libreoffice gpu acceleration causes kernel null pointer dereference
Downstream reports:
https://bbs.archlinux.org/viewtopic.php?id=290926
https://forum.endeavouros.com/t/libreoffice-causes-my-system-to-freeze/48040
I'm using archlinux with an RX 6900XT.
- linux 6.6.10.arch1
- mesa 1:23.3.3
- libreoffice-fresh 7.6.4
- kwin 5.27.10 on wayland
Starting libreoffice in stock configuration like for example soffice --calc --nologo
freezes the app on startup and produces the attached kernel bug. I considered reporting to mesa first but considering this is a null pointer dereference, I figured it's something that concerns the kernel driver.
Jan 13 13:48:33 kernel: amdgpu 0000:0c:00.0: amdgpu: bo 00000000794f5e88 va 0x0800000000-0x0800000001 conflict with 0x0800000000-0x0800000200
Jan 13 13:48:33 kernel: amdgpu: Failed to map VA 0x800000000000 in vm. ret -22
Jan 13 13:48:33 kernel: amdgpu: Failed to map bo to gpuvm
Jan 13 13:48:33 kernel: BUG: kernel NULL pointer dereference, address: 0000000000000008
Jan 13 13:48:33 kernel: #PF: supervisor read access in kernel mode
Jan 13 13:48:33 kernel: #PF: error_code(0x0000) - not-present page
Jan 13 13:48:33 kernel: PGD 0 P4D 0
Jan 13 13:48:33 kernel: Oops: 0000 [#1] PREEMPT SMP NOPTI
Jan 13 13:48:33 kernel: CPU: 14 PID: 19034 Comm: soffice.bin Not tainted 6.6.10-arch1-1 #1 1c4c0f23a3d2aa9ceff1bccbbfb5902f421e2288
Jan 13 13:48:33 kernel: Hardware name: ASUS System Product Name/ROG CROSSHAIR VIII IMPACT, BIOS 4702 10/20/2023
Jan 13 13:48:33 kernel: RIP: 0010:dma_resv_add_fence+0x47/0x1f0
Jan 13 13:48:33 kernel: Code: 89 54 24 04 48 85 f6 74 21 48 8d 7e 38 b8 01 00 00 00 f0 0f c1 46 38 85 c0 0f 84 59 01 00 00 8d 50 01 09 c2 0f 88 5d 01 00 00 <49> 8b 46 08 48 3d 00 73 bb 98 0f 84 c9 00 00 00 48 3d a0 72 bb 98
Jan 13 13:48:33 kernel: RSP: 0018:ffffa2e05da73cd8 EFLAGS: 00010246
Jan 13 13:48:33 kernel: RAX: ffff94564efe0000 RBX: ffff94564efe0158 RCX: 0000000008a76a0e
Jan 13 13:48:33 kernel: RDX: 0000000000000003 RSI: 0000000000000000 RDI: ffff94564efe0158
Jan 13 13:48:33 kernel: RBP: ffff94554a961000 R08: 0000000000000000 R09: 000000000003a5f0
Jan 13 13:48:33 kernel: R10: ffff94562680e920 R11: 0000000000000100 R12: ffff94567ae05338
Jan 13 13:48:33 kernel: R13: ffff94567ae05340 R14: 0000000000000000 R15: ffff94564efe0000
Jan 13 13:48:33 kernel: FS: 00007fbf2fc82000(0000) GS:ffff94622ed80000(0000) knlGS:0000000000000000
Jan 13 13:48:33 kernel: CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
Jan 13 13:48:33 kernel: CR2: 0000000000000008 CR3: 000000016c242000 CR4: 0000000000350ee0
Jan 13 13:48:33 kernel: Call Trace:
Jan 13 13:48:33 kernel: <TASK>
Jan 13 13:48:33 kernel: ? __die+0x23/0x70
Jan 13 13:48:33 kernel: ? page_fault_oops+0x171/0x4e0
Jan 13 13:48:33 kernel: ? dma_fence_default_wait+0x93/0x280
Jan 13 13:48:33 kernel: ? exc_page_fault+0x7f/0x180
Jan 13 13:48:33 kernel: ? asm_exc_page_fault+0x26/0x30
Jan 13 13:48:33 kernel: ? dma_resv_add_fence+0x47/0x1f0
Jan 13 13:48:33 kernel: amdgpu_amdkfd_gpuvm_acquire_process_vm+0x212/0x530 [amdgpu 2bf31ef1d3cc43cfc0b6a3fe775b206df4fbd28e]
Jan 13 13:48:33 kernel: kfd_process_device_init_vm+0xb0/0x320 [amdgpu 2bf31ef1d3cc43cfc0b6a3fe775b206df4fbd28e]
Jan 13 13:48:33 kernel: kfd_ioctl_acquire_vm+0x89/0xc0 [amdgpu 2bf31ef1d3cc43cfc0b6a3fe775b206df4fbd28e]
Jan 13 13:48:33 kernel: kfd_ioctl+0x3cc/0x4e0 [amdgpu 2bf31ef1d3cc43cfc0b6a3fe775b206df4fbd28e]
Jan 13 13:48:33 kernel: ? __pfx_kfd_ioctl_acquire_vm+0x10/0x10 [amdgpu 2bf31ef1d3cc43cfc0b6a3fe775b206df4fbd28e]
Jan 13 13:48:33 kernel: ? srso_return_thunk+0x5/0x10
Jan 13 13:48:33 kernel: __x64_sys_ioctl+0x97/0xd0
Jan 13 13:48:33 kernel: do_syscall_64+0x60/0x90
Jan 13 13:48:33 kernel: ? srso_return_thunk+0x5/0x10
Jan 13 13:48:33 kernel: ? srso_return_thunk+0x5/0x10
Jan 13 13:48:33 kernel: ? syscall_exit_to_user_mode+0x2b/0x40
Jan 13 13:48:33 kernel: ? srso_return_thunk+0x5/0x10
Jan 13 13:48:33 kernel: ? do_syscall_64+0x6c/0x90
Jan 13 13:48:33 kernel: entry_SYSCALL_64_after_hwframe+0x6e/0xd8
Jan 13 13:48:33 kernel: RIP: 0033:0x7fbf39afa3af
Jan 13 13:48:33 kernel: Code: 00 48 89 44 24 18 31 c0 48 8d 44 24 60 c7 04 24 10 00 00 00 48 89 44 24 08 48 8d 44 24 20 48 89 44 24 10 b8 10 00 00 00 0f 05 <89> c2 3d 00 f0 ff ff 77 18 48 8b 44 24 18 64 48 2b 04 25 28 00 00
Jan 13 13:48:33 kernel: RSP: 002b:00007ffd2e486920 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
Jan 13 13:48:33 kernel: RAX: ffffffffffffffda RBX: 00007ffd2e486a10 RCX: 00007fbf39afa3af
Jan 13 13:48:33 kernel: RDX: 00007ffd2e486a90 RSI: 0000000040084b15 RDI: 000000000000001c
Jan 13 13:48:33 kernel: RBP: 00007ffd2e486a90 R08: 0000000000000013 R09: 0000000000000001
Jan 13 13:48:33 kernel: R10: 0000000000000001 R11: 0000000000000246 R12: 0000000040084b15
Jan 13 13:48:33 kernel: R13: 000000000000001c R14: 000056061bcbe710 R15: 00007fbeddbdb180
Jan 13 13:48:33 kernel: </TASK>
Jan 13 13:48:33 kernel: Modules linked in: rfcomm snd_seq_dummy snd_hrtimer snd_seq xt_conntrack nft_chain_nat xt_MASQUERADE nf_nat nf_conntrack_netlink nf_conntrack nf_defrag_ipv6 nf_defrag_ipv4 xt_addrtype nft_compat nf_tables libcrc32c br_netfilter bridge stp llc rpcrdma rdma_cm iw_cm ib_cm ib_core overlay wireguard curve25519_x86_64 libchacha20poly1305 chacha_x86_64 poly1305_x86_64 libcurve25519_generic libchacha ip6_udp_tunnel udp_tunnel cmac algif_hash algif_skcipher af_alg bnep nct6775 nct6775_core hwmon_vid intel_rapl_msr intel_rapl_common snd_hda_codec_realtek snd_hda_codec_generic snd_hda_codec_hdmi iwlmvm snd_hda_intel snd_intel_dspcfg edac_mce_amd snd_usb_audio uvcvideo snd_intel_sdw_acpi mac80211 videobuf2_vmalloc eeepc_wmi snd_usbmidi_lib snd_hda_codec kvm_amd btusb uvc asus_wmi snd_ump btrtl libarc4 videobuf2_memops snd_hda_core ledtrig_audio snd_rawmidi ucsi_ccg btintel videobuf2_v4l2 sparse_keymap kvm typec_ucsi snd_seq_device snd_hwdep btbcm vfat iwlwifi platform_profile videodev btmtk typec irqbypass snd_pcm
Jan 13 13:48:33 kernel: sp5100_tco asus_ec_sensors i8042 fat rapl serio wmi_bmof pcspkr acpi_cpufreq cdc_acm k10temp i2c_piix4 roles bluetooth videobuf2_common snd_timer cfg80211 mc mousedev ecdh_generic snd igb soundcore joydev rfkill dca mac_hid nfsd auth_rpcgss nfs_acl lockd grace i2c_dev sg crypto_user sunrpc fuse loop nfnetlink zram ip_tables x_tables ext4 crc32c_generic crc16 mbcache jbd2 uas usb_storage usbhid dm_crypt cbc encrypted_keys trusted asn1_encoder tee dm_mod crct10dif_pclmul crc32_pclmul crc32c_intel polyval_clmulni polyval_generic gf128mul ghash_clmulni_intel sha512_ssse3 sha256_ssse3 sha1_ssse3 aesni_intel nvme crypto_simd cryptd ccp nvme_core xhci_pci xhci_pci_renesas nvme_common amdgpu i2c_algo_bit drm_ttm_helper ttm video wmi drm_exec drm_suballoc_helper amdxcp drm_buddy gpu_sched drm_display_helper cec
Jan 13 13:48:33 kernel: CR2: 0000000000000008
Jan 13 13:48:33 kernel: ---[ end trace 0000000000000000 ]---
Jan 13 13:48:33 kernel: RIP: 0010:dma_resv_add_fence+0x47/0x1f0
Jan 13 13:48:33 kernel: Code: 89 54 24 04 48 85 f6 74 21 48 8d 7e 38 b8 01 00 00 00 f0 0f c1 46 38 85 c0 0f 84 59 01 00 00 8d 50 01 09 c2 0f 88 5d 01 00 00 <49> 8b 46 08 48 3d 00 73 bb 98 0f 84 c9 00 00 00 48 3d a0 72 bb 98
Jan 13 13:48:33 kernel: RSP: 0018:ffffa2e05da73cd8 EFLAGS: 00010246
Jan 13 13:48:33 kernel: RAX: ffff94564efe0000 RBX: ffff94564efe0158 RCX: 0000000008a76a0e
Jan 13 13:48:33 kernel: RDX: 0000000000000003 RSI: 0000000000000000 RDI: ffff94564efe0158
Jan 13 13:48:33 kernel: RBP: ffff94554a961000 R08: 0000000000000000 R09: 000000000003a5f0
Jan 13 13:48:33 kernel: R10: ffff94562680e920 R11: 0000000000000100 R12: ffff94567ae05338
Jan 13 13:48:33 kernel: R13: ffff94567ae05340 R14: 0000000000000000 R15: ffff94564efe0000
Jan 13 13:48:33 kernel: FS: 00007fbf2fc82000(0000) GS:ffff94622ed80000(0000) knlGS:0000000000000000
Jan 13 13:48:33 kernel: CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
Jan 13 13:48:33 kernel: CR2: 0000000000000008 CR3: 000000016c242000 CR4: 0000000000350ee0
Jan 13 13:48:33 kernel: note: soffice.bin[19034] exited with irqs disabled
Jan 13 13:48:33 kernel: BUG: kernel NULL pointer dereference, address: 0000000000000001
Jan 13 13:48:33 kernel: #PF: supervisor read access in kernel mode
Jan 13 13:48:33 kernel: #PF: error_code(0x0000) - not-present page
Jan 13 13:48:33 kernel: PGD 0 P4D 0
Jan 13 13:48:33 kernel: Oops: 0000 [#2] PREEMPT SMP NOPTI
Jan 13 13:48:33 kernel: CPU: 26 PID: 12 Comm: kworker/u64:1 Tainted: G D 6.6.10-arch1-1 #1 1c4c0f23a3d2aa9ceff1bccbbfb5902f421e2288
Jan 13 13:48:33 kernel: Hardware name: ASUS System Product Name/ROG CROSSHAIR VIII IMPACT, BIOS 4702 10/20/2023
Jan 13 13:48:33 kernel: Workqueue: kfd_restore_wq restore_process_worker [amdgpu]
Jan 13 13:48:33 kernel: RIP: 0010:__list_add_valid_or_report+0x1a/0xa0
Jan 13 13:48:33 kernel: Code: 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa 48 89 d0 48 85 f6 74 2a 48 85 d2 74 3a 48 8b 52 08 48 39 f2 75 41 <4c> 8b 02 49 39 c0 75 4c 48 39 fa 74 60 49 39 f8 74 5b b8 01 00 00
Jan 13 13:48:33 kernel: RSP: 0018:ffffa2e04014fc40 EFLAGS: 00010246
Jan 13 13:48:33 kernel: RAX: ffff9454c4551a50 RBX: ffffa2e04014fc80 RCX: ffff945340a62080
Jan 13 13:48:33 kernel: RDX: 0000000000000001 RSI: 0000000000000001 RDI: ffffa2e04014fc80
Jan 13 13:48:33 kernel: RBP: ffff9454c4551a50 R08: 737264715e63656a R09: ffff9453401c0e00
Jan 13 13:48:33 kernel: R10: 000000000000000f R11: fefefefefefefeff R12: ffff9454c4551a40
Jan 13 13:48:33 kernel: R13: 0000000000000001 R14: ffffa2e04014fc80 R15: ffff94567ae053a8
Jan 13 13:48:33 kernel: FS: 0000000000000000(0000) GS:ffff94622f080000(0000) knlGS:0000000000000000
Jan 13 13:48:33 kernel: CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
Jan 13 13:48:33 kernel: CR2: 0000000000000001 CR3: 00000002f4fea000 CR4: 0000000000350ee0
Jan 13 13:48:33 kernel: Call Trace:
Jan 13 13:48:33 kernel: <TASK>
Jan 13 13:48:33 kernel: ? __die+0x23/0x70
Jan 13 13:48:33 kernel: ? page_fault_oops+0x171/0x4e0
Jan 13 13:48:33 kernel: ? srso_return_thunk+0x5/0x10
Jan 13 13:48:33 kernel: ? exc_page_fault+0x7f/0x180
Jan 13 13:48:33 kernel: ? asm_exc_page_fault+0x26/0x30
Jan 13 13:48:33 kernel: ? __list_add_valid_or_report+0x1a/0xa0
Jan 13 13:48:33 kernel: __mutex_add_waiter+0x23/0x60
Jan 13 13:48:33 kernel: __mutex_lock.constprop.0+0x2a4/0x6a0
Jan 13 13:48:33 kernel: amdgpu_amdkfd_gpuvm_restore_process_bos+0x6e/0x5b0 [amdgpu 2bf31ef1d3cc43cfc0b6a3fe775b206df4fbd28e]
Jan 13 13:48:33 kernel: ? srso_return_thunk+0x5/0x10
Jan 13 13:48:33 kernel: ? update_load_avg+0x7e/0x780
Jan 13 13:48:33 kernel: ? srso_return_thunk+0x5/0x10
Jan 13 13:48:33 kernel: ? __folio_end_writeback+0x6a/0x370
Jan 13 13:48:33 kernel: ? srso_return_thunk+0x5/0x10
Jan 13 13:48:33 kernel: ? psi_group_change+0x213/0x3c0
Jan 13 13:48:33 kernel: restore_process_worker+0x37/0xf0 [amdgpu 2bf31ef1d3cc43cfc0b6a3fe775b206df4fbd28e]
Jan 13 13:48:33 kernel: process_one_work+0x174/0x340
Jan 13 13:48:33 kernel: worker_thread+0x27b/0x3a0
Jan 13 13:48:33 kernel: ? __pfx_worker_thread+0x10/0x10
Jan 13 13:48:33 kernel: kthread+0xe8/0x120
Jan 13 13:48:33 kernel: ? __pfx_kthread+0x10/0x10
Jan 13 13:48:33 kernel: ret_from_fork+0x34/0x50
Jan 13 13:48:33 kernel: ? __pfx_kthread+0x10/0x10
Jan 13 13:48:33 kernel: ret_from_fork_asm+0x1b/0x30
Jan 13 13:48:33 kernel: </TASK>
Jan 13 13:48:33 kernel: Modules linked in: rfcomm snd_seq_dummy snd_hrtimer snd_seq xt_conntrack nft_chain_nat xt_MASQUERADE nf_nat nf_conntrack_netlink nf_conntrack nf_defrag_ipv6 nf_defrag_ipv4 xt_addrtype nft_compat nf_tables libcrc32c br_netfilter bridge stp llc rpcrdma rdma_cm iw_cm ib_cm ib_core overlay wireguard curve25519_x86_64 libchacha20poly1305 chacha_x86_64 poly1305_x86_64 libcurve25519_generic libchacha ip6_udp_tunnel udp_tunnel cmac algif_hash algif_skcipher af_alg bnep nct6775 nct6775_core hwmon_vid intel_rapl_msr intel_rapl_common snd_hda_codec_realtek snd_hda_codec_generic snd_hda_codec_hdmi iwlmvm snd_hda_intel snd_intel_dspcfg edac_mce_amd snd_usb_audio uvcvideo snd_intel_sdw_acpi mac80211 videobuf2_vmalloc eeepc_wmi snd_usbmidi_lib snd_hda_codec kvm_amd btusb uvc asus_wmi snd_ump btrtl libarc4 videobuf2_memops snd_hda_core ledtrig_audio snd_rawmidi ucsi_ccg btintel videobuf2_v4l2 sparse_keymap kvm typec_ucsi snd_seq_device snd_hwdep btbcm vfat iwlwifi platform_profile videodev btmtk typec irqbypass snd_pcm
Jan 13 13:48:33 kernel: sp5100_tco asus_ec_sensors i8042 fat rapl serio wmi_bmof pcspkr acpi_cpufreq cdc_acm k10temp i2c_piix4 roles bluetooth videobuf2_common snd_timer cfg80211 mc mousedev ecdh_generic snd igb soundcore joydev rfkill dca mac_hid nfsd auth_rpcgss nfs_acl lockd grace i2c_dev sg crypto_user sunrpc fuse loop nfnetlink zram ip_tables x_tables ext4 crc32c_generic crc16 mbcache jbd2 uas usb_storage usbhid dm_crypt cbc encrypted_keys trusted asn1_encoder tee dm_mod crct10dif_pclmul crc32_pclmul crc32c_intel polyval_clmulni polyval_generic gf128mul ghash_clmulni_intel sha512_ssse3 sha256_ssse3 sha1_ssse3 aesni_intel nvme crypto_simd cryptd ccp nvme_core xhci_pci xhci_pci_renesas nvme_common amdgpu i2c_algo_bit drm_ttm_helper ttm video wmi drm_exec drm_suballoc_helper amdxcp drm_buddy gpu_sched drm_display_helper cec
Jan 13 13:48:33 kernel: CR2: 0000000000000001
Jan 13 13:48:33 kernel: ---[ end trace 0000000000000000 ]---
Jan 13 13:48:33 kernel: RIP: 0010:dma_resv_add_fence+0x47/0x1f0
Jan 13 13:48:33 kernel: Code: 89 54 24 04 48 85 f6 74 21 48 8d 7e 38 b8 01 00 00 00 f0 0f c1 46 38 85 c0 0f 84 59 01 00 00 8d 50 01 09 c2 0f 88 5d 01 00 00 <49> 8b 46 08 48 3d 00 73 bb 98 0f 84 c9 00 00 00 48 3d a0 72 bb 98
Jan 13 13:48:33 kernel: RSP: 0018:ffffa2e05da73cd8 EFLAGS: 00010246
Jan 13 13:48:33 kernel: RAX: ffff94564efe0000 RBX: ffff94564efe0158 RCX: 0000000008a76a0e
Jan 13 13:48:33 kernel: RDX: 0000000000000003 RSI: 0000000000000000 RDI: ffff94564efe0158
Jan 13 13:48:33 kernel: RBP: ffff94554a961000 R08: 0000000000000000 R09: 000000000003a5f0
Jan 13 13:48:33 kernel: R10: ffff94562680e920 R11: 0000000000000100 R12: ffff94567ae05338
Jan 13 13:48:33 kernel: R13: ffff94567ae05340 R14: 0000000000000000 R15: ffff94564efe0000
Jan 13 13:48:33 kernel: FS: 0000000000000000(0000) GS:ffff94622f080000(0000) knlGS:0000000000000000
Jan 13 13:48:33 kernel: CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
Jan 13 13:48:33 kernel: CR2: 0000000000000001 CR3: 00000002f4fea000 CR4: 0000000000350ee0
Jan 13 13:48:33 kernel: note: kworker/u64:1[12] exited with irqs disabled
Jan 13 13:48:33 kernel: note: kworker/u64:1[12] exited with preempt_count 2