61470 – mga driver dereferences null pointer

Bug 61470 - mga driver dereferences null pointer

Summary: mga driver dereferences null pointer

Keywords:
Status:	CLOSED CURRENTRELEASE
Alias:	None
Product:	Red Hat Linux
Classification:	Retired
Component:	kernel
Sub Component:
Version:	7.1
Hardware:	i686
OS:	Linux
Priority:	medium
Severity:	high
Target Milestone:	---
Assignee:	Arjan van de Ven
QA Contact:	Brian Brock
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2002-03-20 04:49 UTC by Need Real Name
Modified:	2008-08-01 16:22 UTC (History)
CC List:	0 users
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed:	2004-09-30 15:39:27 UTC
Embargoed:

Attachments	(Terms of Use)

Description Need Real Name 2002-03-20 04:49:46 UTC

From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:0.9.8) Gecko/20020212

Description of problem:
While running the bubble3d program, the kernel mga driver dereferenced a null
pointer and crashed.  The kernel traceback is included in the "Additional
Information" section.

Version-Release number of selected component (if applicable):
2.4.9-31

How reproducible:
Sometimes

Steps to Reproduce:
1.Run X11 4.1 on a Matrox G450 with DRI enabled and 2 screens.  xinerama is
  disabled.
2.Run bubble3d screen saver.
3.After a random time (typically 3-7 days), the crash will occur.
	

Additional info:

Unable to handle kernel NULL pointer dereference at virtual address 00000004
 printing eip:
e09c6444
*pde = 00000000
Oops: 0002
Kernel 2.4.9-31
CPU:    0
EIP:    0010:[3c59x:__insmod_3c59x_S.bss_L40+822500/107766540]    Tainted: P 
EIP:    0010:[<e09c6444>]    Tainted: P 
EFLAGS: 00010293
EIP is at mga_freelist_put [mga] 0x74 
eax: db285de0   ebx: dbef3aa0   ecx: db285740   edx: 00000000
esi: de80d7a0   edi: 00000001   ebp: de008000   esp: c7dd7f0c
ds: 0018   es: 0018   ss: 0018
Process bubble3d (pid: 528, stackpage=c7dd7000)
Stack: de80d7a0 00000001 e09c7e66 de008000 db280f70 f8448000 e091f898 dbef3aa0 
       dbef3aa0 db280f70 c7dd7f5c de80d7a0 e09c87ad de008000 db280f70 de008800 
       de008000 00000034 00000c60 00000001 00000000 de008000 cfd3b7a0 bfffedf0 
Call Trace: [3c59x:__insmod_3c59x_S.bss_L40+829190/107759850] mga_dma_buffers
[mga] 0x1136 
Call Trace: [<e09c7e66>] mga_dma_buffers [mga] 0x1136 
[3c59x:__insmod_3c59x_S.bss_L40+831565/107757475] mga_dma_vertex [mga] 0x18d 
[<e09c87ad>] mga_dma_vertex [mga] 0x18d 
[3c59x:__insmod_3c59x_S.bss_L40+806308/107782732] mga_ioctl [mga] 0xe4 
[<e09c2504>] mga_ioctl [mga] 0xe4 
[sys_ioctl+535/560] sys_ioctl [kernel] 0x217 
[<c0143c87>] sys_ioctl [kernel] 0x217 
[system_call+51/56] system_call [kernel] 0x33 
[<c0106f3b>] system_call [kernel] 0x33 


Code: 89 42 04 89 48 04 89 10 5b 31 c0 5e c3 eb 0d 90 90 90 90 90

Comment 1 Bugzilla owner 2004-09-30 15:39:27 UTC

Thanks for the bug report. However, Red Hat no longer maintains this version of
the product. Please upgrade to the latest version and open a new bug if the problem
persists.

The Fedora Legacy project (http://fedoralegacy.org/) maintains some older releases, 
and if you believe this bug is interesting to them, please report the problem in
the bug tracker at: http://bugzilla.fedora.us/

Note You need to log in before you can comment on or make changes to this bug.