Re: Fw: List corruption and crash with kernel 3.1
From: Anton Vorontsov
Date: Thu Oct 13 2011 - 11:50:10 EST
Resend, add proper Cc's.
On Wed, Oct 12, 2011 at 10:16:08AM +0100, Richard Purdie wrote:
> On Tue, 2011-10-11 at 16:25 -0700, Andrew Morton wrote:
> > erk, help, who do I blame for this?
>
> [...]
>
> > WARNING: at lib/list_debug.c:47 __list_del_entry+0x8d/0x98()
> > Hardware name: Latitude E4200
> > list_del corruption, ffff880075e147b0->next is LIST_POISON1 (dead000000100100)
> [...]
> > [<ffffffff81243861>] __list_del_entry+0x8d/0x98
> > [<ffffffff8124387a>] list_del+0xe/0x2d
> > [<ffffffff813a7e55>] led_trigger_unregister+0x29/0x9c
> > [<ffffffff813a7ee1>] led_trigger_unregister_simple+0x19/0x26
> > [<ffffffff813828e2>] power_supply_remove_triggers+0x21/0x8f
> > [<ffffffff81381d42>] power_supply_unregister+0x1f/0x2c
> > [<ffffffff812a7d1f>] sysfs_remove_battery+0x3c/0x54
> > [<ffffffff812a8c4d>] acpi_battery_notify+0x46/0xaa
>
> As far as I know (and can see from the changelogs), the LED trigger
> registration code hasn't changed in a long time.
> led_trigger_unregister_simple() and led_trigger_unregister() are
> relatively simple functions and looking at the latter, the list_del
> causing this is fairly clear.
>
> What puzzles me is that led_trigger_unregister_simple() wouldn't call
> led_trigger_unregister() twice for the same trigger as it frees the
> memory.
>
> However, if that function were called multiple times in parallel with
> the same trigger, I can imagine it racing.
>
> My thought is therefore is something in the power_supply* code calling
> this function multiple times and a race?
I wonder if that patch helps:
https://lkml.org/lkml/2011/7/12/242
The traces are pretty similar.
Thanks,
--
Anton Vorontsov
Email: cbouatmailru@xxxxxxxxx
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/