Re: aic7(censored) use after free in 2.5.66

Andrew Morton (akpm@digeo.com)
Mon, 31 Mar 2003 23:22:27 -0800

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Chris Wright: "[ANNOUNCE] 2.5.66-lsm1"
Previous message: Martin J. Bligh: "Re: Convert APIC to driver model: now it works with SMP"
Next in thread: Zwane Mwaikambo: "Re: aic7(censored) use after free in 2.5.66"
Reply: Zwane Mwaikambo: "Re: aic7(censored) use after free in 2.5.66"

Zwane Mwaikambo <zwane@linuxpower.ca> wrote:
>
> > Slab corruption: start=f7d66248, expend=f7d662c7, problemat=f7d662ac
> > Last user: [<c024f0b7>](ahc_linux_free_device+0x27/0x60)
> > Data:
>
> This probably wants; Or if we can sleep in all the paths, a
> synchronize_kernel after del_timer should suffice.

Yes, but no.

The corruption was at offset 52 decimal into struct ahc_linux_device.
Without knowing your config it is hard for me to work out what you have at
that offset. Rebuild your kernel with -g and do:

(gdb) p/d &(((struct ahc_linux_device *)0)->maxtags)

until you find which member is at offset 52.

Something incremented that field by one after it was freed.

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Chris Wright: "[ANNOUNCE] 2.5.66-lsm1"
Previous message: Martin J. Bligh: "Re: Convert APIC to driver model: now it works with SMP"
Next in thread: Zwane Mwaikambo: "Re: aic7(censored) use after free in 2.5.66"
Reply: Zwane Mwaikambo: "Re: aic7(censored) use after free in 2.5.66"