Regression in Linux next-20171113 with fbdev timer conversion

public inbox for linux-kernel@vger.kernel.org
 help / color / mirror / Atom feed

From: Tony Lindgren <tony@atomide.com>
To: Kees Cook <keescook@chromium.org>,
	Bartlomiej Zolnierkiewicz <b.zolnierkie@samsung.com>
Cc: Tomi Valkeinen <tomi.valkeinen@ti.com>,
	Daniel Vetter <daniel.vetter@ffwll.ch>,
	Stephen Rothwell <sfr@canb.auug.org.au>,
	linux-kernel@vger.kernel.org, dri-devel@lists.freedesktop.org
Subject: Regression in Linux next-20171113 with fbdev timer conversion
Date: Mon, 13 Nov 2017 09:07:14 -0800	[thread overview]
Message-ID: <20171113170714.GV28152@atomide.com> (raw)

Hi,

Looks like next-20171113 now has a NULL pointe dereference with commit
6c78935777d1 ("video: fbdev: Convert timers to use timer_setup()").

See the error below, any ideas?

Regards,

Tony

8< ------------------
Unable to handle kernel NULL pointer dereference at virtual address 00000214
pgd = edfe4000
[00000214] *pgd=00000000
Internal error: Oops: 5 [#1] SMP ARM
...
CPU: 1 PID: 920 Comm: openrc-run.sh Not tainted 4.14.0-next-20171113+ #1911
Hardware name: Generic OMAP4 (Flattened Device Tree)
task: ed922000 task.stack: edc20000
PC is at _test_and_set_bit+0x20/0x48
LR is at queue_work_on+0x28/0x74
pc : [<c086f270>]    lr : [<c0155b78>]    psr: 60000193
sp : edc21e38  ip : 00000000  fp : c0d09168
r10: edb686bc  r9 : 00000001  r8 : c0544e4c
r7 : ee80f000  r6 : 00000002  r5 : 00000214  r4 : 20000113
r3 : 00000001  r2 : 00000001  r1 : 00000214  r0 : 00000000
Flags: nZCv  IRQs off  FIQs on  Mode SVC_32  ISA ARM  Segment none
Control: 10c5387d  Table: adfe404a  DAC: 00000051
Process openrc-run.sh (pid: 920, stack limit = 0xedc20218)
Stack: (0xedc21e38 to 0xedc22000)
1e20:                                                       edb686bc edb686bc
1e40: c0dc8588 00000100 c0544e4c c0544e6c c0dc7239 c01cc78c 00000001 00000000
1e60: c01cc6d0 00000000 00000000 00000000 00000001 c1505b74 c124c5f8 00000000
1e80: c0adfb54 00000000 c0544e4c edb686bc c0544e4c ef6b3700 edc20000 edc21ed8
1ea0: c0dc8588 c0d09168 edb686bc c01ccbbc ffff8fee 00000001 edc21ed8 c0d05d00
1ec0: ef6b3700 c0d0957c 00000100 c0dc8128 00000282 c01ccd94 00000000 c0d4675c
1ee0: 60000113 c0dc7132 c0d09168 c019f718 ffffe000 ffffffff c0d03084 edc20000
1f00: 00000001 c0dc7132 c0d09168 c0101714 c0d8821c c0dc720a 00000002 0000000a
1f20: ffff8fee 00400000 00000001 00000002 00000000 ffffe000 00000000 c0d0957c
1f40: 00000000 00000001 ee80d400 fa240100 c0d09854 c013fa6c c0c79160 c01adf54
1f60: fa24010c 000003eb 000003ff 00000000 edc21fb0 c0d88738 fa240100 c0101574
1f80: 00000006 fa241100 edc20000 b6f2e9bc 20000010 ffffffff 10c5387d 10c5387d
1fa0: 005169a0 00517240 005169a0 c088d6b4 005280ea 005280eb 00000000 0000005f
1fc0: 005280e4 004f9511 00517830 00000000 00000000 005169a0 00517240 005169a0
1fe0: 00000001 bed595c0 bed595e0 b6f2e9bc 20000010 ffffffff 00000000 00000000
[<c086f270>] (_test_and_set_bit) from [<c0155b78>] (queue_work_on+0x28/0x74)
[<c0155b78>] (queue_work_on) from [<c0544e6c>] (cursor_timer_handler+0x20/0x44)
[<c0544e6c>] (cursor_timer_handler) from [<c01cc78c>] (call_timer_fn+0xbc/0x408)
[<c01cc78c>] (call_timer_fn) from [<c01ccbbc>] (expire_timers+0xe4/0x220)
[<c01ccbbc>] (expire_timers) from [<c01ccd94>] (run_timer_softirq+0x9c/0x1a4)
[<c01ccd94>] (run_timer_softirq) from [<c0101714>] (__do_softirq+0x13c/0x5b8)
[<c0101714>] (__do_softirq) from [<c013fa6c>] (irq_exit+0x14c/0x1a8)
[<c013fa6c>] (irq_exit) from [<c01adf54>] (__handle_domain_irq+0x6c/0xe0)
[<c01adf54>] (__handle_domain_irq) from [<c0101574>] (gic_handle_irq+0x58/0xb8)
[<c0101574>] (gic_handle_irq) from [<c088d6b4>] (__irq_usr+0x54/0x80)
Exception stack(0xedc21fb0 to 0xedc21ff8)
1fa0:                                     005280ea 005280eb 00000000 0000005f
1fc0: 005280e4 004f9511 00517830 00000000 00000000 005169a0 00517240 005169a0
1fe0: 00000001 bed595c0 bed595e0 b6f2e9bc 20000010 ffffffff
Code: e1a002a0 e0811100 e1a03312 ee070fba (e1912f9f)

next             reply	other threads:[~2017-11-13 17:07 UTC|newest]

Thread overview: 3+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
     [not found] <CGME20171113170720epcas2p3737aa011465d2d56d10cef18dcefed7a@epcas2p3.samsung.com>
2017-11-13 17:07 ` Tony Lindgren [this message]
2017-11-13 17:24   ` Regression in Linux next-20171113 with fbdev timer conversion Bartlomiej Zolnierkiewicz
2017-11-13 18:48     ` Tony Lindgren

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20171113170714.GV28152@atomide.com \
    --to=tony@atomide.com \
    --cc=b.zolnierkie@samsung.com \
    --cc=daniel.vetter@ffwll.ch \
    --cc=dri-devel@lists.freedesktop.org \
    --cc=keescook@chromium.org \
    --cc=linux-kernel@vger.kernel.org \
    --cc=sfr@canb.auug.org.au \
    --cc=tomi.valkeinen@ti.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox