From: Ben Skeggs <bskeggs@redhat.com>
To: Marcin Slusarz <marcin.slusarz@gmail.com>
Cc: Linus Torvalds <torvalds@linux-foundation.org>,
Kyle Spaans <kspaans@uwaterloo.ca>,
linux-kernel@vger.kernel.org,
Dominik Brodowski <linux@dominikbrodowski.net>,
airlied@redhat.com, dri-devel@lists.freedesktop.org,
mjg@redhat.com, maciej.rutecki@gmail.com,
nouveau@lists.freedesktop.org,
Nigel Cunningham <lkml@nigelcunningham.com.au>,
Nick Piggin <npiggin@gmail.com>
Subject: Re: 2.6.39-rc1 nouveau(?) regression (bisected)
Date: Wed, 20 Apr 2011 08:34:42 +1000 [thread overview]
Message-ID: <1303252482.7270.398.camel@caspar> (raw)
In-Reply-To: <20110419214747.GA2965@joi.lan>
On Tue, 2011-04-19 at 23:47 +0200, Marcin Slusarz wrote:
> On Mon, Apr 18, 2011 at 01:27:10PM -0700, Linus Torvalds wrote:
> > On Mon, Apr 18, 2011 at 1:02 PM, Marcin Slusarz
> > <marcin.slusarz@gmail.com> wrote:
> > >
> > > It's some nasty corruption:
> >
> > Looks like something wrote 0xffffffff to free'd memory.
> >
> > Enabling DEBUG_PAGEALLOC *might* show where it happens.
> >
> > >
> > > [ 6.523867] =============================================================================
> > > [ 6.523916] BUG sysfs_dir_cache: Poison overwritten
> > > [ 6.523949] -----------------------------------------------------------------------------
> > > [ 6.523950]
> > > [ 6.524016] INFO: 0xffff8801bb47df4c-0xffff8801bb47df4f. First byte 0xff instead of 0x6b
> > > [ 6.524061] INFO: Slab 0xffffea00060f7b58 objects=22 used=21 fp=0xffff8801bb47df18 flags=0x80000000000000c1
> > > [ 6.524110] INFO: Object 0xffff8801bb47df18 @offset=3864 fp=0x (null)
> > > [ 6.524111]
> > > [ 6.524170] Bytes b4 0xffff8801bb47df08: 00 00 00 00 00 00 00 00 5a 5a 5a 5a 5a 5a 5a 5a ........ZZZZZZZZ
> > > [ 6.524516] Object 0xffff8801bb47df18: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk
> > > [ 6.524862] Object 0xffff8801bb47df28: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk
> > > [ 6.525208] Object 0xffff8801bb47df38: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk
> > > [ 6.525556] Object 0xffff8801bb47df48: 6b 6b 6b 6b ff ff ff ff 6b 6b 6b 6b 6b 6b 6b 6b kkkk<FF><FF><FF><FF>kkkkkkkk
> >
> > So here the 0xffffffff is pretty obvious.
> >
> > > and in another boot:
> > >
> > > [ 6.704786] BUG: unable to handle kernel paging request at ffffffffbc70b058
> >
> > Here it is less obvious, but it was _probably_ a regular kernel
> > pointer of the type 0xffff8801bc70b058 before the high bits were
> > overwritten by a 0xffffffff.
> >
> > So then sysfs_refresh_inode() follows that pointer, and crashes.
> >
> > Just a guess, obviously, but it looks rather likely.
>
> Thanks. It helped a bit.
> I'll send two patches in response to this message, one of which fixes this bug.
Nice catch. I'll push these to the nouveau tree now, and get them to
Dave with some additional fixes.
Ben.
>
> Marcin
>
next prev parent reply other threads:[~2011-04-19 22:34 UTC|newest]
Thread overview: 25+ messages / expand[flat|nested] mbox.gz Atom feed top
2011-04-03 18:12 2.6.39-rc1 noveau trouble and regression (bad commit: 38f1cff0863809587b5fd10ecd0c24c8b543a48c ) Dominik Brodowski
2011-04-07 15:11 ` Dominik Brodowski
2011-04-14 17:05 ` 2.6.39-rc1 nouveau regression (bisected) Dominik Brodowski
2011-04-14 19:02 ` Marcin Slusarz
2011-04-15 6:11 ` Dominik Brodowski
[not found] ` <20110415061136.GA21979-tMoCr9MfkJ7BIBdbVgieoIQuADTiUCJX@public.gmane.org>
2011-04-16 22:12 ` Nigel Cunningham
2011-04-16 22:12 ` Nigel Cunningham
2011-04-16 22:12 ` Nigel Cunningham
2011-04-16 23:50 ` Kyle Spaans
2011-04-17 15:12 ` Kyle Spaans
2011-04-17 15:45 ` Marcin Slusarz
2011-04-17 15:45 ` Marcin Slusarz
2011-04-17 16:24 ` Kyle Spaans
2011-04-17 16:49 ` Marcin Slusarz
2011-04-17 16:49 ` Marcin Slusarz
2011-04-18 20:02 ` 2.6.39-rc1 nouveau(?) " Marcin Slusarz
2011-04-18 20:27 ` Linus Torvalds
2011-04-19 21:47 ` Marcin Slusarz
2011-04-19 21:50 ` [PATCH 1/2] drm/nouveau: fix notifier memory corruption bug Marcin Slusarz
2011-04-19 21:52 ` [PATCH 2/2] drm/nouveau: fix allocation of notifier object Marcin Slusarz
2011-04-19 22:34 ` Ben Skeggs [this message]
2011-04-20 14:18 ` 2.6.39-rc1 nouveau(?) regression (bisected) Kyle Spaans
2011-04-22 16:29 ` Dominik Brodowski
2011-04-17 16:23 ` 2.6.39-rc1 nouveau " Marcin Slusarz
2011-04-17 17:20 ` Dominik Brodowski
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1303252482.7270.398.camel@caspar \
--to=bskeggs@redhat.com \
--cc=airlied@redhat.com \
--cc=dri-devel@lists.freedesktop.org \
--cc=kspaans@uwaterloo.ca \
--cc=linux-kernel@vger.kernel.org \
--cc=linux@dominikbrodowski.net \
--cc=lkml@nigelcunningham.com.au \
--cc=maciej.rutecki@gmail.com \
--cc=marcin.slusarz@gmail.com \
--cc=mjg@redhat.com \
--cc=nouveau@lists.freedesktop.org \
--cc=npiggin@gmail.com \
--cc=torvalds@linux-foundation.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.