OOPS at /build/buildd/linux-2.6.28/net/mac80211/rx.c:2201

Thanks hggdh,

Just curious how often you see this Oops occur and if you are able to reproduce at will. Thanks.

No, I cannot reproduce it at will; I do not know, yet, what triggers it. It started happening yesterday; I considered a reboot as a change to clean up & start fresh, given the amount of updates we had on Jaunty. Still, after reboot it happened. I know for a fact it did not happen before I moved to 2.6.28-4; I will try and reboot on 2.6.28-3, and run there for a while.

So far, today, I have had it about 3 times today.

I wonder if the b43 module/bcm43xx firmware has something to do with it -- I have a bcm4312 wireless chip... and syslog shows a lot of roaming on my wireless AP. This is strange, given that the router is about 50 cm from the laptop during this time... I have attached a syslog extract with n-m messages, just in case.

Upgraded to linux-image-2.6.28-5-generic (2.6.28-5.12). Rebooted, and as soon as I logged in under Gnome I got an OOPS pop-up.

 WARNING: at /build/buildd/linux-2.6.28/net/mac80211/rx.c:2201 __ieee80211_rx+0xf1/0x1f0 [mac80211]()
 Modules linked in: snd_seq_dummy ip6table_filter ip6_tables iptable_raw xt_comment xt_recent xt_policy ipt_ULOG ipt_TTL ipt_ttl ipt_REJECT ipt_REDIRECT ipt_NETMAP ipt_MASQUERADE ipt_LOG ipt_ECN ipt_ecn ipt_CLUSTERIP ipt_ah ipt_addrtype nf_nat_tftp nf_nat_snmp_basic nf_nat_sip nf_nat_pptp nf_nat_proto_gre nf_nat_irc nf_nat_h323 nf_nat_ftp nf_nat_amanda ts_kmp nf_conntrack_amanda nf_conntrack_tftp nf_conntrack_sip nf_conntrack_proto_sctp nf_conntrack_pptp nf_conntrack_proto_gre nf_conntrack_netlink nf_conntrack_netbios_ns nf_conntrack_irc nf_conntrack_h323 nf_conntrack_ftp xt_tcpmss xt_pkttype xt_physdev xt_owner xt_NFQUEUE xt_NFLOG xt_multiport xt_MARK xt_mark xt_mac xt_limit xt_length xt_iprange xt_helper xt_hashlimit xt_DSCP xt_dscp xt_dccp xt_conntrack xt_CONNMARK xt_connmark xt_CLASSIFY xt_tcpudp xt_state iptable_nat nf_nat nf_conntrack_ipv4 nf_defrag_ipv4 nf_conntrack iptable_mangle nfnetlink rfkill_input binfmt_misc ppdev parport_pc lp parport powernow_k8 xfrm_u
 ser xfrm4_tunnel tunnel4 ipcomp xfrm_ipcomp esp4 ah4 iptable_filter ip_tables x_tables deflate zlib_deflate ctr twofish twofish_common camellia serpent blowfish des_generic cbc aes_x86_64 aes_generic xcbc rmd160 sha256_generic sha1_generic crypto_null af_key dm_crypt uvesafb vboxdrv sbp2 snd_usb_audio snd_usb_lib snd_seq_midi snd_seq_midi_event snd_rawmidi snd_hwdep arc4 ecb b43 joydev snd_hda_intel mac80211 snd_pcm snd_seq psmouse cfg80211 fglrx(P) dcdbas snd_timer snd_seq_device gspca_ov519 gspca_main video k8temp output compat_ioctl32 sdhci_pci serio_raw videodev led_class sdhci pcspkr shpchp snd i2c_piix4 v4l1_compat input_polldev usbhid soundcore snd_page_alloc btusb ohci1394 ieee1394 b44 mii ehci_hcd ohci_hcd ssb fbcon tileblit font bitblit softcursor fuse
 Pid: 0, comm: swapper Tainted: P 2.6.28-4-generic #11-Ubuntu
 Call Trace:
  <IRQ> [<ffffffff8024d83f>] warn_on_slowpath+0x5f/0x90
  [<ffffffffa04fa1b4>] ? dma_rx+0x1c4/0x2a0 [b43]
  [<ffffffffa00426b3>] ? ssb_pci_write32+0x33/0x60 [ssb]
  [<ffffffffa0423731>] __ieee80211_rx+0xf1/0x1f0 [mac80211]
  [<ffffffffa041066e>] ieee80211_tasklet_handler+0x12e/0x160 [mac80211]
  [<ffffffff80253206>] tasklet_action+0x86/0x110
  [<ffffffff8025391c>] __do_softirq+0x9c/0x170
  [<ffffffff80213d8c>] call_softirq+0x1c/0x30
  [<ffffffff80214ffd>] do_softirq+0x5d/0xa0
  [<ffffffff8025369d>] irq_exit+0x8d/0xa0
  [<ffffffff802152c5>] do_IRQ+0xc5/0x110
  [<ffffffff80212bf3>] ret_from_intr+0x0/0x29
  <EOI> [<ffffffff8022b866>] ? native_safe_halt+0x6/0x10
  [<ffffffff8027031d>] ? clockevents_notify+0x3d/0x90
  [<ffffffff8021a9bd>] ? default_idle+0x4d/0x50
  [<ffffffff8021aa4a>] ? c1e_idle+0x8a/0x130
  [<ffffffff806821b5>] ? atomic_notifier_call_chain+0x15/0x20
  [<ffffffff80210e85>] ? cpu_idle+0x65/0xc0
  [<ffffffff806798b3>] ? start_secondary+0x9e/0xcb
 ---[ end trace d7e82311614db277 ]---

It appears that this error occurs because function b43_plcp_get_bitrate_idx_ofdm() was returning 255 and not -1, causing the __ieee80211_rx function() to produce the warning message because the rate idx is out of range.

The good news is that commit 38c7a2230b3ee5053111777f45a5b993d37d80eb (from upstream commit a3c0b87c4f21911fb7185902dd13f0e3cd7f33f7) fixes this:

http://kernel.ubuntu.com/git?p=ubuntu/ubuntu-jaunty.git;a=commit;h=38c7a2230b3ee5053111777f45a5b993d37d80eb

Hence marking this as Fix Commited. It will be available at the next kernel update for Jaunty. If this does not fix this, please re-open the bug.