general protection fault in dma_buf

general protection fault in dma_buf_release
Status: upstream: reported C repro on 2020/07/08 21:43
Reported-by: syzbot+4342719956b367864c91@syzkaller.appspotmail.com
First crash: 388d, last: 309d

Cause bisection: the cause commit could be any of (bisect log):
  bda8eaa6dee7 drm: sun4i: hdmi: Remove extra HPD polling
  17f64701ea6f drm/meson: viu: fix setting the OSD burst length in VIU_OSD1_FIFO_CTRL_STAT
  4ab59c3c638c dma-buf: Move dma_buf_release() from fops to dentry_ops
  29dbc0a7c3d1 Merge remote-tracking branch 'drm-misc-fixes/for-linux-next-fixes'

similar bugs (1):
Kernel	Title	Repro	Cause bisect	Fix bisect	Count	Last	Reported	Patched	Status
android-54	general protection fault in dma_buf_release	C			99	298d	383d	0/1	upstream: reported C repro on 2020/07/09 23:36

Patch testing requests:
Created	Duration	User	Patch	Repo	Result
2020/08/09 20:15	17m	yepeilin.cs@gmail.com	patch	upstream	OK

Sample crash report:

RBP: 00000000000103d6 R08: 0000000000000001 R09: 00000000004002c8
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000402170
R13: 0000000000402200 R14: 0000000000000000 R15: 0000000000000000
general protection fault, probably for non-canonical address 0xdffffc0000000017: 0000 [#1] PREEMPT SMP KASAN
KASAN: null-ptr-deref in range [0x00000000000000b8-0x00000000000000bf]
CPU: 1 PID: 6798 Comm: syz-executor223 Not tainted 5.8.0-rc3-next-20200703-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
RIP: 0010:dma_buf_release+0x51/0x3f0 drivers/dma-buf/dma-buf.c:63
Code: 03 80 3c 02 00 0f 85 30 03 00 00 48 8b ad e8 00 00 00 48 b8 00 00 00 00 00 fc ff df 48 8d bd b8 00 00 00 48 89 fa 48 c1 ea 03 <0f> b6 04 02 84 c0 74 08 3c 03 0f 8e e3 02 00 00 8b 9d b8 00 00 00
RSP: 0018:ffffc90001b87aa0 EFLAGS: 00010206
RAX: dffffc0000000000 RBX: ffffffff847e30a0 RCX: ffffffff81c58a83
RDX: 0000000000000017 RSI: ffffffff847e30b0 RDI: 00000000000000b8
RBP: 0000000000000000 R08: 0000000000000001 R09: ffff88808a53c80b
R10: 0000000000000000 R11: 0000000000000000 R12: ffff88808b7dc550
R13: ffff88808b7dc4d8 R14: ffff88808b7dc520 R15: 0000000000000000
FS:  0000000001f09880(0000) GS:ffff8880ae700000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00000000006cc090 CR3: 00000000a87d2000 CR4: 00000000001506e0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
 __dentry_kill+0x42b/0x640 fs/dcache.c:584
 dentry_kill fs/dcache.c:705 [inline]
 dput+0x725/0xbc0 fs/dcache.c:878
 path_put+0x2d/0x60 fs/namei.c:496
 alloc_file_pseudo+0x20d/0x250 fs/file_table.c:236
 dma_buf_getfile drivers/dma-buf/dma-buf.c:439 [inline]
 dma_buf_export+0x5d8/0xae0 drivers/dma-buf/dma-buf.c:555
 udmabuf_create+0xb9d/0xe30 drivers/dma-buf/udmabuf.c:228
 udmabuf_ioctl_create_list drivers/dma-buf/udmabuf.c:284 [inline]
 udmabuf_ioctl+0x265/0x2c0 drivers/dma-buf/udmabuf.c:299
 vfs_ioctl fs/ioctl.c:48 [inline]
 ksys_ioctl+0x11a/0x180 fs/ioctl.c:753
 __do_sys_ioctl fs/ioctl.c:762 [inline]
 __se_sys_ioctl fs/ioctl.c:760 [inline]
 __x64_sys_ioctl+0x6f/0xb0 fs/ioctl.c:760
 do_syscall_64+0x60/0xe0 arch/x86/entry/common.c:367
 entry_SYSCALL_64_after_hwframe+0x44/0xa9
RIP: 0033:0x441229
Code: Bad RIP value.
RSP: 002b:00007ffe24394848 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 0000000000441229
RDX: 0000000020000000 RSI: 0000000040087543 RDI: 0000000000000004
RBP: 00000000000103d6 R08: 0000000000000001 R09: 00000000004002c8
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000402170
R13: 0000000000402200 R14: 0000000000000000 R15: 0000000000000000
Modules linked in:
---[ end trace 1a68562902844a66 ]---
RIP: 0010:dma_buf_release+0x51/0x3f0 drivers/dma-buf/dma-buf.c:63
Code: 03 80 3c 02 00 0f 85 30 03 00 00 48 8b ad e8 00 00 00 48 b8 00 00 00 00 00 fc ff df 48 8d bd b8 00 00 00 48 89 fa 48 c1 ea 03 <0f> b6 04 02 84 c0 74 08 3c 03 0f 8e e3 02 00 00 8b 9d b8 00 00 00
RSP: 0018:ffffc90001b87aa0 EFLAGS: 00010206
RAX: dffffc0000000000 RBX: ffffffff847e30a0 RCX: ffffffff81c58a83
RDX: 0000000000000017 RSI: ffffffff847e30b0 RDI: 00000000000000b8
RBP: 0000000000000000 R08: 0000000000000001 R09: ffff88808a53c80b
R10: 0000000000000000 R11: 0000000000000000 R12: ffff88808b7dc550
R13: ffff88808b7dc4d8 R14: ffff88808b7dc520 R15: 0000000000000000
FS:  0000000001f09880(0000) GS:ffff8880ae700000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00000000006cc090 CR3: 00000000a87d2000 CR4: 00000000001506e0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400

Crashes (81):
Manager	Time	Kernel	Commit	Syzkaller	Config	Log	Report	Syz repro	C repro	VM info
ci-upstream-linux-next-kasan-gce-root	2020/07/04 22:08	linux-next	9e50b94b3eb0	51095195	.config	log	report	syz	C
ci-upstream-kasan-gce	2020/09/22 09:47	upstream	98477740630f	9e1fa68e	.config	log	report			info
ci-upstream-kasan-gce-smack-root	2020/09/21 20:17	upstream	ba4f184e126b	9e1fa68e	.config	log	report			info
ci-upstream-kasan-gce	2020/09/11 03:41	upstream	7fe10096c150	409809d8	.config	log	report
ci-upstream-kasan-gce-smack-root	2020/09/08 13:46	upstream	f4d51dffc6c0	abf9ba4f	.config	log	report
ci-upstream-kasan-gce-smack-root	2020/09/03 15:48	upstream	fc3abb53250a	abf9ba4f	.config	log	report
ci-upstream-kasan-gce-smack-root	2020/09/01 16:04	upstream	b51594df17d0	d5a3ae1f	.config	log	report
ci-upstream-kasan-gce-selinux-root	2020/08/30 22:28	upstream	1127b219ce94	d5a3ae1f	.config	log	report
ci-upstream-kasan-gce	2020/08/29 14:46	upstream	4d41ead6ead9	d5a3ae1f	.config	log	report
ci-upstream-kasan-gce-root	2020/08/28 08:44	upstream	15bc20c6af4c	816e0689	.config	log	report
ci-upstream-kasan-gce-smack-root	2020/08/24 07:46	upstream	cb95712138ec	cef5ae68	.config	log	report
ci-upstream-kasan-gce	2020/08/24 05:05	upstream	cb95712138ec	cef5ae68	.config	log	report
ci-upstream-kasan-gce-smack-root	2020/08/23 14:35	upstream	c3d8f220d012	cef5ae68	.config	log	report
ci-upstream-kasan-gce	2020/08/23 07:02	upstream	c3d8f220d012	1da71ab0	.config	log	report
ci-upstream-kasan-gce-smack-root	2020/08/22 18:31	upstream	f873db9acd3c	6436ce4b	.config	log	report
ci-upstream-kasan-gce-smack-root	2020/08/22 17:09	upstream	f873db9acd3c	6436ce4b	.config	log	report
ci-upstream-kasan-gce-smack-root	2020/08/21 07:11	upstream	da2968ff879b	1d75fe45	.config	log	report
ci-upstream-kasan-gce-smack-root	2020/08/20 01:41	upstream	18445bf405cb	94b45706	.config	log	report
ci-upstream-kasan-gce	2020/08/18 00:45	upstream	9123e3a74ec7	424dd8e7	.config	log	report
ci-upstream-kasan-gce	2020/08/16 12:02	upstream	d84835b118ed	424dd8e7	.config	log	report
ci-upstream-kasan-gce	2020/08/16 07:02	upstream	d84835b118ed	424dd8e7	.config	log	report
ci-upstream-kasan-gce-smack-root	2020/08/15 20:07	upstream	c9c9735c46f5	424dd8e7	.config	log	report
ci-upstream-kasan-gce	2020/08/15 05:56	upstream	7fca4dee610d	424dd8e7	.config	log	report
ci-upstream-kasan-gce-selinux-root	2020/08/14 19:50	upstream	a1d21081a60d	424dd8e7	.config	log	report
ci-upstream-kasan-gce-smack-root	2020/08/14 17:13	upstream	a1d21081a60d	424dd8e7	.config	log	report
ci-upstream-kasan-gce	2020/08/12 21:46	upstream	fb893de323e2	bc15f7db	.config	log	report
ci-upstream-kasan-gce-root	2020/08/12 10:39	upstream	c636eef2ee36	bb3e5fe6	.config	log	report
ci-upstream-kasan-gce-smack-root	2020/08/09 21:14	upstream	06a81c1c7db9	70301872	.config	log	report
ci-upstream-kasan-gce-root	2020/08/09 10:12	upstream	06a81c1c7db9	f721e4a0	.config	log	report
ci-upstream-kasan-gce-selinux-root	2020/08/09 03:02	upstream	449dc8c97089	f721e4a0	.config	log	report
ci-upstream-kasan-gce-smack-root	2020/08/09 01:58	upstream	449dc8c97089	f721e4a0	.config	log	report
ci-upstream-kasan-gce-smack-root	2020/08/06 17:40	upstream	47ec5303d73e	1f122f88	.config	log	report
ci-upstream-kasan-gce-smack-root	2020/08/05 07:25	upstream	c0842fbc1b18	80a06902	.config	log	report
ci-upstream-kasan-gce-smack-root	2020/08/05 04:45	upstream	c0842fbc1b18	80a06902	.config	log	report
ci-upstream-kasan-gce-selinux-root	2020/08/04 21:57	upstream	c0842fbc1b18	80a06902	.config	log	report
ci-upstream-kasan-gce-smack-root	2020/08/02 22:34	upstream	ac3a0c847296	63a73341	.config	log	report
ci-upstream-kasan-gce-selinux-root	2020/08/02 17:59	upstream	ac3a0c847296	63a73341	.config	log	report
ci-upstream-kasan-gce-root	2020/08/01 12:02	upstream	7dc6fd0f3b84	d895b3be	.config	log	report
ci-upstream-kasan-gce	2020/07/30 18:16	upstream	d3590ebf6f91	233283a1	.config	log	report
ci-upstream-kasan-gce-selinux-root	2020/07/30 18:01	upstream	d3590ebf6f91	233283a1	.config	log	report
ci-upstream-kasan-gce-smack-root	2020/07/30 17:42	upstream	d3590ebf6f91	233283a1	.config	log	report
ci-upstream-kasan-gce-selinux-root	2020/07/30 17:21	upstream	d3590ebf6f91	233283a1	.config	log	report
ci-upstream-kasan-gce-smack-root	2020/07/28 05:30	upstream	92ed30191993	cb93dc6a	.config	log	report
ci-upstream-kasan-gce-selinux-root	2020/07/27 14:50	upstream	92ed30191993	cb93dc6a	.config	log	report
ci-upstream-kasan-gce-selinux-root	2020/07/15 23:00	upstream	e9919e11e219	f3bec699	.config	log	report
ci-upstream-kasan-gce-smack-root	2020/07/14 17:19	upstream	0dc589da873b	ce4c95b3	.config	log	report
ci-upstream-kasan-gce	2020/07/14 12:19	upstream	0dc589da873b	ce4c95b3	.config	log	report
ci-upstream-kasan-gce	2020/07/12 18:35	upstream	0aea6d5c5be3	115e1930	.config	log	report
ci-upstream-kasan-gce-smack-root	2020/07/12 04:20	upstream	a581387e415b	18d18b59	.config	log	report
ci-upstream-kasan-gce-smack-root	2020/07/11 19:23	upstream	a581387e415b	18d18b59	.config	log	report
ci-upstream-kasan-gce	2020/07/11 10:24	upstream	a581387e415b	18d18b59	.config	log	report
ci-upstream-kasan-gce-root	2020/07/11 05:57	upstream	a581387e415b	18d18b59	.config	log	report
ci-upstream-kasan-gce-root	2020/07/10 01:33	upstream	0bddd227f3dc	bc238812	.config	log	report
ci-upstream-kasan-gce-smack-root	2020/07/09 16:50	upstream	0bddd227f3dc	bc238812	.config	log	report
ci-upstream-kasan-gce-386	2020/07/30 12:54	upstream	d3590ebf6f91	233283a1	.config	log	report
ci-upstream-kasan-gce-386	2020/07/29 14:35	upstream	6ba1b005ffc3	19a8de55	.config	log	report
ci-upstream-linux-next-kasan-gce-root	2020/08/15 03:38	linux-next	4993e4fe12af	424dd8e7	.config	log	report
ci-upstream-linux-next-kasan-gce-root	2020/07/14 21:45	linux-next	5fb3d6042387	609fb517	.config	log	report
ci-upstream-linux-next-kasan-gce-root	2020/07/04 21:37	linux-next	9e50b94b3eb0	51095195	.config	log	report