Bug 43255

Summary: Panic after enabling rtap_iface in ipw2200 driver (ipw_handle_promiscuous_tx / skb_put)
Product: Drivers Reporter: Vittorio Gambaletta (VittGam) (linuxbugs)
Component: network-wirelessAssignee: Stanislav Yakovlev (stas.yakovlev)
Status: RESOLVED CODE_FIX    
Severity: normal CC: linville, stas.yakovlev
Priority: P1    
Hardware: All   
OS: Linux   
Kernel Version: 3.4.0-999-generic-pae_3.4.0-999.201205170406_i386.deb Subsystem:
Regression: No Bisected commit-id:
Attachments: Panic on 3.0.0-16-generic
Panic on 3.0.0-16-generic-tuxonice

Description Vittorio Gambaletta (VittGam) 2012-05-16 16:02:59 UTC
1) Enable the rtap_iface of the ipw2200 driver by echoing 1 in /sys/module/ipw2200/drivers/pci:ipw2200/*/rtap_iface

2) ifconfig rtap0 up

3) Use the eth1 wireless interface (eg. send some data, connect to a network) or even just run ifconfig many times

4) A kernel panic occurs.

I'm attaching two screenshots of the panic, took one on 3.0.0-16-generic and one on 3.0.0-16-generic-tuxonice.

uname -a is:
Linux VittGamLaptop2 3.0.0-16-generic-tuxonice #29~ppa1-Ubuntu SMP Fri Mar 9 10:57:58 UTC 2012 i686 i686 i386 GNU/Linux

The computer is an IBM Thinkpad X41.

The network card is:
04:02.0 Network controller: Intel Corporation PRO/Wireless 2915ABG [Calexico2] Network Connection (rev 05)
	Subsystem: Intel Corporation Device 1011
	Control: I/O- Mem+ BusMaster+ SpecCycle- MemWINV+ VGASnoop- ParErr- Stepping- SERR+ FastB2B- DisINTx-
	Status: Cap+ 66MHz- UDF- FastB2B+ ParErr- DEVSEL=medium >TAbort- <TAbort- <MAbort- >SERR- <PERR- INTx-
	Latency: 64 (750ns min, 6000ns max), Cache Line Size: 32 bytes
	Interrupt: pin A routed to IRQ 21
	Region 0: Memory at a0202000 (32-bit, non-prefetchable) [size=4K]
	Capabilities: [dc] Power Management version 2
		Flags: PMEClk- DSI+ D1- D2- AuxCurrent=0mA PME(D0+,D1-,D2-,D3hot+,D3cold+)
		Status: D0 NoSoftRst- PME-Enable- DSel=0 DScale=1 PME-
	Kernel driver in use: ipw2200
	Kernel modules: ipw2200

The ipw2200 module I use is the stock module that comes with the Ubuntu kernel.
Comment 1 Vittorio Gambaletta (VittGam) 2012-05-16 16:05:24 UTC
Created attachment 73309 [details]
Panic on 3.0.0-16-generic
Comment 2 Vittorio Gambaletta (VittGam) 2012-05-16 16:06:01 UTC
Created attachment 73310 [details]
Panic on 3.0.0-16-generic-tuxonice
Comment 3 Vittorio Gambaletta (VittGam) 2012-05-18 05:44:19 UTC
I've updated this bug on Launchpad with some testing on mainline and ubuntu newer (3.2, 3.4) kernels: https://bugs.launchpad.net/linux/+bug/1000567
Comment 4 Stanislav Yakovlev 2012-10-12 23:26:34 UTC
Assigning to myself.
Comment 5 Stanislav Yakovlev 2012-10-30 00:26:02 UTC
A patch fixing this bug was merged upstream at Linux v3.7-rc2:

commit bf11315eeda510ea4fc1a2bf972d8155d31d89b4
Author: Stanislav Yakovlev <stas.yakovlev@gmail.com>
Date:   Mon Oct 15 14:14:32 2012 +0000

    net/wireless: ipw2200: Fix panic occurring in ipw_handle_promiscuous_tx().