From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-3.8 required=3.0 tests=BAYES_00, HEADER_FROM_DIFFERENT_DOMAINS,MAILING_LIST_MULTI,NICE_REPLY_A,SPF_HELO_NONE, SPF_PASS autolearn=no autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 52A70C48BCD for ; Wed, 9 Jun 2021 06:57:49 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 3B1B06135D for ; Wed, 9 Jun 2021 06:57:49 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S235136AbhFIG7l convert rfc822-to-8bit (ORCPT ); Wed, 9 Jun 2021 02:59:41 -0400 Received: from hosting.gsystem.sk ([212.5.213.30]:56202 "EHLO hosting.gsystem.sk" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S233883AbhFIG7k (ORCPT ); Wed, 9 Jun 2021 02:59:40 -0400 Received: from [192.168.1.3] (ns.gsystem.sk [62.176.172.50]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by hosting.gsystem.sk (Postfix) with ESMTPSA id F0F607A044E; Wed, 9 Jun 2021 08:57:44 +0200 (CEST) From: Ondrej Zary To: Christian =?utf-8?q?K=C3=B6nig?= Subject: Re: nouveau broken on Riva TNT2 in 5.13.0-rc4: NULL pointer dereference in nouveau_bo_sync_for_device Date: Wed, 9 Jun 2021 08:57:41 +0200 User-Agent: KMail/1.9.10 Cc: Ben Skeggs , dri-devel@lists.freedesktop.org, nouveau@lists.freedesktop.org, linux-kernel@vger.kernel.org References: <202106052143.52488.linux@zary.sk> <202106082359.12109.linux@zary.sk> In-Reply-To: X-KMail-QuotePrefix: > MIME-Version: 1.0 Content-Type: Text/Plain; charset="utf-8" Content-Transfer-Encoding: 8BIT Content-Disposition: inline Message-Id: <202106090857.42133.linux@zary.sk> Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Wednesday 09 June 2021, Christian König wrote: > Am 08.06.21 um 23:59 schrieb Ondrej Zary: > > On Tuesday 08 June 2021 22:01:56 Ondrej Zary wrote: > >> On Tuesday 08 June 2021 20:47:42 Ondrej Zary wrote: > >>> On Monday 07 June 2021 22:58:43 Ondrej Zary wrote: > >>>> On Sunday 06 June 2021 23:16:03 Ondrej Zary wrote: > >>>>> On Saturday 05 June 2021 23:34:23 Ondrej Zary wrote: > >>>>>> On Saturday 05 June 2021 21:43:52 Ondrej Zary wrote: > >>>>>>> Hello, > >>>>>>> I'm testing 5.13.0-rc4 and nouveau crashes with NULL pointer dereference in nouveau_bo_sync_for_device. > >>>>>>> Found various reports like this but that was back in februaryso that should be fixed now. > >>>>>> So it is the same bug. Broken since 5.11. This revert fixes it in 5.11: > >>>>>> https://nam11.safelinks.protection.outlook.com/?url=https%3A%2F%2Flists.freedesktop.org%2Farchives%2Fdri-devel%2F2021-February%2F298531.html&data=04%7C01%7Cchristian.koenig%40amd.com%7C605d2e3757ba466bb02a08d92ac8a895%7C3dd8961fe4884e608e11a82d994e183d%7C0%7C0%7C637587864017853132%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000&sdata=M5KXSwD%2Fnro3cnCo8Nx4llFu%2Fj2T%2FGQAaMBLeGl0XMc%3D&reserved=0 > >>>>>> > >>>>>> Added some debug printks to nouveau_bo_sync_for_device: > >>>>>> [ 22.225048] ttm_dma=fc33b500 > >>>>>> [ 22.225066] ttm_dma->num_pages=18 > >>>>>> [ 22.225071] i=0 num_pages=16 > >>>>>> [ 22.225077] ttm_dma->dma_address=00000000 > >>>>>> [ 22.225094] BUG: kernel NULL pointer dereference, address: 00000000 > >>>>>> > >>>>>> So ttm->dma_address is NULL. > >>>>>> > >>>>> Tested reverting f295c8cfec833c2707ff1512da10d65386dde7af again and it does not work... > >>>>> Not sure what I did before. > >>>>> > >>>>> Bisecting between 5.10 and 5.11 is impossible - I keep hitting neverending stream of bugs. > >>>>> As always with nouveau... > >>>> e34b8feeaa4b65725b25f49c9b08a0f8707e8e86 seems to be the first bad commit > >>>> Going back one commit makes it crash in a different way: > >>>> > >>>> [ 55.444208] BUG: kernel NULL pointer dereference, address: 000001b0 > >>>> [ 55.444219] #PF: supervisor read access in kernel mode > >>>> [ 55.444222] #PF: error_code(0x0000) - not-present page > >>>> [ 55.444225] *pde = 00000000 > >>>> [ 55.444231] Oops: 0000 [#1] SMP > >>>> [ 55.444237] CPU: 0 PID: 1740 Comm: Xorg Not tainted 5.9.0-rc5+ #361 > >>>> [ 55.444240] Hardware name: /848P-ICH5, BIOS 6.00 PG 02/03/2005 > >>>> [ 55.444321] EIP: nouveau_bo_wr16+0x8/0x27 [nouveau] > >>>> [ 55.444326] Code: 85 ff 74 0d 80 7d f3 00 74 07 80 a6 f4 01 00 00 fe 89 f0 e8 0c ef ff ff 8d 65 f4 89 f8 5b 5e 5f 5d c3 55 01 d2 89 e5 53 89 c3 <03> 93 b0 01 00 00 0f b7 c1 f6 83 b8 01 00 00 80 74 07 e8 40 49 69 > >>>> [ 55.444330] EAX: 00000000 EBX: 00000000 ECX: 00000000 EDX: 00000000 > >>>> [ 55.444334] ESI: 00000020 EDI: e7a14400 EBP: e786fd98 ESP: e786fd94 > >>>> [ 55.444338] DS: 007b ES: 007b FS: 00d8 GS: 0033 SS: 0068 EFLAGS: 00210246 > >>>> [ 55.444341] CR0: 80050033 CR2: 000001b0 CR3: 27896000 CR4: 00000690 > >>>> [ 55.444344] Call Trace: > >>>> [ 55.444395] nv04_crtc_cursor_set+0x148/0x1d8 [nouveau] > >>>> [ 55.444442] ? ttm_bo_reserve.constprop.15+0x1c/0x1c [nouveau] > >>>> [ 55.444451] drm_mode_cursor_common+0x13b/0x1ad > >>>> [ 55.444497] ? ttm_bo_reserve.constprop.15+0x1c/0x1c [nouveau] > >>>> [ 55.444504] drm_mode_cursor_ioctl+0x2e/0x36 > >>>> [ 55.444509] ? drm_mode_setplane+0x203/0x203 > >>>> [ 55.444514] drm_ioctl_kernel+0x66/0x99 > >>>> [ 55.444518] drm_ioctl+0x211/0x2d8 > >>>> [ 55.444522] ? drm_mode_setplane+0x203/0x203 > >>>> [ 55.444529] ? _cond_resched+0x1e/0x22 > >>>> [ 55.444533] ? mutex_lock+0xb/0x24 > >>>> [ 55.444582] ? nouveau_bo_add_io_reserve_lru+0x53/0x58 [nouveau] > >>>> [ 55.444589] ? rpm_resume.part.13+0x72/0x365 > >>>> [ 55.444594] ? ktime_get_mono_fast_ns+0x5e/0xf2 > >>>> [ 55.444598] ? __pm_runtime_resume+0x5b/0x63 > >>>> [ 55.444647] nouveau_drm_ioctl+0x65/0x81 [nouveau] > >>>> [ 55.444696] ? nouveau_cli_work+0xc3/0xc3 [nouveau] > >>>> [ 55.444702] vfs_ioctl+0x1a/0x24 > >>>> [ 55.444706] __ia32_sys_ioctl+0x583/0x59d > >>>> [ 55.444711] ? doublefault_shim+0x120/0x120 > >>>> [ 55.444717] ? exit_to_user_mode_prepare+0x71/0xba > >>>> [ 55.444721] do_int80_syscall_32+0x2c/0x39 > >>>> [ 55.444725] entry_INT80_32+0xf0/0xf0 > >>>> [ 55.444729] EIP: 0xb7fb2092 > >>>> [ 55.444733] Code: 00 00 00 e9 90 ff ff ff ff a3 24 00 00 00 68 30 00 00 00 e9 80 ff ff ff ff a3 e8 ff ff ff 66 90 00 00 00 00 00 00 00 00 cd 80 8d b4 26 00 00 00 00 8d b6 00 00 00 00 8b 1c 24 c3 8d b4 26 00 > >>>> [ 55.444737] EAX: ffffffda EBX: 0000000e ECX: c01c64a3 EDX: bfe89750 > >>>> [ 55.444741] ESI: 02580b40 EDI: c01c64a3 EBP: 0000000e ESP: bfe89704 > >>>> [ 55.444744] DS: 007b ES: 007b FS: 0000 GS: 0033 SS: 007b EFLAGS: 00200292 > >>>> [ 55.444748] Modules linked in: i2c_dev nouveau serial_cs snd_intel8x0 snd_ac97_codec wmi hwmon ttm ac97_bus 8139cp snd_pcm pcmcia snd_timer snd sg soundcore psmouse yenta_socket serio_raw pcmcia_rsrc pcmcia_core intel_agp parport_pc parport > >>>> [ 55.444769] CR2: 00000000000001b0 > >>>> [ 55.444774] ---[ end trace e2b0d4c3c2e4e488 ]--- > >>>> [ 55.444827] EIP: nouveau_bo_wr16+0x8/0x27 [nouveau] > >>>> [ 55.444831] Code: 85 ff 74 0d 80 7d f3 00 74 07 80 a6 f4 01 00 00 fe 89 f0 e8 0c ef ff ff 8d 65 f4 89 f8 5b 5e 5f 5d c3 55 01 d2 89 e5 53 89 c3 <03> 93 b0 01 00 00 0f b7 c1 f6 83 b8 01 00 00 80 74 07 e8 40 49 69 > >>>> [ 55.444835] EAX: 00000000 EBX: 00000000 ECX: 00000000 EDX: 00000000 > >>>> [ 55.444838] ESI: 00000020 EDI: e7a14400 EBP: e786fd98 ESP: e786fd94 > >>>> [ 55.444842] DS: 007b ES: 007b FS: 00d8 GS: 0033 SS: 0068 EFLAGS: 00210246 > >>>> [ 55.444845] CR0: 80050033 CR2: 000001b0 CR3: 27896000 CR4: 00000690 > >>> Bisected this crash: > >>> # first bad commit: [141b15e59175aa174ca1f7596188bd15a7ca17ba] drm/nouveau: move io_reserve_lru handling into the driver v5 > >>> > >>> Adding Christian König to CC. > >> Tracked it down to an uninitialized variable bug. > >> I see now that this was fixed by aea656b0d05ec5b8ed5beb2f94c4dd42ea834e9d. > > So the first bad commit for the original bug is e34b8feeaa4b65725b25f49c9b08a0f8707e8e86 > > (as bisected before). > > Going one commit back and fixing the uninitialized variable and endian bugs manually makes nouveau work. > > Thanks for the heads up. So the problem with my patch is already fixed, > isn't it? The NULL pointer dereference in nouveau_bo_wr16 introduced in 141b15e59175aa174ca1f7596188bd15a7ca17ba was fixed by aea656b0d05ec5b8ed5beb2f94c4dd42ea834e9d. That's the bug I hit when bisecting the original problem: NULL pointer dereference in nouveau_bo_sync_for_device It's caused by: # first bad commit: [e34b8feeaa4b65725b25f49c9b08a0f8707e8e86] drm/ttm: merge ttm_dma_tt back into ttm_tt -- Ondrej Zary From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-3.8 required=3.0 tests=BAYES_00, HEADER_FROM_DIFFERENT_DOMAINS,MAILING_LIST_MULTI,NICE_REPLY_A,SPF_HELO_NONE, SPF_PASS autolearn=no autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 433C0C47095 for ; Wed, 9 Jun 2021 06:57:48 +0000 (UTC) Received: from gabe.freedesktop.org (gabe.freedesktop.org [131.252.210.177]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPS id 954C36124C for ; Wed, 9 Jun 2021 06:57:47 +0000 (UTC) DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org 954C36124C Authentication-Results: mail.kernel.org; dmarc=none (p=none dis=none) header.from=zary.sk Authentication-Results: mail.kernel.org; spf=none smtp.mailfrom=nouveau-bounces@lists.freedesktop.org Received: from gabe.freedesktop.org (localhost [127.0.0.1]) by gabe.freedesktop.org (Postfix) with ESMTP id 56FF26E0E8; Wed, 9 Jun 2021 06:57:47 +0000 (UTC) Received: from hosting.gsystem.sk (hosting.gsystem.sk [212.5.213.30]) by gabe.freedesktop.org (Postfix) with ESMTP id 04AC26E193; Wed, 9 Jun 2021 06:57:46 +0000 (UTC) Received: from [192.168.1.3] (ns.gsystem.sk [62.176.172.50]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by hosting.gsystem.sk (Postfix) with ESMTPSA id F0F607A044E; Wed, 9 Jun 2021 08:57:44 +0200 (CEST) From: Ondrej Zary To: Christian =?utf-8?q?K=C3=B6nig?= Date: Wed, 9 Jun 2021 08:57:41 +0200 User-Agent: KMail/1.9.10 References: <202106052143.52488.linux@zary.sk> <202106082359.12109.linux@zary.sk> In-Reply-To: X-KMail-QuotePrefix: > MIME-Version: 1.0 Content-Disposition: inline Message-Id: <202106090857.42133.linux@zary.sk> Subject: Re: [Nouveau] nouveau broken on Riva TNT2 in 5.13.0-rc4: NULL pointer dereference in nouveau_bo_sync_for_device X-BeenThere: nouveau@lists.freedesktop.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Nouveau development list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: nouveau@lists.freedesktop.org, Ben Skeggs , dri-devel@lists.freedesktop.org, linux-kernel@vger.kernel.org Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: base64 Errors-To: nouveau-bounces@lists.freedesktop.org Sender: "Nouveau" T24gV2VkbmVzZGF5IDA5IEp1bmUgMjAyMSwgQ2hyaXN0aWFuIEvDtm5pZyB3cm90ZToKPiBBbSAw OC4wNi4yMSB1bSAyMzo1OSBzY2hyaWViIE9uZHJlaiBaYXJ5Ogo+ID4gT24gVHVlc2RheSAwOCBK dW5lIDIwMjEgMjI6MDE6NTYgT25kcmVqIFphcnkgd3JvdGU6Cj4gPj4gT24gVHVlc2RheSAwOCBK dW5lIDIwMjEgMjA6NDc6NDIgT25kcmVqIFphcnkgd3JvdGU6Cj4gPj4+IE9uIE1vbmRheSAwNyBK dW5lIDIwMjEgMjI6NTg6NDMgT25kcmVqIFphcnkgd3JvdGU6Cj4gPj4+PiBPbiBTdW5kYXkgMDYg SnVuZSAyMDIxIDIzOjE2OjAzIE9uZHJlaiBaYXJ5IHdyb3RlOgo+ID4+Pj4+IE9uIFNhdHVyZGF5 IDA1IEp1bmUgMjAyMSAyMzozNDoyMyBPbmRyZWogWmFyeSB3cm90ZToKPiA+Pj4+Pj4gT24gU2F0 dXJkYXkgMDUgSnVuZSAyMDIxIDIxOjQzOjUyIE9uZHJlaiBaYXJ5IHdyb3RlOgo+ID4+Pj4+Pj4g SGVsbG8sCj4gPj4+Pj4+PiBJJ20gdGVzdGluZyA1LjEzLjAtcmM0IGFuZCBub3V2ZWF1IGNyYXNo ZXMgd2l0aCBOVUxMIHBvaW50ZXIgZGVyZWZlcmVuY2UgaW4gbm91dmVhdV9ib19zeW5jX2Zvcl9k ZXZpY2UuCj4gPj4+Pj4+PiBGb3VuZCB2YXJpb3VzIHJlcG9ydHMgbGlrZSB0aGlzIGJ1dCB0aGF0 IHdhcyBiYWNrIGluIGZlYnJ1YXJ5c28gdGhhdCBzaG91bGQgYmUgZml4ZWQgbm93Lgo+ID4+Pj4+ PiBTbyBpdCBpcyB0aGUgc2FtZSBidWcuIEJyb2tlbiBzaW5jZSA1LjExLiBUaGlzIHJldmVydCBm aXhlcyBpdCBpbiA1LjExOgo+ID4+Pj4+PiBodHRwczovL25hbTExLnNhZmVsaW5rcy5wcm90ZWN0 aW9uLm91dGxvb2suY29tLz91cmw9aHR0cHMlM0ElMkYlMkZsaXN0cy5mcmVlZGVza3RvcC5vcmcl MkZhcmNoaXZlcyUyRmRyaS1kZXZlbCUyRjIwMjEtRmVicnVhcnklMkYyOTg1MzEuaHRtbCZhbXA7 ZGF0YT0wNCU3QzAxJTdDY2hyaXN0aWFuLmtvZW5pZyU0MGFtZC5jb20lN0M2MDVkMmUzNzU3YmE0 NjZiYjAyYTA4ZDkyYWM4YTg5NSU3QzNkZDg5NjFmZTQ4ODRlNjA4ZTExYTgyZDk5NGUxODNkJTdD MCU3QzAlN0M2Mzc1ODc4NjQwMTc4NTMxMzIlN0NVbmtub3duJTdDVFdGcGJHWnNiM2Q4ZXlKV0lq b2lNQzR3TGpBd01EQWlMQ0pRSWpvaVYybHVNeklpTENKQlRpSTZJazFoYVd3aUxDSlhWQ0k2TW4w JTNEJTdDMzAwMCZhbXA7c2RhdGE9TTVLWFN3RCUyRm5ybzNjbkNvOE54NGxsRnUlMkZqMlQlMkZH UUFhTUJMZUdsMFhNYyUzRCZhbXA7cmVzZXJ2ZWQ9MAo+ID4+Pj4+Pgo+ID4+Pj4+PiBBZGRlZCBz b21lIGRlYnVnIHByaW50a3MgdG8gbm91dmVhdV9ib19zeW5jX2Zvcl9kZXZpY2U6Cj4gPj4+Pj4+ IFsgICAyMi4yMjUwNDhdIHR0bV9kbWE9ZmMzM2I1MDAKPiA+Pj4+Pj4gWyAgIDIyLjIyNTA2Nl0g dHRtX2RtYS0+bnVtX3BhZ2VzPTE4Cj4gPj4+Pj4+IFsgICAyMi4yMjUwNzFdIGk9MCBudW1fcGFn ZXM9MTYKPiA+Pj4+Pj4gWyAgIDIyLjIyNTA3N10gdHRtX2RtYS0+ZG1hX2FkZHJlc3M9MDAwMDAw MDAKPiA+Pj4+Pj4gWyAgIDIyLjIyNTA5NF0gQlVHOiBrZXJuZWwgTlVMTCBwb2ludGVyIGRlcmVm ZXJlbmNlLCBhZGRyZXNzOiAwMDAwMDAwMAo+ID4+Pj4+Pgo+ID4+Pj4+PiBTbyB0dG0tPmRtYV9h ZGRyZXNzIGlzIE5VTEwuCj4gPj4+Pj4+Cj4gPj4+Pj4gVGVzdGVkIHJldmVydGluZyBmMjk1Yzhj ZmVjODMzYzI3MDdmZjE1MTJkYTEwZDY1Mzg2ZGRlN2FmIGFnYWluIGFuZCBpdCBkb2VzIG5vdCB3 b3JrLi4uCj4gPj4+Pj4gTm90IHN1cmUgd2hhdCBJIGRpZCBiZWZvcmUuCj4gPj4+Pj4KPiA+Pj4+ PiBCaXNlY3RpbmcgYmV0d2VlbiA1LjEwIGFuZCA1LjExIGlzIGltcG9zc2libGUgLSBJIGtlZXAg aGl0dGluZyBuZXZlcmVuZGluZyBzdHJlYW0gb2YgYnVncy4KPiA+Pj4+PiBBcyBhbHdheXMgd2l0 aCBub3V2ZWF1Li4uCj4gPj4+PiBlMzRiOGZlZWFhNGI2NTcyNWIyNWY0OWM5YjA4YTBmODcwN2U4 ZTg2IHNlZW1zIHRvIGJlIHRoZSBmaXJzdCBiYWQgY29tbWl0Cj4gPj4+PiBHb2luZyBiYWNrIG9u ZSBjb21taXQgbWFrZXMgaXQgY3Jhc2ggaW4gYSBkaWZmZXJlbnQgd2F5Ogo+ID4+Pj4KPiA+Pj4+ IFsgICA1NS40NDQyMDhdIEJVRzoga2VybmVsIE5VTEwgcG9pbnRlciBkZXJlZmVyZW5jZSwgYWRk cmVzczogMDAwMDAxYjAKPiA+Pj4+IFsgICA1NS40NDQyMTldICNQRjogc3VwZXJ2aXNvciByZWFk IGFjY2VzcyBpbiBrZXJuZWwgbW9kZQo+ID4+Pj4gWyAgIDU1LjQ0NDIyMl0gI1BGOiBlcnJvcl9j b2RlKDB4MDAwMCkgLSBub3QtcHJlc2VudCBwYWdlCj4gPj4+PiBbICAgNTUuNDQ0MjI1XSAqcGRl ID0gMDAwMDAwMDAKPiA+Pj4+IFsgICA1NS40NDQyMzFdIE9vcHM6IDAwMDAgWyMxXSBTTVAKPiA+ Pj4+IFsgICA1NS40NDQyMzddIENQVTogMCBQSUQ6IDE3NDAgQ29tbTogWG9yZyBOb3QgdGFpbnRl ZCA1LjkuMC1yYzUrICMzNjEKPiA+Pj4+IFsgICA1NS40NDQyNDBdIEhhcmR3YXJlIG5hbWU6ICAv ODQ4UC1JQ0g1LCBCSU9TIDYuMDAgUEcgMDIvMDMvMjAwNQo+ID4+Pj4gWyAgIDU1LjQ0NDMyMV0g RUlQOiBub3V2ZWF1X2JvX3dyMTYrMHg4LzB4MjcgW25vdXZlYXVdCj4gPj4+PiBbICAgNTUuNDQ0 MzI2XSBDb2RlOiA4NSBmZiA3NCAwZCA4MCA3ZCBmMyAwMCA3NCAwNyA4MCBhNiBmNCAwMSAwMCAw MCBmZSA4OSBmMCBlOCAwYyBlZiBmZiBmZiA4ZCA2NSBmNCA4OSBmOCA1YiA1ZSA1ZiA1ZCBjMyA1 NSAwMSBkMiA4OSBlNSA1MyA4OSBjMyA8MDM+IDkzIGIwIDAxIDAwIDAwIDBmIGI3IGMxIGY2IDgz IGI4IDAxIDAwIDAwIDgwIDc0IDA3IGU4IDQwIDQ5IDY5Cj4gPj4+PiBbICAgNTUuNDQ0MzMwXSBF QVg6IDAwMDAwMDAwIEVCWDogMDAwMDAwMDAgRUNYOiAwMDAwMDAwMCBFRFg6IDAwMDAwMDAwCj4g Pj4+PiBbICAgNTUuNDQ0MzM0XSBFU0k6IDAwMDAwMDIwIEVESTogZTdhMTQ0MDAgRUJQOiBlNzg2 ZmQ5OCBFU1A6IGU3ODZmZDk0Cj4gPj4+PiBbICAgNTUuNDQ0MzM4XSBEUzogMDA3YiBFUzogMDA3 YiBGUzogMDBkOCBHUzogMDAzMyBTUzogMDA2OCBFRkxBR1M6IDAwMjEwMjQ2Cj4gPj4+PiBbICAg NTUuNDQ0MzQxXSBDUjA6IDgwMDUwMDMzIENSMjogMDAwMDAxYjAgQ1IzOiAyNzg5NjAwMCBDUjQ6 IDAwMDAwNjkwCj4gPj4+PiBbICAgNTUuNDQ0MzQ0XSBDYWxsIFRyYWNlOgo+ID4+Pj4gWyAgIDU1 LjQ0NDM5NV0gIG52MDRfY3J0Y19jdXJzb3Jfc2V0KzB4MTQ4LzB4MWQ4IFtub3V2ZWF1XQo+ID4+ Pj4gWyAgIDU1LjQ0NDQ0Ml0gID8gdHRtX2JvX3Jlc2VydmUuY29uc3Rwcm9wLjE1KzB4MWMvMHgx YyBbbm91dmVhdV0KPiA+Pj4+IFsgICA1NS40NDQ0NTFdICBkcm1fbW9kZV9jdXJzb3JfY29tbW9u KzB4MTNiLzB4MWFkCj4gPj4+PiBbICAgNTUuNDQ0NDk3XSAgPyB0dG1fYm9fcmVzZXJ2ZS5jb25z dHByb3AuMTUrMHgxYy8weDFjIFtub3V2ZWF1XQo+ID4+Pj4gWyAgIDU1LjQ0NDUwNF0gIGRybV9t b2RlX2N1cnNvcl9pb2N0bCsweDJlLzB4MzYKPiA+Pj4+IFsgICA1NS40NDQ1MDldICA/IGRybV9t b2RlX3NldHBsYW5lKzB4MjAzLzB4MjAzCj4gPj4+PiBbICAgNTUuNDQ0NTE0XSAgZHJtX2lvY3Rs X2tlcm5lbCsweDY2LzB4OTkKPiA+Pj4+IFsgICA1NS40NDQ1MThdICBkcm1faW9jdGwrMHgyMTEv MHgyZDgKPiA+Pj4+IFsgICA1NS40NDQ1MjJdICA/IGRybV9tb2RlX3NldHBsYW5lKzB4MjAzLzB4 MjAzCj4gPj4+PiBbICAgNTUuNDQ0NTI5XSAgPyBfY29uZF9yZXNjaGVkKzB4MWUvMHgyMgo+ID4+ Pj4gWyAgIDU1LjQ0NDUzM10gID8gbXV0ZXhfbG9jaysweGIvMHgyNAo+ID4+Pj4gWyAgIDU1LjQ0 NDU4Ml0gID8gbm91dmVhdV9ib19hZGRfaW9fcmVzZXJ2ZV9scnUrMHg1My8weDU4IFtub3V2ZWF1 XQo+ID4+Pj4gWyAgIDU1LjQ0NDU4OV0gID8gcnBtX3Jlc3VtZS5wYXJ0LjEzKzB4NzIvMHgzNjUK PiA+Pj4+IFsgICA1NS40NDQ1OTRdICA/IGt0aW1lX2dldF9tb25vX2Zhc3RfbnMrMHg1ZS8weGYy Cj4gPj4+PiBbICAgNTUuNDQ0NTk4XSAgPyBfX3BtX3J1bnRpbWVfcmVzdW1lKzB4NWIvMHg2Mwo+ ID4+Pj4gWyAgIDU1LjQ0NDY0N10gIG5vdXZlYXVfZHJtX2lvY3RsKzB4NjUvMHg4MSBbbm91dmVh dV0KPiA+Pj4+IFsgICA1NS40NDQ2OTZdICA/IG5vdXZlYXVfY2xpX3dvcmsrMHhjMy8weGMzIFtu b3V2ZWF1XQo+ID4+Pj4gWyAgIDU1LjQ0NDcwMl0gIHZmc19pb2N0bCsweDFhLzB4MjQKPiA+Pj4+ IFsgICA1NS40NDQ3MDZdICBfX2lhMzJfc3lzX2lvY3RsKzB4NTgzLzB4NTlkCj4gPj4+PiBbICAg NTUuNDQ0NzExXSAgPyBkb3VibGVmYXVsdF9zaGltKzB4MTIwLzB4MTIwCj4gPj4+PiBbICAgNTUu NDQ0NzE3XSAgPyBleGl0X3RvX3VzZXJfbW9kZV9wcmVwYXJlKzB4NzEvMHhiYQo+ID4+Pj4gWyAg IDU1LjQ0NDcyMV0gIGRvX2ludDgwX3N5c2NhbGxfMzIrMHgyYy8weDM5Cj4gPj4+PiBbICAgNTUu NDQ0NzI1XSAgZW50cnlfSU5UODBfMzIrMHhmMC8weGYwCj4gPj4+PiBbICAgNTUuNDQ0NzI5XSBF SVA6IDB4YjdmYjIwOTIKPiA+Pj4+IFsgICA1NS40NDQ3MzNdIENvZGU6IDAwIDAwIDAwIGU5IDkw IGZmIGZmIGZmIGZmIGEzIDI0IDAwIDAwIDAwIDY4IDMwIDAwIDAwIDAwIGU5IDgwIGZmIGZmIGZm IGZmIGEzIGU4IGZmIGZmIGZmIDY2IDkwIDAwIDAwIDAwIDAwIDAwIDAwIDAwIDAwIGNkIDgwIDxj Mz4gOGQgYjQgMjYgMDAgMDAgMDAgMDAgOGQgYjYgMDAgMDAgMDAgMDAgOGIgMWMgMjQgYzMgOGQg YjQgMjYgMDAKPiA+Pj4+IFsgICA1NS40NDQ3MzddIEVBWDogZmZmZmZmZGEgRUJYOiAwMDAwMDAw ZSBFQ1g6IGMwMWM2NGEzIEVEWDogYmZlODk3NTAKPiA+Pj4+IFsgICA1NS40NDQ3NDFdIEVTSTog MDI1ODBiNDAgRURJOiBjMDFjNjRhMyBFQlA6IDAwMDAwMDBlIEVTUDogYmZlODk3MDQKPiA+Pj4+ IFsgICA1NS40NDQ3NDRdIERTOiAwMDdiIEVTOiAwMDdiIEZTOiAwMDAwIEdTOiAwMDMzIFNTOiAw MDdiIEVGTEFHUzogMDAyMDAyOTIKPiA+Pj4+IFsgICA1NS40NDQ3NDhdIE1vZHVsZXMgbGlua2Vk IGluOiBpMmNfZGV2IG5vdXZlYXUgc2VyaWFsX2NzIHNuZF9pbnRlbDh4MCBzbmRfYWM5N19jb2Rl YyB3bWkgaHdtb24gdHRtIGFjOTdfYnVzIDgxMzljcCBzbmRfcGNtIHBjbWNpYSBzbmRfdGltZXIg c25kIHNnIHNvdW5kY29yZSBwc21vdXNlIHllbnRhX3NvY2tldCBzZXJpb19yYXcgcGNtY2lhX3Jz cmMgcGNtY2lhX2NvcmUgaW50ZWxfYWdwIHBhcnBvcnRfcGMgcGFycG9ydAo+ID4+Pj4gWyAgIDU1 LjQ0NDc2OV0gQ1IyOiAwMDAwMDAwMDAwMDAwMWIwCj4gPj4+PiBbICAgNTUuNDQ0Nzc0XSAtLS1b IGVuZCB0cmFjZSBlMmIwZDRjM2MyZTRlNDg4IF0tLS0KPiA+Pj4+IFsgICA1NS40NDQ4MjddIEVJ UDogbm91dmVhdV9ib193cjE2KzB4OC8weDI3IFtub3V2ZWF1XQo+ID4+Pj4gWyAgIDU1LjQ0NDgz MV0gQ29kZTogODUgZmYgNzQgMGQgODAgN2QgZjMgMDAgNzQgMDcgODAgYTYgZjQgMDEgMDAgMDAg ZmUgODkgZjAgZTggMGMgZWYgZmYgZmYgOGQgNjUgZjQgODkgZjggNWIgNWUgNWYgNWQgYzMgNTUg MDEgZDIgODkgZTUgNTMgODkgYzMgPDAzPiA5MyBiMCAwMSAwMCAwMCAwZiBiNyBjMSBmNiA4MyBi OCAwMSAwMCAwMCA4MCA3NCAwNyBlOCA0MCA0OSA2OQo+ID4+Pj4gWyAgIDU1LjQ0NDgzNV0gRUFY OiAwMDAwMDAwMCBFQlg6IDAwMDAwMDAwIEVDWDogMDAwMDAwMDAgRURYOiAwMDAwMDAwMAo+ID4+ Pj4gWyAgIDU1LjQ0NDgzOF0gRVNJOiAwMDAwMDAyMCBFREk6IGU3YTE0NDAwIEVCUDogZTc4NmZk OTggRVNQOiBlNzg2ZmQ5NAo+ID4+Pj4gWyAgIDU1LjQ0NDg0Ml0gRFM6IDAwN2IgRVM6IDAwN2Ig RlM6IDAwZDggR1M6IDAwMzMgU1M6IDAwNjggRUZMQUdTOiAwMDIxMDI0Ngo+ID4+Pj4gWyAgIDU1 LjQ0NDg0NV0gQ1IwOiA4MDA1MDAzMyBDUjI6IDAwMDAwMWIwIENSMzogMjc4OTYwMDAgQ1I0OiAw MDAwMDY5MAo+ID4+PiBCaXNlY3RlZCB0aGlzIGNyYXNoOgo+ID4+PiAjIGZpcnN0IGJhZCBjb21t aXQ6IFsxNDFiMTVlNTkxNzVhYTE3NGNhMWY3NTk2MTg4YmQxNWE3Y2ExN2JhXSBkcm0vbm91dmVh dTogbW92ZSBpb19yZXNlcnZlX2xydSBoYW5kbGluZyBpbnRvIHRoZSBkcml2ZXIgdjUKPiA+Pj4K PiA+Pj4gQWRkaW5nIENocmlzdGlhbiBLw7ZuaWcgdG8gQ0MuCj4gPj4gVHJhY2tlZCBpdCBkb3du IHRvIGFuIHVuaW5pdGlhbGl6ZWQgdmFyaWFibGUgYnVnLgo+ID4+IEkgc2VlIG5vdyB0aGF0IHRo aXMgd2FzIGZpeGVkIGJ5IGFlYTY1NmIwZDA1ZWM1YjhlZDViZWIyZjk0YzRkZDQyZWE4MzRlOWQu Cj4gPiBTbyB0aGUgZmlyc3QgYmFkIGNvbW1pdCBmb3IgdGhlIG9yaWdpbmFsIGJ1ZyBpcyBlMzRi OGZlZWFhNGI2NTcyNWIyNWY0OWM5YjA4YTBmODcwN2U4ZTg2Cj4gPiAoYXMgYmlzZWN0ZWQgYmVm b3JlKS4KPiA+IEdvaW5nIG9uZSBjb21taXQgYmFjayBhbmQgZml4aW5nIHRoZSB1bmluaXRpYWxp emVkIHZhcmlhYmxlIGFuZCBlbmRpYW4gYnVncyBtYW51YWxseSBtYWtlcyBub3V2ZWF1IHdvcmsu Cj4gCj4gVGhhbmtzIGZvciB0aGUgaGVhZHMgdXAuIFNvIHRoZSBwcm9ibGVtIHdpdGggbXkgcGF0 Y2ggaXMgYWxyZWFkeSBmaXhlZCwgCj4gaXNuJ3QgaXQ/CgpUaGUgTlVMTCBwb2ludGVyIGRlcmVm ZXJlbmNlIGluIG5vdXZlYXVfYm9fd3IxNiBpbnRyb2R1Y2VkIGluCjE0MWIxNWU1OTE3NWFhMTc0 Y2ExZjc1OTYxODhiZDE1YTdjYTE3YmEgd2FzIGZpeGVkIGJ5CmFlYTY1NmIwZDA1ZWM1YjhlZDVi ZWIyZjk0YzRkZDQyZWE4MzRlOWQuCgpUaGF0J3MgdGhlIGJ1ZyBJIGhpdCB3aGVuIGJpc2VjdGlu ZyB0aGUgb3JpZ2luYWwgcHJvYmxlbToKTlVMTCBwb2ludGVyIGRlcmVmZXJlbmNlIGluIG5vdXZl YXVfYm9fc3luY19mb3JfZGV2aWNlCkl0J3MgY2F1c2VkIGJ5OgojIGZpcnN0IGJhZCBjb21taXQ6 IFtlMzRiOGZlZWFhNGI2NTcyNWIyNWY0OWM5YjA4YTBmODcwN2U4ZTg2XSBkcm0vdHRtOiBtZXJn ZSB0dG1fZG1hX3R0IGJhY2sgaW50byB0dG1fdHQKCi0tIApPbmRyZWogWmFyeQpfX19fX19fX19f X19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fXwpOb3V2ZWF1IG1haWxpbmcgbGlz dApOb3V2ZWF1QGxpc3RzLmZyZWVkZXNrdG9wLm9yZwpodHRwczovL2xpc3RzLmZyZWVkZXNrdG9w Lm9yZy9tYWlsbWFuL2xpc3RpbmZvL25vdXZlYXUK From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-3.8 required=3.0 tests=BAYES_00, HEADER_FROM_DIFFERENT_DOMAINS,MAILING_LIST_MULTI,NICE_REPLY_A,SPF_HELO_NONE, SPF_PASS autolearn=no autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id D06F8C48BCF for ; Wed, 9 Jun 2021 06:57:48 +0000 (UTC) Received: from gabe.freedesktop.org (gabe.freedesktop.org [131.252.210.177]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPS id 39CFA61263 for ; Wed, 9 Jun 2021 06:57:48 +0000 (UTC) DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org 39CFA61263 Authentication-Results: mail.kernel.org; dmarc=none (p=none dis=none) header.from=zary.sk Authentication-Results: mail.kernel.org; spf=none smtp.mailfrom=dri-devel-bounces@lists.freedesktop.org Received: from gabe.freedesktop.org (localhost [127.0.0.1]) by gabe.freedesktop.org (Postfix) with ESMTP id 952ED6E0F1; Wed, 9 Jun 2021 06:57:47 +0000 (UTC) Received: from hosting.gsystem.sk (hosting.gsystem.sk [212.5.213.30]) by gabe.freedesktop.org (Postfix) with ESMTP id 04AC26E193; Wed, 9 Jun 2021 06:57:46 +0000 (UTC) Received: from [192.168.1.3] (ns.gsystem.sk [62.176.172.50]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by hosting.gsystem.sk (Postfix) with ESMTPSA id F0F607A044E; Wed, 9 Jun 2021 08:57:44 +0200 (CEST) From: Ondrej Zary To: Christian =?utf-8?q?K=C3=B6nig?= Subject: Re: nouveau broken on Riva TNT2 in 5.13.0-rc4: NULL pointer dereference in nouveau_bo_sync_for_device Date: Wed, 9 Jun 2021 08:57:41 +0200 User-Agent: KMail/1.9.10 References: <202106052143.52488.linux@zary.sk> <202106082359.12109.linux@zary.sk> In-Reply-To: X-KMail-QuotePrefix: > MIME-Version: 1.0 Content-Type: Text/Plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Content-Disposition: inline Message-Id: <202106090857.42133.linux@zary.sk> X-BeenThere: dri-devel@lists.freedesktop.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Direct Rendering Infrastructure - Development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: nouveau@lists.freedesktop.org, Ben Skeggs , dri-devel@lists.freedesktop.org, linux-kernel@vger.kernel.org Errors-To: dri-devel-bounces@lists.freedesktop.org Sender: "dri-devel" On Wednesday 09 June 2021, Christian K=C3=B6nig wrote: > Am 08.06.21 um 23:59 schrieb Ondrej Zary: > > On Tuesday 08 June 2021 22:01:56 Ondrej Zary wrote: > >> On Tuesday 08 June 2021 20:47:42 Ondrej Zary wrote: > >>> On Monday 07 June 2021 22:58:43 Ondrej Zary wrote: > >>>> On Sunday 06 June 2021 23:16:03 Ondrej Zary wrote: > >>>>> On Saturday 05 June 2021 23:34:23 Ondrej Zary wrote: > >>>>>> On Saturday 05 June 2021 21:43:52 Ondrej Zary wrote: > >>>>>>> Hello, > >>>>>>> I'm testing 5.13.0-rc4 and nouveau crashes with NULL pointer dere= ference in nouveau_bo_sync_for_device. > >>>>>>> Found various reports like this but that was back in februaryso t= hat should be fixed now. > >>>>>> So it is the same bug. Broken since 5.11. This revert fixes it in = 5.11: > >>>>>> https://nam11.safelinks.protection.outlook.com/?url=3Dhttps%3A%2F%= 2Flists.freedesktop.org%2Farchives%2Fdri-devel%2F2021-February%2F298531.htm= l&data=3D04%7C01%7Cchristian.koenig%40amd.com%7C605d2e3757ba466bb02a08d= 92ac8a895%7C3dd8961fe4884e608e11a82d994e183d%7C0%7C0%7C637587864017853132%7= CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwi= LCJXVCI6Mn0%3D%7C3000&sdata=3DM5KXSwD%2Fnro3cnCo8Nx4llFu%2Fj2T%2FGQAaMB= LeGl0XMc%3D&reserved=3D0 > >>>>>> > >>>>>> Added some debug printks to nouveau_bo_sync_for_device: > >>>>>> [ 22.225048] ttm_dma=3Dfc33b500 > >>>>>> [ 22.225066] ttm_dma->num_pages=3D18 > >>>>>> [ 22.225071] i=3D0 num_pages=3D16 > >>>>>> [ 22.225077] ttm_dma->dma_address=3D00000000 > >>>>>> [ 22.225094] BUG: kernel NULL pointer dereference, address: 0000= 0000 > >>>>>> > >>>>>> So ttm->dma_address is NULL. > >>>>>> > >>>>> Tested reverting f295c8cfec833c2707ff1512da10d65386dde7af again and= it does not work... > >>>>> Not sure what I did before. > >>>>> > >>>>> Bisecting between 5.10 and 5.11 is impossible - I keep hitting neve= rending stream of bugs. > >>>>> As always with nouveau... > >>>> e34b8feeaa4b65725b25f49c9b08a0f8707e8e86 seems to be the first bad c= ommit > >>>> Going back one commit makes it crash in a different way: > >>>> > >>>> [ 55.444208] BUG: kernel NULL pointer dereference, address: 000001= b0 > >>>> [ 55.444219] #PF: supervisor read access in kernel mode > >>>> [ 55.444222] #PF: error_code(0x0000) - not-present page > >>>> [ 55.444225] *pde =3D 00000000 > >>>> [ 55.444231] Oops: 0000 [#1] SMP > >>>> [ 55.444237] CPU: 0 PID: 1740 Comm: Xorg Not tainted 5.9.0-rc5+ #3= 61 > >>>> [ 55.444240] Hardware name: /848P-ICH5, BIOS 6.00 PG 02/03/2005 > >>>> [ 55.444321] EIP: nouveau_bo_wr16+0x8/0x27 [nouveau] > >>>> [ 55.444326] Code: 85 ff 74 0d 80 7d f3 00 74 07 80 a6 f4 01 00 00= fe 89 f0 e8 0c ef ff ff 8d 65 f4 89 f8 5b 5e 5f 5d c3 55 01 d2 89 e5 53 89= c3 <03> 93 b0 01 00 00 0f b7 c1 f6 83 b8 01 00 00 80 74 07 e8 40 49 69 > >>>> [ 55.444330] EAX: 00000000 EBX: 00000000 ECX: 00000000 EDX: 000000= 00 > >>>> [ 55.444334] ESI: 00000020 EDI: e7a14400 EBP: e786fd98 ESP: e786fd= 94 > >>>> [ 55.444338] DS: 007b ES: 007b FS: 00d8 GS: 0033 SS: 0068 EFLAGS: = 00210246 > >>>> [ 55.444341] CR0: 80050033 CR2: 000001b0 CR3: 27896000 CR4: 000006= 90 > >>>> [ 55.444344] Call Trace: > >>>> [ 55.444395] nv04_crtc_cursor_set+0x148/0x1d8 [nouveau] > >>>> [ 55.444442] ? ttm_bo_reserve.constprop.15+0x1c/0x1c [nouveau] > >>>> [ 55.444451] drm_mode_cursor_common+0x13b/0x1ad > >>>> [ 55.444497] ? ttm_bo_reserve.constprop.15+0x1c/0x1c [nouveau] > >>>> [ 55.444504] drm_mode_cursor_ioctl+0x2e/0x36 > >>>> [ 55.444509] ? drm_mode_setplane+0x203/0x203 > >>>> [ 55.444514] drm_ioctl_kernel+0x66/0x99 > >>>> [ 55.444518] drm_ioctl+0x211/0x2d8 > >>>> [ 55.444522] ? drm_mode_setplane+0x203/0x203 > >>>> [ 55.444529] ? _cond_resched+0x1e/0x22 > >>>> [ 55.444533] ? mutex_lock+0xb/0x24 > >>>> [ 55.444582] ? nouveau_bo_add_io_reserve_lru+0x53/0x58 [nouveau] > >>>> [ 55.444589] ? rpm_resume.part.13+0x72/0x365 > >>>> [ 55.444594] ? ktime_get_mono_fast_ns+0x5e/0xf2 > >>>> [ 55.444598] ? __pm_runtime_resume+0x5b/0x63 > >>>> [ 55.444647] nouveau_drm_ioctl+0x65/0x81 [nouveau] > >>>> [ 55.444696] ? nouveau_cli_work+0xc3/0xc3 [nouveau] > >>>> [ 55.444702] vfs_ioctl+0x1a/0x24 > >>>> [ 55.444706] __ia32_sys_ioctl+0x583/0x59d > >>>> [ 55.444711] ? doublefault_shim+0x120/0x120 > >>>> [ 55.444717] ? exit_to_user_mode_prepare+0x71/0xba > >>>> [ 55.444721] do_int80_syscall_32+0x2c/0x39 > >>>> [ 55.444725] entry_INT80_32+0xf0/0xf0 > >>>> [ 55.444729] EIP: 0xb7fb2092 > >>>> [ 55.444733] Code: 00 00 00 e9 90 ff ff ff ff a3 24 00 00 00 68 30= 00 00 00 e9 80 ff ff ff ff a3 e8 ff ff ff 66 90 00 00 00 00 00 00 00 00 cd= 80 8d b4 26 00 00 00 00 8d b6 00 00 00 00 8b 1c 24 c3 8d b4 26 00 > >>>> [ 55.444737] EAX: ffffffda EBX: 0000000e ECX: c01c64a3 EDX: bfe897= 50 > >>>> [ 55.444741] ESI: 02580b40 EDI: c01c64a3 EBP: 0000000e ESP: bfe897= 04 > >>>> [ 55.444744] DS: 007b ES: 007b FS: 0000 GS: 0033 SS: 007b EFLAGS: = 00200292 > >>>> [ 55.444748] Modules linked in: i2c_dev nouveau serial_cs snd_inte= l8x0 snd_ac97_codec wmi hwmon ttm ac97_bus 8139cp snd_pcm pcmcia snd_timer = snd sg soundcore psmouse yenta_socket serio_raw pcmcia_rsrc pcmcia_core int= el_agp parport_pc parport > >>>> [ 55.444769] CR2: 00000000000001b0 > >>>> [ 55.444774] ---[ end trace e2b0d4c3c2e4e488 ]--- > >>>> [ 55.444827] EIP: nouveau_bo_wr16+0x8/0x27 [nouveau] > >>>> [ 55.444831] Code: 85 ff 74 0d 80 7d f3 00 74 07 80 a6 f4 01 00 00= fe 89 f0 e8 0c ef ff ff 8d 65 f4 89 f8 5b 5e 5f 5d c3 55 01 d2 89 e5 53 89= c3 <03> 93 b0 01 00 00 0f b7 c1 f6 83 b8 01 00 00 80 74 07 e8 40 49 69 > >>>> [ 55.444835] EAX: 00000000 EBX: 00000000 ECX: 00000000 EDX: 000000= 00 > >>>> [ 55.444838] ESI: 00000020 EDI: e7a14400 EBP: e786fd98 ESP: e786fd= 94 > >>>> [ 55.444842] DS: 007b ES: 007b FS: 00d8 GS: 0033 SS: 0068 EFLAGS: = 00210246 > >>>> [ 55.444845] CR0: 80050033 CR2: 000001b0 CR3: 27896000 CR4: 000006= 90 > >>> Bisected this crash: > >>> # first bad commit: [141b15e59175aa174ca1f7596188bd15a7ca17ba] drm/no= uveau: move io_reserve_lru handling into the driver v5 > >>> > >>> Adding Christian K=C3=B6nig to CC. > >> Tracked it down to an uninitialized variable bug. > >> I see now that this was fixed by aea656b0d05ec5b8ed5beb2f94c4dd42ea834= e9d. > > So the first bad commit for the original bug is e34b8feeaa4b65725b25f49= c9b08a0f8707e8e86 > > (as bisected before). > > Going one commit back and fixing the uninitialized variable and endian = bugs manually makes nouveau work. >=20 > Thanks for the heads up. So the problem with my patch is already fixed,=20 > isn't it? The NULL pointer dereference in nouveau_bo_wr16 introduced in 141b15e59175aa174ca1f7596188bd15a7ca17ba was fixed by aea656b0d05ec5b8ed5beb2f94c4dd42ea834e9d. That's the bug I hit when bisecting the original problem: NULL pointer dereference in nouveau_bo_sync_for_device It's caused by: # first bad commit: [e34b8feeaa4b65725b25f49c9b08a0f8707e8e86] drm/ttm: mer= ge ttm_dma_tt back into ttm_tt =2D-=20 Ondrej Zary