Search Linux Wireless

Script to crash ath9k with DMA errors.

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Here is a script that reliably crashes my ath9k box.
A second box with completely different hardware (except
for ath9k) experiences similar problems.

I am using today's wireless-testing kernel with a few
patches of my own.

You will also need the very latest hostap tree as it has the
optimizations for allowing STAs to share scans.  Without
this optimization, I did not see this problem.

A few notes about the script:

* I cannot remove any interfaces, seems a ref-count leak somewhere.
  I haven't debugged this issue.

* Without the background ping, it is very hard to reproduce this problem,
  but with it, it happens almost every time.

* You'll need to set up your paths at the top of the script.


#!/usr/bin/perl

use strict;

my $iw = "./local/sbin/iw";
my $ip = "./local/sbin/ip";
my $wpa_s = "./local/bin/wpa_supplicant";
my $ssid = "candela-n";
my $key = "wpadmz123";

my $phy = "wiphy0";
my $max = 32;
my $i;
my $bmac = "00:01:02:03:04:";
my $cmd;

# Cleanup previous stuff
runCmd("killall wpa_supplicant");
runCmd("killall ping");

for ($i = 0; $i<$max; $i++) {
  # Work around ref-counting bugs in kernel
  runCmd("$ip link set sta$i down");
  runCmd("$ip addr flush dev sta$i");
  runCmd("$ip route flush dev sta$i");
  runCmd("$ip -6 addr flush dev sta$i");
  runCmd("$ip -6 route flush dev sta$i");

  # Bugger, cannot get the ref-count problem to go away.
  # runCmd("$iw dev sta$i del");
}

#exit(0);

open(FD, ">pingbg") || die("Couldn't open pingbg.");
print FD "#!/bin/bash\n\n";
print FD "ping \$* > /dev/null 2>&1 &\n";
print FD "echo continuing....\n";
close(FD);
runCmd("chmod a+x pingbg");

# Create stations
for ($i = 0; $i<$max; $i++) {
  runCmd("$iw phy $phy interface add sta$i type station");
  my $mc5 = $i + 1;
  if (length($mc5) == 1) {
    $mc5 = "0$mc5"; # pad mac octet
  }
  my $mac = "$bmac$mc5";
  runCmd("$ip link set sta$i address $mac");

  runCmd("$iw dev sta$i set power_save off");
  runCmd("$ip addr add 9.99.1.$mc5/24 dev sta$i");
  runCmd("./pingbg -I sta$i 9.99.1.1");
}

# Bring them up with WPA
for ($i = 0; $i<$max; $i++) {
  open(FD, ">sta$i" . "_wpa.conf") || die("Couldn't open file: $!\n");
  print FD "
ctrl_interface=/var/run/wpa_supplicant
fast_reauth=1
#can_scan_one=1
network={
    ssid=\"$ssid\"
    proto=WPA
    key_mgmt=WPA-PSK
    psk=\"$key\"
    pairwise=TKIP CCMP
    group=TKIP CCMP
}
";
  #runCmd("$wpa_s -B -i sta$i -c sta$i" . "_wpa.conf -P sta$i" . "_wpa.pid -t -f sta$i" . "_wpa.log");
}

# Build command to start one wpa_supplicant for all interfaces.
my $cmd = "$wpa_s -B -g /var/run/wpa_supplicant_if -P /tmp/wpa_supplicant-all.pid -t -f /tmp/wpa_supplicant_log_all.txt -i sta0 -c sta0_wpa.conf";
for ($i = 1; $i<$max; $i++) {
  $cmd = "$cmd -N -i sta$i -c sta$i" . "_wpa.conf";
}
runCmd($cmd);

sub runCmd {
  my $cmd = shift;
  print "$cmd\n";
  `$cmd`;
}


Example kernel crash output:

ADDRCONF(NETDEV_CHANGE): sta6: link becomes ready
ADDRCONF(NETDEV_CHANGE): sta5: link becomes ready
ADDRCONF(NETDEV_CHANGE): sta4: link becomes ready
ADDRCONF(NETDEV_CHANGE): sta3: link becomes ready
ADDRCONF(NETDEV_CHANGE): sta1: link becomes ready
ADDRCONF(NETDEV_CHANGE): sta0: link becomes ready
padlock: VIA PadLock not detected.

[root@ath9k-dev1 ~]# ADDRCONF(NETDEV_CHANGE): sta30: link becomes ready
ADDRCONF(NETDEV_CHANGE): sta29: link becomes ready
------------[ cut here ]------------
WARNING: at /home/greearb/git/linux.wireless-testing/drivers/net/wireless/ath/ath9k/recv.c:532 ath_stoprecv+0x90/0x9a [ath9k]()
Hardware name: PDSBM
Could not stop RX, we could be confusing the DMA engine when we start RX up
Modules linked in: aes_i586 aes_generic fuse nfs lockd fscache nfs_acl auth_rpcgss sunrpc ipv6 uinput arc4 ecb ath9k mac80211 ath9k_common ath9k_hw mi]
Pid: 3505, comm: wpa_supplicant Not tainted 2.6.37-rc3-wl+ #53
Call Trace:
 [<78436fe9>] warn_slowpath_common+0x77/0x8c
 [<f933019e>] ? ath_stoprecv+0x90/0x9a [ath9k]
 [<f933019e>] ? ath_stoprecv+0x90/0x9a [ath9k]
 [<7843707a>] warn_slowpath_fmt+0x2e/0x30
 [<f933019e>] ath_stoprecv+0x90/0x9a [ath9k]
 [<f932f13c>] ath_set_channel+0x94/0x1e8 [ath9k]
 [<7845a425>] ? mark_held_locks+0x47/0x5f
 [<7878e5bb>] ? _raw_spin_unlock_irqrestore+0x3c/0x48
 [<f932f5d4>] ath9k_config+0x344/0x423 [ath9k]
 [<f919aaaa>] ieee80211_hw_config+0x11b/0x125 [mac80211]
 [<f91aa25a>] ieee80211_set_channel+0x74/0x9e [mac80211]
 [<f8d37d36>] cfg80211_set_freq+0xf3/0x12d [cfg80211]
 [<f91aa1e6>] ? ieee80211_set_channel+0x0/0x9e [mac80211]
 [<f8d3a24c>] cfg80211_mgd_wext_siwfreq+0x108/0x148 [cfg80211]
 [<f8d395c9>] cfg80211_wext_siwfreq+0x42/0xbf [cfg80211]
 [<7876e14f>] ioctl_standard_call+0x52/0x28e
 [<786f2db3>] ? dev_name_hash+0x16/0x48
 [<786f67cc>] ? __dev_get_by_name+0x32/0x3d
 [<7876e418>] wext_handle_ioctl+0x8d/0x18d
 [<f8d39587>] ? cfg80211_wext_siwfreq+0x0/0xbf [cfg80211]
 [<786f78f9>] dev_ioctl+0x520/0x53f
 [<786e5f7f>] ? sock_ioctl+0x0/0x202
 [<786e6175>] sock_ioctl+0x1f6/0x202
 [<7878e576>] ? _raw_spin_unlock_irq+0x22/0x2b
 [<786e5f7f>] ? sock_ioctl+0x0/0x202
 [<784cc151>] do_vfs_ioctl+0x4b1/0x4f6
 [<7878e576>] ? _raw_spin_unlock_irq+0x22/0x2b
 [<784303cd>] ? finish_task_switch+0x72/0xd4
 [<784c14a9>] ? fcheck_files+0x9b/0xca
 [<784c1505>] ? fget_light+0x2d/0xb0
 [<784cc1d9>] sys_ioctl+0x43/0x62
 [<784030dc>] sysenter_do_call+0x12/0x38
---[ end trace 34d8f42d696b7763 ]---
------------[ cut here ]------------
WARNING: at /home/greearb/git/linux.wireless-testing/net/wireless/mlme.c:285 __cfg80211_auth_remove+0x98/0x9e [cfg80211]()
Hardware name: PDSBM
Modules linked in: aes_i586 aes_generic fuse nfs lockd fscache nfs_acl auth_rpcgss sunrpc ipv6 uinput arc4 ecb ath9k mac80211 ath9k_common ath9k_hw mi]
Pid: 38, comm: kworker/u:1 Tainted: G        W   2.6.37-rc3-wl+ #53
Call Trace:
 [<78436fe9>] warn_slowpath_common+0x77/0x8c
 [<f8d34888>] ? __cfg80211_auth_remove+0x98/0x9e [cfg80211]
 [<f8d34888>] ? __cfg80211_auth_remove+0x98/0x9e [cfg80211]
 [<7843701b>] warn_slowpath_null+0x1d/0x1f
 [<f8d34888>] __cfg80211_auth_remove+0x98/0x9e [cfg80211]
 [<f8d34fc2>] cfg80211_send_auth_timeout+0x90/0xa0 [cfg80211]
 [<7845a681>] ? trace_hardirqs_on_caller+0x104/0x125
 [<7845a6ad>] ? trace_hardirqs_on+0xb/0xd
 [<f91a434b>] ieee80211_probe_auth_done+0x1e/0x7b [mac80211]
 [<f91a6861>] ieee80211_work_work+0xd51/0xd8f [mac80211]
 [<7845a681>] ? trace_hardirqs_on_caller+0x104/0x125
 [<7845a602>] ? trace_hardirqs_on_caller+0x85/0x125
 [<78447000>] process_one_work+0x1af/0x2bf
 [<78446f8f>] ? process_one_work+0x13e/0x2bf
 [<f91a5b10>] ? ieee80211_work_work+0x0/0xd8f [mac80211]
 [<7844874e>] worker_thread+0xf9/0x1bf
 [<78448655>] ? worker_thread+0x0/0x1bf
 [<7844b27e>] kthread+0x62/0x67
 [<7844b21c>] ? kthread+0x0/0x67
 [<784036c6>] kernel_thread_helper+0x6/0x1a
---[ end trace 34d8f42d696b7764 ]---
e1000e 0000:06:00.0: eth0: Detected Hardware Unit Hang:
  TDH                  <f1>
  TDT                  <f4>
  next_to_use          <f4>
  next_to_clean        <f1>
buffer_info[next_to_clean]:
  time_stamp           <bcc5>
  next_to_watch        <f1>
  jiffies              <c73c>
  next_to_watch.status <0>
MAC Status             <80080f83>
PHY Status             <796d>
PHY 1000BASE-T Status  <7c00>
PHY Extended Status    <3000>
PCI Status             <4010>
e1000e 0000:06:00.0: eth0: Detected Hardware Unit Hang:
  TDH                  <f1>
  TDT                  <f4>
  next_to_use          <f4>
  next_to_clean        <f1>
buffer_info[next_to_clean]:
  time_stamp           <bcc5>
  next_to_watch        <f1>
  jiffies              <cf0c>
  next_to_watch.status <0>
MAC Status             <80080f83>
PHY Status             <796d>
PHY 1000BASE-T Status  <7c00>
PHY Extended Status    <3000>
PCI Status             <4010>
BUG: unable to handle kernel NULL pointer dereference at 00000040
IP: [<f933470a>] ath_tx_start+0x461/0x5ef [ath9k]
*pde = 00000000
Oops: 0000 [#1] SMP DEBUG_PAGEALLOC
last sysfs file: /sys/devices/pci0000:00/0000:00:1e.0/0000:08:01.0/irq
Modules linked in: aes_i586 aes_generic fuse nfs lockd fscache nfs_acl auth_rpcgss sunrpc ipv6 uinput arc4 ecb ath9k mac80211 ath9k_common ath9k_hw mi]

Pid: 38, comm: kworker/u:1 Tainted: G        W   2.6.37-rc3-wl+ #53 PDSBM/PDSBM
EIP: 0060:[<f933470a>] EFLAGS: 00010246 CPU: 1
EIP is at ath_tx_start+0x461/0x5ef [ath9k]

--
Ben Greear <greearb@xxxxxxxxxxxxxxx>
Candela Technologies Inc  http://www.candelatech.com

--
To unsubscribe from this list: send the line "unsubscribe linux-wireless" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html


[Index of Archives]     [Linux Host AP]     [ATH6KL]     [Linux Bluetooth]     [Linux Netdev]     [Kernel Newbies]     [Linux Kernel]     [IDE]     [Security]     [Git]     [Netfilter]     [Bugtraq]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Linux ATA RAID]     [Samba]     [Device Mapper]
  Powered by Linux