Public bug reported:
After playing a while with Lenovo T61 Fn+F5 combination (bluetooth/wifi
killswitch), linux crashed with an attached log:
[ 117.901409] BUG: unable to handle kernel NULL pointer dereference at virtual
address 00000000
[ 117.901422] printing eip: f8c1e996 *pde = 00000000
[ 117.901431] Oops: 0000 [#1] SMP
[ 117.901437] Modules linked in: e1000 iwl4965 iwlwifi_mac80211 cfg80211
led_class bnep rfcomm l2cap
hci_usb bluetooth af_packet rndis_host cdc_ether usbnet mii ipv6 binfmt_misc
container sbs bay sbshc dock
acpi_cpufreq cpufreq_powersave cpufreq_stats cpufreq_userspace cpufreq_ondemand
cpufreq_conservative
freq_table iptable_filter ip_tables x_tables ext3 jbd mbcache input_polldev
tp_smapi thinkpad_ec uinput
loop joydev snd_hda_intel arc4 ecb snd_pcm_oss snd_mixer_oss thinkpad_acpi
snd_pcm nvram evdev
snd_page_alloc snd_hwdep snd_seq_dummy psmouse serio_raw ac battery snd_seq_oss
nvidia(P) snd_seq_midi
agpgart i2c_core snd_rawmidi snd_seq_midi_event snd_seq video output snd_timer
snd_seq_device snd iTCO_wdt
iTCO_vendor_support soundcore button pcspkr shpchp pci_hotplug reiserfs
sha256_generic aes_i586 cbc
blkcipher sr_mod cdrom sg sd_mod ata_piix ata_generic ohci1394 ahci ieee1394
pata_acpi libata scsi_mod
ehci_hcd dm_crypt uhci_hcd usbcore dm_mirror dm_snapshot dm_mod thermal
processor fan fbcon tileblit font
bitblit softcursor fuse
[ 117.901585]
[ 117.901591] Pid: 22529, comm: NetworkManager Tainted: P
(2.6.24-16-generic #1)
[ 117.901597] EIP: 0060:[<f8c1e996>] EFLAGS: 00010206 CPU: 0
[ 117.901618] EIP is at __iwl4965_up+0xe6/0x560 [iwl4965]
[ 117.901623] EAX: 0000a000 EBX: f76792e0 ECX: 00002800 EDX: 00000000
[ 117.901628] ESI: 00000000 EDI: 00000000 EBP: f76792e0 ESP: e5505af4
[ 117.901633] DS: 007b ES: 007b FS: 00d8 GS: 0033 SS: 0068
[ 117.901639] Process NetworkManager (pid: 22529, ti=e5504000 task=f7c705a0
task.ti=e5504000)
[ 117.901643] Stack: f72f8d60 c0411a80 c0411ab0 c0164658 00000292 f7cdf800
f0dc7b40 00000246
[ 117.901657] fffffff4 00000080 000000d8 f8c239a0 c01647b1 00000000
00000000 00000000
[ 117.901668] f76798bc f76792e0 f8c1f207 f8c2ea14 f76792e0 000000ff
00000000 00000000
[ 117.901680] Call Trace:
[ 117.901701] [<c0164658>] setup_irq+0xe8/0x1a0
[ 117.901728] [<f8c239a0>] iwl4965_isr+0x0/0xb0 [iwl4965]
[ 117.901747] [<c01647b1>] request_irq+0xa1/0xc0
[ 117.901771] [<f8c1f207>] iwl4965_mac_open+0x3f7/0x600 [iwl4965]
[ 117.901805] [<c031667f>] __mutex_lock_slowpath+0x5f/0xa0
[ 117.901823] [<c0316524>] mutex_lock+0x14/0x20
[ 117.901833] [<f8c254ca>] iwl4965_mac_add_interface+0x14a/0x1a0 [iwl4965]
[ 117.901864] [<f8c447bb>] ieee80211_open+0x1eb/0x3d0 [iwlwifi_mac80211]
[ 117.901920] [<c02a6040>] dev_open+0x50/0x80
[ 117.901933] [<c02a4be1>] dev_change_flags+0x81/0x190
[ 117.901952] [<c02ad67c>] do_setlink+0x26c/0x310
[ 117.901959] [<c0135af0>] process_timeout+0x0/0x10
[ 117.901984] [<c02aeb44>] rtnl_setlink+0xf4/0x120
[ 117.902016] [<c02be6f6>] netlink_dump_start+0x136/0x160
[ 117.902032] [<c02aea50>] rtnl_setlink+0x0/0x120
[ 117.902038] [<c02ae752>] rtnetlink_rcv_msg+0x1d2/0x210
[ 117.902045] [<c02adeb0>] rtnl_dump_ifinfo+0x0/0xa0
[ 117.902061] [<c02ae580>] rtnetlink_rcv_msg+0x0/0x210
[ 117.902068] [<c02ae560>] rtnetlink_rcv+0x0/0x20
[ 117.902075] [<c02bd3bd>] netlink_rcv_skb+0x6d/0x90
[ 117.902089] [<c02ae574>] rtnetlink_rcv+0x14/0x20
[ 117.902099] [<c02bd17d>] netlink_unicast+0x1dd/0x210
[ 117.902106] [<c0215e8e>] copy_from_user+0x2e/0x70
[ 117.902129] [<c02bd9f6>] netlink_sendmsg+0x226/0x2f0
[ 117.902155] [<c02986f1>] sock_sendmsg+0x111/0x130
[ 117.902183] [<c0140b70>] autoremove_wake_function+0x0/0x40
[ 117.902203] [<c0140b70>] autoremove_wake_function+0x0/0x40
[ 117.902222] [<c0140b70>] autoremove_wake_function+0x0/0x40
[ 117.902233] [<c0196d1b>] __link_path_walk+0xaab/0xe10
[ 117.902244] [<c0215e8e>] copy_from_user+0x2e/0x70
[ 117.902256] [<c0215e8e>] copy_from_user+0x2e/0x70
[ 117.902272] [<c0298869>] sys_sendmsg+0x159/0x270
[ 117.902291] [<c0299798>] sys_recvmsg+0x228/0x230
[ 117.902313] [<c02bc94e>] netlink_insert+0xce/0x150
[ 117.902325] [<c0216110>] copy_to_user+0x30/0x60
[ 117.902339] [<c029955e>] move_addr_to_user+0x7e/0x90
[ 117.902354] [<c0299b17>] sys_getsockname+0xd7/0xe0
[ 117.902370] [<c0317598>] _spin_lock_bh+0x8/0x20
[ 117.902381] [<c029aa52>] release_sock+0x12/0xa0
[ 117.902395] [<c029c248>] sock_setsockopt+0x158/0x5b0
[ 117.902407] [<c019f23d>] d_instantiate+0x3d/0x60
[ 117.902419] [<c02982b0>] sock_attach_fd+0x80/0xc0
[ 117.902447] [<c0299dd4>] sys_socketcall+0xb4/0x2b0
[ 117.902472] [<c01043c2>] sysenter_past_esp+0x6b/0xa9
[ 117.902499] =======================
[ 117.902502] Code: c7 40 5c 02 00 00 00 8b 83 24 05 00 00 c7 40 5c 02 00 00
00 8b 83 3c 05 00 00 8b b3
34 05 00 00 8b bb 40 05 00 00 89 c1 c1 e9 02 <f3> a5 89 c1 83 e1 03 74 02 f3 a4
8b 83 b8 24 00 00 a8 04 0f
85
[ 117.902567] EIP: [<f8c1e996>] __iwl4965_up+0xe6/0x560 [iwl4965] SS:ESP
0068:e5505af4
[ 117.902676] ---[ end trace 8174074f5f1efa60 ]---
After that my keyboard stopped responding and was forced to shut down os.
Latest Hardy.
Linux thinkpad 2.6.24-16-generic #1 SMP Thu Apr 10 13:23:42 UTC 2008 i686
GNU/Linux
filename:
/lib/modules/2.6.24-16-generic/updates/wireless/iwlwifi/iwlwifi/compatible/iwl4965.ko
[...]
version: 1.2.25
description: Intel(R) Wireless WiFi Link 4965AGN driver for Linux
BTW driver is VERY buggy.. As reported in bug 216252 it crashes also after
ifconfig wlan0 down, it crashed too after trying to set up ad-hoc connection.
Ad-hoc doesn't work anymore..
** Affects: linux-ubuntu-modules-2.6.24 (Ubuntu)
Importance: Undecided
Status: New
--
iwl4965 crashes kernel after playing with kill switch
https://bugs.launchpad.net/bugs/223169
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
