2.6.28-rc2: USB/INPUT: slab error in cache_alloc_debugcheck_after(): double free? - Kernel

This is a discussion on 2.6.28-rc2: USB/INPUT: slab error in cache_alloc_debugcheck_after(): double free? - Kernel ; I noticed various slab errors with complete kernel crashes with my USB keyboard/mouse on a 32bit parisc machine with both 2.6.28-rc1 and -rc2. Kernel 2.6.27 was still OK. Linux kernel bootlog shows: --------------- ohci_hcd: USB 1.1 'Open' Host Controller (OHCI) ...

+ Reply to Thread
Results 1 to 9 of 9

Thread: 2.6.28-rc2: USB/INPUT: slab error in cache_alloc_debugcheck_after(): double free?

  1. 2.6.28-rc2: USB/INPUT: slab error in cache_alloc_debugcheck_after(): double free?

    I noticed various slab errors with complete kernel crashes with my USB keyboard/mouse on a 32bit parisc machine with both 2.6.28-rc1 and -rc2.
    Kernel 2.6.27 was still OK.

    Linux kernel bootlog shows:
    ---------------
    ohci_hcd: USB 1.1 'Open' Host Controller (OHCI) Driver
    ohci_hcd 0000:00:0e.2: OHCI Host Controller
    ohci_hcd 0000:00:0e.2: new USB bus registered, assigned bus number 1
    ohci_hcd 0000:00:0e.2: irq 1, io mem 0xf2007000
    usb usb1: configuration #1 chosen from 1 choice
    hub 1-0:1.0: USB hub found
    hub 1-0:1.0: 3 ports detected
    usb usb1: New USB device found, idVendor=1d6b, idProduct=0001
    usb usb1: New USB device strings: Mfr=3, Product=2, SerialNumber=1
    usb usb1: Product: OHCI Host Controller
    usb usb1: Manufacturer: Linux 2.6.28-rc2 ohci_hcd
    usb usb1: SerialNumber: 0000:00:0e.2
    uhci_hcd: USB Universal Host Controller Interface driver


    After sucessful bootup (without any USB devices attached)
    I get this when I insert a USB keyboard:
    ---------------
    usb 1-1: new low speed USB device using ohci_hcd and address 2
    usb 1-1: configuration #1 chosen from 1 choice
    input: SILITEK USB Keyboard and Mouse as /class/input/input0
    Slab corruption: size-4096 start=8dd9b000, len=4096
    000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
    010: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
    020: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
    030: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
    040: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
    050: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
    generic-usb 0004:047B:0002.0001: input,hidraw0: USB HID v1.00 Keyboard [SILITEK USB Keyboard and Mouse] on usb-0000:00:0e.2-1/input0
    input: SILITEK USB Keyboard and Mouse as /class/input/input1
    generic-usb 0003:047B:0002.0002: input,hidraw1: USB HID v1.00 Mouse [SILITEK USB Keyboard and Mouse] on usb-0000:00:0e.2-1/input1
    usb 1-1: New USB device found, idVendor=047b, idProduct=0002
    usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=0
    usb 1-1: Product: USB Keyboard and Mouse
    usb 1-1: Manufacturer: SILITEK


    Similiar when I insert a mouse:
    ------------------
    usb 1-1: new low speed USB device using ohci_hcd and address 2
    usb 1-1: configuration #1 chosen from 1 choice
    input: Logitech N48 as /class/input/input0
    Slab corruption: shmem_inode_cache start=8bd9daa0, len=640
    Redzone: 0x0/0x9f911029d74e35b.
    Last user: [<00000000>](0x0)
    000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
    010: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
    020: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
    030: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
    040: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
    050: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
    Prev obj: start=8bd9d870, len=640
    Redzone: 0x6b6b6b6b6b6b6b6b/0x0.
    Last user: [<00000000>](0x0)
    000: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b
    010: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
    slab error in cache_alloc_debugcheck_after(): cache `shmem_inode_cache': double free, or memory outside objecn
    Backtrace:
    [<101a4e84>] cache_alloc_debugcheck_after+0xd8/0x200
    [<101a540c>] kmem_cache_alloc+0x1a0/0x1e8
    [<101a26e4>] shmem_alloc_inode+0x18/0x34
    [<101be158>] alloc_inode+0x28/0x238
    [<101bf204>] new_inode+0x20/0xc0
    [<101a0eb8>] shmem_get_inode+0x34/0x1ac
    [<101a1be0>] shmem_symlink+0x60/0x260
    [<101b6034>] vfs_symlink+0x74/0xc8
    [<101b6118>] sys_symlinkat+0x90/0xfc
    [<101190c0>] syscall_exit+0x0/0x28

    8bd9da98: redzone 1:0x0, redzone 2:0x9f911029d74e35b
    Slab corruption: size-4096 start=8bd18000, len=4096
    000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
    010: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
    020: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
    030: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
    040: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
    050: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
    generic-usb 0003:046D:C001.0001: input,hidraw0: USB HID v1.00 Mouse [Logitech N48] on usb-0000:00:0e.2-1/inpu0
    usb 1-1: New USB device found, idVendor=046d, idProduct=c001
    usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=0
    usb 1-1: Product: N48
    usb 1-1: Manufacturer: Logitech


    On 2.6.28-rc1 I saw e.g. this:
    --------------------
    usbcore: registered new interface driver usbhid
    usbhid: v2.6:USB HID core driver
    usb 1-1: new low speed USB device using ohci_hcd and address 2
    usb 1-1: configuration #1 chosen from 1 choice
    input: Logitech N48 as /class/input/input0
    generic-usb 0003:046D:C001.0001: input,hidraw0: USB HID v1.00 Mouse
    [Logitech N48] on usb-0000:00:0e.2-1/inpu0
    usb 1-1: New USB device found, idVendor=046d, idProduct=c001
    usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=0
    usb 1-1: Product: N48
    usb 1-1: Manufacturer: Logitech
    usb 1-2: new low speed USB device using ohci_hcd and address 3
    usb 1-2: configuration #1 chosen from 1 choice
    slab error in cache_alloc_debugcheck_after(): cache `size-512': double free, or memory outside object was oven
    Backtrace:
    [<101a5724>] cache_alloc_debugcheck_after+0xd8/0x200
    [<101a5cac>] kmem_cache_alloc+0x1a0/0x1e8
    [<1042e294>] hid_register_report+0x60/0xc4
    [<1042e5f8>] hid_add_field+0x40/0x1a4
    [<1042ec40>] hid_parser_main+0x94/0xc4

    Helge
    --
    To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
    the body of a message to majordomo@vger.kernel.org
    More majordomo info at http://vger.kernel.org/majordomo-info.html
    Please read the FAQ at http://www.tux.org/lkml/

  2. Re: 2.6.28-rc2: USB/INPUT: slab error in cache_alloc_debugcheck_after(): double free?

    On Fri, 31 Oct 2008, Helge Deller wrote:

    > I noticed various slab errors with complete kernel crashes with my USB keyboard/mouse on a 32bit parisc machine with both 2.6.28-rc1 and -rc2.
    > Kernel 2.6.27 was still OK.
    >
    > Linux kernel bootlog shows:
    > ---------------
    > ohci_hcd: USB 1.1 'Open' Host Controller (OHCI) Driver
    > ohci_hcd 0000:00:0e.2: OHCI Host Controller
    > ohci_hcd 0000:00:0e.2: new USB bus registered, assigned bus number 1
    > ohci_hcd 0000:00:0e.2: irq 1, io mem 0xf2007000
    > usb usb1: configuration #1 chosen from 1 choice
    > hub 1-0:1.0: USB hub found
    > hub 1-0:1.0: 3 ports detected
    > usb usb1: New USB device found, idVendor=1d6b, idProduct=0001
    > usb usb1: New USB device strings: Mfr=3, Product=2, SerialNumber=1
    > usb usb1: Product: OHCI Host Controller
    > usb usb1: Manufacturer: Linux 2.6.28-rc2 ohci_hcd
    > usb usb1: SerialNumber: 0000:00:0e.2
    > uhci_hcd: USB Universal Host Controller Interface driver
    >
    >
    > After sucessful bootup (without any USB devices attached)
    > I get this when I insert a USB keyboard:
    > ---------------
    > usb 1-1: new low speed USB device using ohci_hcd and address 2
    > usb 1-1: configuration #1 chosen from 1 choice
    > input: SILITEK USB Keyboard and Mouse as /class/input/input0
    > Slab corruption: size-4096 start=8dd9b000, len=4096
    > 000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
    > 010: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
    > 020: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
    > 030: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
    > 040: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
    > 050: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
    > generic-usb 0004:047B:0002.0001: input,hidraw0: USB HID v1.00 Keyboard [SILITEK USB Keyboard and Mouse] on usb-0000:00:0e.2-1/input0
    > input: SILITEK USB Keyboard and Mouse as /class/input/input1
    > generic-usb 0003:047B:0002.0002: input,hidraw1: USB HID v1.00 Mouse [SILITEK USB Keyboard and Mouse] on usb-0000:00:0e.2-1/input1
    > usb 1-1: New USB device found, idVendor=047b, idProduct=0002
    > usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=0
    > usb 1-1: Product: USB Keyboard and Mouse
    > usb 1-1: Manufacturer: SILITEK
    >
    >
    > Similiar when I insert a mouse:
    > ------------------
    > usb 1-1: new low speed USB device using ohci_hcd and address 2
    > usb 1-1: configuration #1 chosen from 1 choice
    > input: Logitech N48 as /class/input/input0
    > Slab corruption: shmem_inode_cache start=8bd9daa0, len=640
    > Redzone: 0x0/0x9f911029d74e35b.
    > Last user: [<00000000>](0x0)
    > 000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
    > 010: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
    > 020: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
    > 030: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
    > 040: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
    > 050: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
    > Prev obj: start=8bd9d870, len=640
    > Redzone: 0x6b6b6b6b6b6b6b6b/0x0.
    > Last user: [<00000000>](0x0)
    > 000: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b
    > 010: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
    > slab error in cache_alloc_debugcheck_after(): cache `shmem_inode_cache': double free, or memory outside objecn
    > Backtrace:
    > [<101a4e84>] cache_alloc_debugcheck_after+0xd8/0x200
    > [<101a540c>] kmem_cache_alloc+0x1a0/0x1e8
    > [<101a26e4>] shmem_alloc_inode+0x18/0x34
    > [<101be158>] alloc_inode+0x28/0x238
    > [<101bf204>] new_inode+0x20/0xc0
    > [<101a0eb8>] shmem_get_inode+0x34/0x1ac
    > [<101a1be0>] shmem_symlink+0x60/0x260
    > [<101b6034>] vfs_symlink+0x74/0xc8
    > [<101b6118>] sys_symlinkat+0x90/0xfc
    > [<101190c0>] syscall_exit+0x0/0x28
    >
    > 8bd9da98: redzone 1:0x0, redzone 2:0x9f911029d74e35b
    > Slab corruption: size-4096 start=8bd18000, len=4096
    > 000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
    > 010: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
    > 020: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
    > 030: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
    > 040: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
    > 050: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
    > generic-usb 0003:046D:C001.0001: input,hidraw0: USB HID v1.00 Mouse [Logitech N48] on usb-0000:00:0e.2-1/inpu0
    > usb 1-1: New USB device found, idVendor=046d, idProduct=c001
    > usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=0
    > usb 1-1: Product: N48
    > usb 1-1: Manufacturer: Logitech
    >
    >
    > On 2.6.28-rc1 I saw e.g. this:
    > --------------------
    > usbcore: registered new interface driver usbhid
    > usbhid: v2.6:USB HID core driver
    > usb 1-1: new low speed USB device using ohci_hcd and address 2
    > usb 1-1: configuration #1 chosen from 1 choice
    > input: Logitech N48 as /class/input/input0
    > generic-usb 0003:046D:C001.0001: input,hidraw0: USB HID v1.00 Mouse
    > [Logitech N48] on usb-0000:00:0e.2-1/inpu0
    > usb 1-1: New USB device found, idVendor=046d, idProduct=c001
    > usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=0
    > usb 1-1: Product: N48
    > usb 1-1: Manufacturer: Logitech
    > usb 1-2: new low speed USB device using ohci_hcd and address 3
    > usb 1-2: configuration #1 chosen from 1 choice
    > slab error in cache_alloc_debugcheck_after(): cache `size-512': double free, or memory outside object was oven
    > Backtrace:
    > [<101a5724>] cache_alloc_debugcheck_after+0xd8/0x200
    > [<101a5cac>] kmem_cache_alloc+0x1a0/0x1e8
    > [<1042e294>] hid_register_report+0x60/0xc4
    > [<1042e5f8>] hid_add_field+0x40/0x1a4
    > [<1042ec40>] hid_parser_main+0x94/0xc4


    Was Redzone 1 in this case also 0x0 please?

    --
    Jiri Kosina
    SUSE Labs

    --
    To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
    the body of a message to majordomo@vger.kernel.org
    More majordomo info at http://vger.kernel.org/majordomo-info.html
    Please read the FAQ at http://www.tux.org/lkml/

  3. Re: 2.6.28-rc2: USB/INPUT: slab error in cache_alloc_debugcheck_after(): double free?

    On Fri, 31 Oct 2008, Helge Deller wrote:

    > After sucessful bootup (without any USB devices attached)
    > I get this when I insert a USB keyboard:
    > ---------------
    > usb 1-1: new low speed USB device using ohci_hcd and address 2
    > usb 1-1: configuration #1 chosen from 1 choice
    > input: SILITEK USB Keyboard and Mouse as /class/input/input0
    > Slab corruption: size-4096 start=8dd9b000, len=4096
    > 000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
    > 010: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
    > 020: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
    > 030: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
    > 040: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
    > 050: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
    > generic-usb 0004:047B:0002.0001: input,hidraw0: USB HID v1.00 Keyboard [SILITEK USB Keyboard and Mouse] on usb-0000:00:0e.2-1/input0


    Looks like something goes wrong somewhere around hid_connect() --
    hidinput_connect() is called, then slab complains about corruption, and
    then the rest of the code in hid_connect() is executed, priting the
    'generic-usb ...' message.

    I can't reproduce it here myself with CONFIG_DEBUG_SLAB=y. Could you
    please send me your config?

    It is also quite strange that stacktrace is missing here for some
    reason.

    > On 2.6.28-rc1 I saw e.g. this:
    > --------------------
    > usbcore: registered new interface driver usbhid
    > usbhid: v2.6:USB HID core driver
    > usb 1-1: new low speed USB device using ohci_hcd and address 2
    > usb 1-1: configuration #1 chosen from 1 choice
    > input: Logitech N48 as /class/input/input0
    > generic-usb 0003:046D:C001.0001: input,hidraw0: USB HID v1.00 Mouse
    > [Logitech N48] on usb-0000:00:0e.2-1/inpu0
    > usb 1-1: New USB device found, idVendor=046d, idProduct=c001
    > usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=0
    > usb 1-1: Product: N48
    > usb 1-1: Manufacturer: Logitech
    > usb 1-2: new low speed USB device using ohci_hcd and address 3
    > usb 1-2: configuration #1 chosen from 1 choice
    > slab error in cache_alloc_debugcheck_after(): cache `size-512': double free, or memory outside object was oven
    > Backtrace:
    > [<101a5724>] cache_alloc_debugcheck_after+0xd8/0x200
    > [<101a5cac>] kmem_cache_alloc+0x1a0/0x1e8
    > [<1042e294>] hid_register_report+0x60/0xc4
    > [<1042e5f8>] hid_add_field+0x40/0x1a4
    > [<1042ec40>] hid_parser_main+0x94/0xc4


    This looks rather incomplete, backtrace starting at hid_parser_main is
    odd.

    Also, this seems to happen for different slab cache than the previous
    corrutpion.

    --
    Jiri Kosina
    SUSE Labs

    --
    To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
    the body of a message to majordomo@vger.kernel.org
    More majordomo info at http://vger.kernel.org/majordomo-info.html
    Please read the FAQ at http://www.tux.org/lkml/

  4. Re: 2.6.28-rc2: USB/INPUT: slab error in cache_alloc_debugcheck_after(): double free?

    I am seeing the same USB problem but without the SLAB errors - [1] is
    the Gentoo bug report. The kernel boots fine with both USB keyboard and
    mouse detached.


    [17179609.760000] usb 1-2: configuration #1 chosen from 1 choice
    [17179609.860000] input: Kensington Kensington USB/PS2 Trackball as
    /class/inpu1
    [17179609.972000] Backtrace:
    [17179609.972000] [<101daa9c>] sysfs_find_dirent+0x34/0x50
    [17179609.972000] [<101daad8>] __sysfs_add_one+0x20/0xc0
    [17179609.972000] [<101dab8c>] sysfs_add_one+0x14/0x50
    [17179609.972000] [<101db250>] create_dir+0x64/0xcc
    [17179609.972000] [<101db2e4>] sysfs_create_dir+0x2c/0x5c
    [17179609.972000] [<102f2cd0>] kobject_add_internal+0xb8/0x1b0
    [17179609.972000] [<102f326c>] kobject_add+0x38/0x68
    [17179609.972000] [<1035b2b0>] device_add+0xdc/0x55c
    [17179609.972000] [<103d6930>] mousedev_create+0x17c/0x1f8
    [17179609.972000] [<103d7284>] mousedev_connect+0x48/0x138
    [17179609.972000] [<103d2b50>] input_attach_handler+0x6c/0xac
    [17179609.972000] [<103d5014>] input_register_device+0x1a4/0x250
    [17179609.972000] [<103dfe08>] hidinput_connect+0x308/0x3b40
    [17179609.972000] [<103de5d4>] hid_connect+0x22c/0x2c0
    [17179609.972000] [<103de740>] hid_device_probe+0xd8/0xfc
    [17179609.972000] [<1035db94>] driver_probe_device+0xa4/0x198
    [17179609.972000]
    [17179609.972000]
    [17179609.972000] Kernel Fault: Code=26 regs=8f86d0c0 (Addr=00000000)
    [17179609.972000]
    [17179609.972000] YZrvWESTHLNXBCVMcbcbcbcbOGFRQPDI
    [17179609.972000] PSW: 00000000000001001111111000001111 Not tainted
    [17179609.972000] r00-03 0004fe0f 105a8e50 101daa9c 8ecef000
    [17179609.972000] r04-07 8f8d4d70 fffffff4 8f296f60 8f86cf48
    [17179609.972000] r08-11 8f297ac8 8ec37000 8f293e90 00000008
    [17179609.972000] r12-15 00000006 00000001 00000002 00000003
    [17179609.972000] r16-19 8ec37000 fffeffff fffeff70 00000073
    [17179609.972000] r20-23 00000006 0000000f 000003e0 8f296f60
    [17179609.972000] r24-27 101da714 8f8d4d70 00000000 105a8650
    [17179609.972000] r28-31 8ecef000 156979c9 8f86d0c0 101a0274
    [17179609.972000] sr00-03 00000000 00000000 00000000 0000000c
    [17179609.972000] sr04-07 00000000 00000000 00000000 00000000
    [17179609.972000]
    [17179609.972000] IASQ: 00000000 00000000 IAOQ: 102f6a50 102f6a54
    [17179609.972000] IIR: 0f40101c ISR: 00000000 IOR: 00000000
    [17179609.972000] CPU: 0 CR30: 8f86c000 CR31: 11111111
    [17179609.972000] ORIG_R28: 0000000f
    [17179609.972000] IAOQ[0]: strcmp+0x0/0x34
    [17179609.972000] IAOQ[1]: strcmp+0x4/0x34
    [17179609.972000] RP(r2): sysfs_find_dirent+0x34/0x50
    [17179609.972000] Backtrace:
    [17179609.972000] [<101daa9c>] sysfs_find_dirent+0x34/0x50
    [17179609.972000] [<101daad8>] __sysfs_add_one+0x20/0xc0
    [17179609.972000] [<101dab8c>] sysfs_add_one+0x14/0x50
    [17179609.972000] [<101db250>] create_dir+0x64/0xcc
    [17179609.972000] [<101db2e4>] sysfs_create_dir+0x2c/0x5c
    [17179609.972000] [<102f2cd0>] kobject_add_internal+0xb8/0x1b0
    [17179609.972000] [<102f326c>] kobject_add+0x38/0x68
    [17179609.972000] [<1035b2b0>] device_add+0xdc/0x55c
    [17179609.972000] [<103d6930>] mousedev_create+0x17c/0x1f8
    [17179609.972000] [<103d7284>] mousedev_connect+0x48/0x138
    [17179609.972000] [<103d2b50>] input_attach_handler+0x6c/0xac
    [17179609.972000] [<103d5014>] input_register_device+0x1a4/0x250
    [17179609.972000] [<103dfe08>] hidinput_connect+0x308/0x3b40
    [17179609.972000] [<103de5d4>] hid_connect+0x22c/0x2c0
    [17179609.972000] [<103de740>] hid_device_probe+0xd8/0xfc
    [17179609.972000] [<1035db94>] driver_probe_device+0xa4/0x198
    [17179609.972000]
    [17179609.972000] Kernel panic - not syncing: Kernel Fault


    Kind regards,
    JeR


    [1] https://bugs.gentoo.org/show_bug.cgi?id=245001
    --
    To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
    the body of a message to majordomo@vger.kernel.org
    More majordomo info at http://vger.kernel.org/majordomo-info.html
    Please read the FAQ at http://www.tux.org/lkml/

  5. Re: 2.6.28-rc2: USB/INPUT: slab error in cache_alloc_debugcheck_after(): double free?

    On Fri, 31 Oct 2008, Jeroen Roovers wrote:

    > I am seeing the same USB problem but without the SLAB errors - [1] is
    > the Gentoo bug report. The kernel boots fine with both USB keyboard and
    > mouse detached.


    Could you please provide your config? I am still not able to reproduce it
    here. Thanks.

    --
    Jiri Kosina
    SUSE Labs

    --
    To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
    the body of a message to majordomo@vger.kernel.org
    More majordomo info at http://vger.kernel.org/majordomo-info.html
    Please read the FAQ at http://www.tux.org/lkml/

  6. Re: 2.6.28-rc2: USB/INPUT: slab error in cache_alloc_debugcheck_after(): double free?

    On Fri, 31 Oct 2008, Helge Deller wrote:

    > I noticed various slab errors with complete kernel crashes with my USB
    > keyboard/mouse on a 32bit parisc machine with both 2.6.28-rc1 and -rc2.
    > Kernel 2.6.27 was still OK.

    [ ... ]

    On Fri, 31 Oct 2008, Jeroen Roovers wrote:

    > I am seeing the same USB problem but without the SLAB errors - [1] is
    > the Gentoo bug report. The kernel boots fine with both USB keyboard and
    > mouse detached.

    [ ... ]
    > [17179609.972000] IASQ: 00000000 00000000 IAOQ: 102f6a50 102f6a54
    > [17179609.972000] IIR: 0f40101c ISR: 00000000 IOR: 00000000
    > [17179609.972000] CPU: 0 CR30: 8f86c000 CR31: 11111111
    > [17179609.972000] ORIG_R28: 0000000f
    > [17179609.972000] IAOQ[0]: strcmp+0x0/0x34
    > [17179609.972000] IAOQ[1]: strcmp+0x4/0x34
    > [17179609.972000] RP(r2): sysfs_find_dirent+0x34/0x50
    > [17179609.972000] Backtrace:
    > [17179609.972000] [<101daa9c>] sysfs_find_dirent+0x34/0x50
    > [17179609.972000] [<101daad8>] __sysfs_add_one+0x20/0xc0
    > [17179609.972000] [<101dab8c>] sysfs_add_one+0x14/0x50
    > [17179609.972000] [<101db250>] create_dir+0x64/0xcc
    > [17179609.972000] [<101db2e4>] sysfs_create_dir+0x2c/0x5c
    > [17179609.972000] [<102f2cd0>] kobject_add_internal+0xb8/0x1b0
    > [17179609.972000] [<102f326c>] kobject_add+0x38/0x68
    > [17179609.972000] [<1035b2b0>] device_add+0xdc/0x55c
    > [17179609.972000] [<103d6930>] mousedev_create+0x17c/0x1f8
    > [17179609.972000] [<103d7284>] mousedev_connect+0x48/0x138
    > [17179609.972000] [<103d2b50>] input_attach_handler+0x6c/0xac
    > [17179609.972000] [<103d5014>] input_register_device+0x1a4/0x250
    > [17179609.972000] [<103dfe08>] hidinput_connect+0x308/0x3b40
    > [17179609.972000] [<103de5d4>] hid_connect+0x22c/0x2c0
    > [17179609.972000] [<103de740>] hid_device_probe+0xd8/0xfc
    > [17179609.972000] [<1035db94>] driver_probe_device+0xa4/0x198


    What architecture is this, please?

    If I understand the dump correctly, it bugs because strcmp() in
    sysfs_find_dirent() got somehow NULL pointer.

    I am not able to reproduce this locally and I can't see what is going
    wrong here. Could you please try the patch below and send the dmesg
    output? (beware, it will produce quite some output volume). This might
    help us understand a little bit better what string goes NULL where, or
    what exactly is happening.
    Thanks.

    diff --git a/fs/sysfs/dir.c b/fs/sysfs/dir.c
    index 82d3b79..e14fb5f 100644
    --- a/fs/sysfs/dir.c
    +++ b/fs/sysfs/dir.c
    @@ -418,6 +418,9 @@ void sysfs_addrm_start(struct sysfs_addrm_cxt *acxt,
    */
    int __sysfs_add_one(struct sysfs_addrm_cxt *acxt, struct sysfs_dirent *sd)
    {
    + printk(KERN_DEBUG "__sysfs_add_one\n");
    + printk(KERN_DEBUG "%s\n", acxt->parent_sd->s_name);
    + printk(KERN_DEBUG "%s\n", sd->s_name);
    if (sysfs_find_dirent(acxt->parent_sd, sd->s_name))
    return -EEXIST;


    --
    Jiri Kosina
    --
    To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
    the body of a message to majordomo@vger.kernel.org
    More majordomo info at http://vger.kernel.org/majordomo-info.html
    Please read the FAQ at http://www.tux.org/lkml/

  7. Re: 2.6.28-rc2: USB/INPUT: slab error in cache_alloc_debugcheck_after(): double free?

    On Fri, 31 Oct 2008, Jeroen Roovers wrote:

    > > Could you please provide your config? I am still not able to reproduce
    > > it here. Thanks.

    > Added to the bug report[1]. The architecture is hppa (parisc).


    Hmm, so we have just two reports of this corruption, and both of them come
    from PA-RISC systems. Noone else has reported this, and I haven't been
    able to reproduce it myself on x86.

    On the other hand I don't seem to see any commit that went into
    arch/parisc between .27 and 28-rc1 which could possibly cause this...

    --
    Jiri Kosina
    SUSE Labs
    --
    To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
    the body of a message to majordomo@vger.kernel.org
    More majordomo info at http://vger.kernel.org/majordomo-info.html
    Please read the FAQ at http://www.tux.org/lkml/

  8. Re: 2.6.28-rc2: USB/INPUT: slab error in cache_alloc_debugcheck_after(): double free?

    On 10/31/2008 04:45 AM, Jeroen Roovers wrote:
    > I am seeing the same USB problem but without the SLAB errors - [1] is
    > the Gentoo bug report. The kernel boots fine with both USB keyboard and
    > mouse detached.
    >
    >
    > [17179609.760000] usb 1-2: configuration #1 chosen from 1 choice
    > [17179609.860000] input: Kensington Kensington USB/PS2 Trackball as
    > /class/inpu1
    > [17179609.972000] Backtrace:


    Could you boot with slub_debug kernel parameter?
    --
    To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
    the body of a message to majordomo@vger.kernel.org
    More majordomo info at http://vger.kernel.org/majordomo-info.html
    Please read the FAQ at http://www.tux.org/lkml/

  9. Re: 2.6.28-rc2: USB/INPUT: slab error in cache_alloc_debugcheck_after(): double free?

    On Fri, Oct 31, 2008 at 04:27:48PM +0100, Jiri Kosina wrote:
    > On Fri, 31 Oct 2008, Jeroen Roovers wrote:
    >
    > > > Could you please provide your config? I am still not able to reproduce
    > > > it here. Thanks.

    > > Added to the bug report[1]. The architecture is hppa (parisc).

    >
    > Hmm, so we have just two reports of this corruption, and both of them come
    > from PA-RISC systems. Noone else has reported this, and I haven't been
    > able to reproduce it myself on x86.
    >
    > On the other hand I don't seem to see any commit that went into
    > arch/parisc between .27 and 28-rc1 which could possibly cause this...


    Maybe check drivers/parisc/?
    Long shot but if it's easy to check...

    Any chance this is a big endian vs little endian problem?
    I've found at least one of those in the USB layer before.

    grant
    --
    To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
    the body of a message to majordomo@vger.kernel.org
    More majordomo info at http://vger.kernel.org/majordomo-info.html
    Please read the FAQ at http://www.tux.org/lkml/

+ Reply to Thread