Open
Conversation
Signed-off-by: Xiangyi Zeng <xiangyi.zeng@linux.alibaba.com> Signed-off-by: Han Gao <gaohan@iscas.ac.cn> Signed-off-by: Mingzheng Xing <xingmingzheng@iscas.ac.cn>
Signed-off-by: Xiangyi Zeng <xiangyi.zeng@linux.alibaba.com> Signed-off-by: Han Gao <gaohan@iscas.ac.cn> Signed-off-by: Mingzheng Xing <xingmingzheng@iscas.ac.cn>
Signed-off-by: Mingzheng Xing <xingmingzheng@iscas.ac.cn>
Signed-off-by: Xiangyi Zeng <xiangyi.zeng@linux.alibaba.com> Signed-off-by: Han Gao <gaohan@iscas.ac.cn> Signed-off-by: Mingzheng Xing <xingmingzheng@iscas.ac.cn>
change usb_hub node for str flow move Usb_hub node to root node to keep str suspend after usb controller Signed-off-by: Han Gao <gaohan@iscas.ac.cn> Signed-off-by: Mingzheng Xing <xingmingzheng@iscas.ac.cn>
support hubswitch change CONFIG_USB_GADGET m -> y for usb gadget ep enable Signed-off-by: Han Gao <gaohan@iscas.ac.cn> Signed-off-by: Mingzheng Xing <xingmingzheng@iscas.ac.cn>
Signed-off-by: xianbing Zhu <xianbing.zhu@linux.alibaba.com> Change-Id: I63ef02eb4433bac30bc93be1bb4f83e6e62e1874 Signed-off-by: Han Gao <gaohan@iscas.ac.cn> Signed-off-by: Mingzheng Xing <xingmingzheng@iscas.ac.cn>
Signed-off-by: Xiangyi Zeng <xiangyi.zeng@linux.alibaba.com> Signed-off-by: Han Gao <gaohan@iscas.ac.cn> Signed-off-by: Mingzheng Xing <xingmingzheng@iscas.ac.cn>
1: remove "audio_mem" node,because "audio_text_mem" 、"audio_data_mem" and "audio_log_mem" cover it 2: add "mbox_910r" node,it will be used in opensbi to info 902 Signed-off-by: Han Gao <gaohan@iscas.ac.cn> Signed-off-by: Mingzheng Xing <xingmingzheng@iscas.ac.cn>
to avoid IIS DMA noise data at the end of each music Signed-off-by: David Li <davidli.li@linux.alibaba.com> Change-Id: I09b9468bfd97f7276a1070f594dea826b105cddf Signed-off-by: Han Gao <gaohan@iscas.ac.cn> Signed-off-by: Mingzheng Xing <xingmingzheng@iscas.ac.cn>
Signed-off-by: David Li <davidli.li@linux.alibaba.com> Signed-off-by: Han Gao <gaohan@iscas.ac.cn> Signed-off-by: Mingzheng Xing <xingmingzheng@iscas.ac.cn>
Based on the current openeuler_defconfig for riscv, use the following commands to generate the new openeuler_defconfig: cp arch/riscv/configs/openeuler_defconfig .config cat arch/riscv/configs/th1520_defconfig >> .config make save_oedefconfig make update_oedefconfig Build and boot testing passed. Signed-off-by: Mingzheng Xing <xingmingzheng@iscas.ac.cn>
Signed-off-by: Han Gao <gaohan@iscas.ac.cn> Signed-off-by: Mingzheng Xing <xingmingzheng@iscas.ac.cn>
This flow is synced from driver in kernel5.10.y. Signed-off-by: xianbing Zhu <xianbing.zhu@linux.alibaba.com> Signed-off-by: Han Gao <gaohan@iscas.ac.cn> Signed-off-by: Mingzheng Xing <xingmingzheng@iscas.ac.cn>
Signed-off-by: Xiangyi Zeng <xiangyi.zeng@linux.alibaba.com> Signed-off-by: Han Gao <gaohan@iscas.ac.cn> Signed-off-by: Mingzheng Xing <xingmingzheng@iscas.ac.cn>
update the register process of cpufreq EM model. Signed-off-by: Esther Z <Esther.Z@linux.alibaba.com> Signed-off-by: Han Gao <gaohan@iscas.ac.cn> Signed-off-by: Mingzheng Xing <xingmingzheng@iscas.ac.cn>
if the rx over happen when the first recive sequnce, then the logic will miss the RX Over,and report a success transfer.so mark the status if rx over detected. Signed-off-by: Huaming <jianghuaming.jhm@linux.alibaba.com> Signed-off-by: Han Gao <gaohan@iscas.ac.cn> Signed-off-by: Mingzheng Xing <xingmingzheng@iscas.ac.cn>
move the "audio-text-memory-region" property into th1520_rpmsg node to avoid proble fail Signed-off-by: Han Gao <gaohan@iscas.ac.cn> Signed-off-by: Mingzheng Xing <xingmingzheng@iscas.ac.cn>
Some drivers like mmc read from aliases id to set host and its device id. Signed-off-by: xianbing Zhu <xianbing.zhu@linux.alibaba.com> Signed-off-by: Han Gao <gaohan@iscas.ac.cn> Signed-off-by: Mingzheng Xing <xingmingzheng@iscas.ac.cn>
Signed-off-by: tingming <minghq@linux.alibaba.com> Signed-off-by: Han Gao <gaohan@iscas.ac.cn> Signed-off-by: Mingzheng Xing <xingmingzheng@iscas.ac.cn>
add snps,dis_u2_susphy_quirk to th1520.dtsi dwc3 do not support usb2 phy suspend Signed-off-by: Han Gao <gaohan@iscas.ac.cn> Signed-off-by: Mingzheng Xing <xingmingzheng@iscas.ac.cn>
Signed-off-by: Xiangyi Zeng <xiangyi.zeng@linux.alibaba.com> Signed-off-by: Han Gao <gaohan@iscas.ac.cn> Signed-off-by: Mingzheng Xing <xingmingzheng@iscas.ac.cn>
Signed-off-by: Mingzheng Xing <xingmingzheng@iscas.ac.cn>
Signed-off-by: Han Gao <gaohan@iscas.ac.cn> Signed-off-by: Mingzheng Xing <xingmingzheng@iscas.ac.cn>
There may response in sdio CMD5 when sd card trys sdio cmds. Signed-off-by: xianbing Zhu <xianbing.zhu@linux.alibaba.com> Signed-off-by: Han Gao <gaohan@iscas.ac.cn> Signed-off-by: Mingzheng Xing <xingmingzheng@iscas.ac.cn>
keep the setting of period_bytes_min the same with linux_5.10.y Signed-off-by: David Li <davidli.li@linux.alibaba.com> Signed-off-by: Han Gao <gaohan@iscas.ac.cn> Signed-off-by: Mingzheng Xing <xingmingzheng@iscas.ac.cn>
Sometimes the hotplug cpu stalls at the arch_cpu_idle() for a while after workqueue_online_cpu(). When cpu stalls at the idle loop, the reschedule IPI is pending. However the enable bit is not enabled yet so the cpu stalls at WFI until watchdog timeout. Therefore enable the IPI before the workqueue_online_cpu() to fix the issue. Fixes: 63c5484 ("workqueue: Add multiple affinity scopes and interface to select them") Signed-off-by: Nick Hu <nick.hu@sifive.com> Reviewed-by: Anup Patel <anup@brainfault.org> Link: https://lore.kernel.org/r/20240717031714.1946036-1-nick.hu@sifive.com Signed-off-by: Palmer Dabbelt <palmer@rivosinc.com> Change-Id: Ifa018b99f04bdc26929b7fe6a1cf71cd2e30b142 Signed-off-by: Mingzheng Xing <xingmingzheng@iscas.ac.cn>
Expand cma size from 512MB to 768MB to meet the FBO video frame buffer requirement from chromium's X11 XVideo display feature. Signed-off-by: Han Gao <gaohan@iscas.ac.cn> Signed-off-by: Mingzheng Xing <xingmingzheng@iscas.ac.cn>
Signed-off-by: Han Gao <gaohan@iscas.ac.cn> Signed-off-by: Mingzheng Xing <xingmingzheng@iscas.ac.cn>
Signed-off-by: Icenowy Zheng <uwu@icenowy.me> Signed-off-by: Mingzheng Xing <xingmingzheng@iscas.ac.cn>
Author
|
/check |
RVCK result
Kunit Test Result[04:43:11] Testing complete. Ran 454 tests: passed: 442, skipped: 12 Check Patch Result
Kernel Build ResultKernel build succeeded: OERV-RVCI/rvck-olk/7/Image
LAVA Checkargs:
result:Lava check done! lava log: https://lava.oerv.ac.cn/scheduler/job/301 lava result count: [fail]: 17, [pass]: 1602, [skip]: 293 |
Author
|
/check |
github-actions
bot
removed
kernel_build_succeed
lava_check_done
kunit-test_done
check-patch_done
labels
RVCK result
Kunit Test Result[13:47:22] Testing complete. Ran 454 tests: passed: 442, skipped: 12 Check Patch Result
Kernel Build ResultKernel build succeeded: OERV-RVCI/rvck-olk/7/Image
LAVA Checkargs:
result:Lava check done! lava log: https://lava.oerv.ac.cn/scheduler/job/305 lava result count: [fail]: 18, [pass]: 1601, [skip]: 293 |
|
/check 开始测试 log: https://github.com/OERV-RVCI/rvck-olk/actions/runs/17613253165 参数解析结果
测试完成 详细结果:RVCK result
Kunit Test Result[12:17:37] Testing complete. Ran 454 tests: passed: 442, skipped: 12 Kernel Build ResultKernel build succeeded: OERV-RVCI/rvck-olk/7_3274670064/ b36dae5c8bc0daf0381ae1bcaf5c51ee /srv/guix_result/535d4430948c6d4978e19e9f87fb85902a344838/Image LAVA Checkargs:
result:Lava check done! lava log: https://lava.oerv.ac.cn/scheduler/job/703 lava result count: [fail]: 18, [pass]: 1588, [skip]: 293 Check Patch Result
|
|
/check 开始测试 log: https://github.com/OERV-RVCI/rvck-olk/actions/runs/17668587614 参数解析结果
测试完成 详细结果:RVCK result
Kunit Test Result[08:15:18] Testing complete. Ran 454 tests: passed: 442, skipped: 12 Kernel Build ResultKernel build succeeded: OERV-RVCI/rvck-olk/7_3284220774/ 4173c92b4015571a983a513623d65197 /srv/guix_result/535d4430948c6d4978e19e9f87fb85902a344838/Image LAVA Checkargs:
result:Lava check done! lava log: https://lava.oerv.ac.cn/scheduler/job/731 lava result count: [fail]: 19, [pass]: 1587, [skip]: 293 Check Patch Result
|
lzyprime
pushed a commit
that referenced
this pull request
Nov 22, 2025
mainline inclusion from mainline-v6.14-rc1 commit 2c2ebb2b49573e5f8726112ad06b1dffc3c9ea03 category: bugfix bugzilla: https://gitee.com/src-openeuler/kernel/issues/IBPLJN CVE: CVE-2025-21801 Reference: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=2c2ebb2b49573e5f8726112ad06b1dffc3c9ea03 ------------------------------- Fix the suspend/resume path by ensuring the rtnl lock is held where required. Calls to ravb_open, ravb_close and wol operations must be performed under the rtnl lock to prevent conflicts with ongoing ndo operations. Without this fix, the following warning is triggered: [ 39.032969] ============================= [ 39.032983] WARNING: suspicious RCU usage [ 39.033019] ----------------------------- [ 39.033033] drivers/net/phy/phy_device.c:2004 suspicious rcu_dereference_protected() usage! ... [ 39.033597] stack backtrace: [ 39.033613] CPU: 0 UID: 0 PID: 174 Comm: python3 Not tainted 6.13.0-rc7-next-20250116-arm64-renesas-00002-g35245dfdc62c #7 [ 39.033623] Hardware name: Renesas SMARC EVK version 2 based on r9a08g045s33 (DT) [ 39.033628] Call trace: [ 39.033633] show_stack+0x14/0x1c (C) [ 39.033652] dump_stack_lvl+0xb4/0xc4 [ 39.033664] dump_stack+0x14/0x1c [ 39.033671] lockdep_rcu_suspicious+0x16c/0x22c [ 39.033682] phy_detach+0x160/0x190 [ 39.033694] phy_disconnect+0x40/0x54 [ 39.033703] ravb_close+0x6c/0x1cc [ 39.033714] ravb_suspend+0x48/0x120 [ 39.033721] dpm_run_callback+0x4c/0x14c [ 39.033731] device_suspend+0x11c/0x4dc [ 39.033740] dpm_suspend+0xdc/0x214 [ 39.033748] dpm_suspend_start+0x48/0x60 [ 39.033758] suspend_devices_and_enter+0x124/0x574 [ 39.033769] pm_suspend+0x1ac/0x274 [ 39.033778] state_store+0x88/0x124 [ 39.033788] kobj_attr_store+0x14/0x24 [ 39.033798] sysfs_kf_write+0x48/0x6c [ 39.033808] kernfs_fop_write_iter+0x118/0x1a8 [ 39.033817] vfs_write+0x27c/0x378 [ 39.033825] ksys_write+0x64/0xf4 [ 39.033833] __arm64_sys_write+0x18/0x20 [ 39.033841] invoke_syscall+0x44/0x104 [ 39.033852] el0_svc_common.constprop.0+0xb4/0xd4 [ 39.033862] do_el0_svc+0x18/0x20 [ 39.033870] el0_svc+0x3c/0xf0 [ 39.033880] el0t_64_sync_handler+0xc0/0xc4 [ 39.033888] el0t_64_sync+0x154/0x158 [ 39.041274] ravb 11c30000.ethernet eth0: Link is Down Reported-by: Claudiu Beznea <claudiu.beznea.uj@bp.renesas.com> Closes: https://lore.kernel.org/netdev/4c6419d8-c06b-495c-b987-d66c2e1ff848@tuxon.dev/ Fixes: 0184165 ("ravb: add sleep PM suspend/resume support") Signed-off-by: Kory Maincent <kory.maincent@bootlin.com> Tested-by: Niklas Söderlund <niklas.soderlund+renesas@ragnatech.se> Signed-off-by: Paolo Abeni <pabeni@redhat.com> Signed-off-by: cheliequan <cheliequan@inspur.com>
lzyprime
pushed a commit
that referenced
this pull request
Nov 22, 2025
stable inclusion from stable-v6.6.102 commit 880ef748e78a1eb7df2d8e11a9ef21e98bcaabe5 category: bugfix bugzilla: https://gitee.com/src-openeuler/kernel/issues/ICU6GQ CVE: CVE-2025-38577 Reference: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=880ef748e78a1eb7df2d8e11a9ef21e98bcaabe5 -------------------------------- [ Upstream commit a509a55f8eecc8970b3980c6f06886bbff0e2f68 ] As syzbot [1] reported as below: R10: 0000000000000100 R11: 0000000000000206 R12: 00007ffe17473450 R13: 00007f28b1c10854 R14: 000000000000dae5 R15: 00007ffe17474520 </TASK> ---[ end trace 0000000000000000 ]--- ================================================================== BUG: KASAN: use-after-free in __list_del_entry_valid+0xa6/0x130 lib/list_debug.c:62 Read of size 8 at addr ffff88812d962278 by task syz-executor/564 CPU: 1 PID: 564 Comm: syz-executor Tainted: G W 6.1.129-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 Call Trace: <TASK> __dump_stack+0x21/0x24 lib/dump_stack.c:88 dump_stack_lvl+0xee/0x158 lib/dump_stack.c:106 print_address_description+0x71/0x210 mm/kasan/report.c:316 print_report+0x4a/0x60 mm/kasan/report.c:427 kasan_report+0x122/0x150 mm/kasan/report.c:531 __asan_report_load8_noabort+0x14/0x20 mm/kasan/report_generic.c:351 __list_del_entry_valid+0xa6/0x130 lib/list_debug.c:62 __list_del_entry include/linux/list.h:134 [inline] list_del_init include/linux/list.h:206 [inline] f2fs_inode_synced+0xf7/0x2e0 fs/f2fs/super.c:1531 f2fs_update_inode+0x74/0x1c40 fs/f2fs/inode.c:585 f2fs_update_inode_page+0x137/0x170 fs/f2fs/inode.c:703 f2fs_write_inode+0x4ec/0x770 fs/f2fs/inode.c:731 write_inode fs/fs-writeback.c:1460 [inline] __writeback_single_inode+0x4a0/0xab0 fs/fs-writeback.c:1677 writeback_single_inode+0x221/0x8b0 fs/fs-writeback.c:1733 sync_inode_metadata+0xb6/0x110 fs/fs-writeback.c:2789 f2fs_sync_inode_meta+0x16d/0x2a0 fs/f2fs/checkpoint.c:1159 block_operations fs/f2fs/checkpoint.c:1269 [inline] f2fs_write_checkpoint+0xca3/0x2100 fs/f2fs/checkpoint.c:1658 kill_f2fs_super+0x231/0x390 fs/f2fs/super.c:4668 deactivate_locked_super+0x98/0x100 fs/super.c:332 deactivate_super+0xaf/0xe0 fs/super.c:363 cleanup_mnt+0x45f/0x4e0 fs/namespace.c:1186 __cleanup_mnt+0x19/0x20 fs/namespace.c:1193 task_work_run+0x1c6/0x230 kernel/task_work.c:203 exit_task_work include/linux/task_work.h:39 [inline] do_exit+0x9fb/0x2410 kernel/exit.c:871 do_group_exit+0x210/0x2d0 kernel/exit.c:1021 __do_sys_exit_group kernel/exit.c:1032 [inline] __se_sys_exit_group kernel/exit.c:1030 [inline] __x64_sys_exit_group+0x3f/0x40 kernel/exit.c:1030 x64_sys_call+0x7b4/0x9a0 arch/x86/include/generated/asm/syscalls_64.h:232 do_syscall_x64 arch/x86/entry/common.c:51 [inline] do_syscall_64+0x4c/0xa0 arch/x86/entry/common.c:81 entry_SYSCALL_64_after_hwframe+0x68/0xd2 RIP: 0033:0x7f28b1b8e169 Code: Unable to access opcode bytes at 0x7f28b1b8e13f. RSP: 002b:00007ffe174710a8 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 RAX: ffffffffffffffda RBX: 00007f28b1c10879 RCX: 00007f28b1b8e169 RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000001 RBP: 0000000000000002 R08: 00007ffe1746ee47 R09: 00007ffe17472360 R10: 0000000000000009 R11: 0000000000000246 R12: 00007ffe17472360 R13: 00007f28b1c10854 R14: 000000000000dae5 R15: 00007ffe17474520 </TASK> Allocated by task 569: kasan_save_stack mm/kasan/common.c:45 [inline] kasan_set_track+0x4b/0x70 mm/kasan/common.c:52 kasan_save_alloc_info+0x25/0x30 mm/kasan/generic.c:505 __kasan_slab_alloc+0x72/0x80 mm/kasan/common.c:328 kasan_slab_alloc include/linux/kasan.h:201 [inline] slab_post_alloc_hook+0x4f/0x2c0 mm/slab.h:737 slab_alloc_node mm/slub.c:3398 [inline] slab_alloc mm/slub.c:3406 [inline] __kmem_cache_alloc_lru mm/slub.c:3413 [inline] kmem_cache_alloc_lru+0x104/0x220 mm/slub.c:3429 alloc_inode_sb include/linux/fs.h:3245 [inline] f2fs_alloc_inode+0x2d/0x340 fs/f2fs/super.c:1419 alloc_inode fs/inode.c:261 [inline] iget_locked+0x186/0x880 fs/inode.c:1373 f2fs_iget+0x55/0x4c60 fs/f2fs/inode.c:483 f2fs_lookup+0x366/0xab0 fs/f2fs/namei.c:487 __lookup_slow+0x2a3/0x3d0 fs/namei.c:1690 lookup_slow+0x57/0x70 fs/namei.c:1707 walk_component+0x2e6/0x410 fs/namei.c:1998 lookup_last fs/namei.c:2455 [inline] path_lookupat+0x180/0x490 fs/namei.c:2479 filename_lookup+0x1f0/0x500 fs/namei.c:2508 vfs_statx+0x10b/0x660 fs/stat.c:229 vfs_fstatat fs/stat.c:267 [inline] vfs_lstat include/linux/fs.h:3424 [inline] __do_sys_newlstat fs/stat.c:423 [inline] __se_sys_newlstat+0xd5/0x350 fs/stat.c:417 __x64_sys_newlstat+0x5b/0x70 fs/stat.c:417 x64_sys_call+0x393/0x9a0 arch/x86/include/generated/asm/syscalls_64.h:7 do_syscall_x64 arch/x86/entry/common.c:51 [inline] do_syscall_64+0x4c/0xa0 arch/x86/entry/common.c:81 entry_SYSCALL_64_after_hwframe+0x68/0xd2 Freed by task 13: kasan_save_stack mm/kasan/common.c:45 [inline] kasan_set_track+0x4b/0x70 mm/kasan/common.c:52 kasan_save_free_info+0x31/0x50 mm/kasan/generic.c:516 ____kasan_slab_free+0x132/0x180 mm/kasan/common.c:236 __kasan_slab_free+0x11/0x20 mm/kasan/common.c:244 kasan_slab_free include/linux/kasan.h:177 [inline] slab_free_hook mm/slub.c:1724 [inline] slab_free_freelist_hook+0xc2/0x190 mm/slub.c:1750 slab_free mm/slub.c:3661 [inline] kmem_cache_free+0x12d/0x2a0 mm/slub.c:3683 f2fs_free_inode+0x24/0x30 fs/f2fs/super.c:1562 i_callback+0x4c/0x70 fs/inode.c:250 rcu_do_batch+0x503/0xb80 kernel/rcu/tree.c:2297 rcu_core+0x5a2/0xe70 kernel/rcu/tree.c:2557 rcu_core_si+0x9/0x10 kernel/rcu/tree.c:2574 handle_softirqs+0x178/0x500 kernel/softirq.c:578 run_ksoftirqd+0x28/0x30 kernel/softirq.c:945 smpboot_thread_fn+0x45a/0x8c0 kernel/smpboot.c:164 kthread+0x270/0x310 kernel/kthread.c:376 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:295 Last potentially related work creation: kasan_save_stack+0x3a/0x60 mm/kasan/common.c:45 __kasan_record_aux_stack+0xb6/0xc0 mm/kasan/generic.c:486 kasan_record_aux_stack_noalloc+0xb/0x10 mm/kasan/generic.c:496 call_rcu+0xd4/0xf70 kernel/rcu/tree.c:2845 destroy_inode fs/inode.c:316 [inline] evict+0x7da/0x870 fs/inode.c:720 iput_final fs/inode.c:1834 [inline] iput+0x62b/0x830 fs/inode.c:1860 do_unlinkat+0x356/0x540 fs/namei.c:4397 __do_sys_unlink fs/namei.c:4438 [inline] __se_sys_unlink fs/namei.c:4436 [inline] __x64_sys_unlink+0x49/0x50 fs/namei.c:4436 x64_sys_call+0x958/0x9a0 arch/x86/include/generated/asm/syscalls_64.h:88 do_syscall_x64 arch/x86/entry/common.c:51 [inline] do_syscall_64+0x4c/0xa0 arch/x86/entry/common.c:81 entry_SYSCALL_64_after_hwframe+0x68/0xd2 The buggy address belongs to the object at ffff88812d961f20 which belongs to the cache f2fs_inode_cache of size 1200 The buggy address is located 856 bytes inside of 1200-byte region [ffff88812d961f20, ffff88812d9623d0) The buggy address belongs to the physical page: page:ffffea0004b65800 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x12d960 head:ffffea0004b65800 order:2 compound_mapcount:0 compound_pincount:0 flags: 0x4000000000010200(slab|head|zone=1) raw: 4000000000010200 0000000000000000 dead000000000122 ffff88810a94c500 raw: 0000000000000000 00000000800c000c 00000001ffffffff 0000000000000000 page dumped because: kasan: bad access detected page_owner tracks the page as allocated page last allocated via order 2, migratetype Reclaimable, gfp_mask 0x1d2050(__GFP_IO|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC|__GFP_HARDWALL|__GFP_RECLAIMABLE), pid 569, tgid 568 (syz.2.16), ts 55943246141, free_ts 0 set_page_owner include/linux/page_owner.h:31 [inline] post_alloc_hook+0x1d0/0x1f0 mm/page_alloc.c:2532 prep_new_page mm/page_alloc.c:2539 [inline] get_page_from_freelist+0x2e63/0x2ef0 mm/page_alloc.c:4328 __alloc_pages+0x235/0x4b0 mm/page_alloc.c:5605 alloc_slab_page include/linux/gfp.h:-1 [inline] allocate_slab mm/slub.c:1939 [inline] new_slab+0xec/0x4b0 mm/slub.c:1992 ___slab_alloc+0x6f6/0xb50 mm/slub.c:3180 __slab_alloc+0x5e/0xa0 mm/slub.c:3279 slab_alloc_node mm/slub.c:3364 [inline] slab_alloc mm/slub.c:3406 [inline] __kmem_cache_alloc_lru mm/slub.c:3413 [inline] kmem_cache_alloc_lru+0x13f/0x220 mm/slub.c:3429 alloc_inode_sb include/linux/fs.h:3245 [inline] f2fs_alloc_inode+0x2d/0x340 fs/f2fs/super.c:1419 alloc_inode fs/inode.c:261 [inline] iget_locked+0x186/0x880 fs/inode.c:1373 f2fs_iget+0x55/0x4c60 fs/f2fs/inode.c:483 f2fs_fill_super+0x3ad7/0x6bb0 fs/f2fs/super.c:4293 mount_bdev+0x2ae/0x3e0 fs/super.c:1443 f2fs_mount+0x34/0x40 fs/f2fs/super.c:4642 legacy_get_tree+0xea/0x190 fs/fs_context.c:632 vfs_get_tree+0x89/0x260 fs/super.c:1573 do_new_mount+0x25a/0xa20 fs/namespace.c:3056 page_owner free stack trace missing Memory state around the buggy address: ffff88812d962100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb ffff88812d962180: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb >ffff88812d962200: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb ^ ffff88812d962280: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb ffff88812d962300: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb ================================================================== [1] https://syzkaller.appspot.com/x/report.txt?x=13448368580000 This bug can be reproduced w/ the reproducer [2], once we enable CONFIG_F2FS_CHECK_FS config, the reproducer will trigger panic as below, so the direct reason of this bug is the same as the one below patch [3] fixed. kernel BUG at fs/f2fs/inode.c:857! RIP: 0010:f2fs_evict_inode+0x1204/0x1a20 Call Trace: <TASK> evict+0x32a/0x7a0 do_unlinkat+0x37b/0x5b0 __x64_sys_unlink+0xad/0x100 do_syscall_64+0x5a/0xb0 entry_SYSCALL_64_after_hwframe+0x6e/0xd8 RIP: 0010:f2fs_evict_inode+0x1204/0x1a20 [2] https://syzkaller.appspot.com/x/repro.c?x=17495ccc580000 [3] https://lore.kernel.org/linux-f2fs-devel/20250702120321.1080759-1-chao@kernel.org Tracepoints before panic: f2fs_unlink_enter: dev = (7,0), dir ino = 3, i_size = 4096, i_blocks = 8, name = file1 f2fs_unlink_exit: dev = (7,0), ino = 7, ret = 0 f2fs_evict_inode: dev = (7,0), ino = 7, pino = 3, i_mode = 0x81ed, i_size = 10, i_nlink = 0, i_blocks = 0, i_advise = 0x0 f2fs_truncate_node: dev = (7,0), ino = 7, nid = 8, block_address = 0x3c05 f2fs_unlink_enter: dev = (7,0), dir ino = 3, i_size = 4096, i_blocks = 8, name = file3 f2fs_unlink_exit: dev = (7,0), ino = 8, ret = 0 f2fs_evict_inode: dev = (7,0), ino = 8, pino = 3, i_mode = 0x81ed, i_size = 9000, i_nlink = 0, i_blocks = 24, i_advise = 0x4 f2fs_truncate: dev = (7,0), ino = 8, pino = 3, i_mode = 0x81ed, i_size = 0, i_nlink = 0, i_blocks = 24, i_advise = 0x4 f2fs_truncate_blocks_enter: dev = (7,0), ino = 8, i_size = 0, i_blocks = 24, start file offset = 0 f2fs_truncate_blocks_exit: dev = (7,0), ino = 8, ret = -2 The root cause is: in the fuzzed image, dnode #8 belongs to inode #7, after inode #7 eviction, dnode #8 was dropped. However there is dirent that has ino #8, so, once we unlink file3, in f2fs_evict_inode(), both f2fs_truncate() and f2fs_update_inode_page() will fail due to we can not load node #8, result in we missed to call f2fs_inode_synced() to clear inode dirty status. Let's fix this by calling f2fs_inode_synced() in error path of f2fs_evict_inode(). PS: As I verified, the reproducer [2] can trigger this bug in v6.1.129, but it failed in v6.16-rc4, this is because the testcase will stop due to other corruption has been detected by f2fs: F2FS-fs (loop0): inconsistent node block, node_type:2, nid:8, node_footer[nid:8,ino:8,ofs:0,cpver:5013063228981249506,blkaddr:15366] F2FS-fs (loop0): f2fs_lookup: inode (ino=9) has zero i_nlink Fixes: 0f18b46 ("f2fs: flush inode metadata when checkpoint is doing") Closes: https://syzkaller.appspot.com/x/report.txt?x=13448368580000 Signed-off-by: Chao Yu <chao@kernel.org> Signed-off-by: Jaegeuk Kim <jaegeuk@kernel.org> Signed-off-by: Sasha Levin <sashal@kernel.org> Signed-off-by: Yu Wu <wuyu06@inspur.com>
lzyprime
pushed a commit
that referenced
this pull request
Nov 22, 2025
Merge Pull Request from: @ci-robot PR sync from: Jinqian Yang <yangjinqian1@huawei.com> https://mailweb.openeuler.org/archives/list/kernel@openeuler.org/message/SYFBQMOREVOV42WBF6W5LC3AOZEQAIGE/ v1: https://gitee.com/openeuler/kernel/pulls/18596 v2: https://gitee.com/openeuler/kernel/pulls/18616 v1->v2 changes: 1. Merge the KABI modifications of Patch #2 and Patch #7 and place them in the last patch; 2. Add "static inline" to the is_midr_in_range_list function in Patch #5 for ERRATUM_1980005; 3. Sort the patches according to the order they were merged into the mainline. v2->v3 changes: 1. Resolve compilation errors. Patch#1 KVM: arm64: Set HCR_EL2.TID1 unconditionally Patch#2 KVM: arm64: Maintain per-VM copy of implementation ID regs Patch#3 KVM: arm64: Load VPIDR_EL2 with the VM's MIDR_EL1 value Patch#4 KVM: arm64: Allow userspace to change the implementation ID registers Reference: https://lore.kernel.org/all/20250225005401.679536-1-oliver.upton@linux.dev/ Selftest related patches not merged. Patch#5 arm64: Modify _midr_range() functions to read MIDR/REVIDR internally Patch#6 KVM: arm64: Specify hypercall ABI for retrieving target implementations Patch#7 KVM: arm64: Introduce KVM_REG_ARM_VENDOR_HYP_BMAP_2 Patch#8 arm64: Make _midr_in_range_list() an exported function Patch#9 smccc/kvm_guest: Enable errata based on implementation CPUs Reference: https://lore.kernel.org/all/20250221140229.12588-1-shameerali.kolothum.thodi@huawei.com/ Selftest related patches not merged. Patch#10 smccc: kvm_guest: Fix kernel builds for 32 bit arm Reference: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=44ff44cadbd144ee1159f5687a852c49c4290262 Integrate a single patch. Patch#11 smccc: kvm_guest: Align with DISCOVER_IMPL_CPUS ABI Reference: https://lore.kernel.org/all/20250327163613.2516073-1-oliver.upton@linux.dev/ Integrate a single patch. Patch#12 KVM: arm64: fix kvm kabi conflict KABI masking, introduced by Patch #2 and Patch #7, using KABI_EXTEND for masking. Jinqian Yang (1): KVM: arm64: fix kvm kabi conflict Oliver Upton (3): KVM: arm64: Set HCR_EL2.TID1 unconditionally KVM: arm64: Load VPIDR_EL2 with the VM's MIDR_EL1 value smccc: kvm_guest: Align with DISCOVER_IMPL_CPUS ABI Sebastian Ott (2): KVM: arm64: Maintain per-VM copy of implementation ID regs KVM: arm64: Allow userspace to change the implementation ID registers Shameer Kolothum (6): arm64: Modify _midr_range() functions to read MIDR/REVIDR internally KVM: arm64: Specify hypercall ABI for retrieving target implementations KVM: arm64: Introduce KVM_REG_ARM_VENDOR_HYP_BMAP_2 arm64: Make _midr_in_range_list() an exported function smccc/kvm_guest: Enable errata based on implementation CPUs smccc: kvm_guest: Fix kernel builds for 32 bit arm -- 2.33.0 https://gitee.com/openeuler/kernel/issues/IBN3WI Link:https://gitee.com/openeuler/kernel/pulls/18640 Reviewed-by: Li Nan <linan122@huawei.com> Reviewed-by: Xu Kuohai <xukuohai@huawei.com> Reviewed-by: Zhang Qiao <zhangqiao22@huawei.com> Reviewed-by: Kevin Zhu <zhukeqian1@huawei.com> Reviewed-by: Zhang Jianhua <chris.zjh@huawei.com> Signed-off-by: Li Nan <linan122@huawei.com> Acked-by: Xie XiuQi <xiexiuqi@huawei.com>
lzyprime
force-pushed
the
upstream/OLK-next
branch
from
de7daad to
f384a93
Compare
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
20 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
No description provided.