[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <52AAC250.7080208@rosalab.ru>
Date: Fri, 13 Dec 2013 12:16:16 +0400
From: Eugene Shatokhin <eugene.shatokhin@...alab.ru>
To: Alan Stern <stern@...land.harvard.edu>
CC: Greg Kroah-Hartman <gregkh@...uxfoundation.org>,
linux-usb@...r.kernel.org, LKML <linux-kernel@...r.kernel.org>
Subject: Re: uhci_hcd: Possible corruption of DMA pool uhci->td_pool
On 12/11/2013 08:41 PM, Alan Stern wrote:
> On Wed, 11 Dec 2013, Eugene Shatokhin wrote:
>
>> Hi,
>>
>> On ROSA Linux with kernel 3.10.21 with DMA debug options enabled, the
>> kernel sometimes issues a warning about DMA pool corruption (see the log
>> below).
>>
>> That happens sometimes, when the system boots or resumes from
>> hibernation with Samson C01U USB microphone attached.
>>
>> The affected DMA pool is 'uhci->td_pool', uhci_alloc_td() from
>> drivers/usb/host/uhci-hcd.c makes the relevant dma_pool_alloc() calls.
>>
>> Any ideas about how to find what causes this and how to fix it?
>
> This is not an easy sort of thing to track down...
>
>> Here is the relevant part of the system log:
>> ----------------------------
>> [ 22.264332] usb 2-1: new full-speed USB device number 2 using uhci_hcd
>> [ 22.450609] usb 2-1: New USB device found, idVendor=17a0, idProduct=0001
>> [ 22.450626] usb 2-1: New USB device strings: Mfr=1, Product=2,
>> SerialNumber=0
>> [ 22.450639] usb 2-1: Product: Samson C01U
>> [ 22.450649] usb 2-1: Manufacturer: Samson Technologies
>> <...>
>> [ 280.703483] retire_capture_urb: 4494 callbacks suppressed
>> [ 284.961087] uhci_hcd 0000:00:1d.1: dma_pool_alloc uhci_td, efb7b060
>> (corruped)
>> [ 284.961087] 00000000: 00 06 00 00 af 00 00 03 a7 a7 a7 a7 a7 a7 a7 a7
>> ................
>> [ 284.961087] 00000010: a7 a7 a7 a7 a7 a7 a7 a7 a7 a7 a7 a7 a7 a7 a7 a7
>> ................
>> [ 284.961087] 00000020: a7 a7 a7 a7 a7 a7 a7 a7 a7 a7 a7 a7 a7 a7 a7 a7
>> ................
>> [ 284.961087] retire_capture_urb: 4343 callbacks suppressed
>> [ 284.961087] uhci_hcd 0000:00:1d.1: dma_pool_alloc uhci_td, efb7b5d0
>> (corruped)
>> [ 284.961087] 00000000: 00 06 00 00 af 00 00 03 a7 a7 a7 a7 a7 a7 a7 a7
>> ................
>> [ 284.961087] 00000010: a7 a7 a7 a7 a7 a7 a7 a7 a7 a7 a7 a7 a7 a7 a7 a7
>> ................
>> [ 284.961087] 00000020: a7 a7 a7 a7 a7 a7 a7 a7 a7 a7 a7 a7 a7 a7 a7 a7
>> ................
>> [ 284.961087] cannot submit urb (err = -27)
>> [ 284.961087] cannot submit urb (err = -27)
>> [ 284.961087] cannot submit urb (err = -27)
>> [ 284.961087] cannot submit urb (err = -27)
>> [ 284.961087] cannot submit urb (err = -27)
>> [ 284.961087] cannot submit urb (err = -27)
>> [ 284.961087] cannot submit urb (err = -27)
>> [ 284.961087] cannot submit urb (err = -27)
>> ----------------------------
>>
>> 0xa7 is POOL_POISON_FREED. The memory pages to be allocated from the
>> pool should be filled with such bytes.
>>
>> Each time I observed this problem, the first 8 bytes of the listed
>> memory area were overwritten, with different data each time.
>
> It kind of looks like a hardware bug. Still, it's hard to say.
>
> Can you test the current 3.13-rc kernel? There have been a few recent
> changes in this area that might have an effect.
>
I tested 3.13-rc3 - the problem has not shown up so far.
Regards,
Eugene
--
Eugene Shatokhin, ROSA Laboratory.
www.rosalab.com
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists