The IDE DMA timeout to which my previous email refers invariably results
in an oops in __pollwait due to a corrupted poll_table. All recent
development kernels, x86.
The process is 'syslogd'.
void __pollwait(struct file * filp, wait_queue_head_t * wait_address,
poll_table *p)
{
for (;;)
{
if (p->nr < __MAX_POLL_TABLE_ENTRIES) {
^^^
Right here, 'p' is 0xffffffff.
On entry to __pollwait:
p = 0xc00ea000
p->entry = 0xffffffff
p->next = 0xffffffff
p->nr = -1;
so we go once round the loop and then dereference (poll_table *)-1.
One thing I have noticed about this misbegotten, crappy, woeful piece of
junk is that it likes to write 4k blocks of 0xff's into files on 4k
boundaries. Quite regularly, even when using PIO mode.
So a page of 0xff's is the common link. Can anyone propose a model for
what's going on here? Bear in mind that the above happens 100% of the
time when the IDE DMA timeout occurs.
-- -akpm-- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.rutgers.edu Please read the FAQ at http://www.tux.org/lkml/
This archive was generated by hypermail 2b29 : Sun Apr 30 2000 - 21:00:16 EST