ndiswrapper invalid buffer

I also have encountered this problem in Gutsy Tribe5 amd64.

# lspci -vv | grep -i wireless
06:02.0 Network controller: Broadcom Corporation BCM4318 [AirForce One 54g] 802.11g Wireless LAN Controller (rev 02)

Information from /var/log/syslog below:

kernel: [51868.249251] ndiswrapper (NdisFreeBuffer:1180): invalid buffer
kernel: [51868.249275] Unable to handle kernel NULL pointer dereference at 00000000000005f5 RIP:
kernel: [51868.249278] [kfree_skb+5/48] kfree_skb+0x5/0x30
kernel: [51868.249286] PGD ccc8067 PUD 1d5de067 PMD 0
kernel: [51868.249289] Oops: 0000 [1] SMP
kernel: [51868.249292] CPU 0
kernel: [51868.249293] Modules linked in: binfmt_misc rfcomm l2cap bluetooth capability nfsd exportfs fglrx(P) ppdev ipv6 powernow_k8 cpufreq_powersave cpufreq_stats cpufreq_userspace cpufreq_ondemand cpufreq_conservative freq_table video battery container sbs button dock ac nfs lockd sunrpc af_packet tun ndiswrapper sbp2 parport_pc lp parport fuse joydev snd_atiixp snd_seq_dummy snd_seq_oss snd_seq_midi snd_rawmidi pcmcia snd_atiixp_modem snd_ac97_codec snd_seq_midi_event tifm_7xx1 tifm_core ac97_bus snd_pcm_oss snd_mixer_oss snd_pcm sdhci mmc_core snd_seq snd_timer snd_seq_device pcspkr yenta_socket rsrc_nonstatic pcmcia_core psmouse serio_raw snd soundcore snd_page_alloc k8temp i2c_piix4 i2c_core shpchp pci_hotplug evdev reiserfs ide_cd cdrom 8139cp ide_disk atiixp ide_core 8139too mii ohci1394 ieee1394 ata_generic libata scsi_mod ehci_hcd ohci_hcd usbcore dm_mirror dm_snapshot dm_mod thermal processor fan apparmor commoncap aamatch_pcre
kernel: [51868.249340] Pid: 3744, comm: ntos_wq/0 Tainted: P 2.6.22-10-generic #1
kernel: [51868.249343] RIP: 0010:[kfree_skb+5/48] [kfree_skb+5/48] kfree_skb+0x5/0x30
kernel: [51868.249348] RSP: 0018:ffff81003763dd38 EFLAGS: 00010206
kernel: [51868.249352] RAX: 0000000000000246 RBX: ffff81003d0e1780 RCX: ffffffff80534ee8
kernel: [51868.249355] RDX: ffffffff80534ee8 RSI: 0000000000000086 RDI: 0000000000000511
kernel: [51868.249358] RBP: ffffffff8831a160 R08: 0000000000000000 R09: 0000000000000000
kernel: [51868.249361] R10: 0000000000000000 R11: 0000000000000006 R12: ffff81003d2e11a0
kernel: [51868.249364] R13: ffff8100217a9400 R14: 0000000000000000 R15: ffff8100217a9768
kernel: [51868.249368] FS: 00002b3f7bb32360(0000) GS:ffffffff80561000(0000) knlGS:00000000f7596b70
kernel: [51868.249371] CS: 0010 DS: 0018 ES: 0018 CR0: 000000008005003b
kernel: [51868.249374] CR2: 00000000000005f5 CR3: 000000001de23000 CR4: 00000000000006e0
kernel: [51868.249378] Process ntos_wq/0 (pid: 3744, threadinfo ffff81003763c000, task ffff81003d280000)
kernel: [51868.249380] Stack: ffffffff883243de 0000000000000000 ffff81003d2e1000 ffffffff8831a160
kernel: [51868.249386] ffff81003d2e11a0 ffff81003e005a88 0000000000000000 0000000000000000
kernel: [51868.249390] ffffffff8832854b ffff81003d2e1048 ffff8100217a9400 ffffc2000081c3f0
kernel: [51868.249395] Call Trace:
kernel: [51868.249430] [_end+130838614/2130324600] :ndiswrapper:free_tx_packet+0x6e/0x170
kernel: [51868.249449] [_end+130797016/2130324600] :ndiswrapper:kdpc_worker+0x0/0xd0
kernel: [51868.249470] [_end+130855363/2130324600] :ndiswrapper:win2lin3+0x11/0x14...

Could you try with ndiswrapper 1.49rc1 and paste dmesg output again if it still doesn't work (run make uninstall before make install!).

This problem happens with Gutsy-rc ndiswrapper-common and ndiswrapper-utils-1.9 and with 1.49rc2 downloaded from upstream.

Using a Netgear WG111v2 wifi dongle which has a rtl8187 chip.

I've tried a Zyxel ZyAir B-220 which has a zd1201 chip and this bug happens again.

Very big regression in here...

BTW, it happens while high network load, so maybe it's related to this:
https://bugs.launchpad.net/ubuntu/+bug/147464

This is 2.6.22-14-server #1 SMP Sun Oct 14 23:34:23 GMT 2007 i686 GNU/Linux

With 2.6.20-16-server everything works ok.

With 2.6.22-14-server and ndiswrapper 1.43-1ubuntu2 kernel oops (see below).
With 2.6.22-14-server and ndiswrapper 1.49rc1 and 1.49rc3 the wifi dongle can't connect to the AP, so i don't know if once connect it will oops again.

Note that this happens when amule is running, so high network load is going on... (#147464 again)

Kernel oops with 2.6.22-14-server and ndiswrapper 1.43-1ubuntu2:
[ 25.079236] ndiswrapper version 1.45 loaded (smp=yes)
[ 25.243121] usb 4-3: reset high speed USB device using ehci_hcd and address 2
[ 25.456137] ndiswrapper: driver net111v2 (NETGEAR Inc.,11/20/2006,5.1254.1120.2006) loaded
[ 27.689593] wlan0: ethernet device 00:18:4d:42:14:fe using NDIS driver: net111v2, version: 0x1, NDIS version: 0x500, vendor: 'Realtek Wireless LAN', 0846:6A00.F.conf
[ 27.689625] wlan0: encryption modes supported: WEP; TKIP with WPA, WPA2, WPA2PSK; AES/CCMP with WPA, WPA2, WPA2PSK
[ 27.689657] usbcore: registered new interface driver ndiswrapper
[ 28.538114] i2c-adapter i2c-0: Client creation failed at 0x2f (-22)
[ 29.130456] Adding 746980k swap on /dev/sda5. Priority:-1 extents:1 across:746980k
[ 29.437781] EXT3 FS on sda1, internal journal
[ 33.095795] No dock devices found.
[ 33.510551] eth0: no IPv6 routers present
[ 38.023705] wlan0: no IPv6 routers present
[ 104.323484] BUG: unable to handle kernel NULL pointer dereference at virtual address 00000004
[ 104.323496] printing eip:
[ 104.323499] c02b60f9
[ 104.323501] *pdpt = 000000002dbe6001
[ 104.323503] *pde = 0000000000000000
[ 104.323508] Oops: 0002 [#1]
[ 104.323509] SMP
[ 104.323514] Modules linked in: video sbs dock battery container ac eeprom w83781d hwmon_vid ndiswrapper button lp snd_cmipci gameport snd_opl3_lib snd_hwdep snd_mpu401_uart snd_pcm_oss snd_pcm snd_page_alloc snd_mixer_oss snd_seq_dummy snd_seq_oss snd_seq_midi snd_rawmidi snd_seq_midi_event snd_seq snd_timer snd_seq_device parport_pc parport snd pcspkr i2c_sis96x soundcore shpchp pci_hotplug i2c_core sis_agp agpgart evdev ipv6 8139too ext3 jbd mbcache sg sr_mod cdrom sd_mod 8139cp mii ehci_hcd ohci_hcd usbcore pata_sis ata_generic libata scsi_mod thermal processor fan fuse apparmor commoncap
[ 104.323577] CPU: 0
[ 104.323578] EIP: 0060:[<c02b60f9>] Tainted: P VLI
[ 104.323579] EFLAGS: 00010246 (2.6.22-14-server #1)
[ 104.323591] EIP is at tcp_disconnect+0xf9/0x480
[ 104.323595] eax: 00000000 ebx: e8b9a000 ecx: 00000286 edx: e8b9a06c
[ 104.323598] esi: e8b9a07c edi: ef32a300 ebp: ee5506a0 esp: edb7df34
[ 104.323601] ds: 007b es: 007b fs: 00d8 gs: 0033 ss: 0068
[ 104.323604] Process amuled (pid: 4306, ti=edb7c000 task=ef354f90 task.ti=edb7c000)
[ 104.323606] Stack: e8b8a088 c1517140 00000287 efffa780 e8b8a088 e8b9a000 00000002 e8b89600
[ 104.323615] 00000000 c02d13ab e8b89600 09261d20 091dcd70 edb7c000 c027c730 00000001
[ 104.323623] 00000000 0000000d c027e56e 0000003f 00000001 4714af74 14b6a168 bfd066bc
[ 104.323631] Call Trace:
[ 104.323649] [<c02d13ab>] inet_shutdown+0xcb/0xe0
[ 104.323662] [<c027c730>] sys_shutdown+0x50/0x70
[ 104.323673] [<c027e56e>] sys_sock...

I have that problem too. Both with ndiswrapper 1.45 and 1.48.

Erm I forgot to mention, but my kernel is 2.6.20-14-generic, and my card is supported by the "acx" module, the D-Link DWL-520+ card.

Currently I'm using the acx module, but would prefer not to. Signal's better with ndiswrapper.

Please try if the problem still exists in 1.49. Install 1.49 from ndiswrapper.sf.net (don't forget to run sudo make uninstall before make and sudo make install).

hyperair, please note that the link quality is calculated differently from driver to driver. Make sure it's not just a different value but a real difference in regards of range, speed and so on.

I'd like to note that with the ACX driver, wireless connectivity hangs every 20 hours or so. Then I have to unload the ACX module, wait for 30 seconds and reload it. Using ndiswrapper I can do torrenting 24/7.

Also I found the problem. Ndiswrapper kept trying to connect to my network using restricted key mode. My network uses open authentication. I solved the problem by changing this in my /etc/network/interfaces:

wireless-key s:<key>

to

wireless-key open s:<key>

This problem still exists in Ubuntu Hardy. I noticed that Ubuntu Hardy, even with 2.6.24-2-generic kernel still uses 1.45. Why?

It makes more sense to add a recent release of ndiswrapper as late as possible, because there are new ndiswrapper-releases quite often.f

To be honest I no longer understand what this bug is actually about. If your problem is different from the first one in the actual bugreport, you have to open a new bug.
Bugs regarding the native acx-driver don't belong to the ndiswrapper-package.
Only post problems regarding ndiswrapper here, and use on bugreport per problem, othwerwise there is a lot of confusion for everyone, the original reporter of the bug, the developers, people like me...
If your problem is fixed by installing the latest version of ndiswrapper the bug is duplicate of bug 136814.

Hint: If your bug isn't fixed by installing the latest version, report your bug directly on ndiswrapper.sf.net.
http://ndiswrapper.sourceforge.net/joomla/index.php?/component/option,com_openwiki/Itemid,33/id,bugs/

Is this bug still present in hardy?

We are closing this bug report because it lacks the information we need to investigate the problem, as described in the previous comments. Please reopen it if you can give us the missing information, and don't hesitate to submit bug reports in the future. To reopen the bug report you can click on the current status, under the Status column, and change the Status back to "New". Thanks again!