From: Pavel Roskin <proski@gnu.org>
To: Michael Buesch <mb@bu3sch.de>
Cc: linux-wireless@vger.kernel.org
Subject: Re: Pulling rt73 USB stick oopses the kernel
Date: Wed, 29 Jul 2009 14:44:34 -0400 [thread overview]
Message-ID: <1248893074.2750.11.camel@mj> (raw)
In-Reply-To: <200907291224.37562.mb@bu3sch.de>
On Wed, 2009-07-29 at 12:24 +0200, Michael Buesch wrote:
> Pulling a rt73 USB stick in operation (packets were injected into the monitor)
> does oops the kernel as follows:
...
> [ 829.269554] BUG kmalloc-16: Redzone overwritten
There are some memory corruption issues with the removal of rt73usb and
rt61pci, but they are hard to track down. Using kmemcheck allows to
catch the first invalid memory access.
That's what I got (that's unloading rt73usb with rmmod while the
interface is up in station mode):
usbcore: deregistering interface driver rt73usb
WARNING: kmemcheck: Caught 64-bit read from freed memory (ffff88012f36b4c0)
58f97781ffffffff58f97781ffffffff4c71000001000000e0e00481ffffffff
f f f f f f f f f f f f f f f f f f f f f f f f f f f f f f f f
^
Modules linked in: rt2x00usb rt2x00lib mac80211 cfg80211 [last unloaded: rt73usb]
Pid: 2043, comm: hald Not tainted 2.6.31-rc4-wl #185 G31T-M
RIP: 0010:[<ffffffff8124b476>] [<ffffffff8124b476>] __list_add+0x26/0xa0
RSP: 0018:ffff88012f8f7da0 EFLAGS: 00010046
RAX: ffffffff8177f480 RBX: ffff8800280305a0 RCX: 00000000000004c0
RDX: ffffffff8177f958 RSI: ffff88012f36b4c0 RDI: ffff8800280305a0
RBP: ffff88012f8f7dc0 R08: ffff88012f36b4c0 R09: ffff880028022000
R10: 00000000ffffffff R11: 0000000000000000 R12: ffffffff8177f958
R13: ffff88012f36b4c0 R14: 000000010000714c R15: ffffffff8177f480
FS: 00007ff62a5316f0(0000) GS:ffff880028022000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: ffff88012f890ea8 CR3: 000000012f21e000 CR4: 00000000000006f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000ffff4ff0 DR7: 0000000000000400
[<ffffffff810461f5>] internal_add_timer+0xb5/0x110
[<ffffffff810468b1>] mod_timer+0xe1/0x130
[<ffffffff81046913>] add_timer+0x13/0x20
[<ffffffff8104e03b>] queue_delayed_work_on+0x8b/0xc0
[<ffffffff8104e34c>] queue_delayed_work+0x1c/0x30
[<ffffffff8104e376>] schedule_delayed_work+0x16/0x20
[<ffffffff81081dc8>] vmstat_update+0x38/0x40
[<ffffffff8104dbb4>] worker_thread+0xe4/0x190
[<ffffffff81051816>] kthread+0x96/0xa0
[<ffffffff8100c2ba>] child_rip+0xa/0x20
[<ffffffffffffffff>] 0xffffffffffffffff
__list_add+0x26 corresponds to line 27 in lib/list_debug.c:
WARN(prev->next != next,
"list_add corruption. prev->next should be "
"next (%p), but was %p. (prev=%p).\n",
next, prev->next, prev);
next and prev are accessed in the previous statement, so apparently it's
prev->next that is invalid.
rt73usb is already unloaded at this point. Perhaps it left some timers
registered.
--
Regards,
Pavel Roskin
prev parent reply other threads:[~2009-07-29 18:44 UTC|newest]
Thread overview: 2+ messages / expand[flat|nested] mbox.gz Atom feed top
2009-07-29 10:24 Pulling rt73 USB stick oopses the kernel Michael Buesch
2009-07-29 18:44 ` Pavel Roskin [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1248893074.2750.11.camel@mj \
--to=proski@gnu.org \
--cc=linux-wireless@vger.kernel.org \
--cc=mb@bu3sch.de \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).