Bug 32042 - b43: Panic at random intervals
Summary: b43: Panic at random intervals
Status: CLOSED CODE_FIX
Alias: None
Product: Drivers
Classification: Unclassified
Component: network-wireless (show other bugs)
Hardware: All Linux
: P1 high
Assignee: John W. Linville
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2011-03-27 22:15 UTC by bjorn.ottervik
Modified: 2011-04-12 09:26 UTC (History)
4 users (show)

See Also:
Kernel Version: 2.6.38
Tree: Mainline
Regression: No


Attachments
Full dmesg (75.26 KB, text/plain)
2011-03-27 22:15 UTC, bjorn.ottervik
Details
Kernel .config (77.30 KB, text/plain)
2011-03-27 22:16 UTC, bjorn.ottervik
Details
lspci -vv (25.77 KB, text/plain)
2011-03-27 22:20 UTC, bjorn.ottervik
Details
0001-b43-allocate-recieve-buffers-big-enough-for-max-fram.patch (1.59 KB, patch)
2011-03-28 18:17 UTC, John W. Linville
Details | Diff

Description bjorn.ottervik 2011-03-27 22:15:59 UTC
Created attachment 52242 [details]
Full dmesg

BMC4312 set up as access point by hostapd 0.7.3. Hardware is an HP 2133 mini notebook.
Reproducable at least as far back as 2.6.35; have not tried earlier versions.
Problem disappears if B43_FORCE_PIO=y is set, but so does connectivity.

[192500.881342] skb_over_panic: text:f80fc27d len:2378 put:2378 head:cfbf0000 data:cfbf0040 tail:0xcfbf098a end:0xcfbf0980 dev:<NULL>
[192500.881582] ------------[ cut here ]------------
[192500.881638] kernel BUG at net/core/skbuff.c:127!
[192500.881693] invalid opcode: 0000 [#1] SMP 
[192500.881751] last sysfs file: /sys/devices/pci0000:80/0000:80:01.0/class
[192500.881811] Modules linked in: b43 ssb
[192500.881871] 
[192500.881921] Pid: 29751, comm: irq/24-b43 Not tainted 2.6.38 #1 Hewlett-Packard HP 2133/3030
[192500.882036] EIP: 0060:[<c14edd4c>] EFLAGS: 00010286 CPU: 0
[192500.882103] EIP is at skb_put+0x8c/0x90
[192500.882157] EAX: 0000008c EBX: cfbf098a ECX: c187b23c EDX: fffece37
[192500.882218] ESI: 00000000 EDI: cfbf0040 EBP: e7043e8c ESP: e7043e60
[192500.882278]  DS: 007b ES: 007b FS: 00d8 GS: 0000 SS: 0068
[192500.882286] Process irq/24-b43 (pid: 29751, ti=e7042000 task=cf66d860 task.ti=e7042000)
[192500.882286] Stack:
[192500.882286]  c182a850 f80fc27d 0000094a 0000094a cfbf0000 cfbf0040 cfbf098a cfbf0980
[192500.882286]  c1825d52 cf2e4960 0000092c e7043ee8 f80fc27d f5763810 00000020 140e7ef4
[192500.882286]  00000000 f6c067f8 0000af14 c1876244 cf2e4980 cf2e4984 f8102a34 00000003
[192500.882286] Call Trace:
[192500.882286]  [<f80fc27d>] ? b43_dma_rx+0x18d/0x410 [b43]
[192500.882286]  [<f80fc27d>] b43_dma_rx+0x18d/0x410 [b43]
[192500.882286]  [<f80e7af0>] b43_do_interrupt_thread+0x400/0x8e0 [b43]
[192500.882286]  [<c12507ea>] ? radix_tree_lookup+0xa/0x10
[192500.882286]  [<c108c11f>] ? irq_to_desc+0xf/0x20
[192500.882286]  [<c10033e9>] ? common_interrupt+0x29/0x30
[192500.882286]  [<f80e7fe8>] b43_interrupt_thread_handler+0x18/0x30 [b43]
[192500.882286]  [<c108cb33>] irq_thread+0xf3/0x1f0
[192500.882286]  [<c108ca40>] ? irq_thread+0x0/0x1f0
[192500.882286]  [<c1057da4>] kthread+0x74/0x80
[192500.882286]  [<c1057d30>] ? kthread+0x0/0x80
[192500.882286]  [<c10033f6>] kernel_thread_helper+0x6/0x10
[192500.882286] Code: 4c 24 14 8b 88 a4 00 00 00 89 54 24 0c 89 4c 24 10 8b 40 50 c7 04 24 50 a8 82 c1 89 44 24 08 8b 45 04 89 44 24 04 e8 5c b0 15 00 <0f> 0b 66 90 55 89 e5 56 89 c6 53 0f b6 40 65 83 e0 18 3c 08 0f 
[192500.882286] EIP: [<c14edd4c>] skb_put+0x8c/0x90 SS:ESP 0068:e7043e60
[192500.884580] ---[ end trace fcffd54cea6ad1fe ]---
[192500.884679] exiting task "irq/24-b43" (29751) is an active IRQ thread (irq 24)
Comment 1 bjorn.ottervik 2011-03-27 22:16:44 UTC
Created attachment 52252 [details]
Kernel .config
Comment 2 bjorn.ottervik 2011-03-27 22:20:39 UTC
Created attachment 52262 [details]
lspci -vv
Comment 3 John W. Linville 2011-03-28 18:17:26 UTC
Created attachment 52382 [details]
0001-b43-allocate-recieve-buffers-big-enough-for-max-fram.patch

Please try to reproduce after applying this patch...thanks!
Comment 4 Larry Finger 2011-03-28 19:09:52 UTC
John,

I agree with your analysis. Once this is verified by the OP, add my ACK, but please fix the typo in "receive".

Larry
Comment 5 bjorn.ottervik 2011-03-29 21:16:03 UTC
Seems to have worked; Patched and running for over 24h without a problem. Thank you!
Comment 6 John W. Linville 2011-03-30 18:27:15 UTC
http://marc.info/?l=linux-wireless&m=130150821624297&w=2
Comment 7 Florian Mickler 2011-04-12 09:22:10 UTC
A patch referencing this bug report has been merged in v2.6.39-rc3:

commit c85ce65ecac078ab1a1835c87c4a6319cf74660a
Author: John W. Linville <linville@tuxdriver.com>
Date:   Wed Mar 30 14:02:46 2011 -0400

    b43: allocate receive buffers big enough for max frame len + offset

Note You need to log in before you can comment on or make changes to this bug.