Bug 834731 - [abrt]: BUG: unable to handle kernel paging request at 03028301
[abrt]: BUG: unable to handle kernel paging request at 03028301
Status: CLOSED INSUFFICIENT_DATA
Product: Fedora
Classification: Fedora
Component: kernel (Show other bugs)
16
i686 Unspecified
unspecified Severity unspecified
: ---
: ---
Assigned To: Kernel Maintainer List
Fedora Extras Quality Assurance
abrt_hash:f1e134daa2d17ed8c88de7dc5f3...
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2012-06-22 20:47 EDT by my.bugzilla.mail
Modified: 2012-09-04 13:58 EDT (History)
5 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2012-09-04 13:58:18 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description my.bugzilla.mail 2012-06-22 20:47:01 EDT
libreport version: 2.0.10
cmdline:        BOOT_IMAGE=/vmlinuz-3.4.2-1.fc16.i686 root=UUID=a2cfc46e-badc-43d2-970d-c65cc62fdb4b ro rd.md=0 rd.lvm=0 rd.dm=0 KEYTABLE=us quiet SYSFONT=latarcyrheb-sun16 rhgb rd.luks=0 LANG=en_US.UTF-8

backtrace:
:BUG: unable to handle kernel paging request at 03028301
:IP: [<c0525eca>] __kmalloc_track_caller+0xaa/0x1e0
:*pde = 00000000 
:Oops: 0000 [#1] SMP 
:Modules linked in: ppdev parport_pc lp parport lockd be2iscsi iscsi_boot_sysfs bnx2i cnic uio cxgb4i cxgb4 cxgb3i libcxgbi cxgb3 mdio ib_iser rdma_cm ib_cm iw_cm ib_sa ib_mad ib_core ib_addr iscsi_tcp libiscsi_tcp libiscsi scsi_transport_iscsi fcoe libfcoe libfc scsi_transport_fc scsi_tgt 8021q garp stp llc rfcomm bnep fuse snd_hda_codec_hdmi snd_hda_codec_realtek btusb bluetooth arc4 snd_hda_intel snd_hda_codec snd_hwdep ath9k snd_seq snd_seq_device mac80211 snd_pcm ath9k_common ath9k_hw ath cfg80211 snd_timer acer_wmi iTCO_wdt snd uvcvideo videobuf2_core videodev media videobuf2_vmalloc videobuf2_memops tg3 i2c_i801 soundcore iTCO_vendor_support coretemp sparse_keymap rfkill snd_page_alloc joydev microcode uinput sunrpc crc32c_intel sdhci_pci sdhci mmc_core wmi i915 drm_kms_helper drm i2c_algo_bit i2c_core video [last unloaded: scsi_wait_scan]
:Pid: 1138, comm: X Not tainted 3.4.2-1.fc16.i686 #1 Acer Aspire V3-571/VA50_HC_HR
:EIP: 0060:[<c0525eca>] EFLAGS: 00213246 CPU: 0
:EIP is at __kmalloc_track_caller+0xaa/0x1e0
:EAX: 00000000 EBX: e1ac1a80 ECX: 03028301 EDX: 000010aa
:ESI: f4002700 EDI: c0c64c90 EBP: f0ebbd34 ESP: f0ebbd04
: DS: 007b ES: 007b FS: 00d8 GS: 00e0 SS: 0068
:CR0: 80050033 CR2: 03028301 CR3: 3093a000 CR4: 000407d0
:DR0: 00000000 DR1: 00000000 DR2: 00000000 DR3: 00000000
:DR6: ffff0ff0 DR7: 00000400
:Process X (pid: 1138, ti=f0eba000 task=f0f38000 task.ti=f0eba000)
:Stack:
: f0b10a80 f4002180 f4ff4200 f0ebbd6c c083745e c0832ce4 000004d0 00001240
: 03028301 e1ac1a80 000004d0 00001174 f0ebbd54 c0837481 00000000 f0ebbd50
: f4002180 efb17cc0 00000000 f0f38000 f0ebbd90 c0832ce4 ffffffff 00001174
:Call Trace:
: [<c083745e>] ? __alloc_skb+0x2e/0x200
: [<c0832ce4>] ? sock_alloc_send_pskb+0x164/0x2a0
: [<c0837481>] __alloc_skb+0x51/0x200
: [<c0832ce4>] sock_alloc_send_pskb+0x164/0x2a0
: [<c06052c7>] ? sock_has_perm+0xa7/0xd0
: [<c0832e3d>] sock_alloc_send_skb+0x1d/0x30
: [<c08cc41f>] unix_stream_sendmsg+0x2ff/0x3f0
: [<c082f0be>] sock_aio_write+0xfe/0x120
: [<c082efc0>] ? sock_aio_dtor+0x20/0x20
: [<c0534ff4>] do_sync_readv_writev+0xa4/0xe0
: [<c065b622>] ? _copy_from_user+0x42/0x60
: [<c05347dc>] ? rw_verify_area+0x6c/0x120
: [<c0535243>] do_readv_writev+0xa3/0x190
: [<c082efc0>] ? sock_aio_dtor+0x20/0x20
: [<c053536e>] vfs_writev+0x3e/0x60
: [<c05354cd>] sys_writev+0x3d/0xa0
: [<c093a79f>] sysenter_do_call+0x12/0x28
:Code: fd 00 00 00 8b 06 64 03 05 08 f7 c5 c0 8b 50 04 8b 08 85 c9 89 4d f0 0f 84 20 01 00 00 8b 3e 8b 46 14 8b 4d f0 f7 c7 07 00 00 00 <8b> 1c 01 0f 85 07 01 00 00 8d 4a 01 8b 45 f0 64 0f c7 0f 0f 94 
:EIP: [<c0525eca>] __kmalloc_track_caller+0xaa/0x1e0 SS:ESP 0068:f0ebbd04
:CR2: 0000000003028301
Comment 1 Dave Jones 2012-07-10 18:56:35 EDT
I stared at this for a while, and can't come up with a scenario to explain this.
Is it reproducable ?

The oops is way down in the allocator guts here..

static inline void *get_freepointer(struct kmem_cache *s, void *object)
{
        return *(void **)(object + s->offset);
    4c7d:       8b 1c 01                mov    (%ecx,%eax,1),%ebx

We passed a null object, and also had an enormous s->offset.

bizarre.

Were you low on memory when this happened ?

Note You need to log in before you can comment on or make changes to this bug.