lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Date:	Mon, 4 May 2015 17:53:09 +0200
From:	Mikael Pettersson <mikpelinux@...il.com>
To:	linux-kernel@...r.kernel.org
Cc:	Alex Deucher <alexander.deucher@....com>
Subject: [REGRESSION,BISECTED] 4.1-rc2 radeon audio changes oops the kernel hard

On my Ivy Bridge i7 mobo w/ Radeon graphics, the 4.1-rc2 kernel oopses hard,
requiring a hard reset:

BUG: unable to handle kernel NULL pointer dereference at 0000000000000010
IP: [<ffffffffa03d0e1b>] radeon_audio_detect+0x5b/0x150 [radeon]
PGD 0 
Oops: 0000 [#1] SMP 
Modules linked in: af_packet snd_hda_codec_generic snd_hda_intel snd_hda_controller snd_hda_codec snd_hwdep snd_hda_core snd_seq snd_seq_device snd_pcm radeon cfbfillrect cfbimgblt cfbcopyarea i2c_algo_bit backlight r8169 mii coretemp snd_timer drm_kms_helper ttm snd drm i2c_core xhci_pci xhci_hcd soundcore evdev firmware_class hwmon hid_generic usbhid hid ehci_pci ehci_hcd sr_mod cdrom usbcore usb_common ipv6
CPU: 0 PID: 163 Comm: kworker/0:2 Not tainted 4.1.0-rc2 #1
Hardware name: System manufacturer System Product Name/P8Z77-V LE PLUS, BIOS 0403 05/08/2012
Workqueue: events output_poll_execute [drm_kms_helper]
task: ffff8806012b1590 ti: ffff880037960000 task.ti: ffff880037960000
RIP: 0010:[<ffffffffa03d0e1b>]  [<ffffffffa03d0e1b>] radeon_audio_detect+0x5b/0x150 [radeon]
RSP: 0018:ffff880037963c78  EFLAGS: 00010246
RAX: ffff880600c92da0 RBX: ffff880600cbb000 RCX: 0000000000000001
RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffff880037a3f600
RBP: ffff880600c92da0 R08: 0000000000000001 R09: 0000000000000050
R10: 0000000000000001 R11: ffff880603001a80 R12: 0000000000000001
R13: ffff880600c924e0 R14: ffff880601f84000 R15: 0000000000000001
FS:  0000000000000000(0000) GS:ffff88061ec00000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000000000000010 CR3: 0000000001478000 CR4: 00000000001407f0
Stack:
 ffff880600cbb000 0000000000000001 0000000000000001 ffff880601f84000
 ffffffffa03e7d70 ffffffffa03157ea ffff880601f84000 0000000000000002
 ffff880600baa200 ffff880600cbb050 ffff880600cbb000 ffff880600e33800
Call Trace:
 [<ffffffffa03157ea>] ? radeon_dvi_detect+0x35a/0x4d0 [radeon]
 [<ffffffffa0262b06>] ? drm_helper_probe_single_connector_modes_merge_bits+0x2e6/0x490 [drm_kms_helper]
 [<ffffffffa026bde8>] ? drm_fb_helper_probe_connector_modes.isra.5+0x48/0x70 [drm_kms_helper]
 [<ffffffffa026cf55>] ? drm_fb_helper_hotplug_event+0x55/0xe0 [drm_kms_helper]
 [<ffffffffa026267c>] ? output_poll_execute+0x7c/0x1a0 [drm_kms_helper]
 [<ffffffff81050680>] ? process_one_work+0x130/0x360
 [<ffffffff81050cb4>] ? worker_thread+0x114/0x460
 [<ffffffff8134c02d>] ? __schedule+0x20d/0x660
 [<ffffffff81050ba0>] ? rescuer_thread+0x2f0/0x2f0
 [<ffffffff81054e4c>] ? kthread+0xbc/0xe0
 [<ffffffff81054d90>] ? kthread_create_on_node+0x170/0x170
 [<ffffffff8134f9e2>] ? ret_from_fork+0x42/0x70
 [<ffffffff81054d90>] ? kthread_create_on_node+0x170/0x170
Code: 8b 45 00 4c 8b ad 58 01 00 00 4c 8b 70 28 49 8b 85 00 01 00 00 48 85 c0 74 30 41 83 fc 01 74 38 48 8b 70 10 49 8b 96 c8 24 00 00 <48> 8b 4a 10 48 85 c9 74 0e 31 d2 4c 89 f7 ff d1 49 8b 85 00 01 
RIP  [<ffffffffa03d0e1b>] radeon_audio_detect+0x5b/0x150 [radeon]
 RSP <ffff880037963c78>
CR2: 0000000000000010
---[ end trace 5b99e3870bfc7a92 ]---
BUG: unable to handle kernel paging request at ffffffffffffffd8
IP: [<ffffffff810552d7>] kthread_data+0x7/0x10
PGD 1479067 PUD 147b067 PMD 0 
Oops: 0000 [#2] SMP 
Modules linked in: af_packet snd_hda_codec_generic snd_hda_intel snd_hda_controller snd_hda_codec snd_hwdep snd_hda_core snd_seq snd_seq_device snd_pcm radeon cfbfillrect cfbimgblt cfbcopyarea i2c_algo_bit backlight r8169 mii coretemp snd_timer drm_kms_helper ttm snd drm i2c_core xhci_pci xhci_hcd soundcore evdev firmware_class hwmon hid_generic usbhid hid ehci_pci ehci_hcd sr_mod cdrom usbcore usb_common ipv6
CPU: 0 PID: 163 Comm: kworker/0:2 Tainted: G      D         4.1.0-rc2 #1
Hardware name: System manufacturer System Product Name/P8Z77-V LE PLUS, BIOS 0403 05/08/2012
task: ffff8806012b1590 ti: ffff880037960000 task.ti: ffff880037960000
RIP: 0010:[<ffffffff810552d7>]  [<ffffffff810552d7>] kthread_data+0x7/0x10
RSP: 0018:ffff880037963a60  EFLAGS: 00010002
RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000073c2bc6e
RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffff8806012b1590
RBP: ffff8806012b1590 R08: 0000000000000001 R09: 0000000000000001
R10: ffffea001804b800 R11: 000000000000001a R12: ffff8806012b1980
R13: 0000000000000000 R14: 0000000000014300 R15: 0000000000000000
FS:  0000000000000000(0000) GS:ffff88061ec00000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000000000000028 CR3: 0000000001478000 CR4: 00000000001407f0
Stack:
 ffffffff81051068 ffff88061ec14300 ffffffff8134c203 0000000000000000
 ffff880037964000 ffff8806012b1878 ffff880037963af8 0000000000000000
 ffff880603188000 ffff8806012b1590 ffffffff8134c4aa ffff8800379637d8
Call Trace:
 [<ffffffff81051068>] ? wq_worker_sleeping+0x8/0x90
 [<ffffffff8134c203>] ? __schedule+0x3e3/0x660
 [<ffffffff8134c4aa>] ? schedule+0x2a/0x80
 [<ffffffff8103eb7e>] ? do_exit+0x61e/0xa20
 [<ffffffff810059f6>] ? oops_end+0x66/0xa0
 [<ffffffff813487df>] ? no_context+0x236/0x286
 [<ffffffff81350bbf>] ? page_fault+0x1f/0x30
 [<ffffffffa03d0e1b>] ? radeon_audio_detect+0x5b/0x150 [radeon]
 [<ffffffffa03d0ea2>] ? radeon_audio_detect+0xe2/0x150 [radeon]
 [<ffffffffa03157ea>] ? radeon_dvi_detect+0x35a/0x4d0 [radeon]
 [<ffffffffa0262b06>] ? drm_helper_probe_single_connector_modes_merge_bits+0x2e6/0x490 [drm_kms_helper]
 [<ffffffffa026bde8>] ? drm_fb_helper_probe_connector_modes.isra.5+0x48/0x70 [drm_kms_helper]
 [<ffffffffa026cf55>] ? drm_fb_helper_hotplug_event+0x55/0xe0 [drm_kms_helper]
 [<ffffffffa026267c>] ? output_poll_execute+0x7c/0x1a0 [drm_kms_helper]
 [<ffffffff81050680>] ? process_one_work+0x130/0x360
 [<ffffffff81050cb4>] ? worker_thread+0x114/0x460
 [<ffffffff8134c02d>] ? __schedule+0x20d/0x660
 [<ffffffff81050ba0>] ? rescuer_thread+0x2f0/0x2f0
 [<ffffffff81054e4c>] ? kthread+0xbc/0xe0
 [<ffffffff81054d90>] ? kthread_create_on_node+0x170/0x170
 [<ffffffff8134f9e2>] ? ret_from_fork+0x42/0x70
 [<ffffffff81054d90>] ? kthread_create_on_node+0x170/0x170
Code: 00 00 00 00 65 48 8b 04 25 00 a9 00 00 48 8b 80 98 03 00 00 48 8b 40 c8 48 c1 e8 02 83 e0 01 c3 0f 1f 40 00 48 8b 87 98 03 00 00 <48> 8b 40 d8 c3 0f 1f 40 00 48 83 ec 18 ba 08 00 00 00 48 c7 44 
RIP  [<ffffffff810552d7>] kthread_data+0x7/0x10
 RSP <ffff880037963a60>
CR2: ffffffffffffffd8
---[ end trace 5b99e3870bfc7a93 ]---
Fixing recursive fault but reboot is needed!

The 4.1-rc1 and earlier kernels were fine.

git bisect identified the following as the first bad commit:

0f55db36d49d45b80eff0c0a2a498766016f458b is the first bad commit
commit 0f55db36d49d45b80eff0c0a2a498766016f458b
Author: Alex Deucher <alexander.deucher@....com>
Date:   Tue Apr 7 09:52:42 2015 -0400

    drm/radeon: only mark audio as connected if the monitor supports it (v3)
    
    Otherwise the driver may try and send audio which may confuse the
    monitor.
    
    v2: set pin to NULL if no audio
    v3: avoid crash with analog encoders
    
    Signed-off-by: Alex Deucher <alexander.deucher@....com>
    Cc: stable@...r.kernel.org

:040000 040000 7fe69b07a9ec74f8116f034d186bacce80dbf4f4 e27f98a4a15d2f30baf3ea92420112874b0b1c34 M      drivers

The graphics card is:

01:00.0 VGA compatible controller: Advanced Micro Devices, Inc. [AMD/ATI] RV370 [Radeon X300/X550/X1050 Series]
01:00.1 Display controller: Advanced Micro Devices, Inc. [AMD/ATI] RV370 [Radeon X300/X550/X1050 Series] (Secondary)

and the monitor is some Dell 24" model w/o audio.

My .config has

CONFIG_DRM=m
CONFIG_DRM_KMS_HELPER=m
CONFIG_DRM_KMS_FB_HELPER=y
CONFIG_DRM_RADEON=m
# CONFIG_DRM_RADEON_USERPTR is not set
# CONFIG_DRM_RADEON_UMS is not set
# CONFIG_FB_RADEON is not set

(Full .config available upon request.)

/Mikael
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ