Please note: This project is no longer active. The website is kept online for historic purposes only.
If you´re looking for a Linux driver for your Atheros WLAN device, you should continue here .

{5} Assigned, Active Tickets by Owner (Full Description) (36 matches)

List tickets assigned, group by ticket owner. This report demonstrates the use of full-row display.

bell_kin

Ticket Summary Component Milestone Type Created
Description
#575 WDS + bridge mode panic madwifi: driver defect 04/28/06

I tested WDS with bridge with svn r1527 and I got kernel panic.

It is confirmed that there is no problme with svn r1491. It has been running r1491 and it is very stable in WDS bridge.

See the below attachment for a full oops and my /etc/network/interfaces.

kernel oops
unable to load wlan_scan_wds
ath1
ath1: Added WDS MAC: aa:bb:cc:dd:ee:ff
run-parts: /etc/network/if-pre-up.d/0_wpasupplicant exited with return code 1
Bridge firewalling registered
device eth0 entered promiscuous mode
eth0: DSPCFG accepted after 0 usec.
eth0: link up.
eth0: Setting full-duplex based on negotiated link capability.
eth0: Promiscuous mode enabled.
eth0: Promiscuous mode enabled.
eth0: Promiscuous mode enabled.
eth0: Promiscuous mode enabled.
eth0: Promiscuous mode enabled.
device ath1 entered promiscuous mode
device ath0 entered promiscuous mode
Unable to handle kernel NULL pointer dereference at virtual address 00000004
 printing eip:
c48e5246
*pde = 00000000
Oops: 0000 [#1]
PREEMPT
Modules linked in: bridge wlan_scan_ap ohci_hcd usbcore sc1200 scx200 ath_pci a2
CPU:    0
EIP:    0060:[<c48e5246>]    Tainted: P      VLI
EFLAGS: 00010296   (2.6.15-486-voyage)
EIP is at ieee80211_beacon_update+0xb/0x739 [wlan]
eax: 00000000   ebx: c3f2e260   ecx: 00000064   edx: c12111e0
esi: c3d4c260   edi: 00000000   ebp: 00000000   esp: c36edecc
ds: 007b   es: 007b   ss: 0068
Process bridge (pid: 1838, threadinfo=c36ec000 task=c36d0580)
Stack: c012e4e9 c36edee8 c36edee0 00000001 c36edfa4 c3f2e260 c3d4c260 00000000
       00000000 c489c9b2 00000000 c3d4c92c 00000000 00000000 c12111e0 00000000
       c3548000 00003c22 00000000 c3f2e260 c3d4c260 c489cc78 c3f2e260 c3d4c260
Call Trace:
 [<c012e4e9>] generic_file_read+0xa6/0xbf
 [<c489c9b2>] ath_beacon_generate+0x100/0x273 [ath_pci]
 [<c489cc78>] ath_beacon_send+0x153/0x2e7 [ath_pci]
 [<c4899bed>] ath_intr+0x141/0x26f [ath_pci]
 [<c012c8b7>] handle_IRQ_event+0x20/0x4c
 [<c012c95b>] __do_IRQ+0x78/0xd1
 [<c0105099>] do_IRQ+0x19/0x24
 [<c0103b8a>] common_interrupt+0x1a/0x20
Code: 01 00 00 89 42 10 66 8b 85 7b 01 00 00 66 89 42 14 66 c7 42 16 00 00 89 d
 <0>Kernel panic - not syncing: Fatal exception in interrupt
/etc/network/interfaces
# madwifi-ng WDS Bridge
auto br0
iface br0 inet static
       address 192.168.1.2
       netmask 255.255.255.0
       network 192.168.1.0
       broadcast 192.168.1.255
       gateway 192.168.1.1
       bridge_ports eth0 ath1 ath0
       pre-up wlanconfig ath0 create wlandev wifi1 wlanmode ap
       pre-up wlanconfig ath1 create wlandev wifi1 wlanmode wds
       pre-up iwconfig ath0 essid "voyage-wds" channel 1
       pre-up iwpriv ath1 wds_add AA:BB:CC:DD:EE:FF
       pre-up iwpriv ath1 wds 1
       up iwpriv ath0 mode 3
       post-down wlanconfig ath0 destroy
       post-down wlanconfig ath1 destroy

br1

Ticket Summary Component Milestone Type Created
Description
#884 bringing up a newly created adhoc device without channel assignment crashes the system madwifi: other version 0.9.x - progressive release candidate phase defect 09/15/06

Steps to reproduce the crash:

< .. load the driver ..>

wlanconfig ath0 destroy

wlanconfig ath0 create wlandev wifi0 wlandmode adhoc

ifconfig ath0 up

Kernel dump:

bss channel not setupBreak instruction in kernel code[#1]:
Cpu 0
$ 0   : 00000000 10009c00 00000018 802268f4
$ 4   : 802268f4 8131fed4 00000001 8028caa4
$ 8   : 8131c928 811cc520 00000018 00000000
$12   : 00000000 7fdb9c58 00000000 00000000
$16   : 81335000 0000ffff 81eb2280 81e2a280
$20   : 00000000 ffffffff 81ffecc0 00000000
$24   : 00000008 2ab88910
$28   : 80222000 80223d08 ffffffff c00e2fd4
Hi    : 00000240
Lo    : 000001f8
epc   : c00e2fd4 ieee80211_dup_bss+0xa8/0x1bc [wlan]     Tainted: P
ra    : c00e2fd4 ieee80211_dup_bss+0xa8/0x1bc [wlan]
Status: 10009c03    KERNEL EXL IE
Cause : 00000024
PrId  : 00029007
Modules linked in: ath_pci wlan_scan_ap ath_rate_sample wlan ath_hal ipt_MASQUERADE ipt_REDIRECT iptable_nat iptable_filter ip_nat xt_tcpudp xt_conntrack ip_conntrack ip_tables x_tables sb_watchdog af_packet unix
Process swapper (pid: 0, threadinfo=80222000, task=802250e8)
Stack : a1e45480 81eb1180 00000000 81335000 81eb2280 81eb2280 8180302a 81803020
        c00e3440 81803030 8180302a 81803020 c00e33e4 7fc6fdff 01e454b0 0000804c
        81eb2280 81803030 8180302a c00d9aa0 80032710 81800000 8000f784 7fdb9c58
        00000000 00000000 4509643b 0009b25c 0003d22a 8004921c 81e2a280 81eb2000
        00000008 00000000 81eb1000 00000000 81eb2280 ffffffff 0000459a ffffffff
        ...
Call Trace:
 [<c00e3440>] ieee80211_fakeup_adhoc_node+0x28/0x110 [wlan]
 [<c00e33e4>] ieee80211_find_node+0x38/0x6c [wlan]
 [<c00d9aa0>] ieee80211_input+0x1f0/0x13ac [wlan]
 [<80032710>] getnstimeofday+0x18/0x4c
 [<8000f784>] do_gettimeofday+0x2c/0x130
 [<8004921c>] ktime_get_ts+0x24/0x88
 [<c00dad64>] ieee80211_input_all+0x108/0x20c [wlan]
 [<c0080954>] ath_rx_tasklet+0x78c/0x950 [ath_pci]
 [<c00807e8>] ath_rx_tasklet+0x620/0x950 [ath_pci]
 [<8003308c>] tasklet_action+0x108/0x178
 [<80032b38>] __do_softirq+0x68/0xf8
 [<8000b06c>] do_IRQ+0x24/0x34
 [<80032c20>] do_softirq+0x58/0x8c
 [<8005122c>] __do_IRQ+0xc8/0x12c
 [<80051208>] __do_IRQ+0xa4/0x12c
 [<80032d24>] irq_exit+0x40/0x4c
 [<8000b06c>] do_IRQ+0x24/0x34
 [<80001be4>] bcm47xx_irq_dispatch+0x64/0xe0
 [<80257000>] kernel_entry+0x0/0x7c
 [<80001d54>] bcm47xx_irq_handler+0xf4/0x100
 [<80257000>] kernel_entry+0x0/0x7c
 [<8000b280>] cpu_idle+0x50/0x58
 [<8000b264>] cpu_idle+0x34/0x58
 [<8000143c>] rest_init+0x2c/0x38
 [<80001434>] rest_init+0x24/0x38
 [<802577d0>] start_kernel+0x1f4/0x200
 [<802577ac>] start_kernel+0x1d0/0x200
 [<8025721c>] unknown_bootoption+0x0/0x228


Code: 2442c6c8  0040f809  00000000 <0000800d> 8e020000  ae1101c8  8c420224  30420100  10400013
Kernel panic - not syncing: Aiee, killing interrupt handler!

kelmo

Ticket Summary Component Milestone Type Created
Description
#440 Wireless connection pauses / disconnects on ubuntu / Suse / Mandrake madwifi: other version 0.9.x - progressive release candidate phase defect 03/01/06

AMD Athlon XP, DWL-G510, SUSE10 X64 / Ubuntu 5.xx

I have a strange problem with my wireless connection. Both Ubuntu(X86) and SUSE(X64) connections pauses a few seconds in when I download or browse websites. I am not sure what is causing this. There is nothing seems to be worng. This happens for internet, ssh connections from other computers, or even pinging the router(192.168.0.1). The SSH connections(putty) gets disconnected sometimes. SUSE madwifi is the latest source from svn which I compiled and installed. I have a windows XP installation on the same machine which works fine. Windows shows signal quality 85% and KInternet shows 35-37%. Not sure this means anything.

I don;t think this is a DSN issue, even downloads pauses in between and continuous. Also if I browse IP Address the same delay occurs

Pinging various sites shows 35- 55 % packet loss.

Here are the things I tried. (SUSE 10) Disabled firewall. Disabled ipv6. Downloaded and installed Madwifi drivers from svn Disabled eth0 and eth1 (two wired networks, but not connected). Nothing helped med so far.

My Settings.

RESOLV.CONF

search hsd1.ma.comcast.net
nameserver 192.168.0.1

linux:~ # iwconfig
lo        no wireless extensions.
sit0      no wireless extensions.
eth0      no wireless extensions.
wifi0     no wireless extensions.
ath0      IEEE 802.11g  ESSID:"JOEWORKGROUP"  Nickname:"linux"
         Mode:Managed  Frequency:2.437 GHz  Access Point: 00:40:05:C8:44:88
         Bit Rate:11 Mb/s   Tx-Power:18 dBm   Sensitivity=0/3
         Retry:off   RTS thr:off   Fragment thr:off
         Encryption key:<MyKey>   Security mode:open
         Power Management:off
         Link Quality=36/94  Signal level=-59 dBm  Noise level=-95 dBm
         Rx invalid nwid:0  Rx invalid crypt:0  Rx invalid frag:0
         Tx excessive retries:0  Invalid misc:0   Missed beacon:0
eth1      no wireless extens

linux:~ # tracepath yahoo.com
1:  192.168.0.101 (192.168.0.101)                          0.130ms pmtu 1500
 1:  192.168.0.1 (192.168.0.1)                            asymm  2   3.345ms
 1?: 10.216.192.1 (10.216.192.1)                          asymm  2
 2:  10.216.192.1 (10.216.192.1)                           14.793ms
 3:  68.87.157.33 (68.87.157.33)                           13.440ms
 4:  10g-8-3-ar02.needham.ma.boston.comcast.net (68.87.144.241)  14.897ms
 5:  12.125.47.49 (12.125.47.49)                          asymm 10  15.965ms
 6:  tbr1-p013301.cb1ma.ip.att.net (12.123.40.218)        asymm 16  33.722ms
 7:  tbr2-cl16.n54ny.ip.att.net (12.122.10.22)            asymm 15  31.464ms
 8:  tbr2-cl15.wswdc.ip.att.net (12.122.10.54)            asymm 14  31.441ms
 9:  gar1-p390.ascva.ip.att.net (12.123.8.53)             asymm 12  29.554ms
10:  no reply
11:  ae1.p420.msr2.dcn.yahoo.com (216.115.96.185)         asymm 17  30.238ms
12:  ge6-1.bas1-m.dcn.yahoo.com (216.109.120.217)         asymm 16  28.573ms
13:  no reply
14:  no reply
15:  no reply
16:  no reply
17:  no reply
18:  no reply
19:  no reply
20:  no reply
21:  no reply
22:  no reply
23:  no reply
24:  no reply
25:  no reply
26:  no reply
27:  no reply
28:  no reply
29:  no reply
30:  no reply
31:  no reply
    Too many hops: pmtu 1500
    Resume: pmtu 1500

linux:~ # traceroute yahoo.com
traceroute to yahoo.com (216.109.112.135), 30 hops max, 40 byte packets
 1  192.168.0.1  2.036 ms   1.945 ms   1.959 ms
 2  10.216.192.1  12.719 ms   11.597 ms   9.340 ms
 3  68.87.157.33  17.400 ms   19.003 ms   15.223 ms
 4  10g-8-3-ar02.needham.ma.boston.comcast.net (68.87.144.241)  10.848
ms   11.389 ms   12.280 ms
 5  12.125.47.49  10.701 ms   10.427 ms   14.261 ms
 6  tbr1-p013301.cb1ma.ip.att.net (12.123.40.218)  27.224 ms   28.383
ms   27.502 ms
 7  tbr2-cl16.n54ny.ip.att.net (12.122.10.22)  26.165 ms   28.575 ms   31.016 ms
 8  tbr2-cl15.wswdc.ip.att.net (12.122.10.54)  25.382 ms   25.513 ms   26.640 ms
 9  gar1-p390.ascva.ip.att.net (12.123.8.53)  28.240 ms   26.398 ms   25.696 ms
10  * * *
11  vlan220-msr2.dcn.yahoo.com (216.115.96.165)  22.168 ms
ae1.p420.msr2.dcn.yahoo.com (216.115.96.185)  26.223 ms
vlan200-msr1.dcn.yahoo.com (216.115.96.161)  23.939 ms
12  ge7-2.bas1-m.dcn.yahoo.com (216.109.120.201)  27.303 ms
ge3-1.bas1-m.dcn.yahoo.com (216.109.120.149)  24.960 ms
ge6-1.bas1-m.dcn.yahoo.com (216.109.120.217)  25.164 ms
13  * * *
14  * * *
15  * * *
16  * * *
17  * * *
18  * * *
19  * * *
20  * * *
21  * * *
22  * * *
23  * * *
24  * * *
25  * * *
26  * * *
27  * * *
28  * * *
29  * * *
30  * * *

linux:~ #  ping 192.168.0.1
PING 192.168.0.1 (192.168.0.1) 56(84) bytes of data.
64 bytes from 192.168.0.1: icmp_seq=6 ttl=127 time=1.80 ms
64 bytes from 192.168.0.1: icmp_seq=7 ttl=127 time=1.81 ms
64 bytes from 192.168.0.1: icmp_seq=8 ttl=127 time=2.47 ms
64 bytes from 192.168.0.1: icmp_seq=9 ttl=127 time=1.79 ms

--- 192.168.0.1 ping statistics ---
9 packets transmitted, 4 received, 55% packet loss, time 8026ms
rtt min/avg/max/mdev = 1.796/1.971/2.472/0.292 ms

linux:~ # ifconfig
ath0      Link encap:Ethernet  HWaddr 00:13:46:79:E9:A5
          inet addr:192.168.0.101  Bcast:192.168.0.255  Mask:255.255.255.0
          inet6 addr: fe80::213:46ff:fe79:e9a5/64 Scope:Link
          UP BROADCAST NOTRAILERS RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:38023 errors:0 dropped:0 overruns:0 frame:0
          TX packets:25016 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:54424694 (51.9 Mb)  TX bytes:1861530 (1.7 Mb)

lo        Link encap:Local Loopback
          inet addr:127.0.0.1  Mask:255.0.0.0
          inet6 addr: ::1/128 Scope:Host
          UP LOOPBACK RUNNING  MTU:16436  Metric:1
          RX packets:71 errors:0 dropped:0 overruns:0 frame:0
          TX packets:71 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:5193 (5.0 Kb)  TX bytes:5193 (5.0 Kb)

wifi0     Link encap:Ethernet  HWaddr 00:13:46:79:E9:A5
          inet6 addr: fe80::213:46ff:fe79:e9a5/64 Scope:Link
          UP BROADCAST NOTRAILERS RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:59427 errors:0 dropped:0 overruns:0 frame:464
          TX packets:25200 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:199
          RX bytes:57908435 (55.2 Mb)  TX bytes:2621229 (2.4 Mb)
          Interrupt:58 Memory:ffffc200009c0000-ffffc200009d0000

from demsg

ath_hal: module not supported by Novell, setting U taint flag.
ath_hal: module license 'Proprietary' taints kernel.
ath_hal: 0.9.16.16 (AR5210, AR5211, AR5212, RF5111, RF5112, RF2413, RF5413)
eth0: forcedeth.c: subsystem: 01462:7100 bound to 0000:00:0a.0
usb 1-2: new low speed USB device using ohci_hcd and address 2
wlan: module not supported by Novell, setting U taint flag.
wlan: 0.8.4.2 (svn 1457)
ath_rate_sample: module not supported by Novell, setting U taint flag.
ath_rate_sample: 1.2 (svn 1457)
ath_pci: module not supported by Novell, setting U taint flag.
ath_pci: 0.9.4.5 (svn 1457)
ACPI: PCI Interrupt Link [APC2] enabled at IRQ 17
ACPI: PCI Interrupt 0000:01:07.0[A] -> Link [APC2] -> GSI 17 (level, low) -> IRQ 58
wifi0: 11b rates: 1Mbps 2Mbps 5.5Mbps 11Mbps
wifi0: 11g rates: 1Mbps 2Mbps 5.5Mbps 11Mbps 6Mbps 9Mbps 12Mbps 18Mbps 24Mbps 36Mbps 48Mbps 54Mbps
wifi0: H/W encryption support: WEP AES AES_CCM TKIP
wifi0: mac 7.8 phy 4.5 radio 5.6
wifi0: Use hw queue 1 for WME_AC_BE traffic
wifi0: Use hw queue 0 for WME_AC_BK traffic
wifi0: Use hw queue 2 for WME_AC_VI traffic
wifi0: Use hw queue 3 for WME_AC_VO traffic
wifi0: Use hw queue 8 for CAB traffic
wifi0: Use hw queue 9 for beacons
wlan_scan_sta: module not supported by Novell, setting U taint flag.
wifi0: Atheros 5212: mem=0xfe9e0000, irq=58
linux:~> athstats
502 tx management frames
600 long on-chip tx retries
456 tx frames with no ack marked
14 tx frames with an alternate rate
564 rx failed due to bad CRC
247308 PHY errors
    10283 OFDM timing
    237025 CCK timing
5722 periodic calibrations
rssi of last ack: 35
rssi of last rcv: 34
1 switched default/rx antenna
Antenna profile:
[1] tx     9660 rx    99559
[2] tx    18997 rx        0

Pl


#339 [patch] All madwifi tools in one file madwifi: tools enhancement 01/26/06

It is a small patch which allows to have one file with all tools (athdebug, athctrl, wlanconfig, ...) in one file called madwifi_multi with links. Good for small systems. It works for me (against 1416) but BUGS are possible.

Lukasz Tylski

Signed-off-by: Lukasz Tylski <lukasz.tylski@bdi.net.pl>


#527 document wext compliance madwifi: documentation version 1.0.0 - first stable release task 04/12/06

We should adjust our docs to reflect the additional wext ioctl's committed in r1499.


mentor

Ticket Summary Component Milestone Type Created
Description
#651 unable to associate to AP using WEP with madwifi-ng madwifi: other version 0.9.x - progressive release candidate phase defect 05/28/06

Hi!

With madwifi-ng (using the FC5 RPMs from ATrpms), I'm not able to associate to my access point using WEP anymore. (The old madwifi works fine.) "wlanconfig ath0 list scan" shows the accesspoint but even when specifying the mac with "iwconfig ath0 ap ...", it fails to associate.

I'm using the following commands:

iwconfig ath0 key xxxxxxxxxxxxxxxxxxxxxxxxxx
iwconfig ath0 ap any
# or: iwconfig ath0 ap 00:02:2D:61:CC:94
iwconfig ath0 channel 6
iwconfig ath0 essid domanig
iwpriv ath0 mode 2
iwpriv ath0 authmode 2
ifconfig ath0 up
# iwconfig ath0
ath0      IEEE 802.11g  ESSID:"domanig"
          Mode:Managed  Frequency:2.437 GHz  Access Point: Invalid
          Bit Rate:1 Mb/s   Tx-Power:15 dBm   Sensitivity=0/3
          Retry:off   RTS thr:off   Fragment thr:off
          Encryption key:xxxx-xxxx-xxxx-xxxx-xxxx-xxxx-xx   Security mode:restricted
          Power Management:off
          Link Quality=49/94  Signal level=-46 dBm  Noise level=-95 dBm
          Rx invalid nwid:0  Rx invalid crypt:0  Rx invalid frag:0
          Tx excessive retries:0  Invalid misc:0   Missed beacon:0

Scanning shows the following output:

# wlanconfig ath0 list scan
SSID            BSSID              CHAN RATE  S:N   INT CAPS
domanig         00:02:2d:61:cc:94    6   11M 48:0   100 EP
0...            00:02:2d:61:cc:94    6   11M 49:0   100 EP

# iwlist ath0 scan
ath0      Scan completed :
          Cell 01 - Address: 00:02:2D:61:CC:94
                    ESSID:"domanig"
                    Mode:Master
                    Frequency:2.437 GHz (Channel 6)
                    Quality=52/94  Signal level=-43 dBm  Noise level=-95 dBm
                    Encryption key:on
                    Bit Rates:1 Mb/s; 2 Mb/s; 5.5 Mb/s; 11 Mb/s
                    Extra:bcn_int=100
          Cell 02 - Address: 00:02:2D:61:CC:94
                    ESSID:""
                    Mode:Master
                    Frequency:2.437 GHz (Channel 6)
                    Quality=52/94  Signal level=-43 dBm  Noise level=-95 dBm
                    Encryption key:on
                    Bit Rates:1 Mb/s; 2 Mb/s; 5.5 Mb/s; 11 Mb/s
                    Extra:bcn_int=100

The output of athdebug and 80211debug is attached, as well as additional info. I hope it contains some useful parts.

Let me know if you need more information.

Cheers,

--leo


#753 Kernel oops/Failure of concurrent packet injection and packet capture madwifi: other defect 07/16/06

This may rely on foreign patches to work, but we should make it work.

j2 att dune TWO dot de


#439 Global WEP keys shared across all VAPs madwifi: driver defect 03/01/06

When creating multiple vaps, it seems that the last wep key you assign to any vap is used for all the vaps. I've changed the first key in the report just because it's our default key, even though I know wep is pathetic.

iwconfig wlan1 key s:wubba
iwconfig wlan2 key s:other
iwconfig wlan3 key s:vwxyz
iwconfig wlan4 key s:abcde

Now the keys look correct:

GW-154:~# iwconfig
wlan1 IEEE 802.11g ESSID:"gw154ap" Nickname:"GW-154"
          Mode:Master Frequency:2.412 GHz Access Point: 00:02:6F:21:E8:C6
          Bit Rate:0 kb/s Tx-Power:19 dBm Sensitivity=0/3
          Retry:off RTS thr:off Fragment thr:off
          Encryption key:XXXX-XXXX-XX Security mode:restricted
          Power Management:off
          Link Quality=0/94 Signal level=-95 dBm Noise level=-95 dBm
          Rx invalid nwid:756 Rx invalid crypt:0 Rx invalid frag:0
          Tx excessive retries:0 Invalid misc:0 Missed beacon:0

wlan2 IEEE 802.11g ESSID:"gw154ap2" Nickname:"GW-154"
          Mode:Master Frequency:2.412 GHz Access Point: 06:02:6F:21:E8:C6
          Bit Rate:0 kb/s Tx-Power:19 dBm Sensitivity=0/3
          Retry:off RTS thr:off Fragment thr:off
          Encryption key:6F74-6865-72 Security mode:restricted
          Power Management:off
          Link Quality=0/94 Signal level=-95 dBm Noise level=-95 dBm
          Rx invalid nwid:772 Rx invalid crypt:0 Rx invalid frag:0
          Tx excessive retries:0 Invalid misc:0 Missed beacon:0

wlan3 IEEE 802.11g ESSID:"gw154ap3" Nickname:"GW-154"
          Mode:Master Frequency:2.412 GHz Access Point: 0A:02:6F:21:E8:C6
          Bit Rate:0 kb/s Tx-Power:31 dBm Sensitivity=0/3
          Retry:off RTS thr:off Fragment thr:off
          Encryption key:7677-7879-7A Security mode:restricted
          Power Management:off
          Link Quality=0/94 Signal level=-95 dBm Noise level=-95 dBm
          Rx invalid nwid:785 Rx invalid crypt:0 Rx invalid frag:0
          Tx excessive retries:0 Invalid misc:0 Missed beacon:0

wlan4 IEEE 802.11g ESSID:"gw154ap4" Nickname:"GW-154"
          Mode:Master Frequency:2.412 GHz Access Point: 0E:02:6F:21:E8:C6
          Bit Rate:0 kb/s Tx-Power:31 dBm Sensitivity=0/3
          Retry:off RTS thr:off Fragment thr:off
          Encryption key:6162-6364-65 Security mode:restricted
          Power Management:off
          Link Quality=0/94 Signal level=-95 dBm Noise level=-95 dBm
          Rx invalid nwid:787 Rx invalid crypt:0 Rx invalid frag:0
          Tx excessive retries:0 Invalid misc:0 Missed beacon:0

But you can't connect properly to wlan1 with key s:wubba. It looks like it's associated but no messages go through, you never get an ip... exactly what you get with the wrong wep key. Now I try to associate with wlan1 using the key s:abcde and it works. If I only create the first 3 aps, then I can connect to wlan1 only with the key s:vwxyz (for wlan3). So it's pretty consistent.

A quick look at struct ieee80211vap shows a

	u_int16_t		iv_def_txkey;	/* default/group tx key index */
	struct ieee80211_key	iv_nw_keys[IEEE80211_WEP_NKID];

which seems to indicate that in theory the driver would support separate keys per virtual station, and they do indeed look different when you do an iwconfig.

I may try debugging this myself later, but don't have the time now so just making a note of it.


mrenzmann

Ticket Summary Component Milestone Type Created
Description
#250 madwifi-ng crashes when switching xr on while in STA mode madwifi: driver version 1.0.0 - first stable release defect 12/21/05

Switching on XR with iwpriv wlan0 xr 1 in STA mode leads reproducable to the attached kernel oops. Thats because ic->ic_vap_create in ieee80211_setupxr() returns NULL, which is dereferenced later on.


#837 cannot set txpower > 17dbm madwifi: other defect 08/24/06

Using imedia 2.7.4, it is impossible to set the transmit power within legal limits here in Canada for point to point links. This is with WLM54G23 cards

[root@imedia root]# iwconfig ath0 txpower 23
Error for wireless request "Set Tx Power" (8B26) :
    SET failed on device ath0 ; Invalid argument.
[root@imedia root]# iwconfig ath0 txpower 18
Error for wireless request "Set Tx Power" (8B26) :
    SET failed on device ath0 ; Invalid argument.
[root@imedia root]# iwconfig ath0 txpower 17
[root@imedia root]# 

Imedia is using svn1705 and reports the following at boot:

ath_hal: 0.9.17.2 (AR5210, AR5211, AR5212, RF5111, RF5112, RF2413, RF5413)
wlan: 0.8.4.2 (svn r1705)
ath_rate_sample: 1.2 (svn r1705)
wlan: mac acl policy registered
ath_pci: 0.9.4.5 (svn r1705)
wifi0: 11b rates: 1Mbps 2Mbps 5.5Mbps 11Mbps
wifi0: 11g rates: 1Mbps 2Mbps 5.5Mbps 11Mbps 6Mbps 9Mbps 12Mbps 18Mbps 24Mbps 36Mbps 48Mbps 54Mbps
wifi0: H/W encryption support: WEP AES AES_CCM TKIP
wifi0: mac 7.8 phy 4.5 radio 5.6
wifi0: Use hw queue 1 for WME_AC_BE traffic
wifi0: Use hw queue 0 for WME_AC_BK traffic
wifi0: Use hw queue 2 for WME_AC_VI traffic
wifi0: Use hw queue 3 for WME_AC_VO traffic
wifi0: Use hw queue 8 for CAB traffic
wifi0: Use hw queue 9 for beacons
wifi0: Atheros 5212: mem=0x80000000, irq=12

#1206 Hardware Support: AR5005G - Acer Travelmate 2310 madwifi: HAL None defect 03/20/07

Original report:

http://article.gmane.org/gmane.linux.drivers.madwifi.user/12343

Something funny going on. On Windows XP, the generic driver doesn't work but the Acer driver works:

http://article.gmane.org/gmane.linux.drivers.madwifi.user/12351

OpenHAL does a little better but fails to send or receive any packets:

http://article.gmane.org/gmane.linux.drivers.madwifi.user/12367


#2452 Something with your project site is running into limits madwifi: other None defect 03/29/11

*** DIES IST NUR EIN HINWEIS - SIE BRAUCHEN DIE MAIL NICHT NOCH EINMAL ZU SENDEN. ***

Die E-Mail wurde eingeliefert am Dienstag, 29. März 2011 10:32:36 +0200 (MEST) von Host [192.168.1.165] ([62.225.38.155]).

Betreff: False positives Absender: nigel.vickers@rhedile.de

Achtung: Die Mail konnte seit 1 Stunde nicht versendet werden. Es wird weiter versucht die Mail auszuliefern bis Mittwoch, 30. März 2011 11:32:36 +0200 (MEST).

Der folgende Empfänger ist betroffen:

webmaster@madwifi.org

Fehler : 452 4.4.5 Network congestion Erklärung: host madwifi.org [207.228.3.67] said: Insufficient disk space; try

again later

Letzter Weiterleitungsversuch war: Dienstag, 29. März 2011 11:31:57 +0200 (MEST)

Mitschnitt der Session: ... während des Weiterleitungsversuches zu madwifi.org [207.228.3.67]: >>> MAIL FROM:<nigel.vickers@rhedile.de> SIZE=1794 <<< 452 4.4.5 Insufficient disk space; try again later

Reporting-MTA: DNS; mo-p00-ob.rzone.de Received-From-MTA: DNS; [192.168.1.165] (62.225.38.155) Arrival-Date: Tue, 29 Mar 2011 10:32:36 +0200 (MEST)

Final-Recipient: RFC822; webmaster@madwifi.org Action: delayed Status: 4.4.5 Remote-MTA: DNS; madwifi.org [207.228.3.67] Diagnostic-Code: SMTP; 452 4.4.5 Insufficient disk space; try again later Last-Attempt-Date: Wed, 30 Mar 2011 11:32:36 +0200 (MEST) Will-Retry-Until: Wed, 30 Mar 2011 11:32:36 +0200 (MEST)

Part 1.2 Subject: False positives From: Nigel Vickers <nigel.vickers@rhedile.de> Date: Tue, 29 Mar 2011 10:32:34 +0200 To: webmaster@madwifi.org

Hi guys, I have been called many things in my 62 years but "search engine spider" is as bad as suggesting I've failed the "turing test"

UNIQUE_ID: p7P9ptkYAYYAAC2QijwAAACG TRIGGER: 421000 all I wanted to do was browse the source...

honest! Nigel Vickers

Rhedile UG (haftungsbeschränkt) Firmensitz: Friedhofstraße 7, 67808 Falkenstein Registergericht: Amtsgericht Kaiserslautern, HRB 30802 USt-IdNr?.: DE267882330 Geschäftsführer: Nigel Vickers

Tel. 0049 6302 6090686 Fax. 0049 6302 6090685

Bank: Stadtsparkasse Kaiserslautern BLZ: 54050110 Konto: 525675 SWIFT-BIC: MALADE51KLS IBAN: DE46 5405 0110 0000 5256 75


#42 Patch: allow modification of queue length via ifconfig madwifi: driver version 1.0.0 - first stable release enhancement 10/24/05

This patch was submitted by Christian via madwifi-devel (see here):

I have modified one passage in the madwifi sourcecode, now it is possible to reduce the length of the transmit queue with

ifconfig <device> txqueuelen X

It is helpful for user programs which want to detect when the transmit queue is full. This can happen when data is sent at a higher rate than the device is able to deliver it - either because of retransmissions or because of a reduced tx bitrate.

We are using this for wireless QOS experiments at our university working group, but because the change is pretty tiny and adds functionality, it would be really nice to have it included in the main CVS.


#181 Hardware Support: AR5005V - MIMO Chipset madwifi: HAL version 2.0.0 - far away enhancement 11/26/05

I have a Dlink G520M PCI I was hoping to drop in as a replacement for a G520 I am using as an access point. Unfortunately there is no support right now. Modules load, but ath0 is not created.

0000:00:0c.0 Ethernet controller: Atheros Communications, Inc.: Unknown device 0020 (rev 01)
 Subsystem: D-Link System Inc: Unknown device 3a68
 Flags: bus master, medium devsel, latency 32, IRQ 11
 Memory at e1000000 (32-bit, non-prefetchable) [size=128K]
 Capabilities: [44] Power Management version 2

Pls let me know if sending my card would help - It is useless to me right now :)


#285 write a short script to create diff's of recent wiki page changes website enhancement 01/04/06

As it's possible, and has happened, that some mischievious and malicious users could easily deface the site without anyone becoming aware of the damage, running a short script on a cronjob to create diff's of recent page changes that could be scanned more easily for this damage might be a good idea.


#425 change modes with wlanconfig (or other method) madwifi: tools version 1.0.0 - first stable release enhancement 02/23/06

The ability to change modes of an interface without the destroy - create chain of commands would be very nice. Even if it means the creation/destruction is done in one easy command.


#434 Add top-level "rpm" target to build rpms madwifi: makefiles version 1.0.0 - first stable release enhancement 02/26/06

From a mail I sent to madwifi-devel:

"Attached is a patch for svn revision 1453 (i.e.: current) that adds an "rpm" target. To build rpms, just do:

make rpm

I also modified the .spec file to include the user name in the BuildRoot? -- this is standard practice in Fedora spec files.

I'd like this to be committed to svn. Let me know what work it needs for that to happen."


#533 Incorrect frenquency table for France and 802.11h support madwifi: HAL version 1.0.0 - first stable release enhancement 04/14/06

Hi, and first, thanks for your great job.

There are new frenquency freely usable in France.

  • Channels in the range 5150-5350 are for indoor use only (200mw Max)
  • Channels in the range 5470-5725 Mhz can now be used outdoor without authorization :
    • TXpower must be limited to 1W if hardware is using TPC (3dB avg atenuation) or 500mW (3dB attenuation) without TPC.
    • Hardware must use DFS.

So i wonder if this the the right place ask for an HAL update for France country table ? And if someone could give me more information about state of 802.11h (TPC/DFS) support in madwifi -ng

I'm using madwifi-ng :

ath_hal: 0.9.16.16 (AR5210, AR5211, AR5212, RF5111, RF5112, RF2413, RF5413)
wlan: 0.8.4.2 (svn 1456)
ath_rate_sample: 1.2 (svn 1456)
ath_pci: 0.9.4.5 (svn 1456)
PCI: Found IRQ 11 for device 0000:00:14.0
PCI: Sharing IRQ 11 with 0000:00:10.0
wifi0: 11a rates: 6Mbps 9Mbps 12Mbps 18Mbps 24Mbps 36Mbps 48Mbps 54Mbps
wifi0: 11b rates: 1Mbps 2Mbps 5.5Mbps 11Mbps
wifi0: 11g rates: 1Mbps 2Mbps 5.5Mbps 11Mbps 6Mbps 9Mbps 12Mbps 18Mbps 24Mbps 36Mbps 48Mbps 54Mbps
wifi0: turboG rates: 6Mbps 12Mbps 18Mbps 24Mbps 36Mbps 48Mbps 54Mbps
wifi0: H/W encryption support: WEP AES AES_CCM TKIP
wifi0: mac 5.9 phy 4.3 radio 3.6
wifi0: Use hw queue 1 for WME_AC_BE traffic
wifi0: Use hw queue 0 for WME_AC_BK traffic
wifi0: Use hw queue 2 for WME_AC_VI traffic
wifi0: Use hw queue 3 for WME_AC_VO traffic
wifi0: Use hw queue 8 for CAB traffic
wifi0: Use hw queue 9 for beacons
wifi0: Atheros 5212: mem=0xe5000000, irq=11

with theses parameters :

autocreate=none countrycode=0xfa outdoor=1 xchanmode=1

and i obtain these usable channels :

ath1      35 channels in total; available frequencies :
          Channel 01 : 2.412 GHz
          Channel 02 : 2.417 GHz
          Channel 03 : 2.422 GHz
          Channel 04 : 2.427 GHz
          Channel 05 : 2.432 GHz
          Channel 06 : 2.437 GHz
          Channel 07 : 2.442 GHz
          Channel 08 : 2.447 GHz
          Channel 09 : 2.452 GHz
          Channel 10 : 2.457 GHz
          Channel 11 : 2.462 GHz
          Channel 12 : 2.467 GHz
          Channel 13 : 2.472 GHz
          Channel 36 : 5.18 GHz
          Channel 40 : 5.2 GHz
          Channel 44 : 5.22 GHz
          Channel 48 : 5.24 GHz
          Channel 52 : 5.26 GHz
          Channel 56 : 5.28 GHz
          Channel 60 : 5.3 GHz
          Channel 64 : 5.32 GHz

which are the same that in : http://www.nuclearcat.com/athmap.txt

Thanks

Laurent

PS: Links to the offical documents (in french). (ARCEP is then French Authority who decides about frenquency usage)

As most of theses decisions were based on european-commission recommendations, i guess this will affect also other european coutries.


#640 madwifi should reflect module parameters in the /sys/module/<module_name>/parameters madwifi: driver version 0.9.x - progressive release candidate phase enhancement 05/23/06

It is common to reflect current module parameters in the /sys/module hierarchy.


#752 "tx tasklet restart the queue" error message madwifi: driver enhancement 07/14/06

When I try to send more than 350-400pkt/s (4-5Mbit/s, pkt len 1470bytes) I get many messages like this one:

"tx tasklet restart the queue" (hundreds of them...)

The result of this error is that I can't send more than 4-5Mbit/s with my atheros card.

The error is influenced by the number of the pkts/s I try to send.

I tried different cards, frequencies (2.4GHz 5GHz) but nothing change.

I'm using madwifi-ng r1683 with kernel 2.4.32 on x86. The device is configured in monitor mode.

Thor


#864 setting countrycode bring down txpower too much - channels range might ok madwifi: HAL enhancement 09/07/06

I have CM9: (manufacturer - who knows)

# lspci -v
0000:00:0d.0 Ethernet controller: Atheros Communications, Inc. AR5212 802.11abg NIC (rev 01)
        Subsystem: Unknown device 185f:1012
        Flags: bus master, medium devsel, latency 168, IRQ 12
        Memory at 80000000 (32-bit, non-prefetchable) [size=64K]
        Capabilities: [44] Power Management version 2
# sysctl -a | grep wifi0

dev.wifi0.regdomain = 0
dev.wifi0.countrycode = 0
# iwlist ath0 txpower
ath0      8 available transmit-powers :
          0 dBm         (1 mW)
          8 dBm         (6 mW)
          10 dBm        (10 mW)
          12 dBm        (15 mW)
          14 dBm        (25 mW)
          16 dBm        (39 mW)
          18 dBm        (63 mW)
          20 dBm        (100 mW)
          Current Tx-Power:20 dBm       (100 mW)

# iwlist ath0 channel
ath0      46 channels in total; available frequencies :
          Channel 01 : 2.412 GHz
          Channel 02 : 2.417 GHz
          Channel 03 : 2.422 GHz
          Channel 04 : 2.427 GHz
          Channel 05 : 2.432 GHz
          Channel 06 : 2.437 GHz
          Channel 07 : 2.442 GHz
          Channel 08 : 2.447 GHz
          Channel 09 : 2.452 GHz
          Channel 10 : 2.457 GHz
          Channel 11 : 2.462 GHz
          Channel 36 : 5.18 GHz
          Channel 40 : 5.2 GHz
          Channel 42 : 5.21 GHz
          Channel 44 : 5.22 GHz
          Channel 48 : 5.24 GHz
          Channel 50 : 5.25 GHz
          Channel 52 : 5.26 GHz
          Channel 56 : 5.28 GHz
          Channel 58 : 5.29 GHz
          Channel 60 : 5.3 GHz
          Channel 64 : 5.32 GHz
          Channel 149 : 5.745 GHz
          Channel 152 : 5.76 GHz
          Channel 153 : 5.765 GHz
          Channel 157 : 5.785 GHz
          Channel 160 : 5.8 GHz
          Channel 161 : 5.805 GHz
          Channel 165 : 5.825 GHz
          Current Frequency=2.452 GHz (Channel 9)

When setting loading with countrycode=203

# sysctl -a | grep wifi0

dev.wifi0.regdomain = 0
dev.wifi0.countrycode = 203

# iwlist ath0 txpower
ath0      8 available transmit-powers :
          0 dBm         (1 mW)
          4 dBm         (2 mW)
          6 dBm         (3 mW)
          8 dBm         (6 mW)
          10 dBm        (10 mW)
          12 dBm        (15 mW)
          14 dBm        (25 mW)
          16 dBm        (39 mW)
          Current Tx-Power:16 dBm       (39 mW)

But this (http of course) hxxp://www.nuclearcat.com/athmap.txt says..

CZECH REPUBLIC (CZ, 0xcb, 203) ETSI3_WORLD (0x36, 54)
2412B 18.0 2417B 18.0 2422B 18.0 2427B 18.0 2432B 18.0 2437B 18.0
2442B 18.0 2447B 18.0 2452B 18.0 2457B 18.0 2462B 18.0 2467B 18.0
2472B 18.0 5180A 16.0 5200A 16.0 5220A 16.0 5240A 16.0 5260A 16.0
5280A 16.0 5300A 16.0 5320A 16.0

Allowed 18dBm txpower on all 2.4 frequencies...

# iwlist ath0 channel
ath0      35 channels in total; available frequencies :
          Channel 01 : 2.412 GHz
          Channel 02 : 2.417 GHz
          Channel 03 : 2.422 GHz
          Channel 04 : 2.427 GHz
          Channel 05 : 2.432 GHz
          Channel 06 : 2.437 GHz
          Channel 07 : 2.442 GHz
          Channel 08 : 2.447 GHz
          Channel 09 : 2.452 GHz
          Channel 10 : 2.457 GHz
          Channel 11 : 2.462 GHz
          Channel 12 : 2.467 GHz
          Channel 13 : 2.472 GHz
          Channel 36 : 5.18 GHz
          Channel 40 : 5.2 GHz
          Channel 44 : 5.22 GHz
          Channel 48 : 5.24 GHz
          Channel 52 : 5.26 GHz
          Channel 56 : 5.28 GHz
          Channel 60 : 5.3 GHz
          Channel 64 : 5.32 GHz
          Current Frequency=2.412 GHz (Channel 1)

Is it ok??


#1131 WDS / bridging in Ad-Hoc mode madwifi: 802.11 stack version 0.9.4 enhancement 02/04/07

After getting a user report about bridging not working with Ad-Hoc mode devices, I've looked into the code and enabled 4-address mode (WDS) for Ad-Hoc VAPs. The change is almost straight forward, but I haven't tested anything besides compiling it.

Please test and report ;)

To activate WDS, you have to do the following with the patched driver:

wlanconfig ath0 create wlandev wifi0 wlanmode ad-hoc
iwpriv ath0 wds 1
ifconfig ath0 up
ifconfig eth0 up

brctl addbr br0
brctl addif br0 eth0
brctl addif br0 ath0
ifconfig br0 10.23.42.1

I don't know yet about its side effects, don't blame me if you can't send broadcast frames or if the universe collapses.

P.S: While looking at the code, I've found a slightly inefficient handling of the common case (two MACs are compared before looking at a single flag in hostap/station mode), so I'm attaching commoncase.diff to this ticket too, which substitutes the cheap and the expensive comparison operations.


#40 Ticket handling guidelines for developers madwifi: documentation task 10/24/05

Start a page that gives some general guidelines for developers about how to handle tickets. Such as: "assign a ticket to yourself before actually starting to work on it", "when accepting tickets, try to assign them to an appropriate milestone", "don't accept tickets as long as necessary information is missing", and so on.


#84 SVN commit guidelines for developers madwifi: documentation task 10/31/05

Describe some general rules for developers who contribute directly to the repository. Such as "always use the comment to give a short description of your changes", "refer to ticket numbers where appropriate", "one commit per (logical) changeset".


#613 Test some trac extensions website task 05/11/06

The following plugins/macros could be useful for us. This is basically a "note to self", but feel free to name other extensions you consider to be worth reviewing.

  • Peer Review Plugin, provides a mechanism for distributed peer review of source code; would be great if this can also be used for patches attached to tickets
  • Nav Mover Plugin, allows to move existing and add new items to the navigation bar; this voids one of our private modifications to Trac (the one for the Imprint page)
  • Trac Download Plugin, lists available downloads; we could use that to give an overview of release downloads and to link to the latest development snapshots
  • Trac Blog Plugin, see #597
  • Account Manager Plugin; in case we decide to move away from allowing anonymous users to edit the wiki
  • Add Comment Macro, allows users to comment a wiki page; could be useful if we decide to make a page read-only but still want to allow users to give feedback
  • Trac Navigation Box, similar to the TracGuideToc? stuff, but customizable via a wiki page; this would be a great addition to ease navigation for users and give some additional structure to our wiki
  • Calendar Macro; once we have the non-profit set up, this could be useful to let people know of internal meetings or external events that the project is represented at
  • Wiki Workflow Patch, implements simple plugin API that can be used to change the current workflow related to Wiki pages; could be helpful if we experience an increasing amount of wiki spam
  • svn hook script that creates a Trac version when a tag has been created in the repository
  • Wiki Info Plugin, customizable info stuff for wiki pages; we could use that to give credits to the author of a page and additional contributors, for example
  • Acronyms Plugin, which would be an excellent addition helping to explain the various acronyms we use in the wiki

Other tasks that should be looked at sometimes:


pichon

Ticket Summary Component Milestone Type Created
Description
#959 madwifi-0.9.2 is not rpmbuild ready madwifi: other version 0.9.x - progressive release candidate phase defect 10/18/06

Madwifi release 0.9.2 doesn't include any valid madwifi.spec file.

The contrib/madwifi.spec.in has not been instanced into a valid contrib/madwifi.spec


proski

Ticket Summary Component Milestone Type Created
Description
#1903 Channel switch on active interface in master mode causes hard lockup madwifi: driver version 0.9.4.1 defect 04/22/08

Hi,...

when running my "AR5413 802.11abg NIC (rev 01)" in Master Mode and doing something with iwconfig, e.g. "iwconfig ath0 channel 9" my Machine hard freezes requiring power cycle reboot. No error messages displayed and no logs written, just lock-up.

Steps taken:

$ wlanconfig wlan0 create wlandev wifi0 wlanmode ap

Result: wlan0 is created in Master mode

$ iwconfig wlan0

Result: shows normal information of wlan0 in master mode

$ iwconfig wlan0 channel 9

Result: dead lock.

Station mode (sta) on the same Maschine runs very nice without any problems.

$ uname -a

Linux localhost.localdomain 2.6.24.4-64.fc8 #1 SMP Sat Mar 29 09:54:46 EDT 2008 i686 athlon i386 GNU/Linux

Using madwifi from livna:

 kmod-madwifi-0.9.4-6.lvn8
 kmod-madwifi-2.6.24.4-64.fc8-0.9.4-6.lvn8
 madwifi-0.9.4-1.lvn8
 wireless-tools-29-0.2.pre22.fc8

$ lspci | grep Atheros

04:0a.0 Ethernet controller: Atheros Communications, Inc. AR5413 802.11abg NIC (rev 01)

#1451 post-0.9.3 regression: scanning is too system intensive madwifi: driver version 0.9.4 defect 07/18/07

As reported on the mailing list: http://thread.gmane.org/gmane.linux.drivers.madwifi.devel/4744

In trunk after 0.9.3, at some point, scanning has become much more system intensive, to the degree where it noticably interrupts our realtime 3D graphics rendering.

I suspect this is because as of post-0.9.3, the device is generating an order of magnitude more interrupts when scanning. I'm measuring the interrupt count from /proc/interrupts, sampled every second for a 5 minute period (and then averaged to per-second values):

With 0.9.2 and 0.9.3, I find that when trying to make the device scan a lot, I get up to 100 interrupts per second. Not unreasonable for all the channel changing going on.

With post-0.9.3 (tested r2376 and r2518), I generally get more than 2000 interrupts per second performing the same test. The highest value I saw was 4600 interrupts per second -- rather excessive.


#162 failed assertion in rate-sample, race condition bringing interfaces up madwifi: driver version 0.9.x - progressive release candidate phase defect 11/18/05

There's a KASSERT() at madwifi-svn-r1326/ath_rate/sample/sample.c:366. The assertion doesn't fail all that often, but it does happen, and seems to be caused when a packet is transmitted too quickly after the interface is brought up. I saw this by bridging an access point interface with an ethernet that had a lot of noisy windows broadcasts on it. I found it easier to reproduce by simply ping-flooding an 802.11 station from a host on the ethernet side, and then bringing the interface down and back up again quickly. But in most real-world scenerios, I don't think this race condition will happen very often.

I think the proper way to fix this is to defer packet delivery until all the data structures are properly set up and ready to handle it. I don't know enough about the network stack to know how to do that, so I can only give you an ugly workaround (change the ath_rate_findrate() API to return an int, -1 on failure, 0 on success), not a real fix.

I'm seeing this issue on armv5b. I have not turned on all debugging, simply because the serial console can't keep up with it.

[  517.620000] bridge0: port 2(ath0) entering disabled state
[  517.640000] bridge0: port 2(ath0) entering learning state
[  517.650000] bridge0: topology change detected, propagating
[  517.650000] bridge0: port 2(ath0) entering forwarding state
[  517.670000] ndx is -1<2>kernel BUG at /home/paranoid/madwifi-svn-r1326/ath_rate/sample/sample.c:366!
[  517.680000] Unable to handle kernel NULL pointer dereference at virtual address 00000000
[  517.690000] pgd = c0590000
[  517.690000] [00000000] *pgd=00774031, *pte=00000000, *ppte=00000000
[  517.690000] Internal error: Oops: 817 [#1]
[  517.690000] Modules linked in: iptable_mangle sch_sfq sch_htb ipt_REJECT bridge tun iptable_filter iptable_nat ip_tables bonding e100 hostap wlan_scan_ap ath_pci ath_rate_sample wlan ath_hal hdlc syncppp lapb ixp400_eth ixp400
[  517.690000] CPU: 0
[  517.690000] PC is at __bug+0x40/0x54
[  517.690000] LR is at 0x1
[  517.690000] pc : [<c0022774>]    lr : [<00000001>]    Tainted: P
[  517.690000] sp : c18d7a20  ip : 60000093  fp : c18d7a30
[  517.690000] r10: 00000000  r9 : c1d7a220  r8 : ffffffff
[  517.690000] r7 : c1dd12dc  r6 : c1dd12dc  r5 : ffffffff  r4 : 00000000
[  517.690000] r3 : 00000000  r2 : 00000000  r1 : c02173a4  r0 : 00000001
[  517.690000] Flags: nZCv  IRQs on  FIQs on  Mode SVC_32  Segment user
[  517.690000] Control: 39FF  Table: 00590000  DAC: 00000015
[  517.690000] Process ifconfig (pid: 11114, stack limit = 0xc18d6194)
[  517.690000] Stack: (0xc18d7a20 to 0xc18d8000)
[  517.690000] 7a20: ffffffff c18d7a90 c18d7a34 bf1b2b74 c0022744 c0132080 c0131ea0 c0fd1380
[  517.690000] 7a40: c1e9b9c0 c1e9b9c0 c18d7a90 c18d7a58 c0027d5c 00000000 00000001 c1ea2240
[  517.690000] 7a60: 00000000 c1dd1000 00000018 bf183fb8 ffc028c0 c18d6000 c1d7a220 c1da8c60
[  517.690000] 7a80: c1dd1000 c18d7b48 c18d7a94 bf1baf9c bf1b268c c18d7b1f c18d7b18 c18d7b1e
[  517.690000] 7aa0: 00000000 00000000 00000000 00000001 00000000 00000018 00000000 00000036
[  517.690000] 7ac0: 00000018 00000000 c1d7a220 c18d7bb0 c1dd1000 00000000 00000000 00000000
[  517.690000] 7ae0: 00000000 00000001 c1e9c820 00000000 000000ff 00000052 00000018 ffffffff
[  517.690000] 7b00: 00000000 c1d98000 c1e8f220 c1d7a220 c0fd1380 c1d7a000 00000002 08060000
[  517.690000] 7b20: 00000000 c1d7a220 c18d6000 c18d6000 c1da8c60 c1dd1000 c0fd1380 c18d7be8
[  517.690000] 7b40: c18d7b4c bf1c1ff0 bf1baa74 00000000 bf135bcc c18d7b74 c18d7b64 c0028c58
[  517.690000] 7b60: c0028c14 c0215940 c18d7b90 c18d7b78 c001ebbc c0028be8 c0215940 0000001f
[  517.690000] 7b80: 00040000 c1d86cd4 c1c11268 c1c11368 c003892c c1d7a220 00000000 ffffffff
[  517.690000] 7ba0: 0000001f 00040000 c1d7b6b8 c1d7a000 00000001 00000000 c1da8c60 c1da8c60
[  517.690000] 7bc0: c1afcaa0 c1d7a000 c1e9b9c0 00000000 c1d7a024 c1ea0012 c1d7a000 c18d7c0c
[  517.690000] 7be0: c18d7bec c014477c bf1c10d4 c1d7a000 c1e9b9c0 00000000 00000000 c1d7a220
[  517.690000] 7c00: c18d7c28 c18d7c10 c0137860 c01446a0 c1e9b9c0 c1e8f220 c1dd1000 c18d7c54
[  517.690000] 7c20: c18d7c2c bf193934 c0137774 c1c11000 c1e8f000 c1e9b9c0 00000000 c1e8f024
[  517.690000] 7c40: 00000040 0000ca37 c18d7c78 c18d7c58 c014477c bf193590 c1e8f000 c1e9b9c0
[  517.690000] 7c60: 00000000 c1afc7a0 bf217f68 c18d7c94 c18d7c7c c0137860 c01446a0 c1e9b9c0
[  517.690000] 7c80: c1e9b9c0 c1f89220 c18d7cb0 c18d7c98 bf217e58 c0137774 c0311030 00000000
[  517.690000] 7ca0: c0225b08 c18d7cd0 c18d7cb4 bf217ed0 bf217dcc 00000000 00000331 c18d7cf4
[  517.690000] 7cc0: c1e9b9c0 c18d7cf4 c18d7cd4 bf217fe4 bf217e74 c1f89220 c1afc6a0 bf217f68
[  517.690000] 7ce0: c1e9b9c0 c1f89218 c18d7d18 c18d7cf8 bf2181d8 bf217f74 c1f89220 c1e9b9c0
[  517.690000] 7d00: c1ea0012 00000000 c0224c28 c18d7d38 c18d7d1c bf218ce0 bf2180fc c1ea0012
[  517.690000] 7d20: c1afc8a0 c18d7d68 00000001 c18d7d64 c18d7d3c bf218ec4 bf218bd0 c18d7d48
[  517.690000] 7d40: bf161dec bf1501a4 c1e9b9c0 c1afc8a0 00000000 c0224ef4 c18d7d8c c18d7d68
[  517.690000] 7d60: c0137eb4 bf218cf4 c1e9b9c0 c1a83000 c0224c50 00000000 c18d7dbc c0224c28
[  517.690000] 7d80: c18d7db8 c18d7d90 c013809c c0137d38 c0224d4c c0224c50 c0224c28 0000ca37
[  517.690000] 7da0: c01d92c0 00000000 c18d7ec8 c18d7de0 c18d7dbc c0138218 c0137ff8 0000012c
[  517.690000] 7dc0: 00000005 c021b4c0 c18d6000 00000009 c021b480 c18d7e04 c18d7de4 c00387d8
[  517.690000] 7de0: c0138194 60000013 c1e8f000 00000001 00000000 be89fdac c18d7e18 c18d7e08
[  517.690000] 7e00: c0038890 c0038788 c18d6000 c18d7e2c c18d7e1c c0038900 c0038858 c1f89220
[  517.690000] 7e20: c18d7e44 c18d7e30 bf219a38 c00388a8 bf21fa34 c1e8f000 c18d7e60 c18d7e48
[  517.690000] 7e40: c0040a84 bf219900 c1e8f000 00000000 00001102 c18d7e78 c18d7e64 c01371e4
[  517.690000] 7e60: c0040a58 c1e8f000 00001043 c18d7e98 c18d7e7c c0138808 c0137138 00000000
[  517.690000] 7e80: ffffff9d c0f10460 c1e8f000 c18d7f00 c18d7e9c c0177c78 c01387b0 00000000
[  517.690000] 7ea0: c0f1046c 00008914 10430000 00000029 00000028 0000000c 61746830 00000000
[  517.690000] 7ec0: 00000000 00000000 10430000 00000029 00000028 0000000c 00008914 be89fdac
[  517.690000] 7ee0: be89fdac be89fdac 00000000 c18d6000 00000000 c18d7f18 c18d7f04 c017900c
[  517.690000] 7f00: c017798c c1f40900 00008914 c18d7f3c c18d7f1c c012e0f8 c0178f60 c1f40900
[  517.690000] 7f20: ffffffe7 be89fdac 00000003 00000000 c18d7f58 c18d7f40 c0079494 c012de98
[  517.690000] 7f40: c1f40900 c1f40900 be89fdac c18d7f84 c18d7f5c c0079784 c0079464 c18d7fb0
[  517.690000] 7f60: 00000017 c1f40900 fffffff7 00008914 00000036 c001de44 c18d7fa4 c18d7f88
[  517.690000] 7f80: c00797e4 c00794ec 00000000 be89fdac 0004c788 0005ab5c 00000000 c18d7fa8
[  517.690000] 7fa0: c001dcc0 c00797b0 be89fdac c002507c 00000003 00008914 be89fdac be89fdac
[  517.690000] 7fc0: be89fdac 0004c788 0005ab5c 00000003 00000004 be89fedc 00000000 be89fc9c
[  517.690000] 7fe0: be89fca0 be89fc7c 4008b078 4008afe8 20000010 00000003 00000000 00000000
[  517.690000] Backtrace:
[  517.690000] [<c0022738>] (__bug+0x4/0x54) from [<bf1b2b74>] (ath_rate_findrate+0x4f4/0x55c [ath_rate_sample])
[  517.690000]  r4 = FFFFFFFF
[  517.690000] [<bf1b2680>] (ath_rate_findrate+0x0/0x55c [ath_rate_sample]) from [<bf1baf9c>] (ath_tx_start+0x534/0x13d4 [ath_pci])
[  517.690000] [<bf1baa68>] (ath_tx_start+0x0/0x13d4 [ath_pci]) from [<bf1c1ff0>] (ath_hardstart+0xf28/0x10e0 [ath_pci])
[  517.690000] [<bf1c10c8>] (ath_hardstart+0x0/0x10e0 [ath_pci]) from [<c014477c>] (qdisc_restart+0xe8/0x1d4)
[  517.690000] [<c0144694>] (qdisc_restart+0x0/0x1d4) from [<c0137860>] (dev_queue_xmit+0xf8/0x220)
[  517.690000]  r8 = C1D7A220  r7 = 00000000  r6 = 00000000  r5 = C1E9B9C0
[  517.690000]  r4 = C1D7A000
[  517.690000] [<c0137768>] (dev_queue_xmit+0x0/0x220) from [<bf193934>] (ieee80211_hardstart+0x3b0/0x428 [wlan])
[  517.690000]  r6 = C1DD1000  r5 = C1E8F220  r4 = C1E9B9C0
[  517.690000] [<bf193584>] (ieee80211_hardstart+0x0/0x428 [wlan]) from [<c014477c>] (qdisc_restart+0xe8/0x1d4)
[  517.690000] [<c0144694>] (qdisc_restart+0x0/0x1d4) from [<c0137860>] (dev_queue_xmit+0xf8/0x220)
[  517.690000]  r8 = BF217F68  r7 = C1AFC7A0  r6 = 00000000  r5 = C1E9B9C0
[  517.690000]  r4 = C1E8F000
[  517.690000] [<c0137768>] (dev_queue_xmit+0x0/0x220) from [<bf217e58>] (br_dev_queue_push_xmit+0x98/0xa8 [bridge])
[  517.690000]  r6 = C1F89220  r5 = C1E9B9C0  r4 = C1E9B9C0
[  517.690000] [<bf217dc0>] (br_dev_queue_push_xmit+0x0/0xa8 [bridge]) from [<bf217ed0>] (br_forward_finish+0x68/0x7c [bridge])
[  517.690000]  r4 = C0225B08
[  517.690000] [<bf217e68>] (br_forward_finish+0x0/0x7c [bridge]) from [<bf217fe4>] (__br_forward+0x7c/0x8c [bridge])
[  517.690000] [<bf217f68>] (__br_forward+0x0/0x8c [bridge]) from [<bf2181d8>] (br_flood+0xec/0x134 [bridge])
[  517.690000]  r4 = C1F89218
[  517.690000] [<bf2180f0>] (br_flood+0x4/0x134 [bridge]) from [<bf218ce0>] (br_handle_frame_finish+0x11c/0x124 [bridge])
[  517.690000]  r8 = C0224C28  r7 = 00000000  r6 = C1EA0012  r5 = C1E9B9C0
[  517.690000]  r4 = C1F89220
[  517.690000] [<bf218bc4>] (br_handle_frame_finish+0x0/0x124 [bridge]) from [<bf218ec4>] (br_handle_frame+0x1dc/0x244 [bridge])
[  517.690000]  r7 = 00000001  r6 = C18D7D68  r5 = C1AFC8A0  r4 = C1EA0012
[  517.690000] [<bf218ce8>] (br_handle_frame+0x0/0x244 [bridge]) from [<c0137eb4>] (netif_receive_skb+0x188/0x2c0)
[  517.690000]  r6 = C0224EF4  r5 = 00000000  r4 = C1AFC8A0
[  517.690000] [<c0137d2c>] (netif_receive_skb+0x0/0x2c0) from [<c013809c>] (process_backlog+0xb0/0x19c)
[  517.690000]  r8 = C0224C28  r7 = C18D7DBC  r6 = 00000000  r5 = C0224C50
[  517.690000]  r4 = C1A83000
[  517.690000] [<c0137fec>] (process_backlog+0x0/0x19c) from [<c0138218>] (net_rx_action+0x90/0x170)
[  517.690000] [<c0138188>] (net_rx_action+0x0/0x170) from [<c00387d8>] (__do_softirq+0x5c/0xd0)
[  517.690000]  r8 = C021B480  r7 = 00000009  r6 = C18D6000  r5 = C021B4C0
[  517.690000]  r4 = 00000005
[  517.690000] [<c003877c>] (__do_softirq+0x0/0xd0) from [<c0038890>] (do_softirq+0x44/0x50)
[  517.690000]  r8 = BE89FDAC  r7 = 00000000  r6 = 00000001  r5 = C1E8F000
[  517.690000]  r4 = 60000013
[  517.690000] [<c003884c>] (do_softirq+0x0/0x50) from [<c0038900>] (local_bh_enable+0x64/0x84)
[  517.690000]  r4 = C18D6000
[  517.690000] [<c003889c>] (local_bh_enable+0x0/0x84) from [<bf219a38>] (br_device_event+0x144/0x14c [bridge])
[  517.690000]  r4 = C1F89220
[  517.690000] [<bf2198f4>] (br_device_event+0x0/0x14c [bridge]) from [<c0040a84>] (notifier_call_chain+0x38/0x50)
[  517.690000]  r5 = C1E8F000  r4 = BF21FA34
[  517.690000] [<c0040a4c>] (notifier_call_chain+0x0/0x50) from [<c01371e4>] (dev_open+0xb8/0xc8)
[  517.690000]  r6 = 00001102  r5 = 00000000  r4 = C1E8F000
[  517.690000] [<c013712c>] (dev_open+0x0/0xc8) from [<c0138808>] (dev_change_flags+0x64/0x124)
[  517.690000]  r5 = 00001043  r4 = C1E8F000
[  517.690000] [<c01387a4>] (dev_change_flags+0x0/0x124) from [<c0177c78>] (devinet_ioctl+0x2f8/0x6f0)
[  517.690000]  r7 = C1E8F000  r6 = C0F10460  r5 = FFFFFF9D  r4 = 00000000
[  517.690000] [<c0177980>] (devinet_ioctl+0x0/0x6f0) from [<c017900c>] (inet_ioctl+0xb8/0x104)
[  517.690000] [<c0178f54>] (inet_ioctl+0x0/0x104) from [<c012e0f8>] (sock_ioctl+0x26c/0x2a4)
[  517.690000]  r5 = 00008914  r4 = C1F40900
[  517.690000] [<c012de8c>] (sock_ioctl+0x0/0x2a4) from [<c0079494>] (do_ioctl+0x3c/0x88)
[  517.690000]  r8 = 00000000  r7 = 00000003  r6 = BE89FDAC  r5 = FFFFFFE7
[  517.690000]  r4 = C1F40900
[  517.690000] [<c0079458>] (do_ioctl+0x0/0x88) from [<c0079784>] (vfs_ioctl+0x2a4/0x2c4)
[  517.690000]  r6 = BE89FDAC  r5 = C1F40900  r4 = C1F40900
[  517.690000] [<c00794e0>] (vfs_ioctl+0x0/0x2c4) from [<c00797e4>] (sys_ioctl+0x40/0x5c)
[  517.690000]  r8 = C001DE44  r7 = 00000036  r6 = 00008914  r5 = FFFFFFF7
[  517.690000]  r4 = C1F40900
[  517.690000] [<c00797a4>] (sys_ioctl+0x0/0x5c) from [<c001dcc0>] (ret_fast_syscall+0x0/0x2c)
[  517.690000]  r6 = 0005AB5C  r5 = 0004C788  r4 = BE89FDAC
[  517.690000] Code: 1b004760 e59f0014 eb00475e e3a03000 (e5833000)
[  517.690000]  <0>Kernel panic - not syncing: Aiee, killing interrupt handler!

#185 Stuck beacon on latest svn of madwifi madwifi: driver version 0.9.x - progressive release candidate phase defect 11/28/05

Our "little friend" the stuck beacon is back.

lspci shows:

00:0a.0 Ethernet controller: Atheros Communications, Inc. AR5212 802.11abg NIC ( rev 01)

and the logs show:

Nov 27 19:32:40 Deathwish kernel: ath_hal: module license 'Proprietary' taints
kernel.
Nov 27 19:32:40 Deathwish kernel: ath_hal: 0.9.16.3 (AR5210, AR5211, AR5212, RF5111, RF5112, RF2413, RF5413, DFS)
Nov 27 19:32:40 Deathwish kernel: wlan: 0.8.4.2 (Atheros/multi-bss)
Nov 27 19:32:40 Deathwish kernel: ath_rate_sample: 1.2
Nov 27 19:32:40 Deathwish kernel: ath_pci: 0.9.4.5 (Atheros/multi-bss)
Nov 27 19:32:40 Deathwish kernel: ACPI: PCI Interrupt 0000:00:0a.0[A] -> GSI 17 (level, low) -> IRQ 169
Nov 27 19:32:40 Deathwish kernel: wifi0: 11a rates: 6Mbps 9Mbps 12Mbps 18Mbps 24Mbps 36Mbps 48Mbps 54Mbps
Nov 27 19:32:40 Deathwish kernel: wifi0: 11b rates: 1Mbps 2Mbps 5.5Mbps 11Mbps
Nov 27 19:32:40 Deathwish kernel: wifi0: 11g rates: 1Mbps 2Mbps 5.5Mbps 11Mbps
6Mbps 9Mbps 12Mbps 18Mbps 24Mbps 36Mbps 48Mbps 54Mbps
Nov 27 19:32:40 Deathwish kernel: wifi0: turboA rates: 6Mbps 9Mbps 12Mbps 18Mbps 24Mbps 36Mbps 48Mbps 54Mbps
Nov 27 19:32:40 Deathwish kernel: wifi0: H/W encryption support: WEP AES AES_CCM TKIP
Nov 27 19:32:40 Deathwish kernel: wifi0: mac 5.6 phy 4.1 5ghz radio 1.7 2ghz radio 2.3
Nov 27 19:32:40 Deathwish kernel: wifi0: Use hw queue 1 for WME_AC_BE traffic
Nov 27 19:32:40 Deathwish kernel: wifi0: Use hw queue 0 for WME_AC_BK traffic
Nov 27 19:32:40 Deathwish kernel: wifi0: Use hw queue 2 for WME_AC_VI traffic
Nov 27 19:32:40 Deathwish kernel: wifi0: Use hw queue 3 for WME_AC_VO traffic
Nov 27 19:32:40 Deathwish kernel: wifi0: Use hw queue 8 for CAB traffic
Nov 27 19:32:40 Deathwish kernel: wifi0: Use hw queue 9 for beacons
Nov 27 19:32:40 Deathwish kernel: wifi0: Atheros 5212: mem=0xdffd0000, irq=169

.....

Nov 27 20:35:24 Deathwish kernel: wifi0: stuck beacon; resetting (bmiss count 4)
Nov 27 20:35:26 Deathwish kernel: wifi0: stuck beacon; resetting (bmiss count 4)
Nov 27 20:35:40 Deathwish kernel: wifi0: stuck beacon; resetting (bmiss count 4)
Nov 27 20:37:22 Deathwish kernel: wifi0: stuck beacon; resetting (bmiss count 4)
Nov 27 20:37:34 Deathwish kernel: wifi0: stuck beacon; resetting (bmiss count 4)
Nov 27 20:37:39 Deathwish kernel: wifi0: stuck beacon; resetting (bmiss count 4)
Nov 27 20:38:16 Deathwish kernel: wifi0: stuck beacon; resetting (bmiss count 4)
Nov 27 20:38:55 Deathwish kernel: wifi0: stuck beacon; resetting (bmiss count 4)
Nov 27 20:38:59 Deathwish kernel: wifi0: stuck beacon; resetting (bmiss count 4)
Nov 27 20:41:15 Deathwish kernel: wifi0: stuck beacon; resetting (bmiss count 4)
Nov 27 20:41:45 Deathwish kernel: wifi0: stuck beacon; resetting (bmiss count 4)

#1143 Oops: On driver_unregister cleanup path madwifi: other version 0.9.4 defect 02/08/07

This script causes various oopses with the current madwifi and current Linux from wireless-dev:

modprobe ath_pci autocreate=ap
ifconfig ath0 up
wlanconfig ath1 create wlandev wifi0 wlanmode wds
ifconfig ath1 up
iwconfig ath1 ap 00:01:02:03:04:05

iwconfig
ifconfig ath1 down
ifconfig ath0 down
rmmod ath_pci

First time it was "vap not stopped" bug, then an attempt to use a spinlock on freed memory. The "6b" pattern is a clear sign that freed memory is involved.

It's a x86_64 kernel with most debugging options enabled. The MAC address is made up.

Swapping the line setting the "ap" and the previous line setting the IP address on ath1 causes the problem to disappear, but it may be just a different timing. The script is run on serial console, so the iwconfig output can provide a delay necessary to trigger the bug.

First oops:

VAP not stopped<0>------------[ cut here ]------------
kernel BUG at /home/proski/src/madwifi/ath/if_ath.c:1216!
invalid opcode: 0000 [1] 
CPU 0 
Modules linked in: ath_pci wlan_scan_ap ath_rate_sample wlan ath_hal(P)
Pid: 6512, comm: rmmod Tainted: P      2.6.20-rc6 #20
RIP: 0010:[<ffffffff8806f1d8>]
[<ffffffff8806f1d8>] :ath_pci:ath_vap_delete+0x48/0x350
RSP: 0018:ffff81001d355d18  EFLAGS: 00010296
RAX: 0000000000000012 RBX: 0000000000000004 RCX: ffffffff805d7688
RDX: ffff81001b291100 RSI: 0000000000000001 RDI: ffffffff805d7640
RBP: ffff81001d355d48 R08: ffffffff80679978 R09: 0000000000000000
R10: ffff81001d355c38 R11: 0000000000000246 R12: ffff81001dbc8000
R13: ffff81001c135520 R14: ffff81001dbc8520 R15: ffff81001dbc8000
FS:  00002b2a12635240(0000) GS:ffffffff8061b000(0000)
knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 000000008005003b
CR2: 00002b90d575b0a0 CR3: 000000001d988000 CR4: 00000000000006e0
Process rmmod (pid: 6512, threadinfo ffff81001d354000, task
ffff81001b291100)
Stack:  ffff81001b5c0000 ffff81001dbc8520 ffff81001dbc8000
ffff81001b5c0000
 ffffffff8807f548 ffffffff8807f660 ffff81001d355d68 ffffffff88037ea6
 ffff81001dbc8520 ffff81001dbc8520 ffff81001d355da8 ffffffff8806dbd1
Call Trace:
 [<ffffffff88037ea6>] :wlan:ieee80211_ifdetach+0x26/0x80
 [<ffffffff8806dbd1>] :ath_pci:ath_detach+0x81/0x110
 [<ffffffff804b5625>] wait_for_completion+0xd5/0xe0
 [<ffffffff880778be>] :ath_pci:ath_pci_remove+0x2e/0xa0
 [<ffffffff80354d2f>] pci_device_remove+0x2f/0x60
 [<ffffffff803d8553>] __device_release_driver+0x93/0xb0
 [<ffffffff803d8bb3>] driver_detach+0xe3/0x130
 [<ffffffff803d7fe3>] bus_remove_driver+0x83/0xb0
 [<ffffffff803d8c45>] driver_unregister+0x15/0x30
 [<ffffffff80354f55>] pci_unregister_driver+0x25/0x80
 [<ffffffff88077ce5>] :ath_pci:exit_ath_pci+0x15/0x2c
 [<ffffffff80250b4b>] sys_delete_module+0x1ab/0x1f0
 [<ffffffff804b7840>] trace_hardirqs_on_thunk+0x35/0x37
 [<ffffffff80209b1e>] system_call+0x7e/0x83

Second oops:

general protection fault: 0000 [1] 
CPU 0 
Modules linked in: ath_pci wlan_scan_ap ath_rate_sample wlan ath_hal(P)
Pid: 3857, comm: ifconfig Tainted: P      2.6.20-rc6 #20
RIP: 0010:[<ffffffff8034a81e>]  [<ffffffff8034a81e>] _raw_spin_lock+0x1e/0x130
RSP: 0018:ffff81001dc99be8  EFLAGS: 00010086
RAX: ffff81001d500080 RBX: 6b6b6b6b6b6b6b73 RCX: 0000000000000000
RDX: 0000000000000000 RSI: 0000000000000000 RDI: 6b6b6b6b6b6b6b73
RBP: ffff81001dc99c08 R08: 0000000000000002 R09: 0000000000000001
R10: 0000000000000001 R11: 0000000000000246 R12: 0000000000000286
R13: 6b6b6b6b6b6b6b73 R14: ffff81001b8e0108 R15: ffff81001b8f0520
FS:  00002abed66833b0(0000) GS:ffffffff8061b000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 000000008005003b
CR2: 00000000006b9fb0 CR3: 000000001d75c000 CR4: 00000000000006e0
Process ifconfig (pid: 3857, threadinfo ffff81001dc98000, task ffff81001d500080)
Stack:  6b6b6b6b6b6b6b73 0000000000000286 6b6b6b6b6b6b6b73 ffff81001b8e0108
 ffff81001dc99c28 ffffffff804b82ee 6b6b6b6b6b6b6b6b ffff81001da4d000
 ffff81001dc99c58 ffffffff88041322 ffff81001b8f2128 0000000000000001
Call Trace:
 [<ffffffff804b82ee>] _spin_lock_irqsave+0x3e/0x50
 [<ffffffff88041322>] :wlan:ieee80211_free_node+0x32/0x90
 [<ffffffff8806ac2a>] :ath_pci:ath_tx_draintxq+0x16a/0x1b0
 [<ffffffff80227b90>] default_wake_function+0x0/0x10
 [<ffffffff8806ada4>] :ath_pci:ath_draintxq+0x134/0x160
 [<ffffffff8806b30e>] :ath_pci:ath_stop_locked+0xde/0x1c0
 [<ffffffff8806b45e>] :ath_pci:ath_stop+0x6e/0x90
 [<ffffffff80460d62>] dev_close+0x62/0x90
 [<ffffffff88048c6e>] :wlan:ieee80211_stop+0xae/0x110
 [<ffffffff80460d62>] dev_close+0x62/0x90
 [<ffffffff8046017d>] dev_change_flags+0x6d/0x150
 [<ffffffff8049c48c>] devinet_ioctl+0x30c/0x730
 [<ffffffff8049cb9c>] inet_ioctl+0x4c/0x70
 [<ffffffff80455180>] sock_ioctl+0x210/0x240
 [<ffffffff804b819b>] _spin_unlock_irq+0x2b/0x40
 [<ffffffff8028deab>] do_ioctl+0x1b/0x60
 [<ffffffff8028e151>] vfs_ioctl+0x261/0x280
 [<ffffffff8028e1ba>] sys_ioctl+0x4a/0x80
 [<ffffffff80209b1e>] system_call+0x7e/0x83

#1709 madwifi-ng r3081 produces kernel Oops: 817 when locking to 54Mbps rate on IXP4XX platform madwifi: 802.11 stack None defect 12/25/07
wlan: svn r3081
ath_hal: module license 'Proprietary' taints kernel.
ath_hal: 0.9.30.13 (AR5210, AR5211, AR5212, AR5416, RF5111, RF5112, RF2413, RF5413, RF2133, REGOPS_FUNC)
ath_rate_minstrel: Minstrel automatic rate control algorithm 1.2 (svn r3081)
ath_rate_minstrel: look around rate set to 10%
ath_rate_minstrel: EWMA rolloff level set to 75%
ath_rate_minstrel: max segment size in the mrr set to 6000 us
wlan: mac acl policy registered
ath_pci: svn r3081
PCI: enabling device 0000:00:01.0 (0340 -> 0342)
ath_pci: switching rfkill capability off
ath_pci: switching per-packet transmit power control off
wifi0: 11a rates: 6Mbps 9Mbps 12Mbps 18Mbps 24Mbps 36Mbps 48Mbps 54Mbps
wifi0: 11b rates: 1Mbps 2Mbps 5.5Mbps 11Mbps
wifi0: 11g rates: 1Mbps 2Mbps 5.5Mbps 11Mbps 6Mbps 9Mbps 12Mbps 18Mbps 24Mbps 36Mbps 48Mbps 54Mbps
wifi0: turboA rates: 6Mbps 9Mbps 12Mbps 18Mbps 24Mbps 36Mbps 48Mbps 54Mbps
wifi0: turboG rates: 6Mbps 12Mbps 18Mbps 24Mbps 36Mbps 48Mbps 54Mbps
wifi0: H/W encryption support: WEP AES AES_CCM TKIP
wifi0: mac 5.9 phy 4.3 radio 3.6
wifi0: Use hw queue 1 for WME_AC_BE traffic
wifi0: Use hw queue 0 for WME_AC_BK traffic
wifi0: Use hw queue 2 for WME_AC_VI traffic
wifi0: Use hw queue 3 for WME_AC_VO traffic
wifi0: Use hw queue 8 for CAB traffic
wifi0: Use hw queue 9 for beacons
wifi0: Atheros 5212: mem=0x48000000, irq=28
fixed rate 108 not in rate set<1>Unable to handle kernel NULL pointer dereference at virtual address 00000000
pgd = c3918000
[00000000] *pgd=039f9031, *pte=00000000, *ppte=00000000
Internal error: Oops: 817 [#1]
Modules linked in: ath_pci wlan_xauth wlan_wep wlan_tkip wlan_ccmp wlan_acl ath_rate_minstrel ath_hal(P) wlan_scan_sta wlan_scan_ap wlan ipt_iprange ipt_ttl ipt_TOS ipt_tos xt_MARK xt_mark xt_mac xt_length xt_CLASSIFY imq ipt_IMQ ipt_layer7 ipt_ipp2p ipt_LOG xt_NOTRACK xt_connbytes xt_helper xt_CONNMARK xt_connmark tun
CPU: 0
pc : [<bf096aa8>]    lr : [<0000000c>]    Tainted: P
sp : c3583bfc  ip : c01ecd68  fp : c3583c44
r10: c3414800  r9 : c348a320  r8 : c3414b00
r7 : 0000000a  r6 : 00000003  r5 : c3414ae0  r4 : ffffffff
r3 : 00000000  r2 : 00000000  r1 : 00000001  r0 : 00000021
Flags: nZCv  IRQs off  FIQs on  Mode SVC_32  Segment user
Control: 39FF
Table: 03918000  DAC: 00000015
Process iwconfig (pid: 2342, stack limit = 0xc3582250)
Stack: (0xc3583bfc to 0xc3584000)
3be0:                                                                00000746
3c00: bf04b0a0 bf097d28 c343b320 bf093320 00000000 4ab71534 2b5d517e 20000093
3c20: 20000013 0000000e c348aca4 00000000 bf096c68 00000000 c3583c54 c3583c48
3c40: bf096c84 bf0967ec c3583c84 c3583c58 bf036e70 bf096c74 c3414800 c348a320
3c60: c343b320 00000001 c348a000 c348a320 c3414800 c343b320 c3583c94 c3583c88
3c80: bf036ed4 bf036de4 c3583cac c3583c98 bf096d2c bf036ebc 40000013 00000000
3ca0: c3583d08 c3583cb0 bf0b45a4 bf096d00 c3583cbc bf03e4b4 bf03e2fc c343b320
3cc0: ffffffff 00000004 bf0387f8 c348a320 c348a000 c3440000 00000187 c343b320
3ce0: 00000004 ffffffff c343b320 c348a000 00000000 c343b000 bee95f88 c3583d24
3d00: c3583d0c bf03de48 bf0b4220 c343b320 c0200024 00000009 c3583d38 c3583d28
3d20: bf0389fc bf03de24 c0201acc c3583d4c c3583d3c c0036070 bf0389ec 00000001
3d40: c3583d68 c3583d50 c0035f20 c0036004 60000013 00000000 c343b320 c3583d7c
3d60: c3583d6c c0035fdc c0035ed0 c01fffe8 c3583d90 c3583d80 c0036208 c0035fa0
3d80: 00000000 c3583dac c3583d94 bf03de50 c0036194 c343b320 c348a320 c343b000
3da0: c3583dd0 c3583db0 bf03e934 bf03de24 c343b380 c343b320 0000029c c348a320
3dc0: c3583edc c3583de0 c3583dd4 bf03e980 bf03e830 c3583e24 c3583de4 bf045fac
3de0: bf03e978 bf02ce80 00000000 00000000 00000000 00000000 00010297 00000000
3e00: 00000000 00000000 00008b20 c3583eec c01b05e0 00008b20 c3583e84 c3583e28
3e20: c013e240 bf045eac bf045ea0 c3583e38 c00220ec c005c48c c38c2344 00000008
3e40: 00000000 00000000 c3baba6c 0000000d c3583e78 c3583e78 8b200000 00008b20
3e60: 00008b20 c3583edc c343b000 c3583edc bf045ea0 bee95f88 c3583eb8 c3583e88
3e80: c013e764 c013e1dc c01308a0 c00d9580 bee95dcc 00008b20 c3583edc 00000000
3ea0: c3583edc c3582000 bee95f88 c3583f28 c3583ebc c01335ac c013e708 00000000
3ec0: 00000000 c3583f74 6c000000 00000000 00000000 00000000 00000000 61746830
3ee0: 00000000 00000000 00000000 0337f980 01000000 bee95f8d 00016aec f4240000
3f00: 00000000 c02d1820 00008b20 bee95dcc 00000003 c001bd24 bee95f88 c3583f44
3f20: c3583f2c c0127c34 c013306c c02d1820 bee95dcc 00008b20 c3583f5c c3583f48
3f40: c00795e4 c0127a80 c02d1820 bee95dcc c3583f84 c3583f60 c0079890 c00795bc
3f60: ee103171 c3583f9c c02d1820 fffffff7 00008b20 00000036 c3583fa4 c3583f88
3f80: c0079900 c0079634 00000000 bee95f92 00000001 bee95ed0 00000000 c3583fa8
3fa0: c001bb80 c00798cc bee95f92 00000001 00000003 00008b20 bee95dcc bee95dc8
3fc0: bee95f92 00000001 bee95ed0 00000000 00000001 00000003 bee95f88 00000000
3fe0: 40081960 bee95db0 4006fef0 4006feac 20000010 00000003 00000000 00000000
Backtrace:
Function entered at [<bf0967e0>] from [<bf096c84>]
Function entered at [<bf096c68>] from [<bf036e70>]
Function entered at [<bf036dd8>] from [<bf036ed4>]
Function entered at [<bf036eb0>] from [<bf096d2c>]
Function entered at [<bf096cf4>] from [<bf0b45a4>]
 r5 = 00000000  r4 = 40000013
Function entered at [<bf0b4214>] from [<bf03de48>]
Function entered at [<bf03de18>] from [<bf0389fc>]
 r6 = 00000009  r5 = C0200024  r4 = C343B320
Function entered at [<bf0389e0>] from [<c0036070>]
 r4 = C0201ACC
Function entered at [<c0035ff8>] from [<c0035f20>]
 r4 = 00000001
Function entered at [<c0035ec4>] from [<c0035fdc>]
 r6 = C343B320  r5 = 00000000  r4 = 60000013
Function entered at [<c0035f94>] from [<c0036208>]
 r4 = C01FFFE8
Function entered at [<c0036188>] from [<bf03de50>]
 r4 = 00000000
Function entered at [<bf03de18>] from [<bf03e934>]
 r6 = C343B000  r5 = C348A320  r4 = C343B320
Function entered at [<bf03e824>] from [<bf03e980>]
 r8 = C3583EDC  r7 = C348A320  r6 = 0000029C  r5 = C343B320
 r4 = C343B380
Function entered at [<bf03e96c>] from [<bf045fac>]
Function entered at [<bf045ea0>] from [<c013e240>]
 r7 = 00008B20  r6 = C01B05E0  r5 = C3583EEC  r4 = 00008B20
Function entered at [<c013e1d0>] from [<c013e764>]
Function entered at [<c013e6fc>] from [<c01335ac>]
Function entered at [<c0133060>] from [<c0127c34>]
Function entered at [<c0127a74>] from [<c00795e4>]
 r6 = 00008B20  r5 = BEE95DCC  r4 = C02D1820
Function entered at [<c00795b0>] from [<c0079890>]
 r5 = BEE95DCC  r4 = C02D1820
Function entered at [<c0079628>] from [<c0079900>]
 r7 = 00000036  r6 = 00008B20  r5 = FFFFFFF7  r4 = C02D1820
Function entered at [<c00798c0>] from [<c001bb80>]
 r6 = BEE95ED0  r5 = 00000001  r4 = BEE95F92
Code: aa000003 e59f01b0 eb3e6c1c e3a03000 (e5833000)
Kernel panic - not syncing: Aiee, killing interrupt handler!

#2130 Wrongly limited frequency usage in new HAL madwifi-hal-testing None defect 09/16/08

since the HAL 2008-08-15, the frequency usage is strictly limited in an uncomfortable way that prevents using new HAL in scenarios when one card is configured to receive at outdoor 5GHz frequencies and the second card is transmitting at indoor 5GHz frequencies (e.g. Local indoor 5GHz AP receiving connectivity from outdoor 5GHz long-distance link). With the HAL 2008-05-28 everything works as expected. Managed mode card receives at outdoor frequencies 5.5-5.7 GHz and master mode indoor AP transmits at indoor frequency 5.26 GHz. This is for countrycode=276. With the new HAL When you modprobe ath_pci with countrycode=276 without outdoor parameter, only indoor frequencies are available and therefore Managed mode card is not able to connect to the outdoor AP. With outdoor=1, we must use outdoor frequency for indoor local AP thus wasting frequency spectrum by not using frequencies available for indoor 5GHz. Nevertheless there is a risk of overlaping two outdoor frequencies since the outdoor incoming link can switch frequency randomly.

The solution would be to preserve-restore the behavior of the old HAL to allow automatic indoor/outdoor frequencies available simultaneously and remove outdoor module parameter or introduce a sysctl parameter which is able to change the frequency range (indoor/outdoor usage) of a card on-the-fly. The cards used in this scenario are Wistron CM9 cards (AR5213). The other cards (Mikrotik R52 - AR5414) have also been tested.


#1701 [patch] fix wds vap state handling madwifi: 802.11 stack None defect 12/19/07

The attached patch fixing following issue:

- several state changes of a WDS vap causes node leaks and some other issues (eg iwconfig not show rssi).

This patch is final and clean solution to the problem i was tried to fix in ticket #1578 (i cannot reopen it). Hack from #1578 not fixed the problem completly. In order to apply this patch, changeset r2719 must be reverted ! The patch was tested on stable release and should work with the trunk.

Signed-off-by: Jiri Fojtasek <jiri.fojtasek@hlohovec.net>


#2221 Unknown symbols when insmod for madwifi-free madwifi: HAL None defect 01/08/09

I have mips based board, and I could compile the madwifi-free branch, but when I insmod:

insmod ./ath_hal.ko 
ath_hal: Unknown symbol __stop_set_ah_rfs
ath_hal: Unknown symbol __start_set_ah_chips
ath_hal: Unknown symbol __start_set_ah_rfs
ath_hal: Unknown symbol __stop_set_ah_chips

Since this is very new, I think there is something easy missing, I hope Proski can look at it fast, please Email louay dot sakka @ linowave.com


scottr

Ticket Summary Component Milestone Type Created
Description
#1092 Stack corruption in XR mode madwifi: driver version 0.9.x - progressive release candidate phase defect 01/16/07

Hi All,

I was getting crashes when I was enabling XR (iwpriv ath0 xr 1) (AP mode). I traced it to a stack corruption in ath_grppoll_start. Following code writes to "rates" array more than the allocates space.

        while (sscanf(&(sc->sc_grppoll_str[pos]), "%s %s", ratestr, numpollstr) == 2) {
5971 	                int rtx = 0;
5972 	                while (ratestrmap[rtx].ratekbps != 0) {
5973 	                        if (strcmp(ratestrmap[rtx].str, ratestr) == 0)
5974 	                                break;
5975 	                        rtx++;
5976 	                }int rates[XR_NUM_RATES];
5977 	                sscanf(numpollstr, "%d", &(rates[rtx]));
5978 	                pos += strlen(ratestr) + strlen(numpollstr) + 2;
5979 	        }

rtx varies from 0 to 7 while "rates" is declared as int rates[XR_NUM_RATES]; (XR_NUM_RATES=5).

The crash goes away after making the following change.

  while(sscanf(&(sc->sc_grppoll_str[pos]),"%s %s",ratestr,numpollstr) == 2) {
        int i=0, duplicate = 0;
        while(ratestrmap[i].ratekbps != 0) {
            if(strcmp(ratestrmap[i].str,ratestr) == 0 )
                break;
            ++i;
            if (ratestrmap[i].ratekbps == ratestrmap[i-1].ratekbps)
                duplicate++;
        }
        sscanf(numpollstr,"%d",&(rates[i-duplicate]));
        pos += strlen(ratestr) + strlen(numpollstr) + 2;
    }

Note: See TracReports for help on using and creating reports.