[Bugme-new] [Bug 10821] New: rt25xx: lock dependancy warning, association failure, and kmalloc corruption
bugme-daemon at bugzilla.kernel.org
bugme-daemon at bugzilla.kernel.org
Thu May 29 14:30:44 PDT 2008
http://bugzilla.kernel.org/show_bug.cgi?id=10821
Summary: rt25xx: lock dependancy warning, association failure,
and kmalloc corruption
Product: Networking
Version: 2.5
KernelVersion: 2.6.26-rc4
Platform: All
OS/Version: Linux
Tree: Mainline
Status: NEW
Severity: blocking
Priority: P1
Component: Wireless
AssignedTo: networking_wireless at kernel-bugs.osdl.org
ReportedBy: casteyde.christian at free.fr
Latest working kernel version: 2.6.25.4
Earliest failing kernel version: 2.6.26-rc4
Previous rc not tested
Distribution: Bluewhite64 (64bit slackware)
Hardware Environment: rt2570 USB dongle
Software Environment: wpa_supplicant
Problem Description:
rt25xx USB wireless driver doesn't seem to work anymore.
First, when I plug it in, I get a lock dependency warning.
Second, it doesn't associate anymore (always falling in timeout).
And last, it corrupts the kernel memory when I unplug it.
The first dmesg output is:
=======================================================
[ INFO: possible circular locking dependency detected ]
2.6.26-rc4 #4
-------------------------------------------------------
rt2500usb/3123 is trying to acquire lock:
(rtnl_mutex){--..}, at: [<ffffffff80548562>] rtnl_lock+0x12/0x20
but task is already holding lock:
(&rt2x00dev->intf_work){--..}, at: [<ffffffff80243c32>]
run_workqueue+0x122/0x220
which lock already depends on the new lock.
the existing dependency chain (in reverse order) is:
-> #2 (&rt2x00dev->intf_work){--..}:
[<ffffffff80255d72>] __lock_acquire+0xcc2/0x1120
[<ffffffff80256227>] lock_acquire+0x57/0x80
[<ffffffff80243c77>] run_workqueue+0x167/0x220
[<ffffffff802447d6>] worker_thread+0xa6/0x110
[<ffffffff8024778d>] kthread+0x4d/0x80
[<ffffffff8020c238>] child_rip+0xa/0x12
[<ffffffffffffffff>] 0xffffffffffffffff
-> #1 ((name)){--..}:
[<ffffffff80255d72>] __lock_acquire+0xcc2/0x1120
[<ffffffff80256227>] lock_acquire+0x57/0x80
[<ffffffff80244435>] flush_workqueue+0x45/0x70
[<ffffffff806143c1>] ieee80211_stop+0x1b1/0x3c0
[<ffffffff8053dfd3>] dev_close+0x63/0xb0
[<ffffffff8053dc01>] dev_change_flags+0xa1/0x1d0
[<ffffffff8059098c>] devinet_ioctl+0x5bc/0x760
[<ffffffff80590fed>] inet_ioctl+0x6d/0x90
[<ffffffff8052fdc7>] sock_ioctl+0xc7/0x250
[<ffffffff8029e6a1>] vfs_ioctl+0x31/0x90
[<ffffffff8029e960>] do_vfs_ioctl+0x260/0x2e0
[<ffffffff8029ea2a>] sys_ioctl+0x4a/0x80
[<ffffffff8020b79b>] system_call_after_swapgs+0x7b/0x80
[<ffffffffffffffff>] 0xffffffffffffffff
-> #0 (rtnl_mutex){--..}:
[<ffffffff80255ba0>] __lock_acquire+0xaf0/0x1120
[<ffffffff80256227>] lock_acquire+0x57/0x80
[<ffffffff8063b37f>] mutex_lock_nested+0x8f/0x2c0
[<ffffffff80548562>] rtnl_lock+0x12/0x20
[<ffffffff80629887>] ieee80211_iterate_active_interfaces+0x27/0xa0
[<ffffffff8042f59e>] rt2x00lib_intf_scheduled+0x1e/0x20
[<ffffffff80243c7d>] run_workqueue+0x16d/0x220
[<ffffffff802447d6>] worker_thread+0xa6/0x110
[<ffffffff8024778d>] kthread+0x4d/0x80
[<ffffffff8020c238>] child_rip+0xa/0x12
[<ffffffffffffffff>] 0xffffffffffffffff
other info that might help us debug this:
2 locks held by rt2500usb/3123:
#0: ((name)){--..}, at: [<ffffffff80243c32>] run_workqueue+0x122/0x220
#1: (&rt2x00dev->intf_work){--..}, at: [<ffffffff80243c32>]
run_workqueue+0x122/0x220
stack backtrace:
Pid: 3123, comm: rt2500usb Not tainted 2.6.26-rc4 #4
Call Trace:
[<ffffffff80253ac3>] print_circular_bug_tail+0x83/0x90
[<ffffffff80253159>] ? print_circular_bug_entry+0x49/0x60
[<ffffffff80255ba0>] __lock_acquire+0xaf0/0x1120
[<ffffffff80548562>] ? rtnl_lock+0x12/0x20
[<ffffffff80256227>] lock_acquire+0x57/0x80
[<ffffffff80548562>] ? rtnl_lock+0x12/0x20
[<ffffffff8063b37f>] mutex_lock_nested+0x8f/0x2c0
[<ffffffff80430030>] ? rt2x00lib_intf_scheduled_iter+0x0/0x100
[<ffffffff80548562>] rtnl_lock+0x12/0x20
[<ffffffff80629887>] ieee80211_iterate_active_interfaces+0x27/0xa0
[<ffffffff8042f580>] ? rt2x00lib_intf_scheduled+0x0/0x20
[<ffffffff8042f59e>] rt2x00lib_intf_scheduled+0x1e/0x20
[<ffffffff80243c7d>] run_workqueue+0x16d/0x220
[<ffffffff802447d6>] worker_thread+0xa6/0x110
[<ffffffff80247ba0>] ? autoremove_wake_function+0x0/0x40
[<ffffffff80244730>] ? worker_thread+0x0/0x110
[<ffffffff8024778d>] kthread+0x4d/0x80
[<ffffffff8020c238>] child_rip+0xa/0x12
[<ffffffff8020bdf3>] ? restore_args+0x0/0x30
[<ffffffff80247740>] ? kthread+0x0/0x80
[<ffffffff8020c22e>] ? child_rip+0x0/0x12
2./When I start wpa_supplicant, I get:
ADDRCONF(NETDEV_UP): wlan0: link is not ready
wlan0: Initial auth_alg=0
wlan0: authenticate with AP 00:07:cb:55:12:b0
wlan0: authenticate with AP 00:07:cb:55:12:b0
wlan0: authenticate with AP 00:07:cb:55:12:b0
wlan0: authentication with AP 00:07:cb:55:12:b0 timed out
wlan0: Initial auth_alg=0
wlan0: authenticate with AP 00:07:cb:55:12:b0
wlan0: Initial auth_alg=0
wlan0: authenticate with AP 00:07:cb:55:12:b0
wlan0: RX authentication from 00:07:cb:55:12:b0 (alg=0 transaction=2 status=0)
wlan0: authenticated
wlan0: associate with AP 00:07:cb:55:12:b0
wlan0: authentication frame received from 00:07:cb:55:12:b0, but not in
authenticate state - ignored
wlan0: authentication frame received from 00:07:cb:55:12:b0, but not in
authenticate state - ignored
wlan0: authentication frame received from 00:07:cb:55:12:b0, but not in
authenticate state - ignored
wlan0: authentication frame received from 00:07:cb:55:12:b0, but not in
authenticate state - ignored
wlan0: authentication frame received from 00:07:cb:55:12:b0, but not in
authenticate state - ignored
wlan0: associate with AP 00:07:cb:55:12:b0
wlan0: associate with AP 00:07:cb:55:12:b0
wlan0: association with AP 00:07:cb:55:12:b0 timed out
ADDRCONF(NETDEV_UP): wlan0: link is not ready
wlan0: Initial auth_alg=0
wlan0: authenticate with AP 00:07:cb:55:12:b0
wlan0: authenticate with AP 00:07:cb:55:12:b0
wlan0: authenticate with AP 00:07:cb:55:12:b0
wlan0: authentication with AP 00:07:cb:55:12:b0 timed out
wlan0: Initial auth_alg=0
wlan0: authenticate with AP 00:07:cb:55:12:b0
wlan0: Initial auth_alg=0
wlan0: authenticate with AP 00:07:cb:55:12:b0
wlan0: RX authentication from 00:07:cb:55:12:b0 (alg=0 transaction=2 status=0)
wlan0: authenticated
wlan0: associate with AP 00:07:cb:55:12:b0
wlan0: authentication frame received from 00:07:cb:55:12:b0, but not in
authenticate state - ignored
wlan0: authentication frame received from 00:07:cb:55:12:b0, but not in
authenticate state - ignored
wlan0: authentication frame received from 00:07:cb:55:12:b0, but not in
authenticate state - ignored
wlan0: authentication frame received from 00:07:cb:55:12:b0, but not in
authenticate state - ignored
wlan0: authentication frame received from 00:07:cb:55:12:b0, but not in
authenticate state - ignored
wlan0: authentication frame received from 00:07:cb:55:12:b0, but not in
authenticate state - ignored
wlan0: associate with AP 00:07:cb:55:12:b0
wlan0: associate with AP 00:07:cb:55:12:b0
wlan0: association with AP 00:07:cb:55:12:b0 timed out
3./ When I unplug it, the kernel barks:
usb 1-4: USB disconnect, address 3
=============================================================================
BUG kmalloc-96: Freepointer corrupt
-----------------------------------------------------------------------------
INFO: Allocated in rt2x00queue_alloc_entries+0x49/0xc0 age=51192 cpu=0 pid=3152
INFO: Freed in sysfs_release+0x62/0xa0 age=51227 cpu=0 pid=3131
INFO: Slab 0xffffe200011383c8 objects=24 used=10 fp=0xffff81004eb7f9d8
flags=0x40000000000000c3
INFO: Object 0xffff81004eb7f150 @offset=336 fp=0xffff81004a4c5210
Bytes b4 0xffff81004eb7f140: 00 ae ff ff 00 00 00 00 5a 5a 5a 5a 5a 5a 5a 5a
.<AE><FF><FF>....ZZZZZZZ
Z
Object 0xffff81004eb7f150: 00 00 00 00 00 00 00 00 28 9f 0c 4d 00 81 ff ff
........(..M..<FF><FF>
Object 0xffff81004eb7f160: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
................
Object 0xffff81004eb7f170: 78 f1 b7 4e 00 81 ff ff 08 51 4c 4a 00 81 ff ff
x<F1><B7>N..<FF><FF>.QLJ
..<FF><FF>
Object 0xffff81004eb7f180: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
................
Object 0xffff81004eb7f190: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
................
Object 0xffff81004eb7f1a0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
................
Redzone 0xffff81004eb7f1b0: cc cc cc cc cc cc cc cc
<CC><CC><CC><CC><CC><CC>
<CC><CC>
Padding 0xffff81004eb7f1f0: 5a 5a 5a 5a 5a 5a 5a 5a
ZZZZZZZZ
Pid: 191, comm: khubd Not tainted 2.6.26-rc4 #4
Call Trace:
[<ffffffff8028ac39>] print_trailer+0xf9/0x160
[<ffffffff8028adbc>] object_err+0x3c/0x50
[<ffffffff8028b15a>] check_object+0x15a/0x250
[<ffffffff8028c695>] __slab_free+0x265/0x370
[<ffffffff8043181f>] ? rt2x00queue_uninitialize+0x1f/0x60
[<ffffffff8043181f>] ? rt2x00queue_uninitialize+0x1f/0x60
[<ffffffff8028c91a>] kfree+0xaa/0x120
[<ffffffff8043181f>] rt2x00queue_uninitialize+0x1f/0x60
[<ffffffff8042f5cd>] rt2x00lib_uninitialize+0x2d/0x40
[<ffffffff8042f881>] rt2x00lib_remove_dev+0x21/0x40
[<ffffffff80432a6a>] rt2x00usb_disconnect+0x2a/0x70
[<ffffffff804983d0>] usb_unbind_interface+0x70/0xd0
[<ffffffff803eb02c>] __device_release_driver+0x6c/0xa0
[<ffffffff803eb15b>] device_release_driver+0x2b/0x40
[<ffffffff803ea2ad>] bus_remove_device+0x8d/0xb0
[<ffffffff803e8b3b>] device_del+0x10b/0x190
[<ffffffff804950d1>] usb_disable_device+0x91/0x120
[<ffffffff80490413>] usb_disconnect+0xa3/0x140
[<ffffffff80491866>] hub_thread+0x426/0xf10
[<ffffffff80247ba0>] ? autoremove_wake_function+0x0/0x40
[<ffffffff80491440>] ? hub_thread+0x0/0xf10
[<ffffffff8024778d>] kthread+0x4d/0x80
[<ffffffff8020c238>] child_rip+0xa/0x12
[<ffffffff8020bdf3>] ? restore_args+0x0/0x30
[<ffffffff80247740>] ? kthread+0x0/0x80
[<ffffffff8020c22e>] ? child_rip+0x0/0x12
In the end the device is not usable anymore. It indeed associates with kernel
2.6.25.4.
Steps to reproduce:
I guess try a Ralink USB dongle with this chipset.
--
Configure bugmail: http://bugzilla.kernel.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug, or are watching someone who is.
More information about the Bugme-new
mailing list