[Bug 108984] New: kernel NULL pointer dereference: gen4_render_ring_flush [i915]

bugzilla-daemon at freedesktop.org bugzilla-daemon at freedesktop.org
Sat Dec 8 19:24:03 UTC 2018 

https://bugs.freedesktop.org/show_bug.cgi?id=108984

            Bug ID: 108984
           Summary: kernel NULL pointer dereference:
                    gen4_render_ring_flush [i915]
           Product: DRI
           Version: XOrg git
          Hardware: x86-64 (AMD64)
                OS: Linux (All)
            Status: NEW
          Severity: critical
          Priority: medium
         Component: DRM/Intel
          Assignee: intel-gfx-bugs at lists.freedesktop.org
          Reporter: elektron at halo.nu
        QA Contact: intel-gfx-bugs at lists.freedesktop.org
                CC: intel-gfx-bugs at lists.freedesktop.org

Originally reported here:
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=914495

elektron at x200:~$ ls -la /vmlinuz*
lrwxrwxrwx 1 root root 27 Dec  4 23:23 /vmlinuz -> boot/vmlinuz-4.18.0-3-amd64
lrwxrwxrwx 1 root root 27 Dec  4 23:23 /vmlinuz.old ->
boot/vmlinuz-4.18.0-2-amd64
elektron at x200:~$ dpkg -l | grep linux-image | grep 4\.18
ii  linux-image-4.18.0-1-amd64            4.18.6-1                             
amd64        Linux 4.18 for 64-bit PCs
ii  linux-image-4.18.0-2-amd64            4.18.10-2+b1                         
amd64        Linux 4.18 for 64-bit PCs
ii  linux-image-4.18.0-3-amd64            4.18.20-2                            
amd64        Linux 4.18 for 64-bit PCs
ii  linux-image-amd64                     4.18+100                             
amd64        Linux for 64-bit PCs (meta-package)

elektron at x200:~$ lspci | grep -i vga
00:02.0 VGA compatible controller: Intel Corporation Mobile 4 Series Chipset
Integrated Graphics Controller (rev 07)

elektron at x200:~$ sudo journalctl --boot -1 | less
<SNIP>
Dec 05 08:00:10 x200 kernel: BUG: unable to handle kernel NULL pointer
dereference at 0000000000000008
Dec 05 08:00:10 x200 kernel: PGD 0 P4D 0 
Dec 05 08:00:10 x200 kernel: Oops: 0000 [#1] SMP PTI
Dec 05 08:00:10 x200 kernel: CPU: 1 PID: 385 Comm: systemd-udevd Tainted: G    
     I       4.18.0-3-amd64 #1 Debian 4.18.20-2
Dec 05 08:00:10 x200 kernel: Hardware name: LENOVO 7459PB1/7459PB1, BIOS
CBET4000 3774c98 09/07/2016
Dec 05 08:00:10 x200 kernel: RIP: 0010:gen4_render_ring_flush+0x55/0xf0 [i915]
Dec 05 08:00:10 x200 kernel: Code: 00 be 16 00 00 00 48 89 ef e8 87 fe ff ff 48
3d 00 f0 ff ff 77 69 89 18 c7 40 04 02 40 00 7a 48 8b 55 78 48 8b 92 10 02 00
00 <48> 8b 52 08 48 c7 40 0c 00 00 00 00 83 ca 04 89 50 08 48 8d 50 14 
Dec 05 08:00:10 x200 kernel: RSP: 0018:ffffa814811b7a88 EFLAGS: 00010287
Dec 05 08:00:10 x200 kernel: RAX: ffffa814903ed000 RBX: 0000000002000022 RCX:
000000000001ff68
Dec 05 08:00:10 x200 kernel: RDX: 0000000000000000 RSI: 00000000000001a8 RDI:
0000000000000150
Dec 05 08:00:10 x200 kernel: RBP: ffff9b9ce3b57d40 R08: 0000000000000001 R09:
0000000000000002
Dec 05 08:00:10 x200 kernel: R10: ffffa814811b7a58 R11: 0000000000000000 R12:
ffff9b9ce2340000
Dec 05 08:00:10 x200 kernel: R13: ffff9b9ce44ea600 R14: 0000000000000000 R15:
ffff9b9ce3b57d40
Dec 05 08:00:10 x200 kernel: FS:  00007fa115f0a8c0(0000)
GS:ffff9b9cefd00000(0000) knlGS:0000000000000000
Dec 05 08:00:10 x200 kernel: CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
Dec 05 08:00:10 x200 kernel: CR2: 0000000000000008 CR3: 0000000220f7c000 CR4:
00000000000406e0
Dec 05 08:00:10 x200 kernel: Call Trace:
Dec 05 08:00:10 x200 kernel:  i915_request_alloc+0x243/0x360 [i915]
Dec 05 08:00:10 x200 kernel:  i915_gem_init+0x284/0x480 [i915]
Dec 05 08:00:10 x200 kernel:  i915_driver_load+0xb22/0xef0 [i915]
Dec 05 08:00:10 x200 kernel:  ? mutex_lock+0xe/0x30
Dec 05 08:00:10 x200 kernel:  ? acpi_dev_found+0x5f/0x70
Dec 05 08:00:10 x200 kernel:  local_pci_probe+0x42/0xa0
Dec 05 08:00:10 x200 kernel:  ? pci_assign_irq+0x27/0x130
Dec 05 08:00:10 x200 kernel:  pci_device_probe+0x146/0x1b0
Dec 05 08:00:10 x200 kernel:  driver_probe_device+0x2fa/0x470
Dec 05 08:00:10 x200 kernel:  __driver_attach+0xdc/0x100
Dec 05 08:00:10 x200 kernel:  ? driver_probe_device+0x470/0x470
Dec 05 08:00:10 x200 kernel:  bus_for_each_dev+0x76/0xc0
Dec 05 08:00:10 x200 kernel:  ? klist_add_tail+0x3b/0x70
Dec 05 08:00:10 x200 kernel:  bus_add_driver+0x161/0x260
Dec 05 08:00:10 x200 kernel:  ? 0xffffffffc0b83000
Dec 05 08:00:10 x200 kernel:  driver_register+0x5b/0xe0
Dec 05 08:00:10 x200 kernel:  ? 0xffffffffc0b83000
Dec 05 08:00:10 x200 kernel:  do_one_initcall+0x46/0x1c8
Dec 05 08:00:10 x200 kernel:  ? _cond_resched+0x15/0x40
Dec 05 08:00:10 x200 kernel:  ? kmem_cache_alloc_trace+0x15d/0x1c0
Dec 05 08:00:10 x200 kernel:  ? do_init_module+0x22/0x201
Dec 05 08:00:10 x200 kernel:  do_init_module+0x5b/0x201
Dec 05 08:00:10 x200 kernel:  load_module.constprop.56+0x1649/0x1d80
Dec 05 08:00:10 x200 kernel:  ? vfs_read+0x113/0x130
Dec 05 08:00:10 x200 kernel:  ? vfs_read+0x113/0x130
Dec 05 08:00:10 x200 kernel:  ? __do_sys_finit_module+0xe9/0x110
Dec 05 08:00:10 x200 kernel:  __do_sys_finit_module+0xe9/0x110
Dec 05 08:00:10 x200 kernel:  do_syscall_64+0x55/0x110
Dec 05 08:00:10 x200 kernel:  entry_SYSCALL_64_after_hwframe+0x44/0xa9
Dec 05 08:00:10 x200 kernel: RIP: 0033:0x7fa11696ea79
Dec 05 08:00:10 x200 kernel: Code: 00 f3 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f
40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f
05 <48> 3d 01 f0 ff ff 73 01 c3 48 8b 0d df 43 0c 00 f7 d8 64 89 01 48 
Dec 05 08:00:10 x200 kernel: RSP: 002b:00007ffc86db6728 EFLAGS: 00000246
ORIG_RAX: 0000000000000139
Dec 05 08:00:10 x200 kernel: RAX: ffffffffffffffda RBX: 0000559ef1eefd00 RCX:
00007fa11696ea79
Dec 05 08:00:10 x200 kernel: RDX: 0000000000000000 RSI: 00007fa116874cad RDI:
0000000000000011
Dec 05 08:00:10 x200 kernel: RBP: 00007fa116874cad R08: 0000000000000000 R09:
0000000000000000
Dec 05 08:00:10 x200 kernel: R10: 0000000000000011 R11: 0000000000000246 R12:
0000000000000000
Dec 05 08:00:10 x200 kernel: R13: 0000559ef1ed6430 R14: 0000000000020000 R15:
0000559ef1eefd00
Dec 05 08:00:10 x200 kernel: Modules linked in: arc4 ath9k ath9k_common
ath9k_hw coretemp ath kvm_intel snd_hda_codec_conexant snd_hda_codec_generic
kvm irqbypass i915(+) mac80211 evdev snd_hda_intel sg drm_kms_helper
snd_hda_codec iTCO_wdt serio_raw iTCO_vendor_support thinkpad_acpi snd_hda_core
drm cfg80211 snd_hwdep snd_pcm i2c_algo_bit snd_timer nvram snd soundcore
rfkill ac battery video pcc_cpufreq acpi_cpufreq button parport_pc ppdev lp
parport ip_tables x_tables autofs4 btrfs xor zstd_decompress zstd_compress
xxhash raid6_pq libcrc32c crc32c_generic ecb crypto_simd cryptd glue_helper
aes_x86_64 xts algif_skcipher af_alg dm_crypt dm_mod sd_mod ahci psmouse
libahci libata i2c_i801 scsi_mod lpc_ich ehci_pci uhci_hcd ehci_hcd thermal
e1000e usbcore usb_common
Dec 05 08:00:10 x200 kernel: CR2: 0000000000000008
Dec 05 08:00:10 x200 kernel: ---[ end trace 12fb00c23be607b4 ]---
Dec 05 08:00:10 x200 kernel: RIP: 0010:gen4_render_ring_flush+0x55/0xf0 [i915]
Dec 05 08:00:10 x200 kernel: Code: 00 be 16 00 00 00 48 89 ef e8 87 fe ff ff 48
3d 00 f0 ff ff 77 69 89 18 c7 40 04 02 40 00 7a 48 8b 55 78 48 8b 92 10 02 00
00 <48> 8b 52 08 48 c7 40 0c 00 00 00 00 83 ca 04 89 50 08 48 8d 50 14 
Dec 05 08:00:10 x200 kernel: RSP: 0018:ffffa814811b7a88 EFLAGS: 00010287
Dec 05 08:00:10 x200 kernel: RAX: ffffa814903ed000 RBX: 0000000002000022 RCX:
000000000001ff68
Dec 05 08:00:10 x200 kernel: RDX: 0000000000000000 RSI: 00000000000001a8 RDI:
0000000000000150
Dec 05 08:00:10 x200 kernel: RBP: ffff9b9ce3b57d40 R08: 0000000000000001 R09:
0000000000000002
Dec 05 08:00:10 x200 kernel: R10: ffffa814811b7a58 R11: 0000000000000000 R12:
ffff9b9ce2340000
Dec 05 08:00:10 x200 kernel: R13: ffff9b9ce44ea600 R14: 0000000000000000 R15:
ffff9b9ce3b57d40
Dec 05 08:00:10 x200 kernel: FS:  00007fa115f0a8c0(0000)
GS:ffff9b9cefd00000(0000) knlGS:0000000000000000
Dec 05 08:00:10 x200 kernel: CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
Dec 05 08:00:10 x200 kernel: CR2: 0000000000000008 CR3: 0000000220f7c000 CR4:
00000000000406e0
<SNIP>

I'm running Debian Buster on a Taurinus X200 (Lenovo x200, with
libreboot.) Let me know if there's any more info I can provide.


I tested some upstream stable kernels and can report that the bug is
not present in v4.18.19 and is present in v4.18.20.

* a9da8725b7a7 (tag: v4.18.20) Linux 4.18.20
* 6559b2338d96 (tag: v4.18.19) Linux 4.18.19

Specifically This seems to fix v4.18.20 for me:

> commit e0790ccfd489d46c0eeed32a8c4443b9b2119766 (HEAD -> test)
> Author: Philip J Freeman <elektron at halo.nu>
> Date:   Fri Dec 7 16:02:46 2018 -0800
> 
>     Revert "drm/i915/ringbuffer: Delay after EMIT_INVALIDATE for gen4/gen5"
>     
>     This reverts commit 06e562e7f515292ea7721475950f23554214adde.
>

-- 
You are receiving this mail because:
You are the assignee for the bug.
You are on the CC list for the bug.
You are the QA Contact for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.freedesktop.org/archives/intel-gfx-bugs/attachments/20181208/0808221f/attachment.html>

More information about the intel-gfx-bugs mailing list