bisecting fixing commit since 1752938529c614a8ed4432ecce6ebc95d3b87207
building syzkaller on 80910769fd1f04ef3263915865ffec0da1d7a421
testing commit 1752938529c614a8ed4432ecce6ebc95d3b87207 with gcc (GCC) 8.1.0
kernel signature: 2798299dee6409a00dc6266788a0e5afb8260ee45ae1313069f78fc05ae27cf4
all runs: crashed: WARNING in drm_prime_destroy_file_private
testing current HEAD 2d2791fce891fc20709232d49a6bae075b9a77f8
testing commit 2d2791fce891fc20709232d49a6bae075b9a77f8 with gcc (GCC) 8.1.0
kernel signature: fe8556fc767ce55cfadb8c7462906cffe4e1aaba515793d901139e3d0b225c7c
all runs: crashed: WARNING in drm_prime_destroy_file_private
revisions tested: 2, total time: 24m23.964608471s (build: 18m3.383722039s, test: 5m32.908046478s)
the crash still happens on HEAD
commit msg: Linux 4.14.217
crash: WARNING in drm_prime_destroy_file_private
IPv6: ADDRCONF(NETDEV_UP): batadv_slave_1: link is not ready
batman_adv: batadv0: Interface activated: batadv_slave_1
IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
------------[ cut here ]------------
WARNING: CPU: 1 PID: 9850 at drivers/gpu/drm/drm_prime.c:898 drm_prime_destroy_file_private+0x32/0x40 drivers/gpu/drm/drm_prime.c:899
Kernel panic - not syncing: panic_on_warn set ...

CPU: 1 PID: 9850 Comm: syz-executor.2 Not tainted 4.14.217-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
 __dump_stack lib/dump_stack.c:17 [inline]
 dump_stack+0x14b/0x1e7 lib/dump_stack.c:58
 panic+0x1b0/0x358 kernel/panic.c:183
 __warn.cold.7+0x25/0x25 kernel/panic.c:547
 report_bug+0x1a4/0x200 lib/bug.c:186
 fixup_bug arch/x86/kernel/traps.c:177 [inline]
 do_error_trap+0x1bd/0x310 arch/x86/kernel/traps.c:295
 do_invalid_op+0x1b/0x20 arch/x86/kernel/traps.c:314
 invalid_op+0x1b/0x40 arch/x86/entry/entry_64.S:964
RIP: 0010:drm_prime_destroy_file_private+0x32/0x40 drivers/gpu/drm/drm_prime.c:898
RSP: 0018:ffff88809685fd40 EFLAGS: 00010282
RAX: ffff8880997d0710 RBX: ffff8880a93d98f8 RCX: 1ffff110134c414d
RDX: 1ffff1101527b32f RSI: ffff88809a620a48 RDI: ffff8880a93d9978
RBP: ffff88809685fd48 R08: ffff88809a620a68 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000000 R12: ffff888238500dc0
R13: ffff888238500de0 R14: ffff8880a93d9860 R15: ffffffff894dbac0
 drm_release+0xa4f/0xf50 drivers/gpu/drm/drm_file.c:427
 __fput+0x232/0x740 fs/file_table.c:210
 ____fput+0x9/0x10 fs/file_table.c:244
 task_work_run+0xe5/0x170 kernel/task_work.c:113
 tracehook_notify_resume include/linux/tracehook.h:191 [inline]
 exit_to_usermode_loop+0x14a/0x190 arch/x86/entry/common.c:164
 prepare_exit_to_usermode arch/x86/entry/common.c:199 [inline]
 syscall_return_slowpath arch/x86/entry/common.c:270 [inline]
 do_syscall_64+0x416/0x5b0 arch/x86/entry/common.c:297
 entry_SYSCALL_64_after_hwframe+0x46/0xbb
RIP: 0033:0x417bf1
RSP: 002b:00007ffc40ebe4e0 EFLAGS: 00000293 ORIG_RAX: 0000000000000003
RAX: 0000000000000000 RBX: 0000000000000004 RCX: 0000000000417bf1
RDX: 0000000000000001 RSI: 00000000011a04f8 RDI: 0000000000000003
RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
R10: 00007ffc40ebe5c0 R11: 0000000000000293 R12: ffffffffffffffff
R13: 000000000000b729 R14: 00000000000003e8 R15: 000000000119c034
Kernel Offset: disabled
Rebooting in 86400 seconds..