From: Eugene Shatokhin <eugene.shatokhin@rosalab.ru>
To: intel-gfx@lists.freedesktop.org
Cc: Daniel Vetter <daniel.vetter@ffwll.ch>,
LKML <linux-kernel@vger.kernel.org>
Subject: i915: NULL pointer dereference in i915_update_dri1_breadcrumb() during shutdown
Date: Tue, 10 Dec 2013 12:27:55 +0400 [thread overview]
Message-ID: <52A6D08B.1040802@rosalab.ru> (raw)
Hi,
I have recently observed a NULL pointer dereference in i915 driver on my
Eee PC running ROSA Linux with kernel 3.10.21.
The crash occurs during shutdown but quite rarely, not each time.
The system log is lost but here is what I extracted from the info
displayed on the screen.
NULL pointer dereference at 0x4
EIP is at i915_update_dri1_breadcrumb+0x25/0x70
comm: systemd-journal
i915_update_dri1_breadcrumb+0x25:
mov 0x4(%eax),%ebx // %eax contains 0, the list of register values
confirms that.
That is the reading of 'master_priv->sarea_priv':
void i915_update_dri1_breadcrumb(struct drm_device *dev)
{
drm_i915_private_t *dev_priv = dev->dev_private;
struct drm_i915_master_private *master_priv;
if (dev->primary->master) {
master_priv = dev->primary->master->driver_priv;
if (master_priv->sarea_priv) // <<< crashes here
master_priv->sarea_priv->last_dispatch =
READ_BREADCRUMB(dev_priv);
}
}
addr2line points to the same line too.
So, i915_update_dri1_breadcrumb() was called somehow when
dev->primary->master->driver_priv was NULL already. A race with
i915_master_destroy() or something else?
Hardware info, from the output of lspci -vnn:
------------------------------
00:02.0 VGA compatible controller [0300]: Intel Corporation Atom
Processor D4xx/D5xx/N4xx/N5xx Integrated Graphics Controller [8086:a011]
(prog-if 00 [VGA controller])
Subsystem: ASUSTeK Computer Inc. Device [1043:83ac]
Flags: bus master, fast devsel, latency 0, IRQ 44
Memory at f7e00000 (32-bit, non-prefetchable) [size=512K]
I/O ports at dc00 [size=8]
Memory at d0000000 (32-bit, prefetchable) [size=256M]
Memory at f7d00000 (32-bit, non-prefetchable) [size=1M]
Expansion ROM at <unassigned> [disabled]
Capabilities: [90] MSI: Enable+ Count=1/1 Maskable- 64bit-
Capabilities: [d0] Power Management version 2
Kernel driver in use: i915
------------------------------
Regards,
Eugene
--
Eugene Shatokhin, ROSA Laboratory.
www.rosalab.com
next reply other threads:[~2013-12-10 8:28 UTC|newest]
Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top
2013-12-10 8:27 Eugene Shatokhin [this message]
2013-12-10 12:23 ` i915: NULL pointer dereference in i915_update_dri1_breadcrumb() during shutdown Daniel Vetter
2013-12-10 14:25 ` Eugene Shatokhin
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=52A6D08B.1040802@rosalab.ru \
--to=eugene.shatokhin@rosalab.ru \
--cc=daniel.vetter@ffwll.ch \
--cc=intel-gfx@lists.freedesktop.org \
--cc=linux-kernel@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox