Bug 716684

Summary: [abrt] kernel: BUG: unable to handle kernel NULL pointer dereference at (null): TAINTED -------D
Product: [Fedora] Fedora Reporter: Lars Delhage <ldelhage>
Component: kernelAssignee: Kernel Maintainer List <kernel-maint>
Status: CLOSED ERRATA QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: high Docs Contact:
Priority: unspecified    
Version: 15CC: bskeggs, bugzilla, gansalmon, itamar, jonathan, kernel-maint, ldelhage, madhu.chinakonda
Target Milestone: ---   
Target Release: ---   
Hardware: x86_64   
OS: Linux   
Whiteboard: abrt_hash:0a256d7b0096cd546d5336f6dd45905dc49523f8
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2012-04-11 15:52:30 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:

Description Lars Delhage 2011-06-26 11:00:24 UTC 
abrt version: 2.0.3
architecture:   x86_64
cmdline:        ro root=/dev/mapper/mccloud-root rd_LVM_LV=mccloud/root rd_LVM_LV=mccloud/swap rd_NO_LUKS rd_NO_MD rd_NO_DM LANG=en_US.UTF-8 SYSFONT=latarcyrheb-sun16 KEYTABLE=sv-latin1 rhgb quiet 
component:      kernel
kernel:         2.6.38.8-32.fc15.x86_64
kernel_tainted: 128
kernel_tainted_long: Kernel has oopsed before.
os_release:     Fedora release 15 (Lovelock)
package:        kernel
reason:         BUG: unable to handle kernel NULL pointer dereference at           (null)
time:           Sun Jun 26 10:27:27 2011

backtrace:
:BUG: unable to handle kernel NULL pointer dereference at           (null)
:IP: [<ffffffffa00e1d26>] nv50_vm_map_sg+0x29/0x8f [nouveau]
:[drm] nouveau 0000:01:00.0: fail ttm_validate
:[drm] nouveau 0000:01:00.0: validate vram_list
:PGD ac1c0067 PUD b441e067 PMD 0 
:Oops: 0000 [#1] SMP 
:last sysfs file: /sys/devices/LNXSYSTM:00/device:00/PNP0A08:00/device:01/PNP0C09:00/PNP0C0A:00/power_supply/BAT0/voltage_now
:[drm] nouveau 0000:01:00.0: validate: -12
:CPU 1 
:Modules linked in: tcp_lp tun fuse ebtable_nat ebtables ipt_MASQUERADE iptable_nat nf_nat xt_CHECKSUM iptable_mangle bridge stp llc sunrpc cpufreq_ondemand acpi_cpufreq freq_table mperf ip6t_REJECT nf_conntrack_ipv6 nf_defrag_ipv6 ip6table_filter ip6_tables xt_physdev coretemp xts gf128mul dm_crypt usb_storage uas snd_hda_codec_analog arc4 snd_hda_intel snd_hda_codec snd_hwdep snd_seq snd_seq_device iwlagn e1000e r852 sm_common iwlcore btusb microcode nand nand_ids nand_ecc bluetooth snd_pcm mtd mac80211 iTCO_wdt wmi cfg80211 thinkpad_acpi i2c_i801 snd_timer snd_page_alloc iTCO_vendor_support rfkill snd soundcore virtio_net kvm_intel kvm ipv6 mmc_block sdhci_pci sdhci firewire_ohci mmc_core yenta_socket firewire_core pata_acpi crc_itu_t ata_generic nouveau ttm drm_kms_helper drm i2c_algo_bit i2c_core video [last unloaded: scsi_wait_scan]
:Pid: 12449, comm: Xorg Not tainted 2.6.38.8-32.fc15.x86_64 #1 LENOVO 6460D6G/6460D6G
:RIP: 0010:[<ffffffffa00e1d26>]  [<ffffffffa00e1d26>] nv50_vm_map_sg+0x29/0x8f [nouveau]
:RSP: 0018:ffff88009c859a28  EFLAGS: 00010206
:RAX: 0000000000000630 RBX: ffff88001ebbef00 RCX: 000000000000c193
:RDX: ffff88001ebbef00 RSI: ffff88003775f5a0 RDI: ffff88001ebbef28
:RBP: ffff88009c859a68 R08: 0000000000000630 R09: 0000000000000000
:R10: 000000000000c7c3 R11: 0000000000020000 R12: 0000000000060c98
:R13: ffff88001ebbef28 R14: ffff88003775f5a0 R15: 0000000000000630
:FS:  00007f7e4db6c8a0(0000) GS:ffff8800bed00000(0000) knlGS:0000000000000000
:CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
:CR2: 0000000000000000 CR3: 000000009e4bb000 CR4: 00000000000006e0
:DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
:DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000400
:Process Xorg (pid: 12449, threadinfo ffff88009c858000, task ffff880070a72e60)
:Stack:
: ffff8800b7998280 ffff8800b7998280 ffff880037780000 ffff8800b7998280
: ffff88001ebbef28 0000000000000001 0000000000000000 0000000000000630
: ffff88009c859ad8 ffffffffa00a6572 ffff88009c859ac8 ffffffff00020000
:Call Trace:
: [<ffffffffa00a6572>] nouveau_vm_map_sg+0xbe/0xf7 [nouveau]
: [<ffffffffa008dd02>] nouveau_bo_move_ntfy+0x76/0x82 [nouveau]
: [<ffffffffa00707ab>] ttm_bo_handle_move_mem+0x164/0x299 [ttm]
: [<ffffffffa00714b2>] ttm_bo_move_buffer+0xd4/0x10c [ttm]
: [<ffffffff81441cec>] ? unix_stream_sendmsg+0x27b/0x2ec
: [<ffffffffa00715a0>] ttm_bo_validate+0xb6/0xf4 [ttm]
: [<ffffffffa008e3e0>] nouveau_bo_validate+0x28/0x48 [nouveau]
: [<ffffffffa0090271>] validate_list+0x129/0x2c9 [nouveau]
: [<ffffffffa0090dee>] nouveau_gem_ioctl_pushbuf+0x638/0xd15 [nouveau]
: [<ffffffffa0023861>] drm_ioctl+0x29e/0x37b [drm]
: [<ffffffff811eb0eb>] ? inode_has_perm+0x76/0x8c
: [<ffffffffa00907b6>] ? nouveau_gem_ioctl_pushbuf+0x0/0xd15 [nouveau]
: [<ffffffff811eb1a5>] ? file_has_perm+0xa4/0xc6
: [<ffffffff8112f3a0>] do_vfs_ioctl+0x47e/0x4bf
: [<ffffffff8112f437>] sys_ioctl+0x56/0x7b
: [<ffffffff81009bc2>] system_call_fastpath+0x16/0x1b
:Code: 5d c3 55 48 89 e5 41 57 41 56 41 55 41 54 53 48 83 ec 18 0f 1f 44 00 00 49 89 fd 49 89 f6 48 89 d3 44 8d 24 cd 00 00 00 00 eb 52 
:RIP  [<ffffffffa00e1d26>] nv50_vm_map_sg+0x29/0x8f [nouveau]
: RSP <ffff88009c859a28>

comment:
:Happens intermittently when using nouveau and gnome-shell, I'm not really able to reproduce it.
:
:Info about the nVidia card from lspci -v:
:
:01:00.0 VGA compatible controller: nVidia Corporation G84M [Quadro NVS 140M] (rev a1) (prog-if 00 [VGA controller])
:        Subsystem: Lenovo ThinkPad T61
:        Flags: bus master, fast devsel, latency 0, IRQ 16
:        Memory at d6000000 (32-bit, non-prefetchable) [size=16M]
:        Memory at e0000000 (64-bit, prefetchable) [size=256M]
:        Memory at d4000000 (64-bit, non-prefetchable) [size=32M]
:        I/O ports at 2000 [size=128]
:        Expansion ROM at <unassigned> [disabled]
:        Capabilities: [60] Power Management version 2
:        Capabilities: [68] MSI: Enable- Count=1/1 Maskable- 64bit+
:        Capabilities: [78] Express Endpoint, MSI 00
:        Capabilities: [100] Virtual Channel
:        Capabilities: [128] Power Budgeting <?>
:        Capabilities: [600] Vendor Specific Information: ID=0001 Rev=1 Len=024 <?>
:        Kernel driver in use: nouveau
:        Kernel modules: nouveau, nvidiafb
Comment 1 Josh Boyer 2011-09-26 19:05:22 UTC 
I believe the latest F15 kernel has a fix for this issue.  Ben, can you confirm?
Comment 2 Ben Skeggs 2011-09-26 22:32:40 UTC 
Correct, it should do.
Comment 3 Steve 2012-04-25 17:52:03 UTC 
Indeed, this bug seems to be fixed. Thank you guys!