[BUG] net: sungem: device driver frees DMA memory with wrong function

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Corentin Labbe <clabbe.montjoie@gmail.com>
To: davem@davemloft.net
Cc: netdev@vger.kernel.org, linux-kernel@vger.kernel.org
Subject: [BUG] net: sungem: device driver frees DMA memory with wrong function
Date: Sun, 23 Dec 2018 20:38:21 +0100	[thread overview]
Message-ID: <20181223193821.GA24922@Red> (raw)

Hello

During a boot on a qemu machine, I hit the following problem:
[   21.613659] ------------[ cut here ]------------
[   21.614039] DMA-API: gem 0000:00:0f.0: device driver frees DMA memory with wrong function [device address=0x00000000185c5402] [size=408 bytes] [mapped as page] [unmapped as single]
[   21.615960] WARNING: CPU: 0 PID: 206 at /linux-next/kernel/dma/debug.c:1085 check_unmap+0x1b0/0xd10
[   21.616599] Modules linked in:
[   21.617344] CPU: 0 PID: 206 Comm: dhcpcd Not tainted 4.20.0-rc6-next-20181217+ #12
[   21.617735] NIP:  c00ad4e0 LR: c00ad4e0 CTR: c058a710
[   21.618068] REGS: dfff7cb0 TRAP: 0700   Not tainted  (4.20.0-rc6-next-20181217+)
[   21.618404] MSR:  00021032 <ME,IR,DR,RI>  CR: 28008264  XER: 00000000
[   21.618789] 
[   21.618789] GPR00: c00ad4e0 dfff7d60 d85924c0 000000a8 00000102 00000101 000000fe 5d205b6d 
[   21.618789] GPR08: 00000007 00000000 00000000 000000fe 22008864 100581b4 dfff7f1c de019508 
[   21.618789] GPR16: 00000000 de019000 00000001 c0a67f00 00000004 c0b44018 c0a31fc4 c0b43bdc 
[   21.618789] GPR24: 00009032 c0dadedc c0db0000 c0da999c c0b43bdc c0c0b178 dfff7de0 de076ce8 
[   21.620219] NIP [c00ad4e0] check_unmap+0x1b0/0xd10
[   21.620478] LR [c00ad4e0] check_unmap+0x1b0/0xd10
[   21.620703] Call Trace:
[   21.620963] [dfff7d60] [c00ad4e0] check_unmap+0x1b0/0xd10 (unreliable)
[   21.621379] [dfff7dd0] [c00ae128] debug_dma_unmap_page+0xe8/0x120
[   21.621656] [dfff7e40] [c05a865c] gem_poll+0x1000/0x18fc
[   21.621863] [dfff7f00] [c071f044] net_rx_action+0x1b8/0x41c
[   21.622242] [dfff7f80] [c08a287c] __do_softirq+0x17c/0x3b0
[   21.622495] [dfff7ff0] [c0011378] call_do_softirq+0x24/0x3c
[   21.622697] [d86c9c20] [c000724c] do_softirq_own_stack+0x3c/0x7c
[   21.623008] [d86c9c40] [c004e800] do_softirq.part.1+0x64/0x7c
[   21.623292] [d86c9c60] [c004e8d4] __local_bh_enable_ip+0xbc/0x138
[   21.623526] [d86c9c80] [c071c9b4] __dev_queue_xmit+0x28c/0x874
[   21.623776] [d86c9cf0] [c083ebe8] packet_snd+0x4f8/0x988
[   21.624057] [d86c9d80] [c06eddb8] sock_sendmsg+0x20/0x40
[   21.624410] [d86c9d90] [c06ede94] sock_write_iter+0xbc/0x138
[   21.624636] [d86c9df0] [c018f50c] do_iter_readv_writev+0x1dc/0x1f4
[   21.624872] [d86c9e40] [c01925a8] do_iter_write+0xb4/0x350
[   21.625143] [d86c9e80] [c01928f4] vfs_writev+0x88/0x140
[   21.625446] [d86c9f00] [c0192a1c] do_writev+0x70/0x104
[   21.625621] [d86c9f40] [c001912c] ret_from_syscall+0x0/0x38
[   21.626001] --- interrupt: c01 at 0xfedbd08
[   21.626001]     LR = 0xffbc1f8
[   21.626357] Instruction dump:
[   21.626719] 7eb5ba14 7e95a214 2b940014 419d0970 92c10008 7efcba14 3c60c0a1 7e649b78 
[   21.627152] 38637cac 80d7043c 90c1000c 4bf9d36d <0fe00000> 8261003c 82810040 82a10044 
[   21.627665] ---[ end trace fd53714bd2a5fd06 ]---

After some pr_info, I found that the function triggering this is the pci_unmap_page() in gem_tx().
So clearly this WARNING() is strange since it says "unmapped as single".

The qemu is ran with:
qemu-system-ppc -machine mac99,via=pmu -nographic -net nic,model=sungem,macaddr=52:54:00:12:34:58 -net tap -m 512 -monitor none -append "console=ttyPZ0 root=/dev/ram0" -kernel vmlinux -initrd rootfs.cpio.gz -drive format=qcow2,file=lava-guest.qcow2,media=disk,id=test,if=ide

Regards

next             reply	other threads:[~2018-12-23 19:38 UTC|newest]

Thread overview: 4+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2018-12-23 19:38 Corentin Labbe [this message]
2018-12-24 22:39 ` [BUG] net: sungem: device driver frees DMA memory with wrong function David Miller
2018-12-28  8:36 ` Christoph Hellwig
2019-01-02 10:31   ` Corentin Labbe

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20181223193821.GA24922@Red \
    --to=clabbe.montjoie@gmail.com \
    --cc=davem@davemloft.net \
    --cc=linux-kernel@vger.kernel.org \
    --cc=netdev@vger.kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.