race condition leading to segfault in d80211

All of lore.kernel.org
 help / color / mirror / Atom feed

* race condition leading to segfault in d80211
@ 2006-08-11 11:14 Johannes Berg
  0 siblings, 0 replies; only message in thread
From: Johannes Berg @ 2006-08-11 11:14 UTC (permalink / raw)
  To: netdev, Jiri Benc, Jouni Malinen

What was that about locking not having problems? :P

I was writing a small program that (using ioctls)
 * creates a new interface (using sysfs)
 * sets the interface to monitor mode
 * sets IFF_UP
 * (1)
 * sets IFF_DOWN
 * (2)
 * destroy interface (using sysfs)


That was fine, but then I wanted to see this happening and added 
"system("iwconfig")" at the two places marked (1) and (2), which 
triggered below bug. Note the address, I have slab debugging enabled.

[12143.789779] BUG: unable to handle kernel paging request at virtual address 6b6b752f
[12143.789785]  printing eip:
[12143.789787] e2cc1df0
[12143.789789] *pde = 00000000
[12143.789792] Oops: 0000 [#1]
[12143.789794] PREEMPT
[12143.789796] Modules linked in: arc4 rate_control rt2500usb 80211 ipv6 af_packet speedstep_lib cpufreq_userspace cpufreq_stats freq_table cpufreq_powersave cpufreq_ondemand cpufreq_conservative video sbs thermal i2c_ec i2c_core processor fan button battery container ac asus_acpi sr_mod sbp2 snd_intel8x0 snd_ac97_codec snd_ac97_bus snd_pcm_oss snd_mixer_oss snd_pcm snd_timer 8250_pnp snd soundcore floppy 8250 serial_core psmouse snd_page_alloc skge crc32 ohci1394 ieee1394 rtc pcspkr ehci_hcd uhci_hcd usbcore sg evdev
[12143.789831] CPU:    0
[12143.789832] EIP:    0060:[<e2cc1df0>]    Not tainted VLI
[12143.789833] EFLAGS: 00210282   (2.6.18-rc4 #2)
[12143.789850] EIP is at ieee80211_sta_scan_work+0x1a/0x406 [80211]
[12143.789853] eax: d517c320   ebx: cda019d8   ecx: c0128a7e   edx: c1490000
[12143.789856] esi: cda019dc   edi: 6b6b6b6b   ebp: c1491f4c   esp: c1491eec
[12143.789859] ds: 007b   es: 007b   ss: 0068
[12143.789862] Process events/0 (pid: 4, ti=c1490000 task=c1488070 task.ti=c1490000)
[12143.789864] Stack: 00200046 00200046 00200046 00000000 c042653c 00200046 00000000 c1476888
[12143.789872]        d517c000 d517c320 00200046 00000002 00000001 c0128a28 c147686c c0128a7e
[12143.789879]        00200046 c147686c c147686c 00200292 c1491f4c cda019d8 cda019dc c147686c
[12143.789887] Call Trace:
[12143.789889]  [<c010418f>] show_stack_log_lvl+0xa8/0xe5
[12143.789895]  [<c0104365>] show_registers+0x199/0x229
[12143.789899]  [<c0104844>] die+0x118/0x2ac
[12143.789902]  [<c0113db9>] do_page_fault+0x280/0x599
[12143.789908]  [<c0103ad5>] error_code+0x39/0x40
[12143.789912]  [<c0128a8e>] run_workqueue+0x76/0xea
[12143.789917]  [<c0128c88>] worker_thread+0xe4/0x11c
[12143.789921]  [<c012b82e>] kthread+0xcf/0xd3
[12143.789925]  [<c0101005>] kernel_thread_helper+0x5/0xb
[12143.789928] Code: ba 03 00 00 00 89 d8 e8 9c de 5c dd e9 e6 fe ff ff 55 89 e5 57 56 53 83 ec 54 89 45 c0 8b b8 c0 00 00 00 05 20 03 00 00 89 45 c4 <8b> 87 c4 09 00 00 89 45 b4 85 c0 0f 84 18 01 00 00 8b 87 d0 09
[12143.789964] EIP: [<e2cc1df0>] ieee80211_sta_scan_work+0x1a/0x406 [80211] SS:ESP 0068:c1491eec
[12143.789977]


^ permalink raw reply	[flat|nested] only message in thread

only message in thread, other threads:[~2006-08-11 11:15 UTC | newest]

Thread overview: (only message) (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2006-08-11 11:14 race condition leading to segfault in d80211 Johannes Berg

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.