[Bug 1164078] New: fbcon: BUG: unable to handle page fault
http://bugzilla.suse.com/show_bug.cgi?id=1164078 Bug ID: 1164078 Summary: fbcon: BUG: unable to handle page fault Classification: openSUSE Product: openSUSE Tumbleweed Version: Current Hardware: Other OS: Other Status: NEW Severity: Normal Priority: P5 - None Component: Kernel Assignee: tzimmermann@suse.com Reporter: jslaby@suse.com QA Contact: qa-bugs@suse.de Found By: --- Blocker: --- Created attachment 830439 --> http://bugzilla.suse.com/attachment.cgi?id=830439&action=edit reproducer After running the attached reproducer in qemu, this BUG happens. Decoded stacktrace:
BUG: unable to handle page fault for address: ffff9b7a40a4d000 #PF: supervisor write access in kernel mode #PF: error_code(0x0002) - not-present page PGD 107d4b067 P4D 107d4b067 PUD 107d4c067 PMD 2b2706067 PTE 0 Oops: 0002 [#1] SMP PTI CPU: 3 PID: 2220 Comm: a.out Not tainted 5.5.2-1-default #1 openSUSE Tumbleweed (unreleased) Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.12.0-0-ga698c89-rebuilt.suse.com 04/01/2014 RIP: 0010:bitfill_aligned (/usr/src/debug/kernel-default-5.5.2-1.1.x86_64/linux-5.5/linux-obj/../drivers/video/fbdev/core/sysfillrect.c:54 /usr/src/debug/kernel-default-5.5.2-1.1.x86_64/linux-5.5/linux-obj/../drivers/video/fbdev/core/sysfillrect.c:25) sysfillrect RSP: 0018:ffff9b7a40e439a8 EFLAGS: 00010286 RAX: 0000000000000180 RBX: 0000000000006000 RCX: 0000000000000000 RDX: ffff9b7a40a4dc00 RSI: ffff9b7a40a4d000 RDI: 0000000000000000 RBP: ffffffffffffffff R08: 0000000000000180 R09: 0000000000000040 R10: 0000000000000000 R11: ffffffffffffffff R12: ffff9b7a40a4d000 R13: 0000000000000000 R14: 0000000000006000 R15: 00000000fffffcfe FS: 00007fbdb6f1e700(0000) GS:ffff8a8035cc0000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: ffff9b7a40a4d000 CR3: 00000002a6c88000 CR4: 00000000000006e0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: sys_fillrect (/usr/src/debug/kernel-default-5.5.2-1.1.x86_64/linux-5.5/linux-obj/../drivers/video/fbdev/core/sysfillrect.c:292) sysfillrect drm_fb_helper_sys_fillrect (/usr/src/debug/kernel-default-5.5.2-1.1.x86_64/linux-5.5/linux-obj/../drivers/gpu/drm/drm_fb_helper.c:737) drm_kms_helper bit_clear_margins (/usr/src/debug/kernel-default-5.5.2-1.1.x86_64/linux-5.5/linux-obj/../drivers/video/fbdev/core/bitblit.c:234) fbcon_switch (/usr/src/debug/kernel-default-5.5.2-1.1.x86_64/linux-5.5/linux-obj/../drivers/video/fbdev/core/fbcon.c:2356) redraw_screen (/usr/src/debug/kernel-default-5.5.2-1.1.x86_64/linux-5.5/linux-obj/../drivers/tty/vt/vt.c:998) fbcon_modechanged (/usr/src/debug/kernel-default-5.5.2-1.1.x86_64/linux-5.5/linux-obj/../drivers/video/fbdev/core/fbcon.c:2992) fb_set_var (/usr/src/debug/kernel-default-5.5.2-1.1.x86_64/linux-5.5/linux-obj/../drivers/video/fbdev/core/fbmem.c:1051) do_fb_ioctl (/usr/src/debug/kernel-default-5.5.2-1.1.x86_64/linux-5.5/linux-obj/../drivers/video/fbdev/core/fbmem.c:1105) do_vfs_ioctl (/usr/src/debug/kernel-default-5.5.2-1.1.x86_64/linux-5.5/linux-obj/../fs/ioctl.c:47) ksys_ioctl (/usr/src/debug/kernel-default-5.5.2-1.1.x86_64/linux-5.5/linux-obj/../include/linux/file.h:43) __x64_sys_ioctl (/usr/src/debug/kernel-default-5.5.2-1.1.x86_64/linux-5.5/linux-obj/../fs/ioctl.c:756) do_syscall_64 (/usr/src/debug/kernel-default-5.5.2-1.1.x86_64/linux-5.5/linux-obj/../arch/x86/entry/common.c:294) entry_SYSCALL_64_after_hwframe (/usr/src/debug/kernel-default-5.5.2-1.1.x86_64/linux-5.5/linux-obj/../arch/x86/entry/entry_64.S:177)
The raw report:
BUG: unable to handle page fault for address: ffff9b7a40a4d000 #PF: supervisor write access in kernel mode #PF: error_code(0x0002) - not-present page PGD 107d4b067 P4D 107d4b067 PUD 107d4c067 PMD 2b2706067 PTE 0 Oops: 0002 [#1] SMP PTI CPU: 3 PID: 2220 Comm: a.out Not tainted 5.5.2-1-default #1 openSUSE Tumbleweed (unreleased) Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.12.0-0-ga698c89-rebuilt.suse.com 04/01/2014 RIP: 0010:bitfill_aligned+0x89/0x120 [sysfillrect] Code: 45 85 d2 0f 85 80 00 00 00 44 89 c0 31 d2 41 f7 f1 41 89 c0 83 f8 07 76 3f 8d 50 f8 c1 ea 03 48 83 c2 01 48 c1 e2 06 48 01 f2 <48> 89 3e 48 83 c6 40 48 89 7e c8 48 89 7e d0 48 89 7e d8 48 89 7e RSP: 0018:ffff9b7a40e439a8 EFLAGS: 00010286 RAX: 0000000000000180 RBX: 0000000000006000 RCX: 0000000000000000 RDX: ffff9b7a40a4dc00 RSI: ffff9b7a40a4d000 RDI: 0000000000000000 RBP: ffffffffffffffff R08: 0000000000000180 R09: 0000000000000040 R10: 0000000000000000 R11: ffffffffffffffff R12: ffff9b7a40a4d000 R13: 0000000000000000 R14: 0000000000006000 R15: 00000000fffffcfe FS: 00007fbdb6f1e700(0000) GS:ffff8a8035cc0000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: ffff9b7a40a4d000 CR3: 00000002a6c88000 CR4: 00000000000006e0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: sys_fillrect+0x15e/0x350 [sysfillrect] ? sys_fillrect+0x350/0x350 [sysfillrect] drm_fb_helper_sys_fillrect+0x12/0x30 [drm_kms_helper] bit_clear_margins+0xc0/0xe0 fbcon_switch+0x354/0x5a0 redraw_screen+0xe6/0x250 fbcon_modechanged+0x16a/0x1c0 fb_set_var+0x31e/0x370 do_fb_ioctl+0x142/0x400 ? schedule+0x4a/0xb0 ? _cond_resched+0x15/0x30 ? futex_wait_queue_me+0xc8/0x110 do_vfs_ioctl+0x461/0x6d0 ? do_futex+0x10a/0x1d0 ksys_ioctl+0x5e/0x90 __x64_sys_ioctl+0x16/0x20 do_syscall_64+0x64/0x240 entry_SYSCALL_64_after_hwframe+0x49/0xbe RIP: 0033:0x7fbdb701bf39 Code: 00 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 8b 0d 17 5f 0c 00 f7 d8 64 89 01 48 RSP: 002b:00007fbdb6f1dec8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 RAX: ffffffffffffffda RBX: 0000000000404140 RCX: 00007fbdb701bf39 RDX: 0000000020000000 RSI: 0000000000004601 RDI: 0000000000000004 RBP: 0000000000404148 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 000000000040414c R13: 3062662f7665642f R14: 00007ffde8f77ce0 R15: 00007fbdb6f1dfc0 Modules linked in: af_packet iscsi_ibft iscsi_boot_sysfs rfkill bochs_drm drm_vram_helper drm_ttm_helper ttm drm_kms_helper hid_generic drm ppdev usbhid joydev fb_sys_fops syscopyarea parport_pc sysfillrect sysimgblt virtio_balloon pcspkr i2c_piix4 parport button ata_generic ehci_pci ata_piix uhci_hcd ehci_hcd usbcore serio_raw virtio_net floppy net_failover virtio_scsi failover qemu_fw_cfg sg dm_multipath dm_mod scsi_dh_rdac scsi_dh_emc scsi_dh_alua virtio_rng CR2: ffff9b7a40a4d000 ---[ end trace e9b287790bcc096d ]---
-- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.suse.com/show_bug.cgi?id=1164078
http://bugzilla.suse.com/show_bug.cgi?id=1164078#c1
Jiri Slaby
CPU: 0 PID: 1866 Comm: a.out Not tainted 5.3.18-45.gdf11b11-default #1 SLE15-SP2 (unreleased)
The reproducer comes from: https://lore.kernel.org/lkml/00000000000065b384059d094190@google.com/t/#u Note that I was chasing a vc_do_resize BUG. But instead I am seeing this one. So this might be possibly a dup of bug 1162929, but I don't think it is. -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.suse.com/show_bug.cgi?id=1164078
Jiri Slaby
http://bugzilla.suse.com/show_bug.cgi?id=1164078
http://bugzilla.suse.com/show_bug.cgi?id=1164078#c6
Jiri Slaby
Are you sure that the problem in sys_fillrect is the first error?
It appears so.
I removed the console lock during the ioctl to get more accurate stacktraces. [1] The first error I see is
[ 516.164036] ------------[ cut here ]------------ [ 516.169316] WARNING: CPU: 3 PID: 1641 at drivers/tty/vt/vt.c:3850
That is: WARN_CONSOLE_UNLOCKED(); If you remove the console lock, the vt layer complains about the non-held lock in almost every function :). -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.suse.com/show_bug.cgi?id=1164078
http://bugzilla.suse.com/show_bug.cgi?id=1164078#c10
--- Comment #10 from Swamp Workflow Management
http://bugzilla.suse.com/show_bug.cgi?id=1164078
http://bugzilla.suse.com/show_bug.cgi?id=1164078#c11
--- Comment #11 from Swamp Workflow Management
http://bugzilla.suse.com/show_bug.cgi?id=1164078
http://bugzilla.suse.com/show_bug.cgi?id=1164078#c12
--- Comment #12 from Swamp Workflow Management
http://bugzilla.suse.com/show_bug.cgi?id=1164078
http://bugzilla.suse.com/show_bug.cgi?id=1164078#c13
--- Comment #13 from Swamp Workflow Management
http://bugzilla.suse.com/show_bug.cgi?id=1164078
http://bugzilla.suse.com/show_bug.cgi?id=1164078#c14
--- Comment #14 from Swamp Workflow Management
http://bugzilla.suse.com/show_bug.cgi?id=1164078
http://bugzilla.suse.com/show_bug.cgi?id=1164078#c15
--- Comment #15 from Swamp Workflow Management
http://bugzilla.suse.com/show_bug.cgi?id=1164078
http://bugzilla.suse.com/show_bug.cgi?id=1164078#c16
--- Comment #16 from Swamp Workflow Management
http://bugzilla.suse.com/show_bug.cgi?id=1164078
http://bugzilla.suse.com/show_bug.cgi?id=1164078#c17
--- Comment #17 from Swamp Workflow Management
http://bugzilla.suse.com/show_bug.cgi?id=1164078
http://bugzilla.suse.com/show_bug.cgi?id=1164078#c18
--- Comment #18 from Swamp Workflow Management
http://bugzilla.suse.com/show_bug.cgi?id=1164078
http://bugzilla.suse.com/show_bug.cgi?id=1164078#c19
--- Comment #19 from Swamp Workflow Management
http://bugzilla.suse.com/show_bug.cgi?id=1164078
http://bugzilla.suse.com/show_bug.cgi?id=1164078#c20
--- Comment #20 from Swamp Workflow Management
http://bugzilla.suse.com/show_bug.cgi?id=1164078
http://bugzilla.suse.com/show_bug.cgi?id=1164078#c21
--- Comment #21 from Swamp Workflow Management
http://bugzilla.suse.com/show_bug.cgi?id=1164078
http://bugzilla.suse.com/show_bug.cgi?id=1164078#c22
--- Comment #22 from Swamp Workflow Management
http://bugzilla.suse.com/show_bug.cgi?id=1164078
http://bugzilla.suse.com/show_bug.cgi?id=1164078#c23
--- Comment #23 from Swamp Workflow Management
http://bugzilla.suse.com/show_bug.cgi?id=1164078
http://bugzilla.suse.com/show_bug.cgi?id=1164078#c25
--- Comment #25 from Swamp Workflow Management
https://bugzilla.suse.com/show_bug.cgi?id=1164078
https://bugzilla.suse.com/show_bug.cgi?id=1164078#c26
--- Comment #26 from Swamp Workflow Management
https://bugzilla.suse.com/show_bug.cgi?id=1164078
https://bugzilla.suse.com/show_bug.cgi?id=1164078#c27
--- Comment #27 from Swamp Workflow Management
participants (2)
-
bugzilla_noreply@novell.com
-
bugzilla_noreply@suse.com