Use-after-free in pte_chain in 2.6.0-test11
From: Petr Vandrovec
Date: Sat Dec 13 2003 - 17:06:46 EST
Hi,
today I get this one while attempting to build new kernel. Running kernel is
2.6.0-test11-c1511 (bk as of 2003-12-05 23:35:35-08:00). Does anybody
have any clue what could happen, or should I start looking for a new
memory modules?
AMD K7/1GHz box, 512MB RAM, no vmmon/vmnet loaded since reboot, gcc-3.3.2
as of last week Debian unstable. Kernel built with all possible memory
debugging enabled...
Unfortunately I have no idea which process did this clone() call, and
whether it succeeded or died.
Thanks,
Petr Vandrovec
vandrove@xxxxxxxxxx
Slab corruption: start=da54d380, expend=da54d3ff, problemat=da54d3fc
Data: ****************************************************************************************************************************6A **A5
Next: 1D 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
slab error in check_poison_obj(): cache `pte_chain': object was modified after freeing
Call Trace:
[<c0152658>] check_poison_obj+0x108/0x190
[<c0166e3c>] pte_chain_alloc+0x3c/0x80
[<c0154813>] kmem_cache_alloc+0x83/0x210
[<c0166e3c>] pte_chain_alloc+0x3c/0x80
[<c015d1b0>] copy_page_range+0x410/0x900
[<c0152579>] check_poison_obj+0x29/0x190
[<c0125c51>] copy_mm+0x571/0x730
[<c0127369>] copy_process+0xcd9/0xee0
[<c0126bc2>] copy_process+0x532/0xee0
[<c01275cc>] do_fork+0x5c/0x1e0
[<c01078d1>] sys_clone+0x41/0x50
[<c0109dab>] syscall_call+0x7/0xb
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/