2007-06-10 13:42:54

by Arkadiusz Miśkiewicz

[permalink] [raw]
Subject: cat /dev/snapshot == OOPs

Hello,

Is this desired behaviour?

$ sudo cat /dev/snapshot

ended with:

[54498.464550] device-mapper: ioctl: 4.11.0-ioctl (2006-10-12) initialised:
[email protected]
[56592.077674] swsusp: Basic memory bitmaps created
[56592.084340] BUG: unable to handle kernel NULL pointer dereference at
virtual address 0000000c
[56592.084340] printing eip:
[56592.084340] c0135a6e
[56592.084340] *pde = 00000000
[56592.084340] Oops: 0000 [#1]
[56592.084340] Modules linked in: dm_snapshot dm_mod radeon drm binfmt_misc
ipv6 sch_sfq mmc_block rfcomm l2cap bluetooth ircomm_tty ircomm
cpufreq_ondemand acpi_cpufreq freq_table hdaps snd_pcm_oss snd_mixer_oss
video thermal processor fan container evdev button battery ac nvram
thinkpad_acpi hwmon backlight tun capability commoncap firewire_ohci
firewire_core crc_itu_t ahci pcmcia sdhci usbhid hid ff_memless ohci1394
mmc_core ata_generic ipw2200 ieee80211 ieee80211_crypt firmware_class
ieee1394 yenta_socket rsrc_nonstatic pcmcia_core nsc_ircc tg3 snd_hda_intel
generic i2c_i801 i2c_core ide_core snd_pcm snd_timer snd intel_agp iTCO_wdt
iTCO_vendor_support soundcore sr_mod psmouse agpgart snd_page_alloc serio_raw
uhci_hcd irda crc_ccitt ehci_hcd usbcore cdrom rtc_cmos rtc_core rtc_lib xfs
scsi_wait_scan sd_mod ata_piix libata scsi_mod
[56592.084340] CPU: 0
[56592.084340] EIP: 0060:[<c0135a6e>] Not tainted VLI
[56592.084340] EFLAGS: 00210206 (2.6.22-rc4 #70)
[56592.084340] EIP is at snapshot_read_next+0xcf/0x1d7
[56592.084340] eax: 00000000 ebx: d96fd200 ecx: c038e8f8 edx: e0688000
[56592.084340] esi: c031c462 edi: e0688186 ebp: ee42df5c esp: ee42df48
[56592.084340] ds: 007b es: 007b fs: 0000 gs: 0033 ss: 0068
[56592.084340] Process cat (pid: 22965, ti=ee42c000 task=c7d55480
task.ti=ee42c000)
[56592.084340] Stack: 00001000 c038e8f8 d96fd200 c038e8f8 0804e000 ee42df70
c0136ba5 d96fd200
[56592.084340] c0136b91 0804e000 ee42df90 c015b26b ee42df9c 00000006
00001000 d96fd200
[56592.084340] fffffff7 0804e000 ee42dfb0 c015b5d3 ee42df9c 00000000
00000000 00000000
[56592.084340] Call Trace:
[56592.084340] [<c0104a50>] show_trace_log_lvl+0x1a/0x2f
[56592.084340] [<c0104b00>] show_stack_log_lvl+0x9b/0xa3
[56592.084340] [<c0104cbc>] show_registers+0x1b4/0x286
[56592.084340] [<c0104e6d>] die+0xdf/0x1b1
[56592.084340] [<c01148a0>] do_page_fault+0x424/0x4f0
[56592.084340] [<c027f90a>] error_code+0x6a/0x70
[56592.084340] [<c0136ba5>] snapshot_read+0x14/0x48
[56592.084340] [<c015b26b>] vfs_read+0xad/0x15f
[56592.084340] [<c015b5d3>] sys_read+0x3d/0x61
[56592.084340] [<c0103b8a>] sysenter_past_esp+0x5f/0x85
[56592.084340] =======================
[56592.084340] Code: 03 05 b4 e8 38 c0 40 89 82 98 01 00 00 c1 e0 0c 89 82 9c
01 00 00 a1 a0 e8 38 c0 8b 4d f0 89 41 14 a1 b8 e8 38 c0 a3 c0 e8 38 c0 <8b>
40 0c c7 05 c8 e8 38 c0 00 00 00 00 c7 05 cc e8 38 c0 ff ff
[56592.084340] EIP: [<c0135a6e>] snapshot_read_next+0xcf/0x1d7 SS:ESP
0068:ee42df48
[56592.101007] swsusp: Basic memory bitmaps freed


that's on i686 with git tree with latest commit:
845a2fdcbd5bc5b9f652201ee95c825827a1d521

--
Arkadiusz Mi?kiewicz PLD/Linux Team
arekm / maven.pl http://ftp.pld-linux.org/


2007-06-10 14:00:35

by S.Çağlar Onur

[permalink] [raw]
Subject: Re: cat /dev/snapshot == OOPs

10 Haz 2007 Paz tarihinde, Arkadiusz Miskiewicz şunları yazmıştı:
> sudo cat /dev/snapshot

Same here with Linus's latest (although mine is tainted)

[11028.693171] swsusp: Basic memory bitmaps created
[11028.693219] BUG: unable to handle kernel NULL pointer dereference at
virtual address 0000000c
[11028.693227] printing eip:
[11028.693230] c0148b33
[11028.693232] *pde = 00000000
[11028.693237] Oops: 0000 [#1]
[11028.693240] SMP
[11028.693244] Modules linked in: isofs zlib_inflate af_packet snd_pcm_oss
snd_mixer_oss snd_seq_dummy snd_seq_oss snd_seq_midi_event snd_seq
snd_seq_device snd_hda_intel snd_pcm snd_timer snd soundcore snd_page_alloc
nvidia(P) uvcvideo compat_ioctl32 videodev v4l1_compat v4l2_common hci_usb
bluetooth intel_agp agpgart tsdev usbhid hid ff_memless sdhci mmc_core
i2c_i801 i2c_core joydev iTCO_wdt iTCO_vendor_support firewire_ohci
firewire_core crc_itu_t e100 mii ipw3945 ieee80211 ieee80211_crypt
firmware_class serio_raw cpufreq_ondemand cpufreq_userspace cpufreq_powersave
acpi_cpufreq freq_table rtc_cmos rtc_core rtc_lib ext3 jbd mbcache sr_mod
cdrom sd_mod ata_generic ehci_hcd ata_piix ohci1394 ieee1394 uhci_hcd usbcore
ahci libata scsi_mod
[11028.693331] CPU: 0
[11028.693332] EIP: 0060:[<c0148b33>] Tainted: P VLI
[11028.693335] EFLAGS: 00010206 (2.6.22-rc4-CFS-v16 #4)
[11028.693344] EIP is at memory_bm_position_reset+0x5/0x1a
[11028.693349] eax: c03d808c ebx: c03d80e0 ecx: 00000002 edx: 00000000
[11028.693355] esi: c57f6d80 edi: 08051000 ebp: 00001000 esp: e0383f50
[11028.693359] ds: 007b es: 007b fs: 00d8 gs: 0033 ss: 0068
[11028.693365] Process cat (pid: 13165, ti=e0382000 task=f6109800
task.ti=e0382000)
[11028.693368] Stack: c0149882 08051000 c03d80e0 c57f6d80 08051000 00000000
c014ae82 00001000
[11028.693381] c57f6d80 c02b4d00 c0174664 e0383fa0 f6109800 08051000
c57f6d80 fffffff7
[11028.693393] 08051000 e0382000 c01749a8 e0383fa0 00000000 00000000
00000000 00000003
[11028.693404] Call Trace:
[11028.693408] [<c0149882>] snapshot_read_next+0x6b/0x164
[11028.693425] [<c014ae82>] snapshot_read+0x11/0x45
[11028.693438] [<c0174664>] vfs_read+0xb1/0x15b
[11028.693456] [<c01749a8>] sys_read+0x41/0x67
[11028.693471] [<c0103dd0>] syscall_call+0x7/0xb
[11028.693505] =======================
[11028.693507] Code: 74 07 89 f8 e8 5d 04 00 00 31 d2 89 f8 e8 13 2d 01 00 89
f2 eb b4 31 c0 b9 04 00 00 00 89 df f3 ab 5b 5e 5f 5d c3 8b 10 89 50 08 <8b>
52 0c c7 40 10 00 00 00 00 c7 40 14 ff ff ff ff 89 50 0c c3
[11028.693561] EIP: [<c0148b33>] memory_bm_position_reset+0x5/0x1a SS:ESP
0068:e0383f50
[11028.707698] swsusp: Basic memory bitmaps freed

Cheers
--
S.Çağlar Onur <[email protected]>
http://cekirdek.pardus.org.tr/~caglar/

Linux is like living in a teepee. No Windows, no Gates and an Apache in house!


Attachments:
(No filename) (2.78 kB)
signature.asc (189.00 B)
This is a digitally signed message part.
Download all attachments

2007-06-10 15:51:19

by Björn Steinbrink

[permalink] [raw]
Subject: Re: cat /dev/snapshot == OOPs

On 2007.06.10 15:42:33 +0200, Arkadiusz Miskiewicz wrote:
> Hello,
>
> Is this desired behaviour?
>
> $ sudo cat /dev/snapshot
>
> ended with:
>
> [54498.464550] device-mapper: ioctl: 4.11.0-ioctl (2006-10-12) initialised:
> [email protected]
> [56592.077674] swsusp: Basic memory bitmaps created
> [56592.084340] BUG: unable to handle kernel NULL pointer dereference at
> virtual address 0000000c
> [56592.084340] printing eip:
> [56592.084340] c0135a6e
> [56592.084340] *pde = 00000000
> [56592.084340] Oops: 0000 [#1]
> [56592.084340] Modules linked in: dm_snapshot dm_mod radeon drm binfmt_misc
> ipv6 sch_sfq mmc_block rfcomm l2cap bluetooth ircomm_tty ircomm
> cpufreq_ondemand acpi_cpufreq freq_table hdaps snd_pcm_oss snd_mixer_oss
> video thermal processor fan container evdev button battery ac nvram
> thinkpad_acpi hwmon backlight tun capability commoncap firewire_ohci
> firewire_core crc_itu_t ahci pcmcia sdhci usbhid hid ff_memless ohci1394
> mmc_core ata_generic ipw2200 ieee80211 ieee80211_crypt firmware_class
> ieee1394 yenta_socket rsrc_nonstatic pcmcia_core nsc_ircc tg3 snd_hda_intel
> generic i2c_i801 i2c_core ide_core snd_pcm snd_timer snd intel_agp iTCO_wdt
> iTCO_vendor_support soundcore sr_mod psmouse agpgart snd_page_alloc serio_raw
> uhci_hcd irda crc_ccitt ehci_hcd usbcore cdrom rtc_cmos rtc_core rtc_lib xfs
> scsi_wait_scan sd_mod ata_piix libata scsi_mod
> [56592.084340] CPU: 0
> [56592.084340] EIP: 0060:[<c0135a6e>] Not tainted VLI
> [56592.084340] EFLAGS: 00210206 (2.6.22-rc4 #70)
> [56592.084340] EIP is at snapshot_read_next+0xcf/0x1d7
> [56592.084340] eax: 00000000 ebx: d96fd200 ecx: c038e8f8 edx: e0688000
> [56592.084340] esi: c031c462 edi: e0688186 ebp: ee42df5c esp: ee42df48
> [56592.084340] ds: 007b es: 007b fs: 0000 gs: 0033 ss: 0068
> [56592.084340] Process cat (pid: 22965, ti=ee42c000 task=c7d55480
> task.ti=ee42c000)
> [56592.084340] Stack: 00001000 c038e8f8 d96fd200 c038e8f8 0804e000 ee42df70
> c0136ba5 d96fd200
> [56592.084340] c0136b91 0804e000 ee42df90 c015b26b ee42df9c 00000006
> 00001000 d96fd200
> [56592.084340] fffffff7 0804e000 ee42dfb0 c015b5d3 ee42df9c 00000000
> 00000000 00000000
> [56592.084340] Call Trace:
> [56592.084340] [<c0104a50>] show_trace_log_lvl+0x1a/0x2f
> [56592.084340] [<c0104b00>] show_stack_log_lvl+0x9b/0xa3
> [56592.084340] [<c0104cbc>] show_registers+0x1b4/0x286
> [56592.084340] [<c0104e6d>] die+0xdf/0x1b1
> [56592.084340] [<c01148a0>] do_page_fault+0x424/0x4f0
> [56592.084340] [<c027f90a>] error_code+0x6a/0x70
> [56592.084340] [<c0136ba5>] snapshot_read+0x14/0x48
> [56592.084340] [<c015b26b>] vfs_read+0xad/0x15f
> [56592.084340] [<c015b5d3>] sys_read+0x3d/0x61
> [56592.084340] [<c0103b8a>] sysenter_past_esp+0x5f/0x85
> [56592.084340] =======================
> [56592.084340] Code: 03 05 b4 e8 38 c0 40 89 82 98 01 00 00 c1 e0 0c 89 82 9c
> 01 00 00 a1 a0 e8 38 c0 8b 4d f0 89 41 14 a1 b8 e8 38 c0 a3 c0 e8 38 c0 <8b>
> 40 0c c7 05 c8 e8 38 c0 00 00 00 00 c7 05 cc e8 38 c0 ff ff
> [56592.084340] EIP: [<c0135a6e>] snapshot_read_next+0xcf/0x1d7 SS:ESP
> 0068:ee42df48
> [56592.101007] swsusp: Basic memory bitmaps freed

Looks like it is the access to zone_bm->bm_blocks aka
orig_bm.zone_bm_list->bm_blocks. zone_bm_list is NULL unless
swsusp_save() is called. I don't see any state variable that would allow
an obvious fix though, so I'll leave that to the swsusp guys.

Bj?rn

2007-06-10 17:28:16

by Rafael J. Wysocki

[permalink] [raw]
Subject: Re: cat /dev/snapshot == OOPs

On Sunday, 10 June 2007 15:42, Arkadiusz Miskiewicz wrote:
> Hello,
>
> Is this desired behaviour?

Obviously not.

> $ sudo cat /dev/snapshot
>
> ended with:
>
> [54498.464550] device-mapper: ioctl: 4.11.0-ioctl (2006-10-12) initialised:
> [email protected]
> [56592.077674] swsusp: Basic memory bitmaps created
> [56592.084340] BUG: unable to handle kernel NULL pointer dereference at
> virtual address 0000000c

Can you please try the appended patch?

Rafael


Signed-off-by: Rafael J. Wysocki <[email protected]>
---
kernel/power/user.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)

Index: linux-2.6.22-rc4/kernel/power/user.c
===================================================================
--- linux-2.6.22-rc4.orig/kernel/power/user.c 2007-06-10 19:33:36.000000000 +0200
+++ linux-2.6.22-rc4/kernel/power/user.c 2007-06-10 19:35:59.000000000 +0200
@@ -99,6 +99,8 @@ static ssize_t snapshot_read(struct file
ssize_t res;

data = filp->private_data;
+ if (!data->ready)
+ return -ENODATA;
res = snapshot_read_next(&data->handle, count);
if (res > 0) {
if (copy_to_user(buf, data_of(data->handle), res))
@@ -163,7 +165,7 @@ static int snapshot_ioctl(struct inode *
break;

case SNAPSHOT_UNFREEZE:
- if (!data->frozen)
+ if (!data->frozen || data->ready)
break;
mutex_lock(&pm_mutex);
thaw_processes();

2007-06-10 18:31:47

by Arkadiusz Miśkiewicz

[permalink] [raw]
Subject: Re: cat /dev/snapshot == OOPs

On Sunday 10 of June 2007, Rafael J. Wysocki wrote:

> >
> > [54498.464550] device-mapper: ioctl: 4.11.0-ioctl (2006-10-12)
> > initialised: [email protected]
> > [56592.077674] swsusp: Basic memory bitmaps created
> > [56592.084340] BUG: unable to handle kernel NULL pointer dereference at
> > virtual address 0000000c
>
> Can you please try the appended patch?

[root@tarm ~]# LC_ALL=C cat /dev/snapshot
cat: /dev/snapshot: No data available

[ 237.939976] swsusp: Basic memory bitmaps created
[ 237.956642] swsusp: Basic memory bitmaps freed

no oops with that patch.

> Rafael


--
Arkadiusz Mi?kiewicz PLD/Linux Team
arekm / maven.pl http://ftp.pld-linux.org/

2007-06-10 19:29:19

by S.Çağlar Onur

[permalink] [raw]
Subject: Re: cat /dev/snapshot == OOPs

10 Haz 2007 Paz tarihinde, Rafael J. Wysocki şunları yazmıştı:
> Can you please try the appended patch?

I cannot reproduce the oops with that patch applied...

Cheers
--
S.Çağlar Onur <[email protected]>
http://cekirdek.pardus.org.tr/~caglar/

Linux is like living in a teepee. No Windows, no Gates and an Apache in house!


Attachments:
(No filename) (336.00 B)
signature.asc (189.00 B)
This is a digitally signed message part.
Download all attachments