[Bug 844177] New: nouveau: BUG: unable to handle kernel NULL pointer dereference at 0000000000000008
https://bugzilla.novell.com/show_bug.cgi?id=844177 https://bugzilla.novell.com/show_bug.cgi?id=844177#c0 Summary: nouveau: BUG: unable to handle kernel NULL pointer dereference at 0000000000000008 Classification: openSUSE Product: openSUSE 12.3 Version: Final Platform: x86-64 OS/Version: openSUSE 12.3 Status: NEW Severity: Critical Priority: P5 - None Component: Kernel AssignedTo: kernel-maintainers@forge.provo.novell.com ReportedBy: admin@ifyouwantblood.de QAContact: qa-bugs@suse.de Found By: --- Blocker: --- Created an attachment (id=561573) --> (http://bugzilla.novell.com/attachment.cgi?id=561573) complete dmesg + card information User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1) occasianally i get the above bug with nouvea that completly crashes X. this happens since 3.11. i am unable to pin it to a specific action. find attached complete dmesg till the bug and card information. there is nothing in X logs. Reproducible: Always Steps to Reproduce: 1. 2. 3. 3.11.0-27.g0a1c41f-desktop [164569.822254] BUG: unable to handle kernel NULL pointer dereference at 0000000000000008 [164569.822680] IP: [<ffffffffa01c7477>] nouveau_fence_wait_uevent+0x17/0x3c0 [nouveau] [164569.823005] PGD 1b561d067 PUD 1165e3067 PMD 0 [164569.823312] Oops: 0000 [#1] PREEMPT SMP [164569.823312] Modules linked in: tcp_westwood loop nfnetlink_log nfnetlink xts gf128mul af_packet fuse bnep bluetooth rfkill xt_tcpudp xt_pkttype xt_LOG xt_limit ip6t_REJECT nf_conntrack_ipv6 nf_defrag_ipv6 ip6table_raw ipt_REJECT iptable_raw xt_CT iptable_filter ip6table_mangle nf_conntrack_netbios_ns nf_conntrack_broadcast nf_conntrack_ipv4 nf_defrag_ipv4 ip_tables xt_conntrack nf_conntrack ip6table_filter ip6_tables x_tables sha256_ssse3 sha256_generic cbc dm_crypt snd_hda_codec_realtek usb_storage kvm_intel kvm snd_hda_intel gpio_ich iTCO_wdt iTCO_vendor_support snd_hda_codec snd_hwdep lpc_ich pcspkr sg snd_pcm mfd_core snd_timer r8169 via_rhine i2c_i801 snd mii serio_raw soundcore snd_page_alloc acpi_cpufreq mperf dm_mod autofs4 btrfs raid6_pq zlib_deflate xor libcrc32c ata_piix nouveau ttm drm_kms_helper processor drm i2c_algo_bit mxm_wmi video thermal_sys wmi button scsi_dh_rdac scsi_dh_hp [164569.825006] CPU: 1 PID: 29608 Comm: Xorg Tainted: G W 3.11.0-27.g0a1c41f-desktop #1 [164569.825006] Hardware name: FUJITSU ESPRIMO P2560 /D3041-A1, BIOS 6.00 R1.02.3041.A1 11/09/2010 [164569.825006] task: ffff8801b3b2e4c0 ti: ffff88013ba44000 task.ti: ffff88013ba44000 [164569.825006] RIP: 0010:[<ffffffffa01c7477>] [<ffffffffa01c7477>] nouveau_fence_wait_uevent+0x17/0x3c0 [nouveau] [164569.825006] RSP: 0018:ffff88013ba45c08 EFLAGS: 00010292 [164569.825006] RAX: 0000000000000000 RBX: ffff88004187af00 RCX: 0000000000000000 [164569.825006] RDX: 000000000000e3a2 RSI: 0000000000000001 RDI: ffff88004187af00 [164569.825006] RBP: 0000000000000001 R08: ffffc90000c7e000 R09: 000000000000e200 [164569.825006] R10: ffffffffa02424a0 R11: ffff88013ba45df0 R12: 0000000000000000 [164569.825006] R13: 0000000000000001 R14: ffff8801b1d3e440 R15: 0000000000000001 [164569.825006] FS: 00007f7dee255880(0000) GS:ffff8801bfd00000(0000) knlGS:0000000000000000 [164569.825006] CS: 0010 DS: 0000 ES: 0000 CR0: 000000008005003b [164569.825006] CR2: 0000000000000008 CR3: 0000000158078000 CR4: 00000000000407e0 [164569.825006] Stack: [164569.825006] 000000000000e200 ffffc90000c7e000 ffff88019c42d000 0000000000000000 [164569.825006] 000000000000e3a2 0000000000000001 ffff88004187af00 ffffffffffffff10 [164569.825006] ffffffffa01c746c 0000000000000010 0000000000000246 ffff88013ba45c70 [164569.825006] Call Trace: [164569.825006] [<ffffffffa01c7886>] nouveau_fence_wait+0x66/0x150 [nouveau] [164569.825006] [<ffffffffa00a3f07>] ttm_bo_wait+0xa7/0x1a0 [ttm] [164569.825006] [<ffffffffa01ce3b3>] nouveau_gem_ioctl_cpu_prep+0x63/0xd0 [nouveau] [164569.825006] [<ffffffffa00582dd>] drm_ioctl+0x4ed/0x5f0 [drm] [164569.825006] [<ffffffff811a34db>] do_vfs_ioctl+0x8b/0x530 [164569.825006] [<ffffffff811a3a20>] SyS_ioctl+0xa0/0xc0 [164569.825006] [<ffffffff815ea9ed>] system_call_fastpath+0x1a/0x1f [164569.825006] [<00007f7dec398b97>] 0x7f7dec398b96 [164569.825006] Code: 85 c0 0f 94 c0 48 83 c4 10 5b 5d 41 5c 41 5d 41 5e c3 66 90 41 57 41 56 41 55 41 54 55 89 f5 53 48 89 fb 48 83 ec 68 48 8b 47 28 <48> 8b 48 08 48 8b 91 f0 00 00 [164569.825006] RIP [<ffffffffa01c7477>] nouveau_fence_wait_uevent+0x17/0x3c0 [nouveau] [164569.825006] RSP <ffff88013ba45c08> [164569.825006] CR2: 0000000000000008 [164569.836555] ---[ end trace 4f9084aafb7b6ed2 ]--- -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=844177 https://bugzilla.novell.com/show_bug.cgi?id=844177#c Jeff Mahoney <jeffm@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Component|Kernel |Kernel Version|Final |RC 1 Product|openSUSE 12.3 |openSUSE 13.1 -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=844177 https://bugzilla.novell.com/show_bug.cgi?id=844177#c1 Jeff Mahoney <jeffm@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |ASSIGNED AssignedTo|kernel-maintainers@forge.pr |jeffm@suse.com |ovo.novell.com | --- Comment #1 from Jeff Mahoney <jeffm@suse.com> 2013-10-22 15:22:09 EDT --- Created an attachment (id=564471) --> (http://bugzilla.novell.com/attachment.cgi?id=564471) [PATCH] nouveau: Fix race with fence signaling There exists a tight race between the call to nouveau_fence_done from nouveau_fence_wait and the call to nouveau_fence_wait_uevent. nouveau_fence_done checks to see if fence->channel is NULL before calling nouveau_fence_wait_uevent, but it's not good enough since the dereference in nouveau_fence_wait_uevent is done outside the lock. Another thread may have signaled the fence in that tight window and then we Oops while dereferencing fence->channel->drm at the beginning of nouveau_fence_wait_uevent. The good news is that nouveau_fence_wait_uevent only uses fence->channel directly to grab the chan->drm pointer. If we pass that in directly as a known good pointer, we can avoid the race. Passing the nouveau_fence_done check in the caller ensures that the pointer is valid. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=844177 https://bugzilla.novell.com/show_bug.cgi?id=844177#c2 Jeff Mahoney <jeffm@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|ASSIGNED |RESOLVED Resolution| |FIXED --- Comment #2 from Jeff Mahoney <jeffm@suse.com> 2013-10-22 15:23:15 EDT --- I've applied this fix to the openSUSE 13.1 and git master repositories. It will be in the next release. FWIW, you probably don't need to worry too much about pulling this fix before the next release. The race is only a few instructions long. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=844177 https://bugzilla.novell.com/show_bug.cgi?id=844177#c3 Sebastian K <admin@ifyouwantblood.de> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |mpapis@gmail.com --- Comment #3 from Sebastian K <admin@ifyouwantblood.de> 2014-02-11 09:49:42 UTC --- *** Bug 839299 has been marked as a duplicate of this bug. *** http://bugzilla.novell.com/show_bug.cgi?id=839299 -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
participants (1)
-
bugzilla_noreply@novell.com