761562 – Oops: BUG: unable to handle kernel NULL pointer dereference at 0000000000000038, preceded by several 'WARNING: at lib/list_debug.c:53 __list_del_entry+0xa1/0xd0()'

Bug 761562 - Oops: BUG: unable to handle kernel NULL pointer dereference at 0000000000000038, preceded by several 'WARNING: at lib/list_debug.c:53 __list_del_entry+0xa1/0xd0()'

Summary: Oops: BUG: unable to handle kernel NULL pointer dereference at 00000000000000...

Keywords:
Status:	CLOSED EOL
Alias:	None
Product:	Fedora
Classification:	Fedora
Component:	xorg-x11-drv-intel
Sub Component:
Version:	19
Hardware:	Unspecified
OS:	Unspecified
Priority:	unspecified
Severity:	unspecified
Target Milestone:	---
Assignee:	Adam Jackson
QA Contact:	Fedora Extras Quality Assurance
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2011-12-08 15:46 UTC by Tom London
Modified:	2015-02-17 14:00 UTC (History)
CC List:	8 users (show)
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed:	2015-02-17 14:00:16 UTC
Type:	---
Embargoed:
Dependent Products:

Attachments	(Terms of Use)
/var/log/messages showing Oops/BUG and WARNINGs (1.14 MB, text/plain) 2011-12-08 15:46 UTC, Tom London	no flags	Details
View All

Description Tom London 2011-12-08 15:46:15 UTC

Created attachment 542612 [details]
/var/log/messages showing Oops/BUG and WARNINGs

Description of problem:
I got a hard 'graphical freeze'.

I happened to be 'inotail -f /var/log/messages' at the time, and I saw kernel spew, with this as the last message:

Dec  8 07:29:10 tlondon kernel: [ 3557.702059] BUG: unable to handle kernel NULL pointer dereference at 0000000000000038
Dec  8 07:29:10 tlondon kernel: [ 3557.702126] IP: [<ffffffffa002dc72>] drm_mm_scan_add_block+0x12/0x120 [drm]
Dec  8 07:29:10 tlondon kernel: [ 3557.702192] PGD 11645d067 PUD 114d8f067 PMD 0 
Dec  8 07:29:10 tlondon kernel: [ 3557.702234] Oops: 0000 [#1] SMP 
Dec  8 07:29:10 tlondon kernel: [ 3557.702265] CPU 1 
Dec  8 07:29:10 tlondon kernel: [ 3557.702282] Modules linked in: fuse ip6table_filter ip6_tables ebtable_nat ebtables ipt_MASQUERADE iptable_nat nf_nat nf_conntrack_ipv4 nf_defrag_ipv4 xt_state nf_conntrack xt_CHECKSUM iptable_mangle lp parport tun bridge stp llc usblp arc4 uvcvideo snd_hda_codec_conexant snd_usb_audio snd_hda_intel snd_hda_codec videodev snd_usbmidi_lib iwlwifi(O) media v4l2_compat_ioctl32 snd_rawmidi snd_hwdep snd_seq_device microcode i2c_i801 snd_pcm btusb snd_timer mac80211(O) iTCO_wdt bluetooth cfg80211(O) thinkpad_acpi iTCO_vendor_support snd snd_page_alloc rfkill virtio_net soundcore kvm_intel kvm e1000e uinput wmi i915 drm_kms_helper drm i2c_algo_bit i2c_core video [last unloaded: scsi_wait_scan]
Dec  8 07:29:10 tlondon kernel: [ 3557.702888] 
Dec  8 07:29:10 tlondon kernel: [ 3557.702902] Pid: 1041, comm: Xorg Tainted: G        W  O 3.2.0-0.rc4.git5.1.fc17.x86_64 #1 LENOVO 74585FU/74585FU
Dec  8 07:29:10 tlondon kernel: [ 3557.702977] RIP: 0010:[<ffffffffa002dc72>]  [<ffffffffa002dc72>] drm_mm_scan_add_block+0x12/0x120 [drm]
Dec  8 07:29:10 tlondon kernel: [ 3557.703007] RSP: 0018:ffff880114d4da48  EFLAGS: 00010296
Dec  8 07:29:10 tlondon kernel: [ 3557.703007] RAX: 0000000000000006 RBX: ffff88012c997b10 RCX: 0000000006261000
Dec  8 07:29:10 tlondon kernel: [ 3557.703007] RDX: ffff88008445c760 RSI: ffff880114d4dad8 RDI: 0000000000000000
Dec  8 07:29:10 tlondon kernel: [ 3557.703007] RBP: ffff880114d4da68 R08: ffff88008445c760 R09: 0000000000800000
Dec  8 07:29:10 tlondon kernel: [ 3557.703007] R10: 0000000000001000 R11: 0000000011079000 R12: ffff880114d4dad8
Dec  8 07:29:10 tlondon kernel: [ 3557.703007] R13: ffff88012c997b10 R14: ffff88012b165ce0 R15: 0000000000001000
Dec  8 07:29:10 tlondon kernel: [ 3557.703007] FS:  00007f63bd26a880(0000) GS:ffff880137000000(0000) knlGS:0000000000000000
Dec  8 07:29:10 tlondon kernel: [ 3557.703007] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
Dec  8 07:29:10 tlondon kernel: [ 3557.703007] CR2: 0000000000000038 CR3: 000000012ca01000 CR4: 00000000000006e0
Dec  8 07:29:10 tlondon kernel: [ 3557.703007] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
Dec  8 07:29:10 tlondon kernel: [ 3557.703007] DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000400
Dec  8 07:29:10 tlondon kernel: [ 3557.703007] Process Xorg (pid: 1041, threadinfo ffff880114d4c000, task ffff880115cca470)
Dec  8 07:29:10 tlondon kernel: [ 3557.703007] Stack:
Dec  8 07:29:10 tlondon kernel: [ 3557.703007]  0000000000000018 ffff88012c997b10 ffff880114d4dad8 ffff88012c997b10
Dec  8 07:29:10 tlondon kernel: [ 3557.703007]  ffff880114d4da88 ffffffffa008c634 0000000000800000 ffff88012b164290
Dec  8 07:29:10 tlondon kernel: [ 3557.703007]  ffff880114d4db18 ffffffffa008c752 ffff880091e1d000 0000000000000000
Dec  8 07:29:10 tlondon kernel: [ 3557.703007] Call Trace:
Dec  8 07:29:10 tlondon kernel: [ 3557.703007]  [<ffffffffa008c634>] mark_free+0x34/0x40 [i915]
Dec  8 07:29:10 tlondon kernel: [ 3557.703007]  [<ffffffffa008c752>] i915_gem_evict_something+0x112/0x4c0 [i915]
Dec  8 07:29:10 tlondon kernel: [ 3557.703007]  [<ffffffffa008566d>] i915_gem_object_bind_to_gtt+0x2ed/0x6d0 [i915]
Dec  8 07:29:10 tlondon kernel: [ 3557.703007]  [<ffffffffa002e157>] ? drm_mm_put_block+0x47/0x70 [drm]
Dec  8 07:29:10 tlondon kernel: [ 3557.703007]  [<ffffffffa0089d7f>] i915_gem_object_pin+0x14f/0x1a0 [i915]
Dec  8 07:29:10 tlondon kernel: [ 3557.703007]  [<ffffffffa0089e60>] i915_gem_object_pin_to_display_plane+0x90/0x300 [i915]
Dec  8 07:29:10 tlondon kernel: [ 3557.703007]  [<ffffffff810c027d>] ? trace_hardirqs_on+0xd/0x10
Dec  8 07:29:10 tlondon kernel: [ 3557.703007]  [<ffffffffa009a5fd>] intel_pin_and_fence_fb_obj+0x6d/0x120 [i915]
Dec  8 07:29:10 tlondon kernel: [ 3557.703007]  [<ffffffffa009a960>] intel_gen4_queue_flip+0x40/0x120 [i915]
Dec  8 07:29:10 tlondon kernel: [ 3557.703007]  [<ffffffffa009a3ff>] intel_crtc_page_flip+0x1ef/0x380 [i915]
Dec  8 07:29:10 tlondon kernel: [ 3557.703007]  [<ffffffffa0032d79>] drm_mode_page_flip_ioctl+0x179/0x220 [drm]
Dec  8 07:29:10 tlondon kernel: [ 3557.703007]  [<ffffffffa00225a4>] drm_ioctl+0x444/0x510 [drm]
Dec  8 07:29:10 tlondon kernel: [ 3557.703007]  [<ffffffffa0032c00>] ? drm_mode_gamma_get_ioctl+0x120/0x120 [drm]
Dec  8 07:29:10 tlondon kernel: [ 3557.703007]  [<ffffffff812ac0c2>] ? inode_has_perm+0x62/0xa0
Dec  8 07:29:10 tlondon kernel: [ 3557.703007]  [<ffffffff812ae07c>] ? file_has_perm+0xdc/0xf0
Dec  8 07:29:10 tlondon kernel: [ 3557.703007]  [<ffffffff811c0948>] do_vfs_ioctl+0x98/0x570
Dec  8 07:29:10 tlondon kernel: [ 3557.703007]  [<ffffffff811c0eb1>] sys_ioctl+0x91/0xa0
Dec  8 07:29:10 tlondon kernel: [ 3557.703007]  [<ffffffff81682082>] system_call_fastpath+0x16/0x1b
Dec  8 07:29:10 tlondon kernel: [ 3557.703007] Code: 4c 89 4d c8 e8 66 de 63 e1 4c 8b 4d c8 4d 01 cc eb c4 0f 1f 80 00 00 00 00 55 48 89 e5 41 55 41 54 53 48 83 ec 08 66 66 66 66 90 <48> 8b 5f 38 49 89 fc 83 83 cc 00 00 00 01 0f b6 57 20 f6 c2 02
Dec  8 07:29:10 tlondon kernel: [ 3557.703007] RIP  [<ffffffffa002dc72>] drm_mm_scan_add_block+0x12/0x120 [drm]
Dec  8 07:29:10 tlondon kernel: [ 3557.703007]  RSP <ffff880114d4da48>
Dec  8 07:29:10 tlondon kernel: [ 3557.703007] CR2: 0000000000000038

Rebooting and looking at /var/log/messages, I see several of these preceding this Oops:

Dec  8 07:29:07 tlondon kernel: [ 3554.489340] ------------[ cut here ]------------
Dec  8 07:29:07 tlondon kernel: [ 3554.489349] WARNING: at lib/list_debug.c:53 __list_del_entry+0xa1/0xd0()
Dec  8 07:29:07 tlondon kernel: [ 3554.489351] Hardware name: 74585FU
Dec  8 07:29:07 tlondon kernel: [ 3554.489353] list_del corruption. prev->next should be ffff8800971df1e8, but was ffff8800971dc0b0
Dec  8 07:29:07 tlondon kernel: [ 3554.489355] Modules linked in: fuse ip6table_filter ip6_tables ebtable_nat ebtables ipt_MASQUERADE iptable_nat nf_nat nf_conntrack_ipv4 nf_defrag_ipv4 xt_state nf_conntrack xt_CHECKSUM iptable_mangle lp parport tun bridge stp llc usblp arc4 uvcvideo snd_hda_codec_conexant snd_usb_audio snd_hda_intel snd_hda_codec videodev snd_usbmidi_lib iwlwifi(O) media v4l2_compat_ioctl32 snd_rawmidi snd_hwdep snd_seq_device microcode i2c_i801 snd_pcm btusb snd_timer mac80211(O) iTCO_wdt bluetooth cfg80211(O) thinkpad_acpi iTCO_vendor_support snd snd_page_alloc rfkill virtio_net soundcore kvm_intel kvm e1000e uinput wmi i915 drm_kms_helper drm i2c_algo_bit i2c_core video [last unloaded: scsi_wait_scan]
Dec  8 07:29:07 tlondon kernel: [ 3554.489405] Pid: 1041, comm: Xorg Tainted: G        W  O 3.2.0-0.rc4.git5.1.fc17.x86_64 #1
Dec  8 07:29:07 tlondon kernel: [ 3554.489408] Call Trace:
Dec  8 07:29:07 tlondon kernel: [ 3554.489412]  [<ffffffff8107ceef>] warn_slowpath_common+0x7f/0xc0
Dec  8 07:29:07 tlondon kernel: [ 3554.489416]  [<ffffffff8107cfe6>] warn_slowpath_fmt+0x46/0x50
Dec  8 07:29:07 tlondon kernel: [ 3554.489419]  [<ffffffff81318d31>] __list_del_entry+0xa1/0xd0
Dec  8 07:29:07 tlondon kernel: [ 3554.489435]  [<ffffffffa00899ba>] i915_gem_fault+0xda/0x350 [i915]
Dec  8 07:29:07 tlondon kernel: [ 3554.489439]  [<ffffffff81169baf>] __do_fault+0x6f/0x4f0
Dec  8 07:29:07 tlondon kernel: [ 3554.489442]  [<ffffffff8116c740>] handle_pte_fault+0x90/0xa10
Dec  8 07:29:07 tlondon kernel: [ 3554.489446]  [<ffffffff811a2c3e>] ? mem_cgroup_count_vm_event+0x1e/0x140
Dec  8 07:29:07 tlondon kernel: [ 3554.489449]  [<ffffffff8116d468>] handle_mm_fault+0x1e8/0x2f0
Dec  8 07:29:07 tlondon kernel: [ 3554.489454]  [<ffffffff8167d4e0>] do_page_fault+0x170/0x590
Dec  8 07:29:07 tlondon kernel: [ 3554.489458]  [<ffffffff813126dd>] ? trace_hardirqs_off_thunk+0x3a/0x3c
Dec  8 07:29:07 tlondon kernel: [ 3554.489461]  [<ffffffff81679e35>] page_fault+0x25/0x30
Dec  8 07:29:07 tlondon kernel: [ 3554.489463] ---[ end trace 694b3e52cba566ad ]---
Dec  8 07:29:10 tlondon kernel: [ 3557.585062] ------------[ cut here ]------------

I attach the complete /var/log/messages for this session.

Version-Release number of selected component (if applicable):
kernel-3.2.0-0.rc4.git5.1.fc17.x86_64

How reproducible:
Don't know

Steps to Reproduce:
1.
2.
3.
  
Actual results:


Expected results:


Additional info:

Comment 1 Derek Linz 2011-12-09 20:32:21 UTC

kernel-3.2.0-0.rc4.git5.1.fc17.x86_64

Identical sequence of warnings/bugs for me.


 sudo fgrep -e lib/list_debug.c /var/log/messages  
Dec  9 02:51:22 studio kernel: [  795.707746] WARNING: at lib/list_debug.c:30 __list_add+0x8f/0xa0()
Dec  9 02:52:05 studio kernel: [  837.965600] WARNING: at lib/list_debug.c:53 __list_del_entry+0xa1/0xd0()
Dec  9 08:24:40 studio kernel: [19288.492270] WARNING: at lib/list_debug.c:30 __list_add+0x8f/0xa0()
Dec  9 14:29:57 studio kernel: [13995.920816] WARNING: at lib/list_debug.c:30 __list_add+0x8f/0xa0()
Dec  9 14:29:58 studio kernel: [13997.345846] WARNING: at lib/list_debug.c:53 __list_del_entry+0xa1/0xd0()


sudo fgrep -e dereference /var/log/messages  -A 3

Dec  9 02:52:36 studio kernel: [  869.258488] BUG: unable to handle kernel NULL pointer dereference at 00000000000000cc
Dec  9 02:52:36 studio kernel: [  869.258546] IP: [<ffffffffa0030c79>] drm_mm_scan_add_block+0x19/0x120 [drm]
Dec  9 02:52:36 studio kernel: [  869.258600] PGD 11996e067 PUD 11a5a2067 PMD 0 
Dec  9 02:52:36 studio kernel: [  869.258635] Oops: 0002 [#1] SMP 
--
Dec  9 14:30:21 studio kernel: [14019.633242] BUG: unable to handle kernel NULL pointer dereference at 00000000000000cc
Dec  9 14:30:21 studio kernel: [14019.634019] IP: [<ffffffffa0030c79>] drm_mm_scan_add_block+0x19/0x120 [drm]
Dec  9 14:30:21 studio kernel: [14019.634019] PGD 118cd8067 PUD 11d1c6067 PMD 0 
Dec  9 14:30:21 studio kernel: [14019.634019] Oops: 0002 [#1] SMP

Comment 2 Fedora End Of Life 2013-04-03 13:33:18 UTC

This bug appears to have been reported against 'rawhide' during the Fedora 19 development cycle.
Changing version to '19'.

(As we did not run this process for some time, it could affect also pre-Fedora 19 development
cycle bugs. We are very sorry. It will help us with cleanup during Fedora 19 End Of Life. Thank you.)

More information and reason for this action is here:
https://fedoraproject.org/wiki/BugZappers/HouseKeeping/Fedora19

Comment 3 Fedora End Of Life 2015-01-09 16:54:20 UTC

This message is a notice that Fedora 19 is now at end of life. Fedora 
has stopped maintaining and issuing updates for Fedora 19. It is 
Fedora's policy to close all bug reports from releases that are no 
longer maintained. Approximately 4 (four) weeks from now this bug will
be closed as EOL if it remains open with a Fedora 'version' of '19'.

Package Maintainer: If you wish for this bug to remain open because you
plan to fix it in a currently maintained version, simply change the 'version' 
to a later Fedora version.

Thank you for reporting this issue and we are sorry that we were not 
able to fix it before Fedora 19 is end of life. If you would still like 
to see this bug fixed and are able to reproduce it against a later version 
of Fedora, you are encouraged  change the 'version' to a later Fedora 
version prior this bug is closed as described in the policy above.

Although we aim to fix as many bugs as possible during every release's 
lifetime, sometimes those efforts are overtaken by events. Often a 
more recent Fedora release includes newer upstream software that fixes 
bugs or makes them obsolete.

Comment 4 Fedora End Of Life 2015-02-17 14:00:16 UTC

Fedora 19 changed to end-of-life (EOL) status on 2015-01-06. Fedora 19 is
no longer maintained, which means that it will not receive any further
security or bug fix updates. As a result we are closing this bug.

If you can reproduce this bug against a currently maintained version of
Fedora please feel free to reopen this bug against that version. If you
are unable to reopen this bug, please file a new report against the
current release. If you experience problems, please add a comment to this
bug.

Thank you for reporting this bug and we are sorry it could not be fixed.

Note You need to log in before you can comment on or make changes to this bug.