lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Date:	Fri, 13 Jan 2012 11:16:07 +0000
From:	"Wouter M. Koolen" <W.M.Koolen-Wijkstra@....nl>
To:	tytso@....edu
CC:	linux-ext4@...r.kernel.org,
	"linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>
Subject: [BUG] NULL deref in  jbd2_journal_grab_journal_head

Dear jbd2 maintainers,

I observed the below BUG a couple of seconds after resuming from ram. I 
include all the fallout, in hope that it may be helpful.

I am using kernel 3.2.1.

Please let me know what other details I could provide.

With kind regards,

Wouter Koolen



BUG: unable to handle kernel NULL pointer dereference at           (null)
IP: [<ffffffffa0069cb4>] jbd2_journal_grab_journal_head+0x14/0x90 [jbd2]
PGD 5df46067 PUD 5df45067 PMD 0
Oops: 0002 [#1] SMP
CPU 0
Modules linked in: aes_x86_64 aes_generic hidp acpi_cpufreq mperf 
cpufreq_stats cpufreq_powersave rfcomm bnep binfmt_misc microcode uinput 
fuse sbs sbshc coretemp i2c_dev loop firewire_sbp2 btusb bluetooth 
snd_hda_codec_realtek arc4 snd_hda_intel snd_hda_codec snd_hwdep b43 
mac80211 cfg80211 hid_apple snd_pcm_oss snd_mixer_oss uvcvideo usbhid 
snd_pcm rfkill videodev rng_core hid appletouch v4l2_compat_ioctl32 
snd_seq snd_timer snd_seq_device firewire_ohci firewire_core ssb snd 
soundcore applesmc sr_mod cdrom uhci_hcd ehci_hcd mmc_core usbcore sky2 
pcspkr crc_itu_t input_polldev usb_common i2c_i801 snd_page_alloc 
battery processor ac evdev apple_bl power_supply ext4 mbcache jbd2 crc16 
sd_mod crc_t10dif ata_piix libata scsi_mod

Pid: 24, comm: kswapd0 Not tainted 3.2.1.git #1 Apple Inc. 
MacBook4,1/Mac-F22788A9
RIP: 0010:[<ffffffffa0069cb4>]  [<ffffffffa0069cb4>] 
jbd2_journal_grab_journal_head+0x14/0x90 [jbd2]
RSP: 0018:ffff8800789d59b0  EFLAGS: 00010202
RAX: ffff8800789d5fd8 RBX: ffff880077706f20 RCX: 4000000000000009
RDX: ffff8800789d5fd8 RSI: ffffea0000afa6b0 RDI: 0000000000000000
RBP: ffff8800789d59b0 R08: ffff880008c77c80 R09: dead000000100100
R10: dead000000200200 R11: 0000000000000000 R12: 0000000000000000
R13: 0000000000000000 R14: ffff8800789d5fd8 R15: ffff8800789d5fd8
FS:  0000000000000000(0000) GS:ffff88007da00000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 000000008005003b
CR2: 0000000000000000 CR3: 0000000060733000 CR4: 00000000000006f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000400
Process kswapd0 (pid: 24, threadinfo ffff8800789d4000, task 
ffff8800789d2140)
Stack:
ffff8800789d5a20 ffffffffa0060088 ffff880008c77cb0 ffffffff810e9285
ffff8800789d5fd8 ffff8800789d5fd8 ffffea0000afa6b0 ffff88000008fdb0
0000000000000000 ffffea0000afa6b0 ffff880077706f20 ffffea0000afa6d0
Call Trace:
[<ffffffffa0060088>] jbd2_journal_try_to_free_buffers+0x68/0x1b0 [jbd2]
[<ffffffff810e9285>] ? __remove_mapping+0xb5/0x150
[<ffffffffa00c8fbd>] ext4_releasepage+0x6d/0x110 [ext4]
[<ffffffff810d8170>] try_to_release_page+0x30/0x50
[<ffffffff810eacc2>] shrink_page_list+0x7c2/0xa00
[<ffffffff810eb33c>] ? shrink_inactive_list+0x19c/0x490
[<ffffffff810eb355>] shrink_inactive_list+0x1b5/0x490
[<ffffffff810eb746>] ? shrink_zone+0x116/0x570
[<ffffffff810ebaa1>] shrink_zone+0x471/0x570
[<ffffffff810ec1f5>] kswapd+0x655/0xa80
[<ffffffff8106db90>] ? __init_waitqueue_head+0x60/0x60
[<ffffffff810ebba0>] ? shrink_zone+0x570/0x570
[<ffffffff8106d282>] kthread+0xa2/0xb0
[<ffffffff81417fd4>] kernel_thread_helper+0x4/0x10
[<ffffffff8106d1e0>] ? __init_kthread_worker+0x70/0x70
[<ffffffff81417fd0>] ? gs_change+0xb/0xb
Code: 8b 5d e8 4c 8b 65 f0 4c 8b 6d f8 c9 c3 48 89 df e8 52 eb 0e e1 eb 
bb 55 65 48 8b 04 25 48 b6 00 00 83 80 44 e0 ff ff 01 48 89 e5 <f0> 0f 
ba 2f 15 19 d2 85 d2 75 34 48 8b 17 31 c0 80 e6 40 74 08
RIP  [<ffffffffa0069cb4>] jbd2_journal_grab_journal_head+0x14/0x90 [jbd2]
RSP <ffff8800789d59b0>
CR2: 0000000000000000
---[ end trace 17338e42d6591a02 ]---
note: kswapd0[24] exited with preempt_count 1
BUG: sleeping function called from invalid context at kernel/rwsem.c:48
in_atomic(): 1, irqs_disabled(): 0, pid: 24, name: kswapd0
INFO: lockdep is turned off.
Pid: 24, comm: kswapd0 Tainted: G      D      3.2.1.git #1
Call Trace:
[<ffffffff810335aa>] __might_sleep+0xda/0x100
[<ffffffff8140f16f>] down_write+0x1f/0x70
[<ffffffff811a47f8>] exit_shm+0x48/0x90
[<ffffffff8104cd0d>] do_exit+0x13d/0x810
[<ffffffff8104aa74>] ? kmsg_dump+0xf4/0x140
[<ffffffff8141159d>] oops_end+0x9d/0xe0
[<ffffffff81407ac3>] no_context+0x1a2/0x1b1
[<ffffffff81407c90>] __bad_area_nosemaphore+0x1be/0x1dd
[<ffffffff811edfc8>] ? debug_check_no_obj_freed+0x88/0x230
[<ffffffff81407cbd>] bad_area_nosemaphore+0xe/0x10
[<ffffffff81413fd7>] do_page_fault+0x3d7/0x4f0
[<ffffffff81124e6e>] ? __delete_object+0x7e/0xc0
[<ffffffff81119afe>] ? poison_obj+0x2e/0x40
[<ffffffff8111aaeb>] ? cache_free_debugcheck+0x13b/0x280
[<ffffffff81410c3f>] page_fault+0x1f/0x30
[<ffffffffa0069cb4>] ? jbd2_journal_grab_journal_head+0x14/0x90 [jbd2]
[<ffffffffa0060088>] jbd2_journal_try_to_free_buffers+0x68/0x1b0 [jbd2]
[<ffffffff810e9285>] ? __remove_mapping+0xb5/0x150
[<ffffffffa00c8fbd>] ext4_releasepage+0x6d/0x110 [ext4]
[<ffffffff810d8170>] try_to_release_page+0x30/0x50
[<ffffffff810eacc2>] shrink_page_list+0x7c2/0xa00
[<ffffffff810eb33c>] ? shrink_inactive_list+0x19c/0x490
[<ffffffff810eb355>] shrink_inactive_list+0x1b5/0x490
[<ffffffff810eb746>] ? shrink_zone+0x116/0x570
[<ffffffff810ebaa1>] shrink_zone+0x471/0x570
[<ffffffff810ec1f5>] kswapd+0x655/0xa80
[<ffffffff8106db90>] ? __init_waitqueue_head+0x60/0x60
[<ffffffff810ebba0>] ? shrink_zone+0x570/0x570
[<ffffffff8106d282>] kthread+0xa2/0xb0
[<ffffffff81417fd4>] kernel_thread_helper+0x4/0x10
[<ffffffff8106d1e0>] ? __init_kthread_worker+0x70/0x70
[<ffffffff81417fd0>] ? gs_change+0xb/0xb
BUG: scheduling while atomic: kswapd0/24/0x10000002
INFO: lockdep is turned off.
Modules linked in: aes_x86_64 aes_generic hidp acpi_cpufreq mperf 
cpufreq_stats cpufreq_powersave rfcomm bnep binfmt_misc microcode uinput 
fuse sbs sbshc coretemp i2c_dev loop firewire_sbp2 btusb bluetooth 
snd_hda_codec_realtek arc4 snd_hda_intel snd_hda_codec snd_hwdep b43 
mac80211 cfg80211 hid_apple snd_pcm_oss snd_mixer_oss uvcvideo usbhid 
snd_pcm rfkill videodev rng_core hid appletouch v4l2_compat_ioctl32 
snd_seq snd_timer snd_seq_device firewire_ohci firewire_core ssb snd 
soundcore applesmc sr_mod cdrom uhci_hcd ehci_hcd mmc_core usbcore sky2 
pcspkr crc_itu_t input_polldev usb_common i2c_i801 snd_page_alloc 
battery processor ac evdev apple_bl power_supply ext4 mbcache jbd2 crc16 
sd_mod crc_t10dif ata_piix libata scsi_mod
Pid: 24, comm: kswapd0 Tainted: G      D      3.2.1.git #1
Call Trace:
[<ffffffff81407fe4>] __schedule_bug+0x60/0x65
[<ffffffff8140d1c1>] __schedule+0x911/0x950
[<ffffffff810059a7>] ? show_trace_log_lvl+0x57/0x70
[<ffffffff810059d0>] ? show_trace+0x10/0x20
[<ffffffff81040175>] __cond_resched+0x25/0x40
[<ffffffff8140d27d>] _cond_resched+0x2d/0x40
[<ffffffff8140f174>] down_write+0x24/0x70
[<ffffffff811a47f8>] exit_shm+0x48/0x90
[<ffffffff8104cd0d>] do_exit+0x13d/0x810
[<ffffffff8104aa74>] ? kmsg_dump+0xf4/0x140
[<ffffffff8141159d>] oops_end+0x9d/0xe0
[<ffffffff81407ac3>] no_context+0x1a2/0x1b1
[<ffffffff81407c90>] __bad_area_nosemaphore+0x1be/0x1dd
[<ffffffff811edfc8>] ? debug_check_no_obj_freed+0x88/0x230
[<ffffffff81407cbd>] bad_area_nosemaphore+0xe/0x10
[<ffffffff81413fd7>] do_page_fault+0x3d7/0x4f0
[<ffffffff81124e6e>] ? __delete_object+0x7e/0xc0
[<ffffffff81119afe>] ? poison_obj+0x2e/0x40
[<ffffffff8111aaeb>] ? cache_free_debugcheck+0x13b/0x280
[<ffffffff81410c3f>] page_fault+0x1f/0x30
[<ffffffffa0069cb4>] ? jbd2_journal_grab_journal_head+0x14/0x90 [jbd2]
[<ffffffffa0060088>] jbd2_journal_try_to_free_buffers+0x68/0x1b0 [jbd2]
[<ffffffff810e9285>] ? __remove_mapping+0xb5/0x150
[<ffffffffa00c8fbd>] ext4_releasepage+0x6d/0x110 [ext4]
[<ffffffff810d8170>] try_to_release_page+0x30/0x50
[<ffffffff810eacc2>] shrink_page_list+0x7c2/0xa00
[<ffffffff810eb33c>] ? shrink_inactive_list+0x19c/0x490
[<ffffffff810eb355>] shrink_inactive_list+0x1b5/0x490
[<ffffffff810eb746>] ? shrink_zone+0x116/0x570
[<ffffffff810ebaa1>] shrink_zone+0x471/0x570
[<ffffffff810ec1f5>] kswapd+0x655/0xa80
[<ffffffff8106db90>] ? __init_waitqueue_head+0x60/0x60
[<ffffffff810ebba0>] ? shrink_zone+0x570/0x570
[<ffffffff8106d282>] kthread+0xa2/0xb0
[<ffffffff81417fd4>] kernel_thread_helper+0x4/0x10
[<ffffffff8106d1e0>] ? __init_kthread_worker+0x70/0x70
[<ffffffff81417fd0>] ? gs_change+0xb/0xb
BUG: unable to handle kernel NULL pointer dereference at           (null)
IP: [<ffffffffa0069cb4>] jbd2_journal_grab_journal_head+0x14/0x90 [jbd2]
PGD 0
Oops: 0002 [#2] SMP
CPU 1
Modules linked in: aes_x86_64 aes_generic hidp acpi_cpufreq mperf 
cpufreq_stats cpufreq_powersave rfcomm bnep binfmt_misc microcode uinput 
fuse sbs sbshc coretemp i2c_dev loop firewire_sbp2 btusb bluetooth 
snd_hda_codec_realtek arc4 snd_hda_intel snd_hda_codec snd_hwdep b43 
mac80211 cfg80211 hid_apple snd_pcm_oss snd_mixer_oss uvcvideo usbhid 
snd_pcm rfkill videodev rng_core hid appletouch v4l2_compat_ioctl32 
snd_seq snd_timer snd_seq_device firewire_ohci firewire_core ssb snd 
soundcore applesmc sr_mod cdrom uhci_hcd ehci_hcd mmc_core usbcore sky2 
pcspkr crc_itu_t input_polldev usb_common i2c_i801 snd_page_alloc 
battery processor ac evdev apple_bl power_supply ext4 mbcache jbd2 crc16 
sd_mod crc_t10dif ata_piix libata scsi_mod

Pid: 1203, comm: Xorg Tainted: G      D      3.2.1.git #1 Apple Inc. 
MacBook4,1/Mac-F22788A9
RIP: 0010:[<ffffffffa0069cb4>]  [<ffffffffa0069cb4>] 
jbd2_journal_grab_journal_head+0x14/0x90 [jbd2]
RSP: 0018:ffff880073b25338  EFLAGS: 00010202
RAX: ffff880073b25fd8 RBX: ffff880077706f20 RCX: 4000000000000009
RDX: ffff880073b25fd8 RSI: ffffea00017e83a8 RDI: 0000000000000000
RBP: ffff880073b25338 R08: ffff880008c77c80 R09: dead000000100100
R10: dead000000200200 R11: 0000000000000001 R12: 0000000000000000
R13: 0000000000000000 R14: ffff880073b25fd8 R15: ffff880073b25fd8
FS:  00007f864a09a880(0000) GS:ffff88007db00000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 000000008005003b
CR2: 0000000000000000 CR3: 0000000073b76000 CR4: 00000000000006e0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000400
Process Xorg (pid: 1203, threadinfo ffff880073b24000, task ffff8800739c80c0)
Stack:
ffff880073b253a8 ffffffffa0060088 0000000000000000 0000000000000046
ffff880073b25fd8 ffff880073b25fd8 ffffea00017e83a8 ffff88000008f2b0
0000000000000000 ffffea00017e83a8 ffff880077706f20 ffffea00017e83c8
Call Trace:
[<ffffffffa0060088>] jbd2_journal_try_to_free_buffers+0x68/0x1b0 [jbd2]
[<ffffffffa00c8fbd>] ext4_releasepage+0x6d/0x110 [ext4]
[<ffffffff810e45e7>] ? pagevec_lru_move_fn+0x77/0xe0
[<ffffffff810d8170>] try_to_release_page+0x30/0x50
[<ffffffff810eacc2>] shrink_page_list+0x7c2/0xa00
[<ffffffff810eb355>] shrink_inactive_list+0x1b5/0x490
[<ffffffff810eb746>] ? shrink_zone+0x116/0x570
[<ffffffff810ebaa1>] shrink_zone+0x471/0x570
[<ffffffff81036cc1>] ? cpuacct_charge+0x21/0xd0
[<ffffffff810779c8>] ? ktime_get_ts+0xa8/0xe0
[<ffffffff810ec9ae>] do_try_to_free_pages+0x38e/0x4c0
[<ffffffff810f3924>] ? __mod_zone_page_state+0x44/0x50
[<ffffffff810ecc46>] try_to_free_pages+0xa6/0x1b0
[<ffffffff810e07bc>] __alloc_pages_nodemask+0x54c/0x860
[<ffffffff810d86b0>] ? add_to_page_cache_lru+0x50/0x50
[<ffffffff811005b3>] ? __vm_enough_memory+0x33/0x190
[<ffffffff810ef0f3>] shmem_getpage_gfp+0x283/0x5a0
[<ffffffff810ef43f>] shmem_read_mapping_page_gfp+0x2f/0x60
[<ffffffff812b546d>] i915_gem_object_bind_to_gtt+0x1dd/0x650
[<ffffffff812c99b5>] ? intel_pipe_set_base+0xa5/0x2f0
[<ffffffff812b913f>] i915_gem_object_pin+0x16f/0x1c0
[<ffffffff812b9210>] i915_gem_object_pin_to_display_plane+0x80/0x1e0
[<ffffffff812c99b5>] ? intel_pipe_set_base+0xa5/0x2f0
[<ffffffff812c9208>] intel_pin_and_fence_fb_obj+0x68/0x120
[<ffffffff812c99c7>] intel_pipe_set_base+0xb7/0x2f0
[<ffffffff811e4804>] ? snprintf+0x34/0x40
[<ffffffff81288443>] ? drm_crtc_helper_set_config+0x143/0xae0
[<ffffffff81288a60>] drm_crtc_helper_set_config+0x760/0xae0
[<ffffffff81299cb1>] ? drm_mode_object_find+0x31/0x80
[<ffffffff8129c0d4>] drm_mode_setcrtc+0x124/0x490
[<ffffffff8140ee59>] ? mutex_unlock+0x9/0x10
[<ffffffff8128d614>] drm_ioctl+0x454/0x530
[<ffffffff81166372>] ? fsnotify+0x82/0x2e0
[<ffffffff8129bfb0>] ? drm_mode_getencoder+0xb0/0xb0
[<ffffffff81166372>] ? fsnotify+0x82/0x2e0
[<ffffffff8113a5f7>] do_vfs_ioctl+0x97/0x600
[<ffffffff811284f0>] ? vfs_write+0x120/0x160
[<ffffffff8113abaa>] sys_ioctl+0x4a/0x80
[<ffffffff81416ebb>] system_call_fastpath+0x16/0x1b
Code: 8b 5d e8 4c 8b 65 f0 4c 8b 6d f8 c9 c3 48 89 df e8 52 eb 0e e1 eb 
bb 55 65 48 8b 04 25 48 b6 00 00 83 80 44 e0 ff ff 01 48 89 e5 <f0> 0f 
ba 2f 15 19 d2 85 d2 75 34 48 8b 17 31 c0 80 e6 40 74 08
RIP  [<ffffffffa0069cb4>] jbd2_journal_grab_journal_head+0x14/0x90 [jbd2]
RSP <ffff880073b25338>
CR2: 0000000000000000
---[ end trace 17338e42d6591a03 ]---
note: Xorg[1203] exited with preempt_count 1
BUG: scheduling while atomic: Xorg/1203/0x10000002
INFO: lockdep is turned off.
Modules linked in: aes_x86_64 aes_generic hidp acpi_cpufreq mperf 
cpufreq_stats cpufreq_powersave rfcomm bnep binfmt_misc microcode uinput 
fuse sbs sbshc coretemp i2c_dev loop firewire_sbp2 btusb bluetooth 
snd_hda_codec_realtek arc4 snd_hda_intel snd_hda_codec snd_hwdep b43 
mac80211 cfg80211 hid_apple snd_pcm_oss snd_mixer_oss uvcvideo usbhid 
snd_pcm rfkill videodev rng_core hid appletouch v4l2_compat_ioctl32 
snd_seq snd_timer snd_seq_device firewire_ohci firewire_core ssb snd 
soundcore applesmc sr_mod cdrom uhci_hcd ehci_hcd mmc_core usbcore sky2 
pcspkr crc_itu_t input_polldev usb_common i2c_i801 snd_page_alloc 
battery processor ac evdev apple_bl power_supply ext4 mbcache jbd2 crc16 
sd_mod crc_t10dif ata_piix libata scsi_mod
Pid: 1203, comm: Xorg Tainted: G      D      3.2.1.git #1
Call Trace:
[<ffffffff81407fe4>] __schedule_bug+0x60/0x65
[<ffffffff8140d1c1>] __schedule+0x911/0x950
[<ffffffff810718ab>] ? lock_hrtimer_base.isra.21+0x2b/0x60
[<ffffffff81040175>] __cond_resched+0x25/0x40
[<ffffffff8140d27d>] _cond_resched+0x2d/0x40
[<ffffffff81087d98>] exit_robust_list+0x68/0x1c0
[<ffffffff8140ffcf>] ? _raw_spin_lock_irqsave+0x4f/0x60
[<ffffffff810718ab>] ? lock_hrtimer_base.isra.21+0x2b/0x60
[<ffffffff810462ff>] mm_release+0x11f/0x130
[<ffffffff8104b131>] exit_mm+0x21/0x130
[<ffffffff8104ccf8>] do_exit+0x128/0x810
[<ffffffff8104aa74>] ? kmsg_dump+0xf4/0x140
[<ffffffff8141159d>] oops_end+0x9d/0xe0
[<ffffffff81407ac3>] no_context+0x1a2/0x1b1
[<ffffffff8108254c>] ? __lock_acquire.isra.26+0x3ec/0xaf0
[<ffffffff81407c90>] __bad_area_nosemaphore+0x1be/0x1dd
[<ffffffff811edfc8>] ? debug_check_no_obj_freed+0x88/0x230
[<ffffffff811edfc8>] ? debug_check_no_obj_freed+0x88/0x230
[<ffffffff81407cbd>] bad_area_nosemaphore+0xe/0x10
[<ffffffff81413fd7>] do_page_fault+0x3d7/0x4f0
[<ffffffff811ee0bf>] ? debug_check_no_obj_freed+0x17f/0x230
[<ffffffff81104fee>] ? __page_check_address+0xde/0x170
[<ffffffff8108254c>] ? __lock_acquire.isra.26+0x3ec/0xaf0
[<ffffffff81410c3f>] page_fault+0x1f/0x30
[<ffffffffa0069cb4>] ? jbd2_journal_grab_journal_head+0x14/0x90 [jbd2]
[<ffffffffa0060088>] jbd2_journal_try_to_free_buffers+0x68/0x1b0 [jbd2]
[<ffffffffa00c8fbd>] ext4_releasepage+0x6d/0x110 [ext4]
[<ffffffff810e45e7>] ? pagevec_lru_move_fn+0x77/0xe0
[<ffffffff810d8170>] try_to_release_page+0x30/0x50
[<ffffffff810eacc2>] shrink_page_list+0x7c2/0xa00
[<ffffffff810eb355>] shrink_inactive_list+0x1b5/0x490
[<ffffffff810eb746>] ? shrink_zone+0x116/0x570
[<ffffffff810ebaa1>] shrink_zone+0x471/0x570
[<ffffffff81036cc1>] ? cpuacct_charge+0x21/0xd0
[<ffffffff810779c8>] ? ktime_get_ts+0xa8/0xe0
[<ffffffff810ec9ae>] do_try_to_free_pages+0x38e/0x4c0
[<ffffffff810f3924>] ? __mod_zone_page_state+0x44/0x50
[<ffffffff810ecc46>] try_to_free_pages+0xa6/0x1b0
[<ffffffff810e07bc>] __alloc_pages_nodemask+0x54c/0x860
[<ffffffff810d86b0>] ? add_to_page_cache_lru+0x50/0x50
[<ffffffff811005b3>] ? __vm_enough_memory+0x33/0x190
[<ffffffff810ef0f3>] shmem_getpage_gfp+0x283/0x5a0
[<ffffffff810ef43f>] shmem_read_mapping_page_gfp+0x2f/0x60
[<ffffffff812b546d>] i915_gem_object_bind_to_gtt+0x1dd/0x650
[<ffffffff812c99b5>] ? intel_pipe_set_base+0xa5/0x2f0
[<ffffffff812b913f>] i915_gem_object_pin+0x16f/0x1c0
[<ffffffff812b9210>] i915_gem_object_pin_to_display_plane+0x80/0x1e0
[<ffffffff812c99b5>] ? intel_pipe_set_base+0xa5/0x2f0
[<ffffffff812c9208>] intel_pin_and_fence_fb_obj+0x68/0x120
[<ffffffff812c99c7>] intel_pipe_set_base+0xb7/0x2f0
[<ffffffff811e4804>] ? snprintf+0x34/0x40
[<ffffffff81288443>] ? drm_crtc_helper_set_config+0x143/0xae0
[<ffffffff81288a60>] drm_crtc_helper_set_config+0x760/0xae0
[<ffffffff81299cb1>] ? drm_mode_object_find+0x31/0x80
[<ffffffff8129c0d4>] drm_mode_setcrtc+0x124/0x490
[<ffffffff8140ee59>] ? mutex_unlock+0x9/0x10
[<ffffffff8128d614>] drm_ioctl+0x454/0x530
[<ffffffff81166372>] ? fsnotify+0x82/0x2e0
[<ffffffff8129bfb0>] ? drm_mode_getencoder+0xb0/0xb0
[<ffffffff81166372>] ? fsnotify+0x82/0x2e0
[<ffffffff8113a5f7>] do_vfs_ioctl+0x97/0x600
[<ffffffff811284f0>] ? vfs_write+0x120/0x160
[<ffffffff8113abaa>] sys_ioctl+0x4a/0x80
[<ffffffff81416ebb>] system_call_fastpath+0x16/0x1b
BUG: scheduling while atomic: Xorg/1203/0x10000002
INFO: lockdep is turned off.
Modules linked in: aes_x86_64 aes_generic hidp acpi_cpufreq mperf 
cpufreq_stats cpufreq_powersave rfcomm bnep binfmt_misc microcode uinput 
fuse sbs sbshc coretemp i2c_dev loop firewire_sbp2 btusb bluetooth 
snd_hda_codec_realtek arc4 snd_hda_intel snd_hda_codec snd_hwdep b43 
mac80211 cfg80211 hid_apple snd_pcm_oss snd_mixer_oss uvcvideo usbhid 
snd_pcm rfkill videodev rng_core hid appletouch v4l2_compat_ioctl32 
snd_seq snd_timer snd_seq_device firewire_ohci firewire_core ssb snd 
soundcore applesmc sr_mod cdrom uhci_hcd ehci_hcd mmc_core usbcore sky2 
pcspkr crc_itu_t input_polldev usb_common i2c_i801 snd_page_alloc 
battery processor ac evdev apple_bl power_supply ext4 mbcache jbd2 crc16 
sd_mod crc_t10dif ata_piix libata scsi_mod
Pid: 1203, comm: Xorg Tainted: G      D      3.2.1.git #1
Call Trace:
[<ffffffff81407fe4>] __schedule_bug+0x60/0x65
[<ffffffff8140d1c1>] __schedule+0x911/0x950
[<ffffffff81040175>] __cond_resched+0x25/0x40
[<ffffffff8140d27d>] _cond_resched+0x2d/0x40
[<ffffffff810fafca>] unmap_vmas+0x4fa/0x7d0
[<ffffffff81102b09>] exit_mmap+0xb9/0x130
[<ffffffff810460b4>] mmput+0x74/0x150
[<ffffffff8104b219>] exit_mm+0x109/0x130
[<ffffffff8104ccf8>] do_exit+0x128/0x810
[<ffffffff8104aa74>] ? kmsg_dump+0xf4/0x140
[<ffffffff8141159d>] oops_end+0x9d/0xe0
[<ffffffff81407ac3>] no_context+0x1a2/0x1b1
[<ffffffff8108254c>] ? __lock_acquire.isra.26+0x3ec/0xaf0
[<ffffffff81407c90>] __bad_area_nosemaphore+0x1be/0x1dd
[<ffffffff811edfc8>] ? debug_check_no_obj_freed+0x88/0x230
[<ffffffff811edfc8>] ? debug_check_no_obj_freed+0x88/0x230
[<ffffffff81407cbd>] bad_area_nosemaphore+0xe/0x10
[<ffffffff81413fd7>] do_page_fault+0x3d7/0x4f0
[<ffffffff811ee0bf>] ? debug_check_no_obj_freed+0x17f/0x230
[<ffffffff81104fee>] ? __page_check_address+0xde/0x170
[<ffffffff8108254c>] ? __lock_acquire.isra.26+0x3ec/0xaf0
[<ffffffff81410c3f>] page_fault+0x1f/0x30
[<ffffffffa0069cb4>] ? jbd2_journal_grab_journal_head+0x14/0x90 [jbd2]
[<ffffffffa0060088>] jbd2_journal_try_to_free_buffers+0x68/0x1b0 [jbd2]
[<ffffffffa00c8fbd>] ext4_releasepage+0x6d/0x110 [ext4]
[<ffffffff810e45e7>] ? pagevec_lru_move_fn+0x77/0xe0
[<ffffffff810d8170>] try_to_release_page+0x30/0x50
[<ffffffff810eacc2>] shrink_page_list+0x7c2/0xa00
[<ffffffff810eb355>] shrink_inactive_list+0x1b5/0x490
[<ffffffff810eb746>] ? shrink_zone+0x116/0x570
[<ffffffff810ebaa1>] shrink_zone+0x471/0x570
[<ffffffff81036cc1>] ? cpuacct_charge+0x21/0xd0
[<ffffffff810779c8>] ? ktime_get_ts+0xa8/0xe0
[<ffffffff810ec9ae>] do_try_to_free_pages+0x38e/0x4c0
[<ffffffff810f3924>] ? __mod_zone_page_state+0x44/0x50
[<ffffffff810ecc46>] try_to_free_pages+0xa6/0x1b0
[<ffffffff810e07bc>] __alloc_pages_nodemask+0x54c/0x860
[<ffffffff810d86b0>] ? add_to_page_cache_lru+0x50/0x50
[<ffffffff811005b3>] ? __vm_enough_memory+0x33/0x190
[<ffffffff810ef0f3>] shmem_getpage_gfp+0x283/0x5a0
[<ffffffff810ef43f>] shmem_read_mapping_page_gfp+0x2f/0x60
[<ffffffff812b546d>] i915_gem_object_bind_to_gtt+0x1dd/0x650
[<ffffffff812c99b5>] ? intel_pipe_set_base+0xa5/0x2f0
[<ffffffff812b913f>] i915_gem_object_pin+0x16f/0x1c0
[<ffffffff812b9210>] i915_gem_object_pin_to_display_plane+0x80/0x1e0
[<ffffffff812c99b5>] ? intel_pipe_set_base+0xa5/0x2f0
[<ffffffff812c9208>] intel_pin_and_fence_fb_obj+0x68/0x120
[<ffffffff812c99c7>] intel_pipe_set_base+0xb7/0x2f0
[<ffffffff811e4804>] ? snprintf+0x34/0x40
[<ffffffff81288443>] ? drm_crtc_helper_set_config+0x143/0xae0
[<ffffffff81288a60>] drm_crtc_helper_set_config+0x760/0xae0
[<ffffffff81299cb1>] ? drm_mode_object_find+0x31/0x80
[<ffffffff8129c0d4>] drm_mode_setcrtc+0x124/0x490
[<ffffffff8140ee59>] ? mutex_unlock+0x9/0x10
[<ffffffff8128d614>] drm_ioctl+0x454/0x530
[<ffffffff81166372>] ? fsnotify+0x82/0x2e0
[<ffffffff8129bfb0>] ? drm_mode_getencoder+0xb0/0xb0
[<ffffffff81166372>] ? fsnotify+0x82/0x2e0
[<ffffffff8113a5f7>] do_vfs_ioctl+0x97/0x600
[<ffffffff811284f0>] ? vfs_write+0x120/0x160
[<ffffffff8113abaa>] sys_ioctl+0x4a/0x80
[<ffffffff81416ebb>] system_call_fastpath+0x16/0x1b
BUG: scheduling while atomic: Xorg/1203/0x00000002
INFO: lockdep is turned off.
Modules linked in: aes_x86_64 aes_generic hidp acpi_cpufreq mperf 
cpufreq_stats cpufreq_powersave rfcomm bnep binfmt_misc microcode uinput 
fuse sbs sbshc coretemp i2c_dev loop firewire_sbp2 btusb bluetooth 
snd_hda_codec_realtek arc4 snd_hda_intel snd_hda_codec snd_hwdep b43 
mac80211 cfg80211 hid_apple snd_pcm_oss snd_mixer_oss uvcvideo usbhid 
snd_pcm rfkill videodev rng_core hid appletouch v4l2_compat_ioctl32 
snd_seq snd_timer snd_seq_device firewire_ohci firewire_core ssb snd 
soundcore applesmc sr_mod cdrom uhci_hcd ehci_hcd mmc_core usbcore sky2 
pcspkr crc_itu_t input_polldev usb_common i2c_i801 snd_page_alloc 
battery processor ac evdev apple_bl power_supply ext4 mbcache jbd2 crc16 
sd_mod crc_t10dif ata_piix libata scsi_mod
Pid: 1203, comm: Xorg Tainted: G      D      3.2.1.git #1
Call Trace:
[<ffffffff81407fe4>] __schedule_bug+0x60/0x65
[<ffffffff8140d1c1>] __schedule+0x911/0x950
[<ffffffff8128eec1>] ? drm_gem_vm_close+0x31/0x70
[<ffffffff8140d4fa>] schedule+0x3a/0x50
[<ffffffff8140e173>] mutex_lock_nested+0x163/0x310
[<ffffffff8128eec1>] ? drm_gem_vm_close+0x31/0x70
[<ffffffff8128eec1>] drm_gem_vm_close+0x31/0x70
[<ffffffff811001a0>] remove_vma+0x40/0x80
[<ffffffff81102b58>] exit_mmap+0x108/0x130
[<ffffffff810460b4>] mmput+0x74/0x150
[<ffffffff8104b219>] exit_mm+0x109/0x130
[<ffffffff8104ccf8>] do_exit+0x128/0x810
[<ffffffff8104aa74>] ? kmsg_dump+0xf4/0x140
[<ffffffff8141159d>] oops_end+0x9d/0xe0
[<ffffffff81407ac3>] no_context+0x1a2/0x1b1
[<ffffffff8108254c>] ? __lock_acquire.isra.26+0x3ec/0xaf0
[<ffffffff81407c90>] __bad_area_nosemaphore+0x1be/0x1dd
[<ffffffff811edfc8>] ? debug_check_no_obj_freed+0x88/0x230
[<ffffffff811edfc8>] ? debug_check_no_obj_freed+0x88/0x230
[<ffffffff81407cbd>] bad_area_nosemaphore+0xe/0x10
[<ffffffff81413fd7>] do_page_fault+0x3d7/0x4f0
[<ffffffff811ee0bf>] ? debug_check_no_obj_freed+0x17f/0x230
[<ffffffff81104fee>] ? __page_check_address+0xde/0x170
[<ffffffff8108254c>] ? __lock_acquire.isra.26+0x3ec/0xaf0
[<ffffffff81410c3f>] page_fault+0x1f/0x30
[<ffffffffa0069cb4>] ? jbd2_journal_grab_journal_head+0x14/0x90 [jbd2]
[<ffffffffa0060088>] jbd2_journal_try_to_free_buffers+0x68/0x1b0 [jbd2]
[<ffffffffa00c8fbd>] ext4_releasepage+0x6d/0x110 [ext4]
[<ffffffff810e45e7>] ? pagevec_lru_move_fn+0x77/0xe0
[<ffffffff810d8170>] try_to_release_page+0x30/0x50
[<ffffffff810eacc2>] shrink_page_list+0x7c2/0xa00
[<ffffffff810eb355>] shrink_inactive_list+0x1b5/0x490
[<ffffffff810eb746>] ? shrink_zone+0x116/0x570
[<ffffffff810ebaa1>] shrink_zone+0x471/0x570
[<ffffffff81036cc1>] ? cpuacct_charge+0x21/0xd0
[<ffffffff810779c8>] ? ktime_get_ts+0xa8/0xe0
[<ffffffff810ec9ae>] do_try_to_free_pages+0x38e/0x4c0
[<ffffffff810f3924>] ? __mod_zone_page_state+0x44/0x50
[<ffffffff810ecc46>] try_to_free_pages+0xa6/0x1b0
[<ffffffff810e07bc>] __alloc_pages_nodemask+0x54c/0x860
[<ffffffff810d86b0>] ? add_to_page_cache_lru+0x50/0x50
[<ffffffff811005b3>] ? __vm_enough_memory+0x33/0x190
[<ffffffff810ef0f3>] shmem_getpage_gfp+0x283/0x5a0
[<ffffffff810ef43f>] shmem_read_mapping_page_gfp+0x2f/0x60
[<ffffffff812b546d>] i915_gem_object_bind_to_gtt+0x1dd/0x650
[<ffffffff812c99b5>] ? intel_pipe_set_base+0xa5/0x2f0
[<ffffffff812b913f>] i915_gem_object_pin+0x16f/0x1c0
[<ffffffff812b9210>] i915_gem_object_pin_to_display_plane+0x80/0x1e0
[<ffffffff812c99b5>] ? intel_pipe_set_base+0xa5/0x2f0
[<ffffffff812c9208>] intel_pin_and_fence_fb_obj+0x68/0x120
[<ffffffff812c99c7>] intel_pipe_set_base+0xb7/0x2f0
[<ffffffff811e4804>] ? snprintf+0x34/0x40
[<ffffffff81288443>] ? drm_crtc_helper_set_config+0x143/0xae0
[<ffffffff81288a60>] drm_crtc_helper_set_config+0x760/0xae0
[<ffffffff81299cb1>] ? drm_mode_object_find+0x31/0x80
[<ffffffff8129c0d4>] drm_mode_setcrtc+0x124/0x490
[<ffffffff8140ee59>] ? mutex_unlock+0x9/0x10
[<ffffffff8128d614>] drm_ioctl+0x454/0x530
[<ffffffff81166372>] ? fsnotify+0x82/0x2e0
[<ffffffff8129bfb0>] ? drm_mode_getencoder+0xb0/0xb0
[<ffffffff81166372>] ? fsnotify+0x82/0x2e0
[<ffffffff8113a5f7>] do_vfs_ioctl+0x97/0x600
[<ffffffff811284f0>] ? vfs_write+0x120/0x160
[<ffffffff8113abaa>] sys_ioctl+0x4a/0x80
[<ffffffff81416ebb>] system_call_fastpath+0x16/0x1b


View attachment "config-3.2.1.git" of type "text/plain" (74535 bytes)

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ