Bug 16419

Summary: Circular locking warning in adhoc mode
Product: Networking Reporter: Bob Copeland (me)
Component: WirelessAssignee: Johannes Berg (johannes)
Status: RESOLVED CODE_FIX    
Severity: normal CC: johannes, networking_wireless
Priority: P1    
Hardware: All   
OS: Linux   
Kernel Version: 2.6.35-rc5-wl Subsystem:
Regression: No Bisected commit-id:
Attachments: patch to fix lockdep complaint & a race

Description Bob Copeland 2010-07-19 19:37:16 UTC 
I'll follow up with details to reproduce if I can.  I was using ifconfig to set the IP on the interface.

[74630.112167] wlan0: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge)
[74664.034332] phy2: Removed STA 00:18:41:c8:58:43
[74664.035244] phy2: Destroyed STA 00:18:41:c8:58:43
[74664.035284] wlan0: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge)
[74695.265167] phy2: Adding new IBSS station 00:1c:bf:2c:ac:ed (dev=wlan0)
[74695.265243] phy2: Allocated STA 00:1c:bf:2c:ac:ed
[74695.266457] phy2: Added IBSS STA 00:1c:bf:2c:ac:ed
[74695.266634] phy2: Finished adding IBSS STA 00:1c:bf:2c:ac:ed
[75042.857763] 
[75042.857765] =======================================================
[75042.857771] [ INFO: possible circular locking dependency detected ]
[75042.857775] 2.6.35-rc5-wl+ #221
[75042.857778] -------------------------------------------------------
[75042.857782] ifconfig/9044 is trying to acquire lock:
[75042.857785]  ((&sdata->work)){+.+.+.}, at: [<c1041f94>] __cancel_work_timer+0x86/0x18b
[75042.857798] 
[75042.857799] but task is already holding lock:
[75042.857803]  (&wdev->mtx){+.+.+.}, at: [<f8567b87>] cfg80211_leave_ibss+0x27/0x45 [cfg80211]
[75042.857823] 
[75042.857824] which lock already depends on the new lock.
[75042.857826] 
[75042.857829] 
[75042.857830] the existing dependency chain (in reverse order) is:
[75042.857833] 
[75042.857834] -> #1 (&wdev->mtx){+.+.+.}:
[75042.857841]        [<c105678b>] __lock_acquire+0x7cb/0x824
[75042.857849]        [<c1056893>] lock_acquire+0xaf/0xce
[75042.857855]        [<c12a1a61>] mutex_lock_nested+0x52/0x2b0
[75042.857862]        [<f8566f83>] cfg80211_send_deauth+0x27/0x40 [cfg80211]
[75042.857876]        [<f85c68f1>] ieee80211_send_deauth_disassoc+0xfc/0x154 [mac80211]
[75042.857898]        [<f85c7c58>] ieee80211_sta_work+0xdd/0xf8 [mac80211]
[75042.857918]        [<f85cc9bd>] ieee80211_iface_work+0x23c/0x24d [mac80211]
[75042.857939]        [<c1041713>] worker_thread+0x1b4/0x284
[75042.857944]        [<c1044ab1>] kthread+0x64/0x69
[75042.857950]        [<c1002cfa>] kernel_thread_helper+0x6/0x10
[75042.857957] 
[75042.857958] -> #0 ((&sdata->work)){+.+.+.}:
[75042.857965]        [<c1055ab0>] validate_chain+0x669/0xb79
[75042.857971]        [<c105678b>] __lock_acquire+0x7cb/0x824
[75042.857977]        [<c1056893>] lock_acquire+0xaf/0xce
[75042.857982]        [<c1041fbc>] __cancel_work_timer+0xae/0x18b
[75042.857988]        [<c10420ba>] cancel_work_sync+0xf/0x11
[75042.857994]        [<f85c516e>] ieee80211_ibss_leave+0xb0/0x137 [mac80211]
[75042.858013]        [<f85ce793>] ieee80211_leave_ibss+0x13/0x15 [mac80211]
[75042.858034]        [<f8567740>] __cfg80211_leave_ibss+0x51/0x6b [cfg80211]
[75042.858049]        [<f8567b94>] cfg80211_leave_ibss+0x34/0x45 [cfg80211]
[75042.858063]        [<f85572f6>] cfg80211_netdev_notifier_call+0x23a/0x419 [cfg80211]
[75042.858074]        [<c12a5f88>] notifier_call_chain+0x56/0x83
[75042.858082]        [<c1048fd2>] raw_notifier_call_chain+0x11/0x13
[75042.858088]        [<c12366f0>] call_netdevice_notifiers+0x41/0x48
[75042.858096]        [<c1236adc>] __dev_close+0x54/0x7b
[75042.858101]        [<c1234794>] __dev_change_flags+0x98/0x10f
[75042.858107]        [<c12369b3>] dev_change_flags+0x18/0x44
[75042.858113]        [<c127c14b>] devinet_ioctl+0x227/0x515
[75042.858119]        [<c127d7cc>] inet_ioctl+0x87/0xa0
[75042.858125]        [<c12274a7>] sock_ioctl+0x1d3/0x1f5
[75042.858131]        [<c10befc2>] vfs_ioctl+0x2c/0x96
[75042.858137]        [<c10bf541>] do_vfs_ioctl+0x471/0x4a5
[75042.858143]        [<c10bf5a8>] sys_ioctl+0x33/0x4d
[75042.858148]        [<c10027d0>] sysenter_do_call+0x12/0x36
[75042.858154] 
[75042.858155] other info that might help us debug this:
[75042.858157] 
[75042.858161] 2 locks held by ifconfig/9044:
[75042.858164]  #0:  (rtnl_mutex){+.+.+.}, at: [<c1240875>] rtnl_lock+0x14/0x16
[75042.858174]  #1:  (&wdev->mtx){+.+.+.}, at: [<f8567b87>] cfg80211_leave_ibss+0x27/0x45 [cfg80211]
[75042.858192] 
[75042.858193] stack backtrace:
[75042.858198] Pid: 9044, comm: ifconfig Not tainted 2.6.35-rc5-wl+ #221
[75042.858202] Call Trace:
[75042.858208]  [<c12a0284>] ? printk+0x14/0x18
[75042.858214]  [<c10544bb>] print_circular_bug+0x90/0x9c
[75042.858221]  [<c1055ab0>] validate_chain+0x669/0xb79
[75042.858228]  [<c105678b>] __lock_acquire+0x7cb/0x824
[75042.858234]  [<c1049900>] ? pm_qos_power_open+0x53/0x73
[75042.858240]  [<c1041f94>] ? __cancel_work_timer+0x86/0x18b
[75042.858246]  [<c1056893>] lock_acquire+0xaf/0xce
[75042.858252]  [<c1041f94>] ? __cancel_work_timer+0x86/0x18b
[75042.858256]  [<c1041fbc>] __cancel_work_timer+0xae/0x18b
[75042.858256]  [<c1041f94>] ? __cancel_work_timer+0x86/0x18b
[75042.858256]  [<c1053cd5>] ? mark_held_locks+0x43/0x5b
[75042.858256]  [<c12a3282>] ? _raw_spin_unlock_irqrestore+0x47/0x5d
[75042.858256]  [<c12a5e7c>] ? sub_preempt_count+0x8b/0x98
[75042.858256]  [<c12a3282>] ? _raw_spin_unlock_irqrestore+0x47/0x5d
[75042.858256]  [<c103a3f8>] ? try_to_del_timer_sync+0xab/0xb3
[75042.858256]  [<c10420ba>] cancel_work_sync+0xf/0x11
[75042.858256]  [<f85c516e>] ieee80211_ibss_leave+0xb0/0x137 [mac80211]
[75042.858256]  [<f85ce793>] ieee80211_leave_ibss+0x13/0x15 [mac80211]
[75042.858256]  [<f8567740>] __cfg80211_leave_ibss+0x51/0x6b [cfg80211]
[75042.858256]  [<f8567b94>] cfg80211_leave_ibss+0x34/0x45 [cfg80211]
[75042.858256]  [<f85572f6>] cfg80211_netdev_notifier_call+0x23a/0x419 [cfg80211]
[75042.858256]  [<c12a5f88>] notifier_call_chain+0x56/0x83
[75042.858256]  [<c1048fd2>] raw_notifier_call_chain+0x11/0x13
[75042.858256]  [<c12366f0>] call_netdevice_notifiers+0x41/0x48
[75042.858256]  [<c1236adc>] __dev_close+0x54/0x7b
[75042.858256]  [<c1234794>] __dev_change_flags+0x98/0x10f
[75042.858256]  [<c12369b3>] dev_change_flags+0x18/0x44
[75042.858256]  [<c127c14b>] devinet_ioctl+0x227/0x515
[75042.858256]  [<c127d7cc>] inet_ioctl+0x87/0xa0
[75042.858256]  [<c12274a7>] sock_ioctl+0x1d3/0x1f5
[75042.858256]  [<c10befc2>] vfs_ioctl+0x2c/0x96
[75042.858256]  [<c12272d4>] ? sock_ioctl+0x0/0x1f5
[75042.858256]  [<c10bf541>] do_vfs_ioctl+0x471/0x4a5
[75042.858256]  [<c104889b>] ? up_read+0x1b/0x30
[75042.858256]  [<c12a5dc3>] ? do_page_fault+0x3c8/0x3f6
[75042.858256]  [<c113df4c>] ? trace_hardirqs_on_thunk+0xc/0x10
[75042.858256]  [<c10bf5a8>] sys_ioctl+0x33/0x4d
[75042.858256]  [<c10027d0>] sysenter_do_call+0x12/0x36
[75042.861424] phy2: Removed STA 00:1c:bf:2c:ac:ed
[75042.861997] phy2: Destroyed STA 00:1c:bf:2c:ac:ed
[75042.871814] phy2: device now idle
[75400.716965] PM: Removing info for No Bus:wlan0
[75400.720911] PM: Removing info for No Bus:rfkill2
Comment 1 Johannes Berg 2010-07-20 08:34:31 UTC 
Created attachment 27164 [details]
patch to fix lockdep complaint & a race

Can you try this please?
Comment 2 Bob Copeland 2010-07-20 21:50:12 UTC 
Hmm, well patch worked fine switching back and forth between ibss and station and randomly leaving the networks - that said I also couldn't figure out the right combo to reproduce the warning in the unpatched kernel.  The reasoning makes sense though.
Comment 3 Johannes Berg 2010-07-21 07:50:55 UTC 
Hmm, it's possible that you have to get disconnected by the AP rather than disconnecting yourself for it to trigger.
Comment 4 Johannes Berg 2010-07-21 08:51:34 UTC 
Yes, I can reproduce it that way w/o the patch, and the patch fixes it.