This happened on wireless-testing v2.6.32-rc6-41575-g5e68bfb. I
modprobed ipw2200, put it into monitor mode, used tshark a while to
monitor, then I stopped tshark, "ifconfig eth2 down" and finally
"rmmod ipw2200", and voila:
[ 917.189620] ------------[ cut here ]------------
[ 917.189717] kernel BUG at net/wireless/core.c:543!
[ 917.189805] invalid opcode: 0000 [#1] PREEMPT SMP
[ 917.190002] last sysfs file: /sys/devices/pci0000:00/0000:00:1e.0/0000:02:0d.0/firmware/0000:02:0d.0/loading
[ 917.190136] Modules linked in: lib80211_crypt_wep ipw2200(-) libipw lib80211 ath5k mac80211 ath cfg80211 psmouse uhci_hcd
[ 917.190680]
[ 917.190759] Pid: 1763, comm: rmmod Not tainted (2.6.32-rc6-wl #26) Amilo M1425
[ 917.190886] EIP: 0060:[<f8accf34>] EFLAGS: 00010202 CPU: 0
[ 917.190992] EIP is at wiphy_unregister+0xd3/0x175 [cfg80211]
[ 917.191083] EAX: f601d4c4 EBX: 00000000 ECX: 00000000 EDX: f79e8600
[ 917.191176] ESI: f601d400 EDI: f95b4350 EBP: f6009eb4 ESP: f6009e8c
[ 917.191269] DS: 007b ES: 007b FS: 00d8 GS: 0033 SS: 0068
[ 917.191360] Process rmmod (pid: 1763, ti=f6008000 task=f79e8130 task.ti=f6008000)
[ 917.191486] Stack:
[ 917.191562] f601d5a0 f601d484 f6460e98 f6009ea0 c01407ee f6009eb8 00000246 f64604c0
[ 917.191916] <0> f6460e5c f95b4350 f6009ec0 f94fd030 f6460e98 f6009edc f95a9d4f f787bc00
[ 917.192100] <0> f787bc58 f787bc00 f95b4350 f95b4350 f6009ee8 c0207fca f787bc58 f6009ef8
[ 917.192100] Call Trace:
[ 917.192100] [<c01407ee>] ? trace_hardirqs_on+0xb/0xd
[ 917.192100] [<f94fd030>] ? unregister_ieee80211+0xe/0x27 [libipw]
[ 917.192100] [<f95a9d4f>] ? ipw_pci_remove+0x59/0x227 [ipw2200]
[ 917.192100] [<c0207fca>] ? pci_device_remove+0x19/0x39
[ 917.192100] [<c02b93a4>] ? __device_release_driver+0x59/0x9d
[ 917.192100] [<c02b944f>] ? driver_detach+0x67/0x85
[ 917.192100] [<c02b88d6>] ? bus_remove_driver+0x69/0x85
[ 917.192100] [<c02b9878>] ? driver_unregister+0x4d/0x54
[ 917.192100] [<c02081c3>] ? pci_unregister_driver+0x28/0x71
[ 917.192100] [<f95a9cf4>] ? ipw_exit+0x1c/0x1e [ipw2200]
[ 917.192100] [<c0148e2b>] ? sys_delete_module+0x192/0x1ef
[ 917.192100] [<c0162cdb>] ? remove_vma+0x52/0x58
[ 917.192100] [<c01028bb>] ? sysenter_exit+0xf/0x18
[ 917.192100] [<c0102888>] ? sysenter_do_call+0x12/0x36
[ 917.192100] Code: 74 07 e8 81 bc 8c c7 eb c8 8d 55 e0 89 f8 e8 d6 6d 66 c7 8b 45 dc 31 d2 e8 81 cc 8c c7 8d 86 c4 00 00 00 39 86 c4 00 00 00 74 04 <0f> 0b eb fe 8b 45 dc 8d 5e 0c e8 5a cc 8c c7 8b 86 94 03 00 00
[ 917.192100] EIP: [<f8accf34>] wiphy_unregister+0xd3/0x175 [cfg80211] SS:ESP 0068:f6009e8c
[ 917.203718] ---[ end trace bcaaf449945a5100 ]---
--
http://www.holgerschurig.de
On Thu, Nov 05, 2009 at 03:59:16PM +0100, Holger Schurig wrote:
> This happened on wireless-testing v2.6.32-rc6-41575-g5e68bfb. I
> modprobed ipw2200, put it into monitor mode, used tshark a while to
> monitor, then I stopped tshark, "ifconfig eth2 down" and finally
> "rmmod ipw2200", and voila:
>
> [ 917.189620] ------------[ cut here ]------------
> [ 917.189717] kernel BUG at net/wireless/core.c:543!
> [ 917.189805] invalid opcode: 0000 [#1] PREEMPT SMP
> [ 917.190002] last sysfs file: /sys/devices/pci0000:00/0000:00:1e.0/0000:02:0d.0/firmware/0000:02:0d.0/loading
> [ 917.190136] Modules linked in: lib80211_crypt_wep ipw2200(-) libipw lib80211 ath5k mac80211 ath cfg80211 psmouse uhci_hcd
<snip>
Crud...this has to be the following:
commit e6c5fc53d0f44a772398402ee8a1879818e42b4e
Author: Zhu Yi <[email protected]>
Date: Thu Oct 15 14:50:28 2009 +0800
ipw2200: fix oops on missing firmware
For non-monitor interfaces, the syntax for alloc_ieee80211/free_80211
is wrong. Because alloc_ieee80211 only creates (wiphy_new) a wiphy, but
free_80211() does wiphy_unregister() also. This is only correct when
the later wiphy_register() is called successfully, which apparently
is not the case for your fw doesn't exist one.
Signed-off-by: Zhu Yi <[email protected]>
Signed-off-by: John W. Linville <[email protected]>
Can you revert that and attempt to recreate?
John
--
John W. Linville Someday the world will need a hero, and you
[email protected] might be all we have. Be ready.
At Thu, 5 Nov 2009 10:33:29 -0500,
> Crud...this has to be the following:
>
> commit e6c5fc53d0f44a772398402ee8a1879818e42b4e
...
> Can you revert that and attempt to recreate?
After reverting this, the oops went away.
I just get some leak message, but I can ignore this message for now (I
use this device only for monitoring the other devices ...).
[ 2935.225315] lib80211: common routines for IEEE802.11 drivers
[ 2935.225447] lib80211_crypt: registered algorithm 'NULL'
[ 2935.233860] ieee80211: 802.11 data/management/control stack, git-1.1.13
[ 2935.233911] ieee80211: Copyright (C) 2004-2005 Intel Corporation <[email protected]>
[ 2935.244407] ipw2200: Intel(R) PRO/Wireless 2200/2915 Network Driver, 1.2.2kmpr
[ 2935.244459] ipw2200: Copyright(c) 2003-2006 Intel Corporation
[ 2935.244637] ipw2200 0000:02:0d.0: PCI INT A -> Link[LNKA] -> GSI 11 (level, low) -> IRQ 11
[ 2935.245503] ipw2200: Detected Intel PRO/Wireless 2200BG Network Connection
[ 2935.245910] ipw2200 0000:02:0d.0: firmware: requesting ipw2200-bss.fw
[ 2935.433770] ipw2200: Detected geography ZZR (14 802.11bg channels, 0 802.11a channels)
[ 2935.606417] lib80211_crypt: registered algorithm 'WEP'
[ 2937.377928] ipw2200 0000:02:0d.0: firmware: requesting ipw2200-sniffer.fw
[ 2939.391363] warning: `tshark' uses 32-bit capabilities (legacy support in use)
[ 2941.657345] device eth2 entered promiscuous mode
[ 2943.028308] device eth2 left promiscuous mode
[ 2948.818739] __dev_addr_discard: address leakage! da_users=1
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
[ 2949.076876] ipw2200 0000:02:0d.0: PCI INT A disable
On Thu, 2009-11-05 at 23:33 +0800, John W. Linville wrote:
> On Thu, Nov 05, 2009 at 03:59:16PM +0100, Holger Schurig wrote:
> > This happened on wireless-testing v2.6.32-rc6-41575-g5e68bfb. I
> > modprobed ipw2200, put it into monitor mode, used tshark a while to
> > monitor, then I stopped tshark, "ifconfig eth2 down" and finally
> > "rmmod ipw2200", and voila:
> >
> > [ 917.189620] ------------[ cut here ]------------
> > [ 917.189717] kernel BUG at net/wireless/core.c:543!
> > [ 917.189805] invalid opcode: 0000 [#1] PREEMPT SMP
> > [ 917.190002] last sysfs file: /sys/devices/pci0000:00/0000:00:1e.0/0000:02:0d.0/firmware/0000:02:0d.0/loading
> > [ 917.190136] Modules linked in: lib80211_crypt_wep ipw2200(-) libipw lib80211 ath5k mac80211 ath cfg80211 psmouse uhci_hcd
>
> <snip>
>
> Crud...this has to be the following:
>
> commit e6c5fc53d0f44a772398402ee8a1879818e42b4e
> Author: Zhu Yi <[email protected]>
> Date: Thu Oct 15 14:50:28 2009 +0800
>
> ipw2200: fix oops on missing firmware
>
> For non-monitor interfaces, the syntax for alloc_ieee80211/free_80211
> is wrong. Because alloc_ieee80211 only creates (wiphy_new) a wiphy, but
> free_80211() does wiphy_unregister() also. This is only correct when
> the later wiphy_register() is called successfully, which apparently
> is not the case for your fw doesn't exist one.
>
> Signed-off-by: Zhu Yi <[email protected]>
> Signed-off-by: John W. Linville <[email protected]>
>
> Can you revert that and attempt to recreate?
I forgot to remember wiphy has to be unregistered _after_ netdev. Here
is a fix patch. Please test.
>From 4581a7ea7146040b1b9ee8a1d45e63561a900e1d Mon Sep 17 00:00:00 2001
From: Zhu Yi <chuyee@octavia.(none)>
Date: Mon, 9 Nov 2009 17:49:21 +0800
Subject: [PATCH V2] ipw2200: fix oops on missing firmware
For non-monitor interfaces, the syntax for alloc_ieee80211/free_80211
is wrong. Because alloc_ieee80211 only creates (wiphy_new) a wiphy, but
free_80211() does wiphy_unregister() also. This is only correct when
the later wiphy_register() is called successfully, which apparently
is not the case for the fw doesn't exist one.
Signed-off-by: Zhu Yi <[email protected]>
---
V2: fix a BUG_ON reported by Holger Schurig
drivers/net/wireless/ipw2x00/ipw2100.c | 5 ++++-
drivers/net/wireless/ipw2x00/ipw2200.c | 2 ++
drivers/net/wireless/ipw2x00/libipw.h | 1 +
drivers/net/wireless/ipw2x00/libipw_module.c | 14 +++++++++-----
4 files changed, 16 insertions(+), 6 deletions(-)
diff --git a/drivers/net/wireless/ipw2x00/ipw2100.c b/drivers/net/wireless/ipw2x00/ipw2100.c
index 240cff1..faec9d3 100644
--- a/drivers/net/wireless/ipw2x00/ipw2100.c
+++ b/drivers/net/wireless/ipw2x00/ipw2100.c
@@ -6325,8 +6325,10 @@ static int ipw2100_pci_init_one(struct pci_dev *pci_dev,
fail:
if (dev) {
- if (registered)
+ if (registered) {
unregister_netdev(dev);
+ unregister_ieee80211(priv->ieee);
+ }
ipw2100_hw_stop_adapter(priv);
@@ -6384,6 +6386,7 @@ static void __devexit ipw2100_pci_remove_one(struct pci_dev *pci_dev)
* being called if the device is open. If we free storage
* first, then close() will crash. */
unregister_netdev(dev);
+ unregister_ieee80211(priv->ieee);
/* ipw2100_down will ensure that there is no more pending work
* in the workqueue's, so we can safely remove them now. */
diff --git a/drivers/net/wireless/ipw2x00/ipw2200.c b/drivers/net/wireless/ipw2x00/ipw2200.c
index 827824d..ae846a7 100644
--- a/drivers/net/wireless/ipw2x00/ipw2200.c
+++ b/drivers/net/wireless/ipw2x00/ipw2200.c
@@ -11823,6 +11823,7 @@ static int __devinit ipw_pci_probe(struct pci_dev *pdev,
IPW_ERROR("Failed to register promiscuous network "
"device (error %d).\n", err);
unregister_netdev(priv->net_dev);
+ unregister_ieee80211(priv->ieee);
goto out_remove_sysfs;
}
}
@@ -11873,6 +11874,7 @@ static void __devexit ipw_pci_remove(struct pci_dev *pdev)
mutex_unlock(&priv->mutex);
unregister_netdev(priv->net_dev);
+ unregister_ieee80211(priv->ieee);
if (priv->rxq) {
ipw_rx_queue_free(priv, priv->rxq);
diff --git a/drivers/net/wireless/ipw2x00/libipw.h b/drivers/net/wireless/ipw2x00/libipw.h
index bf45391..f42ade6 100644
--- a/drivers/net/wireless/ipw2x00/libipw.h
+++ b/drivers/net/wireless/ipw2x00/libipw.h
@@ -1020,6 +1020,7 @@ static inline int libipw_is_cck_rate(u8 rate)
/* ieee80211.c */
extern void free_ieee80211(struct net_device *dev, int monitor);
extern struct net_device *alloc_ieee80211(int sizeof_priv, int monitor);
+extern void unregister_ieee80211(struct libipw_device *ieee);
extern int libipw_change_mtu(struct net_device *dev, int new_mtu);
extern void libipw_networks_age(struct libipw_device *ieee,
diff --git a/drivers/net/wireless/ipw2x00/libipw_module.c b/drivers/net/wireless/ipw2x00/libipw_module.c
index a0e9f6a..be5b809 100644
--- a/drivers/net/wireless/ipw2x00/libipw_module.c
+++ b/drivers/net/wireless/ipw2x00/libipw_module.c
@@ -235,16 +235,19 @@ void free_ieee80211(struct net_device *dev, int monitor)
libipw_networks_free(ieee);
/* free cfg80211 resources */
- if (!monitor) {
- wiphy_unregister(ieee->wdev.wiphy);
- kfree(ieee->a_band.channels);
- kfree(ieee->bg_band.channels);
+ if (!monitor)
wiphy_free(ieee->wdev.wiphy);
- }
free_netdev(dev);
}
+void unregister_ieee80211(struct libipw_device *ieee)
+{
+ wiphy_unregister(ieee->wdev.wiphy);
+ kfree(ieee->a_band.channels);
+ kfree(ieee->bg_band.channels);
+}
+
#ifdef CONFIG_LIBIPW_DEBUG
static int debug = 0;
@@ -330,3 +333,4 @@ module_init(libipw_init);
EXPORT_SYMBOL(alloc_ieee80211);
EXPORT_SYMBOL(free_ieee80211);
+EXPORT_SYMBOL(unregister_ieee80211);
--
1.5.3.6