Bug#405932: madwifi-source: Null Pointer BUG() Oops in procfs cleanup on modprobe -r ath-pci

[thomas schorpp]

Kel Modderman wrote:
Hi,
On Sunday 07 January 2007 23:03, tom schorpp wrote:

Package: madwifi-source
Version: 1:0.9.2+r1842.20061207-2
Severity: important

Jan  7 11:35:17 tom3 kernel: BUG: unable to handle kernel NULL pointer
dereference at virtual address 00000005
Jan  7 11:35:17 tom3 kernel:  printing eip:
Jan  7 11:35:17 tom3 kernel: c018604f
Jan  7 11:35:17 tom3 kernel: *pde = 00000000
Jan  7 11:35:17 tom3 kernel: Oops: 0000 [#1]
Jan  7 11:35:17 tom3 kernel: SMP
Jan  7 11:35:17 tom3 kernel: Modules linked in: wlan_scan_ap wlan_scan_sta
ath_pci ath_rate_sample wlan ath_hal bnep rfcomm l2cap bluetooth
snd_mixer_oss ip6table_filter ip6_tables ipv6 ipt_MASQUERADE iptable_nat
ip_nat ipt_TCPMSS xt_state ip_conntrack nfnetlink xt_limit xt_tcpudp
iptable_filter ip_tables x_tables parport_pc parport pcspkr ehci_hcd
8139too 8139cp mii snd_ens1371 snd_rawmidi snd_seq_device snd_ac97_codec
snd_ac97_bus snd_pcm snd_timer snd snd_page_alloc es1371 gameport soundcore
ac97_codec i2c_piix4 i2c_core usblp uhci_hcd usbcore shpchp pci_hotplug
intel_agp agpgart sd_mod scsi_mod ide_cd cdrom rtc ext3 jbd mbcache
ide_disk generic piix ide_core evdev Jan  7 11:35:17 tom3 kernel: CPU:    0
Jan  7 11:35:17 tom3 kernel: EIP:    0060:[remove_proc_entry+46/395]   
Tainted: PF     VLI Jan  7 11:35:17 tom3 kernel: EFLAGS: 00010286  
(2.6.18-3-686 #1)
Jan  7 11:35:17 tom3 kernel: EIP is at remove_proc_entry+0x2e/0x18b
Jan  7 11:35:17 tom3 kernel: eax: 00000000   ebx: 00000000   ecx: ffffffff 
edx: c29f7f80 Jan  7 11:35:17 tom3 kernel: esi: c53aa2c0   edi: 00000005  
ebp: c53aa000   esp: c5941e8c Jan  7 11:35:17 tom3 kernel: ds: 007b   es:
007b   ss: 0068
Jan  7 11:35:17 tom3 kernel: Process modprobe (pid: 1030, ti=c5940000
task=c94c2550 task.ti=c5940000)
Jan  7 11:35:17 tom3 kernel: Stack: c29f7f80 00000005 00000000 c53aa2c0
c3c882c4 c53aa000 ccb16d79 c53aa2c0
Jan  7 11:35:17 tom3 kernel:        c3c882c0 ccb00fab c3c882c0 c3c882c0
c61f8000 c53aa2c0 ccabb34c c3c88000
Jan  7 11:35:17 tom3 kernel:        c61f8000 c3c882c0 c3c88000 c61f8000
00000080 ccb0100c c3c882c0 ccab7c77
Jan  7 11:35:17 tom3 kernel: Call Trace:
Jan  7 11:35:17 tom3 kernel:  [pg0+209247609/1070027776]
ieee80211_sysctl_vdetach+0x63/0xc7 [wlan]
Jan  7 11:35:17 tom3 kernel:  [pg0+209158059/1070027776]
ieee80211_vap_detach+0x83/0xd4 [wlan]
Jan  7 11:35:17 tom3 kernel:  [pg0+208872268/1070027776]
ath_vap_delete+0x135/0x290 [ath_pci]
Jan  7 11:35:17 tom3 kernel:  [pg0+209158156/1070027776]
ieee80211_ifdetach+0x10/0x75 [wlan]
Jan  7 11:35:17 tom3 kernel:  [pg0+208858231/1070027776]
ath_detach+0x69/0xd5 [ath_pci] Jan  7 11:35:17 tom3 kernel: 
[pg0+208890371/1070027776] ath_pci_remove+0x11/0x61 [ath_pci] Jan  7
11:35:17 tom3 kernel:  [pci_device_remove+22/40]
pci_device_remove+0x16/0x28 Jan  7 11:35:17 tom3 kernel: 
[__device_release_driver+90/114]
__device_release_driver+0x5a/0x72
Jan  7 11:35:17 tom3 kernel:  [driver_detach+96/141]
driver_detach+0x60/0x8d Jan  7 11:35:17 tom3 kernel: 
[bus_remove_driver+87/117] bus_remove_driver+0x57/0x75 Jan  7 11:35:17 tom3
kernel:  [driver_unregister+8/19] driver_unregister+0x8/0x13 Jan  7
11:35:17 tom3 kernel:  [pci_unregister_driver+12/88]
pci_unregister_driver+0xc/0x58 Jan  7 11:35:17 tom3 kernel: 
[pg0+208891277/1070027776] exit_ath_pci+0xf/0x22 [ath_pci] Jan  7 11:35:17
tom3 kernel:  [sys_delete_module+429/468] sys_delete_module+0x1ad/0x1d4 Jan
7 11:35:17 tom3 kernel:  [remove_vma+49/54] remove_vma+0x31/0x36 Jan  7
11:35:17 tom3 kernel:  [do_munmap+385/411] do_munmap+0x181/0x19b Jan  7
11:35:17 tom3 kernel:  [sysenter_past_esp+86/121]
sysenter_past_esp+0x56/0x79 Jan  7 11:35:17 tom3 kernel: Code: 53 83 ec 08
85 d2 89 14 24 89 44 24 04 75 13 8d 4c 24 04 89 e2 e8 4f ff ff ff 85 c0 0f
85 5f 01 00 00 8b 7c 24 04 31 c0 83 c9 ff <f2> ae f7 d1 49 b8 00 00 2d c0
89 cd e8 59 af 0f 00 8b 3c 24 8b
Jan  7 11:35:17 tom3 kernel: EIP: [remove_proc_entry+46/395]
remove_proc_entry+0x2e/0x18b SS:ESP 0068:c5941e8c

steps to reproduce:
create the usual 3 sta,mon,ap vaps with bssid option from wifi0
change mac of sta vap with ifconfig
ifup inet static x.x.3.1 ip ap vap
iwconfig sta vap to associate some remote ap
ifconfig x.x.1.y ip and route sta vap, ping remote ap with > 20% packet
loss maybe use airodump-ng with mon vap or dont
ifdown ap vap, sta vap, mon vap, wifi0
modprobe -r ath-pci
...
should BUG() with reboot necessary



I think VAP technology is still just too unstable to be usable. This trace 
looks very similar to that of #407270, and I swear I've seen it on the 
madwifi.org bug tracker numerous times. Will look into it.

Thanks, Kel.


hi,

well, n.p., has been reported just for this debian package, cause urgent and 
critical.

fixed in later SVN revs, recommended from my last madwifi try should be rev. 1886 
for confirmed stable hostapd (with 3 vap, 1 sta, 1 mon, 1 ap) and wpa_supplicant (no vap) 
(official hostap project stable releases) operation at this time. 

FYI
with svn 1968 I've got stuck beacons, hal state 3 errors on D-Link DWL-G650 C3, 
forgotten GTK handshakes in RSN mode w EAP-TLS due to heavy development ;)

y
tom



--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]