From 24c692c981631276f3f20ff021931c665162e7e6 Mon Sep 17 00:00:00 2001
From: "Eric R. Smith" <eric.smith@collabora.com>
Date: Fri, 1 Aug 2025 16:04:45 -0300
Subject: [PATCH] panvk: fix a NULL pointer dereference in occlusion queries

If a meta operation (like a blit or clear) happens while occlusion
queries are active, we temporarily disable the query. Unfortunately
the code for this did not clear out the `syncobj` field. In rare
combinations of circumstances this could cause an attempt to issue
a write back of the occlusion query values, and since we've zeroed
the `ptr` field it writes to a NULL value, causing a bus fault and
device lost error.

Fixes: 61534faf4e2 ("panvk: Wire occlusion queries to internals")
Reviewed-by: Erik Faye-Lund <erik.faye-lund@collabora.com>
Reviewed-by: Lars-Ivar Hesselberg Simonsen <lars-ivar.simonsen@arm.com>
Part-of: <https://gitlab.freedesktop.org/mesa/mesa/-/merge_requests/36525>
---
 src/panfrost/vulkan/panvk_vX_cmd_meta.c | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/src/panfrost/vulkan/panvk_vX_cmd_meta.c b/src/panfrost/vulkan/panvk_vX_cmd_meta.c
index 9c9808a4c7e..c8b8802b836 100644
--- a/src/panfrost/vulkan/panvk_vX_cmd_meta.c
+++ b/src/panfrost/vulkan/panvk_vX_cmd_meta.c
@@ -119,6 +119,9 @@ panvk_per_arch(cmd_meta_gfx_start)(
    save_ctx->occlusion_query = cmdbuf->state.gfx.occlusion_query;
 
    /* Ensure occlusion queries are disabled */
+#if PAN_ARCH >= 10
+   cmdbuf->state.gfx.occlusion_query.syncobj = 0;
+#endif
    cmdbuf->state.gfx.occlusion_query.ptr = 0;
    cmdbuf->state.gfx.occlusion_query.mode = MALI_OCCLUSION_MODE_DISABLED;
    gfx_state_set_dirty(cmdbuf, OQ);