Created attachment 113251 [details] dmesg output Reported on bugzilla.novell.com https://bugzilla.novell.com/show_bug.cgi?id=838933 BUG() in gma500 driver is triggered after using a beamer at the external vga while trying shutdown. The bug has been reported on 3.11.0, still present on 3.12-rc7. [ 272.524903] kernel BUG at /home/abuild/rpmbuild/BUILD/kernel-desktop-3.12.rc7/linux-3.12-rc7/drivers/gpu/drm/drm_gem.c:757! [ 272.525621] invalid opcode: 0000 [#1] PREEMPT SMP [ 272.525978] Modules linked in: fuse ip6table_filter ip6_tables iptable_filter ip_tables x_tables af_packet tun bnep bluetooth snd_hda_codec_hdmi snd_hda_codec_realtek snd_hda_intel snd_hda_codec snd_hwdep snd_pcm eeepc_wmi asus_wmi iTCO_wdt sparse_keymap iTCO_vendor_support snd_seq arc4 snd_timer snd_seq_device ath9k uvcvideo mac80211 coretemp snd videobuf2_core videodev ath9k_common videobuf2_vmalloc videobuf2_memops ath9k_hw ath joydev pcspkr cfg80211 serio_raw i2c_i801 rfkill soundcore sg snd_page_alloc lpc_ich mfd_core atl1c shpchp battery wmi ac acpi_cpufreq button autofs4 gma500_gfx drm_kms_helper drm i2c_algo_bit thermal video processor thermal_sys scsi_dh_rdac scsi_dh_hp_sw scsi_dh_emc scsi_dh_alua scsi_dh [ 272.531118] CPU: 0 PID: 626 Comm: Xorg Not tainted 3.12.0-rc7-3.g5fe5110-desktop #1 [ 272.531613] Hardware name: ASUSTeK COMPUTER INC. X101CH/X101CH, BIOS X101CH.1203 07/30/2012 [ 272.532154] task: f58a4370 ti: e9c1e000 task.ti: e9c1e000 [ 272.532511] EIP: 0060:[<f7d0f84c>] EFLAGS: 00013246 CPU: 0 [ 272.532902] EIP is at drm_gem_object_free+0x1c/0x20 [drm] [ 272.533255] EAX: f4397468 EBX: f5d30000 ECX: 00000001 EDX: f5f2d400 [ 272.533661] ESI: 00000000 EDI: f5f2d400 EBP: e9c1fe70 ESP: e9c1fe2c [ 272.534067] DS: 007b ES: 007b FS: 00d8 GS: 00e0 SS: 0068 [ 272.534419] CR0: 8005003b CR2: b73e6010 CR3: 00bf0000 CR4: 000007f0 [ 272.534824] Stack: [ 272.534958] f7d54b91 7fffffc0 72dc9b80 f68cbb00 c02a0cd1 00000000 f68cba40 c0264ebf [ 272.535591] 00000000 00000000 f5f2d400 00070080 00070084 72cd648e f5e505c0 00000000 [ 272.536214] 00000000 f7d54ad0 f7c7c3c9 00000000 00000000 f5e9b5c0 f5f2d400 f5e9b5c0 [ 272.536836] Call Trace: [ 272.537041] [<f7d54b91>] gma_crtc_cursor_set+0xc1/0x410 [gma500_gfx] [ 272.537503] [<f7c7c3c9>] drm_fb_helper_restore_fbdev_mode+0x79/0xb0 [drm_kms_helper] [ 272.538028] [<f7d53d51>] psb_lastclose+0x21/0x60 [gma500_gfx] [ 272.538460] [<f7d0e7fe>] drm_lastclose+0x3e/0x190 [drm] [ 272.538851] [<f7d0ed14>] drm_release+0x384/0x540 [drm] [ 272.539214] [<c035f75c>] __fput+0xac/0x1d0 [ 272.539499] [<c025e699>] task_work_run+0x89/0xa0 [ 272.539815] [<c0246443>] do_exit+0x263/0x950 [ 272.540107] [<c0246b8a>] do_group_exit+0x2a/0x80 [ 272.540421] [<c0246bef>] SyS_exit_group+0xf/0x10 [ 272.540736] [<c073700b>] syscall_call+0x7/0xb [ 272.541038] [<b72d216b>] 0xb72d216a [ 272.541273] Code: 00 e9 a9 4a 01 00 89 f6 8d bc 27 00 00 00 00 8b 50 08 8b 4a 14 83 f9 01 74 11 8b 92 ec 01 00 00 8b 52 74 85 d2 74 02 ff d2 f3 c3 <0f> 0b 66 90 f7 c1 ff 0f 00 00 0f 85 8f 00 00 00 57 8d 7a 10 f7 [ 272.557522] EIP: [<f7d0f84c>] drm_gem_object_free+0x1c/0x20 [drm] SS:ESP 0068:e9c1fe2c
I suppose we need to lock the struct_mutex around internal ref/unref. This goes for the other chips as well and is also needed in other various places (pipe_set_base() for instance). I'll look into it when I get some time. Thanks for the bug report Patrik
Created attachment 121131 [details] gma500 error
This error stil stable on 3.12.6-300.fc20.i686 anytime after logout from user session. Can be checked on Foxconn AT-5000 Series
Created attachment 121291 [details] Lock struct_mutex around cursor updates Please try this patch. Should take care of the problem.
Thanks, I'm try it and it's work! Please notify in which kernel version this patch will be applied.
Thanks for testing. It'll go into 3.14 and stable 3.13, 3.12 but after that I need to backport it. Not sure I'll do that.