lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:	Mon, 29 Sep 2008 22:21:28 -0700
From:	"Justin Mattock" <justinmattock@...il.com>
To:	"Marcel Holtmann" <marcel@...tmann.org>
Cc:	"Rabin Vincent" <rabin@....in>,
	"Linux Kernel Mailing List" <linux-kernel@...r.kernel.org>,
	linux-bluetooth@...r.kernel.org
Subject: Re: BUG kmalloc-16: Object already free

On Mon, Sep 29, 2008 at 4:47 PM, Marcel Holtmann <marcel@...tmann.org> wrote:
> Hi Rabin,
>
>> > After frying my system, I'm finally up and
>> > running. Not sure if this was due to a git-pull
>> > (only be a few days since the last pull), or what:
>> > when waking from suspend I see this
>> > (I know it says tainted in it, so this will be the only noise you'll
>> > here from me on this);
>> >
>> > [  274.327003] =============================================================================
>> > [  274.327528] BUG kmalloc-16: Object already free
>> > [  274.327877] -----------------------------------------------------------------------------
>> > [  274.327879]
>> > [  274.327890] INFO: Allocated in btusb_open+0x82/0x16f [btusb] age=0
>> > cpu=1 pid=3763
>> > [  274.327899] INFO: Freed in btusb_open+0x13d/0x16f [btusb] age=0
>> > cpu=1 pid=3763
>> > [  274.327905] INFO: Slab 0xc139a100 objects=64 used=62 fp=0xdcd08100
>> > flags=0x400000c3
>>
>> There's a commit in the latest git which looks like it will solve the
>> btusb suspend/resume issues: 5fbcd260.. ("[Bluetooth] Fix USB disconnect
>> handling of btusb driver").
>>
>> Marcel / linux-bluetooth, I think this double free is a separate issue
>> with the error handling, and the following patch should fix it.
>>
>> ---
>> From: Rabin Vincent <rabin@....in>
>> Subject: [PATCH] btusb, bpa10x: fix double frees on error paths
>>
>> Justin Mattock reported this double free in btusb:
>>
>>   BUG kmalloc-16: Object already free
>>   -----------------------------------------------------------------------------
>>
>>   INFO: Allocated in btusb_open+0x82/0x16f [btusb] age=3D0 cpu=3D1 pid=3D3763
>>   INFO: Freed in btusb_open+0x13d/0x16f [btusb] age=3D0 cpu=3D1 pid=3D3763
>>
>> This occurs because the urb's transfer buffer is being freed separately
>> in the error path even though the URB_FREE_BUFFER transfer_flag is set
>> on the urb.
>>
>> There are similar cases elsewhere in btusb and in bpa10x.  Fix all of
>> them by removing the additional kfree()'s.
>
> I haven't verified it yet, but it looks like a good catch. Let me double
> check this on my test machine. Weird that we never noticed this before
> since I have been using the btusb driver for a very long time now.
>
> Regards
>
> Marcel
>
>
>

This was the first time I've seen this,
I can apply the patch myself, but first
I need to figure why dbus can be such a bitch : )
Need to figure out how to write dbus rules(if this is the case)
keep getting the permissions denied crap.

-- 
Justin P. Mattock
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ