Please note: This project is no longer active. The website is kept online for historic purposes only.
If you´re looking for a Linux driver for your Atheros WLAN device, you should continue here .

Ticket #1034 (new defect)

Opened 15 years ago

Last modified 14 years ago

OOPS on rm-moding ath_pci after trying to use airodump-ng

Reported by: daniel.dorau@gmx.de Assigned to:
Priority: major Milestone:
Component: madwifi: driver Version: trunk
Keywords: rmmod oops Cc:
Patch is attached: 0 Pending:

Description

I tried to run airodump-ng (without success), however I managed to let madwifi oops.

Here's dmesg output intermixed with what I did:

ath_pci: 0.9.4.5 (svn r1844)
ACPI: PCI Interrupt 0000:02:02.0[A] -> Link [LNKC] -> GSI 11 (level, low) -> IRQ 11
wifi0: 11a rates: 6Mbps 9Mbps 12Mbps 18Mbps 24Mbps 36Mbps 48Mbps 54Mbps
wifi0: 11b rates: 1Mbps 2Mbps 5.5Mbps 11Mbps
wifi0: 11g rates: 1Mbps 2Mbps 5.5Mbps 11Mbps 6Mbps 9Mbps 12Mbps 18Mbps 24Mbps 36Mbps 48Mbps 54Mbps
wifi0: H/W encryption support: WEP AES AES_CCM TKIP
wifi0: mac 5.6 phy 4.1 5 GHz radio 1.7 2 GHz radio 2.3
wifi0: Use hw queue 1 for WME_AC_BE traffic
wifi0: Use hw queue 0 for WME_AC_BK traffic
wifi0: Use hw queue 2 for WME_AC_VI traffic
wifi0: Use hw queue 3 for WME_AC_VO traffic
wifi0: Use hw queue 8 for CAB traffic
wifi0: Use hw queue 9 for beacons
wifi0: Atheros 5212: mem=0xc0200000, irq=11

wlanconfig ath0 create wlandev wifi0 wlanmode monitor
airodump-ng --channel 6 ath0

This did not work, it said it couldn't switch mode on ath0.

Out of curiosity I wanted to let airodump run on a sta-VAP, so I did:

wlanconfig ath0 destroy
wlanconfig ath0 create wlandev wifi0 wlanmode sta
airodump-ng --channel 6 ath0

Didn't worked either.

Unfortunately I can't tell to which action this kernel log actually belongs:

ath0: unable to register device

Then I tried to remove the driver via "rmmod ath_pci" (twice):

BUG: warning at fs/proc/generic.c:732/remove_proc_entry()
 [<c0103f06>] show_trace_log_lvl+0x24/0x39
 [<c0104692>] dump_stack+0x24/0x28
 [<c0192704>] remove_proc_entry+0x18a/0x1fb
 [<f1ceb24d>] ieee80211_sysctl_vdetach+0x78/0xe9 [wlan]
 [<f1cd2d41>] ieee80211_vap_detach+0xa6/0x103 [wlan]
 [<f1e246b1>] ath_vap_delete+0x144/0x2c4 [ath_pci]
 [<f1ce835e>] ieee80211_ioctl+0x7c/0x4c3 [wlan]
 [<c03b6abe>] dev_ifsioc+0x3c6/0x3e3
 [<c03b7683>] dev_ioctl+0x46b/0x50f
 [<c016b84c>] do_ioctl+0x2c/0x73
 [<c016bb1a>] vfs_ioctl+0x287/0x29a
 [<c016bb69>] sys_ioctl+0x3c/0x57
 [<c0102efb>] syscall_call+0x7/0xb
 [<b7e84c24>] 0xb7e84c24
 =======================
BUG: unable to handle kernel NULL pointer dereference at virtual address 00000000
 printing eip:
c01925ae
*pde = 00000000
Oops: 0000 [#1]
PREEMPT 
Modules linked in: ath_pci wlan_scan_sta ath_rate_sample wlan ath_hal(P) radeon rfcomm l2cap bluetooth ipt_ULOG ip_conntrack_irc ipt_LOG xt_limit xt_state iptable_filter ip_tables sbp2 ip_conntrack_ftp ip_conntrack ftdi_sio usbserial cinergyT2 usblp irtty_sir sir_dev snd_intel8x0 snd_intel8x0m snd_ac97_codec snd_ac97_bus snd_pcm_oss snd_mixer_oss snd_pcm e100 mii ohci1394 ieee1394 ehci_hcd snd_timer snd_page_alloc uhci_hcd
CPU:    0
EIP:    0060:[<c01925ae>]    Tainted: P      VLI
EFLAGS: 00010286   (2.6.19 #1)
EIP is at remove_proc_entry+0x34/0x1fb
eax: 00000000   ebx: 00000000   ecx: ffffffff   edx: 00000000
esi: cf03e260   edi: 00000000   ebp: cf03e000   esp: c7cfde14
ds: 007b   es: 007b   ss: 0068
Process rmmod (pid: 7167, ti=c7cfc000 task=ef2c5030 task.ti=c7cfc000)
Stack: cbf18260 cf03e000 c0122cd9 e70bdf00 00000000 00000000 cf03e260 cbf18260 
       cf03e000 f1ceb24d 00000000 cdc721c0 cf03e260 00000247 f1cd2d41 cf03e260 
       cbf18260 cbf18260 cbf18000 cf03e260 f1e246b1 cf03e260 d9cb0000 00000000 
Call Trace:
 [<f1ceb24d>] ieee80211_sysctl_vdetach+0x78/0xe9 [wlan]
 [<f1cd2d41>] ieee80211_vap_detach+0xa6/0x103 [wlan]
 [<f1e246b1>] ath_vap_delete+0x144/0x2c4 [ath_pci]
 [<f1cd2160>] ieee80211_ifdetach+0x1a/0xab [wlan]
 [<f1e20440>] ath_detach+0x7e/0x100 [ath_pci]
 [<f1e29ad7>] ath_pci_remove+0x17/0x7d [ath_pci]
 [<c0268d86>] pci_device_remove+0x1e/0x3f
 [<c02f033e>] __device_release_driver+0x6d/0x85
 [<c02f079c>] driver_detach+0xa8/0xe8
 [<c02eff76>] bus_remove_driver+0x73/0x9d
 [<c02f0814>] driver_unregister+0x10/0x1a
 [<c0268f54>] pci_unregister_driver+0x14/0x79
 [<f1e29f30>] exit_ath_pci+0x14/0x2c [ath_pci]
 [<c0137888>] sys_delete_module+0x190/0x1b8
 [<c0102efb>] syscall_call+0x7/0xb
 [<b7ec9e94>] 0xb7ec9e94
 =======================
Code: 24 28 83 7c 24 2c 00 89 44 24 10 75 15 8d 4c 24 10 8d 54 24 2c e8 26 ff ff ff 85 c0 0f 85 c8 01 00 00 8b 7c 24 10 31 c0 83 c9 ff <f2> ae f7 d1 49 b0 01 89 cd e8 98 60 f8 ff 8b 7c 24 2c 8b 5c 24 
EIP: [<c01925ae>] remove_proc_entry+0x34/0x1fb SS:ESP 0068:c7cfde14

Change History

01/07/07 14:14:45 changed by anonymous

oops confirmed, but monitor mode with airodump-ng and aireplay-ng -4 worked here.

Jan  7 11:35:17 tom3 kernel: BUG: unable to handle kernel NULL pointer dereference at virtual address 00000005
Jan  7 11:35:17 tom3 kernel:  printing eip:
Jan  7 11:35:17 tom3 kernel: c018604f
Jan  7 11:35:17 tom3 kernel: *pde = 00000000
Jan  7 11:35:17 tom3 kernel: Oops: 0000 [#1]
Jan  7 11:35:17 tom3 kernel: SMP
Jan  7 11:35:17 tom3 kernel: Modules linked in: wlan_scan_ap wlan_scan_sta ath_pci ath_rate_sample wlan ath_hal bnep rfcomm l2cap bluetooth snd_mixer_oss ip6table_filter ip6_tables ipv6 ipt_MASQUERADE iptable_nat ip_nat ipt_TCPMSS xt_state ip_conntrack nfnetlink xt_limit xt_tcpudp iptable_filter ip_tables x_tables parport_pc parport pcspkr ehci_hcd 8139too 8139cp mii snd_ens1371 snd_rawmidi snd_seq_device snd_ac97_codec snd_ac97_bus snd_pcm snd_timer snd snd_page_alloc es1371 gameport soundcore ac97_codec i2c_piix4 i2c_core usblp uhci_hcd usbcore shpchp pci_hotplug intel_agp agpgart sd_mod scsi_mod ide_cd cdrom rtc ext3 jbd mbcache ide_disk generic piix ide_core evdev
Jan  7 11:35:17 tom3 kernel: CPU:    0
Jan  7 11:35:17 tom3 kernel: EIP:    0060:[remove_proc_entry+46/395]    Tainted: PF     VLI
Jan  7 11:35:17 tom3 kernel: EFLAGS: 00010286   (2.6.18-3-686 #1)
Jan  7 11:35:17 tom3 kernel: EIP is at remove_proc_entry+0x2e/0x18b
Jan  7 11:35:17 tom3 kernel: eax: 00000000   ebx: 00000000   ecx: ffffffff   edx: c29f7f80
Jan  7 11:35:17 tom3 kernel: esi: c53aa2c0   edi: 00000005   ebp: c53aa000   esp: c5941e8c
Jan  7 11:35:17 tom3 kernel: ds: 007b   es: 007b   ss: 0068
Jan  7 11:35:17 tom3 kernel: Process modprobe (pid: 1030, ti=c5940000 task=c94c2550 task.ti=c5940000)
Jan  7 11:35:17 tom3 kernel: Stack: c29f7f80 00000005 00000000 c53aa2c0 c3c882c4 c53aa000 ccb16d79 c53aa2c0
Jan  7 11:35:17 tom3 kernel:        c3c882c0 ccb00fab c3c882c0 c3c882c0 c61f8000 c53aa2c0 ccabb34c c3c88000
Jan  7 11:35:17 tom3 kernel:        c61f8000 c3c882c0 c3c88000 c61f8000 00000080 ccb0100c c3c882c0 ccab7c77
Jan  7 11:35:17 tom3 kernel: Call Trace:
Jan  7 11:35:17 tom3 kernel:  [pg0+209247609/1070027776] ieee80211_sysctl_vdetach+0x63/0xc7 [wlan]
Jan  7 11:35:17 tom3 kernel:  [pg0+209158059/1070027776] ieee80211_vap_detach+0x83/0xd4 [wlan]
Jan  7 11:35:17 tom3 kernel:  [pg0+208872268/1070027776] ath_vap_delete+0x135/0x290 [ath_pci]
Jan  7 11:35:17 tom3 kernel:  [pg0+209158156/1070027776] ieee80211_ifdetach+0x10/0x75 [wlan]
Jan  7 11:35:17 tom3 kernel:  [pg0+208858231/1070027776] ath_detach+0x69/0xd5 [ath_pci]
Jan  7 11:35:17 tom3 kernel:  [pg0+208890371/1070027776] ath_pci_remove+0x11/0x61 [ath_pci]
Jan  7 11:35:17 tom3 kernel:  [pci_device_remove+22/40] pci_device_remove+0x16/0x28
Jan  7 11:35:17 tom3 kernel:  [__device_release_driver+90/114] __device_release_driver+0x5a/0x72
Jan  7 11:35:17 tom3 kernel:  [driver_detach+96/141] driver_detach+0x60/0x8d
Jan  7 11:35:17 tom3 kernel:  [bus_remove_driver+87/117] bus_remove_driver+0x57/0x75
Jan  7 11:35:17 tom3 kernel:  [driver_unregister+8/19] driver_unregister+0x8/0x13
Jan  7 11:35:17 tom3 kernel:  [pci_unregister_driver+12/88] pci_unregister_driver+0xc/0x58
Jan  7 11:35:17 tom3 kernel:  [pg0+208891277/1070027776] exit_ath_pci+0xf/0x22 [ath_pci]
Jan  7 11:35:17 tom3 kernel:  [sys_delete_module+429/468] sys_delete_module+0x1ad/0x1d4
Jan  7 11:35:17 tom3 kernel:  [remove_vma+49/54] remove_vma+0x31/0x36
Jan  7 11:35:17 tom3 kernel:  [do_munmap+385/411] do_munmap+0x181/0x19b
Jan  7 11:35:17 tom3 kernel:  [sysenter_past_esp+86/121] sysenter_past_esp+0x56/0x79
Jan  7 11:35:17 tom3 kernel: Code: 53 83 ec 08 85 d2 89 14 24 89 44 24 04 75 13 8d 4c 24 04 89 e2 e8 4f ff ff ff 85 c0 0f 85 5f 01 00 00 8b 7c 24 04 31 c0 83 c9 ff <f2> ae f7 d1 49 b8 00 00 2d c0 89 cd e8 59 af 0f 00 8b 3c 24 8b
Jan  7 11:35:17 tom3 kernel: EIP: [remove_proc_entry+46/395] remove_proc_entry+0x2e/0x18b SS:ESP 0068:c5941e8c

01/14/07 00:37:26 changed by anonymous

try: fisrt set monitor mode then wlanconfig ath create wlandev wifi0 monitor

athXX (standard output of the command)

in the standard output of this command there is the name of the interface you must use in aerodump... before launch aerodump: ifconfig athXX up

01/14/07 00:43:45 changed by Mister_X

1. Destroy all VAP
2. Create a new VAP in monitor mode: wlaconfig ath create wlandev wifi0 wlanmode monitor
3. Start airodump-ng: airodump-ng ath0

But the interesting part is that its error triggers an error in the driver.

07/21/07 22:12:02 changed by mbdrzq8jm1wljrwyo1sk@gmail.com

Similar problem here. Actually two of them.

Once running kismet caused this:

Jul 21 00:48:17 router kernel: device kis0 entered promiscuous mode
Jul 21 00:48:25 router kernel: pci_set_power_state(): 0000:00:0e.0: state=3, current state=5
Jul 21 00:48:31 router kernel: BUG: at fs/proc/generic.c:732 remove_proc_entry()
Jul 21 00:48:31 router kernel:  [<c01be955>] remove_proc_entry+0x185/0x190
Jul 21 00:48:31 router kernel:  [<e8ad0c96>] ieee80211_sysctl_vdetach+0x66/0xd0 [wlan]
Jul 21 00:48:31 router kernel:  [<e8ab465e>] ieee80211_vap_detach+0x5e/0xf0 [wlan]
Jul 21 00:48:31 router kernel:  [<e8a1c88c>] ath_vap_delete+0x11c/0x3e0 [ath_pci]
Jul 21 00:48:31 router kernel:  [<e8ac63cc>] ieee80211_new_state+0x2c/0x40 [wlan]
Jul 21 00:48:31 router kernel:  [<e8ac6c41>] ieee80211_stop+0x41/0xf0 [wlan]
Jul 21 00:48:31 router kernel:  [<e8acd410>] ieee80211_ioctl+0x0/0x6b0 [wlan]
Jul 21 00:48:31 router kernel:  [<e8acd4d5>] ieee80211_ioctl+0xc5/0x6b0 [wlan]
Jul 21 00:48:31 router kernel:  [<c0146c9a>] do_page_fault+0x2fa/0x640
Jul 21 00:48:31 router kernel:  [<c017ccf0>] vma_link+0x60/0xb0
Jul 21 00:48:31 router kernel:  [<c01469a0>] do_page_fault+0x0/0x640
Jul 21 00:48:31 router kernel:  [<c020dfd6>] gr_acl_handle_hidden_file+0x26/0xb0
Jul 21 00:48:31 router kernel:  [<c01e8d50>] ext2_permission+0x0/0x10
Jul 21 00:48:31 router kernel:  [<c01746b9>] __do_page_cache_readahead+0x89/0x200
Jul 21 00:48:31 router kernel:  [<c019e87b>] mntput_no_expire+0x1b/0x70
Jul 21 00:48:31 router kernel:  [<c0192d93>] link_path_walk+0x63/0xc0
Jul 21 00:48:31 router kernel:  [<c01748a8>] blockable_page_cache_readahead+0x78/0xe0
Jul 21 00:48:31 router kernel:  [<c016e4a6>] file_read_actor+0x116/0x130
Jul 21 00:48:31 router kernel:  [<c016ef72>] do_generic_mapping_read+0x382/0x490
Jul 21 00:48:31 router kernel:  [<c0215eab>] vsnprintf+0x2db/0x590
Jul 21 00:48:31 router kernel:  [<e8acd410>] ieee80211_ioctl+0x0/0x6b0 [wlan]
Jul 21 00:48:31 router kernel:  [<c02d68c8>] dev_ifsioc+0x328/0x360
Jul 21 00:48:31 router kernel:  [<c02cb100>] sock_ioctl+0x0/0x220
Jul 21 00:48:31 router kernel:  [<c02d6e65>] dev_ioctl+0x315/0x350
Jul 21 00:48:31 router kernel:  [<c017a1e0>] __handle_mm_fault+0x540/0x7d0
Jul 21 00:48:31 router kernel:  [<c02cb100>] sock_ioctl+0x0/0x220
Jul 21 00:48:31 router kernel:  [<c019530f>] do_ioctl+0x1f/0x70
Jul 21 00:48:31 router kernel:  [<c01953bc>] vfs_ioctl+0x5c/0x260
Jul 21 00:48:31 router kernel:  [<c01955fd>] sys_ioctl+0x3d/0x70
Jul 21 00:48:31 router kernel:  [<c01369d8>] sysenter_past_esp+0x61/0x99
Jul 21 00:48:31 router kernel:  [<c0130000>] pci_legacy_init+0xe0/0x110
Jul 21 00:48:31 router kernel:  =======================
Jul 21 00:49:22 router kernel: device kis0 entered promiscuous mode
Jul 21 00:49:26 router kernel: pci_set_power_state(): 0000:00:0e.0: state=3, current state=5

It just appeared in the log and all seemed to work properly. But when I tried to rmmod ath_pci, this happened:

Jul 21 10:24:46 router kernel: pci_set_power_state(): 0000:00:0e.0: state=3, current state=5
Jul 21 10:25:04 router kernel: BUG: unable to handle kernel paging request at virtual address 532c7269
Jul 21 10:25:04 router kernel:  printing eip:
Jul 21 10:25:04 router kernel: c01be693
Jul 21 10:25:04 router kernel: *pgd =    0
Jul 21 10:25:04 router kernel: *pmd =    0
Jul 21 10:25:04 router kernel: Oops: 0000 [#1]
Jul 21 10:25:04 router kernel: Modules linked in: ath_pci wlan_ccmp wlan_xauth wlan_acl wlan_scan_ap ath_rate_sample wlan ath_hal(P) arptable_filter arp_tables nf_conntrack_ftp ebtable_broute ebtable_nat ebtable_filter ebtables 8250 serial_core fuse nfs lockd sunrpc lp parport_pc parport ipt_TTL xt_statistic 3c59x mii
Jul 21 10:25:04 router kernel: CPU:    0
Jul 21 10:25:04 router kernel: EIP:    0060:[<c01be693>]    Tainted: P       VLI
Jul 21 10:25:04 router kernel: EFLAGS: 00010246   (2.6.21.5-02router-grsec #4)
Jul 21 10:25:04 router kernel: EIP is at proc_match+0x13/0x50
Jul 21 10:25:04 router kernel: eax: 0000000e   ebx: e8ad8ce0   ecx: 532c7265   edx: e8ad8ce0
Jul 21 10:25:04 router kernel: esi: 00000000   edi: 532c7265   ebp: 0000000e   esp: dc52fe2c
Jul 21 10:25:04 router kernel: ds: 0068   es: 007b   fs: 00d8  gs: 0033  ss: 0068
Jul 21 10:25:04 router kernel: Process rmmod (pid: 3812, ti=dc52e000 task=df7fea70 task.ti=dc52e000)
Jul 21 10:25:04 router kernel: Stack: 000280d2 dc6c3518 e8ad8ce0 532c7265 c01be829 00000286 e4dc4340 cf189460 
Jul 21 10:25:04 router kernel:        e4dc4000 dc6c34e0 e8ad8ce0 cf1897a0 e4dc4340 e4dc4000 e4dc4340 e8ad0c74 
Jul 21 10:25:04 router kernel:        e4dc4340 cb166340 e8ab465e db24f464 00000000 db24f464 e8a1c88c c02166c6 
Jul 21 10:25:04 router kernel: Call Trace:
Jul 21 10:25:04 router kernel:  [<e8ad8ce0>] __func__.11014+0x3490/0x3688 [wlan]
Jul 21 10:25:04 router kernel:  [<c01be829>] remove_proc_entry+0x59/0x190
Jul 21 10:25:04 router kernel:  [<e8ad8ce0>] __func__.11014+0x3490/0x3688 [wlan]
Jul 21 10:25:04 router kernel:  [<e8ad0c74>] ieee80211_sysctl_vdetach+0x44/0xd0 [wlan]
Jul 21 10:25:04 router kernel:  [<e8ab465e>] ieee80211_vap_detach+0x5e/0xf0 [wlan]
Jul 21 10:25:04 router kernel:  [<e8a1c88c>] ath_vap_delete+0x11c/0x3e0 [ath_pci]
Jul 21 10:25:04 router kernel:  [<c02166c6>] __delay+0x6/0x10
Jul 21 10:25:04 router kernel:  [<e8a9048a>] zz016d9d41+0x5a/0x140 [ath_hal]
Jul 21 10:25:04 router kernel:  [<e8ab44c6>] ieee80211_ifdetach+0x16/0x60 [wlan]
Jul 21 10:25:04 router kernel:  [<e8a19aeb>] ath_detach+0x5b/0x110 [ath_pci]
Jul 21 10:25:04 router kernel:  [<e8a206c3>] ath_pci_remove+0x23/0x90 [ath_pci]
Jul 21 10:25:04 router kernel:  [<c02206c6>] pci_device_remove+0x16/0x40
Jul 21 10:25:04 router kernel:  [<c025eb18>] __device_release_driver+0x68/0xa0
Jul 21 10:25:04 router kernel:  [<c025f0b5>] driver_detach+0x95/0xa0
Jul 21 10:25:04 router kernel:  [<c025e6e9>] bus_remove_driver+0x69/0x90
Jul 21 10:25:04 router kernel:  [<c025f0e8>] driver_unregister+0x8/0x20
Jul 21 10:25:04 router kernel:  [<c022079d>] pci_unregister_driver+0xd/0x60
Jul 21 10:25:04 router kernel:  [<e8a20b12>] exit_ath_pci+0x12/0x140 [ath_pci]
Jul 21 10:25:04 router kernel:  [<c0169c29>] sys_delete_module+0x149/0x1b0
Jul 21 10:25:04 router kernel:  [<c0146c9a>] do_page_fault+0x2fa/0x640
Jul 21 10:25:04 router kernel:  [<c01369d8>] sysenter_past_esp+0x61/0x99
Jul 21 10:25:04 router kernel:  [<c0130000>] pci_legacy_init+0xe0/0x110
Jul 21 10:25:04 router kernel:  =======================
Jul 21 10:25:04 router kernel: Code: 00 e9 f8 fe ff ff 83 c4 1c 31 c0 5b 5e 5f 5d c3 90 8d b4 26 00 00 00 00 83 ec 10 89 5c 24 04 89 d3 89 74 24 08 31 f6 89 7c 24 0c <0f> b7 51 04 39 c2 74 15 89 f0 8b 5c 24 04 8b 74 24 08 8b 7c 24 
Jul 21 10:25:04 router kernel: EIP: [<c01be693>] proc_match+0x13/0x50 SS:ESP 0068:dc52fe2c

rmmod stalled, I wasn't able to kill it (-9 didn't work either). It was in the D state (uninterruptible sleep). Since then every ifconfig or iwconfig stalled and blocked. I wasn't even able to reboot cleanly (SysRq? keys served).

So far it happened just once.

08/07/07 17:43:59 changed by anonymous

I've also had similar problems with rmmod ath_pci if i had first done the steps listed previously: 1. wlanconfig ath0 destroy 2. wlanconfig ath0 create wlandev wifi0 wlanmode monitor, 3. ifconfig ath0 up, and used airodump-ng ath0. i had to use the power button to restart the computer, every time so far (more than once).