NULL pointer dereference in kmalloc_trace drm_mode_page_flip_ioctl
This is an intermittent crash with a stack trace I haven't seen before (so probably a regression). I experienced this same crash twice today with a recent kernel (6.8.0-rc7-00260-gfa4b851b4ad6)
Mar 22 15:56:02 debian kernel: general protection fault, probably for non-canonical address 0xffff217017647dc0: 0000 [#1] PREEMPT SMP NOPTI
Mar 22 15:56:02 debian kernel: CPU: 1 PID: 16666 Comm: Xorg Not tainted 6.8.0-rc7-00260-gfa4b851b4ad6 #766
Mar 22 15:56:02 debian kernel: Hardware name: HP HP Pavilion Aero Laptop 13-be0xxx/8916, BIOS F.12 04/11/2023
Mar 22 15:56:02 debian kernel: RIP: 0010:kmalloc_trace+0xd7/0x360
Mar 22 15:56:02 debian kernel: Code: 83 78 10 00 48 8b 38 0f 84 3d 02 00 00 48 85 ff 0f 84 34 02 00 00 41 8b 44 24 28 49 8b 9c 24 b8 00 00 00 49 8b 34 24 48 01 f8 <48> 33 18>
Mar 22 15:56:02 debian kernel: RSP: 0018:ffffa3599141bc00 EFLAGS: 00010286
Mar 22 15:56:02 debian kernel: RAX: ffff217017647dc0 RBX: c3bfd7bd6956b659 RCX: 0000000000000000
Mar 22 15:56:02 debian kernel: RDX: 00000000038d2001 RSI: 000000000003b7a0 RDI: ffff217017647d80
Mar 22 15:56:02 debian kernel: RBP: ffffa3599141bc50 R08: 0000000000000000 R09: 0000000000000000
Mar 22 15:56:02 debian kernel: R10: 0000000000000000 R11: ffff92da01459818 R12: ffff92da0004fd00
Mar 22 15:56:02 debian kernel: R13: 0000000000000dc0 R14: 0000000000000078 R15: 0000000000000000
Mar 22 15:56:02 debian kernel: FS: 00007bf911cd5ac0(0000) GS:ffff92dd0e280000(0000) knlGS:0000000000000000
Mar 22 15:56:02 debian kernel: CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
Mar 22 15:56:02 debian kernel: CR2: 00007990ec763fd0 CR3: 000000013dbc4000 CR4: 0000000000f50ef0
Mar 22 15:56:02 debian kernel: PKRU: 55555554
Mar 22 15:56:02 debian kernel: Call Trace:
Mar 22 15:56:02 debian kernel: <TASK>
Mar 22 15:56:02 debian kernel: ? show_regs+0x6d/0x80
Mar 22 15:56:02 debian kernel: ? die_addr+0x37/0xa0
Mar 22 15:56:02 debian kernel: ? exc_general_protection+0x1db/0x490
Mar 22 15:56:02 debian kernel: ? asm_exc_general_protection+0x27/0x30
Mar 22 15:56:02 debian kernel: ? kmalloc_trace+0xd7/0x360
Mar 22 15:56:02 debian kernel: ? idr_find+0xf/0x20
Mar 22 15:56:02 debian kernel: ? drm_mode_page_flip_ioctl+0x607/0x7b0
Mar 22 15:56:02 debian kernel: drm_mode_page_flip_ioctl+0x607/0x7b0
Mar 22 15:56:02 debian kernel: ? drm_mode_page_flip_ioctl+0x607/0x7b0
Mar 22 15:56:02 debian kernel: ? __pfx_drm_mode_page_flip_ioctl+0x10/0x10
Mar 22 15:56:02 debian kernel: drm_ioctl_kernel+0xbc/0x120
Mar 22 15:56:02 debian kernel: ? srso_alias_return_thunk+0x5/0xfbef5
Mar 22 15:56:02 debian kernel: drm_ioctl+0x2d0/0x550
Mar 22 15:56:02 debian kernel: ? __pfx_drm_mode_page_flip_ioctl+0x10/0x10
Mar 22 15:56:02 debian kernel: amdgpu_drm_ioctl+0x4e/0x90 [amdgpu]
Mar 22 15:56:02 debian kernel: __x64_sys_ioctl+0xa3/0xf0
Mar 22 15:56:02 debian kernel: do_syscall_64+0x79/0x140
Mar 22 15:56:02 debian kernel: ? srso_alias_return_thunk+0x5/0xfbef5
Mar 22 15:56:02 debian kernel: ? irqentry_exit+0x43/0x50
Mar 22 15:56:02 debian kernel: ? srso_alias_return_thunk+0x5/0xfbef5
Mar 22 15:56:02 debian kernel: ? exc_page_fault+0x94/0x1b0
Mar 22 15:56:02 debian kernel: entry_SYSCALL_64_after_hwframe+0x6e/0x76
Mar 22 15:56:02 debian kernel: RIP: 0033:0x7bf912340c5b
Mar 22 15:56:02 debian kernel: Code: 00 48 89 44 24 18 31 c0 48 8d 44 24 60 c7 04 24 10 00 00 00 48 89 44 24 08 48 8d 44 24 20 48 89 44 24 10 b8 10 00 00 00 0f 05 <89> c2 3d>
Mar 22 15:56:02 debian kernel: RSP: 002b:00007ffde07c8890 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
Mar 22 15:56:02 debian kernel: RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 00007bf912340c5b
Mar 22 15:56:02 debian kernel: RDX: 00007ffde07c8920 RSI: 00000000c01864b0 RDI: 000000000000000f
Mar 22 15:56:02 debian kernel: RBP: 00007ffde07c8920 R08: 0000000000000004 R09: 0000000000000001
Mar 22 15:56:02 debian kernel: R10: 00005861c94340c0 R11: 0000000000000246 R12: 00000000c01864b0
Mar 22 15:56:02 debian kernel: R13: 000000000000000f R14: 00005861c963c120 R15: 00005861c9636a80
Mar 22 15:56:02 debian kernel: </TASK>
Mar 22 15:56:02 debian kernel: Modules linked in: rfcomm xt_conntrack nft_chain_nat ccm xt_MASQUERADE nf_nat nf_conntrack_netlink nf_conntrack nf_defrag_ipv6 nf_defrag_ipv4 >
Mar 22 15:56:02 debian kernel: libarc4 btmtk irqbypass snd_seq_device sparse_keymap snd_pci_acp5x snd_pcm rapl bluetooth platform_profile wmi_bmof videodev snd_rn_pci_acp3x>
Mar 22 15:56:02 debian kernel: ---[ end trace 0000000000000000 ]---
Mar 22 15:56:02 debian kernel: RIP: 0010:kmalloc_trace+0xd7/0x360
Mar 22 15:56:02 debian kernel: Code: 83 78 10 00 48 8b 38 0f 84 3d 02 00 00 48 85 ff 0f 84 34 02 00 00 41 8b 44 24 28 49 8b 9c 24 b8 00 00 00 49 8b 34 24 48 01 f8 <48> 33 18>
Mar 22 15:56:02 debian kernel: RSP: 0018:ffffa3599141bc00 EFLAGS: 00010286
Mar 22 15:56:02 debian kernel: RAX: ffff217017647dc0 RBX: c3bfd7bd6956b659 RCX: 0000000000000000
Mar 22 15:56:02 debian kernel: RDX: 00000000038d2001 RSI: 000000000003b7a0 RDI: ffff217017647d80
Mar 22 15:56:02 debian kernel: RBP: ffffa3599141bc50 R08: 0000000000000000 R09: 0000000000000000
Mar 22 15:56:02 debian kernel: R10: 0000000000000000 R11: ffff92da01459818 R12: ffff92da0004fd00
Mar 22 15:56:02 debian kernel: R13: 0000000000000dc0 R14: 0000000000000078 R15: 0000000000000000
Mar 22 15:56:02 debian kernel: FS: 00007bf911cd5ac0(0000) GS:ffff92dd0e280000(0000) knlGS:0000000000000000
Mar 22 15:56:02 debian kernel: CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
Mar 22 15:56:02 debian kernel: CR2: 00007990ec763fd0 CR3: 000000013dbc4000 CR4: 0000000000f50ef0
Mar 22 15:56:02 debian kernel: PKRU: 55555554
Mar 22 15:56:17 debian kernel: pcieport 0000:00:08.1: PME: Spurious native interrupt!
Mar 22 15:56:36 debian kernel: usb 1-1: USB disconnect, device number 4
Mar 22 15:56:36 debian kernel: usb 1-1.2: USB disconnect, device number 5
Mar 22 15:56:36 debian kernel: [drm] DM_MST: stopping TM on aconnector: 00000000ab7fba13 [id: 101]
Mar 22 15:56:36 debian kernel: BUG: unable to handle page fault for address: ffffa3599141bcc0
Mar 22 15:56:36 debian kernel: #PF: supervisor read access in kernel mode
Mar 22 15:56:36 debian kernel: #PF: error_code(0x0000) - not-present page
Mar 22 15:56:36 debian kernel: PGD 100000067 P4D 100000067 PUD 100287067 PMD 3df3af067 PTE 0
Mar 22 15:56:36 debian kernel: Oops: 0000 [#2] PREEMPT SMP NOPTI
This could be related to a recent (Feb 2024) reported crash where the stack trace includes drm_mode_page_flip_ioctl see https://lore.kernel.org/all/0000000000001d010d06112d0bf2@google.com/ - there is a patch at https://lore.kernel.org/all/tencent_C325B38DA11227DDA7DDBE192E4FE88DEC07@qq.com/ but it does not appear to have been merged (why?). Or it could be something different.