745744 – NULL pointer dereference when hibernating with i915.modeset=0

Bug 745744 - NULL pointer dereference when hibernating with i915.modeset=0

Summary: NULL pointer dereference when hibernating with i915.modeset=0

Keywords:
Status:	CLOSED WONTFIX
Alias:	None
Product:	Red Hat Enterprise Linux 6
Classification:	Red Hat
Component:	kernel
Sub Component:
Version:	6.2
Hardware:	All
OS:	Linux
Priority:	unspecified
Severity:	low
Target Milestone:	rc
Target Release:	---
Assignee:	Adam Jackson
QA Contact:	Red Hat Kernel QE team
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:	767187
TreeView+	depends on / blocked

Reported:	2011-10-13 09:30 UTC by Stanislaw Gruszka
Modified:	2012-02-06 13:23 UTC (History)
CC List:	4 users (show)
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed:	2012-02-06 13:23:32 UTC
Target Upstream Version:

Attachments	(Terms of Use)
dmesg.txt (67.45 KB, text/plain) 2011-10-13 09:34 UTC, Stanislaw Gruszka	no flags	Details
intel_workaround.patch (509 bytes, text/plain) 2011-10-13 09:47 UTC, Stanislaw Gruszka	no flags	Details
View All Add an attachment (proposed patch, testcase, etc.)

Description Stanislaw Gruszka 2011-10-13 09:30:13 UTC

Description of problem:
Crash when hibernating and have disabled kernel mode setting on intel graphics hardware.

Version-Release number of selected component (if applicable):
Latest rhel6 from git kernel (2.6.32-206) compiled with "debug" config.

How reproducible:
100%

Steps to Reproduce:
1. Boot kernel with i915.modeset=0
2. pm-hibernate
  
Actual results:
> BUG: unable to handle kernel NULL pointer dereference at (null)
> IP: [<(null)>] (null)
> PGD 4946b067 PUD 46570067 PMD 0 
> Oops: 0010 [#1] SMP 
> last sysfs file: /sys/power/state
> CPU 0 
> Modules linked in: cryptd aes_x86_64 aes_generic fuse rfcomm sco bridge stp llc bnep l2cap autofs4 sunrpc cpufreq_ondemand acpi_cpufreq freq_table mperf ipt_REJECT nf_conntrack_ipv4 nf_defrag_ipv4 iptable_filter ip_tables ip6t_REJECT nf_conntrack_ipv6 nf_defrag_ipv6 xt_state nf_conntrack ip6table_filter ip6_tables ipv6 dm_mirror dm_region_hash dm_log uinput ppdev thinkpad_acpi hwmon parport_pc parport wmi r592 memstick microcode sg i2c_i801 uvcvideo videodev v4l2_compat_ioctl32 btusb arc4 bluetooth ecb iTCO_wdt iTCO_vendor_support iwlagn iwlcore mac80211 cfg80211 rfkill snd_hda_codec_conexant snd_hda_intel snd_hda_codec snd_hwdep snd_seq snd_seq_device snd_pcm snd_timer snd soundcore snd_page_alloc e1000e ext4 mbcache jbd2 sd_mod crc_t10dif sr_mod cdrom firewire_ohci firewire_core crc_itu_t sdhci_pci sdhci mmc_core yenta_socket rsrc_nonstatic ahci pata_acpi ata_generic i915 drm_kms_helper drm i2c_algo_bit i2c_core video output dm_mod [last unloaded: scsi_wait_scan]
> 
> Pid: 2950, comm: pm-hibernate Not tainted 2.6.32 #1 LENOVO 2241B48/2241B48
> RIP: 0010:[<0000000000000000>]  [<(null)>] (null)
> RSP: 0018:ffff88004d5b5c90  EFLAGS: 00010282
> RAX: ffff8800730a5068 RBX: ffff8800730a5000 RCX: 0000000000000000
> RDX: ffffffff8151c6ce RSI: 0000000000000001 RDI: ffff8800730a5000
> RBP: ffff88004d5b5ca8 R08: 0000000000000000 R09: 0000000000000000
> R10: 0000000000000000 R11: 0000000000000000 R12: ffff880074b4c000
> R13: 00000000fffedfff R14: 0000000000000000 R15: ffff880074b9b268
> FS:  00007f3556db9700(0000) GS:ffff880015200000(0000) knlGS:0000000000000000
> CS:  0010 DS: 0000 ES: 0000 CR0: 000000008005003b
> CR2: 0000000000000000 CR3: 000000004d61f000 CR4: 00000000000006f0
> DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
> DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000400
> Process pm-hibernate (pid: 2950, threadinfo ffff88004d5b4000, task ffff88004d44c100)
> Stack:
>  ffffffffa00d67c8 ffff880074b4c000 00000000fffedfff ffff88004d5b5d28
> <0> ffffffffa00c3434 ffff88004d5b5cf8 ffffffff812a81e9 ffff88004d5b5d28
> <0> ffff88007a0ef000 0000000000000040 ffff88004d5b5db8 ffff8800730a5060
> Call Trace:
>  [<ffffffffa00d67c8>] ? intel_init_clock_gating+0x28/0x50 [i915]
>  [<ffffffffa00c3434>] i915_restore_state+0x1c4/0x7e0 [i915]
>  [<ffffffff812a81e9>] ? pci_bus_write_config_byte+0x69/0x90
>  [<ffffffffa00ad189>] i915_drm_thaw+0x49/0x120 [i915]
>  [<ffffffffa00ad623>] i915_resume+0x53/0x70 [i915]
>  [<ffffffff8109c08e>] ? down+0x2e/0x50
>  [<ffffffffa0058dbb>] drm_class_resume+0x4b/0x50 [drm]
>  [<ffffffff813743a7>] dpm_resume_end+0x4a7/0x4f0
>  [<ffffffff810c3cc3>] hibernation_snapshot+0x163/0x260
>  [<ffffffff810c3e9c>] hibernate+0xdc/0x220
>  [<ffffffff810c24bc>] state_store+0xec/0x100
>  [<ffffffff8116f24a>] ? alloc_pages_current+0xaa/0x110
>  [<ffffffff8128e357>] kobj_attr_store+0x17/0x20

Comment 2 Stanislaw Gruszka 2011-10-13 09:34:18 UTC

Created attachment 527924 [details]
dmesg.txt

Full dmesg.

Comment 3 Stanislaw Gruszka 2011-10-13 09:47:07 UTC

Created attachment 527933 [details]
intel_workaround.patch

With this patch hibernate does not crash, however this is probably only a workaround. I did not check upstream kernel on that machine, but can do this if needed.

Graphic chipset version:
> 00:02.1 Display controller [0380]: Intel Corporation Mobile 4 Series Chipset Integrated Graphics Controller [8086:2a43] (rev 07)

Comment 4 Dave Airlie 2011-12-14 17:20:46 UTC

we don't support non-kms operation in RHEL. If this patch is upstream it'll be picked up as part of backport normally. Any reason for not using KMS so we can fix it?

Comment 5 Stanislaw Gruszka 2011-12-15 13:15:14 UTC

I was using i915.modeset=0 to confirm that disabling KMS workaround hibernate memory corruption problem reported in bug 746169. I couldn't do this when kernel panics every time I hibernate :)

I'm fine with closing this bug as wontfix. I can also retest with upstream kernel and post proposed patch upstream if it fix the problem there.

Comment 6 Stanislaw Gruszka 2012-02-06 13:23:32 UTC

I can not recreate issue on upstream kernel, so some other patch than attached here fixed the problem.

Since we do not support non-kms on RHEL, and issue is fixed upstream, there is nothing more to do here.

Note You need to log in before you can comment on or make changes to this bug.