This is a note to let you know that I've just added the patch titled dma-buf: call dma_buf_stats_setup after dmabuf is in valid list to the 5.15-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary The filename of the patch is: dma-buf-call-dma_buf_stats_setup-after-dmabuf-is-in-valid-list.patch and it can be found in the queue-5.15 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable@xxxxxxxxxxxxxxx> know about it. >From ef3a6b70507a2add2cd2e01f5eb9b54d561bacb9 Mon Sep 17 00:00:00 2001 From: Charan Teja Reddy <quic_charante@xxxxxxxxxxx> Date: Tue, 10 May 2022 01:19:57 +0530 Subject: dma-buf: call dma_buf_stats_setup after dmabuf is in valid list MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit From: Charan Teja Reddy <quic_charante@xxxxxxxxxxx> commit ef3a6b70507a2add2cd2e01f5eb9b54d561bacb9 upstream. When dma_buf_stats_setup() fails, it closes the dmabuf file which results into the calling of dma_buf_file_release() where it does list_del(&dmabuf->list_node) with out first adding it to the proper list. This is resulting into panic in the below path: __list_del_entry_valid+0x38/0xac dma_buf_file_release+0x74/0x158 __fput+0xf4/0x428 ____fput+0x14/0x24 task_work_run+0x178/0x24c do_notify_resume+0x194/0x264 work_pending+0xc/0x5f0 Fix it by moving the dma_buf_stats_setup() after dmabuf is added to the list. Fixes: bdb8d06dfefd ("dmabuf: Add the capability to expose DMA-BUF stats in sysfs") Signed-off-by: Charan Teja Reddy <quic_charante@xxxxxxxxxxx> Tested-by: T.J. Mercier <tjmercier@xxxxxxxxxx> Acked-by: T.J. Mercier <tjmercier@xxxxxxxxxx> Cc: <stable@xxxxxxxxxxxxxxx> # 5.15.x+ Reviewed-by: Christian König <christian.koenig@xxxxxxx> Signed-off-by: Christian König <christian.koenig@xxxxxxx> Link: https://patchwork.freedesktop.org/patch/msgid/1652125797-2043-1-git-send-email-quic_charante@xxxxxxxxxxx Signed-off-by: Greg Kroah-Hartman <gregkh@xxxxxxxxxxxxxxxxxxx> --- drivers/dma-buf/dma-buf.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) --- a/drivers/dma-buf/dma-buf.c +++ b/drivers/dma-buf/dma-buf.c @@ -572,10 +572,6 @@ struct dma_buf *dma_buf_export(const str file->f_mode |= FMODE_LSEEK; dmabuf->file = file; - ret = dma_buf_stats_setup(dmabuf); - if (ret) - goto err_sysfs; - mutex_init(&dmabuf->lock); INIT_LIST_HEAD(&dmabuf->attachments); @@ -583,6 +579,10 @@ struct dma_buf *dma_buf_export(const str list_add(&dmabuf->list_node, &db_list.head); mutex_unlock(&db_list.lock); + ret = dma_buf_stats_setup(dmabuf); + if (ret) + goto err_sysfs; + return dmabuf; err_sysfs: Patches currently in stable-queue which might be from quic_charante@xxxxxxxxxxx are queue-5.15/dma-buf-call-dma_buf_stats_setup-after-dmabuf-is-in-valid-list.patch