From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mail-pl1-f177.google.com (mail-pl1-f177.google.com [209.85.214.177]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id B453738D for ; Fri, 12 Dec 2025 06:47:53 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.214.177 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1765522076; cv=none; b=dytfQYvh39H7gHJ/BHEBdFeDaF75uxBeA2CrDyw+kcnxHoKk9PCzU4/XLR/h29nsAsJlwCluKl3uh/hgAjJqe0gzrBItotWmkQ07kuqRooSY/T5sXHcU4MyJx2wyq0gffZjvGY22bb59rF3NvrrGZ9a2pP8FM8FIE8kS45OxxqU= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1765522076; c=relaxed/simple; bh=mNPA0Zx5zJE0V5Ykx1kA3xRkPTgv1I96Rf9Qm9t4HXE=; h=Date:From:To:Cc:Subject:Message-ID:References:MIME-Version: Content-Type:Content-Disposition:In-Reply-To; b=hbq/DuRFtMYxMmGuI6YUjmRziLfT3CTqO/AYrlu1AdyB/mtl2eC2o12cEz9XMYffBSS+OYFr/IHmtoHz8nhwYgM9ozhTYGjt7mdvncdiCQBq5vaMscaKyWQ7WDl8C/1W9eziBwzNT8lCClkk8TersJikc4+yWiCJAT1BdH/70ys= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=ziepe.ca; spf=pass smtp.mailfrom=ziepe.ca; dkim=pass (2048-bit key) header.d=ziepe.ca header.i=@ziepe.ca header.b=GygmOREw; arc=none smtp.client-ip=209.85.214.177 Authentication-Results: smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=ziepe.ca Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=ziepe.ca Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=ziepe.ca header.i=@ziepe.ca header.b="GygmOREw" Received: by mail-pl1-f177.google.com with SMTP id d9443c01a7336-29f1bc40b35so7908285ad.2 for ; Thu, 11 Dec 2025 22:47:53 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ziepe.ca; s=google; t=1765522073; x=1766126873; darn=vger.kernel.org; h=in-reply-to:content-disposition:mime-version:references:message-id :subject:cc:to:from:date:from:to:cc:subject:date:message-id:reply-to; bh=V5UD+94K8SuhUoDTS3W7Fu40Oz07pgrXuttNFn52ITY=; b=GygmOREwkIoFkQoz+e1ILCxaMk3UFOae7AqrIdPs1Q1WM0LlhafKkhM69FIMuZqb35 8EFl5jck18ibJC7WO0yCaJullKDRrCDIBInPBuuriFINKilK5aTot9ax/53sDuSlXfE5 cpr35gkgsDXBpTNbsRTbcb83FpKgdqN/qg6f9GmNR5GQ2Tx34YhYRNtIVWFSHKxE0qyD QQzCqrYG+8pa2yfFQOZQjp/z95GEKN54jtcItNxNDr9QC5FBwGq0RaOEY6s2zsf5gQYd qB4euJ8H2taLBlfzGpW0qii7rnvS+8EY2T++UzcGNx4AbtyUUlLDVd/pPWWdszDu8nzj u1iQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1765522073; x=1766126873; h=in-reply-to:content-disposition:mime-version:references:message-id :subject:cc:to:from:date:x-gm-gg:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=V5UD+94K8SuhUoDTS3W7Fu40Oz07pgrXuttNFn52ITY=; b=CdL5R5jXRsTiWBbMmKDOJjxgU9iwdedQXdX6rRXg9CYRPs5DFI+wEgsFIFANRKm3m+ uy/eMobgNF3FP+atk9hoVbe4DHLWTwDvgTFppDyYm/98dJSLuPGuOdsr3Ll8FwTukSVI zmedt4iuU9w30yQ/YPlovHvBQUbpO5OFLfPTvvk0siEnSAA4TcGfsBZbkOi/Gj1b8FY6 h6nPYrAlZm7SRUYII47KU6S/T60aAl6+2UOXMlZnjhtBZPms1uwLisA7Qd7S/rYJIsk2 OyVCZdV9s1XekdVBvV4QdpaYYjuZcrX7kREqQncpwRtBVGMtHIVY7jKyZn6E2OGUfbCM 51Ow== X-Forwarded-Encrypted: i=1; AJvYcCX5Zf+DYdnpnyckONbQthjN6RRdnoOwL55jxfBBsIysJT2jLCZEK2jf+k0JX0RRF/XvmHd9Xi2Amf8WdDk=@vger.kernel.org X-Gm-Message-State: AOJu0YyrEQmS8NjXK2hgfCH3ARLcJrzH++cpvvjU6ZPg3YJm8O6fsxjU HbbtL7HGbOFOzfW6YSNqCg2KPYxMIzUJHi96CEbBCZOiXYVo6mrv7KPhJErfmDF7Xbs= X-Gm-Gg: AY/fxX7hLkEhsD29QNYW5OXHfCFM2EbOcq7VhEO2FaXlejCb3cy2y5DVQV6dBvH3V5h S7tTVFEAf5u+zvwLblicGYc+UjXtvKK63bxidcjcBQOJbcM02FnhfFs8Lu7sDmQVTYXnxUuUu+4 b05gCGeqz4GK080p6+mIyTMLpQ+5CyLVe7aXWBi/rVXRX0maS2fT5kBpaEmXZaEglBlLSsMWXng D3fGmA61+5xX+vqYTb0ZVdhce1Uek+X5prdIztREJtB/9thhI1QtC7CeiYjCCdl7CdS26bmb3qc oW/voc+R6R03iUF9Us/yC9OQwG69ZH4ehIZoKC20vsdSeNX3fIClYCtD278OFHVEUcCEXI2cJee QxleCidNx6O5y+v1CC/XMU8mM9vqqih0ZvoCIwRNKjeLJeRcxe8E0mvlEIuni9Zh68VSf6bPEoR JyKXcuM510 X-Google-Smtp-Source: AGHT+IEDr6x5lMmk7yRCk1YDxnVVbrQsihBGYKGVmuDQ6uZLA//CTjlQltsGGHAq349t4npQd0rTbA== X-Received: by 2002:a17:903:1d2:b0:264:70da:7a3b with SMTP id d9443c01a7336-29f23ccc747mr14213565ad.49.1765522073078; Thu, 11 Dec 2025 22:47:53 -0800 (PST) Received: from ziepe.ca (p99249-ipoefx.ipoe.ocn.ne.jp. [153.246.134.248]) by smtp.gmail.com with ESMTPSA id d9443c01a7336-29ee9b36a8csm43227715ad.1.2025.12.11.22.47.52 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 11 Dec 2025 22:47:52 -0800 (PST) Received: from jgg by jggl with local (Exim 4.95) (envelope-from ) id 1vTwwP-00025a-GH; Fri, 12 Dec 2025 02:47:49 -0400 Date: Fri, 12 Dec 2025 02:47:49 -0400 From: Jason Gunthorpe To: Will Deacon Cc: syzbot , iommu@lists.linux.dev, joro@8bytes.org, linux-kernel@vger.kernel.org, robin.murphy@arm.com, syzkaller-bugs@googlegroups.com Subject: Re: [syzbot] [iommu?] kernel BUG in iommu_pages_start_incoherent Message-ID: References: <693a39de.050a0220.4004e.02ce.GAE@google.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: On Thu, Dec 11, 2025 at 04:36:46PM +0900, Will Deacon wrote: > > kernel BUG at arch/x86/mm/physaddr.c:28! > > Oops: invalid opcode: 0000 [#1] SMP KASAN NOPTI > > CPU: 0 UID: 0 PID: 5336 Comm: syz.0.0 Not tainted syzkaller #0 PREEMPT(full) > > Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 > > RIP: 0010:__phys_addr+0x16b/0x180 arch/x86/mm/physaddr.c:28 > > Code: 8b b3 00 e9 45 ff ff ff e8 b2 af 4b 00 48 c7 c7 f0 33 fb 8d 48 89 de 4c 89 f2 e8 50 c0 52 03 e9 4d ff ff ff e8 96 af 4b 00 90 <0f> 0b e8 8e af 4b 00 90 0f 0b e8 86 af 4b 00 90 0f 0b 0f 1f 00 90 > > RSP: 0018:ffffc9000aae5f80 EFLAGS: 00010093 > > RAX: ffffffff817610fa RBX: 0000778000000000 RCX: ffff8880007ca4c0 > > RDX: 0000000000000000 RSI: 0000000080000000 RDI: 0000778000000000 > > RBP: ffffc9000aae6130 R08: ffffffff8e26c433 R09: 1ffffffff1c4d886 > > R10: dffffc0000000000 R11: fffffbfff1c4d887 R12: 0000000000000011 > > R13: dffffc0000000000 R14: 0000000080000000 R15: dffffc0000000000 > > FS: 00007fae02b026c0(0000) GS:ffff88808d23e000(0000) knlGS:0000000000000000 > > CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 > > CR2: 00007fae01d2dea0 CR3: 000000000b669000 CR4: 0000000000352ef0 > > Call Trace: > > > > virt_to_folio include/linux/mm.h:1432 [inline] > > virt_to_ioptdesc drivers/iommu/iommu-pages.h:49 [inline] > > iommu_pages_start_incoherent+0x52/0x310 drivers/iommu/iommu-pages.c:148 > > _table_alloc drivers/iommu/generic_pt/iommu_pt.h:377 [inline] > > table_alloc drivers/iommu/generic_pt/iommu_pt.h:408 [inline] I think it is: +++ b/drivers/iommu/generic_pt/iommu_pt.h @@ -372,7 +372,7 @@ static inline struct pt_table_p *_table_alloc(struct pt_common *common, table_mem = iommu_alloc_pages_node_sz(iommu_table->nid, gfp, log2_to_int(lg2sz)); - if (pt_feature(common, PT_FEAT_DMA_INCOHERENT) && + if (pt_feature(common, PT_FEAT_DMA_INCOHERENT) && table_mem && mode == ALLOC_NORMAL) { int ret = iommu_pages_start_incoherent( table_mem, iommu_table->iommu_device); Fault injection triggered an allocation failure while emulating a VT-d iommu that uses cache flushing.. I will send a fix when I'm able. Jason