BUG in if_sdio_interrupt()

徐骁 sunshareall0709 at gmail.com
Wed Mar 10 23:47:25 EST 2010

    I encountered a big problem yestoday. ( I'm using linux-2.6.28)

my driver of wifi has been built into my kernel.

1) I configured my WiFi as follow:

ifconfig eth1 up
iwconfig eth1 essid "OpenWrt"
iwconfig eth1 key s:hello

ping   (this the ip of the router)

PING ( 56 data bytes
64 bytes from seq=0 ttl=64 time=20.085 ms
64 bytes from seq=1 ttl=64 time=2.066 ms
64 bytes from seq=2 ttl=64 time=10.763 ms
64 bytes from seq=3 ttl=64 time=5.661 ms
64 bytes from seq=4 ttl=64 time=2.025 ms
64 bytes from seq=5 ttl=64 time=13.666 ms
/******************* configure OVER ****************************/

2) Then I run "iwconfig eth1" to query the status of the WiFi:

eth1      IEEE 802.11b/g  ESSID:"OpenWrt"
          Mode:Managed  Frequency:2.437 GHz  Access Point: 00:14:78:BF:5E:82
          Bit Rate:1 Mb/s   Tx-Power=13 dBm
          Retry short limit:8   RTS thr=2347 B   Fragment thr=2346 B
          Encryption key:6271-7669-7369-6F6E-6D69-6D61-48   Security mode:open
          Power Management:off
          Link Quality=15/100  Signal level=-85 dBm  Noise level=-90 dBm
          Rx invalid nwid:0  Rx invalid crypt:49  Rx invalid frag:0
          Tx excessive retries:15  Invalid misc:71   Missed beacon:0

3) I run "iwconfig eth1"  again and again,
while true
    iwconfig eth1
    sleep 1

while I power OFF the router.(So, of course, the WiFi cann't find the
Network "OpenWrt").
    Now comes the backtrace in my minicom:

libertas: command 0x000b timed out
libertas: requeueing command 0x000b due to timeout (#1)
libertas: command 0x000b timed out
libertas: requeueing command 0x000b due to timeout (#2)
libertas: command 0x000b timed out
libertas: requeueing command 0x000b due to timeout (#3)
libertas: command 0x000b timed out
libertas: Excessive timeouts submitting command 0x000b
libertas: PREP_CMD: command 0x000b failed: -110

kernel BUG at drivers/net/wireless/libertas/if_sdio.c:149!
Unable to handle kernel NULL pointer dereference at virtual address 00000000
pgd = c0004000
[00000000] *pgd=00000000
Internal error: Oops: 817 [#1]
Modules linked in:
CPU: 0    Not tainted  ( #61)
PC is at __bug+0x20/0x2c
LR is at release_console_sem+0x1cc/0x20c
pc : [<c002fb84>]    lr : [<c004c270>]    psr: 60000093
sp : c7233f30  ip : c7233e38  fp : c7233f3c
r10: 00000010  r9 : 00001d90  r8 : 0000004c
r7 : c7274420  r6 : c72a0000  r5 : 00000000  r4 : c7274420
r3 : 00000000  r2 : c038adb4  r1 : 60000093  r0 : 0000003e
Flags: nZCv  IRQs off  FIQs on  Mode SVC_32  ISA ARM  Segment kernel
Control: 00c5387d  Table: 572c4008  DAC: 00000017
Process ksdioirqd/mmc0 (pid: 1032, stack limit = 0xc7232260)
Stack: (0xc7233f30 to 0xc7234000)
3f20:                                     c7233f84 c7233f40 c01aea5c c002fb70
3f40: 00000000 80000013 00000000 00000000 00000000 00000000 c715e800 00000001
3f60: 00000000 00000000 c715e800 c71bc000 c7232000 7fffffff c7233fd4 c7233f88
3f80: c01fc500 c01ae630 00000000 c7233fa7 c02b375c c715ea48 c71bc0d4 00000002
3fa0: 00000001 02000000 c0045708 c7232000 c715e800 c01fc400 00000000 00000000
3fc0: 00000000 00000000 c7233ff4 c7233fd8 c005fd8c c01fc40c 00000000 00000000
3fe0: 00000000 00000000 00000000 c7233ff8 c004e74c c005fd3c ffffffff ffffffff
[<c002fb64>] (__bug+0x0/0x2c) from [<c01aea5c>] (if_sdio_interrupt+0x438/0x980)
[<c01ae624>] (if_sdio_interrupt+0x0/0x980) from [<c01fc500>]
[<c01fc400>] (sdio_irq_thread+0x0/0x224) from [<c005fd8c>] (kthread+0x5c/0x94)
[<c005fd30>] (kthread+0x0/0x94) from [<c004e74c>] (do_exit+0x0/0x6d8)
 r6:00000000 r5:00000000 r4:00000000
Code: e1a01000 e59f000c eb007365 e3a03000 (e5833000)
---[ end trace cb557a2f9aaaf810 ]---
BUG: spinlock lockup on CPU#0, iwconfig/1085, c72761cc
[<c00301d4>] (dump_stack+0x0/0x14) from [<c016063c>] (_raw_spin_lock+0xf4/0x130)
[<c0160548>] (_raw_spin_lock+0x0/0x130) from [<c02b5930>]
[<c02b5914>] (_spin_lock_irqsave+0x0/0x24) from [<c019bbe4>]
[<c019bb6c>] (lbs_get_cmd_ctrl_node+0x0/0x184) from [<c019c01c>]
 r7:0000001e r6:c7274420 r5:00000000 r4:c7274420
[<c019bf50>] (__lbs_cmd_async+0x0/0x290) from [<c019c620>]
[<c019c58c>] (__lbs_cmd+0x0/0x214) from [<c019efa8>]
[<c019eef8>] (lbs_get_tx_power+0x0/0x158) from [<c0196db8>]
 r8:c03e7b0c r7:be9ab8a8 r6:c7274420 r5:c7289e90 r4:00000001
[<c0196cdc>] (lbs_get_txpow+0x0/0x1c8) from [<c0296490>]
 r8:00008b27 r7:be9ab8a8 r6:c02d2e1c r5:c7289e90 r4:00008b27
[<c029642c>] (ioctl_standard_call+0x0/0x370) from [<c0296038>]
[<c0295f7c>] (wext_handle_ioctl+0x0/0x224) from [<c021e740>]
 r8:c7288000 r7:c03e887c r6:be9ab8a8 r5:00008b27 r4:00000000
[<c021e050>] (dev_ioctl+0x0/0x750) from [<c020e73c>] (sock_ioctl+0x208/0x248)
[<c020e534>] (sock_ioctl+0x0/0x248) from [<c00a7ea0>] (vfs_ioctl+0x34/0x78)
 r6:00000003 r5:be9ab8a8 r4:00008b27
[<c00a7e6c>] (vfs_ioctl+0x0/0x78) from [<c00a8348>] (do_vfs_ioctl+0x438/0x488)
 r5:be9ab8a8 r4:c7196460
[<c00a7f10>] (do_vfs_ioctl+0x0/0x488) from [<c00a83d8>] (sys_ioctl+0x40/0x64)
[<c00a8398>] (sys_ioctl+0x0/0x64) from [<c002bdc0>] (ret_fast_syscall+0x0/0x2c)
 r7:00000036 r6:00000003 r5:be9abcef r4:be9ab8a8

May anyone can offer some advice.
Best Regards.

