i915: crash with 5.19-rc2

From: Zdenek Kabelac
Date: Wed Jun 22 2022 - 07:20:39 EST


Hello

While somewhat oldish hw (T61, 4G, C2D) - I've now witnessed new crash with Xorg:

(happened while reopening iconified Firefox window  - running 'standard' rawhide -nodebug kernel 5.19.0-0.rc2.21.fc37.x86_64)

 page:00000000577758b3 refcount:0 mapcount:0 mapping:0000000000000000 index:0x1 pfn:0x1192cc
 flags: 0x17ffffc0000000(node=0|zone=2|lastcpupid=0x1fffff)
 raw: 0017ffffc0000000 ffffe683c47171c8 ffff8fa3f79377a8 0000000000000000
 raw: 0000000000000001 0000000000000000 00000000ffffffff 0000000000000000
 page dumped because: VM_BUG_ON_FOLIO(!folio_test_locked(folio))
 ------------[ cut here ]------------
 kernel BUG at mm/shmem.c:708!
 invalid opcode: 0000 [#1] PREEMPT SMP NOPTI
 CPU: 1 PID: 42896 Comm: Xorg Not tainted 5.19.0-0.rc2.21.fc37.x86_64 #1
 Hardware name: LENOVO 6464CTO/6464CTO, BIOS 7LETC9WW (2.29 ) 03/18/2011
 RIP: 0010:shmem_add_to_page_cache+0x48e/0x500
 Code: 01 0f 84 0a fc ff ff 48 8d 4a ff 31 d2 48 39 cb 0f 85 ff fb ff ff e9 f6 fb ff ff 48 c7 c6 70 01 64 bb 48 89 df e8 f2 99 01 00 <0f> 0b 48 c7 c6 a0 1b 64 bb 48 89 df e8 e1 99 01 00 0f 0b 48 8b 13
 RSP: 0018:ffff9ce7c047f6b0 EFLAGS: 00010286
 RAX: 000000000000003f RBX: ffffe683c464b300 RCX: 0000000000000000
 RDX: 0000000000000001 RSI: ffffffffbb67b8e8 RDI: 00000000ffffffff
 RBP: 0000000000023f97 R08: ffffffffbca122a0 R09: 64656b636f6c5f74
 R10: 747365745f6f696c R11: 6f6621284f494c4f R12: 00000000001120d4
 R13: ffff8fa2c6ae7890 R14: ffffe683c464b300 R15: 0000000000000001
 FS:  00007fc1cea31380(0000) GS:ffff8fa3f7900000(0000) knlGS:0000000000000000
 CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
 CR2: 00007f6972e228c8 CR3: 0000000104ba8000 CR4: 00000000000006e0
 Call Trace:
 <TASK>
 shmem_swapin_folio+0x274/0x980
 shmem_getpage_gfp+0x234/0x990
 shmem_read_mapping_page_gfp+0x36/0xf0
 shmem_sg_alloc_table+0x11b/0x250 [i915]
 shmem_get_pages+0xaa/0x310 [i915]
 __i915_gem_object_get_pages+0x31/0x40 [i915]
 i915_vma_pin_ww+0x69d/0x920 [i915]
 eb_validate_vmas+0x17d/0x7a0 [i915]
 ? eb_pin_engine+0x262/0x2d0 [i915]
 i915_gem_do_execbuffer+0xd43/0x2c00 [i915]
 ? refill_obj_stock+0x102/0x1a0
 ? unix_stream_read_generic+0x1ea/0xa60
 ? unix_stream_read_generic+0x1ea/0xa60
 ? _raw_spin_lock_irqsave+0x23/0x50
 ? _atomic_dec_and_lock_irqsave+0x38/0x60
 ? __active_retire+0xb7/0x100 [i915]
 ? _raw_spin_unlock_irqrestore+0x23/0x40
 ? dma_fence_signal+0x39/0x50
 ? dma_resv_iter_walk_unlocked.part.0+0x164/0x170
 i915_gem_execbuffer2_ioctl+0x115/0x270 [i915]
 ? i915_gem_do_execbuffer+0x2c00/0x2c00 [i915]
 drm_ioctl_kernel+0x9b/0x140
 ? __check_object_size+0x47/0x260
 drm_ioctl+0x21c/0x410
 ? i915_gem_do_execbuffer+0x2c00/0x2c00 [i915]
 ? exit_to_user_mode_prepare+0x17d/0x1f0
 __x64_sys_ioctl+0x8a/0xc0
 do_syscall_64+0x58/0x80
 ? syscall_exit_to_user_mode+0x17/0x40
 ? do_syscall_64+0x67/0x80
 entry_SYSCALL_64_after_hwframe+0x46/0xb0
 RIP: 0033:0x7fc1cf28da9f
 Code: 00 48 89 44 24 18 31 c0 48 8d 44 24 60 c7 04 24 10 00 00 00 48 89 44 24 08 48 8d 44 24 20 48 89 44 24 10 b8 10 00 00 00 0f 05 <89> c2 3d 00 f0 ff ff 77 18 48 8b 44 24 18 64 48 2b 04 25 28 00 00
 RSP: 002b:00007ffe5f52e1c0 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
 RAX: ffffffffffffffda RBX: 00007ffe5f52e250 RCX: 00007fc1cf28da9f
 RDX: 00007ffe5f52e250 RSI: 0000000040406469 RDI: 000000000000000d
 RBP: 000000000000000d R08: 00007fc1ce938410 R09: 00007fc1cf2fa4c0
 R10: 0000000000000000 R11: 0000000000000246 R12: 000055e2dde0d340
 R13: 0000000000000114 R14: 00007ffe5f52e250 R15: 00007fc1cdc49000
 </TASK>
 Modules linked in: tls rfcomm snd_seq_dummy snd_hrtimer xt_CHECKSUM xt_MASQUERADE xt_conntrack ipt_REJECT nf_reject_ipv4 ip6table_mangle ip6table_nat ip6table_filter ip6_tables iptable_mangle iptable_nat nf_nat nf_conntrack nf_defrag_ipv6 nf_defrag_ipv4 iptable_filter ip_tables bridge stp llc bnep binfmt_misc btusb btrtl btbcm btintel btmtk bluetooth ecdh_generic snd_hda_codec_analog snd_hda_codec_generic iwl3945 iwlegacy coretemp kvm_intel mac80211 snd_hda_intel snd_intel_dspcfg snd_intel_sdw_acpi libarc4 kvm iTCO_wdt snd_hda_codec intel_pmc_bxt iTCO_vendor_support snd_hda_core snd_hwdep snd_seq snd_seq_device cfg80211 irqbypass snd_pcm thinkpad_acpi pcspkr joydev i2c_i801 snd_timer i2c_smbus ledtrig_audio wmi_bmof r592 platform_profile snd memstick rfkill lpc_ich soundcore acpi_cpufreq nfsd auth_rpcgss nfs_acl lockd grace sunrpc fuse zram i915 sdhci_pci cqhci sdhci drm_buddy drm_display_helper e1000e mmc_core cec serio_raw yenta_socket ttm wmi video ata_generic pata_acpi
 scsi_dh_rdac scsi_dh_emc scsi_dh_alua dm_multipath
 ---[ end trace 0000000000000000 ]---
 RIP: 0010:shmem_add_to_page_cache+0x48e/0x500
 Code: 01 0f 84 0a fc ff ff 48 8d 4a ff 31 d2 48 39 cb 0f 85 ff fb ff ff e9 f6 fb ff ff 48 c7 c6 70 01 64 bb 48 89 df e8 f2 99 01 00 <0f> 0b 48 c7 c6 a0 1b 64 bb 48 89 df e8 e1 99 01 00 0f 0b 48 8b 13
 RSP: 0018:ffff9ce7c047f6b0 EFLAGS: 00010286
 RAX: 000000000000003f RBX: ffffe683c464b300 RCX: 0000000000000000
 RDX: 0000000000000001 RSI: ffffffffbb67b8e8 RDI: 00000000ffffffff
 RBP: 0000000000023f97 R08: ffffffffbca122a0 R09: 64656b636f6c5f74
 R10: 747365745f6f696c R11: 6f6621284f494c4f R12: 00000000001120d4
 R13: ffff8fa2c6ae7890 R14: ffffe683c464b300 R15: 0000000000000001
 FS:  00007fc1cea31380(0000) GS:ffff8fa3f7900000(0000) knlGS:0000000000000000
 CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
 CR2: 00007f6972e228c8 CR3: 0000000104ba8000 CR4: 00000000000006e0


Regards


Zdenek