[zd1211-devs] zd1211rw + 2.6.18-mm2 + restricted key: slab corruption

Sun, 01 Oct 2006 03:36:23 -0700 

Hello,

I've got slab corruption when I use restricted key:
[EMAIL PROTECTED] ~]# sh -x /test-zd.sh 
+ iwconfig eth1

eth1      IEEE 802.11b/g  ESSID:off/any  Nickname:"zd1211"
Mode:Managed Access Point: Invalid 
         Encryption key:off

         Link Quality:0  Signal level:0  Noise level:0

         Rx invalid nwid:0  Rx invalid crypt:0  Rx invalid frag:0

         Tx excessive retries:0  Invalid misc:0   Missed beacon:0



+ ifconfig eth1 up

+ iwlist eth1 scanning

eth1      Scan completed :

         Cell 01 - Address: 00:16:41:8F:79:0D

                   ESSID:"Livebox-8ae5"

                   Protocol:IEEE 802.11bg

                   Mode:Master

                   Channel:6

                   Encryption key:on

                   Bit Rates:1 Mb/s; 2 Mb/s; 5.5 Mb/s; 6 Mb/s; 9 Mb/s

                             11 Mb/s; 12 Mb/s; 18 Mb/s; 24 Mb/s; 36 Mb/s

                             48 Mb/s; 54 Mb/s
Quality=100/100 Signal level=11/100 
                   IE: WPA Version 1
Group Cipher : TKIP Pairwise Ciphers (1) : TKIP Authentication Suites (1) : PSK 
                   Extra: Last beacon: 292ms ago



+ iwconfig eth1 key restricted 1234-5678-9012-3456-7890-1234-56

+ iwconfig eth1 essid Livebox-8ae5
[EMAIL PROTECTED] ~]# 
[EMAIL PROTECTED] ~]# dmesg | tail -20

zd1211rw 1-1:1.0: firmware version 4725

zd1211rw 1-1:1.0: zd1211b chip 079b:0062 v4810 full 00-60-b3 AL2230_RF pa0 g---

zd1211rw 1-1:1.0: eth1

usbcore: registered new interface driver zd1211rw

ieee80211_crypt: registered algorithm 'WEP'

slab error in verify_redzone_free(): cache `size-32': memory outside object was 
overwritten

[<c0103939>] show_trace_log_lvl+0x12/0x25

[<c0103a1a>] show_trace+0xd/0x10

[<c010412c>] dump_stack+0x19/0x1b

[<c01504a1>] __slab_error+0x17/0x1c

[<c015055a>] cache_free_debugcheck+0xb4/0x18b

[<c0150bfd>] kfree+0x71/0xbd

[<e104a681>] ieee80211softmac_send_mgt_frame+0x3b1/0x3c0 [ieee80211softmac]

[<e104a865>] ieee80211softmac_auth_challenge_response+0x1b/0x21 
[ieee80211softmac]

[<c012488f>] run_workqueue+0x82/0xc4

[<c0124db5>] worker_thread+0xe1/0x114

[<c012728c>] kthread+0xb0/0xdc

[<c0103853>] kernel_thread_helper+0x7/0x10

=======================

cc32d3a8: redzone 1:0x170fc2a5, redzone 2:0xb666c946.
This is fully reproductible. I'm not sure whether it's a ieee80211softmac bug or a zd1211rw bug.
zd1211rw driver comes from http://dsd.object4.net/git/zd1211.git. .config and full dmesg can be downloaded from http://laurent.riffard.free.fr/2.6.18-mm2/. -- 
laurent

Attachment: signature.asc
Description: OpenPGP digital signature

-------------------------------------------------------------------------
Take Surveys. Earn Cash. Influence the Future of IT
Join SourceForge.net's Techsay panel and you'll get the chance to share your
opinions on IT & business topics through brief surveys -- and earn cash
http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV
_______________________________________________
Zd1211-devs mailing list - http://zd1211.ath.cx/
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/zd1211-devs

Reply via email to