Please note: This project is no longer active. The website is kept online for historic purposes only.
If you´re looking for a Linux driver for your Atheros WLAN device, you should continue here .

Ticket #575 (assigned defect)

Opened 12 years ago

Last modified 12 years ago

WDS + bridge mode panic

Reported by: anonymous Assigned to: bell_kin (accepted)
Priority: major Milestone:
Component: madwifi: driver Version: trunk
Keywords: Cc:
Patch is attached: 1 Pending:

Description (Last modified by mentor)

I tested WDS with bridge with svn r1527 and I got kernel panic.

It is confirmed that there is no problme with svn r1491. It has been running r1491 and it is very stable in WDS bridge.

See the below attachment for a full oops and my /etc/network/interfaces.

kernel oops
unable to load wlan_scan_wds
ath1
ath1: Added WDS MAC: aa:bb:cc:dd:ee:ff
run-parts: /etc/network/if-pre-up.d/0_wpasupplicant exited with return code 1
Bridge firewalling registered
device eth0 entered promiscuous mode
eth0: DSPCFG accepted after 0 usec.
eth0: link up.
eth0: Setting full-duplex based on negotiated link capability.
eth0: Promiscuous mode enabled.
eth0: Promiscuous mode enabled.
eth0: Promiscuous mode enabled.
eth0: Promiscuous mode enabled.
eth0: Promiscuous mode enabled.
device ath1 entered promiscuous mode
device ath0 entered promiscuous mode
Unable to handle kernel NULL pointer dereference at virtual address 00000004
 printing eip:
c48e5246
*pde = 00000000
Oops: 0000 [#1]
PREEMPT
Modules linked in: bridge wlan_scan_ap ohci_hcd usbcore sc1200 scx200 ath_pci a2
CPU:    0
EIP:    0060:[<c48e5246>]    Tainted: P      VLI
EFLAGS: 00010296   (2.6.15-486-voyage)
EIP is at ieee80211_beacon_update+0xb/0x739 [wlan]
eax: 00000000   ebx: c3f2e260   ecx: 00000064   edx: c12111e0
esi: c3d4c260   edi: 00000000   ebp: 00000000   esp: c36edecc
ds: 007b   es: 007b   ss: 0068
Process bridge (pid: 1838, threadinfo=c36ec000 task=c36d0580)
Stack: c012e4e9 c36edee8 c36edee0 00000001 c36edfa4 c3f2e260 c3d4c260 00000000
       00000000 c489c9b2 00000000 c3d4c92c 00000000 00000000 c12111e0 00000000
       c3548000 00003c22 00000000 c3f2e260 c3d4c260 c489cc78 c3f2e260 c3d4c260
Call Trace:
 [<c012e4e9>] generic_file_read+0xa6/0xbf
 [<c489c9b2>] ath_beacon_generate+0x100/0x273 [ath_pci]
 [<c489cc78>] ath_beacon_send+0x153/0x2e7 [ath_pci]
 [<c4899bed>] ath_intr+0x141/0x26f [ath_pci]
 [<c012c8b7>] handle_IRQ_event+0x20/0x4c
 [<c012c95b>] __do_IRQ+0x78/0xd1
 [<c0105099>] do_IRQ+0x19/0x24
 [<c0103b8a>] common_interrupt+0x1a/0x20
Code: 01 00 00 89 42 10 66 8b 85 7b 01 00 00 66 89 42 14 66 c7 42 16 00 00 89 d
 <0>Kernel panic - not syncing: Fatal exception in interrupt
/etc/network/interfaces
# madwifi-ng WDS Bridge
auto br0
iface br0 inet static
       address 192.168.1.2
       netmask 255.255.255.0
       network 192.168.1.0
       broadcast 192.168.1.255
       gateway 192.168.1.1
       bridge_ports eth0 ath1 ath0
       pre-up wlanconfig ath0 create wlandev wifi1 wlanmode ap
       pre-up wlanconfig ath1 create wlandev wifi1 wlanmode wds
       pre-up iwconfig ath0 essid "voyage-wds" channel 1
       pre-up iwpriv ath1 wds_add AA:BB:CC:DD:EE:FF
       pre-up iwpriv ath1 wds 1
       up iwpriv ath0 mode 3
       post-down wlanconfig ath0 destroy
       post-down wlanconfig ath1 destroy

Attachments

chfix.diff (0.8 kB) - added by bell_kin on 06/29/06 22:38:36.
Signed-off-by: Bell Kin <bell_kin@pek.com.tw>
nodelock.diff (0.6 kB) - added by bell_kin on 07/06/06 15:50:38.
Signed-off-by: Bell Kin <bell_kin@pek.com.tw>
nodelocki.diff (508 bytes) - added by bell_kin on 07/11/06 18:55:39.
Signed-off-by: Bell Kin <bell_kin@pek.com.tw>
nodecnt.diff (511 bytes) - added by bell_kin on 07/17/06 14:23:48.
Signed-off-by: Bell Kin <bell_kin@pek.com.tw>
chbcnvap.diff (1.8 kB) - added by bell_kin on 09/21/06 08:58:35.
Signed-off-by: Bell Kin <bell_kin@pek.com.tw>
015-wds_node_fix.diff (2.1 kB) - added by xmxwx@asn.pl on 02/07/07 15:15:48.

Change History

04/28/06 15:15:13 changed by punkytse@yahoo.com

I attach my /etc/network/interfaces again

/etc/network/interfaces

# madwifi-ng WDS Bridge
#auto br0
iface br0 inet static
       address 192.168.1.2
       netmask 255.255.255.0
       network 192.168.1.0
       broadcast 192.168.1.255
       gateway 192.168.1.1
       bridge_ports eth0 ath1 ath0
       pre-up wlanconfig ath0 create wlandev wifi1 wlanmode ap
       pre-up wlanconfig ath1 create wlandev wifi1 wlanmode wds
       pre-up iwconfig ath0 essid "voyage-wds" channel 1
       pre-up iwpriv ath1 wds_add AA:BB:CC:DD:EE:FF
       pre-up iwpriv ath1 wds 1
       up iwpriv ath0 mode 3
       post-down wlanconfig ath0 destroy
       post-down wlanconfig ath1 destroy

04/28/06 15:17:24 changed by punkytse@yahoo.com

I attach the kernel oops again

kernel oops

unable to load wlan_scan_wds
ath1
ath1: Added WDS MAC: aa:bb:cc:dd:ee:ff
run-parts: /etc/network/if-pre-up.d/0_wpasupplicant exited with return code 1
Bridge firewalling registered
device eth0 entered promiscuous mode
eth0: DSPCFG accepted after 0 usec.
eth0: link up.
eth0: Setting full-duplex based on negotiated link capability.
eth0: Promiscuous mode enabled.
eth0: Promiscuous mode enabled.
eth0: Promiscuous mode enabled.
eth0: Promiscuous mode enabled.
eth0: Promiscuous mode enabled.
device ath1 entered promiscuous mode
device ath0 entered promiscuous mode
Unable to handle kernel NULL pointer dereference at virtual address 00000004
 printing eip:
c48e5246
*pde = 00000000
Oops: 0000 [#1]
PREEMPT
Modules linked in: bridge wlan_scan_ap ohci_hcd usbcore sc1200 scx200 ath_pci a2
CPU:    0
EIP:    0060:[<c48e5246>]    Tainted: P      VLI
EFLAGS: 00010296   (2.6.15-486-voyage)
EIP is at ieee80211_beacon_update+0xb/0x739 [wlan]
eax: 00000000   ebx: c3f2e260   ecx: 00000064   edx: c12111e0
esi: c3d4c260   edi: 00000000   ebp: 00000000   esp: c36edecc
ds: 007b   es: 007b   ss: 0068
Process bridge (pid: 1838, threadinfo=c36ec000 task=c36d0580)
Stack: c012e4e9 c36edee8 c36edee0 00000001 c36edfa4 c3f2e260 c3d4c260 00000000
       00000000 c489c9b2 00000000 c3d4c92c 00000000 00000000 c12111e0 00000000
       c3548000 00003c22 00000000 c3f2e260 c3d4c260 c489cc78 c3f2e260 c3d4c260
Call Trace:
 [<c012e4e9>] generic_file_read+0xa6/0xbf
 [<c489c9b2>] ath_beacon_generate+0x100/0x273 [ath_pci]
 [<c489cc78>] ath_beacon_send+0x153/0x2e7 [ath_pci]
 [<c4899bed>] ath_intr+0x141/0x26f [ath_pci]
 [<c012c8b7>] handle_IRQ_event+0x20/0x4c
 [<c012c95b>] __do_IRQ+0x78/0xd1
 [<c0105099>] do_IRQ+0x19/0x24
 [<c0103b8a>] common_interrupt+0x1a/0x20
Code: 01 00 00 89 42 10 66 8b 85 7b 01 00 00 66 89 42 14 66 c7 42 16 00 00 89 d
 <0>Kernel panic - not syncing: Fatal exception in interrupt

04/29/06 15:36:02 changed by Chey

This has been confirmed. WDS seems to have broken sometime after r1523.

05/02/06 10:57:50 changed by mrenzmann

@Chey: so you can reproduce this issue with r1523 and can confirm that r1522 does not suffer from it?

05/15/06 21:18:49 changed by Chey

@mrenzmann: I cannot confirm nor deny at this time. I have no equipment to test with anymore :(

05/30/06 17:40:09 changed by Chey

I've recently come across some more Atheros cards to play with. Although I cannot speak for "anonymous" you submitted the ticket, at this time I am having no issues with WDS using the latest svn (r1611).

06/15/06 15:14:29 changed by bell_kin

  • status changed from new to assigned.
  • owner set to bell_kin.

06/29/06 21:06:40 changed by bell_kin

please try this patch, I think this cause no harm to others the crash is caused by NULL bo_tim some part of softc is not initialized properly

06/29/06 22:38:36 changed by bell_kin

  • attachment chfix.diff added.

Signed-off-by: Bell Kin <bell_kin@pek.com.tw>

06/30/06 03:57:51 changed by mrenzmann

  • patch_attached set to 1.

06/30/06 08:58:41 changed by punkytse@yahoo.com

I am now using r1640 and kernal panic still persist when I start the interface with WDS mode.

My envirnoment is voyage 0.2 distro with 2.6.15 (ubuntu dapper) kernel.

iface br0 inet static
       address 192.168.1.2
       netmask 255.255.255.0
       network 192.168.1.0
       broadcast 192.168.1.255
       gateway 192.168.1.1
       bridge_ports eth0 ath1 ath0
       pre-up wlanconfig ath0 create wlandev wifi1 wlanmode ap
       pre-up wlanconfig ath1 create wlandev wifi1 wlanmode wds
       pre-up iwconfig ath0 essid "voyage-wds" channel 1
       pre-up iwpriv ath1 wds_add <AA:BB:CC:DD:EE:FF>
       pre-up iwpriv ath1 wds 1
       up iwpriv ath0 mode 3
       post-down wlanconfig ath0 destroy
       post-down wlanconfig ath1 destroy

Fall back to r1491 and no problem! I will try chfix.diff patch to see if any difference.

07/03/06 03:21:45 changed by anonymous

I also can confirm this wds problem - for me it works better when i set the wds options after brining up br0.

I run iperf for ~10minutes after that the node reboots - there is no specific time to reproduce that problem.

07/03/06 08:47:14 changed by bell_kin

please log the crash if possible, reboot after 10 minutes is strange, maye another bug is found.

07/03/06 22:35:12 changed by red@meshnode.org

Sorry i fogot to set my name in the prvious post...

hardware: wrpa2c, 2x atheros 5214, kernel 2.6.15, svn1648

The setup:

modprobe ath_pci                                                          
wlanconfig ath0 create wlandev wifi0 wlanmode sta
sysctl -w dev.wifi0.diversity=0
sysctl -w dev.wifi0.rxantenna=0
sysctl -w dev.wifi0.txantenna=0
iwconfig ath0 essid 'ssid'
iwpriv ath0 wds 1
iwconfig ath0 channel 3
iwconfig ath0 rts 500
iwconfig ath0 frag off
iwconfig ath0 key s:KEY          
iwconfig ath0 key restricted
ifconfig ath0 up

wlanconfig ath1 create wlandev wifi1 wlanmode ap
sysctl -w dev.wifi1.diversity=0
sysctl -w dev.wifi1.rxantenna=0
sysctl -w dev.wifi1.txantenna=0
iwconfig ath1 essid 'ssid2'
iwconfig ath1 channel 6
iwpriv ath1 wds 1
iwconfig ath1 rts 500
iwconfig ath1 frag off
iwconfig ath1 key s:KEY          
iwconfig ath1 key restricted
ifconfig ath1 up

# adding devices to bridge(s) ...
brctl addbr br0
ifconfig eth0 inet 0.0.0.0
brctl addif br0 eth0
ifconfig ath0 inet 0.0.0.0
brctl addif br0 ath0
ifconfig ath1 inet 0.0.0.0
brctl addif br0 ath1

ifconfig br0 inet 192.168.5.13
ifconfig br0 up
echo 1  > /proc/sys/net/ipv4/ip_forward

The opps msg:

root@MeshNode13:~# Unable to handle kernel NULL pointer dereference  
at virtual address 00000008
printing eip:
*pde = 00000000
Oops: 0000 [#1]
PREEMPT
Modules linked in: wlan_scan_ap wlan_wep wlan_scan_sta ath_pci bridge  
uhci_hcd ohci_hcd ehci_hcd usbcore sc1200 scx200 ath_rate_sample wlan  
ath_hal wd1100 lm7
7 scx200_acb i2c_core natsemi crc32
CPU:    0
EIP:    0060:[<c0130f13>]    Tainted: P      VLI
EFLAGS: 00010086   (2.6.15-486-meshnode)
EIP is at kfree+0x23/0x44
eax: c11320a0   ebx: 00000046   ecx: c3d35000   edx: 00000008
esi: c9905d40   edi: 00000082   ebp: c3544260   esp: c02f7ea4
ds: 007b   es: 007b   ss: 0068
Process swapper (pid: 0, threadinfo=c02f6000 task=c02adb00)
Stack: 00000046 c3d35000 c3cee260 c4890464 c9905d40 00000046 c02f6000  
c3d35000
        c3544260 c4845a61 c3d35000 c3d35000 c3544260 c3544be0  
c3cee260 c4890523
        c3d35000 c3d35000 c4845a9b c3d35000 c3544260 c3d35000  
00000000 c3d35000
Call Trace:
[<c4890464>] node_cleanup+0xb6/0x166 [wlan]
[<c4845a61>] ath_node_cleanup+0x250/0x26b [ath_pci]
[<c4890523>] node_free+0xf/0x52 [wlan]
[<c4845a9b>] ath_node_free+0x1f/0x2d [ath_pci]
[<c4891238>] _ieee80211_free_node+0xaf/0xb5 [wlan]
[<c489126a>] ieee80211_free_node+0x2c/0x62 [wlan]
[<c488b02a>] ieee80211_input_all+0x53/0x8a [wlan]
[<c48464b6>] ath_rx_tasklet+0x36f/0x4bd [ath_pci]
[<c011516f>] tasklet_action+0x34/0x53
[<c0114f4c>] __do_softirq+0x34/0x7d
[<c0114fb7>] do_softirq+0x22/0x26
[<c0115051>] irq_exit+0x29/0x34

After that oops the systems reboots.

07/06/06 15:49:59 changed by bell_kin

the crash after 10 minutes looks like a race condition in node_cleanup, please try apply this nodelock.diff too.

07/06/06 15:50:38 changed by bell_kin

  • attachment nodelock.diff added.

Signed-off-by: Bell Kin <bell_kin@pek.com.tw>

07/11/06 17:26:45 changed by georg@boerde.de

I've tried the nodelock.diff, but the machine is still panicing randomly sometimes:

BUG: unable to handle kernel NULL pointer dereference at virtual address 00000004
 printing eip:
*pde = 00000000
Oops: 0002 [#1]
PREEMPT
Modules linked in: wlan_ccmp wlan_tkip wlan_xauth wlan_wep wlan_scan_ap bridge llc uhci_hcd ohci_hcd ehci_hc2
CPU:    0
EIP:    0060:[<c4832d80>]    Tainted: P      VLI
EFLAGS: 00010097   (2.6.17.4-486-meshnode #1)
EIP is at ieee80211_node_saveq_drain+0x2f/0x74 [wlan]
eax: 00000000   ebx: c20a2229   ecx: c1100260   edx: c2d7e1cc
esi: c2d7e000   edi: 00000000   ebp: c1100260   esp: c037bdd0
ds: 007b   es: 007b   ss: 0068
Process swapper (pid: 0, threadinfo=c037a000 task=c032e820)
Stack: c0334e30 c2d7e000 00000046 c3393260 c482e5f8 c2d7e000 00000001 000000f0
       00000002 c037a000 00000046 c2d7e000 c48aefc7 c2d7e000 c2d7e000 c2d7e000
       00000000 c3393260 c482d376 c2d7e000 c1100260 c48a9dae c2d7e000 c2d7e000
Call Trace:
 <c482e5f8> node_cleanup+0x98/0x11c [wlan]
 <c48aefc7> ath_node_cleanup+0x18f/0x1ab [ath_pci]
 <c482d376> node_free+0x14/0x5b [wlan]
 <c48a9dae> ath_node_free+0x29/0x34 [ath_pci]
 <c482cba7> _ieee80211_free_node+0xeb/0xf3 [wlan]
 <c482d31a> ieee80211_remove_wds_addr+0x5a/0xa2 [wlan]
 <c4827bba> ieee80211_input+0x930/0x1788 [wlan]
 <c486c911> zz002dca0b+0x4d/0x168 [ath_hal]
 <c48686aa> zz005b88fd+0xfa/0x13c [ath_hal]
 <c48ae97a> ath_rx_tasklet+0x4b4/0x6e7 [ath_pci]
 <c01193a8> tasklet_action+0x39/0x5a
 <c01192fe> __do_softirq+0x39/0x84
 <c011936b> do_softirq+0x22/0x26
 <c0119433> irq_exit+0x25/0x30
 <c01056a2> do_IRQ+0x1e/0x24
 <c0103c9a> common_interrupt+0x1a/0x20
 <c0101d4d> default_idle+0x2b/0x53
 <c0101dae> cpu_idle+0x39/0x54
 <c037c67d> start_kernel+0x299/0x29d
 <c037c1d3> unknown_bootoption+0x0/0x211
Code: ec 04 8b 74 24 14 b8 00 e0 ff ff 21 e0 ff 40 14 8b be d4 01 00 00 8d 96 cc 01 00 00 8b 9e cc 01 00 00
EIP: [<c4832d80>] ieee80211_node_saveq_drain+0x2f/0x74 [wlan] SS:ESP 0068:c037bdd0
 <0>Kernel panic - not syncing: Fatal exception in interrupt

Using svn r1680, 2.6.17.4 and a bridge on eth0 + ath0

07/11/06 18:55:39 changed by bell_kin

  • attachment nodelocki.diff added.

Signed-off-by: Bell Kin <bell_kin@pek.com.tw>

07/11/06 18:59:52 changed by bell_kin

maybe it needs complete lock? please try patch nodelocki.diff INSTEAD OF nodelock.diff

07/12/06 19:36:06 changed by georg@boerde.de

I've applied nodelocki.diff, now to r1681, and madwifi is working fine for several hours now - a second machine, bridging only between two ath-devices is also looking stable. I'll do some more testing tomorrow, thanks so far! :)

07/13/06 14:43:10 changed by georg@boerde.de

Sorry, bad news... after running for another two hours, the kernel Oopsed again:

BUG: unable to handle kernel NULL pointer dereference at virtual address 00000004
 printing eip:
*pde = 00000000
Oops: 0002 [#1]
PREEMPT
Modules linked in: wlan_ccmp wlan_tkip wlan_xauth wlan_wep wlan_scan_ap bridge llc uhci_hcd ohci_hcd ehci_hcd usbcore sc1200 scx200 ath_pci ath_rate_sample wlan ath_hal wd1100 lm77 scx200_acb i2c_core natsemi crc32
CPU:    0
EIP:    0060:[<c4832d70>]    Tainted: P      VLI
EFLAGS: 00010097   (2.6.17.4-gx1-meshnode #2)
EIP is at ieee80211_node_saveq_drain+0x2f/0x74 [wlan]
eax: 00000000   ebx: c20a2229   ecx: c113e260   edx: c2d7d1cc
esi: c2d7d000   edi: 00000000   ebp: c113e260   esp: c033bdd0
ds: 007b   es: 007b   ss: 0068
Process swapper (pid: 0, threadinfo=c033a000 task=c02f47a0)
Stack: c2cffcc0 c2d7d000 00000046 c32a2260 c482e5f8 c2d7d000 80000000 c2cffcc0
       c4904a48 c033a000 00000046 c2d7d000 c48aefc7 c2d7d000 c2d7d000 c2d7d000
       00000000 c32a2260 c482d376 c2d7d000 c113e260 c48a9dae c2d7d000 c2d7d000
Call Trace:
 <c482e5f8> node_cleanup+0x98/0x11c [wlan]
 <c4904a48> br_handle_frame_finish+0xc0/0xfb [bridge]
 <c48aefc7> ath_node_cleanup+0x18f/0x1ab [ath_pci]
 <c482d376> node_free+0x14/0x5b [wlan]
 <c48a9dae> ath_node_free+0x29/0x34 [ath_pci]
 <c482cba7> _ieee80211_free_node+0xeb/0xf3 [wlan]
 <c482d31a> ieee80211_remove_wds_addr+0x5a/0xa2 [wlan]
 <c4827bba> ieee80211_input+0x930/0x1788 [wlan]
 <c486c911> zz002dca0b+0x4d/0x168 [ath_hal]
 <c482c86d> _ieee80211_find_node+0x32/0x79 [wlan]
 <c48ae9f9> ath_rx_tasklet+0x533/0x6e7 [ath_pci]
 <c011645c> tasklet_action+0x39/0x5a
 <c01163b2> __do_softirq+0x39/0x84
 <c011641f> do_softirq+0x22/0x26
 <c01164e7> irq_exit+0x25/0x30
 <c0105262> do_IRQ+0x1e/0x24
 <c010385a> common_interrupt+0x1a/0x20
 <c010190d> default_idle+0x2b/0x53
 <c010196e> cpu_idle+0x39/0x54
 <c033c678> start_kernel+0x294/0x298
 <c033c1d3> unknown_bootoption+0x0/0x211
Code: ec 04 8b 74 24 14 b8 00 e0 ff ff 21 e0 ff 40 14 8b be d4 01 00 00 8d 96 cc 01 00 00 8b 9e cc 01 00 00 39 d3 74 2d 8b 03 ff 4a 08 <89> 50 04 89 86 cc 01 00 00 c7 43 04 00 00 00 00 c7 03 00 00 00
EIP: [<c4832d70>] ieee80211_node_saveq_drain+0x2f/0x74 [wlan] SS:ESP 0068:c033bdd0
 <0>Kernel panic - not syncing: Fatal exception in interrupt

Again using 2.6.17.4, madwifi r1681 with nodelocki.diff and a bridge over eth0 + ath0

07/17/06 14:23:48 changed by bell_kin

  • attachment nodecnt.diff added.

Signed-off-by: Bell Kin <bell_kin@pek.com.tw>

07/17/06 14:26:59 changed by bell_kin

maybe overdone ieee80211_node_decref somewhere? please try this nodecnt.diff

07/18/06 14:03:49 changed by georg@boerde.de

I've been running with the ieee80211_free_node() line in ieee80211_node_saveq_drain() completely removed, and it is still Oopsing. There must be still other problems in the WDS/4-address code path causing crashes.

bell_kin: you mentioned more race conditions on the mailing list - have you found other sources for kernel crashes?

07/20/06 11:09:05 changed by georg@boerde.de

I have the strange feeling that we are searching in the wrong place. I've got some really strange kernel oopses with irregular pointers being dereferenced, like:

BUG: unable to handle kernel paging request at virtual address 35343332

in ath_node_cleanup+0x5e/0x1ab - 0x35343332 is ascii '2345' but nothing a real pointer would look like.

Another really strange one was

BUG: unable to handle kernel paging request at virtual address 6d616f00

where dev_kfree_skb_any() was called with 0x6d616e70 (ascii 'pnam') from node_cleanup().

Both places look like some parts of the ieee80211_node structure are corrupted by some misled data. I'm not giving complete oops dumps because they look pretty similar to the ones already posted here. We should investigate the code path used for 4-address-frames (I fear the problem is related to them, because the Oopses occur in WDS mode).

07/21/06 09:55:45 changed by anonymous

I have nearly the same problem. Here is my setup.:

Slackware 10.0 with 2.6.16 Kernel (Preemption option---> Server) svn r1686 The nodes are normal pentium pc´s.


Network scenario:

Node I br0 100.200.50.3{ eth0---->switch<---->test ftp server; wifi0--->ath0 (11gmode only, ap mode) ))))))(((((((((( wlanclient; wifi1--->ath1 (11a turbo mode, ap mode) )))))link to NODE II ath1; }

Node II br0 100.200.50.2{ eth0---->not connected; wifi0--->ath0 (11gmode only, ap mode) ))))))(((((((((( wlanclient; wifi1--->ath1 (11a turbo mode, st mode) )))))link to NODE I ath1; }


####config Node I#####
master.config{
wlanconfig ath0 create wlandev wifi0 wlanmode ap 
iwconfig ath0 essid testap
iwpriv ath0 mode 3
iwconfig ath0 channel 6
iwpriv ath0 bgcsan 0
ifconfig ath0 up}

masterwds.config{
wlanconfig ath1 create wlandev wifi1 wlanmode ap 
iwconfig ath1 essid wds
iwpriv ath1 mode 1
iwconfig ath1 channel 42
iwpriv ath1 bgcsan 0
iwprov ath1 wds 1
ifconfig ath1 up}

addbr.config{
brctl addbr br0
brctl addif br0 eth0
brctl addif br0 ath0
brctl addif br0 ath1
ifconfig br0 inet 100.200.50.3
ifconfig br0 up
}
####config Node II#####
master.config{
wlanconfig ath0 create wlandev wifi0 wlanmode ap 
iwconfig ath0 essid testapzwei
iwpriv ath0 mode 3
iwconfig ath0 channel 1
iwpriv ath0 bgcsan 0
ifconfig ath0 up}

masterwds.config{
wlanconfig ath1 create wlandev wifi1 wlanmode sta 
iwconfig ath1 essid wds
iwpriv ath1 mode 1
iwconfig ath1 channel 42
iwconfig ath1 ap 00:00:00:00:00:00 #MAC from Node I wifi1---->ath1
iwpriv ath1 bgcsan 0
iwprov ath1 wds 1
ifconfig ath1 up}

addbr.config{
brctl addbr br0
brctl addif br0 eth0
brctl addif br0 ath0
brctl addif br0 ath1
ifconfig br0 inet 100.200.50.2
ifconfig br0 up
}


With the follwing scenario it works stable:

scenario I Node I br0 { eth0 ----->switch---->FTP Server; ath0)))))))))))))((((((((((((((((wlanclient-------PC (no problems with download from FTP Server, also big files >500MB); ath1)))))))))))))link to Node II; }


With this scenario the connection hangs and pings failed unsteady and after about 10-20 minutes either NodeI get kernel panics or NodeII or both of them (with the same error code).

scanrioII

Node I br0 { eth0 ----->not connected; ath0)))))))))))))((((((((((((((((wlanclient-------PC (connection hangs and pings failed unsteady); ath1)))))))))))))link to Node II; }

Node II br0 { eth0 ----->switch---->FTP Server; ath0)))))))))))))((((((((((((((((no wlanclient connected); ath1)))))))))))))link to Node I; }

As you see if traffic is bridged between the wlan cards the kernel panics will occur. If i forgot some important information let me know. (I try to get the kernel panic log from both nodes)

08/18/06 04:10:09 changed by punkytse@yahoo.com

I tried the method suggested in #732 and there is no kernel panic.

Here is my interface setup sequence (for r1697).

wlanconfig ath0 create wlandev wifi0 wlanmode ap
wlanconfig ath1 create wlandev wifi0 wlanmode wds

# ath0 - ap
iwpriv ath0 mode 3
iwconfig ath0 essid $ESSID channel 11
ifconfig ath0 up

# ath1 - wds
ifconfig ath1 up
iwpriv ath1 wds 1
iwpriv ath1 wds_add "$WDS_MAC"        # Other peers MAC

# Create Bridge
brctl addbr br0
brctl addif br0 ath1
brctl addif br0 ath0
ifconfig br0 $BRIDGE_IP netmask 255.0.0.0 up 

I conclude that the interface setup sequence does matter!! But I still insist this is still a bug need fixes.

09/21/06 08:58:35 changed by bell_kin

  • attachment chbcnvap.diff added.

Signed-off-by: Bell Kin <bell_kin@pek.com.tw>

09/21/06 09:01:42 changed by bell_kin

I think interrupt happens during vap creation is the cause, please try chbcnvap.diff, it contains chfix.diff and disable interrupt in vap creation

10/02/06 10:56:01 changed by lilphil

I was previously getting an immediate panic just after bringing up ath0 (in the documented order). I can confirm that the setup sequence suggested by punkytse prevented the panic, and then I tested chbcnvap.diff which also prevents the panic. (I have not tested over time)

It does not seem to be associating with the access point however, and when using the first bridge mode in UserDocs/WDSBridge it stops passing traffic as soon as the bridge is brought up. Is this related?

02/07/07 15:15:48 changed by xmxwx@asn.pl

  • attachment 015-wds_node_fix.diff added.

02/07/07 15:29:37 changed by xmxwx@asn.pl

Lintrack development team has encountered this bug some time ago, when it became critical, I've tracked the bug down and made a patch for it. Now, I have noticed that the patch I made is almost exactly a revert of a part of r1520!

The fact that the 4-header (iwpriv wds 1) issue was broken in this rev is also convergent with the observation that r1491 performed well while r1527 not (mentioned in the summary of this ticket).

I suppose that this patch / partial revert fixes various strange kernel panics mentioned in some other tickets.

For more info see also dev.lintrack.org/ticket/108

Signed-Off-By: Michal Wrobel <xmxwx@asn.pl>

02/07/07 15:49:48 changed by xmxwx@asn.pl

madwifi-ng-refcount branch has it done properly as well

02/14/07 19:05:20 changed by msmith@cbnco.com

I applied Michal's patch to r2070 and it fixed my kernel panic problem (#1135).

02/14/07 19:06:17 changed by msmith@cbnco.com

Sorry, that should have been #1139

02/14/07 19:53:45 changed by mentor

  • description changed.