Bug 15158

Summary: oops related to i915_gem_object_save_bit_17_swizzle
Product: Drivers Reporter: Werner Lemberg (wl)
Component: Video(DRI - Intel)Assignee: Eric Anholt (eric)
Status: RESOLVED PATCH_ALREADY_AVAILABLE    
Severity: normal CC: akpm, astarikovskiy, jbarnes, rjw
Priority: P1    
Hardware: All   
OS: Linux   
Kernel Version: 2.6.33-rc5 Subsystem:
Regression: Yes Bisected commit-id:
Bug Depends on:    
Bug Blocks: 14230    

Description Werner Lemberg 2010-01-28 08:26:44 UTC 
[openSuSE kernel 2.6.33-rc5-1-pae]
[openSuSE xorg-x11-driver-video 7.4-146.3, containing xf86-video-intel 2.10.0]
[chip 945GM]


I get this crash approx. once a day...



    Werner

------------------------------------------------------------------------

BUG: unable to handle kernel NULL pointer dereference at (null)
IP: [<f87944b3>] i915_gem_object_save_bit_17_swizzle+0x53/0xc0 [i915]
*pdpt = 0000000035056001 *pde = 0000000000000000
Oops: 0000 [#1] SMP
last sysfs file: /sys/devices/LNXSYSTM:00/LNXSYBUS:00/PNP0C0A:00/power_supply/BAT0/charge_full
Modules linked in: autofs4 iwl3945 iwlcore mac80211 cfg80211 af_packet ip6t_LOG xt_tcpudp xt_pkttype ipt_LOG xt_limit snd_pcm_oss snd_mixer_oss snd_seq snd_seq_device cpufreq_conservative cpufreq_userspace cpufreq_powersave acpi_cpufreq speedstep_lib ip6t_REJECT nf_conntrack_ipv6 ip6table_raw xt_NOTRACK ipt_REJECT xt_state iptable_raw iptable_filter ip6table_mangle nf_conntrack_netbios_ns nf_conntrack_ipv4 nf_conntrack nf_defrag_ipv4 ip_tables ip6table_filter ip6_tables x_tables ipv6 fuse loop dm_mod snd_hda_codec_idt arc4 snd_hda_intel ecb snd_hda_codec i915 iTCO_wdt sdhci_pci snd_hwdep b44 drm_kms_helper snd_pcm ssb iTCO_vendor_support sdhci drm pcmcia dell_wmi dell_laptop ohci1394 snd_timer ieee1394 i2c_algo_bit pcmcia_core i2c_i801 ricoh_mmc mmc_core pcspkr intel_agp dcdbas wmi snd joydev button sr_mod sg cdrom ac video battery soundcore snd_page_alloc rfkill uhci_hcd ehci_hcd sd_mod usbcore edd fan ide_pci_generic ide_core ata_generic ata_piix libata scsi_mod th
Pid: 2250, comm: Xorg Not tainted 2.6.33-rc5-1-pae #1 0KD882/MM061
EIP: 0060:[<f87944b3>] EFLAGS: 00013212 CPU: 0
EIP is at i915_gem_object_save_bit_17_swizzle+0x53/0xc0 [i915]
EAX: 00000000 EBX: d2c54140 ECX: f6600000 EDX: 00000162
ESI: 00000200 EDI: d2c54140 EBP: 00200000 ESP: f5b25df0
 DS: 007b ES: 007b FS: 00d8 GS: 0033 SS: 0068
Process Xorg (pid: 2250, ti=f5b24000 task=f55b2ff0 task.ti=f5b24000)
Stack:
 00000000 00000162 00000001 d2c54140 f878e5bd fffffff4 e13b176c d2c54140
<0> 00000200 f878e6da 00000000 00000000 db4ba5c0 db4ba5c0 d2c54140 00200000
<0> 00200000 f8790d27 00000000 00000000 f5986814 00100000 f5986800 00200000
Call Trace:
 [<f878e5bd>] i915_gem_object_put_pages+0x10d/0x130 [i915]
 [<f878e6da>] i915_gem_object_get_pages+0xfa/0x110 [i915]
 [<f8790d27>] i915_gem_object_bind_to_gtt+0x187/0x2f0 [i915]
 [<f8792162>] i915_gem_mmap_gtt_ioctl+0xe2/0x160 [i915]
 [<f8116328>] drm_ioctl+0x1f8/0x370 [drm]
 [<c03135fb>] vfs_ioctl+0x2b/0xa0
 [<c0313e99>] do_vfs_ioctl+0x79/0x300
 [<c031419e>] sys_ioctl+0x7e/0xd0
 [<c0202d8c>] sysenter_do_call+0x12/0x22
 [<ffffe424>] 0xffffe424
Code: 8b 43 4c c1 ee 0c 85 c0 74 4e 31 d2 85 f6 7f 15 eb e3 8d b6 00 00 00 00 8b 43 4c 0f ab 10 83 c2 01 39 d6 74 d0 8b 43 24 8b 04 90 <8b> 08 c1 e9 1d 8b 0c 8d c0 5a 85 c0 2b 81 ac 1a 00 00 c1 f8 05
EIP: [<f87944b3>] i915_gem_object_save_bit_17_swizzle+0x53/0xc0 [i915] SS:ESP 0068:f5b25df0
CR2: 0000000000000000
---[ end trace a34e91fe738bf946 ]---
Comment 1 Andrew Morton 2010-01-29 23:33:51 UTC 
Did 2.6.32 crash in the same way?

If not, this is a regression, isn't it?
Comment 2 Werner Lemberg 2010-01-30 05:34:07 UTC 
2.6.31 definitely didnt' crash this way (and no other kernel before).  IIRC, one of the RC candidates of 2.6.32 introduced the buggy behaviour, but I'm not sure, unfortunately.
Comment 3 Rafael J. Wysocki 2010-01-30 18:16:53 UTC 
The developers apparently can't reproduce this issue, so I'm afraid we need to know the change that introduced it and you have the hardware it's visible on.

Did you change the Xorg driver in the meantime?
Comment 4 Werner Lemberg 2010-01-30 18:37:51 UTC 
I can't reproduce it at will either which means that even bisecting the source wouldn't work.  If the crash happens, there's normally a lot of disk activity and swapping involved, for example, using firefox to visit a site with many large images (bikini girls and the like :-).  Another related issue might be that I use KDE with six virtual screens, and I do a lot of fast switching between them using key shortcuts.

Alas, I can't remember either whether the crashes started before upgrading to xf86-video-intel 2.10.0 or after.  Downgrading would be a great pain...

What hardware information besides the graphics chip (945GM) do you need?  What else can I do to improve the bug report?  Is there a possibility to increase the verbosity of the backtrace, or to install a package with better tracing information?
Comment 5 Jesse Barnes 2010-02-19 20:56:55 UTC 
Hoping Eric can confirm this is fixed already or narrow down the issue.
Comment 6 Alexey Starikovskiy 2010-03-26 21:54:40 UTC 
Patch is available here: https://patchwork.kernel.org/patch/85355/