[Madwifi-users] Kernel NULL pointer deref in ath_hal

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 454-5900

Ah, the perils of closed source.

Platform: Fujitsu S7010D laptop, 
0000:01:0d.0 Ethernet controller: Atheros Communications, Inc. AR5212 802.11abg NIC (rev 01)
0000:01:0d.0 0200: 168c:0013 (rev 01)

Kernel: 2.6.12, stock from kernel.org.  Local patch to move start of kernel
	to 0xB0000000 to accomodate 1 GB RAM.  CONFIG_REGPARM=y.
madwifi driver: Current CVS head (hasn't changed in a while)
ifconfig --version reports:
	net-tools 1.60
	ifconfig 1.42 (2001-04-13)

To reproduce:
ifconfig ath0 hw ether 00:00:00:00:00:00

Unable to handle kernel NULL pointer dereference at virtual address 00000002
 printing eip:
f01f5f93
*pde = 00000000
Oops: 0000 [#1]
Modules linked in: ipcomp esp4 ah4 evdev eth1394 wlan_wep ohci1394 ieee1394 ath_pci ath_rate_onoe wlan ath_hal
CPU:    0
EIP:    0060:[<f01f5f93>]    Tainted: P      VLI
EFLAGS: 00210202   (2.6.12) 
EIP is at zz03e97353+0x1b/0x1e4 [ath_hal]
eax: 00000000   ebx: ef2c8000   ecx: 00000000   edx: 00000012
esi: 00000000   edi: ef2caf0c   ebp: ef2c8000   esp: e792ddc0
ds: 007b   es: 007b   ss: 0068
Process ifconfig (pid: 3642, threadinfo=e792c000 task=e5754020)
Stack: ef4d4520 00000000 ef2c8000 f0201f97 ef2c8000 00000000 b0118080 0000000a 
       35a4e900 e5754020 00200092 e792ddec e792ddec e792de40 003c003c 0000003c 
       b047c240 b047c280 b0129e9b 00000000 b047a6e8 0000000a b011f9c7 00000001 
Call Trace:
 [<f0201f97>] zz06e14dd1+0x323/0xbb4 [ath_hal]
 [<b0118080>] scheduler_tick+0x20/0x390
 [<b0129e9b>] __rcu_process_callbacks+0x4b/0xd0
 [<b011f9c7>] tasklet_action+0x37/0x60
 [<b011f710>] __do_softirq+0x40/0xa0
 [<f0201cf6>] zz06e14dd1+0x82/0xbb4 [ath_hal]
 [<f020007b>] zz005b8abd+0x107/0x134 [ath_hal]
 [<b010eac4>] delay_pmtmr+0x14/0x20
 [<f0201c70>] zz0b709d02+0x30/0x34 [ath_hal]
 [<b0145e77>] do_no_page+0x1a7/0x310
 [<f02174b8>] ath_reset+0x78/0x210 [ath_pci]
 [<f01ff81c>] zz02dbfdfd+0x18/0x24 [ath_hal]
 [<f021c483>] ath_set_mac_address+0x83/0x130 [ath_pci]
 [<f021c400>] ath_set_mac_address+0x0/0x130 [ath_pci]
 [<b02dd1f1>] dev_set_mac_address+0x31/0x60
 [<b02dd885>] dev_ioctl+0x285/0x2a0
 [<b030ed10>] udp_ioctl+0x0/0x90
 [<b0315f16>] inet_ioctl+0x46/0x100
 [<b02d3502>] sock_ioctl+0x172/0x1f0
 [<b0151e50>] sys_access+0x90/0x170
 [<b02d3390>] sock_ioctl+0x0/0x1f0
 [<b01638e4>] do_ioctl+0x64/0x80
 [<b0163a3e>] vfs_ioctl+0x5e/0x1c0
 [<b0136972>] handle_IRQ_event+0x32/0x70
 [<b0163bdd>] sys_ioctl+0x3d/0x70
 [<b0102e6f>] sysenter_past_esp+0x54/0x75
Code: 24 38 0f b6 42 04 83 c4 1c 5b 5e 5f 5d c3 89 f6 56 53 83 ec 04 8b 5c 24 10 8b 74 24 14 83 bb dc 01 00 00 00 74 33 ba 12 00 00 00 <f6> 46 02 80 75 67 ba 00 00 00 00 66 8b 0e 8d 76 00 8d 04 52 d1 