Bug 2731

Summary: Kernel panic with kernel 3.7 upwards
Product: Fedora Reporter: johnrory.odwyer
Component: broadcom-wlAssignee: NVieville <nicolas.vieville>
Status: RESOLVED DUPLICATE    
Severity: major CC: jarod
Priority: P5    
Version: 18   
Hardware: x86_64   
OS: GNU/Linux   
namespace:

Description johnrory.odwyer 2013-03-24 20:33:05 CET 
I am using Fedora 18 and Broadcom Corporation BCM4312 802.11b/g LP-PHY. I am getting kernel panic with with kernel 3.7 & 3.8. I have kdump and crash installed.

When I run:

sudo crash /var/crash/127.0.0.1-2013.01.17-13:18:08/vmcore /usr/lib/debug/lib/modules/`uname -r`/vmlinux



I get the following:

KERNEL: /usr/lib/debug/lib/modules/3.7.2-201.fc18.x86_64/vmlinux
    DUMPFILE: /var/crash/127.0.0.1-2013.01.17-13:18:08/vmcore  [PARTIAL DUMP]
        CPUS: 4
        DATE: Thu Jan  1 01:00:00 1970
      UPTIME: 00:05:31
LOAD AVERAGE: 0.95, 0.77, 0.38
       TASKS: 356
    NODENAME: localhost.localdomain
     RELEASE: 3.7.2-201.fc18.x86_64
     VERSION: #1 SMP Fri Jan 11 22:16:23 UTC 2013
     MACHINE: x86_64  (2393 Mhz)
      MEMORY: 3.9 GB
       PANIC: "Oops: 0000 [#1] SMP " (check log for details)
         PID: 0
     COMMAND: "swapper/3"
        TASK: ffff880131ebc560  (1 of 4)  [THREAD_INFO: ffff880131ec4000]
         CPU: 3
       STATE: TASK_RUNNING (PANIC)



If I run backtrace using the crash command bt I get:

crash> bt
PID: 0      TASK: ffff880131ebc560  CPU: 3   COMMAND: "swapper/3"
 #0 [ffff880137d83920] machine_kexec at ffffffff8103f035
 #1 [ffff880137d83990] crash_kexec at ffffffff810c6808
 #2 [ffff880137d83a60] oops_end at ffffffff81636698
 #3 [ffff880137d83a90] no_context at ffffffff8162acc1
 #4 [ffff880137d83af0] __bad_area_nosemaphore at ffffffff8162aeab
 #5 [ffff880137d83b40] bad_area_nosemaphore at ffffffff8162aedd
 #6 [ffff880137d83b50] __do_page_fault at ffffffff8163934e
 #7 [ffff880137d83c60] do_page_fault at ffffffff8163949e
 #8 [ffff880137d83c70] page_fault at ffffffff81635ad8
    [exception RIP: wlc_dotxstatus+129]
    RIP: ffffffffa043e77f  RSP: ffff880137d83d20  RFLAGS: 00010246
    RAX: ffff88012ad50200  RBX: ffff88012f808000  RCX: 0000000000006093
    RDX: 0000000000000005  RSI: 0000000000000002  RDI: 0000000000000000
    RBP: ffff880137d83de0   R8: 0000000000000003   R9: 0000000000000220
    R10: 0000000000000001  R11: 0000000000000000  R12: ffff88012ad50200
    R13: 0000000020000000  R14: 0000000000000000  R15: ffff88012f808000
    ORIG_RAX: ffffffffffffffff  CS: 0010  SS: 0018
 #9 [ffff880137d83de8] wlc_dpc at ffffffffa04860fe [wl]
#10 [ffff880137d83e88] wl_dpc at ffffffffa04fa05d [wl]
#11 [ffff880137d83eb8] tasklet_action at ffffffff8106748a
#12 [ffff880137d83ed8] __do_softirq at ffffffff81067000
#13 [ffff880137d83f38] call_softirq at ffffffff8163ecdc
#14 [ffff880137d83f50] do_softirq at ffffffff81016315
#15 [ffff880137d83f80] do_IRQ at ffffffff8163f563
--- <IRQ stack> ---
#16 [ffff880131ec5d88] ret_from_intr at ffffffff816357ed
    [exception RIP: intel_idle+237]
    RIP: ffffffff8134666d  RSP: ffff880131ec5e38  RFLAGS: 00000202
    RAX: 0000000000000000  RBX: 0000000000000082  RCX: 20c49ba5e353f7cf
    RDX: 0000000000000338  RSI: 0000000000000000  RDI: 0000000000000000
    RBP: ffff880131ec5e98   R8: 0000000000000003   R9: 000000000001b4f6
    R10: 0000000000000001  R11: 0000000000000000  R12: 0000000000000003
    R13: 0000004d4af64dd5  R14: ffffffff81085cc9  R15: ffff880131ec5db8
    ORIG_RAX: ffffffffffffff9e  CS: 0010  SS: 0018
#17 [ffff880131ec5ea0] cpuidle_enter at ffffffff814ddde9
#18 [ffff880131ec5eb0] cpuidle_idle_call at ffffffff814de479
#19 [ffff880131ec5f00] cpu_idle at ffffffff8101d4af


Could you investigate please this issue please. Let me know if you need me to add any more information.
Comment 1 NVieville 2013-03-24 22:06:58 CET 
Hello,

Thanks for reporting this issue with details.

Reading your issue description and crash logs, there seems that you encountered an already reported problem (https://bugzilla.rpmfusion.org/show_bug.cgi?id=2721).

So if you don't mind, I'll tag this bug as duplicate of bug2721, and I invite you to follow it.

As I already mention it in this thread, this bug is not so easy to catch (for me at least). I've already tried some trivial quick fixes, but with no luck. The problem seems to be buried in the binary "blob" of the Broadcom STA driver (wlc_dotxstatus function), and there is probably something to do from the sources provided with it, but for the moment, I need a little bit of time to study more precisely where it could be possible to do something.

Feel free to provide any feedback you think useful about this bug.

Cordially,


-- 
NVieville
Comment 2 johnrory.odwyer 2013-03-25 20:41:44 CET 
Yes please Nicolas, tag this as a duplicate of bug 2721. I will follow 2721 now and try to contribute if I can

Many thanks for your commitment to finding a solution

Regards
John
Comment 3 NVieville 2013-03-26 10:20:29 CET 
Hello,

Done!


-- 
NVieville

*** This bug has been marked as a duplicate of bug 2721 ***