linux-kernel.vger.kernel.org archive mirror
 help / color / mirror / Atom feed
* Regression in Linux next-20171113 with fbdev timer conversion
@ 2017-11-13 17:07 ` Tony Lindgren
  2017-11-13 17:24   ` Bartlomiej Zolnierkiewicz
  0 siblings, 1 reply; 3+ messages in thread
From: Tony Lindgren @ 2017-11-13 17:07 UTC (permalink / raw)
  To: Kees Cook, Bartlomiej Zolnierkiewicz
  Cc: Tomi Valkeinen, Daniel Vetter, Stephen Rothwell, linux-kernel, dri-devel

Hi,

Looks like next-20171113 now has a NULL pointe dereference with commit
6c78935777d1 ("video: fbdev: Convert timers to use timer_setup()").

See the error below, any ideas?

Regards,

Tony

8< ------------------
Unable to handle kernel NULL pointer dereference at virtual address 00000214
pgd = edfe4000
[00000214] *pgd=00000000
Internal error: Oops: 5 [#1] SMP ARM
...
CPU: 1 PID: 920 Comm: openrc-run.sh Not tainted 4.14.0-next-20171113+ #1911
Hardware name: Generic OMAP4 (Flattened Device Tree)
task: ed922000 task.stack: edc20000
PC is at _test_and_set_bit+0x20/0x48
LR is at queue_work_on+0x28/0x74
pc : [<c086f270>]    lr : [<c0155b78>]    psr: 60000193
sp : edc21e38  ip : 00000000  fp : c0d09168
r10: edb686bc  r9 : 00000001  r8 : c0544e4c
r7 : ee80f000  r6 : 00000002  r5 : 00000214  r4 : 20000113
r3 : 00000001  r2 : 00000001  r1 : 00000214  r0 : 00000000
Flags: nZCv  IRQs off  FIQs on  Mode SVC_32  ISA ARM  Segment none
Control: 10c5387d  Table: adfe404a  DAC: 00000051
Process openrc-run.sh (pid: 920, stack limit = 0xedc20218)
Stack: (0xedc21e38 to 0xedc22000)
1e20:                                                       edb686bc edb686bc
1e40: c0dc8588 00000100 c0544e4c c0544e6c c0dc7239 c01cc78c 00000001 00000000
1e60: c01cc6d0 00000000 00000000 00000000 00000001 c1505b74 c124c5f8 00000000
1e80: c0adfb54 00000000 c0544e4c edb686bc c0544e4c ef6b3700 edc20000 edc21ed8
1ea0: c0dc8588 c0d09168 edb686bc c01ccbbc ffff8fee 00000001 edc21ed8 c0d05d00
1ec0: ef6b3700 c0d0957c 00000100 c0dc8128 00000282 c01ccd94 00000000 c0d4675c
1ee0: 60000113 c0dc7132 c0d09168 c019f718 ffffe000 ffffffff c0d03084 edc20000
1f00: 00000001 c0dc7132 c0d09168 c0101714 c0d8821c c0dc720a 00000002 0000000a
1f20: ffff8fee 00400000 00000001 00000002 00000000 ffffe000 00000000 c0d0957c
1f40: 00000000 00000001 ee80d400 fa240100 c0d09854 c013fa6c c0c79160 c01adf54
1f60: fa24010c 000003eb 000003ff 00000000 edc21fb0 c0d88738 fa240100 c0101574
1f80: 00000006 fa241100 edc20000 b6f2e9bc 20000010 ffffffff 10c5387d 10c5387d
1fa0: 005169a0 00517240 005169a0 c088d6b4 005280ea 005280eb 00000000 0000005f
1fc0: 005280e4 004f9511 00517830 00000000 00000000 005169a0 00517240 005169a0
1fe0: 00000001 bed595c0 bed595e0 b6f2e9bc 20000010 ffffffff 00000000 00000000
[<c086f270>] (_test_and_set_bit) from [<c0155b78>] (queue_work_on+0x28/0x74)
[<c0155b78>] (queue_work_on) from [<c0544e6c>] (cursor_timer_handler+0x20/0x44)
[<c0544e6c>] (cursor_timer_handler) from [<c01cc78c>] (call_timer_fn+0xbc/0x408)
[<c01cc78c>] (call_timer_fn) from [<c01ccbbc>] (expire_timers+0xe4/0x220)
[<c01ccbbc>] (expire_timers) from [<c01ccd94>] (run_timer_softirq+0x9c/0x1a4)
[<c01ccd94>] (run_timer_softirq) from [<c0101714>] (__do_softirq+0x13c/0x5b8)
[<c0101714>] (__do_softirq) from [<c013fa6c>] (irq_exit+0x14c/0x1a8)
[<c013fa6c>] (irq_exit) from [<c01adf54>] (__handle_domain_irq+0x6c/0xe0)
[<c01adf54>] (__handle_domain_irq) from [<c0101574>] (gic_handle_irq+0x58/0xb8)
[<c0101574>] (gic_handle_irq) from [<c088d6b4>] (__irq_usr+0x54/0x80)
Exception stack(0xedc21fb0 to 0xedc21ff8)
1fa0:                                     005280ea 005280eb 00000000 0000005f
1fc0: 005280e4 004f9511 00517830 00000000 00000000 005169a0 00517240 005169a0
1fe0: 00000001 bed595c0 bed595e0 b6f2e9bc 20000010 ffffffff
Code: e1a002a0 e0811100 e1a03312 ee070fba (e1912f9f)

^ permalink raw reply	[flat|nested] 3+ messages in thread
* Re: Regression in Linux next-20171113 with fbdev timer conversion
  2017-11-13 17:07 ` Regression in Linux next-20171113 with fbdev timer conversion Tony Lindgren
@ 2017-11-13 17:24   ` Bartlomiej Zolnierkiewicz
  2017-11-13 18:48     ` Tony Lindgren
  0 siblings, 1 reply; 3+ messages in thread
From: Bartlomiej Zolnierkiewicz @ 2017-11-13 17:24 UTC (permalink / raw)
  To: Tony Lindgren
  Cc: Kees Cook, Tomi Valkeinen, Daniel Vetter, Stephen Rothwell,
	linux-kernel, dri-devel


On Monday, November 13, 2017 09:07:14 AM Tony Lindgren wrote:
> Hi,

Hi Tony,

> Looks like next-20171113 now has a NULL pointe dereference with commit
> 6c78935777d1 ("video: fbdev: Convert timers to use timer_setup()").
> 
> See the error below, any ideas?

Should be fixed by:

https://marc.info/?l=linux-fbdev&m=151056635200583&w=2

> Regards,
> 
> Tony
> 
> 8< ------------------
> Unable to handle kernel NULL pointer dereference at virtual address 00000214
> pgd = edfe4000
> [00000214] *pgd=00000000
> Internal error: Oops: 5 [#1] SMP ARM
> ...
> CPU: 1 PID: 920 Comm: openrc-run.sh Not tainted 4.14.0-next-20171113+ #1911
> Hardware name: Generic OMAP4 (Flattened Device Tree)
> task: ed922000 task.stack: edc20000
> PC is at _test_and_set_bit+0x20/0x48
> LR is at queue_work_on+0x28/0x74
> pc : [<c086f270>]    lr : [<c0155b78>]    psr: 60000193
> sp : edc21e38  ip : 00000000  fp : c0d09168
> r10: edb686bc  r9 : 00000001  r8 : c0544e4c
> r7 : ee80f000  r6 : 00000002  r5 : 00000214  r4 : 20000113
> r3 : 00000001  r2 : 00000001  r1 : 00000214  r0 : 00000000
> Flags: nZCv  IRQs off  FIQs on  Mode SVC_32  ISA ARM  Segment none
> Control: 10c5387d  Table: adfe404a  DAC: 00000051
> Process openrc-run.sh (pid: 920, stack limit = 0xedc20218)
> Stack: (0xedc21e38 to 0xedc22000)
> 1e20:                                                       edb686bc edb686bc
> 1e40: c0dc8588 00000100 c0544e4c c0544e6c c0dc7239 c01cc78c 00000001 00000000
> 1e60: c01cc6d0 00000000 00000000 00000000 00000001 c1505b74 c124c5f8 00000000
> 1e80: c0adfb54 00000000 c0544e4c edb686bc c0544e4c ef6b3700 edc20000 edc21ed8
> 1ea0: c0dc8588 c0d09168 edb686bc c01ccbbc ffff8fee 00000001 edc21ed8 c0d05d00
> 1ec0: ef6b3700 c0d0957c 00000100 c0dc8128 00000282 c01ccd94 00000000 c0d4675c
> 1ee0: 60000113 c0dc7132 c0d09168 c019f718 ffffe000 ffffffff c0d03084 edc20000
> 1f00: 00000001 c0dc7132 c0d09168 c0101714 c0d8821c c0dc720a 00000002 0000000a
> 1f20: ffff8fee 00400000 00000001 00000002 00000000 ffffe000 00000000 c0d0957c
> 1f40: 00000000 00000001 ee80d400 fa240100 c0d09854 c013fa6c c0c79160 c01adf54
> 1f60: fa24010c 000003eb 000003ff 00000000 edc21fb0 c0d88738 fa240100 c0101574
> 1f80: 00000006 fa241100 edc20000 b6f2e9bc 20000010 ffffffff 10c5387d 10c5387d
> 1fa0: 005169a0 00517240 005169a0 c088d6b4 005280ea 005280eb 00000000 0000005f
> 1fc0: 005280e4 004f9511 00517830 00000000 00000000 005169a0 00517240 005169a0
> 1fe0: 00000001 bed595c0 bed595e0 b6f2e9bc 20000010 ffffffff 00000000 00000000
> [<c086f270>] (_test_and_set_bit) from [<c0155b78>] (queue_work_on+0x28/0x74)
> [<c0155b78>] (queue_work_on) from [<c0544e6c>] (cursor_timer_handler+0x20/0x44)
> [<c0544e6c>] (cursor_timer_handler) from [<c01cc78c>] (call_timer_fn+0xbc/0x408)
> [<c01cc78c>] (call_timer_fn) from [<c01ccbbc>] (expire_timers+0xe4/0x220)
> [<c01ccbbc>] (expire_timers) from [<c01ccd94>] (run_timer_softirq+0x9c/0x1a4)
> [<c01ccd94>] (run_timer_softirq) from [<c0101714>] (__do_softirq+0x13c/0x5b8)
> [<c0101714>] (__do_softirq) from [<c013fa6c>] (irq_exit+0x14c/0x1a8)
> [<c013fa6c>] (irq_exit) from [<c01adf54>] (__handle_domain_irq+0x6c/0xe0)
> [<c01adf54>] (__handle_domain_irq) from [<c0101574>] (gic_handle_irq+0x58/0xb8)
> [<c0101574>] (gic_handle_irq) from [<c088d6b4>] (__irq_usr+0x54/0x80)
> Exception stack(0xedc21fb0 to 0xedc21ff8)
> 1fa0:                                     005280ea 005280eb 00000000 0000005f
> 1fc0: 005280e4 004f9511 00517830 00000000 00000000 005169a0 00517240 005169a0
> 1fe0: 00000001 bed595c0 bed595e0 b6f2e9bc 20000010 ffffffff
> Code: e1a002a0 e0811100 e1a03312 ee070fba (e1912f9f)

Best regards,
--
Bartlomiej Zolnierkiewicz
Samsung R&D Institute Poland
Samsung Electronics

^ permalink raw reply	[flat|nested] 3+ messages in thread
* Re: Regression in Linux next-20171113 with fbdev timer conversion
  2017-11-13 17:24   ` Bartlomiej Zolnierkiewicz
@ 2017-11-13 18:48     ` Tony Lindgren
  0 siblings, 0 replies; 3+ messages in thread
From: Tony Lindgren @ 2017-11-13 18:48 UTC (permalink / raw)
  To: Bartlomiej Zolnierkiewicz
  Cc: Kees Cook, Tomi Valkeinen, Daniel Vetter, Stephen Rothwell,
	linux-kernel, dri-devel

* Bartlomiej Zolnierkiewicz <b.zolnierkie@samsung.com> [171113 17:26]:
> 
> On Monday, November 13, 2017 09:07:14 AM Tony Lindgren wrote:
> > Hi,
> 
> Hi Tony,
> 
> > Looks like next-20171113 now has a NULL pointe dereference with commit
> > 6c78935777d1 ("video: fbdev: Convert timers to use timer_setup()").
> > 
> > See the error below, any ideas?
> 
> Should be fixed by:
> 
> https://marc.info/?l=linux-fbdev&m=151056635200583&w=2

OK thanks, yeah that works for me.

Regards,

Tony

^ permalink raw reply	[flat|nested] 3+ messages in thread
end of thread, other threads:[~2017-11-13 18:48 UTC | newest]

Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
     [not found] <CGME20171113170720epcas2p3737aa011465d2d56d10cef18dcefed7a@epcas2p3.samsung.com>
2017-11-13 17:07 ` Regression in Linux next-20171113 with fbdev timer conversion Tony Lindgren
2017-11-13 17:24   ` Bartlomiej Zolnierkiewicz
2017-11-13 18:48     ` Tony Lindgren

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).