Created attachment 337161 [details] Full dmesg Version: 2.6.29-0.237.rc7.git4.fc11.i586 How to reproduce: Start another X server via fast user switch applet Mar 28 10:40:46 bimbo kernel: [drm:i915_get_vblank_counter] *ERROR* trying to get vblank count for disabled pipe 1 Mar 28 10:41:32 bimbo kernel: [drm:i915_mem_init_heap] *ERROR* heap already initialized?<7>SELinux: initialized (dev fuse, type fuse), uses genfs_contexts Quit the server by logging out Mar 28 10:59:10 bimbo kernel: [drm:i915_get_vblank_counter] *ERROR* trying to get vblank count for disabled pipe 1 Mar 28 10:59:10 bimbo kernel: [drm:i915_get_vblank_counter] *ERROR* trying to get vblank count for disabled pipe 1 Mar 28 10:59:10 bimbo kernel: [drm:i915_dma_resume] *ERROR* can not ioremap virtual address for ring buffer Mar 28 10:59:10 bimbo kernel: BUG: unable to handle kernel NULL pointer dereference at (null) Mar 28 10:59:10 bimbo kernel: IP: [<f07d8976>] i915_irq_emit+0x10d/0x192 [i915] Mar 28 10:59:10 bimbo kernel: *pde = 24d02067 *pte = 00000000 Mar 28 10:59:10 bimbo kernel: Oops: 0002 [#1] SMP Mar 28 10:59:10 bimbo kernel: last sysfs file: /sys/devices/pci0000:00/0000:00:1e.0/0000:01:0c.0/local_cpus Mar 28 10:59:10 bimbo kernel: Modules linked in: fuse rfkill_input sco bridge stp llc bnep l2cap bluetooth sunrpc ip6t_REJECT nf_conntrack_ipv6 ip6table_filter ip6_tables ipv6 p4_clockmod dm_multipath vboxnetflt vboxdrv uinput arc4 ecb b43 rfkill mac80211 cfg80211 snd_intel8x0 input_polldev snd_ac97_codec ppdev ac97_bus snd_seq_dummy snd_seq_oss snd_seq_midi_event snd_seq snd_seq_device snd_pcm_oss snd_mixer_oss dcdbas snd_pcm snd_timer snd soundcore snd_page_alloc iTCO_wdt iTCO_vendor_support i2c_i801 e1000 ssb parport_pc parport ata_generic pata_acpi ext4 jbd2 crc16 i915 drm i2c_algo_bit i2c_core [last unloaded: scsi_wait_scan] Mar 28 10:59:10 bimbo kernel: Mar 28 10:59:10 bimbo kernel: Pid: 2597, comm: Xorg Tainted: G W (2.6.29-0.237.rc7.git4.fc11.i586 #1) OptiPlex GX270 Mar 28 10:59:10 bimbo kernel: EIP: 0060:[<f07d8976>] EFLAGS: 00213202 CPU: 1 Mar 28 10:59:10 bimbo kernel: EIP is at i915_irq_emit+0x10d/0x192 [i915] Mar 28 10:59:10 bimbo kernel: EAX: 0001ffff EBX: edbcc0c0 ECX: 00000004 EDX: 00000000 Mar 28 10:59:10 bimbo kernel: ESI: 00000000 EDI: e4db2f88 EBP: ee7e2ecc ESP: ee7e2eb0 Mar 28 10:59:10 bimbo kernel: DS: 007b ES: 007b FS: 00d8 GS: 0033 SS: 0068 Mar 28 10:59:10 bimbo kernel: Process Xorg (pid: 2597, ti=ee7e2000 task=e4d9a9e0 task.ti=ee7e2000) Mar 28 10:59:10 bimbo kernel: Stack: Mar 28 10:59:10 bimbo kernel: edbcb0c4 dea102a0 ee7e2ecc c0543aa3 e4e0bd20 edbcb090 fffffff4 ee7e2ef0 Mar 28 10:59:10 bimbo kernel: f07856d7 000002ae f07d8869 dea102a0 c0046444 eccbca40 f07f4930 eccbca40 Mar 28 10:59:10 bimbo kernel: ee7e2f10 c04b4758 bfe708ac bfe708ac c0046444 edf94700 edf94700 e7905410 Mar 28 10:59:10 bimbo kernel: Call Trace: Mar 28 10:59:10 bimbo kernel: [<c0543aa3>] ? copy_from_user+0x32/0x119 Mar 28 10:59:10 bimbo kernel: [<f07856d7>] ? drm_ioctl+0x1b7/0x236 [drm] Mar 28 10:59:10 bimbo kernel: [<f07d8869>] ? i915_irq_emit+0x0/0x192 [i915] Mar 28 10:59:10 bimbo kernel: [<c04b4758>] ? vfs_ioctl+0x5a/0x74 Mar 28 10:59:10 bimbo kernel: [<c04b4d00>] ? do_vfs_ioctl+0x48b/0x4c9 Mar 28 10:59:10 bimbo kernel: [<c0517436>] ? file_has_perm+0x81/0x8a Mar 28 10:59:10 bimbo kernel: [<c04b4d84>] ? sys_ioctl+0x46/0x66 Mar 28 10:59:10 bimbo kernel: [<c04b4d84>] ? sys_ioctl+0x46/0x66 Mar 28 10:59:10 bimbo kernel: [<c0403f92>] ? syscall_call+0x7/0xb Mar 28 10:59:10 bimbo kernel: Code: 08 00 00 83 7b 20 0f 7f 11 b9 fc 8e 7e f0 ba 10 00 00 00 89 f0 e8 22 e9 ff ff 8b 53 14 8b 4b 1c 8b 43 0c 8d 34 0a 83 c1 04 21 c1 <c7> 06 01 00 80 10 8d 34 0a 83 c1 04 c7 06 84 00 00 00 21 c1 8b Mar 28 10:59:10 bimbo kernel: EIP: [<f07d8976>] i915_irq_emit+0x10d/0x192 [i915] SS:ESP 0068:ee7e2eb0 Mar 28 10:59:10 bimbo kernel: ---[ end trace 6af81428b551bada ]--- Hardware: 00:02.0 VGA compatible controller: Intel Corporation 82865G Integrated Graphics Controller (rev 02)
Thanks for the bug report. We have reviewed the information you have provided above, and there is some additional information we require that will be helpful in our diagnosis of this issue. Please attach your X server config file (/etc/X11/xorg.conf, if available) and X server log file (/var/log/Xorg.*.log) to the bug report as individual uncompressed file attachments using the bugzilla file attachment link below. We will review this issue again once you've had a chance to attach this information. Thanks in advance.
Created attachment 337179 [details] Xorg log i915_emit_irq() called by i915_irq_emit() manipulates the ring->virt_start which is NULL here via OUT_RING macro. diff -up linux-2.6.29.i586/drivers/gpu/drm/i915/i915_irq.c.nobuf linux-2.6.29.i586/drivers/gpu/drm/i915/i915_irq.c --- linux-2.6.29.i586/drivers/gpu/drm/i915/i915_irq.c.nobuf 2009-03-29 21:13:06.810339738 +0200 +++ linux-2.6.29.i586/drivers/gpu/drm/i915/i915_irq.c 2009-03-29 21:14:09.462463411 +0200 @@ -389,6 +389,11 @@ int i915_irq_emit(struct drm_device *dev return -EINVAL; } + if (unlikely(!dev_priv->ring.virtual_start)) { + DRM_ERROR("called without ring buffer\n"); + return -EINVAL; + } + RING_LOCK_TEST_WITH_RETURN(dev, file_priv); mutex_lock(&dev->struct_mutex); If a check for NULL value is added to i915_irq_emit(), the OOPS is avoided, though user switching still doesn't work, since the first X server aborts with (EE) intel(0): I830 Dma Resume Failed (II) intel(0): [drm] dma control initialized, using IRQ 16 _fence_emit_internal: drm_i915_irq_emit: -22
I have a similar issue: only difference: X is crashing/freezing randomly. CTRL-ALT-F2 still works. And the pipe is 0 and not 1 :-/ No other infos in /var/log/messages. kernel: [drm:i915_get_vblank_counter] *ERROR* trying to get vblank count for disabled pipe 0 Xorg autoprobe (no /etc/X11/xorg.conf), and no other infos in the logs...
This bug appears to have been reported against 'rawhide' during the Fedora 11 development cycle. Changing version to '11'. More information and reason for this action is here: http://fedoraproject.org/wiki/BugZappers/HouseKeeping
This message is a reminder that Fedora 11 is nearing its end of life. Approximately 30 (thirty) days from now Fedora will stop maintaining and issuing updates for Fedora 11. It is Fedora's policy to close all bug reports from releases that are no longer maintained. At that time this bug will be closed as WONTFIX if it remains open with a Fedora 'version' of '11'. Package Maintainer: If you wish for this bug to remain open because you plan to fix it in a currently maintained version, simply change the 'version' to a later Fedora version prior to Fedora 11's end of life. Bug Reporter: Thank you for reporting this issue and we are sorry that we may not be able to fix it before Fedora 11 is end of life. If you would still like to see this bug fixed and are able to reproduce it against a later version of Fedora please change the 'version' of this bug to the applicable version. If you are unable to change the version, please add a comment here and someone will do it for you. Although we aim to fix as many bugs as possible during every release's lifetime, sometimes those efforts are overtaken by events. Often a more recent Fedora release includes newer upstream software that fixes bugs or makes them obsolete. The process we are following is described here: http://fedoraproject.org/wiki/BugZappers/HouseKeeping
Fedora 11 changed to end-of-life (EOL) status on 2010-06-25. Fedora 11 is no longer maintained, which means that it will not receive any further security or bug fix updates. As a result we are closing this bug. If you can reproduce this bug against a currently maintained version of Fedora please feel free to reopen this bug against that version. Thank you for reporting this bug and we are sorry it could not be fixed.