[prev in list] [next in list] [prev in thread] [next in thread]
List: linux-arm-kernel
Subject: Re: Machine still alive after panic
From: Russell King - ARM Linux <linux () arm ! linux ! org ! uk>
Date: 2004-12-31 0:42:18
Message-ID: 20041231004218.D15087 () flint ! arm ! linux ! org ! uk
[Download RAW message or body]
On Thu, Dec 30, 2004 at 05:35:39PM -0700, Vivek Mahajan wrote:
> > > Hi Russell,
> > >
> > > No, I have not seen this use-after-free bug without the iSCSI module loaded.
> >
> > Do you have any other example slab poisoning reports?
>
> Thanks Russell for your consistent feedback. This is the dump of
> another slab poisoning which occured when I unloaded the iSCSI module.
>
> Slab corruption: start=cdcf4610, len=32
> Redzone: 0x5a2cf071/0x5a2cf071.
> Last user: [<bf01ee50>](0xbf01ee50)
> 000: 13 00 00 60 00 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b
Whatever freed this slab object was a module which is no longer loaded.
This module freed the object and then wrote to the freed memory.
> Prev obj: start=cdcf45e4, len=32
> Redzone: 0x5a2cf071/0x5a2cf071.
> Last user: [<c0093f60>](cache_reap+0x17c/0x200)
> 000: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b
> 010: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b a5
> Next obj: start=cdcf463c, len=32
> Redzone: 0x5a2cf071/0x5a2cf071.
> Last user: [<bf01f0a8>](0xbf01f0a8)
> 000: 00 00 00 00 40 46 cf cd 40 46 cf cd 6b 6b 6b 6b
> 010: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b a5
> Slab corruption: start=cdcf463c, len=32
> Redzone: 0x5a2cf071/0x5a2cf071.
> Last user: [<bf01f0a8>](0xbf01f0a8)
> 000: 00 00 00 00 40 46 cf cd 40 46 cf cd 6b 6b 6b 6b
This is the same story. I suggest an audit of the iSCSI module with
respect to any possible accesses to memory which has been freed.
-------------------------------------------------------------------
Subscription options: http://lists.arm.linux.org.uk/mailman/listinfo/linux-arm-kernel
FAQ: http://www.arm.linux.org.uk/armlinux/mlfaq.php
Etiquette: http://www.arm.linux.org.uk/armlinux/mletiquette.php
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic