Bug#1022068: linux: kernel NULL pointer dereference in nouveau driver on Thinkpad W541
Source: linux
Version: 6.0.2-1
Severity: important
After upgrading to linux 6.0.2-1 I see the following message during boot:
+---
| [ 3.723631] i915 0000:00:02.0: [drm] fb0: i915drmfb frame buffer device
| [...]
| [ 3.855523] vga_switcheroo: enabled
| [ 3.855536] nouveau 0000:01:00.0: DRM: VRAM: 2048 MiB
| [ 3.855537] nouveau 0000:01:00.0: DRM: GART: 1048576 MiB
| [ 3.855539] nouveau 0000:01:00.0: DRM: TMDS table version 2.0
| [ 3.855541] nouveau 0000:01:00.0: DRM: DCB version 4.0
| [ 3.855542] nouveau 0000:01:00.0: DRM: DCB outp 00: 08800fc6 0f420010
| [ 3.855544] nouveau 0000:01:00.0: DRM: DCB outp 01: 08000f82 00020010
| [ 3.855545] nouveau 0000:01:00.0: DRM: DCB conn 00: 01000046
| [ 3.857230] nouveau 0000:01:00.0: DRM: MM: using COPY for buffer copies
| [ 3.858820] BUG: kernel NULL pointer dereference, address: 0000000000000020
| [ 3.858838] #PF: supervisor read access in kernel mode
| [ 3.858847] #PF: error_code(0x0000) - not-present page
| [ 3.858856] PGD 0 P4D 0
| [ 3.858864] Oops: 0000 [#1] PREEMPT SMP PTI
| [ 3.858872] CPU: 1 PID: 427 Comm: systemd-udevd Not tainted 6.0.0-1-amd64 #1 Debian 6.0.2-1
| [ 3.858886] Hardware name: LENOVO 20EGS1FD00/20EGS1FD00, BIOS GNET88WW (2.36 ) 05/30/2018
| [ 3.858898] RIP: 0010:nvif_object_mthd+0xba/0x200 [nouveau]
| [ 3.858982] Code: 72 ce 41 8d 56 20 49 8b 44 24 08 83 fa 17 0f 86 35 01 00 00 4c 39 e0 0f 84 ea 00 00 00 4c 89 63 10 31 c9 48 89 de c6 43 06 ff <48> 8b 78 20 48 8b 40 38 48 8b 40 28 e8 d5 e3 95 ce 48 8b 3c 24 4c
| [ 3.859008] RSP: 0018:ffffa8e7409bb718 EFLAGS: 00010246
| [ 3.859018] RAX: 0000000000000000 RBX: ffffa8e7409bb720 RCX: 0000000000000000
| [ 3.859030] RDX: 0000000000000028 RSI: ffffa8e7409bb720 RDI: ffffa8e7409bb748
| [ 3.859042] RBP: 0000000000000000 R08: ffffa8e7409bb968 R09: 0000000000000008
| [ 3.859053] R10: ffff95661041f9c0 R11: ffffa8e740e30000 R12: ffff9565ca2114f8
| [ 3.859065] R13: ffffa8e7409bb720 R14: 0000000000000008 R15: ffffa8e7409bb740
| [ 3.859076] FS: 00007fc0a2a6e8c0(0000) GS:ffff956d1e240000(0000) knlGS:0000000000000000
| [ 3.859090] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
| [ 3.859100] CR2: 0000000000000020 CR3: 0000000100f74001 CR4: 00000000001706e0
| [ 3.859112] Call Trace:
| [ 3.859120] <TASK>
| [ 3.859128] nvif_conn_hpd_status+0x35/0xe0 [nouveau]
| [ 3.859209] nouveau_dp_detect+0x2d0/0x410 [nouveau]
| [ 3.859302] nouveau_connector_detect+0x9b/0x550 [nouveau]
| [ 3.859395] drm_helper_probe_detect+0x84/0xb0 [drm_kms_helper]
| [ 3.859421] drm_helper_probe_single_connector_modes+0x361/0x510 [drm_kms_helper]
| [ 3.859444] drm_client_modeset_probe+0x224/0x1490 [drm]
| [ 3.859487] ? nouveau_cli_init+0x3ea/0x490 [nouveau]
| [ 3.859582] ? __pm_runtime_suspend+0x6a/0x100
| [ 3.859593] __drm_fb_helper_initial_config_and_unlock+0x44/0x510 [drm_kms_helper]
| [ 3.859618] ? drm_client_init+0x133/0x160 [drm]
| [ 3.859653] nouveau_fbcon_init+0x14a/0x1c0 [nouveau]
| [ 3.859736] nouveau_drm_device_init+0x1ec/0x7a0 [nouveau]
| [ 3.859819] ? pci_update_current_state+0x6e/0xa0
| [ 3.859831] nouveau_drm_probe+0x128/0x1f0 [nouveau]
| [ 3.859913] ? _raw_spin_unlock_irqrestore+0x23/0x40
| [ 3.859925] local_pci_probe+0x41/0x80
| [ 3.859935] pci_device_probe+0xc3/0x230
| [ 3.859946] really_probe+0xde/0x380
| [ 3.859955] ? pm_runtime_barrier+0x50/0x90
| [ 3.859963] __driver_probe_device+0x78/0x170
| [ 3.859972] driver_probe_device+0x1f/0x90
| [ 3.859981] __driver_attach+0xd1/0x1d0
| [ 3.859990] ? __device_attach_driver+0x110/0x110
| [ 3.860000] bus_for_each_dev+0x87/0xd0
| [ 3.860011] bus_add_driver+0x1ae/0x200
| [ 3.860019] driver_register+0x89/0xe0
| [ 3.860028] ? 0xffffffffc0731000
| [ 3.860035] do_one_initcall+0x59/0x220
| [ 3.860047] do_init_module+0x4a/0x200
| [ 3.860057] __do_sys_finit_module+0xac/0x120
| [ 3.860067] do_syscall_64+0x3a/0xc0
| [ 3.860077] entry_SYSCALL_64_after_hwframe+0x63/0xcd
| [ 3.860088] RIP: 0033:0x7fc0a3177859
| [ 3.860096] Code: 08 44 89 e0 5b 41 5c c3 66 0f 1f 84 00 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 8b 0d 87 05 0f 00 f7 d8 64 89 01 48
| [ 3.860121] RSP: 002b:00007ffdb9440778 EFLAGS: 00000246 ORIG_RAX: 0000000000000139
| [ 3.860133] RAX: ffffffffffffffda RBX: 000055f6ea1a8cf0 RCX: 00007fc0a3177859
| [ 3.860144] RDX: 0000000000000000 RSI: 00007fc0a3327efd RDI: 0000000000000015
| [ 3.860155] RBP: 00007fc0a3327efd R08: 0000000000000000 R09: 000055f6ea1af1a0
| [ 3.860167] R10: 0000000000000015 R11: 0000000000000246 R12: 0000000000020000
| [ 3.860178] R13: 0000000000000000 R14: 000055f6ea1df350 R15: 000055f6e964fcc1
| [ 3.860190] </TASK>
| [ 3.860196] Modules linked in: raid1 md_mod i915 nouveau(+) sd_mod t10_pi sr_mod crc64_rocksoft_generic cdrom crc64_rocksoft crc_t10dif crct10dif_generic crc64 crct10dif_pclmul crct10dif_common drm_ttm_helper crc32_pclmul mxm_wmi crc32c_intel drm_buddy i2c_algo_bit drm_display_helper ghash_clmulni_intel drm_kms_helper cec rc_core ahci libahci ttm sdhci_pci xhci_pci cqhci libata xhci_hcd aesni_intel ehci_pci ehci_hcd crypto_simd serio_raw scsi_mod sdhci drm cryptd usbcore scsi_common mmc_core usb_common wmi battery video button dm_mod msr parport_pc ppdev lp parport efivarfs autofs4
| [ 3.860292] CR2: 0000000000000020
| [ 3.860307] ---[ end trace 0000000000000000 ]---
| [ 3.860320] RIP: 0010:nvif_object_mthd+0xba/0x200 [nouveau]
| [ 3.861040] Code: 72 ce 41 8d 56 20 49 8b 44 24 08 83 fa 17 0f 86 35 01 00 00 4c 39 e0 0f 84 ea 00 00 00 4c 89 63 10 31 c9 48 89 de c6 43 06 ff <48> 8b 78 20 48 8b 40 38 48 8b 40 28 e8 d5 e3 95 ce 48 8b 3c 24 4c
| [ 3.861725] RSP: 0018:ffffa8e7409bb718 EFLAGS: 00010246
| [ 3.862422] RAX: 0000000000000000 RBX: ffffa8e7409bb720 RCX: 0000000000000000
| [ 3.863110] RDX: 0000000000000028 RSI: ffffa8e7409bb720 RDI: ffffa8e7409bb748
| [ 3.863831] RBP: 0000000000000000 R08: ffffa8e7409bb968 R09: 0000000000000008
| [ 3.864542] R10: ffff95661041f9c0 R11: ffffa8e740e30000 R12: ffff9565ca2114f8
| [ 3.865219] R13: ffffa8e7409bb720 R14: 0000000000000008 R15: ffffa8e7409bb740
| [ 3.865886] FS: 00007fc0a2a6e8c0(0000) GS:ffff956d1e240000(0000) knlGS:0000000000000000
| [ 3.866620] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
| [ 3.867309] CR2: 0000000000000020 CR3: 0000000100f74001 CR4: 00000000001706e0
+---
I only use the integrated Intel graphics, the Nvidia card is unused.
There was no null pointer dereference with the previous kernel
(5.19.11-1 (2022-09-24)).
Besides the null pointer dereference above, suspend to RAM also no
longer works properly after the upgrade. I have not investigated that
further so far.
Ansgar
-- System Information:
Kernel: Linux 6.0.0-1-amd64 (SMP w/8 CPU threads; PREEMPT)
Kernel taint flags: TAINT_DIE
Locale: LANG=C.UTF-8, LC_CTYPE=C.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled
Reply to: