88401 – "BUG: unable to handle kernel paging request" when resuming from suspend to memory

Bug 88401 - "BUG: unable to handle kernel paging request" when resuming from suspend to memory

Summary: "BUG: unable to handle kernel paging request" when resuming from suspend to m...

Status:	CLOSED CODE_FIX

Alias:	None

Product:	Memory Management
Classification:	Unclassified
Component:	Other (show other bugs)
Hardware:	All Linux

Importance:	P1 normal
Assignee:	Andrew Morton

URL:
Keywords:

Depends on:
Blocks:

Reported:	2014-11-18 08:02 UTC by Christian Casteyde
Modified:	2014-12-09 09:54 UTC (History)
CC List:	0 users

See Also:
Kernel Version:	3.17.2
Subsystem:
Regression:	No
Bisected commit-id:

Attachments
drivers-input-evdevc-dont-kfree-a-vmalloc-address.patch (1.01 KB, patch) 2014-11-20 23:13 UTC, Andrew Morton	Details \| Diff
Add an attachment (proposed patch, testcase, etc.)

Description Christian Casteyde 2014-11-18 08:02:55 UTC

Kernel 3.17.2 64 bits
GCC 4.8.3
Slackware64 14.1
Core i7 / 6GB RAM

I've got this bug just after resuming from suspend to memory.
It may be related to ath9k driver since it is surrounded by ath logs:

hid-generic 0003:045E:0745.000F: input,hiddev0,hidraw2: USB HID v1.11 Device [Microsoft Microsoft
® Nano Transceiver v2.0] on usb-0000:00:1d.0-1.2/input2
ath: phy0: Set channel: 2422 MHz width: 0
ath: phy0: Reset to 2422 MHz, HT40: 0 fastcc: 1
ath: phy0: FastChannelChange for 2417 -> 2422
BUG: unable to handle kernel paging request at ffffeb0400564d40
IP: [<ffffffff81133453>] kfree+0x43/0x110
PGD 0 
Oops: 0000 [#1] PREEMPT SMP 
Modules linked in: ath9k ath9k_common ath9k_hw ath
CPU: 6 PID: 2292 Comm: acpid Not tainted 3.17.2 #9
Hardware name: Acer Aspire 7750G/JE70_HR, BIOS V1.07 03/02/2011
task: ffff8800ab27a580 ti: ffff8801c5a68000 task.ti: ffff8801c5a68000
RIP: 0010:[<ffffffff81133453>]  [<ffffffff81133453>] kfree+0x43/0x110
RSP: 0018:ffff8801c5a6bc28  EFLAGS: 00010282
RAX: ffffeb0400564d40 RBX: ffffc90015935000 RCX: 00000000c0000100
RDX: ffffea0000000000 RSI: ffff8800ab27a580 RDI: ffffc90015935000
RBP: ffff8801c5a6bc38 R08: ffff8801c5a68000 R09: 00000000ffffffff
R10: 0000000000000c63 R11: 0000000000000000 R12: ffff88007f3da080
R13: ffff88007f3da000 R14: ffff8801398c3758 R15: ffff88007f3da338
FS:  00007f30d8dd3740(0000) GS:ffff8801cf580000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: ffffeb0400564d40 CR3: 00000001c6596000 CR4: 00000000000407e0
Stack:
 ffffc90015935000 ffff88007f3da080 ffff8801c5a6bc80 ffffffff8158a800
 ffff8801a8c16500 ffff8800fffffff0 ffff88007f3da338 ffff8801398c3758
 ffff8801a8c16500 ffffffff81942020 0000000000008800 ffff8801c5a6bcb8
Call Trace:
 [<ffffffff8158a800>] evdev_open+0x140/0x1f0
 [<ffffffff8113db3a>] chrdev_open+0x9a/0x1d0
 [<ffffffff8113daa0>] ? cdev_put+0x20/0x20
 [<ffffffff81137822>] do_dentry_open.isra.16+0x1e2/0x320
 [<ffffffff81137a49>] finish_open+0x19/0x30
 [<ffffffff81146252>] do_last.isra.59+0x462/0xc50
 [<ffffffff81143e46>] ? link_path_walk+0x246/0x890
 [<ffffffff81146af2>] path_openat+0xb2/0x650
 [<ffffffff811334e0>] ? kfree+0xd0/0x110
 [<ffffffff811481f5>] do_filp_open+0x35/0x80
 [<ffffffff8115432f>] ? __alloc_fd+0x9f/0x130
 [<ffffffff81138b34>] do_sys_open+0x124/0x220
 [<ffffffff81138c49>] SyS_open+0x19/0x20
 [<ffffffff8186b792>] system_call_fastpath+0x16/0x1b
Code: 77 00 00 b8 00 00 00 80 48 01 f8 48 0f 42 15 d5 2b a8 00 48 01 d0 48 ba 00 00 00 00 00 ea ff ff 48 c1 e8 0c 48 c1 e0 06 48 01 d0 <48> 8b 10 80 e6 80 0f 85 a4 00 00 00 49 89 c2 49 8b 02 a8 80 74 
RIP  [<ffffffff81133453>] kfree+0x43/0x110
 RSP <ffff8801c5a6bc28>
CR2: ffffeb0400564d40
---[ end trace 578b34952646a910 ]---
ath: phy0: Set channel: 2427 MHz width: 0
ath: phy0: Reset to 2427 MHz, HT40: 0 fastcc: 1
ath: phy0: FastChannelChange for 2422 -> 2427
ath: phy0: Set channel: 2432 MHz width: 0
ath: phy0: Reset to 2432 MHz, HT40: 0 fastcc: 0
ath: phy0: ah->misc_mode 0x4
ath: phy0: STA is not yet associated..skipping beacon config
ath: phy0: Set channel: 2437 MHz width: 0
ath: phy0: Reset to 2437 MHz, HT40: 0 fastcc: 1
ath: phy0: FastChannelChange for 2432 -> 2437
usb 3-2: new low-speed USB device number 6 using xhci_hcd
ath: phy0: Set channel: 2442 MHz width: 0
ath: phy0: Reset to 2442 MHz, HT40: 0 fastcc: 1
ath: phy0: FastChannelChange for 2437 -> 2442
ath: phy0: Set channel: 2447 MHz width: 0
ath: phy0: Reset to 2447 MHz, HT40: 0 fastcc: 1
ath: phy0: FastChannelChange for 2442 -> 2447
ath: phy0: Set channel: 2452 MHz width: 0
ath: phy0: Reset to 2452 MHz, HT40: 0 fastcc: 1
ath: phy0: FastChannelChange for 2447 -> 2452
usb 3-2: New USB device found, idVendor=413c, idProduct=2105
usb 3-2: New USB device strings: Mfr=1, Product=2, SerialNumber=0
usb 3-2: Product: Dell USB Keyboard
...

After that, everything seems to work correctly.
I've never seen this bug before and doesn't seem to be reproducible.

Comment 1 Christian Casteyde 2014-11-18 08:09:06 UTC

More info: at shutdown, when shutting down processes, acpid was already dead so it may be the process that caused the crash.

Comment 2 Andrew Morton 2014-11-20 23:13:07 UTC

Created attachment 158271 [details]
drivers-input-evdevc-dont-kfree-a-vmalloc-address.patch

Comment 3 Andrew Morton 2014-11-20 23:13:55 UTC

Thanks for the report.  I did spot a bug which could cause this.  I don't know whether it *did* cause this.

Note You need to log in before you can comment on or make changes to this bug.