IDE-related oops in __pollwait()

From: Andrew Morton (
Date: Sat Apr 29 2000 - 10:44:27 EST

The IDE DMA timeout to which my previous email refers invariably results
in an oops in __pollwait due to a corrupted poll_table. All recent
development kernels, x86.

The process is 'syslogd'.

void __pollwait(struct file * filp, wait_queue_head_t * wait_address,
poll_table *p)
  for (;;)
    if (p->nr < __MAX_POLL_TABLE_ENTRIES) {

Right here, 'p' is 0xffffffff.

On entry to __pollwait:

        p = 0xc00ea000
        p->entry = 0xffffffff
        p->next = 0xffffffff
        p->nr = -1;

so we go once round the loop and then dereference (poll_table *)-1.

One thing I have noticed about this misbegotten, crappy, woeful piece of
junk is that it likes to write 4k blocks of 0xff's into files on 4k
boundaries. Quite regularly, even when using PIO mode.

So a page of 0xff's is the common link. Can anyone propose a model for
what's going on here? Bear in mind that the above happens 100% of the
time when the IDE DMA timeout occurs.


- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to Please read the FAQ at

This archive was generated by hypermail 2b29 : Sun Apr 30 2000 - 21:00:16 EST