Re: atl1 64-bit => 32-bit DMA borkage (reproducible, bisected)

Previous message: [thread] [date] [author]
Next message: [thread] [date] [author]

To: Alexey Dobriyan <adobriyan@...>

Cc: Chris Snook <csnook@...>, Luca Tettamanti <kronos.it@...>, Jeff Garzik <jeff@...>, Andrew Morton <akpm@...>, <linux-kernel@...>, <netdev@...>

Subject: Re: atl1 64-bit => 32-bit DMA borkage (reproducible, bisected)

Date: Friday, May 9, 2008 - 3:38 pm

[trimmed cc list slightly]

On Sat, 10 May 2008 00:07:15 +0400
Alexey Dobriyan <adobriyan@gmail.com> wrote:

quoted text> On Fri, May 09, 2008 at 02:56:21PM -0400, Chris Snook wrote:
> > Alexey Dobriyan wrote:
> >> Hmmm, there was a wonderful oops on interface stop here when the
> >> other end of atl1 cable was physically unplugged (but there was
> >> traffic before): atl1_down
> >> 	atl1_clean_rx_ring
> >> 	swiotlb_unmap_single
> >> 	swiotlb_unmap_single_attrs
> >> 	memcpy_c
> >
> > Intel chip, or AMD?
> 
> Intel(R) Core(TM)2 CPU          6400  @ 2.13GHz
> Asus P5B-E motherboard.
> 

I see the same thing with a Socked AM2-based board (Asus M2V) with 4GB
RAM installed. The problem occurs only when SWIOTLB is active, which
happens automatically at boot (in arch/x86/kernel/pci-swiotlb.c) when
the page frame number exceeds 1048576 (corresponding to 2^32 bytes).

I thought for awhile that the problem went away with iommu=allowed, but
I was wrong.

The bug appears to be a "simple" skb write-after-free that happens only
when bounce buffers are in use, but I'll be damned if I can find the
cause of it.

<continues looking>

=============================================================================
BUG kmalloc-2048: Poison overwritten
-----------------------------------------------------------------------------

INFO: 0xffff81010004297a-0xffff810100042f71. First byte 0x0 instead of 0x6b
INFO: Allocated in dev_alloc_skb+0x16/0x2c age=5813 cpu=0 pid=3029
INFO: Freed in skb_release_data+0xa8/0xad age=201 cpu=0 pid=0
INFO: Slab 0xffffe20005801600 objects=15 used=0 fp=0xffff810100045b18 flags=0x8000000000002082
INFO: Object 0xffff810100042968 @offset=10600 fp=0xffff8101000418d8

Bytes b4 0xffff810100042958:  aa 91 fd ff 00 00 00 00 5a 5a 5a 5a 5a 5a 5a 5a �.��....ZZZZZZZZ
  Object 0xffff810100042968:  6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk
  Object 0xffff810100042978:  6b 6b 00 17 31 4e 9d 41 00 0f db bc af 14 08 00 kk..1N.A..ۼ�...
  Object 0xffff810100042988:  45 00 00 4e 87 5e 00 00 40 11 6e 82 c0 a8 01 fe E..N.^..@.n.�������.�
  Object 0xffff810100042998:  c0 a8 01 70 00 89 00 89 00 3a 3b 67 00 09 00 00 ��.p.....:;g....
  Object 0xffff8101000429a8:  00 01 00 00 00 00 00 00 20 43 4b 41 41 41 41 41 .........CKAAAAA
  Object 0xffff8101000429b8:  41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 AAAAAAAAAAAAAAAA
  Object 0xffff8101000429c8:  41 41 41 41 41 41 41 41 41 00 00 21 00 01 f0 53 AAAAAAAAA..!..
  Object 0xffff8101000429d8:  56 17 df 3e 3b 9f b7 1f 2d 29 f0 68 cf 4d 61 97 V.�>;.�.-)�h�Ma.
 Redzone 0xffff810100043168:  bb bb bb bb bb bb bb bb                         �

Previous message: [thread] [date] [author]
Next message: [thread] [date] [author]

Messages in current thread:

2.6.25-rc8-mm2, Andrew Morton, (Thu Apr 10, 11:33 pm)

BUG at __dentry_open [Was: 2.6.25-rc8-mm2], Jiri Slaby, (Mon Apr 14, 4:07 am)

2.6.25-rc8-mm2 - CONFIG_PROFILE_LIKELY broke again..., , (Sat Apr 12, 4:52 am)

2.6.25-rc8-mm2, , (Sat Apr 12, 5:41 am)

2.6.25-rc8-mm2: IP: [<ffffffff802868f9>] __kmalloc+0x69/0x110, Alexey Dobriyan, (Sun Apr 13, 4:44 pm)

Re: 2.6.25-rc8-mm2: IP: [<ffffffff802868f9>] __kmalloc..., Pekka J Enberg, (Mon Apr 14, 5:51 am)

Re: 2.6.25-rc8-mm2: IP: [<ffffffff802868f9>] __kmalloc..., Pekka Enberg, (Mon Apr 14, 12:01 pm)

Re: 2.6.25-rc8-mm2: IP: [<ffffffff802868f9>] __kmalloc..., Christoph Lameter, (Mon Apr 14, 1:53 pm)

Re: 2.6.25-rc8-mm2: IP: [<ffffffff802868f9>] __kmalloc..., Christoph Lameter, (Mon Apr 14, 1:57 pm)

Re: 2.6.25-rc8-mm2: IP: [<ffffffff802868f9>] __kmalloc..., Alexey Dobriyan, (Mon Apr 14, 2:32 pm)

2.6.25-rc8-mm2: FIX kmalloc-2048 (was Re: 2.6.25-rc8-mm2: IP..., Alexey Dobriyan, (Mon Apr 14, 3:56 pm)

Re: 2.6.25-rc8-mm2: FIX kmalloc-2048 (was Re: 2.6.25-rc8-mm2..., Christoph Lameter, (Mon Apr 14, 4:05 pm)

Re: 2.6.25-rc8-mm2: FIX kmalloc-2048 (was Re: 2.6.25-rc8-mm2..., Alexey Dobriyan, (Sat Apr 19, 7:17 am)

atl1 64-bit => 32-bit DMA borkage (reproducible, bisected), Alexey Dobriyan, (Sat Apr 19, 10:45 am)

Re: atl1 64-bit => 32-bit DMA borkage (reproducible, bisected), Jay Cliburn, (Sat Apr 19, 10:54 pm)

Re: atl1 64-bit => 32-bit DMA borkage (reproducible, bisected), Alexey Dobriyan, (Sun Apr 20, 7:14 am)

Re: atl1 64-bit => 32-bit DMA borkage (reproducible, bisected), Jay Cliburn, (Sun Apr 20, 7:06 am)

Re: atl1 64-bit => 32-bit DMA borkage (reproducible, bisected), Alexey Dobriyan, (Sun Apr 20, 8:26 am)

Re: atl1 64-bit => 32-bit DMA borkage (reproducible, bisected), Jay Cliburn, (Sun Apr 20, 2:37 pm)

Re: atl1 64-bit => 32-bit DMA borkage (reproducible, bisected), Alexey Dobriyan, (Sun Apr 20, 4:55 pm)

Re: atl1 64-bit => 32-bit DMA borkage (reproducible, bisected), Chris Snook, (Mon Apr 21, 2:42 pm)

Re: atl1 64-bit => 32-bit DMA borkage (reproducible, bisected), Alexey Dobriyan, (Mon Apr 21, 3:56 pm)

Re: atl1 64-bit => 32-bit DMA borkage (reproducible, bisected), Jay Cliburn, (Mon Apr 21, 10:08 pm)

Re: atl1 64-bit => 32-bit DMA borkage (reproducible, bisected), Jay Cliburn, (Fri Apr 25, 8:57 pm)

Re: atl1 64-bit => 32-bit DMA borkage (reproducible, bisected), Alexey Dobriyan, (Sun May 4, 5:15 pm)

Re: atl1 64-bit => 32-bit DMA borkage (reproducible, bisected), Jay Cliburn, (Tue May 6, 12:02 pm)

Re: atl1 64-bit => 32-bit DMA borkage (reproducible, bisected), Alexey Dobriyan, (Fri May 9, 3:51 pm)

Re: atl1 64-bit => 32-bit DMA borkage (reproducible, bisected), Chris Snook, (Fri May 9, 2:56 pm)

Re: atl1 64-bit => 32-bit DMA borkage (reproducible, bisected), Alexey Dobriyan, (Fri May 9, 4:07 pm)

Re: atl1 64-bit => 32-bit DMA borkage (reproducible, bisected), Jay Cliburn, (Fri May 9, 3:38 pm)

[PATCH] Re: atl1 64-bit => 32-bit DMA borkage (reproducib..., Alexey Dobriyan, (Sat May 10, 3:31 pm)

Re: [PATCH] Re: atl1 64-bit => 32-bit DMA borkage (reprod..., Jay Cliburn, (Sat May 10, 9:58 pm)

Re: atl1 64-bit => 32-bit DMA borkage (reproducible, bisected), Jay Cliburn, (Sun May 4, 8:31 pm)

Re: atl1 64-bit => 32-bit DMA borkage (reproducible, bisected), Jay Cliburn, (Sun May 4, 8:34 pm)

Re: atl1 64-bit => 32-bit DMA borkage (reproducible, bisected), Alexey Dobriyan, (Mon Apr 28, 2:42 am)

Re: atl1 64-bit => 32-bit DMA borkage (reproducible, bisected), Alexey Dobriyan, (Tue Apr 22, 3:02 pm)

Re: 2.6.25-rc8-mm2: IP: [<ffffffff802868f9>] __kmalloc..., Andrew Morton, (Sun Apr 13, 4:53 pm)

Re: 2.6.25-rc8-mm2: IP: [<ffffffff802868f9>] __kmalloc..., Christoph Lameter, (Mon Apr 14, 2:00 pm)

Re: 2.6.25-rc8-mm2: IP: [<ffffffff802868f9>] __kmalloc..., Pekka Enberg, (Mon Apr 14, 12:18 pm)

2.6.25-rc8-mm2: panic involving mount_block_root and down th..., Alexey Dobriyan, (Fri Apr 11, 7:43 pm)

Re: 2.6.25-rc8-mm2: CONFIG_ATA_SFF: panic involving mount_bl..., Alexey Dobriyan, (Fri Apr 11, 8:59 pm)

Re: 2.6.25-rc8-mm2: CONFIG_ATA_SFF: panic involving mount_bl..., Adrian Bunk, (Sat Apr 12, 2:52 am)

Re: 2.6.25-rc8-mm2: CONFIG_ATA_SFF: panic involving mount_bl..., Jeff Garzik, (Sat Apr 12, 6:02 am)

Re: 2.6.25-rc8-mm2: CONFIG_ATA_SFF: panic involving mount_bl..., Tejun Heo, (Sat Apr 12, 8:45 pm)

[mm patch] select ATA_SFF, Adrian Bunk, (Sat Apr 12, 8:51 pm)

Re: 2.6.25-rc8-mm2, KAMEZAWA Hiroyuki, (Fri Apr 11, 5:57 am)

Re: 2.6.25-rc8-mm2, KAMEZAWA Hiroyuki, (Fri Apr 11, 6:23 am)

Re: 2.6.25-rc8-mm2, Pekka Enberg, (Fri Apr 11, 6:34 am)

Re: 2.6.25-rc8-mm2, KAMEZAWA Hiroyuki, (Fri Apr 11, 6:57 am)

Re: 2.6.25-rc8-mm2, KAMEZAWA Hiroyuki, (Fri Apr 11, 7:17 am)

Re: 2.6.25-rc8-mm2, KAMEZAWA Hiroyuki, (Fri Apr 11, 9:17 am)

Re: 2.6.25-rc8-mm2, Pekka Enberg, (Fri Apr 11, 10:24 am)

Re: 2.6.25-rc8-mm2, KAMEZAWA Hiroyuki, (Sun Apr 13, 11:13 pm)

Re: 2.6.25-rc8-mm2, Adrian Bunk, (Fri Apr 11, 9:40 am)

Re: 2.6.25-rc8-mm2, Andrew Morton, (Sat Apr 12, 12:22 am)

Re: 2.6.25-rc8-mm2, Aneesh Kumar K.V, (Sat Apr 12, 2:43 pm)

Re: 2.6.25-rc8-mm2, Michael Schmitz, (Sun Apr 13, 3:45 am)

Re: 2.6.25-rc8-mm2, Geert Uytterhoeven, (Sun Apr 13, 4:11 am)

2.6.25-rc8-mm2: boot hang after "ACPI: using IOAPIC for inte..., Alexey Dobriyan, (Fri Apr 11, 2:29 am)

Re: 2.6.25-rc8-mm2: boot hang after "ACPI: using IOAPIC for ..., Pekka Enberg, (Fri Apr 11, 2:43 am)

Re: 2.6.25-rc8-mm2: boot hang after "ACPI: using IOAPIC for ..., Pekka Enberg, (Fri Apr 11, 6:35 am)

Re: 2.6.25-rc8-mm2: boot hang after "ACPI: using IOAPIC for ..., Alexey Dobriyan, (Fri Apr 11, 5:07 pm)

Re: 2.6.25-rc8-mm2: boot hang after "ACPI: using IOAPIC for ..., Pekka J Enberg, (Fri Apr 11, 5:25 pm)

Re: 2.6.25-rc8-mm2: boot hang after "ACPI: using IOAPIC for ..., Alexey Dobriyan, (Fri Apr 11, 7:09 pm)

2.6.25-rc8-mm2: boot hang after "ACPI: using IOAPIC for inte..., Alexey Dobriyan, (Fri Apr 11, 2:28 am)

Re: 2.6.25-rc8-mm2, , (Sat Apr 12, 1:53 am)

Re: 2.6.25-rc8-mm2, Andrew Morton, (Sat Apr 12, 2:07 am)

Re: 2.6.25-rc8-mm2: Observed problems: Not a detailed bug re..., Zan Lynx, (Tue Apr 15, 1:00 pm)

Re: 2.6.25-rc8-mm2: Observed problems: Not a detailed bug re..., Andrew Morton, (Tue Apr 15, 2:42 pm)

Re: 2.6.25-rc8-mm2: Observed problems: Not a detailed bug re..., Rafael J. Wysocki, (Tue Apr 15, 4:12 pm)

2.6.25-rc8-mm2 - ftraced chews 100% of a CPU, , (Sat Apr 12, 6:47 am)


linux-kernel:

Greg Kroah-Hartman	[PATCH 004/196] Chinese: add translation of SubmittingPatches
James Bottomley	Re: Announce: Linux-next (Or Andrew's dream :-))
David Miller	[GIT]: Networking
linux-netdev:
Antonio Almeida	HTB accuracy for high speed
Ingo Molnar	iwlwifi: fix build bug in "iwlwifi: fix LED stall"
David Miller	Re: [PATCH] pkt_sched: Destroy gen estimators under rtnl_lock().
Avi Kivity	Re: [RFC PATCH 14/17] kvm: add a reset capability
git:

openbsd-misc:

Re: atl1 64-bit => 32-bit DMA borkage (reproducible, bisected)

Online users