Unable to handle kernel paging request at virtual address f14ce008
I would provide a patch but I don't know if just copying pre_node->data->enable and pre_node->data->scn_win.y is the desired behaviour or it is a bit more complicated (if we actually want to rely on the freed value we could get it before freeing the node also).
Hi,
I don't know if i should report a bug in the 3.4 branch, let alone a bug in the display driver but I will do it just in case it matters to someone.
I am using the sprites as a way of drawing a GUI over the display layers. I hit the bug when using the DISP_CMD_SPRITE_BLOCK_RELEASE ioctl.
The bug is in https://github.com/linux-sunxi/linux-sunxi/blob/sunxi-3.4/drivers/video/sunxi/disp/disp_sprite.c#L649 where a previously freed node is being used. I get a
Unable to handle kernel paging request at virtual address f14ce008I would provide a patch but I don't know if just copying pre_node->data->enable and pre_node->data->scn_win.y is the desired behaviour or it is a bit more complicated (if we actually want to rely on the freed value we could get it before freeing the node also).
Also, if I try the same code after the oops, the next time the value returned by List_Find_Sprite_Block is NULL, causing another oops in https://github.com/linux-sunxi/linux-sunxi/blob/sunxi-3.4/drivers/video/sunxi/disp/disp_sprite.c#L592:
Unable to handle kernel NULL pointer dereference at virtual address 00000004but I guess that it is safe to assume that the function cannot return NULL if the other bug is fixed.
I attach the kernel oops trace (with some printk logs of my own tagged with AVF).
disp_oops.txt
EDIT: Changed the bug line. It is 649, not 621