> [184218.xxx] warning: > /usr/src/sys/external/bsd/drm2/dist/drm/nouveau/nvkm/engine/disp/nouveau_nvkm_engine_disp_headgf119.c:83: > 1
can you patch this code to print the value of "data" here? it's probably a bad request for userland, but the BUG_ON() here does not give you any indication on _what_. > [184218.xxx] uvm_fault(0xffffffff8191ba80, 0xffffb649e46a3000, 2) -> e > [184218.xxx] fatal page fault in supervisor mode > [184218.xxx] trap type 6 code 0x2 ... this line's contents would have included the fault address, which is kinda useful for next time :-) > [184218.xxx] curlpw 0xffffa8d4e6f36500 pid 27414.3207 lowest kstrack > 0xffffb589296452c0 > kernel: page fault trap, code=0 > Stopped in pid 27414.3207 (mpv) at netbsd:evo_wait+0x7b: movl $0x20000 > 000,0(%rdx,%rax,1) > evo_wait() at netbsd:evo_wait+0x7b > base507c_ntfy_set() > nv50_wndw_flush_set() > nv50_disp_atomic_commit_tail() > nv50_disp_atomic_commit() > drm_atomic_helper_set_config() > drm_mode_setcrtc() > drm_ioctl() can you find out where evo_wait+0x7b is? in my kernel it's at line 243, and the disasm seems to patch your "movl" above. 235 evo_wait(struct nv50_dmac *evoc, int nr) 236 { 237 struct nv50_dmac *dmac = evoc; 238 struct nvif_device *device = dmac->base.device; 239 u32 put = nvif_rd32(&dmac->base.user, 0x0000) / 4; 240 241 spin_lock(&dmac->lock); 242 if (put + nr >= (PAGE_SIZE / 4) - 8) { 243 dmac->ptr[put] = 0x20000000; 244 evo_flush(dmac); Dump of assembler code for function evo_wait: 0xffffffff8084dfe1 <+0>: push %rbp [...] 0xffffffff8084e05c <+123>: movl $0x20000000,(%rdx,%rax,1) (0x7b = 123) probably "dmac->ptr" is invalid here. a quick guess at the code indicates it's only set once in nv50_dmac_create(), the source from the caller(s). at least, i can't see it set anywhere else right now. .mrg.