Christian Lamparter wrote: > On Monday 19 January 2009 00:27:02 Artur Skawina wrote: >> Artur Skawina wrote: >>> didn't trigger anything here, just the usual: >>> >>> BUG kmalloc-4096: Poison overwritten > >> Still haven't found the corruptor, but at least i've narrowed it down a bit; >> what i'm seeing is: >> >> 1) an skb "S" gets allocated in p54u_rx_cb and is submitted together w/ the urb. >> 2) "S" later comes back to p54u_rx_cb, where it is given to p54_rx (eventually >> ieee80211_rx_irqsafe) and a new one is allocated. >> 3) a few (~15) rx/tx packets pass. >> 4) SLUB detects modified poison in what used to be S->head in (1) and (2) above; >> usually 0x6b turns into 0x6a, but i have also seen 0x69, just a few times. >> (the offset from skb->head to the decremented byte seems to stay the same, >> at least during the few times i tried w/ the same kernel, last one was eg >> 684 bytes) >> >> This is almost 100% reproducible; sometimes the machine freezes instead. > > Do you know what is inside "S" when it handed over to ieee80211_rx_irqsafe? > Is it always the same content, or is it sometimes a data or mgmt frame? Last time the urb was 88 bytes, that would make the packet <=72 bytes; i didn't log the content. will do. > Another shot in the dark: do you have a daemon that listen to mon.wlan0, wmaster / "any" other than hostapd? I usually have tcpdump listening on wlan0, nothing else (other than dhcpd). artur -- To unsubscribe from this list: send the line "unsubscribe linux-wireless" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
