Bug 746482 - general protection fault (address: 00aaaaaa00aaaaaa)
Summary: general protection fault (address: 00aaaaaa00aaaaaa)
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Fedora
Classification: Fedora
Component: kernel
Version: 15
Hardware: x86_64
OS: Unspecified
unspecified
unspecified
Target Milestone: ---
Assignee: Eric Sandeen
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard: abrt_hash:ed21079a753c3302f1443dac4d9...
: 747096 747099 802223 (view as bug list)
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2011-10-16 13:58 UTC by badseed
Modified: 2012-04-11 14:11 UTC (History)
6 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2012-04-11 14:11:42 UTC
Type: ---
Embargoed:


Attachments (Terms of Use)

Description badseed 2011-10-16 13:58:13 UTC
abrt version: 2.0.3
architecture:   x86_64
cmdline:        ro root=UUID=d01ff3e7-04a0-4ad0-adab-b7d07ea513fe rd_NO_LUKS rd_NO_LVM rd_NO_MD rd_NO_DM LANG=en_US.UTF-8 SYSFONT=latarcyrheb-sun16 KEYTABLE=fr_CH rhgb quiet
comment:        Clicking on the Chromium web browser icon in the activities>applications menu.
component:      kernel
kernel:         2.6.40.6-0.fc15.x86_64
kernel_tainted: 128
kernel_tainted_long: Kernel has oopsed before.
os_release:     Fedora release 15 (Lovelock)
package:        kernel
reason:         general protection fault: 0000 [#1] SMP 
time:           Sun Oct 16 15:56:06 2011

backtrace:
:general protection fault: 0000 [#1] SMP 
:CPU 1 
:Modules linked in: tcp_lp fuse ebtable_nat ebtables ipt_MASQUERADE iptable_nat nf_nat xt_CHECKSUM iptable_mangle bridge ppdev parport_pc lp parport 8021q garp stp llc sunrpc cpufreq_ondemand acpi_cpufreq mperf bnep bluetooth ip6t_REJECT nf_conntrack_ipv6 nf_defrag_ipv6 ip6table_filter ip6_tables nf_conntrack_ipv4 nf_defrag_ipv4 xt_state nf_conntrack snd_hda_codec_hdmi snd_hda_codec_conexant cdc_wdm snd_hda_intel snd_hda_codec snd_hwdep snd_seq snd_seq_device snd_pcm cdc_ncm usbnet arc4 thinkpad_acpi uvcvideo videodev media iwlagn cdc_acm snd_timer r8169 virtio_net kvm_intel kvm mii mac80211 snd soundcore v4l2_compat_ioctl32 snd_page_alloc cfg80211 i2c_i801 iTCO_wdt microcode iTCO_vendor_support rfkill joydev ipv6 sdhci_pci sdhci mmc_core wmi i915 drm_kms_helper drm i2c_algo_bit i2c_core video [last unloaded: scsi_wait_scan]
:Pid: 7683, comm: chrome-sandbox Not tainted 2.6.40.6-0.fc15.x86_64 #1 LENOVO 44014PG/44014PG
:RIP: 0010:[<ffffffff811776fa>]  [<ffffffff811776fa>] pde_put+0xf/0x69
:RSP: 0018:ffff880037b6fc08  EFLAGS: 00010206
:RAX: 0000000000000000 RBX: 00aaaaaa00aaaaaa RCX: 0000000000000007
:RDX: 0000000000000000 RSI: ffff88011cb22f00 RDI: 00aaaaaa00aaaaaa
:RBP: ffff880037b6fc18 R08: ffff88013672cdc8 R09: ffff88009af9e7b8
:R10: ffff88009af9e780 R11: 0000000000000000 R12: ffff88013672cdc8
:R13: ffffffff81618c10 R14: ffff88009af9e830 R15: 0000000000000000
:FS:  00007f399d6d3720(0000) GS:ffff88013fa40000(0000) knlGS:0000000000000000
:CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
:CR2: 00000033226d3029 CR3: 00000000b10f8000 CR4: 00000000000406e0
:DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
:DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000400
:Process chrome-sandbox (pid: 7683, threadinfo ffff880037b6e000, task ffff8800b1045cc0)
:Stack:
: ffff88013672cd38 ffff88013672cdc8 ffff880037b6fc38 ffffffff8117214f
: ffff88013672dd58 ffff88013672cd38 ffff880037b6fc68 ffffffff8113ac99
: 00000000000095f2 ffff88013672cd38 ffff88013f421000 ffffffff81618c10
:Call Trace:
: [<ffffffff8117214f>] proc_evict_inode+0x3b/0x6d
: [<ffffffff8113ac99>] evict+0x77/0x117
: [<ffffffff8113aea9>] iput+0x130/0x138
: [<ffffffff81137dca>] dentry_kill+0x104/0x121
: [<ffffffff811382d0>] dput+0xdd/0xea
: [<ffffffff8113111e>] walk_component+0x29e/0x3a9
: [<ffffffff8113172b>] lookup_last+0x3b/0x3d
: [<ffffffff811317af>] path_lookupat+0x82/0x2af
: [<ffffffff81041345>] ? should_resched+0xe/0x2d
: [<ffffffff81486eb5>] ? _cond_resched+0xe/0x22
: [<ffffffff81240bd1>] ? might_fault+0x21/0x23
: [<ffffffff81132848>] do_path_lookup+0x28/0x97
: [<ffffffff81132c74>] user_path_at+0x59/0x96
: [<ffffffff8113e50d>] ? mntput+0x26/0x28
: [<ffffffff81041345>] ? should_resched+0xe/0x2d
: [<ffffffff8113e441>] ? mntput_no_expire+0x2b/0xd1
: [<ffffffff8112ae5e>] sys_readlinkat+0x33/0x95
: [<ffffffff8112aedb>] sys_readlink+0x1b/0x1d
: [<ffffffff8148ed02>] system_call_fastpath+0x16/0x1b
:Code: 58 e8 07 f8 f9 ff 4c 89 e7 45 31 e4 e8 fc f7 f9 ff 4c 89 e0 41 5c 5a 5b 41 5c 5d c3 55 48 89 e5 41 54 53 66 66 66 66 90 48 89 fb <f0> ff 4f 70 0f 94 c0 84 c0 74 4a 44 8b 27 48 c7 c7 c8 1e d7 81 
:RIP  [<ffffffff811776fa>] pde_put+0xf/0x69
: RSP <ffff880037b6fc08>

Comment 1 Josh Boyer 2011-10-19 19:12:48 UTC
*** Bug 747096 has been marked as a duplicate of this bug. ***

Comment 2 Josh Boyer 2011-10-19 19:13:09 UTC
*** Bug 747099 has been marked as a duplicate of this bug. ***

Comment 3 Eric Sandeen 2011-10-19 19:25:52 UTC
> kernel_tainted: 128
> kernel_tainted_long: Kernel has oopsed before.

We'll probably need the first oops... the dup'd bugs also are secondary.

If you could look in your logs for some oops prior to this, I'd appreciate it.

-Eric

Comment 4 Eric Sandeen 2011-10-19 20:15:07 UTC
Ok, maybe abrt was confused, thanks Josh...

> :Pid: 7683, comm: chrome-sandbox Not tainted 2.6.40.6-0.fc15.x86_64 #1 LENOVO
44014PG/44014PG

Comment 5 Eric Sandeen 2011-10-19 20:18:21 UTC
Is this reproducible?  I wonder if it'd be worth stracing chromium (or chrome-sandbox?) before you click the death button, and see what it is accessing in /proc

strace -f will follow any child processes ...

-Eric

Comment 6 Dave Jones 2012-03-09 18:09:00 UTC
if you could run the kernel-debug build at
http://koji.fedoraproject.org/koji/buildinfo?buildID=304798 that might turn up
a different trace that might be helpful to us to track this down.

(it's going to be considerably slower than the regular build, due to the extra
checking).

Comment 7 Dave Jones 2012-03-12 18:25:21 UTC
Keith Packard pointed out that the value this is faulting on (00aaaaaa00aaaaaa) is likely a strip of grey pixels in ARGB format. (That it looks like a repeating pattern is another hint).

It's likely the i915 driver is causing memory corruption in some circumstances.
We know this happens after hibernation.

Comment 8 Dave Jones 2012-03-12 18:26:27 UTC
*** Bug 802223 has been marked as a duplicate of this bug. ***


Note You need to log in before you can comment on or make changes to this bug.