[Crash-utility] [PATCH]: double free in trace extension

Hi Dave and other list readers, First, just like some other contributors, I've come across an issue triggered by a dump being corrupt. In my case it's this code in kernel.c:cpu_maps_init(): if (*maskptr & (0x1UL << c)) { cpu = (i * BITS_PER_LONG) + c; kt->cpu_flags[cpu] |= mapinfo[m].cpu_flag; } The mask is corrupt, making Crash believe there are more CPU's than the four we have allocated space for in kernel.c:kernel_init. How do you think this should be handled? Second, I believe there is a double free in the trace extension. When ftrace_init_pages() fails it will free cpu_buffer->pages and cpu_buffer->linear_pages But when ftrace_init_pages() fails, ftrace_init_buffers() will call ftrace_destroy_buffers() which also free's this space. For me this resulted in a segfault in a malloc() a little later. Regards, Per