Regression in Linux next-20171113 with fbdev timer conversion

From: Tony Lindgren
Date: Mon Nov 13 2017 - 12:07:23 EST


Hi,

Looks like next-20171113 now has a NULL pointe dereference with commit
6c78935777d1 ("video: fbdev: Convert timers to use timer_setup()").

See the error below, any ideas?

Regards,

Tony

8< ------------------
Unable to handle kernel NULL pointer dereference at virtual address 00000214
pgd = edfe4000
[00000214] *pgd=00000000
Internal error: Oops: 5 [#1] SMP ARM
...
CPU: 1 PID: 920 Comm: openrc-run.sh Not tainted 4.14.0-next-20171113+ #1911
Hardware name: Generic OMAP4 (Flattened Device Tree)
task: ed922000 task.stack: edc20000
PC is at _test_and_set_bit+0x20/0x48
LR is at queue_work_on+0x28/0x74
pc : [<c086f270>] lr : [<c0155b78>] psr: 60000193
sp : edc21e38 ip : 00000000 fp : c0d09168
r10: edb686bc r9 : 00000001 r8 : c0544e4c
r7 : ee80f000 r6 : 00000002 r5 : 00000214 r4 : 20000113
r3 : 00000001 r2 : 00000001 r1 : 00000214 r0 : 00000000
Flags: nZCv IRQs off FIQs on Mode SVC_32 ISA ARM Segment none
Control: 10c5387d Table: adfe404a DAC: 00000051
Process openrc-run.sh (pid: 920, stack limit = 0xedc20218)
Stack: (0xedc21e38 to 0xedc22000)
1e20: edb686bc edb686bc
1e40: c0dc8588 00000100 c0544e4c c0544e6c c0dc7239 c01cc78c 00000001 00000000
1e60: c01cc6d0 00000000 00000000 00000000 00000001 c1505b74 c124c5f8 00000000
1e80: c0adfb54 00000000 c0544e4c edb686bc c0544e4c ef6b3700 edc20000 edc21ed8
1ea0: c0dc8588 c0d09168 edb686bc c01ccbbc ffff8fee 00000001 edc21ed8 c0d05d00
1ec0: ef6b3700 c0d0957c 00000100 c0dc8128 00000282 c01ccd94 00000000 c0d4675c
1ee0: 60000113 c0dc7132 c0d09168 c019f718 ffffe000 ffffffff c0d03084 edc20000
1f00: 00000001 c0dc7132 c0d09168 c0101714 c0d8821c c0dc720a 00000002 0000000a
1f20: ffff8fee 00400000 00000001 00000002 00000000 ffffe000 00000000 c0d0957c
1f40: 00000000 00000001 ee80d400 fa240100 c0d09854 c013fa6c c0c79160 c01adf54
1f60: fa24010c 000003eb 000003ff 00000000 edc21fb0 c0d88738 fa240100 c0101574
1f80: 00000006 fa241100 edc20000 b6f2e9bc 20000010 ffffffff 10c5387d 10c5387d
1fa0: 005169a0 00517240 005169a0 c088d6b4 005280ea 005280eb 00000000 0000005f
1fc0: 005280e4 004f9511 00517830 00000000 00000000 005169a0 00517240 005169a0
1fe0: 00000001 bed595c0 bed595e0 b6f2e9bc 20000010 ffffffff 00000000 00000000
[<c086f270>] (_test_and_set_bit) from [<c0155b78>] (queue_work_on+0x28/0x74)
[<c0155b78>] (queue_work_on) from [<c0544e6c>] (cursor_timer_handler+0x20/0x44)
[<c0544e6c>] (cursor_timer_handler) from [<c01cc78c>] (call_timer_fn+0xbc/0x408)
[<c01cc78c>] (call_timer_fn) from [<c01ccbbc>] (expire_timers+0xe4/0x220)
[<c01ccbbc>] (expire_timers) from [<c01ccd94>] (run_timer_softirq+0x9c/0x1a4)
[<c01ccd94>] (run_timer_softirq) from [<c0101714>] (__do_softirq+0x13c/0x5b8)
[<c0101714>] (__do_softirq) from [<c013fa6c>] (irq_exit+0x14c/0x1a8)
[<c013fa6c>] (irq_exit) from [<c01adf54>] (__handle_domain_irq+0x6c/0xe0)
[<c01adf54>] (__handle_domain_irq) from [<c0101574>] (gic_handle_irq+0x58/0xb8)
[<c0101574>] (gic_handle_irq) from [<c088d6b4>] (__irq_usr+0x54/0x80)
Exception stack(0xedc21fb0 to 0xedc21ff8)
1fa0: 005280ea 005280eb 00000000 0000005f
1fc0: 005280e4 004f9511 00517830 00000000 00000000 005169a0 00517240 005169a0
1fe0: 00000001 bed595c0 bed595e0 b6f2e9bc 20000010 ffffffff
Code: e1a002a0 e0811100 e1a03312 ee070fba (e1912f9f)