On Sat, Jun 13, 2020 at 12:15:13PM +0100, Stuart Henderson wrote:
> Same with a newer kernel.
>
> OpenBSD 6.7-current (GENERIC.MP) #3: Thu Jun 11 19:47:48 BST 2020
> st...@symphytum.spacehopper.org:/sys/arch/amd64/compile/GENERIC.MP
>
> uvm_fault(0xfffffd86e2f6c120, 0x51, 0, 1) -> e
> kernel: page fault trap, code=0
> Stopped at i915_request_create+0x4b: movq 0x50(%r14),%rdi
> ddb{1}> tr
0x50 is the offset in the struct of requests
r14 in 1 in both traces and appears to be tl
I don't yet see how that is possible, can you try this diff and tell me
if the printf triggers?
Index: sys/dev/pci/drm/i915/i915_request.c
===================================================================
RCS file: /cvs/src/sys/dev/pci/drm/i915/i915_request.c,v
retrieving revision 1.3
diff -u -p -r1.3 i915_request.c
--- sys/dev/pci/drm/i915/i915_request.c 8 Jun 2020 04:48:11 -0000 1.3
+++ sys/dev/pci/drm/i915/i915_request.c 14 Jun 2020 05:33:44 -0000
@@ -877,6 +877,11 @@ i915_request_create(struct intel_context
if (IS_ERR(tl))
return ERR_CAST(tl);
+ if ((vaddr_t)tl == 1) {
+ printf("%s tl == 1\n", __func__);
+ return ERR_PTR(-EINVAL);
+ }
+
/* Move our oldest request to the slab-cache (if not in use!) */
rq = list_first_entry(&tl->requests, typeof(*rq), link);
if (!list_is_last(&rq->link, &tl->requests))
