[Nouveau] [Bug 105173] [MCP79][Regression] Unhandled NULL pointer dereference since kernel 4.15

bugzilla-daemon at freedesktop.org bugzilla-daemon at freedesktop.org
Tue Feb 20 10:07:26 UTC 2018 

https://bugs.freedesktop.org/show_bug.cgi?id=105173

Pierre Moreau <pierre.morrow at free.fr> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
            Summary|With kernel >=4.15 nouveau  |[MCP79][Regression]
                   |- artefacts and freezes     |Unhandled NULL pointer
                   |                            |dereference since kernel
                   |                            |4.15
             Status|NEW                         |ASSIGNED

--- Comment #3 from Pierre Moreau <pierre.morrow at free.fr> ---
Thanks for the report. I’ll try to reproduce the issue on my laptop and if that
works, bisect the kernel to figure out which change introduce the issue.

Looking at the logs, it seems like there is some out-of-memory error

> [   56.900580] nouveau 0000:03:00.0: imem: OOM: 0004b000 00000000 -28

followed by a NULL pointer dereference when trying to unmap an object

> [   56.900593] BUG: unable to handle kernel NULL pointer dereference at           (null)
> [   56.900747] IP: nvkm_object_unmap+0x5/0x20 [nouveau]
> [   56.900754] PGD 0 P4D 0 
> [   56.900761] Oops: 0000 [#1] SMP PTI
> [   56.900767] Modules linked in: fuse xt_CHECKSUM ipt_MASQUERADE nf_nat_masquerade_ipv4 tun nf_conntrack_netbios_ns nf_conntrack_broadcast xt_CT ip6t_rpfilter ip6t_REJECT nf_reject_ipv6 xt_conntrack ip_set nfnetlink ebtable_nat ebtable_broute bridge stp llc ip6table_nat nf_conntrack_ipv6 nf_defrag_ipv6 nf_nat_ipv6 ip6table_mangle ip6table_raw ip6table_security iptable_nat nf_conntrack_ipv4 nf_defrag_ipv4 nf_nat_ipv4 nf_nat nf_conntrack iptable_mangle iptable_raw iptable_security ebtable_filter ebtables ip6table_filter ip6_tables sunrpc snd_hda_codec_hdmi xfs libcrc32c snd_hda_codec_realtek snd_hda_codec_generic snd_hda_intel snd_hda_codec snd_hda_core snd_hwdep snd_seq coretemp snd_seq_device snd_pcm wmi_bmof shpchp snd_timer snd soundcore nv_tco i2c_nforce2 acpi_cpufreq binfmt_misc nouveau i2c_algo_bit
> [   56.900857]  mxm_wmi drm_kms_helper ttm drm serio_raw forcedeth video wmi
> [   56.900870] CPU: 1 PID: 2856 Comm: supertuxkart Not tainted 4.16.0-0.rc2.git0.1.fc28.x86_64 #1
> [   56.900876] Hardware name: NVIDIA MCP7A/MCP7A, BIOS 6.00 PG 04/22/2009
> [   56.900910] RIP: 0010:nvkm_object_unmap+0x5/0x20 [nouveau]
> [   56.900916] RSP: 0018:ffffae3c4188bca0 EFLAGS: 00010282
> [   56.900922] RAX: ffffffffc0592400 RBX: ffff9c81cb2cf198 RCX: 0000000000000018
> [   56.900928] RDX: ffffffffc04ac1b0 RSI: ffff9c81cb2cf1b8 RDI: 0000000000000000
> [   56.900934] RBP: ffff9c81cb2cf188 R08: 00000000000250c0 R09: ffffffffc04a9b63
> [   56.900941] R10: ffffd07b4280a8c0 R11: ffffffff959711ed R12: ffff9c81cb2cf1b8
> [   56.900947] R13: 0000000d4fb70488 R14: ffff9c8200180020 R15: 0000000000000006
> [   56.900955] FS:  00007fad6be37840(0000) GS:ffff9c822fc80000(0000) knlGS:0000000000000000
> [   56.900961] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
> [   56.900967] CR2: 0000000000000000 CR3: 0000000086db2000 CR4: 00000000000406e0
> [   56.900974] Call Trace:
> [   56.901012]  nvkm_object_dtor+0x96/0x100 [nouveau]
> [   56.901046]  ? nvkm_object_del+0x24/0xa0 [nouveau]
> [   56.901075]  ? nvkm_ioctl_new+0x1ee/0x220 [nouveau]
> [   56.901116]  ? nvkm_fifo_chan_dtor+0xf0/0xf0 [nouveau]
> [   56.901148]  ? nvkm_object_new_+0x60/0x60 [nouveau]
> [   56.901180]  ? nvkm_ioctl+0xd8/0x170 [nouveau]
> [   56.901222]  ? usif_ioctl+0x6b1/0x730 [nouveau]
> [   56.901262]  ? nouveau_drm_ioctl+0xad/0xc0 [nouveau]
> [   56.901271]  ? do_vfs_ioctl+0xa4/0x610
> [   56.901277]  ? SyS_ioctl+0x74/0x80
> [   56.901285]  ? do_syscall_64+0x74/0x180
> [   56.901295]  ? entry_SYSCALL_64_after_hwframe+0x3d/0xa2
> [   56.901301] Code: ff c3 0f 1f 40 00 66 66 66 66 90 48 8b 07 48 8b 40 28 48 85 c0 74 05 e9 0a 76 75 d4 b8 ed ff ff ff c3 0f 1f 40 00 66 66 66 66 90 <48> 8b 07 48 8b 40 30 48 85 c0 74 05 e9 ea 75 75 d4 b8 ed ff ff 
> [   56.901373] RIP: nvkm_object_unmap+0x5/0x20 [nouveau] RSP: ffffae3c4188bca0
> [   56.901380] CR2: 0000000000000000
> [   56.910903] ---[ end trace bde3a9a90b3fc089 ]---

-- 
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.freedesktop.org/archives/nouveau/attachments/20180220/1efeea1e/attachment.html>

More information about the Nouveau mailing list