NULL pointer dereference in nv50_disp_chan_mthd() in nouveau driver

Solution Verified - Updated -

Issue

  • Kernel panic occurred due to the following messages.
[10088.085129] nouveau 0000:b3:00.0: disp: chid 73 stat 00001080 reason 1 [PUSHBUFFER_ERR] mthd 0200 data badf5040 code badf5040
[10088.085137] BUG: unable to handle kernel NULL pointer dereference at 0000000000000020
[10088.085139] PGD 0 P4D 0
[10088.085141] Oops: 0000 [#1] SMP NOPTI
[10088.085143] CPU: 11 PID: 0 Comm: swapper/11 Kdump: loaded Tainted: G           OE    --------- -  - 4.18.0-147.el8.x86_64 #1
[10088.085144] Hardware name: Default string Default string/ASMB-815T2-00A1E, BIOS 5.14 03/25/2021
[10088.085184] RIP: 0010:nv50_disp_chan_mthd+0x3e/0x310 [nouveau]
[10088.085186] Code: 8b 77 10 48 89 7c 24 30 89 74 24 1c 65 48 8b 14 25 28 00 00 00 48 89 54 24 70 31 d2 41 39 76 50 0f 82 b0 02 00 00 48 8b 47 08 <4c> 8b 68 20 48 89 44 24 08 4d 85 ed 0f 84 9a 02 00 00 c7 44 24 3c
[10088.085187] RSP: 0018:ffff8b9f7fcc3d48 EFLAGS: 00010002
[10088.085188] RAX: 0000000000000000 RBX: 00000000badf5040 RCX: 0000000000000000
[10088.085189] RDX: 0000000000000000 RSI: 0000000000000001 RDI: ffff8b9f7c7e3b00
[10088.085190] RBP: 000000000061138c R08: 00000000000004f4 R09: 0000000000000004
[10088.085191] R10: 0000000000000049 R11: ffffffff89039b2d R12: ffff8b9f7553d800
[10088.085192] R13: 0000000000000001 R14: ffff8b9f7827d000 R15: ffff8b9f7827d000
[10088.085193] FS:  0000000000000000(0000) GS:ffff8b9f7fcc0000(0000) knlGS:0000000000000000
[10088.085194] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[10088.085194] CR2: 0000000000000020 CR3: 000000099780a005 CR4: 00000000007606e0
[10088.085195] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[10088.085196] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[10088.085197] PKRU: 55555554
[10088.085198] Call Trace:
[10088.085200]  <IRQ>
[10088.085220]  ? nvkm_notify_send+0xf1/0x120 [nouveau]
[10088.085247]  gv100_disp_exception+0x138/0x140 [nouveau]
[10088.085274]  gv100_disp_intr+0x570/0x620 [nouveau]
[10088.085297]  nvkm_mc_intr+0xeb/0x180 [nouveau]
[10088.085321]  nvkm_pci_intr+0x4c/0x90 [nouveau]
[10088.085325]  __handle_irq_event_percpu+0x40/0x180
[10088.085328]  handle_irq_event_percpu+0x30/0x80
[10088.085330]  handle_irq_event+0x36/0x53
[10088.085332]  handle_edge_irq+0x82/0x190
[10088.085334]  handle_irq+0xbf/0x100
[10088.085337]  do_IRQ+0x49/0xd0
[10088.085339]  common_interrupt+0xf/0xf
[10088.085341]  </IRQ>
[10088.085344] RIP: 0010:cpuidle_enter_state+0xb7/0x2a0
[10088.085345] Code: e8 0e 6f a5 ff 80 7c 24 03 00 74 17 9c 58 0f 1f 44 00 00 f6 c4 02 0f 85 d7 01 00 00 31 ff e8 f0 5d ab ff fb 66 0f 1f 44 00 00 <48> b8 ff ff ff ff f3 01 00 00 4c 29 f3 ba ff ff ff 7f 48 39 c3 7f
[10088.085346] RSP: 0018:ffff9dde86717e98 EFLAGS: 00000246 ORIG_RAX: ffffffffffffffd9
[10088.085347] RAX: ffff8b9f7fce3100 RBX: 0000092cd0bae33d RCX: 000000000000001f
[10088.085348] RDX: 0000092cd0bae33d RSI: 000000003351fed6 RDI: 0000000000000000
[10088.085349] RBP: 0000000000000003 R08: 0000000000000004 R09: 0000000000022940
[10088.085350] R10: 00240ecf6caeaaae R11: ffff8b9f7fce20a8 R12: ffff8b9f7fceda50
[10088.085351] R13: ffffffff889254f8 R14: 0000092cd0bac939 R15: 0000000000000000
[10088.085353]  ? cpuidle_enter_state+0x92/0x2a0
[10088.085356]  do_idle+0x236/0x280
[10088.085358]  cpu_startup_entry+0x6f/0x80
[10088.085362]  start_secondary+0x1a7/0x200
[10088.085364]  secondary_startup_64+0xb7/0xc0

Environment

  • Red Hat Enterprise Linux 8.1
  • kernel-4.18.0-147.el8
  • nouveau

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.

Current Customers and Partners

Log in for full access

Log In

New to Red Hat?

Learn more about Red Hat subscriptions

Using a Red Hat product through a public cloud?

How to access this content