Re: uhci_hcd: Possible corruption of DMA pool uhci->td_pool

From: Alan Stern
Date: Wed Dec 11 2013 - 11:41:19 EST

Next message: Tony Lindgren: "Re: [PATCH] of/platform: Fix no irq domain found errors whenpopulating interrupts"
Previous message: Mel Gorman: "Re: [PATCH] mm: numa: Guarantee that tlb_flush_pending updates arevisible before page table updates"
In reply to: Eugene Shatokhin: "uhci_hcd: Possible corruption of DMA pool uhci->td_pool"
Next in thread: Eugene Shatokhin: "Re: uhci_hcd: Possible corruption of DMA pool uhci->td_pool"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Wed, 11 Dec 2013, Eugene Shatokhin wrote:

> Hi,
>
> On ROSA Linux with kernel 3.10.21 with DMA debug options enabled, the
> kernel sometimes issues a warning about DMA pool corruption (see the log
> below).
>
> That happens sometimes, when the system boots or resumes from
> hibernation with Samson C01U USB microphone attached.
>
> The affected DMA pool is 'uhci->td_pool', uhci_alloc_td() from
> drivers/usb/host/uhci-hcd.c makes the relevant dma_pool_alloc() calls.
>
> Any ideas about how to find what causes this and how to fix it?

This is not an easy sort of thing to track down...

> Here is the relevant part of the system log:
> ----------------------------
> [ 22.264332] usb 2-1: new full-speed USB device number 2 using uhci_hcd
> [ 22.450609] usb 2-1: New USB device found, idVendor=17a0, idProduct=0001
> [ 22.450626] usb 2-1: New USB device strings: Mfr=1, Product=2,
> SerialNumber=0
> [ 22.450639] usb 2-1: Product: Samson C01U
> [ 22.450649] usb 2-1: Manufacturer: Samson Technologies
> <...>
> [ 280.703483] retire_capture_urb: 4494 callbacks suppressed
> [ 284.961087] uhci_hcd 0000:00:1d.1: dma_pool_alloc uhci_td, efb7b060
> (corruped)
> [ 284.961087] 00000000: 00 06 00 00 af 00 00 03 a7 a7 a7 a7 a7 a7 a7 a7
> ................
> [ 284.961087] 00000010: a7 a7 a7 a7 a7 a7 a7 a7 a7 a7 a7 a7 a7 a7 a7 a7
> ................
> [ 284.961087] 00000020: a7 a7 a7 a7 a7 a7 a7 a7 a7 a7 a7 a7 a7 a7 a7 a7
> ................
> [ 284.961087] retire_capture_urb: 4343 callbacks suppressed
> [ 284.961087] uhci_hcd 0000:00:1d.1: dma_pool_alloc uhci_td, efb7b5d0
> (corruped)
> [ 284.961087] 00000000: 00 06 00 00 af 00 00 03 a7 a7 a7 a7 a7 a7 a7 a7
> ................
> [ 284.961087] 00000010: a7 a7 a7 a7 a7 a7 a7 a7 a7 a7 a7 a7 a7 a7 a7 a7
> ................
> [ 284.961087] 00000020: a7 a7 a7 a7 a7 a7 a7 a7 a7 a7 a7 a7 a7 a7 a7 a7
> ................
> [ 284.961087] cannot submit urb (err = -27)
> [ 284.961087] cannot submit urb (err = -27)
> [ 284.961087] cannot submit urb (err = -27)
> [ 284.961087] cannot submit urb (err = -27)
> [ 284.961087] cannot submit urb (err = -27)
> [ 284.961087] cannot submit urb (err = -27)
> [ 284.961087] cannot submit urb (err = -27)
> [ 284.961087] cannot submit urb (err = -27)
> ----------------------------
>
> 0xa7 is POOL_POISON_FREED. The memory pages to be allocated from the
> pool should be filled with such bytes.
>
> Each time I observed this problem, the first 8 bytes of the listed
> memory area were overwritten, with different data each time.

It kind of looks like a hardware bug. Still, it's hard to say.

Can you test the current 3.13-rc kernel? There have been a few recent
changes in this area that might have an effect.

Alan Stern

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Tony Lindgren: "Re: [PATCH] of/platform: Fix no irq domain found errors whenpopulating interrupts"
Previous message: Mel Gorman: "Re: [PATCH] mm: numa: Guarantee that tlb_flush_pending updates arevisible before page table updates"
In reply to: Eugene Shatokhin: "uhci_hcd: Possible corruption of DMA pool uhci->td_pool"
Next in thread: Eugene Shatokhin: "Re: uhci_hcd: Possible corruption of DMA pool uhci->td_pool"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]