BUG: KFENCE: use-after-free read in _nv000177kms [nvidia_modeset]

Tekstryder · March 2, 2025, 10:00pm

This is a new bug first seen with the 570.124.04 Production Branch driver release.

I’ve about 30 instances over the past few days,.

Mar 02 16:47:17 kernel: ==================================================================
Mar 02 16:47:17 kernel: BUG: KFENCE: use-after-free read in _nv000177kms+0x439/0x2a10 [nvidia_modeset]
Mar 02 16:47:17 kernel: Use-after-free read at 0x00000000e7c09e3f (in kfence-#113):
Mar 02 16:47:17 kernel:  _nv000177kms+0x439/0x2a10 [nvidia_modeset]
Mar 02 16:47:17 kernel:  _nv002879kms+0x663/0x9c0 [nvidia_modeset]
Mar 02 16:47:17 kernel:  _nv000392kms+0x1e1/0x400 [nvidia_modeset]
Mar 02 16:47:17 kernel:  _nv002878kms+0xf1a/0x11e0 [nvidia_modeset]
Mar 02 16:47:17 kernel:  _nv002988kms+0x79c/0xd30 [nvidia_modeset]
Mar 02 16:47:17 kernel:  nvKmsIoctl+0xf7/0x270 [nvidia_modeset]
Mar 02 16:47:17 kernel:  nvkms_ioctl_from_kapi_try_pmlock+0x64/0xb0 [nvidia_modeset]
Mar 02 16:47:17 kernel:  _nv000023kms+0x56b/0xbc0 [nvidia_modeset]
Mar 02 16:47:17 kernel:  nv_drm_atomic_apply_modeset_config+0x4bc/0x810 [nvidia_drm]
Mar 02 16:47:17 kernel:  nv_drm_atomic_commit+0x18f/0x490 [nvidia_drm]
Mar 02 16:47:17 kernel:  drm_mode_atomic_ioctl+0xa69/0xcb0
Mar 02 16:47:17 kernel:  drm_ioctl_kernel+0xad/0x100
Mar 02 16:47:17 kernel:  drm_ioctl+0x277/0x4e0
Mar 02 16:47:17 kernel:  __x64_sys_ioctl+0x94/0xc0
Mar 02 16:47:17 kernel:  do_syscall_64+0x82/0x190
Mar 02 16:47:17 kernel:  entry_SYSCALL_64_after_hwframe+0x76/0x7e
Mar 02 16:47:17 kernel: 
Mar 02 16:47:17 kernel: kfence-#113: 0x000000003756a051-0x00000000be2c3ddd, size=328, cache=kmalloc-512
Mar 02 16:47:17 kernel: allocated by task 1220 on cpu 16 at 16213.163360s (0.425901s ago):
Mar 02 16:47:17 kernel:  nvkms_alloc+0x50/0xa0 [nvidia_modeset]
Mar 02 16:47:17 kernel:  _nv003020kms+0x22/0x40 [nvidia_modeset]
Mar 02 16:47:17 kernel:  _nv002842kms+0x266/0x740 [nvidia_modeset]
Mar 02 16:47:17 kernel:  _nv000719kms+0x40/0x60 [nvidia_modeset]
Mar 02 16:47:17 kernel:  nvKmsIoctl+0xf7/0x270 [nvidia_modeset]
Mar 02 16:47:17 kernel:  nvkms_ioctl_from_kapi+0x73/0xe0 [nvidia_modeset]
Mar 02 16:47:17 kernel:  _nv000096kms+0x19d/0x240 [nvidia_modeset]
Mar 02 16:47:17 kernel:  nv_drm_internal_framebuffer_create+0x270/0x400 [nvidia_drm]
Mar 02 16:47:17 kernel:  nv_drm_framebuffer_create+0x99/0xc0 [nvidia_drm]
Mar 02 16:47:17 kernel:  drm_internal_framebuffer_create+0x3e2/0x570
Mar 02 16:47:17 kernel:  drm_mode_addfb2+0x42/0xf0
Mar 02 16:47:17 kernel:  drm_ioctl_kernel+0xad/0x100
Mar 02 16:47:17 kernel:  drm_ioctl+0x277/0x4e0
Mar 02 16:47:17 kernel:  __x64_sys_ioctl+0x94/0xc0
Mar 02 16:47:17 kernel:  do_syscall_64+0x82/0x190
Mar 02 16:47:17 kernel:  entry_SYSCALL_64_after_hwframe+0x76/0x7e
Mar 02 16:47:17 kernel: 
Mar 02 16:47:17 kernel: freed by task 1220 on cpu 14 at 16213.185042s (0.404316s ago):
Mar 02 16:47:17 kernel:  _nv000801kms+0x49/0x60 [nvidia_modeset]
Mar 02 16:47:17 kernel:  nvKmsIoctl+0xf7/0x270 [nvidia_modeset]
Mar 02 16:47:17 kernel:  nvkms_ioctl_from_kapi+0x73/0xe0 [nvidia_modeset]
Mar 02 16:47:17 kernel:  _nv000110kms+0x4b/0x60 [nvidia_modeset]
Mar 02 16:47:17 kernel:  nv_drm_framebuffer_destroy+0x3b/0x50 [nvidia_drm]
Mar 02 16:47:17 kernel:  drm_mode_closefb_ioctl+0x6b/0x90
Mar 02 16:47:17 kernel:  drm_ioctl_kernel+0xad/0x100
Mar 02 16:47:17 kernel:  drm_ioctl+0x277/0x4e0
Mar 02 16:47:17 kernel:  __x64_sys_ioctl+0x94/0xc0
Mar 02 16:47:17 kernel:  do_syscall_64+0x82/0x190
Mar 02 16:47:17 kernel:  entry_SYSCALL_64_after_hwframe+0x76/0x7e
Mar 02 16:47:17 kernel: 
Mar 02 16:47:17 kernel: CPU: 4 UID: 1000 PID: 1250 Comm: KMS thread Tainted: P           OE      6.13.5-1-arch1 #1 d667fe2c15e9cb1c797b8fe1d4e1b79a4d106a8e
Mar 02 16:47:17 kernel: Tainted: [P]=PROPRIETARY_MODULE, [O]=OOT_MODULE, [E]=UNSIGNED_MODULE
Mar 02 16:47:17 kernel: Hardware name: Micro-Star International Co., Ltd. MS-7D31/MPG Z690 EDGE WIFI DDR4 (MS-7D31), BIOS 1.J0 08/13/2024
Mar 02 16:47:17 kernel: ==================================================================

Please find attached bug report:

nvidia-bug-report.log (15.7 MB)

willymdv · March 9, 2025, 5:04pm

Same issue here on fresh OS install.

> [  195.634011] ==================================================================
> [  195.634018] BUG: KFENCE: use-after-free read in _nv000177kms+0x439/0x2a10 [nvidia_modeset]
> 
> [  195.634137] Use-after-free read at 0x000000005417d93f (in kfence-#134):
> [  195.634145]  _nv000177kms+0x439/0x2a10 [nvidia_modeset]
> [  195.634253]  _nv002879kms+0x663/0x9c0 [nvidia_modeset]
> [  195.634358]  _nv000392kms+0x1e1/0x400 [nvidia_modeset]
> [  195.634462]  _nv002878kms+0xf1a/0x11e0 [nvidia_modeset]
> [  195.634566]  _nv002988kms+0x79c/0xd30 [nvidia_modeset]
> [  195.634670]  nvKmsIoctl+0xf7/0x270 [nvidia_modeset]
> [  195.634775]  nvkms_ioctl_from_kapi_try_pmlock+0x57/0x90 [nvidia_modeset]
> [  195.634879]  _nv000023kms+0x56b/0xbc0 [nvidia_modeset]
> [  195.634983]  nv_drm_atomic_commit+0x6d4/0xb90 [nvidia_drm]
> [  195.635013]  drm_mode_atomic_ioctl+0x7ac/0x830
> [  195.635022]  drm_ioctl_kernel+0xb0/0xe0
> [  195.635033]  drm_ioctl+0x200/0x2c0
> [  195.635043]  __x64_sys_ioctl+0x129/0x230
> [  195.635052]  do_syscall_64+0x85/0x134
> [  195.635062]  entry_SYSCALL_64_after_hwframe+0x76/0x7e
> 
> [  195.635077] kfence-#134: 0x00000000285011bb-0x00000000170bfea6, size=328, cache=kmalloc-512
> 
> [  195.635086] allocated by task 1195 on cpu 2 at 195.549330s (0.085755s ago):
> [  195.635103]  nvkms_alloc+0x5b/0xa0 [nvidia_modeset]
> [  195.635211]  _nv003020kms+0x22/0x40 [nvidia_modeset]
> [  195.635315]  _nv002842kms+0x266/0x740 [nvidia_modeset]
> [  195.635420]  _nv000719kms+0x40/0x60 [nvidia_modeset]
> [  195.635524]  nvKmsIoctl+0xf7/0x270 [nvidia_modeset]
> [  195.635628]  nvkms_ioctl_from_kapi+0x9c/0xd0 [nvidia_modeset]
> [  195.635732]  _nv000096kms+0x19d/0x240 [nvidia_modeset]
> [  195.635837]  nv_drm_internal_framebuffer_create+0x441/0x590 [nvidia_drm]
> [  195.635865]  nv_drm_framebuffer_create+0x40/0x60 [nvidia_drm]
> [  195.635890]  drm_internal_framebuffer_create+0x207/0x230
> 
> [  195.635901] freed by task 1195 on cpu 0 at 195.596718s (0.039181s ago):
> [  195.635915]  _nv000801kms+0x49/0x60 [nvidia_modeset]
> [  195.636022]  nvKmsIoctl+0xf7/0x270 [nvidia_modeset]
> [  195.636127]  nvkms_ioctl_from_kapi+0x9c/0xd0 [nvidia_modeset]
> [  195.636231]  _nv000110kms+0x4b/0x60 [nvidia_modeset]
> [  195.636335]  nv_drm_framebuffer_destroy+0x34/0x100 [nvidia_drm]
> [  195.636361]  drm_mode_closefb_ioctl+0x112/0x130
> [  195.636371]  drm_ioctl_kernel+0xb0/0xe0
> [  195.636382]  drm_ioctl+0x200/0x2c0
> [  195.636392]  __x64_sys_ioctl+0x129/0x230
> [  195.636400]  do_syscall_64+0x85/0x134
> [  195.636410]  entry_SYSCALL_64_after_hwframe+0x76/0x7e
> 
> [  195.636424] CPU: 1 UID: 1000 PID: 1222 Comm: KMS thread Tainted: P           OE      6.13.6-2-cachyos #1 949f4b16df602fdea2a660bba2d7d2bab01dfa13
> [  195.636441] Tainted: [P]=PROPRIETARY_MODULE, [O]=OOT_MODULE, [E]=UNSIGNED_MODULE
> [  195.636444] Hardware name: System manufacturer System Product Name/Z170 PRO GAMING/AURA, BIOS 3805 05/16/2018
> [  195.636449] ==================================================================[  195.634011] ==================================================================
> [  195.634018] BUG: KFENCE: use-after-free read in _nv000177kms+0x439/0x2a10 [nvidia_modeset]
> 
> [  195.634137] Use-after-free read at 0x000000005417d93f (in kfence-#134):
> [  195.634145]  _nv000177kms+0x439/0x2a10 [nvidia_modeset]
> [  195.634253]  _nv002879kms+0x663/0x9c0 [nvidia_modeset]
> [  195.634358]  _nv000392kms+0x1e1/0x400 [nvidia_modeset]
> [  195.634462]  _nv002878kms+0xf1a/0x11e0 [nvidia_modeset]
> [  195.634566]  _nv002988kms+0x79c/0xd30 [nvidia_modeset]
> [  195.634670]  nvKmsIoctl+0xf7/0x270 [nvidia_modeset]
> [  195.634775]  nvkms_ioctl_from_kapi_try_pmlock+0x57/0x90 [nvidia_modeset]
> [  195.634879]  _nv000023kms+0x56b/0xbc0 [nvidia_modeset]
> [  195.634983]  nv_drm_atomic_commit+0x6d4/0xb90 [nvidia_drm]
> [  195.635013]  drm_mode_atomic_ioctl+0x7ac/0x830
> [  195.635022]  drm_ioctl_kernel+0xb0/0xe0
> [  195.635033]  drm_ioctl+0x200/0x2c0
> [  195.635043]  __x64_sys_ioctl+0x129/0x230
> [  195.635052]  do_syscall_64+0x85/0x134
> [  195.635062]  entry_SYSCALL_64_after_hwframe+0x76/0x7e
> 
> [  195.635077] kfence-#134: 0x00000000285011bb-0x00000000170bfea6, size=328, cache=kmalloc-512
> 
> [  195.635086] allocated by task 1195 on cpu 2 at 195.549330s (0.085755s ago):
> [  195.635103]  nvkms_alloc+0x5b/0xa0 [nvidia_modeset]
> [  195.635211]  _nv003020kms+0x22/0x40 [nvidia_modeset]
> [  195.635315]  _nv002842kms+0x266/0x740 [nvidia_modeset]
> [  195.635420]  _nv000719kms+0x40/0x60 [nvidia_modeset]
> [  195.635524]  nvKmsIoctl+0xf7/0x270 [nvidia_modeset]
> [  195.635628]  nvkms_ioctl_from_kapi+0x9c/0xd0 [nvidia_modeset]
> [  195.635732]  _nv000096kms+0x19d/0x240 [nvidia_modeset]
> [  195.635837]  nv_drm_internal_framebuffer_create+0x441/0x590 [nvidia_drm]
> [  195.635865]  nv_drm_framebuffer_create+0x40/0x60 [nvidia_drm]
> [  195.635890]  drm_internal_framebuffer_create+0x207/0x230
> 
> [  195.635901] freed by task 1195 on cpu 0 at 195.596718s (0.039181s ago):
> [  195.635915]  _nv000801kms+0x49/0x60 [nvidia_modeset]
> [  195.636022]  nvKmsIoctl+0xf7/0x270 [nvidia_modeset]
> [  195.636127]  nvkms_ioctl_from_kapi+0x9c/0xd0 [nvidia_modeset]
> [  195.636231]  _nv000110kms+0x4b/0x60 [nvidia_modeset]
> [  195.636335]  nv_drm_framebuffer_destroy+0x34/0x100 [nvidia_drm]
> [  195.636361]  drm_mode_closefb_ioctl+0x112/0x130
> [  195.636371]  drm_ioctl_kernel+0xb0/0xe0
> [  195.636382]  drm_ioctl+0x200/0x2c0
> [  195.636392]  __x64_sys_ioctl+0x129/0x230
> [  195.636400]  do_syscall_64+0x85/0x134
> [  195.636410]  entry_SYSCALL_64_after_hwframe+0x76/0x7e
> 
> [  195.636424] CPU: 1 UID: 1000 PID: 1222 Comm: KMS thread Tainted: P           OE      6.13.6-2-cachyos #1 949f4b16df602fdea2a660bba2d7d2bab01dfa13
> [  195.636441] Tainted: [P]=PROPRIETARY_MODULE, [O]=OOT_MODULE, [E]=UNSIGNED_MODULE
> [  195.636444] Hardware name: System manufacturer System Product Name/Z170 PRO GAMING/AURA, BIOS 3805 05/16/2018
> [  195.636449] ==================================================================

nvidia-bug-report.log (1.9 MB)

amel_ancoli · March 10, 2025, 2:03pm

Same issue here
Operating System: CachyOS Linux
KDE Plasma Version: 6.3.2
KDE Frameworks Version: 6.11.0
Qt Version: 6.8.2
Kernel Version: 6.13.6-2-cachyos (64-bit)
Graphics Platform: Wayland
Processors: 16 × AMD Ryzen 7 5700G with Radeon Graphics
Memory: 15.0 GiB of RAM
Graphics Processor 1: NVIDIA GeForce GTX 960/PCIe/SSE2
Graphics Processor 2: NVIDIA GeForce GTX 960/PCIe/SSE2
Product Name: B450M-HDV R4.0

[19247.465983] BUG: KFENCE: use-after-free read in _nv000177kms+0x439/0x2a10 [nvidia_modeset]

[19247.466006] Use-after-free read at 0x00000000aff29bcf (in kfence-#182):
[19247.466009]  _nv000177kms+0x439/0x2a10 [nvidia_modeset]
[19247.466028]  _nv002879kms+0x665/0x9c0 [nvidia_modeset]
[19247.466046]  _nv000392kms+0x1e1/0x400 [nvidia_modeset]
[19247.466063]  _nv002878kms+0xf1a/0x11e0 [nvidia_modeset]
[19247.466081]  _nv002988kms+0x79c/0xd30 [nvidia_modeset]
[19247.466099]  nvKmsIoctl+0xf9/0x270 [nvidia_modeset]
[19247.466116]  nvkms_ioctl_from_kapi_try_pmlock+0x57/0x90 [nvidia_modeset]
[19247.466134]  _nv000023kms+0x56b/0xbc0 [nvidia_modeset]
[19247.466152]  nv_drm_atomic_commit+0x6d7/0xb90 [nvidia_drm]
[19247.466158]  drm_mode_atomic_ioctl+0x7ac/0x830
[19247.466161]  drm_ioctl_kernel+0xb3/0xe0
[19247.466164]  drm_ioctl+0x200/0x2c0
[19247.466167]  __x64_sys_ioctl+0x12c/0x230
[19247.466170]  do_syscall_64+0x85/0x134
[19247.466174]  entry_SYSCALL_64_after_hwframe+0x76/0x7e

[19247.466178] kfence-#182: 0x00000000f9162330-0x000000005262b7d6, size=328, cache=kmalloc-512

[19247.466181] allocated by task 1554 on cpu 8 at 19247.429040s (0.037140s ago):
[19247.466186]  nvkms_alloc+0x5b/0xa0 [nvidia_modeset]
[19247.466205]  _nv003020kms+0x22/0x40 [nvidia_modeset]
[19247.466222]  _nv002842kms+0x266/0x740 [nvidia_modeset]
[19247.466240]  _nv000719kms+0x40/0x60 [nvidia_modeset]
[19247.466257]  nvKmsIoctl+0xf9/0x270 [nvidia_modeset]
[19247.466275]  nvkms_ioctl_from_kapi+0x9c/0xd0 [nvidia_modeset]
[19247.466293]  _nv000096kms+0x19d/0x240 [nvidia_modeset]
[19247.466310]  nv_drm_internal_framebuffer_create+0x444/0x590 [nvidia_drm]
[19247.466315]  nv_drm_framebuffer_create+0x40/0x60 [nvidia_drm]
[19247.466319]  drm_internal_framebuffer_create+0x20a/0x230

[19247.466323] freed by task 1554 on cpu 8 at 19247.451667s (0.014655s ago):
[19247.466327]  _nv000801kms+0x49/0x60 [nvidia_modeset]
[19247.466345]  nvKmsIoctl+0xf9/0x270 [nvidia_modeset]
[19247.466362]  nvkms_ioctl_from_kapi+0x9c/0xd0 [nvidia_modeset]
[19247.466380]  _nv000110kms+0x4b/0x60 [nvidia_modeset]
[19247.466398]  nv_drm_framebuffer_destroy+0x37/0x100 [nvidia_drm]
[19247.466402]  drm_mode_closefb_ioctl+0x112/0x130
[19247.466405]  drm_ioctl_kernel+0xb3/0xe0
[19247.466408]  drm_ioctl+0x200/0x2c0
[19247.466411]  __x64_sys_ioctl+0x12c/0x230
[19247.466413]  do_syscall_64+0x85/0x134
[19247.466416]  entry_SYSCALL_64_after_hwframe+0x76/0x7e

[19247.466421] CPU: 15 UID: 1000 PID: 1595 Comm: HDMI-A-1 Tainted: P           OE      6.13.6-2-cachyos #1 949f4b16df602fdea2a660bba2d7d2bab01dfa13
[19247.466426] Tainted: [P]=PROPRIETARY_MODULE, [O]=OOT_MODULE, [E]=UNSIGNED_MODULE
[19247.466428] Hardware name: To Be Filled By O.E.M. B450M-HDV R4.0/B450M-HDV R4.0, BIOS P10.10 01/24/2024
[19247.466429] =====================

nvidia-bug-report.log.gz (1.3 MB)

Thomas_007 · March 10, 2025, 5:53pm

==================================================================
[Mo, 10. Mär 2025, 18:14:03] BUG: KFENCE: use-after-free read in _nv000177kms+0x439/0x2a10 [nvidia_modeset]

[Mo, 10. Mär 2025, 18:14:03] Use-after-free read at 0x000000003e334386 (in kfence-#79):
[Mo, 10. Mär 2025, 18:14:03] _nv000177kms+0x439/0x2a10 [nvidia_modeset]
[Mo, 10. Mär 2025, 18:14:03] _nv002879kms+0x663/0x9c0 [nvidia_modeset]
[Mo, 10. Mär 2025, 18:14:03] _nv000392kms+0x1e1/0x400 [nvidia_modeset]
[Mo, 10. Mär 2025, 18:14:03] _nv002878kms+0xf1a/0x11e0 [nvidia_modeset]
[Mo, 10. Mär 2025, 18:14:03] _nv002988kms+0x79c/0xd30 [nvidia_modeset]
[Mo, 10. Mär 2025, 18:14:03] nvKmsIoctl+0xf7/0x270 [nvidia_modeset]
[Mo, 10. Mär 2025, 18:14:03] nvkms_ioctl_from_kapi_try_pmlock+0x64/0xb0 [nvidia_modeset]
[Mo, 10. Mär 2025, 18:14:03] _nv000023kms+0x56b/0xbc0 [nvidia_modeset]
[Mo, 10. Mär 2025, 18:14:03] nv_drm_atomic_apply_modeset_config+0x4bb/0x830 [nvidia_drm]
[Mo, 10. Mär 2025, 18:14:03] nv_drm_atomic_commit+0xe6/0x460 [nvidia_drm]
[Mo, 10. Mär 2025, 18:14:03] drm_mode_atomic_ioctl+0xcb9/0xfc0
[Mo, 10. Mär 2025, 18:14:03] drm_ioctl_kernel+0xad/0x100
[Mo, 10. Mär 2025, 18:14:03] drm_ioctl+0x277/0x4c0
[Mo, 10. Mär 2025, 18:14:03] __x64_sys_ioctl+0x94/0xc0
[Mo, 10. Mär 2025, 18:14:03] do_syscall_64+0x82/0x190
[Mo, 10. Mär 2025, 18:14:03] entry_SYSCALL_64_after_hwframe+0x76/0x7e

[Mo, 10. Mär 2025, 18:14:03] kfence-#79: 0x0000000093bac16f-0x000000006c217955, size=328, cache=kmalloc-512

[Mo, 10. Mär 2025, 18:14:03] allocated by task 2633 on cpu 3 at 13678.474282s (0.016240s ago):
[Mo, 10. Mär 2025, 18:14:03] nvkms_alloc+0x50/0xa0 [nvidia_modeset]
[Mo, 10. Mär 2025, 18:14:03] _nv003020kms+0x22/0x40 [nvidia_modeset]
[Mo, 10. Mär 2025, 18:14:03] _nv002842kms+0x266/0x740 [nvidia_modeset]
[Mo, 10. Mär 2025, 18:14:03] _nv000719kms+0x40/0x60 [nvidia_modeset]
[Mo, 10. Mär 2025, 18:14:03] nvKmsIoctl+0xf7/0x270 [nvidia_modeset]
[Mo, 10. Mär 2025, 18:14:03] nvkms_ioctl_from_kapi+0x73/0xe0 [nvidia_modeset]
[Mo, 10. Mär 2025, 18:14:03] _nv000096kms+0x19d/0x240 [nvidia_modeset]
[Mo, 10. Mär 2025, 18:14:03] nv_drm_internal_framebuffer_create+0x32b/0x4c0 [nvidia_drm]
[Mo, 10. Mär 2025, 18:14:03] nv_drm_framebuffer_create+0x99/0xc0 [nvidia_drm]
[Mo, 10. Mär 2025, 18:14:03] drm_internal_framebuffer_create+0xaa/0x180
[Mo, 10. Mär 2025, 18:14:03] drm_mode_addfb2_ioctl+0x42/0xf0
[Mo, 10. Mär 2025, 18:14:03] drm_ioctl_kernel+0xad/0x100
[Mo, 10. Mär 2025, 18:14:03] drm_ioctl+0x277/0x4c0
[Mo, 10. Mär 2025, 18:14:03] __x64_sys_ioctl+0x94/0xc0
[Mo, 10. Mär 2025, 18:14:03] do_syscall_64+0x82/0x190
[Mo, 10. Mär 2025, 18:14:03] entry_SYSCALL_64_after_hwframe+0x76/0x7e

[Mo, 10. Mär 2025, 18:14:03] freed by task 2633 on cpu 3 at 13678.489651s (0.001111s ago):
[Mo, 10. Mär 2025, 18:14:03] _nv000801kms+0x49/0x60 [nvidia_modeset]
[Mo, 10. Mär 2025, 18:14:03] nvKmsIoctl+0xf7/0x270 [nvidia_modeset]
[Mo, 10. Mär 2025, 18:14:03] nvkms_ioctl_from_kapi+0x73/0xe0 [nvidia_modeset]
[Mo, 10. Mär 2025, 18:14:03] _nv000110kms+0x4b/0x60 [nvidia_modeset]
[Mo, 10. Mär 2025, 18:14:03] nv_drm_framebuffer_destroy+0x3b/0x50 [nvidia_drm]
[Mo, 10. Mär 2025, 18:14:03] drm_mode_closefb_ioctl+0x10e/0x150
[Mo, 10. Mär 2025, 18:14:03] drm_ioctl_kernel+0xad/0x100
[Mo, 10. Mär 2025, 18:14:03] drm_ioctl+0x277/0x4c0
[Mo, 10. Mär 2025, 18:14:03] __x64_sys_ioctl+0x94/0xc0
[Mo, 10. Mär 2025, 18:14:03] do_syscall_64+0x82/0x190
[Mo, 10. Mär 2025, 18:14:03] entry_SYSCALL_64_after_hwframe+0x76/0x7e

[Mo, 10. Mär 2025, 18:14:03] CPU: 25 UID: 1000 PID: 2663 Comm: KMS thread Tainted: P OE 6.13.6-2-cachyos-gcc #1 ebeeb85824bb8a6f1c383a368ca896795f2e750d
[Mo, 10. Mär 2025, 18:14:03] Tainted: [P]=PROPRIETARY_MODULE, [O]=OOT_MODULE, [E]=UNSIGNED_MODULE
[Mo, 10. Mär 2025, 18:14:03] Hardware name: ASUS System Product Name/Pro WS W790E-SAGE SE, BIOS 1502 08/30/2024
[Mo, 10. Mär 2025, 18:14:03] ==================================================================

Tekstryder · March 20, 2025, 11:40pm

This use-after-free issue is still present with nVidia 570.133.07 Production Branch drivers.

Latest stack:

Arch Linux | Kernel 6.13.7
Gnome-shell | Mutter 48.0
Wayland (meson_options: xwayland=false, x11=false)
Gtk4 4.18.2
Mesa 25.0.2
vulkan-icd-loader 1.4.304
nVidia 570.133.07

Linking back to overall summary tracker:

Attaching a new bug report for the latest driver version:

nvidia-bug-report.log.gz (1.9 MB)

daniel476 · March 21, 2025, 6:13pm

~~Looks like all the reports are using Intel chipsets~~, have not seen this once on X870E in the past month. ~~Should hopefully be easy for nvidia to repro if so.~~

Tekstryder · March 21, 2025, 6:19pm

That’s not an Intel platform.

daniel476 · March 21, 2025, 6:37pm

My bad I missed that one, is there anything you know of to repro so I can add bug report if possible?

Tekstryder · March 21, 2025, 7:08pm

Unfortunately no. If there was STR I’d have included it.

Plenty of them tho since 570 install:

$ journalctl | grep nv000177kms | wc -l
218

One recent boot:

-- Boot 212e41aa18d34f86afdc9a09cf762ff5 --
Mar 13 20:45:08 kernel: BUG: KFENCE: use-after-free read in _nv000177kms+0x439/0x2a10 [nvidia_modeset]
Mar 13 20:45:08 kernel:  _nv000177kms+0x439/0x2a10 [nvidia_modeset]
Mar 13 21:26:56 kernel: BUG: KFENCE: use-after-free read in _nv000177kms+0x439/0x2a10 [nvidia_modeset]
Mar 13 21:26:56 kernel:  _nv000177kms+0x439/0x2a10 [nvidia_modeset]
Mar 14 09:42:53 kernel: BUG: KFENCE: use-after-free read in _nv000177kms+0x439/0x2a10 [nvidia_modeset]
Mar 14 09:42:53 kernel:  _nv000177kms+0x439/0x2a10 [nvidia_modeset]
Mar 14 09:53:01 kernel: BUG: KFENCE: use-after-free read in _nv000177kms+0x439/0x2a10 [nvidia_modeset]
Mar 14 09:53:01 kernel:  _nv000177kms+0x439/0x2a10 [nvidia_modeset]
Mar 14 11:38:39 kernel: BUG: KFENCE: use-after-free read in _nv000177kms+0x439/0x2a10 [nvidia_modeset]
Mar 14 11:38:39 kernel:  _nv000177kms+0x439/0x2a10 [nvidia_modeset]
Mar 14 13:09:30 kernel: BUG: KFENCE: use-after-free read in _nv000177kms+0x439/0x2a10 [nvidia_modeset]
Mar 14 13:09:30 kernel:  _nv000177kms+0x439/0x2a10 [nvidia_modeset]
Mar 14 16:54:17 kernel: BUG: KFENCE: use-after-free read in _nv000177kms+0x439/0x2a10 [nvidia_modeset]
Mar 14 16:54:17 kernel:  _nv000177kms+0x439/0x2a10 [nvidia_modeset]
Mar 14 20:24:09 kernel: BUG: KFENCE: use-after-free read in _nv000177kms+0x439/0x2a10 [nvidia_modeset]
Mar 14 20:24:09 kernel:  _nv000177kms+0x439/0x2a10 [nvidia_modeset]
Mar 14 20:49:28 kernel: BUG: KFENCE: use-after-free read in _nv000177kms+0x439/0x2a10 [nvidia_modeset]
Mar 14 20:49:28 kernel:  _nv000177kms+0x439/0x2a10 [nvidia_modeset]
Mar 14 21:55:37 kernel: BUG: KFENCE: use-after-free read in _nv000177kms+0x439/0x2a10 [nvidia_modeset]
Mar 14 21:55:37 kernel:  _nv000177kms+0x439/0x2a10 [nvidia_modeset]
Mar 15 17:29:36 kernel: BUG: KFENCE: use-after-free read in _nv000177kms+0x439/0x2a10 [nvidia_modeset]
Mar 15 17:29:36 kernel:  _nv000177kms+0x439/0x2a10 [nvidia_modeset]
Mar 15 17:58:00 kernel: BUG: KFENCE: use-after-free read in _nv000177kms+0x439/0x2a10 [nvidia_modeset]
Mar 15 17:58:00 kernel:  _nv000177kms+0x439/0x2a10 [nvidia_modeset]
Mar 15 18:24:15 kernel: BUG: KFENCE: use-after-free read in _nv000177kms+0x439/0x2a10 [nvidia_modeset]
Mar 15 18:24:15 kernel:  _nv000177kms+0x439/0x2a10 [nvidia_modeset]
Mar 15 18:55:15 kernel: BUG: KFENCE: use-after-free read in _nv000177kms+0x439/0x2a10 [nvidia_modeset]
Mar 15 18:55:15 kernel:  _nv000177kms+0x439/0x2a10 [nvidia_modeset]
Mar 16 10:25:42 kernel: BUG: KFENCE: use-after-free read in _nv000177kms+0x439/0x2a10 [nvidia_modeset]
Mar 16 10:25:42 kernel:  _nv000177kms+0x439/0x2a10 [nvidia_modeset]
Mar 16 19:06:34 kernel: BUG: KFENCE: use-after-free read in _nv000177kms+0x439/0x2a10 [nvidia_modeset]
Mar 16 19:06:34 kernel:  _nv000177kms+0x439/0x2a10 [nvidia_modeset]
Mar 16 21:34:07 kernel: BUG: KFENCE: use-after-free read in _nv000177kms+0x439/0x2a10 [nvidia_modeset]
Mar 16 21:34:07 kernel:  _nv000177kms+0x439/0x2a10 [nvidia_modeset]
Mar 17 10:03:30 kernel: BUG: KFENCE: use-after-free read in _nv000177kms+0x439/0x2a10 [nvidia_modeset]
Mar 17 10:03:30 kernel:  _nv000177kms+0x439/0x2a10 [nvidia_modeset]
Mar 17 18:15:36 kernel: BUG: KFENCE: use-after-free read in _nv000177kms+0x439/0x2a10 [nvidia_modeset]
Mar 17 18:15:36 kernel:  _nv000177kms+0x439/0x2a10 [nvidia_modeset]
Mar 18 11:37:31 kernel: BUG: KFENCE: use-after-free read in _nv000177kms+0x439/0x2a10 [nvidia_modeset]
Mar 18 11:37:31 kernel:  _nv000177kms+0x439/0x2a10 [nvidia_modeset]
Mar 18 14:56:12 kernel: BUG: KFENCE: use-after-free read in _nv000177kms+0x439/0x2a10 [nvidia_modeset]
Mar 18 14:56:12 kernel:  _nv000177kms+0x439/0x2a10 [nvidia_modeset]
Mar 18 17:15:44 kernel: BUG: KFENCE: use-after-free read in _nv000177kms+0x439/0x2a10 [nvidia_modeset]
Mar 18 17:15:44 kernel:  _nv000177kms+0x439/0x2a10 [nvidia_modeset]
Mar 18 17:21:07 kernel: BUG: KFENCE: use-after-free read in _nv000177kms+0x439/0x2a10 [nvidia_modeset]
Mar 18 17:21:07 kernel:  _nv000177kms+0x439/0x2a10 [nvidia_modeset]
Mar 18 17:26:47 kernel: BUG: KFENCE: use-after-free read in _nv000177kms+0x439/0x2a10 [nvidia_modeset]
Mar 18 17:26:47 kernel:  _nv000177kms+0x439/0x2a10 [nvidia_modeset]
Mar 18 18:16:41 kernel: BUG: KFENCE: use-after-free read in _nv000177kms+0x439/0x2a10 [nvidia_modeset]
Mar 18 18:16:41 kernel:  _nv000177kms+0x439/0x2a10 [nvidia_modeset]
Mar 18 18:29:48 kernel: BUG: KFENCE: use-after-free read in _nv000177kms+0x439/0x2a10 [nvidia_modeset]
Mar 18 18:29:48 kernel:  _nv000177kms+0x439/0x2a10 [nvidia_modeset]
Mar 18 18:45:23 kernel: BUG: KFENCE: use-after-free read in _nv000177kms+0x439/0x2a10 [nvidia_modeset]
Mar 18 18:45:23 kernel:  _nv000177kms+0x439/0x2a10 [nvidia_modeset]
Mar 18 18:52:07 kernel: BUG: KFENCE: use-after-free read in _nv000177kms+0x439/0x2a10 [nvidia_modeset]
Mar 18 18:52:07 kernel:  _nv000177kms+0x439/0x2a10 [nvidia_modeset]
Mar 18 19:40:46 kernel: BUG: KFENCE: use-after-free read in _nv000177kms+0x439/0x2a10 [nvidia_modeset]
Mar 18 19:40:46 kernel:  _nv000177kms+0x439/0x2a10 [nvidia_modeset]
Mar 18 19:42:22 kernel: BUG: KFENCE: use-after-free read in _nv000177kms+0x439/0x2a10 [nvidia_modeset]
Mar 18 19:42:22 kernel:  _nv000177kms+0x439/0x2a10 [nvidia_modeset]
Mar 18 20:37:24 kernel: BUG: KFENCE: use-after-free read in _nv000177kms+0x439/0x2a10 [nvidia_modeset]
Mar 18 20:37:24 kernel:  _nv000177kms+0x439/0x2a10 [nvidia_modeset]
Mar 18 22:52:17 kernel: BUG: KFENCE: use-after-free read in _nv000177kms+0x439/0x2a10 [nvidia_modeset]
Mar 18 22:52:17 kernel:  _nv000177kms+0x439/0x2a10 [nvidia_modeset]
Mar 18 23:34:41 kernel: BUG: KFENCE: use-after-free read in _nv000177kms+0x439/0x2a10 [nvidia_modeset]
Mar 18 23:34:41 kernel:  _nv000177kms+0x439/0x2a10 [nvidia_modeset]
Mar 19 14:38:59 kernel: BUG: KFENCE: use-after-free read in _nv000177kms+0x439/0x2a10 [nvidia_modeset]
Mar 19 14:38:59 kernel:  _nv000177kms+0x439/0x2a10 [nvidia_modeset]
Mar 19 19:08:41 kernel: BUG: KFENCE: use-after-free read in _nv000177kms+0x439/0x2a10 [nvidia_modeset]
Mar 19 19:08:41 kernel:  _nv000177kms+0x439/0x2a10 [nvidia_modeset]
Mar 19 20:00:30 kernel: BUG: KFENCE: use-after-free read in _nv000177kms+0x439/0x2a10 [nvidia_modeset]
Mar 19 20:00:30 kernel:  _nv000177kms+0x439/0x2a10 [nvidia_modeset]
Mar 19 20:57:16 kernel: BUG: KFENCE: use-after-free read in _nv000177kms+0x439/0x2a10 [nvidia_modeset]
Mar 19 20:57:16 kernel:  _nv000177kms+0x439/0x2a10 [nvidia_modeset]
Mar 19 21:12:06 kernel: BUG: KFENCE: use-after-free read in _nv000177kms+0x439/0x2a10 [nvidia_modeset]
Mar 19 21:12:06 kernel:  _nv000177kms+0x439/0x2a10 [nvidia_modeset]
Mar 19 21:25:20 kernel: BUG: KFENCE: use-after-free read in _nv000177kms+0x439/0x2a10 [nvidia_modeset]
Mar 19 21:25:20 kernel:  _nv000177kms+0x439/0x2a10 [nvidia_modeset]
Mar 19 21:25:51 kernel: BUG: KFENCE: use-after-free read in _nv000177kms+0x439/0x2a10 [nvidia_modeset]
Mar 19 21:25:51 kernel:  _nv000177kms+0x439/0x2a10 [nvidia_modeset]
Mar 19 23:05:23 kernel: BUG: KFENCE: use-after-free read in _nv000177kms+0x439/0x2a10 [nvidia_modeset]
Mar 19 23:05:23 kernel:  _nv000177kms+0x439/0x2a10 [nvidia_modeset]

Tekstryder · April 24, 2025, 10:40am

Still occurring with the 570.144 Production Branch release driver.

New bug report generated.

nvidia-bug-report.log.gz (1.7 MB)

norbi78 · May 14, 2025, 3:52am

All of us is using CachyOS linux?
This bug is still there in version 570.144

máj 14 05:09:00 cachyos-x8664 kernel: ==================================================================
máj 14 05:09:00 cachyos-x8664 kernel: BUG: KFENCE: use-after-free read in _nv000177kms+0x439/0x2a10 [nvidia_modeset]
máj 14 05:09:00 cachyos-x8664 kernel: Use-after-free read at 0x00000000ef952f5f (in kfence-#20):
máj 14 05:09:00 cachyos-x8664 kernel:  _nv000177kms+0x439/0x2a10 [nvidia_modeset]
máj 14 05:09:00 cachyos-x8664 kernel:  _nv002879kms+0x665/0x9c0 [nvidia_modeset]
máj 14 05:09:00 cachyos-x8664 kernel:  _nv000392kms+0x1e1/0x400 [nvidia_modeset]
máj 14 05:09:00 cachyos-x8664 kernel:  _nv002878kms+0xf1a/0x11e0 [nvidia_modeset]
máj 14 05:09:00 cachyos-x8664 kernel:  _nv002988kms+0x79c/0xd30 [nvidia_modeset]
máj 14 05:09:00 cachyos-x8664 kernel:  nvKmsIoctl+0xf9/0x270 [nvidia_modeset]
máj 14 05:09:00 cachyos-x8664 kernel:  nvkms_ioctl_from_kapi_try_pmlock+0x57/0x90 [nvidia_modeset]
máj 14 05:09:00 cachyos-x8664 kernel:  _nv000023kms+0x56b/0xbc0 [nvidia_modeset]
máj 14 05:09:00 cachyos-x8664 kernel:  nv_drm_atomic_commit+0x6d7/0xb90 [nvidia_drm]
máj 14 05:09:00 cachyos-x8664 kernel:  drm_mode_atomic_ioctl+0x5fe/0x6b0
máj 14 05:09:00 cachyos-x8664 kernel:  drm_ioctl+0x26f/0x340
máj 14 05:09:00 cachyos-x8664 kernel:  __x64_sys_ioctl+0x12e/0x1f0
máj 14 05:09:00 cachyos-x8664 kernel:  do_syscall_64+0x85/0x134
máj 14 05:09:00 cachyos-x8664 kernel:  entry_SYSCALL_64_after_hwframe+0x76/0x7e
máj 14 05:09:00 cachyos-x8664 kernel:
máj 14 05:09:00 cachyos-x8664 kernel: kfence-#20: 0x0000000040cb98f4-0x000000001aa0db2c, size=328, cache=kmalloc-512
máj 14 05:09:00 cachyos-x8664 kernel: allocated by task 915 on cpu 5 at 13705.750280s (0.486372s ago):
máj 14 05:09:00 cachyos-x8664 kernel:  nvkms_alloc+0x5b/0xa0 [nvidia_modeset]
máj 14 05:09:00 cachyos-x8664 kernel:  _nv003020kms+0x22/0x40 [nvidia_modeset]
máj 14 05:09:00 cachyos-x8664 kernel:  _nv002842kms+0x266/0x740 [nvidia_modeset]
máj 14 05:09:00 cachyos-x8664 kernel:  _nv000719kms+0x40/0x60 [nvidia_modeset]
máj 14 05:09:00 cachyos-x8664 kernel:  nvKmsIoctl+0xf9/0x270 [nvidia_modeset]
máj 14 05:09:00 cachyos-x8664 kernel:  nvkms_ioctl_from_kapi+0x9c/0xd0 [nvidia_modeset]
máj 14 05:09:00 cachyos-x8664 kernel:  _nv000096kms+0x19d/0x240 [nvidia_modeset]
máj 14 05:09:00 cachyos-x8664 kernel:  nv_drm_internal_framebuffer_create+0x444/0x590 [nvidia_drm]
máj 14 05:09:00 cachyos-x8664 kernel:  nv_drm_framebuffer_create+0x40/0x60 [nvidia_drm]
máj 14 05:09:00 cachyos-x8664 kernel:  drm_internal_framebuffer_create+0x205/0x220
máj 14 05:09:00 cachyos-x8664 kernel:
máj 14 05:09:00 cachyos-x8664 kernel: freed by task 915 on cpu 5 at 13705.771855s (0.464945s ago):
máj 14 05:09:00 cachyos-x8664 kernel:  _nv000801kms+0x49/0x60 [nvidia_modeset]
máj 14 05:09:00 cachyos-x8664 kernel:  nvKmsIoctl+0xf9/0x270 [nvidia_modeset]
máj 14 05:09:00 cachyos-x8664 kernel:  nvkms_ioctl_from_kapi+0x9c/0xd0 [nvidia_modeset]
máj 14 05:09:00 cachyos-x8664 kernel:  _nv000110kms+0x4b/0x60 [nvidia_modeset]
máj 14 05:09:00 cachyos-x8664 kernel:  nv_drm_framebuffer_destroy+0x37/0x100 [nvidia_drm]
máj 14 05:09:00 cachyos-x8664 kernel:  drm_mode_closefb_ioctl+0xc5/0xd0
máj 14 05:09:00 cachyos-x8664 kernel:  drm_ioctl+0x26f/0x340
máj 14 05:09:00 cachyos-x8664 kernel:  __x64_sys_ioctl+0x12e/0x1f0
máj 14 05:09:00 cachyos-x8664 kernel:  do_syscall_64+0x85/0x134
máj 14 05:09:00 cachyos-x8664 kernel:  entry_SYSCALL_64_after_hwframe+0x76/0x7e
máj 14 05:09:00 cachyos-x8664 kernel:
máj 14 05:09:00 cachyos-x8664 kernel: CPU: 10 UID: 1000 PID: 962 Comm: DP-1 Tainted: P           OE      6.14.6-2-cachyos #1 fa016bde76e6b659f51ba29fad589bba022e5469
máj 14 05:09:00 cachyos-x8664 kernel: Tainted: [P]=PROPRIETARY_MODULE, [O]=OOT_MODULE, [E]=UNSIGNED_MODULE
máj 14 05:09:00 cachyos-x8664 kernel: Hardware name: To Be Filled By O.E.M. To Be Filled By O.E.M./AB350M Pro4, BIOS P6.60 07/27/2020
máj 14 05:09:00 cachyos-x8664 kernel: ==================================================================

Linux cachyos-x8664 6.14.6-2-cachyos #1 SMP PREEMPT_DYNAMIC Sat, 10 May 2025 20:09:10 +0000 x86_64 GNU/Linux

nvidia-bug-report.log.gz (1.4 MB)

Tekstryder · May 14, 2025, 10:43am

Nope.

amrits · May 14, 2025, 5:29pm

Hi All,
I have raised a bug 5282077 internally for tracking purpose.
Please confirm if you see these errors just after installing driver and if it crashes system or any application or any other issues.

Tekstryder · May 14, 2025, 7:27pm

Thanks!!

No, they occur “randomly” while using apps, opening/closing windows, or just working in a terminal.

Never. They appear to be “harmless” noise.

But, use-after-free is never good.

Only that they’re frequent. Unfortunately no known steps to reproduce.

Since the day of update to the 570.124.04 driver when they first started:

2025-02-27 12:40:29-0500] [ALPM] upgraded nvidia-utils (570.86.16-2 -> 570.124.04-1)

$ journalctl --since 2025-02-26 | grep nv000177kms | wc -l
624

kernel 6.14.6
gnome-shell 48.1 (Wayland)
mutter 48.2 (-Dxwayland=false -Dx11=false)
nvidia 570.144

amrits · May 15, 2025, 12:27pm

Thank you for the information, I tried running YouTube videos on chrome browser and glmark2 benchmark.
I started these 2 applications; kept it running for a while and then closed it and kept this iteration for few hours but did not get local repro.

ASRock TRX40 Taichi +Arch Linux OS + Kernel 6.14.5-arch1-1 + Driver 570.124.04 + NVIDIA GeForce GTX 1080 + KDE Plasma + Xwayland

Please let me know if by any chance you come across reliable repro steps.

Tekstryder · May 15, 2025, 12:34pm

Thanks for trying to reproduce.

Do you have va-api video hardware decoding acceleration enabled and functional in chrome?

EDIT:

I’m going to disable it for a few days and see if the error still occurs.

EDIT2:

Clean reboot after disabling va-api decoding.

Didn’t take long to rule that out. Error occurred while on the treadmill with YouTube playing in Brave.

garnish_moocher · May 16, 2025, 3:23am

I have seen this 254 times since upgrading the nvidia driver about 2.5 months ago on an arch linux system. I agree with others that it seems to not have much impact. I cannot correlate it to any specific actions.

To my recollection some of the instances occur when the system is just sitting idle. However, there was about a month when the system was running, but nobody was logged in (i.e. just sitting at the login prompt in GDM) where I do not see any of these bug messages printed out.

Arch Linux
GNOME Shell 47.5
Wayland version 1.23.1

[2025-03-01T08:56:34-0700] [ALPM] upgraded nvidia (570.86.16-5 -> 570.124.04-2)

$ journalctl | grep -i "bug: kfence:" | wc -l
254

$ journalctl | grep -i "bug: kfence:" | head -1
Mar 01 16:44:05 spring kernel: BUG: KFENCE: use-after-free read in _nv000177kms+0x439/0x2a10 [nvidia_modeset]

May 14 19:01:08 spring kernel: ==================================================================
May 14 19:01:08 spring kernel: BUG: KFENCE: use-after-free read in _nv000177kms+0x439/0x2a10 [nvidia_modeset]
May 14 19:01:08 spring kernel: Use-after-free read at 0x0000000028c2a036 (in kfence-#41):
May 14 19:01:08 spring kernel:  _nv000177kms+0x439/0x2a10 [nvidia_modeset]
May 14 19:01:08 spring kernel:  _nv002879kms+0x665/0x9c0 [nvidia_modeset]
May 14 19:01:08 spring kernel:  _nv000392kms+0x1e1/0x400 [nvidia_modeset]
May 14 19:01:08 spring kernel:  _nv002878kms+0xf1a/0x11e0 [nvidia_modeset]
May 14 19:01:08 spring kernel:  _nv002988kms+0x79c/0xd30 [nvidia_modeset]
May 14 19:01:08 spring kernel:  nvKmsIoctl+0xf9/0x270 [nvidia_modeset]
May 14 19:01:08 spring kernel:  nvkms_ioctl_from_kapi_try_pmlock+0x64/0xb0 [nvidia_modeset]
May 14 19:01:08 spring kernel:  _nv000023kms+0x56b/0xbc0 [nvidia_modeset]
May 14 19:01:08 spring kernel:  nv_drm_atomic_apply_modeset_config+0x4bf/0x810 [nvidia_drm]
May 14 19:01:08 spring kernel:  nv_drm_atomic_commit+0x18f/0x490 [nvidia_drm]
May 14 19:01:08 spring kernel:  drm_mode_atomic_ioctl+0xa69/0xcb0
May 14 19:01:08 spring kernel:  drm_ioctl_kernel+0xb0/0x100
May 14 19:01:08 spring kernel:  drm_ioctl+0x277/0x500
May 14 19:01:08 spring kernel:  __x64_sys_ioctl+0x97/0xc0
May 14 19:01:08 spring kernel:  do_syscall_64+0x82/0x190
May 14 19:01:08 spring kernel:  entry_SYSCALL_64_after_hwframe+0x76/0x7e
May 14 19:01:08 spring kernel:
May 14 19:01:08 spring kernel: kfence-#41: 0x0000000029dd2317-0x0000000097f7aa69, size=328, cache=kmalloc-512
May 14 19:01:08 spring kernel: allocated by task 1927 on cpu 8 at 254696.499403s (0.085684s ago):
May 14 19:01:08 spring kernel:  nvkms_alloc+0x50/0xa0 [nvidia_modeset]
May 14 19:01:08 spring kernel:  _nv003020kms+0x22/0x40 [nvidia_modeset]
May 14 19:01:08 spring kernel:  _nv002842kms+0x266/0x740 [nvidia_modeset]
May 14 19:01:08 spring kernel:  _nv000719kms+0x40/0x60 [nvidia_modeset]
May 14 19:01:08 spring kernel:  nvKmsIoctl+0xf9/0x270 [nvidia_modeset]
May 14 19:01:08 spring kernel:  nvkms_ioctl_from_kapi+0x73/0xe0 [nvidia_modeset]
May 14 19:01:08 spring kernel:  _nv000096kms+0x19d/0x240 [nvidia_modeset]
May 14 19:01:08 spring kernel:  nv_drm_internal_framebuffer_create+0x273/0x400 [nvidia_drm]
May 14 19:01:08 spring kernel:  nv_drm_framebuffer_create+0x99/0xc0 [nvidia_drm]
May 14 19:01:08 spring kernel:  drm_internal_framebuffer_create+0x3e5/0x570
May 14 19:01:08 spring kernel:  drm_mode_addfb2+0x42/0xf0
May 14 19:01:08 spring kernel:  drm_ioctl_kernel+0xb0/0x100
May 14 19:01:08 spring kernel:  drm_ioctl+0x277/0x500
May 14 19:01:08 spring kernel:  __x64_sys_ioctl+0x97/0xc0
May 14 19:01:08 spring kernel:  do_syscall_64+0x82/0x190
May 14 19:01:08 spring kernel:  entry_SYSCALL_64_after_hwframe+0x76/0x7e
May 14 19:01:08 spring kernel:
May 14 19:01:08 spring kernel: freed by task 1897 on cpu 1 at 254696.546980s (0.038583s ago):
May 14 19:01:08 spring kernel:  _nv000801kms+0x49/0x60 [nvidia_modeset]
May 14 19:01:08 spring kernel:  nvKmsIoctl+0xf9/0x270 [nvidia_modeset]
May 14 19:01:08 spring kernel:  nvkms_ioctl_from_kapi+0x73/0xe0 [nvidia_modeset]
May 14 19:01:08 spring kernel:  _nv000110kms+0x4b/0x60 [nvidia_modeset]
May 14 19:01:08 spring kernel:  nv_drm_framebuffer_destroy+0x3e/0x50 [nvidia_drm]
May 14 19:01:08 spring kernel:  drm_mode_closefb_ioctl+0x6b/0x90
May 14 19:01:08 spring kernel:  drm_ioctl_kernel+0xb0/0x100
May 14 19:01:08 spring kernel:  drm_ioctl+0x277/0x500
May 14 19:01:08 spring kernel:  __x64_sys_ioctl+0x97/0xc0
May 14 19:01:08 spring kernel:  do_syscall_64+0x82/0x190
May 14 19:01:08 spring kernel:  entry_SYSCALL_64_after_hwframe+0x76/0x7e
May 14 19:01:08 spring kernel:
May 14 19:01:08 spring kernel: CPU: 2 UID: 1000 PID: 1927 Comm: KMS thread Tainted: P    B      OE      6.13.5-arch1-1 #1 a7601aaf9729ecd670c97714fd422c8e98fdc244
May 14 19:01:08 spring kernel: Tainted: [P]=PROPRIETARY_MODULE, [B]=BAD_PAGE, [O]=OOT_MODULE, [E]=UNSIGNED_MODULE
May 14 19:01:08 spring kernel: Hardware name: LENOVO 30B2S0S400/102F, BIOS S00KT38A 03/02/2017
May 14 19:01:08 spring kernel: ==================================================================

$ uname -a
Linux spring 6.13.5-arch1-1 #1 SMP PREEMPT_DYNAMIC Thu, 27 Feb 2025 18:09:44 +0000 x86_64 GNU/Linux

$ lshw -C display
  *-display                
       description: VGA compatible controller
       product: GP104 [GeForce GTX 1070]
       vendor: NVIDIA Corporation
       physical id: 0
       bus info: pci@0000:01:00.0
       logical name: /dev/fb0
       version: a1
       width: 64 bits
       clock: 33MHz
       capabilities: pm msi pciexpress vga_controller bus_master cap_list rom fb
       configuration: depth=32 driver=nvidia latency=0 resolution=2560,1440
       resources: irq:59 memory:fa000000-faffffff memory:e0000000-efffffff memory:f0000000-f1ffffff ioport:e000(size=128) memory:fb000000-fb07ffff

norbi78 · May 18, 2025, 6:05am

I used to watch youtube videos in brave browser too while playing windows game in steam, when I see these kfence bugs.
I’m thinking about that maybe can be related to running out vram situation.
This issue could be related to if I see garbage screen every time while booting after the first graphical mode screen of CachyOS linux with the spining thing? After the garbage screen I get the kde loading screen and desktop. I attaching photos of it. I don’t use any nvidia related kernel parameter and I don’t see this while booting windows.

Using multi monitor setup.
Tried nvidia_drm.fbdev=1 kernel parameter which didn’t help.

Tekstryder · May 29, 2025, 10:03pm

Unfortunately this bug is still present with the 575.57.08 New Feature Branch driver release.

kernel 6.14.9
gnome-shell 48.2 (Wayland)
mutter 48.3 (-Dxwayland=false -Dx11=false)
nVidia 575.57.08

Attaching a fresh bug report.

nvidia-bug-report.log.gz (2.0 MB)

Tekstryder · June 17, 2025, 8:52pm

From the 575.64 release notes:

Fixed a bug that could cause a kernel use-after-free on pre-Turing GPUs.

Currently running the 575.64 New Feature Branch driver release, and will mark this issue as solved after a few days if there are zero occurrences of the use-after-free error.

Topic		Replies	Views
[575.57.08 (closed) / 1080Ti] BUG: KFENCE: use-after-free read in _nv000179kms+0x439/0x2a10 [nvidia_modeset] Linux gaming	3	78	June 27, 2025
Use-after-free on GTX 1650 dGPU with 545.29.06 on Fedora 39 + Wayland Linux kernel	24	1678	December 3, 2024
BUG: KFENCE: use-after-free read in nv_dma_release_sgt+0x29/0x70 [nvidia] Linux	15	790	December 28, 2024
Summary of existing issues with the nVidia proprietary driver Linux nvbugs , linux-driver	7	1458	July 11, 2025
[BUG] Nvidia 440.64 + kernel 5.5.6/stable -- boot trace; WAS Nvidia 440.59 + kernel 5.5.1/stable -- boot trace Linux	24	5685	March 24, 2020
Bug report: 455.23.04 - Kernel Panic due to NULL pointer dereference Linux	238	41421	July 19, 2023
[BUG] Use-after-free in nvidia_modeset + Flickering & suspend issues on 1050 Ti (Manjaro KDE) Linux	2	78	June 17, 2025
Nvidia driver (570.144) crash on suspend and freeze whole system Linux kernel , wayland , linux-driver , sleep_mode	5	305	July 24, 2025
Patch for legacy driver 390.132 with Linux-5.5.x Linux	15	3954	March 17, 2020
455.23.04: Page allocation failure in kernel module at random points Linux	88	18900	January 15, 2021

BUG: KFENCE: use-after-free read in _nv000177kms [nvidia_modeset]

Related topics