On Monday 19 January 2009 00:27:02 Artur Skawina wrote: > Artur Skawina wrote: > > > > didn't trigger anything here, just the usual: > > > > BUG kmalloc-4096: Poison overwritten > > Still haven't found the corruptor, but at least i've narrowed it down a bit; > what i'm seeing is: > > 1) an skb "S" gets allocated in p54u_rx_cb and is submitted together w/ the urb. > 2) "S" later comes back to p54u_rx_cb, where it is given to p54_rx (eventually > ieee80211_rx_irqsafe) and a new one is allocated. > 3) a few (~15) rx/tx packets pass. > 4) SLUB detects modified poison in what used to be S->head in (1) and (2) above; > usually 0x6b turns into 0x6a, but i have also seen 0x69, just a few times. > (the offset from skb->head to the decremented byte seems to stay the same, > at least during the few times i tried w/ the same kernel, last one was eg > 684 bytes) > > This is almost 100% reproducible; sometimes the machine freezes instead. Do you know what is inside "S" when it handed over to ieee80211_rx_irqsafe? Is it always the same content, or is it sometimes a data or mgmt frame? Another shot in the dark: do you have a daemon that listen to mon.wlan0, wmaster / "any" other than hostapd? Regards, Chr -- To unsubscribe from this list: send the line "unsubscribe linux-wireless" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
