linux-kernel.vger.kernel.org archive mirror
 help / color / mirror / Atom feed
From: Linus Torvalds <torvalds@osdl.org>
To: Rafal Skoczylas <nils@secprog.org>
Cc: Kernel Mailing List <linux-kernel@vger.kernel.org>,
	William Lee Irwin III <wli@holomorphy.com>
Subject: Re: 2.6.test11 bug
Date: Sun, 7 Dec 2003 21:17:35 -0800 (PST)	[thread overview]
Message-ID: <Pine.LNX.4.58.0312072100250.13236@home.osdl.org> (raw)
In-Reply-To: <20031208034631.GA14081@secprog.org>



On Mon, 8 Dec 2003, Rafal Skoczylas wrote:
>
> --- But sometimes it get things like this:
>
> Unable to handle kernel paging request at virtual address 5a85fb5c
>  printing eip:
> c011e6c4
> *pde = 00000000
> Oops: 0002 [#1]
> CPU:    0
> EIP:    0060:[remove_wait_queue+36/112]    Not tainted
> EFLAGS: 00010002
> EIP is at remove_wait_queue+0x24/0x70
> eax: defb4000   ebx: da85fb58   ecx: 5a85fb58   edx: db0468b0
> esi: db0468bc   edi: 00000292   ebp: defb5fa0   esp: defb5f58
> Trace:
>  [poll_freewait+36/80] poll_freewait+0x24/0x50
>  [sys_poll+581/656] sys_poll+0x245/0x290
>  [__pollwait+0/208] __pollwait+0x0/0xd0
>  [syscall_call+7/11] syscall_call+0x7/0xb

Ahh.. Btw, this looks like a single-bit error.

In particular, this is "list_del()" in remove_wait_queue(), and it's
list_del() on a list that usually only has a single entry (ie a wait
queue). In particular, it's the "prev->next = next" part, where "prev" is
5a85fb58 and next is da85fb58.

Now, with a single entry, prev and next _should_ be the same (they both
point to the head). And they are - except for a single bit error. The
difference is the high bit of the word. Interesting.

You get an oops because that 5a85fb58 _should_ be da85fb58. Notice?

> If there is any important information missing, feel free to ask.

It could be bad memory. We even know the address that is bad: it's
(%esi+4), ie bit 31 of the word at physical address 0x1b0468f0.

However, if you don't see random SIGSEGV's while compiling etc issues, it
doesnt' sound like flaky RAM.

I'm wondering if there is some bit operation out there somewhere with a
wild pointer?

Rafal - how consistent is the second form of the oops? Have you seen that
trace more than once? Might it actually be "poll()" itself that has some
bad behaviour?

			Linus

  parent reply	other threads:[~2003-12-08  5:17 UTC|newest]

Thread overview: 11+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2003-12-08  3:46 2.6.test11 bug Rafal Skoczylas
2003-12-08  4:17 ` William Lee Irwin III
2003-12-08  5:17 ` Linus Torvalds [this message]
2003-12-08  9:02   ` Xavier Bestel
2003-12-08 16:27   ` Rafal Skoczylas
     [not found]   ` <20031208161742.GB9087@secprog.org>
     [not found]     ` <Pine.LNX.4.58.0312080848560.13236@home.osdl.org>
2003-12-08 17:12       ` 2.6.test11 bug Linus Torvalds
     [not found]         ` <20031209194827.GA22265@secprog.org>
     [not found]           ` <Pine.LNX.4.58.0312091221440.21456@home.osdl.org>
2003-12-09 22:31             ` Rafal Skoczylas
2003-12-09 23:26               ` Linus Torvalds
     [not found] <10kzo-7mZ-11@gated-at.bofh.it>
     [not found] ` <10m88-2wd-1@gated-at.bofh.it>
     [not found]   ` <10xdJ-28r-23@gated-at.bofh.it>
     [not found]     ` <10xdJ-28r-25@gated-at.bofh.it>
     [not found]       ` <10xdJ-28r-21@gated-at.bofh.it>
2003-12-08 22:28         ` Rafal Skoczylas
  -- strict thread matches above, loose matches on Subject: below --
2003-12-08  2:24 Gordon Cormack
2003-12-08  2:37 ` Linus Torvalds

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=Pine.LNX.4.58.0312072100250.13236@home.osdl.org \
    --to=torvalds@osdl.org \
    --cc=linux-kernel@vger.kernel.org \
    --cc=nils@secprog.org \
    --cc=wli@holomorphy.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).