Please note: This project is no longer active. The website is kept online for historic purposes only.
If you´re looking for a Linux driver for your Atheros WLAN device, you should continue here .

Ticket #2337 (new defect)

Opened 12 years ago

Last modified 12 years ago

Kernel panic when bringing up a node in adhoc mode

Reported by: mpandia@ncsu.edu Assigned to:
Priority: major Milestone:
Component: madwifi: 802.11 stack Version: v0.9.4
Keywords: kernel panic adhoc mode Cc:
Patch is attached: 1 Pending: 0

Description

Kernel panic when bringing up a node in adhoc mode

There is kernel panic at madwifi-0.9.4/net80211/ieee80211_node.c:234 when I do

Unload driver

  • rmmod ath_pci
  • rmmod wlan_scan_sta
  • rmmod ath_rate_sample
  • rmmod ath_hal
  • rmmod wlan

Load driver

  • modprobe ath_pci

Set mode

  • iwpriv ath0 mode 3

Set channel, rate and essid

  • iwconfig ath0 channel 1 essid wlan0 rate auto

Set IP

  • ifconfig ath0 10.0.1.1 netmask 255.255.255.0

Set power

  • iwconfig ath0 txpower 17

Also, ath_pci is set to adhoc mode at the boot time.

The following tickets have also mentioned similar bug: Ticket #884 (assigned defect) Ticket #1512: laptop-boot-msg.log

The trace dump is

Madwifi Bug : kernel BUG at /root/Desktop/madwifi/madwifi-0.9.4/net80211/ieee80211_node.c:234!

bss channel not setup<0>------------[ cut here ]------------
kernel BUG at /root/Desktop/madwifi/madwifi-0.9.4/net80211/ieee80211_node.c:234!
invalid opcode: 0000 [#1]
Modules linked in: wlan_scan_sta ath_rate_sample ath_pci wlan ath_hal(P) bridge bnep rfcomm l2cap bluetooth fuse sunrpc ipt_REJECT nf_conntrack_ipv4 iptable_filter ip_tables ip6t_REJECT xt_tcpudp nf_conntrack_ipv6 xt_state nf_conntrack ip6table_filter ip6_tables x_tables loop dm_multipath radeon drm ipv6 snd_intel8x0 snd_ac97_codec ac97_bus snd_seq_dummy snd_seq_oss snd_seq_midi_event snd_seq snd_seq_device ppdev snd_pcm_oss snd_mixer_oss snd_pcm parport_pc sg serio_raw iTCO_wdt snd_timer dcdbas parport snd soundcore snd_page_alloc pcspkr iTCO_vendor_support i2c_i801 i2c_core button tg3 sr_mod cdrom dm_snapshot dm_zero dm_mirror dm_mod pata_acpi ata_piix ata_generic libata sd_mod scsi_mod ext3 jbd mbcache uhci_hcd ohci_hcd ehci_hcd [last unloaded: wlan]

Pid: 2485, comm: nautilus Tainted: P         (2.6.25.14-main #2)
EIP: 0060:[<f8b6deb7>] EFLAGS: 00010246 CPU: 0
EIP is at ieee80211_dup_bss+0x91/0xfa [wlan]
EAX: 00000018 EBX: f5195000 ECX: 00000000 EDX: c06f3138
ESI: f5172380 EDI: f5105091 EBP: c0761d68 ESP: c0761d4c
 DS: 007b ES: 007b FS: 0000 GS: 0033 SS: 0068
Process nautilus (pid: 2485, ti=c0761000 task=f6bbee70 task.ti=f6b72000)
Stack: f8b81a31 00000000 00000000 f51d6380 c0761e6c f51d6380 f5105091 c0761d8c
       f8b6df45 f501c100 f5105040 f51d6380 f5172380 00000000 f51d6380 f5105091
       c0761eb4 f8b68e7a f51d4380 f6813052 00000000 f51d4000 00000080 f501c000
Call Trace:
 [<f8b6df45>] ? ieee80211_add_neighbor+0x25/0x1e3 [wlan]
 [<f8b68e7a>] ? ieee80211_recv_mgmt+0x111f/0x3e19 [wlan]
 [<c05a288c>] ? dev_queue_xmit+0x224/0x246
 [<c05a737a>] ? neigh_resolve_output+0x1af/0x1f9
 [<f8a92474>] ? ip6_output_finish+0x9c/0xcd [ipv6]
 [<f8a940a1>] ? ip6_output2+0x190/0x198 [ipv6]
 [<f8a94a28>] ? ip6_output+0x97f/0x98b [ipv6]
 [<c04343ce>] ? getnstimeofday+0x2f/0xbd
 [<f8a413da>] ? ath_recv_mgmt+0x37/0x168 [ath_pci]
 [<f8b6d1e0>] ? ieee80211_input+0x1452/0x1665 [wlan]
 [<c041ae9d>] ? default_wake_function+0xb/0xd
 [<c0419eeb>] ? __wake_up+0x29/0x3e
 [<c05b649f>] ? netlink_broadcast+0x2b6/0x2f3
 [<f8b6d444>] ? ieee80211_input_all+0x51/0x7d [wlan]
 [<f8a44b89>] ? ath_rx_tasklet+0x56e/0x6c1 [ath_pci]
 [<c0424c70>] ? tasklet_action+0x49/0x7c
 [<c0425181>] ? __do_softirq+0x44/0x8f
 [<c0407481>] ? do_softirq+0x62/0xa3
 [<c044f5b3>] ? handle_fasteoi_irq+0x0/0x7b
 [<c0424fdb>] ? irq_exit+0x28/0x57
 [<c0407611>] ? do_IRQ+0xa1/0xb8
 [<c0406333>] ? common_interrupt+0x23/0x28
 =======================
Code: 83 6f 01 00 00 66 8b 82 73 01 00 00 66 89 83 73 01 00 00 8b 96 74 09 00 00 81 fa ff ff 00 00 75 0f 68 31 1a b8 f8 e8 fc a1 a9 c7 <0f> 0b 58 eb fe 8b 03 8d bb af 01 00 00 89 93 c0 01 00 00 f6 80
EIP: [<f8b6deb7>] ieee80211_dup_bss+0x91/0xfa [wlan] SS:ESP 0068:c0761d4c

The back tarce ( using crash utility )

PID: 2485   TASK: f6bbee70  CPU: 0   COMMAND: "nautilus"
 #0 [c0761bf0] crash_kexec at c044324f
 #1 [c0761c3c] die at c0406bb7
 #2 [c0761c54] do_trap at c060a0ee
 #3 [c0761c70] do_invalid_op at c040700f
 #4 [c0761d10] error_code (via invalid_op) at c0609ab8
    EAX: 00000018  EBX: f5195000  ECX: 00000000  EDX: c06f3138  EBP: c0761d68
    DS:  007b      ESI: f5172380  ES:  007b      EDI: f5105091
    CS:  0060      EIP: f8b6deb7  ERR: ffffffff  EFLAGS: 00010246
 #5 [c0761d44] ieee80211_dup_bss at f8b6deb7
 #6 [c0761d6c] ieee80211_dup_bss at f8b6df40
 #7 [c0761d90] ieee80211_recv_mgmt at f8b68e75
 #8 [c0761ee4] ieee80211_input at f8b6d1da
 #9 [c0761f98] ath_rx_tasklet at f8a44b84
#10 [c0761fe8] __do_softirq at c042517f
--- <soft IRQ> ---
 #0 [f6b72f7c] do_softirq at c0407481
 #1 [f6b72f90] irq_exit at c0424fd6
 #2 [f6b72f98] do_IRQ at c040760c
 #3 [f6b72fb4] common_interrupt at c040632e
    EAX: 000ff000  EBX: 050cb614  ECX: 00000002  EDX: 000000ff
    DS:  007b      ESI: 00000002  ES:  007b      EDI: 00000002
    SS:  007b      ESP: bfb34978  EBP: bfb349d8
    CS:  0073      EIP: 050c292f  ERR: ffffffef  EFLAGS: 00000206

Expanded back trace

PID: 2485   TASK: f6bbee70  CPU: 0   COMMAND: "nautilus"
 #0 [c0761bf0] crash_kexec at c044324f
 #1 [c0761c3c] die at c0406bb7
 #2 [c0761c54] do_trap at c060a0ee
 #3 [c0761c70] do_invalid_op at c040700f
 #4 [c0761d10] error_code (via invalid_op) at c0609ab8
    EAX: 00000018  EBX: f5195000  ECX: 00000000  EDX: c06f3138  EBP: c0761d68
    DS:  007b      ESI: f5172380  ES:  007b      EDI: f5105091
    CS:  0060      EIP: f8b6deb7  ERR: ffffffff  EFLAGS: 00010246
 #5 [c0761d44] ieee80211_dup_bss at f8b6deb7
 #6 [c0761d6c] ieee80211_dup_bss at f8b6df40
 #7 [c0761d90] ieee80211_recv_mgmt at f8b68e75
 #8 [c0761ee4] ieee80211_input at f8b6d1da
 #9 [c0761f98] ath_rx_tasklet at f8a44b84
#10 [c0761fe8] __do_softirq at c042517f
--- <soft IRQ> ---
 #0 [f6b72f7c] do_softirq at c0407481
 #1 [f6b72f90] irq_exit at c0424fd6
 #2 [f6b72f98] do_IRQ at c040760c
 #3 [f6b72fb4] common_interrupt at c040632e
    EAX: 000ff000  EBX: 050cb614  ECX: 00000002  EDX: 000000ff
    DS:  007b      ESI: 00000002  ES:  007b      EDI: 00000002
    SS:  007b      ESP: bfb34978  EBP: bfb349d8
    CS:  0073      EIP: 050c292f  ERR: ffffffef  EFLAGS: 00000206
    c0761e44: f8a94a28  f61b85c0  f890d7a4  c0761e6c 
    c0761e54: c04343ce  c0761e84  00000000  011379fe 
    c0761e64: c0761e84  00000000  00000122  00000101 
    c0761e74: 00000064  00000000  f5105058  f510507c 
    c0761e84: f5105064  f510506b  f510508a  00000000 
    c0761e94: 00000000  00000000  f5105090  00000000 
    c0761ea4: 00000022  f51d6380  00000022  f5172380 
    c0761eb4: c0761ee0  f8a413da  00000022  000051a8 
    c0761ec4: 00000080  c0761ed8  f51d7000  f5172380 
    c0761ed4: f5172380  f51d6380  f5105040  c0761f74 
    c0761ee4: f8b6d1e0 
 #8 [c0761ee4] ieee80211_input at f8b6d1da
    [RA: f8a44b89  SP: c0761ee8  FP: c0761f98  SIZE: 180]
    c0761ee8: 00000022  000051a8  f51d6380  00000022 
    c0761ef8: f501c000  f51d7000  80761f08  c041ae9d 
    c0761f08: c0761f2c  f5172380  f51d6000  f5105040 
    c0761f18: f7790498  00000003  c070b70c  80000098 
    c0761f28: f5105050  00700202  00000000  c0761f4c 
    c0761f38: c0419eeb  00000000  00000202  f63af000 
    c0761f48: f501c000  c0761f8c  c05b649f  00000000 
    c0761f58: 00000000  f51b8000  f51b8000  f5141b58 
    c0761f68: f51d7000  f51d6380  00000000  c0761f94 
    c0761f78: f8b6d444  000051a8  00000022  ffffffff 
    c0761f88: f50c6000  00000001  0000000a  c0761fd8 
    c0761f98: f8a44b89 
 #9 [c0761f98] ath_rx_tasklet at f8a44b84
    [RA: c0425181  SP: c0761f9c  FP: c0761fe8  SIZE: 80]
    c0761f9c: 000051a8  f51737ac  f5172000  f5c27000 
    c0761fac: f5172380  f50d8000  f50c6000  f501c000 
    c0761fbc: 0000006e  c0799908  c0799708  c0799508 
    c0761fcc: 00000000  00000001  0000000a  c0761fe4 
    c0761fdc: c0424c70  c07988b8  c0761ff8  c0425181 
#10 [c0761fe8] __do_softirq at c042517f
    [RA: c0407481  SP: c0761fec  FP: c0761ffc  SIZE: 20]
    c0761fec: f6b72f7c  c0762000  00000046  f6b72f8c 
    c0761ffc: c0407481 
--- <soft IRQ> ---
 #0 [f6b72f7c] do_softirq at c0407481
    [RA: c0424fdb  SP: f6b72f7c  FP: f6b72f90  SIZE: 24]
    f6b72f7c: f6b72000  f6b72f9c  00000010  c044f5b3 
    f6b72f8c: f6b72f94  c0424fdb 
 #1 [f6b72f90] irq_exit at c0424fd6
    [RA: c0407611  SP: f6b72f94  FP: f6b72f98  SIZE: 8]
    f6b72f94: f6b72fb0  c0407611 
 #2 [f6b72f98] do_IRQ at c040760c
    [RA: c0406333  SP: f6b72f9c  FP: f6b72fb4  SIZE: 28]
    f6b72f9c: 00000000  c06f5e24  050cb614  00000002 
    f6b72fac: 00000002  bfb349d8  c0406333 
 #3 [f6b72fb4] common_interrupt at c040632e
    EAX: 000ff000  EBX: 050cb614  ECX: 00000002  EDX: 000000ff
    DS:  007b      ESI: 00000002  ES:  007b      EDI: 00000002
    SS:  007b      ESP: bfb34978  EBP: bfb349d8
    CS:  0073      EIP: 050c292f  ERR: ffffffef  EFLAGS: 00000206
    [RA: 50c292f  SP: f6b72fb8  FP: f6b72ff0  SIZE: 60]
    f6b72fb8: 050cb614  00000002  000000ff  00000002 
    f6b72fc8: 00000002  bfb349d8  000ff000  bfb3007b 
    f6b72fd8: 0000007b  c0400000  ffffffef  050c292f 
    f6b72fe8: 00000073  00000206  bfb34978 

The bug is in the following function

static __inline void ieee80211_node_set_chan(struct ieee80211com *ic, struct ieee80211_node *ni)
{
    struct ieee80211com *ic = vap->iv_ic;
    struct ieee80211_channel *chan = ic->ic_bsschan;

    KASSERT(chan != IEEE80211_CHAN_ANYC, ("bss channel not setup")); // <-- Invokes kernel panic and system freezes.
    ni->ni_chan = chan;
#ifdef ATH_SUPERG_XR
    if (ni->ni_vap->iv_flags & IEEE80211_F_XR)
        ni->ni_rates = ic->ic_sup_xr_rates;
    else
#endif
    ni->ni_rates = ic->ic_sup_rates[ieee80211_chan2mode(chan)];
}

There was a old patch ( quick fix ) available to avoid the kernel panic. -> madwifi-project.org/changeset/2766/madwifi/branches/madwifi-dfs/net80211/ieee80211_node.c?format=diff&new=2766

It modified the code by replacing the KASSERT by a debug statement. The modified function thus is

static __inline void ieee80211_node_set_chan(struct ieee80211vap *vap, struct ieee80211_node *ni)
{
    struct ieee80211com *ic = vap->iv_ic;
    struct ieee80211_channel *chan = ic->ic_bsschan;

    //KASSERT(chan != IEEE80211_CHAN_ANYC, ("bss channel not setup")); Comment this!!
    if (chan == IEEE80211_CHAN_ANYC)
    {
        IEEE80211_DPRINTF(vap, IEEE80211_MSG_NODE, "%s: bss channel not setup for %s\n", __func__, ether_sprintf(ni->ni_macaddr));
        return ;
    }
    ni->ni_chan = chan;
#ifdef ATH_SUPERG_XR
    if (ni->ni_vap->iv_flags & IEEE80211_F_XR)
        ni->ni_rates = ic->ic_sup_xr_rates;
    else
#endif
    ni->ni_rates = ic->ic_sup_rates[ieee80211_chan2mode(chan)];
}

Is this patch still valid? The sender node ( which sent the beacon) is still added to the station table even though chan is not set (function just returns when chan is not set). Is it ok? Please let me know a suitable fix for this issue.

Thanks, Mani Pandian

Change History

08/16/09 10:11:00 changed by mrenzmann

  • summary changed from Kernel panic when bringing up a node in adhoc mode. Kernel panic is caused because of KASSERT function call when the bss channel not setup for the interface. The error is in the function ieee80211_node_set_chan in the file ieee80211_node.c to Kernel panic when bringing up a node in adhoc mode.