Bug 1474718 - Unable to handle kernel NULL pointer dereference when load and unload amdkfd module
Unable to handle kernel NULL pointer dereference when load and unload amdkfd ...
Status: NEW
Product: Fedora
Classification: Fedora
Component: kernel (Show other bugs)
26
x86_64 Linux
high Severity high
: ---
: ---
Assigned To: Kernel Maintainer List
Fedora Extras Quality Assurance
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2017-07-25 05:04 EDT by Xiao, Liang
Modified: 2017-07-25 05:04 EDT (History)
7 users (show)

See Also:
Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed:
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Xiao, Liang 2017-07-25 05:04:00 EDT
Description of problem:
In Fedora26 system, if manually load and unload amdkfd module. There is abnormal logs generated.
Here is the example:
[root@dhcp-2-160 ~]# modprobe amdkfd
[root@dhcp-2-160 ~]# modprobe -r amdkfd

Snip of dmesg log:

[  210.877159] kfd kfd: Initialized module
[  219.232616] BUG: unable to handle kernel NULL pointer dereference at           (null)
[  219.232653] IP: dev_vprintk_emit+0xb7/0x250
[  219.232673] PGD 0 

[  219.232697] Oops: 0000 [#1] SMP
[  219.232713] Modules linked in: amdkfd(-) amd_iommu_v2 xt_CHECKSUM iptable_mangle ipt_MASQUERADE nf_nat_masquerade_ipv4 iptable_nat nf_nat_ipv4 nf_nat nf_conntrack_ipv4 nf_defrag_ipv4 xt_conntrack nf_conntrack tun ebtable_filter ebtables ip6table_filter ip6_tables ip_set nfnetlink bridge stp llc cfg80211 rfkill snd_hda_codec_hdmi snd_hda_codec_realtek snd_hda_codec_generic intel_rapl x86_pkg_temp_thermal intel_powerclamp snd_hda_intel snd_hda_codec coretemp snd_hda_core crct10dif_pclmul crc32_pclmul iTCO_wdt ghash_clmulni_intel iTCO_vendor_support snd_hwdep mei_wdt snd_seq snd_seq_device ppdev snd_pcm intel_rapl_perf snd_timer snd e1000e soundcore parport_pc parport lpc_ich tpm_tis tpm_tis_core tpm i2c_i801 shpchp ptp mei_me mei pps_core wmi nfsd auth_rpcgss nfs_acl lockd grace sunrpc xenfs xen_privcmd
[  219.232964]  binfmt_misc xfs libcrc32c i915 i2c_algo_bit drm_kms_helper drm crc32c_intel video xen_acpi_processor xen_scsiback target_core_mod xen_pciback xen_netback xen_blkback xen_gntalloc xen_gntdev xen_evtchn [last unloaded: ip6_tables]
[  219.233055] CPU: 1 PID: 1501 Comm: modprobe Tainted: G        W       4.11.9-300.fc26.x86_64 #1
[  219.233091] Hardware name: LENOVO ThinkCentre M8500t-N000/SHARKBAY, BIOS FBKTCAAUS 08/29/2016
[  219.233125] task: ffff8803ed768000 task.stack: ffffc90008814000
[  219.233152] RIP: e030:dev_vprintk_emit+0xb7/0x250
[  219.233173] RSP: e02b:ffffc90008817d30 EFLAGS: 00010202
[  219.233198] RAX: ffffc90008817d51 RBX: ffff8803f0bc6c00 RCX: 0000000000000006
[  219.233227] RDX: ffffffff81cae7f2 RSI: 0000000000000000 RDI: ffffffff81c8706e
[  219.233257] RBP: ffffc90008817df0 R08: 00000000000000f1 R09: 000000000f100000
[  219.233286] R10: 0000000000000011 R11: 000000000000006f R12: ffffc90008817d40
[  219.233316] R13: 0000000000000000 R14: ffffffff81c9e5c7 R15: ffffc90008817e00
[  219.233350] FS:  00007f7dbedf5700(0000) GS:ffff880409040000(0000) knlGS:0000000000000000
[  219.233383] CS:  e033 DS: 0000 ES: 0000 CR0: 0000000080050033
[  219.233408] CR2: 0000000000000000 CR3: 00000003ec510000 CR4: 0000000000042660
[  219.233439] Call Trace:
[  219.233458]  ? __slab_free+0x14c/0x2d0
[  219.233477]  ? __slab_free+0x14c/0x2d0
[  219.233498]  dev_printk_emit+0x4a/0x70
[  219.233517]  __dev_printk+0x3c/0x80
[  219.233535]  _dev_info+0x64/0x80
[  219.233553]  ? kfree+0x154/0x170
[  219.233571]  ? kfree+0x154/0x170
[  219.233593]  kfd_module_exit+0x35/0x37 [amdkfd]
[  219.233616]  SyS_delete_module+0x18a/0x220
[  219.233639]  entry_SYSCALL_64_fastpath+0x1a/0xa9
[  219.233660] RIP: 0033:0x7f7dbe2ce007
[  219.233678] RSP: 002b:00007ffd546a4ec8 EFLAGS: 00000206 ORIG_RAX: 00000000000000b0
[  219.233710] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007f7dbe2ce007
[  219.233741] RDX: 0000000000000000 RSI: 0000000000000800 RDI: 000055990eef3578
[  219.233770] RBP: 0000000000000000 R08: 00007ffd546a3e71 R09: 0000000000000000
[  219.233797] R10: 00007f7dbe33cd00 R11: 0000000000000206 R12: 000055990eef3510
[  219.233824] R13: 00007ffd546a3ee0 R14: 000055990eef3578 R15: 00007ffd546a62b0
[  219.233854] Code: 14 41 c1 e8 14 45 85 c0 0f 84 0c 01 00 00 4c 89 95 40 ff ff ff b9 06 00 00 00 48 c7 c7 6e 70 c8 81 4c 89 ee 48 c7 c2 f2 e7 ca 81 <f3> a6 4c 89 de 48 89 c7 0f 95 c1 41 81 e1 ff ff 0f 00 0f b6 c9 
[  219.233943] RIP: dev_vprintk_emit+0xb7/0x250 RSP: ffffc90008817d30
[  219.233969] CR2: 0000000000000000
[  219.234002] ---[ end trace a49b532b5636d796 ]---


Version-Release number of selected component (if applicable):
4.11.9-300.fc26.x86_64

How reproducible:

Steps to Reproduce:
1. Install Fedora26 system.
2. Load module via "modprobe amdkfd"
3. Unload module via "modprobe -r amdkfd"
4. Check dmesg output.

Actual results:
There are new call trace generated in dmesg log.

Expected results:
There module should be unloaded without any error.

Additional info:
Can reproduce it on my both Intel and AMD systems.

Note You need to log in before you can comment on or make changes to this bug.