cat /dev/snapshot == OOPs

cat /dev/snapshot == OOPs

[Arkadiusz Miskiewicz]

Hello,

Is this desired behaviour?

$ sudo cat /dev/snapshot

ended with:

[54498.464550] device-mapper: ioctl: 4.11.0-ioctl (2006-10-12) initialised: 
dm-devel@redhat.com
[56592.077674] swsusp: Basic memory bitmaps created
[56592.084340] BUG: unable to handle kernel NULL pointer dereference at 
virtual address 0000000c
[56592.084340]  printing eip:
[56592.084340] c0135a6e
[56592.084340] *pde = 00000000
[56592.084340] Oops: 0000 [#1]
[56592.084340] Modules linked in: dm_snapshot dm_mod radeon drm binfmt_misc 
ipv6 sch_sfq mmc_block rfcomm l2cap bluetooth ircomm_tty ircomm 
cpufreq_ondemand acpi_cpufreq freq_table hdaps snd_pcm_oss snd_mixer_oss 
video thermal processor fan container evdev button battery ac nvram 
thinkpad_acpi hwmon backlight tun capability commoncap firewire_ohci 
firewire_core crc_itu_t ahci pcmcia sdhci usbhid hid ff_memless ohci1394 
mmc_core ata_generic ipw2200 ieee80211 ieee80211_crypt firmware_class 
ieee1394 yenta_socket rsrc_nonstatic pcmcia_core nsc_ircc tg3 snd_hda_intel 
generic i2c_i801 i2c_core ide_core snd_pcm snd_timer snd intel_agp iTCO_wdt 
iTCO_vendor_support soundcore sr_mod psmouse agpgart snd_page_alloc serio_raw 
uhci_hcd irda crc_ccitt ehci_hcd usbcore cdrom rtc_cmos rtc_core rtc_lib xfs 
scsi_wait_scan sd_mod ata_piix libata scsi_mod
[56592.084340] CPU:    0
[56592.084340] EIP:    0060:[<c0135a6e>]    Not tainted VLI
[56592.084340] EFLAGS: 00210206   (2.6.22-rc4 #70)
[56592.084340] EIP is at snapshot_read_next+0xcf/0x1d7
[56592.084340] eax: 00000000   ebx: d96fd200   ecx: c038e8f8   edx: e0688000
[56592.084340] esi: c031c462   edi: e0688186   ebp: ee42df5c   esp: ee42df48
[56592.084340] ds: 007b   es: 007b   fs: 0000  gs: 0033  ss: 0068
[56592.084340] Process cat (pid: 22965, ti=ee42c000 task=c7d55480 
task.ti=ee42c000)
[56592.084340] Stack: 00001000 c038e8f8 d96fd200 c038e8f8 0804e000 ee42df70 
c0136ba5 d96fd200
[56592.084340]        c0136b91 0804e000 ee42df90 c015b26b ee42df9c 00000006 
00001000 d96fd200
[56592.084340]        fffffff7 0804e000 ee42dfb0 c015b5d3 ee42df9c 00000000 
00000000 00000000
[56592.084340] Call Trace:
[56592.084340]  [<c0104a50>] show_trace_log_lvl+0x1a/0x2f
[56592.084340]  [<c0104b00>] show_stack_log_lvl+0x9b/0xa3
[56592.084340]  [<c0104cbc>] show_registers+0x1b4/0x286
[56592.084340]  [<c0104e6d>] die+0xdf/0x1b1
[56592.084340]  [<c01148a0>] do_page_fault+0x424/0x4f0
[56592.084340]  [<c027f90a>] error_code+0x6a/0x70
[56592.084340]  [<c0136ba5>] snapshot_read+0x14/0x48
[56592.084340]  [<c015b26b>] vfs_read+0xad/0x15f
[56592.084340]  [<c015b5d3>] sys_read+0x3d/0x61
[56592.084340]  [<c0103b8a>] sysenter_past_esp+0x5f/0x85
[56592.084340]  =======================
[56592.084340] Code: 03 05 b4 e8 38 c0 40 89 82 98 01 00 00 c1 e0 0c 89 82 9c 
01 00 00 a1 a0 e8 38 c0 8b 4d f0 89 41 14 a1 b8 e8 38 c0 a3 c0 e8 38 c0 <8b> 
40 0c c7 05 c8 e8 38 c0 00 00 00 00 c7 05 cc e8 38 c0 ff ff
[56592.084340] EIP: [<c0135a6e>] snapshot_read_next+0xcf/0x1d7 SS:ESP 
0068:ee42df48
[56592.101007] swsusp: Basic memory bitmaps freed


that's on i686 with git tree with latest commit: 
845a2fdcbd5bc5b9f652201ee95c825827a1d521

-- 
Arkadiusz Miśkiewicz        PLD/Linux Team
arekm / maven.pl            http://ftp.pld-linux.org/

Re: cat /dev/snapshot == OOPs

[S.Çağlar Onur]

[-- Attachment #1: Type: text/plain, Size: 2909 bytes --]

10 Haz 2007 Paz tarihinde, Arkadiusz Miskiewicz şunları yazmıştı: 
> sudo cat /dev/snapshot

Same here with Linus's latest (although mine is tainted)

[11028.693171] swsusp: Basic memory bitmaps created
[11028.693219] BUG: unable to handle kernel NULL pointer dereference at 
virtual address 0000000c
[11028.693227]  printing eip:
[11028.693230] c0148b33
[11028.693232] *pde = 00000000
[11028.693237] Oops: 0000 [#1]
[11028.693240] SMP
[11028.693244] Modules linked in: isofs zlib_inflate af_packet snd_pcm_oss 
snd_mixer_oss snd_seq_dummy snd_seq_oss snd_seq_midi_event snd_seq 
snd_seq_device snd_hda_intel snd_pcm snd_timer snd soundcore snd_page_alloc 
nvidia(P) uvcvideo compat_ioctl32 videodev v4l1_compat v4l2_common hci_usb 
bluetooth intel_agp agpgart tsdev usbhid hid ff_memless sdhci mmc_core 
i2c_i801 i2c_core joydev iTCO_wdt iTCO_vendor_support firewire_ohci 
firewire_core crc_itu_t e100 mii ipw3945 ieee80211 ieee80211_crypt 
firmware_class serio_raw cpufreq_ondemand cpufreq_userspace cpufreq_powersave 
acpi_cpufreq freq_table rtc_cmos rtc_core rtc_lib ext3 jbd mbcache sr_mod 
cdrom sd_mod ata_generic ehci_hcd ata_piix ohci1394 ieee1394 uhci_hcd usbcore 
ahci libata scsi_mod
[11028.693331] CPU:    0
[11028.693332] EIP:    0060:[<c0148b33>]    Tainted: P       VLI
[11028.693335] EFLAGS: 00010206   (2.6.22-rc4-CFS-v16 #4)
[11028.693344] EIP is at memory_bm_position_reset+0x5/0x1a
[11028.693349] eax: c03d808c   ebx: c03d80e0   ecx: 00000002   edx: 00000000
[11028.693355] esi: c57f6d80   edi: 08051000   ebp: 00001000   esp: e0383f50
[11028.693359] ds: 007b   es: 007b   fs: 00d8  gs: 0033  ss: 0068
[11028.693365] Process cat (pid: 13165, ti=e0382000 task=f6109800 
task.ti=e0382000)
[11028.693368] Stack: c0149882 08051000 c03d80e0 c57f6d80 08051000 00000000 
c014ae82 00001000
[11028.693381]        c57f6d80 c02b4d00 c0174664 e0383fa0 f6109800 08051000 
c57f6d80 fffffff7
[11028.693393]        08051000 e0382000 c01749a8 e0383fa0 00000000 00000000 
00000000 00000003
[11028.693404] Call Trace:
[11028.693408]  [<c0149882>] snapshot_read_next+0x6b/0x164
[11028.693425]  [<c014ae82>] snapshot_read+0x11/0x45
[11028.693438]  [<c0174664>] vfs_read+0xb1/0x15b
[11028.693456]  [<c01749a8>] sys_read+0x41/0x67
[11028.693471]  [<c0103dd0>] syscall_call+0x7/0xb
[11028.693505]  =======================
[11028.693507] Code: 74 07 89 f8 e8 5d 04 00 00 31 d2 89 f8 e8 13 2d 01 00 89 
f2 eb b4 31 c0 b9 04 00 00 00 89 df f3 ab 5b 5e 5f 5d c3 8b 10 89 50 08 <8b> 
52 0c c7 40 10 00 00 00 00 c7 40 14 ff ff ff ff 89 50 0c c3
[11028.693561] EIP: [<c0148b33>] memory_bm_position_reset+0x5/0x1a SS:ESP 
0068:e0383f50
[11028.707698] swsusp: Basic memory bitmaps freed

Cheers
-- 
S.Çağlar Onur <caglar@pardus.org.tr>
http://cekirdek.pardus.org.tr/~caglar/

Linux is like living in a teepee. No Windows, no Gates and an Apache in house!

[-- Attachment #2: This is a digitally signed message part. --]
[-- Type: application/pgp-signature, Size: 189 bytes --]

Re: cat /dev/snapshot == OOPs

[Björn Steinbrink]

On 2007.06.10 15:42:33 +0200, Arkadiusz Miskiewicz wrote:
> Hello,
> 
> Is this desired behaviour?
> 
> $ sudo cat /dev/snapshot
> 
> ended with:
> 
> [54498.464550] device-mapper: ioctl: 4.11.0-ioctl (2006-10-12) initialised: 
> dm-devel@redhat.com
> [56592.077674] swsusp: Basic memory bitmaps created
> [56592.084340] BUG: unable to handle kernel NULL pointer dereference at 
> virtual address 0000000c
> [56592.084340]  printing eip:
> [56592.084340] c0135a6e
> [56592.084340] *pde = 00000000
> [56592.084340] Oops: 0000 [#1]
> [56592.084340] Modules linked in: dm_snapshot dm_mod radeon drm binfmt_misc 
> ipv6 sch_sfq mmc_block rfcomm l2cap bluetooth ircomm_tty ircomm 
> cpufreq_ondemand acpi_cpufreq freq_table hdaps snd_pcm_oss snd_mixer_oss 
> video thermal processor fan container evdev button battery ac nvram 
> thinkpad_acpi hwmon backlight tun capability commoncap firewire_ohci 
> firewire_core crc_itu_t ahci pcmcia sdhci usbhid hid ff_memless ohci1394 
> mmc_core ata_generic ipw2200 ieee80211 ieee80211_crypt firmware_class 
> ieee1394 yenta_socket rsrc_nonstatic pcmcia_core nsc_ircc tg3 snd_hda_intel 
> generic i2c_i801 i2c_core ide_core snd_pcm snd_timer snd intel_agp iTCO_wdt 
> iTCO_vendor_support soundcore sr_mod psmouse agpgart snd_page_alloc serio_raw 
> uhci_hcd irda crc_ccitt ehci_hcd usbcore cdrom rtc_cmos rtc_core rtc_lib xfs 
> scsi_wait_scan sd_mod ata_piix libata scsi_mod
> [56592.084340] CPU:    0
> [56592.084340] EIP:    0060:[<c0135a6e>]    Not tainted VLI
> [56592.084340] EFLAGS: 00210206   (2.6.22-rc4 #70)
> [56592.084340] EIP is at snapshot_read_next+0xcf/0x1d7
> [56592.084340] eax: 00000000   ebx: d96fd200   ecx: c038e8f8   edx: e0688000
> [56592.084340] esi: c031c462   edi: e0688186   ebp: ee42df5c   esp: ee42df48
> [56592.084340] ds: 007b   es: 007b   fs: 0000  gs: 0033  ss: 0068
> [56592.084340] Process cat (pid: 22965, ti=ee42c000 task=c7d55480 
> task.ti=ee42c000)
> [56592.084340] Stack: 00001000 c038e8f8 d96fd200 c038e8f8 0804e000 ee42df70 
> c0136ba5 d96fd200
> [56592.084340]        c0136b91 0804e000 ee42df90 c015b26b ee42df9c 00000006 
> 00001000 d96fd200
> [56592.084340]        fffffff7 0804e000 ee42dfb0 c015b5d3 ee42df9c 00000000 
> 00000000 00000000
> [56592.084340] Call Trace:
> [56592.084340]  [<c0104a50>] show_trace_log_lvl+0x1a/0x2f
> [56592.084340]  [<c0104b00>] show_stack_log_lvl+0x9b/0xa3
> [56592.084340]  [<c0104cbc>] show_registers+0x1b4/0x286
> [56592.084340]  [<c0104e6d>] die+0xdf/0x1b1
> [56592.084340]  [<c01148a0>] do_page_fault+0x424/0x4f0
> [56592.084340]  [<c027f90a>] error_code+0x6a/0x70
> [56592.084340]  [<c0136ba5>] snapshot_read+0x14/0x48
> [56592.084340]  [<c015b26b>] vfs_read+0xad/0x15f
> [56592.084340]  [<c015b5d3>] sys_read+0x3d/0x61
> [56592.084340]  [<c0103b8a>] sysenter_past_esp+0x5f/0x85
> [56592.084340]  =======================
> [56592.084340] Code: 03 05 b4 e8 38 c0 40 89 82 98 01 00 00 c1 e0 0c 89 82 9c 
> 01 00 00 a1 a0 e8 38 c0 8b 4d f0 89 41 14 a1 b8 e8 38 c0 a3 c0 e8 38 c0 <8b> 
> 40 0c c7 05 c8 e8 38 c0 00 00 00 00 c7 05 cc e8 38 c0 ff ff
> [56592.084340] EIP: [<c0135a6e>] snapshot_read_next+0xcf/0x1d7 SS:ESP 
> 0068:ee42df48
> [56592.101007] swsusp: Basic memory bitmaps freed

Looks like it is the access to zone_bm->bm_blocks aka
orig_bm.zone_bm_list->bm_blocks. zone_bm_list is NULL unless
swsusp_save() is called. I don't see any state variable that would allow
an obvious fix though, so I'll leave that to the swsusp guys.

Björn

Re: cat /dev/snapshot == OOPs

[Rafael J. Wysocki]

On Sunday, 10 June 2007 15:42, Arkadiusz Miskiewicz wrote:
> Hello,
> 
> Is this desired behaviour?

Obviously not.

> $ sudo cat /dev/snapshot
> 
> ended with:
> 
> [54498.464550] device-mapper: ioctl: 4.11.0-ioctl (2006-10-12) initialised: 
> dm-devel@redhat.com
> [56592.077674] swsusp: Basic memory bitmaps created
> [56592.084340] BUG: unable to handle kernel NULL pointer dereference at 
> virtual address 0000000c

Can you please try the appended patch?

Rafael


Signed-off-by: Rafael J. Wysocki <rjw@sisk.pl>
---
 kernel/power/user.c |    4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

Index: linux-2.6.22-rc4/kernel/power/user.c
===================================================================
--- linux-2.6.22-rc4.orig/kernel/power/user.c	2007-06-10 19:33:36.000000000 +0200
+++ linux-2.6.22-rc4/kernel/power/user.c	2007-06-10 19:35:59.000000000 +0200
@@ -99,6 +99,8 @@ static ssize_t snapshot_read(struct file
 	ssize_t res;
 
 	data = filp->private_data;
+	if (!data->ready)
+		return -ENODATA;
 	res = snapshot_read_next(&data->handle, count);
 	if (res > 0) {
 		if (copy_to_user(buf, data_of(data->handle), res))
@@ -163,7 +165,7 @@ static int snapshot_ioctl(struct inode *
 		break;
 
 	case SNAPSHOT_UNFREEZE:
-		if (!data->frozen)
+		if (!data->frozen || data->ready)
 			break;
 		mutex_lock(&pm_mutex);
 		thaw_processes();

Re: cat /dev/snapshot == OOPs

[Arkadiusz Miskiewicz]

On Sunday 10 of June 2007, Rafael J. Wysocki wrote:

> >
> > [54498.464550] device-mapper: ioctl: 4.11.0-ioctl (2006-10-12)
> > initialised: dm-devel@redhat.com
> > [56592.077674] swsusp: Basic memory bitmaps created
> > [56592.084340] BUG: unable to handle kernel NULL pointer dereference at
> > virtual address 0000000c
>
> Can you please try the appended patch?

[root@tarm ~]# LC_ALL=C cat /dev/snapshot
cat: /dev/snapshot: No data available

[  237.939976] swsusp: Basic memory bitmaps created
[  237.956642] swsusp: Basic memory bitmaps freed

no oops with that patch.

> Rafael


-- 
Arkadiusz Miśkiewicz        PLD/Linux Team
arekm / maven.pl            http://ftp.pld-linux.org/

Re: cat /dev/snapshot == OOPs

[S.Çağlar Onur]

[-- Attachment #1: Type: text/plain, Size: 347 bytes --]

10 Haz 2007 Paz tarihinde, Rafael J. Wysocki şunları yazmıştı: 
> Can you please try the appended patch?

I cannot reproduce the oops with that patch applied...

Cheers
-- 
S.Çağlar Onur <caglar@pardus.org.tr>
http://cekirdek.pardus.org.tr/~caglar/

Linux is like living in a teepee. No Windows, no Gates and an Apache in house!

[-- Attachment #2: This is a digitally signed message part. --]
[-- Type: application/pgp-signature, Size: 189 bytes --]