I'm playing with aircrack-ng, trying to find a kernel version that works well with airodump and my iwl3945 card. On 2.6.27-rc3, it captures packets very slowly (must miss a lot) and eventually while playing around with iwconfig options and running airodump, I got this: [19991.393753] iwl3945: Error: Response NULL in 'REPLY_ADD_STA' [19991.393753] BUG: unable to handle kernel paging request at ffff8801ffff8801 [19991.393753] IP: [<ffffffff80293d8a>] unmap_vmas+0x7ea/0x990 [19991.393753] PGD 202063 PUD 0 [19991.393753] Oops: 0000 [1] PREEMPT SMP [19991.393753] CPU 1 [19991.393753] Modules linked in: iwl3945 i915 drm binfmt_misc rfcomm l2cap kvm_intel kvm ppdev parport_pc lp parport ipv6 pci_slot sbs sbshc container acpi_cpufreq cpufr eq_stats cpufreq_powersave cpufreq_conservative cpufreq_ondemand freq_table cpufreq_userspace fuse input_polldev loop firewire_sbp2 hci_usb pcmcia bluetooth snd_hda_intel snd_pcm_oss snd_mixer_oss snd_pcm arc4 ecb snd_timer snd_page_alloc snd_hwdep serio_raw sierra snd psmouse usbserial pcspkr mac80211 i2c_i801 yenta_socket rsrc_nonstatic pcmcia_core i2c_core cfg80211 ac battery soundcore video output button thinkpad_acpi intel_agp rfkill led_class nvram evdev ext3 jbd mbcache sha256_generic aes_x86_64 ae s_generic cbc dm_crypt crypto_blkcipher dm_mirror dm_log dm_snapshot dm_mod pata_acpi ata_generic sd_mod crc_t10dif firewire_ohci ata_piix ahci firewire_core crc_itu_t li bata scsi_mod ehci_hcd e1000e uhci_hcd dock thermal processor fan thermal_sys [last unloaded: iwl3945] [19991.393753] Pid: 583, comm: airodump-ng Not tainted 2.6.27-rc3 #1 [19991.393753] RIP: 0010:[<ffffffff80293d8a>] [<ffffffff80293d8a>] unmap_vmas+0x7ea/0x990 [19991.393753] RSP: 0018:ffff880101f45ae8 EFLAGS: 00010246 [19991.393753] RAX: ffff8801ffff8801 RBX: ffff880028031440 RCX: 0000000000000000 [19991.393753] RDX: 0000000000000000 RSI: 0000000000000008 RDI: 0000000000000001 [19991.393753] RBP: ffff880101f45bd8 R08: 0000000000000000 R09: 0000000000000000 [19991.393753] R10: 0000000000000000 R11: 0000000000000246 R12: ffffe20004515560 [19991.393753] R13: ffff88013959adb0 R14: 00007fec9a3b7000 R15: ffffffffffffff97 [19991.393753] FS: 0000000000000000(0000) GS:ffff88013b892b40(0000) knlGS:0000000000000000 [19991.393753] CS: 0010 DS: 0000 ES: 0000 CR0: 000000008005003b [19991.393753] CR2: ffff8801ffff8801 CR3: 0000000000201000 CR4: 00000000000026a0 [19991.393753] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [19991.393753] DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000400 [19991.393753] Process airodump-ng (pid: 583, threadinfo ffff880101f44000, task ffff880101f52140) [19991.393753] Stack: ffff880101f45b58 00007fec9a3ecfff 0000000000000000 ffff880101f45be8 [19991.393753] ffffffffffffffff 31dc588000000000 ffff8801ffff8801 ffff880101f45bf0 [19991.393753] 0000000100000082 0000000000000000 ffff880139521940 00007fec9a3ed000 [19991.393753] Call Trace: [19991.393753] [<ffffffff8029878e>] exit_mmap+0x9e/0x160 [19991.393753] [<ffffffff8023c23d>] mmput+0x2d/0xd0 [19991.393753] [<ffffffff80240598>] exit_mm+0x108/0x140 [19991.393753] [<ffffffff804bbe61>] ? _spin_unlock_irq+0x11/0x40 [19991.393753] [<ffffffff8024288a>] do_exit+0x80a/0x960 [19991.393753] [<ffffffff804a7de2>] ? wireless_send_event+0x172/0x310 [19991.393753] [<ffffffff80430900>] ? netdev_run_todo+0x1d0/0x270 [19991.393753] [<ffffffff80242a1e>] do_group_exit+0x3e/0xb0 [19991.393753] [<ffffffff8024de4d>] get_signal_to_deliver+0x27d/0x3c0 [19991.393753] [<ffffffff8020b6b9>] do_notify_resume+0x99/0x9c0 [19991.393753] [<ffffffff804bbea2>] ? _spin_unlock_irqrestore+0x12/0x40 [19991.393753] [<ffffffff80259821>] ? hrtimer_start+0x101/0x200 [19991.393753] [<ffffffff80259b09>] ? ktime_get_ts+0x59/0x60 [19991.393753] [<ffffffff8022fc23>] ? hrtick_start_fair+0x183/0x1a0 [19991.393753] [<ffffffff804bbe61>] ? _spin_unlock_irq+0x11/0x40 [19991.393753] [<ffffffff804b974c>] ? thread_return+0xa3/0x717 [19991.393753] [<ffffffff802bbae1>] ? vfs_ioctl+0x31/0xa0 [19991.393753] [<ffffffff804ba7a7>] ? do_nanosleep+0x77/0xc0 [19991.393753] [<ffffffff8020c62c>] ? sysret_signal+0x14/0x1f [19991.393753] [<ffffffff8020c8a7>] ptregscall_common+0x67/0xb0 [19991.393753] [19991.393753] [19991.393753] Code: 80 38 e0 ff ff 08 0f 84 e5 00 00 00 48 83 bd 58 ff ff ff 00 0f 85 00 01 00 00 e8 f2 60 22 00 48 8b 85 40 ff ff ff bf 01 00 00 00 <4c> 8b 20 e8 4e b5 22 00 48 8b 1d ef 29 3b 00 48 c7 c2 40 74 69 [19991.393753] RIP [<ffffffff80293d8a>] unmap_vmas+0x7ea/0x990 [19991.393753] RSP <ffff880101f45ae8> [19991.393753] CR2: ffff8801ffff8801 [19991.393753] ---[ end trace 10018cf841eb794c ]--- [19991.393753] Fixing recursive fault but reboot is needed!
Hmmm...assigning to Zhu Yi based on iwl3945 error message...
Created attachment 17258 [details] patch to try Please see if this patch fix the problem.
I had a very similar crash and tried your patch. After a day of light use, I couldn't reproduce it. It may have helped. I continue using it...
It certainly helped with the crash: I had the error message once, but no crash. What does the patch actually do? What is canceled (according the labels name)?
(In reply to comment #4) > It certainly helped with the crash: I had the error message once, but > no crash. What does the patch actually do? What is canceled (according > the labels name)? > The patch has been submitted upstream. The commit message explains the details you are interested in. http://marc.info/?l=linux-wireless&m=123143878214020&w=2 Could you please close this bug?
According to the last message (attached) from Zhu Yi <yi.zhu@intel.com> it is not fixed, just worked around: From: Zhu Yi <yi.zhu@intel.com> To: Alex Riesen <raa.lkml@gmail.com> Cc: "Chatre, Reinette" <reinette.chatre@intel.com>, "linville@tuxdriver.com" <linville@tuxdriver.com>, "ipw3945-devel@lists.sourceforge.net" <ipw3945-devel@lists.sourceforge.net>, Jim Paris <jim@jtan.com>, Linux Kernel Mailing List <linux-kernel@vger.kernel.org>, Linus Torvalds <torvalds@linux-foundation.org> In-Reply-To: <81b0412b0812250640t5d6180dct31d8cd941e06ef50@mail.gmail.com> References: <alpine.LFD.2.00.0812241540170.3535@localhost.localdomain> <81b0412b0812250640t5d6180dct31d8cd941e06ef50@mail.gmail.com> Date: Fri, 26 Dec 2008 10:27:02 +0800 Message-Id: <1230258422.27521.9.camel@debian> On Thu, 2008-12-25 at 22:40 +0800, Alex Riesen wrote: > iwl3945 is still broken as described in > > http://bugzilla.kernel.org/show_bug.cgi?id=11326 > > It is actually quite annoying, as it prevents shutdown when crashed. > The bug discussion mentions a fix (which looks like a workaround, > because there is still a scary message in the log). But at least > the system can be safely shut down. The patch should be a valid fix for the symptom. But we haven't find the root cause yet. Will submit the patch to wireless-testing. Thanks, -yi May I suggest _not_ to close the _bug_ until it is actually _fixed_?
(Ok not worked around, the crash in aftereffect was fixed. Which still does not fix the bug with "Response NULL in 'REPLY_ADD_STA'")
OTOH, how about opening another bug for specifically this "NULL in REPLY_ADD_STA" problem? (assuming the problem is not found yet)
Jim or admin, The patch fixing the BUG is now in wireless-testing. Could you please close this bug?
Sorry for the delay -- yes, this does fix the crash so I think the bug can be closed. Thanks.