Re: [Bug] WARNING in pt_iommu_amdv1_init

Next message: Rob Herring (Arm): "Re: [PATCH] of: property: fix typo in kernel-doc return description"
Previous message: Matthew Wood: "Re: [PATCH v1] rust: console: add abstraction for kernel console drivers"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Jason Gunthorpe

Date: Fri Feb 27 2026 - 18:49:33 EST

On Sat, Feb 21, 2026 at 02:53:35PM +0800, Sam Sun wrote:
> Dear developers and maintainers,
>
> We encountered a bug in the iommufd selftest framework that triggers a
> kernel warning, which can lead to a kernel panic when panic_on_warn is
> enabled. The issue was observed on kernel version 6.19.0 (commit
> 2961f841b025), using syzbot kernel config to compile
> (https://syzkaller.appspot.com/text?tag=KernelConfig&x=e2f061f80b102378).
>
> We analyzed the root cause of this bug. In
> drivers/iommu/iommufd/selftest.c, the mock_domain_alloc_pgtable()
> function configures the mock AMDv1 domain with the PT_FEAT_DYNAMIC_TOP
> feature flag. However, the generic page table framework strictly
> requires any driver requesting this feature to implement specific
> hardware callbacks in driver_ops (specifically change_top and
> get_top_lock).

Hmm. I think the related issue is that the iommu selftest doesn't use
the MOCK_IOMMUPT_AMDV1 type. It was something I was using but a part
didn't get merged.

So it makes sense only syzkaller would hit this by inputting that
value.

Let me reflect on it if we should fix or delete the MOCK_IOMMUPT_AMDV1

Thanks,
Jason