Multiple free during oprofile unload

From: Chuck Ebbert
Date: Fri May 25 2007 - 11:00:59 EST

Next message: Jeremy Fitzhardinge: "Extending boot protocol & bzImage for paravirt_ops"
Previous message: Michael Buesch: "Re: BUG in 2.6.22-rc2-mm1: NIC module b44.c broken (Broadcom 4400)"
Next in thread: Andi Kleen: "Re: Multiple free during oprofile unload"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

After applying:

http://git.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=6c977aad03a18019015035958c65b6729cd0574c

i386: Fix K8/core2 oprofile on multiple CPUs

We are seeing multiple free of the same object during oprofile shutdown.

May 25 07:02:56 vt kernel: oprofile: using NMI interrupt.
May 25 07:06:41 vt kernel: slab error in verify_redzone_free(): cache `size-32':
double free detected
May 25 07:06:41 vt kernel:
May 25 07:06:41 vt kernel: Call Trace:
May 25 07:06:41 vt kernel: [<ffffffff802d93e9>] __slab_error+0x24/0x26
May 25 07:06:41 vt kernel: [<ffffffff80231fcc>] cache_free_debugcheck+0x110/0x222
May 25 07:06:41 vt kernel: [<ffffffff8845dbd5>] :oprofile:free_msrs+0x28/0x66
May 25 07:06:41 vt kernel: [<ffffffff8020b28d>] kfree+0xd7/0x27e
May 25 07:06:41 vt kernel: [<ffffffff8845dbd5>] :oprofile:free_msrs+0x28/0x66
May 25 07:06:41 vt kernel: [<ffffffff8845dc47>] :oprofile:nmi_shutdown+0x34/0x36
May 25 07:06:41 vt kernel: [<ffffffff8845c070>]
:oprofile:oprofile_shutdown+0x23/0x46
May 25 07:06:41 vt kernel: [<ffffffff8845cdf6>]
:oprofile:event_buffer_release+0x16/0x46
May 25 07:06:41 vt kernel: [<ffffffff8021237d>] __fput+0xca/0x190
May 25 07:06:41 vt kernel: [<ffffffff8022d9a7>] fput+0x14/0x16
May 25 07:06:41 vt kernel: [<ffffffff80224656>] filp_close+0x66/0x71
May 25 07:06:41 vt kernel: [<ffffffff80239632>] put_files_struct+0x6d/0xc0
May 25 07:06:41 vt kernel: [<ffffffff80215126>] do_exit+0x296/0x80d
May 25 07:06:41 vt kernel: [<ffffffff80248600>] debug_mutex_init+0x0/0x45
May 25 07:06:41 vt kernel: [<ffffffff8024c115>] sys_exit_group+0x12/0x14
May 25 07:06:41 vt kernel: [<ffffffff8025c11e>] system_call+0x7e/0x83

for_each_possible_cpu(i) {
kfree(cpu_msrs[i].counters);
cpu_msrs[i].counters = NULL;
kfree(cpu_msrs[i].controls);
cpu_msrs[i].controls = NULL;
}

Seems the patch makes all the cpu_msrs[] point to the same area?
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Jeremy Fitzhardinge: "Extending boot protocol & bzImage for paravirt_ops"
Previous message: Michael Buesch: "Re: BUG in 2.6.22-rc2-mm1: NIC module b44.c broken (Broadcom 4400)"
Next in thread: Andi Kleen: "Re: Multiple free during oprofile unload"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]