Bug 100545 - BUG: null pointer dereference dma_fence_wait_timeout from nouveau_drm_ioctl (linux 4.10.5)
Summary: BUG: null pointer dereference dma_fence_wait_timeout from nouveau_drm_ioctl (...
Status: NEW
Alias: None
Product: xorg
Classification: Unclassified
Component: Driver/nouveau (show other bugs)
Version: unspecified
Hardware: x86-64 (AMD64) Linux (All)
: medium major
Assignee: Nouveau Project
QA Contact: Xorg Project Team
URL:
Whiteboard:
Keywords: have-backtrace
Depends on:
Blocks:
 
Reported: 2017-04-04 01:37 UTC by rcoe
Modified: 2017-04-11 07:29 UTC (History)
1 user (show)

See Also:
i915 platform:
i915 features:


Attachments
kernel messages log (106.89 KB, text/plain)
2017-04-04 01:37 UTC, rcoe
no flags Details

Note You need to log in before you can comment on or make changes to this bug.
Description rcoe 2017-04-04 01:37:41 UTC
Created attachment 130660 [details]
kernel messages log

Sorry if this is drm error and not a nouveau error.

BUG: unable to handle kernel NULL pointer dereference at 0000000000000021
IP: dma_fence_wait_timeout+0x30/0x110

I had just started the computer, and started X with startx (because reasons).
I had opened the configure prefences when the mouse froze.

I'm including the kernel boot messages and traceback as an attachment.

libdrm_nouveau2-32bit-2.4.75-1.1.x86_64
libdrm_nouveau2-2.4.75-1.1.x86_64
libvdpau_nouveau-17.0.1-157.1.x86_64
Mesa-dri-nouveau-17.0.1-157.1.x86_64
xf86-video-nouveau-1.0.14-1.1.x86_64
xorg-x11-7.6_1-16.2.noarch
xorg-x11-devel-7.6-47.2.noarch
xorg-x11-driver-input-7.6_1-14.1.noarch
xorg-x11-driver-video-7.6_1-15.2.x86_64
xorg-x11-essentials-7.6_1-16.2.noarch
xorg-x11-fonts-7.6-31.7.noarch
xorg-x11-fonts-core-7.6-31.7.noarch
xorg-x11-libs-7.6-47.2.noarch
xorg-x11-libX11-ccache-7.6-20.4.noarch
xorg-x11-server-1.19.3-1.1.x86_64
xorg-x11-util-devel-7.6_1-10.2.noarch
xorg-x11-Xvnc-1.7.1-3.1.x86_64

2017-04-03T20:10:19.720098-05:00 mothra kernel: [  211.555207] Oops: 0000 [#1] PREEMPT SMP
[  211.555212] Modules linked in: rfcomm fuse vboxpci(O) vboxnetadp(O) vboxnetflt(O) snd_hda_codec_hdmi bnep vboxdrv(O) msr snd_hda_codec_idt snd_hda_codec_generic btusb btrtl btbcm btintel bluetooth arc4 brcmsmac uvcvideo cordic brcmutil videobuf2_vmalloc videobuf2_memops intel_rapl videobuf2_v4l2 videobuf2_core x86_pkg_temp_thermal b43 intel_powerclamp videodev coretemp mac80211 kvm_intel kvm cfg80211 irqbypass dell_rbtn crct10dif_pclmul crc32_pclmul ssb crc32c_intel ghash_clmulni_intel dell_laptop dell_wmi sparse_keymap iTCO_wdt rfkill dell_smbios pcmcia pcbc mei_wdt dcdbas iTCO_vendor_support pcmcia_core dell_smm_hwmon snd_hda_intel aesni_intel snd_hda_codec snd_hda_core snd_hwdep aes_x86_64 snd_pcm snd_seq crypto_simd glue_helper cryptd pcspkr joydev snd_seq_device parport_pc bcma snd_timer ppdev
[  211.555287]  parport snd e1000e mei_me soundcore thermal ptp lpc_ich fjes mei pps_core tpm_tis mfd_core tpm_tis_core battery i2c_i801 dell_smo8800 shpchp tpm ac nouveau serio_raw mxm_wmi i2c_algo_bit drm_kms_helper syscopyarea sysfillrect sysimgblt fb_sys_fops sdhci_pci xhci_pci ttm sdhci ehci_pci xhci_hcd ehci_hcd mmc_core drm usbcore wmi video button sg dm_multipath dm_mod scsi_dh_rdac scsi_dh_emc scsi_dh_alua
[  211.555335] CPU: 0 PID: 2979 Comm: InputThread Tainted: G           O    4.10.5-1-default #1
[  211.555340] Hardware name: Dell Inc. Latitude E6530/07Y85M, BIOS A02 04/24/2012
[  211.555346] task: ffffa058dbf54000 task.stack: ffffae9d42530000
[  211.555353] RIP: 0010:dma_fence_wait_timeout+0x30/0x110
[  211.555357] RSP: 0018:ffffae9d42533ac0 EFLAGS: 00010206
[  211.555362] RAX: 0000000000000001 RBX: ffffa058d9759c00 RCX: ffffffffc05a7fa0
[  211.555367] RDX: 7fffffffffffffff RSI: 0000000000000001 RDI: ffffa058dc592c00
[  211.555372] RBP: ffffa058dc592c00 R08: 0000000000000004 R09: ffffa058dc592c00
[  211.555377] R10: 00000000fb000000 R11: ffffae9d42533db8 R12: 0000000000000001
[  211.555381] R13: 7fffffffffffffff R14: 0000000000000001 R15: 0000000000000001
[  211.555405] FS:  00007f449b47d700(0000) GS:ffffa058edc00000(0000) knlGS:0000000000000000
[  211.555427] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  211.555448] CR2: 0000000000000021 CR3: 0000000419549000 CR4: 00000000001406f0
[  211.555470] Call Trace:
[  211.555514]  drm_atomic_helper_wait_for_fences+0x48/0x130 [drm_kms_helper]
[  211.555607]  nv50_disp_atomic_commit+0x18e/0x290 [nouveau]
[  211.555643]  drm_atomic_helper_update_plane+0xeb/0x150 [drm_kms_helper]
[  211.555690]  __setplane_internal+0x1d9/0x2a0 [drm]
[  211.555718]  ? enqueue_entity+0x110/0x6d0
[  211.555754]  drm_mode_cursor_universal+0x10b/0x1e0 [drm]
[  211.555792]  drm_mode_cursor_common+0x80/0x170 [drm]
[  211.555829]  drm_mode_cursor_ioctl+0x44/0x50 [drm]
[  211.555866]  drm_ioctl+0x1ec/0x410 [drm]
[  211.555903]  ? drm_mode_setplane+0x1a0/0x1a0 [drm]
[  211.555980]  nouveau_drm_ioctl+0x66/0xc0 [nouveau]
[  211.556010]  do_vfs_ioctl+0x8f/0x5d0
[  211.556036]  ? __fget+0x70/0xc0
[  211.556058]  SyS_ioctl+0x74/0x80
[  211.556086]  entry_SYSCALL_64_fastpath+0x1e/0xad
Comment 1 Ard Biesheuvel 2017-04-04 06:52:18 UTC
Most likely the same root cause as #100431, i.e., use-after-tree of a dma_fence object on nv50


Use of freedesktop.org services, including Bugzilla, is subject to our Code of Conduct. How we collect and use information is described in our Privacy Policy.