Bug#345647: madwifi driver causes kernel oops

Graham graham.knap at gmail.com
Mon Jan 2 14:40:07 UTC 2006 

Package: madwifi-source
Version: 20051111

I've built the module against the Debian "official" kernel
2.6.14-2-686 (version 2.6.14-7).

I have a ThinkPad A22p and an Enterasys Networks PCMCIA a/b/g card. I
will attach the output of "lspci -vvv".

When I click "scan for networks" in kwifimanager, kwifimanager
crashes, and dmesg shows this:

Unable to handle kernel paging request at virtual address 0000ffff
 printing eip:
e0aa9fff
*pde = 00000000
Oops: 0000 [#1]
Modules linked in: r128 drm ipv6 thermal fan button processor ac
battery nls_iso8859_1 nls_cp437 vfat fat ath_pci ath_rate_onoe wlan
ath_hal joydev snd_cs46xx gameport snd_rawmidi snd_seq_device
snd_ac97_codec snd_ac97_bus irtty_sir snd_pcm_oss snd_mixer_oss
sir_dev uhci_hcd snd_pcm irda i2c_piix4 ide_cd cdrom psmouse snd_timer
crc_ccitt floppy e100 mii yenta_socket rsrc_nonstatic pcmcia_core
usbcore serio_raw snd soundcore snd_page_alloc pci_hotplug parport_pc
parport intel_agp agpgart pcspkr i2c_core rtc ext3 jbd mbcache
ide_disk generic ide_generic piix ide_core evdev mousedev
CPU:    0
EIP:    0060:[<e0aa9fff>]    Tainted: P      VLI
EFLAGS: 00010246   (2.6.14-2-686)
EIP is at read_ap_result+0x1bf/0x580 [wlan]
eax: 0000ffff   ebx: da2b5e9c   ecx: 00000000   edx: de0f8c00
esi: de0f8cf5   edi: d839401c   ebp: d839401c   esp: da2b5d84
ds: 007b   es: 007b   ss: 0068
Process kwifimanager (pid: 3795, threadinfo=da2b4000 task=da12a030)
Stack: 00000292 d5da12b0 da2b5db0 00000292 da274998 00000001 de144678 d8395000
       00000000 da6c7e20 d5da1280 d5da1280 c02c4b64 00000000 00000001 00000000
       da6c7e20 00000296 da6c7e20 00000000 d5da1280 00000000 d5da12b0 c025d452
Call Trace:
 [<c02c4b64>] unix_write_space+0x34/0x70
 [<c025d452>] kfree_skbmem+0x42/0xa0
 [<c02c710d>] unix_stream_recvmsg+0x1ed/0x480
 [<e0aa4a36>] ieee80211_iterate_nodes+0x46/0x80 [wlan]
 [<e0aabe48>] ieee80211_ioctl_giwscan+0x68/0xc0 [wlan]
 [<e0aa9e40>] read_ap_result+0x0/0x580 [wlan]
 [<c026fc18>] wireless_process_ioctl+0x668/0x7d0
 [<e0b0bfa0>] ath_ioctl_giwscan+0x0/0x20 [ath_pci]
 [<c02649bd>] dev_ioctl+0x27d/0x2e0
 [<c01731b2>] do_ioctl+0x32/0x90
 [<c0173370>] vfs_ioctl+0x60/0x1e0
 [<c0173578>] sys_ioctl+0x88/0xa0
 [<c01030c5>] syscall_call+0x7/0xb
Code: 8b 43 04 89 42 04 89 ca 8b 84 24 dc 00 00 00 89 50 10 c7 03 00
00 00 00 66 c7 43 02 05 8b 8b 94 24 e0 00 00 00 8b 82 28 01 00 00 <0f>
b7 00 66 c7 43 08 01 00 69 c0 a0 86 01 00 89 43 04 8b 8c 24


Any ideas?

Thanks

-- graham
-------------- next part --------------
0000:00:00.0 Host bridge: Intel Corporation 440BX/ZX/DX - 82443BX/ZX/DX Host bridge (rev 03)
	Control: I/O- Mem+ BusMaster+ SpecCycle- MemWINV- VGASnoop- ParErr- Stepping- SERR+ FastB2B-
	Status: Cap+ 66MHz- UDF- FastB2B- ParErr- DEVSEL=medium >TAbort- <TAbort- <MAbort+ >SERR- <PERR-
	Latency: 64
	Region 0: Memory at f4000000 (32-bit, prefetchable) [size=64M]
	Capabilities: [a0] AGP version 1.0
		Status: RQ=32 Iso- ArqSz=0 Cal=0 SBA+ ITACoh- GART64- HTrans- 64bit- FW- AGP3- Rate=x1,x2
		Command: RQ=1 ArqSz=0 Cal=0 SBA+ AGP+ GART64- 64bit- FW- Rate=x2

0000:00:01.0 PCI bridge: Intel Corporation 440BX/ZX/DX - 82443BX/ZX/DX AGP bridge (rev 03) (prog-if 00 [Normal decode])
	Control: I/O+ Mem+ BusMaster+ SpecCycle+ MemWINV+ VGASnoop- ParErr- Stepping- SERR- FastB2B-
	Status: Cap- 66MHz+ UDF- FastB2B- ParErr- DEVSEL=medium >TAbort- <TAbort- <MAbort- >SERR- <PERR-
	Latency: 128
	Bus: primary=00, secondary=01, subordinate=01, sec-latency=64
	I/O behind bridge: 00002000-00002fff
	Memory behind bridge: f0200000-f02fffff
	Prefetchable memory behind bridge: f8000000-fbffffff
	BridgeCtl: Parity- SERR- NoISA+ VGA+ MAbort- >Reset- FastB2B+

0000:00:02.0 CardBus bridge: Texas Instruments PCI1450 (rev 03)
	Subsystem: IBM Thinkpad T20
	Control: I/O+ Mem+ BusMaster+ SpecCycle- MemWINV- VGASnoop- ParErr- Stepping- SERR- FastB2B-
	Status: Cap+ 66MHz- UDF- FastB2B- ParErr- DEVSEL=medium >TAbort- <TAbort- <MAbort- >SERR- <PERR-
	Latency: 168, Cache Line Size: 0x08 (32 bytes)
	Interrupt: pin A routed to IRQ 10
	Region 0: Memory at 50000000 (32-bit, non-prefetchable) [size=4K]
	Bus: primary=00, secondary=02, subordinate=05, sec-latency=176
	Memory window 0: 30000000-31fff000 (prefetchable)
	Memory window 1: 32000000-33fff000
	I/O window 0: 00001400-000014ff
	I/O window 1: 00001c00-00001cff
	BridgeCtl: Parity- SERR- ISA- VGA- MAbort- >Reset- 16bInt- PostWrite+
	16-bit legacy interface ports at 0001

0000:00:02.1 CardBus bridge: Texas Instruments PCI1450 (rev 03)
	Subsystem: IBM Thinkpad T20
	Control: I/O+ Mem+ BusMaster+ SpecCycle- MemWINV- VGASnoop- ParErr- Stepping- SERR- FastB2B-
	Status: Cap+ 66MHz- UDF- FastB2B- ParErr- DEVSEL=medium >TAbort- <TAbort- <MAbort- >SERR- <PERR-
	Latency: 168, Cache Line Size: 0x08 (32 bytes)
	Interrupt: pin B routed to IRQ 10
	Region 0: Memory at 50100000 (32-bit, non-prefetchable) [size=4K]
	Bus: primary=00, secondary=06, subordinate=09, sec-latency=176
	Memory window 0: 34000000-35fff000 (prefetchable)
	Memory window 1: 36000000-37fff000
	I/O window 0: 00003000-000030ff
	I/O window 1: 00003400-000034ff
	BridgeCtl: Parity- SERR- ISA- VGA- MAbort- >Reset+ 16bInt+ PostWrite+
	16-bit legacy interface ports at 0001

0000:00:03.0 Ethernet controller: Intel Corporation 82557/8/9 [Ethernet Pro 100] (rev 0c)
	Subsystem: Intel Corporation EtherExpress PRO/100 SP Mobile Combo Adapter
	Control: I/O+ Mem+ BusMaster+ SpecCycle- MemWINV+ VGASnoop- ParErr- Stepping- SERR- FastB2B-
	Status: Cap+ 66MHz- UDF- FastB2B+ ParErr- DEVSEL=medium >TAbort- <TAbort- <MAbort- >SERR- <PERR-
	Latency: 66 (2000ns min, 14000ns max), Cache Line Size: 0x08 (32 bytes)
	Interrupt: pin A routed to IRQ 11
	Region 0: Memory at f0120000 (32-bit, non-prefetchable) [size=4K]
	Region 1: I/O ports at 1800 [size=64]
	Region 2: Memory at f0100000 (32-bit, non-prefetchable) [size=128K]
	Expansion ROM at 38000000 [disabled] [size=64K]
	Capabilities: [dc] Power Management version 2
		Flags: PMEClk- DSI+ D1+ D2+ AuxCurrent=0mA PME(D0+,D1+,D2+,D3hot+,D3cold+)
		Status: D0 PME-Enable- DSel=0 DScale=2 PME-

0000:00:03.1 Serial controller: Agere Systems LT WinModem (rev 01) (prog-if 00 [8250])
	Subsystem: Intel Corporation: Unknown device 2205
	Control: I/O+ Mem+ BusMaster- SpecCycle- MemWINV- VGASnoop- ParErr- Stepping- SERR- FastB2B-
	Status: Cap+ 66MHz- UDF- FastB2B- ParErr- DEVSEL=medium >TAbort- <TAbort- <MAbort- >SERR- <PERR-
	Interrupt: pin A routed to IRQ 11
	Region 0: I/O ports at 1840 [size=8]
	Region 1: Memory at f0121000 (32-bit, non-prefetchable) [size=4K]
	Capabilities: [dc] Power Management version 2
		Flags: PMEClk- DSI+ D1+ D2+ AuxCurrent=0mA PME(D0+,D1+,D2+,D3hot+,D3cold+)
		Status: D0 PME-Enable- DSel=0 DScale=2 PME-

0000:00:05.0 Multimedia audio controller: Cirrus Logic CS 4614/22/24 [CrystalClear SoundFusion Audio Accelerator] (rev 01)
	Subsystem: IBM: Unknown device 0153
	Control: I/O- Mem+ BusMaster+ SpecCycle- MemWINV- VGASnoop- ParErr- Stepping- SERR- FastB2B-
	Status: Cap+ 66MHz- UDF- FastB2B- ParErr- DEVSEL=slow >TAbort- <TAbort- <MAbort- >SERR- <PERR-
	Latency: 64 (1000ns min, 6000ns max)
	Interrupt: pin A routed to IRQ 10
	Region 0: Memory at f0122000 (32-bit, non-prefetchable) [size=4K]
	Region 1: Memory at f0000000 (32-bit, non-prefetchable) [size=1M]
	Capabilities: [40] Power Management version 2
		Flags: PMEClk- DSI+ D1+ D2+ AuxCurrent=0mA PME(D0-,D1-,D2-,D3hot-,D3cold-)
		Status: D0 PME-Enable- DSel=0 DScale=0 PME-

0000:00:07.0 Bridge: Intel Corporation 82371AB/EB/MB PIIX4 ISA (rev 02)
	Control: I/O+ Mem+ BusMaster+ SpecCycle+ MemWINV- VGASnoop- ParErr- Stepping- SERR- FastB2B-
	Status: Cap- 66MHz- UDF- FastB2B+ ParErr- DEVSEL=medium >TAbort- <TAbort- <MAbort- >SERR- <PERR-
	Latency: 0

0000:00:07.1 IDE interface: Intel Corporation 82371AB/EB/MB PIIX4 IDE (rev 01) (prog-if 80 [Master])
	Control: I/O+ Mem- BusMaster+ SpecCycle- MemWINV- VGASnoop- ParErr- Stepping- SERR- FastB2B-
	Status: Cap- 66MHz- UDF- FastB2B+ ParErr- DEVSEL=medium >TAbort- <TAbort- <MAbort- >SERR- <PERR-
	Latency: 64
	Region 4: I/O ports at 1850 [size=16]

0000:00:07.2 USB Controller: Intel Corporation 82371AB/EB/MB PIIX4 USB (rev 01) (prog-if 00 [UHCI])
	Control: I/O+ Mem- BusMaster+ SpecCycle- MemWINV- VGASnoop- ParErr- Stepping- SERR- FastB2B-
	Status: Cap- 66MHz- UDF- FastB2B+ ParErr- DEVSEL=medium >TAbort- <TAbort- <MAbort- >SERR- <PERR-
	Latency: 64
	Interrupt: pin D routed to IRQ 11
	Region 4: I/O ports at 1860 [size=32]

0000:00:07.3 Bridge: Intel Corporation 82371AB/EB/MB PIIX4 ACPI (rev 03)
	Control: I/O+ Mem+ BusMaster- SpecCycle- MemWINV- VGASnoop- ParErr- Stepping- SERR- FastB2B-
	Status: Cap- 66MHz- UDF- FastB2B+ ParErr- DEVSEL=medium >TAbort- <TAbort- <MAbort- >SERR- <PERR-
	Interrupt: pin ? routed to IRQ 9

0000:01:00.0 VGA compatible controller: ATI Technologies Inc Rage Mobility M3 AGP 2x (rev 02) (prog-if 00 [VGA])
	Subsystem: IBM: Unknown device 0155
	Control: I/O+ Mem+ BusMaster+ SpecCycle- MemWINV- VGASnoop- ParErr- Stepping+ SERR- FastB2B+
	Status: Cap+ 66MHz+ UDF- FastB2B+ ParErr- DEVSEL=medium >TAbort- <TAbort- <MAbort- >SERR- <PERR-
	Latency: 66 (2000ns min), Cache Line Size: 0x08 (32 bytes)
	Interrupt: pin A routed to IRQ 10
	Region 0: Memory at f8000000 (32-bit, prefetchable) [size=64M]
	Region 1: I/O ports at 2000 [size=256]
	Region 2: Memory at f0200000 (32-bit, non-prefetchable) [size=16K]
	Expansion ROM at f0220000 [disabled] [size=128K]
	Capabilities: [50] AGP version 2.0
		Status: RQ=32 Iso- ArqSz=0 Cal=0 SBA+ ITACoh- GART64- HTrans- 64bit- FW- AGP3- Rate=x1,x2
		Command: RQ=32 ArqSz=0 Cal=0 SBA+ AGP+ GART64- 64bit- FW- Rate=x2
	Capabilities: [5c] Power Management version 2
		Flags: PMEClk- DSI- D1+ D2+ AuxCurrent=0mA PME(D0-,D1-,D2-,D3hot-,D3cold-)
		Status: D0 PME-Enable- DSel=0 DScale=0 PME-

0000:02:00.0 Ethernet controller: Atheros Communications, Inc. AR5212 802.11abg NIC (rev 01)
	Subsystem: Unknown device 1804:0010
	Control: I/O- Mem+ BusMaster+ SpecCycle- MemWINV- VGASnoop- ParErr- Stepping- SERR- FastB2B-
	Status: Cap+ 66MHz- UDF- FastB2B+ ParErr- DEVSEL=medium >TAbort- <TAbort- <MAbort- >SERR- <PERR-
	Latency: 168 (2500ns min, 7000ns max), Cache Line Size: 0x08 (32 bytes)
	Interrupt: pin A routed to IRQ 10
	Region 0: Memory at 32000000 (32-bit, non-prefetchable) [size=64K]
	Capabilities: [44] Power Management version 2
		Flags: PMEClk- DSI- D1- D2- AuxCurrent=0mA PME(D0-,D1-,D2-,D3hot-,D3cold-)
		Status: D0 PME-Enable- DSel=0 DScale=2 PME-

More information about the Pkg-madwifi-maintainers mailing list