syzbot


WARNING in drm_prime_destroy_file_private

Status: fixed on 2021/08/15 11:28
Reported-by: syzbot+010c4b4afd138414b3fb@syzkaller.appspotmail.com
Fix commit: 020a44cc54d6 drm: Return -ENOTTY for non-drm ioctls
First crash: 1178d, last: 987d
Fix bisection: fixed by (bisect log) :
commit 020a44cc54d65e673a13195e96fc0addbfd3a601
Author: Charles Baylis <cb-kernel@fishzet.co.uk>
Date: Fri Jul 16 16:43:12 2021 +0000

  drm: Return -ENOTTY for non-drm ioctls

  
Similar bugs (4)
Kernel Title Repro Cause bisect Fix bisect Count Last Reported Patched Status
upstream WARNING in drm_prime_destroy_file_private (2) dri C done 2 25d 92d 0/26 upstream: reported C repro on 2023/12/27 20:51
upstream WARNING in drm_prime_destroy_file_private dri 1 752d 748d 0/26 auto-closed as invalid on 2022/07/06 07:47
linux-4.14 WARNING in drm_prime_destroy_file_private C error 7 577d 1192d 0/1 upstream: reported C repro on 2020/12/23 07:13
linux-4.19 WARNING in drm_prime_destroy_file_private (2) C error 2 700d 700d 0/1 upstream: reported C repro on 2022/04/29 07:43
Fix bisection attempts (7)
Created Duration User Patch Repo Result
2021/08/15 00:01 3h16m bisect fix linux-4.19.y job log (1)
2021/07/15 23:37 23m bisect fix linux-4.19.y job log (0) log
2021/06/15 22:54 23m bisect fix linux-4.19.y job log (0) log
2021/05/16 21:52 28m bisect fix linux-4.19.y job log (0) log
2021/04/12 00:39 26m bisect fix linux-4.19.y job log (0) log
2021/02/25 00:30 23m bisect fix linux-4.19.y job log (0) log
2021/02/10 22:43 0m bisect fix linux-4.19.y error job log (0)

Sample crash report:
IPv6: ADDRCONF(NETDEV_UP): wlan1: link is not ready
wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
------------[ cut here ]------------
WARNING: CPU: 0 PID: 8418 at drivers/gpu/drm/drm_prime.c:982 drm_prime_destroy_file_private.cold+0x11/0x18 drivers/gpu/drm/drm_prime.c:982
Kernel panic - not syncing: panic_on_warn set ...

CPU: 0 PID: 8418 Comm: syz-executor.0 Not tainted 4.19.187-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
 __dump_stack lib/dump_stack.c:77 [inline]
 dump_stack+0x1fc/0x2ef lib/dump_stack.c:118
 panic+0x26a/0x50e kernel/panic.c:186
 __warn.cold+0x20/0x5a kernel/panic.c:541
 report_bug+0x262/0x2b0 lib/bug.c:186
 fixup_bug arch/x86/kernel/traps.c:178 [inline]
 fixup_bug arch/x86/kernel/traps.c:173 [inline]
 do_error_trap+0x1d7/0x310 arch/x86/kernel/traps.c:296
 invalid_op+0x14/0x20 arch/x86/entry/entry_64.S:1038
RIP: 0010:drm_prime_destroy_file_private.cold+0x11/0x18 drivers/gpu/drm/drm_prime.c:982
Code: 65 f9 48 c7 c7 c0 85 c5 88 e8 b0 80 f5 ff 0f 0b 41 83 cc ff e9 cd a5 db fb e8 fb 8d 65 f9 48 c7 c7 c0 85 c5 88 e8 94 80 f5 ff <0f> 0b e9 f9 b0 db fb e8 e3 8d 65 f9 48 c7 c7 a0 87 c5 88 e8 7c 80
RSP: 0018:ffff888090fd7ac8 EFLAGS: 00010282
RAX: 0000000000000024 RBX: ffff8880a9785b90 RCX: 0000000000000000
RDX: 0000000000000000 RSI: ffffffff814dddb1 RDI: ffffed10121faf4b
RBP: ffffffff83e94350 R08: 0000000000000024 R09: 0000000000000000
Bluetooth: hci0: command 0x0409 tx timeout
R10: 0000000000000005 R11: 0000000000000000 R12: ffff8880aa95b240
R13: ffff8880aa95b480 R14: ffff8880aa95b490 R15: ffff8880aa95b468
 drm_file_free.part.0+0xa15/0xd30 drivers/gpu/drm/drm_file.c:257
 drm_file_free drivers/gpu/drm/drm_file.c:215 [inline]
 drm_release+0x210/0x360 drivers/gpu/drm/drm_file.c:480
 __fput+0x2ce/0x890 fs/file_table.c:278
 task_work_run+0x148/0x1c0 kernel/task_work.c:113
 get_signal+0x1b64/0x1f70 kernel/signal.c:2400
 do_signal+0x8f/0x1670 arch/x86/kernel/signal.c:799
 exit_to_usermode_loop+0x204/0x2a0 arch/x86/entry/common.c:163
 prepare_exit_to_usermode arch/x86/entry/common.c:198 [inline]
 syscall_return_slowpath arch/x86/entry/common.c:271 [inline]
 do_syscall_64+0x538/0x620 arch/x86/entry/common.c:296
 entry_SYSCALL_64_after_hwframe+0x49/0xbe
RIP: 0033:0x466459
Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007fdc24f5f188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
RAX: 0000000000000000 RBX: 000000000056bf60 RCX: 0000000000466459
RDX: 0000000020000140 RSI: 00000000c10c5541 RDI: 0000000000000003
RBP: 00000000004bf9fb R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 000000000056bf60
R13: 00007ffcaac50d0f R14: 00007fdc24f5f300 R15: 0000000000022000
Kernel Offset: disabled
Rebooting in 86400 seconds..

Crashes (6):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2021/04/16 03:51 linux-4.19.y 0f1b4cb77d7f c59079a6 .config console log report syz ci2-linux-4-19 WARNING in drm_prime_destroy_file_private
2021/04/15 05:06 linux-4.19.y 0f1b4cb77d7f fcdb12ba .config console log report syz ci2-linux-4-19 WARNING in drm_prime_destroy_file_private
2021/03/13 00:39 linux-4.19.y 030194a5b292 429d8a6b .config console log report syz ci2-linux-4-19 WARNING in drm_prime_destroy_file_private
2021/01/11 22:43 linux-4.19.y 610bdbf6a174 2c1f2513 .config console log report syz ci2-linux-4-19
2021/01/05 20:07 linux-4.19.y 3207316b3bee a0234d98 .config console log report syz ci2-linux-4-19
2021/03/13 00:13 linux-4.19.y 030194a5b292 429d8a6b .config console log report info ci2-linux-4-19 WARNING in drm_prime_destroy_file_private
* Struck through repros no longer work on HEAD.