Skip to content

NULL pointer dereference in i915_active_acquire since Linux 5.4

Since kernel 5.4.x I am getting regular crashes after a couple hours of use: I have not managed to find a reproducible sequence of actions. Navigating web pages in Firefox seems enough to trigger the issue after some time.

The operating system is Archlinux running a custom kernel build (vanilla Linux 5.4.0, 5.4.1, 5.4.2 without Archlinux patches).

Full dmesg output: dmesg-5.4.0

BUG: kernel NULL pointer dereference, address: 0000000000000048
#PF: supervisor read access in kernel mode
#PF: error_code(0x0000) - not-present page
PGD 0 P4D 0 
Oops: 0000 [#1] PREEMPT SMP PTI
CPU: 3 PID: 729 Comm: xfwm4 Not tainted 5.4.0-1-esprimo #1
Hardware name: FUJITSU ESPRIMO P920/D3222-A1, BIOS V4.6.5.4 R1.42.0 for D3222-A1x 08/25/2016
RIP: 0010:i915_active_acquire+0x9/0x70 [i915]
Code: 00 00 00 48 c7 46 60 00 00 00 00 c7 46 40 00 00 00 00 48 c7 c6 3a 44 9d c0 e9 b3 c1 7c e6 0f 1f 00 0f 1f 44 00 00 41 54 55 53 <8b> 47 40 48 89 fb 85 c0 74 15 8d 50 01 f0 0f b1 53 40 75 f2 45 31
RSP: 0018:ffffa13fff39fa28 EFLAGS: 00010296
RAX: 0000000000000000 RBX: ffffa13ec6571200 RCX: 0000000000000000
RDX: ffffa13ec6571200 RSI: ffffa1400056f780 RDI: 0000000000000008
RBP: ffffa1400056f780 R08: ffffa13fcceaf820 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000008
R13: 0000000000000004 R14: ffffa13fcceaf700 R15: ffffa13fcceaf700
FS:  00007fdbd3d3e980(0000) GS:ffffa1400a180000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000000000000048 CR3: 00000004c88ee005 CR4: 00000000001606e0
Call Trace:
 i915_active_ref+0x21/0x1d0 [i915]
 i915_vma_move_to_active+0x6e/0xf0 [i915]
 i915_gem_do_execbuffer+0xcad/0x1690 [i915]
 ? unix_stream_read_generic+0x82d/0x8c0
 ? kmem_cache_free+0x29e/0x2c0
 ? unix_stream_read_generic+0x200/0x8c0
 ? __kmalloc+0x193/0x260
 i915_gem_execbuffer2_ioctl+0xe0/0x3a0 [i915]
 ? i915_gem_execbuffer_ioctl+0x2b0/0x2b0 [i915]
 drm_ioctl_kernel+0xab/0xf0 [drm]
 drm_ioctl+0x200/0x3a0 [drm]
 ? i915_gem_execbuffer_ioctl+0x2b0/0x2b0 [i915]
 ? vfs_writev+0xc3/0xf0
 do_vfs_ioctl+0x3fb/0x660
 ksys_ioctl+0x5e/0x90
 __x64_sys_ioctl+0x16/0x20
 do_syscall_64+0x48/0x100
 entry_SYSCALL_64_after_hwframe+0x44/0xa9
RIP: 0033:0x7fdbd4d3625b
To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information