BUG: KFENCE: use-after-free read in _nv000177kms [nvidia_modeset]

Tekstryder · March 2, 2025, 10:00pm

This is a new bug first seen with the 570.124.04 Production Branch driver release.

I’ve about 30 instances over the past few days,.

Mar 02 16:47:17 kernel: ==================================================================
Mar 02 16:47:17 kernel: BUG: KFENCE: use-after-free read in _nv000177kms+0x439/0x2a10 [nvidia_modeset]
Mar 02 16:47:17 kernel: Use-after-free read at 0x00000000e7c09e3f (in kfence-#113):
Mar 02 16:47:17 kernel:  _nv000177kms+0x439/0x2a10 [nvidia_modeset]
Mar 02 16:47:17 kernel:  _nv002879kms+0x663/0x9c0 [nvidia_modeset]
Mar 02 16:47:17 kernel:  _nv000392kms+0x1e1/0x400 [nvidia_modeset]
Mar 02 16:47:17 kernel:  _nv002878kms+0xf1a/0x11e0 [nvidia_modeset]
Mar 02 16:47:17 kernel:  _nv002988kms+0x79c/0xd30 [nvidia_modeset]
Mar 02 16:47:17 kernel:  nvKmsIoctl+0xf7/0x270 [nvidia_modeset]
Mar 02 16:47:17 kernel:  nvkms_ioctl_from_kapi_try_pmlock+0x64/0xb0 [nvidia_modeset]
Mar 02 16:47:17 kernel:  _nv000023kms+0x56b/0xbc0 [nvidia_modeset]
Mar 02 16:47:17 kernel:  nv_drm_atomic_apply_modeset_config+0x4bc/0x810 [nvidia_drm]
Mar 02 16:47:17 kernel:  nv_drm_atomic_commit+0x18f/0x490 [nvidia_drm]
Mar 02 16:47:17 kernel:  drm_mode_atomic_ioctl+0xa69/0xcb0
Mar 02 16:47:17 kernel:  drm_ioctl_kernel+0xad/0x100
Mar 02 16:47:17 kernel:  drm_ioctl+0x277/0x4e0
Mar 02 16:47:17 kernel:  __x64_sys_ioctl+0x94/0xc0
Mar 02 16:47:17 kernel:  do_syscall_64+0x82/0x190
Mar 02 16:47:17 kernel:  entry_SYSCALL_64_after_hwframe+0x76/0x7e
Mar 02 16:47:17 kernel: 
Mar 02 16:47:17 kernel: kfence-#113: 0x000000003756a051-0x00000000be2c3ddd, size=328, cache=kmalloc-512
Mar 02 16:47:17 kernel: allocated by task 1220 on cpu 16 at 16213.163360s (0.425901s ago):
Mar 02 16:47:17 kernel:  nvkms_alloc+0x50/0xa0 [nvidia_modeset]
Mar 02 16:47:17 kernel:  _nv003020kms+0x22/0x40 [nvidia_modeset]
Mar 02 16:47:17 kernel:  _nv002842kms+0x266/0x740 [nvidia_modeset]
Mar 02 16:47:17 kernel:  _nv000719kms+0x40/0x60 [nvidia_modeset]
Mar 02 16:47:17 kernel:  nvKmsIoctl+0xf7/0x270 [nvidia_modeset]
Mar 02 16:47:17 kernel:  nvkms_ioctl_from_kapi+0x73/0xe0 [nvidia_modeset]
Mar 02 16:47:17 kernel:  _nv000096kms+0x19d/0x240 [nvidia_modeset]
Mar 02 16:47:17 kernel:  nv_drm_internal_framebuffer_create+0x270/0x400 [nvidia_drm]
Mar 02 16:47:17 kernel:  nv_drm_framebuffer_create+0x99/0xc0 [nvidia_drm]
Mar 02 16:47:17 kernel:  drm_internal_framebuffer_create+0x3e2/0x570
Mar 02 16:47:17 kernel:  drm_mode_addfb2+0x42/0xf0
Mar 02 16:47:17 kernel:  drm_ioctl_kernel+0xad/0x100
Mar 02 16:47:17 kernel:  drm_ioctl+0x277/0x4e0
Mar 02 16:47:17 kernel:  __x64_sys_ioctl+0x94/0xc0
Mar 02 16:47:17 kernel:  do_syscall_64+0x82/0x190
Mar 02 16:47:17 kernel:  entry_SYSCALL_64_after_hwframe+0x76/0x7e
Mar 02 16:47:17 kernel: 
Mar 02 16:47:17 kernel: freed by task 1220 on cpu 14 at 16213.185042s (0.404316s ago):
Mar 02 16:47:17 kernel:  _nv000801kms+0x49/0x60 [nvidia_modeset]
Mar 02 16:47:17 kernel:  nvKmsIoctl+0xf7/0x270 [nvidia_modeset]
Mar 02 16:47:17 kernel:  nvkms_ioctl_from_kapi+0x73/0xe0 [nvidia_modeset]
Mar 02 16:47:17 kernel:  _nv000110kms+0x4b/0x60 [nvidia_modeset]
Mar 02 16:47:17 kernel:  nv_drm_framebuffer_destroy+0x3b/0x50 [nvidia_drm]
Mar 02 16:47:17 kernel:  drm_mode_closefb_ioctl+0x6b/0x90
Mar 02 16:47:17 kernel:  drm_ioctl_kernel+0xad/0x100
Mar 02 16:47:17 kernel:  drm_ioctl+0x277/0x4e0
Mar 02 16:47:17 kernel:  __x64_sys_ioctl+0x94/0xc0
Mar 02 16:47:17 kernel:  do_syscall_64+0x82/0x190
Mar 02 16:47:17 kernel:  entry_SYSCALL_64_after_hwframe+0x76/0x7e
Mar 02 16:47:17 kernel: 
Mar 02 16:47:17 kernel: CPU: 4 UID: 1000 PID: 1250 Comm: KMS thread Tainted: P           OE      6.13.5-1-arch1 #1 d667fe2c15e9cb1c797b8fe1d4e1b79a4d106a8e
Mar 02 16:47:17 kernel: Tainted: [P]=PROPRIETARY_MODULE, [O]=OOT_MODULE, [E]=UNSIGNED_MODULE
Mar 02 16:47:17 kernel: Hardware name: Micro-Star International Co., Ltd. MS-7D31/MPG Z690 EDGE WIFI DDR4 (MS-7D31), BIOS 1.J0 08/13/2024
Mar 02 16:47:17 kernel: ==================================================================

Please find attached bug report:

nvidia-bug-report.log (15.7 MB)

willymdv · March 9, 2025, 5:04pm

Same issue here on fresh OS install.

> [  195.634011] ==================================================================
> [  195.634018] BUG: KFENCE: use-after-free read in _nv000177kms+0x439/0x2a10 [nvidia_modeset]
> 
> [  195.634137] Use-after-free read at 0x000000005417d93f (in kfence-#134):
> [  195.634145]  _nv000177kms+0x439/0x2a10 [nvidia_modeset]
> [  195.634253]  _nv002879kms+0x663/0x9c0 [nvidia_modeset]
> [  195.634358]  _nv000392kms+0x1e1/0x400 [nvidia_modeset]
> [  195.634462]  _nv002878kms+0xf1a/0x11e0 [nvidia_modeset]
> [  195.634566]  _nv002988kms+0x79c/0xd30 [nvidia_modeset]
> [  195.634670]  nvKmsIoctl+0xf7/0x270 [nvidia_modeset]
> [  195.634775]  nvkms_ioctl_from_kapi_try_pmlock+0x57/0x90 [nvidia_modeset]
> [  195.634879]  _nv000023kms+0x56b/0xbc0 [nvidia_modeset]
> [  195.634983]  nv_drm_atomic_commit+0x6d4/0xb90 [nvidia_drm]
> [  195.635013]  drm_mode_atomic_ioctl+0x7ac/0x830
> [  195.635022]  drm_ioctl_kernel+0xb0/0xe0
> [  195.635033]  drm_ioctl+0x200/0x2c0
> [  195.635043]  __x64_sys_ioctl+0x129/0x230
> [  195.635052]  do_syscall_64+0x85/0x134
> [  195.635062]  entry_SYSCALL_64_after_hwframe+0x76/0x7e
> 
> [  195.635077] kfence-#134: 0x00000000285011bb-0x00000000170bfea6, size=328, cache=kmalloc-512
> 
> [  195.635086] allocated by task 1195 on cpu 2 at 195.549330s (0.085755s ago):
> [  195.635103]  nvkms_alloc+0x5b/0xa0 [nvidia_modeset]
> [  195.635211]  _nv003020kms+0x22/0x40 [nvidia_modeset]
> [  195.635315]  _nv002842kms+0x266/0x740 [nvidia_modeset]
> [  195.635420]  _nv000719kms+0x40/0x60 [nvidia_modeset]
> [  195.635524]  nvKmsIoctl+0xf7/0x270 [nvidia_modeset]
> [  195.635628]  nvkms_ioctl_from_kapi+0x9c/0xd0 [nvidia_modeset]
> [  195.635732]  _nv000096kms+0x19d/0x240 [nvidia_modeset]
> [  195.635837]  nv_drm_internal_framebuffer_create+0x441/0x590 [nvidia_drm]
> [  195.635865]  nv_drm_framebuffer_create+0x40/0x60 [nvidia_drm]
> [  195.635890]  drm_internal_framebuffer_create+0x207/0x230
> 
> [  195.635901] freed by task 1195 on cpu 0 at 195.596718s (0.039181s ago):
> [  195.635915]  _nv000801kms+0x49/0x60 [nvidia_modeset]
> [  195.636022]  nvKmsIoctl+0xf7/0x270 [nvidia_modeset]
> [  195.636127]  nvkms_ioctl_from_kapi+0x9c/0xd0 [nvidia_modeset]
> [  195.636231]  _nv000110kms+0x4b/0x60 [nvidia_modeset]
> [  195.636335]  nv_drm_framebuffer_destroy+0x34/0x100 [nvidia_drm]
> [  195.636361]  drm_mode_closefb_ioctl+0x112/0x130
> [  195.636371]  drm_ioctl_kernel+0xb0/0xe0
> [  195.636382]  drm_ioctl+0x200/0x2c0
> [  195.636392]  __x64_sys_ioctl+0x129/0x230
> [  195.636400]  do_syscall_64+0x85/0x134
> [  195.636410]  entry_SYSCALL_64_after_hwframe+0x76/0x7e
> 
> [  195.636424] CPU: 1 UID: 1000 PID: 1222 Comm: KMS thread Tainted: P           OE      6.13.6-2-cachyos #1 949f4b16df602fdea2a660bba2d7d2bab01dfa13
> [  195.636441] Tainted: [P]=PROPRIETARY_MODULE, [O]=OOT_MODULE, [E]=UNSIGNED_MODULE
> [  195.636444] Hardware name: System manufacturer System Product Name/Z170 PRO GAMING/AURA, BIOS 3805 05/16/2018
> [  195.636449] ==================================================================[  195.634011] ==================================================================
> [  195.634018] BUG: KFENCE: use-after-free read in _nv000177kms+0x439/0x2a10 [nvidia_modeset]
> 
> [  195.634137] Use-after-free read at 0x000000005417d93f (in kfence-#134):
> [  195.634145]  _nv000177kms+0x439/0x2a10 [nvidia_modeset]
> [  195.634253]  _nv002879kms+0x663/0x9c0 [nvidia_modeset]
> [  195.634358]  _nv000392kms+0x1e1/0x400 [nvidia_modeset]
> [  195.634462]  _nv002878kms+0xf1a/0x11e0 [nvidia_modeset]
> [  195.634566]  _nv002988kms+0x79c/0xd30 [nvidia_modeset]
> [  195.634670]  nvKmsIoctl+0xf7/0x270 [nvidia_modeset]
> [  195.634775]  nvkms_ioctl_from_kapi_try_pmlock+0x57/0x90 [nvidia_modeset]
> [  195.634879]  _nv000023kms+0x56b/0xbc0 [nvidia_modeset]
> [  195.634983]  nv_drm_atomic_commit+0x6d4/0xb90 [nvidia_drm]
> [  195.635013]  drm_mode_atomic_ioctl+0x7ac/0x830
> [  195.635022]  drm_ioctl_kernel+0xb0/0xe0
> [  195.635033]  drm_ioctl+0x200/0x2c0
> [  195.635043]  __x64_sys_ioctl+0x129/0x230
> [  195.635052]  do_syscall_64+0x85/0x134
> [  195.635062]  entry_SYSCALL_64_after_hwframe+0x76/0x7e
> 
> [  195.635077] kfence-#134: 0x00000000285011bb-0x00000000170bfea6, size=328, cache=kmalloc-512
> 
> [  195.635086] allocated by task 1195 on cpu 2 at 195.549330s (0.085755s ago):
> [  195.635103]  nvkms_alloc+0x5b/0xa0 [nvidia_modeset]
> [  195.635211]  _nv003020kms+0x22/0x40 [nvidia_modeset]
> [  195.635315]  _nv002842kms+0x266/0x740 [nvidia_modeset]
> [  195.635420]  _nv000719kms+0x40/0x60 [nvidia_modeset]
> [  195.635524]  nvKmsIoctl+0xf7/0x270 [nvidia_modeset]
> [  195.635628]  nvkms_ioctl_from_kapi+0x9c/0xd0 [nvidia_modeset]
> [  195.635732]  _nv000096kms+0x19d/0x240 [nvidia_modeset]
> [  195.635837]  nv_drm_internal_framebuffer_create+0x441/0x590 [nvidia_drm]
> [  195.635865]  nv_drm_framebuffer_create+0x40/0x60 [nvidia_drm]
> [  195.635890]  drm_internal_framebuffer_create+0x207/0x230
> 
> [  195.635901] freed by task 1195 on cpu 0 at 195.596718s (0.039181s ago):
> [  195.635915]  _nv000801kms+0x49/0x60 [nvidia_modeset]
> [  195.636022]  nvKmsIoctl+0xf7/0x270 [nvidia_modeset]
> [  195.636127]  nvkms_ioctl_from_kapi+0x9c/0xd0 [nvidia_modeset]
> [  195.636231]  _nv000110kms+0x4b/0x60 [nvidia_modeset]
> [  195.636335]  nv_drm_framebuffer_destroy+0x34/0x100 [nvidia_drm]
> [  195.636361]  drm_mode_closefb_ioctl+0x112/0x130
> [  195.636371]  drm_ioctl_kernel+0xb0/0xe0
> [  195.636382]  drm_ioctl+0x200/0x2c0
> [  195.636392]  __x64_sys_ioctl+0x129/0x230
> [  195.636400]  do_syscall_64+0x85/0x134
> [  195.636410]  entry_SYSCALL_64_after_hwframe+0x76/0x7e
> 
> [  195.636424] CPU: 1 UID: 1000 PID: 1222 Comm: KMS thread Tainted: P           OE      6.13.6-2-cachyos #1 949f4b16df602fdea2a660bba2d7d2bab01dfa13
> [  195.636441] Tainted: [P]=PROPRIETARY_MODULE, [O]=OOT_MODULE, [E]=UNSIGNED_MODULE
> [  195.636444] Hardware name: System manufacturer System Product Name/Z170 PRO GAMING/AURA, BIOS 3805 05/16/2018
> [  195.636449] ==================================================================

nvidia-bug-report.log (1.9 MB)

amel_ancoli · March 10, 2025, 2:03pm

Same issue here
Operating System: CachyOS Linux
KDE Plasma Version: 6.3.2
KDE Frameworks Version: 6.11.0
Qt Version: 6.8.2
Kernel Version: 6.13.6-2-cachyos (64-bit)
Graphics Platform: Wayland
Processors: 16 × AMD Ryzen 7 5700G with Radeon Graphics
Memory: 15.0 GiB of RAM
Graphics Processor 1: NVIDIA GeForce GTX 960/PCIe/SSE2
Graphics Processor 2: NVIDIA GeForce GTX 960/PCIe/SSE2
Product Name: B450M-HDV R4.0

[19247.465983] BUG: KFENCE: use-after-free read in _nv000177kms+0x439/0x2a10 [nvidia_modeset]

[19247.466006] Use-after-free read at 0x00000000aff29bcf (in kfence-#182):
[19247.466009]  _nv000177kms+0x439/0x2a10 [nvidia_modeset]
[19247.466028]  _nv002879kms+0x665/0x9c0 [nvidia_modeset]
[19247.466046]  _nv000392kms+0x1e1/0x400 [nvidia_modeset]
[19247.466063]  _nv002878kms+0xf1a/0x11e0 [nvidia_modeset]
[19247.466081]  _nv002988kms+0x79c/0xd30 [nvidia_modeset]
[19247.466099]  nvKmsIoctl+0xf9/0x270 [nvidia_modeset]
[19247.466116]  nvkms_ioctl_from_kapi_try_pmlock+0x57/0x90 [nvidia_modeset]
[19247.466134]  _nv000023kms+0x56b/0xbc0 [nvidia_modeset]
[19247.466152]  nv_drm_atomic_commit+0x6d7/0xb90 [nvidia_drm]
[19247.466158]  drm_mode_atomic_ioctl+0x7ac/0x830
[19247.466161]  drm_ioctl_kernel+0xb3/0xe0
[19247.466164]  drm_ioctl+0x200/0x2c0
[19247.466167]  __x64_sys_ioctl+0x12c/0x230
[19247.466170]  do_syscall_64+0x85/0x134
[19247.466174]  entry_SYSCALL_64_after_hwframe+0x76/0x7e

[19247.466178] kfence-#182: 0x00000000f9162330-0x000000005262b7d6, size=328, cache=kmalloc-512

[19247.466181] allocated by task 1554 on cpu 8 at 19247.429040s (0.037140s ago):
[19247.466186]  nvkms_alloc+0x5b/0xa0 [nvidia_modeset]
[19247.466205]  _nv003020kms+0x22/0x40 [nvidia_modeset]
[19247.466222]  _nv002842kms+0x266/0x740 [nvidia_modeset]
[19247.466240]  _nv000719kms+0x40/0x60 [nvidia_modeset]
[19247.466257]  nvKmsIoctl+0xf9/0x270 [nvidia_modeset]
[19247.466275]  nvkms_ioctl_from_kapi+0x9c/0xd0 [nvidia_modeset]
[19247.466293]  _nv000096kms+0x19d/0x240 [nvidia_modeset]
[19247.466310]  nv_drm_internal_framebuffer_create+0x444/0x590 [nvidia_drm]
[19247.466315]  nv_drm_framebuffer_create+0x40/0x60 [nvidia_drm]
[19247.466319]  drm_internal_framebuffer_create+0x20a/0x230

[19247.466323] freed by task 1554 on cpu 8 at 19247.451667s (0.014655s ago):
[19247.466327]  _nv000801kms+0x49/0x60 [nvidia_modeset]
[19247.466345]  nvKmsIoctl+0xf9/0x270 [nvidia_modeset]
[19247.466362]  nvkms_ioctl_from_kapi+0x9c/0xd0 [nvidia_modeset]
[19247.466380]  _nv000110kms+0x4b/0x60 [nvidia_modeset]
[19247.466398]  nv_drm_framebuffer_destroy+0x37/0x100 [nvidia_drm]
[19247.466402]  drm_mode_closefb_ioctl+0x112/0x130
[19247.466405]  drm_ioctl_kernel+0xb3/0xe0
[19247.466408]  drm_ioctl+0x200/0x2c0
[19247.466411]  __x64_sys_ioctl+0x12c/0x230
[19247.466413]  do_syscall_64+0x85/0x134
[19247.466416]  entry_SYSCALL_64_after_hwframe+0x76/0x7e

[19247.466421] CPU: 15 UID: 1000 PID: 1595 Comm: HDMI-A-1 Tainted: P           OE      6.13.6-2-cachyos #1 949f4b16df602fdea2a660bba2d7d2bab01dfa13
[19247.466426] Tainted: [P]=PROPRIETARY_MODULE, [O]=OOT_MODULE, [E]=UNSIGNED_MODULE
[19247.466428] Hardware name: To Be Filled By O.E.M. B450M-HDV R4.0/B450M-HDV R4.0, BIOS P10.10 01/24/2024
[19247.466429] =====================

nvidia-bug-report.log.gz (1.3 MB)

Thomas_007 · March 10, 2025, 5:53pm

==================================================================
[Mo, 10. Mär 2025, 18:14:03] BUG: KFENCE: use-after-free read in _nv000177kms+0x439/0x2a10 [nvidia_modeset]

[Mo, 10. Mär 2025, 18:14:03] Use-after-free read at 0x000000003e334386 (in kfence-#79):
[Mo, 10. Mär 2025, 18:14:03] _nv000177kms+0x439/0x2a10 [nvidia_modeset]
[Mo, 10. Mär 2025, 18:14:03] _nv002879kms+0x663/0x9c0 [nvidia_modeset]
[Mo, 10. Mär 2025, 18:14:03] _nv000392kms+0x1e1/0x400 [nvidia_modeset]
[Mo, 10. Mär 2025, 18:14:03] _nv002878kms+0xf1a/0x11e0 [nvidia_modeset]
[Mo, 10. Mär 2025, 18:14:03] _nv002988kms+0x79c/0xd30 [nvidia_modeset]
[Mo, 10. Mär 2025, 18:14:03] nvKmsIoctl+0xf7/0x270 [nvidia_modeset]
[Mo, 10. Mär 2025, 18:14:03] nvkms_ioctl_from_kapi_try_pmlock+0x64/0xb0 [nvidia_modeset]
[Mo, 10. Mär 2025, 18:14:03] _nv000023kms+0x56b/0xbc0 [nvidia_modeset]
[Mo, 10. Mär 2025, 18:14:03] nv_drm_atomic_apply_modeset_config+0x4bb/0x830 [nvidia_drm]
[Mo, 10. Mär 2025, 18:14:03] nv_drm_atomic_commit+0xe6/0x460 [nvidia_drm]
[Mo, 10. Mär 2025, 18:14:03] drm_mode_atomic_ioctl+0xcb9/0xfc0
[Mo, 10. Mär 2025, 18:14:03] drm_ioctl_kernel+0xad/0x100
[Mo, 10. Mär 2025, 18:14:03] drm_ioctl+0x277/0x4c0
[Mo, 10. Mär 2025, 18:14:03] __x64_sys_ioctl+0x94/0xc0
[Mo, 10. Mär 2025, 18:14:03] do_syscall_64+0x82/0x190
[Mo, 10. Mär 2025, 18:14:03] entry_SYSCALL_64_after_hwframe+0x76/0x7e

[Mo, 10. Mär 2025, 18:14:03] kfence-#79: 0x0000000093bac16f-0x000000006c217955, size=328, cache=kmalloc-512

[Mo, 10. Mär 2025, 18:14:03] allocated by task 2633 on cpu 3 at 13678.474282s (0.016240s ago):
[Mo, 10. Mär 2025, 18:14:03] nvkms_alloc+0x50/0xa0 [nvidia_modeset]
[Mo, 10. Mär 2025, 18:14:03] _nv003020kms+0x22/0x40 [nvidia_modeset]
[Mo, 10. Mär 2025, 18:14:03] _nv002842kms+0x266/0x740 [nvidia_modeset]
[Mo, 10. Mär 2025, 18:14:03] _nv000719kms+0x40/0x60 [nvidia_modeset]
[Mo, 10. Mär 2025, 18:14:03] nvKmsIoctl+0xf7/0x270 [nvidia_modeset]
[Mo, 10. Mär 2025, 18:14:03] nvkms_ioctl_from_kapi+0x73/0xe0 [nvidia_modeset]
[Mo, 10. Mär 2025, 18:14:03] _nv000096kms+0x19d/0x240 [nvidia_modeset]
[Mo, 10. Mär 2025, 18:14:03] nv_drm_internal_framebuffer_create+0x32b/0x4c0 [nvidia_drm]
[Mo, 10. Mär 2025, 18:14:03] nv_drm_framebuffer_create+0x99/0xc0 [nvidia_drm]
[Mo, 10. Mär 2025, 18:14:03] drm_internal_framebuffer_create+0xaa/0x180
[Mo, 10. Mär 2025, 18:14:03] drm_mode_addfb2_ioctl+0x42/0xf0
[Mo, 10. Mär 2025, 18:14:03] drm_ioctl_kernel+0xad/0x100
[Mo, 10. Mär 2025, 18:14:03] drm_ioctl+0x277/0x4c0
[Mo, 10. Mär 2025, 18:14:03] __x64_sys_ioctl+0x94/0xc0
[Mo, 10. Mär 2025, 18:14:03] do_syscall_64+0x82/0x190
[Mo, 10. Mär 2025, 18:14:03] entry_SYSCALL_64_after_hwframe+0x76/0x7e

[Mo, 10. Mär 2025, 18:14:03] freed by task 2633 on cpu 3 at 13678.489651s (0.001111s ago):
[Mo, 10. Mär 2025, 18:14:03] _nv000801kms+0x49/0x60 [nvidia_modeset]
[Mo, 10. Mär 2025, 18:14:03] nvKmsIoctl+0xf7/0x270 [nvidia_modeset]
[Mo, 10. Mär 2025, 18:14:03] nvkms_ioctl_from_kapi+0x73/0xe0 [nvidia_modeset]
[Mo, 10. Mär 2025, 18:14:03] _nv000110kms+0x4b/0x60 [nvidia_modeset]
[Mo, 10. Mär 2025, 18:14:03] nv_drm_framebuffer_destroy+0x3b/0x50 [nvidia_drm]
[Mo, 10. Mär 2025, 18:14:03] drm_mode_closefb_ioctl+0x10e/0x150
[Mo, 10. Mär 2025, 18:14:03] drm_ioctl_kernel+0xad/0x100
[Mo, 10. Mär 2025, 18:14:03] drm_ioctl+0x277/0x4c0
[Mo, 10. Mär 2025, 18:14:03] __x64_sys_ioctl+0x94/0xc0
[Mo, 10. Mär 2025, 18:14:03] do_syscall_64+0x82/0x190
[Mo, 10. Mär 2025, 18:14:03] entry_SYSCALL_64_after_hwframe+0x76/0x7e

[Mo, 10. Mär 2025, 18:14:03] CPU: 25 UID: 1000 PID: 2663 Comm: KMS thread Tainted: P OE 6.13.6-2-cachyos-gcc #1 ebeeb85824bb8a6f1c383a368ca896795f2e750d
[Mo, 10. Mär 2025, 18:14:03] Tainted: [P]=PROPRIETARY_MODULE, [O]=OOT_MODULE, [E]=UNSIGNED_MODULE
[Mo, 10. Mär 2025, 18:14:03] Hardware name: ASUS System Product Name/Pro WS W790E-SAGE SE, BIOS 1502 08/30/2024
[Mo, 10. Mär 2025, 18:14:03] ==================================================================

Tekstryder · March 20, 2025, 11:40pm

This use-after-free issue is still present with nVidia 570.133.07 Production Branch drivers.

Latest stack:

Arch Linux | Kernel 6.13.7
Gnome-shell | Mutter 48.0
Wayland (meson_options: xwayland=false, x11=false)
Gtk4 4.18.2
Mesa 25.0.2
vulkan-icd-loader 1.4.304
nVidia 570.133.07

Linking back to overall summary tracker:

Attaching a new bug report for the latest driver version:

nvidia-bug-report.log.gz (1.9 MB)

daniel476 · March 21, 2025, 6:13pm

~~Looks like all the reports are using Intel chipsets~~, have not seen this once on X870E in the past month. ~~Should hopefully be easy for nvidia to repro if so.~~

Tekstryder · March 21, 2025, 6:19pm

That’s not an Intel platform.

daniel476 · March 21, 2025, 6:37pm

My bad I missed that one, is there anything you know of to repro so I can add bug report if possible?

Tekstryder · March 21, 2025, 7:08pm

Unfortunately no. If there was STR I’d have included it.

Plenty of them tho since 570 install:

$ journalctl | grep nv000177kms | wc -l
218

One recent boot:

-- Boot 212e41aa18d34f86afdc9a09cf762ff5 --
Mar 13 20:45:08 kernel: BUG: KFENCE: use-after-free read in _nv000177kms+0x439/0x2a10 [nvidia_modeset]
Mar 13 20:45:08 kernel:  _nv000177kms+0x439/0x2a10 [nvidia_modeset]
Mar 13 21:26:56 kernel: BUG: KFENCE: use-after-free read in _nv000177kms+0x439/0x2a10 [nvidia_modeset]
Mar 13 21:26:56 kernel:  _nv000177kms+0x439/0x2a10 [nvidia_modeset]
Mar 14 09:42:53 kernel: BUG: KFENCE: use-after-free read in _nv000177kms+0x439/0x2a10 [nvidia_modeset]
Mar 14 09:42:53 kernel:  _nv000177kms+0x439/0x2a10 [nvidia_modeset]
Mar 14 09:53:01 kernel: BUG: KFENCE: use-after-free read in _nv000177kms+0x439/0x2a10 [nvidia_modeset]
Mar 14 09:53:01 kernel:  _nv000177kms+0x439/0x2a10 [nvidia_modeset]
Mar 14 11:38:39 kernel: BUG: KFENCE: use-after-free read in _nv000177kms+0x439/0x2a10 [nvidia_modeset]
Mar 14 11:38:39 kernel:  _nv000177kms+0x439/0x2a10 [nvidia_modeset]
Mar 14 13:09:30 kernel: BUG: KFENCE: use-after-free read in _nv000177kms+0x439/0x2a10 [nvidia_modeset]
Mar 14 13:09:30 kernel:  _nv000177kms+0x439/0x2a10 [nvidia_modeset]
Mar 14 16:54:17 kernel: BUG: KFENCE: use-after-free read in _nv000177kms+0x439/0x2a10 [nvidia_modeset]
Mar 14 16:54:17 kernel:  _nv000177kms+0x439/0x2a10 [nvidia_modeset]
Mar 14 20:24:09 kernel: BUG: KFENCE: use-after-free read in _nv000177kms+0x439/0x2a10 [nvidia_modeset]
Mar 14 20:24:09 kernel:  _nv000177kms+0x439/0x2a10 [nvidia_modeset]
Mar 14 20:49:28 kernel: BUG: KFENCE: use-after-free read in _nv000177kms+0x439/0x2a10 [nvidia_modeset]
Mar 14 20:49:28 kernel:  _nv000177kms+0x439/0x2a10 [nvidia_modeset]
Mar 14 21:55:37 kernel: BUG: KFENCE: use-after-free read in _nv000177kms+0x439/0x2a10 [nvidia_modeset]
Mar 14 21:55:37 kernel:  _nv000177kms+0x439/0x2a10 [nvidia_modeset]
Mar 15 17:29:36 kernel: BUG: KFENCE: use-after-free read in _nv000177kms+0x439/0x2a10 [nvidia_modeset]
Mar 15 17:29:36 kernel:  _nv000177kms+0x439/0x2a10 [nvidia_modeset]
Mar 15 17:58:00 kernel: BUG: KFENCE: use-after-free read in _nv000177kms+0x439/0x2a10 [nvidia_modeset]
Mar 15 17:58:00 kernel:  _nv000177kms+0x439/0x2a10 [nvidia_modeset]
Mar 15 18:24:15 kernel: BUG: KFENCE: use-after-free read in _nv000177kms+0x439/0x2a10 [nvidia_modeset]
Mar 15 18:24:15 kernel:  _nv000177kms+0x439/0x2a10 [nvidia_modeset]
Mar 15 18:55:15 kernel: BUG: KFENCE: use-after-free read in _nv000177kms+0x439/0x2a10 [nvidia_modeset]
Mar 15 18:55:15 kernel:  _nv000177kms+0x439/0x2a10 [nvidia_modeset]
Mar 16 10:25:42 kernel: BUG: KFENCE: use-after-free read in _nv000177kms+0x439/0x2a10 [nvidia_modeset]
Mar 16 10:25:42 kernel:  _nv000177kms+0x439/0x2a10 [nvidia_modeset]
Mar 16 19:06:34 kernel: BUG: KFENCE: use-after-free read in _nv000177kms+0x439/0x2a10 [nvidia_modeset]
Mar 16 19:06:34 kernel:  _nv000177kms+0x439/0x2a10 [nvidia_modeset]
Mar 16 21:34:07 kernel: BUG: KFENCE: use-after-free read in _nv000177kms+0x439/0x2a10 [nvidia_modeset]
Mar 16 21:34:07 kernel:  _nv000177kms+0x439/0x2a10 [nvidia_modeset]
Mar 17 10:03:30 kernel: BUG: KFENCE: use-after-free read in _nv000177kms+0x439/0x2a10 [nvidia_modeset]
Mar 17 10:03:30 kernel:  _nv000177kms+0x439/0x2a10 [nvidia_modeset]
Mar 17 18:15:36 kernel: BUG: KFENCE: use-after-free read in _nv000177kms+0x439/0x2a10 [nvidia_modeset]
Mar 17 18:15:36 kernel:  _nv000177kms+0x439/0x2a10 [nvidia_modeset]
Mar 18 11:37:31 kernel: BUG: KFENCE: use-after-free read in _nv000177kms+0x439/0x2a10 [nvidia_modeset]
Mar 18 11:37:31 kernel:  _nv000177kms+0x439/0x2a10 [nvidia_modeset]
Mar 18 14:56:12 kernel: BUG: KFENCE: use-after-free read in _nv000177kms+0x439/0x2a10 [nvidia_modeset]
Mar 18 14:56:12 kernel:  _nv000177kms+0x439/0x2a10 [nvidia_modeset]
Mar 18 17:15:44 kernel: BUG: KFENCE: use-after-free read in _nv000177kms+0x439/0x2a10 [nvidia_modeset]
Mar 18 17:15:44 kernel:  _nv000177kms+0x439/0x2a10 [nvidia_modeset]
Mar 18 17:21:07 kernel: BUG: KFENCE: use-after-free read in _nv000177kms+0x439/0x2a10 [nvidia_modeset]
Mar 18 17:21:07 kernel:  _nv000177kms+0x439/0x2a10 [nvidia_modeset]
Mar 18 17:26:47 kernel: BUG: KFENCE: use-after-free read in _nv000177kms+0x439/0x2a10 [nvidia_modeset]
Mar 18 17:26:47 kernel:  _nv000177kms+0x439/0x2a10 [nvidia_modeset]
Mar 18 18:16:41 kernel: BUG: KFENCE: use-after-free read in _nv000177kms+0x439/0x2a10 [nvidia_modeset]
Mar 18 18:16:41 kernel:  _nv000177kms+0x439/0x2a10 [nvidia_modeset]
Mar 18 18:29:48 kernel: BUG: KFENCE: use-after-free read in _nv000177kms+0x439/0x2a10 [nvidia_modeset]
Mar 18 18:29:48 kernel:  _nv000177kms+0x439/0x2a10 [nvidia_modeset]
Mar 18 18:45:23 kernel: BUG: KFENCE: use-after-free read in _nv000177kms+0x439/0x2a10 [nvidia_modeset]
Mar 18 18:45:23 kernel:  _nv000177kms+0x439/0x2a10 [nvidia_modeset]
Mar 18 18:52:07 kernel: BUG: KFENCE: use-after-free read in _nv000177kms+0x439/0x2a10 [nvidia_modeset]
Mar 18 18:52:07 kernel:  _nv000177kms+0x439/0x2a10 [nvidia_modeset]
Mar 18 19:40:46 kernel: BUG: KFENCE: use-after-free read in _nv000177kms+0x439/0x2a10 [nvidia_modeset]
Mar 18 19:40:46 kernel:  _nv000177kms+0x439/0x2a10 [nvidia_modeset]
Mar 18 19:42:22 kernel: BUG: KFENCE: use-after-free read in _nv000177kms+0x439/0x2a10 [nvidia_modeset]
Mar 18 19:42:22 kernel:  _nv000177kms+0x439/0x2a10 [nvidia_modeset]
Mar 18 20:37:24 kernel: BUG: KFENCE: use-after-free read in _nv000177kms+0x439/0x2a10 [nvidia_modeset]
Mar 18 20:37:24 kernel:  _nv000177kms+0x439/0x2a10 [nvidia_modeset]
Mar 18 22:52:17 kernel: BUG: KFENCE: use-after-free read in _nv000177kms+0x439/0x2a10 [nvidia_modeset]
Mar 18 22:52:17 kernel:  _nv000177kms+0x439/0x2a10 [nvidia_modeset]
Mar 18 23:34:41 kernel: BUG: KFENCE: use-after-free read in _nv000177kms+0x439/0x2a10 [nvidia_modeset]
Mar 18 23:34:41 kernel:  _nv000177kms+0x439/0x2a10 [nvidia_modeset]
Mar 19 14:38:59 kernel: BUG: KFENCE: use-after-free read in _nv000177kms+0x439/0x2a10 [nvidia_modeset]
Mar 19 14:38:59 kernel:  _nv000177kms+0x439/0x2a10 [nvidia_modeset]
Mar 19 19:08:41 kernel: BUG: KFENCE: use-after-free read in _nv000177kms+0x439/0x2a10 [nvidia_modeset]
Mar 19 19:08:41 kernel:  _nv000177kms+0x439/0x2a10 [nvidia_modeset]
Mar 19 20:00:30 kernel: BUG: KFENCE: use-after-free read in _nv000177kms+0x439/0x2a10 [nvidia_modeset]
Mar 19 20:00:30 kernel:  _nv000177kms+0x439/0x2a10 [nvidia_modeset]
Mar 19 20:57:16 kernel: BUG: KFENCE: use-after-free read in _nv000177kms+0x439/0x2a10 [nvidia_modeset]
Mar 19 20:57:16 kernel:  _nv000177kms+0x439/0x2a10 [nvidia_modeset]
Mar 19 21:12:06 kernel: BUG: KFENCE: use-after-free read in _nv000177kms+0x439/0x2a10 [nvidia_modeset]
Mar 19 21:12:06 kernel:  _nv000177kms+0x439/0x2a10 [nvidia_modeset]
Mar 19 21:25:20 kernel: BUG: KFENCE: use-after-free read in _nv000177kms+0x439/0x2a10 [nvidia_modeset]
Mar 19 21:25:20 kernel:  _nv000177kms+0x439/0x2a10 [nvidia_modeset]
Mar 19 21:25:51 kernel: BUG: KFENCE: use-after-free read in _nv000177kms+0x439/0x2a10 [nvidia_modeset]
Mar 19 21:25:51 kernel:  _nv000177kms+0x439/0x2a10 [nvidia_modeset]
Mar 19 23:05:23 kernel: BUG: KFENCE: use-after-free read in _nv000177kms+0x439/0x2a10 [nvidia_modeset]
Mar 19 23:05:23 kernel:  _nv000177kms+0x439/0x2a10 [nvidia_modeset]

Tekstryder · April 24, 2025, 10:40am

Still occurring with the 570.144 Production Branch release driver.

New bug report generated.

nvidia-bug-report.log.gz (1.7 MB)

norbi78 · May 14, 2025, 3:52am

All of us is using CachyOS linux?
This bug is still there in version 570.144

máj 14 05:09:00 cachyos-x8664 kernel: ==================================================================
máj 14 05:09:00 cachyos-x8664 kernel: BUG: KFENCE: use-after-free read in _nv000177kms+0x439/0x2a10 [nvidia_modeset]
máj 14 05:09:00 cachyos-x8664 kernel: Use-after-free read at 0x00000000ef952f5f (in kfence-#20):
máj 14 05:09:00 cachyos-x8664 kernel:  _nv000177kms+0x439/0x2a10 [nvidia_modeset]
máj 14 05:09:00 cachyos-x8664 kernel:  _nv002879kms+0x665/0x9c0 [nvidia_modeset]
máj 14 05:09:00 cachyos-x8664 kernel:  _nv000392kms+0x1e1/0x400 [nvidia_modeset]
máj 14 05:09:00 cachyos-x8664 kernel:  _nv002878kms+0xf1a/0x11e0 [nvidia_modeset]
máj 14 05:09:00 cachyos-x8664 kernel:  _nv002988kms+0x79c/0xd30 [nvidia_modeset]
máj 14 05:09:00 cachyos-x8664 kernel:  nvKmsIoctl+0xf9/0x270 [nvidia_modeset]
máj 14 05:09:00 cachyos-x8664 kernel:  nvkms_ioctl_from_kapi_try_pmlock+0x57/0x90 [nvidia_modeset]
máj 14 05:09:00 cachyos-x8664 kernel:  _nv000023kms+0x56b/0xbc0 [nvidia_modeset]
máj 14 05:09:00 cachyos-x8664 kernel:  nv_drm_atomic_commit+0x6d7/0xb90 [nvidia_drm]
máj 14 05:09:00 cachyos-x8664 kernel:  drm_mode_atomic_ioctl+0x5fe/0x6b0
máj 14 05:09:00 cachyos-x8664 kernel:  drm_ioctl+0x26f/0x340
máj 14 05:09:00 cachyos-x8664 kernel:  __x64_sys_ioctl+0x12e/0x1f0
máj 14 05:09:00 cachyos-x8664 kernel:  do_syscall_64+0x85/0x134
máj 14 05:09:00 cachyos-x8664 kernel:  entry_SYSCALL_64_after_hwframe+0x76/0x7e
máj 14 05:09:00 cachyos-x8664 kernel:
máj 14 05:09:00 cachyos-x8664 kernel: kfence-#20: 0x0000000040cb98f4-0x000000001aa0db2c, size=328, cache=kmalloc-512
máj 14 05:09:00 cachyos-x8664 kernel: allocated by task 915 on cpu 5 at 13705.750280s (0.486372s ago):
máj 14 05:09:00 cachyos-x8664 kernel:  nvkms_alloc+0x5b/0xa0 [nvidia_modeset]
máj 14 05:09:00 cachyos-x8664 kernel:  _nv003020kms+0x22/0x40 [nvidia_modeset]
máj 14 05:09:00 cachyos-x8664 kernel:  _nv002842kms+0x266/0x740 [nvidia_modeset]
máj 14 05:09:00 cachyos-x8664 kernel:  _nv000719kms+0x40/0x60 [nvidia_modeset]
máj 14 05:09:00 cachyos-x8664 kernel:  nvKmsIoctl+0xf9/0x270 [nvidia_modeset]
máj 14 05:09:00 cachyos-x8664 kernel:  nvkms_ioctl_from_kapi+0x9c/0xd0 [nvidia_modeset]
máj 14 05:09:00 cachyos-x8664 kernel:  _nv000096kms+0x19d/0x240 [nvidia_modeset]
máj 14 05:09:00 cachyos-x8664 kernel:  nv_drm_internal_framebuffer_create+0x444/0x590 [nvidia_drm]
máj 14 05:09:00 cachyos-x8664 kernel:  nv_drm_framebuffer_create+0x40/0x60 [nvidia_drm]
máj 14 05:09:00 cachyos-x8664 kernel:  drm_internal_framebuffer_create+0x205/0x220
máj 14 05:09:00 cachyos-x8664 kernel:
máj 14 05:09:00 cachyos-x8664 kernel: freed by task 915 on cpu 5 at 13705.771855s (0.464945s ago):
máj 14 05:09:00 cachyos-x8664 kernel:  _nv000801kms+0x49/0x60 [nvidia_modeset]
máj 14 05:09:00 cachyos-x8664 kernel:  nvKmsIoctl+0xf9/0x270 [nvidia_modeset]
máj 14 05:09:00 cachyos-x8664 kernel:  nvkms_ioctl_from_kapi+0x9c/0xd0 [nvidia_modeset]
máj 14 05:09:00 cachyos-x8664 kernel:  _nv000110kms+0x4b/0x60 [nvidia_modeset]
máj 14 05:09:00 cachyos-x8664 kernel:  nv_drm_framebuffer_destroy+0x37/0x100 [nvidia_drm]
máj 14 05:09:00 cachyos-x8664 kernel:  drm_mode_closefb_ioctl+0xc5/0xd0
máj 14 05:09:00 cachyos-x8664 kernel:  drm_ioctl+0x26f/0x340
máj 14 05:09:00 cachyos-x8664 kernel:  __x64_sys_ioctl+0x12e/0x1f0
máj 14 05:09:00 cachyos-x8664 kernel:  do_syscall_64+0x85/0x134
máj 14 05:09:00 cachyos-x8664 kernel:  entry_SYSCALL_64_after_hwframe+0x76/0x7e
máj 14 05:09:00 cachyos-x8664 kernel:
máj 14 05:09:00 cachyos-x8664 kernel: CPU: 10 UID: 1000 PID: 962 Comm: DP-1 Tainted: P           OE      6.14.6-2-cachyos #1 fa016bde76e6b659f51ba29fad589bba022e5469
máj 14 05:09:00 cachyos-x8664 kernel: Tainted: [P]=PROPRIETARY_MODULE, [O]=OOT_MODULE, [E]=UNSIGNED_MODULE
máj 14 05:09:00 cachyos-x8664 kernel: Hardware name: To Be Filled By O.E.M. To Be Filled By O.E.M./AB350M Pro4, BIOS P6.60 07/27/2020
máj 14 05:09:00 cachyos-x8664 kernel: ==================================================================

Linux cachyos-x8664 6.14.6-2-cachyos #1 SMP PREEMPT_DYNAMIC Sat, 10 May 2025 20:09:10 +0000 x86_64 GNU/Linux

nvidia-bug-report.log.gz (1.4 MB)

Tekstryder · May 14, 2025, 10:43am

Nope.

amrits · May 14, 2025, 5:29pm

Hi All,
I have raised a bug 5282077 internally for tracking purpose.
Please confirm if you see these errors just after installing driver and if it crashes system or any application or any other issues.

Tekstryder · May 14, 2025, 7:27pm

Thanks!!

No, they occur “randomly” while using apps, opening/closing windows, or just working in a terminal.

Never. They appear to be “harmless” noise.

But, use-after-free is never good.

Only that they’re frequent. Unfortunately no known steps to reproduce.

Since the day of update to the 570.124.04 driver when they first started:

2025-02-27 12:40:29-0500] [ALPM] upgraded nvidia-utils (570.86.16-2 -> 570.124.04-1)

$ journalctl --since 2025-02-26 | grep nv000177kms | wc -l
624

kernel 6.14.6
gnome-shell 48.1 (Wayland)
mutter 48.2 (-Dxwayland=false -Dx11=false)
nvidia 570.144

amrits · May 15, 2025, 12:27pm

Thank you for the information, I tried running YouTube videos on chrome browser and glmark2 benchmark.
I started these 2 applications; kept it running for a while and then closed it and kept this iteration for few hours but did not get local repro.

ASRock TRX40 Taichi +Arch Linux OS + Kernel 6.14.5-arch1-1 + Driver 570.124.04 + NVIDIA GeForce GTX 1080 + KDE Plasma + Xwayland

Please let me know if by any chance you come across reliable repro steps.

Tekstryder · May 15, 2025, 12:34pm

Thanks for trying to reproduce.

Do you have va-api video hardware decoding acceleration enabled and functional in chrome?

EDIT:

I’m going to disable it for a few days and see if the error still occurs.

EDIT2:

Clean reboot after disabling va-api decoding.

Didn’t take long to rule that out. Error occurred while on the treadmill with YouTube playing in Brave.

garnish_moocher · May 16, 2025, 3:23am

I have seen this 254 times since upgrading the nvidia driver about 2.5 months ago on an arch linux system. I agree with others that it seems to not have much impact. I cannot correlate it to any specific actions.

To my recollection some of the instances occur when the system is just sitting idle. However, there was about a month when the system was running, but nobody was logged in (i.e. just sitting at the login prompt in GDM) where I do not see any of these bug messages printed out.

Arch Linux
GNOME Shell 47.5
Wayland version 1.23.1

[2025-03-01T08:56:34-0700] [ALPM] upgraded nvidia (570.86.16-5 -> 570.124.04-2)

$ journalctl | grep -i "bug: kfence:" | wc -l
254

$ journalctl | grep -i "bug: kfence:" | head -1
Mar 01 16:44:05 spring kernel: BUG: KFENCE: use-after-free read in _nv000177kms+0x439/0x2a10 [nvidia_modeset]

May 14 19:01:08 spring kernel: ==================================================================
May 14 19:01:08 spring kernel: BUG: KFENCE: use-after-free read in _nv000177kms+0x439/0x2a10 [nvidia_modeset]
May 14 19:01:08 spring kernel: Use-after-free read at 0x0000000028c2a036 (in kfence-#41):
May 14 19:01:08 spring kernel:  _nv000177kms+0x439/0x2a10 [nvidia_modeset]
May 14 19:01:08 spring kernel:  _nv002879kms+0x665/0x9c0 [nvidia_modeset]
May 14 19:01:08 spring kernel:  _nv000392kms+0x1e1/0x400 [nvidia_modeset]
May 14 19:01:08 spring kernel:  _nv002878kms+0xf1a/0x11e0 [nvidia_modeset]
May 14 19:01:08 spring kernel:  _nv002988kms+0x79c/0xd30 [nvidia_modeset]
May 14 19:01:08 spring kernel:  nvKmsIoctl+0xf9/0x270 [nvidia_modeset]
May 14 19:01:08 spring kernel:  nvkms_ioctl_from_kapi_try_pmlock+0x64/0xb0 [nvidia_modeset]
May 14 19:01:08 spring kernel:  _nv000023kms+0x56b/0xbc0 [nvidia_modeset]
May 14 19:01:08 spring kernel:  nv_drm_atomic_apply_modeset_config+0x4bf/0x810 [nvidia_drm]
May 14 19:01:08 spring kernel:  nv_drm_atomic_commit+0x18f/0x490 [nvidia_drm]
May 14 19:01:08 spring kernel:  drm_mode_atomic_ioctl+0xa69/0xcb0
May 14 19:01:08 spring kernel:  drm_ioctl_kernel+0xb0/0x100
May 14 19:01:08 spring kernel:  drm_ioctl+0x277/0x500
May 14 19:01:08 spring kernel:  __x64_sys_ioctl+0x97/0xc0
May 14 19:01:08 spring kernel:  do_syscall_64+0x82/0x190
May 14 19:01:08 spring kernel:  entry_SYSCALL_64_after_hwframe+0x76/0x7e
May 14 19:01:08 spring kernel:
May 14 19:01:08 spring kernel: kfence-#41: 0x0000000029dd2317-0x0000000097f7aa69, size=328, cache=kmalloc-512
May 14 19:01:08 spring kernel: allocated by task 1927 on cpu 8 at 254696.499403s (0.085684s ago):
May 14 19:01:08 spring kernel:  nvkms_alloc+0x50/0xa0 [nvidia_modeset]
May 14 19:01:08 spring kernel:  _nv003020kms+0x22/0x40 [nvidia_modeset]
May 14 19:01:08 spring kernel:  _nv002842kms+0x266/0x740 [nvidia_modeset]
May 14 19:01:08 spring kernel:  _nv000719kms+0x40/0x60 [nvidia_modeset]
May 14 19:01:08 spring kernel:  nvKmsIoctl+0xf9/0x270 [nvidia_modeset]
May 14 19:01:08 spring kernel:  nvkms_ioctl_from_kapi+0x73/0xe0 [nvidia_modeset]
May 14 19:01:08 spring kernel:  _nv000096kms+0x19d/0x240 [nvidia_modeset]
May 14 19:01:08 spring kernel:  nv_drm_internal_framebuffer_create+0x273/0x400 [nvidia_drm]
May 14 19:01:08 spring kernel:  nv_drm_framebuffer_create+0x99/0xc0 [nvidia_drm]
May 14 19:01:08 spring kernel:  drm_internal_framebuffer_create+0x3e5/0x570
May 14 19:01:08 spring kernel:  drm_mode_addfb2+0x42/0xf0
May 14 19:01:08 spring kernel:  drm_ioctl_kernel+0xb0/0x100
May 14 19:01:08 spring kernel:  drm_ioctl+0x277/0x500
May 14 19:01:08 spring kernel:  __x64_sys_ioctl+0x97/0xc0
May 14 19:01:08 spring kernel:  do_syscall_64+0x82/0x190
May 14 19:01:08 spring kernel:  entry_SYSCALL_64_after_hwframe+0x76/0x7e
May 14 19:01:08 spring kernel:
May 14 19:01:08 spring kernel: freed by task 1897 on cpu 1 at 254696.546980s (0.038583s ago):
May 14 19:01:08 spring kernel:  _nv000801kms+0x49/0x60 [nvidia_modeset]
May 14 19:01:08 spring kernel:  nvKmsIoctl+0xf9/0x270 [nvidia_modeset]
May 14 19:01:08 spring kernel:  nvkms_ioctl_from_kapi+0x73/0xe0 [nvidia_modeset]
May 14 19:01:08 spring kernel:  _nv000110kms+0x4b/0x60 [nvidia_modeset]
May 14 19:01:08 spring kernel:  nv_drm_framebuffer_destroy+0x3e/0x50 [nvidia_drm]
May 14 19:01:08 spring kernel:  drm_mode_closefb_ioctl+0x6b/0x90
May 14 19:01:08 spring kernel:  drm_ioctl_kernel+0xb0/0x100
May 14 19:01:08 spring kernel:  drm_ioctl+0x277/0x500
May 14 19:01:08 spring kernel:  __x64_sys_ioctl+0x97/0xc0
May 14 19:01:08 spring kernel:  do_syscall_64+0x82/0x190
May 14 19:01:08 spring kernel:  entry_SYSCALL_64_after_hwframe+0x76/0x7e
May 14 19:01:08 spring kernel:
May 14 19:01:08 spring kernel: CPU: 2 UID: 1000 PID: 1927 Comm: KMS thread Tainted: P    B      OE      6.13.5-arch1-1 #1 a7601aaf9729ecd670c97714fd422c8e98fdc244
May 14 19:01:08 spring kernel: Tainted: [P]=PROPRIETARY_MODULE, [B]=BAD_PAGE, [O]=OOT_MODULE, [E]=UNSIGNED_MODULE
May 14 19:01:08 spring kernel: Hardware name: LENOVO 30B2S0S400/102F, BIOS S00KT38A 03/02/2017
May 14 19:01:08 spring kernel: ==================================================================

$ uname -a
Linux spring 6.13.5-arch1-1 #1 SMP PREEMPT_DYNAMIC Thu, 27 Feb 2025 18:09:44 +0000 x86_64 GNU/Linux

$ lshw -C display
  *-display                
       description: VGA compatible controller
       product: GP104 [GeForce GTX 1070]
       vendor: NVIDIA Corporation
       physical id: 0
       bus info: pci@0000:01:00.0
       logical name: /dev/fb0
       version: a1
       width: 64 bits
       clock: 33MHz
       capabilities: pm msi pciexpress vga_controller bus_master cap_list rom fb
       configuration: depth=32 driver=nvidia latency=0 resolution=2560,1440
       resources: irq:59 memory:fa000000-faffffff memory:e0000000-efffffff memory:f0000000-f1ffffff ioport:e000(size=128) memory:fb000000-fb07ffff

norbi78 · May 18, 2025, 6:05am

I used to watch youtube videos in brave browser too while playing windows game in steam, when I see these kfence bugs.
I’m thinking about that maybe can be related to running out vram situation.
This issue could be related to if I see garbage screen every time while booting after the first graphical mode screen of CachyOS linux with the spining thing? After the garbage screen I get the kde loading screen and desktop. I attaching photos of it. I don’t use any nvidia related kernel parameter and I don’t see this while booting windows.

Using multi monitor setup.
Tried nvidia_drm.fbdev=1 kernel parameter which didn’t help.

Tekstryder · May 29, 2025, 10:03pm

Unfortunately this bug is still present with the 575.57.08 New Feature Branch driver release.

kernel 6.14.9
gnome-shell 48.2 (Wayland)
mutter 48.3 (-Dxwayland=false -Dx11=false)
nVidia 575.57.08

Attaching a fresh bug report.

nvidia-bug-report.log.gz (2.0 MB)

Topic		Replies	Views
BUG: KFENCE: use-after-free read in nv_dma_release_sgt+0x29/0x70 [nvidia] Linux	15	756	December 28, 2024
Use-after-free on GTX 1650 dGPU with 545.29.06 on Fedora 39 + Wayland Linux kernel	24	1645	December 3, 2024
550.78 release feedback & discussion thread Linux	22	4733	June 26, 2024
AMD Ryzen 7 integrated GPU + NVidia 1650 in same linux machine cause Xorg to default to outdated drivers Linux	19	15910	October 12, 2021
Driver crashes after upgrade from 510.68.02 to 515.48.07 on GTX 1080ti Linux boot , kernel , nvbugs	6	1117	January 28, 2023
Device driver crash (unable to handle page fault) after suspend-&-resume with version 555.58.02 on Linux kernel v6.9.9 Linux kernel	13	1891	October 17, 2024
RmInitAdapter failed! since kernel > 6.4 Linux kernel	30	4150	May 27, 2025
[Regression 460 series] Black screen on boot: nvidia-modeset: ERROR: GPU:0: Failed to allocate display engine core DMA push buffer Linux	64	21836	January 7, 2024
555.58.02-10 nvidia-open driver crash Linux pcie , hw , kernel	7	734	August 21, 2024
Bug report: 455.23.04 - Kernel Panic due to NULL pointer dereference Linux	238	41230	July 19, 2023

BUG: KFENCE: use-after-free read in _nv000177kms [nvidia_modeset]

Related topics