mac80211 "failed to clone multicast frame" crash

linux-wireless.vger.kernel.org archive mirror
 help / color / mirror / Atom feed

* mac80211 "failed to clone multicast frame" crash
@ 2008-01-05 16:42 Michael Buesch
  0 siblings, 0 replies; only message in thread
From: Michael Buesch @ 2008-01-05 16:42 UTC (permalink / raw)
  To: Johannes Berg; +Cc: linux-wireless

It seems that after allocation of the skb in ieee80211_deliver_skb() fa=
iled, somebody
dereferenced it.

Note the crap characters before the ": failed to clone multicast frame"=
 message.
There should be the device name "dev->name". This might be a use-after-=
free bug.
Maybe we don't wait for the workqueue to finish on rmmod?

This happened while doing a rmmod, modprobe sequence. I'm not sure if i=
t happened
on rmmod or modprobe.

[ 4245.070779] =DD=8B : failed to clone multicast frame
[ 4245.070802] Unable to handle kernel paging request for data at addre=
ss 0x00000000
[ 4245.071996] Faulting instruction address: 0xc0351cd4
[ 4245.073068] Oops: Kernel access of bad area, sig: 11 [#1]
[ 4245.074117] PREEMPT PowerMac
[ 4245.075132] Modules linked in: ssb mac80211 rfkill_input appletouch =
af_packet rfkill led_class input_polldev ohci_hcd pcmcia unix
[ 4245.076705] NIP: c0351cd4 LR: e2250288 CTR: c0351c8c
[ 4245.077783] REGS: dd895eb0 TRAP: 0300   Not tainted  (2.6.24-rc5-wl2=
6)
[ 4245.078897] MSR: 00009032 <EE,ME,IR,DR>  CR: 24000088  XER: 00000000
[ 4245.080132] DAR: 00000000, DSISR: 40000000
[ 4245.081095] TASK =3D de64ac80[2960] 'ipolldevd' THREAD: dd894000
[ 4245.081296] GPR00: 00000000 dd895f60 de64ac80 dd9a73d4 dd9a73c0 0000=
0000 00000000 00000032=20
[ 4245.082659] GPR08: 00000000 00000001 dd9a73d4 c0351c8c 00321068 0000=
0000 00000000 00000000=20
[ 4245.084008] GPR16: 00000000 00000000 00000000 00000000 00000000 0000=
0000 00d8e5c0 00d8fec4=20
[ 4245.085383] GPR24: 00000000 005c3000 c0587d4c dd9a73d4 e2087130 dd9a=
73c0 dd9a73d4 dd9a73d8=20
[ 4245.087594] NIP [c0351cd4] eth_type_trans+0x48/0x114
[ 4245.088652] LR [e2250288] ieee80211_deliver_skb+0xec/0x154 [mac80211=
]
[ 4245.089777] Call Trace:
[ 4245.090681] [dd895f60] [e2250228] ieee80211_deliver_skb+0x8c/0x154 [=
mac80211] (unreliable)
[ 4245.091857] [dd895f80] [c0041004] run_workqueue+0xa8/0x138
[ 4245.092904] [dd895fa0] [c0041478] worker_thread+0xdc/0xf8
[ 4245.093948] [dd895fd0] [c00458f4] kthread+0x4c/0x88
[ 4245.094976] [dd895ff0] [c0013d08] kernel_thread+0x44/0x60
[ 4245.096022] Instruction dump:
[ 4245.096952] 409d002c 80030058 3929fff2 91230054 7c004810 7c000110 7c=
0000d0 0f000000=20
[ 4245.098248] 812300a0 3929000e 912300a0 810a0090 <88080000> a0e80000 =
70090001 a0c80002=20
-
To unsubscribe from this list: send the line "unsubscribe linux-wireles=
s" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

^ permalink raw reply	[flat|nested] only message in thread

only message in thread, other threads:[~2008-01-05 16:43 UTC | newest]

Thread overview: (only message) (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2008-01-05 16:42 mac80211 "failed to clone multicast frame" crash Michael Buesch

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).