Kernel panic in __list_add() function due to a single bit-flip in virtual address.
Issue
- Kernel panic with the following call traces.
Unable to handle kernel paging request at ffffefff8055ee50 RIP:
[<ffffffff80157bf4>] __list_add+0x2e/0x68
PGD 0
Oops: 0000 [1] SMP
last sysfs file: /devices/pci0000:00/0000:00:07.0/0000:10:00.1/irq
CPU 15
Modules linked in: autofs4 hidp rfcomm l2cap bluetooth lockd sunrpc cpufreq_ondemand acpi_cpufreq freq_table mperf bonding be2iscsi ib_iser rdma_cm ib_cm iw_cm ib_sa ib_mad ib_core ib_addr iscsi_tcp bnx2i cnic ipv6 xfrm_nalgo crypto_api uio cxgb3i cxgb3 8021q libiscsi_tcp libiscsi2 scsi_transport_iscsi2 scsi_transport_iscsi dm_multipath scsi_dh video backlight sbs power_meter hwmon i2c_ec dell_wmi wmi button battery asus_acpi acpi_memhotplug ac parport_pc lp parport joydev sg cdc_ether i2c_i801 tpm_tis usbnet i2c_core i7core_edac tpm edac_mc tpm_bios pcspkr bnx2 dm_raid45 dm_message dm_region_hash dm_mem_cache dm_snapshot dm_zero dm_mirror dm_log dm_mod shpchp mptsas mptscsih mptbase scsi_transport_sas sd_mod scsi_mod ext3 jbd uhci_hcd ohci_hcd ehci_hcd
Pid: 8817, comm: GIMH Not tainted 2.6.18-238.el5 #1
RIP: 0010:[<ffffffff80157bf4>] [<ffffffff80157bf4>] __list_add+0x2e/0x68
RSP: 0018:ffff8101cc32dd48 EFLAGS: 00010246
RAX: ffffffff8055ee50 RBX: ffffffff8055ee50 RCX: 0000000000013bef
RDX: ffffefff8055ee50 RSI: ffffefff8055ee50 RDI: ffff8101cc32ddd0
RBP: ffffefff8055ee50 R08: 00000000367e180c R09: 00000000ef5a8d1d
R10: 0000000000000000 R11: 0000000000000216 R12: ffff8101cc32ddd0
R13: 0000000000000000 R14: 0000000018417ed4 R15: 7fffffffffffffff
FS: 00000000491d8940(0063) GS:ffff81037fcdb0c0(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 000000008005003b
CR2: ffffefff8055ee50 CR3: 00000001f1276000 CR4: 00000000000006e0
Process GIMH (pid: 8817, threadinfo ffff8101cc32c000, task ffff8101cc30b040)
Stack: ffffffff8055ee48 ffff8101cc32ddc8 ffffffff8055ee50 ffffffff80157b3b
ffffffff8055ee48 ffff8101cc32dde0 ffff8101cc32ddc8 ffffffff8003e387
0000000000000000 0000000000000000 00013bef00000000 0000000000000000
Call Trace:
[<ffffffff80157b3b>] plist_add+0x75/0x8f
[<ffffffff8003e387>] do_futex+0x204/0xce3
[<ffffffff8008e40a>] default_wake_function+0x0/0xe
[<ffffffff8003af8b>] hrtimer_try_to_cancel+0x4a/0x53
[<ffffffff8005a4a7>] hrtimer_cancel+0xc/0x16
[<ffffffff80063ce5>] do_nanosleep+0x47/0x70
[<ffffffff8005a394>] hrtimer_nanosleep+0x58/0x118
[<ffffffff800a6029>] sys_futex+0x10a/0x12b
[<ffffffff8005d28d>] tracesys+0xd5/0xe0
Code: 48 8b 55 00 48 39 da 74 1b 48 89 de 48 c7 c7 58 3c 2c 80 31
RIP [<ffffffff80157bf4>] __list_add+0x2e/0x68
RSP <ffff8101cc32dd48>
Environment
- Red Hat Enterprise Linux 5
Subscriber exclusive content
A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.