On Friday 26 January 2007 16:58, Jiri Benc wrote: > (The latest wireless-dev tree. How to reproduce: associate (probably > bringing the interface up is enough) and eject the cardbus card.)
Is this linville's tree or mine? Either way, did you apply that DMA skb doublefree patch? It fixes memory corruption, which could probablb cause this. > wlan0: Initial auth_alg=0 > wlan0: authenticate with AP 00:11:2f:a2:96:da > wlan0: RX authentication from 00:11:2f:a2:96:da (alg=0 transaction=2 > status=0) wlan0: authenticated > wlan0: associate with AP 00:11:2f:a2:96:da > wlan0: RX AssocResp from 00:11:2f:a2:96:da (capab=0x1 status=0 aid=3) > wlan0: associated > wmaster0: Added STA 00:11:2f:a2:96:da > wlan0: CTS protection enabled (BSSID=00:11:2f:a2:96:da) > pccard: card ejected from slot 0 > bcm43xx_d80211: Removing Interface type 2 > bcm43xx_d80211: ASSERTION FAILED (!dev->started) at: > drivers/net/wireless/d80211/bcm43xx/bcm43xx_main.c:3255:bcm43xx_remove_interface() But this assertion failure should not happen. Do we call remove_interface after hw->stop was called? I did not check d80211 code, but my assumption in the code is that hw->open is always called after the first add_interface and hw->stop is called before the last remove_interface. Is that a wrong assumption? If yes, it should probably be fixed in the stack. > BUG: unable to handle kernel paging request at virtual address 6b6b6b87 > printing eip: c0137202 > *pde = 00000000 > Oops: 0000 [#1] > SMP > Modules linked in: arc4 ecb blkcipher rc80211_simple bcm43xx_d80211 ssb > 80211 netconsole CPU: 0 > EIP: 0060:[<c0137202>] Not tainted VLI > EFLAGS: 00010046 (2.6.20-rc6-test #74) > EIP is at __lock_acquire+0x42/0xe60 > eax: 00000002 ebx: 00000046 ecx: 00000000 edx: 00000000 > esi: 00000000 edi: 6b6b6b83 ebp: c1eafbcc esp: c1eafb54 > ds: 007b es: 007b ss: 0068 > Process pccardd (pid: 797, ti=c1eae000 task=c1d34070 task.ti=c1eae000) > Stack: c1e11eac c1eafb68 00000046 c1d34070 00000251 00000000 00000000 > 00000000 c03455c7 c1d34070 f70f5960 c1eafb8c c0272c2f 00000097 c1eafc04 > c0279278 00000000 00000000 c1d34070 c06b72c0 c1d34670 00000000 c1d345a8 > c1e11e44 Call Trace: > [<c0103f3a>] show_trace_log_lvl+0x1a/0x30 > [<c0104006>] show_stack_log_lvl+0xb6/0x100 > [<c010433f>] show_registers+0x1af/0x2b0 > [<c0104691>] die+0x111/0x220 > [<c03c4105>] do_page_fault+0x2c5/0x630 > [<c03c2734>] error_code+0x7c/0x84 > [<c0138397>] lock_acquire+0x57/0x70 > [<c03c1f4c>] _spin_lock+0x2c/0x40 > [<f8b4cf0c>] bcm43xx_interrupt_handler+0x1c/0x2f0 [bcm43xx_d80211] > [<c0141758>] handle_IRQ_event+0x28/0x60 > [<c0143338>] handle_level_irq+0x88/0x120 > [<c01051b4>] do_IRQ+0x64/0xc0 > [<c01039d2>] common_interrupt+0x2e/0x34 > [<c011c73b>] printk+0x1b/0x20 > [<f8b485b5>] bcm43xx_remove_interface+0x185/0x190 [bcm43xx_d80211] > [<f8b2158e>] ieee80211_stop+0x6e/0x110 [80211] > [<c03452d4>] dev_close+0x44/0x90 > [<c0345e90>] unregister_netdevice+0x170/0x210 > [<f8b31d0c>] __ieee80211_if_del+0x1c/0x20 [80211] > [<f8b20aaa>] ieee80211_unregister_hw+0x8a/0x280 [80211] > [<f8b470d9>] bcm43xx_wireless_exit+0x19/0x40 [bcm43xx_d80211] > [<f8b4724a>] bcm43xx_remove+0x7a/0xc0 [bcm43xx_d80211] > [<f883819c>] ssb_device_remove+0x1c/0x30 [ssb] > [<c026bb3a>] __device_release_driver+0x6a/0x90 > [<c026beb5>] device_release_driver+0x35/0x50 > [<c026b348>] bus_remove_device+0x68/0x90 > [<c0269c29>] device_del+0x189/0x1f0 > [<c0269c9b>] device_unregister+0xb/0x20 > [<f8838311>] ssb_bus_unregister+0x61/0xa0 [ssb] > [<f8b5b9f3>] bcm43xx_pci_remove+0x23/0x50 [bcm43xx_d80211] > [<c0203af9>] pci_device_remove+0x19/0x40 > [<c026bb3a>] __device_release_driver+0x6a/0x90 > [<c026beb5>] device_release_driver+0x35/0x50 > [<c026b348>] bus_remove_device+0x68/0x90 > [<c0269c29>] device_del+0x189/0x1f0 > [<c0269c9b>] device_unregister+0xb/0x20 > [<c0200846>] pci_stop_dev+0x26/0x60 > [<c020090b>] pci_remove_bus_device+0x2b/0xa0 > [<c02009aa>] pci_remove_behind_bridge+0x2a/0x40 > [<c02c459a>] cb_free+0x1a/0x20 > [<c02c0b07>] socket_shutdown+0x77/0xd0 > [<c02c0cf6>] socket_remove+0x26/0x30 > [<c02c144d>] pccardd+0x21d/0x250 > [<c012f8ba>] kthread+0xda/0xe0 > [<c0103c4b>] kernel_thread_helper+0x7/0x1c > ======================= > Code: 40 19 4c c0 89 4d a4 85 c0 0f 84 8a 04 00 00 9c 58 f6 c4 02 0f 85 > 13 0a 00 00 83 fa 07 0f 87 3c 0a 00 00 85 d2 0f 85 70 02 00 00 <8b> 57 > 04 85 d2 89 55 b0 0f 84 62 02 00 00 8b 45 b0 e8 88 de ff EIP: > [<c0137202>] __lock_acquire+0x42/0xe60 SS:ESP 0068:c1eafb54 <0>Kernel > panic - not syncing: Fatal exception in interrupt > > -- Greetings Michael. _______________________________________________ Bcm43xx-dev mailing list [email protected] https://lists.berlios.de/mailman/listinfo/bcm43xx-dev
