[BUG] DRM kernel NULL pointer dereference (linux-next 20210115)

Thomas Zimmermann tzimmermann at suse.de
Mon Jan 18 08:25:53 UTC 2021 

(cc'ing dri-devel)

Hi

thanks for reporting the bug.

Am 17.01.21 um 12:12 schrieb Andy Lavr:
> Hey,
> 
> 
> You forgot to add these commits to linux-next:
> 
> 
>   drm: Move struct drm_device.pdev to legacy
> 
> https://patchwork.kernel.org/project/intel-gfx/cover/20210107080748.4768-1-tzimmermann@suse.de/
> 
> 
> I committed these patches to my local tree and that solved my problem.
> 
> 
>   * v3,4/8] drm/i915: Remove references to struct drm_device.pdev
>     <https://patchwork.kernel.org/project/intel-gfx/patch/20210107080748.4768-5-tzimmermann@suse.de/>
>   * [v3,5/8] drm/i915/gt: Remove references to struct drm_device.pdev
>     <https://patchwork.kernel.org/project/intel-gfx/patch/20210107080748.4768-6-tzimmermann@suse.de/>
>   * [v3,6/8] drm/i915/gvt: Remove references to struct drm_device.pdev
>     <https://patchwork.kernel.org/project/intel-gfx/patch/20210107080748.4768-7-tzimmermann@suse.de/>
>   * [v3,8/8] drm: Upcast struct drm_device.dev to struct pci_device;
>     replace pdev
>     <https://patchwork.kernel.org/project/intel-gfx/patch/20210107080748.4768-9-tzimmermann@suse.de/>

These patches have not been merged yet as they have to wait for some 
preparation in the i915 driver.

I reduced the final patch, so it should change the buggy code. Could you 
please apply only the attached patchfile and report if it fixes the issue?

Best regards
Thomas

> 
> 
> 
> Thanks to all!
> 
> 
> 16.01.2021 15:17, Andy Lavr:
>>
>> Hey,
>>
>>
>> *linux-next 20210114 work fine.*
>>
>>
>> *linux-next 20210115:*
>>
>> Jan 15 17:34:30 wip kernel: [   35.185982] *BUG: kernel NULL pointer 
>> dereference, address: 0000000000000010*
>> Jan 15 17:34:30 wip kernel: [   35.186988] #PF: supervisor read access 
>> in kernel mode
>> Jan 15 17:34:30 wip kernel: [   35.187984] #PF: error_code(0x0000) - 
>> not-present page
>> Jan 15 17:34:30 wip kernel: [   35.189016] PGD 0 P4D 0
>> Jan 15 17:34:30 wip kernel: [   35.190508] Oops: 0000 [#1] SMP PTI
>> Jan 15 17:34:30 wip kernel: [   35.191814] CPU: 6 PID: 1319 Comm: Xorg 
>> Not tainted 5.11.13-dragon-sandybridge #202101150001
>> Jan 15 17:34:30 wip kernel: [   35.192847] Hardware name: Dell Inc. 
>> Precision M6600/04YY4M, BIOS A18 09/14/2018
>> Jan 15 17:34:30 wip kernel: [   35.193877] *RIP: 
>> 0010:drm_pci_set_busid+0x1a/0x80 [drm]*
>> Jan 15 17:34:30 wip kernel: [   35.194950] Code: fc 06 f8 c8 00 00 00 
>> 00 00 00 00 00 00 00 00 00 0f 1f 44 00 00 55 53 50 48 89 f3 31 d2 81 
>> 3f 04 00 01 00 48 8b 87 78 01 00 00 <48> 8b 48 10 7c 09 48 8b 91 d0 01 
>> 00 00 8b 12 0f b6 89 e0 01 00 00
>> Jan 15 17:34:30 wip kernel: [   35.196094] RSP: 0018:ffffaacf485afd38 
>> EFLAGS: 00010246
>> Jan 15 17:34:30 wip kernel: [   35.197695] RAX: 0000000000000000 RBX: 
>> ffff95f1684e5000 RCX: ffffffff8b06f380
>> Jan 15 17:34:30 wip kernel: [   35.198872] RDX: 0000000000000000 RSI: 
>> ffff95f1684e5000 RDI: ffff95f175240010
>> Jan 15 17:34:30 wip kernel: [   35.200037] RBP: 00000000ffffffea R08: 
>> 000000000000e200 R09: 0000000000000001
>> Jan 15 17:34:30 wip kernel: [   35.201205] R10: ffff95f16de88b00 R11: 
>> ffffffffc03e1990 R12: ffff95f1684e5000
>> Jan 15 17:34:30 wip kernel: [   35.202383] R13: 00007fff8865e240 R14: 
>> ffff95f1752400a8 R15: ffff95f175240010
>> Jan 15 17:34:30 wip kernel: [   35.203554] FS: 000070bcd696da40(0000) 
>> GS:ffff95f41db80000(0000) knlGS:0000000000000000
>> Jan 15 17:34:30 wip kernel: [   35.204742] CS:  0010 DS: 0000 ES: 0000 
>> CR0: 0000000080050033
>> Jan 15 17:34:30 wip kernel: [   35.205936] CR2: 0000000000000010 CR3: 
>> 0000000186c28006 CR4: 00000000000606e0
>> Jan 15 17:34:30 wip kernel: [   35.207144] Call Trace:
>> Jan 15 17:34:30 wip kernel: [   35.208370] drm_setversion+0x13e/0x170 
>> [drm]
>> Jan 15 17:34:30 wip kernel: [   35.209596]  ? drm_getstats+0x20/0x20 [drm]
>> Jan 15 17:34:30 wip kernel: [   35.210799] drm_ioctl_kernel+0xe2/0x150 
>> [drm]
>> Jan 15 17:34:30 wip kernel: [   35.211989] drm_ioctl+0x30b/0x440 [drm]
>> Jan 15 17:34:30 wip kernel: [   35.213170]  ? drm_getstats+0x20/0x20 [drm]
>> Jan 15 17:34:30 wip kernel: [   35.214351] amdgpu_drm_ioctl+0x44/0x80 
>> [amdgpu]
>> Jan 15 17:34:30 wip kernel: [   35.215696] __se_sys_ioctl+0x78/0xc0
>> Jan 15 17:34:30 wip kernel: [   35.216848] do_syscall_64+0x33/0x70
>> Jan 15 17:34:30 wip kernel: [   35.218002] 
>> entry_SYSCALL_64_after_hwframe+0x44/0xa9
>> Jan 15 17:34:30 wip kernel: [   35.219177] RIP: 0033:0x70bcd6dd931b
>> Jan 15 17:34:30 wip kernel: [   35.220654] Code: 89 d8 49 8d 3c 1c 48 
>> f7 d8 49 39 c4 72 b5 e8 1c ff ff ff 85 c0 78 ba 4c 89 e0 5b 5d 41 5c 
>> c3 f3 0f 1e fa b8 10 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 8b 
>> 0d 1d 3b 0d 00 f7 d8 64 89 01 48
>> Jan 15 17:34:30 wip kernel: [   35.222211] RSP: 002b:00007fff8865e208 
>> EFLAGS: 00000202 ORIG_RAX: 0000000000000010
>> Jan 15 17:34:30 wip kernel: [   35.223778] RAX: ffffffffffffffda RBX: 
>> 00007fff8865e240 RCX: 000070bcd6dd931b
>> Jan 15 17:34:30 wip kernel: [   35.225145] RDX: 00007fff8865e240 RSI: 
>> 00000000c0106407 RDI: 000000000000000c
>> Jan 15 17:34:30 wip kernel: [   35.226420] RBP: 00000000c0106407 R08: 
>> 0000000000000031 R09: 0000000000000000
>> Jan 15 17:34:30 wip kernel: [   35.227691] R10: 000070bcd7850ec0 R11: 
>> 0000000000000202 R12: 00005b60f67cbb50
>> Jan 15 17:34:30 wip kernel: [   35.228954] R13: 000000000000000c R14: 
>> 00005b60f67cbb90 R15: 0000000000000000
>> Jan 15 17:34:30 wip kernel: [   35.229231] iwlwifi 0000:03:00.0: Radio 
>> type=0x0-0x3-0x1
>> Jan 15 17:34:30 wip kernel: [   35.230218] Modules linked in: vfat fat 
>> intel_rapl_msr hid_generic mei_hdcp at24 dell_rbtn iwldvm dell_laptop 
>> dell_smm_hwmon mac80211 intel_rapl_common libarc4 snd_hda_codec_idt 
>> snd_hda_codec_generic x86_pkg_temp_thermal ledtrig_audio 
>> intel_powerclamp snd_hda_codec_hdmi crct10dif_pclmul iwlwifi 
>> crc32_pclmul ghash_clmulni_intel snd_hda_intel rapl snd_intel_dspcfg 
>> usbhid intel_cstate firewire_ohci dell_wmi sdhci_pci hid snd_hda_codec 
>> firewire_core dell_smbios crc_itu_t mei_me dcdbas cfg80211 
>> sparse_keymap cqhci i2c_i801 sdhci snd_hda_core joydev e1000e 
>> snd_hwdep wmi_bmof dell_wmi_descriptor i2c_smbus mei tpm_tis 
>> tpm_tis_core tpm dell_smo8800 xt_hl ip6_tables ip6t_rt nf_log_ipv4 
>> nf_log_common ipt_REJECT nf_reject_ipv4 xt_LOG nft_limit xt_limit 
>> xt_addrtype xt_tcpudp sch_cake tcp_yeah tcp_vegas xt_conntrack 
>> nf_conntrack nf_defrag_ipv6 nf_defrag_ipv4 nft_compat nft_counter 
>> coretemp nf_tables nfnetlink parport_pc ppdev lp parport binfmt_misc 
>> ip_tables x_tables xfs raid10 raid456
>> Jan 15 17:34:30 wip kernel: [   35.232152]  async_raid6_recov async_pq 
>> async_xor async_memcpy async_tx raid1 raid0 multipath linear amdgpu 
>> iommu_v2 gpu_sched drm_ttm_helper ttm i2c_algo_bit drm_kms_helper cec 
>> aesni_intel sysimgblt syscopyarea sysfillrect fb_sys_fops crypto_simd 
>> cryptd psmouse input_leds drm ahci serio_raw libahci wmi video mac_hid
>> Jan 15 17:34:30 wip kernel: [   35.242819] CR2: 0000000000000010
>> Jan 15 17:34:30 wip kernel: [   35.244502] ---[ end trace 
>> 47eef7912dfa1ae6 ]---
>> Jan 15 17:34:30 wip kernel: [   35.494899] *RIP: 
>> 0010:drm_pci_set_busid+0x1a/0x80 [drm]*
>> Jan 15 17:34:30 wip kernel: [   35.496577] Code: fc 06 f8 c8 00 00 00 
>> 00 00 00 00 00 00 00 00 00 0f 1f 44 00 00 55 53 50 48 89 f3 31 d2 81 
>> 3f 04 00 01 00 48 8b 87 78 01 00 00 <48> 8b 48 10 7c 09 48 8b 91 d0 01 
>> 00 00 8b 12 0f b6 89 e0 01 00 00
>> Jan 15 17:34:30 wip kernel: [   35.498313] RSP: 0018:ffffaacf485afd38 
>> EFLAGS: 00010246
>> Jan 15 17:34:30 wip kernel: [   35.500089] RAX: 0000000000000000 RBX: 
>> ffff95f1684e5000 RCX: ffffffff8b06f380
>> Jan 15 17:34:30 wip kernel: [   35.501919] RDX: 0000000000000000 RSI: 
>> ffff95f1684e5000 RDI: ffff95f175240010
>> Jan 15 17:34:30 wip kernel: [   35.503708] RBP: 00000000ffffffea R08: 
>> 000000000000e200 R09: 0000000000000001
>> Jan 15 17:34:30 wip kernel: [   35.505483] R10: ffff95f16de88b00 R11: 
>> ffffffffc03e1990 R12: ffff95f1684e5000
>> Jan 15 17:34:30 wip kernel: [   35.507276] R13: 00007fff8865e240 R14: 
>> ffff95f1752400a8 R15: ffff95f175240010
>> Jan 15 17:34:30 wip kernel: [   35.509058] FS: 000070bcd696da40(0000) 
>> GS:ffff95f41db80000(0000) knlGS:0000000000000000
>> Jan 15 17:34:30 wip kernel: [   35.510866] CS:  0010 DS: 0000 ES: 0000 
>> CR0: 0000000080050033
>> Jan 15 17:34:30 wip kernel: [   35.512647] CR2: 0000000000000010 CR3: 
>> 0000000186c28006 CR4: 00000000000606e0
>>
>>
>>
>> -- 
>> Best regards, Andy Lavr.
>>
>>   CONFIDENTIAL NOTE
>>
>>   This email (including any attachments) is intended only for the person or entity to which it is addressed
>>   and may contain confidential and/or privileged material.  Any review, retransmission, dissemination or other
>>   use of, or taking of any action in reliance upon, this information by persons or entities other than the
>>   intended recipient is prohibited. If you received this in error, please notify the sender immediately and
>>   delete the material completely from your system. E-mail communication cannot be guaranteed to be reliable,
>>   secure, error-free or virus-free. Accordingly, we cannot accept liability for any damage sustained as a
>>   result of any virus, error or incompleteness of this e-mail or any failure to deliver promptly or at all
>>   information exchanged between you and us by this means. If you suspect that this e-mail may have been
>>   intercepted or amended, please contact the sender. Any views or opinions expressed in this email are solely
>>   those of the author and do not necessarily represent those of our entity or related/associated entities.
> 
> -- 
> Best regards, Andy Lavr.
> 
>   CONFIDENTIAL NOTE
> 
>   This email (including any attachments) is intended only for the person or entity to which it is addressed
>   and may contain confidential and/or privileged material.  Any review, retransmission, dissemination or other
>   use of, or taking of any action in reliance upon, this information by persons or entities other than the
>   intended recipient is prohibited. If you received this in error, please notify the sender immediately and
>   delete the material completely from your system. E-mail communication cannot be guaranteed to be reliable,
>   secure, error-free or virus-free. Accordingly, we cannot accept liability for any damage sustained as a
>   result of any virus, error or incompleteness of this e-mail or any failure to deliver promptly or at all
>   information exchanged between you and us by this means. If you suspect that this e-mail may have been
>   intercepted or amended, please contact the sender. Any views or opinions expressed in this email are solely
>   those of the author and do not necessarily represent those of our entity or related/associated entities.
> 

-- 
Thomas Zimmermann
Graphics Driver Developer
SUSE Software Solutions Germany GmbH
Maxfeldstr. 5, 90409 Nürnberg, Germany
(HRB 36809, AG Nürnberg)
Geschäftsführer: Felix Imendörffer
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0001-drm-Upcast-struct-drm_device.dev-to-struct-pci_devic.patch
Type: text/x-patch
Size: 9251 bytes
Desc: not available
URL: <https://lists.freedesktop.org/archives/dri-devel/attachments/20210118/6b9e2ca4/attachment-0001.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_signature
Type: application/pgp-signature
Size: 840 bytes
Desc: OpenPGP digital signature
URL: <https://lists.freedesktop.org/archives/dri-devel/attachments/20210118/6b9e2ca4/attachment-0001.sig>

More information about the dri-devel mailing list