Received: by 2002:a05:6359:6284:b0:131:369:b2a3 with SMTP id se4csp5501750rwb;
        Wed, 9 Aug 2023 05:20:13 -0700 (PDT)
X-Google-Smtp-Source: AGHT+IEKS7IsPqkVkf8eWhwHEZ0fxis9HBsJoppy+yon80/rHcoaUvhjEmkWqu5tS9rE2PMNWqof
X-Received: by 2002:a05:6a21:3399:b0:13f:7de2:604d with SMTP id yy25-20020a056a21339900b0013f7de2604dmr2955334pzb.42.1691583613364;
        Wed, 09 Aug 2023 05:20:13 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1691583613; cv=none;
        d=google.com; s=arc-20160816;
        b=H56Pp2j44ni+n30ZzCOdIpVyt/DTCgPx3QPDVr3yjtwVp/itl08kq03+tfkt8HSPBt
         DGgBj6N6yaxDd3xufR45Lzu+vDbFHR1316E3KH6YwKsIWlHCuOHO6szbKpvaOt+kghjW
         mokcy2z2okvsJ7jV3JrircRMZZw2gz1L9vTC5DeKSEdZgHHbbJCL8++t15Xj8+6I36SJ
         w0laTp42VXevs+jK7jyP72wxO4wV4vrSH+a5GvN5hhhXv6qdlIsnZ9BnmEFYYpcDyEJ7
         maKu2gLnCQXGbfcOQJnz9fs/RN787wwd9NwJlrJ72tJZnC/5jNtEoYyHAbnWIZAN80iH
         WA5Q==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:content-transfer-encoding:mime-version
         :user-agent:references:in-reply-to:subject:cc:to:from:message-id
         :date:dkim-signature:dkim-signature;
        bh=ZXqbNkPhxrHJjA6bpUqFZBzz9hYjBCND70omMeZbgHI=;
        fh=EOMm7+P4wbYsXuroOELXGd9B4s6B3pMvko8BJ8DuE94=;
        b=BZ21Tx3NBogznJNWclytSSmPKMzYbNn+4h8JMk+kInlpRgTWrKw/uCMuLQphg5Sz+I
         k+ioEB3Nhgtpf8qtKtWXSqNa5XFZteq5N4x+BFNZgAyL+XRIQ6LLqz8HMPSMx9Y1k5+R
         wh2FqSEkZp/Sp9SNWKO9qhZtEJXzWfrrnJ9W1Oau5PTvmUn8e09kddefsNxLN2FQ6pz6
         W3iMuUMMy/gsh/WtgLmfZ05fnqWx474enzW47ZQpitrAQIRVoHWIExKrIOisINcKA9V/
         i/p07b2i2NLzNRev6P5Nw0HHaWtmYrgdG5OiKNUxLei9bLr9vNr5s0sySR37qcZAhmXP
         mOfw==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@suse.de header.s=susede2_rsa header.b=hg2o8wy+;
       dkim=neutral (no key) header.i=@suse.de header.s=susede2_ed25519 header.b="/uG5ZyKH";
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=suse.de
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20])
        by mx.google.com with ESMTP id t10-20020a170902dcca00b001bb821e394esi6314703pll.319.2023.08.09.05.20.00;
        Wed, 09 Aug 2023 05:20:13 -0700 (PDT)
Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@suse.de header.s=susede2_rsa header.b=hg2o8wy+;
       dkim=neutral (no key) header.i=@suse.de header.s=susede2_ed25519 header.b="/uG5ZyKH";
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=suse.de
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S231671AbjHILqH (ORCPT <rfc822;artur.folwarczny@gmail.com>
        + 99 others); Wed, 9 Aug 2023 07:46:07 -0400
Received: from lindbergh.monkeyblade.net ([23.128.96.19]:49916 "EHLO
        lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S230194AbjHILqG (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Wed, 9 Aug 2023 07:46:06 -0400
Received: from smtp-out1.suse.de (smtp-out1.suse.de [IPv6:2001:67c:2178:6::1c])
        by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 64F05A3
        for <linux-kernel@vger.kernel.org>; Wed,  9 Aug 2023 04:46:01 -0700 (PDT)
Received: from imap2.suse-dmz.suse.de (imap2.suse-dmz.suse.de [192.168.254.74])
        (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
         key-exchange X25519 server-signature ECDSA (P-521) server-digest SHA512)
        (No client certificate requested)
        by smtp-out1.suse.de (Postfix) with ESMTPS id 15AB321845;
        Wed,  9 Aug 2023 11:46:00 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=suse.de; s=susede2_rsa;
        t=1691581560; h=from:from:reply-to:date:date:message-id:message-id:to:to:cc:cc:
         mime-version:mime-version:content-type:content-type:
         content-transfer-encoding:content-transfer-encoding:
         in-reply-to:in-reply-to:references:references;
        bh=ZXqbNkPhxrHJjA6bpUqFZBzz9hYjBCND70omMeZbgHI=;
        b=hg2o8wy+bi/ka9DcoJOUgg3oeEVlLbCqV0hzt2hOjlvQYINz17LiSXAGryu4DbPTjh4znw
        xWrebdhVn84Z8xedCe2OAMTIzwL4PpMbn6XLZBhCQXX4KoUO1UCVkkyoEWrK/uJrbSm+qn
        7j3oIDJiAE5ct9if2geQbQDhACiP10g=
DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=suse.de;
        s=susede2_ed25519; t=1691581560;
        h=from:from:reply-to:date:date:message-id:message-id:to:to:cc:cc:
         mime-version:mime-version:content-type:content-type:
         content-transfer-encoding:content-transfer-encoding:
         in-reply-to:in-reply-to:references:references;
        bh=ZXqbNkPhxrHJjA6bpUqFZBzz9hYjBCND70omMeZbgHI=;
        b=/uG5ZyKHs+uIcWJuFD7t1X6y29ZmnWV9eUf3Zlt2FjeYWaYNU5AnKXgKMvtzQD1N+mRY25
        n+4iWPYAHA9Go+Ag==
Received: from imap2.suse-dmz.suse.de (imap2.suse-dmz.suse.de [192.168.254.74])
        (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
         key-exchange X25519 server-signature ECDSA (P-521) server-digest SHA512)
        (No client certificate requested)
        by imap2.suse-dmz.suse.de (Postfix) with ESMTPS id CE674133B5;
        Wed,  9 Aug 2023 11:45:59 +0000 (UTC)
Received: from dovecot-director2.suse.de ([192.168.254.65])
        by imap2.suse-dmz.suse.de with ESMTPSA
        id lsd0MXd802R1WAAAMHmgww
        (envelope-from <tiwai@suse.de>); Wed, 09 Aug 2023 11:45:59 +0000
Date:   Wed, 09 Aug 2023 13:45:59 +0200
Message-ID: <874jl8fngo.wl-tiwai@suse.de>
From:   Takashi Iwai <tiwai@suse.de>
To:     Karol Herbst <kherbst@redhat.com>
Cc:     Takashi Iwai <tiwai@suse.de>, nouveau@lists.freedesktop.org,
        lkml <linux-kernel@vger.kernel.org>,
        dri-devel@lists.freedesktop.org, regressions@leemhuis.info,
        Borislav Petkov <bp@alien8.de>, Ben Skeggs <bskeggs@redhat.com>
Subject: Re: 2b5d1c29f6c4 ("drm/nouveau/disp: PIOR DP uses GPIO for HPD, not PMGR AUX interrupts")
In-Reply-To: <CACO55tszwFEgt=8xn4auAE7KJVs3ybGG68OzL9HJt19XGVhhHQ@mail.gmail.com>
References: <20230806213107.GFZNARG6moWpFuSJ9W@fat_crate.local>
        <CACO55tvZD5U4J8DawFTRVnV-dLYLngfhuqO29_sWNEGofKfnBg@mail.gmail.com>
        <20230807150521.GGZNEIMQ9rsyCmkpoA@fat_crate.local>
        <CACO55tvWuSdwdirj7S3Dk-r4NAw8jC8g5RHKFd62WXi43iQP-w@mail.gmail.com>
        <87fs4sfu54.wl-tiwai@suse.de>
        <CACO55tszwFEgt=8xn4auAE7KJVs3ybGG68OzL9HJt19XGVhhHQ@mail.gmail.com>
User-Agent: Wanderlust/2.15.9 (Almost Unreal) Emacs/27.2 Mule/6.0
MIME-Version: 1.0 (generated by SEMI-EPG 1.14.7 - "Harue")
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
X-Spam-Status: No, score=-2.1 required=5.0 tests=BAYES_00,DKIM_SIGNED,
        DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_BLOCKED,
        SPF_HELO_NONE,SPF_PASS,URIBL_BLOCKED autolearn=ham autolearn_force=no
        version=3.4.6
X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on
        lindbergh.monkeyblade.net
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

On Wed, 09 Aug 2023 13:42:09 +0200,
Karol Herbst wrote:
> 
> On Wed, Aug 9, 2023 at 11:22 AM Takashi Iwai <tiwai@suse.de> wrote:
> >
> > On Tue, 08 Aug 2023 12:39:32 +0200,
> > Karol Herbst wrote:
> > >
> > > On Mon, Aug 7, 2023 at 5:05 PM Borislav Petkov <bp@alien8.de> wrote:
> > > >
> > > > On Mon, Aug 07, 2023 at 01:49:42PM +0200, Karol Herbst wrote:
> > > > > in what way does it stop? Just not progressing? That would be kinda
> > > > > concerning. Mind tracing with what arguments `nvkm_uevent_add` is
> > > > > called with and without that patch?
> > > >
> > > > Well, me dumping those args I guess made the box not freeze before
> > > > catching a #PF over serial. Does that help?
> > > >
> > > > ....
> > > > [    3.410135] Unpacking initramfs...
> > > > [    3.416319] software IO TLB: mapped [mem 0x00000000a877d000-0x00000000ac77d000] (64MB)
> > > > [    3.418227] Initialise system trusted keyrings
> > > > [    3.432273] workingset: timestamp_bits=56 max_order=22 bucket_order=0
> > > > [    3.439006] ntfs: driver 2.1.32 [Flags: R/W].
> > > > [    3.443368] fuse: init (API version 7.38)
> > > > [    3.447601] 9p: Installing v9fs 9p2000 file system support
> > > > [    3.453223] Key type asymmetric registered
> > > > [    3.457332] Asymmetric key parser 'x509' registered
> > > > [    3.462236] Block layer SCSI generic (bsg) driver version 0.4 loaded (major 250)
> > > > [    3.475865] efifb: probing for efifb
> > > > [    3.479458] efifb: framebuffer at 0xf9000000, using 1920k, total 1920k
> > > > [    3.485969] efifb: mode is 800x600x32, linelength=3200, pages=1
> > > > [    3.491872] efifb: scrolling: redraw
> > > > [    3.495438] efifb: Truecolor: size=8:8:8:8, shift=24:16:8:0
> > > > [    3.502349] Console: switching to colour frame buffer device 100x37
> > > > [    3.509564] fb0: EFI VGA frame buffer device
> > > > [    3.514013] ACPI: \_PR_.CP00: Found 4 idle states
> > > > [    3.518850] ACPI: \_PR_.CP01: Found 4 idle states
> > > > [    3.523687] ACPI: \_PR_.CP02: Found 4 idle states
> > > > [    3.528515] ACPI: \_PR_.CP03: Found 4 idle states
> > > > [    3.533346] ACPI: \_PR_.CP04: Found 4 idle states
> > > > [    3.538173] ACPI: \_PR_.CP05: Found 4 idle states
> > > > [    3.543003] ACPI: \_PR_.CP06: Found 4 idle states
> > > > [    3.544219] Freeing initrd memory: 8196K
> > > > [    3.547844] ACPI: \_PR_.CP07: Found 4 idle states
> > > > [    3.609542] Serial: 8250/16550 driver, 4 ports, IRQ sharing enabled
> > > > [    3.616224] 00:05: ttyS0 at I/O 0x3f8 (irq = 4, base_baud = 115200) is a 16550A
> > > > [    3.625552] serial 0000:00:16.3: enabling device (0000 -> 0003)
> > > > [    3.633034] 0000:00:16.3: ttyS1 at I/O 0xf0a0 (irq = 17, base_baud = 115200) is a 16550A
> > > > [    3.642451] Linux agpgart interface v0.103
> > > > [    3.647141] ACPI: bus type drm_connector registered
> > > > [    3.653261] Console: switching to colour dummy device 80x25
> > > > [    3.659092] nouveau 0000:03:00.0: vgaarb: deactivate vga console
> > > > [    3.665174] nouveau 0000:03:00.0: NVIDIA GT218 (0a8c00b1)
> > > > [    3.784585] nouveau 0000:03:00.0: bios: version 70.18.83.00.08
> > > > [    3.792244] nouveau 0000:03:00.0: fb: 512 MiB DDR3
> > > > [    3.948786] nouveau 0000:03:00.0: DRM: VRAM: 512 MiB
> > > > [    3.953755] nouveau 0000:03:00.0: DRM: GART: 1048576 MiB
> > > > [    3.959073] nouveau 0000:03:00.0: DRM: TMDS table version 2.0
> > > > [    3.964808] nouveau 0000:03:00.0: DRM: DCB version 4.0
> > > > [    3.969938] nouveau 0000:03:00.0: DRM: DCB outp 00: 02000360 00000000
> > > > [    3.976367] nouveau 0000:03:00.0: DRM: DCB outp 01: 02000362 00020010
> > > > [    3.982792] nouveau 0000:03:00.0: DRM: DCB outp 02: 028003a6 0f220010
> > > > [    3.989223] nouveau 0000:03:00.0: DRM: DCB outp 03: 01011380 00000000
> > > > [    3.995647] nouveau 0000:03:00.0: DRM: DCB outp 04: 08011382 00020010
> > > > [    4.002076] nouveau 0000:03:00.0: DRM: DCB outp 05: 088113c6 0f220010
> > > > [    4.008511] nouveau 0000:03:00.0: DRM: DCB conn 00: 00101064
> > > > [    4.014151] nouveau 0000:03:00.0: DRM: DCB conn 01: 00202165
> > > > [    4.021710] nvkm_uevent_add: uevent: 0xffff888100242100, event: 0xffff8881022de1a0, id: 0x0, bits: 0x1, func: 0x0000000000000000
> > > > [    4.033680] nvkm_uevent_add: uevent: 0xffff888100242300, event: 0xffff8881022de1a0, id: 0x0, bits: 0x1, func: 0x0000000000000000
> > > > [    4.045429] nouveau 0000:03:00.0: DRM: MM: using COPY for buffer copies
> > > > [    4.052059] stackdepot: allocating hash table of 1048576 entries via kvcalloc
> > > > [    4.067191] nvkm_uevent_add: uevent: 0xffff888100242800, event: 0xffff888104b3e260, id: 0x0, bits: 0x1, func: 0x0000000000000000
> > > > [    4.078936] nvkm_uevent_add: uevent: 0xffff888100242900, event: 0xffff888104b3e260, id: 0x1, bits: 0x1, func: 0x0000000000000000
> > > > [    4.090514] nvkm_uevent_add: uevent: 0xffff888100242a00, event: 0xffff888102091f28, id: 0x1, bits: 0x3, func: 0xffffffff8177b700
> > > > [    4.102118] tsc: Refined TSC clocksource calibration: 3591.345 MHz
> > > > [    4.108342] clocksource: tsc: mask: 0xffffffffffffffff max_cycles: 0x33c4635c383, max_idle_ns: 440795314831 ns
> > > > [    4.108401] nvkm_uevent_add: uevent: 0xffff8881020b6000, event: 0xffff888102091f28, id: 0xf, bits: 0x3, func: 0xffffffff8177b700
> > > > [    4.129864] clocksource: Switched to clocksource tsc
> > > > [    4.131478] [drm] Initialized nouveau 1.3.1 20120801 for 0000:03:00.0 on minor 0
> > > > [    4.143806] BUG: kernel NULL pointer dereference, address: 0000000000000020
> > >
> > > ahh, that would have been good to know :) Mind figuring out what's
> > > exactly NULL inside nvif_object_mthd? Or rather what line
> > > `nvif_object_mthd+0x136` belongs to, then it should be easy to figure
> > > out what's wrong here.
> >
> > FWIW, we've hit the bug on openSUSE Tumbleweed 6.4.8 kernel:
> >   https://bugzilla.suse.com/show_bug.cgi?id=1214073
> > Confirmed that reverting the patch cured the issue.
> >
> > FWIW, loading nouveau showed a refcount_t warning just before the NULL
> > dereference:
> >
> 
> mh, I wonder if one of those `return -EINVAL;` branches is hit where
> it wasn't before. Could some of you check if `nvkm_uconn_uevent`
> returns -EINVAL with that patch where it didn't before? I wonder if
> it's the `if (&outp->head == &conn->disp->outps) return -EINVAL;` and
> if remove that fixes the crash?

Please give a patch, then I can build a kernel and let the reporter
testing it :)


thanks,

Takashi