Bug#405932: madwifi-source: Null Pointer BUG() Oops in procfs cleanup on modprobe -r ath-pci

Kel Modderman kel at otaku42.de
Tue Jan 23 00:48:35 CET 2007 

Hi,

On Sunday 07 January 2007 23:03, tom schorpp wrote:
> Package: madwifi-source
> Version: 1:0.9.2+r1842.20061207-2
> Severity: important
>
> Jan  7 11:35:17 tom3 kernel: BUG: unable to handle kernel NULL pointer
> dereference at virtual address 00000005
> Jan  7 11:35:17 tom3 kernel:  printing eip:
> Jan  7 11:35:17 tom3 kernel: c018604f
> Jan  7 11:35:17 tom3 kernel: *pde = 00000000
> Jan  7 11:35:17 tom3 kernel: Oops: 0000 [#1]
> Jan  7 11:35:17 tom3 kernel: SMP
> Jan  7 11:35:17 tom3 kernel: Modules linked in: wlan_scan_ap wlan_scan_sta
> ath_pci ath_rate_sample wlan ath_hal bnep rfcomm l2cap bluetooth
> snd_mixer_oss ip6table_filter ip6_tables ipv6 ipt_MASQUERADE iptable_nat
> ip_nat ipt_TCPMSS xt_state ip_conntrack nfnetlink xt_limit xt_tcpudp
> iptable_filter ip_tables x_tables parport_pc parport pcspkr ehci_hcd
> 8139too 8139cp mii snd_ens1371 snd_rawmidi snd_seq_device snd_ac97_codec
> snd_ac97_bus snd_pcm snd_timer snd snd_page_alloc es1371 gameport soundcore
> ac97_codec i2c_piix4 i2c_core usblp uhci_hcd usbcore shpchp pci_hotplug
> intel_agp agpgart sd_mod scsi_mod ide_cd cdrom rtc ext3 jbd mbcache
> ide_disk generic piix ide_core evdev Jan  7 11:35:17 tom3 kernel: CPU:    0
> Jan  7 11:35:17 tom3 kernel: EIP:    0060:[remove_proc_entry+46/395]   
> Tainted: PF     VLI Jan  7 11:35:17 tom3 kernel: EFLAGS: 00010286  
> (2.6.18-3-686 #1)
> Jan  7 11:35:17 tom3 kernel: EIP is at remove_proc_entry+0x2e/0x18b
> Jan  7 11:35:17 tom3 kernel: eax: 00000000   ebx: 00000000   ecx: ffffffff 
>  edx: c29f7f80 Jan  7 11:35:17 tom3 kernel: esi: c53aa2c0   edi: 00000005  
> ebp: c53aa000   esp: c5941e8c Jan  7 11:35:17 tom3 kernel: ds: 007b   es:
> 007b   ss: 0068
> Jan  7 11:35:17 tom3 kernel: Process modprobe (pid: 1030, ti=c5940000
> task=c94c2550 task.ti=c5940000)
> Jan  7 11:35:17 tom3 kernel: Stack: c29f7f80 00000005 00000000 c53aa2c0
> c3c882c4 c53aa000 ccb16d79 c53aa2c0
> Jan  7 11:35:17 tom3 kernel:        c3c882c0 ccb00fab c3c882c0 c3c882c0
> c61f8000 c53aa2c0 ccabb34c c3c88000
> Jan  7 11:35:17 tom3 kernel:        c61f8000 c3c882c0 c3c88000 c61f8000
> 00000080 ccb0100c c3c882c0 ccab7c77
> Jan  7 11:35:17 tom3 kernel: Call Trace:
> Jan  7 11:35:17 tom3 kernel:  [pg0+209247609/1070027776]
> ieee80211_sysctl_vdetach+0x63/0xc7 [wlan]
> Jan  7 11:35:17 tom3 kernel:  [pg0+209158059/1070027776]
> ieee80211_vap_detach+0x83/0xd4 [wlan]
> Jan  7 11:35:17 tom3 kernel:  [pg0+208872268/1070027776]
> ath_vap_delete+0x135/0x290 [ath_pci]
> Jan  7 11:35:17 tom3 kernel:  [pg0+209158156/1070027776]
> ieee80211_ifdetach+0x10/0x75 [wlan]
> Jan  7 11:35:17 tom3 kernel:  [pg0+208858231/1070027776]
> ath_detach+0x69/0xd5 [ath_pci] Jan  7 11:35:17 tom3 kernel: 
> [pg0+208890371/1070027776] ath_pci_remove+0x11/0x61 [ath_pci] Jan  7
> 11:35:17 tom3 kernel:  [pci_device_remove+22/40]
> pci_device_remove+0x16/0x28 Jan  7 11:35:17 tom3 kernel: 
> [__device_release_driver+90/114]
> __device_release_driver+0x5a/0x72
> Jan  7 11:35:17 tom3 kernel:  [driver_detach+96/141]
> driver_detach+0x60/0x8d Jan  7 11:35:17 tom3 kernel: 
> [bus_remove_driver+87/117] bus_remove_driver+0x57/0x75 Jan  7 11:35:17 tom3
> kernel:  [driver_unregister+8/19] driver_unregister+0x8/0x13 Jan  7
> 11:35:17 tom3 kernel:  [pci_unregister_driver+12/88]
> pci_unregister_driver+0xc/0x58 Jan  7 11:35:17 tom3 kernel: 
> [pg0+208891277/1070027776] exit_ath_pci+0xf/0x22 [ath_pci] Jan  7 11:35:17
> tom3 kernel:  [sys_delete_module+429/468] sys_delete_module+0x1ad/0x1d4 Jan
>  7 11:35:17 tom3 kernel:  [remove_vma+49/54] remove_vma+0x31/0x36 Jan  7
> 11:35:17 tom3 kernel:  [do_munmap+385/411] do_munmap+0x181/0x19b Jan  7
> 11:35:17 tom3 kernel:  [sysenter_past_esp+86/121]
> sysenter_past_esp+0x56/0x79 Jan  7 11:35:17 tom3 kernel: Code: 53 83 ec 08
> 85 d2 89 14 24 89 44 24 04 75 13 8d 4c 24 04 89 e2 e8 4f ff ff ff 85 c0 0f
> 85 5f 01 00 00 8b 7c 24 04 31 c0 83 c9 ff <f2> ae f7 d1 49 b8 00 00 2d c0
> 89 cd e8 59 af 0f 00 8b 3c 24 8b
> Jan  7 11:35:17 tom3 kernel: EIP: [remove_proc_entry+46/395]
> remove_proc_entry+0x2e/0x18b SS:ESP 0068:c5941e8c
>
> steps to reproduce:
> create the usual 3 sta,mon,ap vaps with bssid option from wifi0
> change mac of sta vap with ifconfig
> ifup inet static x.x.3.1 ip ap vap
> iwconfig sta vap to associate some remote ap
> ifconfig x.x.1.y ip and route sta vap, ping remote ap with > 20% packet
> loss maybe use airodump-ng with mon vap or dont
> ifdown ap vap, sta vap, mon vap, wifi0
> modprobe -r ath-pci
> ...
> should BUG() with reboot necessary
>

I think VAP technology is still just too unstable to be usable. This trace 
looks very similar to that of #407270, and I swear I've seen it on the 
madwifi.org bug tracker numerous times. Will look into it.

Thanks, Kel.

More information about the Pkg-madwifi-maintainers mailing list