[Nouveau] NVAC - BUG: unable to handle kernel NULL pointer dereference
Ard Biesheuvel
ard.biesheuvel at linaro.org
Sat Mar 25 12:37:27 UTC 2017
> On 25 Mar 2017, at 10:47, poma <pomidorabelisima at gmail.com> wrote:
>
>
> With lightweight desktoping,
> the atomic modesetting seems far from robust.
>
> BUG: unable to handle kernel NULL pointer dereference at 0000000000000021
> IP: dma_fence_wait_timeout+0x36/0xf0
> ...
I am seeing similar issues with v4.10 on arm64 using a gt218.
Kasan tells me it is a use-after-free error of a dma_fence. Full report was sent to the mailing list
> Oops: 0000 [#1] SMP
> Modules linked in: ... nouveau ...
> CPU: 0 PID: 6895 Comm: Xorg Not tainted 4.10.5-1001.fc24.x86_64 #1
> ...
> Call Trace:
> drm_atomic_helper_wait_for_fences+0x48/0x120 [drm_kms_helper]
> nv50_disp_atomic_commit+0x19c/0x2a0 [nouveau]
> drm_atomic_commit+0x4b/0x50 [drm]
> drm_atomic_helper_update_plane+0xec/0x150 [drm_kms_helper]
> __setplane_internal+0x1b4/0x280 [drm]
> drm_mode_cursor_universal+0x126/0x210 [drm]
> drm_mode_cursor_common+0x86/0x180 [drm]
> drm_mode_cursor_ioctl+0x50/0x70 [drm]
> drm_ioctl+0x21b/0x4c0 [drm]
> ? drm_mode_setplane+0x1a0/0x1a0 [drm]
> nouveau_drm_ioctl+0x74/0xc0 [nouveau]
> do_vfs_ioctl+0xa3/0x5f0
> SyS_ioctl+0x79/0x90
> entry_SYSCALL_64_fastpath+0x1a/0xa9
> ...
> RIP: dma_fence_wait_timeout+0x36/0xf0 RSP: ffffc1f700723a38
> ...
> ---[ end trace a6bef2d32ed5fbbc ]---
>
>
> BUG: unable to handle kernel NULL pointer dereference at 0000000000000021
> IP: dma_fence_wait_timeout+0x36/0xf0
> ...
> Oops: 0000 [#1] SMP
> Modules linked in: ... nouveau ...
> CPU: 3 PID: 30654 Comm: Xorg Tainted: G E 4.11.0-0.rc3.git0.1.fc26.x86_64 #1
> ...
> Call Trace:
> drm_atomic_helper_wait_for_fences+0x73/0x110 [drm_kms_helper]
> nv50_disp_atomic_commit+0x28a/0x2c0 [nouveau]
> ? refcount_dec_and_test+0x11/0x20
> drm_atomic_commit+0x4b/0x50 [drm]
> drm_atomic_helper_update_plane+0xf1/0x150 [drm_kms_helper]
> __setplane_internal+0x1fa/0x260 [drm]
> drm_mode_cursor_universal+0x12a/0x220 [drm]
> drm_mode_cursor_common+0x88/0x180 [drm]
> drm_mode_cursor_ioctl+0x4a/0x60 [drm]
> drm_ioctl+0x203/0x4d0 [drm]
> ? drm_mode_setplane+0x1a0/0x1a0 [drm]
> nouveau_drm_ioctl+0x72/0xc0 [nouveau]
> do_vfs_ioctl+0xa5/0x600
> ? security_inode_getsecid+0x1b/0x40
> SyS_ioctl+0x79/0x90
> entry_SYSCALL_64_fastpath+0x1a/0xa9
> ...
> RIP: dma_fence_wait_timeout+0x36/0xf0 RSP: ffffbda700723a40
> ...
> ---[ end trace 95b0fca6a8295839 ]---
>
>
> Subsequently, hardware reset is needed.
>
> _______________________________________________
> Nouveau mailing list
> Nouveau at lists.freedesktop.org
> https://lists.freedesktop.org/mailman/listinfo/nouveau
More information about the Nouveau
mailing list