12972 – Kernel oops in intel_tv_set_property (intel_tv.c)

Bug 12972 - Kernel oops in intel_tv_set_property (intel_tv.c)

Summary: Kernel oops in intel_tv_set_property (intel_tv.c)

Status:	RESOLVED CODE_FIX

Alias:	None

Product:	Drivers
Classification:	Unclassified
Component:	Video(Other) (show other bugs)
Hardware:	All Linux

Importance:	P1 high
Assignee:	drivers_video-other

URL:
Keywords:

Depends on:
Blocks:

Reported:	2009-03-29 19:33 UTC by Jens Weibler
Modified:	2009-04-18 11:51 UTC (History)
CC List:	1 user (show)

See Also:
Kernel Version:	2.6.29
Subsystem:
Regression:	No
Bisected commit-id:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Description Jens Weibler 2009-03-29 19:33:53 UTC

Since a week my X doesn't come up anymore. Because older kernel versions had the same problem (2.6.29-rc8) I assume it's a new xf86-video-intel driver.

I made a workaround in intel_tv.c - intel_tv_set_property:
return ret; directly after int reg = 0;
;)

Mar 29 20:19:42 jtb [   38.341208] BUG: unable to handle kernel NULL pointer dereference at 0000000000000148
Mar 29 20:19:42 jtb [   38.341213] IP: [<ffffffff81241d30>] intel_tv_mode_set+0x1b0/0x808
Mar 29 20:19:42 jtb [   38.341219] PGD 11babe067 PUD 11a293067 PMD 0
Mar 29 20:19:42 jtb [   38.341222] Oops: 0000 [#1] SMP
Mar 29 20:19:42 jtb [   38.341225] last sysfs file: /sys/class/firmware/0000:0c:00.0/loading
Mar 29 20:19:42 jtb [   38.341226] CPU 0
Mar 29 20:19:42 jtb [   38.341228] Modules linked in: uvcvideo e1000e uhci_hcd ehci_hcd snd_hda_codec_intelhdmi snd_hda_codec_idtsnd_hda_intel snd_hda_codec snd_pcm snd_page_alloc iwlagn iwlcore mac80211 cfg80211 btusb
Mar 29 20:19:42 jtb [   38.341239] Pid: 4951, comm: X Not tainted 2.6.29-03652-g5d80f8e #15 Latitude E6500
Mar 29 20:19:42 jtb [   38.341241] RIP: 0010:[<ffffffff81241d30>]  [<ffffffff81241d30>] intel_tv_mode_set+0x1b0/0x808
Mar 29 20:19:42 jtb [   38.341245] RSP: 0018:ffff88011a1afcc8  EFLAGS: 00010206
Mar 29 20:19:42 jtb [   38.341246] RAX: 00000000400000c0 RBX: 0000000000005140 RCX: 0000000080120001
Mar 29 20:19:42 jtb [   38.341248] RDX: 0000000000000000 RSI: 0000000080480022 RDI: 0000000000000087
Mar 29 20:19:42 jtb [   38.341249] RBP: ffff88011a1afd88 R08: 00000000000000f0 R09: 0000000000000006
Mar 29 20:19:42 jtb [   38.341251] R10: ffff88011fac9000 R11: ffffffff813effd0 R12: ffff88011eb14e40
Mar 29 20:19:42 jtb [   38.341253] R13: 0000000000000009 R14: 00000000000000c0 R15: ffffffff813f0d70
Mar 29 20:19:42 jtb [   38.341255] FS:  00007fa0008326f0(0000) GS:ffffffff815d2040(0000) knlGS:0000000000000000
Mar 29 20:19:42 jtb [   38.341257] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
Mar 29 20:19:42 jtb [   38.341258] CR2: 0000000000000148 CR3: 000000011dd18000 CR4: 00000000000026e0
Mar 29 20:19:42 jtb [   38.341260] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
Mar 29 20:19:42 jtb [   38.341262] DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000400
Mar 29 20:19:42 jtb [   38.341263] Process X (pid: 4951, threadinfo ffff88011a1ae000, task ffff88011fa860d0)
Mar 29 20:19:42 jtb [   38.341265] Stack:
Mar 29 20:19:42 jtb [   38.341266]  ffff88011a1afd58 0000007c810975b7 0000000000000000 ffff8801180d0f30
Mar 29 20:19:42 jtb [   38.341269]  ffff88011fac9000 ffff88011eb0c3a8 0000034400000040 0000001500000014
Mar 29 20:19:42 jtb [   38.341272]  0000000700000006 0000000a000000f0 00000009000000f0 0000000a000000f0
Mar 29 20:19:42 jtb [   38.341275] Call Trace:
Mar 29 20:19:42 jtb [   38.341276]  [<ffffffff8124290e>] intel_tv_set_property+0xa1/0xc9
Mar 29 20:19:42 jtb [   38.341279]  [<ffffffff8122abde>] drm_mode_connector_property_set_ioctl+0xf8/0x14e
Mar 29 20:19:42 jtb [   38.341283]  [<ffffffff812217d9>] drm_ioctl+0x1dd/0x265
Mar 29 20:19:42 jtb [   38.341285]  [<ffffffff8122aae6>] ? drm_mode_connector_property_set_ioctl+0x0/0x14e
Mar 29 20:19:42 jtb [   38.341289]  [<ffffffff810b6849>] vfs_ioctl+0x5f/0x78
Mar 29 20:19:42 jtb [   38.341292]  [<ffffffff810b6caf>] do_vfs_ioctl+0x44d/0x48d
Mar 29 20:19:42 jtb [   38.341294]  [<ffffffff810aaa9a>] ? fsnotify_modify+0x62/0x6a
Mar 29 20:19:42 jtb [   38.341297]  [<ffffffff810b6d44>] sys_ioctl+0x55/0x77
Mar 29 20:19:42 jtb [   38.341299]  [<ffffffff8102621b>] system_call_fastpath+0x16/0x1b
Mar 29 20:19:42 jtb [   38.341302] Code: 70 89 55 98 41 8b 5b 74 89 5d 9c 41 8b 43 78 48 8b 55 c0 89 45 a0 89 f8 41 8b 9b 88 00 00 00 41 8b bb 84 00 00 00 0d 00 00 00 40 <83> ba 48 01 00 00 01 44 0f 44 f0 45 0b 73 10 44 89 f0 0d 00 00
Mar 29 20:19:42 jtb [   38.341324] RIP  [<ffffffff81241d30>] intel_tv_mode_set+0x1b0/0x808
Mar 29 20:19:42 jtb [   38.341326]  RSP <ffff88011a1afcc8>
Mar 29 20:19:42 jtb [   38.341327] CR2: 0000000000000148
Mar 29 20:19:42 jtb [   38.341329] ---[ end trace e3109aa74bbce4af ]---

Comment 1 Mike Kelly 2009-04-07 04:33:44 UTC

I can also reproduce this under 2.6.29.1, but I couldn't under 2.6.29.

I might have upgraded some xorg stuff at the same time, though, so I'll have to do a little more testing.

Comment 2 Mike Kelly 2009-04-07 04:45:26 UTC

Correction, I can reproduce this in 2.6.29. So, it's related to some change between xf86-video-intel-2.6.3  / libdrm-2.4.5 and their current git heads (as of about 02:30 UTC today).

Comment 3 Jens Weibler 2009-04-18 11:51:58 UTC

Tried it again with 2.6.30-rc2, libdrm-2.4.6 and xf86-video-intel-2.7.0 - it's working now .

Note You need to log in before you can comment on or make changes to this bug.