Bug 14624 - ath9k: BUG kmalloc-8192: Poison overwritten
Summary: ath9k: BUG kmalloc-8192: Poison overwritten
Alias: None
Product: Drivers
Classification: Unclassified
Component: network-wireless (show other bugs)
Hardware: All Linux
: P1 normal
Assignee: Atheros developers
Depends on:
Blocks: 14230
  Show dependency tree
Reported: 2009-11-16 21:57 UTC by Rafael J. Wysocki
Modified: 2010-10-31 18:11 UTC (History)
6 users (show)

See Also:
Kernel Version: 2.6.32-rc6-git4
Regression: Yes
Bisected commit-id:

2.6.33-rc2-git3 -- Recurrence of this problem (28.44 KB, text/plain)
2010-01-01 05:56 UTC, Miles Lane
The .config file for this build (77.72 KB, text/plain)
2010-01-01 05:58 UTC, Miles Lane
2.6.34-rc5 problem log (40.01 KB, application/octet-stream)
2010-04-24 03:27 UTC, Jongman Heo

Description Rafael J. Wysocki 2009-11-16 21:57:11 UTC
Subject    : 2.6.32-rc6-git4 -- BUG kmalloc-8192: Poison overwritten - INFO: Allocated in ath_rxbuf_alloc+0x1c/0x70 [ath] age=526999 cpu=1 pid=1275
Submitter  : Miles Lane <miles.lane@gmail.com>
Date       : 2009-11-12 4:58
References : http://marc.info/?l=linux-kernel&m=125800196520396&w=4
Notify-Also : "Luis R. Rodriguez" <mcgrof@gmail.com>

This entry is being used for tracking a regression from 2.6.31.  Please don't
close it until the problem is fixed in the mainline.
Comment 1 Luis Chamberlain 2009-11-16 23:34:00 UTC
Asked user to see if he could test wireless-testing + some patches.
Comment 2 Luis Chamberlain 2009-11-19 23:21:02 UTC
Patches supplied, waiting on user.
Comment 3 Miles Lane 2010-01-01 05:56:31 UTC
Created attachment 24393 [details]
2.6.33-rc2-git3 -- Recurrence of this problem
Comment 4 Miles Lane 2010-01-01 05:58:43 UTC
Created attachment 24394 [details]
The .config file for this build
Comment 5 John W. Linville 2010-02-08 15:48:08 UTC
User reports that this problem persists as of 2.6.33-rc2-git3.  I'm guessing that would equate to the testing Luis requested in comment 1?

The message thread linked in the description ended with the following:

>> How can you trigger it?
>I will do my best to determine that and get back to you.

Did we get that determination?  Can we record it here?
Comment 6 Jongman Heo 2010-04-24 03:27:32 UTC
Created attachment 26116 [details]
2.6.34-rc5 problem log

I also hit this bug in current latest linus's git(2.6.34-rc5+).

seems it's not easy to reproduce. 

Anyway, is there a patch (either fixing this bug or put debug log) I can try?
Comment 7 Felix Fietkau 2010-04-24 03:34:04 UTC
I just realized that one of my patches that's a part of the AR9300 support patch series might have an effect on this bug, maybe it could even fix it.
Please test a recent version of wireless-testing, because the change is not in 2.6.34-rc5 yet.
Comment 8 Luis Chamberlain 2010-05-14 05:14:05 UTC
Felix what patch did you have in mind?
Comment 9 Felix Fietkau 2010-05-14 07:28:20 UTC
As part of the EDMA changes, I changed an existing dma_sync_single_for_cpu() line into dma_sync_single_for_device().
In other tests, I sometimes saw weird memory corruption issues when the cache wasn't properly synced, so maybe this change would help on x86 under some circumstances as well.
Comment 10 Florian Mickler 2010-10-07 19:29:38 UTC
Did this get fixed?
Comment 11 Luis Chamberlain 2010-10-07 21:40:52 UTC
No, but we had no intstructions to reproduce. We finally got someone who might have instructions to reproduce and I am looking at it now:

Comment 12 Florian Mickler 2010-10-07 22:55:30 UTC
seems like fun :)
Comment 13 Florian Mickler 2010-10-26 08:47:10 UTC
Patch series that fixes this issue:

References: http://www.spinics.net/lists/linux-wireless/msg57852.html
Comment 14 Florian Mickler 2010-10-31 18:11:16 UTC
fixed by mainline commits (marked for stable):
commit 5e848f789d60000d39d9a5f26ab02dbdd963f6cd
commit b79b33c4baf2532aac2c0924dce5a738099b888c
commit 7583c550c3e635dcc61ab127c36ecefd59fb8dc8
commit 1e450285281bdf766272c181ecd43d4f2f0711ce

Note You need to log in before you can comment on or make changes to this bug.