Re: [syzbot] [iommu?] WARNING in pt_iommu_amdv1_init

[Pranjal Shrivastava <praan@google.com>]

On Wed, Mar 25, 2026 at 05:19:51AM +0000, Ankit Soni wrote:
> On Tue, Mar 24, 2026 at 02:37:41PM +0000, Pranjal Shrivastava wrote:
> > On Mon, Mar 23, 2026 at 05:04:27PM -0700, syzbot wrote:
> > > Hello,
> > > 
> > > syzbot found the following issue on:
> > > 
> > > HEAD commit:    0e4f8f1a3d08 Merge tag 'parisc-for-7.0-rc5' of git://git.k..
> > > git tree:       upstream
> > > console output: https://syzkaller.appspot.com/x/log.txt?x=176df352580000
> > > kernel config:  https://syzkaller.appspot.com/x/.config?x=5a3e5e8c17cc174e
> > > dashboard link: https://syzkaller.appspot.com/bug?extid=453eb7add07c3767adab
> > > compiler:       gcc (Debian 14.2.0-19) 14.2.0, GNU ld (GNU Binutils for Debian) 2.44
> > > 
> > > Unfortunately, I don't have any reproducer for this issue yet.
> > > 
> > > Downloadable assets:
> > > disk image (non-bootable): https://storage.googleapis.com/syzbot-assets/d900f083ada3/non_bootable_disk-0e4f8f1a.raw.xz
> > > vmlinux: https://storage.googleapis.com/syzbot-assets/838ecdb7b55f/vmlinux-0e4f8f1a.xz
> > > kernel image: https://storage.googleapis.com/syzbot-assets/3742378914db/bzImage-0e4f8f1a.xz
> > > 
> > > IMPORTANT: if you fix the issue, please add the following tag to the commit:
> > > Reported-by: syzbot+453eb7add07c3767adab@syzkaller.appspotmail.com
> > > 
> > > iommufd_mock iommufd_mock1: Adding to iommu group 10
> > > ------------[ cut here ]------------
> > > !iommu_table->driver_ops || !iommu_table->driver_ops->change_top || !iommu_table->driver_ops->get_top_lock
> > > WARNING: drivers/iommu/generic_pt/fmt/../iommu_pt.h:1249 at pt_iommu_amdv1_init+0xa10/0xb20 drivers/iommu/generic_pt/iommu_pt.h:1249, CPU#1: syz.0.1303/9714
> > > Modules linked in:
> > > CPU: 1 UID: 0 PID: 9714 Comm: syz.0.1303 Tainted: G             L      syzkaller #0 PREEMPT(full) 
> > > Tainted: [L]=SOFTLOCKUP
> > > Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
> > > RIP: 0010:pt_iommu_amdv1_init+0xa10/0xb20 drivers/iommu/generic_pt/iommu_pt.h:1249
> > > Code: e8 95 a4 e7 fc e9 aa f6 ff ff e8 db 18 7b fc 89 ab 94 00 00 00 e9 15 ff ff ff e8 cb 18 7b fc e9 e4 fd ff ff e8 c1 18 7b fc 90 <0f> 0b 90 e9 19 ff ff ff bd a1 ff ff ff e9 cc fd ff ff 4c 89 cf 4c
> > > RSP: 0018:ffffc90003747a68 EFLAGS: 00010287
> > > RAX: 00000000000007ee RBX: ffff88802bb03500 RCX: ffffc9000407a000
> > > RDX: 0000000000080000 RSI: ffffffff858db73f RDI: ffff888026f94980
> > > RBP: 0000000000000000 R08: 0000000000000001 R09: 0000000000000000
> > > R10: 0000000000000034 R11: 0000000000000000 R12: 0000000000000034
> > > R13: 0000000000000040 R14: 0000000000000000 R15: 0000000000000034
> > > FS:  00007f29a60136c0(0000) GS:ffff8880d6442000(0000) knlGS:0000000000000000
> > > CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
> > > CR2: 000000110c3f39c7 CR3: 000000003d1d7000 CR4: 0000000000352ef0
> > > Call Trace:
> > >  <TASK>
> > >  mock_domain_alloc_pgtable drivers/iommu/iommufd/selftest.c:491 [inline]
> > >  mock_domain_alloc_paging_flags+0x29b/0x680 drivers/iommu/iommufd/selftest.c:548
> > >  iommufd_hwpt_paging_alloc+0x393/0xb20 drivers/iommu/iommufd/hw_pagetable.c:149
> > >  iommufd_hwpt_alloc+0xb46/0x1af0 drivers/iommu/iommufd/hw_pagetable.c:369
> > >  iommufd_fops_ioctl+0x358/0x520 drivers/iommu/iommufd/main.c:533
> > >  vfs_ioctl fs/ioctl.c:51 [inline]
> > >  __do_sys_ioctl fs/ioctl.c:597 [inline]
> > >  __se_sys_ioctl fs/ioctl.c:583 [inline]
> > >  __x64_sys_ioctl+0x18e/0x210 fs/ioctl.c:583
> > >  do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
> > >  do_syscall_64+0x106/0xf80 arch/x86/entry/syscall_64.c:94
> > >  entry_SYSCALL_64_after_hwframe+0x77/0x7f
> > > RIP: 0033:0x7f29a519c799
> > > Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
> > > RSP: 002b:00007f29a6013028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
> > > RAX: ffffffffffffffda RBX: 00007f29a5415fa0 RCX: 00007f29a519c799
> > > RDX: 0000200000000200 RSI: 0000000000003b89 RDI: 0000000000000009
> > > RBP: 00007f29a5232c99 R08: 0000000000000000 R09: 0000000000000000
> > > R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
> > > R13: 00007f29a5416038 R14: 00007f29a5415fa0 R15: 00007ffedd2b95c8
> > >  </TASK>
> > > 
> > > 
> > 
> > I believe this is because we don't populate struct pt_iommu_driver_ops
> > for the "mock" iommu / selftest? Would defining mock ops help fix this?
> > 
> > I have a patch that seems to fix the WARN_ON:
> > 
> > diff --git a/drivers/iommu/iommufd/selftest.c b/drivers/iommu/iommufd/selftest.c
> > index 9607416f8069..1599eb737d2a 100644
> > --- a/drivers/iommu/iommufd/selftest.c
> > +++ b/drivers/iommu/iommufd/selftest.c
> > @@ -119,6 +119,7 @@ struct mock_iommu_domain {
> >  		struct pt_iommu_amdv1 amdv1;
> >  	};
> >  	unsigned long flags;
> > +	spinlock_t lock;
> 
> May be top_lock for consistency with kunit?
> Otherwise looks good to me.
> 
> -Ankit
> 

Ack. Sure, I'll send out a patch. Thanks!

Thanks,
Praan