On 18 May 2015 at 18:31, Larry Finger <Larry.Finger@xxxxxxxxxxxx> wrote: > On 05/17/2015 02:22 PM, Haggai Eran wrote: >> >> I added some debugging prints, trying to see more details about the >> packet that fails the r8712_validate_recv_frame. I noticed I'm getting >> many packets where recv_decache returns _FAIL. However, the last two >> packets before the crash fail for different reasons. The first has the >> ver field set to 3 (instead of zero). The second (the one that get's >> freed and cause the crash apparently) has an unknown type (12). If I'm >> not mistaken, 12 = WIFI_CTRL_TYPE | WIFI_DATA_TYPE. Is that possible? >> >> It could be that the packet headers are garbled though. > > > I think the headers are garbled. Did you log the address of the skb at > precvframe->u.hdr.pkt in r8712_free_recvframe() or orig_prframe->u.hdr.pct > in recv_func(). I haven't. I'll print that. > > I am still dubious of the cast "prframe = (union recv_frame *)pcontext;" in > recv_func(). Why? As far as I can see, recv_func is called only at one place (r8712_recv_entry), where it is passed a union recv_frame * as the pcontext parameter. Haggai -- To unsubscribe from this list: send the line "unsubscribe linux-wireless" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
