i915: NULL pointer dereference in i915_update_dri1_breadcrumb() duringshutdown
From: Eugene Shatokhin
Date: Tue Dec 10 2013 - 03:28:29 EST
Hi,
I have recently observed a NULL pointer dereference in i915 driver on my
Eee PC running ROSA Linux with kernel 3.10.21.
The crash occurs during shutdown but quite rarely, not each time.
The system log is lost but here is what I extracted from the info
displayed on the screen.
NULL pointer dereference at 0x4
EIP is at i915_update_dri1_breadcrumb+0x25/0x70
comm: systemd-journal
i915_update_dri1_breadcrumb+0x25:
mov 0x4(%eax),%ebx // %eax contains 0, the list of register values
confirms that.
That is the reading of 'master_priv->sarea_priv':
void i915_update_dri1_breadcrumb(struct drm_device *dev)
{
drm_i915_private_t *dev_priv = dev->dev_private;
struct drm_i915_master_private *master_priv;
if (dev->primary->master) {
master_priv = dev->primary->master->driver_priv;
if (master_priv->sarea_priv) // <<< crashes here
master_priv->sarea_priv->last_dispatch =
READ_BREADCRUMB(dev_priv);
}
}
addr2line points to the same line too.
So, i915_update_dri1_breadcrumb() was called somehow when
dev->primary->master->driver_priv was NULL already. A race with
i915_master_destroy() or something else?
Hardware info, from the output of lspci -vnn:
------------------------------
00:02.0 VGA compatible controller [0300]: Intel Corporation Atom
Processor D4xx/D5xx/N4xx/N5xx Integrated Graphics Controller [8086:a011]
(prog-if 00 [VGA controller])
Subsystem: ASUSTeK Computer Inc. Device [1043:83ac]
Flags: bus master, fast devsel, latency 0, IRQ 44
Memory at f7e00000 (32-bit, non-prefetchable) [size=512K]
I/O ports at dc00 [size=8]
Memory at d0000000 (32-bit, prefetchable) [size=256M]
Memory at f7d00000 (32-bit, non-prefetchable) [size=1M]
Expansion ROM at <unassigned> [disabled]
Capabilities: [90] MSI: Enable+ Count=1/1 Maskable- 64bit-
Capabilities: [d0] Power Management version 2
Kernel driver in use: i915
------------------------------
Regards,
Eugene
--
Eugene Shatokhin, ROSA Laboratory.
www.rosalab.com
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/