- Linux-stable-mirror - lists.linaro.org

[merged mm-hotfixes-stable] crash-fix-crashkernel-resource-shrink.patch removed from -mm tree

by Andrew Morton

The quilt patch titled Subject: crash: fix crashkernel resource shrink has been removed from the -mm tree. Its filename was crash-fix-crashkernel-resource-shrink.patch This patch was dropped because it was merged into the mm-hotfixes-stable branch of git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm ------------------------------------------------------ From: Sourabh Jain <sourabhjain(a)linux.ibm.com> Subject: crash: fix crashkernel resource shrink Date: Sun, 2 Nov 2025 01:07:41 +0530 When crashkernel is configured with a high reservation, shrinking its value below the low crashkernel reservation causes two issues: 1. Invalid crashkernel resource objects 2. Kernel crash if crashkernel shrinking is done twice For example, with crashkernel=200M,high, the kernel reserves 200MB of high memory and some default low memory (say 256MB). The reservation appears as: cat /proc/iomem | grep -i crash af000000-beffffff : Crash kernel 433000000-43f7fffff : Crash kernel If crashkernel is then shrunk to 50MB (echo 52428800 > /sys/kernel/kexec_crash_size), /proc/iomem still shows 256MB reserved: af000000-beffffff : Crash kernel Instead, it should show 50MB: af000000-b21fffff : Crash kernel Further shrinking crashkernel to 40MB causes a kernel crash with the following trace (x86): BUG: kernel NULL pointer dereference, address: 0000000000000038 PGD 0 P4D 0 Oops: 0000 [#1] PREEMPT SMP NOPTI <snip...> Call Trace: <TASK> ? __die_body.cold+0x19/0x27 ? page_fault_oops+0x15a/0x2f0 ? search_module_extables+0x19/0x60 ? search_bpf_extables+0x5f/0x80 ? exc_page_fault+0x7e/0x180 ? asm_exc_page_fault+0x26/0x30 ? __release_resource+0xd/0xb0 release_resource+0x26/0x40 __crash_shrink_memory+0xe5/0x110 crash_shrink_memory+0x12a/0x190 kexec_crash_size_store+0x41/0x80 kernfs_fop_write_iter+0x141/0x1f0 vfs_write+0x294/0x460 ksys_write+0x6d/0xf0 <snip...> This happens because __crash_shrink_memory()/kernel/crash_core.c incorrectly updates the crashk_res resource object even when crashk_low_res should be updated. Fix this by ensuring the correct crashkernel resource object is updated when shrinking crashkernel memory. Link: https://lkml.kernel.org/r/20251101193741.289252-1-sourabhjain@linux.ibm.com Fixes: 16c6006af4d4 ("kexec: enable kexec_crash_size to support two crash kernel regions") Signed-off-by: Sourabh Jain <sourabhjain(a)linux.ibm.com> Acked-by: Baoquan He <bhe(a)redhat.com> Cc: Zhen Lei <thunder.leizhen(a)huawei.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- kernel/crash_core.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) --- a/kernel/crash_core.c~crash-fix-crashkernel-resource-shrink +++ a/kernel/crash_core.c @@ -373,7 +373,7 @@ static int __crash_shrink_memory(struct old_res->start = 0; old_res->end = 0; } else { - crashk_res.end = ram_res->start - 1; + old_res->end = ram_res->start - 1; } crash_free_reserved_phys_range(ram_res->start, ram_res->end); _ Patches currently in -mm which might be from sourabhjain(a)linux.ibm.com are

4 days, 9 hours

1
0
0 0

[PATCH v2] ksmbd: vfs_cache: avoid integer overflow in inode_hash()

by Qianchang Zhao

inode_hash() currently mixes a hash value with the super_block pointer using an unbounded multiplication: tmp = (hashval * (unsigned long)sb) ^ (GOLDEN_RATIO_PRIME + hashval) / L1_CACHE_BYTES; On 64-bit kernels this multiplication can overflow and wrap in unsigned long arithmetic. While this is not a memory-safety issue, it is an unbounded integer operation and weakens the mixing properties of the hash. Replace the pointer*hash multiply with hash_long() over a mixed value (hashval ^ (unsigned long)sb) and keep the existing shift/mask. This removes the overflow source and reuses the standard hash helper already used in other kernel code. This is an integer wraparound / robustness issue (CWE-190/CWE-407), not a memory-safety bug. Reported-by: Qianchang Zhao <pioooooooooip(a)gmail.com> Reported-by: Zhitong Liu <liuzhitong1993(a)gmail.com> Cc: stable(a)vger.kernel.org Signed-off-by: Qianchang Zhao <pioooooooooip(a)gmail.com> --- fs/smb/server/vfs_cache.c | 9 +++------ 1 file changed, 3 insertions(+), 6 deletions(-) diff --git a/fs/smb/server/vfs_cache.c b/fs/smb/server/vfs_cache.c index dfed6fce8..a62ea5aae 100644 --- a/fs/smb/server/vfs_cache.c +++ b/fs/smb/server/vfs_cache.c @@ -10,6 +10,7 @@ #include <linux/vmalloc.h> #include <linux/kthread.h> #include <linux/freezer.h> +#include <linux/hash.h> #include "glob.h" #include "vfs_cache.h" @@ -65,12 +66,8 @@ static void fd_limit_close(void) static unsigned long inode_hash(struct super_block *sb, unsigned long hashval) { - unsigned long tmp; - - tmp = (hashval * (unsigned long)sb) ^ (GOLDEN_RATIO_PRIME + hashval) / - L1_CACHE_BYTES; - tmp = tmp ^ ((tmp ^ GOLDEN_RATIO_PRIME) >> inode_hash_shift); - return tmp & inode_hash_mask; + unsigned long mixed = hashval ^ (unsigned long)sb; + return hash_long(mixed, inode_hash_shift) & inode_hash_mask; } static struct ksmbd_inode *__ksmbd_inode_lookup(struct dentry *de) -- 2.34.1

4 days, 11 hours

2
1
0 0

⚡DUOONE OLED SPAN/FOLD Is LIVE — Super Early Bird Deals Are Running Fast!

by InnLead Innovative

4 days, 13 hours

1
0
0 0

[PATCH] ARM: dts: microchip: sama5d2: fix spi flexcom fifo size to 32

by nicolas.ferre＠microchip.com

From: Nicolas Ferre <nicolas.ferre(a)microchip.com> Unlike standalone spi peripherals, on sama5d2, the flexcom spi have fifo size of 32 data. Fix flexcom/spi nodes where this property is wrong. Fixes: 6b9a3584c7ed ("ARM: dts: at91: sama5d2: Add missing flexcom definitions") Cc: <stable(a)vger.kernel.org> # 5.8+ Signed-off-by: Nicolas Ferre <nicolas.ferre(a)microchip.com> --- arch/arm/boot/dts/microchip/sama5d2.dtsi | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/arch/arm/boot/dts/microchip/sama5d2.dtsi b/arch/arm/boot/dts/microchip/sama5d2.dtsi index 17430d7f2055..fde890f18d20 100644 --- a/arch/arm/boot/dts/microchip/sama5d2.dtsi +++ b/arch/arm/boot/dts/microchip/sama5d2.dtsi @@ -571,7 +571,7 @@ AT91_XDMAC_DT_PERID(11))>, AT91_XDMAC_DT_PER_IF(1) | AT91_XDMAC_DT_PERID(12))>; dma-names = "tx", "rx"; - atmel,fifo-size = <16>; + atmel,fifo-size = <32>; status = "disabled"; }; @@ -642,7 +642,7 @@ AT91_XDMAC_DT_PERID(13))>, AT91_XDMAC_DT_PER_IF(1) | AT91_XDMAC_DT_PERID(14))>; dma-names = "tx", "rx"; - atmel,fifo-size = <16>; + atmel,fifo-size = <32>; status = "disabled"; }; @@ -854,7 +854,7 @@ AT91_XDMAC_DT_PERID(15))>, AT91_XDMAC_DT_PER_IF(1) | AT91_XDMAC_DT_PERID(16))>; dma-names = "tx", "rx"; - atmel,fifo-size = <16>; + atmel,fifo-size = <32>; status = "disabled"; }; @@ -925,7 +925,7 @@ AT91_XDMAC_DT_PERID(17))>, AT91_XDMAC_DT_PER_IF(1) | AT91_XDMAC_DT_PERID(18))>; dma-names = "tx", "rx"; - atmel,fifo-size = <16>; + atmel,fifo-size = <32>; status = "disabled"; }; @@ -997,7 +997,7 @@ AT91_XDMAC_DT_PERID(19))>, AT91_XDMAC_DT_PER_IF(1) | AT91_XDMAC_DT_PERID(20))>; dma-names = "tx", "rx"; - atmel,fifo-size = <16>; + atmel,fifo-size = <32>; status = "disabled"; }; -- 2.43.0

4 days, 14 hours

2
1
0 0

Re: Request to backport data corruption fix to stable

by Steve French

Sasha, Also wanted to make sure stable gets this patch from David Howells that fixes a regression that was mentioned in some of the same email threads. It fixes an important stable regression in cifs_readv when cache=none. Bharath has also reviewed and tested it with 6.6 stable. See attached. On Fri, Nov 14, 2025 at 9:00 AM Sasha Levin <sashal(a)kernel.org> wrote: > > On Fri, Nov 14, 2025 at 04:42:57PM +0530, Shyam Prasad N wrote: > >Hi Greg/Sasha, > > > >Over the last few months, a few users have reported a data corruption > >with Linux SMB kernel client filesystem. This is one such report: > >https://lore.kernel.org/linux-cifs/36fb31bf2c854cdc930a3415f5551dcd@izw-ber… > > > >The issue is now well understood. Attached is a fix for this issue. > >I've made sure that the fix is stopping the data corruption and also > >not regressing other write patterns. > > > >The regression seems to have been introduced during a refactoring of > >this code path during the v6.3 and continued to exist till v6.9, > >before the code was refactored again with netfs helper library > >integration in v6.10. > > > >I request you to include this change in all stable trees for > >v6.3..v6.9. I've done my testing on stable-6.6. Please let me know if > >you want this tested on any other kernels. > > I'll queue it up for 6.6, thanks! > > -- > Thanks, > Sasha -- Thanks, Steve

4 days, 14 hours

2
1
0 0

[PATCH] Bluetooth: btusb: Add one more ID 0x13d3:0x3612 for Realtek 8852CE

by Levi Zim via B4 Relay

From: Levi Zim <rsworktech(a)outlook.com> Devices with ID 13d3:3612 are found in ASUS TUF Gaming A16 (2025) and ASUS TX Gaming FA608FM. The corresponding device info from /sys/kernel/debug/usb/devices is T: Bus=03 Lev=02 Prnt=03 Port=02 Cnt=02 Dev#= 6 Spd=12 MxCh= 0 D: Ver= 1.00 Cls=e0(wlcon) Sub=01 Prot=01 MxPS=64 #Cfgs= 1 P: Vendor=13d3 ProdID=3612 Rev= 0.00 S: Manufacturer=Realtek S: Product=Bluetooth Radio C:* #Ifs= 2 Cfg#= 1 Atr=e0 MxPwr=500mA I:* If#= 0 Alt= 0 #EPs= 3 Cls=e0(wlcon) Sub=01 Prot=01 Driver=btusb E: Ad=81(I) Atr=03(Int.) MxPS= 16 Ivl=1ms E: Ad=02(O) Atr=02(Bulk) MxPS= 64 Ivl=0ms E: Ad=82(I) Atr=02(Bulk) MxPS= 64 Ivl=0ms I:* If#= 1 Alt= 0 #EPs= 2 Cls=e0(wlcon) Sub=01 Prot=01 Driver=btusb E: Ad=03(O) Atr=01(Isoc) MxPS= 0 Ivl=1ms E: Ad=83(I) Atr=01(Isoc) MxPS= 0 Ivl=1ms I: If#= 1 Alt= 1 #EPs= 2 Cls=e0(wlcon) Sub=01 Prot=01 Driver=btusb E: Ad=03(O) Atr=01(Isoc) MxPS= 9 Ivl=1ms E: Ad=83(I) Atr=01(Isoc) MxPS= 9 Ivl=1ms I: If#= 1 Alt= 2 #EPs= 2 Cls=e0(wlcon) Sub=01 Prot=01 Driver=btusb E: Ad=03(O) Atr=01(Isoc) MxPS= 17 Ivl=1ms E: Ad=83(I) Atr=01(Isoc) MxPS= 17 Ivl=1ms I: If#= 1 Alt= 3 #EPs= 2 Cls=e0(wlcon) Sub=01 Prot=01 Driver=btusb E: Ad=03(O) Atr=01(Isoc) MxPS= 25 Ivl=1ms E: Ad=83(I) Atr=01(Isoc) MxPS= 25 Ivl=1ms I: If#= 1 Alt= 4 #EPs= 2 Cls=e0(wlcon) Sub=01 Prot=01 Driver=btusb E: Ad=03(O) Atr=01(Isoc) MxPS= 33 Ivl=1ms E: Ad=83(I) Atr=01(Isoc) MxPS= 33 Ivl=1ms I: If#= 1 Alt= 5 #EPs= 2 Cls=e0(wlcon) Sub=01 Prot=01 Driver=btusb E: Ad=03(O) Atr=01(Isoc) MxPS= 49 Ivl=1ms E: Ad=83(I) Atr=01(Isoc) MxPS= 49 Ivl=1ms I: If#= 1 Alt= 6 #EPs= 2 Cls=e0(wlcon) Sub=01 Prot=01 Driver=btusb E: Ad=03(O) Atr=01(Isoc) MxPS= 63 Ivl=1ms E: Ad=83(I) Atr=01(Isoc) MxPS= 63 Ivl=1ms Signed-off-by: Levi Zim <rsworktech(a)outlook.com> --- drivers/bluetooth/btusb.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/drivers/bluetooth/btusb.c b/drivers/bluetooth/btusb.c index 8085fabadde8ff01171783b59226589757bbbbbc..d1e62b3158166a33153a6dfaade03fd3fb7d8231 100644 --- a/drivers/bluetooth/btusb.c +++ b/drivers/bluetooth/btusb.c @@ -552,6 +552,8 @@ static const struct usb_device_id quirks_table[] = { BTUSB_WIDEBAND_SPEECH }, { USB_DEVICE(0x13d3, 0x3592), .driver_info = BTUSB_REALTEK | BTUSB_WIDEBAND_SPEECH }, + { USB_DEVICE(0x13d3, 0x3612), .driver_info = BTUSB_REALTEK | + BTUSB_WIDEBAND_SPEECH }, { USB_DEVICE(0x0489, 0xe122), .driver_info = BTUSB_REALTEK | BTUSB_WIDEBAND_SPEECH }, --- base-commit: 302a1f674c00dd5581ab8e493ef44767c5101aab change-id: 20250927-ble-13d3-3612-53a2246e4862 Best regards, -- Levi Zim <rsworktech(a)outlook.com>

4 days, 14 hours

4
3
0 0

Re: Compile Error fs/nfsd/nfs4state.o - clamp() low limit slotsize greater than high limit total_avail/scale_factor

by Mike-SPC via Bugspray Bot

Mike-SPC writes via Kernel.org Bugzilla: Hi there, at first: Thanks for patching and investigation. I've tested the patch mentioned in https://lkml.org/lkml/2025/11/10/12 and it works (for me). Thanks again and regards, Michael View: https://bugzilla.kernel.org/show_bug.cgi?id=220745#c17 You can reply to this message to join the discussion. -- Deet-doot-dot, I am a bot. Kernel.org Bugzilla (bugspray 0.1-dev)

4 days, 17 hours

1
0
0 0

Get the Fruit Attraction 2025 Attendee List!

by Karlee Howell

Hi, We’re offering exclusive access to the Fruit Attraction 2025 Visitor Contact List — your direct connection to verified buyers, importers, exporters, and industry leaders from the global fresh produce, logistics, and agri-innovation market. We have 97,137 verified visitor contacts in our database. You’ll receive full contact data: Individual Email Address, Phone Number, Contact Name, Job Title, Company Name, Website, Physical Address, LinkedIn Profile, and more. All data is fully 100% GDPR-compliant and ethically sourced 20% Off—Respond Before Nov 20. Let me know if you are Interested to see the pricing? Reply “Send me Pricing.” Best regards, Karlee Howell Sr. Marketing Manager Prefer not to receive these emails? Just reply “NOT INTERESTED”.

4 days, 17 hours

1
0
0 0

[REGRESSION 6.12.y] hyper-v: BUG: kernel NULL pointer dereference, address: 00000000000000a0: RIP: 0010:hv_uio_channel_cb+0xd/0x20 [uio_hv_generic]

by Salvatore Bonaccorso

Peter Morrow reported in Debian a regression, reported in https://bugs.debian.org/1120602 . The regression was seen after updating, to 6.12.57-1 in Debian, but details on the offending commit follows. His report was as follows: > Dear Maintainer, > > I'm seeing a kernel crash quite soon after boot on a debian trixie based > system running 6.12.57+deb13-amd64, unfortunately the kernel panics before > I can access the system to gather more information. Thus I'll provide details > of the system using a previously known good version. The panic is happening > 100% of the time unfortunately. I have access to the serial console however > so can enable any required verbose logging during boot if necessary. > > Crucially the crash is not seen with kernel version 6.12.41+deb13-amd64 with the > same userspace. We had pinned to that version until very recently to in order > to work around https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1109676 > > I'm running a dpdk application here (VPP) on Azure, VM form factor is a > "Standard DS3 v2 (4 vcpus, 14 GiB memory)". > > The only relevant upstream commit in this area (as far as I can see) is: > > https://lore.kernel.org/linux-hyperv/1bb599ee-fe28-409d-b430-2fc086268936@l… > > The comment regarding avoiding races at start adds a bit more weight behind this > hunch, though it's only a hunch as I am most definitely nowhere near an expert > in this area. > > -- Package-specific info: > > [ 19.625535] BUG: kernel NULL pointer dereference, address: 00000000000000a0 > [ 19.628874] #PF: supervisor read access in kernel mode > [ 19.630841] #PF: error_code(0x0000) - not-present page > [ 19.632788] PGD 0 P4D 0 > [ 19.633905] Oops: Oops: 0000 [#1] PREEMPT SMP PTI > [ 19.635586] CPU: 3 UID: 0 PID: 0 Comm: swapper/3 Not tainted 6.12.57+deb13-amd64 #1 Debian 6.12.57-1 > [ 19.640216] Hardware name: Microsoft Corporation Virtual Machine/Virtual Machine, BIOS Hyper-V UEFI Release v4.1 09/28/2024 > [ 19.644514] RIP: 0010:hv_uio_channel_cb+0xd/0x20 [uio_hv_generic] > [ 19.646994] Code: 02 00 00 5b 5d e9 53 98 69 e9 0f 1f 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa 0f 1f 44 00 00 48 8b 47 10 <48> 8b b8 a0 00 00 00 f0 83 44 24 fc 00 e9 51 6f fa ff 90 90 90 90 > [ 19.654377] RSP: 0018:ffffb15ac01a4fa8 EFLAGS: 00010046 > [ 19.656385] RAX: 0000000000000000 RBX: 0000000000000015 RCX: 0000000000000015 > [ 19.659240] RDX: 0000000000000001 RSI: ffffffffffffffff RDI: ffff8ff69c759400 > [ 19.662168] RBP: ffff8ff548790200 R08: ffff8ff548790200 R09: 00fca75150b080e9 > [ 19.665239] R10: 0000000000000000 R11: ffffb15ac01a4ff8 R12: ffff8ff871dc1480 > [ 19.668193] R13: ffff8ff69c759400 R14: ffff8ff69c7596a0 R15: ffffffffc106e160 > [ 19.671106] FS: 0000000000000000(0000) GS:ffff8ff871d80000(0000) knlGS:0000000000000000 > [ 19.674281] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 > [ 19.676533] CR2: 00000000000000a0 CR3: 0000000100ba6003 CR4: 00000000003706f0 > [ 19.679385] Call Trace: > [ 19.680361] <IRQ> > [ 19.681181] vmbus_isr+0x1a5/0x210 [hv_vmbus] > [ 19.682916] __sysvec_hyperv_callback+0x32/0x60 > [ 19.684991] sysvec_hyperv_callback+0x6c/0x90 > [ 19.686665] </IRQ> > [ 19.687509] <TASK> > [ 19.688366] asm_sysvec_hyperv_callback+0x1a/0x20 > [ 19.690262] RIP: 0010:pv_native_safe_halt+0xf/0x20 > [ 19.692067] Code: 09 e9 c5 08 01 00 0f 1f 44 00 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa 66 90 0f 00 2d e5 3b 31 00 fb f4 <c3> cc cc cc cc 66 66 2e 0f 1f 84 00 00 00 00 00 90 90 90 90 90 90 > [ 19.699119] RSP: 0018:ffffb15ac0103ed8 EFLAGS: 00000246 > [ 19.701412] RAX: 0000000000000003 RBX: ffff8ff5403b1fc0 RCX: ffff8ff54c64ce30 > [ 19.704328] RDX: 0000000000000000 RSI: 0000000000000003 RDI: 000000000001f894 > [ 19.706910] RBP: 0000000000000003 R08: 000000000bb760d9 R09: 00fca75150b080e9 > [ 19.709762] R10: 0000000000000003 R11: 0000000000000001 R12: 0000000000000000 > [ 19.712510] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 > [ 19.715173] default_idle+0x9/0x20 > [ 19.716846] default_idle_call+0x29/0x100 > [ 19.718623] do_idle+0x1fe/0x240 > [ 19.720045] cpu_startup_entry+0x29/0x30 > [ 19.721595] start_secondary+0x11e/0x140 > [ 19.723080] common_startup_64+0x13e/0x141 > [ 19.725222] </TASK> > [ 19.726387] Modules linked in: isofs cdrom uio_hv_generic uio binfmt_misc intel_rapl_msr intel_rapl_common intel_uncore_frequency_common isst_if_mbox_msr isst_if_common rpcrdma skx_edac_common nfit sunrpc libnvdimm crct10dif_pclmul ghash_clmulni_intel sha512_ssse3 sha256_ssse3 rdma_ucm ib_iser sha1_ssse3 rdma_cm aesni_intel iw_cm gf128mul crypto_simd libiscsi cryptd ib_umad ib_ipoib scsi_transport_iscsi ib_cm rapl sg hv_utils hv_balloon evdev pcspkr joydev mpls_router ip_tunnel ramoops configfs pstore_blk efi_pstore pstore_zone nfnetlink vsock_loopback vmw_vsock_virtio_transport_common hv_sock vmw_vsock_vmci_transport vsock vmw_vmci efivarfs ip_tables x_tables autofs4 overlay squashfs dm_verity dm_bufio reed_solomon dm_mod loop ext4 crc16 mbcache jbd2 crc32c_generic mlx5_ib ib_uverbs ib_core mlx5_core mlxfw pci_hyperv pci_hyperv_intf hyperv_drm drm_shmem_helper sd_mod drm_kms_helper hv_storvsc scsi_transport_fc drm scsi_mod hid_generic hid_hyperv hid serio_raw hv_netvsc hyperv_keyboard scsi_common hv_vmbus > [ 19.726466] crc32_pclmul crc32c_intel > [ 19.765771] CR2: 00000000000000a0 > [ 19.767524] ---[ end trace 0000000000000000 ]--- > [ 19.800433] RIP: 0010:hv_uio_channel_cb+0xd/0x20 [uio_hv_generic] > [ 19.803170] Code: 02 00 00 5b 5d e9 53 98 69 e9 0f 1f 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa 0f 1f 44 00 00 48 8b 47 10 <48> 8b b8 a0 00 00 00 f0 83 44 24 fc 00 e9 51 6f fa ff 90 90 90 90 > [ 19.811041] RSP: 0018:ffffb15ac01a4fa8 EFLAGS: 00010046 > [ 19.813466] RAX: 0000000000000000 RBX: 0000000000000015 RCX: 0000000000000015 > [ 19.816504] RDX: 0000000000000001 RSI: ffffffffffffffff RDI: ffff8ff69c759400 > [ 19.819484] RBP: ffff8ff548790200 R08: ffff8ff548790200 R09: 00fca75150b080e9 > [ 19.822625] R10: 0000000000000000 R11: ffffb15ac01a4ff8 R12: ffff8ff871dc1480 > [ 19.825569] R13: ffff8ff69c759400 R14: ffff8ff69c7596a0 R15: ffffffffc106e160 > [ 19.828804] FS: 0000000000000000(0000) GS:ffff8ff871d80000(0000) knlGS:0000000000000000 > [ 19.832214] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 > [ 19.834709] CR2: 00000000000000a0 CR3: 0000000100ba6003 CR4: 00000000003706f0 > [ 19.837976] Kernel panic - not syncing: Fatal exception in interrupt > [ 19.841825] Kernel Offset: 0x28a00000 from 0xffffffff81000000 (relocation range: 0xffffffff80000000-0xffffffffbfffffff) > [ 19.896620] ---[ end Kernel panic - not syncing: Fatal exception in interrupt ]--- > > > lspci output: > > Collected from a system that is not crashing (6.12.41+deb13-amd64 #1 SMP PREEMPT_DYNAMIC Debian 6.12.41-1 (2025-08-12) x86_64 GNU/Linux)... > > $ sudo lspci -v > 2f22:00:02.0 Ethernet controller: Mellanox Technologies MT27710 Family [ConnectX-4 Lx Virtual Function] (rev 80) > Subsystem: Mellanox Technologies Device 0190 > Physical Slot: 3 > Flags: bus master, fast devsel, latency 0, NUMA node 0 > Memory at fe0100000 (64-bit, prefetchable) [size=1M] > Capabilities: [60] Express Endpoint, IntMsgNum 0 > Capabilities: [9c] MSI-X: Enable+ Count=8 Masked- > Kernel driver in use: mlx5_core > Kernel modules: mlx5_core > > 52f7:00:02.0 Ethernet controller: Mellanox Technologies MT27710 Family [ConnectX-4 Lx Virtual Function] (rev 80) > Subsystem: Mellanox Technologies Device 0190 > Physical Slot: 2 > Flags: bus master, fast devsel, latency 0, NUMA node 0 > Memory at fe0000000 (64-bit, prefetchable) [size=1M] > Capabilities: [60] Express Endpoint, IntMsgNum 0 > Capabilities: [9c] MSI-X: Enable+ Count=8 Masked- > Kernel driver in use: mlx5_core > Kernel modules: mlx5_core > > 7852:00:02.0 Ethernet controller: Mellanox Technologies MT27710 Family [ConnectX-4 Lx Virtual Function] (rev 80) > Subsystem: Mellanox Technologies Device 0190 > Physical Slot: 4 > Flags: bus master, fast devsel, latency 0, NUMA node 0 > Memory at fe0200000 (64-bit, prefetchable) [size=1M] > Capabilities: [60] Express Endpoint, IntMsgNum 0 > Capabilities: [9c] MSI-X: Enable+ Count=8 Masked- > Kernel driver in use: mlx5_core > Kernel modules: mlx5_core > > dmidecode output: > > $ sudo dmidecode > # dmidecode 3.6 > Getting SMBIOS data from sysfs. > SMBIOS 3.1.0 present. > Table at 0x3FF82000. > > Handle 0x0000, DMI type 0, 26 bytes > BIOS Information > Vendor: Microsoft Corporation > Version: Hyper-V UEFI Release v4.1 > Release Date: 05/13/2024 > ROM Size: 64 kB > Characteristics: > BIOS characteristics not supported > ACPI is supported > Targeted content distribution is supported > UEFI is supported > System is a virtual machine > BIOS Revision: 4.1 > > Handle 0x0001, DMI type 1, 27 bytes > System Information > Manufacturer: Microsoft Corporation > Product Name: Virtual Machine > Version: Hyper-V UEFI Release v4.1 > Serial Number: 0000-0010-5437-9499-5225-4477-46 > UUID: 925315af-4af4-4d42-915a-1516b5a1fe5c > Wake-up Type: Power Switch > SKU Number: None > Family: Virtual Machine > > Handle 0x0002, DMI type 3, 24 bytes > Chassis Information > Manufacturer: Microsoft Corporation > Type: Desktop > Lock: Not Present > Version: Hyper-V UEFI Release v4.1 > Serial Number: 2466-9316-1078-9783-6078-7718-80 > Asset Tag: 7783-7084-3265-9085-8269-3286-77 > Boot-up State: Safe > Power Supply State: Safe > Thermal State: Safe > Security Status: Unknown > OEM Information: 0x00000000 > Height: Unspecified > Number Of Power Cords: Unspecified > Contained Elements: 0 > SKU Number: Virtual Machine > > Handle 0x0003, DMI type 2, 17 bytes > Base Board Information > Manufacturer: Microsoft Corporation > Product Name: Virtual Machine > Version: Hyper-V UEFI Release v4.1 > Serial Number: 0000-0010-4737-0707-0684-2660-76 > Asset Tag: None > Features: > Board is a hosting board > Location In Chassis: Virtual Machine > Chassis Handle: 0x0002 > Type: Motherboard > Contained Object Handles: 0 > > Handle 0x0004, DMI type 4, 48 bytes > Processor Information > Socket Designation: None > Type: Central Processor > Family: Unknown > Manufacturer: None > ID: 00 00 00 00 00 00 00 00 > Version: None > Voltage: Unknown > External Clock: Unknown > Max Speed: Unknown > Current Speed: Unknown > Status: Unpopulated > Upgrade: Other > L1 Cache Handle: Not Provided > L2 Cache Handle: Not Provided > L3 Cache Handle: Not Provided > Serial Number: None > Asset Tag: None > Part Number: None > Core Count: 4 > Core Enabled: 4 > Thread Count: 1 > Characteristics: None > > Handle 0x0005, DMI type 11, 5 bytes > OEM Strings > String 1: [MS_VM_CERT/SHA1/9b80ca0d5dd061ec9da4e494f4c3fd1196270c22] > String 2: None > String 3: To be filled by OEM > > Handle 0x0006, DMI type 16, 23 bytes > Physical Memory Array > Location: System Board Or Motherboard > Use: System Memory > Error Correction Type: None > Maximum Capacity: 0 bytes > Error Information Handle: Not Provided > Number Of Devices: 3 > > Handle 0x0007, DMI type 17, 92 bytes > Memory Device > Array Handle: 0x0006 > Error Information Handle: Not Provided > Total Width: Unknown > Data Width: Unknown > Size: 26 MB > Form Factor: Unknown > Set: None > Locator: M0001 > Bank Locator: None > Type: Unknown > Type Detail: Unknown > Speed: Unknown > Manufacturer: Microsoft Corporation > Serial Number: None > Asset Tag: None > Part Number: None > Rank: Unknown > Configured Memory Speed: Unknown > Minimum Voltage: Unknown > Maximum Voltage: Unknown > Configured Voltage: Unknown > Memory Technology: <OUT OF SPEC> > Memory Operating Mode Capability: None > Firmware Version: Not Specified > Module Manufacturer ID: Unknown > Module Product ID: Unknown > Memory Subsystem Controller Manufacturer ID: Unknown > Memory Subsystem Controller Product ID: Unknown > Non-Volatile Size: None > Volatile Size: None > Cache Size: None > Logical Size: None > > Handle 0x0008, DMI type 19, 31 bytes > Memory Array Mapped Address > Starting Address: 0x00000000000 > Ending Address: 0x00001A003FF > Range Size: 26625 kB > Physical Array Handle: 0x0006 > Partition Width: 0 > > Handle 0x0009, DMI type 20, 35 bytes > Memory Device Mapped Address > Starting Address: 0x00000000000 > Ending Address: 0x00001A003FF > Range Size: 26625 kB > Physical Device Handle: 0x0007 > Memory Array Mapped Address Handle: 0x0008 > Partition Row Position: Unknown > > Handle 0x000A, DMI type 17, 92 bytes > Memory Device > Array Handle: 0x0006 > Error Information Handle: Not Provided > Total Width: Unknown > Data Width: Unknown > Size: 948 MB > Form Factor: Unknown > Set: None > Locator: M0002 > Bank Locator: None > Type: Unknown > Type Detail: Unknown > Speed: Unknown > Manufacturer: Microsoft Corporation > Serial Number: None > Asset Tag: None > Part Number: None > Rank: Unknown > Configured Memory Speed: Unknown > Minimum Voltage: Unknown > Maximum Voltage: Unknown > Configured Voltage: Unknown > Memory Technology: <OUT OF SPEC> > Memory Operating Mode Capability: None > Firmware Version: Not Specified > Module Manufacturer ID: Unknown > Module Product ID: Unknown > Memory Subsystem Controller Manufacturer ID: Unknown > Memory Subsystem Controller Product ID: Unknown > Non-Volatile Size: None > Volatile Size: None > Cache Size: None > Logical Size: None > > Handle 0x000B, DMI type 19, 31 bytes > Memory Array Mapped Address > Starting Address: 0x00004C00000 > Ending Address: 0x000400003FF > Range Size: 970753 kB > Physical Array Handle: 0x0006 > Partition Width: 0 > > Handle 0x000C, DMI type 20, 35 bytes > Memory Device Mapped Address > Starting Address: 0x00004C00000 > Ending Address: 0x000400003FF > Range Size: 970753 kB > Physical Device Handle: 0x000A > Memory Array Mapped Address Handle: 0x000B > Partition Row Position: Unknown > > Handle 0x000D, DMI type 17, 92 bytes > Memory Device > Array Handle: 0x0006 > Error Information Handle: Not Provided > Total Width: Unknown > Data Width: Unknown > Size: 13 GB > Form Factor: Unknown > Set: None > Locator: M0003 > Bank Locator: None > Type: Unknown > Type Detail: Unknown > Speed: Unknown > Manufacturer: Microsoft Corporation > Serial Number: None > Asset Tag: None > Part Number: None > Rank: Unknown > Configured Memory Speed: Unknown > Minimum Voltage: Unknown > Maximum Voltage: Unknown > Configured Voltage: Unknown > Memory Technology: <OUT OF SPEC> > Memory Operating Mode Capability: None > Firmware Version: Not Specified > Module Manufacturer ID: Unknown > Module Product ID: Unknown > Memory Subsystem Controller Manufacturer ID: Unknown > Memory Subsystem Controller Product ID: Unknown > Non-Volatile Size: None > Volatile Size: None > Cache Size: None > Logical Size: None > > Handle 0x000E, DMI type 19, 31 bytes > Memory Array Mapped Address > Starting Address: 0x00100000000 > Ending Address: 0x004400003FF > Range Size: 13 GB > Physical Array Handle: 0x0006 > Partition Width: 0 > > Handle 0x000F, DMI type 20, 35 bytes > Memory Device Mapped Address > Starting Address: 0x00100000000 > Ending Address: 0x004400003FF > Range Size: 13 GB > Physical Device Handle: 0x000D > Memory Array Mapped Address Handle: 0x000E > Partition Row Position: Unknown > > Handle 0x0010, DMI type 32, 11 bytes > System Boot Information > Status: No errors detected > > Handle 0xFEFF, DMI type 127, 4 bytes > End Of Table The offending commit appers to be the backport of b15b7d2a1b09 ("uio_hv_generic: Let userspace take care of interrupt mask") for 6.12.y. Peter confirmed that reverting this commit on top of 6.12.57-1 as packaged in Debian resolves indeed the issue. Interestingly the issue is *not* seen with 6.17.7 based kernel in Debian. #regzbot introduced: 37bd91f22794dc05436130d6983302cb90ecfe7e #regzbot monitor: https://bugs.debian.org/1120602 Thank you already! Regards, Salvatore

4 days, 19 hours

3
5
0 0

[PATCH 6.6 and older] uio_hv_generic: Enable user space to manage interrupt_mask for subchannels

by Naman Jain

From: Long Li <longli(a)microsoft.com> Enable the user space to manage interrupt_mask for subchannels through irqcontrol interface for uio device. Also remove the memory barrier when monitor bit is enabled as it is not necessary. This is a backport of the upstream commit d062463edf17 ("uio_hv_generic: Set event for all channels on the device") with some modifications to resolve merge conflicts and take care of missing support for slow devices on older kernels. Original change was not a fix, but it needs to be backported to fix a NULL pointer crash resulting from missing interrupt mask setting. Commit 37bd91f22794 ("uio_hv_generic: Let userspace take care of interrupt mask") removed the default setting of interrupt_mask for channels (including subchannels) in the uio_hv_generic driver, as it relies on the user space to take care of managing it. This approach works fine when user space can control this setting using the irqcontrol interface provided for uio devices. Support for setting the interrupt mask through this interface for subchannels came only after commit d062463edf17 ("uio_hv_generic: Set event for all channels on the device"). On older kernels, this change is not present. With uio_hv_generic no longer setting the interrupt_mask, and userspace not having the capability to set it, it remains unset, and interrupts can come for the subchannels, which can result in a crash in hv_uio_channel_cb. Backport the change to older kernels, where this change was not present, to allow userspace to set the interrupt mask properly for subchannels. Additionally, this patch also adds certain checks for primary vs subchannels in the hv_uio_channel_cb, which can gracefully handle these two cases and prevent the NULL pointer crashes. Signed-off-by: Long Li <longli(a)microsoft.com> Fixes: 37bd91f22794 ("uio_hv_generic: Let userspace take care of interrupt mask") Closes: https://bugs.debian.org/1120602 Cc: <stable(a)vger.kernel.org> # 6.6.x and older Signed-off-by: Naman Jain <namjain(a)linux.microsoft.com> --- Remove reviewed-by tags since the original code has changed quite a bit while backporting. Backported change for 6.12 kernel is sent separately. --- drivers/uio/uio_hv_generic.c | 21 +++++++++++++++++---- 1 file changed, 17 insertions(+), 4 deletions(-) diff --git a/drivers/uio/uio_hv_generic.c b/drivers/uio/uio_hv_generic.c index 2724656bf634..69e5016ebd46 100644 --- a/drivers/uio/uio_hv_generic.c +++ b/drivers/uio/uio_hv_generic.c @@ -80,9 +80,15 @@ hv_uio_irqcontrol(struct uio_info *info, s32 irq_state) { struct hv_uio_private_data *pdata = info->priv; struct hv_device *dev = pdata->device; + struct vmbus_channel *primary, *sc; - dev->channel->inbound.ring_buffer->interrupt_mask = !irq_state; - virt_mb(); + primary = dev->channel; + primary->inbound.ring_buffer->interrupt_mask = !irq_state; + + mutex_lock(&vmbus_connection.channel_mutex); + list_for_each_entry(sc, &primary->sc_list, sc_list) + sc->inbound.ring_buffer->interrupt_mask = !irq_state; + mutex_unlock(&vmbus_connection.channel_mutex); return 0; } @@ -93,11 +99,18 @@ hv_uio_irqcontrol(struct uio_info *info, s32 irq_state) static void hv_uio_channel_cb(void *context) { struct vmbus_channel *chan = context; - struct hv_device *hv_dev = chan->device_obj; - struct hv_uio_private_data *pdata = hv_get_drvdata(hv_dev); + struct hv_device *hv_dev; + struct hv_uio_private_data *pdata; virt_mb(); + /* + * The callback may come from a subchannel, in which case look + * for the hv device in the primary channel + */ + hv_dev = chan->primary_channel ? + chan->primary_channel->device_obj : chan->device_obj; + pdata = hv_get_drvdata(hv_dev); uio_event_notify(&pdata->info); } -- 2.34.1

4 days, 19 hours

1
0
0 0

2025

2024

2023

2022

2021

2020

2019

2018

2017

Linux-stable-mirror