[Bug 98620] radeon kernel module NULL pointer dereference on Radeon 9550 at shut-down

bugzilla-daemon at freedesktop.org bugzilla-daemon at freedesktop.org
Mon Nov 7 04:00:47 UTC 2016 

https://bugs.freedesktop.org/show_bug.cgi?id=98620

            Bug ID: 98620
           Summary: radeon kernel module NULL pointer dereference on
                    Radeon 9550 at shut-down
           Product: DRI
           Version: unspecified
          Hardware: x86-64 (AMD64)
                OS: Linux (All)
            Status: NEW
          Severity: normal
          Priority: medium
         Component: DRM/Radeon
          Assignee: dri-devel at lists.freedesktop.org
          Reporter: arthur.marsh at internode.on.net

Created attachment 127808
  --> https://bugs.freedesktop.org/attachment.cgi?id=127808&action=edit
full dmesg when crashing

At shut-down:

[ 2515.296325] BUG: unable to handle kernel NULL pointer dereference at
000007b4
[ 2515.300025] IP: [<f8593b36>] radeon_connector_unregister+0x6/0x40 [radeon]
[ 2515.300025] *pde = 00000000 

[ 2515.300025] Oops: 0000 [#1] PREEMPT SMP
[ 2515.300025] Modules linked in: eata cpufreq_conservative cpufreq_powersave
cp
ufreq_userspace binfmt_misc nls_utf8 nls_cp437 vfat fat hwmon_vid tun cuse fuse 
iscsi_tcp libiscsi_tcp libiscsi scsi_transport_iscsi lp ppdev powernow_k8
amd64_
edac_mod edac_mce_amd edac_core snd_via82xx snd_ac97_codec pcspkr ac97_bus
snd_m
pu401_uart radeon snd_pcm snd_timer snd_rawmidi evdev snd_seq_device gameport
sn
d ttm drm_kms_helper soundcore serio_raw drm k8temp i2c_algo_bit fb_sys_fops
i2c
_viapro syscopyarea sysfillrect sysimgblt sg parport_pc parport asus_atk0110
acp
i_cpufreq button tpm_tis tpm_tis_core tpm ext4 crc16 jbd2 mbcache sr_mod cdrom
a
ta_generic uas sd_mod usb_storage psmouse via_rhine mii pata_via ehci_pci
uhci_h
cd ehci_hcd usbcore usb_common libata scsi_mod [last unloaded: eata]
[ 2515.300025] CPU: 0 PID: 7439 Comm: reboot Not tainted 4.9.0-rc4 #520
[ 2515.300025] Hardware name: System manufacturer System Product Name/A8V-MX,
BI
OS 0503    12/06/2005
[ 2515.300025] task: f2cc6080 task.stack: f3934000
[ 2515.300025] EIP: 0060:[<f8593b36>] EFLAGS: 00010286 CPU: 0
[ 2515.300025] EIP is at radeon_connector_unregister+0x6/0x40 [radeon]
[ 2515.300025] EAX: f73a1000 EBX: f73a1000 ECX: 00000006 EDX: 00000000
[ 2515.300025] ESI: f5a09c64 EDI: f5a09800 EBP: f3935db4 ESP: f3935dac
[ 2515.300025]  DS: 007b ES: 007b FS: 00d8 GS: 0033 SS: 0068
[ 2515.300025] CR0: 80050033 CR2: 000007b4 CR3: 33dbc000 CR4: 000006d0
[ 2515.300025] Stack:
[ 2515.300025]  f83471d7 f73a1000 f3935dc4 f8347967 f5a09800 f5a09c8c f3935dd8
f
83383b3
[ 2515.300025]  f5a09800 f5a09800 f86a0000 f3935dec f8332ff7 f5a09800 f61d3000
f
86a0000
[ 2515.300025]  f3935e04 f8333640 f8358dca 00000001 f8358dc8 f61d3068 f3935e0c
f
85702ee
[ 2515.300025] Call Trace:
[ 2515.300025]  [<f83471d7>] ? drm_connector_unregister.part.6+0x17/0x30 [drm]
[ 2515.300025]  [<f8347967>] drm_connector_unregister_all+0x37/0x50 [drm]
[ 2515.300025]  [<f83383b3>] drm_modeset_unregister_all+0x13/0x50 [drm]
[ 2515.300025]  [<f8332ff7>] drm_dev_unregister+0x97/0xa0 [drm]
[ 2515.300025]  [<f8333640>] drm_put_dev+0x30/0x70 [drm]
[ 2515.300025]  [<f85702ee>] radeon_pci_shutdown+0xe/0x10 [radeon]
[ 2515.300025]  [<c134da9d>] pci_device_shutdown+0x2d/0x70
[ 2515.300025]  [<c140b834>] device_shutdown+0xb4/0x170
[ 2515.300025]  [<c108126d>] kernel_restart_prepare+0x2d/0x30
[ 2515.300025]  [<c10812fe>] kernel_restart+0xe/0x60
[ 2515.300025]  [<c108162f>] SYSC_reboot+0x1bf/0x200
[ 2515.300025]  [<c10cd2ea>] ? debug_lockdep_rcu_enabled+0x1a/0x20
[ 2515.300025]  [<c10cd2ea>] ? debug_lockdep_rcu_enabled+0x1a/0x20
[ 2515.300025]  [<c11f9c50>] ? mnt_get_count+0x40/0x40
[ 2515.300025]  [<c11f9cbf>] ? mntput_no_expire+0x6f/0x3a0
[ 2515.300025]  [<c11f9cd9>] ? mntput_no_expire+0x89/0x3a0
[ 2515.300025]  [<c11f9c50>] ? mnt_get_count+0x40/0x40
[ 2515.300025]  [<c11fa00b>] ? mntput+0x1b/0x30
[ 2515.300025]  [<c11d7963>] ? __fput+0x153/0x1d0
[ 2515.300025]  [<c107ca4f>] ? task_work_run+0x6f/0x80
[ 2515.300025]  [<c10b02ac>] ? trace_hardirqs_on_caller+0xec/0x1d0
[ 2515.300025]  [<c10ad2eb>] ? trace_hardirqs_off+0xb/0x10
[ 2515.300025]  [<c10816da>] SyS_reboot+0x1a/0x20
[ 2515.300025]  [<c1001c7a>] do_fast_syscall_32+0x9a/0x220
[ 2515.300025]  [<c15ae2ec>] sysenter_past_esp+0x45/0x74
[ 2515.300025] Code: d8 e8 df 36 db ff 89 d8 e8 f8 36 db ff 89 d8 e8 11 58 c2
c8
 5b 5d c3 8d b4 26 00 00 00 00 8d bc 27 00 00 00 00 8b 90 d4 02 00 00 <80> ba
b4
 07 00 00 00 75 01 c3 55 89 e5 53 89 c3 8d 82 e8 03 00
[ 2515.300025] EIP: [<f8593b36>] 
[ 2515.300025] radeon_connector_unregister+0x6/0x40 [radeon]
[ 2515.300025]  SS:ESP 0068:f3935dac
[ 2515.300025] CR2: 00000000000007b4
[ 2516.877047] ---[ end trace 076c5e2ae2d51112 ]---

Full dmesg from boot to crash is attached.

# lspci -vv -s 01:00
01:00.0 VGA compatible controller: Advanced Micro Devices, Inc. [AMD/ATI] RV350
[Radeon 9550] (prog-if 00 [VGA controller])
        Subsystem: Gigabyte Technology Co., Ltd RV350 [Radeon 9550]
        Control: I/O+ Mem+ BusMaster+ SpecCycle- MemWINV- VGASnoop- ParErr-
Stepping- SERR+ FastB2B- DisINTx-
        Status: Cap+ 66MHz+ UDF- FastB2B+ ParErr- DEVSEL=medium >TAbort-
<TAbort- <MAbort- >SERR- <PERR- INTx-
        Latency: 64 (2000ns min), Cache Line Size: 64 bytes
        Interrupt: pin A routed to IRQ 16
        Region 0: Memory at a0000000 (32-bit, prefetchable) [size=256M]
        Region 1: I/O ports at b000 [size=256]
        Region 2: Memory at ff4f0000 (32-bit, non-prefetchable) [size=64K]
        Expansion ROM at 000c0000 [disabled] [size=128K]
        Capabilities: [58] AGP version 3.0
                Status: RQ=256 Iso- ArqSz=0 Cal=0 SBA+ ITACoh- GART64- HTrans-
64bit- FW+ AGP3+ Rate=x4,x8
                Command: RQ=32 ArqSz=0 Cal=0 SBA+ AGP+ GART64- 64bit- FW-
Rate=x8
        Capabilities: [50] Power Management version 2
                Flags: PMEClk- DSI- D1+ D2+ AuxCurrent=0mA
PME(D0-,D1-,D2-,D3hot-,D3cold-)
                Status: D0 NoSoftRst- PME-Enable- DSel=0 DScale=0 PME-
        Kernel driver in use: radeon
        Kernel modules: radeonfb, radeon

01:00.1 Display controller: Advanced Micro Devices, Inc. [AMD/ATI] RV350
[Radeon 9550] (Secondary)
        Subsystem: Gigabyte Technology Co., Ltd RV350 [Radeon 9550] (Secondary)
        Control: I/O+ Mem+ BusMaster+ SpecCycle- MemWINV- VGASnoop- ParErr-
Stepping- SERR- FastB2B- DisINTx-
        Status: Cap+ 66MHz+ UDF- FastB2B+ ParErr- DEVSEL=medium >TAbort-
<TAbort- <MAbort- >SERR- <PERR- INTx-
        Latency: 64 (2000ns min), Cache Line Size: 64 bytes
        Region 0: Memory at 90000000 (32-bit, prefetchable) [size=256M]
        Region 1: Memory at ff4e0000 (32-bit, non-prefetchable) [size=64K]
        Capabilities: [50] Power Management version 2
                Flags: PMEClk- DSI- D1+ D2+ AuxCurrent=0mA
PME(D0-,D1-,D2-,D3hot-,D3cold-)
                Status: D0 NoSoftRst- PME-Enable- DSel=0 DScale=0 PME-

git-bisect revealed:

git bisect bad
b0c80bd5d2e317f7596fe2badc1a3379fb3211e5 is the first bad commit
commit b0c80bd5d2e317f7596fe2badc1a3379fb3211e5
Author: Alex Deucher <alexander.deucher at amd.com>
Date:   Tue Oct 11 10:44:24 2016 -0400

    drm/radeon: fix up dp aux tear down (v2)

    Port the amdgpu fixes from Grazvydas to radeon.

    v2: drop unrelated whitespace change.

    bug:
    https://bugs.freedesktop.org/show_bug.cgi?id=98200

    Reviewed-and-Tested-by: Michel Dänzer <michel.daenzer at amd.com>
    Signed-off-by: Alex Deucher <alexander.deucher at amd.com>

:040000 040000 b187ce6d75761c9e2eed71b385c8e0f085dbfd55
aca34c667d6253da66e824b2
a624f308841555b0 M      drivers

Rebuilding and running the kernel with that commit removed confirmed normal
shutdown.

-- 
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.freedesktop.org/archives/dri-devel/attachments/20161107/b38effdc/attachment-0001.html>

More information about the dri-devel mailing list