Yes. All it takes is this:
handler(foo)
{
stuff();
mod_timer(&foo->timer, whenever);
}
mainline()
{
del_timer(&foo->timer);
kfree(foo);
}
If the handler and mainline run at the same time
we will add a timer which is in freed memory. Later,
someone reuses that memory and changes it. The timer
list is corrupted.
Problem is, it seems that your machine is using
IPV4, TCP, IDE, netfilter and nothing else. Those
parts of the kernel don't have the above bug (well,
they didn't mid last year).
One really, really useful piece of information would
be the value of the `function' member of the corrupted
timer. Your debug code prints this out. Do you still
have the logs?
Was it ever non-zero?
If so, what function was it pointing at?
-
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/