On 2012.08.07 08:30, sebasti...@gmx-topmail.de wrote:
Please see the attached file with a new backtrace of the segmentation
fault. The file contains all of the commands you told me to execute
last week.
Thanks for the report.
Did you get the impression that crash happened sooner than the previous
ones this time around, or what is about the same?
Of course, since we haven't fixed anything at this stage, the backtrace
analysis shows what we already knew, in that we're crashing because
we're trying to add a new element to a transfer list that contains a
single element with its prev/next pointers unexpectedly set to NULL.
Still can't figure out how we can end up with NULL prev/next when we
should have a solid mutex and with list_add calls that should leave
those properly set, so I guess the next step is to add some instrumentation.
Could you try applying the attached patch, that also contains the
potential workaround against double deletion on BUSY that I mentioned
last week, and let us know what happens? You should be able to use "git
apply add-instrumentation-for-next-prev-avoid-transfer-del.patch" to do so.
The patch should log libusbx errors if it detects NULL prev/next, which
will hopefully give us further hints as to what is going on.
Regards,
/Pete
>From d99cc4ef54806d93084c6cdda7ebf3aa2b5a4d0c Mon Sep 17 00:00:00 2001
From: Pete Batard <p...@akeo.ie>
Date: Tue, 7 Aug 2012 11:26:57 +0100
Subject: [PATCH] add instrumentation for next/prev + avoid transfer del on
BUSY
---
libusb/io.c | 11 ++++++++++-
1 file changed, 10 insertions(+), 1 deletion(-)
diff --git a/libusb/io.c b/libusb/io.c
index e6d4132..b0da65d 100644
--- a/libusb/io.c
+++ b/libusb/io.c
@@ -1166,12 +1166,16 @@ static int add_to_flying_list(struct usbi_transfer
*transfer)
/* if we have no other flying transfers, start the list with this one */
if (list_empty(&ctx->flying_transfers)) {
list_add(&transfer->list, &ctx->flying_transfers);
+ if ((&transfer->list.next == NULL) || (&transfer->list.prev ==
NULL))
+ usbi_err(ctx, "next/prev is NULL on empty list add");
goto out;
}
/* if we have infinite timeout, append to end of list */
if (!timerisset(timeout)) {
list_add_tail(&transfer->list, &ctx->flying_transfers);
+ if ((&transfer->list.next == NULL) || (&transfer->list.prev ==
NULL))
+ usbi_err(ctx, "next/prev is NULL on infinite timeout
add");
/* first is irrelevant in this case */
goto out;
}
@@ -1185,6 +1189,8 @@ static int add_to_flying_list(struct usbi_transfer
*transfer)
(cur_tv->tv_sec == timeout->tv_sec &&
cur_tv->tv_usec > timeout->tv_usec)) {
list_add_tail(&transfer->list, &cur->list);
+ if ((&transfer->list.next == NULL) ||
(&transfer->list.prev == NULL))
+ usbi_err(ctx, "next/prev is NULL on list add
(middle)");
goto out;
}
first = 0;
@@ -1193,6 +1199,9 @@ static int add_to_flying_list(struct usbi_transfer
*transfer)
/* otherwise we need to be inserted at the end */
list_add_tail(&transfer->list, &ctx->flying_transfers);
+ if ((&transfer->list.next == NULL) || (&transfer->list.prev == NULL))
+ usbi_err(ctx, "next/prev is NULL on list add (end)");
+
out:
#ifdef USBI_TIMERFD_AVAILABLE
if (first && usbi_using_timerfd(ctx) && timerisset(timeout)) {
@@ -1378,7 +1387,7 @@ int API_EXPORTED libusb_submit_transfer(struct
libusb_transfer *transfer)
if (r)
goto out;
r = usbi_backend->submit_transfer(itransfer);
- if (r) {
+ if ((r) && (r != LIBUSB_ERROR_BUSY)) {
usbi_mutex_lock(&ctx->flying_transfers_lock);
list_del(&itransfer->list);
arm_timerfd_for_next_timeout(ctx);
--
1.7.11.msysgit.0
------------------------------------------------------------------------------
Live Security Virtual Conference
Exclusive live event will cover all the ways today's security and
threat landscape has changed and how IT managers can respond. Discussions
will include endpoint security, mobile security and the latest in malware
threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
_______________________________________________
libusbx-devel mailing list
libusbx-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/libusbx-devel
