Bug 492760 - "trying to get vblank count for disabled pipe 1" followed by NULL dereference
"trying to get vblank count for disabled pipe 1" followed by NULL dereference
Status: CLOSED WONTFIX
Product: Fedora
Classification: Fedora
Component: kernel (Show other bugs)
11
All Linux
low Severity medium
: ---
: ---
Assigned To: Jonathan Blandford
Fedora Extras Quality Assurance
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2009-03-29 07:16 EDT by Lubomir Rintel
Modified: 2013-04-02 00:22 EDT (History)
5 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2010-06-28 07:35:53 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)
Full dmesg (41.51 KB, text/plain)
2009-03-29 07:16 EDT, Lubomir Rintel
no flags Details
Xorg log (24.88 KB, text/plain)
2009-03-29 15:18 EDT, Lubomir Rintel
no flags Details

  None (edit)
Description Lubomir Rintel 2009-03-29 07:16:17 EDT
Created attachment 337161 [details]
Full dmesg

Version: 2.6.29-0.237.rc7.git4.fc11.i586

How to reproduce:

Start another X server via fast user switch applet

Mar 28 10:40:46 bimbo kernel: [drm:i915_get_vblank_counter] *ERROR* trying to get vblank count for disabled pipe 1
Mar 28 10:41:32 bimbo kernel: [drm:i915_mem_init_heap] *ERROR* heap already initialized?<7>SELinux: initialized (dev fuse, type fuse), uses genfs_contexts

Quit the server by logging out

Mar 28 10:59:10 bimbo kernel: [drm:i915_get_vblank_counter] *ERROR* trying to get vblank count for disabled pipe 1
Mar 28 10:59:10 bimbo kernel: [drm:i915_get_vblank_counter] *ERROR* trying to get vblank count for disabled pipe 1
Mar 28 10:59:10 bimbo kernel: [drm:i915_dma_resume] *ERROR* can not ioremap virtual address for ring buffer
Mar 28 10:59:10 bimbo kernel: BUG: unable to handle kernel NULL pointer dereference at (null)
Mar 28 10:59:10 bimbo kernel: IP: [<f07d8976>] i915_irq_emit+0x10d/0x192 [i915]
Mar 28 10:59:10 bimbo kernel: *pde = 24d02067 *pte = 00000000 
Mar 28 10:59:10 bimbo kernel: Oops: 0002 [#1] SMP 
Mar 28 10:59:10 bimbo kernel: last sysfs file: /sys/devices/pci0000:00/0000:00:1e.0/0000:01:0c.0/local_cpus
Mar 28 10:59:10 bimbo kernel: Modules linked in: fuse rfkill_input sco bridge stp llc bnep l2cap bluetooth sunrpc ip6t_REJECT nf_conntrack_ipv6 ip6table_filter ip6_tables ipv6 p4_clockmod dm_multipath vboxnetflt vboxdrv uinput arc4 ecb b43 rfkill mac80211 cfg80211 snd_intel8x0 input_polldev snd_ac97_codec ppdev ac97_bus snd_seq_dummy snd_seq_oss snd_seq_midi_event snd_seq snd_seq_device snd_pcm_oss snd_mixer_oss dcdbas snd_pcm snd_timer snd soundcore snd_page_alloc iTCO_wdt iTCO_vendor_support i2c_i801 e1000 ssb parport_pc parport ata_generic pata_acpi ext4 jbd2 crc16 i915 drm i2c_algo_bit i2c_core [last unloaded: scsi_wait_scan]
Mar 28 10:59:10 bimbo kernel:
Mar 28 10:59:10 bimbo kernel: Pid: 2597, comm: Xorg Tainted: G        W  (2.6.29-0.237.rc7.git4.fc11.i586 #1) OptiPlex GX270               
Mar 28 10:59:10 bimbo kernel: EIP: 0060:[<f07d8976>] EFLAGS: 00213202 CPU: 1
Mar 28 10:59:10 bimbo kernel: EIP is at i915_irq_emit+0x10d/0x192 [i915]
Mar 28 10:59:10 bimbo kernel: EAX: 0001ffff EBX: edbcc0c0 ECX: 00000004 EDX: 00000000
Mar 28 10:59:10 bimbo kernel: ESI: 00000000 EDI: e4db2f88 EBP: ee7e2ecc ESP: ee7e2eb0
Mar 28 10:59:10 bimbo kernel: DS: 007b ES: 007b FS: 00d8 GS: 0033 SS: 0068
Mar 28 10:59:10 bimbo kernel: Process Xorg (pid: 2597, ti=ee7e2000 task=e4d9a9e0 task.ti=ee7e2000)
Mar 28 10:59:10 bimbo kernel: Stack:
Mar 28 10:59:10 bimbo kernel: edbcb0c4 dea102a0 ee7e2ecc c0543aa3 e4e0bd20 edbcb090 fffffff4 ee7e2ef0
Mar 28 10:59:10 bimbo kernel: f07856d7 000002ae f07d8869 dea102a0 c0046444 eccbca40 f07f4930 eccbca40
Mar 28 10:59:10 bimbo kernel: ee7e2f10 c04b4758 bfe708ac bfe708ac c0046444 edf94700 edf94700 e7905410
Mar 28 10:59:10 bimbo kernel: Call Trace:
Mar 28 10:59:10 bimbo kernel: [<c0543aa3>] ? copy_from_user+0x32/0x119
Mar 28 10:59:10 bimbo kernel: [<f07856d7>] ? drm_ioctl+0x1b7/0x236 [drm]
Mar 28 10:59:10 bimbo kernel: [<f07d8869>] ? i915_irq_emit+0x0/0x192 [i915]
Mar 28 10:59:10 bimbo kernel: [<c04b4758>] ? vfs_ioctl+0x5a/0x74
Mar 28 10:59:10 bimbo kernel: [<c04b4d00>] ? do_vfs_ioctl+0x48b/0x4c9
Mar 28 10:59:10 bimbo kernel: [<c0517436>] ? file_has_perm+0x81/0x8a
Mar 28 10:59:10 bimbo kernel: [<c04b4d84>] ? sys_ioctl+0x46/0x66
Mar 28 10:59:10 bimbo kernel: [<c04b4d84>] ? sys_ioctl+0x46/0x66
Mar 28 10:59:10 bimbo kernel: [<c0403f92>] ? syscall_call+0x7/0xb
Mar 28 10:59:10 bimbo kernel: Code: 08 00 00 83 7b 20 0f 7f 11 b9 fc 8e 7e f0 ba 10 00 00 00 89 f0 e8 22 e9 ff ff 8b 53 14 8b 4b 1c 8b 43 0c 8d 34 0a 83 c1 04 21 c1 <c7> 06 01 00 80 10 8d 34 0a 83 c1 04 c7 06 84 00 00 00 21 c1 8b 
Mar 28 10:59:10 bimbo kernel: EIP: [<f07d8976>] i915_irq_emit+0x10d/0x192 [i915] SS:ESP 0068:ee7e2eb0
Mar 28 10:59:10 bimbo kernel: ---[ end trace 6af81428b551bada ]---

Hardware:

00:02.0 VGA compatible controller: Intel Corporation 82865G Integrated Graphics Controller (rev 02)
Comment 1 Matěj Cepl 2009-03-29 10:26:39 EDT
Thanks for the bug report.  We have reviewed the information you have provided above, and there is some additional information we require that will be helpful in our diagnosis of this issue.

Please attach your X server config file (/etc/X11/xorg.conf, if available) and X server log file (/var/log/Xorg.*.log) to the bug report as individual uncompressed file attachments using the bugzilla file attachment link below.

We will review this issue again once you've had a chance to attach this information.

Thanks in advance.
Comment 3 Lubomir Rintel 2009-03-29 15:18:24 EDT
Created attachment 337179 [details]
Xorg log

i915_emit_irq() called by i915_irq_emit() manipulates the ring->virt_start which is NULL here via OUT_RING macro.

diff -up linux-2.6.29.i586/drivers/gpu/drm/i915/i915_irq.c.nobuf linux-2.6.29.i586/drivers/gpu/drm/i915/i915_irq.c
--- linux-2.6.29.i586/drivers/gpu/drm/i915/i915_irq.c.nobuf	2009-03-29 21:13:06.810339738 +0200
+++ linux-2.6.29.i586/drivers/gpu/drm/i915/i915_irq.c	2009-03-29 21:14:09.462463411 +0200
@@ -389,6 +389,11 @@ int i915_irq_emit(struct drm_device *dev
 		return -EINVAL;
 	}
 
+        if (unlikely(!dev_priv->ring.virtual_start)) {
+                DRM_ERROR("called without ring buffer\n");
+                return -EINVAL;
+        }
+
 	RING_LOCK_TEST_WITH_RETURN(dev, file_priv);
 
 	mutex_lock(&dev->struct_mutex);

If a check for NULL value is added to i915_irq_emit(), the OOPS is avoided, though user switching still doesn't work, since the first X server aborts with

(EE) intel(0): I830 Dma Resume Failed
(II) intel(0): [drm] dma control initialized, using IRQ 16
_fence_emit_internal: drm_i915_irq_emit: -22
Comment 4 Andy 2009-04-14 10:47:27 EDT
I have a similar issue:

only difference: X is crashing/freezing randomly. CTRL-ALT-F2 still works. And the pipe is 0 and not 1 :-/ No other infos in /var/log/messages.

kernel: [drm:i915_get_vblank_counter] *ERROR* trying to get vblank count for disabled pipe 0


Xorg autoprobe (no /etc/X11/xorg.conf), and no other infos in the logs...
Comment 5 Bug Zapper 2009-06-09 08:47:28 EDT
This bug appears to have been reported against 'rawhide' during the Fedora 11 development cycle.
Changing version to '11'.

More information and reason for this action is here:
http://fedoraproject.org/wiki/BugZappers/HouseKeeping
Comment 7 Bug Zapper 2010-04-27 09:22:00 EDT
This message is a reminder that Fedora 11 is nearing its end of life.
Approximately 30 (thirty) days from now Fedora will stop maintaining
and issuing updates for Fedora 11.  It is Fedora's policy to close all
bug reports from releases that are no longer maintained.  At that time
this bug will be closed as WONTFIX if it remains open with a Fedora 
'version' of '11'.

Package Maintainer: If you wish for this bug to remain open because you
plan to fix it in a currently maintained version, simply change the 'version' 
to a later Fedora version prior to Fedora 11's end of life.

Bug Reporter: Thank you for reporting this issue and we are sorry that 
we may not be able to fix it before Fedora 11 is end of life.  If you 
would still like to see this bug fixed and are able to reproduce it 
against a later version of Fedora please change the 'version' of this 
bug to the applicable version.  If you are unable to change the version, 
please add a comment here and someone will do it for you.

Although we aim to fix as many bugs as possible during every release's 
lifetime, sometimes those efforts are overtaken by events.  Often a 
more recent Fedora release includes newer upstream software that fixes 
bugs or makes them obsolete.

The process we are following is described here: 
http://fedoraproject.org/wiki/BugZappers/HouseKeeping
Comment 8 Bug Zapper 2010-06-28 07:35:53 EDT
Fedora 11 changed to end-of-life (EOL) status on 2010-06-25. Fedora 11 is 
no longer maintained, which means that it will not receive any further 
security or bug fix updates. As a result we are closing this bug.

If you can reproduce this bug against a currently maintained version of 
Fedora please feel free to reopen this bug against that version.

Thank you for reporting this bug and we are sorry it could not be fixed.

Note You need to log in before you can comment on or make changes to this bug.