Re: task_struct slab cache use after free in 2.5.66

From: Zwane Mwaikambo (zwane@linuxpower.ca)
Date: Fri Mar 28 2003 - 01:22:18 EST


On Thu, 27 Mar 2003, Zwane Mwaikambo wrote:

> On Thu, 27 Mar 2003, Andrew Morton wrote:
>
> > That's the second report of this. Someone did a put_task_struct against a
> > freed task_struct. I'll cook up a debug patch to trap it. Something like
> > this:
>
> Well there is also the detach_pid bug which suddenly vanished... I'm not
> aware of anyone sending a patch for that (but i can't be certain i havent
> been keeping up with lkml lately). I posted some debug information for
> that one about a week ago:
>
> Pine.LNX.4.50.0303221152460.18911-100000@montezuma.mastecende.com

I thought i was home free after the smp_call_function_interrupt bug :(

detach_pid is back...

Unable to handle kernel paging request at virtual address 6b6b6b6b
 printing eip:
c0134b8c
*pde = 00000000
Oops: 0002 [#1]
CPU: 0
EIP: 0060:[<c0134b8c>] Not tainted
EFLAGS: 00010046
EIP is at detach_pid+0x1c/0xf0
eax: 6b6b6b6b ebx: 6b6b6b6b ecx: 6b6b6b6b edx: c39bc6b0
esi: 00000000 edi: bffff228 ebp: 00000000 esp: c245bf08
ds: 007b es: 007b ss: 0068
Process find (pid: 1892, threadinfo=c245a000 task=c5bd8100)
Stack: c39bc660 00000000 bffff228 00000000 c012391c c39bc660 c0123a0c c39bc660
       c39bc660 c39bcc24 c39bc660 00005608 c01257fb c39bc660 bffff228 bffff228
       c39bc704 c39bc660 c5bd8100 c5bd819c c0125cb1 c39bc660 bffff228 00000000
Call Trace:
 [<c012391c>] __unhash_process+0x10c/0x170
 [<c0123a0c>] release_task+0x8c/0x200
 [<c01257fb>] wait_task_zombie+0x15b/0x1c0
 [<c0125cb1>] sys_wait4+0x241/0x290
 [<c011d110>] default_wake_function+0x0/0x20
 [<c011d110>] default_wake_function+0x0/0x20
 [<c0109497>] syscall_call+0x7/0xb

-- 
function.linuxpower.ca
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/



This archive was generated by hypermail 2b29 : Mon Mar 31 2003 - 22:00:31 EST