Ticket #1123 (closed defect: fixed)

Opened 5 years ago

Last modified 5 years ago

panic introduced by r2056

Reported by: georg@boerde.de Assigned to:
Priority: major Milestone: version 0.9.3
Component: madwifi: 802.11 stack Version: trunk
Keywords: panic adhoc smp Cc:
Patch is attached: 0 Pending:

Description

Today I've upgraded madwifi to r2068, and my SMP machine (Athlon X2, Debian/unstable, Linux-2.6.18-2-k7) paniced on me after a madwifi Oops: 

kernel BUG at mm/slab.c:595!
invalid opcode: 0000 [#1]
SMP 
Modules linked in: nvidia agpgart nfsd exportfs ppdev lp thermal fan button processor ac battery ipv6 dm_snapshot dm_mirror dm_mod pl2303 usbserial w83627hf hwmon_vid eeprom i2c_isa sr_mod xfs wlan_scan_sta ath_rate_sample ide_cd cdrom ath_pci wlan ath_hal pcmcia firmware_class sd_mod amd74xx generic ide_core tsdev snd_intel8x0 snd_ac97_codec snd_ac97_bus snd_pcm_oss snd_mixer_oss snd_pcm snd_seq_dummy snd_seq_oss snd_seq_midi snd_rawmidi snd_seq_midi_event snd_seq snd_timer snd_seq_device snd yenta_socket rsrc_nonstatic ohci_hcd ehci_hcd soundcore i2c_nforce2 pcmcia_core snd_page_alloc rtc usbcore i2c_core floppy pcspkr parport_pc psmouse parport serio_raw sata_nv libata scsi_mod nfs lockd nfs_acl sunrpc via_rhine mii forcedeth evdev                                                      CPU:    0 
EIP:    0060:[<c0157493>]    Tainted: P      VLI
EFLAGS: 00010002   (2.6.18-2-k7 #1) 
EIP is at kfree+0x2e/0x65
eax: 00000008   ebx: f7d28000   ecx: 00000000   edx: c1a07b00
esi: 00000006   edi: 103d8000   ebp: dfd40300   esp: c0319d1c
ds: 007b   es: 007b   ss: 0068
Process swapper (pid: 0, ti=c0318000 task=c02cb700 task.ti=c0318000)
Stack: f7d28000 f7d28000 c1b8cc8c f8ad6546 c1b8c300 f8a8236e f7d28000 c1b8cc8c
       f8ad5ee2 00000000 00000000 00000000 00000000 f7d28000 c1b8cc8c c1b8c300
       00000206 f8ad6205 f7d28000 dfd40300 c1b8c300 f7966090 f8ad30d5 f7d28000
Call Trace:
 [<f8ad6546>] node_free+0x30/0x44 [wlan]
 [<f8a8236e>] ath_node_free+0x26/0x2f [ath_pci]
 [<f8ad5ee2>] _ieee80211_free_node+0xd1/0xd9 [wlan]
 [<f8ad6205>] ieee80211_free_node+0x36/0x51 [wlan]
 [<f8ad30d5>] ieee80211_recv_mgmt+0xe4f/0x36d2 [wlan]
 [<f8ad3252>] ieee80211_recv_mgmt+0xfcc/0x36d2 [wlan]
 [<f8a05173>] calc_usecs_unicast_packet+0x172/0x1bc [ath_rate_sample]
 [<f8a87327>] ath_recv_mgmt+0x3e/0x168 [ath_pci]
 [<f8ad1fd1>] ieee80211_input+0x11f6/0x1436 [wlan]
 [<c0116dd7>] find_busiest_group+0x177/0x481
 [<f8a9e043>] zz067d0c47+0x3b/0x5c [ath_hal]
 [<f8ad225f>] ieee80211_input_all+0x4e/0x75 [wlan]
 [<f8a89ddf>] ath_rx_tasklet+0x551/0x69c [ath_pci]
 [<c0121da4>] tasklet_action+0x55/0xaf
 [<c01219b8>] __do_softirq+0x5a/0xbb
 [<c0121a4f>] do_softirq+0x36/0x3a
 [<c01050ea>] do_IRQ+0x48/0x52
 [<c0103692>] common_interrupt+0x1a/0x20
 [<c0101a5b>] default_idle+0x0/0x59
 [<c0101a8c>] default_idle+0x31/0x59
 [<c0101b53>] cpu_idle+0x9f/0xb9
 [<c031e719>] start_kernel+0x398/0x39f
Code: 89 c7 56 53 74 58 9c 5e fa 8d 90 00 00 00 40 c1 ea 0c c1 e2 05 03 15 90 53 37 c0 8b 02 f6 c4 40 74 03 8b 52 0c 8b 02 84 c0 78 08 <0f> 0b 53 02 61 ef 29 c0 89 e0 8b 4a 18 25 00 e0 ff ff 8b 40 10
EIP: [<c0157493>] kfree+0x2e/0x65 SS:ESP 0068:c0319d1c
 <0>Kernel panic - not syncing: Fatal exception in interrupt
 BUG: warning at arch/i386/kernel/smp.c:547/smp_call_function()
 [<c010f5cd>] smp_call_function+0x53/0xfd
 [<c011da7d>] printk+0x14/0x18
 [<c010f68a>] smp_send_stop+0x13/0x1c
 [<c011d0f0>] panic+0x4c/0xe0
 [<c0103fe6>] die+0x253/0x287
 [<c0104829>] do_invalid_op+0x0/0x9d
 [<c01048ba>] do_invalid_op+0x91/0x9d
 [<c0157493>] kfree+0x2e/0x65
 [<f89a9ae1>] snd_intel8x0_interrupt+0x4b/0x1c2 [snd_intel8x0]
 [<c0145e4c>] __alloc_pages+0x4e/0x275
 [<c0157959>] cache_alloc_refill+0x6a/0x479
 [<f8a05173>] calc_usecs_unicast_packet+0x172/0x1bc [ath_rate_sample]
 [<c01037d5>] error_code+0x39/0x40
 [<c0157493>] kfree+0x2e/0x65
 [<f8ad6546>] node_free+0x30/0x44 [wlan]
 [<f8a8236e>] ath_node_free+0x26/0x2f [ath_pci]
 [<f8ad5ee2>] _ieee80211_free_node+0xd1/0xd9 [wlan]
 [<f8ad6205>] ieee80211_free_node+0x36/0x51 [wlan]
 [<f8ad30d5>] ieee80211_recv_mgmt+0xe4f/0x36d2 [wlan]
 [<f8ad3252>] ieee80211_recv_mgmt+0xfcc/0x36d2 [wlan]
 [<f8a05173>] calc_usecs_unicast_packet+0x172/0x1bc [ath_rate_sample]
 [<f8a87327>] ath_recv_mgmt+0x3e/0x168 [ath_pci]
 [<f8ad1fd1>] ieee80211_input+0x11f6/0x1436 [wlan]
 [<c0116dd7>] find_busiest_group+0x177/0x481
 [<f8a9e043>] zz067d0c47+0x3b/0x5c [ath_hal]
 [<f8ad225f>] ieee80211_input_all+0x4e/0x75 [wlan]
 [<f8a89ddf>] ath_rx_tasklet+0x551/0x69c [ath_pci]
 [<c0121da4>] tasklet_action+0x55/0xaf
 [<c01219b8>] __do_softirq+0x5a/0xbb
 [<c0121a4f>] do_softirq+0x36/0x3a
 [<c01050ea>] do_IRQ+0x48/0x52
 [<c0103692>] common_interrupt+0x1a/0x20
 [<c0101a5b>] default_idle+0x0/0x59
 [<c0101a8c>] default_idle+0x31/0x59
 [<c0101b53>] cpu_idle+0x9f/0xb9
 [<c031e719>] start_kernel+0x398/0x39f

I've gone back in history, and the last revision not exhibiting this mad behaviour is r2055, meaning that the problem was introduced in r2056 with one of the node derefs.

It happens when I do the following: 

# ath0 is autocreated in ad-hoc mode
iwconfig ath0 channel 1 essid awds
ip l set ath0 up
<panic>

Attachments

Change History

02/02/07 11:20:56 changed by georg@boerde.de

With r2055 the crash still occurs ocassionally. I'm running r2050 now, which seems to be more stable (no crashes yet after a dozen of driver restarts).

02/02/07 15:21:22 changed by msmith@cbnco.com

I've been getting similar panics with madwifi trunk r2002, kernel 2.6.18.3, uniprocessor (Soekris net4826, so it's a 486). At least I remember seeing mm/slab.c:595 and references to ieee80211_free_node. If I can reproduce it again, I'll tack on a stack trace.

I didn't see the problem with r1931.

02/02/07 18:14:33 changed by mrenzmann

  • version set to trunk.

02/02/07 21:57:22 changed by mentor

  • status changed from new to closed.
  • resolution set to fixed.

Bother. Should be fixed in r2069. Reopen if not.

02/05/07 06:40:27 changed by mrenzmann

  • milestone set to version 0.9.3.

02/05/07 10:43:52 changed by georg@boerde.de

Ok, r2070 is working without trouble. :)

Add/Change #1123 (panic introduced by r2056)