general protection fault in dma_buf

general protection fault in dma_buf_release
Status: upstream: reported C repro on 2020/07/08 21:43
Reported-by: syzbot+4342719956b367864c91@syzkaller.appspotmail.com
First crash: 37d, last: 1d22h

Cause bisection: the cause commit could be any of (bisect log):

  bda8eaa6dee7 drm: sun4i: hdmi: Remove extra HPD polling
  17f64701ea6f drm/meson: viu: fix setting the OSD burst length in VIU_OSD1_FIFO_CTRL_STAT
  4ab59c3c638c dma-buf: Move dma_buf_release() from fops to dentry_ops
  29dbc0a7c3d1 Merge remote-tracking branch 'drm-misc-fixes/for-linux-next-fixes'

similar bugs (1):
Kernel	Title	Repro	Bisected	Count	Last	Reported	Patched	Status
android-54	general protection fault in dma_buf_release	C		60	22m	32d	0/1	upstream: reported C repro on 2020/07/09 23:36

Patch testing requests:
Created	Duration	User	Patch	Repo	Result
2020/08/09 20:15	17m	yepeilin.cs@gmail.com	patch	upstream	OK

Sample crash report:

RBP: 00000000000103d6 R08: 0000000000000001 R09: 00000000004002c8
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000402170
R13: 0000000000402200 R14: 0000000000000000 R15: 0000000000000000
general protection fault, probably for non-canonical address 0xdffffc0000000017: 0000 [#1] PREEMPT SMP KASAN
KASAN: null-ptr-deref in range [0x00000000000000b8-0x00000000000000bf]
CPU: 1 PID: 6798 Comm: syz-executor223 Not tainted 5.8.0-rc3-next-20200703-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
RIP: 0010:dma_buf_release+0x51/0x3f0 drivers/dma-buf/dma-buf.c:63
Code: 03 80 3c 02 00 0f 85 30 03 00 00 48 8b ad e8 00 00 00 48 b8 00 00 00 00 00 fc ff df 48 8d bd b8 00 00 00 48 89 fa 48 c1 ea 03 <0f> b6 04 02 84 c0 74 08 3c 03 0f 8e e3 02 00 00 8b 9d b8 00 00 00
RSP: 0018:ffffc90001b87aa0 EFLAGS: 00010206
RAX: dffffc0000000000 RBX: ffffffff847e30a0 RCX: ffffffff81c58a83
RDX: 0000000000000017 RSI: ffffffff847e30b0 RDI: 00000000000000b8
RBP: 0000000000000000 R08: 0000000000000001 R09: ffff88808a53c80b
R10: 0000000000000000 R11: 0000000000000000 R12: ffff88808b7dc550
R13: ffff88808b7dc4d8 R14: ffff88808b7dc520 R15: 0000000000000000
FS:  0000000001f09880(0000) GS:ffff8880ae700000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00000000006cc090 CR3: 00000000a87d2000 CR4: 00000000001506e0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
 __dentry_kill+0x42b/0x640 fs/dcache.c:584
 dentry_kill fs/dcache.c:705 [inline]
 dput+0x725/0xbc0 fs/dcache.c:878
 path_put+0x2d/0x60 fs/namei.c:496
 alloc_file_pseudo+0x20d/0x250 fs/file_table.c:236
 dma_buf_getfile drivers/dma-buf/dma-buf.c:439 [inline]
 dma_buf_export+0x5d8/0xae0 drivers/dma-buf/dma-buf.c:555
 udmabuf_create+0xb9d/0xe30 drivers/dma-buf/udmabuf.c:228
 udmabuf_ioctl_create_list drivers/dma-buf/udmabuf.c:284 [inline]
 udmabuf_ioctl+0x265/0x2c0 drivers/dma-buf/udmabuf.c:299
 vfs_ioctl fs/ioctl.c:48 [inline]
 ksys_ioctl+0x11a/0x180 fs/ioctl.c:753
 __do_sys_ioctl fs/ioctl.c:762 [inline]
 __se_sys_ioctl fs/ioctl.c:760 [inline]
 __x64_sys_ioctl+0x6f/0xb0 fs/ioctl.c:760
 do_syscall_64+0x60/0xe0 arch/x86/entry/common.c:367
 entry_SYSCALL_64_after_hwframe+0x44/0xa9
RIP: 0033:0x441229
Code: Bad RIP value.
RSP: 002b:00007ffe24394848 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 0000000000441229
RDX: 0000000020000000 RSI: 0000000040087543 RDI: 0000000000000004
RBP: 00000000000103d6 R08: 0000000000000001 R09: 00000000004002c8
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000402170
R13: 0000000000402200 R14: 0000000000000000 R15: 0000000000000000
Modules linked in:
---[ end trace 1a68562902844a66 ]---
RIP: 0010:dma_buf_release+0x51/0x3f0 drivers/dma-buf/dma-buf.c:63
Code: 03 80 3c 02 00 0f 85 30 03 00 00 48 8b ad e8 00 00 00 48 b8 00 00 00 00 00 fc ff df 48 8d bd b8 00 00 00 48 89 fa 48 c1 ea 03 <0f> b6 04 02 84 c0 74 08 3c 03 0f 8e e3 02 00 00 8b 9d b8 00 00 00
RSP: 0018:ffffc90001b87aa0 EFLAGS: 00010206
RAX: dffffc0000000000 RBX: ffffffff847e30a0 RCX: ffffffff81c58a83
RDX: 0000000000000017 RSI: ffffffff847e30b0 RDI: 00000000000000b8
RBP: 0000000000000000 R08: 0000000000000001 R09: ffff88808a53c80b
R10: 0000000000000000 R11: 0000000000000000 R12: ffff88808b7dc550
R13: ffff88808b7dc4d8 R14: ffff88808b7dc520 R15: 0000000000000000
FS:  0000000001f09880(0000) GS:ffff8880ae700000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00000000006cc090 CR3: 00000000a87d2000 CR4: 00000000001506e0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400

Crashes (53):
Manager	Time	Kernel	Commit	Syzkaller	Config	Log	Report	Syz repro	C repro	Maintainers
ci-upstream-linux-next-kasan-gce-root	2020/07/04 22:08	linux-next	9e50b94b	51095195	.config	log	report	syz	C	christian.koenig@amd.com, dri-devel@lists.freedesktop.org, linaro-mm-sig@lists.linaro.org, linux-kernel@vger.kernel.org, linux-media@vger.kernel.org, sumit.semwal@linaro.org
ci-upstream-kasan-gce-smack-root	2020/08/09 21:14	upstream	06a81c1c	70301872	.config	log	report			christian.koenig@amd.com, dri-devel@lists.freedesktop.org, linaro-mm-sig@lists.linaro.org, linux-kernel@vger.kernel.org, linux-media@vger.kernel.org, sumit.semwal@linaro.org
ci-upstream-kasan-gce-root	2020/08/09 10:12	upstream	06a81c1c	f721e4a0	.config	log	report			christian.koenig@amd.com, dri-devel@lists.freedesktop.org, linaro-mm-sig@lists.linaro.org, linux-kernel@vger.kernel.org, linux-media@vger.kernel.org, sumit.semwal@linaro.org
ci-upstream-kasan-gce-selinux-root	2020/08/09 03:02	upstream	449dc8c9	f721e4a0	.config	log	report			christian.koenig@amd.com, dri-devel@lists.freedesktop.org, linaro-mm-sig@lists.linaro.org, linux-kernel@vger.kernel.org, linux-media@vger.kernel.org, sumit.semwal@linaro.org
ci-upstream-kasan-gce-smack-root	2020/08/09 01:58	upstream	449dc8c9	f721e4a0	.config	log	report			christian.koenig@amd.com, dri-devel@lists.freedesktop.org, linaro-mm-sig@lists.linaro.org, linux-kernel@vger.kernel.org, linux-media@vger.kernel.org, sumit.semwal@linaro.org
ci-upstream-kasan-gce-smack-root	2020/08/06 17:40	upstream	47ec5303	1f122f88	.config	log	report			christian.koenig@amd.com, dri-devel@lists.freedesktop.org, linaro-mm-sig@lists.linaro.org, linux-kernel@vger.kernel.org, linux-media@vger.kernel.org, sumit.semwal@linaro.org
ci-upstream-kasan-gce-smack-root	2020/08/05 07:25	upstream	c0842fbc	80a06902	.config	log	report			dri-devel@lists.freedesktop.org, linaro-mm-sig@lists.linaro.org, linux-kernel@vger.kernel.org, linux-media@vger.kernel.org, sumit.semwal@linaro.org
ci-upstream-kasan-gce-smack-root	2020/08/05 04:45	upstream	c0842fbc	80a06902	.config	log	report			dri-devel@lists.freedesktop.org, linaro-mm-sig@lists.linaro.org, linux-kernel@vger.kernel.org, linux-media@vger.kernel.org, sumit.semwal@linaro.org
ci-upstream-kasan-gce-selinux-root	2020/08/04 21:57	upstream	c0842fbc	80a06902	.config	log	report			dri-devel@lists.freedesktop.org, linaro-mm-sig@lists.linaro.org, linux-kernel@vger.kernel.org, linux-media@vger.kernel.org, sumit.semwal@linaro.org
ci-upstream-kasan-gce-smack-root	2020/08/02 22:34	upstream	ac3a0c84	63a73341	.config	log	report			dri-devel@lists.freedesktop.org, linaro-mm-sig@lists.linaro.org, linux-kernel@vger.kernel.org, linux-media@vger.kernel.org, sumit.semwal@linaro.org
ci-upstream-kasan-gce-selinux-root	2020/08/02 17:59	upstream	ac3a0c84	63a73341	.config	log	report			dri-devel@lists.freedesktop.org, linaro-mm-sig@lists.linaro.org, linux-kernel@vger.kernel.org, linux-media@vger.kernel.org, sumit.semwal@linaro.org
ci-upstream-kasan-gce-root	2020/08/01 12:02	upstream	7dc6fd0f	d895b3be	.config	log	report			dri-devel@lists.freedesktop.org, linaro-mm-sig@lists.linaro.org, linux-kernel@vger.kernel.org, linux-media@vger.kernel.org, sumit.semwal@linaro.org
ci-upstream-kasan-gce	2020/07/30 18:16	upstream	d3590ebf	233283a1	.config	log	report			dri-devel@lists.freedesktop.org, linaro-mm-sig@lists.linaro.org, linux-kernel@vger.kernel.org, linux-media@vger.kernel.org, sumit.semwal@linaro.org
ci-upstream-kasan-gce-selinux-root	2020/07/30 18:01	upstream	d3590ebf	233283a1	.config	log	report			dri-devel@lists.freedesktop.org, linaro-mm-sig@lists.linaro.org, linux-kernel@vger.kernel.org, linux-media@vger.kernel.org, sumit.semwal@linaro.org
ci-upstream-kasan-gce-smack-root	2020/07/30 17:42	upstream	d3590ebf	233283a1	.config	log	report			dri-devel@lists.freedesktop.org, linaro-mm-sig@lists.linaro.org, linux-kernel@vger.kernel.org, linux-media@vger.kernel.org, sumit.semwal@linaro.org
ci-upstream-kasan-gce-selinux-root	2020/07/30 17:21	upstream	d3590ebf	233283a1	.config	log	report			dri-devel@lists.freedesktop.org, linaro-mm-sig@lists.linaro.org, linux-kernel@vger.kernel.org, linux-media@vger.kernel.org, sumit.semwal@linaro.org
ci-upstream-kasan-gce-smack-root	2020/07/28 05:30	upstream	92ed3019	cb93dc6a	.config	log	report			dri-devel@lists.freedesktop.org, linaro-mm-sig@lists.linaro.org, linux-kernel@vger.kernel.org, linux-media@vger.kernel.org, sumit.semwal@linaro.org
ci-upstream-kasan-gce-selinux-root	2020/07/27 14:50	upstream	92ed3019	cb93dc6a	.config	log	report			dri-devel@lists.freedesktop.org, linaro-mm-sig@lists.linaro.org, linux-kernel@vger.kernel.org, linux-media@vger.kernel.org, sumit.semwal@linaro.org
ci-upstream-kasan-gce-smack-root	2020/07/25 22:46	upstream	23ee3e4e	1f7cc1ca	.config	log	report			dri-devel@lists.freedesktop.org, linaro-mm-sig@lists.linaro.org, linux-kernel@vger.kernel.org, linux-media@vger.kernel.org, sumit.semwal@linaro.org
ci-upstream-kasan-gce	2020/07/24 20:44	upstream	f37e99ac	554af388	.config	log	report			dri-devel@lists.freedesktop.org, linaro-mm-sig@lists.linaro.org, linux-kernel@vger.kernel.org, linux-media@vger.kernel.org, sumit.semwal@linaro.org
ci-upstream-kasan-gce-root	2020/07/24 20:33	upstream	f37e99ac	554af388	.config	log	report			dri-devel@lists.freedesktop.org, linaro-mm-sig@lists.linaro.org, linux-kernel@vger.kernel.org, linux-media@vger.kernel.org, sumit.semwal@linaro.org
ci-upstream-kasan-gce-selinux-root	2020/07/22 18:35	upstream	4fa640dc	128cd85f	.config	log	report			dri-devel@lists.freedesktop.org, linaro-mm-sig@lists.linaro.org, linux-kernel@vger.kernel.org, linux-media@vger.kernel.org, sumit.semwal@linaro.org
ci-upstream-kasan-gce	2020/07/22 12:12	upstream	4fa640dc	128cd85f	.config	log	report			dri-devel@lists.freedesktop.org, linaro-mm-sig@lists.linaro.org, linux-kernel@vger.kernel.org, linux-media@vger.kernel.org, sumit.semwal@linaro.org
ci-upstream-kasan-gce-smack-root	2020/07/21 12:48	upstream	4fa640dc	d88894e6	.config	log	report			dri-devel@lists.freedesktop.org, linaro-mm-sig@lists.linaro.org, linux-kernel@vger.kernel.org, linux-media@vger.kernel.org, sumit.semwal@linaro.org
ci-upstream-kasan-gce-smack-root	2020/07/20 19:55	upstream	5714ee50	4285ffa3	.config	log	report			dri-devel@lists.freedesktop.org, linaro-mm-sig@lists.linaro.org, linux-kernel@vger.kernel.org, linux-media@vger.kernel.org, sumit.semwal@linaro.org
ci-upstream-kasan-gce	2020/07/19 14:45	upstream	f932d58a	9c812472	.config	log	report			dri-devel@lists.freedesktop.org, linaro-mm-sig@lists.linaro.org, linux-kernel@vger.kernel.org, linux-media@vger.kernel.org, sumit.semwal@linaro.org
ci-upstream-kasan-gce-selinux-root	2020/07/19 12:10	upstream	f932d58a	9c812472	.config	log	report			dri-devel@lists.freedesktop.org, linaro-mm-sig@lists.linaro.org, linux-kernel@vger.kernel.org, linux-media@vger.kernel.org, sumit.semwal@linaro.org
ci-upstream-kasan-gce	2020/07/18 20:52	upstream	6a70f89c	9c812472	.config	log	report			dri-devel@lists.freedesktop.org, linaro-mm-sig@lists.linaro.org, linux-kernel@vger.kernel.org, linux-media@vger.kernel.org, sumit.semwal@linaro.org
ci-upstream-kasan-gce-selinux-root	2020/07/18 20:02	upstream	6a70f89c	9c812472	.config	log	report			dri-devel@lists.freedesktop.org, linaro-mm-sig@lists.linaro.org, linux-kernel@vger.kernel.org, linux-media@vger.kernel.org, sumit.semwal@linaro.org
ci-upstream-kasan-gce-root	2020/07/18 05:45	upstream	88825726	9c812472	.config	log	report			dri-devel@lists.freedesktop.org, linaro-mm-sig@lists.linaro.org, linux-kernel@vger.kernel.org, linux-media@vger.kernel.org, sumit.semwal@linaro.org
ci-upstream-kasan-gce	2020/07/18 05:42	upstream	88825726	9c812472	.config	log	report			dri-devel@lists.freedesktop.org, linaro-mm-sig@lists.linaro.org, linux-kernel@vger.kernel.org, linux-media@vger.kernel.org, sumit.semwal@linaro.org
ci-upstream-kasan-gce-smack-root	2020/07/18 03:30	upstream	88825726	9c812472	.config	log	report			dri-devel@lists.freedesktop.org, linaro-mm-sig@lists.linaro.org, linux-kernel@vger.kernel.org, linux-media@vger.kernel.org, sumit.semwal@linaro.org
ci-upstream-kasan-gce-smack-root	2020/07/16 00:32	upstream	e9919e11	f3bec699	.config	log	report			dri-devel@lists.freedesktop.org, linaro-mm-sig@lists.linaro.org, linux-kernel@vger.kernel.org, linux-media@vger.kernel.org, sumit.semwal@linaro.org
ci-upstream-kasan-gce	2020/07/16 00:27	upstream	e9919e11	f3bec699	.config	log	report			dri-devel@lists.freedesktop.org, linaro-mm-sig@lists.linaro.org, linux-kernel@vger.kernel.org, linux-media@vger.kernel.org, sumit.semwal@linaro.org
ci-upstream-kasan-gce-selinux-root	2020/07/16 00:17	upstream	e9919e11	f3bec699	.config	log	report			dri-devel@lists.freedesktop.org, linaro-mm-sig@lists.linaro.org, linux-kernel@vger.kernel.org, linux-media@vger.kernel.org, sumit.semwal@linaro.org
ci-upstream-kasan-gce	2020/07/15 23:43	upstream	e9919e11	f3bec699	.config	log	report			dri-devel@lists.freedesktop.org, linaro-mm-sig@lists.linaro.org, linux-kernel@vger.kernel.org, linux-media@vger.kernel.org, sumit.semwal@linaro.org
ci-upstream-kasan-gce-selinux-root	2020/07/15 23:00	upstream	e9919e11	f3bec699	.config	log	report			dri-devel@lists.freedesktop.org, linaro-mm-sig@lists.linaro.org, linux-kernel@vger.kernel.org, linux-media@vger.kernel.org, sumit.semwal@linaro.org
ci-upstream-kasan-gce-smack-root	2020/07/14 17:19	upstream	0dc589da	ce4c95b3	.config	log	report			dri-devel@lists.freedesktop.org, linaro-mm-sig@lists.linaro.org, linux-kernel@vger.kernel.org, linux-media@vger.kernel.org, sumit.semwal@linaro.org
ci-upstream-kasan-gce	2020/07/14 12:19	upstream	0dc589da	ce4c95b3	.config	log	report			dri-devel@lists.freedesktop.org, linaro-mm-sig@lists.linaro.org, linux-kernel@vger.kernel.org, linux-media@vger.kernel.org, sumit.semwal@linaro.org
ci-upstream-kasan-gce	2020/07/12 18:35	upstream	0aea6d5c	115e1930	.config	log	report			dri-devel@lists.freedesktop.org, linaro-mm-sig@lists.linaro.org, linux-kernel@vger.kernel.org, linux-media@vger.kernel.org, sumit.semwal@linaro.org
ci-upstream-kasan-gce-smack-root	2020/07/12 04:20	upstream	a581387e	18d18b59	.config	log	report			dri-devel@lists.freedesktop.org, linaro-mm-sig@lists.linaro.org, linux-kernel@vger.kernel.org, linux-media@vger.kernel.org, sumit.semwal@linaro.org
ci-upstream-kasan-gce-smack-root	2020/07/11 19:23	upstream	a581387e	18d18b59	.config	log	report			dri-devel@lists.freedesktop.org, linaro-mm-sig@lists.linaro.org, linux-kernel@vger.kernel.org, linux-media@vger.kernel.org, sumit.semwal@linaro.org
ci-upstream-kasan-gce	2020/07/11 10:24	upstream	a581387e	18d18b59	.config	log	report			dri-devel@lists.freedesktop.org, linaro-mm-sig@lists.linaro.org, linux-kernel@vger.kernel.org, linux-media@vger.kernel.org, sumit.semwal@linaro.org
ci-upstream-kasan-gce-root	2020/07/11 05:57	upstream	a581387e	18d18b59	.config	log	report			dri-devel@lists.freedesktop.org, linaro-mm-sig@lists.linaro.org, linux-kernel@vger.kernel.org, linux-media@vger.kernel.org, sumit.semwal@linaro.org
ci-upstream-kasan-gce-root	2020/07/10 01:33	upstream	0bddd227	bc238812	.config	log	report			dri-devel@lists.freedesktop.org, linaro-mm-sig@lists.linaro.org, linux-kernel@vger.kernel.org, linux-media@vger.kernel.org, sumit.semwal@linaro.org
ci-upstream-kasan-gce-smack-root	2020/07/09 16:50	upstream	0bddd227	bc238812	.config	log	report			dri-devel@lists.freedesktop.org, linaro-mm-sig@lists.linaro.org, linux-kernel@vger.kernel.org, linux-media@vger.kernel.org, sumit.semwal@linaro.org
ci-upstream-kasan-gce-386	2020/07/30 12:54	upstream	d3590ebf	233283a1	.config	log	report			dri-devel@lists.freedesktop.org, linaro-mm-sig@lists.linaro.org, linux-kernel@vger.kernel.org, linux-media@vger.kernel.org, sumit.semwal@linaro.org
ci-upstream-kasan-gce-386	2020/07/29 14:35	upstream	6ba1b005	19a8de55	.config	log	report			dri-devel@lists.freedesktop.org, linaro-mm-sig@lists.linaro.org, linux-kernel@vger.kernel.org, linux-media@vger.kernel.org, sumit.semwal@linaro.org
ci-upstream-linux-next-kasan-gce-root	2020/07/21 12:33	linux-next	ab8be66e	d88894e6	.config	log	report			christian.koenig@amd.com, dri-devel@lists.freedesktop.org, linaro-mm-sig@lists.linaro.org, linux-kernel@vger.kernel.org, linux-media@vger.kernel.org, sumit.semwal@linaro.org
ci-upstream-linux-next-kasan-gce-root	2020/07/18 05:06	linux-next	4c43049f	9c812472	.config	log	report			christian.koenig@amd.com, dri-devel@lists.freedesktop.org, linaro-mm-sig@lists.linaro.org, linux-kernel@vger.kernel.org, linux-media@vger.kernel.org, sumit.semwal@linaro.org
ci-upstream-linux-next-kasan-gce-root	2020/07/14 21:45	linux-next	5fb3d604	609fb517	.config	log	report			christian.koenig@amd.com, dri-devel@lists.freedesktop.org, linaro-mm-sig@lists.linaro.org, linux-kernel@vger.kernel.org, linux-media@vger.kernel.org, sumit.semwal@linaro.org
ci-upstream-linux-next-kasan-gce-root	2020/07/04 21:37	linux-next	9e50b94b	51095195	.config	log	report			christian.koenig@amd.com, dri-devel@lists.freedesktop.org, linaro-mm-sig@lists.linaro.org, linux-kernel@vger.kernel.org, linux-media@vger.kernel.org, sumit.semwal@linaro.org