Please note: This project is no longer active. The website is kept online for historic purposes only.
If you´re looking for a Linux driver for your Atheros WLAN device, you should continue here .

Ticket #1723 (new defect)

Opened 14 years ago

Last modified 14 years ago

Kernel crash on 0.9.3.3 when using station in bridge mode.

Reported by: sergio@ammirata.net Assigned to:
Priority: major Milestone:
Component: madwifi: driver Version: v0.9.3.3
Keywords: kernel crash Cc:
Patch is attached: 0 Pending:

Description

I am testing using two machines. They have identical software and hardware, kernel 2.6.16 and Atheros 5212.

One is configured as an AP and the other one as a STATION

They both have bridges defined and the wireless interfaces are inside the bridges. The AP only has one interface. The STATION has two interfaces: the wireless and a regular Ethernet. Here is the output of brctl show on both: 

AP:
/>brctl show
bridge name     bridge id               STP enabled     interfaces
br0             000a.0060b3071bb6       no              wlan0

STA:
/>brctl show
bridge name	bridge id		STP enabled	interfaces
br0		000a.0060b3071bb6	no		wlan0
							eth0

The wireless interfaces both have wds set to 1 or bridging would not work.

The problem is that the kernel crashes on both within a few hours. The Station usually crashes first.

One additional piece of information (I am also creating a new ticket for it) is that the bridge mac address always acquires the mac of the first interface you put in. Thus, packets initiated by either machine have the corresponding wireless mac address as the source address. This causes the driver to complaint on a scenario that is acceptable for every packet that goes out. This is the warning: wlan0: received packet with own address as source address:

Here is the driver initialization data and the kernel crash log:

Driver initialization data: 

ath_hal: module license 'Proprietary' taints kernel.
ath_hal: 0.9.18.0 (AR5210, AR5211, AR5212, RF5111, RF5112, RF2413, RF5413)
wlan: 0.8.4.2 (0.9.3.3)
ath_pci: 0.9.4.5 (0.9.3.3)
PCI: Found IRQ 11 for device 0000:00:14.0
PCI: Sharing IRQ 11 with 0000:00:10.2
PCI: Sharing IRQ 11 with 0000:00:10.3
ath_rate_sample: 1.2 (0.9.3.3)
wifi0: 11b rates: 1Mbps 2Mbps 5.5Mbps 11Mbps
wifi0: 11g rates: 1Mbps 2Mbps 5.5Mbps 11Mbps 6Mbps 9Mbps 12Mbps 18Mbps 24Mbps 36Mbps 48Mbps 54Mbps
wifi0: H/W encryption support: WEP AES AES_CCM TKIP
wifi0: mac 7.8 phy 4.5 radio 5.6
wifi0: Use hw queue 1 for WME_AC_BE traffic
wifi0: Use hw queue 0 for WME_AC_BK traffic
wifi0: Use hw queue 2 for WME_AC_VI traffic
wifi0: Use hw queue 3 for WME_AC_VO traffic
wifi0: Use hw queue 8 for CAB traffic
wifi0: Use hw queue 9 for beacons
wifi0: Atheros 5212: mem=0xe8000000, irq=11
wlan: mac acl policy registered

Kernel Oops: 

Unable to handle kernel NULL pointer dereference at virtual address 00000000
 printing eip:
c013b5f1
*pde = 00000000
Oops: 0000 [#1]
PREEMPT 
Modules linked in: hwmon_vid wlan_acl wlan_scan_sta ath_rate_sample ath_pci wlan ath_hal firmware_class loop aes_i586
CPU:    0
EIP:    0060:[<c013b5f1>]    Tainted: P      VLI
EFLAGS: 00010082   (2.6.16 #49) 
EIP is at kfree+0x23/0x44
eax: c1bf21e0   ebx: 00000046   ecx: cc999000   edx: 00000000
esi: 1f90ffff   edi: 00000006   ebp: cc8c2260   esp: c0415edc
ds: 007b   es: 007b   ss: 0068
Process swapper (pid: 0, threadinfo=c0414000 task=c03b0a00)
Stack: <0>00000046 cc999000 cf21d260 d034ceb2 1f90ffff 00000046 c0414000 cc999000 
       d03c6dc9 cc999000 cc999000 cc999000 cc8c2be8 cf21d260 d034cf62 cc999000 
       cc8c2260 d03c6e09 cc999000 cc8c2260 cc999000 00000000 cc999000 d034dc63 
Call Trace:
 [<d034ceb2>] node_cleanup+0xb5/0x156 [wlan]
 [<d03c6dc9>] ath_node_cleanup+0x250/0x26b [ath_pci]
 [<d034cf62>] node_free+0xf/0x52 [wlan]
 [<d03c6e09>] ath_node_free+0x25/0x33 [ath_pci]
 [<d034dc63>] _ieee80211_free_node+0xaf/0xb5 [wlan]
 [<d034dc95>] ieee80211_free_node+0x2c/0x62 [wlan]
 [<d03c7997>] ath_rx_tasklet+0x347/0x4a5 [ath_pci]
 [<c0113753>] tasklet_action+0x34/0x53
 [<c0113530>] __do_softirq+0x34/0x7d
 [<c011359b>] do_softirq+0x22/0x26
 [<c0113635>] irq_exit+0x29/0x34
 [<c0103d7f>] do_IRQ+0x1e/0x24
 [<c010281a>] common_interrupt+0x1a/0x20
 [<c0100ac7>] default_idle+0x2b/0x53
 [<c0100b46>] cpu_idle+0x43/0x5e
 [<c041660c>] start_kernel+0x180/0x182
Code: 89 03 56 9d 5b 5e 5f c3 57 56 53 8b 74 24 10 85 f6 74 35 9c 5f fa 8d 86 00 00 00 40 c1 e8 0c c1 e0 05 03 05 50 a7 44 c0 8b 50 18 <8b> 1a 8b 03 3b 43 04 72 0b 53 52 e8 27 fe ff ff 58 8b 03 5a 89 
 <0>Kernel panic - not syncing: Fatal exception in interrupt

Change History

01/09/08 22:27:09 changed by sergio@ammirata.net

Updated both boxes to latest trunk (r3122) and I still get a kernel crash. Here is the log: 

Virtual device wlan0 asks to queue packet!
Virtual device wlan0 asks to queue packet!
Virtual device wlan0 asks to queue packet!
Virtual device wlan0 asks to queue packet!
Unable to handle kernel NULL pointer dereference at virtual address 00000158
 printing eip:
c02a3855
*pde = 00000000
Oops: 0000 [#1]
PREEMPT 
Modules linked in: hwmon_vid wlan_acl wlan_scan_sta ath_rate_sample ath_pci wlan ath_hal firmware_class loop aes_i586
CPU:    0
EIP:    0060:[<c02a3855>]    Tainted: P      VLI
EFLAGS: 00010046   (2.6.16 #49) 
EIP is at netif_rx+0x4e/0x11a
eax: 00000000   ebx: cc7e5520   ecx: 0000003f   edx: 00000008
esi: 00000202   edi: 00000046   ebp: cec66a60   esp: cc04dc30
ds: 007b   es: 007b   ss: 0068
Process superping (pid: 2639, threadinfo=cc04c000 task=cca89070)
Stack: <0>cc7e5520 0000000e 00000040 c022ab3b cc7e5520 cc7e5520 cec66800 0000003c 
       0000000f cec66a60 00000001 d02f2000 d02f2000 c022a5b1 cec66800 00000001 
       00000014 cf110960 00000000 00000000 0000000b c0126b4f 0000000b cec66800 
Call Trace:
 [<c022ab3b>] rhine_rx+0x271/0x390
 [<c022a5b1>] rhine_interrupt+0x81/0x1aa
 [<c0126b4f>] handle_IRQ_event+0x20/0x4c
 [<c0126bf3>] __do_IRQ+0x78/0xd1
 [<c0103d7a>] do_IRQ+0x19/0x24
 [<c010281a>] common_interrupt+0x1a/0x20
 [<c029007b>] md_seq_show+0x2f2/0x38a
 [<c029ed26>] skb_drop_fraglist+0x22/0x3e
 [<c029edd7>] skb_release_data+0x77/0x8c
 [<c029edf7>] kfree_skbmem+0xb/0x6d
 [<c02d7ea8>] raw_recvmsg+0x15b/0x170
 [<c029e340>] sock_common_recvmsg+0x36/0x4b
 [<c029b36d>] sock_recvmsg+0xdd/0xf9
 [<c032ec5d>] preempt_schedule+0x3e/0x54
 [<c01fab20>] n_tty_receive_buf+0x854/0x88b
 [<c011f1ee>] autoremove_wake_function+0x0/0x3a
 [<c01d9f61>] copy_from_user+0x34/0x57
 [<c02a0b49>] verify_iovec+0x49/0x7f
 [<c029c8aa>] sys_recvmsg+0x122/0x1bf
 [<c010bea9>] try_to_wake_up+0x80/0x8a
 [<c032eb70>] schedule+0x370/0x41f
 [<c01132ba>] current_fs_time+0x3c/0x53
 [<c01fb493>] write_chan+0x0/0x1c6
 [<c01d9f61>] copy_from_user+0x34/0x57
 [<c029cabb>] sys_socketcall+0x174/0x180
 [<c01025a9>] syscall_call+0x7/0xb
Code: 00 00 00 c7 43 10 00 00 00 00 9c 5e fa a1 ac 16 46 c0 ff 05 04 19 46 c0 3b 05 64 4e 3d c0 0f 87 a3 00 00 00 85 c0 74 2e 8b 43 14 <ff> 80 58 01 00 00 a1 a8 16 46 c0 ff 05 ac 16 46 c0 89 43 04 c7 
 <0>Kernel panic - not syncing: Fatal exception in interrupt

01/10/08 04:33:52 changed by mentor

The crash in trunk is unrelated. Try with r3075 reverted.

01/10/08 04:34:05 changed by mentor

  • priority changed from critical to major.

02/07/08 05:20:42 changed by mtaylor

Should be fixed in trunk. Please confirm.