Ticket #1261 (closed defect: fixed)

Opened 2 years ago

Last modified 10 months ago

Kernel oops: crashes under high load

Reported by: llei@microhardcorp.com Assigned to:
Priority: critical Milestone: version 0.9.5
Component: madwifi: driver Version: v0.9.3
Keywords: crashes at ath_tx_processq Cc:
Patch is attached: 0 Pending:

Description

On an ADI Coyote board (IXP425) + Ubiquiti XR2. A few revisions tried: 0.9.3, 0.9.2 and madwifi-ng-r2272-20070412.tar.gz. All crashes under heavy load. Here is my startup script 

mount -t proc proc /proc
mount -o remount,rw /dev/root /
ifconfig lo 127.0.0.1

modprobe ixp400
cat /etc/IxNpeMicrocode.dat >/dev/ixNpe
modprobe ixp400_eth

modprobe llc
modprobe bridge

insmod /lib/modules/2.6.17-uc1/kernel/madwifi/wlan.ko
insmod /lib/modules/2.6.17-uc1/kernel/madwifi/wlan_wep.ko
insmod /lib/modules/2.6.17-uc1/kernel/madwifi/ath_hal.ko
insmod /lib/modules/2.6.17-uc1/kernel/madwifi/ath_rate_onoe.ko
insmod /lib/modules/2.6.17-uc1/kernel/madwifi/ath_rate_sample.ko
insmod /lib/modules/2.6.17-uc1/kernel/madwifi/wlan_scan_sta.ko
insmod /lib/modules/2.6.17-uc1/kernel/madwifi/wlan_scan_ap.ko
insmod /lib/modules/2.6.17-uc1/kernel/madwifi/ath_pci.ko

sysctl -w dev.wifi0.diversity=0
sysctl -w dev.wifi0.rxantenna=1
sysctl -w dev.wifi0.txantenna=1

sysctl -w dev.wifi0.ledpin=0
sysctl -w dev.wifi0.softled=1

wlanconfig ath0 destroy		
wlanconfig ath create wlandev wifi0 wlanmode ap

iwconfig ath0 rate auto
iwconfig ath0 essid NingNing
iwconfig ath0 channel 6
iwconfig ath0 key beef15dead

athctrl -d 20000

brctl addbr br0
brctl addif br0 ixp0
brctl addif br0 ath0
brctl setfd br0 1
brctl stp br0 on
ifconfig ixp0 up
ifconfig ath0 up

ifconfig br0 192.168.0.20 up

Start a throughput test, and here is want happens after a while, 

# Unable to handle kernel NULL pointer dereference at virtual address 00000060
pgd = c0004000
[00000060] *pgd=00000000
Internal error: Oops: 17 [#1]
Modules linked in: ath_pci wlan_scan_ap wlan_scan_sta ath_rate_sample ath_rate_o
noe ath_hal wlan_wep wlan bridge llc ixp400_eth ixp400
CPU: 0
PC is at ath_tx_processq+0x3f8/0x550 [ath_pci]
LR is at kfree_skbmem+0x84/0xcc
pc : [<bf50a41c>]    lr : [<c01409f4>]    Tainted: P
sp : c01e3e74  ip : c0293400  fp : c01e3ea8
r10: 00000000  r9 : c02b56e8  r8 : ffc01b70
r7 : 00000000  r6 : c02ac5a0  r5 : c02b4260  r4 : 00000000
r3 : c02ac5a0  r2 : c1d5a8c0  r1 : 01d2f008  r0 : c0293448
Flags: NzCv  IRQs on  FIQs on  Mode SVC_32  Segment kernel
Control: 39FF  Table: 01D60000  DAC: 00000017
Process swapper (pid: 0, stack limit = 0xc01e2198)
Stack: (0xc01e3e74 to 0xc01e4000)
3e60:                                              00000000 00000000 c02b8000
3e80: 00000002 c02b4260 c02b56e8 00000002 c02b4000 690541c1 c022cca0 c01e3ed4
3ea0: c01e3eac bf50c6a4 bf50a030 c01e3eb8 00000002 00000000 c0232c84 c01e2000
3ec0: 0000000a c0232c60 c01e3eec c01e3ed8 c003815c bf50c644 00000001 c0232cb0
3ee0: c01e3f10 c01e3ef0 c0037d10 c00380e8 c022d2c0 0000001f 10000000 c023f810
3f00: c01e3f64 c01e3f20 c01e3f14 c0037db0 c0037cc0 c01e3f30 c01e3f24 c0037ecc
3f20: c0037d90 c01e3f60 c01e3f34 c001dd70 c0037e98 00040000 c023f810 ffffffff
3f40: 0000001f 10000000 c023f810 00019b74 00019ab4 c01e3fc0 c01e3f64 c001c9a4
3f60: c001dc7c 00000000 c022da08 00000000 60000013 c001e5a4 c01e2000 c0235418
3f80: c023f810 00019b74 690541c1 00019ab4 c01e3fc0 c01e3fac c01e3fac c001e638
3fa0: c001e638 60000013 ffffffff 00000000 c022c85c c01e3fd0 c01e3fc4 c001c024
3fc0: c001e5fc c01e3ff4 c01e3fd4 c000899c c001c00c c0008464 c022d488 000039fd
3fe0: c022d424 c01e5abc 00000000 c01e3ff8 00008030 c00087dc 00000000 00000000
Backtrace:
[<bf50a024>] (ath_tx_processq+0x0/0x550 [ath_pci]) from [<bf50c6a4>] (ath_tx_tas
klet+0x6c/0x114 [ath_pci])
[<bf50c638>] (ath_tx_tasklet+0x0/0x114 [ath_pci]) from [<c003815c>] (tasklet_act
ion+0x80/0xc8)
 r8 = C0232C60  r7 = 0000000A  r6 = C01E2000  r5 = C0232C84
 r4 = 00000000
[<c00380dc>] (tasklet_action+0x0/0xc8) from [<c0037d10>] (__do_softirq2+0x5c/0xd
0)
 r5 = C0232CB0  r4 = 00000001
[<c0037cb4>] (__do_softirq2+0x0/0xd0) from [<c0037db0>] (__do_softirq+0x2c/0x34)
 r8 = C01E3F64  r7 = C023F810  r6 = 10000000  r5 = 0000001F
 r4 = C022D2C0
[<c0037d84>] (__do_softirq+0x0/0x34) from [<c0037ecc>] (irq_exit+0x40/0x48)
[<c0037e8c>] (irq_exit+0x0/0x48) from [<c001dd70>] (asm_do_IRQ+0x100/0x118)
[<c001dc70>] (asm_do_IRQ+0x0/0x118) from [<c001c9a4>] (__irq_svc+0x24/0x60)
[<c001e5f0>] (cpu_idle+0x0/0x64) from [<c001c024>] (__init_end+0x24/0x2c)
 r5 = C022C85C  r4 = 00000000
[<c001c000>] (__init_end+0x0/0x2c) from [<c000899c>] (start_kernel+0x1cc/0x224)
[<c00087d0>] (start_kernel+0x0/0x224) from [<00008030>] (0x8030)
Code: e0863107 e593102c e35c0000 e28c0048 (e5942060)
 <0>Kernel panic - not syncing: Aiee, killing interrupt handler!

This can be reproduced easily. Any idea why? Tnx.

Attachments

1261-patch.diff (1.4 kB) - added by Przemyslaw Bruski on 05/28/07 17:48:42.
patch

Change History

04/14/07 16:35:11 changed by chadinater@yahoo.com

Hi,

Although I can't figure out a way to capture the kernel panic information, I too have experienced kernel panics using madwifi trunk revision 2259. I can definitely reproduce it, if instructed how. The kernel panic always follows when I run a X application remotely using the wireless connection.

Hope this helps,

Chad

04/16/07 07:17:16 changed by mrenzmann

Background on kernel oops dumps and how to catch them can be found at DevDocs/KernelOops.

05/28/07 17:48:42 changed by Przemyslaw Bruski

  • attachment 1261-patch.diff added.

patch

05/28/07 17:49:18 changed by Przemyslaw Bruski

I think the patch I've attached fixes this issue.

Signed-off-by: Przemyslaw Bruski <pbruskispam at op.pl>

05/28/07 19:07:31 changed by mentor

r2383

05/29/07 04:49:26 changed by mrenzmann

  • milestone set to version 0.9.4.

05/31/07 15:48:55 changed by mentor

  • status changed from new to closed.
  • resolution set to fixed.

02/11/08 06:17:13 changed by mrenzmann

  • milestone changed from version 0.9.4 to version 0.9.5.

Add/Change #1261 (Kernel oops: crashes under high load)