Re: [madwifi-tickets] [madwifi.org] #1856: ath5k kmalloc poison overwritten

madwifi.org Sun, 30 Mar 2008 21:05:25 -0700

#1856: ath5k kmalloc poison overwritten
---------------------------------------+------------------------------------
      Reporter:  [EMAIL PROTECTED]  |       Owner:       
          Type:  defect                |      Status:  new  
      Priority:  major                 |   Milestone:       
     Component:  ath5k                 |     Version:  trunk
    Resolution:                        |    Keywords:       
Patch_attached:  0                     |  
---------------------------------------+------------------------------------
Old description:


> Hi
>
> I got a kmalloc poison warning (well zillions of them) from what appears
> to be ath5k allocated memory while copying about a Gig of data using the
> ath5k driver on a AR2413 chip with WEP.
>
> This may not be hugely helpful since it's from fedora rawhide's
> 2.6.25-0.139.rc6.git5.fc9 kernel but I think that is reasonably good at
> tracking current wireless development so I have chosen "trunk" under
> version. You can probably check the exact source for that kernel in koji
> (the fedora buildsystem) as it's probably been replaced on the mirrors
> already with a newer version...
>
> Here's the info from /var/log/messages.
>
> Mar 31 08:04:05 sahara kernel:
> =============================================================================
> Mar 31 08:04:05 sahara kernel: BUG kmalloc-4096 (Not tainted): Poison
> overwritten
> Mar 31 08:04:05 sahara kernel:
> -----------------------------------------------------------------------------
> Mar 31 08:04:05 sahara kernel:
> Mar 31 08:04:05 sahara kernel: INFO: 0xc534d100-0xc534d3db. First byte
> 0x8 instead of 0x6b
> Mar 31 08:04:05 sahara kernel: INFO: Allocated in
> ath5k_rxbuf_setup+0x41/0x16a [ath5k] age=7156 cpu=0 pid=2450
> Mar 31 08:04:05 sahara kernel: INFO: Freed in skb_release_data+0x8e/0x92
> age=7104 cpu=0 pid=2450
> Mar 31 08:04:05 sahara kernel: INFO: Slab 0xc11237c0 used=2 fp=0xc534d0f0
> flags=0x400040c3
> Mar 31 08:04:05 sahara kernel: INFO: Object 0xc534d0f0 @offset=20720
> fp=0xc5349030
> Mar 31 08:04:05 sahara kernel:
> Mar 31 08:04:05 sahara kernel: Bytes b4 0xc534d0e0:  92 09 00 00 73 60 0a
> 00 5a 5a 5a 5a 5a 5a 5a 5a ....s`..ZZZZZZZZ
> Mar 31 08:04:05 sahara kernel:   Object 0xc534d0f0:  6b 6b 6b 6b 6b 6b 6b
> 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk
> Mar 31 08:04:05 sahara kernel:   Object 0xc534d100:  08 42 2c 00 00 16 ce
> 0d 79 41 00 12 0e 0a 2a 5e .B,...<CE>.yA....*^
> Mar 31 08:04:05 sahara kernel:   Object 0xc534d110:  00 e0 98 d6 04 2c a0
> 1d e0 4a 4c 00 c5 17 04 b0 .<E0>.<D6>.,..<E0>JL.
> <C5>..<B0>
> Mar 31 08:04:05 sahara kernel:   Object 0xc534d120:  2f 88 28 bd 96 b0 f0
> c5 8d dd 89 81 e6 8e 57 ce /.(<BD>.<B0><F0><C5>.
> <DD>..<E6>.W<CE>
> Mar 31 08:04:05 sahara kernel:   Object 0xc534d130:  d2 df 56 f5 30 36 6e
> ea 0d d1 b7 c9 42 9b 57 3a <D2><DF>V<F5>06n<EA>.ѷ
> <C9>B.W:
> Mar 31 08:04:05 sahara kernel:   Object 0xc534d140:  52 64 87 94 bc 15 96
> 0f 0d 6e c5 e5 91 fb 37 0b Rd..<BC>....n<C5><E5>.
> <FB>7.
> Mar 31 08:04:05 sahara kernel:   Object 0xc534d150:  22 59 a3 bf a0 c4 69
> c4 d9 8e 91 9c 9f 33 07 61 "Y<A3><BF>.<C4>i<C4><D9>....3.a
> Mar 31 08:04:05 sahara kernel:   Object 0xc534d160:  fd 9e 23 cf 61 b1 5d
> 20 b8 e8 20 de 0b 10 36 2a <FD>.#<CF>a<B1>].<B8>
> <E8>.<DE>..6*
> Mar 31 08:04:05 sahara kernel:  Redzone 0xc534e0f0:  bb bb bb bb
> <BB><BB><BB><BB>
> Mar 31 08:04:05 sahara kernel:  Padding 0xc534e118:  5a 5a 5a 5a 5a 5a 5a
> 5a                         ZZZZZZZZ
> Mar 31 08:04:05 sahara kernel: Pid: 0, comm: swapper Not tainted
> 2.6.25-0.139.rc6.git5.fc9 #1
> Mar 31 08:04:05 sahara kernel:  [<c04863d3>] print_trailer+0x111/0x119
> Mar 31 08:04:05 sahara kernel:  [<c048645c>]
> check_bytes_and_report+0x81/0xa4
> Mar 31 08:04:05 sahara kernel:  [<c048654d>] check_object+0xa4/0x184
> Mar 31 08:04:05 sahara kernel:  [<c04876c6>] __slab_alloc+0x43a/0x53f
> Mar 31 08:04:05 sahara kernel:  [<c0487ab6>] ? kmem_cache_alloc+0x86/0xc4
> Mar 31 08:04:05 sahara kernel:  [<c0488037>]
> __kmalloc_track_caller+0x93/0xf8
> Mar 31 08:04:05 sahara kernel:  [<dea655da>] ?
> ath5k_rxbuf_setup+0x41/0x16a [ath5k]
> Mar 31 08:04:05 sahara kernel:  [<dea655da>] ?
> ath5k_rxbuf_setup+0x41/0x16a [ath5k]
> Mar 31 08:04:05 sahara kernel:  [<c05c2d39>] __alloc_skb+0x49/0xf8
> Mar 31 08:04:05 sahara kernel:  [<dea655da>] ath5k_rxbuf_setup+0x41/0x16a
> [ath5k]
> Mar 31 08:04:05 sahara kernel:  [<dea67913>] ath5k_tasklet_rx+0x4f0/0x508
> [ath5k]
> Mar 31 08:04:05 sahara kernel:  [<c040a042>] ? sched_clock+0x8/0xb
> Mar 31 08:04:05 sahara kernel:  [<c042c7d1>] tasklet_action+0x71/0xd6
> Mar 31 08:04:05 sahara kernel:  [<c042d0d2>] __do_softirq+0x84/0x10a
> Mar 31 08:04:05 sahara kernel:  [<c0407fde>] do_softirq+0x79/0xda
> Mar 31 08:04:05 sahara kernel:  [<c046495d>] ?
> handle_fasteoi_irq+0x0/0xb6
> Mar 31 08:04:05 sahara kernel:  [<c042cc38>] irq_exit+0x44/0x77
> Mar 31 08:04:05 sahara kernel:  [<c04080eb>] do_IRQ+0xac/0xc5
> Mar 31 08:04:05 sahara kernel:  [<c0406786>] common_interrupt+0x2e/0x34
> Mar 31 08:04:05 sahara kernel:  [<c04400d8>] ?
> clocksource_register+0x40/0x19f
> Mar 31 08:04:05 sahara kernel:  [<c0540f4e>] ?
> acpi_idle_enter_c1+0xdb/0x127
> Mar 31 08:04:05 sahara kernel:  [<c05abf79>] cpuidle_idle_call+0x70/0x94
> Mar 31 08:04:05 sahara kernel:  [<c05abf09>] ? cpuidle_idle_call+0x0/0x94
> Mar 31 08:04:05 sahara kernel:  [<c0404c97>] cpu_idle+0xc2/0xe2
> Mar 31 08:04:05 sahara kernel:  [<c062c391>] rest_init+0x49/0x4b
> Mar 31 08:04:05 sahara kernel:  =======================
> Mar 31 08:04:05 sahara kernel: FIX kmalloc-4096: Restoring
> 0xc534d100-0xc534d3db=0x6b
>
> Thanks!

New description:

 Hi

 I got a kmalloc poison warning (well zillions of them) from what appears
 to be ath5k allocated memory while copying about a Gig of data using the
 ath5k driver on a AR2413 chip with WEP.

 This may not be hugely helpful since it's from fedora rawhide's
 2.6.25-0.139.rc6.git5.fc9 kernel but I think that is reasonably good at
 tracking current wireless development so I have chosen "trunk" under
 version. You can probably check the exact source for that kernel in koji
 (the fedora buildsystem) as it's probably been replaced on the mirrors
 already with a newer version...

 Here's the info from /var/log/messages.
 {{{
 Mar 31 08:04:05 sahara kernel:
 =============================================================================
 Mar 31 08:04:05 sahara kernel: BUG kmalloc-4096 (Not tainted): Poison
 overwritten
 Mar 31 08:04:05 sahara kernel:
 -----------------------------------------------------------------------------
 Mar 31 08:04:05 sahara kernel:
 Mar 31 08:04:05 sahara kernel: INFO: 0xc534d100-0xc534d3db. First byte 0x8
 instead of 0x6b
 Mar 31 08:04:05 sahara kernel: INFO: Allocated in
 ath5k_rxbuf_setup+0x41/0x16a [ath5k] age=7156 cpu=0 pid=2450
 Mar 31 08:04:05 sahara kernel: INFO: Freed in skb_release_data+0x8e/0x92
 age=7104 cpu=0 pid=2450
 Mar 31 08:04:05 sahara kernel: INFO: Slab 0xc11237c0 used=2 fp=0xc534d0f0
 flags=0x400040c3
 Mar 31 08:04:05 sahara kernel: INFO: Object 0xc534d0f0 @offset=20720
 fp=0xc5349030
 Mar 31 08:04:05 sahara kernel:
 Mar 31 08:04:05 sahara kernel: Bytes b4 0xc534d0e0:  92 09 00 00 73 60 0a
 00 5a 5a 5a 5a 5a 5a 5a 5a ....s`..ZZZZZZZZ
 Mar 31 08:04:05 sahara kernel:   Object 0xc534d0f0:  6b 6b 6b 6b 6b 6b 6b
 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk
 Mar 31 08:04:05 sahara kernel:   Object 0xc534d100:  08 42 2c 00 00 16 ce
 0d 79 41 00 12 0e 0a 2a 5e .B,...<CE>.yA....*^
 Mar 31 08:04:05 sahara kernel:   Object 0xc534d110:  00 e0 98 d6 04 2c a0
 1d e0 4a 4c 00 c5 17 04 b0 .<E0>.<D6>.,..<E0>JL.
 <C5>..<B0>
 Mar 31 08:04:05 sahara kernel:   Object 0xc534d120:  2f 88 28 bd 96 b0 f0
 c5 8d dd 89 81 e6 8e 57 ce /.(<BD>.<B0><F0><C5>.
 <DD>..<E6>.W<CE>
 Mar 31 08:04:05 sahara kernel:   Object 0xc534d130:  d2 df 56 f5 30 36 6e
 ea 0d d1 b7 c9 42 9b 57 3a <D2><DF>V<F5>06n<EA>.ѷ
 <C9>B.W:
 Mar 31 08:04:05 sahara kernel:   Object 0xc534d140:  52 64 87 94 bc 15 96
 0f 0d 6e c5 e5 91 fb 37 0b Rd..<BC>....n<C5><E5>.
 <FB>7.
 Mar 31 08:04:05 sahara kernel:   Object 0xc534d150:  22 59 a3 bf a0 c4 69
 c4 d9 8e 91 9c 9f 33 07 61 "Y<A3><BF>.<C4>i<C4><D9>....3.a
 Mar 31 08:04:05 sahara kernel:   Object 0xc534d160:  fd 9e 23 cf 61 b1 5d
 20 b8 e8 20 de 0b 10 36 2a <FD>.#<CF>a<B1>].<B8>
 <E8>.<DE>..6*
 Mar 31 08:04:05 sahara kernel:  Redzone 0xc534e0f0:  bb bb bb bb
 <BB><BB><BB><BB>
 Mar 31 08:04:05 sahara kernel:  Padding 0xc534e118:  5a 5a 5a 5a 5a 5a 5a
 5a                         ZZZZZZZZ
 Mar 31 08:04:05 sahara kernel: Pid: 0, comm: swapper Not tainted
 2.6.25-0.139.rc6.git5.fc9 #1
 Mar 31 08:04:05 sahara kernel:  [<c04863d3>] print_trailer+0x111/0x119
 Mar 31 08:04:05 sahara kernel:  [<c048645c>]
 check_bytes_and_report+0x81/0xa4
 Mar 31 08:04:05 sahara kernel:  [<c048654d>] check_object+0xa4/0x184
 Mar 31 08:04:05 sahara kernel:  [<c04876c6>] __slab_alloc+0x43a/0x53f
 Mar 31 08:04:05 sahara kernel:  [<c0487ab6>] ? kmem_cache_alloc+0x86/0xc4
 Mar 31 08:04:05 sahara kernel:  [<c0488037>]
 __kmalloc_track_caller+0x93/0xf8
 Mar 31 08:04:05 sahara kernel:  [<dea655da>] ?
 ath5k_rxbuf_setup+0x41/0x16a [ath5k]
 Mar 31 08:04:05 sahara kernel:  [<dea655da>] ?
 ath5k_rxbuf_setup+0x41/0x16a [ath5k]
 Mar 31 08:04:05 sahara kernel:  [<c05c2d39>] __alloc_skb+0x49/0xf8
 Mar 31 08:04:05 sahara kernel:  [<dea655da>] ath5k_rxbuf_setup+0x41/0x16a
 [ath5k]
 Mar 31 08:04:05 sahara kernel:  [<dea67913>] ath5k_tasklet_rx+0x4f0/0x508
 [ath5k]
 Mar 31 08:04:05 sahara kernel:  [<c040a042>] ? sched_clock+0x8/0xb
 Mar 31 08:04:05 sahara kernel:  [<c042c7d1>] tasklet_action+0x71/0xd6
 Mar 31 08:04:05 sahara kernel:  [<c042d0d2>] __do_softirq+0x84/0x10a
 Mar 31 08:04:05 sahara kernel:  [<c0407fde>] do_softirq+0x79/0xda
 Mar 31 08:04:05 sahara kernel:  [<c046495d>] ? handle_fasteoi_irq+0x0/0xb6
 Mar 31 08:04:05 sahara kernel:  [<c042cc38>] irq_exit+0x44/0x77
 Mar 31 08:04:05 sahara kernel:  [<c04080eb>] do_IRQ+0xac/0xc5
 Mar 31 08:04:05 sahara kernel:  [<c0406786>] common_interrupt+0x2e/0x34
 Mar 31 08:04:05 sahara kernel:  [<c04400d8>] ?
 clocksource_register+0x40/0x19f
 Mar 31 08:04:05 sahara kernel:  [<c0540f4e>] ?
 acpi_idle_enter_c1+0xdb/0x127
 Mar 31 08:04:05 sahara kernel:  [<c05abf79>] cpuidle_idle_call+0x70/0x94
 Mar 31 08:04:05 sahara kernel:  [<c05abf09>] ? cpuidle_idle_call+0x0/0x94
 Mar 31 08:04:05 sahara kernel:  [<c0404c97>] cpu_idle+0xc2/0xe2
 Mar 31 08:04:05 sahara kernel:  [<c062c391>] rest_init+0x49/0x4b
 Mar 31 08:04:05 sahara kernel:  =======================
 Mar 31 08:04:05 sahara kernel: FIX kmalloc-4096: Restoring
 0xc534d100-0xc534d3db=0x6b
 }}}

 Thanks!

-- 
Ticket URL: <https://madwifi.org/ticket/1856#comment:1>
madwifi.org <http://madwifi.org/>
Multiband Atheros Driver for Wireless Fidelity
-------------------------------------------------------------------------
Check out the new SourceForge.net Marketplace.
It's the best place to buy or sell services for
just about anything Open Source.
http://ad.doubleclick.net/clk;164216239;13503038;w?http://sf.net/marketplace
_______________________________________________
Madwifi-tickets mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/madwifi-tickets

Re: [madwifi-tickets] [madwifi.org] #1856: ath5k kmalloc poison overwritten

Reply via email to