On Fri, Sep 29, 2006 at 06:20:08PM -0700, Andrew Morton wrote:

On Fri, 29 Sep 2006 20:01:54 -0400

quoted

Here's the traceback I got:

slab error in verify_redzone_free(): cache `size-32': memory outside object was overwritten
[<c0103ad2>] dump_trace+0x64/0x1cd
[<c0103c4d>] show_trace_log_lvl+0x12/0x25
[<c010415f>] show_trace+0xd/0x10
[<c01041fc>] dump_stack+0x19/0x1b
[<c014c796>] __slab_error+0x17/0x1c
[<c014cdac>] cache_free_debugcheck+0xaf/0x230
[<c014d43e>] kfree+0x59/0x8c
[<c02dc04a>] ioctl_standard_call+0x1da/0x218
[<c02dc275>] wireless_process_ioctl+0x55/0x312
[<c02d3750>] dev_ioctl+0x45f/0x49a
[<c02c92aa>] sock_ioctl+0x1b3/0x1c6
[<c0160322>] do_ioctl+0x22/0x67
[<c01605a5>] vfs_ioctl+0x23e/0x251
[<c01605ff>] sys_ioctl+0x47/0x64
[<c0102cd3>] syscall_call+0x7/0xb
DWARF2 unwinder stuck at syscall_call+0x7/0xb

	Hum... Not clear what's happening. I'll look more into it on
monday.

quoted

A quick strace of gkrellm finds these likely ioctl's causing the problem:

% grep ioctl /tmp/foo2 | sort -u | more
ioctl(13, SIOCGIWESSID, 0xbfbcdb9c)     = 0

	That's most likely the one. I need to check the source code.

Yes.  The main thing which those WE-21 patches do is to shorten the size of
various buffers which are used in wireless ioctls.

	Only for ESSID, it reduce it by one char, and remove the final
'\0'. But, kernel wise, it should not matter.

quoted

Since I'm using an orinoco-based card, these 2 look like the most likely
candidates.  WE-21 was merged between -mm1 and -mm2, which is why -mm1 was
stable for me.

	I'm using Orinoco, I've not seen that with iwconfig.
	I'll look into that...

	Jean