UBI leb_write_unlock NULL pointer Oops (continuation)

[Wojciech Nizinski]

On 03.02.2014 09:51, Wiedemer, Thorsten (Lawo AG) wrote:
> Hi list,
>
> in July, 2013, a thread named "UBI leb_write_unlock NULL pointer Oops" was started, but not resolved.
> We have kernel 3.6.11 running on an Freescale i.MX257 (arm926) with UBIFS on a NAND Flash.
> I run into the same problem. Is there a solution for this problem ?
>
> I already added the patches:
> - 605c912bb843c024b1ed173dc427cd5c08e5d54d UBIFS: fix a horrid bug
> - 33f1a63ae84dfd9ad298cf275b8f1887043ced36 UBIFS: prepare to fix a horrid bug
> But this doesn't resolve the problem.
>
> If necessary, I will provide further information about our system, but perhaps someone can give me a hint where I can find the solution if it exists already.
>

Hello!
Last time I met with the same problem on ARM926 based platform and 
Kernel 3.10.88. After applying all hints from this thread I found that 
usb driver (dwc_otg) was corrupting memory by writing into previously 
freed memory.

Bug was detected using kernel settings:
CONFIG_SLUB_DEBUG=y
CONFIG_SLUB=y
CONFIG_SLUB_DEBUG_ON=y

Which immediately gives nice result:
"BUG kmalloc-64 (Tainted: G           O): Poison overwritten"

Good for me, the same USB driver is used on Raspberry Pi and problem was 
fixed: "[PATCH 042/680] dwc_otg: fix bug in dwc_otg_hcd.c resulting in 
silent kernel memory corruption, escalating to OOPS under high USB load."