Bug 61470 - mga driver dereferences null pointer
Summary: mga driver dereferences null pointer
Alias: None
Product: Red Hat Linux
Classification: Retired
Component: kernel (Show other bugs)
(Show other bugs)
Version: 7.1
Hardware: i686 Linux
Target Milestone: ---
Assignee: Arjan van de Ven
QA Contact: Brian Brock
Depends On:
TreeView+ depends on / blocked
Reported: 2002-03-20 04:49 UTC by Need Real Name
Modified: 2008-08-01 16:22 UTC (History)
0 users

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2004-09-30 15:39:27 UTC
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

Description Need Real Name 2002-03-20 04:49:46 UTC
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:0.9.8) Gecko/20020212

Description of problem:
While running the bubble3d program, the kernel mga driver dereferenced a null
pointer and crashed.  The kernel traceback is included in the "Additional
Information" section.

Version-Release number of selected component (if applicable):

How reproducible:

Steps to Reproduce:
1.Run X11 4.1 on a Matrox G450 with DRI enabled and 2 screens.  xinerama is
2.Run bubble3d screen saver.
3.After a random time (typically 3-7 days), the crash will occur.

Additional info:

Unable to handle kernel NULL pointer dereference at virtual address 00000004
 printing eip:
*pde = 00000000
Oops: 0002
Kernel 2.4.9-31
CPU:    0
EIP:    0010:[3c59x:__insmod_3c59x_S.bss_L40+822500/107766540]    Tainted: P 
EIP:    0010:[<e09c6444>]    Tainted: P 
EFLAGS: 00010293
EIP is at mga_freelist_put [mga] 0x74 
eax: db285de0   ebx: dbef3aa0   ecx: db285740   edx: 00000000
esi: de80d7a0   edi: 00000001   ebp: de008000   esp: c7dd7f0c
ds: 0018   es: 0018   ss: 0018
Process bubble3d (pid: 528, stackpage=c7dd7000)
Stack: de80d7a0 00000001 e09c7e66 de008000 db280f70 f8448000 e091f898 dbef3aa0 
       dbef3aa0 db280f70 c7dd7f5c de80d7a0 e09c87ad de008000 db280f70 de008800 
       de008000 00000034 00000c60 00000001 00000000 de008000 cfd3b7a0 bfffedf0 
Call Trace: [3c59x:__insmod_3c59x_S.bss_L40+829190/107759850] mga_dma_buffers
[mga] 0x1136 
Call Trace: [<e09c7e66>] mga_dma_buffers [mga] 0x1136 
[3c59x:__insmod_3c59x_S.bss_L40+831565/107757475] mga_dma_vertex [mga] 0x18d 
[<e09c87ad>] mga_dma_vertex [mga] 0x18d 
[3c59x:__insmod_3c59x_S.bss_L40+806308/107782732] mga_ioctl [mga] 0xe4 
[<e09c2504>] mga_ioctl [mga] 0xe4 
[sys_ioctl+535/560] sys_ioctl [kernel] 0x217 
[<c0143c87>] sys_ioctl [kernel] 0x217 
[system_call+51/56] system_call [kernel] 0x33 
[<c0106f3b>] system_call [kernel] 0x33 

Code: 89 42 04 89 48 04 89 10 5b 31 c0 5e c3 eb 0d 90 90 90 90 90

Comment 1 Bugzilla owner 2004-09-30 15:39:27 UTC
Thanks for the bug report. However, Red Hat no longer maintains this version of
the product. Please upgrade to the latest version and open a new bug if the problem

The Fedora Legacy project (http://fedoralegacy.org/) maintains some older releases, 
and if you believe this bug is interesting to them, please report the problem in
the bug tracker at: http://bugzilla.fedora.us/

Note You need to log in before you can comment on or make changes to this bug.