segfault with latest arm64 linux kernel build

Linux SPARSE checker discussions
 help / color / mirror / Atom feed

* segfault with latest arm64 linux kernel build
@ 2026-06-17 13:58 Ben Dooks
  2026-06-17 14:16 ` Ben Dooks
  0 siblings, 1 reply; 4+ messages in thread
From: Ben Dooks @ 2026-06-17 13:58 UTC (permalink / raw)
  To: linux-sparse

I'm getting a fault running the sparse check on current kernel.

   CC [M]  drivers/gpu/drm/msm/msm_gem.o
   CHECK   /home/ben/linux/drivers/gpu/drm/msm/msm_gem.c
Segmentation fault

The base of my tree is, however I have a pile of fixes
on this:

commit 4b99990cdf9560e8a071640baf19f312e6ae02f4 (origin/master, origin/HEAD)
Merge: 9c87e61e3c57 52d4ab1ca790
Author: Linus Torvalds <torvalds@linux-foundation.org>
Date:   Wed Jun 17 10:21:00 2026 +0100

     Merge tag 'drm-next-2026-06-17' of 
https://gitlab.freedesktop.org/drm/kernel


-- 
Ben Dooks				http://www.codethink.co.uk/
Senior Engineer				Codethink - Providing Genius

https://www.codethink.co.uk/privacy.html


^ permalink raw reply	[flat|nested] 4+ messages in thread

* Re: segfault with latest arm64 linux kernel build
  2026-06-17 13:58 segfault with latest arm64 linux kernel build Ben Dooks
@ 2026-06-17 14:16 ` Ben Dooks
  2026-06-17 14:20   ` Ben Dooks
  2026-06-17 14:37   ` Dan Carpenter
  0 siblings, 2 replies; 4+ messages in thread
From: Ben Dooks @ 2026-06-17 14:16 UTC (permalink / raw)
  To: linux-sparse

On 17/06/2026 14:58, Ben Dooks wrote:
> I'm getting a fault running the sparse check on current kernel.
> 
>    CC [M]  drivers/gpu/drm/msm/msm_gem.o
>    CHECK   /home/ben/linux/drivers/gpu/drm/msm/msm_gem.c
> Segmentation fault
> 
> The base of my tree is, however I have a pile of fixes
> on this:
> 
> commit 4b99990cdf9560e8a071640baf19f312e6ae02f4 (origin/master, origin/ 
> HEAD)
> Merge: 9c87e61e3c57 52d4ab1ca790
> Author: Linus Torvalds <torvalds@linux-foundation.org>
> Date:   Wed Jun 17 10:21:00 2026 +0100
> 
>      Merge tag 'drm-next-2026-06-17' of https://gitlab.freedesktop.org/ 
> drm/kernel

I did get a coredump, and the error is at:

> 0  simplify_cgoto (insn=0x7f5fb0ab5240) at simplify.c:2737
> 2737                    if (!target->ep)
> (gdb) 
> (gdb) backtrace
> #0  simplify_cgoto (insn=0x7f5fb0ab5240) at simplify.c:2737
> #1  simplify_instruction (insn=0x7f5fb0ab5240) at simplify.c:2850
> #2  0x0000563adaef4e30 in clean_up_insns (ep=0x7f5fb0b48198) at optimize.c:42
> #3  optimize (ep=ep@entry=0x7f5fb0b48198) at optimize.c:98
> #4  0x0000563adaef49ae in linearize_fn (sym=0x2, base_type=<optimized out>) at linearize.c:2577
> #5  linearize_symbol (sym=sym@entry=0x7f5fa9cc1b30) at linearize.c:2593
> #6  0x0000563adaee7c2a in check_symbols (list=<optimized out>) at sparse.c:306
> #7  0x0000563adaee779d in main (argc=<optimized out>, argv=<optimized out>) at sparse.c:332


Not had time to go look into this further

-- 
Ben Dooks				http://www.codethink.co.uk/
Senior Engineer				Codethink - Providing Genius

https://www.codethink.co.uk/privacy.html

^ permalink raw reply	[flat|nested] 4+ messages in thread

* Re: segfault with latest arm64 linux kernel build
  2026-06-17 14:16 ` Ben Dooks
@ 2026-06-17 14:20   ` Ben Dooks
  2026-06-17 14:37   ` Dan Carpenter
  1 sibling, 0 replies; 4+ messages in thread
From: Ben Dooks @ 2026-06-17 14:20 UTC (permalink / raw)
  To: linux-sparse

On 17/06/2026 15:16, Ben Dooks wrote:
> On 17/06/2026 14:58, Ben Dooks wrote:
>> I'm getting a fault running the sparse check on current kernel.
>>
>>    CC [M]  drivers/gpu/drm/msm/msm_gem.o
>>    CHECK   /home/ben/linux/drivers/gpu/drm/msm/msm_gem.c
>> Segmentation fault
>>
>> The base of my tree is, however I have a pile of fixes
>> on this:
>>
>> commit 4b99990cdf9560e8a071640baf19f312e6ae02f4 (origin/master, 
>> origin/ HEAD)
>> Merge: 9c87e61e3c57 52d4ab1ca790
>> Author: Linus Torvalds <torvalds@linux-foundation.org>
>> Date:   Wed Jun 17 10:21:00 2026 +0100
>>
>>      Merge tag 'drm-next-2026-06-17' of https:// 
>> gitlab.freedesktop.org/ drm/kernel
> 
> I did get a coredump, and the error is at:
> 
>> 0  simplify_cgoto (insn=0x7f5fb0ab5240) at simplify.c:2737
>> 2737                    if (!target->ep)
>> (gdb) (gdb) backtrace
>> #0  simplify_cgoto (insn=0x7f5fb0ab5240) at simplify.c:2737
>> #1  simplify_instruction (insn=0x7f5fb0ab5240) at simplify.c:2850
>> #2  0x0000563adaef4e30 in clean_up_insns (ep=0x7f5fb0b48198) at 
>> optimize.c:42
>> #3  optimize (ep=ep@entry=0x7f5fb0b48198) at optimize.c:98
>> #4  0x0000563adaef49ae in linearize_fn (sym=0x2, base_type=<optimized 
>> out>) at linearize.c:2577
>> #5  linearize_symbol (sym=sym@entry=0x7f5fa9cc1b30) at linearize.c:2593
>> #6  0x0000563adaee7c2a in check_symbols (list=<optimized out>) at 
>> sparse.c:306
>> #7  0x0000563adaee779d in main (argc=<optimized out>, argv=<optimized 
>> out>) at sparse.c:332
> 
> 
> Not had time to go look into this further

my workaround/fix is:

diff --git a/simplify.c b/simplify.c
index 68c5f9c7..20f5cfc2 100644
--- a/simplify.c
+++ b/simplify.c
@@ -2734,6 +2734,8 @@ static int simplify_cgoto(struct instruction *insn)
                 break;
         case OP_LABEL:
                 target = def->bb_true;
+               if (!target)
+                       return 0;
                 if (!target->ep)
                         return 0;
                 FOR_EACH_PTR(insn->multijmp_list, jmp) {



-- 
Ben Dooks				http://www.codethink.co.uk/
Senior Engineer				Codethink - Providing Genius

https://www.codethink.co.uk/privacy.html

^ permalink raw reply related	[flat|nested] 4+ messages in thread

* Re: segfault with latest arm64 linux kernel build
  2026-06-17 14:16 ` Ben Dooks
  2026-06-17 14:20   ` Ben Dooks
@ 2026-06-17 14:37   ` Dan Carpenter
  1 sibling, 0 replies; 4+ messages in thread
From: Dan Carpenter @ 2026-06-17 14:37 UTC (permalink / raw)
  To: Ben Dooks; +Cc: linux-sparse

There is a NULL dereference parsing a goto.

The got is in the msm_gem_lock_vm_and_obj() function when it calls
the drm_exec_retry_on_contention(exec) macro.

The pre-processed code looks something like this:

__UNIQUE_ID_drm_exec_1299:
	for (void *const __attribute__((__unused__)) __drm_exec_retry_ptr = &&__UNIQUE_ID_drm_exec_1299;
		drm_exec_cleanup(exec);) {
...
		if (drm_exec_is_contended(exec))
			goto *__drm_exec_retry_ptr;

Adding a NULL check fixes the crash but that might not be the
right way to actually fix it.

---
 simplify.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/simplify.c b/simplify.c
index 68c5f9c74021..897fc827dc98 100644
--- a/simplify.c
+++ b/simplify.c
@@ -2734,7 +2734,7 @@ static int simplify_cgoto(struct instruction *insn)
 		break;
 	case OP_LABEL:
 		target = def->bb_true;
-		if (!target->ep)
+		if (!target || !target->ep)
 			return 0;
 		FOR_EACH_PTR(insn->multijmp_list, jmp) {
 			if (jmp->target == target)
-- 
2.53.0


^ permalink raw reply related	[flat|nested] 4+ messages in thread

end of thread, other threads:[~2026-06-17 14:37 UTC | newest]

Thread overview: 4+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2026-06-17 13:58 segfault with latest arm64 linux kernel build Ben Dooks
2026-06-17 14:16 ` Ben Dooks
2026-06-17 14:20   ` Ben Dooks
2026-06-17 14:37   ` Dan Carpenter

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox