Most recent kernel where this bug did not occur: N/A (the driver was introduced in 2.6.24-rc1) Distribution: Bluewhite 64 12.0 (64 bit version of Slackware 12) Hardware Environment: Broadcom wireless chip Software Environment: Problem Description: This bug was first reported in 9269 (crash with ssb at PCI initialization / fixed), then duplicated to keep problems separated. I got a crash after removing module b43 (leaving ssb loaded). The first load was without firmware, so I tried to unload it to get firmware loaded after installing it, and after 10-20s, I got a panic: Oct 25 20:16:47 athor kernel: b43-phy0 ERROR: Firmware file "b43/ucode5.fw" not found or load failed. Oct 25 20:16:47 athor kernel: b43-phy0 ERROR: You must go to http://linuxwireless.org/en/users/Drivers /bcm43xx#devicefirmware and download the correct firmware (version 4). <!-- OK, I unload the module, to reload it after moving some firmware file --> <!-- then : --> Oct 25 20:17:11 athor kernel: Unable to handle kernel paging request at ffffffff880243df RIP: Oct 25 20:17:11 athor kernel: [<ffffffff8036da39>] strcmp+0x9/0x20 Oct 25 20:17:11 athor kernel: PGD 203067 PUD 207063 PMD 56d9067 PTE 0 Oct 25 20:17:11 athor kernel: Oops: 0000 [1] PREEMPT Oct 25 20:17:11 athor kernel: CPU 0 Oct 25 20:17:11 athor kernel: Modules linked in: Oct 25 20:17:11 athor kernel: Pid: 5, comm: events/0 Not tainted 2.6.24-rc1 #6 Oct 25 20:17:11 athor kernel: RIP: 0010:[<ffffffff8036da39>] [<ffffffff8036da39>] strcmp+0x9/0x20 Oct 25 20:17:11 athor kernel: RSP: 0018:ffff810002877d70 EFLAGS: 00010082 Oct 25 20:17:11 athor kernel: RAX: ffffffff807875e0 RBX: ffffffff808a6640 RCX: 7800000000000000 Oct 25 20:17:11 athor kernel: RDX: 0000000000000000 RSI: ffffffff806fab3a RDI: ffffffff880243df Oct 25 20:17:11 athor kernel: RBP: ffff810002877d70 R08: ffffffff807875e0 R09: 0000000000000000 Oct 25 20:17:11 athor kernel: R10: ffffffff80246723 R11: 0000000000000001 R12: ffffffff808a78a0 Oct 25 20:17:11 athor kernel: R13: ffffffff808a67a0 R14: 0000000000000000 R15: ffffffff806fab3a Oct 25 20:17:11 athor kernel: FS: 00002adfd2135d30(0000) GS:ffffffff80790000(0000) knlGS:000000000000 0000 Oct 25 20:17:11 athor kernel: CS: 0010 DS: 0018 ES: 0018 CR0: 000000008005003b Oct 25 20:17:11 athor kernel: CR2: ffffffff880243df CR3: 000000000539b000 CR4: 00000000000006e0 Oct 25 20:17:11 athor kernel: DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 Oct 25 20:17:11 athor kernel: DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000400 Oct 25 20:17:11 athor kernel: Process events/0 (pid: 5, threadinfo ffff810002876000, task ffff81000287 4000) Oct 25 20:17:11 athor kernel: Stack: ffff810002877db0 ffffffff802551f9 0000000000000000 0000000000029 ac0 Oct 25 20:17:11 athor kernel: ffffffff808a78a0 ffff810002877e60 ffffffff80926020 ffff810002874000 Oct 25 20:17:11 athor kernel: ffff810002877e20 ffffffff80258226 0000000200000000 0000000000000000 Oct 25 20:17:11 athor kernel: Call Trace: Oct 25 20:17:11 athor kernel: [<ffffffff802551f9>] count_matching_names+0x59/0xc0 Oct 25 20:17:11 athor kernel: [<ffffffff80258226>] __lock_acquire+0x5b6/0x1080 Oct 25 20:17:11 athor kernel: [<ffffffff805bb5cb>] _spin_unlock_irq+0x2b/0x60 Oct 25 20:17:11 athor kernel: [<ffffffff80527c80>] rt_check_expire+0x0/0x160 Oct 25 20:17:11 athor kernel: [<ffffffff80258d47>] lock_acquire+0x57/0x80 Oct 25 20:17:11 athor kernel: [<ffffffff80246723>] run_workqueue+0x103/0x230 Oct 25 20:17:11 athor kernel: [<ffffffff80246767>] run_workqueue+0x147/0x230 Oct 25 20:17:11 athor kernel: [<ffffffff8024733a>] worker_thread+0xca/0x130 Oct 25 20:17:11 athor kernel: [<ffffffff8024b240>] autoremove_wake_function+0x0/0x40 Oct 25 20:17:11 athor kernel: [<ffffffff80247270>] worker_thread+0x0/0x130 Oct 25 20:17:11 athor kernel: [<ffffffff8024ae7d>] kthread+0x4d/0x80 Oct 25 20:17:11 athor kernel: [<ffffffff8020c608>] child_rip+0xa/0x12 Oct 25 20:17:11 athor kernel: [<ffffffff8020c1c3>] restore_args+0x0/0x30 Oct 25 20:17:11 athor kernel: [<ffffffff8024af82>] kthreadd+0xd2/0x150 Oct 25 20:17:11 athor kernel: [<ffffffff8024ae30>] kthread+0x0/0x80 Oct 25 20:17:11 athor kernel: [<ffffffff8020c5fe>] child_rip+0x0/0x12 Oct 25 20:17:11 athor kernel: Oct 25 20:17:11 athor kernel: Oct 25 20:17:11 athor kernel: Code: 0f b6 17 89 d0 2a 06 48 ff c6 84 c0 75 04 84 d2 75 eb c9 0f Oct 25 20:17:11 athor kernel: RIP [<ffffffff8036da39>] strcmp+0x9/0x20 Oct 25 20:17:11 athor kernel: RSP <ffff810002877d70> Oct 25 20:17:11 athor kernel: CR2: ffffffff880243df <!--here I rebooted--> Sorry, the call stack is nearly useless. However, it is in lockdep code, where a string is not right, so this is clearly for me a spinlock / lock / anything not well initialized by the driver, of not freed at module unload. Seems another init/term problem, that may be correlated and valuable to inspect I think. Steps to reproduce: rmmod ssb Maybe while some wireless activity? (I didn't reproduced this bug, at least with module unloading, but I got a similar one with ifconfig down).
See also http://bugzilla.kernel.org/show_bug.cgi?id=9234 Maybe the same bug, or for the same reason.
We've seen a bug with lockdep and I think the lockdep people are investigating why it's happening, it sometimes keeps around a string that is part of a module and then faults when accessing it.
This seems more like a module unload problem then an actual wireless problem to me...
I'll check if this bug is still there with 2.6.27 or when I next rebuild it. Seems many bugs I reported are closed against -rc3 now :-)
This is ancient, somebody close it? It must've been the lockdep string problem I mentioned.