Bug 1652510 - kernel NULL pointer dereference drm_is_current_master+0x1a/0x30
Summary: kernel NULL pointer dereference drm_is_current_master+0x1a/0x30
Keywords:
Status: CLOSED DUPLICATE of bug 1650224
Alias: None
Product: Fedora
Classification: Fedora
Component: kernel
Version: 29
Hardware: x86_64
OS: Linux
unspecified
unspecified
Target Milestone: ---
Assignee: Kernel Maintainer List
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2018-11-22 09:30 UTC by Niklas Fischer
Modified: 2018-11-22 14:02 UTC (History)
17 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2018-11-22 14:02:32 UTC


Attachments (Terms of Use)
journalctl -k for a 4.19 boot (126.01 KB, text/x-vhdl)
2018-11-22 09:30 UTC, Niklas Fischer
no flags Details
lspci output (6.81 KB, text/plain)
2018-11-22 09:31 UTC, Niklas Fischer
no flags Details

Description Niklas Fischer 2018-11-22 09:30:04 UTC
Created attachment 1507904 [details]
journalctl -k for a 4.19 boot

Description of problem:

Null pointer dereference in kernel (likely) causes computer to fail to poweroff and start applications.

Excerpt from journalctl -k:

v 22 10:01:09 desktop kernel: BUG: unable to handle kernel NULL pointer dereference at 0000000000000080
Nov 22 10:01:09 desktop kernel: PGD 0 P4D 0 
Nov 22 10:01:09 desktop kernel: Oops: 0000 [#1] SMP NOPTI
Nov 22 10:01:09 desktop kernel: CPU: 7 PID: 2721 Comm: plymouthd Tainted: P           OE     4.19.2-301.fc29.x86_64 #1
Nov 22 10:01:09 desktop kernel: Hardware name: Micro-Star International Co., Ltd. MS-7B09/X399 GAMING PRO CARBON AC (MS-7B09), BIOS 1.70 12/18/2017
Nov 22 10:01:09 desktop kernel: RIP: 0010:drm_lease_owner+0xd/0x20 [drm]
Nov 22 10:01:09 desktop kernel: Code: 83 c4 18 5b 5d c3 b8 ea ff ff ff eb e2 b8 ed ff ff ff eb db e8 b4 49 aa c6 0f 1f 40 00 0f 1f 44 00 00 48 89 f8 eb 03 48 89 d0 <48> 8b 90 80 00 00 00 48 85 d2 75 f1 c3 66 0f 1f 44 00 00 0f 1f 44
Nov 22 10:01:09 desktop kernel: RSP: 0018:ffffac3e933c7b90 EFLAGS: 00010202
Nov 22 10:01:09 desktop kernel: RAX: 0000000000000000 RBX: ffff9a197c656c00 RCX: ffff9a197c656cc8
Nov 22 10:01:09 desktop kernel: RDX: ffff9a19a8365d00 RSI: 0000000000000000 RDI: 0000000000000000
Nov 22 10:01:09 desktop kernel: RBP: ffff9a19b5eb8800 R08: 0000000000000000 R09: 0000000000000000
Nov 22 10:01:09 desktop kernel: R10: ffffefe87fa2c400 R11: 0000000000000002 R12: ffff9a19b5eb8888
Nov 22 10:01:09 desktop kernel: R13: 0000000000000000 R14: ffff9a197c656cc8 R15: dead000000000100
Nov 22 10:01:09 desktop kernel: FS:  00007f54e0bb7240(0000) GS:ffff9a19bd1c0000(0000) knlGS:0000000000000000
Nov 22 10:01:09 desktop kernel: CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
Nov 22 10:01:09 desktop kernel: CR2: 0000000000000080 CR3: 0000000ff1cb0000 CR4: 00000000003406e0
Nov 22 10:01:09 desktop kernel: Call Trace:
Nov 22 10:01:09 desktop kernel:  drm_is_current_master+0x1a/0x30 [drm]
Nov 22 10:01:09 desktop kernel:  drm_master_release+0x3e/0x140 [drm]
Nov 22 10:01:09 desktop kernel:  drm_file_free.part.4+0x2db/0x2e0 [drm]
Nov 22 10:01:09 desktop kernel:  drm_open+0x1e5/0x200 [drm]
Nov 22 10:01:09 desktop kernel:  ? drm_dev_enter+0x19/0x50 [drm]
Nov 22 10:01:09 desktop kernel:  drm_stub_open+0xaf/0xf0 [drm]
Nov 22 10:01:09 desktop kernel:  chrdev_open+0xa2/0x1c0
Nov 22 10:01:09 desktop kernel:  ? cdev_put.part.0+0x20/0x20
Nov 22 10:01:09 desktop kernel:  do_dentry_open+0x132/0x340
Nov 22 10:01:09 desktop kernel:  path_openat+0x33a/0x1610
Nov 22 10:01:09 desktop kernel:  ? filename_lookup.part.67+0x60/0x170
Nov 22 10:01:09 desktop kernel:  ? __check_object_size+0xa3/0x181
Nov 22 10:01:09 desktop kernel:  do_filp_open+0x93/0x100
Nov 22 10:01:09 desktop kernel:  ? vfs_statx+0x73/0xe0
Nov 22 10:01:09 desktop kernel:  ? __check_object_size+0xa3/0x181
Nov 22 10:01:09 desktop kernel:  do_sys_open+0x186/0x210
Nov 22 10:01:09 desktop kernel:  do_syscall_64+0x5b/0x160
Nov 22 10:01:09 desktop kernel:  entry_SYSCALL_64_after_hwframe+0x44/0xa9
Nov 22 10:01:09 desktop kernel: RIP: 0033:0x7f54e0e4ebf2
Nov 22 10:01:09 desktop kernel: Code: 25 00 00 41 00 3d 00 00 41 00 74 4c 48 8d 05 35 7b 0d 00 8b 00 85 c0 75 6d 89 f2 b8 01 01 00 00 48 89 fe bf 9c ff ff ff 0f 05 <48> 3d 00 f0 ff ff 0f 87 a2 00 00 00 48 8b 4c 24 28 64 48 33 0c 25
Nov 22 10:01:09 desktop kernel: RSP: 002b:00007fff3d967ba0 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
Nov 22 10:01:09 desktop kernel: RAX: ffffffffffffffda RBX: 000055ff57a5f010 RCX: 00007f54e0e4ebf2
Nov 22 10:01:09 desktop kernel: RDX: 0000000000000002 RSI: 000055ff57a73390 RDI: 00000000ffffff9c
Nov 22 10:01:09 desktop kernel: RBP: 0000000000000002 R08: 0000000000000001 R09: 0000000000000000
Nov 22 10:01:09 desktop kernel: R10: 0000000000000000 R11: 0000000000000246 R12: 00007f54e0bb71b0
Nov 22 10:01:09 desktop kernel: R13: 0000000000000000 R14: 00007f54e10fb2f0 R15: 00007f54e10fb260
Nov 22 10:01:09 desktop kernel: Modules linked in: ccm xt_CHECKSUM ipt_MASQUERADE tun bridge stp llc devlink nf_conntrack_netbios_ns nf_conntrack_broadcast xt_CT ip6t_rpfilter ip6t_REJECT nf_reject_ipv6 xt_conntrack ebtable_nat ip6table_nat nf_nat_ipv6 ip6table_mangle ip6table_raw ip6table_security iptable_nat nf_nat_ipv4 nf_nat iptable_mangle iptable_raw iptable_security nf_conntrack nf_defrag_ipv6 nf_defrag_ipv4 ip_set nfnetlink ebtable_filter ebtables ip6table_filter ip6_tables cmac bnep sunrpc nvidia_drm(POE) nvidia_modeset(POE) nvidia(POE) arc4 snd_usb_audio snd_hda_codec_hdmi amd64_edac_mod snd_usbmidi_lib edac_mce_amd snd_rawmidi iwlmvm joydev kvm_amd mac80211 kvm snd_hda_codec_realtek btusb snd_hda_codec_generic irqbypass btrtl btbcm btintel bluetooth iwlwifi snd_hda_intel drm_kms_helper snd_hda_codec cfg80211
Nov 22 10:01:09 desktop kernel:  ecdh_generic snd_hda_core drm snd_hwdep wmi_bmof snd_seq rfkill snd_seq_device ipmi_devintf snd_pcm ipmi_msghandler snd_timer snd sp5100_tco soundcore k10temp i2c_piix4 pcc_cpufreq gpio_amdpt acpi_cpufreq gpio_generic binfmt_misc btrfs libcrc32c xor zstd_decompress zstd_compress xxhash raid6_pq dm_crypt hid_logitech_hidpp mxm_wmi igb crct10dif_pclmul crc32_pclmul crc32c_intel ghash_clmulni_intel hid_logitech_dj dca ccp i2c_algo_bit wmi pinctrl_amd [last unloaded: hwmon_vid]
Nov 22 10:01:09 desktop kernel: CR2: 0000000000000080
Nov 22 10:01:09 desktop kernel: ---[ end trace 5b54363643058ead ]---
Nov 22 10:01:09 desktop kernel: RIP: 0010:drm_lease_owner+0xd/0x20 [drm]
Nov 22 10:01:09 desktop kernel: Code: 83 c4 18 5b 5d c3 b8 ea ff ff ff eb e2 b8 ed ff ff ff eb db e8 b4 49 aa c6 0f 1f 40 00 0f 1f 44 00 00 48 89 f8 eb 03 48 89 d0 <48> 8b 90 80 00 00 00 48 85 d2 75 f1 c3 66 0f 1f 44 00 00 0f 1f 44
Nov 22 10:01:09 desktop kernel: RSP: 0018:ffffac3e933c7b90 EFLAGS: 00010202
Nov 22 10:01:09 desktop kernel: RAX: 0000000000000000 RBX: ffff9a197c656c00 RCX: ffff9a197c656cc8
Nov 22 10:01:09 desktop kernel: RDX: ffff9a19a8365d00 RSI: 0000000000000000 RDI: 0000000000000000
Nov 22 10:01:09 desktop kernel: RBP: ffff9a19b5eb8800 R08: 0000000000000000 R09: 0000000000000000
Nov 22 10:01:09 desktop kernel: R10: ffffefe87fa2c400 R11: 0000000000000002 R12: ffff9a19b5eb8888
Nov 22 10:01:09 desktop kernel: R13: 0000000000000000 R14: ffff9a197c656cc8 R15: dead000000000100
Nov 22 10:01:09 desktop kernel: FS:  00007f54e0bb7240(0000) GS:ffff9a19bd1c0000(0000) knlGS:0000000000000000
Nov 22 10:01:09 desktop kernel: CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
Nov 22 10:01:09 desktop kernel: CR2: 0000000000000080 CR3: 0000000ff1cb0000 CR4: 00000000003406e0

Version-Release number of selected component (if applicable):

Linux version 4.19.2-301.fc29.x86_64 (mockbuild@bkernel03.phx2.fedoraproject.org) (gcc version 8.2.1 20181105 (Red Hat 8.2.1-5) (GCC)) #1 SMP Sat Nov 17 17:58:01 UTC 2018

but all other 4.19 fedora kernels I have tried have also been affected.

How reproducible:

100% with 4.19 kernel

Steps to Reproduce:
1. Start computer
2. wait for gdm login screen
3. use shutdown button to initiate shutdown procedure

Actual results:
Screen turns black, but machine stays powered on

Expected results:
Machine powers off

Additional info:

This bug has some weird side effects. If I log on to gnome3 most larger applications (such as firefox, chrome and vs code) fail to start. Some smaller applications, for example gnome-terminal still work. In this scenario (after logging in) the above NULL pointer derefence occurs multiple times with the same stack trace.

Hardware configuration:

AMD Threadripper X1950 on an X399 GAMING PRO CARBON AC board. NVIDIA Corporation GM206 [GeForce GTX 960] (rev a1) graphics.

I have attached the output of journalctl -k.

Please feel free to ask for additional information to help solve this issue.

Comment 1 Niklas Fischer 2018-11-22 09:31:07 UTC
Created attachment 1507906 [details]
lspci output

Comment 2 Niklas Fischer 2018-11-22 14:02:32 UTC
Looks like this might be a duplicate of https://bugzilla.redhat.com/show_bug.cgi?id=1650224. Also note this patch submitted to the LKML which supposedly fixes the issue: https://lkml.org/lkml/2018/11/19/93

*** This bug has been marked as a duplicate of bug 1650224 ***


Note You need to log in before you can comment on or make changes to this bug.