Kernel panic in __list_add() function due to a single bit-flip in virtual address.

Solution Verified - Updated -

Issue

  • Kernel panic with the following call traces.
Unable to handle kernel paging request at ffffefff8055ee50 RIP: 
 [<ffffffff80157bf4>] __list_add+0x2e/0x68
PGD 0 
Oops: 0000 [1] SMP 
last sysfs file: /devices/pci0000:00/0000:00:07.0/0000:10:00.1/irq
CPU 15 
Modules linked in: autofs4 hidp rfcomm l2cap bluetooth lockd sunrpc cpufreq_ondemand acpi_cpufreq freq_table mperf bonding be2iscsi ib_iser rdma_cm ib_cm iw_cm ib_sa ib_mad ib_core ib_addr iscsi_tcp bnx2i cnic ipv6 xfrm_nalgo crypto_api uio cxgb3i cxgb3 8021q libiscsi_tcp libiscsi2 scsi_transport_iscsi2 scsi_transport_iscsi dm_multipath scsi_dh video backlight sbs power_meter hwmon i2c_ec dell_wmi wmi button battery asus_acpi acpi_memhotplug ac parport_pc lp parport joydev sg cdc_ether i2c_i801 tpm_tis usbnet i2c_core i7core_edac tpm edac_mc tpm_bios pcspkr bnx2 dm_raid45 dm_message dm_region_hash dm_mem_cache dm_snapshot dm_zero dm_mirror dm_log dm_mod shpchp mptsas mptscsih mptbase scsi_transport_sas sd_mod scsi_mod ext3 jbd uhci_hcd ohci_hcd ehci_hcd
Pid: 8817, comm: GIMH Not tainted 2.6.18-238.el5 #1
RIP: 0010:[<ffffffff80157bf4>]  [<ffffffff80157bf4>] __list_add+0x2e/0x68
RSP: 0018:ffff8101cc32dd48  EFLAGS: 00010246
RAX: ffffffff8055ee50 RBX: ffffffff8055ee50 RCX: 0000000000013bef
RDX: ffffefff8055ee50 RSI: ffffefff8055ee50 RDI: ffff8101cc32ddd0
RBP: ffffefff8055ee50 R08: 00000000367e180c R09: 00000000ef5a8d1d
R10: 0000000000000000 R11: 0000000000000216 R12: ffff8101cc32ddd0
R13: 0000000000000000 R14: 0000000018417ed4 R15: 7fffffffffffffff
FS:  00000000491d8940(0063) GS:ffff81037fcdb0c0(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 000000008005003b
CR2: ffffefff8055ee50 CR3: 00000001f1276000 CR4: 00000000000006e0
Process GIMH (pid: 8817, threadinfo ffff8101cc32c000, task ffff8101cc30b040)
Stack:  ffffffff8055ee48 ffff8101cc32ddc8 ffffffff8055ee50 ffffffff80157b3b
 ffffffff8055ee48 ffff8101cc32dde0 ffff8101cc32ddc8 ffffffff8003e387
 0000000000000000 0000000000000000 00013bef00000000 0000000000000000
Call Trace:
 [<ffffffff80157b3b>] plist_add+0x75/0x8f
 [<ffffffff8003e387>] do_futex+0x204/0xce3
 [<ffffffff8008e40a>] default_wake_function+0x0/0xe
 [<ffffffff8003af8b>] hrtimer_try_to_cancel+0x4a/0x53
 [<ffffffff8005a4a7>] hrtimer_cancel+0xc/0x16
 [<ffffffff80063ce5>] do_nanosleep+0x47/0x70
 [<ffffffff8005a394>] hrtimer_nanosleep+0x58/0x118
 [<ffffffff800a6029>] sys_futex+0x10a/0x12b
 [<ffffffff8005d28d>] tracesys+0xd5/0xe0


Code: 48 8b 55 00 48 39 da 74 1b 48 89 de 48 c7 c7 58 3c 2c 80 31 
RIP  [<ffffffff80157bf4>] __list_add+0x2e/0x68
 RSP <ffff8101cc32dd48>

Environment

  • Red Hat Enterprise Linux 5

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.

Current Customers and Partners

Log in for full access

Log In

New to Red Hat?

Learn more about Red Hat subscriptions

Using a Red Hat product through a public cloud?

How to access this content