Re: [syzbot] [dri?] WARNING in drm_prime_destroy_file_private (3)

All of lore.kernel.org
 help / color / mirror / Atom feed

From: syzbot <syzbot+d7c9eed171647e421013@syzkaller.appspotmail.com>
To: hdanton@sina.com, linux-kernel@vger.kernel.org,
	 syzkaller-bugs@googlegroups.com
Subject: Re: [syzbot] [dri?] WARNING in drm_prime_destroy_file_private (3)
Date: Tue, 12 May 2026 21:03:05 -0700	[thread overview]
Message-ID: <6a03f7f9.170a0220.d5671.0015.GAE@google.com> (raw)
In-Reply-To: <20260513031323.578-1-hdanton@sina.com>

Hello,

syzbot has tested the proposed patch but the reproducer is still triggering an issue:
WARNING in drm_prime_destroy_file_private

------------[ cut here ]------------
!RB_EMPTY_ROOT(&prime_fpriv->dmabufs)
WARNING: drivers/gpu/drm/drm_prime.c:224 at drm_prime_destroy_file_private+0x48/0x60 drivers/gpu/drm/drm_prime.c:224, CPU#0: syz.0.17/6327
Modules linked in:
CPU: 0 UID: 0 PID: 6327 Comm: syz.0.17 Not tainted syzkaller #0 PREEMPT(full) 
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
RIP: 0010:drm_prime_destroy_file_private+0x48/0x60 drivers/gpu/drm/drm_prime.c:224
Code: 48 89 fa 48 c1 ea 03 80 3c 02 00 75 2b 48 8b 83 88 00 00 00 48 85 c0 75 0b e8 d4 d0 65 fc 5b e9 0e e5 ea 05 e8 c9 d0 65 fc 90 <0f> 0b 90 e8 c0 d0 65 fc 5b c3 cc cc cc cc e8 55 8f d3 fc eb ce 0f
RSP: 0018:ffffc900033cfc90 EFLAGS: 00010293
RAX: 0000000000000000 RBX: ffff88802d0da328 RCX: ffffffff8b8be29d
RDX: ffff8880776fca00 RSI: ffffffff85a2d617 RDI: ffff88802d0da3b0
RBP: ffff88802d0da000 R08: 0000000000000001 R09: fffff52000679f72
R10: ffffc900033cfb97 R11: ffffffff82763704 R12: ffff8880274ac000
R13: ffff88802d0da260 R14: 0000000000000002 R15: ffff88802d0da288
FS:  0000555556830500(0000) GS:ffff888124372000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007feba2986400 CR3: 0000000033a76000 CR4: 00000000003526f0
Call Trace:
 <TASK>
 drm_file_free.part.0+0x7cf/0xc00 drivers/gpu/drm/drm_file.c:268
 drm_file_free drivers/gpu/drm/drm_file.c:237 [inline]
 drm_close_helper.isra.0+0x186/0x200 drivers/gpu/drm/drm_file.c:289
 drm_release+0x1ab/0x360 drivers/gpu/drm/drm_file.c:437
 __fput+0x3ff/0xb50 fs/file_table.c:510
 task_work_run+0x150/0x240 kernel/task_work.c:233
 resume_user_mode_work include/linux/resume_user_mode.h:50 [inline]
 __exit_to_user_mode_loop kernel/entry/common.c:67 [inline]
 exit_to_user_mode_loop+0x107/0x4f0 kernel/entry/common.c:98
 __exit_to_user_mode_prepare include/linux/irq-entry-common.h:207 [inline]
 syscall_exit_to_user_mode_prepare include/linux/irq-entry-common.h:238 [inline]
 syscall_exit_to_user_mode include/linux/entry-common.h:318 [inline]
 do_syscall_64+0x706/0xf80 arch/x86/entry/syscall_64.c:100
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7feba299cdd9
Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007ffd43dfae88 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4
RAX: 0000000000000000 RBX: 00007ffd43dfaf70 RCX: 00007feba299cdd9
RDX: 0000000000000000 RSI: 000000000000001e RDI: 0000000000000003
RBP: 000000000001dafd R08: 0000000000000001 R09: 0000000000000000
R10: 0000001b31020000 R11: 0000000000000246 R12: 00007ffd43dfafb0
R13: 00007feba2c15fac R14: 000000000001db37 R15: 00007feba2c15fa0
 </TASK>


Tested on:

commit:         1d5dcaa3 Merge tag 'probes-fixes-v7.1-rc3' of git://gi..
git tree:       upstream
console output: https://syzkaller.appspot.com/x/log.txt?x=13baa3ce580000
kernel config:  https://syzkaller.appspot.com/x/.config?x=59da38148f3a3d24
dashboard link: https://syzkaller.appspot.com/bug?extid=d7c9eed171647e421013
compiler:       gcc (Debian 14.2.0-19) 14.2.0, GNU ld (GNU Binutils for Debian) 2.44
patch:          https://syzkaller.appspot.com/x/patch.diff?x=11187dba580000

next prev parent reply	other threads:[~2026-05-13  4:03 UTC|newest]

Thread overview: 8+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2026-05-12 19:56 [syzbot] [dri?] WARNING in drm_prime_destroy_file_private (3) syzbot
2026-05-12 21:17 ` Hillf Danton
2026-05-12 21:44   ` syzbot
2026-05-13  3:13 ` Hillf Danton
2026-05-13  4:03   ` syzbot [this message]
2026-05-13  3:58 ` Edward Adam Davis
2026-05-13  4:30   ` [syzbot] " syzbot
2026-05-13  4:30 ` [PATCH] drm: Replace old pointer to new idr Edward Adam Davis

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=6a03f7f9.170a0220.d5671.0015.GAE@google.com \
    --to=syzbot+d7c9eed171647e421013@syzkaller.appspotmail.com \
    --cc=hdanton@sina.com \
    --cc=linux-kernel@vger.kernel.org \
    --cc=syzkaller-bugs@googlegroups.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.