[Bug 30645] New: Kernel NULL pointer crash when viewing big images in Firefox on Radeon XPress 200M
bugzilla-daemon at freedesktop.org
bugzilla-daemon at freedesktop.org
Wed Oct 6 03:08:01 PDT 2010
https://bugs.freedesktop.org/show_bug.cgi?id=30645
Summary: Kernel NULL pointer crash when viewing big images in
Firefox on Radeon XPress 200M
Product: xorg
Version: unspecified
Platform: x86-64 (AMD64)
OS/Version: Linux (All)
Status: NEW
Severity: normal
Priority: medium
Component: Driver/Radeon
AssignedTo: xorg-driver-ati at lists.x.org
ReportedBy: matthijs at stdin.nl
QAContact: xorg-team at lists.x.org
Created an attachment (id=39215)
--> (https://bugs.freedesktop.org/attachment.cgi?id=39215)
Xorg.log
Since a while, I've been suffering kernel NULL pointer crashes, resulting in a
locked up console (e.g., the X display freezes and input devices become
unresponsive). The machine is usually still up and running otherwise, I can
access it through SSH still (though at least once networking seems to have
broken as well).
This issue occurs deterministically when viewing certain images in Firefox. So
far I've found two images that trigger this bug, both of which are very big
thousands of pixels both ways). I suspect that image size is the only criterium
here, but I haven't done structured testing to verify that.
The bug happens as soon as a big part of the image has been loaded (or perhaps
when loading is complete, not sure about that). When I press Firefox' stop
button halfway through loading the image, nothing breaks and I can view the
partial image without problems.
I'm not 100% sure if this is a radeon driver bug, this might be kernel related
as well. I'm using 2.6.35.2, self-compiled with KMS enabled. Radeon driver is
version 1:6.13.1-2 from Debian.
One example of such a big image that breaks for me is:
http://xkcd.com/802_large/
I've attached my Xorg.log, though I don't think it shows any entries relevant
to the crash itself.
The crash log from dmesg is as follows:
[140972.373244] [TTM] Failed to find memory space for buffer 0xffff88000bc1f048
eviction.
[140972.373251] [TTM] No space for ffff88000bc1f048 (10713 pages, 42852K, 41M)
[140972.373255] [TTM] placement[0]=0x00070002 (1)
[140972.373257] [TTM] has_type: 1
[140972.373259] [TTM] use_type: 1
[140972.373260] [TTM] flags: 0x0000000A
[140972.373262] [TTM] gpu_offset: 0x60000000
[140972.373264] [TTM] size: 8192
[140972.373266] [TTM] available_caching: 0x00070000
[140972.373269] [TTM] default_caching: 0x00010000
[140972.373272] [TTM] 0x00000000-0x00000100: 256: used
[140972.373276] [TTM] 0x00000100-0x00000101: 1: used
[140972.373278] [TTM] 0x00000101-0x00000201: 256: used
[140972.373282] [TTM] 0x00000201-0x00002000: 7679: free
[140972.373284] [TTM] total: 8192, used 513 free 7679
[140972.373293] [TTM] Failed to find memory space for buffer 0xffff88000bc1f048
eviction.
[140972.373296] [TTM] No space for ffff88000bc1f048 (10713 pages, 42852K, 41M)
[140972.373299] [TTM] placement[0]=0x00070002 (1)
[140972.373301] [TTM] has_type: 1
[140972.373303] [TTM] use_type: 1
[140972.373304] [TTM] flags: 0x0000000A
[140972.373306] [TTM] gpu_offset: 0x60000000
[140972.373308] [TTM] size: 8192
[140972.373310] [TTM] available_caching: 0x00070000
[140972.373312] [TTM] default_caching: 0x00010000
[140972.373315] [TTM] 0x00000000-0x00000100: 256: used
[140972.373318] [TTM] 0x00000100-0x00000101: 1: used
[140972.373321] [TTM] 0x00000101-0x00000201: 256: used
[140972.373324] [TTM] 0x00000201-0x00002000: 7679: free
[140972.373327] [TTM] total: 8192, used 513 free 7679
[140972.373349] BUG: unable to handle kernel NULL pointer dereference at
0000000000000008
[140972.373353] IP: [<ffffffff8123ece8>] radeon_ttm_bo_destroy+0x38/0xc0
[140972.373363] PGD 5857d067 PUD 5934d067 PMD 0
[140972.373367] Oops: 0002 [#1]
[140972.373370] last sysfs file:
/sys/devices/LNXSYSTM:00/LNXSYBUS:00/PNP0A03:00/device:04/PNP0C09:00/PNP0C0A:00/power_supply/BAT1/charge_full
[140972.373374] CPU 0
[140972.373376] Modules linked in: rt2500pci rt2x00pci rt2x00lib mac80211 loop
usblp pl2303 usbserial usb_storage cpufreq_ondemand 8139too mii af_packet
cpufreq_powersave vboxnetadp vboxnetflt vboxdrv sco bnep rfcomm l2cap crc16
ipv6 fuse dm_snapshot snd_atiixp snd_atiixp_modem snd_ac97_codec snd_usb_audio
ac97_bus snd_pcm_oss snd_mixer_oss snd_pcm snd_hwdep snd_usbmidi_lib
snd_seq_midi snd_seq_midi_event pcmcia snd_seq snd_rawmidi btusb snd_timer
snd_seq_device bluetooth wacom yenta_socket cfg80211 snd pcmcia_rsrc msi_laptop
rtc_cmos eeprom_93cx6 rfkill pcmcia_core psmouse rtc_core serio_raw soundcore
snd_page_alloc rtc_lib evdev usbhid hid sdhci_pci sg sdhci ohci_hcd ehci_hcd
sr_mod usbcore mmc_core sd_mod cdrom unix [last unloaded: mac80211]
[140972.373428]
[140972.373432] Pid: 16612, comm: Xorg Tainted: G A 2.6.35.2 #1
/MS-1013
[140972.373435] RIP: 0010:[<ffffffff8123ece8>] [<ffffffff8123ece8>]
radeon_ttm_bo_destroy+0x38/0xc0
[140972.373441] RSP: 0018:ffff880058565b08 EFLAGS: 00010296
[140972.373444] RAX: ffff88000590f600 RBX: ffff88000590f600 RCX:
0000000000000000
[140972.373447] RDX: 0000000000000000 RSI: ffffffff8120a110 RDI:
ffff88005b9a4de8
[140972.373450] RBP: ffff880058565b28 R08: 0000000000000000 R09:
ffff88000bfaf6c0
[140972.373453] R10: 0000000000000006 R11: 0000000000000001 R12:
ffff88000590f648
[140972.373456] R13: ffff88005b9a44e8 R14: ffff88005b9a4850 R15:
00000000029d9000
[140972.373460] FS: 00007f4429211700(0000) GS:ffffffff8161b000(0000)
knlGS:00000000f6227920
[140972.373463] CS: 0010 DS: 0000 ES: 0000 CR0: 000000008005003b
[140972.373466] CR2: 0000000000000008 CR3: 000000005a34a000 CR4:
00000000000006f0
[140972.373469] DR0: 0000000000000000 DR1: 0000000000000000 DR2:
0000000000000000
[140972.373472] DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7:
0000000000000400
[140972.373475] Process Xorg (pid: 16612, threadinfo ffff880058564000, task
ffff8800133bf840)
[140972.373478] Stack:
[140972.373480] 0000000000000001 ffff88000590f648 ffff88000590f68c
ffff88005b9a44e8
[140972.373484] <0> ffff880058565b58 ffffffff8120a1a9 ffff880058565b58
ffff88000590f68c
[140972.373488] <0> ffffffff8120a110 0000000000000001 ffff880058565b78
ffffffff81165d16
[140972.373493] Call Trace:
[140972.373501] [<ffffffff8120a1a9>] ttm_bo_release_list+0x99/0xf0
[140972.373506] [<ffffffff8120a110>] ? ttm_bo_release_list+0x0/0xf0
[140972.373511] [<ffffffff81165d16>] kref_put+0x36/0x70
[140972.373516] [<ffffffff8120c810>] ? ttm_bo_release+0x0/0x70
[140972.373520] [<ffffffff8120c86f>] ttm_bo_release+0x5f/0x70
[140972.373524] [<ffffffff81165d16>] kref_put+0x36/0x70
[140972.373528] [<ffffffff81209efe>] ttm_bo_unref+0x1e/0x20
[140972.373533] [<ffffffff8120c698>] ttm_bo_init+0x2e8/0x330
[140972.373537] [<ffffffff8123ebca>] radeon_bo_create+0x12a/0x210
[140972.373542] [<ffffffff8123ecb0>] ? radeon_ttm_bo_destroy+0x0/0xc0
[140972.373547] [<ffffffff81252853>] radeon_gem_object_create+0x83/0xf0
[140972.373552] [<ffffffff8125290f>] radeon_gem_create_ioctl+0x4f/0xd0
[140972.373557] [<ffffffff811f5d02>] drm_ioctl+0x2c2/0x430
[140972.373561] [<ffffffff812528c0>] ? radeon_gem_create_ioctl+0x0/0xd0
[140972.373567] [<ffffffff810bb618>] vfs_ioctl+0x18/0x70
[140972.373572] [<ffffffff810bb7bd>] do_vfs_ioctl+0x7d/0x550
[140972.373577] [<ffffffff81048723>] ? hrtimer_start+0x13/0x20
[140972.373583] [<ffffffff810ae7de>] ? vfs_read+0xfe/0x160
[140972.373587] [<ffffffff810bbcda>] sys_ioctl+0x4a/0x80
[140972.373593] [<ffffffff81002ba8>] system_call_fastpath+0x16/0x1b
[140972.373595] Code: 8d 5f b8 4c 89 65 f0 4c 89 6d f8 49 89 fc 48 8b bb d0 01
00 00 48 81 c7 e8 0d 00 00 e8 c2 64 14 00 49 8b 54 24 b8 49 8b 44 24 c0 <48> 89
42 08 48 89 10 49 89 5c 24 b8 49 89 5c 24 c0 48 8b bb d0
[140972.373624] RIP [<ffffffff8123ece8>] radeon_ttm_bo_destroy+0x38/0xc0
[140972.373629] RSP <ffff880058565b08>
[140972.373630] CR2: 0000000000000008
[140972.373634] ---[ end trace cfaa865bb3d2703d ]---
--
Configure bugmail: https://bugs.freedesktop.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
More information about the xorg-driver-ati
mailing list