Technical Discussion Group Forum

This forum is provided for user discussion. While Beacon EmbeddedWorks support staff and engineers participate, Beacon EmbeddedWorks does not guarantee the accuracy of all information within in the Technical Discussion Group (TDG).

The "Articles" forums provide brief Articles written by Beacon EmbeddedWorks engineers that address the most frequently asked technical questions.

To receive email notifications when updates are posted for a Beacon EmbeddedWorks product download, please subscribe to the TDG Forum of interest.

TDG Forum

PrevPrev Go to previous topic
NextNext Go to next topic
Last Post 04 Jun 2018 09:14 AM by  Adam Ford
 1 Replies
You are not authorized to post a reply.
Author Messages
Matus Hanzes
New Member
New Member

04 Jun 2018 06:14 AM


    I have an application that uses libusb to start an asynchronous interrupt transfer and stops the transfer before it's completed.
    I have been experiencing random crashes in kernel.

    Crashes are caused by musb_host.c:musb_advance_schedule() function where kfree can be called with the same value twice.
    It happens if musb_dma_completion is in progress and libusb_cancel_transfer is called.

    I would like to ask if there is a kernel patch available that would fix this issue.



    I am using DM3730 Torpedo + Wireless SOM and have built 2.4-4 BSP with RT patch. Kernel is set to Fully Preemptible Kernel, and for USB transfer I am using musb otg set to a host mode.

    With kind regards,
    Matus Hanzes

    Adam Ford
    Advanced Member
    Advanced Member

    04 Jun 2018 09:14 AM
    We have not tested the RT Kernel patches, and we're not aware a specific fix, but I looked through 3.2 Long-term-support kernel, and the driver doesn't seem to have undergone a significant change over time.

    I would suggest looking through the patches that happened after "usb: musb: omap: fix the error check for pm_runtime_get_sync"

    I noticed there is a patch that sets a pointer to NULL. I am not exactly sure which function you're seeing the 'free' getting called, but you might consider setting the pointer to NULL after the free to see if that prevents freeing the same space twice.

    There is a patch for fixing an "already free IRQ"

    There is a patch to help fix an issue where modules are loaded and unloaded causing a crash:

    You are not authorized to post a reply.