Please note: This project is no longer active. The website is kept online for historic purposes only.
If you´re looking for a Linux driver for your Atheros WLAN device, you should continue here .

Ticket #1530 (new defect)

Opened 14 years ago

Last modified 14 years ago

kernel panic with two wireless cards

Reported by: Roy_M Assigned to:
Priority: minor Milestone:
Component: madwifi: other Version:
Keywords: Cc:
Patch is attached: 0 Pending:

Description (Last modified by mrenzmann)


I am getting kernel panics while running two madwifi wireless cards. I have tried to sort this problem out with a number of different systems, wireless cards, distros, kernels and a mixture of stable releases, svn trunks and the restricted drivers that come with Debian/ubuntu et cetera.

The quickest way to replicate the problem is to use the perl script that I have created below. The script basically brings up two wireless interfaces in ad hoc mode and then assigns them an IP address based on thier mac address. Without running the script/changing the interface modes too much all of my madwifi systems are really stable. However, I have had some perl guru's look at the script and they claim that there is no way that perl should be causing kernel panics.

The first two times the script runs I get a "ath_rate_sample: no rates for 00:12:17:79:27:77?" each time the script runs. On the third time the script rns I get a kernel panic.

Hopefully all of the relevant details are below. If anyone would like to test out the perl script on a PC with two wireless cards they could replicate the problem. Just keep in mind that there is a change that the machine will lock up.



Systems tested

System 1

IBM Core 2 Duo laptop Ubuntu Feisty 2.6.20-15-generic #2 SMP Wireless Card 1: AR5006X MiniPCI-E (built into the laptop) Wireless card 2: Cisco PCMCIA a/b/g (built into the laptop)

System 2

Old Compucon P3 800 MHz Debian Etch 2.6.18-4-686 #1 SMP Wireless Card 1: Wistron CM9 (MiniPCI through a PCI-MiniPCI bridge) Wireless card 2: Linksys WPC55AG (PCMCIA through a PCI-PCMCIA bridge)


use warnings;
use strict;

### This script brings up two interfaces in adhoc mode and then assigns them IPs based on their mac addresses
### take care with this code it causes kernel panics on my debian and ubuntu machines

use vars qw($i);
my (@frequencies);



sub interface_switch
        if ($i == 0) {
        $i = 1;
        else {
        $i = 0;

# Bring up the interface and assign it an IP
sub destroy_n_create_ints
        print `wlanconfig ath$i destroy`;
        print `wlanconfig ath$i create nounit wlandev wifi$i wlanmode adhoc`;
        print `ifconfig ath$i up`;
        print `iwconfig ath$i essid core`;

        my ($ifcon_str, @eachline, $firstline, @thesplit, $mac, $oct2, $oct3, $oct4, @pairs);

        $ifcon_str = `ifconfig ath$i`;

        @eachline = split(/^/, $ifcon_str);
        $firstline = $eachline[0];
        @thesplit = split(/HWaddr\s/, $firstline);
        $mac = trim($thesplit[1]);
        @pairs = split(/:/, $mac);

        $oct2 = hex($pairs[3]);
        $oct3 = hex($pairs[4]);
        $oct4 = hex($pairs[5]);

        print `ifconfig ath$i inet 10.$oct2\.$oct3\.$oct4 netmask`;

# Remove whitespace from the begining and end of a string
sub trim($)
        my $string = shift;
        $string =~ s/^\s+//;
        $string =~ s/\s+$//;
        return $string;

Kernel Error

ath_rate_sample: no rates for 00:12:17:79:27:77?
BUG: unable to handle kernel NULL pointer dereference at virtual address 0000005d
 printing eip:
*pde = 00000000
Oops: 0000 [#1]
Modules linked in: netconsole ipv6 dm_snapshot dm_mirror dm_mod loop irtty_sir sir_dev analog irda pcmcia firmware_class crc_ccitt snd_mpu401 snd_mpu401_uart snd_intel8x0 wlan_scan_sta snd_rawmidi snd_seq_device gameport snd_ac97_codec snd_ac97_bus ath_pci ath_rate_sample wlan floppy parport_pc parport snd_pcm snd_timer snd snd_page_alloc ath_hal yenta_socket rsrc_nonstatic pcmcia_core pcspkr rtc psmouse ide_floppy serio_raw i810_audio ac97_codec shpchp pci_hotplug soundcore intel_rng intel_agp agpgart evdev usbhid ext3 jbd mbcache ide_cd cdrom ide_disk uhci_hcd e100 mii usbcore piix generic ide_core processor
CPU:    0
EIP:    0060:[<d0abde51>]    Tainted: P      VLI
EFLAGS: 00010246   (2.6.18-4-686 #1)
EIP is at ieee80211_input+0x107/0x1400 [wlan]
eax: 000001c0   ebx: 00000009   ecx: 00000000   edx: cd855900
esi: cd92d020   edi: 0000000a   ebp: cf1fb2c0   esp: c0315ec8
ds: 007b   es: 007b   ss: 0068
Process swapper (pid: 0, ti=c0314000 task=c02c76a0 task.ti=c0314000)
Stack: 00000027 cd855900 cd85c000 501b42c0 00000009 00000000 d0a3703d cef90000
       cf0000f0 00000000 ff3bff3d cede4690 cf1b42c0 00000246 cede4690 cf1b42c0
       cd855840 d0aa92e4 00000246 00000001 d0aa5d75 cef90000 cd85c000 0000000a
Call Trace:
 [<d0a3703d>] zz067d0c47+0x15/0x5c [ath_hal]
 [<d0aa92e4>] ath_intr+0x940/0xa47 [ath_pci]
 [<d0aa5d75>] ath_tx_processq+0x106/0x56c [ath_pci]
 [<d0aa85cc>] ath_rx_tasklet+0x4b8/0x6bf [ath_pci]
 [<c0121c24>] tasklet_action+0x55/0xaf
 [<c0121838>] __do_softirq+0x5a/0xbb
 [<c01218cf>] do_softirq+0x36/0x3a
 [<c01050ea>] do_IRQ+0x48/0x52
 [<c01036b6>] common_interrupt+0x1a/0x20
 [<c0101a5a>] default_idle+0x0/0x59
 [<c0101a8b>] default_idle+0x31/0x59
 [<c0101b52>] cpu_idle+0x9f/0xb9
 [<c031a6fd>] start_kernel+0x379/0x380
Code: c4 14 ff 85 c0 00 00 00 c6 44 24 22 ff e9 e7 12 00 00 8a 56 01 8a 4c 24 0f 8b 5c 24 10 80 e2 03 80 e1 0c 88 54 24 21 88 4c 24 22 <80> 7b 54 00 0f 88 07 03 00 00 83 f8 06 0f 87 c0 12 00 00 ff 24
EIP: [<d0abde51>] ieee80211_input+0x107/0x1400 [wlan] SS:ESP 0068:c0315ec8
 <0>Kernel panic - not syncing: Fatal exception in interrupt

Change History

08/30/07 14:00:24 changed by mrenzmann

  • description changed.

10/26/07 10:35:54 changed by a2ee

Please notice that, according to the README file included in the distribution, adhoc operation is expected to still be flaky:

Known Problems --------------

[All these problems are to be fixed in future revisions.]

  1. Ad-hoc mode is broken; symptoms are intermittent operation.

Let's hope this ticket helps the developers fix it.

11/26/07 11:31:19 changed by anonymous

What means intermittent operation? I use ad-hoc mode and I have block of the communication. I unlock the system with ifconfig ath0 down/up. Is that intermittent operation?

12/04/07 04:09:24 changed by Roy_M

Just tested out this issue using the latest DFS branch. Unfortunately the issue is still present for me. If I was to hazard a guess I would say that the problem is still the BSSID partition problem. For example when a interface is first brought up it searches for other nodes with the same ESSID and adopts the MAC address of the first node it sees as the BSSID.

The reason I believe that this is the problem is because the following patch clears up my problem: www[dot]orbit-lab[dot]org/attachment/wiki/HowTo/bssidFix/patch-01-ibss-fix.diff

12/04/07 08:46:05 changed by benoit

2 questions:

  • Could you post a kernel panic along with the madwifi-dfs revision used?
  • Does it happens if you replace "wlanconfig destroy" by "modprobe -r ath_pci ; modprobe ath_pci"?

12/05/07 05:33:04 changed by Roy_M

Using madwifi-dfs-r2996-20071202 I am getting pretty much the same kernel panic as I did with stable and trunk (above). The main difference in the output of the kernel panic (with the DFS branch) seems to be in the last line:

EIP: [<d09d5302>] ath_beacon_alloc+0x22/0x207 [ath_pci] SS:ESP 0068:c0315ee4 <0>Kernel Panic - not syncing: Fatal exception in interupt

The patch that seems to fix this problem www[dot]orbit-lab[dot]org/attachment/wiki/HowTo/bssidFix/patch-01-ibss-fix.diff is only creating the cell or BSSID based on a hash of the ESSID. Subsequently, I assumed that this problem could be fixed (without the patch) with wireless tools. So I manually specified the same cell/BSSID on all nodes: "iwconfig ath0 ap [same-generic-mac]". Interestingly, even by specifying the cell with wireless tools the problem still remains.

Regarding your second question, without doing a "wlanconfig ath0 destroy" It seems impossible to put my nodes in adhoc mode.