Bug 1567289 - [abrt] nvkm_object_dtor: BUG: unable to handle kernel NULL pointer dereference at 0000000000000000 [nouveau]
Summary: [abrt] nvkm_object_dtor: BUG: unable to handle kernel NULL pointer dereferenc...
Alias: None
Product: Fedora
Classification: Fedora
Component: xorg-x11-drv-nouveau
Version: 27
Hardware: x86_64
OS: Unspecified
Target Milestone: ---
Assignee: Ben Skeggs
QA Contact: Fedora Extras Quality Assurance
URL: https://retrace.fedoraproject.org/faf...
Whiteboard: abrt_hash:c1842bac2fa113020288f14f703...
Depends On:
TreeView+ depends on / blocked
Reported: 2018-04-13 18:08 UTC by Michael Convey
Modified: 2018-11-30 21:45 UTC (History)
19 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Last Closed: 2018-11-30 21:45:29 UTC
Type: ---

Attachments (Terms of Use)
File: dmesg (83.15 KB, text/plain)
2018-04-13 18:08 UTC, Michael Convey
no flags Details
dmesg on macbook 7.1 (72.68 KB, text/plain)
2018-05-01 19:52 UTC, Tomas
no flags Details

Description Michael Convey 2018-04-13 18:08:25 UTC
Additional info:
reporter:       libreport-2.9.3
BUG: unable to handle kernel NULL pointer dereference at 0000000000000000
IP: nvkm_object_unmap+0x5/0x20 [nouveau]
PGD 0 P4D 0 
Oops: 0000 [#1] SMP PTI
Modules linked in: rfcomm fuse nf_conntrack_netbios_ns nf_conntrack_broadcast xt_CT ip6t_rpfilter ip6t_REJECT nf_reject_ipv6 xt_conntrack ccm ip_set nfnetlink ebtable_nat ebtable_broute bridge stp llc ip6table_nat nf_conntrack_ipv6 nf_defrag_ipv6 nf_nat_ipv6 ip6table_mangle ip6table_raw ip6table_security iptable_nat nf_conntrack_ipv4 nf_defrag_ipv4 nf_nat_ipv4 nf_nat nf_conntrack libcrc32c iptable_mangle iptable_raw iptable_security ebtable_filter ebtables ip6table_filter ip6_tables bnep sunrpc snd_hda_codec_hdmi snd_hda_codec_conexant snd_hda_codec_generic snd_hda_intel snd_hda_codec intel_powerclamp snd_hda_core coretemp kvm_intel kvm btusb arc4 iTCO_wdt btrtl btbcm irqbypass btintel snd_hwdep bluetooth crct10dif_pclmul iwldvm iTCO_vendor_support mac80211 mei_wdt iwlwifi crc32_pclmul
 snd_seq snd_seq_device ghash_clmulni_intel ecdh_generic intel_cstate intel_uncore snd_pcm joydev thinkpad_acpi cfg80211 snd_timer snd rfkill wmi_bmof lpc_ich intel_ips mei_me shpchp tpm_tis tpm_tis_core tpm i2c_i801 soundcore mei acpi_cpufreq nouveau ata_generic hid_logitech_hidpp mxm_wmi i2c_algo_bit crc32c_intel drm_kms_helper firewire_ohci serio_raw ttm sdhci_pci sdhci pata_acpi drm e1000e mmc_core hid_logitech_dj firewire_core crc_itu_t ptp pps_core video wmi
CPU: 0 PID: 2601 Comm: gsd-wacom Not tainted 4.15.15-300.fc27.x86_64 #1
Hardware name: LENOVO 2537CTO/2537CTO, BIOS 6IET85WW (1.45 ) 02/14/2013
RIP: 0010:nvkm_object_unmap+0x5/0x20 [nouveau]
RSP: 0018:ffffbb6f45ea7c98 EFLAGS: 00010282
RAX: ffffffffc039f400 RBX: ffff9cfaa1487918 RCX: 0000000000000018
RDX: ffffffffc02bd9e0 RSI: ffff9cfaa1487938 RDI: 0000000000000000
RBP: ffff9cfaa1487908 R08: 00000000000250c0 R09: ffffffffc02baca3
R10: fffff63a480799c0 R11: ffffffff8695b1ed R12: ffff9cfaa1487938
R13: 00000020b6597854 R14: ffff9cfa68fa0020 R15: 0000000000000020
FS:  00007f0a6bdcef00(0000) GS:ffff9cfabbc00000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000000000000000 CR3: 0000000223984000 CR4: 00000000000006f0
Call Trace:
 nvkm_object_dtor+0x9a/0x160 [nouveau]
 nvkm_object_del+0x24/0xa0 [nouveau]
 nvkm_ioctl_new+0x260/0x2b0 [nouveau]
 ? nvkm_fifo_chan_dtor+0x100/0x100 [nouveau]
 ? nvkm_object_new_+0x60/0x60 [nouveau]
 nvkm_ioctl+0x10a/0x240 [nouveau]
 usif_ioctl+0x62e/0x740 [nouveau]
 nouveau_drm_ioctl+0xad/0xc0 [nouveau]
RIP: 0033:0x7f0a6810f0f7
RSP: 002b:00007ffc8ca537f8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
RAX: ffffffffffffffda RBX: 0000000000000038 RCX: 00007f0a6810f0f7
RDX: 000055b459664b00 RSI: 00000000c0386447 RDI: 0000000000000006
RBP: 000055b459664b00 R08: 000055b45965bb80 R09: 000055b45965e530
R10: 0000000000000000 R11: 0000000000000246 R12: 00000000c0386447
R13: 0000000000000006 R14: 000055b459664b38 R15: 0000000000000000
Code: ff c3 0f 1f 40 00 66 66 66 66 90 48 8b 07 48 8b 40 28 48 85 c0 74 05 e9 6a 5f 94 c5 b8 ed ff ff ff c3 0f 1f 40 00 66 66 66 66 90 <48> 8b 07 48 8b 40 30 48 85 c0 74 05 e9 4a 5f 94 c5 b8 ed ff ff 
RIP: nvkm_object_unmap+0x5/0x20 [nouveau] RSP: ffffbb6f45ea7c98
CR2: 0000000000000000

Comment 1 Michael Convey 2018-04-13 18:08:40 UTC
Created attachment 1421499 [details]
File: dmesg

Comment 2 Tomas 2018-05-01 19:38:12 UTC
I see the same behaviour and stack trace with all Fedora kernels > 4.14. Computer is not bootable.

Comment 3 Tomas 2018-05-01 19:52:49 UTC
Created attachment 1429514 [details]
dmesg on macbook 7.1

Comment 4 Tomas 2018-05-08 19:48:13 UTC
Bisected to commit:

commit fd542a3e525c9f7a7de186cb24208c035bcea2d1 (HEAD, refs/bisect/bad)
Author: Ben Skeggs <bskeggs@redhat.com>
Date:   Wed Nov 1 03:56:19 2017 +1000

    drm/nouveau/mmu/nv50,g84: implement new vmm backend

With that commit screen goes blank, but I don't get the above call trace. However, commits after do not work either.

Comment 5 Tomas 2018-05-28 19:06:34 UTC
Any updates on this bug? Situation is still the same with kernel 4.16.11.

Comment 6 Ben Cotton 2018-11-27 15:35:32 UTC
This message is a reminder that Fedora 27 is nearing its end of life.
On 2018-Nov-30  Fedora will stop maintaining and issuing updates for
Fedora 27. It is Fedora's policy to close all bug reports from releases
that are no longer maintained. At that time this bug will be closed as
EOL if it remains open with a Fedora  'version' of '27'.

Package Maintainer: If you wish for this bug to remain open because you
plan to fix it in a currently maintained version, simply change the 'version' 
to a later Fedora version.

Thank you for reporting this issue and we are sorry that we were not 
able to fix it before Fedora 27 is end of life. If you would still like 
to see this bug fixed and are able to reproduce it against a later version 
of Fedora, you are encouraged  change the 'version' to a later Fedora 
version prior this bug is closed as described in the policy above.

Although we aim to fix as many bugs as possible during every release's 
lifetime, sometimes those efforts are overtaken by events. Often a 
more recent Fedora release includes newer upstream software that fixes 
bugs or makes them obsolete.

Comment 7 Ben Cotton 2018-11-30 21:45:29 UTC
Fedora 27 changed to end-of-life (EOL) status on 2018-11-30. Fedora 27 is
no longer maintained, which means that it will not receive any further
security or bug fix updates. As a result we are closing this bug.

If you can reproduce this bug against a currently maintained version of
Fedora please feel free to reopen this bug against that version. If you
are unable to reopen this bug, please file a new report against the
current release. If you experience problems, please add a comment to this

Thank you for reporting this bug and we are sorry it could not be fixed.

Note You need to log in before you can comment on or make changes to this bug.