Bug 28763 - Kernel Oops when displaying a large image
Summary: Kernel Oops when displaying a large image
Status: RESOLVED INVALID
Alias: None
Product: xorg
Classification: Unclassified
Component: Driver/nouveau (show other bugs)
Version: 7.5 (2009.10)
Hardware: Other All
: high critical
Assignee: Nouveau Project
QA Contact: Xorg Project Team
URL:
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2010-06-26 00:59 UTC by Gabriel Kerneis
Modified: 2013-08-18 18:10 UTC (History)
3 users (show)

See Also:
i915 platform:
i915 features:

Attachments
syslog-2.6.32 (213.27 KB, text/plain)
2010-06-26 00:59 UTC, Gabriel Kerneis 		no flags Details
Xorg.log (24.88 KB, text/plain)
2010-06-26 01:00 UTC, Gabriel Kerneis 		no flags Details
syslog-2.6.34 (18.84 KB, text/plain)
2010-06-26 01:00 UTC, Gabriel Kerneis 		no flags Details
kern.org (2.6.35-rc3) (156.60 KB, text/plain)
2010-06-28 02:24 UTC, Gabriel Kerneis 		no flags Details
some BUG_ONs in affected code (798 bytes, patch)
2010-06-28 12:21 UTC, Marcin Slusarz 		no flags Details | Splinter Review
syslog 2.6.35-rc3 with BUG_ON (20.13 KB, text/plain)
2010-07-01 06:03 UTC, Gabriel Kerneis 		no flags Details
kernel.log (5.83 KB, text/plain)
2010-10-22 15:34 UTC, Leonid Isaev 		no flags Details
Show Obsolete (1) View All

Description Gabriel Kerneis 2010-06-26 00:59:43 UTC 
Created attachment 36509 [details]
syslog-2.6.32

[This bug has initially being reported against Debian: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=587149 ; this is mostly copy/paste of what has been told there]

Hi,

I face X crashes (bug #1) and kernel oops (bug #2) when displaying
large images.

This might be two separate bugs, but since they share a common cause
I join them in a single report.  I am not sure either whether this is
the correct package to report the bug against, please feel free to
reassign it if I am wrong.

Bug#1:

This first time it happened, I was trying to display a 2200x1200 px png
image using qiv, a few days ago.  X crashed and I got back to gdm login.

Today, I tried to display a 3000x3000 px jpg image[1] in Iceweasel.  It
first crashed as above.  I got a backtrace in Xorg.log featuring calls
to the nouveau driver, but cannot be more precise since I sadly lost the
trace in subsequent crashes (see below) and have not been able to
reproduce it since then.  dmesg did not contain anything relevant about
this crash (see /var/log/syslog below @ 12:41:31 - gdm error message).

[1] http://geoeyemediaportal.s3.amazonaws.com/assets/images/gallery/ge1/hires/tehran_iran_02_11_10.jpg

Bug #2:

I tried to load again the above-mentioned image and got a kernel oops;
a few seconds later, a second oops occurred and froze the machine.

After a reboot, I have been able to reproduce the bug:
- load the above image in Iceweasel,
- while it is loading (it takes some time), move the Iceweasel window
  and resize it.  [I am using Xmonad, so this basically boils down to
  open new terminal windows and change the layout.]
- some parts of the image become dark, you see a kernel oops in your
  terminal window, the image continues to load slowly, the second oops
  happens and then the screen becomes black. It always takes two oops to
  freeze.

Since I have a way to reproduce the bug, I can try to get more
information if you tell me precisely what you expect (I have no
experience of any kind with kernel/X debugging).

See the attached files syslog-2.6.32 (look for "Oops") and Xorg.log (nothing relevant I fear). 

On Fri, Jun 25, 2010 at 02:46:11PM +0100, Julien Cristau wrote:
> Is this reproducible with the kernel and X driver from experimental
> (note that you need to upgrade both as the ABI changed between 2.6.33
> and 2.6.34)?

Yes.  See the attached file syslog-2.6.34.


Note that this bug is very similar to a bug reported on the dri-devel ML:
http://www.mail-archive.com/dri-devel@lists.sourceforge.net/msg46220.html
But this bug has been corrected:
http://www.mail-archive.com/dri-devel@lists.sourceforge.net/msg47752.html
And the fix is included in linux-2.6_2.6.34-1~experimental where I can still
reproduce the problem, so this is likely a different issue (although similar).

You might also be interested by a similar bug reported by a Fedora user:
http://bugzilla.redhat.com/show_bug.cgi?id=595203

Regards,
Gabriel Kerneis
Comment 1 Gabriel Kerneis 2010-06-26 01:00:22 UTC 
Created attachment 36510 [details]
Xorg.log
Comment 2 Gabriel Kerneis 2010-06-26 01:00:50 UTC 
Created attachment 36511 [details]
syslog-2.6.34
Comment 3 Marcin Slusarz 2010-06-26 05:16:32 UTC 
what is the output of

gdb /lib/modules/2.6.34-1-amd64/kernel/drivers/gpu/drm/ttm/ttm.ko
disassemble ttm_tt_swapout

?

could you compile 2.6.35-rc3 with debug info (at least CONFIG_DEBUG_INFO and CONFIG_FRAME_POINTER) and reproduce it?
Comment 4 Gabriel Kerneis 2010-06-28 01:08:23 UTC 
$ gdb /lib/modules/2.6.34-1-amd64/kernel/drivers/gpu/drm/ttm/ttm.ko
GNU gdb (GDB) 7.1-debian
Copyright (C) 2010 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.  Type "show copying"
and "show warranty" for details.
This GDB was configured as "x86_64-linux-gnu".
For bug reporting instructions, please see:
<http://www.gnu.org/software/gdb/bugs/>...
Reading symbols from /lib/modules/2.6.34-1-amd64/kernel/drivers/gpu/drm/ttm/ttm.ko...(no debugging symbols found)...done.
(gdb) disassemble ttm_tt_swapout
Dump of assembler code for function ttm_tt_swapout:
   0x00000000000010a6 <+0>:	push   %r15
   0x00000000000010a8 <+2>:	push   %r14
   0x00000000000010aa <+4>:	push   %r13
   0x00000000000010ac <+6>:	mov    %rsi,%r13
   0x00000000000010af <+9>:	push   %r12
   0x00000000000010b1 <+11>:	push   %rbp
   0x00000000000010b2 <+12>:	push   %rbx
   0x00000000000010b3 <+13>:	mov    %rdi,%rbx
   0x00000000000010b6 <+16>:	sub    $0x18,%rsp
   0x00000000000010ba <+20>:	mov    0x5c(%rdi),%eax
   0x00000000000010bd <+23>:	dec    %eax
   0x00000000000010bf <+25>:	cmp    $0x1,%eax
   0x00000000000010c2 <+28>:	jbe    0x10c8 <ttm_tt_swapout+34>
   0x00000000000010c4 <+30>:	ud2a   
   0x00000000000010c6 <+32>:	jmp    0x10c6 <ttm_tt_swapout+32>
   0x00000000000010c8 <+34>:	cmpl   $0x2,0x58(%rdi)
   0x00000000000010cc <+38>:	je     0x10d2 <ttm_tt_swapout+44>
   0x00000000000010ce <+40>:	ud2a   
   0x00000000000010d0 <+42>:	jmp    0x10d0 <ttm_tt_swapout+42>
   0x00000000000010d2 <+44>:	testb  $0x2,0x20(%rdi)
   0x00000000000010d6 <+48>:	je     0x10f0 <ttm_tt_swapout+74>
   0x00000000000010d8 <+50>:	callq  0xa6a <ttm_tt_free_user_pages>
   0x00000000000010dd <+55>:	xor    %ebp,%ebp
   0x00000000000010df <+57>:	orl    $0x10,0x20(%rbx)
   0x00000000000010e3 <+61>:	movq   $0x0,0x50(%rbx)
   0x00000000000010eb <+69>:	jmpq   0x1277 <ttm_tt_swapout+465>
   0x00000000000010f0 <+74>:	test   %rsi,%rsi
   0x00000000000010f3 <+77>:	mov    %rsi,%r12
   0x00000000000010f6 <+80>:	jne    0x112f <ttm_tt_swapout+137>
   0x00000000000010f8 <+82>:	mov    0x28(%rdi),%rsi
   0x00000000000010fc <+86>:	xor    %edx,%edx
   0x00000000000010fe <+88>:	mov    $0x0,%rdi
   0x0000000000001105 <+95>:	shl    $0xc,%rsi
   0x0000000000001109 <+99>:	callq  0x110e <ttm_tt_swapout+104>
   0x000000000000110e <+104>:	cmp    $0xfffffffffffff000,%rax
   0x0000000000001114 <+110>:	mov    %rax,%r12
   0x0000000000001117 <+113>:	jbe    0x112f <ttm_tt_swapout+137>
   0x0000000000001119 <+115>:	mov    $0x0,%rdi
   0x0000000000001120 <+122>:	xor    %eax,%eax
   0x0000000000001122 <+124>:	mov    %r12d,%ebp
   0x0000000000001125 <+127>:	callq  0x112a <ttm_tt_swapout+132>
   0x000000000000112a <+132>:	jmpq   0x1277 <ttm_tt_swapout+465>
   0x000000000000112f <+137>:	mov    0x18(%r12),%rax
   0x0000000000001134 <+142>:	mov    %gs:0x0,%rbp
   0x000000000000113d <+151>:	sub    $0x1fd8,%rbp
   0x0000000000001144 <+158>:	mov    0x10(%rax),%rax
   0x0000000000001148 <+162>:	mov    0x110(%rax),%r14
   0x000000000000114f <+169>:	movl   $0x0,0xc(%rsp)
   0x0000000000001157 <+177>:	jmpq   0x123a <ttm_tt_swapout+404>
   0x000000000000115c <+182>:	mov    0x8(%rbx),%rax
   0x0000000000001160 <+186>:	mov    (%rax,%rsi,8),%r15
   0x0000000000001164 <+190>:	test   %r15,%r15
   0x0000000000001167 <+193>:	je     0x1236 <ttm_tt_swapout+400>
   0x000000000000116d <+199>:	mov    0x58(%r14),%rax
   0x0000000000001171 <+203>:	xor    %ecx,%ecx
   0x0000000000001173 <+205>:	mov    %r14,%rdi
   0x0000000000001176 <+208>:	mov    0x8(%rax),%rdx
   0x000000000000117a <+212>:	callq  0x117f <ttm_tt_swapout+217>
   0x000000000000117f <+217>:	cmp    $0xfffffffffffff000,%rax
   0x0000000000001185 <+223>:	mov    %rax,%rdx
   0x0000000000001188 <+226>:	jbe    0x119a <ttm_tt_swapout+244>
   0x000000000000118a <+228>:	test   %r13,%r13
   0x000000000000118d <+231>:	mov    %eax,%ebp
   0x000000000000118f <+233>:	jne    0x1277 <ttm_tt_swapout+465>
   0x0000000000001195 <+239>:	jmpq   0x126f <ttm_tt_swapout+457>
   0x000000000000119a <+244>:	incl   0x1c(%rbp)
   0x000000000000119d <+247>:	incl   0x1c(%rbp)
   0x00000000000011a0 <+250>:	movabs $0x160000000000,%rcx
   0x00000000000011aa <+260>:	lea    (%rax,%rcx,1),%rax
   0x00000000000011ae <+264>:	movabs $0x6db6db6db6db6db7,%rcx
   0x00000000000011b8 <+274>:	sar    $0x3,%rax
   0x00000000000011bc <+278>:	imul   %rcx,%rax
   0x00000000000011c0 <+282>:	movabs $0xffff880000000000,%rcx
   0x00000000000011ca <+292>:	shl    $0xc,%rax
   0x00000000000011ce <+296>:	add    %rcx,%rax
   0x00000000000011d1 <+299>:	movabs $0x160000000000,%rcx
   0x00000000000011db <+309>:	lea    (%r15,%rcx,1),%rsi
   0x00000000000011df <+313>:	movabs $0x6db6db6db6db6db7,%rcx
   0x00000000000011e9 <+323>:	mov    %rax,%rdi
   0x00000000000011ec <+326>:	sar    $0x3,%rsi
   0x00000000000011f0 <+330>:	imul   %rcx,%rsi
   0x00000000000011f4 <+334>:	movabs $0xffff880000000000,%rcx
   0x00000000000011fe <+344>:	shl    $0xc,%rsi
   0x0000000000001202 <+348>:	add    %rcx,%rsi
   0x0000000000001205 <+351>:	mov    $0x400,%ecx
   0x000000000000120a <+356>:	rep movsl %ds:(%rsi),%es:(%rdi)
   0x000000000000120c <+358>:	decl   0x1c(%rbp)
   0x000000000000120f <+361>:	decl   0x1c(%rbp)
   0x0000000000001212 <+364>:	mov    %rdx,%rdi
   0x0000000000001215 <+367>:	mov    %rdx,(%rsp)
   0x0000000000001219 <+371>:	callq  0x121e <ttm_tt_swapout+376>
   0x000000000000121e <+376>:	mov    (%rsp),%rdx
   0x0000000000001222 <+380>:	mov    %rdx,%rdi
   0x0000000000001225 <+383>:	callq  0x122a <ttm_tt_swapout+388>
   0x000000000000122a <+388>:	mov    (%rsp),%rdx
   0x000000000000122e <+392>:	mov    %rdx,%rdi
   0x0000000000001231 <+395>:	callq  0x1236 <ttm_tt_swapout+400>
   0x0000000000001236 <+400>:	incl   0xc(%rsp)
   0x000000000000123a <+404>:	movslq 0xc(%rsp),%rsi
   0x000000000000123f <+409>:	cmp    0x28(%rbx),%rsi
   0x0000000000001243 <+413>:	jb     0x115c <ttm_tt_swapout+182>
   0x0000000000001249 <+419>:	mov    %rbx,%rdi
   0x000000000000124c <+422>:	xor    %ebp,%ebp
   0x000000000000124e <+424>:	callq  0xe91 <ttm_tt_free_alloced_pages>
   0x0000000000001253 <+429>:	mov    0x20(%rbx),%eax
   0x0000000000001256 <+432>:	mov    %r12,0x50(%rbx)
   0x000000000000125a <+436>:	mov    %eax,%edx
   0x000000000000125c <+438>:	or     $0x10,%edx
   0x000000000000125f <+441>:	test   %r13,%r13
   0x0000000000001262 <+444>:	mov    %edx,0x20(%rbx)
   0x0000000000001265 <+447>:	je     0x1277 <ttm_tt_swapout+465>
   0x0000000000001267 <+449>:	or     $0x30,%eax
   0x000000000000126a <+452>:	mov    %eax,0x20(%rbx)
   0x000000000000126d <+455>:	jmp    0x1277 <ttm_tt_swapout+465>
   0x000000000000126f <+457>:	mov    %r12,%rdi
   0x0000000000001272 <+460>:	callq  0x1277 <ttm_tt_swapout+465>
   0x0000000000001277 <+465>:	add    $0x18,%rsp
   0x000000000000127b <+469>:	mov    %ebp,%eax
   0x000000000000127d <+471>:	pop    %rbx
   0x000000000000127e <+472>:	pop    %rbp
   0x000000000000127f <+473>:	pop    %r12
   0x0000000000001281 <+475>:	pop    %r13
   0x0000000000001283 <+477>:	pop    %r14
   0x0000000000001285 <+479>:	pop    %r15
   0x0000000000001287 <+481>:	retq   
End of assembler dump.


> could you compile 2.6.35-rc3 with debug info (at least CONFIG_DEBUG_INFO and
> CONFIG_FRAME_POINTER) and reproduce it?

I'll try and let you know.

Best regards.
Comment 5 Gabriel Kerneis 2010-06-28 02:23:43 UTC 
I confirm that I can reproduce this with 2.6.35-rc3 (compiled with the requested flags).

Dump of assembler code for function ttm_tt_swapout:
   0x00000000000010a6 <+0>:	push   %r15
   0x00000000000010a8 <+2>:	push   %r14
   0x00000000000010aa <+4>:	push   %r13
   0x00000000000010ac <+6>:	mov    %rsi,%r13
   0x00000000000010af <+9>:	push   %r12
   0x00000000000010b1 <+11>:	push   %rbp
   0x00000000000010b2 <+12>:	push   %rbx
   0x00000000000010b3 <+13>:	mov    %rdi,%rbx
   0x00000000000010b6 <+16>:	sub    $0x18,%rsp
   0x00000000000010ba <+20>:	mov    0x5c(%rdi),%eax
   0x00000000000010bd <+23>:	dec    %eax
   0x00000000000010bf <+25>:	cmp    $0x1,%eax
   0x00000000000010c2 <+28>:	jbe    0x10c8 <ttm_tt_swapout+34>
   0x00000000000010c4 <+30>:	ud2a   
   0x00000000000010c6 <+32>:	jmp    0x10c6 <ttm_tt_swapout+32>
   0x00000000000010c8 <+34>:	cmpl   $0x2,0x58(%rdi)
   0x00000000000010cc <+38>:	je     0x10d2 <ttm_tt_swapout+44>
   0x00000000000010ce <+40>:	ud2a   
   0x00000000000010d0 <+42>:	jmp    0x10d0 <ttm_tt_swapout+42>
   0x00000000000010d2 <+44>:	testb  $0x2,0x20(%rdi)
   0x00000000000010d6 <+48>:	je     0x10f0 <ttm_tt_swapout+74>
   0x00000000000010d8 <+50>:	callq  0xa6a <ttm_tt_free_user_pages>
   0x00000000000010dd <+55>:	xor    %ebp,%ebp
   0x00000000000010df <+57>:	orl    $0x10,0x20(%rbx)
   0x00000000000010e3 <+61>:	movq   $0x0,0x50(%rbx)
   0x00000000000010eb <+69>:	jmpq   0x1277 <ttm_tt_swapout+465>
   0x00000000000010f0 <+74>:	test   %rsi,%rsi
   0x00000000000010f3 <+77>:	mov    %rsi,%r12
   0x00000000000010f6 <+80>:	jne    0x112f <ttm_tt_swapout+137>
   0x00000000000010f8 <+82>:	mov    0x28(%rdi),%rsi
   0x00000000000010fc <+86>:	xor    %edx,%edx
   0x00000000000010fe <+88>:	mov    $0x0,%rdi
   0x0000000000001105 <+95>:	shl    $0xc,%rsi
   0x0000000000001109 <+99>:	callq  0x110e <ttm_tt_swapout+104>
   0x000000000000110e <+104>:	cmp    $0xfffffffffffff000,%rax
   0x0000000000001114 <+110>:	mov    %rax,%r12
   0x0000000000001117 <+113>:	jbe    0x112f <ttm_tt_swapout+137>
   0x0000000000001119 <+115>:	mov    $0x0,%rdi
   0x0000000000001120 <+122>:	xor    %eax,%eax
   0x0000000000001122 <+124>:	mov    %r12d,%ebp
   0x0000000000001125 <+127>:	callq  0x112a <ttm_tt_swapout+132>
   0x000000000000112a <+132>:	jmpq   0x1277 <ttm_tt_swapout+465>
   0x000000000000112f <+137>:	mov    0x18(%r12),%rax
   0x0000000000001134 <+142>:	mov    %gs:0x0,%rbp
   0x000000000000113d <+151>:	sub    $0x1fd8,%rbp
   0x0000000000001144 <+158>:	mov    0x10(%rax),%rax
   0x0000000000001148 <+162>:	mov    0x110(%rax),%r14
   0x000000000000114f <+169>:	movl   $0x0,0xc(%rsp)
   0x0000000000001157 <+177>:	jmpq   0x123a <ttm_tt_swapout+404>
   0x000000000000115c <+182>:	mov    0x8(%rbx),%rax
   0x0000000000001160 <+186>:	mov    (%rax,%rsi,8),%r15
   0x0000000000001164 <+190>:	test   %r15,%r15
   0x0000000000001167 <+193>:	je     0x1236 <ttm_tt_swapout+400>
   0x000000000000116d <+199>:	mov    0x58(%r14),%rax
   0x0000000000001171 <+203>:	xor    %ecx,%ecx
   0x0000000000001173 <+205>:	mov    %r14,%rdi
   0x0000000000001176 <+208>:	mov    0x8(%rax),%rdx
   0x000000000000117a <+212>:	callq  0x117f <ttm_tt_swapout+217>
   0x000000000000117f <+217>:	cmp    $0xfffffffffffff000,%rax
   0x0000000000001185 <+223>:	mov    %rax,%rdx
   0x0000000000001188 <+226>:	jbe    0x119a <ttm_tt_swapout+244>
   0x000000000000118a <+228>:	test   %r13,%r13
   0x000000000000118d <+231>:	mov    %eax,%ebp
   0x000000000000118f <+233>:	jne    0x1277 <ttm_tt_swapout+465>
   0x0000000000001195 <+239>:	jmpq   0x126f <ttm_tt_swapout+457>
   0x000000000000119a <+244>:	incl   0x1c(%rbp)
   0x000000000000119d <+247>:	incl   0x1c(%rbp)
   0x00000000000011a0 <+250>:	movabs $0x160000000000,%rcx
   0x00000000000011aa <+260>:	lea    (%rax,%rcx,1),%rax
   0x00000000000011ae <+264>:	movabs $0x6db6db6db6db6db7,%rcx
   0x00000000000011b8 <+274>:	sar    $0x3,%rax
   0x00000000000011bc <+278>:	imul   %rcx,%rax
   0x00000000000011c0 <+282>:	movabs $0xffff880000000000,%rcx
   0x00000000000011ca <+292>:	shl    $0xc,%rax
   0x00000000000011ce <+296>:	add    %rcx,%rax
   0x00000000000011d1 <+299>:	movabs $0x160000000000,%rcx
   0x00000000000011db <+309>:	lea    (%r15,%rcx,1),%rsi
   0x00000000000011df <+313>:	movabs $0x6db6db6db6db6db7,%rcx
   0x00000000000011e9 <+323>:	mov    %rax,%rdi
   0x00000000000011ec <+326>:	sar    $0x3,%rsi
   0x00000000000011f0 <+330>:	imul   %rcx,%rsi
   0x00000000000011f4 <+334>:	movabs $0xffff880000000000,%rcx
   0x00000000000011fe <+344>:	shl    $0xc,%rsi
   0x0000000000001202 <+348>:	add    %rcx,%rsi
   0x0000000000001205 <+351>:	mov    $0x400,%ecx
   0x000000000000120a <+356>:	rep movsl %ds:(%rsi),%es:(%rdi)
   0x000000000000120c <+358>:	decl   0x1c(%rbp)
   0x000000000000120f <+361>:	decl   0x1c(%rbp)
   0x0000000000001212 <+364>:	mov    %rdx,%rdi
   0x0000000000001215 <+367>:	mov    %rdx,(%rsp)
   0x0000000000001219 <+371>:	callq  0x121e <ttm_tt_swapout+376>
   0x000000000000121e <+376>:	mov    (%rsp),%rdx
   0x0000000000001222 <+380>:	mov    %rdx,%rdi
   0x0000000000001225 <+383>:	callq  0x122a <ttm_tt_swapout+388>
   0x000000000000122a <+388>:	mov    (%rsp),%rdx
   0x000000000000122e <+392>:	mov    %rdx,%rdi
   0x0000000000001231 <+395>:	callq  0x1236 <ttm_tt_swapout+400>
   0x0000000000001236 <+400>:	incl   0xc(%rsp)
   0x000000000000123a <+404>:	movslq 0xc(%rsp),%rsi
   0x000000000000123f <+409>:	cmp    0x28(%rbx),%rsi
   0x0000000000001243 <+413>:	jb     0x115c <ttm_tt_swapout+182>
   0x0000000000001249 <+419>:	mov    %rbx,%rdi
   0x000000000000124c <+422>:	xor    %ebp,%ebp
   0x000000000000124e <+424>:	callq  0xe91 <ttm_tt_free_alloced_pages>
   0x0000000000001253 <+429>:	mov    0x20(%rbx),%eax
   0x0000000000001256 <+432>:	mov    %r12,0x50(%rbx)
   0x000000000000125a <+436>:	mov    %eax,%edx
   0x000000000000125c <+438>:	or     $0x10,%edx
   0x000000000000125f <+441>:	test   %r13,%r13
   0x0000000000001262 <+444>:	mov    %edx,0x20(%rbx)
   0x0000000000001265 <+447>:	je     0x1277 <ttm_tt_swapout+465>
   0x0000000000001267 <+449>:	or     $0x30,%eax
   0x000000000000126a <+452>:	mov    %eax,0x20(%rbx)
   0x000000000000126d <+455>:	jmp    0x1277 <ttm_tt_swapout+465>
   0x000000000000126f <+457>:	mov    %r12,%rdi
   0x0000000000001272 <+460>:	callq  0x1277 <ttm_tt_swapout+465>
   0x0000000000001277 <+465>:	add    $0x18,%rsp
   0x000000000000127b <+469>:	mov    %ebp,%eax
   0x000000000000127d <+471>:	pop    %rbx
   0x000000000000127e <+472>:	pop    %rbp
   0x000000000000127f <+473>:	pop    %r12
   0x0000000000001281 <+475>:	pop    %r13
   0x0000000000001283 <+477>:	pop    %r14
   0x0000000000001285 <+479>:	pop    %r15
   0x0000000000001287 <+481>:	retq   
End of assembler dump.

See the attached kern.log for the "Oops" error messages and tell me if I can provide further information.
Comment 6 Gabriel Kerneis 2010-06-28 02:24:25 UTC 
Created attachment 36564 [details]
kern.org (2.6.35-rc3)
Comment 7 Marcin Slusarz 2010-06-28 12:21:20 UTC 
Created attachment 36582 [details] [review]
some BUG_ONs in affected code

please retest with attached patch
Comment 8 Marcin Slusarz 2010-06-28 12:22:48 UTC 
... on 2.6.35-rc3 kernel
Comment 9 Gabriel Kerneis 2010-07-01 06:01:00 UTC 
Here is the trace:

Jul  1 14:54:19 rhodium kernel: [ 1180.170737] ------------[ cut here ]------------
Jul  1 14:54:19 rhodium kernel: [ 1180.170742] kernel BUG at drivers/gpu/drm/ttm/ttm_tt.c:552!
Jul  1 14:54:19 rhodium kernel: [ 1180.170744] invalid opcode: 0000 [#1] SMP 
Jul  1 14:54:19 rhodium kernel: [ 1180.170746] last sysfs file: /sys/devices/system/cpu/cpu1/cpufreq/scaling_governor
Jul  1 14:54:19 rhodium kernel: [ 1180.170747] CPU 0 
Jul  1 14:54:19 rhodium kernel: [ 1180.170748] Modules linked in: acpi_cpufreq mperf cpufreq_userspace cpufreq_conservative cpufreq_stats ppdev lp cpufreq_powersave sco bridge stp bnep rfcomm l2cap crc16 bluetooth rfkill binfmt_misc fuse loop snd_hda_codec_realtek snd_hda_intel snd_hda_codec snd_hwdep led_class snd_pcm_oss snd_mixer_oss snd_pcm snd_seq_midi snd_rawmidi snd_seq_midi_event snd_seq nouveau ttm drm_kms_helper drm snd_timer snd_seq_device tpm_tis parport_pc tpm parport i2c_algo_bit tpm_bios i2c_i801 rng_core snd i2c_core processor evdev soundcore snd_page_alloc button psmouse serio_raw pcspkr ext3 jbd mbcache raid1 md_mod sg sr_mod cdrom sd_mod crc_t10dif ata_generic uhci_hcd ata_piix libata ehci_hcd scsi_mod fan r8169 mii thermal thermal_sys usbcore nls_base [last unloaded: scsi_wait_scan]
Jul  1 14:54:19 rhodium kernel: [ 1180.170785] 
Jul  1 14:54:19 rhodium kernel: [ 1180.170787] Pid: 1014, comm: ttm_swap Not tainted 2.6.35-rc3 #1 VL280U    /POWERMATE_VL280
Jul  1 14:54:19 rhodium kernel: [ 1180.170789] RIP: 0010:[<ffffffffa00c5d59>]  [<ffffffffa00c5d59>] ttm_tt_swapout+0xac/0x219 [ttm]
Jul  1 14:54:19 rhodium kernel: [ 1180.170796] RSP: 0018:ffff88012e59fcf0  EFLAGS: 00010246
Jul  1 14:54:19 rhodium kernel: [ 1180.170797] RAX: 0000000000000000 RBX: ffff88011c745660 RCX: 0000000000001000
Jul  1 14:54:19 rhodium kernel: [ 1180.170799] RDX: 0000000000102216 RSI: ffff8800a4a9c600 RDI: ffff88011c745660
Jul  1 14:54:19 rhodium kernel: [ 1180.170801] RBP: ffff88012e59fd30 R08: 0000000000000200 R09: ffffffff816a8850
Jul  1 14:54:19 rhodium kernel: [ 1180.170802] R10: ffff88012e59fa00 R11: ffff8800a6947060 R12: ffff8800af750c44
Jul  1 14:54:19 rhodium kernel: [ 1180.170804] R13: ffff8800a4a9c600 R14: ffff88012e72ed48 R15: ffff8800a4a9c600
Jul  1 14:54:19 rhodium kernel: [ 1180.170806] FS:  0000000000000000(0000) GS:ffff880001a00000(0000) knlGS:0000000000000000
Jul  1 14:54:19 rhodium kernel: [ 1180.170807] CS:  0010 DS: 0000 ES: 0000 CR0: 000000008005003b
Jul  1 14:54:19 rhodium kernel: [ 1180.170809] CR2: 00000000024b1430 CR3: 000000000162a000 CR4: 00000000000006f0
Jul  1 14:54:19 rhodium kernel: [ 1180.170811] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
Jul  1 14:54:19 rhodium kernel: [ 1180.170812] DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000400
Jul  1 14:54:19 rhodium kernel: [ 1180.170814] Process ttm_swap (pid: 1014, threadinfo ffff88012e59e000, task ffff88012c5051c0)
Jul  1 14:54:19 rhodium kernel: [ 1180.170815] Stack:
Jul  1 14:54:19 rhodium kernel: [ 1180.170816]  ffff8800af750c00 ffff88012e5000e8 0000000000000000 ffff8800af750c00
Jul  1 14:54:19 rhodium kernel: [ 1180.170819] <0> ffff8800af750c44 0000000000000000 ffff88012e72ed48 ffff8800af750c44
Jul  1 14:54:19 rhodium kernel: [ 1180.170821] <0> ffff88012e59fdd0 ffffffffa00c7b0d ffff88012e72ed60 ffff88012e72ecc0
Jul  1 14:54:19 rhodium kernel: [ 1180.170824] Call Trace:
Jul  1 14:54:19 rhodium kernel: [ 1180.170829]  [<ffffffffa00c7b0d>] ttm_bo_swapout+0x1ec/0x22c [ttm]
Jul  1 14:54:19 rhodium kernel: [ 1180.170835]  [<ffffffffa016a58e>] ? drm_mm_kmalloc+0x69/0xc1 [drm]
Jul  1 14:54:19 rhodium kernel: [ 1180.170838]  [<ffffffffa00c536c>] ttm_shrink+0x98/0xbe [ttm]
Jul  1 14:54:19 rhodium kernel: [ 1180.170841]  [<ffffffffa00c53a6>] ttm_shrink_work+0x14/0x16 [ttm]
Jul  1 14:54:19 rhodium kernel: [ 1180.170846]  [<ffffffff8105c2c0>] worker_thread+0x1a6/0x238
Jul  1 14:54:19 rhodium kernel: [ 1180.170849]  [<ffffffff8131aedd>] ? schedule+0x4fe/0x563
Jul  1 14:54:19 rhodium kernel: [ 1180.170852]  [<ffffffffa00c5392>] ? ttm_shrink_work+0x0/0x16 [ttm]
Jul  1 14:54:19 rhodium kernel: [ 1180.170855]  [<ffffffff8105fe3f>] ? autoremove_wake_function+0x0/0x34
Jul  1 14:54:19 rhodium kernel: [ 1180.170857]  [<ffffffff8105c11a>] ? worker_thread+0x0/0x238
Jul  1 14:54:19 rhodium kernel: [ 1180.170859]  [<ffffffff8105f9d7>] kthread+0x7a/0x82
Jul  1 14:54:19 rhodium kernel: [ 1180.170862]  [<ffffffff81009864>] kernel_thread_helper+0x4/0x10
Jul  1 14:54:19 rhodium kernel: [ 1180.170864]  [<ffffffff8105f95d>] ? kthread+0x0/0x82
Jul  1 14:54:19 rhodium kernel: [ 1180.170866]  [<ffffffff81009860>] ? kernel_thread_helper+0x0/0x10
Jul  1 14:54:19 rhodium kernel: [ 1180.170867] Code: 89 ec e8 92 4a 25 e1 e9 7a 01 00 00 48 85 c0 75 04 0f 0b eb fe 49 8b 45 18 48 85 c0 75 04 0f 0b eb fe 48 8b 40 10 48 85 c0 75 04 <0f> 0b eb fe 4c 8b b0 10 01 00 00 c7 45 cc 00 00 00 00 65 4c 8b 
Jul  1 14:54:19 rhodium kernel: [ 1180.170886] RIP  [<ffffffffa00c5d59>] ttm_tt_swapout+0xac/0x219 [ttm]
Jul  1 14:54:19 rhodium kernel: [ 1180.170889]  RSP <ffff88012e59fcf0>
Jul  1 14:54:19 rhodium kernel: [ 1180.170892] ---[ end trace 4a44c1c88025e5c0 ]---
Jul  1 14:54:29 rhodium kernel: [ 1189.961517] [drm] nouveau 0000:01:00.0: fail ttm_validate
Jul  1 14:54:29 rhodium kernel: [ 1189.961521] [drm] nouveau 0000:01:00.0: validate vram_list
Jul  1 14:54:29 rhodium kernel: [ 1189.961522] [drm] nouveau 0000:01:00.0: validate: -12
Jul  1 14:54:29 rhodium kernel: [ 1189.961575] [drm] nouveau 0000:01:00.0: fail ttm_validate
Jul  1 14:54:29 rhodium kernel: [ 1189.961577] [drm] nouveau 0000:01:00.0: validate vram_list
Jul  1 14:54:29 rhodium kernel: [ 1189.961579] [drm] nouveau 0000:01:00.0: validate: -12
Jul  1 14:54:30 rhodium kernel: [ 1191.522519] [drm] nouveau 0000:01:00.0: fail ttm_validate
Jul  1 14:54:30 rhodium kernel: [ 1191.522523] [drm] nouveau 0000:01:00.0: validate vram_list
Jul  1 14:54:30 rhodium kernel: [ 1191.522525] [drm] nouveau 0000:01:00.0: validate: -12
Jul  1 14:54:30 rhodium kernel: [ 1191.522574] [drm] nouveau 0000:01:00.0: fail ttm_validate
Jul  1 14:54:30 rhodium kernel: [ 1191.522576] [drm] nouveau 0000:01:00.0: validate vram_list
Jul  1 14:54:30 rhodium kernel: [ 1191.522578] [drm] nouveau 0000:01:00.0: validate: -12
Jul  1 14:54:31 rhodium kernel: [ 1192.303187] [drm] nouveau 0000:01:00.0: fail ttm_validate
Jul  1 14:54:31 rhodium kernel: [ 1192.303191] [drm] nouveau 0000:01:00.0: validate vram_list
Jul  1 14:54:31 rhodium kernel: [ 1192.303193] [drm] nouveau 0000:01:00.0: validate: -12
Jul  1 14:54:31 rhodium kernel: [ 1192.303240] [drm] nouveau 0000:01:00.0: fail ttm_validate
Jul  1 14:54:31 rhodium kernel: [ 1192.303242] [drm] nouveau 0000:01:00.0: validate vram_list
Jul  1 14:54:31 rhodium kernel: [ 1192.303244] [drm] nouveau 0000:01:00.0: validate: -12
Jul  1 14:54:31 rhodium kernel: [ 1192.560475] [drm] nouveau 0000:01:00.0: fail ttm_validate
Jul  1 14:54:31 rhodium kernel: [ 1192.560480] [drm] nouveau 0000:01:00.0: validate vram_list
Jul  1 14:54:31 rhodium kernel: [ 1192.560483] [drm] nouveau 0000:01:00.0: validate: -12
Jul  1 14:54:31 rhodium kernel: [ 1192.560680] [drm] nouveau 0000:01:00.0: fail ttm_validate
Jul  1 14:54:31 rhodium kernel: [ 1192.560682] [drm] nouveau 0000:01:00.0: validate vram_list
Jul  1 14:54:31 rhodium kernel: [ 1192.560686] [drm] nouveau 0000:01:00.0: validate: -12
Jul  1 14:54:31 rhodium kernel: [ 1192.861740] [drm] nouveau 0000:01:00.0: fail ttm_validate
Jul  1 14:54:31 rhodium kernel: [ 1192.861744] [drm] nouveau 0000:01:00.0: validate vram_list
Jul  1 14:54:31 rhodium kernel: [ 1192.861746] [drm] nouveau 0000:01:00.0: validate: -12
Jul  1 14:54:31 rhodium kernel: [ 1192.861790] [drm] nouveau 0000:01:00.0: fail ttm_validate
Jul  1 14:54:31 rhodium kernel: [ 1192.861791] [drm] nouveau 0000:01:00.0: validate vram_list
Jul  1 14:54:31 rhodium kernel: [ 1192.861793] [drm] nouveau 0000:01:00.0: validate: -12
Jul  1 14:54:32 rhodium kernel: [ 1193.501107] [drm] nouveau 0000:01:00.0: fail ttm_validate
Jul  1 14:54:32 rhodium kernel: [ 1193.501110] [drm] nouveau 0000:01:00.0: validate vram_list
Jul  1 14:54:32 rhodium kernel: [ 1193.501112] [drm] nouveau 0000:01:00.0: validate: -12
Jul  1 14:54:32 rhodium kernel: [ 1193.501189] [drm] nouveau 0000:01:00.0: fail ttm_validate
Jul  1 14:54:32 rhodium kernel: [ 1193.501191] [drm] nouveau 0000:01:00.0: validate vram_list
Jul  1 14:54:32 rhodium kernel: [ 1193.501193] [drm] nouveau 0000:01:00.0: validate: -12
Jul  1 14:54:32 rhodium kernel: [ 1193.699417] [drm] nouveau 0000:01:00.0: fail ttm_validate
Jul  1 14:54:32 rhodium kernel: [ 1193.699421] [drm] nouveau 0000:01:00.0: validate vram_list
Jul  1 14:54:32 rhodium kernel: [ 1193.699422] [drm] nouveau 0000:01:00.0: validate: -12
Jul  1 14:54:32 rhodium kernel: [ 1193.699469] [drm] nouveau 0000:01:00.0: fail ttm_validate
Jul  1 14:54:32 rhodium kernel: [ 1193.699471] [drm] nouveau 0000:01:00.0: validate vram_list
Jul  1 14:54:32 rhodium kernel: [ 1193.699473] [drm] nouveau 0000:01:00.0: validate: -12
Jul  1 14:54:33 rhodium kernel: [ 1194.014121] [drm] nouveau 0000:01:00.0: fail ttm_validate
Jul  1 14:54:33 rhodium kernel: [ 1194.014125] [drm] nouveau 0000:01:00.0: validate vram_list
Jul  1 14:54:33 rhodium kernel: [ 1194.014127] [drm] nouveau 0000:01:00.0: validate: -12
Jul  1 14:54:33 rhodium kernel: [ 1194.014176] [drm] nouveau 0000:01:00.0: fail ttm_validate
Jul  1 14:54:33 rhodium kernel: [ 1194.014178] [drm] nouveau 0000:01:00.0: validate vram_list
Jul  1 14:54:33 rhodium kernel: [ 1194.014179] [drm] nouveau 0000:01:00.0: validate: -12
Jul  1 14:54:33 rhodium kernel: [ 1194.355434] [drm] nouveau 0000:01:00.0: fail ttm_validate
Jul  1 14:54:33 rhodium kernel: [ 1194.355437] [drm] nouveau 0000:01:00.0: validate vram_list
Jul  1 14:54:33 rhodium kernel: [ 1194.355439] [drm] nouveau 0000:01:00.0: validate: -12
Jul  1 14:54:33 rhodium kernel: [ 1194.355482] [drm] nouveau 0000:01:00.0: fail ttm_validate
Jul  1 14:54:33 rhodium kernel: [ 1194.355483] [drm] nouveau 0000:01:00.0: validate vram_list
Jul  1 14:54:33 rhodium kernel: [ 1194.355485] [drm] nouveau 0000:01:00.0: validate: -12
Jul  1 14:54:33 rhodium kernel: [ 1194.598604] [drm] nouveau 0000:01:00.0: fail ttm_validate
Jul  1 14:54:33 rhodium kernel: [ 1194.598608] [drm] nouveau 0000:01:00.0: validate vram_list
Jul  1 14:54:33 rhodium kernel: [ 1194.598610] [drm] nouveau 0000:01:00.0: validate: -12
Jul  1 14:54:33 rhodium kernel: [ 1194.598659] [drm] nouveau 0000:01:00.0: fail ttm_validate
Jul  1 14:54:33 rhodium kernel: [ 1194.598661] [drm] nouveau 0000:01:00.0: validate vram_list
Jul  1 14:54:33 rhodium kernel: [ 1194.598662] [drm] nouveau 0000:01:00.0: validate: -12
Jul  1 14:54:34 rhodium kernel: [ 1194.954536] [drm] nouveau 0000:01:00.0: fail ttm_validate
Jul  1 14:54:34 rhodium kernel: [ 1194.954540] [drm] nouveau 0000:01:00.0: validate vram_list
Jul  1 14:54:34 rhodium kernel: [ 1194.954542] [drm] nouveau 0000:01:00.0: validate: -12
Jul  1 14:54:34 rhodium kernel: [ 1194.954592] [drm] nouveau 0000:01:00.0: fail ttm_validate
Jul  1 14:54:34 rhodium kernel: [ 1194.954594] [drm] nouveau 0000:01:00.0: validate vram_list
Jul  1 14:54:34 rhodium kernel: [ 1194.954596] [drm] nouveau 0000:01:00.0: validate: -12
Jul  1 14:54:34 rhodium kernel: [ 1195.252133] [drm] nouveau 0000:01:00.0: fail ttm_validate
Jul  1 14:54:34 rhodium kernel: [ 1195.252137] [drm] nouveau 0000:01:00.0: validate vram_list
Jul  1 14:54:34 rhodium kernel: [ 1195.252139] [drm] nouveau 0000:01:00.0: validate: -12
Jul  1 14:54:34 rhodium kernel: [ 1195.252190] [drm] nouveau 0000:01:00.0: fail ttm_validate
Jul  1 14:54:34 rhodium kernel: [ 1195.252191] [drm] nouveau 0000:01:00.0: validate vram_list
Jul  1 14:54:34 rhodium kernel: [ 1195.252193] [drm] nouveau 0000:01:00.0: validate: -12
Jul  1 14:54:36 rhodium kernel: [ 1197.410766] [drm] nouveau 0000:01:00.0: fail ttm_validate
Jul  1 14:54:36 rhodium kernel: [ 1197.410771] [drm] nouveau 0000:01:00.0: validate vram_list
Jul  1 14:54:36 rhodium kernel: [ 1197.410774] [drm] nouveau 0000:01:00.0: validate: -12
Jul  1 14:54:36 rhodium kernel: [ 1197.410819] [drm] nouveau 0000:01:00.0: fail ttm_validate
Jul  1 14:54:36 rhodium kernel: [ 1197.410822] [drm] nouveau 0000:01:00.0: validate vram_list
Jul  1 14:54:36 rhodium kernel: [ 1197.410825] [drm] nouveau 0000:01:00.0: validate: -12
Jul  1 14:54:38 rhodium kernel: [ 1199.066973] [drm] nouveau 0000:01:00.0: fail ttm_validate
Jul  1 14:54:38 rhodium kernel: [ 1199.066977] [drm] nouveau 0000:01:00.0: validate vram_list
Jul  1 14:54:38 rhodium kernel: [ 1199.066979] [drm] nouveau 0000:01:00.0: validate: -12
Jul  1 14:54:38 rhodium kernel: [ 1199.067016] [drm] nouveau 0000:01:00.0: fail ttm_validate
Jul  1 14:54:38 rhodium kernel: [ 1199.067018] [drm] nouveau 0000:01:00.0: validate vram_list
Jul  1 14:54:38 rhodium kernel: [ 1199.067020] [drm] nouveau 0000:01:00.0: validate: -12
Jul  1 14:54:38 rhodium kernel: [ 1199.299226] [drm] nouveau 0000:01:00.0: fail ttm_validate
Jul  1 14:54:38 rhodium kernel: [ 1199.299230] [drm] nouveau 0000:01:00.0: validate vram_list
Jul  1 14:54:38 rhodium kernel: [ 1199.299232] [drm] nouveau 0000:01:00.0: validate: -12
Jul  1 14:54:38 rhodium kernel: [ 1199.299281] [drm] nouveau 0000:01:00.0: fail ttm_validate
Jul  1 14:54:38 rhodium kernel: [ 1199.299282] [drm] nouveau 0000:01:00.0: validate vram_list
Jul  1 14:54:38 rhodium kernel: [ 1199.299284] [drm] nouveau 0000:01:00.0: validate: -12
Jul  1 14:54:38 rhodium kernel: [ 1199.425330] general protection fault: 0000 [#2] SMP 
Jul  1 14:54:38 rhodium kernel: [ 1199.425334] last sysfs file: /sys/devices/system/cpu/cpu1/cpufreq/scaling_governor
Jul  1 14:54:38 rhodium kernel: [ 1199.425337] CPU 0 
Jul  1 14:54:38 rhodium kernel: [ 1199.425338] Modules linked in: acpi_cpufreq mperf cpufreq_userspace cpufreq_conservative cpufreq_stats ppdev lp cpufreq_powersave sco bridge stp bnep rfcomm l2cap crc16 bluetooth rfkill binfmt_misc fuse loop snd_hda_codec_realtek snd_hda_intel snd_hda_codec snd_hwdep led_class snd_pcm_oss snd_mixer_oss snd_pcm snd_seq_midi snd_rawmidi snd_seq_midi_event snd_seq nouveau ttm drm_kms_helper drm snd_timer snd_seq_device tpm_tis parport_pc tpm parport i2c_algo_bit tpm_bios i2c_i801 rng_core snd i2c_core processor evdev soundcore snd_page_alloc button psmouse serio_raw pcspkr ext3 jbd mbcache raid1 md_mod sg sr_mod cdrom sd_mod crc_t10dif ata_generic uhci_hcd ata_piix libata ehci_hcd scsi_mod fan r8169 mii thermal thermal_sys usbcore nls_base [last unloaded: scsi_wait_scan]
Jul  1 14:54:38 rhodium kernel: [ 1199.425395] 
Jul  1 14:54:38 rhodium kernel: [ 1199.425398] Pid: 4522, comm: Xorg Tainted: G      D     2.6.35-rc3 #1 VL280U    /POWERMATE_VL280
Jul  1 14:54:38 rhodium kernel: [ 1199.425401] RIP: 0010:[<ffffffffa00c5d50>]  [<ffffffffa00c5d50>] ttm_tt_swapout+0xa3/0x219 [ttm]
Jul  1 14:54:38 rhodium kernel: [ 1199.425409] RSP: 0018:ffff8801203015d8  EFLAGS: 00010282
Jul  1 14:54:38 rhodium kernel: [ 1199.425412] RAX: f000000000000001 RBX: ffff88011c745900 RCX: 0000000000001000
Jul  1 14:54:38 rhodium kernel: [ 1199.425414] RDX: 0000000000102216 RSI: ffff8800a4a9c540 RDI: ffff88011c745900
Jul  1 14:54:38 rhodium kernel: [ 1199.425417] RBP: ffff880120301618 R08: 0000000000000200 R09: ffffffff816a8850
Jul  1 14:54:38 rhodium kernel: [ 1199.425419] R10: ffff8801203012e8 R11: 0000000000000c39 R12: ffff8800af753c44
Jul  1 14:54:38 rhodium kernel: [ 1199.425422] R13: ffff8800a4a9c540 R14: ffff88012e72ed48 R15: ffff8800a4a9c540
Jul  1 14:54:38 rhodium kernel: [ 1199.425425] FS:  00007f3184fac700(0000) GS:ffff880001a00000(0000) knlGS:0000000000000000
Jul  1 14:54:38 rhodium kernel: [ 1199.425428] CS:  0010 DS: 0000 ES: 0000 CR0: 000000008005003b
Jul  1 14:54:38 rhodium kernel: [ 1199.425430] CR2: 00007fd46ab7e000 CR3: 0000000120786000 CR4: 00000000000006f0
Jul  1 14:54:38 rhodium kernel: [ 1199.425433] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
Jul  1 14:54:38 rhodium kernel: [ 1199.425440] DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000400
Jul  1 14:54:38 rhodium kernel: [ 1199.425442] Process Xorg (pid: 4522, threadinfo ffff880120300000, task ffff88012b8486d0)
Jul  1 14:54:38 rhodium kernel: [ 1199.425443] Stack:
Jul  1 14:54:38 rhodium kernel: [ 1199.425444]  ffff8800af753c00 ffff88012e5000e8 0000000000000000 ffff8800af753c00
Jul  1 14:54:38 rhodium kernel: [ 1199.425447] <0> ffff8800af753c44 0000000000000000 ffff88012e72ed48 ffff8800af753c44
Jul  1 14:54:38 rhodium kernel: [ 1199.425449] <0> ffff8801203016b8 ffffffffa00c7b0d ffff88012e72ed60 ffff88012e72ecc0
Jul  1 14:54:38 rhodium kernel: [ 1199.425452] Call Trace:
Jul  1 14:54:38 rhodium kernel: [ 1199.425456]  [<ffffffffa00c7b0d>] ttm_bo_swapout+0x1ec/0x22c [ttm]
Jul  1 14:54:38 rhodium kernel: [ 1199.425463]  [<ffffffffa016a58e>] ? drm_mm_kmalloc+0x69/0xc1 [drm]
Jul  1 14:54:38 rhodium kernel: [ 1199.425466]  [<ffffffffa00c536c>] ttm_shrink+0x98/0xbe [ttm]
Jul  1 14:54:38 rhodium kernel: [ 1199.425469]  [<ffffffffa00c546a>] ttm_mem_global_alloc_zone+0x60/0x12c [ttm]
Jul  1 14:54:38 rhodium kernel: [ 1199.425472]  [<ffffffffa00c558b>] ttm_mem_global_alloc_page+0x55/0x57 [ttm]
Jul  1 14:54:38 rhodium kernel: [ 1199.425475]  [<ffffffffa00c623c>] __ttm_tt_get_page+0x63/0xa7 [ttm]
Jul  1 14:54:38 rhodium kernel: [ 1199.425478]  [<ffffffffa00c643c>] ttm_tt_populate+0x3b/0x75 [ttm]
Jul  1 14:54:38 rhodium kernel: [ 1199.425481]  [<ffffffffa00c64a7>] ttm_tt_bind+0x31/0x80 [ttm]
Jul  1 14:54:38 rhodium kernel: [ 1199.425484]  [<ffffffffa00c6c4c>] ttm_bo_handle_move_mem+0x106/0x298 [ttm]
Jul  1 14:54:38 rhodium kernel: [ 1199.425488]  [<ffffffffa00c837f>] ttm_bo_evict+0x2de/0x357 [ttm]
Jul  1 14:54:38 rhodium kernel: [ 1199.425493]  [<ffffffffa016a58e>] ? drm_mm_kmalloc+0x69/0xc1 [drm]
Jul  1 14:54:38 rhodium kernel: [ 1199.425497]  [<ffffffffa00c856d>] ttm_mem_evict_first+0x175/0x1a3 [ttm]
Jul  1 14:54:38 rhodium kernel: [ 1199.425500]  [<ffffffffa00c8022>] ttm_bo_mem_space+0x3f1/0x470 [ttm]
Jul  1 14:54:38 rhodium kernel: [ 1199.425504]  [<ffffffffa00c8a41>] ttm_bo_move_buffer+0xaf/0x124 [ttm]
Jul  1 14:54:38 rhodium kernel: [ 1199.425509]  [<ffffffffa016a58e>] ? drm_mm_kmalloc+0x69/0xc1 [drm]
Jul  1 14:54:38 rhodium kernel: [ 1199.425512]  [<ffffffffa00c8b5e>] ttm_bo_validate+0xa8/0xf1 [ttm]
Jul  1 14:54:38 rhodium kernel: [ 1199.425516]  [<ffffffffa00c8ed4>] ttm_bo_init+0x32d/0x366 [ttm]
Jul  1 14:54:38 rhodium kernel: [ 1199.425523]  [<ffffffffa039004c>] nouveau_bo_new+0x2e9/0x351 [nouveau]
Jul  1 14:54:38 rhodium kernel: [ 1199.425529]  [<ffffffffa038fca0>] ? nouveau_bo_del_ttm+0x0/0xc3 [nouveau]
Jul  1 14:54:38 rhodium kernel: [ 1199.425536]  [<ffffffffa0390c60>] nouveau_gem_new+0x36/0xa5 [nouveau]
Jul  1 14:54:38 rhodium kernel: [ 1199.425542]  [<ffffffffa0390e8d>] nouveau_gem_ioctl_new+0x1be/0x2aa [nouveau]
Jul  1 14:54:38 rhodium kernel: [ 1199.425546]  [<ffffffffa0162511>] drm_ioctl+0x284/0x363 [drm]
Jul  1 14:54:38 rhodium kernel: [ 1199.425552]  [<ffffffffa0390ccf>] ? nouveau_gem_ioctl_new+0x0/0x2aa [nouveau]
Jul  1 14:54:38 rhodium kernel: [ 1199.425556]  [<ffffffff810ef053>] ? do_sync_read+0xc6/0x103
Jul  1 14:54:38 rhodium kernel: [ 1199.425559]  [<ffffffff810fb939>] vfs_ioctl+0x2d/0xa1
Jul  1 14:54:38 rhodium kernel: [ 1199.425561]  [<ffffffff810fc23f>] do_vfs_ioctl+0x466/0x49f
Jul  1 14:54:38 rhodium kernel: [ 1199.425563]  [<ffffffff810eeccc>] ? fsnotify_access+0x67/0x6f
Jul  1 14:54:38 rhodium kernel: [ 1199.425565]  [<ffffffff810fc2c9>] sys_ioctl+0x51/0x74
Jul  1 14:54:38 rhodium kernel: [ 1199.425567]  [<ffffffff810ef7bc>] ? sys_read+0x5c/0x69
Jul  1 14:54:38 rhodium kernel: [ 1199.425570]  [<ffffffff81008a42>] system_call_fastpath+0x16/0x1b
Jul  1 14:54:38 rhodium kernel: [ 1199.425571] Code: c7 c7 fa c6 0c a0 31 c0 45 89 ec e8 92 4a 25 e1 e9 7a 01 00 00 48 85 c0 75 04 0f 0b eb fe 49 8b 45 18 48 85 c0 75 04 0f 0b eb fe <48> 8b 40 10 48 85 c0 75 04 0f 0b eb fe 4c 8b b0 10 01 00 00 c7 
Jul  1 14:54:38 rhodium kernel: [ 1199.425591] RIP  [<ffffffffa00c5d50>] ttm_tt_swapout+0xa3/0x219 [ttm]
Jul  1 14:54:38 rhodium kernel: [ 1199.425594]  RSP <ffff8801203015d8>
Jul  1 14:54:38 rhodium kernel: [ 1199.425596] ---[ end trace 4a44c1c88025e5c1 ]---
Jul  1 14:54:38 rhodium kernel: [ 1199.426251] [drm] nouveau 0000:01:00.0: nouveau_channel_free: freeing fifo 1
Jul  1 14:54:38 rhodium kernel: [ 1199.437478] [drm:drm_release] *ERROR* Device busy: 1
Jul  1 14:54:38 rhodium gdm[4511]: WARNING: gdm_slave_xioerror_handler : erreur X fatale - Redémarrage de :0
Jul  1 14:54:39 rhodium acpid: client 4522[0:0] has disconnected
Jul  1 14:54:50 rhodium shutdown[5442]: shutting down for system halt
Comment 10 Gabriel Kerneis 2010-07-01 06:03:24 UTC 
Created attachment 36656 [details]
syslog 2.6.35-rc3 with BUG_ON

Easier to read as an attachement.
Comment 11 Marcin Slusarz 2010-07-04 09:16:17 UTC 
So it's swap_storage->f_path.dentry->d_inode == NULL

I can't find how is this possible...
shmem_file_setup initializes d_inode correctly or returns an error.
persistant_swap_storage seems to be allocated the same way (nouveau_gem_new->drm_gem_object_alloc->drm_gem_object_init->shmem_file_setup).

So something had to set d_inode to NULL on persistant_swap_storage between nouveau_gem_new and ttm_tt_swapout...
Comment 12 Leonid Isaev 2010-10-22 15:34:22 UTC 
Created attachment 39639 [details]
kernel.log
Comment 13 Leonid Isaev 2010-10-22 15:37:23 UTC 
Oops, this message should go first.

I can confirm this bug with a vanilla 2.6.35.7. The above attachment is a piece of kernel.log. The crash occurs when rendering http://xkcd.com/802_large/ in firefox, and doing something to the window. Strangely, the same image open perfectly in links -g.
Comment 14 cloudyster 2011-05-17 06:43:49 UTC 
I can confirm this bug on RHEL 6 (2.6.32-71.29.1.el6.i686) when viewing large images in firefox (esp. zooming in and out)
Comment 15 Gabriel Kerneis 2011-05-25 08:57:54 UTC 
I just installed 2.6.39 and I am glad to see that the situation has improved a lot:
- no more X crash,
- no more kernel oops.

But still:
- large images in Firefox do not display but as black (or sometimes white) rectangles,
- and I get, at the same time, the following error in dmesg.

[  590.075369] [drm] nouveau 0000:01:00.0: fail ttm_validate
[  590.075371] [drm] nouveau 0000:01:00.0: validate vram_list
[  590.075374] [drm] nouveau 0000:01:00.0: validate: -12

(repeated a lot)

Please, let me know if this should become a separate bug report or if the hunt should continue here.

Best,
Gabriel
Comment 16 Steve Kelem 2011-06-22 13:35:48 UTC 
This crash happens on Fedora 15 (2.6.38.8-32.fc15.x86_64), which is the latest kernel that gets installed automatically.
Comment 17 Xavier 2011-07-06 12:24:08 UTC 
(In reply to comment #15)
> 
> Please, let me know if this should become a separate bug report or if the hunt
> should continue here.
> 

IMO this is a separate bug (which I ran into in the past), so I filed it as bug #39010
Comment 18 Ilia Mirkin 2013-08-18 18:10:08 UTC 
It appears that this bug report has laid dormant for quite a while. Sorry we haven't gotten to it. Since we fix bugs all the time, chances are pretty good that your issue has been fixed with the latest software. Please give it a shot. (Linux kernel 3.10.7, xf86-video-nouveau 1.0.9, mesa 9.1.6, or their git versions.) If upgrading to the latest isn't an option for you, your distro's bugzilla is probably the right destination for your bug report.

In an effort to clean up our bug list, we're pre-emptively closing all bugs that haven't seen updates since 2011. If the original issue remains, please make sure to provide fresh info, see http://nouveau.freedesktop.org/wiki/Bugs/ for what we need to see, and re-open this one.

Thanks,

The Nouveau Team

Use of freedesktop.org services, including Bugzilla, is subject to our Code of Conduct. How we collect and use information is described in our Privacy Policy.