I am experiencing a reproducible wpa_supplicant segfault crash whenever I try to bring up my laptop wireless interface while disconnected from the docking station. If the laptop is in the docking station (which also has a wired network card and extra hard drive), the wireless wlan0 device comes up and successfully makes a 54Mb connection with DHCP to my wireless access point.
The computer is an IBM ThinkPad 600X running openSUSE 11.1 kernel 2.6.27.19-3.2-default. The wireless card is a Linksys WPC54G ver. 3 (Broadcom 4318 chipset). I am using ifup/ifdown (manual control) to bring wlan0 up or down until this problem is resolved. The access point is a Linksys WRT54GS using WPA2 PSK authentication and IP addresses on a different subnet from my wired network.
Here is the dmesg information for the segfault:
input: b43-phy0 as /devices/virtual/input/input8
firmware: requesting b43/ucode5.fw
firmware: requesting b43/pcm5.fw
firmware: requesting b43/b0g0initvals5.fw
firmware: requesting b43/b0g0bsinitvals5.fw
b43-phy0: Loading firmware version 410.2160 (2007-05-26 15:32:10)
BUG: unable to handle kernel paging request at 008e0098
IP: <c0296c7d>] get_device_parent+0x90/0x10f
*pde = 00000000
Oops: 0000 #1] SMP
last sysfs file: /sys/devices/pci0000:00/0000:00:02.0/0000:02:00.0/ssb0:0/firmware/ssb0:0/loading
Modules linked in: rfkill_input xt_pkttype xt_TCPMSS xt_tcpudp ipt_LOG xt_limit nfsd exportfs autofs4 snd_pcm_oss snd_mixer_oss snd_seq_midi snd_seq_midi_event snd_seq rpcsec_gss_krb5 auth_rpcgss nfs lockd nfs_acl sunrpc xt_NOTRACK ipt_REJECT xt_state iptable_raw iptable_filter nf_conntrack_netbios_ns nf_conntrack_ipv4 nf_conntrack ip_tables ip6_tables x_tables fuse reiserfs loop dm_mod arc4 ecb crypto_blkcipher b43(N) mac80211 cfg80211 input_polldev ssb ppdev pcmcia rtc_cmos rtc_core rtc_lib i2c_piix4 pcspkr i2c_core battery ac parport_pc parport snd_cs46xx irda gameport crc_ccitt floppy video output snd_rawmidi snd_seq_device snd_ac97_codec sr_mod ac97_bus cdrom snd_pcm snd_timer button intel_agp shpchp snd yenta_socket soundcore agpgart pci_hotplug rsrc_nonstatic sg snd_page_alloc pcmcia_core usbhid hid ff_memless uhci_hcd usbcore sd_mod crc_t10dif thinkpad_acpi rfkill led_class nvram fan thermal processor thermal_sys hwmon edd ext3 mbcache jbd ide_pci_generic piix ide_core ata_generic ata_piix libata scsi_mod dock [last unloaded: speedstep_lib]
Supported: No
Pid: 5141, comm: wpa_supplicant Tainted: G (2.6.27.19-3.2-default #1)
EIP: 0060:<c0296c7d>] EFLAGS: 00010213 CPU: 0
EIP is at get_device_parent+0x90/0x10f
EAX: e39245a4 EBX: 008e0098 ECX: 008e0094 EDX: e39612e4
ESI: e2c63000 EDI: e2c63000 EBP: e2952e78 ESP: e2b51cf0
DS: 007b ES: 007b FS: 00d8 GS: 0033 SS: 0068
Process wpa_supplicant (pid: 5141, ti=e2b50000 task=e28c7280 task.ti=e2b50000)
Stack: 00000000 00000003 00000282 e397b800 e2c63000 e2c63000 e3924a20 00000000
c0297ab6 00000000 e341e000 e3769c94 e397b818 e2c6309c e2952e00 00000000
00000000 e2c63000 e2c63000 e2c63000 fffffff4 e3924a20 00000000 c0297e73
Call Trace:
<c0297ab6>] device_add+0xaa/0x3da
<c0297e73>] device_create_vargs+0x7d/0x9e
<c0297ebf>] device_create+0x2b/0x30
<e4e0717e>] led_classdev_register+0x32/0x108 [led_class]
<e510024d>] b43_register_led+0x7f/0xb0 [b43]
<e5100326>] b43_map_led+0xa8/0x1c6 [b43]
<e51004ed>] b43_leds_init+0xa9/0xb8 [b43]
<e50f12af>] b43_wireless_core_init+0x555/0x58e [b43]
<e50f1639>] b43_op_start+0xd2/0x120 [b43]
<e50bc5f5>] ieee80211_open+0x23c/0x4eb [mac80211]
<c02d6822>] dev_open+0x6f/0xa8
<c02d637d>] dev_change_flags+0xa4/0x159
<c03126ea>] devinet_ioctl+0x238/0x4da
<c02ca13e>] sock_ioctl+0x1b5/0x1db
<c018f5eb>] vfs_ioctl+0x1f/0x62
<c018f87f>] do_vfs_ioctl+0x167/0x172
<c018f8cf>] sys_ioctl+0x45/0x5e
<c01039ad>] sysenter_do_call+0x12/0x21
<ffffe430>] 0xffffe430
=======================
Code: e3 3b 0a 00 8b 87 24 01 00 00 8b 50 2c 8b 42 44 83 c2 44 8d 48 fc eb 13 39 69 0c 75 0b 89 c8 e8 11 6e f8 ff 89 c6 eb 13 8d 4b fc <8b> 59 04 0f 18 03 90 8d 41 04 39 c2 75 df 31 f6 8b 87 24 01 00
EIP: <c0296c7d>] get_device_parent+0x90/0x10f SS:ESP 0068:e2b51cf0
--- end trace 7c98b61dbff34993 ]---
And these are the extra processes running after ifup wlan0 fails:
root 5150 2144 0 18:02 ? 00:00:00 /usr/lib/hal/hald-addon-rfkill-killswitch
root 5156 2 0 18:02 ? 00:00:00 [ipolldevd]
root 5214 1 0 18:02 pts/4 00:00:00 /bin/bash /sbin/ifup-dhcp wlan0 wlan0
root 5215 5214 0 18:02 pts/4 00:00:00 ip link show wlan0
Here is dmesg for a successful ifup wlan0 in the docking station:
input: b43-phy0 as /devices/virtual/input/input7
firmware: requesting b43/ucode5.fw
firmware: requesting b43/pcm5.fw
firmware: requesting b43/b0g0initvals5.fw
firmware: requesting b43/b0g0bsinitvals5.fw
b43-phy0: Loading firmware version 410.2160 (2007-05-26 15:32:10)
Registered led device: b43-phy0::tx
Registered led device: b43-phy0::rx
Registered led device: b43-phy0::radio
wlan0: authenticate with AP 00:13:10:f8:58:ce
wlan0: authenticated
wlan0: associate with AP 00:13:10:f8:58:ce
wlan0: RX AssocResp from 00:13:10:f8:58:ce (capab=0x411 status=0 aid=1)
wlan0: associated
And these are the added processes after successfully connecting in the docking station:
root 6358 2305 0 20:43 ? 00:00:00 /usr/lib/hal/hald-addon-rfkill-killswitch
root 6364 2 0 20:43 ? 00:00:00 [ipolldevd]
root 6413 1 0 20:43 ? 00:00:00 wpa_supplicant -iwlan0 -c/var/run/wpa_supplicant-wlan0.conf -Dwext -P/var/run/wpa_supplicant/wlan0.pid -B
root 7177 1 0 20:44 ? 00:00:00 /sbin/dhcpcd --netconfig -L -E -G -c /etc/sysconfig/network/scripts/dhcpcd-hook -t 0 -h planchet wlan0
Any idea how to fix this?