Re: BUG kmalloc-64: Object already free

[Justin Mattock]

On Thu, Aug 7, 2008 at 2:19 PM, Andrew Morton <akpm@xxxxxxxxxxxxxxxxxxxx> wrote:
> On Wed, 6 Aug 2008 14:21:08 -0700
> "Justin Mattock" <justinmattock@xxxxxxxxx> wrote:
>
>> I must be honest, 2.6.27-rc1-00156-g94ad374
>> has made me entirely lazy with wanting to add any patches
>> or taking anything out... but I guess I'll have to pull
>> and add a patch that was sent to me yesterday.
>> upon booting I saw this for the first time with isight: <dmesg below>
>>
>
> hrmpf.  Rafael went and assigned this to me.
>
>> [   12.017890] hub 5-0:1.0: 8 ports detected
>> [   12.067187] =============================================================================
>> [   12.067875] BUG kmalloc-64: Object already free
>> [   12.067875] -----------------------------------------------------------------------------
>> [   12.067875]
>> [   12.067875] INFO: Allocated in isight_firmware_load+0x23/0x1ef
>> [isight_firmware] age=54 cpu=0 pid=1548
>> [   12.067875] INFO: Freed in isight_firmware_load+0x1c2/0x1ef
>> [isight_firmware] age=0 cpu=0 pid=1548
>> [   12.067875] INFO: Slab 0xc169b1e0 objects=36 used=35 fp=0xf4d8f540
>> flags=0x400000c3
>> [   12.067875] INFO: Object 0xf4d8f540 @offset=1344 fp=0x00000000
>> [   12.067875]
>> [   12.067875] Bytes b4 0xf4d8f530:  00 00 00 00 00 00 00 00 5a 5a 5a
>> 5a 5a 5a 5a 5a ........ZZZZZZZZ
>> [   12.067875]   Object 0xf4d8f540:  6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b
>> 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk
>> [   12.067875]   Object 0xf4d8f550:  6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b
>> 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk
>> [   12.067875]   Object 0xf4d8f560:  6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b
>> 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk
>> [   12.067875]   Object 0xf4d8f570:  6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b
>> 6b 6b 6b 6b a5 kkkkkkkkkkkkkkk__
>> [   12.067875]  Redzone 0xf4d8f580:  bb bb bb bb
>>               ________
>> [   12.067875]  Padding 0xf4d8f5a8:  5a 5a 5a 5a 5a 5a 5a 5a
>>               ZZZZZZZZ
>> [   12.067875] Pid: 1548, comm: modprobe Tainted: P
>> 2.6.27-rc1-00156-g94ad374 #5
>> [   12.067875]  [<c0170a6f>] print_trailer+0xd4/0xdc
>> [   12.067875]  [<c0170b2f>] object_err+0x25/0x30
>> [   12.067875]  [<c0171388>] __slab_free+0x1b9/0x279
>> [   12.067875]  [<c0171ad9>] kfree+0xa3/0xb9
>> [   12.067875]  [<f8be01e1>] ? isight_firmware_load+0x1dc/0x1ef
>> [isight_firmware]
>> [   12.067875]  [<f8be01e1>] ? isight_firmware_load+0x1dc/0x1ef
>> [isight_firmware]
>> [   12.067875]  [<f8be01e1>] isight_firmware_load+0x1dc/0x1ef [isight_firmware]
>> [   12.067875]  [<c02ced3b>] usb_probe_interface+0xbd/0xf2
>> [   12.067875]  [<c0284638>] driver_probe_device+0xb8/0x133
>> [   12.067875]  [<c02846f0>] __driver_attach+0x3d/0x5f
>> [   12.067875]  [<c0283e5c>] bus_for_each_dev+0x37/0x5c
>> [   12.067875]  [<c02844b7>] driver_attach+0x14/0x16
>> [   12.067875]  [<c02846b3>] ? __driver_attach+0x0/0x5f
>> [   12.067875]  [<c02841f7>] bus_add_driver+0x93/0x1bc
>> [   12.067875]  [<c028486b>] driver_register+0x71/0xcc
>> [   12.067875]  [<c02ce6cf>] usb_register_driver+0x71/0xcb
>> [   12.067875]  [<f8be2017>] isight_firmware_init+0x17/0x19 [isight_firmware]
>> [   12.067875]  [<c0142f25>] sys_init_module+0x163f/0x17ae
>> [   12.067875]  [<c01171e6>] ? kmap_atomic_prot+0x1a8/0x1d5
>> [   12.067875]  [<c0153d77>] ? unlock_page+0x25/0x28
>> [   12.067875]  [<c0102f9a>] syscall_call+0x7/0xb
>> [   12.067875]  =======================
>> [   12.067875] FIX kmalloc-64: Object at 0xf4d8f540 not freed
>
> But fortunately Parag already fixed it, so I'll merge his fix in my
> next batch to Linus.
>
>
>
> From: "Parag Warudkar" <parag.warudkar@xxxxxxxxx>
>
> Signed-off-by: Parag Warudkar <parag.warudkar@xxxxxxxxx>
> Signed-off-by: Andrew Morton <akpm@xxxxxxxxxxxxxxxxxxxx>
> ---
>
>  drivers/usb/misc/isight_firmware.c |    4 ++--
>  1 file changed, 2 insertions(+), 2 deletions(-)
>
> diff -puN drivers/usb/misc/isight_firmware.c~isight_firmware-fix-a-leak-and-double-kfree drivers/usb/misc/isight_firmware.c
> --- a/drivers/usb/misc/isight_firmware.c~isight_firmware-fix-a-leak-and-double-kfree
> +++ a/drivers/usb/misc/isight_firmware.c
> @@ -48,7 +48,8 @@ static int isight_firmware_load(struct u
>
>        if (request_firmware(&firmware, "isight.fw", &dev->dev) != 0) {
>                printk(KERN_ERR "Unable to load isight firmware\n");
> -               return -ENODEV;
> +               ret = -ENODEV;
> +               goto out;
>        }
>
>        ptr = firmware->data;
> @@ -91,7 +92,6 @@ static int isight_firmware_load(struct u
>                             buf, llen, 300) != llen) {
>                                printk(KERN_ERR
>                                       "Failed to load isight firmware\n");
> -                               kfree(buf);
>                                ret = -ENODEV;
>                                goto out;
>                        }
> _
>
>

Cool.

-- 
Justin P. Mattock
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/