mac80211 "failed to clone multicast frame" crash

All of lore.kernel.org
 help / color / mirror / Atom feed

* mac80211 "failed to clone multicast frame" crash
@ 2008-01-05 16:42 Michael Buesch
  0 siblings, 0 replies; only message in thread
From: Michael Buesch @ 2008-01-05 16:42 UTC (permalink / raw)
  To: Johannes Berg; +Cc: linux-wireless

It seems that after allocation of the skb in ieee80211_deliver_skb() fa=
iled, somebody
dereferenced it.

Note the crap characters before the ": failed to clone multicast frame"=
 message.
There should be the device name "dev->name". This might be a use-after-=
free bug.
Maybe we don't wait for the workqueue to finish on rmmod?

This happened while doing a rmmod, modprobe sequence. I'm not sure if i=
t happened
on rmmod or modprobe.

[ 4245.070779] =DD=8B : failed to clone multicast frame
[ 4245.070802] Unable to handle kernel paging request for data at addre=
ss 0x00000000
[ 4245.071996] Faulting instruction address: 0xc0351cd4
[ 4245.073068] Oops: Kernel access of bad area, sig: 11 [#1]
[ 4245.074117] PREEMPT PowerMac
[ 4245.075132] Modules linked in: ssb mac80211 rfkill_input appletouch =
af_packet rfkill led_class input_polldev ohci_hcd pcmcia unix
[ 4245.076705] NIP: c0351cd4 LR: e2250288 CTR: c0351c8c
[ 4245.077783] REGS: dd895eb0 TRAP: 0300   Not tainted  (2.6.24-rc5-wl2=
6)
[ 4245.078897] MSR: 00009032 <EE,ME,IR,DR>  CR: 24000088  XER: 00000000
[ 4245.080132] DAR: 00000000, DSISR: 40000000
[ 4245.081095] TASK =3D de64ac80[2960] 'ipolldevd' THREAD: dd894000
[ 4245.081296] GPR00: 00000000 dd895f60 de64ac80 dd9a73d4 dd9a73c0 0000=
0000 00000000 00000032=20
[ 4245.082659] GPR08: 00000000 00000001 dd9a73d4 c0351c8c 00321068 0000=
0000 00000000 00000000=20
[ 4245.084008] GPR16: 00000000 00000000 00000000 00000000 00000000 0000=
0000 00d8e5c0 00d8fec4=20
[ 4245.085383] GPR24: 00000000 005c3000 c0587d4c dd9a73d4 e2087130 dd9a=
73c0 dd9a73d4 dd9a73d8=20
[ 4245.087594] NIP [c0351cd4] eth_type_trans+0x48/0x114
[ 4245.088652] LR [e2250288] ieee80211_deliver_skb+0xec/0x154 [mac80211=
]
[ 4245.089777] Call Trace:
[ 4245.090681] [dd895f60] [e2250228] ieee80211_deliver_skb+0x8c/0x154 [=
mac80211] (unreliable)
[ 4245.091857] [dd895f80] [c0041004] run_workqueue+0xa8/0x138
[ 4245.092904] [dd895fa0] [c0041478] worker_thread+0xdc/0xf8
[ 4245.093948] [dd895fd0] [c00458f4] kthread+0x4c/0x88
[ 4245.094976] [dd895ff0] [c0013d08] kernel_thread+0x44/0x60
[ 4245.096022] Instruction dump:
[ 4245.096952] 409d002c 80030058 3929fff2 91230054 7c004810 7c000110 7c=
0000d0 0f000000=20
[ 4245.098248] 812300a0 3929000e 912300a0 810a0090 <88080000> a0e80000 =
70090001 a0c80002=20
-
To unsubscribe from this list: send the line "unsubscribe linux-wireles=
s" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

^ permalink raw reply	[flat|nested] only message in thread

only message in thread, other threads:[~2008-01-05 16:43 UTC | newest]

Thread overview: (only message) (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2008-01-05 16:42 mac80211 "failed to clone multicast frame" crash Michael Buesch

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.