57921 – NULL pointer dereference in radeon_bo_create

Bug 57921 - NULL pointer dereference in radeon_bo_create

Summary: NULL pointer dereference in radeon_bo_create

Status:	CLOSED OBSOLETE

Alias:	None

Product:	Drivers
Classification:	Unclassified
Component:	Video(DRI - non Intel) (show other bugs)
Hardware:	All Linux

Importance:	P1 normal
Assignee:	drivers_video-dri

URL:
Keywords:

Depends on:
Blocks:

Reported:	2013-05-10 00:40 UTC by Luke-Jr
Modified:	2013-11-13 20:39 UTC (History)
CC List:	2 users (show)

See Also:
Kernel Version:	3.9.0
Subsystem:
Regression:	No
Bisected commit-id:

Attachments
Full dmesg (13.87 KB, text/plain) 2013-05-10 00:40 UTC, Luke-Jr	Details
kernel patch by workaround VBIOS issue (35 bytes, text/plain) 2013-05-10 00:40 UTC, Luke-Jr	Details
Add an attachment (proposed patch, testcase, etc.)

Description Luke-Jr 2013-05-10 00:40:15 UTC

Created attachment 101041 [details]
Full dmesg

This might be invalid, as I'm a kernel newbie trying to workaround a host issue with my hacky patch, but it *seems* to be unrelated to that issue. Any pointers would be welcome.

[  133.921546] BUG: unable to handle kernel NULL pointer dereference at 00000020
[  133.922104] IP: [<f80efb94>] drm_pcie_get_speed_cap_mask+0x24/0xc0 [drm]
[  133.922104] *pde = 00000000 
[  133.922104] Oops: 0000 [#1] PREEMPT SMP 
[  133.922104] Modules linked in: radeon(+) ipv6 hwmon drm_kms_helper ttm drm evdev 8250 serial_core sr_mod i2c_piix4 button i2c_algo_bit cdrom psmouse [last unloaded: radeon]
[  133.922104] Pid: 4983, comm: modprobe Not tainted 3.9.0-gentoo #5 Bochs Bochs
[  133.922104] EIP: 0060:[<f80efb94>] EFLAGS: 00010286 CPU: 0
[  133.922104] EIP is at drm_pcie_get_speed_cap_mask+0x24/0xc0 [drm]
[  133.922104] EAX: f6a96000 EBX: f4073c30 ECX: 00000000 EDX: f4073c30
[  133.922104] ESI: 00000000 EDI: f6b5b070 EBP: f4073c24 ESP: f4073c00
[  133.922104]  DS: 007b ES: 007b FS: 00d8 GS: 0033 SS: 0068
[  133.922104] CR0: 8005003b CR2: 00000020 CR3: 361d8000 CR4: 000006d0
[  133.922104] DR0: 00000000 DR1: 00000000 DR2: 00000000 DR3: 00000000
[  133.922104] DR6: ffff0ff0 DR7: 00000400
[  133.922104] Process modprobe (pid: 4983, ti=f4072000 task=f6b325d0 task.ti=f4072000)
[  133.922104] Stack:
[  133.922104]  f4073c4c f8828415 00000001 f63ca614 00000001 00000000 00000000 f41e0000
[  133.922104]  ffffffff f4073c3c f886e79d 00001000 00000000 f41e0000 f41e0000 f4073c80
[  133.922104]  f886e8c0 00000000 f6b5b070 f4073c68 f8829403 00000001 00000004 00000000
[  133.922104] Call Trace:
[  133.922104]  [<f8828415>] ? radeon_bo_create+0x145/0x180 [radeon]
[  133.922104]  [<f886e79d>] evergreen_pcie_gen2_enable+0x8d/0x1a0 [radeon]
[  133.922104]  [<f886e8c0>] evergreen_startup+0x10/0x1970 [radeon]
[  133.922104]  [<f8829403>] ? radeon_gart_table_vram_alloc+0x53/0x60 [radeon]
[  133.922104]  [<f8853eb9>] ? r600_pcie_gart_init+0x59/0x60 [radeon]
[  133.922104]  [<f887039c>] evergreen_init+0x17c/0x290 [radeon]
[  133.922104]  [<f8813559>] radeon_device_init+0x559/0x610 [radeon]
[  133.922104]  [<f8812180>] ? cail_mc_write+0x20/0x20 [radeon]
[  133.922104]  [<f8814dd8>] radeon_driver_load_kms+0x78/0x120 [radeon]
[  133.922104]  [<f80efd5b>] drm_get_pci_dev+0x12b/0x240 [drm]
[  133.922104]  [<f88120e1>] radeon_pci_probe+0x81/0xa0 [radeon]
[  133.922104]  [<c120efdb>] pci_device_probe+0x7b/0xc0
[  133.922104]  [<c129207c>] driver_probe_device+0x5c/0x1e0
[  133.922104]  [<c120e6da>] ? pci_match_device+0xaa/0xc0
[  133.922104]  [<c1292289>] __driver_attach+0x89/0x90
[  133.922104]  [<c1292200>] ? driver_probe_device+0x1e0/0x1e0
[  133.922104]  [<c1290a82>] bus_for_each_dev+0x42/0x70
[  133.922104]  [<c1291c7c>] driver_attach+0x1c/0x30
[  133.922104]  [<c1292200>] ? driver_probe_device+0x1e0/0x1e0
[  133.922104]  [<c129186c>] bus_add_driver+0xcc/0x220
[  133.922104]  [<c120ee90>] ? pci_dev_put+0x20/0x20
[  133.922104]  [<c1292715>] driver_register+0x65/0x130
[  133.922104]  [<c120f0be>] __pci_register_driver+0x2e/0x40
[  133.922104]  [<f80eff65>] drm_pci_init+0xf5/0x100 [drm]
[  133.922104]  [<f88ba052>] radeon_init+0x52/0x6f [radeon]
[  133.922104]  [<c100113f>] do_one_initcall+0x2f/0x170
[  133.922104]  [<c10d765e>] ? __vunmap+0x6e/0xd0
[  133.922104]  [<f88ba000>] ? 0xf88b9fff
[  133.922104]  [<c1081ce4>] load_module+0x1ad4/0x2050
[  133.922104]  [<c10d5a93>] ? vmap_page_range_noflush+0x103/0x190
[  133.922104]  [<c11f83a0>] ? _copy_from_user+0x30/0x50
[  133.922104]  [<c10822da>] sys_init_module+0x7a/0xa0
[  133.922104]  [<c1397c60>] syscall_call+0x7/0xb
[  133.922104] Code: 90 90 90 90 90 90 90 55 89 e5 83 ec 24 89 5d f8 89 d3 89 75 fc c7 02 00 00 00 00 8b 80 f0 01 00 00 85 c0 74 10 8b 40 08 8b 70 1c <0f> b7 46 20 66 3d 66 11 75 0f b8 ea ff ff ff 8b 5d f8 8b 75 fc
[  133.922104] EIP: [<f80efb94>] drm_pcie_get_speed_cap_mask+0x24/0xc0 [drm] SS:ESP 0068:f4073c00
[  133.922104] CR2: 0000000000000020
[  133.977137] ---[ end trace 71ff26e878f5734b ]---

Comment 1 Luke-Jr 2013-05-10 00:40:46 UTC

Created attachment 101051 [details]
kernel patch by workaround VBIOS issue

Comment 2 Alex Deucher 2013-05-10 13:08:45 UTC

Does the driver work ok when not in a VM and without the patch?

Comment 3 Luke-Jr 2013-05-10 13:42:18 UTC

Yes.

Comment 4 Alex Deucher 2013-05-10 14:00:22 UTC

I suspect this may be an issue with DMA or vram access from the VM.  I'd double check your VM config.

Note You need to log in before you can comment on or make changes to this bug.