Re: 2.6.26-rc4: RIP __call_for_each_cic+0x20/0x50

From: Paul E. McKenney
Date: Thu Jun 05 2008 - 00:24:59 EST

Next message: Chris Wright: "Re: kvm: unable to handle kernel NULL pointer dereference"
Previous message: Johannes Weiner: "Re: [PATCH -mm 11/14] bootmem: respect goal more likely"
In reply to: Linus Torvalds: "Re: 2.6.26-rc4: RIP __call_for_each_cic+0x20/0x50"
Next in thread: Paul E. McKenney: "Re: 2.6.26-rc4: RIP __call_for_each_cic+0x20/0x50"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Wed, Jun 04, 2008 at 11:32:03AM -0700, Linus Torvalds wrote:
>
>
> On Tue, 3 Jun 2008, Paul E. McKenney wrote:
> >
> > The fact that put_io_context() was called from exit_io_context() means
> > that this is the last thread of a process exiting. The fact that
> > cfq_free_io_context() was called (via cfq_dtor()) from put_io_context()
> > means that this was the last reference to the io_context. Yet when
> > we traverse the cic_list, part of it is corrupted -- ascii "k"s through
> > RAX and RBX.
>
> The "ascii 'k's" are just the slab POISON_FREE byte (0x6b).
>
> IOW, something simply kfree'd the memory too early, causing the list
> traversal to then break.

Hence the CFQ code perhaps just an innocent bystander in the wrong place
at the wrong time. Fair enough!

Thanx, Paul
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Chris Wright: "Re: kvm: unable to handle kernel NULL pointer dereference"
Previous message: Johannes Weiner: "Re: [PATCH -mm 11/14] bootmem: respect goal more likely"
In reply to: Linus Torvalds: "Re: 2.6.26-rc4: RIP __call_for_each_cic+0x20/0x50"
Next in thread: Paul E. McKenney: "Re: 2.6.26-rc4: RIP __call_for_each_cic+0x20/0x50"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]