Bug 2182668 - nouveau: kernel: BUG: kernel NULL pointer dereference, address: 0000000000000000
Summary: nouveau: kernel: BUG: kernel NULL pointer dereference, address: 0000000000000000
Keywords:
Status: NEW
Alias: None
Product: Fedora
Classification: Fedora
Component: kernel
Version: 37
Hardware: x86_64
OS: Linux
unspecified
urgent
Target Milestone: ---
Assignee: Kernel Maintainer List
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2023-03-29 09:50 UTC by Gabríel Arthúr Pétursson
Modified: 2023-07-11 14:49 UTC (History)
17 users (show)

Fixed In Version:
Doc Type: ---
Doc Text:
Clone Of:
Environment:
Last Closed:
Type: Bug
Embargoed:


Attachments (Terms of Use)
dmesg from 6.2.8-200.fc37.x86_64 (142.24 KB, text/plain)
2023-03-29 09:50 UTC, Gabríel Arthúr Pétursson
no flags Details
Output of `lspci -v` (13.22 KB, text/plain)
2023-03-29 09:51 UTC, Gabríel Arthúr Pétursson
no flags Details

Description Gabríel Arthúr Pétursson 2023-03-29 09:50:43 UTC
Created attachment 1954365 [details]
dmesg from 6.2.8-200.fc37.x86_64

1. Please describe the problem:
After upgrading to kernel 6.2.8 (kernel 6.2.7 has the same issue), nouveau crashes inside the kernel. Monitors remain black.

[    2.836363] nouveau 0000:01:00.0: bios: version 94.07.3b.40.98
[    2.836513] nouveau 0000:01:00.0: acr: firmware unavailable
[    2.836574] nouveau 0000:01:00.0: gr: firmware unavailable
[    2.836589] nouveau 0000:01:00.0: sec2: firmware unavailable
[    2.836684] nouveau 0000:01:00.0: fb: 4096 MiB GDDR6
[    2.843906] nouveau 0000:01:00.0: fb: VPR locked, but no scrubber binary!
[    2.849380] BUG: kernel NULL pointer dereference, address: 0000000000000000
[    2.849383] fbcon: Taking over console
[    2.849386] #PF: supervisor instruction fetch in kernel mode
[    2.849387] #PF: error_code(0x0010) - not-present page 
[    2.849389] PGD 0 P4D 0 
[    2.849390] Oops: 0010 [#1] PREEMPT SMP NOPTI
[    2.849392] CPU: 7 PID: 497 Comm: (udev-worker) Not tainted 6.2.8-200.fc37.x86_64 #1
[    2.849394] Hardware name: LENOVO 20Y3000CMX/20Y3000CMX, BIOS N40ET39W (1.21 ) 12/01/2022
[    2.849395] RIP: 0010:0x0
[    2.849398] Code: Unable to access opcode bytes at 0xffffffffffffffd6.
[    2.849399] RSP: 0018:ffffad52409d7870 EFLAGS: 00010246
[    2.849401] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000018
[    2.849402] RDX: 00001336019647cc RSI: ffff97268aa998c8 RDI: ffff97268aa99800
[    2.849403] RBP: 0000000000000000 R08: ffff97268aa998b0 R09: ffff97268aa99b38
[    2.849404] R10: 0000000000000000 R11: ffff97268193e400 R12: ffff97268aa99840
[    2.849405] R13: ffff97268aa998b0 R14: ffff97268aa99808 R15: ffff97268aa998b0
[    2.849406] FS:  00007fef86d470c0(0000) GS:ffff972dcf5c0000(0000) knlGS:0000000000000000
[    2.849408] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[    2.849409] CR2: ffffffffffffffd6 CR3: 000000010d7e0002 CR4: 0000000000770ee0
[    2.849410] PKRU: 55555554
[    2.849411] Call Trace:
[    2.849412]  <TASK>
[    2.849413]  nvkm_acr_oneinit+0x4cb/0x680 [nouveau]
[    2.849498]  nvkm_subdev_oneinit_+0x3f/0x110 [nouveau]
[    2.849572]  nvkm_subdev_init_+0x2c/0x130 [nouveau]
[    2.849643]  ? nvkm_intr_rearm+0xc0/0x1c0 [nouveau]
[    2.849711]  nvkm_subdev_init+0x40/0x80 [nouveau]
[    2.849780]  nvkm_device_init+0x162/0x2e0 [nouveau]
[    2.849881]  nvkm_udevice_init+0x45/0x70 [nouveau]
[    2.849977]  nvkm_object_init+0x3a/0x1c0 [nouveau]
[    2.850049]  nvkm_ioctl_new+0x166/0x290 [nouveau]
[    2.850139]  ? __pfx_nvkm_client_child_new+0x10/0x10 [nouveau]
[    2.850215]  ? __pfx_nvkm_udevice_new+0x10/0x10 [nouveau]
[    2.850316]  nvkm_ioctl+0x107/0x240 [nouveau]
[    2.850389]  nvif_object_ctor+0x10d/0x190 [nouveau]
[    2.850459]  nvif_device_ctor+0x1f/0x60 [nouveau]
[    2.850529]  nouveau_cli_init+0x169/0x5a0 [nouveau]
[    2.850631]  nouveau_drm_device_init+0x74/0x880 [nouveau]
[    2.853445]  ? pci_bus_read_config_word+0x46/0x80
[    2.853449]  ? pci_update_current_state+0x6e/0xa0
[    2.853453]  nouveau_drm_probe+0x128/0x280 [nouveau]
[    2.853552]  ? _raw_spin_unlock_irqrestore+0x23/0x40
[    2.853554]  local_pci_probe+0x3e/0x90
[    2.853557]  pci_device_probe+0xc3/0x230
[    2.853560]  really_probe+0x1b6/0x410
[    2.853563]  __driver_probe_device+0x78/0x170
[    2.853565]  driver_probe_device+0x1f/0x90
[    2.853567]  __driver_attach+0xce/0x1c0
[    2.853569]  ? __pfx___driver_attach+0x10/0x10
[    2.853571]  bus_for_each_dev+0x84/0xd0
[    2.853574]  bus_add_driver+0x13e/0x230
[    2.853576]  driver_register+0x77/0x120
[    2.853579]  ? __pfx_init_module+0x10/0x10 [nouveau]
[    2.853650]  do_one_initcall+0x56/0x230
[    2.853653]  do_init_module+0x4a/0x210
[    2.853656]  __do_sys_init_module+0x17f/0x1b0
[    2.853659]  do_syscall_64+0x58/0x80
[    2.853663]  ? exc_page_fault+0x70/0x170
[    2.853665]  entry_SYSCALL_64_after_hwframe+0x72/0xdc
[    2.853668] RIP: 0033:0x7fef877ad00e
[    2.853670] Code: 48 8b 0d 25 5e 0c 00 f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f 84 00 00 00 00 00 90 f3 0f 1e fa 49 89 ca b8 af 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 8b 0d f2 5d 0c 00 f7 d8 64 89 01 48
[    2.853673] RSP: 002b:00007ffec857a598 EFLAGS: 00000246 ORIG_RAX: 00000000000000af
[    2.853675] RAX: ffffffffffffffda RBX: 000055f1f97604a0 RCX: 00007fef877ad00e
[    2.853676] RDX: 00007fef878ec453 RSI: 00000000006a26ae RDI: 000055f1fa04e450
[    2.853678] RBP: 00007fef878ec453 R08: 000055f1f97a5ef0 R09: 00007ffec8576aee
[    2.853679] R10: 0000000000000005 R11: 0000000000000246 R12: 0000000000020000
[    2.853681] R13: 000055f1f97984b0 R14: 0000000000000000 R15: 000055f1f979fa00
[    2.853683]  </TASK>
[    2.853683] Modules linked in: i915(+) nouveau(+) rtsx_pci_sdmmc nvme mmc_core drm_ttm_helper drm_buddy mxm_wmi nvme_core drm_display_helper crct10dif_pclmul crc32_pclmul crc32c_intel polyval_clmulni ucsi_acpi polyval_generic hid_multitouch cec ghash_clmulni_intel sha512_ssse3 rtsx_pci typec_ucsi serio_raw ttm typec nvme_common i2c_hid_acpi i2c_hid video wmi pinctrl_tigerlake hid_logitech_dj r8152 mii ip6_tables ip_tables fuse
[    2.854575] CR2: 0000000000000000
[    2.854576] ---[ end trace 0000000000000000 ]---
[    2.854578] RIP: 0010:0x0
[    2.854580] Code: Unable to access opcode bytes at 0xffffffffffffffd6.
[    2.854581] RSP: 0018:ffffad52409d7870 EFLAGS: 00010246
[    2.854582] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000018
[    2.854584] RDX: 00001336019647cc RSI: ffff97268aa998c8 RDI: ffff97268aa99800
[    2.854585] RBP: 0000000000000000 R08: ffff97268aa998b0 R09: ffff97268aa99b38
[    2.854586] R10: 0000000000000000 R11: ffff97268193e400 R12: ffff97268aa99840
[    2.854587] R13: ffff97268aa998b0 R14: ffff97268aa99808 R15: ffff97268aa998b0
[    2.854589] FS:  00007fef86d470c0(0000) GS:ffff972dcf5c0000(0000) knlGS:0000000000000000
[    2.854591] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[    2.854592] CR2: ffffffffffffffd6 CR3: 000000010d7e0002 CR4: 0000000000770ee0
[    2.854593] PKRU: 55555554


2. What is the Version-Release number of the kernel:
6.2.8-200.fc37


3. Did it work previously in Fedora? If so, what kernel version did the issue
   *first* appear?  Old kernels are available for download at
   https://koji.fedoraproject.org/koji/packageinfo?packageID=8 :
Yes. This issue did not occur with the 6.1 series of kernel. The first kernel I've observed the issue is on 6.2.7. I have not tested older kernels within the 6.2 series.


4. Can you reproduce this issue? If so, please provide the steps to reproduce
   the issue below:
The issue is 100% reproducible. All I have to do is boot up the computer. The crash occurs during boot without any user interaction. The machine boots and appears to work, but I get no monitor output.


5. Does this problem occur with the latest Rawhide kernel? To install the
   Rawhide kernel, run ``sudo dnf install fedora-repos-rawhide`` followed by
   ``sudo dnf update --enablerepo=rawhide kernel``:
Yes. Version 6.3.0-0.rc4.35.fc39.x86_64 was tested and the issue persists.


6. Are you running any modules that not shipped with directly Fedora's kernel?:
No.


7. Please attach the kernel logs. You can get the complete kernel log
   for a boot with ``journalctl --no-hostname -k > dmesg.txt``. If the
   issue occurred on a previous boot, use the journalctl ``-b`` flag.
Attached.

Comment 1 Gabríel Arthúr Pétursson 2023-03-29 09:51:53 UTC
Created attachment 1954366 [details]
Output of `lspci -v`

Comment 2 Gabríel Arthúr Pétursson 2023-07-11 14:49:23 UTC
The bug is still reproducible with Linux version 6.4.0-59.fc39.x86_64 (mockbuild@d318f70cd87e4efc9df1485b75e6085d) (gcc (GCC) 13.1.1 20230614 (Red Hat 13.1.1-4), GNU ld version 2.40-9.fc39) #1 SMP PREEMPT_DYNAMIC Mon Jun 26 12:23:48 UTC 2023

Jul 11 14:38:57 kotek kernel: nouveau 0000:01:00.0: bios: version 94.07.3b.40.98
Jul 11 14:38:57 kotek kernel: nouveau 0000:01:00.0: acr: firmware unavailable
Jul 11 14:38:57 kotek kernel: nouveau 0000:01:00.0: gr: firmware unavailable
Jul 11 14:38:57 kotek kernel: nouveau 0000:01:00.0: sec2: firmware unavailable
Jul 11 14:38:57 kotek kernel: nouveau 0000:01:00.0: fb: 4096 MiB GDDR6
Jul 11 14:38:57 kotek kernel: nouveau 0000:01:00.0: fb: VPR locked, but no scrubber binary!
Jul 11 14:38:57 kotek kernel: BUG: kernel NULL pointer dereference, address: 0000000000000000
Jul 11 14:38:57 kotek kernel: fbcon: Taking over console
Jul 11 14:38:57 kotek kernel: #PF: supervisor instruction fetch in kernel mode
Jul 11 14:38:57 kotek kernel: #PF: error_code(0x0010) - not-present page
Jul 11 14:38:57 kotek kernel: PGD 0 P4D 0 
Jul 11 14:38:57 kotek kernel: Oops: 0010 [#1] PREEMPT SMP NOPTI
Jul 11 14:38:57 kotek kernel: CPU: 6 PID: 523 Comm: (udev-worker) Not tainted 6.4.0-59.fc39.x86_64 #1
Jul 11 14:38:57 kotek kernel: Hardware name: LENOVO 20Y3000CMX/20Y3000CMX, BIOS N40ET40W (1.22 ) 02/21/2023
Jul 11 14:38:57 kotek kernel: RIP: 0010:0x0
Jul 11 14:38:57 kotek kernel: Code: Unable to access opcode bytes at 0xffffffffffffffd6.
Jul 11 14:38:57 kotek kernel: RSP: 0018:ffffb64dc0a17868 EFLAGS: 00010246
Jul 11 14:38:57 kotek kernel: RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000018
Jul 11 14:38:57 kotek kernel: RDX: 00000fc6720ba1e8 RSI: ffff9dda8adc58c8 RDI: ffff9dda8adc5800
Jul 11 14:38:57 kotek kernel: RBP: 0000000000000000 R08: ffff9dda8adc58b0 R09: ffff9dda8adc5738
Jul 11 14:38:57 kotek kernel: R10: 0000000000000000 R11: ffff9dda8e89e800 R12: ffff9dda8adc5840
Jul 11 14:38:57 kotek kernel: R13: ffff9dda8adc58b0 R14: ffff9dda8adc5808 R15: ffff9dda8adc58b0
Jul 11 14:38:57 kotek kernel: FS:  00007fb104b680c0(0000) GS:ffff9de1cf580000(0000) knlGS:0000000000000000
Jul 11 14:38:57 kotek kernel: CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
Jul 11 14:38:57 kotek kernel: CR2: ffffffffffffffd6 CR3: 000000010e1d8006 CR4: 0000000000f70ee0
Jul 11 14:38:57 kotek kernel: PKRU: 55555554
Jul 11 14:38:57 kotek kernel: Call Trace:
Jul 11 14:38:57 kotek kernel:  <TASK>
Jul 11 14:38:57 kotek kernel:  ? __die+0x23/0x70
Jul 11 14:38:57 kotek kernel:  ? page_fault_oops+0x171/0x4e0
Jul 11 14:38:57 kotek kernel:  ? __ioremap_caller+0x2b4/0x3a0
Jul 11 14:38:57 kotek kernel:  ? exc_page_fault+0x7f/0x180
Jul 11 14:38:57 kotek kernel:  ? asm_exc_page_fault+0x26/0x30
Jul 11 14:38:57 kotek kernel:  nvkm_acr_oneinit+0x514/0x690 [nouveau]
Jul 11 14:38:57 kotek kernel:  nvkm_subdev_oneinit_+0x3f/0x110 [nouveau]
Jul 11 14:38:57 kotek kernel:  nvkm_subdev_init_+0x2c/0x130 [nouveau]
Jul 11 14:38:57 kotek kernel:  ? nvkm_intr_rearm+0xc4/0x1c0 [nouveau]
Jul 11 14:38:57 kotek kernel:  nvkm_subdev_init+0x44/0x90 [nouveau]
Jul 11 14:38:57 kotek kernel:  nvkm_device_init+0x166/0x2e0 [nouveau]
Jul 11 14:38:57 kotek kernel:  nvkm_udevice_init+0x47/0x70 [nouveau]
Jul 11 14:38:57 kotek kernel:  nvkm_object_init+0x3e/0x1c0 [nouveau]
Jul 11 14:38:57 kotek kernel:  nvkm_ioctl_new+0x16a/0x290 [nouveau]
Jul 11 14:38:57 kotek kernel:  ? __pfx_nvkm_client_child_new+0x10/0x10 [nouveau]
Jul 11 14:38:57 kotek kernel:  ? __pfx_nvkm_udevice_new+0x10/0x10 [nouveau]
Jul 11 14:38:57 kotek kernel:  nvkm_ioctl+0x10b/0x250 [nouveau]
Jul 11 14:38:57 kotek kernel:  nvif_object_ctor+0x10f/0x190 [nouveau]
Jul 11 14:38:57 kotek kernel:  nvif_device_ctor+0x23/0x60 [nouveau]
Jul 11 14:38:57 kotek kernel:  nouveau_cli_init+0x16b/0x590 [nouveau]
Jul 11 14:38:57 kotek kernel:  nouveau_drm_device_init+0x74/0x8b0 [nouveau]
Jul 11 14:38:57 kotek kernel:  ? pci_bus_read_config_word+0x4a/0x90
Jul 11 14:38:57 kotek kernel:  ? pci_update_current_state+0x72/0xb0
Jul 11 14:38:57 kotek kernel:  nouveau_drm_probe+0x12c/0x280 [nouveau]
Jul 11 14:38:57 kotek kernel:  local_pci_probe+0x42/0xa0
Jul 11 14:38:57 kotek kernel:  pci_device_probe+0xc7/0x240
Jul 11 14:38:57 kotek kernel:  really_probe+0x19b/0x3e0
Jul 11 14:38:57 kotek kernel:  ? __pfx___driver_attach+0x10/0x10
Jul 11 14:38:57 kotek kernel:  __driver_probe_device+0x78/0x160
Jul 11 14:38:57 kotek kernel:  driver_probe_device+0x1f/0x90
Jul 11 14:38:57 kotek kernel:  __driver_attach+0xd2/0x1c0
Jul 11 14:38:57 kotek kernel:  bus_for_each_dev+0x85/0xd0
Jul 11 14:38:57 kotek kernel:  bus_add_driver+0x116/0x220
Jul 11 14:38:57 kotek kernel:  driver_register+0x59/0x100
Jul 11 14:38:57 kotek kernel:  ? __pfx_nouveau_drm_init+0x10/0x10 [nouveau]
Jul 11 14:38:57 kotek kernel:  do_one_initcall+0x5a/0x240
Jul 11 14:38:57 kotek kernel:  do_init_module+0x60/0x240
Jul 11 14:38:57 kotek kernel:  __do_sys_init_module+0x17f/0x1b0
Jul 11 14:38:57 kotek kernel:  ? __seccomp_filter+0x32c/0x4f0
Jul 11 14:38:57 kotek kernel:  do_syscall_64+0x5d/0x90
Jul 11 14:38:57 kotek kernel:  ? exc_page_fault+0x7f/0x180
Jul 11 14:38:57 kotek kernel:  entry_SYSCALL_64_after_hwframe+0x72/0xdc
Jul 11 14:38:57 kotek kernel: RIP: 0033:0x7fb1055d200e
Jul 11 14:38:57 kotek kernel: Code: 48 8b 0d 25 5e 0c 00 f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f 84 00 00 00 00 00 90 f3 0f 1e fa 49 89 ca b8 af 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 8b 0d f2 5d 0c 00 f7 d8 64 89 01 48
Jul 11 14:38:57 kotek kernel: RSP: 002b:00007ffe175461f8 EFLAGS: 00000246 ORIG_RAX: 00000000000000af
Jul 11 14:38:57 kotek kernel: RAX: ffffffffffffffda RBX: 00005620b0369b70 RCX: 00007fb1055d200e
Jul 11 14:38:57 kotek kernel: RDX: 00007fb105711453 RSI: 00000000006a39d6 RDI: 00005620b0c20f80
Jul 11 14:38:57 kotek kernel: RBP: 00007fb105711453 R08: 00005620b034e040 R09: 00007ffe17543a76
Jul 11 14:38:57 kotek kernel: R10: 0000000000000005 R11: 0000000000000246 R12: 0000000000020000
Jul 11 14:38:57 kotek kernel: R13: 00005620b035d320 R14: 0000000000000000 R15: 00005620b0374f60
Jul 11 14:38:57 kotek kernel:  </TASK>
Jul 11 14:38:57 kotek kernel: Modules linked in: i915(+) nouveau(+) rtsx_pci_sdmmc mmc_core nvme drm_ttm_helper mxm_wmi drm_buddy i2c_algo_bit nvme_core drm_display_helper crct10dif_pclmul crc32_pclmul crc32c_intel ucsi_acpi polyval_clmulni hid_multitouch polyval_generic ghash_clmulni_intel r8152 typec_ucsi cec rtsx_pci sha512_ssse3 serio_raw mii ttm typec nvme_common i2c_hid_acpi i2c_hid video wmi pinctrl_tigerlake hid>
Jul 11 14:38:57 kotek kernel: CR2: 0000000000000000
Jul 11 14:38:57 kotek kernel: ---[ end trace 0000000000000000 ]---
Jul 11 14:38:57 kotek kernel: RIP: 0010:0x0
Jul 11 14:38:57 kotek kernel: Code: Unable to access opcode bytes at 0xffffffffffffffd6.
Jul 11 14:38:57 kotek kernel: RSP: 0018:ffffb64dc0a17868 EFLAGS: 00010246
Jul 11 14:38:57 kotek kernel: RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000018
Jul 11 14:38:57 kotek kernel: RDX: 00000fc6720ba1e8 RSI: ffff9dda8adc58c8 RDI: ffff9dda8adc5800
Jul 11 14:38:57 kotek kernel: RBP: 0000000000000000 R08: ffff9dda8adc58b0 R09: ffff9dda8adc5738
Jul 11 14:38:57 kotek kernel: R10: 0000000000000000 R11: ffff9dda8e89e800 R12: ffff9dda8adc5840
Jul 11 14:38:57 kotek kernel: R13: ffff9dda8adc58b0 R14: ffff9dda8adc5808 R15: ffff9dda8adc58b0
Jul 11 14:38:57 kotek kernel: FS:  00007fb104b680c0(0000) GS:ffff9de1cf580000(0000) knlGS:0000000000000000
Jul 11 14:38:57 kotek kernel: CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
Jul 11 14:38:57 kotek kernel: CR2: ffffffffffffffd6 CR3: 000000010e1d8006 CR4: 0000000000f70ee0
Jul 11 14:38:57 kotek kernel: PKRU: 55555554
Jul 11 14:38:57 kotek kernel: note: (udev-worker)[523] exited with irqs disabled
Jul 11 14:38:57 kotek systemd-udevd[485]: 0000:01:00.0: Worker [523] terminated by signal 9 (KILL).


Note You need to log in before you can comment on or make changes to this bug.