In the error path, we have to be ready to handle an error before either the state or restore_state have been allocated. [ 397.001342] BUG: unable to handle kernel NULL pointer dereference at (null) [ 397.001419] IP: [<ffffffffa04347b4>] intel_get_load_detect_pipe+0xe4/0x610 [i915] [ 397.001502] PGD 136a2a067 [ 397.001523] PUD 134b5f067 [ 397.001546] PMD 0 [ 397.001569] Oops: 0002 [#1] PREEMPT SMP [ 397.001599] Modules linked in: snd_hda_intel i915 cdc_ncm usbnet mii x86_pkg_temp_thermal intel_powerclamp coretemp crct10dif_pclmul crc32_pclmul ghash_clmulni_intel snd_hda_codec_hdmi snd_hda_codec_realtek snd_hda_codec_generic snd_hda_codec snd_hwdep snd_hda_core snd_pcm lpc_ich mei_me mei sdhci_pci sdhci mmc_core e1000e ptp pps_core [last unloaded: i915] [ 397.001902] CPU: 1 PID: 9287 Comm: kms_force_conne Tainted: G U 4.9.0-rc1-CI-CI_DRM_1730+ #1 [ 397.001965] Hardware name: LENOVO 2356GCG/2356GCG, BIOS G7ET31WW (1.13 ) 07/02/2012 [ 397.002017] task: ffff880138c38040 task.stack: ffffc900083e4000 [ 397.002057] RIP: 0010:[<ffffffffa04347b4>] [<ffffffffa04347b4>] intel_get_load_detect_pipe+0xe4/0x610 [i915] [ 397.002153] RSP: 0018:ffffc900083e7ae8 EFLAGS: 00010286 [ 397.002191] RAX: 00000000ffffffdd RBX: ffffc900083e7bc8 RCX: 0000000000000006 [ 397.002239] RDX: 0000000000000006 RSI: ffff880138c388b8 RDI: ffffc900083e79e0 [ 397.002287] RBP: ffffc900083e7b78 R08: 0000000000000000 R09: 0000000000000000 [ 397.002335] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 [ 397.002386] R13: ffff8801305e1158 R14: 00000000ffffffdd R15: 0000000000000000 [ 397.002434] FS: 00007fea1b03c740(0000) GS:ffff88013e240000(0000) knlGS:0000000000000000 [ 397.002488] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 397.002528] CR2: 0000000000000000 CR3: 00000001361da000 CR4: 00000000001406e0 [ 397.002576] Stack: [ 397.002592] ffff88013046f180 0000000000000000 ffffc900083e7bc0 0000000000000000 [ 397.002655] 0000000000000000 ffff8801306bd038 ffff88012e980000 ffffc90000000001 [ 397.002718] ffffc90000000000 ffff880136b8ca88 ffff88012e980890 ffff88012e980540 [ 397.002780] Call Trace: [ 397.002828] [<ffffffffa044e8c4>] intel_crt_detect+0x3c4/0x8f0 [i915] [ 397.002876] [<ffffffff810e37fa>] ? vprintk_default+0x1a/0x20 [ 397.002918] [<ffffffff8116eb68>] ? printk+0x43/0x4b [ 397.002956] [<ffffffff81546b06>] drm_helper_probe_single_connector_modes+0x406/0x4f0 [ 397.003014] [<ffffffff81819c09>] ? mutex_unlock+0x9/0x10 [ 397.003054] [<ffffffff815723dc>] drm_mode_getconnector+0x33c/0x3c0 [ 397.003099] [<ffffffff810ed59d>] ? debug_lockdep_rcu_enabled+0x1d/0x20 [ 397.003147] [<ffffffff811a6bae>] ? __might_fault+0x3e/0x90 [ 397.003191] [<ffffffff8155aaf6>] drm_ioctl+0x1f6/0x480 [ 397.003231] [<ffffffff815720a0>] ? drm_mode_connector_property_set_ioctl+0x30/0x30 [ 397.003285] [<ffffffff8120308e>] do_vfs_ioctl+0x8e/0x690 [ 397.003324] [<ffffffff810a102c>] ? task_work_run+0x8c/0xb0 [ 397.003366] [<ffffffff810d6d92>] ? trace_hardirqs_on_caller+0x122/0x1b0 [ 397.003412] [<ffffffff812036cc>] SyS_ioctl+0x3c/0x70 [ 397.003451] [<ffffffff8181df2e>] entry_SYSCALL_64_fastpath+0x1c/0xb1 [ 397.003496] Code: 85 c0 41 89 c6 75 57 49 8b 85 f0 00 00 00 48 89 de 45 31 ff 48 8d 78 20 e8 1a 89 13 e1 45 31 c9 85 c0 41 89 c6 0f 84 2f 01 00 00 <f0> 41 83 29 01 74 53 f0 41 83 2f 01 74 2d 41 83 fe dd 75 35 48 [ 397.003837] RIP [<ffffffffa04347b4>] intel_get_load_detect_pipe+0xe4/0x610 [i915] [ 397.003921] RSP <ffffc900083e7ae8> [ 397.003947] CR2: 0000000000000000 Testcase: igt/kms_force_connector_basic/force-load-detect # ivb-3720m Fixes: 0853695c3ba4 ("drm: Add reference counting to drm_atomic_state" Signed-off-by: Chris Wilson <chris@xxxxxxxxxxxxxxxxxx> --- drivers/gpu/drm/i915/intel_display.c | 11 ++++++++--- 1 file changed, 8 insertions(+), 3 deletions(-) diff --git a/drivers/gpu/drm/i915/intel_display.c b/drivers/gpu/drm/i915/intel_display.c index 69b9e91f071e..e64a7edd5e60 100644 --- a/drivers/gpu/drm/i915/intel_display.c +++ b/drivers/gpu/drm/i915/intel_display.c @@ -11283,9 +11283,14 @@ bool intel_get_load_detect_pipe(struct drm_connector *connector, return true; fail: - drm_atomic_state_put(state); - drm_atomic_state_put(restore_state); - restore_state = state = NULL; + if (state) { + drm_atomic_state_put(state); + state = NULL; + } + if (restore_state) { + drm_atomic_state_put(restore_state); + restore_state = NULL; + } if (ret == -EDEADLK) { drm_modeset_backoff(ctx); -- 2.9.3 _______________________________________________ Intel-gfx mailing list Intel-gfx@xxxxxxxxxxxxxxxxxxxxx https://lists.freedesktop.org/mailman/listinfo/intel-gfx