rt2x00-cvs-2008020614 very buggy

Live forum: http://rt2x00.serialmonkey.com/viewtopic.php?t=4606

SaTaN

06-02-2008 22:05:11

I once had a (more or less) usable version of rt2x00 against some
wireless-2.6 git kernel. Now I have upgraded to 2.6.24, and the included
rt2x00 sucked ... while WPA_supplicant could authenticate, I couldn't get an
IP via dhcp.

By setting manually an ip address and pinging my router, I could at least see the TX Led on my USB stick blink. also the router connected to the stick.

but anyway, I tried the latest rt2x00-cvs, only to find out it's very broken

BUG 1 doesn't compile rt2x00queue.c

rt2x00lib-objs = rt2x00dev.o rt2x00mac.o rt2x00config.o
should be
rt2x00lib-objs = rt2x00dev.o rt2x00mac.o rt2x00config.o rt2x00queue.o

BUG 2 It doesn't send anything.

It doesn't authenticate with my AP, mainly because it doesn't send anything. I can also see at the AP that nothing is received.

an "iwlist wlan0 scan" sees the AP, however

BUG 3 kernel crash.
wlan0 Initial auth_alg=0
wlan0 authenticate with AP 00184dbcd5f6
wlan0 Initial auth_alg=0
wlan0 authenticate with AP 00184dbcd5f6
wlan0 authenticate with AP 00184dbcd5f6
wlan0 authenticate with AP 00184dbcd5f6
wlan0 authentication with AP 00184dbcd5f6 timed out
Unable to handle kernel paging request at 00002800650415c8 RIP
[<ffffffff8043c4c7>] usb_kill_urb+0x17/0x110
PGD 0
Oops 0000 [1] SMP
CPU 1
Modules linked in rt73usb rt2x00usb rt2x00lib crc_ccitt aes_x86_64 aes_generic nvidia(P) ipv6 snd_usb_audio snd_usb_lib saa7134_alsa tuner tea5767 tda8290 tuner_simple mt20xx tea5761 saa7134 compat_ioctl32 ir_kbd_i2c i2c_core ir_common videodev v4l2_common v4l1_compat videobuf_dma_sg videobuf_core snd_emu10k1 snd_rawmidi snd_ac97_codec ac97_bus snd_seq_device snd_util_mem snd_hwdep arc4 ecb blkcipher cryptomgr nvram crc_itu_t mac80211 cfg80211 snd_pcm_oss snd_pcm snd_timer snd_page_alloc snd_mixer_oss snd k8temp w83627ehf hwmon_vid sg
Pid 5397, comm wpa_supplicant Tainted P 2.6.24-ge0e61383-dirty #1
RIP 0010[<ffffffff8043c4c7>] [<ffffffff8043c4c7>] usb_kill_urb+0x17/0x110
RSP 0018ffff81007c0adc58 EFLAGS 00010202
RAX 0000000000000000 RBX 0000280065041580 RCX ffff81006844e200
RDX ffff81007c0adfd8 RSI 0000000000000006 RDI 0000280065041580
RBP ffff810058d91cc0 R08 ffff81007c19fda0 R09 00000000ffffffff
R10 0000000000000000 R11 ffffffff80450cd0 R12 0000000000000002
R13 ffff810058d902c0 R14 ffff810058d903e8 R15 ffff81005795a000
FS 00002b9749742ae0(0000) GSffff81007f86ce40(0000) knlGS00000000f75ff6b0
CS 0010 DS 0000 ES 0000 CR0 000000008005003b
CR2 00002800650415c8 CR3 000000006f420000 CR4 00000000000006e0
DR0 0000000000000000 DR1 0000000000000000 DR2 0000000000000000
DR3 0000000000000000 DR6 00000000ffff0ff0 DR7 0000000000000400
Process wpa_supplicant (pid 5397, threadinfo ffff81007c0ac000, task ffff81006e43b100)
Stack 0000000000000000 ffff81006e43b100 ffffffff802520d0 ffff81007c0adc70
ffff81007c0adc70 0000000000000005 ffff810058d902c0 ffff810068450b20
ffff810058d91cc0 ffffffff880ac8ac ffff810000000000 00000000000001f4
Call Trace
[<ffffffff802520d0>] autoremove_wake_function+0x0/0x30
[<ffffffff880ac8ac>] rt2x00usbrt2x00usb_disable_radio+0xdc/0xf0
[<ffffffff880b2e88>] rt73usbrt73usb_set_device_state+0xdd8/0x1020
[<ffffffff880a0375>] rt2x00librt2x00lib_stop+0x15/0x40
[<ffffffff8806bcfb>] mac80211ieee80211_stop+0x19b/0x460
[<ffffffff80489df2>] dev_close+0x42/0x60
[<ffffffff80489a82>] dev_change_flags+0x92/0x1b0
[<ffffffff804cc514>] devinet_ioctl+0x5b4/0x770
[<ffffffff8047c3ff>] sock_ioctl+0xcf/0x270
[<ffffffff802b1def>] do_ioctl+0x2f/0xa0
[<ffffffff802b1ed4>] vfs_ioctl+0x74/0x2d0
[<ffffffff802b2179>] sys_ioctl+0x49/0x80
[<ffffffff8020bc1e>] system_call+0x7e/0x83


Code 48 83 7b 48 00 0f 84 dc 00 00 00 48 83 7b 50 00 0f 84 d1 00
RIP [<ffffffff8043c4c7>] usb_kill_urb+0x17/0x110
RSP <ffff81007c0adc58>
CR2 00002800650415c8
---[ end trace 8d13e2365d4c5bcf ]---

AdamBaker

06-02-2008 23:18:56

Latest CVS is just a snapshot of git HEAD which is indeed known to be very buggy right now. I think I might have a fix for the problem that is causing regular kernel panic's and Oopses which I'm currently testing but if you are just interested in something that works rather than trying to debug the latest changes then try the cvs version from around 20 Jan.

What I don't know is if that will be OK with the mac80211 in 2.6.24 or if you need to grab a newer mac80211.

SaTaN

07-02-2008 10:31:38

ok.

I lied, i wasn't using 2.6.24, but wireless-2.6 everything from round 2 days ago.

Also, the kernel is somewhat patched (mainly TuxOnIce).

Right now I'm using ethernet (AKA wired). This kinda OK, the only drawback is that it's lying around on my floor.

I'll give that version a try, but unless it works "perfectly", I'll stick to that ethernet cable.

My intention while posting this was to help development. If that's NOT the case
(as it seems, cause you knoww your bugs), please give me a hint and i'll stop wasting your time.

IvD

07-02-2008 10:35:25

I have committed the patch Adam mentioned to rt2x00.git. If you could give that repository a try it would be very helpful.

Thanks.

IvD

07-02-2008 10:36:09

P.S. rt2x00.git is wireless-2.6.git (everything branch) + rt2x00 patches

SaTaN

08-02-2008 22:42:54

As it seems, rt2x00-cvs-2008020815 indeed doesn't Ooops my kernel.

I did just a quick test, starting and killing wpa_supplicant several times, and performing some scans, doing ifconfig qlan0 up / down, etc.

Still doesn't transmit anything.

could you apply the patch below to the cvs tarball ?

IvD

09-02-2008 11:02:35

Done. Thanks.

yug

09-02-2008 11:12:45

With the last Feb 05 wireless-2.6 tree,
I get a lot of oops but I can't tell which came from outside the mac80211/rt2x00 modules

[code1mdn0adn]modinfo /lib/modules/2.6.24-666/kernel/drivers/net/wireless/rt2x00/rt2500pci.ko[/code1mdn0adn]
[code1mdn0adn]version: 2.1.0
author: http://rt2x00.serialmonkey.com
srcversion: 98DF81026C05FFDFF1ACE38
alias: pci:v00001814d00000201sv*sd*bc*sc*i*
depends: rt2x00lib,rt2x00pci,eeprom_93cx6
vermagic: 2.6.24-666 preempt mod_unload K7[/code1mdn0adn]

In init2
[code1mdn0adn]ifconfig wlan0 up[/code1mdn0adn]
[code1mdn0adn]general protection fault: 0000 [#1] PREEMPT
Modules linked in: snd_seq snd_seq_device 8250_pnp 8250 serial_core rt2500pci rt2x00pci rt2x00lib mac80211 cfg80211 eeprom_93cx6 i2c_sis96x

Pid: 3203, comm: ifconfig Not tainted (2.6.24-666 #3)
EIP: 0060:[<e133659f>] EFLAGS: 00010293 CPU: 0
EIP is at rt2500pci_set_device_state+0x4f/0xcb0 [rt2500pci]
EAX: 0000ff00 EBX: df9876e4 ECX: 00000000 EDX: 0000002c
ESI: e1330000 EDI: 00000008 EBP: df1c6fc0 ESP: de939dc4
DS: 007b ES: 007b FS: 0000 GS: 0033 SS: 0068
Process ifconfig (pid: 3203, ti=de938000 task=df06f000 task.ti=de938000)
Stack: 00000000 00000000 00000010 dfbfac80 00000010 c04a1180 c014b46b 00000020
000009ac df87a04c 00000246 fffffff4 00000080 00000010 e1338610 00000008
00000000 e1339460 df987798 00000001 df094000 e132a63b df87a0d4 df1c6fc0
Call Trace:
[<c014b46b>] setup_irq+0x13b/0x200
[<e1338610>] rt2500pci_interrupt+0x0/0xd0 [rt2500pci]
[<e132a63b>] rt2x00pci_initialize+0x12b/0x1a0 [rt2x00pci]
[<e1317368>] rt2x00queue_reset+0x38/0x60 [rt2x00lib]
[<e1317584>] rt2x00queue_init_tx+0x64/0x80 [rt2x00lib]
[<e13153ce>] rt2x00lib_enable_radio+0x4e/0x80 [rt2x00lib]
[<e1315423>] rt2x00lib_start+0x23/0xa0 [rt2x00lib]
[<e135c1b2>] ieee80211_open+0x192/0x4e0 [mac80211]
[<c0153539>] get_page_from_freelist+0x1f9/0x490
[<c0109913>] kernel_fpu_begin+0x13/0x50
[<c0251f3e>] mmx_clear_page+0x5e/0x80
[<c03781ac>] dev_open+0x4c/0x80
[<c03771f2>] dev_change_flags+0x82/0x190
[<c0375cb2>] __dev_get_by_name+0x82/0xa0
[<c03b7833>] devinet_ioctl+0x523/0x6c0
[<c036a89f>] sock_ioctl+0xcf/0x230
[<c036a7d0>] sock_ioctl+0x0/0x230
[<c017b5ab>] do_ioctl+0x2b/0x90
[<c0116f56>] do_page_fault+0xe6/0x5f0
[<c017b66c>] vfs_ioctl+0x5c/0x2b0
[<c017b928>] sys_ioctl+0x68/0x80
[<c010416e>] sysenter_past_esp+0x5f/0x85
=======================
Code: 00 00 8b b5 9c 00 00 00 8b 46 68 b8 ff 00 00 00 0f bc d0 89 54 24 40 0f b7 53 22 66 b8 00 ff 0f b6 4c 24 40 0f bc f8 89 7c 24 3c <0f> 58 80 99 de 10 95 99 de 10 95 99 1e 81 e2 ff 00 00 00 d3 e0
EIP: [<e133659f>] rt2500pci_set_device_state+0x4f/0xcb0 [rt2500pci] SS:ESP 0068:de939dc4
---[ end trace 30cf3bb875943672 ]---
Erreur de segmentation[/code1mdn0adn]

In init 1
(Always after an ifconfig (or /etc/init.d/net.wlan0 start)
[code1mdn0adn]Oops: 0002 [#1] PREEMPT
Modules linked in: rt2500pci rt2x00pci rt2x00lib mac80211 cfg80211 eeprom_93cx6

Pid: 4064, comm: ifconfig Not tainted (2.6.24-666 #3)
EIP: 0060:[<e1346d83>] EFLAGS: 00010206 CPU: 0
EIP is at rt2500pci_init_txentry+0x13/0x20 [rt2500pci]
EAX: 00000000 EBX: 00000000 ECX: 00000000 EDX: dfb121a0
ESI: 00000003 EDI: df9877c8 EBP: dfac0fc0 ESP: df0a5e30
DS: 007b ES: 007b FS: 0000 GS: 0033 SS: 0068
Process ifconfig (pid: 4064, ti=df0a4000 task=dfa04aa0 task.ti=df0a4000)
Stack: 0000003c e1316584 dfac0fc0 00000000 df024b80 dfac0180 e13143be dfac0fc0
00000000 e1314423 dfb75000 dfac0a5c e135b1b2 c014de60 df0a5e80 df59b468
df59b46c 00000008 00000002 dfb75000 dfb75380 00000000 00000001 dfa04aa0
Call Trace:
[<e1316584>] rt2x00queue_init_tx+0x64/0x80 [rt2x00lib]
[<e13143be>] rt2x00lib_enable_radio+0x3e/0x80 [rt2x00lib]
[<e1314423>] rt2x00lib_start+0x23/0xa0 [rt2x00lib]
[<e135b1b2>] ieee80211_open+0x192/0x4e0 [mac80211]
[<c014de60>] sync_page+0x0/0x40
[<c0133150>] wake_bit_function+0x0/0x60
[<c03781ac>] dev_open+0x4c/0x80
[<c03771f2>] dev_change_flags+0x82/0x190
[<c0375cb2>] __dev_get_by_name+0x82/0xa0
[<c03b7833>] devinet_ioctl+0x523/0x6c0
[<c036a89f>] sock_ioctl+0xcf/0x230
[<c036a7d0>] sock_ioctl+0x0/0x230
[<c017b5ab>] do_ioctl+0x2b/0x90
[<c0116f56>] do_page_fault+0xe6/0x5f0
[<c017b66c>] vfs_ioctl+0x5c/0x2b0
[<c017b928>] sys_ioctl+0x68/0x80
[<c010416e>] sysenter_past_esp+0x5f/0x85
=======================
Code: b8 01 00 00 00 0f bc c8 d3 e0 8b 13 83 e0 01 83 e2 fe 09 c2 89 13 5b c3 53 8b 52 10 b9 ff ff ff ff 0f bc c9 8b 42 08 8b 1a d3 e0 <89> 43 04 8b 02 83 20 fc 5b c3 8d 76 00 55 83 c2 20 57 56 53 83
EIP: [<e1346d83>] rt2500pci_init_txentry+0x13/0x20 [rt2500pci] SS:ESP 0068:df0a5e30
---[ end trace 2cf446bc83023c11 ]---
Erreur de segmentation[/code1mdn0adn]

One more reboot then modprobe rt2500pci
[code1mdn0adn]BUG: unable to handle kernel paging request at virtual address 6474e555
printing eip: e1346d83 *pde = 00000000
Oops: 0002 [#1] PREEMPT
Modules linked in: rt2500pci rt2x00pci rt2x00lib mac80211 cfg80211 eeprom_93cx6

Pid: 4147, comm: ifconfig Not tainted (2.6.24-666 #3)
EIP: 0060:[<e1346d83>] EFLAGS: 00010206 CPU: 0
EIP is at rt2500pci_init_txentry+0x13/0x20 [rt2500pci]
EAX: 00000000 EBX: 6474e551 ECX: 00000000 EDX: dfb0eac0
ESI: 00000001 EDI: df9875ac EBP: df0b6fc0 ESP: de90de30
DS: 007b ES: 007b FS: 0000 GS: 0033 SS: 0068
Process ifconfig (pid: 4147, ti=de90c000 task=dfa02000 task.ti=de90c000)
Stack: 00000014 e1316584 df0b6fc0 00000000 dfbac380 df0b6180 e13143be df0b6fc0
00000000 e1314423 dfb16800 df0b6a5c e135b1b2 dfa02000 001200d2 00000000
c0153539 00000001 00000002 dfb16800 dfb16b80 de90de98 c0109913 c13cfc00
Call Trace:
[<e1316584>] rt2x00queue_init_tx+0x64/0x80 [rt2x00lib]
[<e13143be>] rt2x00lib_enable_radio+0x3e/0x80 [rt2x00lib]
[<e1314423>] rt2x00lib_start+0x23/0xa0 [rt2x00lib]
[<e135b1b2>] ieee80211_open+0x192/0x4e0 [mac80211]
[<c0153539>] get_page_from_freelist+0x1f9/0x490
[<c0109913>] kernel_fpu_begin+0x13/0x50
[<c0251f3e>] mmx_clear_page+0x5e/0x80
[<c03781ac>] dev_open+0x4c/0x80
[<c03771f2>] dev_change_flags+0x82/0x190
[<c0375cb2>] __dev_get_by_name+0x82/0xa0
[<c03b7833>] devinet_ioctl+0x523/0x6c0
[<c036a89f>] sock_ioctl+0xcf/0x230
[<c036a7d0>] sock_ioctl+0x0/0x230
[<c017b5ab>] do_ioctl+0x2b/0x90
[<c0116f56>] do_page_fault+0xe6/0x5f0
[<c017b66c>] vfs_ioctl+0x5c/0x2b0
[<c017b928>] sys_ioctl+0x68/0x80
[<c010416e>] sysenter_past_esp+0x5f/0x85
=======================
Code: b8 01 00 00 00 0f bc c8 d3 e0 8b 13 83 e0 01 83 e2 fe 09 c2 89 13 5b c3 53 8b 52 10 b9 ff ff ff ff 0f bc c9 8b 42 08 8b 1a d3 e0 <89> 43 04 8b 02 83 20 fc 5b c3 8d 76 00 55 83 c2 20 57 56 53 83
EIP: [<e1346d83>] rt2500pci_init_txentry+0x13/0x20 [rt2500pci] SS:ESP 0068:de90de30
---[ end trace ff44c46a21000e0b ]---
Erreur de segmentation[/code1mdn0adn]

And this one I found even more strange
[code1mdn0adn]kernel BUG at mm/slab.c:591!
invalid opcode: 0000 [#1] PREEMPT
Modules linked in: rt2500pci rt2x00pci rt2x00lib mac80211 cfg80211 eeprom_93cx6

Pid: 469, comm: udevd Not tainted (2.6.24-666 #3)
EIP: 0060:[<c016aee8>] EFLAGS: 00010046 CPU: 0
EIP is at kfree+0x78/0x90
EAX: 40000000 EBX: 00000004 ECX: 00000000 EDX: c13f5d20
ESI: fffffdfe EDI: dfae9e50 EBP: 00000282 ESP: dfae9e2c
DS: 007b ES: 007b FS: 0000 GS: 0033 SS: 0068
Process udevd (pid: 469, ti=dfae8000 task=df88d550 task.ti=dfae8000)
Stack: 00000004 fffffdfe dfae9e68 dfae9e50 c017c851 de950160 de954e10 1e954e10
00000007 00000078 00000000 00000000 00000000 00000000 00000000 c0176737
c024bfda c024bfda df406724 c023a1fc 00000001 c017839e dfae9f54 dfb3d00b
Call Trace:
[<c017c851>] core_sys_select+0x101/0x310
[<c0176737>] permission+0xb7/0x130
[<c024bfda>] _atomic_dec_and_lock+0x2a/0x50
[<c024bfda>] _atomic_dec_and_lock+0x2a/0x50
[<c023a1fc>] security_inode_permission+0x1c/0x20
[<c017839e>] __link_path_walk+0x4ae/0xf90
[<c016710f>] shmem_truncate_range+0x2f/0x980
[<c024bfda>] _atomic_dec_and_lock+0x2a/0x50
[<c0186073>] mntput_no_expire+0x13/0xa0
[<c0178ee3>] link_path_walk+0x63/0xc0
[<c011b0f0>] default_wake_function+0x0/0x10
[<c015b0e0>] do_wp_page+0x210/0x500
[<c0239d1c>] security_task_wait+0xc/0x10
[<c0120be4>] eligible_child+0x94/0x100
[<c0133399>] remove_wait_queue+0x39/0x60
[<c01218b2>] do_wait+0x2f2/0xca0
[<c015c7fc>] handle_mm_fault+0x45c/0x650
[<c017cf3b>] sys_select+0x4b/0x1c0
[<c0122291>] sys_wait4+0x31/0x40
[<c010416e>] sysenter_past_esp+0x5f/0x85
=======================
Code: 1c 86 8b 03 3b 43 04 73 15 89 7c 83 10 40 89 03 55 9d 5b 5e 5f 5d c3 8b 52 0c 8b 0a eb c5 89 f0 89 da e8 8c fe ff ff 8b 03 eb de <0f> 0b eb fe 8d 74 26 00 8b 52 0c eb b9 8d 74 26 00 8d bc 27 00
EIP: [<c016aee8>] kfree+0x78/0x90 SS:ESP 0068:dfae9e2c
---[ end trace 2120956512df61c0 ]---[/code1mdn0adn]

----------- second problem ?
With my previous vanilla-2.6.24 and rt2500pci-1.0.10 I was never able to have a stable connection
[code1mdn0adn]"No ProbeResp from current AP xxx - assume out of range"
"authentication with AP xxx timed out"[/code1mdn0adn]
(this last once a day to sometimes ... twice a minute)
In those cases, I sometimes can bring up the connexion with
[code1mdn0adn]iwconfig wlan0 ap xxx[/code1mdn0adn]
but most of time I must remove the module (even "ifconfig wlan0 down" doesn't "reset" the driver to a "working" state).
Since 2.6.24-rc* the Bit Rate is fixed to 1Mb/s and I can't get more that 30kB/s.

(That's why I was looking deeply to the last version (wireless tree) and dumped the above oops)

My card is a ovislink rt2500pci (B/G)
My AP is a pcmcia wpcb-152g on a freebox (B only) (free.fr ISP)

For the oops, I let the developpers understand and work if my dumps are useful )
For the deassociation behavior in the current vanilla, do I need to catch the deauthentification frame (sent || received ?) (wireshark or debugfs) and how to be precisely at time to catch the deassociation frame.

Sorry for that noob smelling post if it's not clear or usefull as it should have been on this forum.
As I'm not sure about how this problem is linked to, I put it in a maybe not so adapted thread to avoid to create a useless one.

Thank for work.

IvD

09-02-2008 11:17:25

All crashes and panics you mentioned above have been fixed in rt2x00.git. I'll send all patches to wireless-2.6 later today (as the 2.1.1 release).

The rate issue has also been resolved in later versions, so that should be fixed as of 2.0.14 (which is in linux-2.6.git aka kernel 2.6.24).