[Bug 291337] amdgpu crash when calling vm_phys_fictitious_unreg_range() / on 14.3-RELEASE or 15.0-RELEASE

Reply: bugzilla-noreply_a_freebsd.org: "[Bug 291337] amdgpu crash when calling vm_phys_fictitious_unreg_range() / on 14.3-RELEASE or 15.0-RELEASE"
Reply: bugzilla-noreply_a_freebsd.org: "[Bug 291337] amdgpu crash when calling vm_phys_fictitious_unreg_range() / on 14.3-RELEASE or 15.0-RELEASE"
Reply: bugzilla-noreply_a_freebsd.org: "[Bug 291337] amdgpu crash when calling vm_phys_fictitious_unreg_range() / on 14.3-RELEASE or 15.0-RELEASE"
Reply: bugzilla-noreply_a_freebsd.org: "[Bug 291337] amdgpu crash when calling vm_phys_fictitious_unreg_range() / on 14.3-RELEASE or 15.0-RELEASE"
Reply: bugzilla-noreply_a_freebsd.org: "[Bug 291337] amdgpu crash when calling unregister_fictitious_range() / on 14.3-RELEASE or 15.0-RELEASE"
Reply: bugzilla-noreply_a_freebsd.org: "[Bug 291337] amdgpu crash when calling unregister_fictitious_range() / on 14.3-RELEASE or 15.0-RELEASE"
Go to: [ bottom of page ] [ top of archives ] [ this month ]

From: <bugzilla-noreply_at_freebsd.org>
Date: Mon, 01 Dec 2025 21:11:57 UTC

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=291337

            Bug ID: 291337
           Summary: amdgpu crash when calling
                    vm_phys_fictitious_unreg_range() / on 14.3-RELEASE or
                    15.0-RELEASE
           Product: Ports & Packages
           Version: Latest
          Hardware: amd64
                OS: Any
            Status: New
          Severity: Affects Only Me
          Priority: ---
         Component: Individual Port(s)
          Assignee: ports-bugs@FreeBSD.org
          Reporter: freebsd-d9e@fasterix.frmug.org

Created attachment 265758
  --> https://bugs.freebsd.org/bugzilla/attachment.cgi?id=265758&action=edit
stack trace with system information

My system has a built-in GPU in a Ryzen 5 5600G. Driver firmware =
green_sardine.

When I try to install an external GPU (AMD RX 9060 XT), amdgpu crashes on
module load, when calling vm_phys_fictitious_unreg_range().

vm_phys_fictitious_unreg_range calls RB_FIND at line 1215 (lines for FreeBSD
15.0 source code), which returns a NULL pointer in "seg", so it crashes when
referencing it at the next line:
  if (seg->start != start || seg->end != end)

The root cause seems to be that amdgpu fails to initialize the driver (probably
due to the 9060 XT, as it doesn't crash if not present).

[drm] initializing kernel modesetting (IP DISCOVERY 0x1002:0x7590
0x1EAE:0x86010xC0).
[drm] register mmio base: 0xFCD00000
[drm] register mmio size: 524288
drmn0: Fatal error during GPU init
drmn0: amdgpu: finishing device.

So it tries to unregister it by calling vm_phys_fictitious_unreg_range(), but
it has likely never called vm_phys_fictitious_reg_range().

The crash happens in vm_phys_fictitious_unreg_range() but it feels like a bug
in amdgpu not doing proper resource tracking, although
vm_phys_fictitious_unreg_range() might also check the pointer before using it.

-- 
You are receiving this mail because:
You are the assignee for the bug.