Ticket #1214 (closed defect: fixed)

Opened 2 years ago

Last modified 10 months ago

Crash when bringing up ath0 in monitor mode

Reported by: kurth@informatik.hu-berlin.de Assigned to:
Priority: major Milestone: version 0.9.5
Component: madwifi: other Version: trunk
Keywords: Cc:
Patch is attached: 0 Pending:

Description

Using the revision 2200 from svn.madwifi.org I get an crash when I try to bring up the ath0 device in monitor mode. I did the following: 

insmod ath_hal/ath_hal.ko
insmod net80211/wlan.ko
insmod ath_rate/sample/ath_rate_sample.ko
insmod ath/ath_pci.ko autocreate=monitor
iwconfig ath0 channel 1
ifconfig ath0 up

and the result was 

Break instruction in kernel code[#1]:
Cpu 0
$ 0   : 00000000 10009c00 802a0000 81fcc0a0
$ 4   : 81fcc0a0 00000000 00000000 00000002
$ 8   : 000000c0 00000026 00000000 000000ff
$12   : 81c33d40 ffffffff 00200200 00100100
$16   : 00000000 80317800 81c50280 802a0000
$20   : 00000000 a1847000 00000000 00008914
$24   : 00000010 80018d08
$28   : 81c32000 81c33b50 8030c800 c010dd68
Hi    : 00000000
Lo    : 040f6685
epc   : 80018d10 r4k_dma_cache_inv+0x8/0xb8     Tainted: P
ra    : c010dd68 ath_rx_tasklet+0x270/0xbe4 [ath_pci]
Status: 10009c03    KERNEL EXL IE
Cause : 00000024
PrId  : 00029007
Modules linked in: ath_pci ath_rate_sample wlan ath_hal
Process ifconfig (pid: 321, threadinfo=81c32000, task=812e9528)
Stack : a1847030 c0109f48 802385c0 00000000 00000000 00000007 de16dfee 00000026
        81c33b70 81c33b70 81e28000 8029f8d0 00000001 00000000 00000000 802a0000
        0000000a 802a0000 00000000 00000000 00000000 00008914 7fb33c38 800338c4
        81c50000 00008914 7fb33c38 8005034c 00000000 8029f8f0 8003334c 81c33c48
        00000000 00000000 00000000 00008914 10009c00 81c33c48 81c50000 80247dc0
        ...
Call Trace:
 [<c0109f48>] ath_intr+0xcd8/0xf50 [ath_pci]
 [<800338c4>] tasklet_action+0x108/0x15c
 [<8005034c>] handle_IRQ_event+0x64/0xd8
 [<8003334c>] __do_softirq+0x6c/0xf8
 [<80033430>] do_softirq+0x58/0x8c
 [<8000a734>] do_IRQ+0x24/0x34
 [<80001c84>] bcm47xx_irq_dispatch+0x64/0xe0
 [<80057fa0>] __alloc_pages+0x60/0x2e4
 [<80001df4>] bcm47xx_irq_handler+0xf4/0x100
 [<801143e0>] memcpy+0x0/0x4
 [<80183adc>] qdisc_alloc+0x34/0x154
 [<c0101100>] ath_rate_setup+0xd0/0x17c [ath_pci]
 [<8006f828>] __kmalloc+0xc8/0xe0
 [<80183adc>] qdisc_alloc+0x34/0x154
 [<80183e6c>] qdisc_create_dflt+0x18/0x70
 [<c010ebf0>] ath_init+0x3fc/0x4c8 [ath_pci]
 [<8018409c>] dev_activate+0x3c/0x134
 [<80176668>] dev_mc_upload+0x18/0x24
 [<80170f1c>] dev_open+0x18c/0x1c0
 [<80170e68>] dev_open+0xd8/0x1c0
 [<c006dae4>] ieee80211_init+0xa4/0x180 [wlan]
 [<80170e68>] dev_open+0xd8/0x1c0
 [<80053970>] filemap_nopage+0x1a8/0x53c
 [<80172e10>] dev_change_flags+0x74/0x14c
 [<80015bcc>] blast_icache16+0x8c/0xe8
 [<80170c60>] dev_load+0x14/0x54
 [<801c4954>] devinet_ioctl+0x304/0x9a0
 [<801c47c4>] devinet_ioctl+0x174/0x9a0
 [<801739a8>] dev_ioctl+0x4f8/0x778
 [<80063ce8>] __handle_mm_fault+0x630/0x82c
 [<801c6418>] inet_ioctl+0xc8/0xfc
 [<80163c80>] sock_ioctl+0x578/0x5c0
 [<80163c9c>] sock_ioctl+0x594/0x5c0
 [<80113c70>] sprintf+0x28/0x34
 [<8008d240>] do_ioctl+0x30/0x78
 [<8008d598>] vfs_ioctl+0x310/0x338
 [<80164430>] sock_create+0x10/0x1c
 [<8008d610>] sys_ioctl+0x50/0x90
 [<80012860>] stack_done+0x20/0x3c
 [<80012860>] stack_done+0x20/0x3c


Code: 00000000  14a00003  3c02802a <0200000d> 3c02802a  24469480  8cc20008  3c030004  00431024
Kernel panic - not syncing: Aiee, killing interrupt handler!
 <0>Rebooting in 3 seconds..Please stand by while rebooting the system...

The crash could be reproduced. The platform is Mipsel/Linux 2.6.16.13 on a Netgear WGT634U. It worked well with v0.9.2.1, so something must be broken on the way to v0.9.3.

Attachments

Change History

06/26/07 13:39:33 changed by tha@freewrt.org

Hi,

we have the same problem with monitor-mode in madwifi v0.9.3.1 on freewrt. V0.9.2.1 worked without any problem in monitor mode, so there really seems to be a new problem that have been included in 0.9.3 or 0.9.3.1.

Please see the following freewrt tickets for more details: - www.freewrt.org/trac/ticket/327 - www.freewrt.org/trac/ticket/289

Please let me know if there is something that might help to fix the problem.

thx,

Ralph

07/13/07 11:32:22 changed by nbd@openwrt.org

The following patch fixes the monitor mode oops (the DMA sync function crashes if size == 0).

Signed-off-by: Felix Fietkau <nbd@openwrt.org> 

Index: madwifi-ng-r2568-20070710/ath/if_ath.c
===================================================================
--- madwifi-ng-r2568-20070710.orig/ath/if_ath.c	2007-07-13 09:14:14.721154018 +0200
+++ madwifi-ng-r2568-20070710/ath/if_ath.c	2007-07-13 09:14:55.499477843 +0200
@@ -5711,8 +5711,9 @@
 			/*
 			 * Reject error frames if we have no vaps that 
 			 * are operating in monitor mode.
+			 * Reject empty frames as well
 			 */
-			if (sc->sc_nmonvaps == 0)
+			if ((sc->sc_nmonvaps == 0) || (rs->rs_datalen == 0))
 				goto rx_next;
 		}
 rx_accept:

07/13/07 17:47:27 changed by mentor

r2585

07/16/07 08:50:11 changed by mrenzmann

  • milestone set to version 0.9.4.

07/16/07 15:17:24 changed by mentor

  • status changed from new to closed.
  • resolution set to fixed.

02/11/08 06:16:46 changed by mrenzmann

  • milestone changed from version 0.9.4 to version 0.9.5.

Add/Change #1214 (Crash when bringing up ath0 in monitor mode)