On Sat, Feb 19, 2005 at 02:41:47PM -0800, Andrew Morton wrote:
> Dave Jones <[EMAIL PROTECTED]> wrote:
> >
> > (This has actually been there for a while, but I only
> > noticed it in dmesg this morning).
> > During boot on a dual em64t I see ..
> >
> > scsi2 : ata_piix
> > isa bounce pool size: 16 pages
> > slab error in cache_free_debugcheck(): cache `size-2048': double free, or
> > memory outside object was overwritten
> >
> > Call Trace:<ffffffff80163448>{cache_free_debugcheck+392}
> > <ffffffff801646aa>{kfree+234}
> > <ffffffff88065189>{:libata:ata_pci_init_one+937}
> > <ffffffff801fe9ea>{pci_bus_read_config_word+122}
> > <ffffffff880707f2>{:ata_piix:piix_init_one+498}
> > <ffffffff80202926>{pci_device_probe+134}
> > <ffffffff802691ad>{driver_probe_device+77}
> > <ffffffff802692cb>{driver_attach+75}
> > <ffffffff802696c9>{bus_add_driver+169}
> > <ffffffff802025e3>{pci_register_driver+131}
> > <ffffffff88074010>{:ata_piix:piix_init+16}
> > <ffffffff80152c58>{sys_init_module+344}
> > <ffffffff8010e52a>{system_call+126}
> > ffff81011e49f4a0: redzone 1: 0x5a2cf071, redzone 2: 0x5a2cf071.
> >
>
> It's plain to see how ata_pci_init_one() will free `probe_ent' twice. Jeff
> wanna fix that up please? A naive fix would be
I'll take a look at it tomorrow when I get back home; it's not that
simple, as if you look through BK history, you'll see an almost reverse
patch applied, to fix another double-kfree (author: zaitcev).
Jeff
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to [EMAIL PROTECTED]
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
