Bug 23172

Summary: BUG: unable to handle kernel NULL pointer dereference at (null)
Product: Drivers Reporter: James Tan (jameztcc)
Component: Video(DRI - Intel)Assignee: drivers_video-dri-intel (drivers_video-dri-intel)
Status: CLOSED CODE_FIX    
Severity: blocking CC: akpm, chris, florian, nettxzl, subhashis3
Priority: P1    
Hardware: All   
OS: Linux   
Kernel Version: 2.6.35, 2.6.36 Subsystem:
Regression: No Bisected commit-id:
Attachments: Test for an initialised ringbuffer before use.

Description James Tan 2010-11-18 07:05:28 UTC 
Managed to get a dmesg from 2.6.36 due to time constraint. Not observed in 2.6.34.

Reproduced by building kernel + glxgears + other applications. Previously always reproducible when launching (powering up) a virtual machine from VM. Suspect high disk I/O related, but not sure. Screen, keyboard and mouse freezes. Only able to SSH in from remote pc.


full dmesg here: http://pastebin.com/qbPC9MrT

[  431.047729] BUG: unable to handle kernel NULL pointer dereference at (null)
[  431.047736] IP: [<(null)>] (null)
[  431.047740] *pdpt = 00000000222ea001 *pde = 0000000000000000 
[  431.047743] Oops: 0010 [#1] PREEMPT SMP 
[  431.047747] last sysfs file: /sys/devices/system/cpu/cpu0/cpufreq/scaling_cur_freq
[  431.047751] Modules linked in: wacom ipt_MASQUERADE iptable_nat nf_nat nf_conntrack_ipv4 nf_conntrack nf_defrag_ipv4 ip_tables x_tables vmnet vmblock vsock vmci vmmon coretemp firewire_sbp2 joydev arc4 ecb psmouse serio_raw firewire_ohci firewire_core crc_itu_t snd_hda_codec_analog pcmcia snd_hda_intel snd_hda_codec ohci1394 snd_hwdep ieee1394 yenta_socket pcmcia_rsrc pcmcia_core snd_pcm_oss snd_mixer_oss iwl3945 snd_pcm pcspkr snd_seq_dummy iwlcore snd_seq_oss mac80211 tg3 libphy cfg80211 snd_seq_midi tpm_infineon snd_rawmidi snd_seq_midi_event snd_seq snd_timer snd_seq_device btusb snd soundcore snd_page_alloc evdev
[  431.047789] 
[  431.047793] Pid: 10803, comm: glxgears Not tainted 2.6.36.11182010-2 #3 30C0/HP Compaq 6510b (KS284PA#UUF)
[  431.047796] EIP: 0060:[<00000000>] EFLAGS: 00210206 CPU: 0
[  431.047799] EIP is at 0x0
[  431.047801] EAX: f6c0b800 EBX: 00000000 ECX: f75fc014 EDX: f75fc014
[  431.047803] ESI: 00000000 EDI: 00000002 EBP: dd20feac ESP: dd20fe44
[  431.047806]  DS: 007b ES: 007b FS: 00d8 GS: 00e0 SS: 0068
[  431.047808] Process glxgears (pid: 10803, ti=dd20e000 task=e2073440 task.ti=dd20e000)
[  431.047810] Stack:
[  431.047811]  c03188c4 c02fa66c 00000002 f6c0b800 f75fc000 f6c0b814 f8489898 00000000
[  431.047816] <0> f5d90a00 00000000 00000000 00000001 00000002 00000018 c0671974 0000004b
[  431.047821] <0> dd0e7940 c02ecbaf dd20feac 00000001 bfeb6744 4018644b f6c0b800 c02fa2ed
[  431.047826] Call Trace:
[  431.047832]  [<c03188c4>] ? intel_ring_advance+0xe/0xf
[  431.047836]  [<c02fa66c>] ? i915_cmdbuffer+0x37f/0x416
[  431.047843]  [<c02ecbaf>] ? drm_ioctl+0x245/0x2e5
[  431.047845]  [<c02fa2ed>] ? i915_cmdbuffer+0x0/0x416
[  431.047850]  [<c01864a4>] ? do_wp_page+0x6e3/0x77f
[  431.047853]  [<c0187eb2>] ? handle_mm_fault+0x9d7/0xa72
[  431.047856]  [<c02ec96a>] ? drm_ioctl+0x0/0x2e5
[  431.047859]  [<c01ad95a>] ? do_vfs_ioctl+0x489/0x4cb
[  431.047863]  [<c049bb6d>] ? do_page_fault+0x223/0x286
[  431.047865]  [<c01ad9dd>] ? sys_ioctl+0x41/0x58
[  431.047869]  [<c0102893>] ? sysenter_do_call+0x12/0x22
[  431.047871] Code:  Bad EIP value.
[  431.047874] EIP: [<00000000>] 0x0 SS:ESP 0068:dd20fe44
[  431.047880] CR2: 0000000000000000
[  431.047882] ---[ end trace 8526e8579e498514 ]---
Comment 1 Chris Wilson 2010-12-16 14:50:03 UTC 
*** Bug 19892 has been marked as a duplicate of this bug. ***
Comment 2 Chris Wilson 2010-12-16 15:05:22 UTC 
*** Bug 23702 has been marked as a duplicate of this bug. ***
Comment 3 Chris Wilson 2011-01-18 14:21:03 UTC 
Created attachment 44062 [details]
Test for an initialised ringbuffer before use.
Comment 4 Chris Wilson 2011-01-24 14:09:18 UTC 
Applied to -fixes and pull request duly sent:

commit e8616b6ced6137085e6657cc63bc2fe3900b8616
Author: Chris Wilson <chris@chris-wilson.co.uk>
Date:   Thu Jan 20 09:57:11 2011 +0000

    drm/i915: Initialise ring vfuncs for old DRI paths
    
    We weren't setting up the vfunc table when initialising the old DRI
    ringbuffer, leading to such OOPSes as:
...