Re: [bisected] Re: drm, qxl: post 5.11 merge warning+explosion

From: Christian König
Date: Thu Dec 17 2020 - 11:40:13 EST


Am 17.12.20 um 17:26 schrieb Mike Galbraith:
On Thu, 2020-12-17 at 17:24 +0100, Christian König wrote:
Hi Mike,

what exactly is the warning from qxl you are seeing?
[ 1.815561] WARNING: CPU: 7 PID: 355 at drivers/gpu/drm/ttm/ttm_pool.c:365 ttm_pool_alloc+0x41b/0x540 [ttm]

Yeah, that is an expected result.

Looks like qxl does something quite odd here, it allocates an dma_address array but doesn't have a device to fill them.

On the other hand I don't see qxl using the allocated dma_addresses. Dave do you have an idea why qxl is doing that?

Mike can you test the attached patch?

Thanks in advance,
Christian.

[ 1.815561] Modules linked in: ext4(E) crc16(E) mbcache(E) jbd2(E) ata_generic(E) ata_piix(E) virtio_console(E) virtio_rng(E) virtio_blk(E) qxl(E) drm_ttm_helper(E) ttm(E) drm_kms_helper(E) syscopyarea(E) sysfillrect(E) sysimgblt(E) ahci(E) fb_sys_fops(E) cec(E) libahci(E) uhci_hcd(E) ehci_pci(E) rc_core(E) ehci_hcd(E) crc32c_intel(E) serio_raw(E) virtio_pci(E) virtio_ring(E) 8139cp(E) virtio(E) libata(E) drm(E) usbcore(E) mii(E) sg(E) dm_multipath(E) dm_mod(E) scsi_dh_rdac(E) scsi_dh_emc(E) scsi_dh_alua(E) scsi_mod(E) autofs4(E)
[ 1.815589] CPU: 7 PID: 355 Comm: kworker/7:2 Tainted: G E 5.10.0.g489e9fe-master #26
[ 1.815590] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.12.0-59-gc9ba527-rebuilt.opensuse.org 04/01/2014
[ 1.815614] Workqueue: events drm_fb_helper_dirty_work [drm_kms_helper]
[ 1.815621] RIP: 0010:ttm_pool_alloc+0x41b/0x540 [ttm]
[ 1.815623] Code: fc ff ff 89 ea 48 8d 04 d5 00 00 00 00 48 29 d0 48 8d 3c c5 00 1c 40 a0 e9 d7 fc ff ff 85 c0 0f 89 2f fc ff ff e9 28 fc ff ff <0f> 0b e9 35 fc ff ff 89 e9 49 8b 7d 00 b8 00 10 00 00 48 d3 e0 45
[ 1.815623] RSP: 0018:ffff888105d3b818 EFLAGS: 00010246
[ 1.815625] RAX: 0000000000000000 RBX: ffff888106978800 RCX: 0000000000000000
[ 1.815626] RDX: ffff888105d3bc68 RSI: 0000000000000001 RDI: ffff888106238820
[ 1.815626] RBP: ffff888106238758 R08: ffffc90000296000 R09: 800000000000016b
[ 1.815627] R10: 0000000000000001 R11: ffffc90000296000 R12: 0000000000000000
[ 1.815628] R13: ffff888106238820 R14: 0000000000000000 R15: ffff888106978800
[ 1.815628] FS: 0000000000000000(0000) GS:ffff888237dc0000(0000) knlGS:0000000000000000
[ 1.815632] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 1.815633] CR2: 00007eff52a0d5b8 CR3: 0000000002010003 CR4: 00000000001706e0
[ 1.815633] Call Trace:
[ 1.815644] ttm_tt_populate+0xb1/0xc0 [ttm]
[ 1.815647] ttm_bo_move_memcpy+0x4a5/0x500 [ttm]
[ 1.815652] qxl_bo_move+0x230/0x2f0 [qxl]
[ 1.815655] ttm_bo_handle_move_mem+0x79/0x140 [ttm]
[ 1.815657] ttm_bo_evict+0x124/0x250 [ttm]
[ 1.815693] ? drm_mm_insert_node_in_range+0x55c/0x580 [drm]
[ 1.815696] ttm_mem_evict_first+0x110/0x3d0 [ttm]
[ 1.815698] ttm_bo_mem_space+0x261/0x270 [ttm]
[ 1.815702] ? qxl_ttm_debugfs_init+0xb0/0xb0 [qxl]
[ 1.815705] ttm_bo_validate+0x117/0x150 [ttm]
[ 1.815756] ttm_bo_init_reserved+0x2c8/0x3c0 [ttm]
[ 1.815772] qxl_bo_create+0x134/0x1d0 [qxl]
[ 1.815775] ? qxl_ttm_debugfs_init+0xb0/0xb0 [qxl]
[ 1.815791] qxl_alloc_bo_reserved+0x2c/0x90 [qxl]
[ 1.815794] qxl_image_alloc_objects+0xa3/0x120 [qxl]
[ 1.815797] qxl_draw_dirty_fb+0x155/0x450 [qxl]
[ 1.815815] ? _cond_resched+0x15/0x40
[ 1.815819] ? ww_mutex_lock_interruptible+0x12/0x60
[ 1.815822] qxl_framebuffer_surface_dirty+0x14f/0x1a0 [qxl]
[ 1.815841] drm_fb_helper_dirty_work+0x11d/0x180 [drm_kms_helper]
[ 1.815853] process_one_work+0x1f5/0x3c0
[ 1.815866] ? process_one_work+0x3c0/0x3c0
[ 1.815867] worker_thread+0x2d/0x3d0
[ 1.815868] ? process_one_work+0x3c0/0x3c0
[ 1.815872] kthread+0x117/0x130
[ 1.815876] ? kthread_park+0x90/0x90
[ 1.815880] ret_from_fork+0x1f/0x30
[ 1.815886] ---[ end trace 51e464c1e89a1728 ]---
[ 1.815894] BUG: kernel NULL pointer dereference, address: 0000000000000230
[ 1.815895] #PF: supervisor read access in kernel mode
[ 1.815895] #PF: error_code(0x0000) - not-present page
[ 1.815896] PGD 0 P4D 0
[ 1.815898] Oops: 0000 [#1] SMP NOPTI
[ 1.815900] CPU: 7 PID: 355 Comm: kworker/7:2 Tainted: G W E 5.10.0.g489e9fe-master #26
[ 1.815901] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.12.0-59-gc9ba527-rebuilt.opensuse.org 04/01/2014
[ 1.815916] Workqueue: events drm_fb_helper_dirty_work [drm_kms_helper]
[ 1.815921] RIP: 0010:dma_map_page_attrs+0xf/0x1c0
[ 1.815922] Code: 1f 17 5b 01 48 85 c0 75 e3 31 c0 c3 66 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 0f 1f 44 00 00 41 55 41 54 55 53 48 83 ec 08 <48> 8b 87 30 02 00 00 48 85 c0 48 0f 44 05 e7 16 5b 01 41 83 f8 02
[ 1.815923] RSP: 0018:ffff888105d3b7e8 EFLAGS: 00010296
[ 1.815924] RAX: 0000000000001000 RBX: 0000000000000001 RCX: 0000000000001000
[ 1.815924] RDX: 0000000000000000 RSI: ffffea0004171e40 RDI: 0000000000000000
[ 1.815925] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[ 1.815925] R10: ffffea0004171e40 R11: ffffc90000296000 R12: 0000000000000001
[ 1.815926] R13: ffff888106238820 R14: ffff888105d07100 R15: ffff888106978800
[ 1.815926] FS: 0000000000000000(0000) GS:ffff888237dc0000(0000) knlGS:0000000000000000
[ 1.815928] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 1.815929] CR2: 0000000000000230 CR3: 0000000002010003 CR4: 00000000001706e0
[ 1.815929] Call Trace:
[ 1.815937] ttm_pool_alloc+0x448/0x540 [ttm]
[ 1.815940] ttm_tt_populate+0xb1/0xc0 [ttm]
[ 1.815942] ttm_bo_move_memcpy+0x4a5/0x500 [ttm]
[ 1.815945] qxl_bo_move+0x230/0x2f0 [qxl]
[ 1.815947] ttm_bo_handle_move_mem+0x79/0x140 [ttm]
[ 1.815949] ttm_bo_evict+0x124/0x250 [ttm]
[ 1.815982] ? drm_mm_insert_node_in_range+0x55c/0x580 [drm]
[ 1.815984] ttm_mem_evict_first+0x110/0x3d0 [ttm]
[ 1.815988] ttm_bo_mem_space+0x261/0x270 [ttm]
[ 1.890133] ? qxl_ttm_debugfs_init+0xb0/0xb0 [qxl]
[ 1.890138] ttm_bo_validate+0x117/0x150 [ttm]
[ 1.891740] ttm_bo_init_reserved+0x2c8/0x3c0 [ttm]
[ 1.891744] qxl_bo_create+0x134/0x1d0 [qxl]
[ 1.893398] ? qxl_ttm_debugfs_init+0xb0/0xb0 [qxl]
[ 1.893400] qxl_alloc_bo_reserved+0x2c/0x90 [qxl]
[ 1.893402] qxl_image_alloc_objects+0xa3/0x120 [qxl]
[ 1.893405] qxl_draw_dirty_fb+0x155/0x450 [qxl]
[ 1.896515] ? _cond_resched+0x15/0x40
[ 1.896517] ? ww_mutex_lock_interruptible+0x12/0x60
[ 1.896520] qxl_framebuffer_surface_dirty+0x14f/0x1a0 [qxl]
[ 1.896533] drm_fb_helper_dirty_work+0x11d/0x180 [drm_kms_helper]
[ 1.896537] process_one_work+0x1f5/0x3c0
[ 1.900535] ? process_one_work+0x3c0/0x3c0
[ 1.900536] worker_thread+0x2d/0x3d0
[ 1.900538] ? process_one_work+0x3c0/0x3c0
[ 1.902704] kthread+0x117/0x130
[ 1.902706] ? kthread_park+0x90/0x90
[ 1.902709] ret_from_fork+0x1f/0x30
[ 1.902711] Modules linked in: ext4(E) crc16(E) mbcache(E) jbd2(E) ata_generic(E) ata_piix(E) virtio_console(E) virtio_rng(E) virtio_blk(E) qxl(E) drm_ttm_helper(E) ttm(E) drm_kms_helper(E) syscopyarea(E) sysfillrect(E) sysimgblt(E) ahci(E) fb_sys_fops(E) cec(E) libahci(E) uhci_hcd(E) ehci_pci(E) rc_core(E) ehci_hcd(E) crc32c_intel(E) serio_raw(E) virtio_pci(E) virtio_ring(E) 8139cp(E) virtio(E) libata(E) drm(E) usbcore(E) mii(E) sg(E) dm_multipath(E) dm_mod(E) scsi_dh_rdac(E) scsi_dh_emc(E) scsi_dh_alua(E) scsi_mod(E) autofs4(E)
[ 1.904797] Dumping ftrace buffer:
[ 1.911038] (ftrace buffer empty)
[ 1.911041] CR2: 0000000000000230