[Bugme-new] [Bug 17201] New: Kernel NULL pointer dereference in r600_ioctl_wait_idle

bugzilla-daemon at bugzilla.kernel.org bugzilla-daemon at bugzilla.kernel.org
Sat Aug 28 12:50:01 PDT 2010 

https://bugzilla.kernel.org/show_bug.cgi?id=17201

           Summary: Kernel NULL pointer dereference in
                    r600_ioctl_wait_idle
           Product: Drivers
           Version: 2.5
    Kernel Version: 2.6.35.2
          Platform: All
        OS/Version: Linux
              Tree: Mainline
            Status: NEW
          Severity: normal
          Priority: P1
         Component: Video(DRI - non Intel)
        AssignedTo: drivers_video-dri at kernel-bugs.osdl.org
        ReportedBy: steve at sk2.org
        Regression: Yes


Created an attachment (id=28211)
 --> (https://bugzilla.kernel.org/attachment.cgi?id=28211)
Xorg log file

Hi,

With 2.6.35.2 (as packaged in Debian; I haven't tried 2.6.35.4, but as far as I
can see it doesn't contain relevant changes), X fails to display; the kernel
logs fills with repeats of the same Oops, copied below:

[   72.920167] BUG: unable to handle kernel NULL pointer dereference at (null)
[   72.920176] IP: [<fab2a7a4>] r600_ioctl_wait_idle+0x4f/0x98 [radeon]
[   72.920208] *pdpt = 000000003690d001 *pde = 0000000000000000
[   72.920214] Oops: 0000 [#1] SMP
[   72.920218] last sysfs file:
/sys/devices/pci0000:00/0000:00:1e.0/0000:02:0c.0/resource
[   72.920223] Modules linked in: binfmt_misc microcode fuse ext4 jbd2 crc16
sha256_generic aes_i586 aes_generic cbc iT
CO_wdt iTCO_vendor_support tcp_diag inet_diag autofs4 loop grip w83627hf
hwmon_vid dm_crypt snd_hda_codec_atihdmi cx227
02 cx88_dvb cx88_vp3054_i2c videobuf_dvb dvb_core snd_hda_intel
rc_hauppauge_new snd_intel8x0 radeon snd_hda_codec tune
r_simple tuner_types snd_ac97_codec snd_wavefront snd_cs4236 snd_usb_audio
ac97_bus cx88_alsa snd_wss_lib snd_pcm_oss s
nd_opl3_lib snd_mixer_oss snd_hwdep snd_usbmidi_lib snd_mpu401 snd_mpu401_uart
btusb tuner joydev snd_seq_midi snd_pcm
ttm bluetooth snd_rawmidi usblp rfkill hid_logitech cx8800 pwc ir_sony_decoder
cx8802 snd_seq_midi_event ff_memless ir_
jvc_decoder cx88xx drm_kms_helper snd_seq ir_rc6_decoder ir_rc5_decoder
ir_nec_decoder v4l2_common ir_common snd_timer
snd_seq_device ir_core videodev drm v4l1_compat evdev tveeprom videobuf_dma_sg
videobuf_core btcx_risc parport_pc i2c_a
lgo_bit tpm_tis snd i2c_i801 ns558 parport psmouse tpm gameport shpchp tpm_bios
serio_raw processor rng_core i2c_core p
cspkr soundcore button pci_hotplug snd_page_alloc ext3 jbd mbcache dm_mod raid1
raid0 md_mod usbhid hid sg sr_mod sd_mo
d cdrom crc_t10dif ata_generic uhci_hcd ata_piix libata aic7xxx ehci_hcd
aic79xx 3w_xxxx scsi_transport_spi usbcore scs
i_mod firewire_ohci floppy firewire_core thermal skge crc_itu_t thermal_sys
nls_base [last unloaded: scsi_wait_scan]
[   72.920354]
[   72.920359] Pid: 3603, comm: Xorg Not tainted 2.6.35-trunk-686-bigmem #1
P4P800/To Be Filled By O.E.M.
[   72.920363] EIP: 0060:[<fab2a7a4>] EFLAGS: 00013246 CPU: 0
[   72.920383] EIP is at r600_ioctl_wait_idle+0x4f/0x98 [radeon]
[   72.920386] EAX: 00000000 EBX: f62109c0 ECX: faf80000 EDX: 00000000
[   72.920389] ESI: f6026600 EDI: 00000000 EBP: f63abe84 ESP: f63abe5c
[   72.920392]  DS: 007b ES: 007b FS: 00d8 GS: 00e0 SS: 0068
[   72.920396] Process Xorg (pid: 3603, ti=f63aa000 task=f6508840
task.ti=f63aa000)
[   72.920399] Stack:
[   72.920401]  f62109c0 fab0dc33 f6a4c580 f64ae000 00000064 f90709f4 c0086464
fab697d4
[   72.920409] <0> fab0dbf0 bfb84228 00000001 00000000 00000000 00000000
00004000 00000000
[   72.920417] <0> 00000000 00000001 c10906aa f6a4c280 c10909e6 c143d4c0
c10265c2 fffff000
[   72.920427] Call Trace:
[   72.920451]  [<fab0dc33>] ? radeon_gem_wait_idle_ioctl+0x43/0x50 [radeon]
[   72.920472]  [<f90709f4>] ? drm_ioctl+0x1e6/0x2aa [drm]
[   72.920494]  [<fab0dbf0>] ? radeon_gem_wait_idle_ioctl+0x0/0x50 [radeon]
[   72.920503]  [<c10906aa>] ? lock_page+0x8/0x1d
[   72.920507]  [<c10909e6>] ? filemap_fault+0xb9/0x2ef
[   72.920514]  [<c10265c2>] ? kmap_atomic_prot+0xcb/0xe7
[   72.920518]  [<c102645c>] ? kunmap_atomic+0x48/0x57
[   72.920525]  [<c10a29fc>] ? __do_fault+0x3f8/0x42e
[   72.920540]  [<f907080e>] ? drm_ioctl+0x0/0x2aa [drm]
[   72.920546]  [<c10c6596>] ? vfs_ioctl+0x1c/0x7d
[   72.920550]  [<c10c6b0e>] ? do_vfs_ioctl+0x472/0x4ac
[   72.920555]  [<c10a70a2>] ? mmap_region+0x342/0x415
[   72.920559]  [<c10c6b8c>] ? sys_ioctl+0x44/0x64
[   72.920564]  [<c1007cdf>] ? sysenter_do_call+0x12/0x28
[   72.920566] Code: 00 76 10 8b 88 9c 00 00 00 31 c0 89 81 34 2f 00 00 eb 18
8b 98 9c 00 00 00 b9 34 2f 00 00 89 0b 8b 88 9c 00 00 00 31 c0 89 41 04 <8b> 02
eb 43 83 b8 98 00 00 00 00 77 0c 81 b8 94 00 00 00 80 54 
[   72.920619] EIP: [<fab2a7a4>] r600_ioctl_wait_idle+0x4f/0x98 [radeon] SS:ESP
0068:f63abe5c
[   72.920641] CR2: 0000000000000000
[   72.920645] ---[ end trace 57bf3e55b0124490 ]---
[   72.921123] [drm:drm_release] *ERROR* Device busy: 1

I'm also attaching the Xorg.log. I've got a rather unusual system, running a
Pentium 4 (32-bit only) with 3GB of RAM and an AGP HD 4650 with 1GB of VRAM;
the AGP aperture is only 32MB because Linux fails to boot with anything larger.

Regards,

Stephen

-- 
Configure bugmail: https://bugzilla.kernel.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.

More information about the Bugme-new mailing list