Bug 964353 - [abrt] BUG: unable to handle kernel NULL pointer dereference at nvc0_vm_map_sg
Summary: [abrt] BUG: unable to handle kernel NULL pointer dereference at nvc0_vm_map_sg
Keywords:
Status: CLOSED EOL
Alias: None
Product: Fedora
Classification: Fedora
Component: xorg-x11-drv-nouveau
Version: 20
Hardware: x86_64
OS: Unspecified
unspecified
unspecified
Target Milestone: ---
Assignee: Ben Skeggs
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard: abrt_hash:9cebd7e8873d0881a7a5f169ada...
: 1047169 (view as bug list)
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2013-05-18 02:08 UTC by Philipp Gampe
Modified: 2015-06-29 11:57 UTC (History)
14 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2015-06-29 11:57:47 UTC
Type: ---
Embargoed:

Attachments (Terms of Use)
File: dmesg (82.83 KB, text/plain)
2013-05-18 02:08 UTC, Philipp Gampe 		no flags Details
View All

Description Philipp Gampe 2013-05-18 02:08:10 UTC 
Additional info:
BUG: unable to handle kernel NULL pointer dereference at           (null)
IP: [<ffffffffa01b8ece>] nvc0_vm_map_sg+0x8e/0x110 [nouveau]
PGD 230e7e067 PUD 22dd47067 PMD 0 
Oops: 0000 [#1] SMP 
Modules linked in: fuse ebtable_nat ebtables ipt_MASQUERADE iptable_nat nf_nat_ipv4 nf_nat xt_CHECKSUM iptable_mangle be2iscsi iscsi_boot_sysfs bnx2i bridge stp llc cnic uio cxgb4i cxgb4 cxgb3i cxgb3 mdio libcxgbi ib_iser rdma_cm ib_addr iw_cm ib_cm ib_sa ib_mad ib_core iscsi_tcp libiscsi_tcp libiscsi scsi_transport_iscsi ip6t_REJECT nf_conntrack_ipv6 nf_defrag_ipv6 ip6table_filter ip6_tables nf_conntrack_ipv4 nf_defrag_ipv4 xt_conntrack nf_conntrack rfcomm bnep input_polldev rc_dib0700_rc5 dvb_usb_dib0700 dib8000 dib7000m dib0090 dib0070 dib7000p dib3000mc dibx000_common dvb_usb dvb_core btusb bluetooth rc_core snd_hda_codec_conexant iTCO_wdt arc4 iTCO_vendor_support snd_hda_intel iwldvm snd_hda_codec mac80211 snd_hwdep acpi_cpufreq snd_seq mperf coretemp snd_seq_device microcode snd_pcm iwlwifi i2c_i801 thinkpad_acpi e1000e cfg80211 snd_page_alloc mei snd_timer lpc_ich ptp snd rfkill mfd_core soundcore pps_core vhost_net tun macvtap macvlan kvm_intel kvm nfsd auth_rpcgss nfs_acl lockd sunrpc binfmt_misc uinput dm_crypt crc32_pclmul crc32c_intel nouveau ghash_clmulni_intel i915 sdhci_pci sdhci mmc_core mxm_wmi ttm i2c_algo_bit drm_kms_helper drm i2c_core wmi video
CPU 0 
Pid: 1877, comm: Xorg Not tainted 3.9.2-200.fc18.x86_64 #1 LENOVO 4180PH3/4180PH3
RIP: 0010:[<ffffffffa01b8ece>]  [<ffffffffa01b8ece>] nvc0_vm_map_sg+0x8e/0x110 [nouveau]
RSP: 0018:ffff880213159798  EFLAGS: 00010206
RAX: ffff88022d6b30c0 RBX: 0000000000003cd0 RCX: 0000000000000000
RDX: 0000000000003800 RSI: 0000000000000003 RDI: ffff88022d6b30c0
RBP: ffff8802131597f8 R08: 0000000000000700 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000000 R12: ffff88022d666600
R13: 0000000000000000 R14: 0000000000000000 R15: ffff88022d6b30c0
FS:  00007feb426a1940(0000) GS:ffff88023e200000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000000000000000 CR3: 000000022e708000 CR4: 00000000000407f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000400
Process Xorg (pid: 1877, threadinfo ffff880213158000, task ffff88021309c650)
Stack:
 00003cd432b9f168 0000000000003800 0000000500000000 0000000000000000
 ffff8801d113eb00 ffff8801d113eb40 ffff88022df6d540 0000000000000700
 ffff88022d666600 ffff88022df6d540 0000000000000000 ffff8801d113eb40
Call Trace:
 [<ffffffffa01b6dc2>] nouveau_vm_map_sg+0xc2/0x130 [nouveau]
 [<ffffffffa020d5d8>] nouveau_vma_getmap.isra.11+0x68/0xa0 [nouveau]
 [<ffffffffa020d695>] nouveau_bo_move_m2mf.isra.12+0x85/0x140 [nouveau]
 [<ffffffffa01b6a13>] ? nouveau_vm_map_at+0x153/0x1c0 [nouveau]
 [<ffffffffa020e09a>] nouveau_bo_move+0x9a/0x400 [nouveau]
 [<ffffffffa007be15>] ttm_bo_handle_move_mem+0x245/0x610 [ttm]
 [<ffffffffa007cd00>] ? ttm_bo_mem_space+0x180/0x360 [ttm]
 [<ffffffffa007cff7>] ttm_bo_move_buffer+0x117/0x130 [ttm]
 [<ffffffffa007d0aa>] ttm_bo_validate+0x9a/0x110 [ttm]
 [<ffffffffa020e90c>] nouveau_bo_validate+0x1c/0x20 [nouveau]
 [<ffffffffa020eb3b>] nouveau_bo_pin+0x9b/0x100 [nouveau]
 [<ffffffff8130c0e4>] ? snprintf+0x34/0x40
 [<ffffffffa0231915>] nv50_crtc_mode_set_base+0x55/0xf0 [nouveau]
 [<ffffffffa002320b>] drm_crtc_helper_set_config+0x77b/0xb30 [drm_kms_helper]
 [<ffffffffa004675e>] drm_mode_set_config_internal+0x2e/0x60 [drm]
 [<ffffffffa0048ebc>] drm_mode_setcrtc+0x10c/0x570 [drm]
 [<ffffffff8165e30d>] ? mutex_lock+0x1d/0x50
 [<ffffffffa0039483>] drm_ioctl+0x4d3/0x580 [drm]
 [<ffffffffa0048db0>] ? drm_mode_setplane+0x3b0/0x3b0 [drm]
 [<ffffffff811b14f7>] do_vfs_ioctl+0x97/0x580
 [<ffffffff812a126a>] ? inode_has_perm.isra.32.constprop.62+0x2a/0x30
 [<ffffffff812a28f7>] ? file_has_perm+0x97/0xb0
 [<ffffffff811b1a71>] sys_ioctl+0x91/0xb0
 [<ffffffff81669a59>] system_call_fastpath+0x16/0x1b
Code: a4 4c 89 e8 48 89 4d b0 4d 89 fd 48 89 55 a8 49 89 c7 eb 10 66 0f 1f 84 00 00 00 00 00 48 8b 55 c8 8b 72 30 48 8b 4d b8 4c 89 ff <4a> 8b 04 29 48 c1 e8 08 48 89 c2 48 83 c8 03 48 83 ca 01 83 e6 
RIP  [<ffffffffa01b8ece>] nvc0_vm_map_sg+0x8e/0x110 [nouveau]
 RSP <ffff880213159798>
Comment 1 Philipp Gampe 2013-05-18 02:08:19 UTC 
Created attachment 749535 [details]
File: dmesg
Comment 2 Fedora End Of Life 2013-12-21 13:36:33 UTC 
This message is a reminder that Fedora 18 is nearing its end of life.
Approximately 4 (four) weeks from now Fedora will stop maintaining
and issuing updates for Fedora 18. It is Fedora's policy to close all
bug reports from releases that are no longer maintained. At that time
this bug will be closed as WONTFIX if it remains open with a Fedora 
'version' of '18'.

Package Maintainer: If you wish for this bug to remain open because you
plan to fix it in a currently maintained version, simply change the 'version' 
to a later Fedora version prior to Fedora 18's end of life.

Thank you for reporting this issue and we are sorry that we may not be 
able to fix it before Fedora 18 is end of life. If you would still like 
to see this bug fixed and are able to reproduce it against a later version 
of Fedora, you are encouraged  change the 'version' to a later Fedora 
version prior to Fedora 18's end of life.

Although we aim to fix as many bugs as possible during every release's 
lifetime, sometimes those efforts are overtaken by events. Often a 
more recent Fedora release includes newer upstream software that fixes 
bugs or makes them obsolete.
Comment 3 Michele Baldessari 2014-01-01 17:42:30 UTC 
*** Bug 1047169 has been marked as a duplicate of this bug. ***
Comment 4 Michele Baldessari 2014-01-01 17:47:44 UTC 
At least a potentially related nv0_vm_map_sg NULL crash is being discussed
here:
https://bugs.freedesktop.org/show_bug.cgi?id=64774
Comment 5 David Hampton 2014-01-03 06:18:32 UTC 
Description of problem:
Upgraded to Fedora20 today.   No idea what causes these.  My X window are freezing periodically. Maybe its related?

Version-Release number of selected component:
kernel

Additional info:
reporter:       libreport-2.1.10
cmdline:        BOOT_IMAGE=/vmlinuz-3.12.5-302.fc20.x86_64 root=/dev/mapper/fedora_hampton--pc-root ro rd.md=0 rd.dm=0 rd.lvm.lv=fedora_hampton-pc/swap rd.luks=0 vconsole.keymap=us rd.lvm.lv=fedora_hampton-pc/root rhgb quiet
kernel:         3.12.5-302.fc20.x86_64
runlevel:       N 5
type:           Kerneloops

Truncated backtrace:
#1 nv50_vm_map_sg in nouveau
#2 nouveau_vm_map_sg in nouveau
#3 nouveau_vma_getmap.isra.14 in nouveau
#4 nouveau_bo_move_m2mf.isra.15 in nouveau
#5 ? nouveau_vm_map_at in nouveau
#6 nouveau_bo_move in nouveau
#7 ? nouveau_vm_map in nouveau
#8 ttm_bo_handle_move_mem in ttm
#9 ? ttm_bo_mem_space in ttm
#10 ttm_bo_move_buffer in ttm
Comment 6 Paweł Sikora 2014-01-06 16:19:50 UTC 
the latest patch mentioned on lkml thread only changes hard system locks
into soft locks for kernel-3.12.6-300.fc20.x86_64. the suspend/resume cycles
works pretty stable for rawhide kernel-3.13.0-0.rc7.git0.2.fc21.x86_64.

afaics, the 3.13 kernel contains some acpi/pm fixes in the nouveau area.
Comment 7 Fedora End Of Life 2015-05-29 09:04:13 UTC 
This message is a reminder that Fedora 20 is nearing its end of life.
Approximately 4 (four) weeks from now Fedora will stop maintaining
and issuing updates for Fedora 20. It is Fedora's policy to close all
bug reports from releases that are no longer maintained. At that time
this bug will be closed as EOL if it remains open with a Fedora  'version'
of '20'.

Package Maintainer: If you wish for this bug to remain open because you
plan to fix it in a currently maintained version, simply change the 'version' 
to a later Fedora version.

Thank you for reporting this issue and we are sorry that we were not 
able to fix it before Fedora 20 is end of life. If you would still like 
to see this bug fixed and are able to reproduce it against a later version 
of Fedora, you are encouraged  change the 'version' to a later Fedora 
version prior this bug is closed as described in the policy above.

Although we aim to fix as many bugs as possible during every release's 
lifetime, sometimes those efforts are overtaken by events. Often a 
more recent Fedora release includes newer upstream software that fixes 
bugs or makes them obsolete.
Comment 8 Fedora End Of Life 2015-06-29 11:57:47 UTC 
Fedora 20 changed to end-of-life (EOL) status on 2015-06-23. Fedora 20 is
no longer maintained, which means that it will not receive any further
security or bug fix updates. As a result we are closing this bug.

If you can reproduce this bug against a currently maintained version of
Fedora please feel free to reopen this bug against that version. If you
are unable to reopen this bug, please file a new report against the
current release. If you experience problems, please add a comment to this
bug.

Thank you for reporting this bug and we are sorry it could not be fixed.
Note You need to log in before you can comment on or make changes to this bug.