Linaro-mm-sig

linaro-mm-sig@lists.linaro.org

4 participants
3251 discussions

[syzbot] [dri?] WARNING in drm_gem_object_handle_put_unlocked

by syzbot

Hello, syzbot found the following issue on: HEAD commit: 0bb80ecc33a8 Linux 6.6-rc1 git tree: upstream console+strace: https://syzkaller.appspot.com/x/log.txt?x=1002530c680000 kernel config: https://syzkaller.appspot.com/x/.config?x=f4894cf58531f dashboard link: https://syzkaller.appspot.com/bug?extid=ef3256a360c02207a4cb compiler: gcc (Debian 12.2.0-14) 12.2.0, GNU ld (GNU Binutils for Debian) 2.40 syz repro: https://syzkaller.appspot.com/x/repro.syz?x=14a79ca0680000 C reproducer: https://syzkaller.appspot.com/x/repro.c?x=16900402680000 Downloadable assets: disk image: https://storage.googleapis.com/syzbot-assets/eeb0cac260c7/disk-0bb80ecc.raw… vmlinux: https://storage.googleapis.com/syzbot-assets/a3c360110254/vmlinux-0bb80ecc.… kernel image: https://storage.googleapis.com/syzbot-assets/22b81065ba5f/bzImage-0bb80ecc.… IMPORTANT: if you fix the issue, please add the following tag to the commit: Reported-by: syzbot+ef3256a360c02207a4cb(a)syzkaller.appspotmail.com R10: 0000000000000000 R11: 0000000000000246 R12: 00007fda971e917c R13: 00007fda97153210 R14: 0023647261632f69 R15: 6972642f7665642f </TASK> ------------[ cut here ]------------ WARNING: CPU: 1 PID: 5043 at drivers/gpu/drm/drm_gem.c:225 drm_gem_object_handle_put_unlocked+0x299/0x390 drivers/gpu/drm/drm_gem.c:225 Modules linked in: CPU: 1 PID: 5043 Comm: syz-executor141 Not tainted 6.6.0-rc1-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/04/2023 RIP: 0010:drm_gem_object_handle_put_unlocked+0x299/0x390 drivers/gpu/drm/drm_gem.c:225 Code: ea 03 0f b6 04 02 84 c0 74 0c 3c 03 7f 08 4c 89 f7 e8 2b 06 2a fd c7 83 20 01 00 00 00 00 00 00 e9 98 fe ff ff e8 57 44 d4 fc <0f> 0b 5b 5d 41 5c 41 5d 41 5e e9 48 44 d4 fc e8 43 44 d4 fc 48 8d RSP: 0018:ffffc90003d5fbb8 EFLAGS: 00010293 RAX: 0000000000000000 RBX: ffff888027b61000 RCX: 0000000000000000 RDX: ffff888014fcbb80 RSI: ffffffff84b38a29 RDI: 0000000000000005 RBP: ffff888027b61004 R08: 0000000000000005 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000001 R12: ffff88801d140000 R13: ffff888027b61008 R14: 0000000000000000 R15: ffff888027b61018 FS: 00007fda971536c0(0000) GS:ffff8880b9900000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007fda971fe794 CR3: 0000000072975000 CR4: 00000000003506e0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: <TASK> drm_gem_handle_create_tail+0x32f/0x540 drivers/gpu/drm/drm_gem.c:407 drm_gem_shmem_create_with_handle drivers/gpu/drm/drm_gem_shmem_helper.c:417 [inline] drm_gem_shmem_dumb_create+0x21a/0x310 drivers/gpu/drm/drm_gem_shmem_helper.c:505 drm_mode_create_dumb drivers/gpu/drm/drm_dumb_buffers.c:96 [inline] drm_mode_create_dumb_ioctl+0x268/0x2f0 drivers/gpu/drm/drm_dumb_buffers.c:102 drm_ioctl_kernel+0x280/0x4c0 drivers/gpu/drm/drm_ioctl.c:789 drm_ioctl+0x5cb/0xbf0 drivers/gpu/drm/drm_ioctl.c:892 vfs_ioctl fs/ioctl.c:51 [inline] __do_sys_ioctl fs/ioctl.c:871 [inline] __se_sys_ioctl fs/ioctl.c:857 [inline] __x64_sys_ioctl+0x18f/0x210 fs/ioctl.c:857 do_syscall_x64 arch/x86/entry/common.c:50 [inline] do_syscall_64+0x38/0xb0 arch/x86/entry/common.c:80 entry_SYSCALL_64_after_hwframe+0x63/0xcd RIP: 0033:0x7fda971954e9 Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 51 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 RSP: 002b:00007fda971531f8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 RAX: ffffffffffffffda RBX: 00007fda9721c3e8 RCX: 00007fda971954e9 RDX: 0000000020000080 RSI: 00000000c02064b2 RDI: 0000000000000003 RBP: 00007fda9721c3e0 R08: 00007fda97152f96 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 00007fda971e917c R13: 00007fda97153210 R14: 0023647261632f69 R15: 6972642f7665642f </TASK> --- This report is generated by a bot. It may contain errors. See https://goo.gl/tpsmEJ for more information about syzbot. syzbot engineers can be reached at syzkaller(a)googlegroups.com. syzbot will keep track of this issue. See: https://goo.gl/tpsmEJ#status for how to communicate with syzbot. If the bug is already fixed, let syzbot know by replying with: #syz fix: exact-commit-title If you want syzbot to run the reproducer, reply with: #syz test: git://repo/address.git branch-or-commit-hash If you attach or paste a git patch, syzbot will apply it before testing. If you want to overwrite bug's subsystems, reply with: #syz set subsystems: new-subsystem (See the list of subsystem names on the web dashboard) If the bug is a duplicate of another bug, reply with: #syz dup: exact-subject-of-another-report If you want to undo deduplication, reply with: #syz undup

2 years, 3 months

Re: [syzbot] [mm?] kernel BUG in filemap_unaccount_folio

by syzbot

syzbot has bisected this issue to: commit 5c074eeabbd332b11559f7fc1e89d456f94801fb Author: Gerd Hoffmann <kraxel(a)redhat.com> Date: Wed Nov 14 12:20:29 2018 +0000 udmabuf: set read/write flag when exporting bisection log: https://syzkaller.appspot.com/x/bisect.txt?x=12b21bbfa80000 start commit: db906f0ca6bb Merge tag 'phy-for-6.6' of git://git.kernel.o.. git tree: upstream final oops: https://syzkaller.appspot.com/x/report.txt?x=11b21bbfa80000 console output: https://syzkaller.appspot.com/x/log.txt?x=16b21bbfa80000 kernel config: https://syzkaller.appspot.com/x/.config?x=3bd57a1ac08277b0 dashboard link: https://syzkaller.appspot.com/bug?extid=17a207d226b8a5fb0fd9 syz repro: https://syzkaller.appspot.com/x/repro.syz?x=11609f38680000 C reproducer: https://syzkaller.appspot.com/x/repro.c?x=14c1fc00680000 Reported-by: syzbot+17a207d226b8a5fb0fd9(a)syzkaller.appspotmail.com Fixes: 5c074eeabbd3 ("udmabuf: set read/write flag when exporting") For information about bisection process see: https://goo.gl/tpsmEJ#bisection

2 years, 3 months

[linus:master] [dma] d62c43a953: WARNING:at_mm/slab_common.c:#kmem_cache_destroy

by kernel test robot

hi, Arvind Yadav, we know this commit is quite old, but it shows persistent low rate issue and parent keeps clean even when we run both this commit and parent up to ~300 times. the config to build both kernel is a randconfig as in https://download.01.org/0day-ci/archive/20230913/202309132239.70437559-oliv… c85d00d4fd8b98ea d62c43a953ce02d54521ec06217 ---------------- --------------------------- fail:runs %reproduction fail:runs | | | :300 6% 17:312 dmesg.BUG_mock_fence(Tainted:G_T):Objects_remaining_in_mock_fence_on__kmem_cache_shutdown() :300 11% 33:312 dmesg.EIP:kmem_cache_destroy :300 11% 33:312 dmesg.WARNING:at_mm/slab_common.c:#kmem_cache_destroy at the same time, as in below formal report mentioned, we still observed similar issue on latest linus/master and linux-next/master, so we just send out this report FYI. Hello, kernel test robot noticed "WARNING:at_mm/slab_common.c:#kmem_cache_destroy" on: commit: d62c43a953ce02d54521ec06217d0c2ed6d489af ("dma-buf: Enable signaling on fence for selftests") https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git master [test failed on linus/master 0bb80ecc33a8fb5a682236443c1e740d5c917d1d] [test failed on linux-next/master 3c13c772fc233a10342c8e1605ff0855dfdf0c89] in testcase: boot compiler: gcc-12 test machine: qemu-system-i386 -enable-kvm -cpu SandyBridge -smp 2 -m 4G (please refer to attached dmesg/kmsg for entire log/backtrace) If you fix the issue in a separate patch/commit (i.e. not just a new version of the same patch/commit), kindly add following tags | Reported-by: kernel test robot <oliver.sang(a)intel.com> | Closes: https://lore.kernel.org/oe-lkp/202309132239.70437559-oliver.sang@intel.com [ 21.601153][ T1] ------------[ cut here ]------------ [ 21.693224][ T1] kmem_cache_destroy mock_fence: Slab cache still has objects when called from dma_fence_chain (drivers/dma-buf/st-dma-fence-chain.c:709) [ 21.693275][ T1] WARNING: CPU: 0 PID: 1 at mm/slab_common.c:478 kmem_cache_destroy (mm/slab_common.c:478) [ 21.697039][ T1] Modules linked in: [ 21.697859][ T1] CPU: 0 PID: 1 Comm: swapper Tainted: G T 6.0.0-rc2-00744-gd62c43a953ce #1 26be6099e9dfaf1dc1fa091a1f5a61f95afa9121 [ 21.700290][ T1] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.2-debian-1.16.2-1 04/01/2014 [ 21.702175][ T1] EIP: kmem_cache_destroy (mm/slab_common.c:478) [ 21.707576][ T1] Code: 00 ff 4b 2c 0f 85 b2 00 00 00 89 d8 e8 ea 4a 02 00 85 c0 74 1f ff 75 04 ff 73 40 68 6c ff 96 d7 68 7d 44 09 d8 e8 40 c8 da 00 <0f> 0b 83 c4 10 e9 88 00 00 00 8d 73 44 89 f0 e8 8a 8e 2e 00 84 c0 All code ======== 0: 00 ff add %bh,%bh 2: 4b 2c 0f rex.WXB sub $0xf,%al 5: 85 b2 00 00 00 89 test %esi,-0x77000000(%rdx) b: d8 e8 fsubr %st(0),%st d: ea (bad) e: 4a 02 00 rex.WX add (%rax),%al 11: 85 c0 test %eax,%eax 13: 74 1f je 0x34 15: ff 75 04 push 0x4(%rbp) 18: ff 73 40 push 0x40(%rbx) 1b: 68 6c ff 96 d7 push $0xffffffffd796ff6c 20: 68 7d 44 09 d8 push $0xffffffffd809447d 25: e8 40 c8 da 00 call 0xdac86a 2a:* 0f 0b ud2 <-- trapping instruction 2c: 83 c4 10 add $0x10,%esp 2f: e9 88 00 00 00 jmp 0xbc 34: 8d 73 44 lea 0x44(%rbx),%esi 37: 89 f0 mov %esi,%eax 39: e8 8a 8e 2e 00 call 0x2e8ec8 3e: 84 c0 test %al,%al Code starting with the faulting instruction =========================================== 0: 0f 0b ud2 2: 83 c4 10 add $0x10,%esp 5: e9 88 00 00 00 jmp 0x92 a: 8d 73 44 lea 0x44(%rbx),%esi d: 89 f0 mov %esi,%eax f: e8 8a 8e 2e 00 call 0x2e8e9e 14: 84 c0 test %al,%al [ 21.711048][ T1] EAX: 00000066 EBX: ee62b680 ECX: 00000001 EDX: 80000001 [ 21.712412][ T1] ESI: d87beb98 EDI: ffffffff EBP: c128dee8 ESP: c128decc [ 21.713723][ T1] DS: 007b ES: 007b FS: 0000 GS: 0000 SS: 0068 EFLAGS: 00010292 [ 21.715192][ T1] CR0: 80050033 CR2: b7d07070 CR3: 189fe000 CR4: 00040690 [ 21.716533][ T1] DR0: 00000000 DR1: 00000000 DR2: 00000000 DR3: 00000000 [ 21.717859][ T1] DR6: fffe0ff0 DR7: 00000400 [ 21.718792][ T1] Call Trace: [ 21.719488][ T1] ? dma_fence_chain (drivers/dma-buf/st-dma-fence-chain.c:709) [ 21.720419][ T1] dma_fence_chain (drivers/dma-buf/st-dma-fence-chain.c:709) [ 21.721327][ T1] st_init (drivers/dma-buf/selftest.c:141 drivers/dma-buf/selftest.c:155) [ 21.722117][ T1] ? udmabuf_dev_init (drivers/dma-buf/selftest.c:154) [ 21.723147][ T1] do_one_initcall (init/main.c:1296) [ 21.724108][ T1] do_initcalls (init/main.c:1368 init/main.c:1385) [ 21.725029][ T1] kernel_init_freeable (init/main.c:1615) [ 21.726030][ T1] ? rest_init (init/main.c:1492) [ 21.726907][ T1] kernel_init (init/main.c:1502) [ 21.727732][ T1] ret_from_fork (arch/x86/entry/entry_32.S:770) [ 21.728608][ T1] irq event stamp: 1964001 [ 21.729500][ T1] hardirqs last enabled at (1964011): __up_console_sem (arch/x86/include/asm/irqflags.h:29 (discriminator 1) arch/x86/include/asm/irqflags.h:70 (discriminator 1) arch/x86/include/asm/irqflags.h:130 (discriminator 1) kernel/printk/printk.c:264 (discriminator 1)) [ 21.731230][ T1] hardirqs last disabled at (1964020): __up_console_sem (kernel/printk/printk.c:262 (discriminator 1)) [ 21.735324][ T1] softirqs last enabled at (1963746): __do_softirq (arch/x86/include/asm/preempt.h:27 kernel/softirq.c:415 kernel/softirq.c:600) [ 21.736992][ T1] softirqs last disabled at (1963735): do_softirq_own_stack (arch/x86/kernel/irq_32.c:60 arch/x86/kernel/irq_32.c:150) [ 21.738743][ T1] ---[ end trace 0000000000000000 ]--- [ 21.739776][ T1] dma-buf: Running dma_fence_unwrap The kernel config and materials to reproduce are available at: https://download.01.org/0day-ci/archive/20230913/202309132239.70437559-oliv… -- 0-DAY CI Kernel Test Service https://github.com/intel/lkp-tests/wiki

2 years, 3 months

[PATCH] spi: tegra: Fix missing IRQ check in tegra_slink_probe()

by Zhang Shurong

This func misses checking for platform_get_irq()'s call and may passes the negative error codes to request_irq(), which takes unsigned IRQ #, causing it to fail with -EINVAL, overriding an original error code. Fix this by stop calling request_irq() with invalid IRQ #s. Fixes: dc4dc3605639 ("spi: tegra: add spi driver for SLINK controller") Signed-off-by: Zhang Shurong <zhang_shurong(a)foxmail.com> --- drivers/spi/spi-tegra20-slink.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/drivers/spi/spi-tegra20-slink.c b/drivers/spi/spi-tegra20-slink.c index 4d6db6182c5e..f5cd365c913a 100644 --- a/drivers/spi/spi-tegra20-slink.c +++ b/drivers/spi/spi-tegra20-slink.c @@ -1086,6 +1086,8 @@ static int tegra_slink_probe(struct platform_device *pdev) reset_control_deassert(tspi->rst); spi_irq = platform_get_irq(pdev, 0); + if (spi_irq < 0) + return spi_irq; tspi->irq = spi_irq; ret = request_threaded_irq(tspi->irq, tegra_slink_isr, tegra_slink_isr_thread, IRQF_ONESHOT, -- 2.30.2

2 years, 3 months

Redukcja mocy na wezwanie

by Dawid Jarocki

Dzień dobry, czy jest możliwość, by na pewien czas Państwa zakład produkcyjny mógł zrezygnować z części lub całości zużywanej energii? W zamian za gotowość do redukcji i jej wykonanie mogą otrzymać Państwo stałe wynagrodzenie, które w przeliczeniu na 1 MW redukcji mocy wynosi od 500 do 720 tys. zł w zależności od czasu zdolności do redukcji. Uczestnictwo w programie DSR (Demand Side Response) to dla Państwa brak kosztów implementacji i wzrost bezpieczeństwa energetycznego. Jeśli interesuje Państwa generowanie wieloletnich przychodów z programu DSR, proszę o wiadomość. Pozdrawiam Dawid Jarocki

2 years, 4 months

[PATCH v1 v1 0/7] DRM driver for verisilicon

by Keith Zhao

This patch is a drm driver for Starfive Soc JH7110, I am sending Drm driver part and HDMI driver part. We used GEM framework for buffer management , and for buffer allocation,we use DMA APIs. the Starfive HDMI servers as interface between a LCD Controller and a HDMI bus. A HDMI TX consists of one HDMI transmitter controller and one HDMI transmitter PHY. (Sound support is not include in this patch) This patchset should be applied after the patchset: https://patchwork.kernel.org/project/linux-clk/cover/20230713113902.56519-1… V1: Changes since v1: - Further standardize the yaml file. - Dts naming convention improved. - Fix the problem of compiling and loading ko files. - Use drm new api to automatically manage resources. - Drop struct vs_crtc_funcs&vs_plane_funcs，subdivide the plane's help interface - Reduce the modifiers unused. - Optimize the hdmi driver code Keith Zhao (7): MAINTAINERS: Update starfive maintainers dt-bindings: display: Add yamls for JH7110 display system riscv: dts: starfive: jh7110: add dc controller and hdmi node drm/fourcc: Add drm/vs tiled modifiers drm/vs: Register DRM device drm/vs: Add KMS crtc&plane drm/vs: Add hdmi .../starfive/starfive,display-subsystem.yaml | 41 + .../starfive/starfive,jh7110-dc8200.yaml | 107 + .../starfive/starfive,jh7110-inno-hdmi.yaml | 92 + MAINTAINERS | 7 + .../jh7110-starfive-visionfive-2.dtsi | 87 + arch/riscv/boot/dts/starfive/jh7110.dtsi | 43 + drivers/gpu/drm/Kconfig | 2 + drivers/gpu/drm/Makefile | 1 + drivers/gpu/drm/verisilicon/Kconfig | 25 + drivers/gpu/drm/verisilicon/Makefile | 13 + drivers/gpu/drm/verisilicon/starfive_hdmi.c | 940 ++++++++ drivers/gpu/drm/verisilicon/starfive_hdmi.h | 295 +++ drivers/gpu/drm/verisilicon/vs_crtc.c | 365 +++ drivers/gpu/drm/verisilicon/vs_crtc.h | 54 + drivers/gpu/drm/verisilicon/vs_dc.c | 1036 +++++++++ drivers/gpu/drm/verisilicon/vs_dc.h | 87 + drivers/gpu/drm/verisilicon/vs_dc_hw.c | 2008 +++++++++++++++++ drivers/gpu/drm/verisilicon/vs_dc_hw.h | 496 ++++ drivers/gpu/drm/verisilicon/vs_drv.c | 274 +++ drivers/gpu/drm/verisilicon/vs_drv.h | 54 + drivers/gpu/drm/verisilicon/vs_gem.c | 298 +++ drivers/gpu/drm/verisilicon/vs_gem.h | 50 + drivers/gpu/drm/verisilicon/vs_modeset.c | 92 + drivers/gpu/drm/verisilicon/vs_modeset.h | 13 + drivers/gpu/drm/verisilicon/vs_plane.c | 502 +++++ drivers/gpu/drm/verisilicon/vs_plane.h | 65 + drivers/gpu/drm/verisilicon/vs_type.h | 70 + include/uapi/drm/drm_fourcc.h | 27 + include/uapi/drm/vs_drm.h | 50 + 29 files changed, 7194 insertions(+) create mode 100644 Documentation/devicetree/bindings/display/starfive/starfive,display-subsystem.yaml create mode 100644 Documentation/devicetree/bindings/display/starfive/starfive,jh7110-dc8200.yaml create mode 100644 Documentation/devicetree/bindings/display/starfive/starfive,jh7110-inno-hdmi.yaml create mode 100644 drivers/gpu/drm/verisilicon/Kconfig create mode 100644 drivers/gpu/drm/verisilicon/Makefile create mode 100644 drivers/gpu/drm/verisilicon/starfive_hdmi.c create mode 100644 drivers/gpu/drm/verisilicon/starfive_hdmi.h create mode 100644 drivers/gpu/drm/verisilicon/vs_crtc.c create mode 100644 drivers/gpu/drm/verisilicon/vs_crtc.h create mode 100644 drivers/gpu/drm/verisilicon/vs_dc.c create mode 100644 drivers/gpu/drm/verisilicon/vs_dc.h create mode 100644 drivers/gpu/drm/verisilicon/vs_dc_hw.c create mode 100644 drivers/gpu/drm/verisilicon/vs_dc_hw.h create mode 100644 drivers/gpu/drm/verisilicon/vs_drv.c create mode 100644 drivers/gpu/drm/verisilicon/vs_drv.h create mode 100644 drivers/gpu/drm/verisilicon/vs_gem.c create mode 100644 drivers/gpu/drm/verisilicon/vs_gem.h create mode 100644 drivers/gpu/drm/verisilicon/vs_modeset.c create mode 100644 drivers/gpu/drm/verisilicon/vs_modeset.h create mode 100644 drivers/gpu/drm/verisilicon/vs_plane.c create mode 100644 drivers/gpu/drm/verisilicon/vs_plane.h create mode 100644 drivers/gpu/drm/verisilicon/vs_type.h create mode 100644 include/uapi/drm/vs_drm.h -- 2.34.1

2 years, 4 months

[syzbot] [dri?] WARNING in drm_syncobj_array_find

by syzbot

Hello, syzbot found the following issue on: HEAD commit: 0468be89b3fa Merge tag 'iommu-updates-v6.6' of git://git.k.. git tree: upstream console output: https://syzkaller.appspot.com/x/log.txt?x=13571367a80000 kernel config: https://syzkaller.appspot.com/x/.config?x=39744401c57166fc dashboard link: https://syzkaller.appspot.com/bug?extid=95416f957d84e858b377 compiler: gcc (Debian 12.2.0-14) 12.2.0, GNU ld (GNU Binutils for Debian) 2.40 syz repro: https://syzkaller.appspot.com/x/repro.syz?x=111c39a8680000 C reproducer: https://syzkaller.appspot.com/x/repro.c?x=1267d83fa80000 Downloadable assets: disk image (non-bootable): https://storage.googleapis.com/syzbot-assets/7bc7510fe41f/non_bootable_disk… vmlinux: https://storage.googleapis.com/syzbot-assets/7feba36779de/vmlinux-0468be89.… kernel image: https://storage.googleapis.com/syzbot-assets/b1cdc0506491/bzImage-0468be89.… IMPORTANT: if you fix the issue, please add the following tag to the commit: Reported-by: syzbot+95416f957d84e858b377(a)syzkaller.appspotmail.com ------------[ cut here ]------------ WARNING: CPU: 2 PID: 5141 at mm/page_alloc.c:4415 __alloc_pages+0x3ab/0x4a0 mm/page_alloc.c:4415 Modules linked in: CPU: 2 PID: 5141 Comm: syz-executor127 Not tainted 6.5.0-syzkaller-10885-g0468be89b3fa #0 Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014 RIP: 0010:__alloc_pages+0x3ab/0x4a0 mm/page_alloc.c:4415 Code: ff ff 00 0f 84 2f fe ff ff 80 ce 01 e9 27 fe ff ff 83 fe 0a 0f 86 3a fd ff ff 80 3d c9 37 e6 0c 00 75 09 c6 05 c0 37 e6 0c 01 <0f> 0b 45 31 f6 e9 97 fe ff ff e8 b6 10 9e ff 84 c0 0f 85 8a fe ff RSP: 0018:ffffc900030b7a18 EFLAGS: 00010246 RAX: 0000000000000000 RBX: 0000000000040cc0 RCX: 0000000000000000 RDX: 0000000000000000 RSI: 0000000000000016 RDI: 0000000000040cc0 RBP: 1ffff92000616f44 R08: 0000000000000005 R09: 0000000000000000 R10: 00000000ffffff1f R11: 0000000000000000 R12: 0000000000000016 R13: 0000000000000000 R14: ffffffff84b4e215 R15: ffff888013722000 FS: 00005555555a4380(0000) GS:ffff88806b800000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00000000200001c0 CR3: 000000002accd000 CR4: 0000000000350ee0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: <TASK> __alloc_pages_node include/linux/gfp.h:237 [inline] alloc_pages_node include/linux/gfp.h:260 [inline] __kmalloc_large_node+0x87/0x1c0 mm/slab_common.c:1164 __do_kmalloc_node mm/slab_common.c:1011 [inline] __kmalloc.cold+0xb/0xe0 mm/slab_common.c:1036 kmalloc_array include/linux/slab.h:636 [inline] drm_syncobj_array_find+0x35/0x3c0 drivers/gpu/drm/drm_syncobj.c:1246 drm_syncobj_timeline_signal_ioctl+0x21f/0x860 drivers/gpu/drm/drm_syncobj.c:1533 drm_ioctl_kernel+0x280/0x4c0 drivers/gpu/drm/drm_ioctl.c:789 drm_ioctl+0x5cb/0xbf0 drivers/gpu/drm/drm_ioctl.c:892 vfs_ioctl fs/ioctl.c:51 [inline] __do_sys_ioctl fs/ioctl.c:871 [inline] __se_sys_ioctl fs/ioctl.c:857 [inline] __x64_sys_ioctl+0x18f/0x210 fs/ioctl.c:857 do_syscall_x64 arch/x86/entry/common.c:50 [inline] do_syscall_64+0x38/0xb0 arch/x86/entry/common.c:80 entry_SYSCALL_64_after_hwframe+0x63/0xcd RIP: 0033:0x7ff62d53f129 Code: 48 83 c4 28 c3 e8 37 17 00 00 0f 1f 80 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 RSP: 002b:00007ffe7c669ea8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 RAX: ffffffffffffffda RBX: 00007ffe7c66a078 RCX: 00007ff62d53f129 RDX: 0000000020000500 RSI: 00000000c01864cd RDI: 0000000000000003 RBP: 00007ff62d5b2610 R08: 0023647261632f69 R09: 00007ffe7c66a078 R10: 000000000000001f R11: 0000000000000246 R12: 0000000000000001 R13: 00007ffe7c66a068 R14: 0000000000000001 R15: 0000000000000001 </TASK> --- This report is generated by a bot. It may contain errors. See https://goo.gl/tpsmEJ for more information about syzbot. syzbot engineers can be reached at syzkaller(a)googlegroups.com. syzbot will keep track of this issue. See: https://goo.gl/tpsmEJ#status for how to communicate with syzbot. If the bug is already fixed, let syzbot know by replying with: #syz fix: exact-commit-title If you want syzbot to run the reproducer, reply with: #syz test: git://repo/address.git branch-or-commit-hash If you attach or paste a git patch, syzbot will apply it before testing. If you want to overwrite bug's subsystems, reply with: #syz set subsystems: new-subsystem (See the list of subsystem names on the web dashboard) If the bug is a duplicate of another bug, reply with: #syz dup: exact-subject-of-another-report If you want to undo deduplication, reply with: #syz undup

2 years, 4 months

[PATCH v2 0/2] doc: uapi: Document dma-buf interop design & semantics

by Daniel Stone

Hi all, This is v2 to the linked patch series; thanks to everyone for reviewing the initial version. I've moved this out of a pure DRM scope and into the general userspace-API design section. Hopefully it helps others and answers a bunch of questions. I think it'd be great to have input/links/reflections from other subsystems as well here. Cheers, Daniel

2 years, 4 months

[PATCH v2] dma-buf/sw_sync: Avoid recursive lock during fence signal

by Rob Clark

From: Rob Clark <robdclark(a)chromium.org> If a signal callback releases the sw_sync fence, that will trigger a deadlock as the timeline_fence_release recurses onto the fence->lock (used both for signaling and the the timeline tree). To avoid that, temporarily hold an extra reference to the signalled fences until after we drop the lock. (This is an alternative implementation of https://patchwork.kernel.org/patch/11664717/ which avoids some potential UAF issues with the original patch.) v2: Remove now obsolete comment, use list_move_tail() and list_del_init() Reported-by: Bas Nieuwenhuizen <bas(a)basnieuwenhuizen.nl> Fixes: d3c6dd1fb30d ("dma-buf/sw_sync: Synchronize signal vs syncpt free") Signed-off-by: Rob Clark <robdclark(a)chromium.org> --- drivers/dma-buf/sw_sync.c | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/drivers/dma-buf/sw_sync.c b/drivers/dma-buf/sw_sync.c index 63f0aeb66db6..f0a35277fd84 100644 --- a/drivers/dma-buf/sw_sync.c +++ b/drivers/dma-buf/sw_sync.c @@ -191,6 +191,7 @@ static const struct dma_fence_ops timeline_fence_ops = { */ static void sync_timeline_signal(struct sync_timeline *obj, unsigned int inc) { + LIST_HEAD(signalled); struct sync_pt *pt, *next; trace_sync_timeline(obj); @@ -203,21 +204,20 @@ static void sync_timeline_signal(struct sync_timeline *obj, unsigned int inc) if (!timeline_fence_signaled(&pt->base)) break; - list_del_init(&pt->link); + dma_fence_get(&pt->base); + + list_move_tail(&pt->link, &signalled); rb_erase(&pt->node, &obj->pt_tree); - /* - * A signal callback may release the last reference to this - * fence, causing it to be freed. That operation has to be - * last to avoid a use after free inside this loop, and must - * be after we remove the fence from the timeline in order to - * prevent deadlocking on timeline->lock inside - * timeline_fence_release(). - */ dma_fence_signal_locked(&pt->base); } spin_unlock_irq(&obj->lock); + + list_for_each_entry_safe(pt, next, &signalled, link) { + list_del_init(&pt->link); + dma_fence_put(&pt->base); + } } /** -- 2.41.0

2 years, 4 months

[BUG] KCSAN: data-race in drm_sched_entity_is_ready [gpu_sched] / drm_sched_entity_push_job [gpu_sched]

by Mirsad Todorovac

Hi, This is your friendly bug reporter. The environment is vanilla torvalds tree kernel on Ubuntu 22.04 LTS and a Ryzen 7950X box. Please find attached the complete dmesg output from the ring buffer and lshw output. NOTE: The kernel reports tainted kernel, but to my knowledge there are no proprietary (G) modules, but this taint is turned on by the previous bugs. dmesg excerpt: [ 8791.864576] ================================================================== [ 8791.864648] BUG: KCSAN: data-race in drm_sched_entity_is_ready [gpu_sched] / drm_sched_entity_push_job [gpu_sched] [ 8791.864776] write (marked) to 0xffff9b74491b7c40 of 8 bytes by task 3807 on cpu 18: [ 8791.864788] drm_sched_entity_push_job+0xf4/0x2a0 [gpu_sched] [ 8791.864852] amdgpu_cs_ioctl+0x3888/0x3de0 [amdgpu] [ 8791.868731] drm_ioctl_kernel+0x127/0x210 [drm] [ 8791.869222] drm_ioctl+0x38f/0x6f0 [drm] [ 8791.869711] amdgpu_drm_ioctl+0x7e/0xe0 [amdgpu] [ 8791.873660] __x64_sys_ioctl+0xd2/0x120 [ 8791.873676] do_syscall_64+0x58/0x90 [ 8791.873688] entry_SYSCALL_64_after_hwframe+0x73/0xdd [ 8791.873710] read to 0xffff9b74491b7c40 of 8 bytes by task 1119 on cpu 27: [ 8791.873722] drm_sched_entity_is_ready+0x16/0x50 [gpu_sched] [ 8791.873786] drm_sched_select_entity+0x1c7/0x220 [gpu_sched] [ 8791.873849] drm_sched_main+0xd2/0x500 [gpu_sched] [ 8791.873912] kthread+0x18b/0x1d0 [ 8791.873924] ret_from_fork+0x43/0x70 [ 8791.873939] ret_from_fork_asm+0x1b/0x30 [ 8791.873955] value changed: 0x0000000000000000 -> 0xffff9b750ebcfc00 [ 8791.873971] Reported by Kernel Concurrency Sanitizer on: [ 8791.873980] CPU: 27 PID: 1119 Comm: gfx_0.0.0 Tainted: G L 6.5.0-rc6-net-cfg-kcsan-00038-g16931859a650 #35 [ 8791.873994] Hardware name: ASRock X670E PG Lightning/X670E PG Lightning, BIOS 1.21 04/26/2023 [ 8791.874002] ================================================================== Best regards, Mirsad Todorovac

2 years, 4 months

Jump to page:

2026

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

Linaro-mm-sig