null pointer dereference in nouveau kernel module

I can't get any desktop, neither with Xorg, neither with Wayland (it even does not fallback on llvmpipe).

The dmesg reports a null pointer dereference in nouveau kernel module.

This makes Ubuntu 23.10 not working at all on this computer.

lspci:

```
Slot: 00:02.0
Class: VGA compatible controller [0300]
Vendor: Intel Corporation [8086]
Device: 4th Gen Core Processor Integrated Graphics Controller [0416]
SVendor: Lenovo [17aa]
SDevice: 4th Gen Core Processor Integrated Graphics Controller [221e]
Rev: 06
ProgIf: 00
Driver: i915
Module: i915

Slot: 01:00.0
Class: VGA compatible controller [0300]
Vendor: NVIDIA Corporation [10de]
Device: GK107GLM [Quadro K1100M] [0ff6]
SVendor: Lenovo [17aa]
SDevice: GK107GLM [Quadro K1100M] [221a]
Rev: a1
ProgIf: 00
Driver: nouveau
Module: nvidiafb
Module: nouveau
```

dmesg excerpt:

```
[ 5.264875] nouveau: detected PR support, will not use DSM
[ 5.277344] nouveau 0000:01:00.0: enabling device (0000 -> 0003)
[ 5.290018] nouveau 0000:01:00.0: NVIDIA GK107 (0e7360a2)
[ 5.398355] nouveau 0000:01:00.0: bios: version 80.07.ac.00.20
[ 6.494383] nouveau 0000:01:00.0: fb: 2048 MiB GDDR5
[ 7.805217] nouveau 0000:01:00.0: DRM: VRAM: 2048 MiB
[ 7.805238] nouveau 0000:01:00.0: DRM: GART: 1048576 MiB
[ 7.805247] nouveau 0000:01:00.0: DRM: TMDS table version 2.0
[ 7.805256] nouveau 0000:01:00.0: DRM: DCB version 4.0
[ 7.805264] nouveau 0000:01:00.0: DRM: DCB outp 00: 08800fc6 0f420010
[ 7.805274] nouveau 0000:01:00.0: DRM: DCB outp 01: 08000f82 00020010
[ 7.805283] nouveau 0000:01:00.0: DRM: DCB conn 00: 01000046
[ 7.806677] nouveau 0000:01:00.0: DRM: MM: using COPY for buffer copies
[ 7.806921] ================================================================================
[ 7.806934] UBSAN: shift-out-of-bounds in /build/linux-UiLXaH/linux-6.5.0/drivers/gpu/drm/nouveau/nvkm/engine/disp/udisp.c:103:25
[ 7.806950] shift exponent -1 is negative
[ 7.806957] CPU: 4 PID: 169 Comm: (udev-worker) Not tainted 6.5.0-10-generic #10-Ubuntu
[ 7.806970] Hardware name: LENOVO 20EGS06T00/20EGS06T00, BIOS GNET72WW (2.20 ) 02/26/2015
[ 7.806981] Call Trace:
[ 7.806988] <TASK>
[ 7.806994] dump_stack_lvl+0x48/0x70
[ 7.807007] dump_stack+0x10/0x20
[ 7.807015] __ubsan_handle_shift_out_of_bounds+0x199/0x370
[ 7.807027] ? nvkm_engine_ref+0x1b/0x40 [nouveau]
[ 7.807144] nvkm_udisp_new.cold+0x17/0x5d [nouveau]
[ 7.807258] nvkm_disp_class_new+0x19/0x30 [nouveau]
[ 7.807384] nvkm_udevice_child_new+0x2b/0x40 [nouveau]
[ 7.807510] nvkm_ioctl_new+0x16d/0x2e0 [nouveau]
[ 7.807597] ? __pfx_nvkm_udevice_child_new+0x10/0x10 [nouveau]
[ 7.807723] nvkm_ioctl+0x135/0x2b0 [nouveau]
[ 7.807799] nvkm_client_ioctl+0xe/0x20 [nouveau]
[ 7.807906] nvif_object_ctor+0x10d/0x1a0 [nouveau]
[ 7.807982] nvif_disp_ctor+0xc7/0x310 [nouveau]
[ 7.808058] nouveau_display_create+0x1bf/0x260 [nouveau]
[ 7.808165] nouveau_drm_device_init+0x17e/0x300 [nouveau]
[ 7.808272] nouveau_drm_probe+0x137/0x280 [nouveau]
[ 7.808380] local_pci_probe+0x47/0xb0
[ 7.808390] pci_call_probe+0x55/0x190
[ 7.808397] pci_device_probe+0x84/0x120
[ 7.808405] really_probe+0x1c7/0x410
[ 7.808414] __driver_probe_device+0x8c/0x180
[ 7.808423] driver_probe_device+0x24/0xd0
[ 7.808431] __driver_attach+0x10b/0x210
[ 7.808853] ? __pfx___driver_attach+0x10/0x10
[ 7.809244] bus_for_each_dev+0x8d/0xf0
[ 7.809633] driver_attach+0x1e/0x30
[ 7.810019] bus_add_driver+0x127/0x240
[ 7.810401] driver_register+0x5e/0x130
[ 7.810781] ? __pfx_nouveau_drm_init+0x10/0x10 [nouveau]
[ 7.811241] __pci_register_driver+0x62/0x70
[ 7.811630] nouveau_drm_init+0x177/0xff0 [nouveau]
[ 7.812083] do_one_initcall+0x5e/0x340
[ 7.812469] do_init_module+0x91/0x290
[ 7.812850] load_module+0xba1/0xcf0
[ 7.813226] ? vfree+0xff/0x2d0
[ 7.813596] init_module_from_file+0x96/0x100
[ 7.813964] ? init_module_from_file+0x96/0x100
[ 7.814331] idempotent_init_module+0x11c/0x2b0
[ 7.814693] __x64_sys_finit_module+0x64/0xd0
[ 7.815050] do_syscall_64+0x5c/0x90
[ 7.815406] ? generic_file_llseek+0x24/0x40
[ 7.815758] ? ksys_lseek+0x80/0xd0
[ 7.816105] ? exit_to_user_mode_prepare+0x30/0xb0
[ 7.816451] ? syscall_exit_to_user_mode+0x37/0x60
[ 7.816795] ? do_syscall_64+0x68/0x90
[ 7.817138] ? syscall_exit_to_user_mode+0x37/0x60
[ 7.817480] ? do_syscall_64+0x68/0x90
[ 7.817820] entry_SYSCALL_64_after_hwframe+0x6e/0xd8
[ 7.818161] RIP: 0033:0x7f451c5e6c7d
[ 7.818500] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 90 f3 0f 1e fa 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 8b 0d 6b 81 0d 00 f7 d8 64 89 01 48
[ 7.818873] RSP: 002b:00007ffe0c484278 EFLAGS: 00000246 ORIG_RAX: 0000000000000139
[ 7.819254] RAX: ffffffffffffffda RBX: 0000555feb0fb170 RCX: 00007f451c5e6c7d
[ 7.819636] RDX: 0000000000000004 RSI: 00007f451c76244a RDI: 0000000000000012
[ 7.820020] RBP: 00007f451c76244a R08: 0000000000000040 R09: fffffffffffffde0
[ 7.820409] R10: fffffffffffffe18 R11: 0000000000000246 R12: 0000000000020000
[ 7.820799] R13: 0000555feb104700 R14: 0000000000000000 R15: 0000555feb089d40
[ 7.821193] </TASK>
[ 7.821590] ================================================================================
[ 7.824106] [drm] Initialized nouveau 1.3.1 20120801 for 0000:01:00.0 on minor 0
[ 7.824646] BUG: kernel NULL pointer dereference, address: 0000000000000020
[ 7.825067] #PF: supervisor read access in kernel mode
[ 7.825480] #PF: error_code(0x0000) - not-present page
[ 7.825867] PGD 0 P4D 0
[ 7.826235] Oops: 0000 [#1] PREEMPT SMP PTI
[ 7.826605] CPU: 4 PID: 169 Comm: (udev-worker) Not tainted 6.5.0-10-generic #10-Ubuntu
[ 7.826973] Hardware name: LENOVO 20EGS06T00/20EGS06T00, BIOS GNET72WW (2.20 ) 02/26/2015
[ 7.827345] RIP: 0010:nvif_object_mthd+0xb1/0x260 [nouveau]
[ 7.827809] Code: ff 00 e8 52 26 11 d7 49 8b 44 24 08 41 8d 56 20 4d 89 e8 49 39 c4 0f 84 37 01 00 00 4d 89 60 10 4c 89 c6 31 c9 41 c6 40 06 ff <48> 8b 78 20 48 8b 40 38 4c 89 85 40 ff ff ff 48 8b 40 28 e8 57 a1
[ 7.828235] RSP: 0018:ffff9e4ac04d3448 EFLAGS: 00010246
[ 7.828689] RAX: 0000000000000000 RBX: ffff8f854c10a540 RCX: 0000000000000000
[ 7.829115] RDX: 0000000000000028 RSI: ffff9e4ac04d3458 RDI: ffff9e4ac04d3478
[ 7.829543] RBP: ffff9e4ac04d3508 R08: ffff9e4ac04d3458 R09: 0000000000000000
[ 7.829972] R10: 0000000000000000 R11: 0000000000000000 R12: ffff8f854c10a540
[ 7.830404] R13: ffff9e4ac04d3458 R14: 0000000000000008 R15: ffff9e4ac04d3478
[ 7.830836] FS: 00007f451be388c0(0000) GS:ffff8f88ae700000(0000) knlGS:0000000000000000
[ 7.831269] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 7.831703] CR2: 0000000000000020 CR3: 000000010d342003 CR4: 00000000001706e0
[ 7.832141] Call Trace:
[ 7.832579] <TASK>
[ 7.833043] ? show_regs+0x6d/0x80
[ 7.833480] ? __die+0x24/0x80
[ 7.833913] ? page_fault_oops+0x99/0x1b0
[ 7.834349] ? kernelmode_fixup_or_oops+0xb2/0x140
[ 7.834783] ? __bad_area_nosemaphore+0x1a5/0x2c0
[ 7.835216] ? find_vma+0x34/0x60
[ 7.835652] ? bad_area_nosemaphore+0x16/0x30
[ 7.836087] ? do_user_addr_fault+0x2c4/0x6b0
[ 7.836522] ? exc_page_fault+0x83/0x1b0
[ 7.836989] ? asm_exc_page_fault+0x27/0x30
[ 7.837424] ? nvif_object_mthd+0xb1/0x260 [nouveau]
[ 7.837948] ? nvif_object_mthd+0x8e/0x260 [nouveau]
[ 7.838470] nvif_conn_hpd_status+0x3a/0xf0 [nouveau]
[ 7.838991] nouveau_dp_detect+0x3f7/0x640 [nouveau]
[ 7.839546] ? nvkm_object_mthd+0x1a/0x40 [nouveau]
[ 7.840074] nouveau_connector_ddc_detect+0x78/0x1c0 [nouveau]
[ 7.840660] nouveau_connector_detect+0x43/0x340 [nouveau]
[ 7.841200] drm_helper_probe_detect+0x91/0xc0 [drm_kms_helper]
[ 7.841661] drm_helper_probe_single_connector_modes+0x3f1/0x5d0 [drm_kms_helper]
[ 7.842117] drm_client_modeset_probe+0x20b/0x620 [drm]
[ 7.842596] ? nvif_object_sclass_put+0x15/0x30 [nouveau]
[ 7.843126] __drm_fb_helper_initial_config_and_unlock+0x2c/0x160 [drm_kms_helper]
[ 7.843604] drm_fb_helper_initial_config+0x3d/0x50 [drm_kms_helper]
[ 7.844085] drm_fbdev_generic_client_hotplug+0x7a/0xd0 [drm_kms_helper]
[ 7.844566] drm_client_register+0x66/0xb0 [drm]
[ 7.845079] drm_fbdev_generic_setup+0x93/0x140 [drm_kms_helper]
[ 7.845544] nouveau_drm_probe+0x258/0x280 [nouveau]
[ 7.846100] local_pci_probe+0x47/0xb0
[ 7.846555] pci_call_probe+0x55/0x190
[ 7.847008] pci_device_probe+0x84/0x120
[ 7.847462] really_probe+0x1c7/0x410
[ 7.847912] __driver_probe_device+0x8c/0x180
[ 7.848363] driver_probe_device+0x24/0xd0
[ 7.848844] __driver_attach+0x10b/0x210
[ 7.849293] ? __pfx___driver_attach+0x10/0x10
[ 7.849742] bus_for_each_dev+0x8d/0xf0
[ 7.850192] driver_attach+0x1e/0x30
[ 7.850618] bus_add_driver+0x127/0x240
[ 7.851022] driver_register+0x5e/0x130
[ 7.851422] ? __pfx_nouveau_drm_init+0x10/0x10 [nouveau]
[ 7.851909] __pci_register_driver+0x62/0x70
[ 7.852324] nouveau_drm_init+0x177/0xff0 [nouveau]
[ 7.852818] do_one_initcall+0x5e/0x340
[ 7.853217] do_init_module+0x91/0x290
[ 7.853608] load_module+0xba1/0xcf0
[ 7.853997] ? vfree+0xff/0x2d0
[ 7.854381] init_module_from_file+0x96/0x100
[ 7.854762] ? init_module_from_file+0x96/0x100
[ 7.855140] idempotent_init_module+0x11c/0x2b0
[ 7.855518] __x64_sys_finit_module+0x64/0xd0
[ 7.855895] do_syscall_64+0x5c/0x90
[ 7.856271] ? generic_file_llseek+0x24/0x40
[ 7.856673] ? ksys_lseek+0x80/0xd0
[ 7.857042] ? exit_to_user_mode_prepare+0x30/0xb0
[ 7.857409] ? syscall_exit_to_user_mode+0x37/0x60
[ 7.857753] ? do_syscall_64+0x68/0x90
[ 7.858070] ? syscall_exit_to_user_mode+0x37/0x60
[ 7.858387] ? do_syscall_64+0x68/0x90
[ 7.858701] entry_SYSCALL_64_after_hwframe+0x6e/0xd8
[ 7.859017] RIP: 0033:0x7f451c5e6c7d
[ 7.859331] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 90 f3 0f 1e fa 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 8b 0d 6b 81 0d 00 f7 d8 64 89 01 48
[ 7.859678] RSP: 002b:00007ffe0c484278 EFLAGS: 00000246 ORIG_RAX: 0000000000000139
[ 7.860035] RAX: ffffffffffffffda RBX: 0000555feb0fb170 RCX: 00007f451c5e6c7d
[ 7.860389] RDX: 0000000000000004 RSI: 00007f451c76244a RDI: 0000000000000012
[ 7.860762] RBP: 00007f451c76244a R08: 0000000000000040 R09: fffffffffffffde0
[ 7.861114] R10: fffffffffffffe18 R11: 0000000000000246 R12: 0000000000020000
[ 7.861469] R13: 0000555feb104700 R14: 0000000000000000 R15: 0000555feb089d40
[ 7.861828] </TASK>
[ 7.862185] Modules linked in: i915 nouveau(+) mxm_wmi drm_buddy drm_ttm_helper i2c_algo_bit ttm drm_display_helper cec rc_core crct10dif_pclmul crc32_pclmul drm_kms_helper polyval_clmulni polyval_generic uas ghash_clmulni_intel usb_storage aesni_intel crypto_simd sdhci_pci ahci cqhci psmouse cryptd drm libahci e1000e sdhci xhci_pci xhci_pci_renesas video wmi
[ 7.862985] CR2: 0000000000000020
[ 7.863388] ---[ end trace 0000000000000000 ]---
[ 7.863810] RIP: 0010:nvif_object_mthd+0xb1/0x260 [nouveau]
[ 7.864300] Code: ff 00 e8 52 26 11 d7 49 8b 44 24 08 41 8d 56 20 4d 89 e8 49 39 c4 0f 84 37 01 00 00 4d 89 60 10 4c 89 c6 31 c9 41 c6 40 06 ff <48> 8b 78 20 48 8b 40 38 4c 89 85 40 ff ff ff 48 8b 40 28 e8 57 a1
[ 7.864784] RSP: 0018:ffff9e4ac04d3448 EFLAGS: 00010246
[ 7.865254] RAX: 0000000000000000 RBX: ffff8f854c10a540 RCX: 0000000000000000
[ 7.865709] RDX: 0000000000000028 RSI: ffff9e4ac04d3458 RDI: ffff9e4ac04d3478
[ 7.866162] RBP: ffff9e4ac04d3508 R08: ffff9e4ac04d3458 R09: 0000000000000000
[ 7.866619] R10: 0000000000000000 R11: 0000000000000000 R12: ffff8f854c10a540
[ 7.867080] R13: ffff9e4ac04d3458 R14: 0000000000000008 R15: ffff9e4ac04d3478
[ 7.867539] FS: 00007f451be388c0(0000) GS:ffff8f88ae700000(0000) knlGS:0000000000000000
[ 7.868008] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 7.868474] CR2: 0000000000000020 CR3: 000000010d342003 CR4: 00000000001706e0
```

ProblemType: Bug
DistroRelease: Ubuntu 23.10
Package: linux-image-6.5.0-10-generic 6.5.0-10.10
ProcVersionSignature: Ubuntu 6.5.0-10.10-generic 6.5.3
Uname: Linux 6.5.0-10-generic x86_64
ApportVersion: 2.27.0-0ubuntu5
Architecture: amd64
AudioDevicesInUse:
 USER PID ACCESS COMMAND
 /dev/snd/controlC1: illwieckz 2143 F.... wireplumber
 /dev/snd/seq: illwieckz 2138 F.... pipewire
CasperMD5CheckResult: unknown
Date: Thu Nov 30 15:53:10 2023
InstallationDate: Installed on 2020-07-09 (1239 days ago)
InstallationMedia: Ubuntu 20.04 LTS "Focal Fossa" - Release amd64 (20200423)
MachineType: {report['dmi.sys.vendor']} {report['dmi.product.name']}
ProcEnviron:
 LANG=fr_FR.UTF-8
 PATH=(custom, no user)
 SHELL=/bin/bash
 TERM=xterm-256color
 XDG_RUNTIME_DIR=<set>
ProcFB: 0 i915drmfb
ProcKernelCmdLine: BOOT_IMAGE=/@/boot/vmlinuz-6.5.0-10-generic root=UUID=2b27ae73-d6d2-459c-bb56-1d1e5cee3ca7 ro rootflags=subvol=@ amdgpu.cik_support=1 radeon.cik_support=0 amdgpu.si_support=1 radeon.si_support=0 amdgpu.ppfeaturemask=0xffffffff efi=runtime radeon.agpmode=1
PulseList: Error: command ['pacmd', 'list'] failed with exit code 1: No PulseAudio daemon running, or not running as session daemon.
RelatedPackageVersions:
 linux-restricted-modules-6.5.0-10-generic N/A
 linux-backports-modules-6.5.0-10-generic N/A
 linux-firmware 20230919.git3672ccab-0ubuntu2.1
SourcePackage: linux
UpgradeStatus: No upgrade log present (probably fresh install)
dmi.bios.date: 02/26/2015
dmi.bios.release: 2.20
dmi.bios.vendor: LENOVO
dmi.bios.version: GNET72WW (2.20 )
dmi.board.asset.tag: Not Available
dmi.board.name: 20EGS06T00
dmi.board.vendor: LENOVO
dmi.board.version: SDK0E50510 WIN
dmi.chassis.asset.tag: No Asset Information
dmi.chassis.type: 10
dmi.chassis.vendor: LENOVO
dmi.chassis.version: Not Available
dmi.ec.firmware.release: 1.10
dmi.modalias: dmi:bvnLENOVO:bvrGNET72WW(2.20):bd02/26/2015:br2.20:efr1.10:svnLENOVO:pn20EGS06T00:pvrThinkPadW541:rvnLENOVO:rn20EGS06T00:rvrSDK0E50510WIN:cvnLENOVO:ct10:cvrNotAvailable:skuLENOVO_MT_20EG:
dmi.product.family: ThinkPad W541
dmi.product.name: 20EGS06T00
dmi.product.sku: LENOVO_MT_20EG
dmi.product.version: ThinkPad W541
dmi.sys.vendor: LENOVO
modified.conffile..etc.default.apport: [modified]
mtime.conffile..etc.default.apport: 2022-04-12T01:29:42.825058