[Bug 100725] New: [i915] oops in intel_update_cursor_plane(): "BUG: unable to handle kernel NULL pointer dereference"

bugzilla-daemon at freedesktop.org bugzilla-daemon at freedesktop.org
Wed Apr 19 17:16:50 UTC 2017 

https://bugs.freedesktop.org/show_bug.cgi?id=100725

            Bug ID: 100725
           Summary: [i915] oops in intel_update_cursor_plane(): "BUG:
                    unable to handle kernel NULL pointer dereference"
           Product: DRI
           Version: XOrg git
          Hardware: x86 (IA32)
                OS: Linux (All)
            Status: NEW
          Severity: critical
          Priority: medium
         Component: DRM/Intel
          Assignee: intel-gfx-bugs at lists.freedesktop.org
          Reporter: dhgutteridge at hotmail.com
        QA Contact: intel-gfx-bugs at lists.freedesktop.org
                CC: intel-gfx-bugs at lists.freedesktop.org

Created attachment 130919
  --> https://bugs.freedesktop.org/attachment.cgi?id=130919&action=edit
Log of dmesg with drm.debug enabled from boot to oops

I've been encountering a recurring kernel oops since I upgraded a (rather old)
laptop to the 4.10 kernel series. These happen pretty consistently after the
machine has been up for a few hours, and after a series of warnings are logged.
I reproduced this with Fedora's 4.10.11-200.fc25.i686 kernel last evening. This
is a regression against the 4.9 kernel.

The initial warnings are:

------------[ cut here ]------------
WARNING: CPU: 0 PID: 3712 at drivers/gpu/drm/i915/i915_gem.c:4096
__i915_gem_free_objects+0x2a9/0x2f0 [i915]
WARN_ON(i915_gem_object_has_pinned_pages(obj))
Modules linked in: fuse ip6t_rpfilter ip6t_REJECT nf_reject_ipv6 xt_conntrack
ip_set nfnetlink ebtable_nat ebtable_broute bridge stp llc ip6table_raw
ip6table_mangle ip6table_security ip6table_nat nf_conntrack_ipv6 nf_defrag_ipv6
nf_nat_ipv6 iptable_raw iptable_mangle iptable_security iptable_nat
nf_conntrack_ipv4 nf_defrag_ipv4 nf_nat_ipv4 nf_nat nf_conntrack libcrc32c
ebtable_filter ebtables ip6table_filter ip6_tables arc4 rtl818x_pci mac80211
snd_hda_codec_realtek snd_hda_codec_generic snd_hda_intel uvcvideo
snd_hda_codec videobuf2_vmalloc msi_wmi iTCO_wdt videobuf2_memops gpio_ich
iTCO_vendor_support snd_hda_core videobuf2_v4l2 sparse_keymap videobuf2_core
snd_hwdep cfg80211 snd_seq videodev snd_seq_device coretemp snd_pcm media
joydev snd_timer lpc_ich eeprom_93cx6 snd rfkill soundcore
 wmi acpi_cpufreq tpm_tis tpm_tis_core tpm nfsd auth_rpcgss nfs_acl lockd grace
sunrpc dm_crypt i915 i2c_algo_bit drm_kms_helper syscopyarea sysfillrect
sysimgblt fb_sys_fops drm serio_raw r8169 ata_generic pata_acpi mii fjes video
ums_realtek uas usb_storage
CPU: 0 PID: 3712 Comm: kworker/0:1 Tainted: G        W      
4.10.11-200.fc25.i686 #1
Hardware name: LG Electronics X110-L.A7B1A9/X110, BIOS EN021IL1.10I 11/04/2008
Workqueue: events __i915_gem_free_work [i915]
Call Trace:
 dump_stack+0x58/0x78
 __warn+0xea/0x110
 ? __i915_gem_free_objects+0x2a9/0x2f0 [i915]
 warn_slowpath_fmt+0x46/0x60
 __i915_gem_free_objects+0x2a9/0x2f0 [i915]
 __i915_gem_free_work+0x27/0x40 [i915]
 process_one_work+0x14b/0x3a0
 worker_thread+0x39/0x470
 ? process_one_work+0x3a0/0x3a0
 kthread+0xd5/0x100
 ? process_one_work+0x3a0/0x3a0
 ? kthread_park+0x90/0x90
 ret_from_fork+0x21/0x2c
---[ end trace 560f75c7687c61e0 ]---

Ultimately, the oops is:

BUG: unable to handle kernel NULL pointer dereference at   (null)
IP: intel_update_cursor_plane+0x2a/0x60 [i915]
*pde = 00000000 

Oops: 0000 [#1] SMP
Modules linked in: fuse ip6t_rpfilter ip6t_REJECT nf_reject_ipv6 xt_conntrack
ip_set nfnetlink ebtable_nat ebtable_broute bridge stp llc ip6table_raw
ip6table_mangle ip6table_security ip6table_nat nf_conntrack_ipv6 nf_defrag_ipv6
nf_nat_ipv6 iptable_raw iptable_mangle iptable_security iptable_nat
nf_conntrack_ipv4 nf_defrag_ipv4 nf_nat_ipv4 nf_nat nf_conntrack libcrc32c
ebtable_filter ebtables ip6table_filter ip6_tables arc4 rtl818x_pci mac80211
snd_hda_codec_realtek snd_hda_codec_generic snd_hda_intel uvcvideo
snd_hda_codec videobuf2_vmalloc msi_wmi iTCO_wdt videobuf2_memops gpio_ich
iTCO_vendor_support snd_hda_core videobuf2_v4l2 sparse_keymap videobuf2_core
snd_hwdep cfg80211 snd_seq videodev snd_seq_device coretemp snd_pcm media
joydev snd_timer lpc_ich eeprom_93cx6 snd rfkill soundcore
 wmi acpi_cpufreq tpm_tis tpm_tis_core tpm nfsd auth_rpcgss nfs_acl lockd grace
sunrpc dm_crypt i915 i2c_algo_bit drm_kms_helper syscopyarea sysfillrect
sysimgblt fb_sys_fops drm serio_raw r8169 ata_generic pata_acpi mii fjes video
ums_realtek uas usb_storage
CPU: 1 PID: 1421 Comm: gnome-shell Tainted: G        W      
4.10.11-200.fc25.i686 #1
Hardware name: LG Electronics X110-L.A7B1A9/X110, BIOS EN021IL1.10I 11/04/2008
task: e5604200 task.stack: e5612000
EIP: intel_update_cursor_plane+0x2a/0x60 [i915]
EFLAGS: 00010002 CPU: 1
EAX: 00000000 EBX: f4706000 ECX: d3529a80 EDX: f6d10000
ESI: d3529b40 EDI: f806c524 EBP: e5613b6c ESP: e5613b68
 DS: 007b ES: 007b FS: 00d8 GS: 00e0 SS: 0068
CR0: 80050033 CR2: 00000000 CR3: 21c8e000 CR4: 000006d0
Call Trace:
 intel_plane_atomic_update+0x3e/0x50 [i915]
 drm_atomic_helper_commit_planes_on_crtc+0xd6/0x1f0 [drm_kms_helper]
 intel_update_crtc+0x63/0xb0 [i915]
 intel_update_crtcs+0x60/0x80 [i915]
 intel_atomic_commit_tail+0x2bc/0xea0 [i915]
 ? __switch_to+0xaa/0x2f0
 intel_atomic_commit+0x390/0x4b0 [i915]
 ? intel_crtc_duplicate_state+0x30/0x80 [i915]
 ? drm_mode_object_reference+0x3e/0x90 [drm]
 drm_atomic_commit+0x4b/0x60 [drm]
 drm_atomic_helper_update_plane+0xbc/0x120 [drm_kms_helper]
 __setplane_internal+0x178/0x240 [drm]
 ? drm_modeset_lock_crtc+0x74/0xf0 [drm]
 drm_mode_cursor_common+0x16f/0x390 [drm]
 ? drm_mode_cursor_ioctl+0x70/0x70 [drm]
 drm_mode_cursor2_ioctl+0xd/0x10 [drm]
 drm_ioctl+0x20e/0x480 [drm]
 ? drm_mode_cursor_ioctl+0x70/0x70 [drm]
 ? ep_send_events_proc+0x161/0x1b0
 ? avc_has_perm+0x48/0xd0
 ? drm_getunique+0x60/0x60 [drm]
 do_vfs_ioctl+0x91/0x6b0
 ? __inode_security_revalidate+0x4b/0x70
 ? selinux_file_ioctl+0xfd/0x1d0
 ? fb_is_primary_device+0x5b/0x60
 ? security_file_ioctl+0x3c/0x60
 SyS_ioctl+0x60/0x70
 do_fast_syscall_32+0x8a/0x150
 entry_SYSENTER_32+0x4e/0x7c
EIP: 0xb770bcd9
EFLAGS: 00000296 CPU: 1
EAX: ffffffda EBX: 00000008 ECX: c02464bb EDX: bfdc9908
ESI: 82320594 EDI: c02464bb EBP: 00000008 ESP: bfdc98a8
 DS: 007b ES: 007b FS: 0000 GS: 0033 SS: 007b
 ? __ww_mutex_lock_interruptible_slowpath+0x19b/0x3a0
Code: 00 55 89 e5 53 3e 8d 74 26 00 8b 1a 8b 10 8b 41 08 85 c0 74 3c 8b 40 74
85 c0 74 35 f6 82 c5 03 00 00 02 74 1c 8b 80 50 01 00 00 <8b> 00 89 83 c4 06 00
00 89 ca 89 d8 e8 b5 fa ff ff 5b 5d c3 66
EIP: intel_update_cursor_plane+0x2a/0x60 [i915] SS:ESP: 0068:e5613b68
CR2: 0000000000000000
---[ end trace 560f75c7687c61e1 ]---

I've attached a dmesg log from boot to the oops, with drm.debug output enabled.

-- 
You are receiving this mail because:
You are the assignee for the bug.
You are on the CC list for the bug.
You are the QA Contact for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.freedesktop.org/archives/intel-gfx-bugs/attachments/20170419/0a83a23b/attachment.html>

More information about the intel-gfx-bugs mailing list