From: Jiri Slaby <jirislaby@gmail.com>
To: Sitsofe Wheeler <sitsofe@yahoo.com>
Cc: linux-kernel@vger.kernel.org, linux-wireless@vger.kernel.org,
ath5k-devel@venema.h4ckr.net,
Nick Kossifidis <mickflemm@gmail.com>,
"Luis R. Rodriguez" <lrodriguez@atheros.com>,
Bob Copeland <me@bob>
Subject: Re: [TIP] BUG kmalloc-4096: Poison overwritten (ath5k_rx_skb_alloc)
Date: Sun, 22 Feb 2009 13:01:21 +0100 [thread overview]
Message-ID: <49A13E91.1090601@gmail.com> (raw)
In-Reply-To: <20090222111807.GB5538@silver.sucs.org>
On 22.2.2009 12:18, Sitsofe Wheeler wrote:
> While testing a linux-tip from yesterday, a
> BUG kmalloc-4096: Poison overwritten
> warning appeared inside dmesg. I'm not aware of what I was doing othe=
r
> that browsing a few web pages and using ssh in the lead up to it. Out=
put
> is attached below:
>
> [ 3666.410818] ath5k phy0: unsupported jumbo
> [ 4432.305651] ath5k phy0: unsupported jumbo
> [ 4466.022644] totem[4664]: segfault at 5bf7b980 ip b5b39cbb sp b0d5f=
130 error 6 in libpulse.so.0.4.1[b5afb000+4d000]
> [ 4617.353923] totem[5189]: segfault at 4c7a2ee0 ip b59bfdca sp b1c12=
ec0 error 6 in libpulse.so.0.4.1[b5981000+4d000]
> [ 7412.846146] =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
> [ 7412.846159] BUG kmalloc-4096: Poison overwritten
> [ 7412.846163] ------------------------------------------------------=
-----------------------
> [ 7412.846166]
> [ 7412.846172] INFO: 0xf6438010-0xf6438053. First byte 0x80 instead o=
f 0x6b
> [ 7412.846188] INFO: Allocated in dev_alloc_skb+0x21/0x40 age=3D629 c=
pu=3D0 pid=3D0
> [ 7412.846197] INFO: Freed in skb_release_data+0x5e/0x90 age=3D21 cpu=
=3D0 pid=3D0
> [ 7412.846204] INFO: Slab 0xc17a27e0 objects=3D7 used=3D5 fp=3D0xf643=
8000 flags=3D0x400020c3
> [ 7412.846210] INFO: Object 0xf6438000 @offset=3D0 fp=3D0xf643a060
> [ 7412.846212]
> [ 7412.846216] Object 0xf6438000: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b=
6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk
> [ 7412.846245] Object 0xf6438010: 80 00 00 00 ff ff ff ff ff ff 00=
30 ab 1a 32 3f ....=FF=FF=FF=FF=FF=FF.0=AB.2?
Hmm, beacon written after the memory was freed.
> [ 7412.846273] Object 0xf6438020: 00 30 ab 1a 32 3f e0 24 59 62 25=
b5 01 00 00 00 .0=AB.2?=E0$Yb%=B5....
> [ 7412.846301] Object 0xf6438030: 64 00 31 00 00 08 57 69 72 65 6c=
65 73 73 01 04 d.1...Wireless..
> [ 7412.846329] Object 0xf6438040: 82 84 8b 96 03 01 06 05 04 01 02=
00 00 55 fa af .............U=FA=AF
> [ 7412.846357] Object 0xf6438050: 5d 55 fa 5d 6b 6b 6b 6b 6b 6b 6b=
6b 6b 6b 6b 6b ]U=FA]kkkkkkkkkkkk
> [ 7412.846385] Object 0xf6438060: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b=
6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk
=2E..
The unsupported jumbo message might be a clue. When we jump to the next=
:=20
label, the buffer is at the end of the list in software, while in=20
hardware it isn't. In theory, we might hit the bug with rx buffers=20
exhaustion, because the test (bf_last =3D=3D bf) doesn't work as expect=
ed then.
--
To unsubscribe from this list: send the line "unsubscribe linux-wireles=
s" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
next prev parent reply other threads:[~2009-02-22 12:01 UTC|newest]
Thread overview: 66+ messages / expand[flat|nested] mbox.gz Atom feed top
2009-02-22 11:18 [TIP] BUG kmalloc-4096: Poison overwritten (ath5k_rx_skb_alloc) Sitsofe Wheeler
2009-02-22 12:01 ` Jiri Slaby [this message]
2009-02-22 12:20 ` Sitsofe Wheeler
2009-02-22 12:47 ` Jiri Slaby
2009-02-22 14:47 ` Frederic Weisbecker
2009-02-22 17:02 ` Sitsofe Wheeler
2009-02-22 17:10 ` Frederic Weisbecker
2009-02-22 19:27 ` Jiri Slaby
2009-02-22 19:42 ` Frederic Weisbecker
2009-02-22 20:18 ` Sitsofe Wheeler
2009-02-22 20:27 ` Jiri Slaby
2009-02-22 20:30 ` Frederic Weisbecker
2009-02-22 21:56 ` Jiri Slaby
2009-02-22 22:21 ` Sitsofe Wheeler
2009-02-22 23:20 ` Jiri Slaby
2009-02-23 15:35 ` Bob Copeland
2009-02-23 16:03 ` Nick Kossifidis
2009-02-23 16:15 ` Nick Kossifidis
2009-02-23 16:21 ` Bob Copeland
2009-02-23 16:27 ` Nick Kossifidis
2009-02-23 16:30 ` Bob Copeland
2009-02-23 16:41 ` Nick Kossifidis
2009-02-23 16:44 ` Bob Copeland
2009-02-23 16:16 ` pat-lkml
2009-02-23 16:20 ` Nick Kossifidis
2009-02-23 22:22 ` Jiri Slaby
2009-02-23 22:43 ` Jiri Slaby
2009-02-23 23:08 ` Nick Kossifidis
2009-02-24 13:58 ` Bob Copeland
2009-02-24 21:47 ` Jiri Slaby
2009-02-25 14:01 ` Sitsofe Wheeler
2009-02-26 1:06 ` Bob Copeland
2009-02-26 20:53 ` Jiri Slaby
2009-02-26 21:05 ` Bob Copeland
2009-02-26 13:59 ` Bob Copeland
2009-02-26 17:03 ` Sitsofe Wheeler
2009-03-02 17:34 ` [ath5k-devel] " Bob Copeland
2009-03-03 4:12 ` Bob Copeland
2009-03-03 20:03 ` Sitsofe Wheeler
2009-03-04 12:07 ` Bob Copeland
2009-03-06 9:42 ` Sitsofe Wheeler
2009-03-07 4:47 ` Bob Copeland
2009-03-07 8:04 ` Sitsofe Wheeler
2009-03-07 13:34 ` Bob Copeland
2009-03-08 3:09 ` Bob Copeland
2009-03-08 9:28 ` Jiri Slaby
2009-03-08 16:10 ` Bob Copeland
2009-03-10 0:43 ` Bob Copeland
2009-03-10 8:19 ` Sitsofe Wheeler
2009-03-12 6:10 ` Sitsofe Wheeler
2009-03-13 9:52 ` Sitsofe Wheeler
2009-03-13 12:28 ` Bob Copeland
2009-03-20 13:14 ` Bob Copeland
2009-03-29 14:24 ` Sitsofe Wheeler
2009-03-29 15:14 ` Bob Copeland
2009-03-31 8:30 ` Sitsofe Wheeler
2009-05-13 21:44 ` Sitsofe Wheeler
2009-05-15 4:09 ` Bob Copeland
2009-05-18 10:05 ` Sitsofe Wheeler
2009-05-22 9:39 ` Sitsofe Wheeler
2009-05-22 12:06 ` Bob Copeland
2009-05-26 21:10 ` Sitsofe Wheeler
2009-06-28 20:23 ` Sitsofe Wheeler
2009-07-14 2:24 ` Bob Copeland
2009-02-26 1:11 ` Bob Copeland
2009-02-22 20:17 ` Bob Copeland
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=49A13E91.1090601@gmail.com \
--to=jirislaby@gmail.com \
--cc=ath5k-devel@venema.h4ckr.net \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-wireless@vger.kernel.org \
--cc=lrodriguez@atheros.com \
--cc=me@bob \
--cc=mickflemm@gmail.com \
--cc=sitsofe@yahoo.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).