Bug 1474718

Summary: Unable to handle kernel NULL pointer dereference when load and unload amdkfd module
Product: [Fedora] Fedora Reporter: Frank Liang <xiliang>
Component: kernelAssignee: Kernel Maintainer List <kernel-maint>
Status: CLOSED WONTFIX QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: high Docs Contact:
Priority: high    
Version: 27CC: gansalmon, ichavero, itamar, jonathan, kernel-maint, madhu.chinakonda, mchehab, oded.gabbay
Target Milestone: ---   
Target Release: ---   
Hardware: x86_64   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2017-12-10 09:26:49 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Frank Liang 2017-07-25 09:04:00 UTC 
Description of problem:
In Fedora26 system, if manually load and unload amdkfd module. There is abnormal logs generated.
Here is the example:
[root@dhcp-2-160 ~]# modprobe amdkfd
[root@dhcp-2-160 ~]# modprobe -r amdkfd

Snip of dmesg log:

[  210.877159] kfd kfd: Initialized module
[  219.232616] BUG: unable to handle kernel NULL pointer dereference at           (null)
[  219.232653] IP: dev_vprintk_emit+0xb7/0x250
[  219.232673] PGD 0 

[  219.232697] Oops: 0000 [#1] SMP
[  219.232713] Modules linked in: amdkfd(-) amd_iommu_v2 xt_CHECKSUM iptable_mangle ipt_MASQUERADE nf_nat_masquerade_ipv4 iptable_nat nf_nat_ipv4 nf_nat nf_conntrack_ipv4 nf_defrag_ipv4 xt_conntrack nf_conntrack tun ebtable_filter ebtables ip6table_filter ip6_tables ip_set nfnetlink bridge stp llc cfg80211 rfkill snd_hda_codec_hdmi snd_hda_codec_realtek snd_hda_codec_generic intel_rapl x86_pkg_temp_thermal intel_powerclamp snd_hda_intel snd_hda_codec coretemp snd_hda_core crct10dif_pclmul crc32_pclmul iTCO_wdt ghash_clmulni_intel iTCO_vendor_support snd_hwdep mei_wdt snd_seq snd_seq_device ppdev snd_pcm intel_rapl_perf snd_timer snd e1000e soundcore parport_pc parport lpc_ich tpm_tis tpm_tis_core tpm i2c_i801 shpchp ptp mei_me mei pps_core wmi nfsd auth_rpcgss nfs_acl lockd grace sunrpc xenfs xen_privcmd
[  219.232964]  binfmt_misc xfs libcrc32c i915 i2c_algo_bit drm_kms_helper drm crc32c_intel video xen_acpi_processor xen_scsiback target_core_mod xen_pciback xen_netback xen_blkback xen_gntalloc xen_gntdev xen_evtchn [last unloaded: ip6_tables]
[  219.233055] CPU: 1 PID: 1501 Comm: modprobe Tainted: G        W       4.11.9-300.fc26.x86_64 #1
[  219.233091] Hardware name: LENOVO ThinkCentre M8500t-N000/SHARKBAY, BIOS FBKTCAAUS 08/29/2016
[  219.233125] task: ffff8803ed768000 task.stack: ffffc90008814000
[  219.233152] RIP: e030:dev_vprintk_emit+0xb7/0x250
[  219.233173] RSP: e02b:ffffc90008817d30 EFLAGS: 00010202
[  219.233198] RAX: ffffc90008817d51 RBX: ffff8803f0bc6c00 RCX: 0000000000000006
[  219.233227] RDX: ffffffff81cae7f2 RSI: 0000000000000000 RDI: ffffffff81c8706e
[  219.233257] RBP: ffffc90008817df0 R08: 00000000000000f1 R09: 000000000f100000
[  219.233286] R10: 0000000000000011 R11: 000000000000006f R12: ffffc90008817d40
[  219.233316] R13: 0000000000000000 R14: ffffffff81c9e5c7 R15: ffffc90008817e00
[  219.233350] FS:  00007f7dbedf5700(0000) GS:ffff880409040000(0000) knlGS:0000000000000000
[  219.233383] CS:  e033 DS: 0000 ES: 0000 CR0: 0000000080050033
[  219.233408] CR2: 0000000000000000 CR3: 00000003ec510000 CR4: 0000000000042660
[  219.233439] Call Trace:
[  219.233458]  ? __slab_free+0x14c/0x2d0
[  219.233477]  ? __slab_free+0x14c/0x2d0
[  219.233498]  dev_printk_emit+0x4a/0x70
[  219.233517]  __dev_printk+0x3c/0x80
[  219.233535]  _dev_info+0x64/0x80
[  219.233553]  ? kfree+0x154/0x170
[  219.233571]  ? kfree+0x154/0x170
[  219.233593]  kfd_module_exit+0x35/0x37 [amdkfd]
[  219.233616]  SyS_delete_module+0x18a/0x220
[  219.233639]  entry_SYSCALL_64_fastpath+0x1a/0xa9
[  219.233660] RIP: 0033:0x7f7dbe2ce007
[  219.233678] RSP: 002b:00007ffd546a4ec8 EFLAGS: 00000206 ORIG_RAX: 00000000000000b0
[  219.233710] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007f7dbe2ce007
[  219.233741] RDX: 0000000000000000 RSI: 0000000000000800 RDI: 000055990eef3578
[  219.233770] RBP: 0000000000000000 R08: 00007ffd546a3e71 R09: 0000000000000000
[  219.233797] R10: 00007f7dbe33cd00 R11: 0000000000000206 R12: 000055990eef3510
[  219.233824] R13: 00007ffd546a3ee0 R14: 000055990eef3578 R15: 00007ffd546a62b0
[  219.233854] Code: 14 41 c1 e8 14 45 85 c0 0f 84 0c 01 00 00 4c 89 95 40 ff ff ff b9 06 00 00 00 48 c7 c7 6e 70 c8 81 4c 89 ee 48 c7 c2 f2 e7 ca 81 <f3> a6 4c 89 de 48 89 c7 0f 95 c1 41 81 e1 ff ff 0f 00 0f b6 c9 
[  219.233943] RIP: dev_vprintk_emit+0xb7/0x250 RSP: ffffc90008817d30
[  219.233969] CR2: 0000000000000000
[  219.234002] ---[ end trace a49b532b5636d796 ]---


Version-Release number of selected component (if applicable):
4.11.9-300.fc26.x86_64

How reproducible:

Steps to Reproduce:
1. Install Fedora26 system.
2. Load module via "modprobe amdkfd"
3. Unload module via "modprobe -r amdkfd"
4. Check dmesg output.

Actual results:
There are new call trace generated in dmesg log.

Expected results:
There module should be unloaded without any error.

Additional info:
Can reproduce it on my both Intel and AMD systems.
Comment 1 Frank Liang 2017-11-16 05:21:33 UTC 
Can reproduce it on Fedora27.

[68211.901724] AMD IOMMUv2 functionality not available on this system
[68211.939016] CRAT table not found
[68211.939019] Finished initializing topology ret=0
[68211.939098] kfd kfd: Initialized module
[68219.285207] BUG: unable to handle kernel NULL pointer dereference at           (null)
[68219.285243] IP: dev_vprintk_emit+0x140/0x220
[68219.285256] PGD 0 
[68219.285257] P4D 0 

[68219.285291] Oops: 0000 [#1] SMP
[68219.285303] Modules linked in: amdkfd(-) amd_iommu_v2 xt_CHECKSUM ipt_MASQUERADE nf_nat_masquerade_ipv4 tun ip6t_rpfilter ip6t_REJECT nf_reject_ipv6 xt_conntrack cfg80211 rfkill ip_set nfnetlink ebtable_nat ebtable_broute bridge stp llc ip6table_nat nf_conntrack_ipv6 nf_defrag_ipv6 nf_nat_ipv6 ip6table_mangle ip6table_raw ip6table_security iptable_nat nf_conntrack_ipv4 nf_defrag_ipv4 nf_nat_ipv4 nf_nat nf_conntrack libcrc32c iptable_mangle iptable_raw iptable_security ebtable_filter ebtables ip6table_filter ip6_tables sunrpc snd_hda_codec_realtek snd_hda_codec_generic snd_hda_codec_hdmi intel_rapl intel_powerclamp crct10dif_pclmul snd_hda_intel snd_hda_codec crc32_pclmul snd_hda_core ghash_clmulni_intel snd_hwdep snd_seq snd_seq_device snd_pcm snd_timer intel_rapl_perf snd mei_wdt wmi_bmof mei_me
[68219.285476]  i2c_i801 mei iTCO_wdt iTCO_vendor_support soundcore ppdev lpc_ich wmi shpchp tpm_tis parport_pc parport tpm_tis_core tpm xenfs xen_privcmd i915 i2c_algo_bit drm_kms_helper e1000e drm crc32c_intel ptp pps_core video xen_acpi_processor xen_scsiback target_core_mod xen_pciback xen_netback xen_blkback xen_gntalloc xen_gntdev xen_evtchn
[68219.285544] CPU: 4 PID: 2339 Comm: modprobe Tainted: G        W       4.13.12-300.fc27.x86_64 #1
[68219.285564] Hardware name: LENOVO ThinkCentre M8500t-N000/SHARKBAY, BIOS FBKTCAAUS 08/29/2016
[68219.285583] task: ffff8802ae4f0000 task.stack: ffffc90003d4c000
[68219.285599] RIP: e030:dev_vprintk_emit+0x140/0x220
[68219.285612] RSP: e02b:ffffc90003d4fd28 EFLAGS: 00010206
[68219.285626] RAX: 000000000000006f RBX: 0000000000000011 RCX: 0000000000000006
[68219.285643] RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffffffff81cac818
[68219.285660] RBP: ffffc90003d4fde8 R08: 00000000000000f0 R09: 000000000f000000
[68219.285676] R10: ffffc90003d4fe60 R11: ffffc90003d4fd49 R12: ffffc90003d4fd38
[68219.285693] R13: ffff8803fe1e1400 R14: 0000000000000000 R15: ffffc90003d4fdf8
[68219.285716] FS:  00007fcfc82ef740(0000) GS:ffff880408f00000(0000) knlGS:0000000000000000
[68219.285734] CS:  e033 DS: 0000 ES: 0000 CR0: 0000000080050033
[68219.285749] CR2: 0000000000000000 CR3: 000000037aecd000 CR4: 0000000000042660
[68219.285767] Call Trace:
[68219.285780]  ? __slab_free+0x14c/0x2d0
[68219.285792]  ? __slab_free+0x14c/0x2d0
[68219.285805]  dev_printk_emit+0x4a/0x70
[68219.285817]  __dev_printk+0x3c/0x80
[68219.285827]  _dev_info+0x64/0x80
[68219.285839]  ? kfree+0x154/0x170
[68219.285855]  kfd_module_exit+0x35/0x37 [amdkfd]
[68219.285869]  SyS_delete_module+0x1a8/0x2b0
[68219.285883]  ? exit_to_usermode_loop+0x3e/0xb0
[68219.285897]  entry_SYSCALL_64_fastpath+0x1a/0xa5
[68219.285911] RIP: 0033:0x7fcfc77bc5c7
[68219.285922] RSP: 002b:00007ffc55e3ad08 EFLAGS: 00000206 ORIG_RAX: 00000000000000b0
[68219.285939] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007fcfc77bc5c7
[68219.285956] RDX: 0000000000000000 RSI: 0000000000000800 RDI: 000055fc17014e88
[68219.285973] RBP: 0000000000000000 R08: 00007ffc55e39cb1 R09: 0000000000000000
[68219.285990] R10: 00007fcfc7835880 R11: 0000000000000206 R12: 000055fc17014e20
[68219.286006] R13: 00007ffc55e39d20 R14: 000055fc17014e88 R15: 00007ffc55e3c0f0
[68219.286024] Code: 28 00 00 00 0f 85 c3 00 00 00 48 81 c4 98 00 00 00 5b 41 5c 41 5d 41 5e 41 5f 5d c3 b9 06 00 00 00 48 c7 c7 18 c8 ca 81 4c 89 f6 <f3> a6 48 c7 c2 82 07 cf 81 48 89 c6 4c 89 df 0f 95 c1 41 81 e1 
[68219.286073] RIP: dev_vprintk_emit+0x140/0x220 RSP: ffffc90003d4fd28
[68219.286100] CR2: 0000000000000000
[68219.286141] ---[ end trace e7e0103a92c9f81c ]---
Comment 2 Oded Gabbay 2017-12-10 09:26:49 UTC 
Hi,
unfortunately, amdkfd doesn't support unloading/insmod manually. It should be loaded by the OS boot process together with amdgpu and amd_iommuv2