Ticket #108 (closed defect: fixed)

Opened 5 years ago

Last modified 4 years ago

[madwifi] Kernel panic in WDS

Reported by: pjf Assigned to: xmxwx
Priority: normal Milestone: 3.0
Component: Madwifi Version: 0.2rc1
Severity: normal Keywords:
Cc:

Description 

BUG: unable to handle kernel NULL pointer dereference at virtual address 00000000
 printing eip:
*pde = 00000000
Oops: 0000 [#1]
Modules linked in: wlan_ccmp wlan_xauth sch_esfq sch_htb bonding macvlan wlan_scan_ap xfrm4_tunnel tunnel4 ipcomp esp4 ah4 twofish sha256 cryp0
CPU:    0
EIP:    0060:[<c014b096>]    Tainted: P      VLI
EFLAGS: 00010046   (2.6.17.13-lt5 #1)
EIP is at kfree+0x36/0x70
eax: 00000000   ebx: 00000046   ecx: 00000000   edx: c182e1e0
esi: 0170ffff   edi: 00000006   ebp: 00000000   esp: c03f7d60
ds: 007b   es: 007b   ss: 0068
Process swapper (pid: 0, threadinfo=c03f6000 task=c03ab740)
Stack: 00000046 c33c4000 c2c2f2a0 c4897b65 0170ffff c1170000 00000000 00000000
       00000046 c33c4000 c11702a0 c490c3c2 c33c4000 c33c4000 c33c4000 c2c2f2a0
       c4896b34 c33c4000 c11702a0 c4910bef c33c4000 c33c4000 c33c4000 c3652cc0
Call Trace:
 <c4897b65> node_cleanup+0x95/0x140 [wlan]  <c490c3c2> ath_node_cleanup+0x152/0x160 [ath_pci]
 <c4896b34> node_free+0x14/0x60 [wlan]  <c4910bef> ath_node_free+0x2f/0x50 [ath_pci]
 <c4896356> _ieee80211_free_node+0xd6/0x100 [wlan]  <c01288ef> autoremove_wake_function+0x2f/0x60
 <c4896af9> ieee80211_remove_wds_addr+0x69/0x90 [wlan]  <c4890e4d> ieee80211_input+0x1aad/0x1bb0 [wlan]
 <c490d90d> ath_beacon_setup+0x20d/0x2e0 [ath_pci]  <c490e276> ath_beacon_generate+0x126/0x590 [ath_pci]
 <c4916a65> ath_intr+0x4e5/0xbf0 [ath_pci]  <c4915d2c> ath_rx_tasklet+0x41c/0x820 [ath_pci]
 <c011b27e> tasklet_action+0x3e/0x70  <c011b162> __do_softirq+0x42/0x90
 <c011b1d6> do_softirq+0x26/0x30  <c0104b0e> do_IRQ+0x1e/0x30
 <c0102df6> common_interrupt+0x1a/0x20  <c0101d4b> default_idle+0x2b/0x60
 <c0101dba> cpu_idle+0x3a/0x50  <c03f8713> start_kernel+0x233/0x290
 <c03f8260> unknown_bootoption+0x0/0x280
Code: 89 1c 24 89 7c 24 08 85 f6 74 32 9c 5f fa a1 70 f8 42 c0 8d 96 00 00 00 40 c1 ea 0c c1 e2 05 01 c2 8b 02 f6 c4 40 75 24 8b 4a 18 <8b> 19
EIP: [<c014b096>] kfree+0x36/0x70 SS:ESP 0068:c03f7d60
 <0>Kernel panic - not syncing: Fatal exception in interrupt
 <0>Rebooting in 60 seconds..

Attachments

wlan.o (223.7 kB) - added by pjf on 09/20/06 01:32:47.
ath_pci.o (95.9 kB) - added by pjf on 09/20/06 01:35:17.
panic01.log (4.5 kB) - added by xmxwx on 01/06/07 15:48:22.
panic02.log (2.5 kB) - added by xmxwx on 01/06/07 15:49:48.
panic03.log (2.7 kB) - added by xmxwx on 01/06/07 15:49:56.
panic04.log (4.8 kB) - added by xmxwx on 01/06/07 15:50:03.
panic05.log (2.4 kB) - added by xmxwx on 01/06/07 15:50:09.
panic06.log (4.7 kB) - added by xmxwx on 01/06/07 15:50:20.
panic07.log (2.4 kB) - added by xmxwx on 01/06/07 15:50:29.

Change History

09/20/06 01:32:47 changed by pjf

  • attachment wlan.o added.

09/20/06 01:35:17 changed by pjf

  • attachment ath_pci.o added.

10/09/06 01:58:18 changed by pjf

  • milestone changed from 2.0 to 3.0.

12/30/06 08:56:03 changed by xmxwx

  • status changed from new to assigned.

01/06/07 15:48:22 changed by xmxwx

  • attachment panic01.log added.

01/06/07 15:49:48 changed by xmxwx

  • attachment panic02.log added.

01/06/07 15:49:56 changed by xmxwx

  • attachment panic03.log added.

01/06/07 15:50:03 changed by xmxwx

  • attachment panic04.log added.

01/06/07 15:50:09 changed by xmxwx

  • attachment panic05.log added.

01/06/07 15:50:20 changed by xmxwx

  • attachment panic06.log added.

01/06/07 15:50:29 changed by xmxwx

  • attachment panic07.log added.

01/06/07 15:52:41 changed by xmxwx

  • milestone changed from 3.0 to 2.1.

Recently, I have managed to reproduce this problem.

The network configuration was roughly: 

INET -- [eth0] LINTRACK1 [ath0 sta] --(wds+wpa)-- [ath0 ap] LINTRACK2 [ath1 ap] -- [ath0] CLIENT
  • Enforce network traffic on the WDS link by pinging some INET host from CLIENT machine
  • Reboot LINTRACK1
  • Either immediately or after LINTRACK1 booted up, LINTRACK2's kernel paniced

Kernel panic messages captured from serial console have been attached to this ticket.

01/07/07 00:51:49 changed by xmxwx

Some time ago Zilvinas Valinskas recommended trying wds-fixes.2.diff from Madwifi.org ticket #914 to solve this issue.

Unfortunately, after patching, the Kernel Panic is still reproducible.

01/07/07 01:41:10 changed by xmxwx

But it seems that wds-fixes.2.diff somehow limits the number of different possible types of Kernel Panics. Now it seems that only 01, 04 and 06 types are in concern. So maybe something's better now. Sometimes the system hangs with no debug message.

01/07/07 13:01:36 changed by pjf

Just to remember - post an info at ![1] when this bug is fixed.

![1] http://forum.lintrack.org/viewtopic.php?pid=275 (PL)

01/13/07 13:35:22 changed by xmxwx

  • status changed from assigned to closed.
  • resolution set to fixed.

fixed in r1187

03/15/08 15:49:29 changed by pjf

  • milestone changed from 2.1rc1 to 3.0.

Milestone 2.1rc1 deleted