[575.57.08 (closed) / 1080Ti] BUG: KFENCE: use-after-free read in _nv000179kms+0x439/0x2a10 [nvidia_modeset]

badouri.g · June 13, 2025, 9:13pm

I’m trying to play The Last of Us 2 on Bazzite (Fedora) 42 using Steam.
But the game always freezes within 20 seconds of gameplay.
My kernel log:

[  436.957204] BUG: KFENCE: use-after-free read in _nv000179kms+0x439/0x2a10 [nvidia_modeset]

[  436.957256] Use-after-free read at 0x00000000b9fa3a4b (in kfence-#18):
[  436.957260]  _nv000179kms+0x439/0x2a10 [nvidia_modeset]
[  436.957300]  _nv002901kms+0x663/0x9c0 [nvidia_modeset]
[  436.957350]  _nv000397kms+0x201/0x430 [nvidia_modeset]
[  436.957398]  _nv002900kms+0xeda/0x11b0 [nvidia_modeset]
[  436.957449]  _nv003010kms+0x78c/0xd20 [nvidia_modeset]
[  436.957508]  nvKmsIoctl+0xf7/0x270 [nvidia_modeset]
[  436.957545]  nvkms_ioctl_from_kapi_try_pmlock+0x66/0xc0 [nvidia_modeset]
[  436.957583]  _nv000023kms+0x566/0xbc0 [nvidia_modeset]
[  436.957639]  nv_drm_atomic_apply_modeset_config+0x2d1/0x640 [nvidia_drm]
[  436.957651]  nv_drm_atomic_commit+0x1f3/0x560 [nvidia_drm]
[  436.957661]  drm_mode_atomic_ioctl+0x4c4/0x7a0
[  436.957667]  drm_ioctl_kernel+0xad/0x100
[  436.957671]  drm_ioctl+0x29d/0x520
[  436.957674]  __x64_sys_ioctl+0x94/0xc0
[  436.957678]  do_syscall_64+0x7b/0x160
[  436.957683]  entry_SYSCALL_64_after_hwframe+0x76/0x7e

[  436.957690] kfence-#18: 0x00000000212c73e1-0x00000000a7bcfb2c, size=328, cache=kmalloc-rnd-04-512

[  436.957694] allocated by task 2446 on cpu 7 at 436.939126s (0.018567s ago):
[  436.957703]  nvkms_alloc+0x51/0xb0 [nvidia_modeset]
[  436.957740]  _nv003042kms+0x22/0x40 [nvidia_modeset]
[  436.957795]  _nv002864kms+0x266/0x750 [nvidia_modeset]
[  436.957845]  _nv000726kms+0x40/0x60 [nvidia_modeset]
[  436.957882]  nvKmsIoctl+0xf7/0x270 [nvidia_modeset]
[  436.957919]  nvkms_ioctl_from_kapi+0x73/0xe0 [nvidia_modeset]
[  436.957956]  _nv000098kms+0x18f/0x250 [nvidia_modeset]
[  436.958012]  nv_drm_framebuffer_init+0x145/0x370 [nvidia_drm]
[  436.958023]  nv_drm_internal_framebuffer_create+0x1ec/0x3a0 [nvidia_drm]
[  436.958032]  nv_drm_framebuffer_create+0x96/0xc0 [nvidia_drm]
[  436.958040]  drm_internal_framebuffer_create+0xac/0x180
[  436.958045]  drm_mode_addfb2+0x47/0x110
[  436.958048]  drm_ioctl_kernel+0xad/0x100
[  436.958051]  drm_ioctl+0x29d/0x520
[  436.958054]  __x64_sys_ioctl+0x94/0xc0
[  436.958057]  do_syscall_64+0x7b/0x160
[  436.958060]  entry_SYSCALL_64_after_hwframe+0x76/0x7e

[  436.958066] freed by task 2446 on cpu 7 at 436.952208s (0.005857s ago):
[  436.958071]  _nv000805kms+0x49/0x60 [nvidia_modeset]
[  436.958107]  nvKmsIoctl+0xf7/0x270 [nvidia_modeset]
[  436.958144]  nvkms_ioctl_from_kapi+0x73/0xe0 [nvidia_modeset]
[  436.958181]  _nv000112kms+0x4b/0x60 [nvidia_modeset]
[  436.958236]  nv_drm_framebuffer_destroy+0x3b/0x50 [nvidia_drm]
[  436.958246]  drm_mode_closefb_ioctl+0x6f/0x90
[  436.958250]  drm_ioctl_kernel+0xad/0x100
[  436.958253]  drm_ioctl+0x29d/0x520
[  436.958256]  __x64_sys_ioctl+0x94/0xc0
[  436.958259]  do_syscall_64+0x7b/0x160
[  436.958263]  entry_SYSCALL_64_after_hwframe+0x76/0x7e

[  436.958269] CPU: 9 UID: 1000 PID: 2519 Comm: DP-1 Tainted: P S         OE      6.14.6-106.bazzite.fc42.x86_64 #1
[  436.958275] Tainted: [P]=PROPRIETARY_MODULE, [S]=CPU_OUT_OF_SPEC, [O]=OOT_MODULE, [E]=UNSIGNED_MODULE
[  436.958277] Hardware name: System manufacturer System Product Name/RAMPAGE IV EXTREME, BIOS 4901 05/14/2014
[  436.958280] ==================================================================
[  557.717542] NVRM: GPU at PCI:0000:04:00: GPU-28c4a995-bc24-49cd-e960-3d919242476d
[  557.717551] NVRM: Xid (PCI:0000:04:00): 69, pid=12578, name=tlou-ii-l.exe, Class Error: ChId 00a4, Class 0000c197, Offset 00002388, Data 08690046, ErrorCode 00000004

nvidia-bug-report.log.gz (1.3 MB)

jonesj83sp · June 27, 2025, 11:38am

I have the same error on Fedora 42.

[179260.315020] BUG: KFENCE: use-after-free read in _nv000179kms+0x439/0x2a10 [nvidia_modeset]

[179260.315067] Use-after-free read at 0x00000000749dedba (in kfence-#213):
[179260.315071]  _nv000179kms+0x439/0x2a10 [nvidia_modeset]
[179260.315110]  _nv002901kms+0x663/0x9c0 [nvidia_modeset]
[179260.315157]  _nv000397kms+0x201/0x430 [nvidia_modeset]
[179260.315203]  _nv002900kms+0xeda/0x11b0 [nvidia_modeset]
[179260.315248]  _nv003010kms+0x78c/0xd20 [nvidia_modeset]
[179260.315307]  nvKmsIoctl+0xf7/0x270 [nvidia_modeset]
[179260.315346]  nvkms_ioctl_from_kapi_try_pmlock+0x66/0xc0 [nvidia_modeset]
[179260.315385]  _nv000023kms+0x566/0xbc0 [nvidia_modeset]
[179260.315442]  nv_drm_atomic_apply_modeset_config+0x2d0/0x640 [nvidia_drm]
[179260.315454]  nv_drm_atomic_commit+0x234/0x580 [nvidia_drm]
[179260.315463]  drm_mode_atomic_ioctl+0x4c4/0x7c0
[179260.315469]  drm_ioctl_kernel+0xab/0x100
[179260.315473]  drm_ioctl+0x2af/0x540
[179260.315475]  __x64_sys_ioctl+0x94/0xc0
[179260.315480]  do_syscall_64+0x7b/0x160
[179260.315485]  entry_SYSCALL_64_after_hwframe+0x76/0x7e

[179260.315490] kfence-#213: 0x000000001e901e0b-0x000000008105e5c1, size=328, cache=kmalloc-rnd-01-512

[179260.315494] allocated by task 2684 on cpu 1 at 179260.281264s (0.034229s ago):
[179260.315503]  nvkms_alloc+0x51/0xb0 [nvidia_modeset]
[179260.315542]  _nv003042kms+0x22/0x40 [nvidia_modeset]
[179260.315595]  _nv002864kms+0x266/0x750 [nvidia_modeset]
[179260.315644]  _nv000726kms+0x40/0x60 [nvidia_modeset]
[179260.315683]  nvKmsIoctl+0xf7/0x270 [nvidia_modeset]
[179260.315722]  nvkms_ioctl_from_kapi+0x73/0xe0 [nvidia_modeset]
[179260.315761]  _nv000098kms+0x18f/0x250 [nvidia_modeset]
[179260.315820]  nv_drm_framebuffer_init+0x144/0x370 [nvidia_drm]
[179260.315831]  nv_drm_internal_framebuffer_create+0x1ea/0x3a0 [nvidia_drm]
[179260.315839]  nv_drm_framebuffer_create+0x95/0xc0 [nvidia_drm]
[179260.315847]  drm_internal_framebuffer_create+0xac/0x180
[179260.315852]  drm_mode_addfb2+0x47/0x110
[179260.315856]  drm_ioctl_kernel+0xab/0x100
[179260.315860]  drm_ioctl+0x2af/0x540
[179260.315863]  __x64_sys_ioctl+0x94/0xc0
[179260.315865]  do_syscall_64+0x7b/0x160
[179260.315869]  entry_SYSCALL_64_after_hwframe+0x76/0x7e

[179260.315874] freed by task 2684 on cpu 0 at 179260.303896s (0.011977s ago):
[179260.315881]  _nv000805kms+0x49/0x60 [nvidia_modeset]
[179260.315922]  nvKmsIoctl+0xf7/0x270 [nvidia_modeset]
[179260.315962]  nvkms_ioctl_from_kapi+0x73/0xe0 [nvidia_modeset]
[179260.316000]  _nv000112kms+0x4b/0x60 [nvidia_modeset]
[179260.316055]  nv_drm_framebuffer_destroy+0x3b/0x50 [nvidia_drm]
[179260.316065]  drm_mode_closefb_ioctl+0x6f/0x90
[179260.316070]  drm_ioctl_kernel+0xab/0x100
[179260.316074]  drm_ioctl+0x2af/0x540
[179260.316076]  __x64_sys_ioctl+0x94/0xc0
[179260.316080]  do_syscall_64+0x7b/0x160
[179260.316083]  entry_SYSCALL_64_after_hwframe+0x76/0x7e

[179260.316090] CPU: 3 UID: 1000 PID: 2701 Comm: KMS thread Tainted: P    B      OE       6.15.3-200.fc42.x86_64 #1 PREEMPT(lazy) 
[179260.316096] Tainted: [P]=PROPRIETARY_MODULE, [B]=BAD_PAGE, [O]=OOT_MODULE, [E]=UNSIGNED_MODULE

Kernel: 6.15.3-200.fc42.x86_64
Driver Version: 575.57.08
OS: Fedora 42
GPU: Zotac GTX1050Ti

badouri.g · June 27, 2025, 11:49am

The use-after-free bug has been fixed with release 575.64.

However the crash when trying to run certain DX12 games such as The Last of Us Part 2 still persists.

[  557.717551] NVRM: Xid (PCI:0000:04:00): 69, pid=12578, name=tlou-ii-l.exe, Class Error: ChId 00a4, Class 0000c197, Offset 00002388, Data 08690046, ErrorCode 00000004

Tekstryder · June 27, 2025, 12:12pm

Yup. See original thread: BUG: KFENCE: use-after-free read in _nv000177kms [nvidia_modeset] - #20 by Tekstryder

You’ll need to start a new thread on that topic if one doesn’t already exist.

Topic		Replies	Views
BUG: KFENCE: use-after-free read in _nv000177kms [nvidia_modeset] Linux kernel , nvbugs , linux-driver	20	1065	June 21, 2025
BUG: KFENCE: use-after-free read in nv_dma_release_sgt+0x29/0x70 [nvidia] Linux	15	778	December 28, 2024
Use-after-free on GTX 1650 dGPU with 545.29.06 on Fedora 39 + Wayland Linux kernel	24	1662	December 3, 2024
525.89.02 with RTX3060 reliably crashes when exiting SteamVR Linux kernel , nvbugs	17	881	March 29, 2023
535.129.03 freeze system, crash or getting nuts on RTX3050 Linux	14	1660	August 22, 2024
Frequent crashes with 525.89.02 on OpenSUSE when exiting SteamVR Linux kernel , nvbugs	1	455	March 7, 2023
331.20 performance drop when VRAM full / PCIe Bandwith Utilization exceeds / NVRM errors Linux	11	3478	January 17, 2014
Summary of existing issues with the nVidia proprietary driver Linux nvbugs , linux-driver	5	1204	June 21, 2025
Kernel freeze, unkillable X (ubuntu 16.0.4.2) Linux	2	902	October 12, 2017
Desktop Freezes Requires Hard Reboot Fedora 41 Asus Zephyrus nvidia 4070 Linux	3	371	March 8, 2025

[575.57.08 (closed) / 1080Ti] BUG: KFENCE: use-after-free read in _nv000179kms+0x439/0x2a10 [nvidia_modeset]

Related topics