Search Linux Wireless

mac80211 "failed to clone multicast frame" crash

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

It seems that after allocation of the skb in ieee80211_deliver_skb() failed, somebody
dereferenced it.

Note the crap characters before the ": failed to clone multicast frame" message.
There should be the device name "dev->name". This might be a use-after-free bug.
Maybe we don't wait for the workqueue to finish on rmmod?

This happened while doing a rmmod, modprobe sequence. I'm not sure if it happened
on rmmod or modprobe.

[ 4245.070779] ݋ : failed to clone multicast frame
[ 4245.070802] Unable to handle kernel paging request for data at address 0x00000000
[ 4245.071996] Faulting instruction address: 0xc0351cd4
[ 4245.073068] Oops: Kernel access of bad area, sig: 11 [#1]
[ 4245.074117] PREEMPT PowerMac
[ 4245.075132] Modules linked in: ssb mac80211 rfkill_input appletouch af_packet rfkill led_class input_polldev ohci_hcd pcmcia unix
[ 4245.076705] NIP: c0351cd4 LR: e2250288 CTR: c0351c8c
[ 4245.077783] REGS: dd895eb0 TRAP: 0300   Not tainted  (2.6.24-rc5-wl26)
[ 4245.078897] MSR: 00009032 <EE,ME,IR,DR>  CR: 24000088  XER: 00000000
[ 4245.080132] DAR: 00000000, DSISR: 40000000
[ 4245.081095] TASK = de64ac80[2960] 'ipolldevd' THREAD: dd894000
[ 4245.081296] GPR00: 00000000 dd895f60 de64ac80 dd9a73d4 dd9a73c0 00000000 00000000 00000032 
[ 4245.082659] GPR08: 00000000 00000001 dd9a73d4 c0351c8c 00321068 00000000 00000000 00000000 
[ 4245.084008] GPR16: 00000000 00000000 00000000 00000000 00000000 00000000 00d8e5c0 00d8fec4 
[ 4245.085383] GPR24: 00000000 005c3000 c0587d4c dd9a73d4 e2087130 dd9a73c0 dd9a73d4 dd9a73d8 
[ 4245.087594] NIP [c0351cd4] eth_type_trans+0x48/0x114
[ 4245.088652] LR [e2250288] ieee80211_deliver_skb+0xec/0x154 [mac80211]
[ 4245.089777] Call Trace:
[ 4245.090681] [dd895f60] [e2250228] ieee80211_deliver_skb+0x8c/0x154 [mac80211] (unreliable)
[ 4245.091857] [dd895f80] [c0041004] run_workqueue+0xa8/0x138
[ 4245.092904] [dd895fa0] [c0041478] worker_thread+0xdc/0xf8
[ 4245.093948] [dd895fd0] [c00458f4] kthread+0x4c/0x88
[ 4245.094976] [dd895ff0] [c0013d08] kernel_thread+0x44/0x60
[ 4245.096022] Instruction dump:
[ 4245.096952] 409d002c 80030058 3929fff2 91230054 7c004810 7c000110 7c0000d0 0f000000 
[ 4245.098248] 812300a0 3929000e 912300a0 810a0090 <88080000> a0e80000 70090001 a0c80002 
-
To unsubscribe from this list: send the line "unsubscribe linux-wireless" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
[Index of Archives]     [Linux Host AP]     [ATH6KL]     [Linux Bluetooth]     [Linux Netdev]     [Kernel Newbies]     [Linux Kernel]     [IDE]     [Security]     [Git]     [Netfilter]     [Bugtraq]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Linux ATA RAID]     [Samba]     [Device Mapper]
  Powered by Linux