Ubuntu
linux package

kernel null pointer dereference on resume w/ amdgpu

Bug #1981943 reported by Kai Groner
12
This bug affects 2 people
Affects Status Importance Assigned to Milestone
linux (Ubuntu)
Confirmed
Undecided
Unassigned

Bug Description

This has happened twice in the last week, since upgrading from 21.10 to 22.04. Prior to that the system was stable.

BUG: kernel NULL pointer dereference, address: 0000000000000000
#PF: supervisor read access in kernel mode
#PF: error_code(0x0000) - not-present page
PGD 172425067 P4D 172425067 PUD 0
Oops: 0000 [#1] SMP NOPTI
CPU: 10 PID: 4524 Comm: gnome-shell Tainted: P OE 5.15.0-41-generic #44-Ubuntu
Hardware name: To Be Filled By O.E.M. To Be Filled By O.E.M./B450M Steel Legend, BIOS P2.90 11/27/2019
RIP: 0010:update_config+0x11b/0x270 [amdgpu]
Code: 13 0f 00 00 41 0f b6 44 24 03 88 83 1e 0f 00 00 41 0f b6 44 24 05 88 83 1f 0f 00 00 49 8b 85 d0 04 00 00 49 8b bd d8 04 00 00 <8b> 30 e8 de 5e 23 00 88 83 20 0f 00 00 49 8b 85 d8 04 00 00 0f b6
RSP: 0018:ffffb6870b8ff640 EFLAGS: 00010202
RAX: 0000000000000000 RBX: ffff900618ec8f88 RCX: ffff900618ec9e94
RDX: ffff900618ec9ea0 RSI: ffffb6870b8ff690 RDI: ffff900600af5400
RBP: ffffb6870b8ff680 R08: 0000000000000001 R09: ffffffffc037b30c
R10: 0000000000000001 R11: 0000000000000000 R12: ffffb6870b8ff690
R13: ffff900600b26000 R14: 0000000000000001 R15: ffff900618ec8000
FS: 00007fb28c64b5c0(0000) GS:ffff900d1ec80000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000000000000000 CR3: 000000010476c000 CR4: 0000000000350ee0
Call Trace:
 <TASK>
 update_psp_stream_config+0x130/0x170 [amdgpu]
 core_link_enable_stream+0x435/0x590 [amdgpu]
 apply_single_controller_ctx_to_hw+0x373/0x390 [amdgpu]
 dce110_apply_ctx_to_hw+0x21e/0x300 [amdgpu]
 ? disable_dangling_plane+0x3d/0x2e0 [amdgpu]
 dc_commit_state_no_check+0x257/0xb10 [amdgpu]
 dc_commit_state+0xd0/0x150 [amdgpu]
 amdgpu_dm_atomic_commit_tail+0x5b4/0x1480 [amdgpu]
 ? dcn30_calculate_wm_and_dlg_fp+0x7b0/0xac0 [amdgpu]
 ? hubbub3_get_dcc_compression_cap+0x92/0x2d0 [amdgpu]
 ? dcn20_get_dcc_compression_cap+0x23/0x30 [amdgpu]
 ? fill_gfx9_plane_attributes_from_modifiers+0x217/0x2e0 [amdgpu]
 ? ttm_bo_mem_compat+0x30/0x90 [ttm]
 ? fill_plane_buffer_attributes+0x137/0x290 [amdgpu]
 ? __cond_resched+0x1a/0x50
 ? __wait_for_common+0x3e/0x150
 ? usleep_range_state+0x90/0x90
 ? wait_for_completion_timeout+0x1d/0x20
 commit_tail+0xc5/0x170 [drm_kms_helper]
 ? drm_atomic_helper_swap_state+0x20f/0x370 [drm_kms_helper]
 drm_atomic_helper_commit+0x123/0x150 [drm_kms_helper]
 drm_atomic_commit+0x4a/0x50 [drm]
 drm_mode_atomic_ioctl+0x530/0x740 [drm]
 ? drm_plane_create_color_properties.cold+0x48/0x48 [drm]
 ? drm_atomic_set_property+0x150/0x150 [drm]
 drm_ioctl_kernel+0xae/0xf0 [drm]
 drm_ioctl+0x264/0x4b0 [drm]
 ? drm_atomic_set_property+0x150/0x150 [drm]
 ? fput+0x13/0x20
 amdgpu_drm_ioctl+0x4e/0x80 [amdgpu]
 __x64_sys_ioctl+0x91/0xc0
 do_syscall_64+0x5c/0xc0
 ? do_syscall_64+0x69/0xc0
 entry_SYSCALL_64_after_hwframe+0x44/0xae
RIP: 0033:0x7fb2919edaff
Code: 00 48 89 44 24 18 31 c0 48 8d 44 24 60 c7 04 24 10 00 00 00 48 89 44 24 08 48 8d 44 24 20 48 89 44 24 10 b8 10 00 00 00 0f 05 <41> 89 c0 3d 00 f0 ff ff 77 1f 48 8b 44 24 18 64 48 2b 04 25 28 00
RSP: 002b:00007ffc3e8de6e0 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
RAX: ffffffffffffffda RBX: 00007ffc3e8de780 RCX: 00007fb2919edaff
RDX: 00007ffc3e8de780 RSI: 00000000c03864bc RDI: 0000000000000009
RBP: 00000000c03864bc R08: 0000000000000012 R09: 0000000000000012
R10: 0000000000000007 R11: 0000000000000246 R12: 000055e9e1529b10
R13: 0000000000000009 R14: 000055e9ddbd6240 R15: 000055e9dd8c3180
 </TASK>
Modules linked in: snd_seq_dummy xt_MASQUERADE nf_conntrack_netlink xfrm_user xfrm_algo br_netfilter nft_masq vboxnetadp(OE) nft_chain_nat vboxnetflt(OE) nf_nat vboxdrv(OE) bridge nvme_fabrics vhost_vsock vmw_vsock_virtio_transport_common vhost vhost_iotlb vsock 8021q garp mrp stp llc ip6t_REJECT nf_reject_ipv6 xt_hl ip6_tables ip6t_rt overlay ipt_REJECT nf_reject_ipv4 xt_LOG nf_log_syslog nft_limit rfcomm cmac algif_hash algif_skcipher af_alg bnep xt_limit xt_addrtype xt_tcpudp xt_conntrack nf_conntrack nf_defrag_ipv6 nf_defrag_ipv4 nft_compat nft_counter nf_tables nfnetlink snd_hda_codec_realtek intel_rapl_msr zfs(POE) snd_hda_codec_generic intel_rapl_common snd_hda_codec_hdmi zunicode(POE) ledtrig_audio zzstd(O) snd_hda_intel zlua(OE) snd_intel_dspcfg zavl(POE) snd_intel_sdw_acpi icp(POE) uvcvideo edac_mce_amd videobuf2_vmalloc snd_hda_codec btusb videobuf2_memops videobuf2_v4l2 snd_hda_core btrtl snd_usb_audio videobuf2_common zcommon(POE) btbcm snd_usbmidi_lib
 snd_seq_midi znvpair(POE) kvm_amd btintel videodev spl(OE) snd_seq_midi_event snd_hwdep kvm bluetooth nls_iso8859_1 joydev input_leds mc snd_pcm rapl snd_rawmidi ecdh_generic ecc snd_seq wmi_bmof snd_seq_device zenpower(OE) snd_timer ccp snd soundcore mac_hid sch_fq_codel nct6775 nfsd hwmon_vid ipmi_devintf ipmi_msghandler msr auth_rpcgss parport_pc nfs_acl ppdev lockd grace lp parport ramoops pstore_blk reed_solomon mtd pstore_zone efi_pstore sunrpc ip_tables x_tables autofs4 btrfs blake2b_generic zstd_compress dm_crypt raid10 raid456 async_raid6_recov async_memcpy async_pq async_xor async_tx xor raid6_pq libcrc32c raid1 raid0 multipath linear hid_logitech_hidpp hid_logitech_dj amdgpu hid_generic iommu_v2 gpu_sched i2c_algo_bit drm_ttm_helper ttm drm_kms_helper syscopyarea sysfillrect sysimgblt usbhid fb_sys_fops hid crct10dif_pclmul crc32_pclmul ghash_clmulni_intel cec nvme aesni_intel r8169 rc_core crypto_simd ahci gpio_amdpt xhci_pci cryptd drm i2c_piix4 realtek
 nvme_core libahci xhci_pci_renesas wmi gpio_generic
CR2: 0000000000000000
---[ end trace 942dc106afdcba62 ]---
RIP: 0010:update_config+0x11b/0x270 [amdgpu]
Code: 13 0f 00 00 41 0f b6 44 24 03 88 83 1e 0f 00 00 41 0f b6 44 24 05 88 83 1f 0f 00 00 49 8b 85 d0 04 00 00 49 8b bd d8 04 00 00 <8b> 30 e8 de 5e 23 00 88 83 20 0f 00 00 49 8b 85 d8 04 00 00 0f b6
RSP: 0018:ffffb6870b8ff640 EFLAGS: 00010202
RAX: 0000000000000000 RBX: ffff900618ec8f88 RCX: ffff900618ec9e94
RDX: ffff900618ec9ea0 RSI: ffffb6870b8ff690 RDI: ffff900600af5400
RBP: ffffb6870b8ff680 R08: 0000000000000001 R09: ffffffffc037b30c
R10: 0000000000000001 R11: 0000000000000000 R12: ffffb6870b8ff690
R13: ffff900600b26000 R14: 0000000000000001 R15: ffff900618ec8000
FS: 00007fb28c64b5c0(0000) GS:ffff900d1ec80000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000000000000000 CR3: 000000010476c000 CR4: 0000000000350ee0

Following this I'm unable to recover the console or complete a safe shutdown (I only waited a couple minutes).

ProblemType: Bug
DistroRelease: Ubuntu 22.04
Package: linux-image-generic 5.15.0.41.43
ProcVersionSignature: Ubuntu 5.15.0-41.44-generic 5.15.39
Uname: Linux 5.15.0-41-generic x86_64
NonfreeKernelModules: zfs zunicode zavl icp zcommon znvpair
ApportVersion: 2.20.11-0ubuntu82.1
Architecture: amd64
CasperMD5CheckResult: unknown
Date: Sun Jul 17 20:18:42 2022
InstallationDate: Installed on 2019-06-18 (1125 days ago)
InstallationMedia: Ubuntu 19.04 "Disco Dingo" - Release amd64 (20190416)
MachineType: To Be Filled By O.E.M. To Be Filled By O.E.M.
ProcEnviron:
 TERM=tmux-256color
 PATH=(custom, no user)
 LANG=en_US.UTF-8
 SHELL=/bin/bash
ProcFB: 0 amdgpudrmfb
ProcKernelCmdLine: BOOT_IMAGE=/vmlinuz-5.15.0-41-generic root=/dev/mapper/infodata-root ro quiet splash vt.handoff=7
PulseList: Error: command ['pacmd', 'list'] failed with exit code 1: No PulseAudio daemon running, or not running as session daemon.
RelatedPackageVersions:
 linux-restricted-modules-5.15.0-41-generic N/A
 linux-backports-modules-5.15.0-41-generic N/A
 linux-firmware 20220329.git681281e4-0ubuntu3.3
RfKill:
 3: hci0: Bluetooth
  Soft blocked: no
  Hard blocked: no
SourcePackage: linux
UpgradeStatus: Upgraded to jammy on 2022-07-06 (11 days ago)
dmi.bios.date: 11/27/2019
dmi.bios.release: 5.14
dmi.bios.vendor: American Megatrends Inc.
dmi.bios.version: P2.90
dmi.board.name: B450M Steel Legend
dmi.board.vendor: ASRock
dmi.chassis.asset.tag: To Be Filled By O.E.M.
dmi.chassis.type: 3
dmi.chassis.vendor: To Be Filled By O.E.M.
dmi.chassis.version: To Be Filled By O.E.M.
dmi.modalias: dmi:bvnAmericanMegatrendsInc.:bvrP2.90:bd11/27/2019:br5.14:svnToBeFilledByO.E.M.:pnToBeFilledByO.E.M.:pvrToBeFilledByO.E.M.:rvnASRock:rnB450MSteelLegend:rvr:cvnToBeFilledByO.E.M.:ct3:cvrToBeFilledByO.E.M.:skuToBeFilledByO.E.M.:
dmi.product.family: To Be Filled By O.E.M.
dmi.product.name: To Be Filled By O.E.M.
dmi.product.sku: To Be Filled By O.E.M.
dmi.product.version: To Be Filled By O.E.M.
dmi.sys.vendor: To Be Filled By O.E.M.

Revision history for this message
Kai Groner (kai-gronr) wrote :
Revision history for this message
Ubuntu Kernel Bot (ubuntu-kernel-bot) wrote : Status changed to Confirmed

This change was made by a bot.

Changed in linux (Ubuntu):
status: New → Confirmed
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.