From: Johannes Berg <johannes@sipsolutions.net>
To: Andrew Chant <andrew.chant@gmail.com>
Cc: linux-wireless@vger.kernel.org,
"Luis R. Rodriguez" <mcgrof@gmail.com>,
Jouni Malinen <jouni@qca.qualcomm.com>,
Vasanthakumar Thiagarajan <vthiagar@qca.qualcomm.com>,
Senthil Balasubramanian <senthilb@qca.qualcomm.com>
Subject: Re: v3.4.4 ath9k: kernel NULL pointer dereference in skb_dequeue during heavy udp xmit
Date: Fri, 06 Jul 2012 09:15:44 +0200 [thread overview]
Message-ID: <1341558944.4462.9.camel@jlt3.sipsolutions.net> (raw)
In-Reply-To: <CANugF37dDx1mvNJ-Y3is6OaeVFD1KwH=yh8Xef2BrN=YQPsiZQ@mail.gmail.com> (sfid-20120706_063735_542275_72C9855A)
-John
+QCA folks
On Thu, 2012-07-05 at 21:36 -0700, Andrew Chant wrote:
> while performance testing ath9k -> ath9k performance in 3.4.4, I got
> a nasty kernel panic. My performance testing involved filling the air
> with 1410-byte UDP packets between the machines, and switching the
> frequencies of the two cards to see how frequency affected
> performance. I had switched between channels 36, 40, 44, and 48.
> Oops was on the transmitting machine, which was acting as the AP.
>
> Very clear screen image of the oops is at
> https://picasaweb.google.com/lh/photo/CjBdHLZH0up5PrnmCySJidMTjNZETYmyPJy0liipFm0?feat=directlink
I briefly looked at this, but I don't see a bug in mac80211. It seems
likely that ath9k hands back a corrupted SKB, or frees one it no longer
owns, or such. The skb->next/prev pointers seem corrupted (rcx is NULL)
in one of the SKBs on the list, but mac80211 can't do that afaict.
johannes
next prev parent reply other threads:[~2012-07-06 7:15 UTC|newest]
Thread overview: 8+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <CANugF35YQzs7gi4htrgCUKrTDp_ia0RUo9g_HNJ=CzfnOCkO2g@mail.gmail.com>
2012-07-06 4:36 ` v3.4.4 ath9k: kernel NULL pointer dereference in skb_dequeue during heavy udp xmit Andrew Chant
2012-07-06 7:15 ` Johannes Berg [this message]
2012-07-06 7:46 ` Andrew Chant
2012-07-12 6:35 ` Andrew Chant
2012-07-16 5:19 ` Mohammed Shafi
2012-07-17 3:06 ` Andrew Chant
2012-07-17 3:18 ` Mohammed Shafi
2012-07-17 15:05 ` Andrew Chant
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1341558944.4462.9.camel@jlt3.sipsolutions.net \
--to=johannes@sipsolutions.net \
--cc=andrew.chant@gmail.com \
--cc=jouni@qca.qualcomm.com \
--cc=linux-wireless@vger.kernel.org \
--cc=mcgrof@gmail.com \
--cc=senthilb@qca.qualcomm.com \
--cc=vthiagar@qca.qualcomm.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).