Bug 94891

Summary: BUG: unable to handle kernel NULL pointer dereference
Product: DRI Reporter: Kai Heitkamp <dynup>
Component: DRM/RadeonAssignee: Default DRI bug account <dri-devel>
Status: RESOLVED FIXED QA Contact:
Severity: normal    
Priority: medium CC: trek00
Version: unspecified   
Hardware: x86-64 (AMD64)   
OS: Linux (All)   
Whiteboard:
i915 platform: i915 features:

Description Kai Heitkamp 2016-04-11 11:05:49 UTC
Apr 11 11:33:39 lmde kernel: [   58.353082] BUG: unable to handle kernel NULL pointer dereference at 0000000000000008
Apr 11 11:33:39 lmde kernel: [   58.353140] IP: [<ffffffffa033ac3d>] radeon_fence_ref+0xd/0x50 [radeon]
Apr 11 11:33:39 lmde kernel: [   58.353205] PGD 0 
Apr 11 11:33:39 lmde kernel: [   58.353219] Oops: 0002 [#1] SMP 
Apr 11 11:33:39 lmde kernel: [   58.353242] Modules linked in: cfg80211 bnep bluetooth 6lowpan_iphc rfkill cpufreq_stats cpufreq_conservative cpufreq_powersave cpufreq_userspace binfmt_misc fuse ecryptfs lp dm_crypt uinput joydev ppdev kvm_amd kvm snd_hda_codec_realtek snd_hda_codec_hdmi snd_hda_codec_generic pcspkr snd_hda_intel edac_mce_amd k10temp snd_hda_controller edac_core serio_raw snd_hda_codec snd_hwdep snd_pcm snd_timer snd acpi_cpufreq parport_pc sp5100_tco parport soundcore evdev processor i2c_piix4 shpchp thermal_sys ext4 crc16 mbcache jbd2 dm_mirror dm_region_hash dm_log dm_mod hid_generic usbhid hid sr_mod cdrom sg sd_mod crc_t10dif crct10dif_generic crct10dif_common ohci_pci r8169 mii ata_generic pata_jmicron ahci libahci radeon i2c_algo_bit ttm drm_kms_helper firewire_ohci drm firewire_core crc_itu_t i2c_core ohci_hcd ehci_pci libata xhci_hcd ehci_hcd scsi_mod usbcore usb_common wmi button
Apr 11 11:33:39 lmde kernel: [   58.353811] CPU: 3 PID: 2490 Comm: Xorg Not tainted 3.16.0-4-amd64 #1 Debian 3.16.7-ckt25-1
Apr 11 11:33:39 lmde kernel: [   58.353860] Hardware name: Gigabyte Technology Co., Ltd. GA-870A-UD3/GA-870A-UD3, BIOS FEe 10/17/2011
Apr 11 11:33:39 lmde kernel: [   58.353914] task: ffff8802229a4960 ti: ffff880225d24000 task.ti: ffff880225d24000
Apr 11 11:33:39 lmde kernel: [   58.353957] RIP: 0010:[<ffffffffa033ac3d>]  [<ffffffffa033ac3d>] radeon_fence_ref+0xd/0x50 [radeon]
Apr 11 11:33:39 lmde kernel: [   58.354027] RSP: 0018:ffff880225d27b18  EFLAGS: 00010292
Apr 11 11:33:39 lmde kernel: [   58.354059] RAX: 0000000000000000 RBX: ffff8800cf86d5f8 RCX: ffff8800cf86cd08
Apr 11 11:33:39 lmde kernel: [   58.354100] RDX: 0000000000000001 RSI: 0000000000000000 RDI: 0000000000000000
Apr 11 11:33:39 lmde kernel: [   58.354141] RBP: ffff8800cf86d550 R08: ffff8800cf86c000 R09: 0000000000000000
Apr 11 11:33:39 lmde kernel: [   58.354183] R10: 0000000000000002 R11: ffff880225d27e08 R12: 0000000000000020
Apr 11 11:33:39 lmde kernel: [   58.354224] R13: ffff880225d27be0 R14: ffff880225d27bb0 R15: ffff8800cf86d5f8
Apr 11 11:33:39 lmde kernel: [   58.354266] FS:  00007f014cd7c980(0000) GS:ffff88022fcc0000(0000) knlGS:00000000f5fadb40
Apr 11 11:33:39 lmde kernel: [   58.354313] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
Apr 11 11:33:39 lmde kernel: [   58.354346] CR2: 0000000000000008 CR3: 00000002251d4000 CR4: 00000000000007e0
Apr 11 11:33:39 lmde kernel: [   58.354388] Stack:
Apr 11 11:33:39 lmde kernel: [   58.354400]  ffffffffa039b0bc 0020000000053a60 0000566000000100 ffff880225d27cd0
Apr 11 11:33:39 lmde kernel: [   58.354448]  ffff8800cf86c000 ffff8802229a4960 ffff8802229a4960 ffff8800c9de5e10
Apr 11 11:33:39 lmde kernel: [   58.354496]  0000000000000000 0000000000000000 0000000000000000 0000000000000000
Apr 11 11:33:39 lmde kernel: [   58.354544] Call Trace:
Apr 11 11:33:39 lmde kernel: [   58.354578]  [<ffffffffa039b0bc>] ? radeon_sa_bo_new+0x25c/0x460 [radeon]
Apr 11 11:33:39 lmde kernel: [   58.354633]  [<ffffffffa034ff3e>] ? radeon_ib_get+0x2e/0xd0 [radeon]
Apr 11 11:33:39 lmde kernel: [   58.354684]  [<ffffffffa035247c>] ? radeon_cs_ioctl+0x13c/0x730 [radeon]
Apr 11 11:33:39 lmde kernel: [   58.354732]  [<ffffffffa019e8b7>] ? drm_ioctl+0x1c7/0x5b0 [drm]
Apr 11 11:33:39 lmde kernel: [   58.354771]  [<ffffffff8101d6c9>] ? init_fpu+0x49/0xa0
Apr 11 11:33:39 lmde kernel: [   58.354803]  [<ffffffff812b2f68>] ? timerqueue_add+0x58/0xa0
Apr 11 11:33:39 lmde kernel: [   58.354847]  [<ffffffffa031f046>] ? radeon_drm_ioctl+0x46/0x80 [radeon]
Apr 11 11:33:39 lmde kernel: [   58.354888]  [<ffffffff811bacdf>] ? do_vfs_ioctl+0x2cf/0x4b0
Apr 11 11:33:39 lmde kernel: [   58.354923]  [<ffffffff81407705>] ? __sys_recvmsg+0x65/0x80
Apr 11 11:33:39 lmde kernel: [   58.354957]  [<ffffffff811baf41>] ? SyS_ioctl+0x81/0xa0
Apr 11 11:33:39 lmde kernel: [   58.354990]  [<ffffffff81514a0d>] ? system_cal
Comment 1 Trek 2016-05-06 12:12:03 UTC
I think to have caught the same bug, dragging some text in firefox

amd a4-4000 processor with radeon 7480d
Debian jessie+backports, mesa 11.1.3, libdrm 2.4.67, linux 3.16.7-ckt25

(--) RADEON(0): Chipset: "ARUBA" (ChipID = 0x9993)


first crash log:

May  6 13:36:51 illusion kernel: [ 1436.382236] BUG: unable to handle kernel NULL pointer dereference at 0000000000000008
May  6 13:36:51 illusion kernel: [ 1436.382280] IP: [<ffffffffa035fc3d>] radeon_fence_ref+0xd/0x50 [radeon]
May  6 13:36:51 illusion kernel: [ 1436.382333] PGD 0 
May  6 13:36:51 illusion kernel: [ 1436.382343] Oops: 0002 [#1] SMP 
May  6 13:36:51 illusion kernel: [ 1436.382360] Modules linked in: ipt_REJECT xt_owner xt_tcpudp xt_LOG xt_limit xt_conntrack iptable_mangle iptable_nat nf_conntrack_ipv4 nf_defrag_ipv4 nf_nat_ipv4 nf_nat nf_conntrack iptable_filter ip_tables x_tables nls_utf8 nls_cp437 vfat it87 hwmon_vid fat fuse sha256_ssse3 sha256_generic dm_crypt dm_mod eeepc_wmi asus_wmi sparse_keymap rfkill snd_hda_codec_realtek snd_hda_codec_generic snd_hda_codec_hdmi kvm_amd kvm crc32_pclmul aesni_intel aes_x86_64 lrw gf128mul glue_helper ablk_helper cryptd shpchp evdev snd_hda_intel snd_hda_controller snd_hda_codec efi_pstore snd_hwdep radeon pcspkr serio_raw efivars k10temp snd_pcm i2c_piix4 snd_timer ttm drm_kms_helper snd drm soundcore i2c_algo_bit i2c_core acpi_cpufreq tpm_infineon video wmi tpm_tis tpm processor button thermal_sys ext4 crc16 mbcache jbd2 raid1 md_mod sg sd_mod crc_t10dif crct10dif_generic hid_generic usbhid hid ohci_pci crct10dif_pclmul crct10dif_common crc32c_intel r8169 mii ohci_hcd ehci_pci ehci_hcd xhci_hcd ahci libahci libata usbcore usb_common scsi_mod
May  6 13:36:51 illusion kernel: [ 1436.382836] CPU: 0 PID: 2248 Comm: Xorg Not tainted 3.16.0-4-amd64 #1 Debian 3.16.7-ckt25-1
May  6 13:36:51 illusion kernel: [ 1436.382870] Hardware name: System manufacturer System Product Name/A88XM-E, BIOS 0801 07/15/2014
May  6 13:36:51 illusion kernel: [ 1436.382904] task: ffff88021312c0d0 ti: ffff880213ac4000 task.ti: ffff880213ac4000
May  6 13:36:51 illusion kernel: [ 1436.382933] RIP: 0010:[<ffffffffa035fc3d>]  [<ffffffffa035fc3d>] radeon_fence_ref+0xd/0x50 [radeon]
May  6 13:36:51 illusion kernel: [ 1436.382979] RSP: 0018:ffff880213ac7b18  EFLAGS: 00010292
May  6 13:36:51 illusion kernel: [ 1436.383000] RAX: 0000000000000000 RBX: ffff880036b8d5f8 RCX: ffff880036b8cd08
May  6 13:36:51 illusion kernel: [ 1436.383027] RDX: 0000000000000001 RSI: 0000000000000000 RDI: 0000000000000000
May  6 13:36:51 illusion kernel: [ 1436.383054] RBP: ffff880036b8d550 R08: ffff880036b8c000 R09: 0000000000000000
May  6 13:36:51 illusion kernel: [ 1436.383082] R10: 0000000000000002 R11: ffff880213ac7e08 R12: 0000000000000020
May  6 13:36:51 illusion kernel: [ 1436.383109] R13: ffff880213ac7be0 R14: ffff880213ac7bb0 R15: ffff880036b8d5f8
May  6 13:36:51 illusion kernel: [ 1436.383137] FS:  00007fc64e0bb980(0000) GS:ffff88021ec00000(0000) knlGS:0000000000000000
May  6 13:36:51 illusion kernel: [ 1436.384649] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
May  6 13:36:51 illusion kernel: [ 1436.386161] CR2: 0000000000000008 CR3: 0000000213a66000 CR4: 00000000000407f0
May  6 13:36:51 illusion kernel: [ 1436.387685] Stack:
May  6 13:36:51 illusion kernel: [ 1436.389191]  ffffffffa03c00bc 002000000002d8c0 0000f2a000000100 ffff880213ac7cd0
May  6 13:36:51 illusion kernel: [ 1436.390726]  ffff880036b8c000 ffff88021312c0d0 ffff88021312c0d0 0000000000000001
May  6 13:36:51 illusion kernel: [ 1436.392278]  0000000000000000 0000000000000000 0000000000000000 0000000000000000
May  6 13:36:51 illusion kernel: [ 1436.393834] Call Trace:
May  6 13:36:51 illusion kernel: [ 1436.395381]  [<ffffffffa03c00bc>] ? radeon_sa_bo_new+0x25c/0x460 [radeon]
May  6 13:36:51 illusion kernel: [ 1436.396936]  [<ffffffffa0374f3e>] ? radeon_ib_get+0x2e/0xd0 [radeon]
May  6 13:36:51 illusion kernel: [ 1436.398479]  [<ffffffffa037747c>] ? radeon_cs_ioctl+0x13c/0x730 [radeon]
May  6 13:36:51 illusion kernel: [ 1436.400014]  [<ffffffffa02b28b7>] ? drm_ioctl+0x1c7/0x5b0 [drm]
May  6 13:36:51 illusion kernel: [ 1436.401533]  [<ffffffff811571d9>] ? shmem_truncate_range+0x19/0x30
May  6 13:36:51 illusion kernel: [ 1436.403059]  [<ffffffffa0344046>] ? radeon_drm_ioctl+0x46/0x80 [radeon]
May  6 13:36:51 illusion kernel: [ 1436.404572]  [<ffffffff811bacdf>] ? do_vfs_ioctl+0x2cf/0x4b0
May  6 13:36:51 illusion kernel: [ 1436.406078]  [<ffffffff810852e1>] ? task_work_run+0x91/0xb0
May  6 13:36:51 illusion kernel: [ 1436.407585]  [<ffffffff811baf41>] ? SyS_ioctl+0x81/0xa0
May  6 13:36:51 illusion kernel: [ 1436.409096]  [<ffffffff81514a0d>] ? system_call_fast_compare_end+0x10/0x15
May  6 13:36:51 illusion kernel: [ 1436.410624] Code: e4 48 8b 3b 89 c1 89 ea 48 c7 c6 80 f6 44 a0 31 c0 e8 68 17 04 e1 eb cb 66 0f 1f 44 00 00 66 66 66 66 90 48 89 f8 ba 01 00 00 00 <f0> 0f c1 57 08 83 c2 01 83 fa 01 7e 01 c3 80 3d 0e 43 11 00 00 
May  6 13:36:51 illusion kernel: [ 1436.413886] RIP  [<ffffffffa035fc3d>] radeon_fence_ref+0xd/0x50 [radeon]
May  6 13:36:51 illusion kernel: [ 1436.415509]  RSP <ffff880213ac7b18>
May  6 13:36:51 illusion kernel: [ 1436.417113] CR2: 0000000000000008
May  6 13:36:51 illusion kernel: [ 1436.424690] ---[ end trace 6ff48a6a8b3b834b ]---


other crash log:

May  6 13:47:55 illusion kernel: [   79.715856] BUG: unable to handle kernel NULL pointer dereference at 0000000000000008
May  6 13:47:55 illusion kernel: [   79.715903] IP: [<ffffffffa0315c3d>] radeon_fence_ref+0xd/0x50 [radeon]
May  6 13:47:55 illusion kernel: [   79.715959] PGD 0 
May  6 13:47:55 illusion kernel: [   79.715970] Oops: 0002 [#1] SMP 
May  6 13:47:55 illusion kernel: [   79.715988] Modules linked in: ipt_REJECT xt_owner xt_tcpudp xt_LOG xt_limit xt_conntrack iptable_mangle iptable_nat nf_conntrack_ipv4 nf_defrag_ipv4 nf_nat_ipv4 nf_nat nf_conntrack iptable_filter nls_utf8 nls_cp437 ip_tables x_tables it87 hwmon_vid vfat fat fuse sha256_ssse3 sha256_generic dm_crypt dm_mod eeepc_wmi asus_wmi sparse_keymap rfkill snd_hda_codec_realtek snd_hda_codec_generic snd_hda_codec_hdmi kvm_amd kvm crc32_pclmul aesni_intel aes_x86_64 lrw gf128mul glue_helper ablk_helper cryptd efi_pstore snd_hda_intel snd_hda_controller snd_hda_codec snd_hwdep k10temp efivars pcspkr snd_pcm snd_timer snd soundcore evdev i2c_piix4 shpchp serio_raw radeon ttm drm_kms_helper drm wmi i2c_algo_bit i2c_core tpm_infineon tpm_tis video tpm button acpi_cpufreq processor thermal_sys ext4 crc16 mbcache jbd2 raid1 md_mod hid_generic sg sd_mod crc_t10dif crct10dif_generic usbhid hid ohci_pci crct10dif_pclmul crct10dif_common crc32c_intel r8169 mii ehci_pci ohci_hcd xhci_hcd ehci_hcd ahci libahci usbcore usb_common libata scsi_mod
May  6 13:47:55 illusion kernel: [   79.716495] CPU: 1 PID: 2249 Comm: Xorg Not tainted 3.16.0-4-amd64 #1 Debian 3.16.7-ckt25-1
May  6 13:47:55 illusion kernel: [   79.716530] Hardware name: System manufacturer System Product Name/A88XM-E, BIOS 0801 07/15/2014
May  6 13:47:55 illusion kernel: [   79.716566] task: ffff880215b08010 ti: ffff8802162d8000 task.ti: ffff8802162d8000
May  6 13:47:55 illusion kernel: [   79.716597] RIP: 0010:[<ffffffffa0315c3d>]  [<ffffffffa0315c3d>] radeon_fence_ref+0xd/0x50 [radeon]
May  6 13:47:55 illusion kernel: [   79.716647] RSP: 0018:ffff8802162dbb18  EFLAGS: 00010292
May  6 13:47:55 illusion kernel: [   79.716669] RAX: 0000000000000000 RBX: ffff880036b9d5f8 RCX: ffff880036b9cd08
May  6 13:47:55 illusion kernel: [   79.716699] RDX: 0000000000000001 RSI: 0000000000000000 RDI: 0000000000000000
May  6 13:47:55 illusion kernel: [   79.716728] RBP: ffff880036b9d550 R08: ffff880036b9c000 R09: 0000000000000000
May  6 13:47:55 illusion kernel: [   79.716757] R10: 0000000000000002 R11: ffff8802162dbe08 R12: 0000000000000020
May  6 13:47:55 illusion kernel: [   79.716786] R13: ffff8802162dbbe0 R14: ffff8802162dbbb0 R15: ffff880036b9d5f8
May  6 13:47:55 illusion kernel: [   79.716816] FS:  00007fc86aed3980(0000) GS:ffff88021ec80000(0000) knlGS:0000000000000000
May  6 13:47:55 illusion kernel: [   79.718434] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
May  6 13:47:55 illusion kernel: [   79.720051] CR2: 0000000000000008 CR3: 0000000213b38000 CR4: 00000000000407e0
May  6 13:47:55 illusion kernel: [   79.721681] Stack:
May  6 13:47:55 illusion kernel: [   79.723296]  ffffffffa03760bc 002000000006a4c0 0000f2a000000100 ffff8802162dbcd0
May  6 13:47:55 illusion kernel: [   79.724938]  ffff880036b9c000 ffff880215b08010 ffff880215b08010 0000000000000001
May  6 13:47:55 illusion kernel: [   79.726597]  0000000000000000 0000000000000000 0000000000000000 0000000000000000
May  6 13:47:55 illusion kernel: [   79.728258] Call Trace:
May  6 13:47:55 illusion kernel: [   79.729913]  [<ffffffffa03760bc>] ? radeon_sa_bo_new+0x25c/0x460 [radeon]
May  6 13:47:55 illusion kernel: [   79.731581]  [<ffffffffa032af3e>] ? radeon_ib_get+0x2e/0xd0 [radeon]
May  6 13:47:55 illusion kernel: [   79.733232]  [<ffffffffa032d47c>] ? radeon_cs_ioctl+0x13c/0x730 [radeon]
May  6 13:47:55 illusion kernel: [   79.734872]  [<ffffffffa02be8b7>] ? drm_ioctl+0x1c7/0x5b0 [drm]
May  6 13:47:55 illusion kernel: [   79.736497]  [<ffffffff813cbf71>] ? input_event_to_user+0x51/0xa0
May  6 13:47:55 illusion kernel: [   79.738119]  [<ffffffff810125b9>] ? do_signal+0x199/0xa10
May  6 13:47:55 illusion kernel: [   79.739736]  [<ffffffff8101e5c2>] ? __restore_xstate_sig+0x82/0x570
May  6 13:47:55 illusion kernel: [   79.741352]  [<ffffffffa049c6d9>] ? evdev_read+0x109/0x3b0 [evdev]
May  6 13:47:55 illusion kernel: [   79.742981]  [<ffffffffa02fa046>] ? radeon_drm_ioctl+0x46/0x80 [radeon]
May  6 13:47:55 illusion kernel: [   79.744610]  [<ffffffff811bacdf>] ? do_vfs_ioctl+0x2cf/0x4b0
May  6 13:47:55 illusion kernel: [   79.746252]  [<ffffffff81079765>] ? restore_altstack+0x15/0x30
May  6 13:47:55 illusion kernel: [   79.747898]  [<ffffffff81013056>] ? sys_rt_sigreturn+0xa6/0xb0
May  6 13:47:55 illusion kernel: [   79.749546]  [<ffffffff811baf41>] ? SyS_ioctl+0x81/0xa0
May  6 13:47:55 illusion kernel: [   79.751195]  [<ffffffff81514a0d>] ? system_call_fast_compare_end+0x10/0x15
May  6 13:47:55 illusion kernel: [   79.752845] Code: e4 48 8b 3b 89 c1 89 ea 48 c7 c6 80 56 40 a0 31 c0 e8 68 b7 08 e1 eb cb 66 0f 1f 44 00 00 66 66 66 66 90 48 89 f8 ba 01 00 00 00 <f0> 0f c1 57 08 83 c2 01 83 fa 01 7e 01 c3 80 3d 0e 43 11 00 00 
May  6 13:47:55 illusion kernel: [   79.756288] RIP  [<ffffffffa0315c3d>] radeon_fence_ref+0xd/0x50 [radeon]
May  6 13:47:55 illusion kernel: [   79.757954]  RSP <ffff8802162dbb18>
May  6 13:47:55 illusion kernel: [   79.759598] CR2: 0000000000000008
May  6 13:47:55 illusion kernel: [   79.767667] ---[ end trace 2b7760e180a03b61 ]---
Comment 2 Trek 2016-05-23 13:40:42 UTC
At least for me, it seems to be fixed by the latest debian kernel version:

https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=819881
Comment 3 Michel Dänzer 2016-05-24 02:29:00 UTC
I think all upstream stable branches affected by this should have a fix by now.

Use of freedesktop.org services, including Bugzilla, is subject to our Code of Conduct. How we collect and use information is described in our Privacy Policy.