NULL pointer deref at 0xb0, IP drm_calc_timestamping_constants+0x86/0x130 [drm]

Jeff Moyer jmoyer at redhat.com
Wed Nov 11 13:11:28 PST 2015 

Hi,

I get the following BUG when booting the latest mainline kernel (as of
commit 8d3de01cfa37b).  objdump --disassemble -l points at this line in
the code:

drm_irq.c:644        vblank->linedur_ns  = linedur_ns;

To further corroborate this, offset 0xb0 into struct drm_vblank_crtc is
linedur_ns.  However, I can't say that makes a whole lot of sense to me,
given that vblank is initialized like so:
        struct drm_vblank_crtc *vblank = &crtc->dev->vblank[drm_crtc_index(crtc)];

Full dmesg and .config are attached.  Let me know if there's any other
information I can provide.

Thanks!
Jeff

[    7.390265] BUG: unable to handle kernel NULL pointer dereference at 00000000000000b0
[    7.390290] IP: [<ffffffffa014b266>] drm_calc_timestamping_constants+0x86/0x130 [drm]
[    7.390291] PGD 0 
[    7.390294] Oops: 0002 [#1] SMP 
[    7.390311] Modules linked in: sr_mod cdrom mgag200(+) i2c_algo_bit drm_kms_helper ahci syscopyarea sysfillrect sysimgblt libahci fb_sys_fops bnx2x ttm tg3(+) mdio drm ptp sd_mod libata i2c_core pps_core libcrc32c hpsa dm_mirror dm_region_hash dm_log dm_mod
[    7.390315] CPU: 0 PID: 418 Comm: kworker/0:2 Not tainted 4.3.0+ #1
[    7.390316] Hardware name: HP ProLiant DL380 Gen9, BIOS P89 06/09/2015
[    7.390325] Workqueue: events work_for_cpu_fn
[    7.390326] task: ffff88046ca95500 ti: ffff88007830c000 task.ti: ffff88007830c000
[    7.390339] RIP: 0010:[<ffffffffa014b266>]  [<ffffffffa014b266>] drm_calc_timestamping_constants+0x86/0x130 [drm]
[    7.390341] RSP: 0018:ffff88007830f4e8  EFLAGS: 00010246
[    7.390342] RAX: 0000000000fe4c00 RBX: ffff88006a849160 RCX: 0000000000000540
[    7.390343] RDX: 0000000000000000 RSI: 000000000000fde8 RDI: ffff88006a849000
[    7.390344] RBP: ffff88007830f518 R08: ffff88007830c000 R09: 00000001b87e3712
[    7.390345] R10: 00000000000050c4 R11: 0000000000000000 R12: 0000000000fe4c00
[    7.390346] R13: ffff88006a849000 R14: 0000000000000000 R15: 000000000000fde8
[    7.390348] FS:  0000000000000000(0000) GS:ffff88046f800000(0000) knlGS:0000000000000000
[    7.390350] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[    7.390351] CR2: 00000000000000b0 CR3: 00000000019d6000 CR4: 00000000001406f0
[    7.390352] Stack:
[    7.390355]  ffff88007830f518 ffff88006a849000 ffff880c69b90340 ffff880c69b90000
[    7.390357]  ffff880c69b90348 ffff880c69b90340 ffff88007830f748 ffffffffa042f7e7
[    7.390359]  ffff88006a849090 0000000000000000 ffff88006a849160 0000000000000000
[    7.390360] Call Trace:
[    7.390371]  [<ffffffffa042f7e7>] drm_crtc_helper_set_mode+0x3d7/0x4b0 [drm_kms_helper]
[    7.390379]  [<ffffffffa04307d4>] drm_crtc_helper_set_config+0x8d4/0xb10 [drm_kms_helper]
[    7.390397]  [<ffffffffa01548d4>] drm_mode_set_config_internal+0x64/0x100 [drm]
[    7.390406]  [<ffffffffa043c342>] drm_fb_helper_pan_display+0xa2/0x280 [drm_kms_helper]
[    7.390414]  [<ffffffff81392c7b>] fb_pan_display+0xbb/0x170
[    7.390418]  [<ffffffff8138cf70>] bit_update_start+0x20/0x50
[    7.390421]  [<ffffffff8138b81b>] fbcon_switch+0x39b/0x590
[    7.390428]  [<ffffffff8140a3d0>] redraw_screen+0x1a0/0x240
[    7.390432]  [<ffffffff8140b30e>] do_bind_con_driver+0x2ee/0x310
[    7.390435]  [<ffffffff8140b651>] do_take_over_console+0x141/0x1b0
[    7.390439]  [<ffffffff81387377>] do_fbcon_takeover+0x57/0xb0
[    7.390441]  [<ffffffff8138c98b>] fbcon_event_notify+0x60b/0x750
[    7.390459]  [<ffffffff810a5599>] notifier_call_chain+0x49/0x70
[    7.390461]  [<ffffffff810a58dd>] __blocking_notifier_call_chain+0x4d/0x70
[    7.390463]  [<ffffffff810a5916>] blocking_notifier_call_chain+0x16/0x20
[    7.390465]  [<ffffffff8139282b>] fb_notifier_call_chain+0x1b/0x20
[    7.390466]  [<ffffffff81394881>] register_framebuffer+0x1f1/0x330
[    7.390471]  [<ffffffffa043d9aa>] drm_fb_helper_initial_config+0x27a/0x3d0 [drm_kms_helper]
[    7.390476]  [<ffffffffa0469b4d>] mgag200_fbdev_init+0xdd/0xf0 [mgag200]
[    7.390479]  [<ffffffffa0468586>] mgag200_modeset_init+0x176/0x1e0 [mgag200]
[    7.390481]  [<ffffffffa0464659>] mgag200_driver_load+0x3f9/0x580 [mgag200]
[    7.390489]  [<ffffffffa014e067>] drm_dev_register+0xa7/0xb0 [drm]
[    7.390496]  [<ffffffffa015054f>] drm_get_pci_dev+0x8f/0x1e0 [drm]
[    7.390499]  [<ffffffffa046937b>] mga_pci_probe+0x9b/0xc0 [mgag200]
[    7.390502]  [<ffffffff813662d5>] local_pci_probe+0x45/0xa0
[    7.390504]  [<ffffffff8109afe4>] work_for_cpu_fn+0x14/0x20
[    7.390505]  [<ffffffff8109e13c>] process_one_work+0x14c/0x3c0
[    7.390507]  [<ffffffff8109eaa4>] worker_thread+0x244/0x470
[    7.390509]  [<ffffffff8168bfba>] ? __schedule+0x2aa/0x760
[    7.390511]  [<ffffffff8109e860>] ? rescuer_thread+0x310/0x310
[    7.390512]  [<ffffffff810a4438>] kthread+0xd8/0xf0
[    7.390514]  [<ffffffff810a4360>] ? kthread_park+0x60/0x60
[    7.390516]  [<ffffffff8169030f>] ret_from_fork+0x3f/0x70
[    7.390518]  [<ffffffff810a4360>] ? kthread_park+0x60/0x60
[    7.390530] Code: f6 31 d2 41 89 c2 8b 83 b4 00 00 00 0f af c1 48 98 48 69 c0 40 42 0f 00 48 f7 f6 f6 43 74 10 41 89 c4 75 26 f6 05 9a 6f 03 00 01 <45> 89 96 b0 00 00 00 45 89 a6 ac 00 00 00 75 35 48 83 c4 08 5b 
[    7.390536] RIP  [<ffffffffa014b266>] drm_calc_timestamping_constants+0x86/0x130 [drm]
[    7.390536]  RSP <ffff88007830f4e8>
[    7.390537] CR2: 00000000000000b0
[    7.390539] ---[ end trace 16791f9e7277a2e0 ]---
[    7.392302] Kernel panic - not syncing: Fatal exception
[    7.392347] Kernel Offset: disabled

-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: dmesg
URL: <http://lists.freedesktop.org/archives/dri-devel/attachments/20151111/51b3a0ae/attachment-0002.ksh>
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: .config
URL: <http://lists.freedesktop.org/archives/dri-devel/attachments/20151111/51b3a0ae/attachment-0003.ksh>

More information about the dri-devel mailing list