[Intel-gfx] NULL pointer dereference in intel_fb_obj_invalidate
Christian Hesse
list at eworm.de
Wed Mar 2 08:47:03 UTC 2016
Christian Hesse <list at eworm.de> on Fri, 2016/02/26 09:31:
> Hello everybody,
>
> I am running a Lenovo Thinkpad X250 with this graphics controller:
>
> 00:02.0 VGA compatible controller: Intel Corporation Broadwell-U Integrated
> Graphics (rev 09)
>
> Everything works just fine when using the integrated display.
>
> The notebook is connected to a docking station with two connected display
> ports. With light-locker I can lock and unlock the screen once, system
> panics with a kernel NULL pointer dereference in intel_fb_obj_invalidate
> the second time.
>
> [...]
>
> Any chance to get that fixed? Thanks!
Tested linux 4.4.4-rc, which has some drm and i915. The behavior is still the
some, kernel gives two traces, though:
kernel: ------------[ cut here ]------------
kernel: WARNING: CPU: 1 PID: 1152 at include/linux/kref.h:46 drm_framebuffer_reference+0x64/0x70 [drm]()
kernel: Modules linked in: fuse bridge stp llc nf_log_ipv6 nf_log_ipv4 nf_log_common nft_redir_ipv4 nft_redir nf_nat_redirect nft_log nft_reject_inet nf_reject_ipv4 nf_reject_ipv6 nft_reject nft_limit nft_meta nf_conntrack_ipv6 nf_defrag_ipv6 nft_ct nft_hash nft_rbtree nft_masq_ipv4 nf_nat_masquerade_ipv4 nft_masq nft_chain_nat_ipv4 nf_conntrack_ipv4 nf_defrag_ipv4 nf_nat_ipv4 nf_nat nf_conntrack nf_tables_inet nf_tables_ipv6 nf_tables_ipv4 nf_tables nfnetlink sch_fq_codel zram lz4_compress vboxnetflt(O) vboxnetadp(O) snd_hda_codec_hdmi vboxdrv(O) nls_iso8859_1 usbserial udf crc_itu_t uas usb_storage tun nfs lockd grace sunrpc fscache loop iscsi_tcp libiscsi_tcp libiscsi scsi_transport_iscsi hfsplus iTCO_wdt iTCO_vendor_support hfs xfs arc4 libcrc32c crc32c_generic nls_cp437 vfat fat intel_rapl
kernel: iosf_mbi x86_pkg_temp_thermal intel_powerclamp squashfs isofs coretemp btrfs kvm_intel cdc_ether iwlmvm kvm mac80211 usbnet irqbypass r8152 btusb xor btrtl mii joydev btbcm btintel iwlwifi rtsx_pci_ms evdev mousedev input_leds bluetooth i915 mac_hid psmouse snd_hda_codec_realtek e1000e snd_hda_codec_generic pcspkr memstick cfg80211 drm_kms_helper snd_hda_intel snd_hda_codec intel_pch_thermal lpc_ich i2c_i801 shpchp serio_raw snd_hda_core drm snd_hwdep ptp pps_core snd_pcm thinkpad_acpi intel_gtt syscopyarea nvram led_class sysfillrect snd_timer sysimgblt fb_sys_fops i2c_algo_bit mei_me snd thermal mei soundcore wmi rfkill battery ac fjes video tpm_tis button tpm raid6_pq dummy dm_snapshot dm_bufio processor cdrom ip_tables x_tables ext4 crc16 mbcache jbd2 jitterentropy_rng sha256_ssse3
kernel: sha256_generic hmac drbg ansi_cprng dm_crypt algif_skcipher af_alg hid_generic usbhid hid dm_mod sd_mod rtsx_pci_sdmmc mmc_core atkbd libps2 crct10dif_pclmul crc32_pclmul crc32c_intel aesni_intel ahci aes_x86_64 lrw libahci gf128mul glue_helper ablk_helper cryptd libata ehci_pci xhci_pci scsi_mod xhci_hcd ehci_hcd rtsx_pci usbcore usb_common i8042 serio
kernel: CPU: 1 PID: 1152 Comm: Xorg Tainted: G U W O 4.4.4-1-rc #1
kernel: Hardware name: LENOVO 20CLS06D00/20CLS06D00, BIOS N10ET41W (1.20 ) 01/19/2016
kernel: 0000000000000286 0000000013ea9013 ffff8800c2467920 ffffffff812cb101
kernel: 0000000000000000 ffffffffa051f7f3 ffff8800c2467958 ffffffff810776e2
kernel: ffff88021dc54780 ffff8800cb8d0f00 ffff8800cb8d0f00 ffff8800bb2fd800
kernel: Call Trace:
kernel: [<ffffffff812cb101>] dump_stack+0x63/0x82
kernel: [<ffffffff810776e2>] warn_slowpath_common+0x82/0xc0
kernel: [<ffffffff8107782a>] warn_slowpath_null+0x1a/0x20
kernel: [<ffffffffa04f9ff4>] drm_framebuffer_reference+0x64/0x70 [drm]
kernel: [<ffffffffa050ba4d>] drm_atomic_set_fb_for_plane+0x2d/0x90 [drm]
kernel: [<ffffffffa05a2f5e>] __drm_atomic_helper_set_config+0xde/0x3c0 [drm_kms_helper]
kernel: [<ffffffffa05a3fa1>] restore_fbdev_mode+0x221/0x260 [drm_kms_helper]
kernel: [<ffffffffa05a6313>] drm_fb_helper_restore_fbdev_mode_unlocked+0x33/0x80 [drm_kms_helper]
kernel: [<ffffffffa05a638d>] drm_fb_helper_set_par+0x2d/0x50 [drm_kms_helper]
kernel: [<ffffffffa079518a>] intel_fbdev_set_par+0x1a/0x60 [i915]
kernel: [<ffffffff8133f84f>] ? fb_set_var+0x2ef/0x460
kernel: [<ffffffff8133f796>] fb_set_var+0x236/0x460
kernel: [<ffffffff811f50a6>] ? do_sys_poll+0x146/0x570
kernel: [<ffffffff810ab49d>] ? update_curr+0x7d/0x180
kernel: [<ffffffff8133643f>] fbcon_blank+0x30f/0x350
kernel: [<ffffffff8109faf9>] ? ttwu_do_wakeup+0x19/0x100
kernel: [<ffffffff813b2c43>] do_unblank_screen+0xc3/0x190
kernel: [<ffffffff813a8bd9>] complete_change_console+0x59/0xe0
kernel: [<ffffffff813a9370>] vt_ioctl+0x710/0x12e0
kernel: [<ffffffffa04f4db8>] ? drm_dropmaster_ioctl+0x68/0x80 [drm]
kernel: [<ffffffffa04f07e9>] ? drm_ioctl+0x189/0x540 [drm]
kernel: [<ffffffff8139d481>] tty_ioctl+0x361/0xc30
kernel: [<ffffffff8125ba91>] ? kernfs_fop_write+0xa1/0x170
kernel: [<ffffffff811e0d07>] ? __vfs_write+0x37/0x100
kernel: [<ffffffff811f31f8>] do_vfs_ioctl+0x298/0x480
kernel: [<ffffffff811fd297>] ? __fget+0x77/0xb0
kernel: [<ffffffff811f3459>] SyS_ioctl+0x79/0x90
kernel: [<ffffffff81596d6e>] entry_SYSCALL_64_fastpath+0x12/0x6d
kernel: ---[ end trace 2ad3c1c199e798ec ]---
kernel: BUG: unable to handle kernel NULL pointer dereference at 0000000000000060
kernel: IP: [<ffffffffa078b64c>] intel_fb_obj_invalidate+0x1c/0xf0 [i915]
kernel: PGD c2bbc067 PUD c2bed067 PMD 0
kernel: Oops: 0000 [#1] PREEMPT SMP
kernel: Modules linked in: fuse bridge stp llc nf_log_ipv6 nf_log_ipv4 nf_log_common nft_redir_ipv4 nft_redir nf_nat_redirect nft_log nft_reject_inet nf_reject_ipv4 nf_reject_ipv6 nft_reject nft_limit nft_meta nf_conntrack_ipv6 nf_defrag_ipv6 nft_ct nft_hash nft_rbtree nft_masq_ipv4 nf_nat_masquerade_ipv4 nft_masq nft_chain_nat_ipv4 nf_conntrack_ipv4 nf_defrag_ipv4 nf_nat_ipv4 nf_nat nf_conntrack nf_tables_inet nf_tables_ipv6 nf_tables_ipv4 nf_tables nfnetlink sch_fq_codel zram lz4_compress vboxnetflt(O) vboxnetadp(O) snd_hda_codec_hdmi vboxdrv(O) nls_iso8859_1 usbserial udf crc_itu_t uas usb_storage tun nfs lockd grace sunrpc fscache loop iscsi_tcp libiscsi_tcp libiscsi scsi_transport_iscsi hfsplus iTCO_wdt iTCO_vendor_support hfs xfs arc4 libcrc32c crc32c_generic nls_cp437 vfat fat intel_rapl
kernel: iosf_mbi x86_pkg_temp_thermal intel_powerclamp squashfs isofs coretemp btrfs kvm_intel cdc_ether iwlmvm kvm mac80211 usbnet irqbypass r8152 btusb xor btrtl mii joydev btbcm btintel iwlwifi rtsx_pci_ms evdev mousedev input_leds bluetooth i915 mac_hid psmouse snd_hda_codec_realtek e1000e snd_hda_codec_generic pcspkr memstick cfg80211 drm_kms_helper snd_hda_intel snd_hda_codec intel_pch_thermal lpc_ich i2c_i801 shpchp serio_raw snd_hda_core drm snd_hwdep ptp pps_core snd_pcm thinkpad_acpi intel_gtt syscopyarea nvram led_class sysfillrect snd_timer sysimgblt fb_sys_fops i2c_algo_bit mei_me snd thermal mei soundcore wmi rfkill battery ac fjes video tpm_tis button tpm raid6_pq dummy dm_snapshot dm_bufio processor cdrom ip_tables x_tables ext4 crc16 mbcache jbd2 jitterentropy_rng sha256_ssse3
kernel: sha256_generic hmac drbg ansi_cprng dm_crypt algif_skcipher af_alg hid_generic usbhid hid dm_mod sd_mod rtsx_pci_sdmmc mmc_core atkbd libps2 crct10dif_pclmul crc32_pclmul crc32c_intel aesni_intel ahci aes_x86_64 lrw libahci gf128mul glue_helper ablk_helper cryptd libata ehci_pci xhci_pci scsi_mod xhci_hcd ehci_hcd rtsx_pci usbcore usb_common i8042 serio
kernel: CPU: 1 PID: 1152 Comm: Xorg Tainted: G U W O 4.4.4-1-rc #1
kernel: Hardware name: LENOVO 20CLS06D00/20CLS06D00, BIOS N10ET41W (1.20 ) 01/19/2016
kernel: task: ffff8802218f8dc0 ti: ffff8800c2464000 task.ti: ffff8800c2464000
kernel: RIP: 0010:[<ffffffffa078b64c>] [<ffffffffa078b64c>] intel_fb_obj_invalidate+0x1c/0xf0 [i915]
kernel: RSP: 0018:ffff8800c2467a58 EFLAGS: 00010246
kernel: RAX: ffff8802218f8dc0 RBX: ffff88020339b500 RCX: 0000000000c59581
kernel: RDX: ffff88021dc54780 RSI: 0000000000000000 RDI: ffff88020339b500
kernel: RBP: ffff8800c2467a80 R08: 0000000000018ac0 R09: ffffffffa0509eb6
kernel: R10: ffffea0007ea3f80 R11: ffff8801fa8fec00 R12: 0000000000000000
kernel: R13: 0000000000000000 R14: 0000000000200001 R15: 0000000000000080
kernel: FS: 00007f9507e18940(0000) GS:ffff88022dc40000(0000) knlGS:0000000000000000
kernel: CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
kernel: CR2: 0000000000000060 CR3: 00000000c7ef9000 CR4: 00000000003406e0
kernel: DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
kernel: DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
kernel: Stack:
kernel: ffff88022327c600 ffff88021dc7a000 0000000000000000 0000000000200001
kernel: 0000000000000080 ffff8800c2467aa0 ffffffffa07951b3 000000008133f84f
kernel: ffff8800c2467c48 ffff8800c2467c18 ffffffff8133f796 ffff88021dc7a060
kernel: Call Trace:
kernel: [<ffffffffa07951b3>] intel_fbdev_set_par+0x43/0x60 [i915]
kernel: [<ffffffff8133f796>] fb_set_var+0x236/0x460
kernel: [<ffffffff811f50a6>] ? do_sys_poll+0x146/0x570
kernel: [<ffffffff810ab49d>] ? update_curr+0x7d/0x180
kernel: [<ffffffff8133643f>] fbcon_blank+0x30f/0x350
kernel: [<ffffffff8109faf9>] ? ttwu_do_wakeup+0x19/0x100
kernel: [<ffffffff813b2c43>] do_unblank_screen+0xc3/0x190
kernel: [<ffffffff813a8bd9>] complete_change_console+0x59/0xe0
kernel: [<ffffffff813a9370>] vt_ioctl+0x710/0x12e0
kernel: [<ffffffffa04f4db8>] ? drm_dropmaster_ioctl+0x68/0x80 [drm]
kernel: [<ffffffffa04f07e9>] ? drm_ioctl+0x189/0x540 [drm]
kernel: [<ffffffff8139d481>] tty_ioctl+0x361/0xc30
kernel: [<ffffffff8125ba91>] ? kernfs_fop_write+0xa1/0x170
kernel: [<ffffffff811e0d07>] ? __vfs_write+0x37/0x100
kernel: [<ffffffff811f31f8>] do_vfs_ioctl+0x298/0x480
kernel: [<ffffffff811fd297>] ? __fget+0x77/0xb0
kernel: [<ffffffff811f3459>] SyS_ioctl+0x79/0x90
kernel: [<ffffffff81596d6e>] entry_SYSCALL_64_fastpath+0x12/0x6d
kernel: Code: 41 5f 5d c3 90 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 55 48 89 e5 41 57 41 56 41 55 41 54 41 89 f5 53 4c 8b 67 08 48 89 fb <41> 8b 44 24 60 4d 8b 74 24 28 83 f8 01 74 58 8b b3 5c 01 00 00
kernel: RIP [<ffffffffa078b64c>] intel_fb_obj_invalidate+0x1c/0xf0 [i915]
kernel: RSP <ffff8800c2467a58>
kernel: CR2: 0000000000000060
kernel: ---[ end trace 2ad3c1c199e798ed ]---
--
main(a){char*c=/* Schoene Gruesse */"B?IJj;MEH"
"CX:;",b;for(a/* Best regards my address: */=0;b=c[a++];)
putchar(b-1/(/* Chris cc -ox -xc - && ./x */b/42*2-3)*42);}
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 473 bytes
Desc: OpenPGP digital signature
URL: <https://lists.freedesktop.org/archives/intel-gfx/attachments/20160302/da3a1252/attachment-0001.sig>
More information about the Intel-gfx
mailing list