Re: 2.4.4 del_timer_sync oops in schedule_timeout

Andrew Morton (andrewm@uow.edu.au)
Mon, 21 May 2001 11:53:41 +1000


Ingo Molnar wrote:
>
> On Sat, 19 May 2001, Jacob Luna Lundberg wrote:
>
> > This is 2.4.4 with the aic7xxx driver version 6.1.13 dropped in.
>
> > Unable to handle kernel paging request at virtual address 78626970
>
> this appears to be some sort of DMA-corruption or other memory scribble
> problem. hexa 78626970 is ASCII "pibx", which shows in the direction of
> some sort of disk-related DMA corruption.

It could be timer-list corruption. Someone released some memory
which had a live timer in it. The memory got recycled and then
the timer list traversal fell over it.

There was a convincing report of this a few weeks back on a
system which didn't have any unusual drivers in it. It was
inconclusive. That system was SMP, so it could have been a
timer deletion race.

This bug is so damn hard to track down that it may be worth
putting some special walk-the-timer-lists code inside
kfree()+SLAB_POISON.

-
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/