Note: This bug is displayed in read-only format because the product is no longer active in Red Hat Bugzilla.
RHEL Engineering is moving the tracking of its product development work on RHEL 6 through RHEL 9 to Red Hat Jira (issues.redhat.com). If you're a Red Hat customer, please continue to file support cases via the Red Hat customer portal. If you're not, please head to the "RHEL project" in Red Hat Jira and file new tickets here. Individual Bugzilla bugs in the statuses "NEW", "ASSIGNED", and "POST" are being migrated throughout September 2023. Bugs of Red Hat partners with an assigned Engineering Partner Manager (EPM) are migrated in late September as per pre-agreed dates. Bugs against components "kernel", "kernel-rt", and "kpatch" are only migrated if still in "NEW" or "ASSIGNED". If you cannot log in to RH Jira, please consult article #7032570. That failing, please send an e-mail to the RH Jira admins at rh-issues@redhat.com to troubleshoot your issue as a user management inquiry. The email creates a ServiceNow ticket with Red Hat. Individual Bugzilla bugs that are migrated will be moved to status "CLOSED", resolution "MIGRATED", and set with "MigratedToJIRA" in "Keywords". The link to the successor Jira issue will be found under "Links", have a little "two-footprint" icon next to it, and direct you to the "RHEL project" in Red Hat Jira (issue links are of type "https://issues.redhat.com/browse/RHEL-XXXX", where "X" is a digit). This same link will be available in a blue banner at the top of the page informing you that that bug has been migrated.

Bug 745744

Summary: NULL pointer dereference when hibernating with i915.modeset=0
Product: Red Hat Enterprise Linux 6 Reporter: Stanislaw Gruszka <sgruszka>
Component: kernelAssignee: Adam Jackson <ajax>
Status: CLOSED WONTFIX QA Contact: Red Hat Kernel QE team <kernel-qe>
Severity: low Docs Contact:
Priority: unspecified    
Version: 6.2CC: airlied, ajax, czhang, gbai
Target Milestone: rc   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2012-02-06 13:23:32 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 767187    
Attachments:
Description Flags
dmesg.txt
none
intel_workaround.patch none

Description Stanislaw Gruszka 2011-10-13 09:30:13 UTC 
Description of problem:
Crash when hibernating and have disabled kernel mode setting on intel graphics hardware.

Version-Release number of selected component (if applicable):
Latest rhel6 from git kernel (2.6.32-206) compiled with "debug" config.

How reproducible:
100%

Steps to Reproduce:
1. Boot kernel with i915.modeset=0
2. pm-hibernate
  
Actual results:
> BUG: unable to handle kernel NULL pointer dereference at (null)
> IP: [<(null)>] (null)
> PGD 4946b067 PUD 46570067 PMD 0 
> Oops: 0010 [#1] SMP 
> last sysfs file: /sys/power/state
> CPU 0 
> Modules linked in: cryptd aes_x86_64 aes_generic fuse rfcomm sco bridge stp llc bnep l2cap autofs4 sunrpc cpufreq_ondemand acpi_cpufreq freq_table mperf ipt_REJECT nf_conntrack_ipv4 nf_defrag_ipv4 iptable_filter ip_tables ip6t_REJECT nf_conntrack_ipv6 nf_defrag_ipv6 xt_state nf_conntrack ip6table_filter ip6_tables ipv6 dm_mirror dm_region_hash dm_log uinput ppdev thinkpad_acpi hwmon parport_pc parport wmi r592 memstick microcode sg i2c_i801 uvcvideo videodev v4l2_compat_ioctl32 btusb arc4 bluetooth ecb iTCO_wdt iTCO_vendor_support iwlagn iwlcore mac80211 cfg80211 rfkill snd_hda_codec_conexant snd_hda_intel snd_hda_codec snd_hwdep snd_seq snd_seq_device snd_pcm snd_timer snd soundcore snd_page_alloc e1000e ext4 mbcache jbd2 sd_mod crc_t10dif sr_mod cdrom firewire_ohci firewire_core crc_itu_t sdhci_pci sdhci mmc_core yenta_socket rsrc_nonstatic ahci pata_acpi ata_generic i915 drm_kms_helper drm i2c_algo_bit i2c_core video output dm_mod [last unloaded: scsi_wait_scan]
> 
> Pid: 2950, comm: pm-hibernate Not tainted 2.6.32 #1 LENOVO 2241B48/2241B48
> RIP: 0010:[<0000000000000000>]  [<(null)>] (null)
> RSP: 0018:ffff88004d5b5c90  EFLAGS: 00010282
> RAX: ffff8800730a5068 RBX: ffff8800730a5000 RCX: 0000000000000000
> RDX: ffffffff8151c6ce RSI: 0000000000000001 RDI: ffff8800730a5000
> RBP: ffff88004d5b5ca8 R08: 0000000000000000 R09: 0000000000000000
> R10: 0000000000000000 R11: 0000000000000000 R12: ffff880074b4c000
> R13: 00000000fffedfff R14: 0000000000000000 R15: ffff880074b9b268
> FS:  00007f3556db9700(0000) GS:ffff880015200000(0000) knlGS:0000000000000000
> CS:  0010 DS: 0000 ES: 0000 CR0: 000000008005003b
> CR2: 0000000000000000 CR3: 000000004d61f000 CR4: 00000000000006f0
> DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
> DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000400
> Process pm-hibernate (pid: 2950, threadinfo ffff88004d5b4000, task ffff88004d44c100)
> Stack:
>  ffffffffa00d67c8 ffff880074b4c000 00000000fffedfff ffff88004d5b5d28
> <0> ffffffffa00c3434 ffff88004d5b5cf8 ffffffff812a81e9 ffff88004d5b5d28
> <0> ffff88007a0ef000 0000000000000040 ffff88004d5b5db8 ffff8800730a5060
> Call Trace:
>  [<ffffffffa00d67c8>] ? intel_init_clock_gating+0x28/0x50 [i915]
>  [<ffffffffa00c3434>] i915_restore_state+0x1c4/0x7e0 [i915]
>  [<ffffffff812a81e9>] ? pci_bus_write_config_byte+0x69/0x90
>  [<ffffffffa00ad189>] i915_drm_thaw+0x49/0x120 [i915]
>  [<ffffffffa00ad623>] i915_resume+0x53/0x70 [i915]
>  [<ffffffff8109c08e>] ? down+0x2e/0x50
>  [<ffffffffa0058dbb>] drm_class_resume+0x4b/0x50 [drm]
>  [<ffffffff813743a7>] dpm_resume_end+0x4a7/0x4f0
>  [<ffffffff810c3cc3>] hibernation_snapshot+0x163/0x260
>  [<ffffffff810c3e9c>] hibernate+0xdc/0x220
>  [<ffffffff810c24bc>] state_store+0xec/0x100
>  [<ffffffff8116f24a>] ? alloc_pages_current+0xaa/0x110
>  [<ffffffff8128e357>] kobj_attr_store+0x17/0x20
Comment 2 Stanislaw Gruszka 2011-10-13 09:34:18 UTC 
Created attachment 527924 [details]
dmesg.txt

Full dmesg.
Comment 3 Stanislaw Gruszka 2011-10-13 09:47:07 UTC 
Created attachment 527933 [details]
intel_workaround.patch

With this patch hibernate does not crash, however this is probably only a workaround. I did not check upstream kernel on that machine, but can do this if needed.

Graphic chipset version:
> 00:02.1 Display controller [0380]: Intel Corporation Mobile 4 Series Chipset Integrated Graphics Controller [8086:2a43] (rev 07)
Comment 4 Dave Airlie 2011-12-14 17:20:46 UTC 
we don't support non-kms operation in RHEL. If this patch is upstream it'll be picked up as part of backport normally. Any reason for not using KMS so we can fix it?
Comment 5 Stanislaw Gruszka 2011-12-15 13:15:14 UTC 
I was using i915.modeset=0 to confirm that disabling KMS workaround hibernate memory corruption problem reported in bug 746169. I couldn't do this when kernel panics every time I hibernate :)

I'm fine with closing this bug as wontfix. I can also retest with upstream kernel and post proposed patch upstream if it fix the problem there.
Comment 6 Stanislaw Gruszka 2012-02-06 13:23:32 UTC 
I can not recreate issue on upstream kernel, so some other patch than attached here fixed the problem.

Since we do not support non-kms on RHEL, and issue is fixed upstream, there is nothing more to do here.