Kernel: "soft" crash from video playback

[varuld]

Is this a new report?

Yes

System Info

6.18.36_1 x86_64-musl and 6.18.37_1 x86_64-musl GenuineIntel

Package(s) Affected

mpv-0.41.0_3, yt-dlp-2026.06.09_1

Does a report exist for this bug with the project's home (upstream) and/or another distro?

No response

Expected behaviour

Be able to play video files without causing kernel bug.

Actual behaviour

When playing .webm files downloaded with yt-dlp through mpv the video player unpredictable halts, and it and its spanning terminal becomes unresponsive.
sudo dmesg returns:

[ 3497.356491] BUG: kernel NULL pointer dereference, address: 0000000000000000
[ 3497.356505] #PF: supervisor read access in kernel mode
[ 3497.356511] #PF: error_code(0x0000) - not-present page
[ 3497.356515] PGD 0 P4D 0
[ 3497.356523] Oops: Oops: 0000 [#1] SMP NOPTI
[ 3497.356530] CPU: 14 UID: 1000 PID: 4845 Comm: lua/osc Not tainted 6.18.37_1 #1 PREEMPT(voluntary)
[ 3497.356538] Hardware name: ASUS System Product Name/PRIME Z790-P, BIOS 0806 11/22/2022
[ 3497.356542] RIP: 0010:amdgpu_hmm_invalidate_gfx+0x37/0xc0 [amdgpu]
[ 3497.357480] Code: 41 54 55 53 8b 46 18 41 89 c4 41 83 e4 01 75 10 5b 44 89 e0 5d 41 5c 41 5d 41 5e c3 cc cc cc cc 48 8b 47 f0 48 89 fb 48 89 d5 <48> 8b 00 4c 8b b0 78 02 00 00 48 8b 87 58 ff ff ff 4c 8d a8 60 6d
[ 3497.357485] RSP: 0018:ffffd247ea5d7a80 EFLAGS: 00010202
[ 3497.357492] RAX: 0000000000000000 RBX: ffff8928fe4a4670 RCX: 0000000000000000
[ 3497.357496] RDX: 0000000000000013 RSI: ffffd247ea5d7af8 RDI: ffff8928fe4a4670
[ 3497.357500] RBP: 0000000000000013 R08: 000fffffc0000000 R09: ffff892944947e00
[ 3497.357504] R10: 0000000000000000 R11: ffff892944947e00 R12: 0000000000000001
[ 3497.357507] R13: ffff8928c31e9e40 R14: ffff8928c31e9e4c R15: 0000000000000000
[ 3497.357511] FS:  00007f3570bfcb30(0000) GS:ffff893858c1d000(0000) knlGS:0000000000000000
[ 3497.357516] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 3497.357520] CR2: 0000000000000000 CR3: 00000001915f2001 CR4: 0000000000f72ef0
[ 3497.357525] PKRU: 55555554
[ 3497.357528] Call Trace:
[ 3497.357535]  <TASK>
[ 3497.357541]  __mmu_notifier_invalidate_range_start+0x13a/0x190
[ 3497.357554]  __split_huge_pmd+0x17f/0x190
[ 3497.357561]  vma_adjust_trans_huge+0x102/0x1a0
[ 3497.357567]  __split_vma+0x20f/0x2f0
[ 3497.357576]  vms_gather_munmap_vmas+0x46/0x2e0
[ 3497.357584]  do_vmi_align_munmap+0x167/0x260
[ 3497.357597]  do_vmi_munmap+0xd0/0x170
[ 3497.357605]  __vm_munmap+0xb0/0x170
[ 3497.357611]  __x64_sys_munmap+0x1b/0x30
[ 3497.357617]  do_syscall_64+0x88/0x730
[ 3497.357626]  ? do_syscall_64+0xc0/0x730
[ 3497.357635]  ? fpregs_assert_state_consistent+0x34/0x60
[ 3497.357641]  ? do_syscall_64+0xc0/0x730
[ 3497.357648]  entry_SYSCALL_64_after_hwframe+0x76/0x7e
[ 3497.357654] RIP: 0033:0x7f357b32fc3e
[ 3497.357659] Code: 83 c4 08 c3 0f 1f 84 00 00 00 00 00 55 48 89 f5 53 48 89 fb 48 83 ec 08 e8 cf 5b 01 00 b8 0b 00 00 00 48 89 df 48 89 ee 0f 05 <48> 89 c7 e8 7a 80 fe ff 48 83 c4 08 5b 5d c3 0f 1f 00 31 c0 83 fa
[ 3497.357664] RSP: 002b:00007f3570bfbba0 EFLAGS: 00000246 ORIG_RAX: 000000000000000b
[ 3497.357669] RAX: ffffffffffffffda RBX: 00007f35591ef000 RCX: 00007f357b32fc3e
[ 3497.357673] RDX: 0000000000000000 RSI: 0000000000002000 RDI: 00007f35591ef000
[ 3497.357676] RBP: 0000000000002000 R08: 00007f357b381ac0 R09: 0000558cce3a0180
[ 3497.357680] R10: 0000000000000013 R11: 0000000000000246 R12: 00007f3570bfcb64
[ 3497.357683] R13: 0000000000000000 R14: 00007f35591ef020 R15: 0000000000000140
[ 3497.357690]  </TASK>
[ 3497.357693] Modules linked in: ccm xt_CHECKSUM xt_MASQUERADE xt_conntrack ipt_REJECT nf_reject_ipv4 xt_tcpudp ip6table_mangle ip6table_nat ip6table_filter ip6_tables iptable_mangle iptable_nat nf_nat nf_conntrack nf_defrag_ipv6 nf_defrag_ipv4 iptable_filter ip_tables x_tables bridge 8021q garp mrp stp llc nls_iso8859_1 nls_cp437 vfat fat intel_rapl_msr intel_rapl_common snd_sof_pci_intel_tgl snd_sof_pci_intel_cnl intel_uncore_frequency snd_sof_intel_hda_generic intel_uncore_frequency_common intel_tcc_cooling soundwire_intel snd_sof_intel_hda_sdw_bpt snd_sof_intel_hda_common x86_pkg_temp_thermal snd_soc_hdac_hda intel_powerclamp snd_sof_intel_hda_mlink snd_sof_intel_hda soundwire_cadence snd_sof_pci snd_sof_xtensa_dsp snd_sof snd_sof_utils snd_soc_acpi_intel_match snd_soc_acpi_intel_sdca_quirks soundwire_generic_allocation snd_soc_acpi soundwire_bus coretemp iwlmvm snd_soc_sdca snd_hda_codec_alc662 crc8 snd_hda_codec_realtek_lib snd_hda_codec_atihdmi snd_hda_codec_generic snd_soc_avs snd_hda_codec_hdmi mac80211
[ 3497.357787]  snd_soc_hda_codec snd_hda_intel snd_hda_ext_core kvm_intel snd_hda_codec libarc4 eeepc_wmi iTCO_wdt snd_hda_core kvm intel_pmc_bxt snd_intel_dspcfg snd_soc_core asus_wmi iTCO_vendor_support iwlwifi spd5118 irqbypass snd_intel_sdw_acpi sparse_keymap snd_compress rapl joydev input_leds i2c_designware_platform ac97_bus r8169 mei_hdcp mei_pxp i2c_i801 intel_cstate evdev snd_hwdep snd_pcm_dmaengine platform_profile spi_intel_pci i2c_designware_core i2c_smbus cfg80211 mei_me battery realtek mac_hid pcspkr wmi_bmof snd_pcm spi_intel intel_uncore ccp i2c_mux mei thermal fan intel_pmc_core tpm_crb tpm_tis pmt_telemetry pmt_discovery tpm_tis_core pmt_class tpm intel_pmc_ssram_telemetry libaescfb intel_vsec rng_core acpi_tad acpi_pad tiny_power_button button sg snd_seq snd_seq_device snd_timer snd soundcore vhost_vsock vmw_vsock_virtio_transport_common vsock vhost_net vhost vhost_iotlb tap hci_vhci bluetooth rfkill ecdh_generic ecc vfio_iommu_type1 vfio iommufd uhid dm_mod uinput userio ppp_generic slhc tun loop
[ 3497.357916]  nvram btrfs blake2b_generic xor raid6_pq cuse fuse ext4 mbcache jbd2 amdgpu hid_generic usbhid hid amdxcp i2c_algo_bit drm_client_lib drm_ttm_helper ttm agpgart drm_exec drm_panel_backlight_quirks gpu_sched drm_suballoc_helper drm_buddy drm_display_helper ahci drm_kms_helper libahci libata xhci_pci drm polyval_clmulni xhci_hcd ghash_clmulni_intel usbcore scsi_mod aesni_intel intel_lpss_pci cec intel_lpss idma64 rc_core scsi_common usb_common vmd virt_dma crc16 video wmi pinctrl_alderlake
[ 3497.357991] CR2: 0000000000000000
[ 3497.357996] ---[ end trace 0000000000000000 ]---
[ 3497.358000] RIP: 0010:amdgpu_hmm_invalidate_gfx+0x37/0xc0 [amdgpu]
[ 3497.358868] Code: 41 54 55 53 8b 46 18 41 89 c4 41 83 e4 01 75 10 5b 44 89 e0 5d 41 5c 41 5d 41 5e c3 cc cc cc cc 48 8b 47 f0 48 89 fb 48 89 d5 <48> 8b 00 4c 8b b0 78 02 00 00 48 8b 87 58 ff ff ff 4c 8d a8 60 6d
[ 3497.358873] RSP: 0018:ffffd247ea5d7a80 EFLAGS: 00010202
[ 3497.358879] RAX: 0000000000000000 RBX: ffff8928fe4a4670 RCX: 0000000000000000
[ 3497.358882] RDX: 0000000000000013 RSI: ffffd247ea5d7af8 RDI: ffff8928fe4a4670
[ 3497.358885] RBP: 0000000000000013 R08: 000fffffc0000000 R09: ffff892944947e00
[ 3497.358889] R10: 0000000000000000 R11: ffff892944947e00 R12: 0000000000000001
[ 3497.358891] R13: ffff8928c31e9e40 R14: ffff8928c31e9e4c R15: 0000000000000000
[ 3497.358895] FS:  00007f3570bfcb30(0000) GS:ffff893858c1d000(0000) knlGS:0000000000000000
[ 3497.358899] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 3497.358902] CR2: 0000000000000000 CR3: 00000001915f2001 CR4: 0000000000f72ef0
[ 3497.358906] PKRU: 55555554
[ 3497.358909] note: lua/osc[4845] exited with irqs disabled

I am able to use some programs on the machine after causing the issue such as a browser, but top-like programs (htop, glances) does not open when executed.
The machine furthermore hangs on poweroff and it is necessary to power cycle it manually.

Steps to reproduce

1. Download .webm file.
2. Play the file with mpv.
3. Wait for the video player to hang.
4. Crash/kernel-bug.