Null pointer dereference, kernel panic during hibernation

AlexRu · 2013-04-30 10:30:06

Tried to suspend in kde and get this log

[20420.271498] PM: Hibernation mode set to 'platform'
[20420.504416] BUG: unable to handle kernel NULL pointer dereference at 0000000000000390
[20420.504431] IP: [<ffffffffa00ec8ef>] pppoe_release+0x15f/0x1b0 [pppoe]
[20420.504446] PGD 0 
[20420.504452] Oops: 0000 [#1] PREEMPT SMP 
[20420.504460] Modules linked in: nls_utf8 ntfs pppoe pppox ppp_generic slhc hid_generic usbhid uvcvideo hid videobuf2_vmalloc ums_realtek videobuf2_memops videobuf2_core videodev media usb_storage coretemp kvm_intel kvm crc32c_intel ghash_clmulni_intel aesni_intel snd_hda_codec_hdmi snd_hda_codec_realtek aes_x86_64 snd_hda_intel snd_hda_codec xts lrw gf128mul ablk_helper snd_hwdep cryptd joydev snd_pcm snd_page_alloc snd_timer snd arc4 ath9k ath9k_common ath9k_hw fglrx(PO) ath mac80211 cfg80211 iTCO_wdt microcode iTCO_vendor_support acer_wmi sparse_keymap amd_iommu_v2 rfkill mei atl1c i2c_i801 i2c_core soundcore lpc_ich battery wmi acpi_cpufreq ac mperf video button processor pcspkr psmouse evdev serio_raw sg ext4 crc16 jbd2 mbcache sd_mod ahci libahci ehci_pci libata xhci_hcd ehci_hcd scsi_mod usbcore
[20420.504536]  usb_common
[20420.504537] CPU 0 
[20420.504540] Pid: 360, comm: pppd Tainted: P           O 3.8.10-1-ARCH #1 Acer Aspire 7750G/JE70_HR
[20420.504542] RIP: 0010:[<ffffffffa00ec8ef>]  [<ffffffffa00ec8ef>] pppoe_release+0x15f/0x1b0 [pppoe]
[20420.504545] RSP: 0000:ffff88013e973c28  EFLAGS: 00010202
[20420.504546] RAX: 0000000000000000 RBX: ffff8801435fc000 RCX: 0000000000000001
[20420.504547] RDX: 00000000000000b1 RSI: 0000000000000000 RDI: ffff8801435fc050
[20420.504548] RBP: ffff88013e973c58 R08: 0000000000000000 R09: 0000000000000000
[20420.504549] R10: ffff88013e95e110 R11: 0000000000000001 R12: ffffffffa00ed2c0
[20420.504551] R13: ffff880144d5aa80 R14: ffff880144f310c0 R15: ffff880148d1c720
[20420.504552] FS:  00007fb7ac939700(0000) GS:ffff88014f400000(0000) knlGS:0000000000000000
[20420.504554] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[20420.504555] CR2: 0000000000000390 CR3: 000000000180d000 CR4: 00000000000407f0
[20420.504556] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[20420.504557] DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000400
[20420.504559] Process pppd (pid: 360, threadinfo ffff88013e972000, task ffff880143e93aa0)
[20420.504560] Stack:
[20420.504561]  ffff88013e95e110 ffff880144d5aa80 ffffffffa00ed2c0 ffff880144d5aab0
[20420.504563]  ffff880144f310c0 ffff880148d1c720 ffff88013e973c78 ffffffff813b25af
[20420.504565]  ffff88013e95e100 0000000000000008 ffff88013e973c88 ffffffff813b2627
[20420.504567] Call Trace:
[20420.504572]  [<ffffffff813b25af>] sock_release+0x1f/0x80
[20420.504574]  [<ffffffff813b2627>] sock_close+0x17/0x30
[20420.504578]  [<ffffffff811891f1>] __fput+0xa1/0x220
[20420.504580]  [<ffffffff8118942e>] ____fput+0xe/0x10
[20420.504583]  [<ffffffff810772dc>] task_work_run+0xbc/0xe0
[20420.504586]  [<ffffffff8105cb23>] do_exit+0x283/0xa50
[20420.504589]  [<ffffffff81194cdb>] ? filename_lookup+0x2b/0xc0
[20420.504591]  [<ffffffff8105d36f>] do_group_exit+0x3f/0xa0
[20420.504594]  [<ffffffff8106c250>] get_signal_to_deliver+0x2a0/0x640
[20420.504598]  [<ffffffff81015484>] do_signal+0x34/0x8d0
[20420.504600]  [<ffffffff813b3782>] ? sys_sendto+0x122/0x170
[20420.504602]  [<ffffffff813b343b>] ? sys_connect+0xdb/0x100
[20420.504605]  [<ffffffff81015d88>] do_notify_resume+0x68/0xa0
[20420.504607]  [<ffffffff814c75da>] int_signal+0x12/0x17
[20420.504608] Code: 2c e1 f0 ff 4b 4c 0f 94 c0 84 c0 75 3f 31 c0 48 83 c4 08 5b 41 5c 41 5d 41 5e 41 5f 5d c3 66 0f 1f 44 00 00 48 8b 83 c0 02 00 00 <48> 8b 80 90 03 00 00 65 ff 08 48 c7 83 c0 02 00 00 00 00 00 00 
[20420.504630] RIP  [<ffffffffa00ec8ef>] pppoe_release+0x15f/0x1b0 [pppoe]
[20420.504633]  RSP <ffff88013e973c28>
[20420.504634] CR2: 0000000000000390
[20420.504636] ---[ end trace ed8c7c4cfcbd9997 ]---
[20420.504637] Fixing recursive fault but reboot is needed!
[20423.944883] PM: Marking nosave pages: [mem 0x0009d000-0x000fffff]
[20423.945475] PM: Marking nosave pages: [mem 0xaf63f000-0xaf7fefff]
[20423.946190] PM: Marking nosave pages: [mem 0xaf800000-0xffffffff]
[20423.947486] PM: Basic memory bitmaps created
[20423.947790] PM: Syncing filesystems ... done.
[20431.038549] Freezing user space processes ... 
[20451.041788] Freezing of tasks failed after 20.01 seconds (1 tasks refusing to freeze, wq_busy=0):
[20451.043678] pppd            D ffff880143e93aa0     0   360    296 0x00000006
[20451.045285]  ffff88013e973908 0000000000000046 0000000000014000 ffff88013e973fd8
[20451.047003]  ffff88013e973fd8 0000000000014000 ffff880143e93aa0 0000000000000000
[20451.048728]  0000000000000000 000000000000002c ffff88013e9738c0 0000000000000246
[20451.050439] Call Trace:
[20451.050970]  [<ffffffff814b76bd>] ? printk+0x54/0x56
[20451.052032]  [<ffffffff814be899>] schedule+0x29/0x70
[20451.053091]  [<ffffffff8105d25b>] do_exit+0x9bb/0xa50
[20451.054159]  [<ffffffff8105a921>] ? kmsg_dump+0xc1/0xd0
[20451.055304]  [<ffffffff814c0dbe>] oops_end+0x9e/0xe0
[20451.056355]  [<ffffffff814b6fef>] no_context+0x281/0x28f
[20451.057478]  [<ffffffff814b7083>] __bad_area_nosemaphore+0x86/0x1dc
[20451.058814]  [<ffffffff81128a02>] ? __free_memcg_kmem_pages+0x22/0x50
[20451.060179]  [<ffffffff814b71ec>] bad_area_nosemaphore+0x13/0x15
[20451.061448]  [<ffffffff814c336e>] __do_page_fault+0x3ee/0x5c0
[20451.062672]  [<ffffffff81127e9f>] ? free_one_page+0x15f/0x310
[20451.063892]  [<ffffffff81128128>] ? free_compound_page+0x38/0x40
[20451.065169]  [<ffffffff8112d5cf>] ? __put_compound_page+0x1f/0x30
[20451.066463]  [<ffffffff814c354e>] do_page_fault+0xe/0x10
[20451.067585]  [<ffffffff814c0288>] page_fault+0x28/0x30
[20451.068684]  [<ffffffffa00ec8ef>] ? pppoe_release+0x15f/0x1b0 [pppoe]
[20451.070047]  [<ffffffffa00ec7c0>] ? pppoe_release+0x30/0x1b0 [pppoe]
[20451.071391]  [<ffffffff813b25af>] sock_release+0x1f/0x80
[20451.072533]  [<ffffffff813b2627>] sock_close+0x17/0x30
[20451.073624]  [<ffffffff811891f1>] __fput+0xa1/0x220
[20451.074655]  [<ffffffff8118942e>] ____fput+0xe/0x10
[20451.075698]  [<ffffffff810772dc>] task_work_run+0xbc/0xe0
[20451.076843]  [<ffffffff8105cb23>] do_exit+0x283/0xa50
[20451.077911]  [<ffffffff81194cdb>] ? filename_lookup+0x2b/0xc0
[20451.079135]  [<ffffffff8105d36f>] do_group_exit+0x3f/0xa0
[20451.080283]  [<ffffffff8106c250>] get_signal_to_deliver+0x2a0/0x640
[20451.081619]  [<ffffffff81015484>] do_signal+0x34/0x8d0db
[20451.082708]  [<ffffffff813b3782>] ? sys_sendto+0x122/0x170
[20451.083867]  [<ffffffff813b343b>] ? sys_connect+0xdb/0x100
[20451.085037]  [<ffffffff81015d88>] do_notify_resume+0x68/0xa0
[20451.086235]  [<ffffffff814c75da>] int_signal+0x12/0x17

[20451.087686] Restarting tasks ... done.
[20451.089352] PM: Basic memory bitmaps freed
[20451.090247] video LNXVIDEO:01: Restoring backlight state
[20522.172410] usb 4-1.4: USB disconnect, device number 3
[20523.340878] ehci-pci 0000:00:1d.0: setting latency timer to 64
[20523.580734] usb 4-1.4: new low-speed USB device number 4 using ehci-pci
[20523.684096] input: PixArt USB Optical Mouse as /devices/pci0000:00/0000:00:1d.0/usb4/4-1/4-1.4/4-1.4:1.0/input/input16
[20523.699127] hid-generic 0003:093A:2510.0002: input,hidraw0: USB HID v1.11 Mouse [PixArt USB Optical Mouse] on usb-0000:00:1d.0-1.4/input0

It occured only a couple of times during hibernation, dont know how to reproduce it. But while looking at the code i saw strange thing in function pppoe_flush_dev http://lxr.linux.no/linux+v3.8.4/driver … poe.c#L280:

if (po->pppoe_dev == dev &&
                            sk->sk_state & (PPPOX_CONNECTED | PPPOX_BOUND | PPPOX_ZOMBIE)) {
                                pppox_unbind_sock(sk);
                                sk->sk_state = PPPOX_ZOMBIE;
                                sk->sk_state_change(sk);
                                po->pppoe_dev = NULL;
                                dev_put(dev);
                        }

dev is equivalent to po->pppoe_dev? and dev_put dereferences *dev, but isnt it NULL? In the other places, such as pppoe_release, dev_put executing before po->pppoe_dev=NULL

AlexRu · 2013-04-30 10:32:50

uname -r
3.8.10-1-ARCH

Arch Linux

#1 2013-04-30 10:30:06

Null pointer dereference, kernel panic during hibernation

#2 2013-04-30 10:32:50

Re: Null pointer dereference, kernel panic during hibernation

Board footer