On 05/11/2012 10:42 PM, Alan Stern wrote:
On Fri, 11 May 2012, Oncaphillis wrote:
hallo,
I'm developing a hardware application based on theEZ-USB SX2 Chip
from Cypress using libusb-1.0.8 and I see kernel crashes like:
<snip>
May 03 19:11:59 [kernel] [<ffffffff8137ccde>] free_async+0x22/0x47
May 03 19:11:59 [kernel] [<ffffffff8137f494>] usbdev_do_ioctl+0xa51/0xd3f
free_async() calls kfree() more than once. Can you figure out which
call causes the problem?
Added some printk and it is as->urb->transfer_buffer
which points to the arry SLUP complains about.
I enabled SLUB Poisoning and found the following
<snip>
May 09 18:46:34 [kernel] [ 133.013088]
=============================================================================
May 09 18:46:34 [kernel] [ 133.013091] BUG kmalloc-512 (Not tainted):
Poison overwritten
May 09 18:46:34 [kernel] [ 133.013093]
-----------------------------------------------------------------------------
May 09 18:46:34 [kernel] [ 133.013093]
May 09 18:46:34 [kernel] [ 133.013096] INFO:
0xffff880079b253b0-0xffff880079b253b1. First byte 0x9d instead of 0x6b
May 09 18:46:34 [kernel] [ 133.013102] INFO: Allocated in
proc_do_submiturb+0x41a/0x876 age=188 cpu=0 pid=4468
proc_do_submiturb() does several allocations. Can you figure out which
one this is?
So -- as far as I understand SLUB Poisoning someone makes a kmalloc and
gets a chunk of memory
which someone else, presumably _proc_do_submiturb, wrote into after if
called kfree on the block.
Any suggestions on how to proceed on this issue ?
Figuring out which structure is getting overwritten would be a good
start.
Alan Stern
--
To unsubscribe from this list: send the line "unsubscribe linux-usb" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
--
To unsubscribe from this list: send the line "unsubscribe linux-usb" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
