc9.fc10.x86_64 kernel produces a bug output.

How reproducible:
Everytime.

Steps to Reproduce:
1. Boot
2. Wait for udev to start probing things

  
Actual results:
------------[ cut here ]------------
kernel BUG at net/mac80211/ieee80211_i.h:764!
invalid opcode: 0000 [1] SMP
CPU 0
Modules linked in: b43 rfkill input_polldev snd_atiixp_modem snd_atiixp snd_seq_dummy snd_ac97_codec ac97_bus snd_seq_oss snd_seq_midi_event snd_seq snd_seq_device snd_pcm_oss snd_mixer_oss radeon snd_pcm drm snd_timer i2c_algo_bit video output snd tifm_7xx1 sdhci_pci sdhci tifm_core firewire_ohci battery ac yenta_socket mmc_core 8139cp rsrc_nonstatic shpchp soundcore wmi ssb 8139too firewire_core pcspkr i2c_piix4 mii crc_itu_t joydev i2c_core snd_page_alloc k8temp hwmon pata_atiixp pata_acpi ata_generic
Pid: 1378, comm: udevd Not tainted 2.6.27-0.398.rc9.fc10.x86_64 #1
RIP: 0010:[<ffffffff8134e874>]  [<ffffffff8134e874>] netdev_notify+0x43/0x94
RSP: 0018:ffff8800331b5c98  EFLAGS: 00010246
RAX: ffff880033210060 RBX: ffff8800354ea800 RCX: ffffffff81537f50
RDX: ffffffff81537f00 RSI: 000000000000000a RDI: ffffffff81537f50
RBP: ffff8800331b5cc8 R08: ffff8800331b5bc8 R09: 0000000000000292
R10: ffff8800331dc280 R11: 0000000300000000 R12: 00000000fffffffb
R13: ffffffff815382e0 R14: ffff8800354ea800 R15: 000000000000000a
FS:  00007f567e10b780(0000) GS:ffffffff81677700(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 000000008005003b
CR2: 00007fff8612ebc0 CR3: 0000000035968000 CR4: 00000000000006e0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000400
Process udevd (pid: 1378, threadinfo ffff8800331b4000, task ffff880035f25d00)
Stack:  ffff8800331b5cc8 ffffffff812ca295 0000000000000000 00000000fffffffc
 0000000000000000 00000000fffffffb ffff8800331b5d08 ffffffff813708df
 ffff8800331b5cf8 ffff8800354ea800 0000000000000000 ffff8800354ea810
Call Trace:
 [<ffffffff812ca295>] ? fib_rules_event+0x1b/0xfe
 [<ffffffff813708df>] notifier_call_chain+0x38/0x60
 [<ffffffff8105c9c4>] raw_notifier_call_chain+0x14/0x16
 [<ffffffff812bdcbf>] dev_change_name+0x1a2/0x1ce
 [<ffffffff812bdf36>] dev_ifsioc+0x24b/0x308
 [<ffffffff8136c494>] ? mutex_lock+0x27/0x38
 [<ffffffff812be507>] dev_ioctl+0x514/0x626
 [<ffffffff810111c4>] ? mcount_call+0x5/0x31
 [<ffffffff813048c3>] ? udp_ioctl+0x12/0x8b
 [<ffffffff812af681>] sock_ioctl+0x202/0x211
 [<ffffffff810d4a2f>] vfs_ioctl+0x2f/0x7d
 [<ffffffff810d4ccf>] do_vfs_ioctl+0x252/0x26f
 [<ffffffff810d4d46>] sys_ioctl+0x5a/0x7c
 [<ffffffff810113aa>] system_call_fastpath+0x16/0x1b


Code: 70 48 8b 82 00 02 00 00 48 85 c0 74 64 48 8b 00 48 85 c0 74 5c 48 8b 15 9b 96 1e 00 48 39 50 08 75 4f 48 39 98 10 03 00 00 75 04 <0f> 0b eb fe 4c 8d 65 d0 48 89 da 48 c7 c6 7d 12 4c 81 31 c0 4c
RIP  [<ffffffff8134e874>] netdev_notify+0x43/0x94
 RSP <ffff8800331b5c98>
---[ end trace 789c1e6982921e6b ]---
Comment 1 John Poelstra 2008-10-09 22:17:03 UTC 
This bug has been triaged
Comment 2 Chuck Ebbert 2008-10-10 08:05:33 UTC 
static inline struct ieee80211_sub_if_data *
IEEE80211_DEV_TO_SUB_IF(struct net_device *dev)
{
        struct ieee80211_local *local = wdev_priv(dev->ieee80211_ptr);

        BUG_ON(!local || local->mdev == dev);

        return netdev_priv(dev);
}
Comment 3 Johannes Berg 2008-10-10 15:43:58 UTC 
I think this is an issue that was inadvertedly fixed by "mac80211: make master iface not wireless"; the code in netdev_notify() should, in 2.6.27, check if it's the master interface and if not refuse to work. I'll check out the code for 2.6.27 and post a patch for -stable.
Comment 4 John W. Linville 2008-10-13 20:26:05 UTC 
Johannes' patch has been checked-in to the rawhide kernels...
Comment 5 Steve Grubb 2008-10-16 18:08:49 UTC 
Kernel -13 is the first 2.6.27 kernel to work for me. Thanks everyone. Closing.