Re: [syzbot] [dri?] WARNING in drm_prime_destroy_file_private (3)

All of lore.kernel.org
 help / color / mirror / Atom feed

From: syzbot <syzbot+d7c9eed171647e421013@syzkaller.appspotmail.com>
To: hdanton@sina.com, linux-kernel@vger.kernel.org,
	 syzkaller-bugs@googlegroups.com
Subject: Re: [syzbot] [dri?] WARNING in drm_prime_destroy_file_private (3)
Date: Tue, 12 May 2026 14:44:02 -0700	[thread overview]
Message-ID: <6a039f22.a00a0220.3890a0.0003.GAE@google.com> (raw)
In-Reply-To: <20260512211712.554-1-hdanton@sina.com>

Hello,

syzbot has tested the proposed patch but the reproducer is still triggering an issue:
WARNING in drm_prime_destroy_file_private

------------[ cut here ]------------
!RB_EMPTY_ROOT(&prime_fpriv->dmabufs)
WARNING: drivers/gpu/drm/drm_prime.c:224 at drm_prime_destroy_file_private+0x48/0x60 drivers/gpu/drm/drm_prime.c:224, CPU#0: syz.0.17/6410
Modules linked in:
CPU: 0 UID: 0 PID: 6410 Comm: syz.0.17 Not tainted syzkaller #0 PREEMPT(full) 
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
RIP: 0010:drm_prime_destroy_file_private+0x48/0x60 drivers/gpu/drm/drm_prime.c:224
Code: 48 89 fa 48 c1 ea 03 80 3c 02 00 75 2b 48 8b 83 88 00 00 00 48 85 c0 75 0b e8 14 d0 65 fc 5b e9 4e e4 ea 05 e8 09 d0 65 fc 90 <0f> 0b 90 e8 00 d0 65 fc 5b c3 cc cc cc cc e8 95 8e d3 fc eb ce 0f
RSP: 0018:ffffc90002f77c90 EFLAGS: 00010293
RAX: 0000000000000000 RBX: ffff88802ad7e328 RCX: ffffffff8b8be29d
RDX: ffff888038710000 RSI: ffffffff85a2d6d7 RDI: ffff88802ad7e3b0
RBP: ffff88802ad7e000 R08: 0000000000000001 R09: fffff520005eef72
R10: ffffc90002f77b97 R11: ffffffff82763704 R12: ffff8880274f6000
R13: ffff88802ad7e260 R14: 0000000000000000 R15: ffff88802ad7e288
FS:  000055555a33f500(0000) GS:ffff888124372000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007f33e59e9000 CR3: 000000005f403000 CR4: 00000000003526f0
Call Trace:
 <TASK>
 drm_file_free.part.0+0x7e6/0xcc0 drivers/gpu/drm/drm_file.c:269
 drm_file_free drivers/gpu/drm/drm_file.c:237 [inline]
 drm_close_helper.isra.0+0x186/0x200 drivers/gpu/drm/drm_file.c:290
 drm_release+0x1ab/0x360 drivers/gpu/drm/drm_file.c:438
 __fput+0x3ff/0xb50 fs/file_table.c:510
 task_work_run+0x150/0x240 kernel/task_work.c:233
 resume_user_mode_work include/linux/resume_user_mode.h:50 [inline]
 __exit_to_user_mode_loop kernel/entry/common.c:67 [inline]
 exit_to_user_mode_loop+0x107/0x4f0 kernel/entry/common.c:98
 __exit_to_user_mode_prepare include/linux/irq-entry-common.h:207 [inline]
 syscall_exit_to_user_mode_prepare include/linux/irq-entry-common.h:238 [inline]
 syscall_exit_to_user_mode include/linux/entry-common.h:318 [inline]
 do_syscall_64+0x706/0xf80 arch/x86/entry/syscall_64.c:100
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f33e579cdd9
Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007ffece825a08 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4
RAX: 0000000000000000 RBX: 00007ffece825af0 RCX: 00007f33e579cdd9
RDX: 0000000000000000 RSI: 000000000000001e RDI: 0000000000000003
RBP: 000000000001dd1e R08: 0000000000000001 R09: 0000000000000000
R10: 0000001b2c920000 R11: 0000000000000246 R12: 00007ffece825b30
R13: 00007f33e5a15fac R14: 000000000001dd56 R15: 00007f33e5a15fa0
 </TASK>


Tested on:

commit:         1d5dcaa3 Merge tag 'probes-fixes-v7.1-rc3' of git://gi..
git tree:       upstream
console output: https://syzkaller.appspot.com/x/log.txt?x=13d7c7ce580000
kernel config:  https://syzkaller.appspot.com/x/.config?x=59da38148f3a3d24
dashboard link: https://syzkaller.appspot.com/bug?extid=d7c9eed171647e421013
compiler:       gcc (Debian 14.2.0-19) 14.2.0, GNU ld (GNU Binutils for Debian) 2.44
patch:          https://syzkaller.appspot.com/x/patch.diff?x=1164ebce580000

next prev parent reply	other threads:[~2026-05-12 21:44 UTC|newest]

Thread overview: 8+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2026-05-12 19:56 [syzbot] [dri?] WARNING in drm_prime_destroy_file_private (3) syzbot
2026-05-12 21:17 ` Hillf Danton
2026-05-12 21:44   ` syzbot [this message]
2026-05-13  3:13 ` Hillf Danton
2026-05-13  4:03   ` syzbot
2026-05-13  3:58 ` Edward Adam Davis
2026-05-13  4:30   ` [syzbot] " syzbot
2026-05-13  4:30 ` [PATCH] drm: Replace old pointer to new idr Edward Adam Davis

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=6a039f22.a00a0220.3890a0.0003.GAE@google.com \
    --to=syzbot+d7c9eed171647e421013@syzkaller.appspotmail.com \
    --cc=hdanton@sina.com \
    --cc=linux-kernel@vger.kernel.org \
    --cc=syzkaller-bugs@googlegroups.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.