Bug#405932: madwifi-source: Null Pointer BUG() Oops in procfs cleanup on modprobe -r ath-pci

thomas schorpp t.schorpp at gmx.de
Tue Jan 23 01:18:02 CET 2007 

Kel Modderman wrote:
> Hi,
> 
> On Sunday 07 January 2007 23:03, tom schorpp wrote:
> 
>>Package: madwifi-source
>>Version: 1:0.9.2+r1842.20061207-2
>>Severity: important
>>
>>Jan  7 11:35:17 tom3 kernel: BUG: unable to handle kernel NULL pointer
>>dereference at virtual address 00000005
>>Jan  7 11:35:17 tom3 kernel:  printing eip:
>>Jan  7 11:35:17 tom3 kernel: c018604f
>>Jan  7 11:35:17 tom3 kernel: *pde = 00000000
>>Jan  7 11:35:17 tom3 kernel: Oops: 0000 [#1]
>>Jan  7 11:35:17 tom3 kernel: SMP
>>Jan  7 11:35:17 tom3 kernel: Modules linked in: wlan_scan_ap wlan_scan_sta
>>ath_pci ath_rate_sample wlan ath_hal bnep rfcomm l2cap bluetooth
>>snd_mixer_oss ip6table_filter ip6_tables ipv6 ipt_MASQUERADE iptable_nat
>>ip_nat ipt_TCPMSS xt_state ip_conntrack nfnetlink xt_limit xt_tcpudp
>>iptable_filter ip_tables x_tables parport_pc parport pcspkr ehci_hcd
>>8139too 8139cp mii snd_ens1371 snd_rawmidi snd_seq_device snd_ac97_codec
>>snd_ac97_bus snd_pcm snd_timer snd snd_page_alloc es1371 gameport soundcore
>>ac97_codec i2c_piix4 i2c_core usblp uhci_hcd usbcore shpchp pci_hotplug
>>intel_agp agpgart sd_mod scsi_mod ide_cd cdrom rtc ext3 jbd mbcache
>>ide_disk generic piix ide_core evdev Jan  7 11:35:17 tom3 kernel: CPU:    0
>>Jan  7 11:35:17 tom3 kernel: EIP:    0060:[remove_proc_entry+46/395]   
>>Tainted: PF     VLI Jan  7 11:35:17 tom3 kernel: EFLAGS: 00010286  
>>(2.6.18-3-686 #1)
>>Jan  7 11:35:17 tom3 kernel: EIP is at remove_proc_entry+0x2e/0x18b
>>Jan  7 11:35:17 tom3 kernel: eax: 00000000   ebx: 00000000   ecx: ffffffff 
>> edx: c29f7f80 Jan  7 11:35:17 tom3 kernel: esi: c53aa2c0   edi: 00000005  
>>ebp: c53aa000   esp: c5941e8c Jan  7 11:35:17 tom3 kernel: ds: 007b   es:
>>007b   ss: 0068
>>Jan  7 11:35:17 tom3 kernel: Process modprobe (pid: 1030, ti=c5940000
>>task=c94c2550 task.ti=c5940000)
>>Jan  7 11:35:17 tom3 kernel: Stack: c29f7f80 00000005 00000000 c53aa2c0
>>c3c882c4 c53aa000 ccb16d79 c53aa2c0
>>Jan  7 11:35:17 tom3 kernel:        c3c882c0 ccb00fab c3c882c0 c3c882c0
>>c61f8000 c53aa2c0 ccabb34c c3c88000
>>Jan  7 11:35:17 tom3 kernel:        c61f8000 c3c882c0 c3c88000 c61f8000
>>00000080 ccb0100c c3c882c0 ccab7c77
>>Jan  7 11:35:17 tom3 kernel: Call Trace:
>>Jan  7 11:35:17 tom3 kernel:  [pg0+209247609/1070027776]
>>ieee80211_sysctl_vdetach+0x63/0xc7 [wlan]
>>Jan  7 11:35:17 tom3 kernel:  [pg0+209158059/1070027776]
>>ieee80211_vap_detach+0x83/0xd4 [wlan]
>>Jan  7 11:35:17 tom3 kernel:  [pg0+208872268/1070027776]
>>ath_vap_delete+0x135/0x290 [ath_pci]
>>Jan  7 11:35:17 tom3 kernel:  [pg0+209158156/1070027776]
>>ieee80211_ifdetach+0x10/0x75 [wlan]
>>Jan  7 11:35:17 tom3 kernel:  [pg0+208858231/1070027776]
>>ath_detach+0x69/0xd5 [ath_pci] Jan  7 11:35:17 tom3 kernel: 
>>[pg0+208890371/1070027776] ath_pci_remove+0x11/0x61 [ath_pci] Jan  7
>>11:35:17 tom3 kernel:  [pci_device_remove+22/40]
>>pci_device_remove+0x16/0x28 Jan  7 11:35:17 tom3 kernel: 
>>[__device_release_driver+90/114]
>>__device_release_driver+0x5a/0x72
>>Jan  7 11:35:17 tom3 kernel:  [driver_detach+96/141]
>>driver_detach+0x60/0x8d Jan  7 11:35:17 tom3 kernel: 
>>[bus_remove_driver+87/117] bus_remove_driver+0x57/0x75 Jan  7 11:35:17 tom3
>>kernel:  [driver_unregister+8/19] driver_unregister+0x8/0x13 Jan  7
>>11:35:17 tom3 kernel:  [pci_unregister_driver+12/88]
>>pci_unregister_driver+0xc/0x58 Jan  7 11:35:17 tom3 kernel: 
>>[pg0+208891277/1070027776] exit_ath_pci+0xf/0x22 [ath_pci] Jan  7 11:35:17
>>tom3 kernel:  [sys_delete_module+429/468] sys_delete_module+0x1ad/0x1d4 Jan
>> 7 11:35:17 tom3 kernel:  [remove_vma+49/54] remove_vma+0x31/0x36 Jan  7
>>11:35:17 tom3 kernel:  [do_munmap+385/411] do_munmap+0x181/0x19b Jan  7
>>11:35:17 tom3 kernel:  [sysenter_past_esp+86/121]
>>sysenter_past_esp+0x56/0x79 Jan  7 11:35:17 tom3 kernel: Code: 53 83 ec 08
>>85 d2 89 14 24 89 44 24 04 75 13 8d 4c 24 04 89 e2 e8 4f ff ff ff 85 c0 0f
>>85 5f 01 00 00 8b 7c 24 04 31 c0 83 c9 ff <f2> ae f7 d1 49 b8 00 00 2d c0
>>89 cd e8 59 af 0f 00 8b 3c 24 8b
>>Jan  7 11:35:17 tom3 kernel: EIP: [remove_proc_entry+46/395]
>>remove_proc_entry+0x2e/0x18b SS:ESP 0068:c5941e8c
>>
>>steps to reproduce:
>>create the usual 3 sta,mon,ap vaps with bssid option from wifi0
>>change mac of sta vap with ifconfig
>>ifup inet static x.x.3.1 ip ap vap
>>iwconfig sta vap to associate some remote ap
>>ifconfig x.x.1.y ip and route sta vap, ping remote ap with > 20% packet
>>loss maybe use airodump-ng with mon vap or dont
>>ifdown ap vap, sta vap, mon vap, wifi0
>>modprobe -r ath-pci
>>...
>>should BUG() with reboot necessary
>>
> 
> 
> I think VAP technology is still just too unstable to be usable. This trace 
> looks very similar to that of #407270, and I swear I've seen it on the 
> madwifi.org bug tracker numerous times. Will look into it.
> 
> Thanks, Kel.
> 

hi,

well, n.p., has been reported just for this debian package, cause urgent and critical.

fixed in later SVN revs, recommended from my last madwifi try should be rev. 1886 
for confirmed stable hostapd (with 3 vap, 1 sta, 1 mon, 1 ap) and wpa_supplicant (no vap) 
(official hostap project stable releases) operation at this time. 

FYI
with svn 1968 I've got stuck beacons, hal state 3 errors on D-Link DWL-G650 C3, 
forgotten GTK handshakes in RSN mode w EAP-TLS due to heavy development ;)

y
tom

More information about the Pkg-madwifi-maintainers mailing list