syzbot


general protection fault in dma_buf_release
Status: upstream: reported C repro on 2020/07/08 21:43
Reported-by: syzbot+4342719956b367864c91@syzkaller.appspotmail.com
First crash: 690d, last: 610d

Cause bisection: the cause commit could be any of (bisect log):
  bda8eaa6dee7 drm: sun4i: hdmi: Remove extra HPD polling
  17f64701ea6f drm/meson: viu: fix setting the OSD burst length in VIU_OSD1_FIFO_CTRL_STAT
  4ab59c3c638c dma-buf: Move dma_buf_release() from fops to dentry_ops
  29dbc0a7c3d1 Merge remote-tracking branch 'drm-misc-fixes/for-linux-next-fixes'
similar bugs (1):
Kernel Title Repro Cause bisect Fix bisect Count Last Reported Patched Status
android-54 general protection fault in dma_buf_release C 99 600d 685d 0/2 upstream: reported C repro on 2020/07/09 23:36
Patch testing requests:
Created Duration User Patch Repo Result
2020/08/09 20:15 17m yepeilin.cs@gmail.com patch upstream OK

Sample crash report:
RBP: 00000000000103d6 R08: 0000000000000001 R09: 00000000004002c8
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000402170
R13: 0000000000402200 R14: 0000000000000000 R15: 0000000000000000
general protection fault, probably for non-canonical address 0xdffffc0000000017: 0000 [#1] PREEMPT SMP KASAN
KASAN: null-ptr-deref in range [0x00000000000000b8-0x00000000000000bf]
CPU: 1 PID: 6798 Comm: syz-executor223 Not tainted 5.8.0-rc3-next-20200703-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
RIP: 0010:dma_buf_release+0x51/0x3f0 drivers/dma-buf/dma-buf.c:63
Code: 03 80 3c 02 00 0f 85 30 03 00 00 48 8b ad e8 00 00 00 48 b8 00 00 00 00 00 fc ff df 48 8d bd b8 00 00 00 48 89 fa 48 c1 ea 03 <0f> b6 04 02 84 c0 74 08 3c 03 0f 8e e3 02 00 00 8b 9d b8 00 00 00
RSP: 0018:ffffc90001b87aa0 EFLAGS: 00010206
RAX: dffffc0000000000 RBX: ffffffff847e30a0 RCX: ffffffff81c58a83
RDX: 0000000000000017 RSI: ffffffff847e30b0 RDI: 00000000000000b8
RBP: 0000000000000000 R08: 0000000000000001 R09: ffff88808a53c80b
R10: 0000000000000000 R11: 0000000000000000 R12: ffff88808b7dc550
R13: ffff88808b7dc4d8 R14: ffff88808b7dc520 R15: 0000000000000000
FS:  0000000001f09880(0000) GS:ffff8880ae700000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00000000006cc090 CR3: 00000000a87d2000 CR4: 00000000001506e0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
 __dentry_kill+0x42b/0x640 fs/dcache.c:584
 dentry_kill fs/dcache.c:705 [inline]
 dput+0x725/0xbc0 fs/dcache.c:878
 path_put+0x2d/0x60 fs/namei.c:496
 alloc_file_pseudo+0x20d/0x250 fs/file_table.c:236
 dma_buf_getfile drivers/dma-buf/dma-buf.c:439 [inline]
 dma_buf_export+0x5d8/0xae0 drivers/dma-buf/dma-buf.c:555
 udmabuf_create+0xb9d/0xe30 drivers/dma-buf/udmabuf.c:228
 udmabuf_ioctl_create_list drivers/dma-buf/udmabuf.c:284 [inline]
 udmabuf_ioctl+0x265/0x2c0 drivers/dma-buf/udmabuf.c:299
 vfs_ioctl fs/ioctl.c:48 [inline]
 ksys_ioctl+0x11a/0x180 fs/ioctl.c:753
 __do_sys_ioctl fs/ioctl.c:762 [inline]
 __se_sys_ioctl fs/ioctl.c:760 [inline]
 __x64_sys_ioctl+0x6f/0xb0 fs/ioctl.c:760
 do_syscall_64+0x60/0xe0 arch/x86/entry/common.c:367
 entry_SYSCALL_64_after_hwframe+0x44/0xa9
RIP: 0033:0x441229
Code: Bad RIP value.
RSP: 002b:00007ffe24394848 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 0000000000441229
RDX: 0000000020000000 RSI: 0000000040087543 RDI: 0000000000000004
RBP: 00000000000103d6 R08: 0000000000000001 R09: 00000000004002c8
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000402170
R13: 0000000000402200 R14: 0000000000000000 R15: 0000000000000000
Modules linked in:
---[ end trace 1a68562902844a66 ]---
RIP: 0010:dma_buf_release+0x51/0x3f0 drivers/dma-buf/dma-buf.c:63
Code: 03 80 3c 02 00 0f 85 30 03 00 00 48 8b ad e8 00 00 00 48 b8 00 00 00 00 00 fc ff df 48 8d bd b8 00 00 00 48 89 fa 48 c1 ea 03 <0f> b6 04 02 84 c0 74 08 3c 03 0f 8e e3 02 00 00 8b 9d b8 00 00 00
RSP: 0018:ffffc90001b87aa0 EFLAGS: 00010206
RAX: dffffc0000000000 RBX: ffffffff847e30a0 RCX: ffffffff81c58a83
RDX: 0000000000000017 RSI: ffffffff847e30b0 RDI: 00000000000000b8
RBP: 0000000000000000 R08: 0000000000000001 R09: ffff88808a53c80b
R10: 0000000000000000 R11: 0000000000000000 R12: ffff88808b7dc550
R13: ffff88808b7dc4d8 R14: ffff88808b7dc520 R15: 0000000000000000
FS:  0000000001f09880(0000) GS:ffff8880ae700000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00000000006cc090 CR3: 00000000a87d2000 CR4: 00000000001506e0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400

Crashes (81):
Manager Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Title
ci-upstream-linux-next-kasan-gce-root 2020/07/04 22:08 linux-next 9e50b94b3eb0 51095195 .config log report syz C
ci-upstream-kasan-gce 2020/09/22 09:47 upstream 98477740630f 9e1fa68e .config log report info
ci-upstream-kasan-gce-smack-root 2020/09/21 20:17 upstream ba4f184e126b 9e1fa68e .config log report info
ci-upstream-kasan-gce 2020/09/11 03:41 upstream 7fe10096c150 409809d8 .config log report
ci-upstream-kasan-gce-smack-root 2020/09/08 13:46 upstream f4d51dffc6c0 abf9ba4f .config log report
ci-upstream-kasan-gce-smack-root 2020/09/03 15:48 upstream fc3abb53250a abf9ba4f .config log report
ci-upstream-kasan-gce-smack-root 2020/09/01 16:04 upstream b51594df17d0 d5a3ae1f .config log report
ci-upstream-kasan-gce-selinux-root 2020/08/30 22:28 upstream 1127b219ce94 d5a3ae1f .config log report
ci-upstream-kasan-gce 2020/08/29 14:46 upstream 4d41ead6ead9 d5a3ae1f .config log report
ci-upstream-kasan-gce-root 2020/08/28 08:44 upstream 15bc20c6af4c 816e0689 .config log report
ci-upstream-kasan-gce-smack-root 2020/08/24 07:46 upstream cb95712138ec cef5ae68 .config log report
ci-upstream-kasan-gce 2020/08/24 05:05 upstream cb95712138ec cef5ae68 .config log report
ci-upstream-kasan-gce-smack-root 2020/08/23 14:35 upstream c3d8f220d012 cef5ae68 .config log report
ci-upstream-kasan-gce 2020/08/23 07:02 upstream c3d8f220d012 1da71ab0 .config log report
ci-upstream-kasan-gce-smack-root 2020/08/22 18:31 upstream f873db9acd3c 6436ce4b .config log report
ci-upstream-kasan-gce-smack-root 2020/08/22 17:09 upstream f873db9acd3c 6436ce4b .config log report
ci-upstream-kasan-gce-smack-root 2020/08/21 07:11 upstream da2968ff879b 1d75fe45 .config log report
ci-upstream-kasan-gce-smack-root 2020/08/20 01:41 upstream 18445bf405cb 94b45706 .config log report
ci-upstream-kasan-gce 2020/08/18 00:45 upstream 9123e3a74ec7 424dd8e7 .config log report
ci-upstream-kasan-gce 2020/08/16 12:02 upstream d84835b118ed 424dd8e7 .config log report
ci-upstream-kasan-gce 2020/08/16 07:02 upstream d84835b118ed 424dd8e7 .config log report
ci-upstream-kasan-gce-smack-root 2020/08/15 20:07 upstream c9c9735c46f5 424dd8e7 .config log report
ci-upstream-kasan-gce 2020/08/15 05:56 upstream 7fca4dee610d 424dd8e7 .config log report
ci-upstream-kasan-gce-selinux-root 2020/08/14 19:50 upstream a1d21081a60d 424dd8e7 .config log report
ci-upstream-kasan-gce-smack-root 2020/08/14 17:13 upstream a1d21081a60d 424dd8e7 .config log report
ci-upstream-kasan-gce 2020/08/12 21:46 upstream fb893de323e2 bc15f7db .config log report
ci-upstream-kasan-gce-root 2020/08/12 10:39 upstream c636eef2ee36 bb3e5fe6 .config log report
ci-upstream-kasan-gce-smack-root 2020/08/09 21:14 upstream 06a81c1c7db9 70301872 .config log report
ci-upstream-kasan-gce-root 2020/08/09 10:12 upstream 06a81c1c7db9 f721e4a0 .config log report
ci-upstream-kasan-gce-selinux-root 2020/08/09 03:02 upstream 449dc8c97089 f721e4a0 .config log report
ci-upstream-kasan-gce-smack-root 2020/08/09 01:58 upstream 449dc8c97089 f721e4a0 .config log report
ci-upstream-kasan-gce-smack-root 2020/08/06 17:40 upstream 47ec5303d73e 1f122f88 .config log report
ci-upstream-kasan-gce-smack-root 2020/08/05 07:25 upstream c0842fbc1b18 80a06902 .config log report
ci-upstream-kasan-gce-smack-root 2020/08/05 04:45 upstream c0842fbc1b18 80a06902 .config log report
ci-upstream-kasan-gce-selinux-root 2020/08/04 21:57 upstream c0842fbc1b18 80a06902 .config log report
ci-upstream-kasan-gce-smack-root 2020/08/02 22:34 upstream ac3a0c847296 63a73341 .config log report
ci-upstream-kasan-gce-selinux-root 2020/08/02 17:59 upstream ac3a0c847296 63a73341 .config log report
ci-upstream-kasan-gce-root 2020/08/01 12:02 upstream 7dc6fd0f3b84 d895b3be .config log report
ci-upstream-kasan-gce 2020/07/30 18:16 upstream d3590ebf6f91 233283a1 .config log report
ci-upstream-kasan-gce-selinux-root 2020/07/30 18:01 upstream d3590ebf6f91 233283a1 .config log report
ci-upstream-kasan-gce-smack-root 2020/07/30 17:42 upstream d3590ebf6f91 233283a1 .config log report
ci-upstream-kasan-gce-selinux-root 2020/07/30 17:21 upstream d3590ebf6f91 233283a1 .config log report
ci-upstream-kasan-gce-smack-root 2020/07/28 05:30 upstream 92ed30191993 cb93dc6a .config log report
ci-upstream-kasan-gce-selinux-root 2020/07/27 14:50 upstream 92ed30191993 cb93dc6a .config log report
ci-upstream-kasan-gce-selinux-root 2020/07/15 23:00 upstream e9919e11e219 f3bec699 .config log report
ci-upstream-kasan-gce-smack-root 2020/07/14 17:19 upstream 0dc589da873b ce4c95b3 .config log report
ci-upstream-kasan-gce 2020/07/14 12:19 upstream 0dc589da873b ce4c95b3 .config log report
ci-upstream-kasan-gce 2020/07/12 18:35 upstream 0aea6d5c5be3 115e1930 .config log report
ci-upstream-kasan-gce-smack-root 2020/07/12 04:20 upstream a581387e415b 18d18b59 .config log report
ci-upstream-kasan-gce-smack-root 2020/07/11 19:23 upstream a581387e415b 18d18b59 .config log report
ci-upstream-kasan-gce 2020/07/11 10:24 upstream a581387e415b 18d18b59 .config log report
ci-upstream-kasan-gce-root 2020/07/11 05:57 upstream a581387e415b 18d18b59 .config log report
ci-upstream-kasan-gce-root 2020/07/10 01:33 upstream 0bddd227f3dc bc238812 .config log report
ci-upstream-kasan-gce-smack-root 2020/07/09 16:50 upstream 0bddd227f3dc bc238812 .config log report
ci-upstream-kasan-gce-386 2020/07/30 12:54 upstream d3590ebf6f91 233283a1 .config log report
ci-upstream-kasan-gce-386 2020/07/29 14:35 upstream 6ba1b005ffc3 19a8de55 .config log report
ci-upstream-linux-next-kasan-gce-root 2020/08/15 03:38 linux-next 4993e4fe12af 424dd8e7 .config log report
ci-upstream-linux-next-kasan-gce-root 2020/07/14 21:45 linux-next 5fb3d6042387 609fb517 .config log report
ci-upstream-linux-next-kasan-gce-root 2020/07/04 21:37 linux-next 9e50b94b3eb0 51095195 .config log report