Created attachment 52242 [details] Full dmesg BMC4312 set up as access point by hostapd 0.7.3. Hardware is an HP 2133 mini notebook. Reproducable at least as far back as 2.6.35; have not tried earlier versions. Problem disappears if B43_FORCE_PIO=y is set, but so does connectivity. [192500.881342] skb_over_panic: text:f80fc27d len:2378 put:2378 head:cfbf0000 data:cfbf0040 tail:0xcfbf098a end:0xcfbf0980 dev:<NULL> [192500.881582] ------------[ cut here ]------------ [192500.881638] kernel BUG at net/core/skbuff.c:127! [192500.881693] invalid opcode: 0000 [#1] SMP [192500.881751] last sysfs file: /sys/devices/pci0000:80/0000:80:01.0/class [192500.881811] Modules linked in: b43 ssb [192500.881871] [192500.881921] Pid: 29751, comm: irq/24-b43 Not tainted 2.6.38 #1 Hewlett-Packard HP 2133/3030 [192500.882036] EIP: 0060:[<c14edd4c>] EFLAGS: 00010286 CPU: 0 [192500.882103] EIP is at skb_put+0x8c/0x90 [192500.882157] EAX: 0000008c EBX: cfbf098a ECX: c187b23c EDX: fffece37 [192500.882218] ESI: 00000000 EDI: cfbf0040 EBP: e7043e8c ESP: e7043e60 [192500.882278] DS: 007b ES: 007b FS: 00d8 GS: 0000 SS: 0068 [192500.882286] Process irq/24-b43 (pid: 29751, ti=e7042000 task=cf66d860 task.ti=e7042000) [192500.882286] Stack: [192500.882286] c182a850 f80fc27d 0000094a 0000094a cfbf0000 cfbf0040 cfbf098a cfbf0980 [192500.882286] c1825d52 cf2e4960 0000092c e7043ee8 f80fc27d f5763810 00000020 140e7ef4 [192500.882286] 00000000 f6c067f8 0000af14 c1876244 cf2e4980 cf2e4984 f8102a34 00000003 [192500.882286] Call Trace: [192500.882286] [<f80fc27d>] ? b43_dma_rx+0x18d/0x410 [b43] [192500.882286] [<f80fc27d>] b43_dma_rx+0x18d/0x410 [b43] [192500.882286] [<f80e7af0>] b43_do_interrupt_thread+0x400/0x8e0 [b43] [192500.882286] [<c12507ea>] ? radix_tree_lookup+0xa/0x10 [192500.882286] [<c108c11f>] ? irq_to_desc+0xf/0x20 [192500.882286] [<c10033e9>] ? common_interrupt+0x29/0x30 [192500.882286] [<f80e7fe8>] b43_interrupt_thread_handler+0x18/0x30 [b43] [192500.882286] [<c108cb33>] irq_thread+0xf3/0x1f0 [192500.882286] [<c108ca40>] ? irq_thread+0x0/0x1f0 [192500.882286] [<c1057da4>] kthread+0x74/0x80 [192500.882286] [<c1057d30>] ? kthread+0x0/0x80 [192500.882286] [<c10033f6>] kernel_thread_helper+0x6/0x10 [192500.882286] Code: 4c 24 14 8b 88 a4 00 00 00 89 54 24 0c 89 4c 24 10 8b 40 50 c7 04 24 50 a8 82 c1 89 44 24 08 8b 45 04 89 44 24 04 e8 5c b0 15 00 <0f> 0b 66 90 55 89 e5 56 89 c6 53 0f b6 40 65 83 e0 18 3c 08 0f [192500.882286] EIP: [<c14edd4c>] skb_put+0x8c/0x90 SS:ESP 0068:e7043e60 [192500.884580] ---[ end trace fcffd54cea6ad1fe ]--- [192500.884679] exiting task "irq/24-b43" (29751) is an active IRQ thread (irq 24)
Created attachment 52252 [details] Kernel .config
Created attachment 52262 [details] lspci -vv
Created attachment 52382 [details] 0001-b43-allocate-recieve-buffers-big-enough-for-max-fram.patch Please try to reproduce after applying this patch...thanks!
John, I agree with your analysis. Once this is verified by the OP, add my ACK, but please fix the typo in "receive". Larry
Seems to have worked; Patched and running for over 24h without a problem. Thank you!
http://marc.info/?l=linux-wireless&m=130150821624297&w=2
A patch referencing this bug report has been merged in v2.6.39-rc3: commit c85ce65ecac078ab1a1835c87c4a6319cf74660a Author: John W. Linville <linville@tuxdriver.com> Date: Wed Mar 30 14:02:46 2011 -0400 b43: allocate receive buffers big enough for max frame len + offset