Please note: This project is no longer active. The website is kept online for historic purposes only.
If you´re looking for a Linux driver for your Atheros WLAN device, you should continue here .

Ticket #1757 (new defect)

Opened 14 years ago

Last modified 14 years ago

madwifi-dfs, doth_radar , iptraf, kernel oops

Reported by: strasak@bubakov.net Assigned to:
Priority: major Milestone:
Component: madwifi: 802.11 stack Version: trunk
Keywords: doth_radar , oops, iptraf Cc:
Patch is attached: 0 Pending:

Description

On revision r3267 - and on all older revisions i quickly tested - i noticed following problem. I use i386 platform, kernel 2.6.22.16, madwifi-dfs, slub allocator. I have script, which destroy all atheros VAPs, then recreate them, one on each physical radio - on wifi0 ap, wifi1 sta etc. etc. . Then, it will set each pair to associate - in 802.11a channel range and put load on all links. To force traffic to go throught air and not loopback, i use send2self kernel patch - it never caused any problems, i use it for years, so it should not be part of problem.

IF i issue iwpriv athX doth_radar on any AP interface, this happens ->

   [  990.518712] wifi4: Radar found on channel 128 (5640 MHz) -- Time: 1201340652.219018
   [  990.518718] wifi4: Marking channel 128 (5640 MHz) in ic_chan list -- Time: 1201340652.219018
   [  990.518722] wifi4: Channel 128 (5640 MHz) will become usable in 1800 seconds.  Suspending use of the channel until: 1201342452.219018
   [  990.518726] ieee80211_update_dfs_channel_non_occupancy_timer: mod_timer ic_dfs_non_occupancy_timer 1801s
   [  990.518730] wifi4: ieee80211_mark_dfs: Couldn't find matching channel for dfs chanchange (5640, 0x340)

It is probably not related, but the last line seems to me to be a bit suspicious - why there should be no available channels for switch ? Only 3 dfs ones are used at time of test , and all other are clean - i use it pretty good conditions in indoor "lab" . Anyway, more important is is what happens next. If i run iptraf or tcpdump on STA side of link, where i issued doth_radar on AP side, it will crash with following oops - running it on AP side interface is ok.

Here is the crash :

[74664.313484] BUG: unable to handle kernel NULL pointer dereference at virtual address 00000042
[74664.339365]  printing eip:
[74664.347616] *pde = 00000000
[74664.356103] Oops: 0000 [#1]
[74664.364554] Modules linked in: wlan_scan_sta wlan_scan_ap ath_rate_sample ath_pci ath_hal(P) wlan_acl wlan scx200 nf_conntrack_ipv4 nf_conntrack nfnetlink xt_tcpudp iptable_filter ip_tables x_tables ipv6 uhci_hcd rtc_cmos rtc_core rtc_lib e1000 k8temp shpchp pci_hotplug sata_nv libata forcedeth ub usb_storage ehci_hcd ohci_hcd usbcore i2c_nforce2 i2c_core pcmcia pcmcia_core firmware_class capability commoncap agpgart lp parport_pc parport
[74664.483450] CPU:    0
[74664.483451] EIP:    0060:[<f8b4edae>]    Tainted: P       VLI
[74664.483452] EFLAGS: 00010202   (2.6.22.16-ng-ring3-s2s-sqsh-l7-swan-imq-esfq-dnd-slub #18)
[74664.532589] EIP is at ieee80211_ref_node_debug+0xe/0xd0 [wlan]
[74664.550132] eax: 00000026   ebx: 00000026   ecx: 00000cb8   edx: f8c1d1f7
[74664.570545] esi: ec72c840   edi: 00000026   ebp: edb183a0   esp: e2ebfa94
[74664.590952] ds: 007b   es: 007b   fs: 0000  gs: 0033  ss: 0068
[74664.608504] Process ping (pid: 15292, ti=e2ebe000 task=ed395900 task.ti=e2ebe000)
[74664.630470] Stack: c02f2b4b 00000000 f8c1d1f7 ec72c840 00000026 edb183a0 f8b40d52 00000cb2 
[74664.656067]        f8b64b6b 000002a1 db79ec24 f8c0e669 00000cb2 edb18000 e5b98000 00000001 
[74664.681669]        edb1a318 00000292 00000000 00000000 00000000 00000000 00000000 00000000 
[74664.709713] Call Trace:
[74664.717786]  [<c02f2b4b>] skb_copy+0xab/0xd0
[74664.730717]  [<f8b40d52>] skb_copy_debug+0x32/0x40 [wlan]
[74664.747024]  [<f8c0e669>] ath_hardstart+0x119/0x1540 [ath_pci]
[74664.764635]  [<c035f633>] packet_rcv+0x253/0x380
[74664.778596]  [<c015a19a>] __slab_alloc+0xba/0x3e0
[74664.792828]  [<c02f7aed>] dev_hard_start_xmit+0x1cd/0x230
[74664.809135]  [<c035f633>] packet_rcv+0x253/0x380
[74664.823105]  [<c02f1c1f>] skb_clone+0x2f/0x240
[74664.836553]  [<c035f3e0>] packet_rcv+0x0/0x380
[74664.850003]  [<c02f7aed>] dev_hard_start_xmit+0x1cd/0x230
[74664.866311]  [<c0305419>] __qdisc_run+0x49/0x150
[74664.880276]  [<f8c171af>] ath_tx_tasklet+0xaf/0xc0 [ath_pci]
[74664.897365]  [<c02f8987>] net_tx_action+0x87/0xd0
[74664.911595]  [<c011fa12>] __do_softirq+0x42/0x90
[74664.925562]  [<c011fa86>] do_softirq+0x26/0x30
[74664.939011]  [<c011fc5d>] local_bh_enable+0x3d/0x90
[74664.953760]  [<c02f95a6>] dev_queue_xmit+0xb6/0x280
[74664.968508]  [<c0319cf0>] ip_finish_output+0x0/0x2a0
[74664.983517]  [<c031b6bb>] ip_output+0x17b/0x300
[74664.997226]  [<c0319cf0>] ip_finish_output+0x0/0x2a0
[74665.012236]  [<c031883d>] ip_push_pending_frames+0x27d/0x460
[74665.029320]  [<c03184f0>] dst_output+0x0/0x10
[74665.042511]  [<c033522a>] raw_sendmsg+0x6fa/0x7e0
[74665.056741]  [<c0376d41>] schedule_timeout+0x51/0xc0
[74665.071753]  [<c033ede7>] inet_sendmsg+0x37/0x70
[74665.085718]  [<c02ec846>] sock_sendmsg+0x106/0x120
[74665.100207]  [<c012c090>] autoremove_wake_function+0x0/0x50
[74665.117032]  [<c012c090>] autoremove_wake_function+0x0/0x50
[74665.133858]  [<c0117b71>] __activate_task+0x21/0x40
[74665.148605]  [<c015a19a>] __slab_alloc+0xba/0x3e0
[74665.162833]  [<c015a19a>] __slab_alloc+0xba/0x3e0
[74665.177064]  [<c02ec9c4>] sys_sendmsg+0x164/0x280
[74665.191297]  [<f8bc25bc>] e1000_unmap_and_free_tx_resource+0x1c/0x30 [e1000]
[74665.212533]  [<f8bc25bc>] e1000_unmap_and_free_tx_resource+0x1c/0x30 [e1000]
[74665.233775]  [<f8bc43e9>] e1000_clean_tx_irq+0x99/0x330 [e1000]
[74665.251639]  [<f8bc6fe2>] e1000_clean_rx_irq+0x292/0x4b0 [e1000]
[74665.269765]  [<f8bc5fe0>] e1000_clean+0x1d0/0x280 [e1000]
[74665.286067]  [<f8bc6d50>] e1000_clean_rx_irq+0x0/0x4b0 [e1000]
[74665.303672]  [<c02ede0f>] sys_socketcall+0x24f/0x280
[74665.318681]  [<c0103ee2>] syscall_call+0x7/0xb
[74665.332132]  =======================
[74665.342929] Code: 5c c7 eb d1 b8 00 57 b6 f8 89 44 24 04 c7 04 24 6c 95 b6 f8 eb e7 8d b4 26 00 00 00 00 53 89 c3 83 ec 28 85 c0 0f 84 a1 00 00 00 <8b> 40 1c 85 c0 7e 4b ff 43 1c b8 29 bb b6 f8 89 44 24 20 b8 74 
[74665.402959] EIP: [<f8b4edae>] ieee80211_ref_node_debug+0xe/0xd0 [wlan] SS:ESP 0068:e2ebfa94
[74665.428498] Kernel panic - not syncing: Fatal exception in interrupt
[74665.447681] Rebooting in 5 seconds..WARNING: at drivers/pci/search.c:269 pci_get_subsys()
[74670.439524]  [<c0243ebb>] pci_get_subsys+0xfb/0x100
[74670.454389]  [<c0243ed8>] pci_get_device+0x18/0x20
[74670.468978]  [<c0113722>] mach_reboot_fixups+0x22/0x40
[74670.484596]  [<c0111561>] native_machine_emergency_restart+0x21/0xf0
[74670.503814]  [<c0111446>] machine_emergency_restart+0x6/0x10
[74670.520966]  [<c011b4a7>] panic+0xc7/0x100
[74670.533431]  [<c0105958>] die+0x1d8/0x1f0
[74670.545643]  [<c0116c85>] do_page_fault+0x305/0x640
[74670.560459]  [<c015a19a>] __slab_alloc+0xba/0x3e0
[74670.574787]  [<c0116980>] do_page_fault+0x0/0x640
[74670.589079]  [<c0377c1a>] error_code+0x6a/0x70
[74670.602586]  [<f8b4edae>] ieee80211_ref_node_debug+0xe/0xd0 [wlan]
[74670.621298]  [<c02f2b4b>] skb_copy+0xab/0xd0
[74670.634251]  [<f8b40d52>] skb_copy_debug+0x32/0x40 [wlan]
[74670.650633]  [<f8c0e669>] ath_hardstart+0x119/0x1540 [ath_pci]
[74670.668337]  [<c035f633>] packet_rcv+0x253/0x380
[74670.682387]  [<c015a19a>] __slab_alloc+0xba/0x3e0
[74670.696687]  [<c02f7aed>] dev_hard_start_xmit+0x1cd/0x230
[74670.713060]  [<c035f633>] packet_rcv+0x253/0x380
[74670.727060]  [<c02f1c1f>] skb_clone+0x2f/0x240
[74670.740557]  [<c035f3e0>] packet_rcv+0x0/0x380
[74670.754078]  [<c02f7aed>] dev_hard_start_xmit+0x1cd/0x230
[74670.770487]  [<c0305419>] __qdisc_run+0x49/0x150
[74670.784534]  [<f8c171af>] ath_tx_tasklet+0xaf/0xc0 [ath_pci]
[74670.801717]  [<c02f8987>] net_tx_action+0x87/0xd0
[74670.815984]  [<c011fa12>] __do_softirq+0x42/0x90
[74670.829989]  [<c011fa86>] do_softirq+0x26/0x30
[74670.843481]  [<c011fc5d>] local_bh_enable+0x3d/0x90
[74670.858312]  [<c02f95a6>] dev_queue_xmit+0xb6/0x280
[74670.873125]  [<c0319cf0>] ip_finish_output+0x0/0x2a0
[74670.888215]  [<c031b6bb>] ip_output+0x17b/0x300
[74670.901993]  [<c0319cf0>] ip_finish_output+0x0/0x2a0
[74670.917068]  [<c031883d>] ip_push_pending_frames+0x27d/0x460
[74670.934187]  [<c03184f0>] dst_output+0x0/0x10
[74670.947422]  [<c033522a>] raw_sendmsg+0x6fa/0x7e0
[74670.961708]  [<c0376d41>] schedule_timeout+0x51/0xc0
[74670.976783]  [<c033ede7>] inet_sendmsg+0x37/0x70
[74670.990829]  [<c02ec846>] sock_sendmsg+0x106/0x120
[74671.005389]  [<c012c090>] autoremove_wake_function+0x0/0x50
[74671.022299]  [<c012c090>] autoremove_wake_function+0x0/0x50
[74671.039179]  [<c0117b71>] __activate_task+0x21/0x40
[74671.054014]  [<c015a19a>] __slab_alloc+0xba/0x3e0
[74671.068277]  [<c015a19a>] __slab_alloc+0xba/0x3e0
[74671.082626]  [<c02ec9c4>] sys_sendmsg+0x164/0x280
[74671.096921]  [<f8bc25bc>] e1000_unmap_and_free_tx_resource+0x1c/0x30 [e1000]
[74671.118240]  [<f8bc25bc>] e1000_unmap_and_free_tx_resource+0x1c/0x30 [e1000]
[74671.139553]  [<f8bc43e9>] e1000_clean_tx_irq+0x99/0x330 [e1000]
[74671.157504]  [<f8bc6fe2>] e1000_clean_rx_irq+0x292/0x4b0 [e1000]
[74671.175694]  [<f8bc5fe0>] e1000_clean+0x1d0/0x280 [e1000]
[74671.192132]  [<f8bc6d50>] e1000_clean_rx_irq+0x0/0x4b0 [e1000]
[74671.209848]  [<c02ede0f>] sys_socketcall+0x24f/0x280
[74671.224894]  [<c0103ee2>] syscall_call+0x7/0xb
[74671.238379]  =======================
[74671.249219] WARNING: at drivers/pci/search.c:269 pci_get_subsys()
[74671.267596]  [<c0243ebb>] pci_get_subsys+0xfb/0x100
[74671.282418]  [<c0243ed8>] pci_get_device+0x18/0x20
[74671.296987]  [<c0113722>] mach_reboot_fixups+0x22/0x40
[74671.312583]  [<c0111561>] native_machine_emergency_restart+0x21/0xf0
[74671.331786]  [<c0111446>] machine_emergency_restart+0x6/0x10
[74671.348906]  [<c011b4a7>] panic+0xc7/0x100
[74671.361392]  [<c0105958>] die+0x1d8/0x1f0
[74671.373573]  [<c0116c85>] do_page_fault+0x305/0x640
[74671.388411]  [<c015a19a>] __slab_alloc+0xba/0x3e0
[74671.402716]  [<c0116980>] do_page_fault+0x0/0x640
[74671.416998]  [<c0377c1a>] error_code+0x6a/0x70
[74671.430481]  [<f8b4edae>] ieee80211_ref_node_debug+0xe/0xd0 [wlan]
[74671.449160]  [<c02f2b4b>] skb_copy+0xab/0xd0
[74671.462157]  [<f8b40d52>] skb_copy_debug+0x32/0x40 [wlan]
[74671.478527]  [<f8c0e669>] ath_hardstart+0x119/0x1540 [ath_pci]
[74671.496220]  [<c035f633>] packet_rcv+0x253/0x380
[74671.510254]  [<c015a19a>] __slab_alloc+0xba/0x3e0
[74671.524538]  [<c02f7aed>] dev_hard_start_xmit+0x1cd/0x230
[74671.540885]  [<c035f633>] packet_rcv+0x253/0x380
[74671.554905]  [<c02f1c1f>] skb_clone+0x2f/0x240
[74671.568418]  [<c035f3e0>] packet_rcv+0x0/0x380
[74671.581911]  [<c02f7aed>] dev_hard_start_xmit+0x1cd/0x230
[74671.598311]  [<c0305419>] __qdisc_run+0x49/0x150
[74671.612348]  [<f8c171af>] ath_tx_tasklet+0xaf/0xc0 [ath_pci]
[74671.629491]  [<c02f8987>] net_tx_action+0x87/0xd0
[74671.643787]  [<c011fa12>] __do_softirq+0x42/0x90
[74671.657810]  [<c011fa86>] do_softirq+0x26/0x30
[74671.671316]  [<c011fc5d>] local_bh_enable+0x3d/0x90
[74671.686110]  [<c02f95a6>] dev_queue_xmit+0xb6/0x280
[74671.700955]  [<c0319cf0>] ip_finish_output+0x0/0x2a0
[74671.716048]  [<c031b6bb>] ip_output+0x17b/0x300
[74671.729791]  [<c0319cf0>] ip_finish_output+0x0/0x2a0
[74671.744846]  [<c031883d>] ip_push_pending_frames+0x27d/0x460
[74671.761980]  [<c03184f0>] dst_output+0x0/0x10
[74671.775244]  [<c033522a>] raw_sendmsg+0x6fa/0x7e0
[74671.789532]  [<c0376d41>] schedule_timeout+0x51/0xc0
[74671.804640]  [<c033ede7>] inet_sendmsg+0x37/0x70
[74671.818690]  [<c02ec846>] sock_sendmsg+0x106/0x120
[74671.833217]  [<c012c090>] autoremove_wake_function+0x0/0x50
[74671.850109]  [<c012c090>] autoremove_wake_function+0x0/0x50
[74671.867003]  [<c0117b71>] __activate_task+0x21/0x40
[74671.881819]  [<c015a19a>] __slab_alloc+0xba/0x3e0
[74671.896108]  [<c015a19a>] __slab_alloc+0xba/0x3e0
[74671.910420]  [<c02ec9c4>] sys_sendmsg+0x164/0x280
[74671.924722]  [<f8bc25bc>] e1000_unmap_and_free_tx_resource+0x1c/0x30 [e1000]
[74671.946043]  [<f8bc25bc>] e1000_unmap_and_free_tx_resource+0x1c/0x30 [e1000]
[74671.967345]  [<f8bc43e9>] e1000_clean_tx_irq+0x99/0x330 [e1000]
[74671.985291]  [<f8bc6fe2>] e1000_clean_rx_irq+0x292/0x4b0 [e1000]
[74672.003503]  [<f8bc5fe0>] e1000_clean+0x1d0/0x280 [e1000]
[74672.019876]  [<f8bc6d50>] e1000_clean_rx_irq+0x0/0x4b0 [e1000]
[74672.037540]  [<c02ede0f>] sys_socketcall+0x24f/0x280
[74672.052615]  [<c0103ee2>] syscall_call+0x7/0xb
[74672.066091]  =======================

Change History

01/27/08 11:39:42 changed by strasak@bubakov.net

Here is another crash, conditions are almost the same, only that in first case i ran iptraf - general interface statistics , in second case tcpdump just on STA mode interface.

[  325.123680] BUG: unable to handle kernel paging request at virtual address 15000000
[  325.146878]  printing eip:
[  325.155086] *pde = 00000000
[  325.163550] Oops: 0000 [#1]
[  325.172016] Modules linked in: wlan_scan_ap scx200 nf_conntrack_ipv4 nf_conntrack nfnetlink xt_tcpudp iptable_filter ip_tables x_tables wlan_scan_sta ipv6 uhci_hcd rtc_cmos rtc_core rtc_lib e1000 ath_rate_sample ath_pci ath_hal(P) wlan_acl wlan k8temp shpchp pci_hotplug sata_nv libata forcedeth ub usb_storage ehci_hcd ohci_hcd usbcore i2c_nforce2 i2c_core pcmcia pcmcia_core firmware_class capability commoncap agpgart lp parport_pc parport
[  325.291036] CPU:    0
[  325.291037] EIP:    0060:[<c015bd7c>]    Tainted: P       VLI
[  325.291038] EFLAGS: 00010006   (2.6.22.16-ng-ring3-s2s-sqsh-l7-swan-imq-esfq-dnd-slub #18)
[  325.340174] EIP is at __kmalloc_track_caller+0x3c/0x70
[  325.355672] eax: 00000000   ebx: 00000286   ecx: 15000000   edx: c1509300
[  325.376106] esi: 000000d0   edi: c02f03d1   ebp: 000000d0   esp: e86d7c10
[  325.396543] ds: 007b   es: 007b   fs: 0000  gs: 0033  ss: 0068
[  325.414120] Process ping (pid: 5104, ti=e86d6000 task=e8460500 task.ti=e86d6000)
[  325.435853] Stack: 00000286 00000000 e896c600 00000600 c0447b98 c02f2747 00000000 f2e46e00 
[  325.461528]        000005b3 00000000 00000594 c02f03d1 ffffffff 00000010 00000000 c03191f4 
[  325.487183]        000000d0 00000000 e903b000 c0319cf0 e86d7ee8 c031a210 f2e46e00 000005c8 
[  325.515250] Call Trace:
[  325.523352]  [<c02f2747>] __alloc_skb+0x57/0x120
[  325.537319]  [<c02f03d1>] sock_wmalloc+0x31/0x60
[  325.551290]  [<c03191f4>] ip_append_data+0x7d4/0xa60
[  325.566298]  [<c0319cf0>] ip_finish_output+0x0/0x2a0
[  325.581305]  [<c031a210>] ip_generic_getfrag+0x0/0xb0
[  325.596576]  [<c02ee9c9>] lock_sock_nested+0x99/0xa0
[  325.611607]  [<c03351cd>] raw_sendmsg+0x69d/0x7e0
[  325.625838]  [<c0376d41>] schedule_timeout+0x51/0xc0
[  325.640849]  [<c03349c9>] raw_recvmsg+0x139/0x170
[  325.655074]  [<c033ede7>] inet_sendmsg+0x37/0x70
[  325.669069]  [<c02ec846>] sock_sendmsg+0x106/0x120
[  325.683558]  [<c012c090>] autoremove_wake_function+0x0/0x50
[  325.700384]  [<c012c090>] autoremove_wake_function+0x0/0x50
[  325.717209]  [<c02f7aed>] dev_hard_start_xmit+0x1cd/0x230
[  325.733518]  [<f8b27540>] ieee80211_dev_kfree_skb_debug+0x60/0xa0 [wlan]
[  325.753745]  [<f8b275ad>] ieee80211_dev_kfree_skb_list_debug+0x2d/0x50 [wlan]
[  325.775272]  [<c02ec9c4>] sys_sendmsg+0x164/0x280
[  325.789499]  [<f8d1aa7b>] e1000_alloc_rx_buffers+0x9b/0x370 [e1000]
[  325.808427]  [<c012ff70>] update_wall_time+0x220/0x730
[  325.823979]  [<f8aa0e58>] nv_tx_done_optimized+0x68/0x110 [forcedeth]
[  325.843427]  [<c02f1f02>] __kfree_skb+0x52/0x130
[  325.857395]  [<c02f1e38>] kfree_skbmem+0x8/0x80
[  325.871104]  [<c02f893a>] net_tx_action+0x3a/0xd0
[  325.885335]  [<c011fa12>] __do_softirq+0x42/0x90
[  325.899303]  [<c011fd2c>] irq_exit+0x3c/0x60
[  325.912233]  [<c0106b14>] do_IRQ+0x44/0x80
[  325.924644]  [<f8aa0e58>] nv_tx_done_optimized+0x68/0x110 [forcedeth]
[  325.944099]  [<c02ede0f>] sys_socketcall+0x24f/0x280
[  325.959103]  [<c0103ee2>] syscall_call+0x7/0xb
[  325.972553]  =======================
[  325.983354] Code: 24 08 e8 68 eb ff ff ba 10 00 00 00 85 c0 74 25 9c 5b fa 8b 90 88 00 00 00 85 d2 74 2a 8b 4a 0c 85 c9 74 23 8b 4a 0c 0f b7 42 0a <8b> 04 81 89 42 0c 53 9d 89 ca 8b 5c 24 08 89 d0 8b 74 24 0c 8b 
[  326.043433] EIP: [<c015bd7c>] __kmalloc_track_caller+0x3c/0x70 SS:ESP 0068:e86d7c10
[  326.066673] Kernel panic - not syncing: Fatal exception
[  326.082413] Rebooting in 5 seconds.

01/29/08 12:27:36 changed by mentor

  • version changed from madwifi-dfs branch to trunk.

-dfs has been merged to trunk

02/07/08 04:55:42 changed by mtaylor

Panics were probably unrelated to channel issue. Can you confirm that panics are gone on trunk? There were some memory issues for a few revisions when this ticket was posted. Some double-free calls I believe.

02/09/08 13:30:30 changed by DARKMAN

I don't get panic but I get that annoying error

[ 1630.014496] wifi0: Radar found on channel 112 (5560 MHz) -- Time: 1202559775.358538 [ 1630.014514] wifi0: Marking channel 112 (5560 MHz) in ic_chan list -- Time: 1202559775.358538 [ 1630.014522] wifi0: Channel 112 (5560 MHz) will become usable in 1800 seconds. Suspending use of the channel until: 1202561575.358538 [ 1630.014532] wifi0: ieee80211_mark_dfs: Couldn't find matching channel for dfs chanchange (5560, 0x340)

02/09/08 15:51:42 changed by strasak@bubakov.net

Do you watch STA mode interface by iptraf/tcpdump in time of channel change/radar detection ? Without, panic doesn't appear. Trying here now with latest trunk, will report more soon.