oops in rt2500usb ad-hoc mode

Live forum: http://rt2x00.serialmonkey.com/viewtopic.php?t=4871

cengique

01-07-2008 03:33:56

Hi, I have a D-link DWL-G122 USB dongle with a device ID number recognized by the rt2500usb driver

[code29qnj4jh]# lsusb -d 2001:3c00
Bus 002 Device 004: ID 2001:3c00 D-Link Corp. [hex] DWL-G122 802.11g rev. B1 [ralink]
[/code29qnj4jh]

I was originally trying to get the master mode working, so I got the cloned the git repositories of rt2x00 kernel, hostapd and nl80211. I have wl-45698 with IvD's latest patch.

However, when I set up an Ad-hoc network and bring the interface up, I get a kernel OOPS in an encrypt routine

[code29qnj4jh]
phy0 -> rt2500usb_validate_eeprom: EEPROM recovery - NIC: 0xfff0
phy0 -> rt2x00_set_chip: Info - Chipset detected - rt: 1201, rf: 0005, rev: 00000005.
phy0: Selected rate control algorithm 'pid'
<...cut...>
wlan0: Trigger new scan to find an IBSS to join
wlan0: Trigger new scan to find an IBSS to join
wlan0: Creating new IBSS network, BSSID fe:ca:45:be:7d:00
BUG: unable to handle kernel NULL pointer dereference at 00000000
IP: [<f8a34110>] :rt2x00lib:rt2x00crypto_key_to_cipher+0x0/0x30
*pde = 00000000
Oops: 0000 [#1] PREEMPT SMP
Modules linked in: rtc cpufreq_ondemand cpufreq_userspace cpufreq_powersave acpi_cpufreq speedstep_lib rfcomm l2cap bluetooth isofs irda crc_ccitt af_packet nfs lockd nfs_acl sunrpc nls_utf8 nls_cp437 vfat fat fuse it87 hwmon_vid eeprom i2c_dev dvb_bt8xx nxt6000 mt352 sp887x dst_ca dst bt878 or51211 zl10353 lgdt330x dvb_core cx24110 tuner tea5767 tda8290 tda18271 tuner_xc2028 xc5000 tda9887 tuner_simple tuner_types mt20xx tea5761 arc4 ecb crypto_blkcipher bttv videodev v4l1_compat ir_common compat_ioctl32 rt2500usb rt2x00usb rt2x00lib i2c_algo_bit snd_hda_intel firmware_class v4l2_common videobuf_dma_sg videobuf_core btcx_risc mac80211 snd_pcm snd_timer snd tveeprom i2c_nforce2 cfg80211 soundcore button dv1394 raw1394 i2c_core joydev evdev snd_page_alloc ext3 jbd dm_mod usbhid usb_storage sd_mod ide_cd_mod cdrom ide_disk ohci1394 sata_nv ohci_hcd ieee1394 ehci_hcd libata scsi_mod dock skge bitrev crc32 amd74xx ide_core usbcore thermal processor fan unix

Pid: 2488, comm: rt2500usb Not tainted (2.6.26-rc8testing-wl-45968-g3008ad8 #3)
EIP: 0060:[<f8a34110>] EFLAGS: 00010246 CPU: 0
EIP is at rt2x00crypto_key_to_cipher+0x0/0x30 [rt2x00lib]
EAX: 00000000 EBX: f7893e38 ECX: 00000000 EDX: f674adac
ESI: f6fdde20 EDI: 00000045 EBP: d5945620 ESP: f7893dec
DS: 007b ES: 007b FS: 00d8 GS: 0000 SS: 0068
Process rt2500usb (pid: 2488, ti=f7892000 task=f6f51960 task.ti=f7892000)
Stack: f8a33c21 f674ada0 f5003424 00000000 f659fd80 00000004 d5945600 f6fdde34
f66f2708 f8a3f0b1 f5003424 d5945cc0 00000286 f5003424 f674ada0 f6d17400
f6fdde34 00000004 d5945600 00000200 00000010 00000000 00000000 00020000
Call Trace:
[<f8a33c21>] rt2x00queue_create_tx_descriptor+0x271/0x300 [rt2x00lib]
[<f8a3f0b1>] rt2500usb_beacon_update+0x51/0x1d0 [rt2500usb]
[<f89eb35a>] ieee80211_sta_join_ibss+0x2ea/0x4f0 [mac80211]
[<c012a694>] local_bh_enable_ip+0x44/0xa0
[<f89eb63f>] ieee80211_rx_bss_add+0xdf/0x120 [mac80211]
[<f89ecc68>] ieee80211_sta_find_ibss+0x398/0x4a0 [mac80211]
[<c011c44b>] try_to_wake_up+0x7b/0x130
[<f89ed0aa>] ieee80211_scan_completed+0x21a/0x250 [mac80211]
[<f89efe70>] ieee80211_sta_scan_work+0x0/0x1d0 [mac80211]
[<c01359fa>] run_workqueue+0x7a/0x120
[<c02e8f00>] _spin_lock_irqsave+0x20/0x30
[<c0138f20>] autoremove_wake_function+0x0/0x50
[<c0136328>] worker_thread+0x98/0xf0
[<c0138f20>] autoremove_wake_function+0x0/0x50
[<c0136290>] worker_thread+0x0/0xf0
[<c0138c12>] kthread+0x42/0x70
[<c0138bd0>] kthread+0x0/0x70
[<c0103cff>] kernel_thread_helper+0x7/0x18
=======================
Code: ff 8b 47 04 8b 50 24 8b 87 a8 01 00 00 83 c0 38 e8 b6 f4 ff ff 85 c0 74 99 89 c3 e9 3a ff ff ff 90 90 90 90 90 90 90 90 90 90 90 <8b> 10 89 c1 b8 03 00 00 00 83 fa 01 74 0c 73 10 31 c0 80 79 07
EIP: [<f8a34110>] rt2x00crypto_key_to_cipher+0x0/0x30 [rt2x00lib] SS:ESP 0068:f7893dec
---[ end trace f6eb75444dd892fe ]---
phy0: Adding new IBSS station 00:1a:70:a3:93:af (dev=wlan0)
phy0: Adding new IBSS station 00:1b:77:9b:8c:53 (dev=wlan0)
phy0: Adding new IBSS station 00:1f:e1:8d:92:8d (dev=wlan0)
phy0: Adding new IBSS station 00:c0:a8:c2:26:0b (dev=wlan0)
phy0: Adding new IBSS station 00:15:00:1b:f9:37 (dev=wlan0)
phy0: Adding new IBSS station 00:1a:73:cc:e5:5b (dev=wlan0)
[/code29qnj4jh]

This happens consistently regardless I setup an encrypted or open authentication network. I attached the output of the regdump.txt script from this forum.

I tried to remove the latest HW encryption patch by disabling it from the kernel configuration, but that brought up another problem. When the rt2500usb HW encryption option is disabled, the kernel fails to compile

[code29qnj4jh] CC [M] drivers/net/wireless/rt2x00/rt2500usb.o
drivers/net/wireless/rt2x00/rt2500usb.c:1903: error: rt2500usb_config_key undeclared here (not in a function)[/code29qnj4jh]

It looks like the #ifdef created an undefined symbol error.

I don't get an OOPs with the managed mode, but it never associates with an AP. In master mode, I get hostap to setup the card, but I don't receive any beacons from external wireless hosts. I get a lot of "MGMT (TX callback) fail" messages. This may have to do with the rt2500usb not sending the beacon right. I'll give more info on that later.

Do you think is there anything I can do to improve this situation, or I am at the limit of what this driver can do?

Any input is appreciated.

IvD

01-07-2008 08:41:43

Both NULL pointer dereference with HW_CRYPTO enabled and the compile error when HW_CRYPTO is disabled have been fixed in latest rt2x00.git.

cengique

02-07-2008 05:12:46

Both NULL pointer dereference with HW_CRYPTO enabled and the compile error when HW_CRYPTO is disabled have been fixed in latest rt2x00.git.[/quote2j2ywkre]

Indeed they are, thanks for all the good work! It means I just had to wait another day. )

I'm now able to start a new, or connect to an existing, Ad-hoc network. I can see that the dongle associates with the correct Cell address. However, I cannot ping or see the interface from other computers. Curiously, iwconfig (wireless-tools 30, WE v22) always reports that the link quality and signal as zero. Also, even though the power led comes up whenever I bring up the interface, the transmit led never blinks the way it does when running it in Windows.

Unfortunately, I did not get any improvements from the latest patches when I ran hostapd. It still gives "MGMT (TX callback) fail" messages in response to refreshing wireless lists on a nearby laptop. The trasmit led is not blinking. [attachment=12j2ywkre]hostapd-rt2500usb-dump2.txt[/attachment2j2ywkre]
[attachment=02j2ywkre]hostapd-iwconfig-wl-45975.txt[/attachment2j2ywkre]
I was unable to capture the output of hostapd I cannot find the syslog output anywhere, even though I looked into the code and verified that it should show up in /var/log/daemon. Forwarding the stdout cancels the output, so I couldn't capture that either. Do you know of any other way other than copying-and-pasting it (that's hard, too, because I'm on the text console left only with amnesic gpm)?

Please let me know how can I help to debug this further. Any response will be greatly appreciated.

IvD

02-07-2008 08:59:51

Both NULL pointer dereference with HW_CRYPTO enabled and the compile error when HW_CRYPTO is disabled have been fixed in latest rt2x00.git.[/quote2o2kk4is]

Indeed they are, thanks for all the good work! It means I just had to wait another day. )
[/quote2o2kk4is]

Well you still had to report the issue otherwise I wouldn't know it was broken. ;)


Please let me know how can I help to debug this further. Any response will be greatly appreciated.[/quote2o2kk4is]


Could you try disabling HW crypto? It hasn't been tested that well yet, and I am not sure if it even works.

cengique

02-07-2008 15:54:40

Well you still had to report the issue otherwise I wouldn't know it was broken. ;)
[/quote17oeqtm4]

Haha, I wasn't sure about that. I'm glad I was useful for something.


Could you try disabling HW crypto? It hasn't been tested that well yet, and I am not sure if it even works.[/quote17oeqtm4]

No change. It feels like it's almost working in ad-hoc mode, but I can get no pings across. hostapd behavior is the same, too. I haven't patched in your latest changes, though. I will try again later.

cengique

03-07-2008 04:18:42

I updated to the latest patches in wl-46035. I haven't seen any improvements to my problem, though.

I think my dongle can receive signals, but it is unable to send anything out. When I join an adhoc network with [codewmuxooa9]pre-up iwconfig wlan0 mode ad-hoc essid cengobok key s:xxxxx channel 9[/codewmuxooa9]I can see that it gets the correct cell address
[codewmuxooa9]wlan0 IEEE 802.11bg ESSID:"cengobok\x00"
Mode:Ad-Hoc Frequency:2.452 GHz Cell: 76:36:68:C6:CF:A1
Tx-Power=24 dBm
Retry min limit:7 RTS thr=2347 B Fragment thr=2346 B
Encryption key:776F-6F64-35
Link Quality:0 Signal level:0 Noise level:0
Rx invalid nwid:0 Rx invalid crypt:0 Rx invalid frag:0
Tx excessive retries:0 Invalid misc:0 Missed beacon:0
[/codewmuxooa9]and I see some initialization [codewmuxooa9]wlan0: Selected IBSS BSSID 76:36:68:c6:cf:a1 based on configured SSID
wlan0: Configured IBSS beacon template
phy0 -> rt2x00mac_conf_tx: Info - Configured TX queue 0 - CWmin: 4, CWmax: 10, Aifs: 2.
phy0 -> rt2x00mac_conf_tx: Info - Configured TX queue 1 - CWmin: 4, CWmax: 10, Aifs: 2.
[/codewmuxooa9]
Moreover, when I look at the statistics in output of 'ifconfig wlan0', I can see that the RX count increases [bwmuxooa9]if I ping this interface from outside[/bwmuxooa9]. The TX count increases [bwmuxooa9]when I ping outside computers from this interface[/bwmuxooa9]. Of course all pings fail.

Same thing happens with hostapd. I can see broadcast requests, but I don't get any responses back. The three probe requests at the end were initiated from a nearby laptop [codewmuxooa9]salon:~# hostapd -dd /etc/hostapd/hostapd-new.conf
Configuration file: /etc/hostapd/hostapd-new.conf
ctrl_interface_group=0
Opening raw packet socket for ifindex -1211305540
BSS count 1, BSSID mask ff:ff:ff:ff:ff:ff (0 bits)
SIOCGIWRANGE: WE(compiled)=22 WE(source)=21 enc_capa=0xf
Failed to update rate sets in kernel module
RATE[0] rate=10 flags=0x2
RATE[1] rate=20 flags=0x6
RATE[2] rate=55 flags=0x6
RATE[3] rate=110 flags=0x6
RATE[4] rate=60 flags=0x0
RATE[5] rate=90 flags=0x0
RATE[6] rate=120 flags=0x0
RATE[7] rate=180 flags=0x0
RATE[8] rate=240 flags=0x0
RATE[9] rate=360 flags=0x0
RATE[10] rate=480 flags=0x0
RATE[11] rate=540 flags=0x0
Could not set passive scanning: Unknown error 4294967295
Flushing old station entries
Deauthenticate all stations
Mode: IEEE 802.11g Channel: 7 Frequency: 2442 MHz
Failed to set CTS protect in kernel driver
Failed to set Short Slot Time option in kernel driver
Could not set preamble for kernel driver
Using interface wlan0 with hwaddr 00:13:46:e5:07:a3 and ssid 'centest'
Failed to set CTS protect in kernel driver
Failed to set Short Slot Time option in kernel driver
Could not set preamble for kernel driver
wlan0: Setup of interface done.
MGMT (TX callback) ACK
Wireless event: cmd=0x8b04 len=12
unknown vendor specific information element ignored (vendor OUI 00:10:18 len=9)
STA 00:1a:73:cc:e5:5b sent probe request for broadcast SSID
MGMT (TX callback) fail
mgmt::proberesp cb
unknown vendor specific information element ignored (vendor OUI 00:10:18 len=9)
STA 00:1a:73:cc:e5:5b sent probe request for broadcast SSID
MGMT (TX callback) fail
mgmt::proberesp cb
unknown vendor specific information element ignored (vendor OUI 00:10:18 len=9)
STA 00:1a:73:cc:e5:5b sent probe request for broadcast SSID
MGMT (TX callback) fail
mgmt::proberesp cb
Signal 2 received - terminating
Flushing old station entries
Deauthenticate all stations
[/codewmuxooa9]

My hostapd-new.conf is [codewmuxooa9]interface=wlan0
driver=nl80211
logger_syslog=-1
logger_syslog_level=0
logger_stdout=-1
logger_stdout_level=0
dump_file=/tmp/hostapd.dump
ctrl_interface=/var/run/hostapd
ctrl_interface_group=0
ssid=centest
hw_mode=g
channel=7
beacon_int=100
dtim_period=2
max_num_sta=255
rts_threshold=2347
fragm_threshold=2346
macaddr_acl=0
auth_algs=3
ignore_broadcast_ssid=0
wme_enabled=1
wme_ac_bk_cwmin=4
wme_ac_bk_cwmax=10
wme_ac_bk_aifs=7
wme_ac_bk_txop_limit=0
wme_ac_bk_acm=0
wme_ac_be_aifs=3
wme_ac_be_cwmin=4
wme_ac_be_cwmax=10
wme_ac_be_txop_limit=0
wme_ac_be_acm=0
wme_ac_vi_aifs=2
wme_ac_vi_cwmin=3
wme_ac_vi_cwmax=4
wme_ac_vi_txop_limit=94
wme_ac_vi_acm=0
wme_ac_vo_aifs=2
wme_ac_vo_cwmin=2
wme_ac_vo_cwmax=3
wme_ac_vo_txop_limit=47
wme_ac_vo_acm=0
eapol_key_index_workaround=0
eap_server=0
own_ip_addr=127.0.0.1
[/codewmuxooa9]

Thanks again for listening. Let me know if you want me to try anything else.