(Reported to Fedora: https://bugzilla.redhat.com/show_bug.cgi?id=1534012) Description of problem: Removing radeon module using modprobe -r results in BUG: unable to handle kernel NULL pointer dereference at 0000000000000258 Version-Release number of selected component (if applicable): 4.14.13-300.fc27.x86_64 How reproducible: Didn't try. Steps to Reproduce: 1. sudo modprobe -r radeon 2. 3. Actual results: [115942.917095] BUG: unable to handle kernel NULL pointer dereference at 0000000000000258 [115942.917144] IP: mutex_lock+0x1d/0x40 [115942.917174] PGD 0 P4D 0 [115942.917207] Oops: 0002 [#1] SMP PTI [115942.917238] Modules linked in: tun ip6t_rpfilter ip6t_REJECT nf_reject_ipv6 xt_conntrack ip_set nfnetlink ebtable_nat ebtable_broute bridge stp llc ip6table_nat nf_conntrack_ipv6 nf_defrag_ipv6 nf_nat_ipv6 ip6table_mangle ip6table_raw ip6table_security iptable_nat nf_conntrack_ipv4 nf_defrag_ipv4 nf_nat_ipv4 nf_nat nf_conntrack iptable_mangle iptable_raw iptable_security ebtable_filter ebtables ip6table_filter ip6_tables snd_hda_codec_realtek snd_hda_codec_generic sunrpc snd_hda_codec_hdmi ppdev snd_hda_intel iTCO_wdt iTCO_vendor_support snd_hda_codec snd_hda_core coretemp snd_hwdep snd_pcm i2c_i801 snd_timer snd parport_pc lpc_ich soundcore parport asus_atk0110 shpchp acpi_cpufreq xfs libcrc32c ata_generic pata_acpi amdkfd amd_iommu_v2 radeon(-) serio_raw r8169 firewire_ohci i2c_algo_bit firewire_core [115942.917377] pata_marvell mii crc_itu_t drm_kms_helper ttm drm [115942.917417] CPU: 0 PID: 6778 Comm: modprobe Not tainted 4.14.13-300.fc27.x86_64 #1 [115942.917488] Hardware name: System manufacturer System Product Name/P5QL-EM, BIOS 0802 05/12/2010 [115942.917558] task: ffff96b09a4b3c00 task.stack: ffffb500c13b4000 [115942.917610] RIP: 0010:mutex_lock+0x1d/0x40 [115942.917659] RSP: 0018:ffffb500c13b7cf0 EFLAGS: 00010246 [115942.917710] RAX: 0000000000000000 RBX: 0000000000000258 RCX: 000000010020000f [115942.917779] RDX: ffff96b09a4b3c00 RSI: ffff96b095a0ef20 RDI: 0000000000000258 [115942.917849] RBP: ffffb500c13b7cf8 R08: ffff96b093a19a80 R09: 000000010020000f [115942.917918] R10: ffffb500c13b7cc8 R11: 0000000000000000 R12: 0000000000000258 [115942.917987] R13: ffff96b095a0ef20 R14: ffffffffc0625210 R15: ffff96b09a50f100 [115942.918064] FS: 00007faa7058c0c0(0000) GS:ffff96b09fc00000(0000) knlGS:0000000000000000 [115942.918065] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [115942.918065] CR2: 0000000000000258 CR3: 0000000050256000 CR4: 00000000000006f0 [115942.918065] Call Trace: [115942.918065] drm_mode_object_unregister+0x23/0x50 [drm] [115942.918065] drm_framebuffer_unregister_private+0x1a/0x20 [drm] [115942.918065] radeon_fbdev_fini+0x56/0x80 [radeon] [115942.918065] radeon_modeset_fini+0x72/0xb0 [radeon] [115942.918065] radeon_driver_unload_kms+0x43/0x80 [radeon] [115942.918065] drm_dev_unregister+0x43/0xf0 [drm] [115942.918065] drm_put_dev+0x32/0x70 [drm] [115942.918065] radeon_pci_remove+0x15/0x20 [radeon] [115942.918065] pci_device_remove+0x39/0xb0 [115942.918065] device_release_driver_internal+0x158/0x210 [115942.918065] driver_detach+0x38/0x70 [115942.918065] bus_remove_driver+0x59/0xd0 [115942.918065] driver_unregister+0x2c/0x40 [115942.918065] pci_unregister_driver+0x22/0xb0 [115942.918065] radeon_exit+0x15/0x6f [radeon] [115942.918065] SyS_delete_module+0x1a8/0x2b0 [115942.918065] ? exit_to_usermode_loop+0x8f/0xb0 [115942.918065] entry_SYSCALL_64_fastpath+0x20/0x83 [115942.918065] RIP: 0033:0x7faa6fa54077 [115942.918065] RSP: 002b:00007ffd42b9ccc8 EFLAGS: 00000206 ORIG_RAX: 00000000000000b0 [115942.918065] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007faa6fa54077 [115942.918065] RDX: 0000000000000000 RSI: 0000000000000800 RDI: 0000559fc225dd98 [115942.918065] RBP: 0000000000000000 R08: 00007ffd42b9bc71 R09: 0000000000000000 [115942.918065] R10: 00007faa6face100 R11: 0000000000000206 R12: 0000559fc225dd30 [115942.918065] R13: 00007ffd42b9bce0 R14: 0000559fc225dd98 R15: 00007ffd42b9e0b0 [115942.918065] Code: ff 5d c3 90 66 2e 0f 1f 84 00 00 00 00 00 66 66 66 66 90 55 48 89 e5 53 48 89 fb e8 ce e2 ff ff 65 48 8b 14 25 00 5c 01 00 31 c0 <f0> 48 0f b1 13 48 85 c0 74 08 48 89 df e8 b1 ff ff ff 5b 5d c3 [115942.918065] RIP: mutex_lock+0x1d/0x40 RSP: ffffb500c13b7cf0 [115942.918065] CR2: 0000000000000258 [115942.920031] ---[ end trace c2bf9af6c48b5a97 ]--- Expected results: No error. Additional info: 01:00.0 VGA compatible controller [0300]: Advanced Micro Devices, Inc. [AMD/ATI] RV635 [Radeon HD 3650/3750/4570/4580] [1002:9598]
Created attachment 136692 [details] dmesg
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=e97f12f359775de4fabfb507f836ebffa20f4986 should help for this.
(In reply to Michel Dänzer from comment #2) > https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/ > ?id=e97f12f359775de4fabfb507f836ebffa20f4986 should help for this. Thanks. imirkin warned me on IRC (wrt similar bug 104609 in nouveau) not to expect machine to reboot cleanly, so I'll be able to test it in a few weeks, which is when 4.15.x is expected to come to Fedora 27 anyway.
Actually, this seems to affect the Kaveri system from bug 99353 as well. I'll test 4.15-rc ASAP.
4.15-rc8 on Kaveri after modprobe -r: [ 215.855452] [drm] radeon: finishing device. [ 215.895091] [TTM] Finalizing pool allocator [ 215.895254] [TTM] Finalizing DMA pool allocator [ 215.895302] [TTM] Zone kernel: Used memory at exit: 2080 kiB [ 215.895305] [drm] radeon: ttm finalized I'll close this bug after I get a chance to try it on RV635. Thanks!
Confirmed on 4.15.7-300.fc27.x86_64 [ 59.965382] [drm] radeon: finishing device. [ 59.976804] [TTM] Finalizing pool allocator [ 59.976813] [TTM] Finalizing DMA pool allocator [ 59.977327] [TTM] Zone kernel: Used memory at exit: 0 kiB [ 59.977330] [drm] radeon: ttm finalized
Use of freedesktop.org services, including Bugzilla, is subject to our Code of Conduct. How we collect and use information is described in our Privacy Policy.