On Tue, Aug 09, 2005 at 09:09:57AM +1000, Keith Owens wrote: > On Mon, 8 Aug 2005 10:44:04 -0700, > Andrew Morton <[EMAIL PROTECTED]> wrote: > >Sonny Rao <[EMAIL PROTECTED]> wrote: > >> Modules linked in: cpufreq_userspace cpufreq_stats freq_table > >> cpufreq_powersave > >> cpufreq_ondemand cpufreq_conservative ipv6 video thermal processor hotkey > >> fan co > >> ntainer button battery ac nfs lockd sunrpc af_packet tg3 ohci_hcd usbcore > >> generi > >> c serverworks i2c_piix4 i2c_core sworks_agp agpgart pcspkr rtc floppy > >> tsdev dm_m > >> od parport_pc lp parport ide_generic ide_disk ide_cd cdrom ide_core unix > >> CPU: 0 > >> EIP: 0060:[<c01a8bcc>] Not tainted VLI > >> EFLAGS: 00010246 (2.6.13-rc4-mm1) > >> EIP is at sysfs_release+0x4c/0xb0 > >> eax: 762f7373 ebx: 762f7373 ecx: 00000001 edx: ef3c5000 > >> esi: f596a188 edi: f21fecc0 ebp: ef3c5f3c esp: ef3c5f2c > >> ds: 007b es: 007b ss: 0068 > >> Process udev (pid: 11843, threadinfo=ef3c5000 task=ef78e550) > >> Stack: f596a188 00000010 f762d580 c21bc944 ef3c5f68 c0166cea c21bc944 > >> f762d580 > >> 00000000 00000000 c2137980 ec7e9748 f762d580 dcae7300 00000000 > >> ef3c5f78 > >> c0166aeb f762d580 f762d580 ef3c5f94 c01650ab f762d580 dcae7300 > >> dcae7300 > >> Call Trace: > >> [<c010401f>] show_stack+0x7f/0xa0 > >> [<c01041d4>] show_registers+0x164/0x1d0 > >> [<c0104422>] die+0x122/0x1c0 > >> [<c030db1e>] do_page_fault+0x2ce/0x600 > >> [<c0103ccb>] error_code+0x4f/0x54 > >> [<c0166cea>] __fput+0x1da/0x1f0 > >> [<c0166aeb>] fput+0x2b/0x50 > >> [<c01650ab>] filp_close+0x4b/0x80 > >> [<c016514e>] sys_close+0x6e/0x90 > >> [<c010312f>] sysenter_past_esp+0x54/0x75 > >> Code: 85 f6 8b 40 14 8b 58 04 74 08 89 34 24 e8 0d 97 04 00 85 db 74 38 b8 > >> 01 00 > >> 00 00 e8 af 18 f7 ff e8 4a e5 04 00 c1 e0 07 8d 04 18 <ff> 88 00 01 00 00 > >> 83 3b > >> 02 74 49 b8 01 00 00 00 e8 cf 18 f7 ff > >> <6>note: udev[11843] exited with preempt_count 1 > >> Using generic hotkey driver > >> ibm_acpi: acpi_evalf(DHKC, d, ...) failed: 4097 > >> ibm_acpi: `enable,0xffff' invalid for parameter `hotkey' > >> toshiba_acpi: Unknown parameter `hotkeys_over_acpi' > >> apm: BIOS not found. > >> > >> Let me see if I can reproduce this on either 2.6.13-rc4 or 2.6.13-rc6 > >> > >> Machine is an IBM x335 (dual P4), and I'm not using any framebuffer > >> stuff. > >> > > > >Keith, does this look like the use-after-free which you've been hitting? > > It is certainly in the same place, freeing the data that is chained off > sd->s_element. This oops does not show any memory poisoning, but I am > guessing that the kernel was not compiled with slab debugging. On > balance, it looks like the same problem.
You are correct; I didn't have slab debugging on. - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
