#2067: WDS AP delete causes Oops
-----------------------------------+----------------------------------------
Reporter: [EMAIL PROTECTED] | Type: defect
Status: new | Priority: major
Component: madwifi: driver | Version: v0.9.4
Keywords: WDS delete Oops | Patch_attached: 0
-----------------------------------+----------------------------------------
I setup my repeater with WDS support as follows:[[BR]]
{{{
wlanconfig ath create wlandev wifi0 wlanmode ap[[BR]]
iwconfig ath0 essid hehe1 channel 56[[BR]]
iwpriv ath0 wds 1[[BR]]
ifconfig ath0 up[[BR]][[BR]]
wlanconfig ath0wds0 create wlandev wifi0 wlanmode wds nosbeacon[[BR]]
iwconfig ath0wds0 channel 56[[BR]]
iwpriv ath0wds0 wds 1[[BR]]
iwpriv ath0wds0 wds_add XX:XX:XX:XX:XX:XX[[BR]]
ifconfig ath0wds0 up[[BR]][[BR]]
}}}
After verifying that the link is established by successfully pinging the
other device. I did this:
[[BR]]
wlanconfig ath0wds0 destroy
[[BR]]
and that caused this
{{{
10-0-201-56:/# wlanconfig ath0wds0 destroy
br0: port 3(ath0wds0) entering disabled state
device ath0wds0 left promiscuous mode
br0: port 3(ath0wds0) entering disabled state
10-0-201-56:/# BUG: unable to handle kernel paging request at virtual
address 6b6b6c07
printing eip:
c8a9340c
*pde = 00000000
Oops: 0000 [#1]
PREEMPT
Modules linked in: wlan_scan_ap wlan_scan_sta ath_rate_sample ath_pci
ath_hal(P) ath_rate_onoe ath_rate_amrr wlan via_rhine
CPU: 0
EIP: 0060:[<c8a9340c>] Tainted: P VLI
EFLAGS: 00010246 (2.6.22 #11)
EIP is at ieee80211_input+0x9c/0x1270 [wlan]
eax: 00000000 ebx: 00000008 ecx: 0000004e edx: 6b6b6b6b
esi: 6b6b6b6b edi: c7262000 ebp: c03fbf04 esp: c03fbe98
ds: 007b es: 007b fs: 0000 gs: 0000 ss: 0068
Process swapper (pid: 0, ti=c03fa000 task=c03cfbc0 task.ti=c03fa000)
Stack: 00000000 c7866d88 c03fbeb0 00000046 c684798c c684798c c03fbebc
c031eca7
c6ffb2d0 c03fbf14 c8823121 c6848000 c6ffb2d0 00000000 00000000
00097220
030800d2 c6975020 6b6b6b6b 6b6b6b6b c71d9500 00000018 c79a6a10
c7262000
Call Trace:
[<c010306a>] show_trace_log_lvl+0x1a/0x30
[<c010313a>] show_stack_log_lvl+0x9a/0xc0
[<c0103397>] show_registers+0x1d7/0x370
[<c010374e>] die+0x17e/0x220
[<c010bde4>] do_page_fault+0x274/0x5b0
[<c031f26a>] error_code+0x6a/0x70
[<c8829381>] ath_rx_tasklet+0x2a1/0x5b0 [ath_pci]
[<c0119db7>] tasklet_action+0x67/0x80
[<c01199f2>] __do_softirq+0x62/0xd0
[<c0119aaf>] do_softirq+0x4f/0x60
[<c0119b27>] irq_exit+0x47/0x50
[<c0104948>] do_IRQ+0x48/0xa0
[<c0102d8e>] common_interrupt+0x2e/0x40
[<c0100ace>] cpu_idle+0x7e/0x90
[<c031bb16>] rest_init+0x56/0x60
[<c03fca8f>] start_kernel+0x1ef/0x290
[<00000000>] 0x0
=======================
Code: b6 03 0f b6 d8 f6 c3 03 0f 85 3c 03 00 00 8b 75 d8 0f b6 5e 01 8b 75
e0 80 e3 03 88 5d d7 88 c3 80 e3 0c 88 5d d6 24 f0 88 45 d5 <80> be 9c 00
00 00 00 0f 88 0b 02 00 00 83 fa 06 0f 87 d9 00 00
EIP: [<c8a9340c>] ieee80211_input+0x9c/0x1270 [wlan] SS:ESP 0068:c03fbe98
Entering kdb (current=0xc03cfbc0, pid 0) Oops: Oops
due to oops @ 0xc8a9340c
eax = 0x00000000 ebx = 0x00000008 ecx = 0x0000004e edx = 0x6b6b6b6b
esi = 0x6b6b6b6b edi = 0xc7262000 esp = 0xc03fbe98 eip = 0xc8a9340c
ebp = 0xc03fbf04 xss = 0xc0260068 xcs = 0x00000060 eflags = 0x00010246
xds = 0xc684007b xes = 0xc03f007b origeax = 0xffffffff ®s = 0xc03fbe60
kdb> btc
btc: cpu status: Currently on cpu 0
Available cpus: 0
Stack traceback for pid 0
0xc03cfbc0 0 0 1 0 R 0xc03cfd70 *swapper
esp eip Function (args)
0xc03fbe8c 0xc8a9340c [wlan]ieee80211_input+0x9c
0xc03fbeb4 0xc031eca7 _spin_unlock+0x27
0xc03fbec0 0xc8823121 [ath_pci]ath_uapsd_processtriggers+0x1f1
0xc03fbf08 0xc8829381 [ath_pci]ath_rx_tasklet+0x2a1
0xc03fbf14 0xc0132f45 __lock_release+0x25
0xc03fbf3c 0xc0119db7 tasklet_action+0x67
0xc03fbf4c 0xc01199f2 __do_softirq+0x62
0xc03fbf60 0xc0119aaf do_softirq+0x4f
0xc03fbf6c 0xc0119b27 irq_exit+0x47
0xc03fbf74 0xc0104948 do_IRQ+0x48
0xc03fbf78 0xc031c188 schedule+0x3b8
0xc03fbf94 0xc0102d8e common_interrupt+0x2e
0xc03fbfc4 0xc0100a26 default_idle+0x46
0xc03fbfd4 0xc0100ace cpu_idle+0x7e
0xc03fbfdc 0xc031bb16 rest_init+0x56
0xc03fbfe4 0xc03fca8f start_kernel+0x1ef
0xc03fbfec 0xc03fc4f0 unknown_bootoption
}}}
Has anyone else encountered this? My theory is that after the device has
been deleted any new incoming packets, that are being handled by the
interrupt, can't find the virtual device and the input function causes it
to crash.
--
Ticket URL: <http://madwifi.org/ticket/2067>
madwifi.org <http://madwifi.org/>
Multiband Atheros Driver for Wireless Fidelity
-------------------------------------------------------------------------
This SF.Net email is sponsored by the Moblin Your Move Developer's challenge
Build the coolest Linux based applications with Moblin SDK & win great prizes
Grand prize is a trip for two to an Open Source event anywhere in the world
http://moblin-contest.org/redirect.php?banner_id=100&url=/
_______________________________________________
Madwifi-tickets mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/madwifi-tickets
