Bug#948195: nvidia-legacy-340xx-driver: Xorg fails to start with a kernel panic after the upgrade to 340.108-1
Andreas Beckmann
anbe at debian.org
Mon Jan 6 02:40:10 GMT 2020
On Sun, 05 Jan 2020 08:16:36 +0200 jim_p <pitsiorisj at gmail.com> wrote:
> After todays upgrade to 340.108, the system fails to boot in the desktop
> enviroment and dmesg reports a kernel panic, as seen on the paste here
> https://paste.debian.net/1124712
[ 9.046508] resource sanity check: requesting [mem 0x000c0000-0x000fffff], which spans more than PCI Bus 0000:00 [mem 0x000c0000-0x000dffff window]
[ 9.046663] caller _nv000788rm+0xe4/0x1c0 [nvidia] mapping multiple BARs
[ 9.612094] usercopy: Kernel memory exposure attempt detected from SLUB object 'nvidia_stack_t' (offset 11864, size 3)!
[ 9.612107] ------------[ cut here ]------------
[ 9.612108] kernel BUG at mm/usercopy.c:99!
[ 9.612116] invalid opcode: 0000 [#1] SMP PTI
[ 9.612120] CPU: 1 PID: 583 Comm: Xorg Tainted: P OE 5.4.0-1-amd64 #1 Debian 5.4.6-1
[ 9.612122] Hardware name: Gigabyte Technology Co., Ltd. P35-DS3R/P35-DS3R, BIOS F13 06/19/2009
[ 9.612128] RIP: 0010:usercopy_abort+0x77/0x79
[ 9.612131] Code: 4c 0f 45 de 51 4c 89 d1 48 c7 c2 1c 06 6c 83 57 48 c7 c6 11 d9 6a 83 48 c7 c7 e8 06 6c 83 48 0f 45 f2 4c 89 da e8 20 ac e6 ff <0f> 0b 4c 89 e1 49 89 d8 44 89 ea 31 f6 48 29 c1 48 c7 c7 5e 06 6c
[ 9.612133] RSP: 0018:ffffc18bc082fba8 EFLAGS: 00010246
[ 9.612136] RAX: 000000000000006b RBX: 0000000000000003 RCX: 0000000000000000
[ 9.612137] RDX: 0000000000000000 RSI: ffffa0836ba97688 RDI: ffffa0836ba97688
[ 9.612139] RBP: ffffa0835ed55e5b R08: ffffa0836ba97688 R09: 000000000000007a
[ 9.612141] R10: ffffc18bc082fa58 R11: 0000000000000000 R12: ffffa0835ed55e58
[ 9.612143] R13: 0000000000000001 R14: ffffa0835ed55e58 R15: ffffa0835ed55ea0
[ 9.612145] FS: 00007f4c2182af00(0000) GS:ffffa0836ba80000(0000) knlGS:0000000000000000
[ 9.612147] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 9.612149] CR2: 00007f4c1ccc4de0 CR3: 000000011ec7e000 CR4: 00000000000006e0
[ 9.612151] Call Trace:
[ 9.612157] __check_heap_object+0xe5/0x120
[ 9.612160] __check_object_size+0x136/0x147
[ 9.612312] os_memcpy_to_user+0x23/0x50 [nvidia]
[ 9.612432] _nv001372rm+0xa5/0x260 [nvidia]
[ 9.612544] ? _nv004782rm+0x4eba/0x5500 [nvidia]
[ 9.612655] ? _nv004329rm+0xec/0xf0 [nvidia]
[ 9.612764] ? _nv004324rm+0xca/0x650 [nvidia]
[ 9.612880] ? _nv015124rm+0x576/0x5c0 [nvidia]
[ 9.612998] ? _nv000694rm+0x2e/0x60 [nvidia]
[ 9.613109] ? _nv000789rm+0x5f5/0x8b0 [nvidia]
[ 9.613218] ? rm_ioctl+0x73/0x100 [nvidia]
[ 9.613289] ? nvidia_ioctl+0x14e/0x470 [nvidia]
[ 9.613363] ? nvidia_frontend_ioctl+0x32/0x50 [nvidia]
[ 9.613435] ? nvidia_frontend_unlocked_ioctl+0x19/0x20 [nvidia]
[ 9.613439] ? do_vfs_ioctl+0x40e/0x670
[ 9.613442] ? ksys_ioctl+0x5e/0x90
[ 9.613445] ? ksys_write+0x5f/0xe0
[ 9.613448] ? __x64_sys_ioctl+0x16/0x20
[ 9.613451] ? do_syscall_64+0x52/0x160
[ 9.613455] ? entry_SYSCALL_64_after_hwframe+0x44/0xa9
[ 9.613457] Modules linked in: cpufreq_conservative cpufreq_powersave cpufreq_userspace snd_hda_codec_hdmi sr_mod cdrom iTCO_wdt iTCO_vendor_support watchdog snd_hda_codec_realtek ata_generic snd_hda_codec_generic ledtrig_audio snd_hda_intel snd_intel_nhlt i2c_i801 snd_hda_codec pcspkr joydev snd_hda_core sg snd_hwdep lpc_ich snd_pcm mfd_core r8169 realtek snd_timer libphy pata_jmicron snd ehci_pci soundcore button acpi_cpufreq nvidia(POE) drm it87 hwmon_vid coretemp ip_tables x_tables autofs4 ext4 crc16 mbcache jbd2 crc32c_generic sd_mod hid_generic usbhid hid ahci libahci uhci_hcd libata ehci_hcd evdev scsi_mod serio_raw usbcore usb_common
[ 9.613492] ---[ end trace 1ab91063006ad044 ]---
[ 9.613495] RIP: 0010:usercopy_abort+0x77/0x79
[ 9.613497] Code: 4c 0f 45 de 51 4c 89 d1 48 c7 c2 1c 06 6c 83 57 48 c7 c6 11 d9 6a 83 48 c7 c7 e8 06 6c 83 48 0f 45 f2 4c 89 da e8 20 ac e6 ff <0f> 0b 4c 89 e1 49 89 d8 44 89 ea 31 f6 48 29 c1 48 c7 c7 5e 06 6c
[ 9.613500] RSP: 0018:ffffc18bc082fba8 EFLAGS: 00010246
[ 9.613502] RAX: 000000000000006b RBX: 0000000000000003 RCX: 0000000000000000
[ 9.613503] RDX: 0000000000000000 RSI: ffffa0836ba97688 RDI: ffffa0836ba97688
[ 9.613505] RBP: ffffa0835ed55e5b R08: ffffa0836ba97688 R09: 000000000000007a
[ 9.613507] R10: ffffc18bc082fa58 R11: 0000000000000000 R12: ffffa0835ed55e58
[ 9.613509] R13: 0000000000000001 R14: ffffa0835ed55e58 R15: ffffa0835ed55ea0
[ 9.613511] FS: 00007f4c2182af00(0000) GS:ffffa0836ba80000(0000) knlGS:0000000000000000
[ 9.613513] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 9.613514] CR2: 00007f4c1ccc4de0 CR3: 000000011ec7e000 CR4: 00000000000006e0
[ 9.615888] BUG: kernel NULL pointer dereference, address: 0000000000000277
[ 9.615893] #PF: supervisor read access in kernel mode
[ 9.615894] #PF: error_code(0x0000) - not-present page
[ 9.615896] PGD 0 P4D 0
[ 9.615900] Oops: 0000 [#2] SMP PTI
[ 9.615903] CPU: 1 PID: 583 Comm: Xorg Tainted: P D OE 5.4.0-1-amd64 #1 Debian 5.4.6-1
[ 9.615905] Hardware name: Gigabyte Technology Co., Ltd. P35-DS3R/P35-DS3R, BIOS F13 06/19/2009
[ 9.616079] RIP: 0010:_nv016784rm+0xe0/0x1b0 [nvidia]
[ 9.616081] Code: 48 83 c4 08 5b 41 5c c3 66 90 48 8b 7b 48 48 8b 15 45 fc 44 00 48 89 ee e8 4d d1 b2 ff 85 c0 89 c3 75 c6 48 8b 7d 00 48 8b 07 <4c> 39 60 30 0f 85 9c 00 00 00 48 c7 c6 f0 01 08 c1 e8 ea cf b2 ff
[ 9.616083] RSP: 0018:ffffc18bc082fd20 EFLAGS: 00010046
[ 9.616085] RAX: 0000000000000247 RBX: 0000000000000000 RCX: 0000000000000000
[ 9.616087] RDX: ffffc18bc082fd88 RSI: ffffa0835ef15ff8 RDI: ffffc18bc082fd88
[ 9.616089] RBP: ffffa0835ef15ff8 R08: ffffffffc0c30d6c R09: ffffa0836987a0d8
[ 9.616090] R10: 0000000000000080 R11: 0000000000000001 R12: 0000000000000200
[ 9.616092] R13: ffffa0835ee74300 R14: ffffa08368210800 R15: ffffa08368ca3800
[ 9.616095] FS: 0000000000000000(0000) GS:ffffa0836ba80000(0000) knlGS:0000000000000000
[ 9.616097] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 9.616098] CR2: 0000000000000277 CR3: 000000011a20a000 CR4: 00000000000006e0
[ 9.616100] Call Trace:
[ 9.616213] ? rm_free_unused_clients+0x64/0xf0 [nvidia]
[ 9.616287] ? os_pci_read_dword+0x12/0x30 [nvidia]
[ 9.616358] ? nvidia_close+0xc2/0x450 [nvidia]
[ 9.616431] ? nvidia_frontend_close+0x4b/0x80 [nvidia]
[ 9.616435] ? __fput+0xb9/0x250
[ 9.616439] ? task_work_run+0x8a/0xb0
[ 9.616443] ? do_exit+0x2c0/0xb40
[ 9.616447] ? ksys_ioctl+0x5e/0x90
[ 9.616449] ? ksys_write+0x5f/0xe0
[ 9.616454] ? rewind_stack_do_exit+0x17/0x20
[ 9.616456] Modules linked in: cpufreq_conservative cpufreq_powersave cpufreq_userspace snd_hda_codec_hdmi sr_mod cdrom iTCO_wdt iTCO_vendor_support watchdog snd_hda_codec_realtek ata_generic snd_hda_codec_generic ledtrig_audio snd_hda_intel snd_intel_nhlt i2c_i801 snd_hda_codec pcspkr joydev snd_hda_core sg snd_hwdep lpc_ich snd_pcm mfd_core r8169 realtek snd_timer libphy pata_jmicron snd ehci_pci soundcore button acpi_cpufreq nvidia(POE) drm it87 hwmon_vid coretemp ip_tables x_tables autofs4 ext4 crc16 mbcache jbd2 crc32c_generic sd_mod hid_generic usbhid hid ahci libahci uhci_hcd libata ehci_hcd evdev scsi_mod serio_raw usbcore usb_common
[ 9.616489] CR2: 0000000000000277
[ 9.616492] ---[ end trace 1ab91063006ad045 ]---
[ 9.616495] RIP: 0010:usercopy_abort+0x77/0x79
[ 9.616497] Code: 4c 0f 45 de 51 4c 89 d1 48 c7 c2 1c 06 6c 83 57 48 c7 c6 11 d9 6a 83 48 c7 c7 e8 06 6c 83 48 0f 45 f2 4c 89 da e8 20 ac e6 ff <0f> 0b 4c 89 e1 49 89 d8 44 89 ea 31 f6 48 29 c1 48 c7 c7 5e 06 6c
[ 9.616499] RSP: 0018:ffffc18bc082fba8 EFLAGS: 00010246
[ 9.616501] RAX: 000000000000006b RBX: 0000000000000003 RCX: 0000000000000000
[ 9.616503] RDX: 0000000000000000 RSI: ffffa0836ba97688 RDI: ffffa0836ba97688
[ 9.616505] RBP: ffffa0835ed55e5b R08: ffffa0836ba97688 R09: 000000000000007a
[ 9.616507] R10: ffffc18bc082fa58 R11: 0000000000000000 R12: ffffa0835ed55e58
[ 9.616508] R13: 0000000000000001 R14: ffffa0835ed55e58 R15: ffffa0835ed55ea0
[ 9.616510] FS: 0000000000000000(0000) GS:ffffa0836ba80000(0000) knlGS:0000000000000000
[ 9.616512] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 9.616514] CR2: 0000000000000277 CR3: 000000011a20a000 CR4: 00000000000006e0
[ 9.616517] Fixing recursive fault but reboot is needed!
Looks like we need to resurrect kmem_cache_create_usercopy.patch
Andreas
More information about the pkg-nvidia-devel
mailing list