On Tue, Apr 03, 2012 at 06:33:43PM +0200, David Sterba wrote:
> On Tue, Apr 03, 2012 at 12:20:23PM -0400, Dave Jones wrote:
> > I see a lot of these ..
> >
> > btrfs: __btrfs_end_transaction -EIO abored=1802201963 (no super error)
>
> 1802201963 == 0x6b6b6b6b
>
> #define POISON_FREE 0x6b /* for use-after-free poisoning */
>
> hmm
wait, what...
535 memset(trans, 0, sizeof(*trans));
536 kmem_cache_free(btrfs_trans_handle_cachep, trans);
537
538 if (throttle)
539 btrfs_run_delayed_iputs(root);
540
541 if (trans->aborted ||
542 root->fs_info->fs_state & BTRFS_SUPER_FLAG_ERROR) {
543 return -EIO;
544 }
that looks like a pretty clear use-after-free.
Dave
--
To unsubscribe from this list: send the line "unsubscribe linux-btrfs" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
