From: Jiri Slaby <jslaby@suse.cz>
To: Keith Packard <keithp@keithp.com>
Cc: Chris Wilson <chris@chris-wilson.co.uk>,
dri-devel@lists.freedesktop.org,
LKML <linux-kernel@vger.kernel.org>,
Jiri Slaby <jirislaby@gmail.com>
Subject: i915: NULL pointer dereference in pagevec_move_tail
Date: Tue, 10 Apr 2012 11:53:04 +0200 [thread overview]
Message-ID: <4F840300.3090101@suse.cz> (raw)
Hi,
in today's -next I see:
BUG: unable to handle kernel NULL pointer dereference at (null)
IP: [<ffffffff810e3990>] pagevec_move_tail+0x30/0x30
PGD 1bf4fc067 PUD 1bf4f0067 PMD 0
Oops: 0000 [#1] SMP
CPU 0
Modules linked in: pl2303 usbserial microcode
Pid: 4260, comm: X Not tainted 3.4.0-rc2-next-20120410_64+ #1683 To Be
Filled By O.E.M. To Be Filled By O.E.M./To be filled by O.E.M.
RIP: 0010:[<ffffffff810e3990>] [<ffffffff810e3990>]
pagevec_move_tail+0x30/0x30
RSP: 0018:ffff8801bf7f1ca0 EFLAGS: 00010202
RAX: ffff8801c1502b60 RBX: 0000000000000008 RCX: ffff8801c286a000
RDX: 0000000000000000 RSI: 0000000000000819 RDI: 0000000000000000
RBP: ffff8801bf7f1cc8 R08: 0000000000000001 R09: ffff8801bf7f1fd8
R10: ffff8801bf7f1fd8 R11: ffff880000000000 R12: ffff8801bf6cbe00
R13: 0000000000000008 R14: ffff8801bfdf6138 R15: ffff8801c2def000
FS: 00007fd1d3d9f880(0000) GS:ffff8801cbc00000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000000000000000 CR3: 00000001bff5b000 CR4: 00000000000007f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000400
Process X (pid: 4260, threadinfo ffff8801bf7f0000, task ffff8801c28ea640)
Stack:
ffffffff81345290 ffff8801bf7f1cc8 ffff8801bf6cbe00 0000000000000000
ffff8801c286a000 ffff8801bf7f1cf8 ffffffff813486fd ffff8801bf7f1cf8
ffff8801bf6cbe00 ffff8801c286a000 000000000000000a ffff8801bf7f1d18
Call Trace:
[<ffffffff81345290>] ? i915_gem_object_put_pages_gtt+0x90/0x180
[<ffffffff813486fd>] i915_gem_object_unbind+0xad/0x1e0
[<ffffffff8134884a>] i915_gem_free_object_tail+0x1a/0xd0
[<ffffffff8134b391>] i915_gem_free_object+0x51/0x60
[<ffffffff8131faa5>] drm_gem_object_free+0x25/0x40
[<ffffffff81320120>] drm_gem_handle_delete+0xf0/0x120
[<ffffffff813203a3>] drm_gem_close_ioctl+0x23/0x30
[<ffffffff8131e20c>] drm_ioctl+0x43c/0x510
[<ffffffff81086472>] ? enqueue_hrtimer+0x22/0x50
[<ffffffff81320380>] ? drm_gem_destroy+0x50/0x50
[<ffffffff81086e9f>] ? hrtimer_start_range_ns+0xf/0x20
[<ffffffff811325d7>] do_vfs_ioctl+0x97/0x580
[<ffffffff81121ead>] ? vfs_read+0xfd/0x180
[<ffffffff81132b0a>] sys_ioctl+0x4a/0x80
[<ffffffff816359e2>] system_call_fastpath+0x16/0x1b
Code: 32 0e 81 48 89 e5 48 83 ec 10 48 8d 55 fc c7 45 fc 00 00 00 00 e8
e1 fe ff ff 48 63 45 fc 65 48 01 04 25 b0 e3 00 00 c9 c3 66 90 <48> f7
07 00 c
0f
RIP [<ffffffff810e3990>] pagevec_move_tail+0x30/0x30
RSP <ffff8801bf7f1ca0>
CR2: 0000000000000000
This is G33:
00:02.0 VGA compatible controller [0300]: Intel Corporation 82G33/G31
Express Integrated Graphics Controller [8086:29c2] (rev 02) (prog-if 00
[VGA controller])
Subsystem: Intel Corporation 82G33/G31 Express Integrated
Graphics Controller [8086:29c2]
Control: I/O+ Mem+ BusMaster+ SpecCycle- MemWINV- VGASnoop-
ParErr- Stepping- SERR- FastB2B- DisINTx+
Status: Cap+ 66MHz- UDF- FastB2B+ ParErr- DEVSEL=fast >TAbort-
<TAbort- <MAbort- >SERR- <PERR- INTx-
Latency: 0
Interrupt: pin A routed to IRQ 42
Region 0: Memory at feb80000 (32-bit, non-prefetchable) [size=512K]
Region 1: I/O ports at ec00 [size=8]
Region 2: Memory at d0000000 (32-bit, prefetchable) [size=256M]
Region 3: Memory at fea00000 (32-bit, non-prefetchable) [size=1M]
Expansion ROM at <unassigned> [disabled]
Capabilities: [90] MSI: Enable+ Count=1/1 Maskable- 64bit-
Address: fee0300c Data: 4179
Capabilities: [d0] Power Management version 2
Flags: PMEClk- DSI+ D1- D2- AuxCurrent=0mA
PME(D0-,D1-,D2-,D3hot-,D3cold-)
Status: D0 NoSoftRst- PME-Enable- DSel=0 DScale=0 PME-
Kernel driver in use: i915
00: 86 80 c2 29 07 04 90 00 02 00 00 03 00 00 00 00
10: 00 00 b8 fe 01 ec 00 00 08 00 00 d0 00 00 a0 fe
20: 00 00 00 00 00 00 00 00 00 00 00 00 86 80 c2 29
30: 00 00 00 00 90 00 00 00 00 00 00 00 05 01 00 00
40: 09 00 0b 01 00 00 00 00 01 00 00 00 00 00 00 00
50: 00 00 30 02 c9 03 00 00 00 00 00 00 00 00 80 af
60: 00 00 02 02 00 00 00 00 00 00 00 00 00 00 00 00
70: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
90: 05 d0 01 00 0c 30 e0 fe 79 41 00 00 00 00 00 00
a0: 11 11 00 00 00 00 06 03 00 00 00 00 00 00 00 00
b0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
c0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
d0: 01 00 22 00 00 00 00 00 00 00 00 00 00 01 02 00
e0: 00 00 00 00 00 00 00 00 00 80 00 00 00 00 00 00
f0: 10 00 00 00 00 00 00 00 90 0f 03 00 e4 e0 5b af
thanks,
--
js
suse labs
next reply other threads:[~2012-04-10 9:53 UTC|newest]
Thread overview: 2+ messages / expand[flat|nested] mbox.gz Atom feed top
2012-04-10 9:53 Jiri Slaby [this message]
2012-04-11 9:11 ` i915: NULL pointer dereference in pagevec_move_tail Jiri Slaby
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=4F840300.3090101@suse.cz \
--to=jslaby@suse.cz \
--cc=chris@chris-wilson.co.uk \
--cc=dri-devel@lists.freedesktop.org \
--cc=jirislaby@gmail.com \
--cc=keithp@keithp.com \
--cc=linux-kernel@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.