Bug 9233 - Crash after module unload in b43
Summary: Crash after module unload in b43
Status: REJECTED UNREPRODUCIBLE
Alias: None
Product: Other
Classification: Unclassified
Component: Modules (show other bugs)
Hardware: All Linux
: P1 normal
Assignee: other_modules
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2007-10-27 08:51 UTC by Christian Casteyde
Modified: 2009-02-04 14:15 UTC (History)
3 users (show)

See Also:
Kernel Version: 2.6.24-rc1
Tree: Mainline
Regression: ---


Attachments

Description Christian Casteyde 2007-10-27 08:51:07 UTC
Most recent kernel where this bug did not occur:
N/A (the driver was introduced in 2.6.24-rc1)

Distribution:
Bluewhite 64 12.0 (64 bit version of Slackware 12)

Hardware Environment:
Broadcom wireless chip

Software Environment:

Problem Description:
This bug was first reported in 9269 (crash with ssb at PCI initialization / fixed), then duplicated to keep problems separated.

I got a crash after removing module b43 (leaving ssb loaded).
The first load was without firmware, so I tried to unload it to get firmware loaded after installing it, and after 10-20s, I got a panic:

Oct 25 20:16:47 athor kernel: b43-phy0 ERROR: Firmware file "b43/ucode5.fw" not
found or load failed.
Oct 25 20:16:47 athor kernel: b43-phy0 ERROR: You must go to
http://linuxwireless.org/en/users/Drivers
/bcm43xx#devicefirmware and download the correct firmware (version 4).
<!-- OK, I unload the module, to reload it after moving some firmware file -->
<!-- then : -->
Oct 25 20:17:11 athor kernel: Unable to handle kernel paging request at
ffffffff880243df RIP:
Oct 25 20:17:11 athor kernel:  [<ffffffff8036da39>] strcmp+0x9/0x20
Oct 25 20:17:11 athor kernel: PGD 203067 PUD 207063 PMD 56d9067 PTE 0
Oct 25 20:17:11 athor kernel: Oops: 0000 [1] PREEMPT
Oct 25 20:17:11 athor kernel: CPU 0
Oct 25 20:17:11 athor kernel: Modules linked in:
Oct 25 20:17:11 athor kernel: Pid: 5, comm: events/0 Not tainted 2.6.24-rc1 #6
Oct 25 20:17:11 athor kernel: RIP: 0010:[<ffffffff8036da39>] 
[<ffffffff8036da39>] strcmp+0x9/0x20
Oct 25 20:17:11 athor kernel: RSP: 0018:ffff810002877d70  EFLAGS: 00010082
Oct 25 20:17:11 athor kernel: RAX: ffffffff807875e0 RBX: ffffffff808a6640 RCX:
7800000000000000
Oct 25 20:17:11 athor kernel: RDX: 0000000000000000 RSI: ffffffff806fab3a RDI:
ffffffff880243df
Oct 25 20:17:11 athor kernel: RBP: ffff810002877d70 R08: ffffffff807875e0 R09:
0000000000000000
Oct 25 20:17:11 athor kernel: R10: ffffffff80246723 R11: 0000000000000001 R12:
ffffffff808a78a0
Oct 25 20:17:11 athor kernel: R13: ffffffff808a67a0 R14: 0000000000000000 R15:
ffffffff806fab3a
Oct 25 20:17:11 athor kernel: FS:  00002adfd2135d30(0000)
GS:ffffffff80790000(0000) knlGS:000000000000
0000
Oct 25 20:17:11 athor kernel: CS:  0010 DS: 0018 ES: 0018 CR0: 000000008005003b
Oct 25 20:17:11 athor kernel: CR2: ffffffff880243df CR3: 000000000539b000 CR4:
00000000000006e0
Oct 25 20:17:11 athor kernel: DR0: 0000000000000000 DR1: 0000000000000000 DR2:
0000000000000000
Oct 25 20:17:11 athor kernel: DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7:
0000000000000400
Oct 25 20:17:11 athor kernel: Process events/0 (pid: 5, threadinfo
ffff810002876000, task ffff81000287
4000)
Oct 25 20:17:11 athor kernel: Stack:  ffff810002877db0 ffffffff802551f9
0000000000000000 0000000000029
ac0
Oct 25 20:17:11 athor kernel:  ffffffff808a78a0 ffff810002877e60
ffffffff80926020 ffff810002874000
Oct 25 20:17:11 athor kernel:  ffff810002877e20 ffffffff80258226
0000000200000000 0000000000000000
Oct 25 20:17:11 athor kernel: Call Trace:
Oct 25 20:17:11 athor kernel:  [<ffffffff802551f9>]
count_matching_names+0x59/0xc0
Oct 25 20:17:11 athor kernel:  [<ffffffff80258226>] __lock_acquire+0x5b6/0x1080
Oct 25 20:17:11 athor kernel:  [<ffffffff805bb5cb>] _spin_unlock_irq+0x2b/0x60
Oct 25 20:17:11 athor kernel:  [<ffffffff80527c80>] rt_check_expire+0x0/0x160
Oct 25 20:17:11 athor kernel:  [<ffffffff80258d47>] lock_acquire+0x57/0x80
Oct 25 20:17:11 athor kernel:  [<ffffffff80246723>] run_workqueue+0x103/0x230
Oct 25 20:17:11 athor kernel:  [<ffffffff80246767>] run_workqueue+0x147/0x230
Oct 25 20:17:11 athor kernel:  [<ffffffff8024733a>] worker_thread+0xca/0x130
Oct 25 20:17:11 athor kernel:  [<ffffffff8024b240>]
autoremove_wake_function+0x0/0x40
Oct 25 20:17:11 athor kernel:  [<ffffffff80247270>] worker_thread+0x0/0x130
Oct 25 20:17:11 athor kernel:  [<ffffffff8024ae7d>] kthread+0x4d/0x80
Oct 25 20:17:11 athor kernel:  [<ffffffff8020c608>] child_rip+0xa/0x12
Oct 25 20:17:11 athor kernel:  [<ffffffff8020c1c3>] restore_args+0x0/0x30
Oct 25 20:17:11 athor kernel:  [<ffffffff8024af82>] kthreadd+0xd2/0x150
Oct 25 20:17:11 athor kernel:  [<ffffffff8024ae30>] kthread+0x0/0x80
Oct 25 20:17:11 athor kernel:  [<ffffffff8020c5fe>] child_rip+0x0/0x12
Oct 25 20:17:11 athor kernel:
Oct 25 20:17:11 athor kernel:
Oct 25 20:17:11 athor kernel: Code: 0f b6 17 89 d0 2a 06 48 ff c6 84 c0 75 04
84 d2 75 eb c9 0f
Oct 25 20:17:11 athor kernel: RIP  [<ffffffff8036da39>] strcmp+0x9/0x20
Oct 25 20:17:11 athor kernel:  RSP <ffff810002877d70>
Oct 25 20:17:11 athor kernel: CR2: ffffffff880243df
<!--here I rebooted-->

Sorry, the call stack is nearly useless. However, it is in lockdep code, where
a string is not right, so this is clearly for me a spinlock / lock / anything
not well initialized by the driver, of not freed at module unload. Seems
another init/term problem, that may be correlated and valuable to inspect I
think.

Steps to reproduce:
rmmod ssb
Maybe while some wireless activity? (I didn't reproduced this bug, at least with module unloading, but I got a similar one with ifconfig down).
Comment 1 Christian Casteyde 2007-10-27 08:57:29 UTC
See also
http://bugzilla.kernel.org/show_bug.cgi?id=9234
Maybe the same bug, or for the same reason.
Comment 2 Johannes Berg 2007-11-13 05:39:44 UTC
We've seen a bug with lockdep and I think the lockdep people are investigating why it's happening, it sometimes keeps around a string that is part of a module and then faults when accessing it.
Comment 3 John W. Linville 2007-11-13 12:23:58 UTC
This seems more like a module unload problem then an actual wireless problem to me...
Comment 4 Christian Casteyde 2008-08-19 13:36:05 UTC
I'll check if this bug is still there with 2.6.27 or when I next rebuild it. Seems many bugs I reported are closed against -rc3 now :-)
Comment 5 Johannes Berg 2009-02-04 13:56:21 UTC
This is ancient, somebody close it? It must've been the lockdep string problem I mentioned.

Note You need to log in before you can comment on or make changes to this bug.