From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.0.2)
Description of problem:
kscand thread paniced in
Following the stack trace. VM strcutures might have got corrupted
leading to the panic
<1>Unable to handle kernel NULL pointer dereference at virtual address
<4> printing eip:
<1>*pde = 00003001
<1>*pte = 00000000
<4> parport_pc lp parport autofs e100 keybdev mousedev hid
input usb-ohci usbcore ext3 jbd aic7xxx sd_mod scs
<4>EIP: 0060:ï¿½<0215d2c4>ï¿½ Tainted: P
<4>EIP is at page_referenced ï¿½kernelï¿½ 0x334 (2.4.21-4.ELhugemem)
<4>eax: 038a3698 ebx: 26db5000 ecx: 00000000 edx: 00000000
<4>esi: 038a3698 edi: 0300002c ebp: 03f2df9c esp: 03f2df68
<4>Rejecting the heartbeat due to 0 local reference count
<4>ds: 0068 es: 0068 ss: 0068
<4>Process kscand (pid: 8, stackpage=03f2d000)
<4>Stack: 3bc3f380 00000000 0000000e 00000000 00000be8 38556b80
<4> 03f2dfac 03dc71ec 03dc71ec 038bd604 023c20d8 03f2dfbc
<4> 00000000 00000001 023c1000 023c20d8 00000003 03f2dfec
<4>Call Trace: ï¿½<02153491>ï¿½ scan_active_list ï¿½kernelï¿½ 0xa1 (0x03f2dfa0)
<4>ï¿½<02134960>ï¿½ process_timeout ï¿½kernelï¿½ 0x0 (0x03f2dfa4)
<4>ï¿½<02154a70>ï¿½ kscand ï¿½kernelï¿½ 0xa0 (0x03f2dfc0)
<4>ï¿½<021549d0>ï¿½ kscand ï¿½kernelï¿½ 0x0 (0x03f2dfe0)
<4>ï¿½<02109799>ï¿½ kernel_thread_helper ï¿½kernelï¿½ 0x5 (0x03f2dff0)
<4>Code: 8b 81 84 00 00 00 42 39 41 70 89 d9 0f 43 55 e4 81 e1 00 f0
03f2c000 8 1 1* R 03f2c580 *kscand
EBP EIP Function (args)
03f2df9c 0215d2c4 page_referenced+0x334 (2134960 0 1 23c1000 23c20d8)
03f2dfbc 02153491 scan_active_list+0xa1 (23c1000 3 23c20d8 3f2c000
03f2dfec 02154a70 kscand+0xa0
To be exact the error was in ptep_to_mm macro.
The code at which the panic occured was
0x0215d2c4 page_referenced+0x334: mov 0x84(%ecx),%eax
0x0215d2ca page_referenced+0x33a: inc %edx
0x0215d2cb page_referenced+0x33b: cmp %eax,0x70(%ecx)
0x0215d2ce page_referenced+0x33e: mov %ebx,%ecx
0x0215d2d0 page_referenced+0x340: cmovae 0xffffffe4(%ebp),%edx
0x0215d2d4 page_referenced+0x344: and $0xfffff000,%ecx
0x0215d2da page_referenced+0x34a: cmp $0xffb93fff,%ecx
0x0215d2e0 page_referenced+0x350: mov %edx,0xffffffe4(%ebp)
0x0215d2e3 page_referenced+0x353: jbe 0x0215d32a
0x0215d2e5 page_referenced+0x355: mov $0xffffe000,%eax
0x0215d2ea page_referenced+0x35a: mov $0xffffe000,%ebx
0x0215d2ef page_referenced+0x35f: and %esp,%eax
0x0215d2f1 page_referenced+0x361: mov 0x20(%eax),%edx
0x0215d2f4 page_referenced+0x364: mov %edx,%eax
0x0215d2f6 page_referenced+0x366: shl $0x4,%eax
0x0215d2f9 page_referenced+0x369: add %edx,%eax
static inline struct mm_struct * ptep_to_mm(pte_t * ptep)
struct page * page = kmap_atomic_to_page(ptep);
37e: 8b 48 08 mov 0x8(%eax),%ecx
381: 8b 55 e4 mov 0xffffffe4(%ebp),%edx
384: 8b 81 84 00 00 00 mov 0x84(%ecx),%eax
38a: 42 inc %edx
38b: 39 41 70 cmp %eax,0x70(%ecx)
Version-Release number of selected component (if applicable):
Steps to Reproduce:
Actual Results: panic
Expected Results: normal
which modules are you using ?
which module then tainted your kernel?
(did you unload one??)
Hugh Dickins found a bug in the 2.6 kernel that could be related and
sent in a patch to fix it. I'm submitting this patch for RHEL3 Update 3.
could you please tell me where i can find this patch?
The patch has been applied to the RHEL3 code base and should be in
can someone please elaborate on the nature of the patch? Does it
prevent the vm from getting corrupted? Does it handle other panics
that result in eflags of 00010212?
RIk, Please answer the last couple questions... need confirmation it
is in U3, etc.
Created attachment 102943 [details]
patch of Rik's that was committed to U3
The patch in comment #11 was committed to the RHEL3 U3 patch
pool in kernel version 2.4.21-15.1.EL. I'm reverting this
bug's state to MODIFIED.
Ernie, you will also need the patch to do_wp_page, otherwise you leave
a (very) small window for data corruption.
Okay, but this bugzilla (oops in page_referenced) is resolved.
An errata has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on the solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.