[ 6809.025776] BUG: unable to handle kernel NULL pointer dereference at 0000000000000008 [ 6809.025832] IP: [<ffffffffa0320409>] intel_fb_obj_invalidate+0x15/0xeb [i915] [ 6809.025837] PGD 48b65067 PUD 4cda7067 PMD 0 [ 6809.025841] Oops: 0000 [#1] PREEMPT SMP [ 6809.025888] Modules linked in: i915 i2c_algo_bit snd_soc_sst_bytcr_rt5640 drm_kms_helper syscopyarea sysfillrect sysimgblt fb_sys_fops coretemp drm hwmon intel_rapl intel_gtt intel_soc_dts_thermal punit_atom_debug agpgart i2c_hid snd_soc_rt5640 hid snd_soc_rl6231 serio video snd_intel_sst_acpi backlight snd_intel_sst_core snd_soc_sst_mfld_platform int3402_thermal snd_soc_core snd_compress int3400_thermal processor_thermal_device int3403_thermal intel_soc_dts_iosf acpi_thermal_rel int340x_thermal_zone snd_pcm evdev snd_timer i2c_designware_platform i2c_designware_core snd soundcore pwm_lpss_platform pwm_lpss sch_fq_codel efivarfs ipv6 autofs4 [ 6809.025893] CPU: 1 PID: 18404 Comm: Xorg Tainted: G W 4.3.0-rc2-ffrd+ #142 [ 6809.025895] Hardware name: Intel Corp. VALLEYVIEW C0 PLATFORM/BYT-T FFD8, BIOS BLAKFF81.X64.0088.R10.1403240443 FFD8_X64_R_2014_13_1_00 03/24/2014 [ 6809.025897] task: ffff88007a2f8000 ti: ffff880048b78000 task.ti: ffff880048b78000 [ 6809.025943] RIP: 0010:[<ffffffffa0320409>] [<ffffffffa0320409>] intel_fb_obj_invalidate+0x15/0xeb [i915] [ 6809.025945] RSP: 0018:ffff880048b7bb10 EFLAGS: 00010246 [ 6809.025946] RAX: 0000000080000000 RBX: ffff880074689300 RCX: 0000000000000246 [ 6809.025948] RDX: ffff880077bd8b40 RSI: 0000000000000000 RDI: 0000000000000000 [ 6809.025949] RBP: ffff880048b7bb38 R08: 0000000000000000 R09: ffffffff817b7d93 [ 6809.025951] R10: 0000000000000001 R11: 000000000000a0d3 R12: 0000000000000000 [ 6809.025952] R13: 0000000000000080 R14: 0000000000000000 R15: ffff880071f0e400 [ 6809.025954] FS: 00007f3179146940(0000) GS:ffff880079280000(0000) knlGS:0000000000000000 [ 6809.025956] CS: 0010 DS: 0000 ES: 0000 CR0: 000000008005003b [ 6809.025958] CR2: 0000000000000008 CR3: 0000000048927000 CR4: 00000000001006e0 [ 6809.025958] Stack: [ 6809.025964] ffff880074689300 0000000000000000 0000000000000080 ffff880071f0e510 [ 6809.025968] ffff880071f0e400 ffff880048b7bb58 ffffffffa0328619 0000000000000000 [ 6809.025972] ffff880071f0e400 ffff880048b7bc88 ffffffff812adc51 002000017a2f8000 [ 6809.025973] Call Trace: [ 6809.026020] [<ffffffffa0328619>] intel_fbdev_set_par+0x42/0x56 [i915] [ 6809.026026] [<ffffffff812adc51>] fb_set_var+0x2ab/0x3a2 [ 6809.026032] [<ffffffff8109cadc>] ? mark_lock+0x2f/0x225 [ 6809.026035] [<ffffffff8109d7bb>] ? __lock_acquire+0x65e/0xdc3 [ 6809.026039] [<ffffffff812a93c1>] fbcon_blank+0x8a/0x1f1 [ 6809.026045] [<ffffffff813037a6>] do_unblank_screen+0xf2/0x160 [ 6809.026049] [<ffffffff812fb68c>] vt_ioctl+0x52b/0xffe [ 6809.026053] [<ffffffff812f0fff>] tty_ioctl+0xb3a/0xbb4 [ 6809.026056] [<ffffffff8109b033>] ? __lock_is_held+0x38/0x50 [ 6809.026061] [<ffffffff81184d21>] ? rcu_read_unlock+0x3e/0x5d [ 6809.026066] [<ffffffff8117be8d>] do_vfs_ioctl+0x41d/0x4e9 [ 6809.026069] [<ffffffff81184e40>] ? __fget_light+0x62/0x71 [ 6809.026073] [<ffffffff8117bf96>] SyS_ioctl+0x3d/0x64 [ 6809.026077] [<ffffffff81491d97>] entry_SYSCALL_64_fastpath+0x12/0x6f [ 6809.026132] Code: f2 89 de 4c 89 e7 e8 da f8 ff ff 5b 41 5c 41 5d 41 5e 41 5f 5d c3 0f 1f 44 00 00 55 48 89 e5 41 57 41 56 41 89 f6 41 55 41 54 53 <4c> 8b 6f 08 48 89 fb 41 8b 45 60 4d 8b 65 28 ff c8 75 21 48 c7 [ 6809.026177] RIP [<ffffffffa0320409>] intel_fb_obj_invalidate+0x15/0xeb [i915] [ 6809.026178] RSP <ffff880048b7bb10> [ 6809.026179] CR2: 0000000000000008 [ 6809.026183] ---[ end trace 9cf425858b306ee6 ]--- Happened on BYT and BSW at least, didn't test other platforms so far. Basic steps were: startx -- -bs xrandr ... --off kill X
Looking at the asm, it would appear to be the obj->base.dev where it blows up, so NULL obj gets passed in.
And just happened on IVB too.
Seems to be this: https://apibugzilla.novell.com/show_bug.cgi?id=962866 Is it preceded by a WARNING from kref too?
*** Bug 93483 has been marked as a duplicate of this bug. ***
*** This bug has been marked as a duplicate of bug 93822 ***
Use of freedesktop.org services, including Bugzilla, is subject to our Code of Conduct. How we collect and use information is described in our Privacy Policy.