From: Mike Galbraith <efault@gmx.de>
To: linux-wireless <linux-wireless@vger.kernel.org>
Cc: LKML <linux-kernel@vger.kernel.org>,
"John W. Linville" <linville@tuxdriver.com>
Subject: Re: rt2800usb: memory corruption?
Date: Sat, 01 Aug 2009 12:55:54 +0200 [thread overview]
Message-ID: <1249124154.8236.5.camel@marge.simson.net> (raw)
In-Reply-To: <1249104348.7146.60.camel@marge.simson.net>
On Sat, 2009-08-01 at 07:25 +0200, Mike Galbraith wrote:
> [ 1529.736962] rt2800usb 7-5:1.0: firmware: requesting rt2870.bin
> [ 1529.812574] input: rt2800usb as /devices/pci0000:00/0000:00:1a.7/usb7/7-5/7-5:1.0/input/input6
> [ 1530.011246] ADDRCONF(NETDEV_UP): wlan0: link is not ready
> [ 1532.575208] wlan0: authenticate with AP 00:1a:4f:9a:d0:12
> [ 1532.589467] wlan0: authenticated
> [ 1532.599358] wlan0: associate with AP 00:1a:4f:9a:d0:12
> [ 1532.616210] wlan0: RX AssocResp from 00:1a:4f:9a:d0:12 (capab=0x411 status=0 aid=1)
> [ 1532.629818] wlan0: associated
> [ 1532.647010] ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
> [ 1534.905025] device wlan0 entered promiscuous mode
> [ 1535.202677] martian source 255.255.255.255 from 192.168.178.1, on dev wlan0
> [ 1535.206611] ll header: ff:ff:ff:ff:ff:ff:00:1a:4f:7b:e8:48:08:00
> [ 1535.298916] martian source 255.255.255.255 from 192.168.178.1, on dev wlan0
> [ 1535.306059] ll header: ff:ff:ff:ff:ff:ff:00:1a:4f:7b:e8:48:08:00
> [ 1536.512420] ------------[ cut here ]------------
> [ 1536.516065] kernel BUG at mm/slub.c:2929!
> [ 1536.516065] invalid opcode: 0000 [#1] SMP
> [ 1536.516065] last sysfs file: /sys/devices/system/cpu/cpu3/cache/index2/shared_cpu_map
> [ 1536.516065] CPU 0
> [ 1536.516065] Modules linked in: rt2800usb xt_tcpudp xt_pkttype xt_limit snd_pcm_oss snd_mixer_oss snd_seq snd_seq_device nfsd lockd nfs_acl auth_rpcgss sunrpc exportfs ip6t_REJECT nf_conntrack_ipv6 ip6table_raw xt_NOTRACK ipt_REJECT xt_state iptable_raw iptable_filter ip6table_mangle nf_conntrack_netbios_ns nf_conntrack_ipv4 nf_conntrack nf_defrag_ipv4 ip_tables cpufreq_conservative ip6table_filter cpufreq_ondemand ip6_tables cpufreq_userspace x_tables cpufreq_powersave acpi_cpufreq ipv6 microcode fuse loop dm_mod snd_hda_codec_realtek arc4 ecb snd_hda_intel snd_hda_codec rt2x00usb rt2x00lib firewire_ohci snd_hwdep snd_pcm led_class firewire_core snd_timer input_polldev crc_itu_t mac80211 snd ohci1394 usb_storage usbhid soundcore sr_mod rtc_cmos usb_libusual i2c_i801 cfg80211 snd_page_alloc rtc_core hid e1000e thermal processor ieee1394 i2c_core cdrom crc_ccitt intel_agp rtc_lib button sg uhci_hcd ehci_hcd sd_mod usbcore edd fan ext3 mbcache jbd ahci libata scsi_mod [last unloaded: rt2800usb]
> [ 1536.516065] Pid: 6982, comm: gam_server Not tainted 2.6.31-smp #1001 MS-7502
> [ 1536.516065] RIP: 0010:[<ffffffff810b7306>] [<ffffffff810b7306>] kfree+0x82/0x187
> [ 1536.516065] RSP: 0018:ffff8800ad1b5df8 EFLAGS: 00010246
> [ 1536.516065] RAX: 4000000000000000 RBX: ffff88009d7113a8 RCX: 0000000000000000
> [ 1536.516065] RDX: ffffea0000000000 RSI: ffffffff814b39f2 RDI: ffff88001818500b
> [ 1536.516065] RBP: ffff8800ad1b5e28 R08: 0000000000000000 R09: ffff8800ad1b5e48
> [ 1536.516065] R10: ffff8800ad1b5e48 R11: 0000000000000246 R12: ffffea0000545518
> [ 1536.516065] R13: 0000000000000010 R14: ffff88001818500b R15: 0000000001eeb460
> [ 1536.516065] FS: 00007f08d83726f0(0000) GS:ffff8800014e1000(0000) knlGS:0000000000000000
> [ 1536.516065] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
> [ 1536.516065] CR2: 00007f05b5c4e048 CR3: 00000000ad1a8000 CR4: 00000000000006f0
> [ 1536.516065] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
> [ 1536.516065] DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000400
> [ 1536.516065] Process gam_server (pid: 6982, threadinfo ffff8800ad1b4000, task ffff8800be290cc0)
> [ 1536.516065] Stack:
> [ 1536.516065] ffff8800ad1b5e38 ffff88009d7113a8 ffff88009d7113a8 0000000000000010
> [ 1536.516065] <0> 0000000000000002 0000000001eeb460 ffff8800ad1b5e48 ffffffff810e3b4c
> [ 1536.516065] <0> ffff8800ad1b5e48 0000000000000020 ffff8800ad1b5f08 ffffffff810e5e3b
> [ 1536.516065] Call Trace:
> [ 1536.516065] [<ffffffff810e3b4c>] fsnotify_put_event+0x45/0x58
> [ 1536.891064] [<ffffffff810e5e3b>] inotify_read+0x1f0/0x282
> [ 1536.891064] [<ffffffff81050bba>] ? autoremove_wake_function+0x0/0x38
> [ 1536.891064] [<ffffffff810bc2ac>] vfs_read+0xab/0x167
> [ 1536.891064] [<ffffffff810bc42c>] sys_read+0x47/0x6f
> [ 1536.891064] [<ffffffff8100ba6b>] system_call_fastpath+0x16/0x1b
> [ 1536.891064] Code: 00 ea ff ff 48 c1 e8 0c 48 6b c0 38 4c 8d 24 10 66 41 83 3c 24 00 79 05 4d 8b 64 24 10 49 8b 04 24 84 c0 78 17 66 a9 00 c0 75 04 <0f> 0b eb fe 4c 89 e7 e8 98 44 fe ff e9 e8 00 00 00 4d 8b 6c 24
> [ 1536.891064] RIP [<ffffffff810b7306>] kfree+0x82/0x187
> [ 1536.891064] RSP <ffff8800ad1b5df8>
> [ 1537.069331] ---[ end trace 432a664becb6485b ]---
> [ 1543.056005] wlan0: no IPv6 routers present
Enabled slub/pagealloc debugging. First down/rmmod said...
[ 129.028042] wlan0: deauthenticating by local choice (reason=3)
[ 140.015920] usbcore: deregistering interface driver rt2800usb
[ 140.132315] =============================================================================
[ 140.136190] BUG kmalloc-16: Redzone overwritten
[ 140.136190] -----------------------------------------------------------------------------
[ 140.136190]
[ 140.136190] INFO: 0xffff8800bcdfa538-0xffff8800bcdfa53b. First byte 0xb instead of 0xcc
[ 140.195773] INFO: Allocated in rt2x00usb_probe+0x127/0x1ad [rt2x00usb] age=31743 cpu=0 pid=1482
[ 140.195773] INFO: Slab 0xffffea0002950eb0 objects=46 used=29 fp=0xffff8800bcdfa790 flags=0x4000000000000083
[ 140.195773] INFO: Object 0xffff8800bcdfa528 @offset=1320 fp=0xffff8800bcdfa580
[ 140.195773]
[ 140.195773] Bytes b4 0xffff8800bcdfa518: 00 00 00 00 00 00 00 00 5a 5a 5a 5a 5a 5a 5a 5a ........ZZZZZZZZ
[ 140.260506] Object 0xffff8800bcdfa528: 00 00 00 00 cc 2e 40 18 c6 47 4c 18 51 92 16 18 ....Ì.@.ÆGL.Q...
[ 140.260506] Redzone 0xffff8800bcdfa538: 0b 50 18 18 cc cc cc cc .P..ÌÌÌÌ
[ 140.260506] Padding 0xffff8800bcdfa578: 5a 5a 5a 5a 5a 5a 5a 5a ZZZZZZZZ
[ 140.260506] Pid: 7812, comm: rmmod Not tainted 2.6.31-smp #1002
[ 140.260506] Call Trace:
[ 140.260506] [<ffffffff810b820a>] print_trailer+0x13b/0x144
[ 140.260506] [<ffffffff810b871a>] check_bytes_and_report+0xb2/0xf2
[ 140.260506] [<ffffffffa0305080>] ? rt2x00usb_free_reg+0x18/0x55 [rt2x00usb]
[ 140.260506] [<ffffffff810b87b6>] check_object+0x5c/0x207
[ 140.260506] [<ffffffff810b9037>] __slab_free+0x193/0x2bf
[ 140.260506] [<ffffffffa0305080>] ? rt2x00usb_free_reg+0x18/0x55 [rt2x00usb]
[ 140.260506] [<ffffffff810ba49d>] kfree+0xcf/0xd9
[ 140.260506] [<ffffffffa0305080>] rt2x00usb_free_reg+0x18/0x55 [rt2x00usb]
[ 140.260506] [<ffffffffa03050e8>] rt2x00usb_disconnect+0x2b/0x58 [rt2x00usb]
[ 140.260506] [<ffffffffa00c88b4>] usb_unbind_interface+0x5d/0xed [usbcore]
[ 140.260506] [<ffffffff811c6914>] __device_release_driver+0x7a/0xc0
[ 140.260506] [<ffffffff811c69d5>] driver_detach+0x7b/0xa1
[ 140.260506] [<ffffffff811c5c80>] bus_remove_driver+0x86/0xb6
[ 140.260506] [<ffffffff811c6ed4>] driver_unregister+0x66/0x6e
[ 140.260506] [<ffffffffa00c86c9>] usb_deregister+0x98/0xa6 [usbcore]
[ 140.260506] [<ffffffffa030fbe4>] rt2800usb_exit+0x10/0x12 [rt2800usb]
[ 140.260506] [<ffffffff8106248f>] sys_delete_module+0x1cf/0x243
[ 140.260506] [<ffffffff81020062>] ? __assign_irq_vector+0xf8/0x1bd
[ 140.260506] [<ffffffff8100ba6b>] system_call_fastpath+0x16/0x1b
[ 140.260506] FIX kmalloc-16: Restoring 0xffff8800bcdfa538-0xffff8800bcdfa53b=0xcc
next prev parent reply other threads:[~2009-08-01 10:55 UTC|newest]
Thread overview: 22+ messages / expand[flat|nested] mbox.gz Atom feed top
2009-07-30 9:22 [wireless] rt2870sta BUGs on shutdown, 2.6.30.2->git.today+git.wireless.today Mike Galbraith
2009-07-30 9:29 ` Johannes Berg
2009-07-30 9:44 ` Mike Galbraith
2009-07-30 9:55 ` Johannes Berg
2009-07-30 10:05 ` Mike Galbraith
2009-07-30 12:11 ` [rt2800 doesn't authenticate (wpapsk/tkip)] " Mike Galbraith
2009-08-01 5:25 ` rt2800usb: memory corruption? Mike Galbraith
2009-08-01 10:55 ` Mike Galbraith [this message]
2009-08-02 0:21 ` Pavel Roskin
2009-08-02 5:16 ` Mike Galbraith
2009-08-02 6:29 ` Mike Galbraith
2009-08-02 6:47 ` Mike Galbraith
2009-08-06 10:12 ` Pavel Roskin
2009-07-30 10:06 ` [wireless] rt2870sta BUGs on shutdown, 2.6.30.2->git.today+git.wireless.today Luis Correia
2009-07-30 13:17 ` Bartlomiej Zolnierkiewicz
2009-07-30 16:52 ` Ivo van Doorn
2009-07-30 17:09 ` Mike Galbraith
2009-07-30 17:11 ` Johannes Berg
2009-07-30 17:26 ` Greg KH
2009-07-30 18:04 ` Dan Williams
2009-07-30 18:13 ` Greg KH
2009-08-02 9:10 ` Peter Teoh
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1249124154.8236.5.camel@marge.simson.net \
--to=efault@gmx.de \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-wireless@vger.kernel.org \
--cc=linville@tuxdriver.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.