Re: 2.6.26-rc4: RIP __call_for_each_cic+0x20/0x50

From: Linus Torvalds
Date: Wed Jun 04 2008 - 14:33:01 EST

Next message: Bernhard Fischer: "Re: [PATCH] console - Add configurable support for console charsettranslation"
Previous message: Andrew Morton: "Re: [PATCH 1/5] jbd: strictly check for write errors on databuffers"
In reply to: Paul E. McKenney: "Re: 2.6.26-rc4: RIP __call_for_each_cic+0x20/0x50"
Next in thread: Paul E. McKenney: "Re: 2.6.26-rc4: RIP __call_for_each_cic+0x20/0x50"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Tue, 3 Jun 2008, Paul E. McKenney wrote:
>
> The fact that put_io_context() was called from exit_io_context() means
> that this is the last thread of a process exiting. The fact that
> cfq_free_io_context() was called (via cfq_dtor()) from put_io_context()
> means that this was the last reference to the io_context. Yet when
> we traverse the cic_list, part of it is corrupted -- ascii "k"s through
> RAX and RBX.

The "ascii 'k's" are just the slab POISON_FREE byte (0x6b).

IOW, something simply kfree'd the memory too early, causing the list
traversal to then break.

Linus
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Bernhard Fischer: "Re: [PATCH] console - Add configurable support for console charsettranslation"
Previous message: Andrew Morton: "Re: [PATCH 1/5] jbd: strictly check for write errors on databuffers"
In reply to: Paul E. McKenney: "Re: 2.6.26-rc4: RIP __call_for_each_cic+0x20/0x50"
Next in thread: Paul E. McKenney: "Re: 2.6.26-rc4: RIP __call_for_each_cic+0x20/0x50"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]