Re: [syzbot] [dri?] WARNING in drm_wait_one_vblank (2)
syzbot has found a reproducer for the following issue on: HEAD commit:9852d85ec9d4 Linux 6.12-rc1 git tree: upstream console+strace: https://syzkaller.appspot.com/x/log.txt?x=131f5dd058 kernel config: https://syzkaller.appspot.com/x/.config?x=286b31f2cf1c36b5 dashboard link: https://syzkaller.appspot.com/bug?extid=147ba789658184f0ce04 compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 syz repro: https://syzkaller.appspot.com/x/repro.syz?x=11ae7d0798 C reproducer: https://syzkaller.appspot.com/x/repro.c?x=124e198058 Downloadable assets: disk image: https://storage.googleapis.com/syzbot-assets/da91d5641713/disk-9852d85e.raw.xz vmlinux: https://storage.googleapis.com/syzbot-assets/5fc1f1ed3252/vmlinux-9852d85e.xz kernel image: https://storage.googleapis.com/syzbot-assets/5affad2001eb/bzImage-9852d85e.xz IMPORTANT: if you fix the issue, please add the following tag to the commit: Reported-by: syzbot+147ba789658184f0c...@syzkaller.appspotmail.com platform vkms: [drm] vblank wait timed out on crtc 0 WARNING: CPU: 1 PID: 5311 at drivers/gpu/drm/drm_vblank.c:1307 drm_wait_one_vblank+0x97c/0xa00 drivers/gpu/drm/drm_vblank.c:1307 Modules linked in: CPU: 1 UID: 0 PID: 5311 Comm: syz-executor171 Not tainted 6.12.0-rc1-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 RIP: 0010:drm_wait_one_vblank+0x97c/0xa00 drivers/gpu/drm/drm_vblank.c:1307 Code: 80 3c 08 00 74 08 4c 89 ff e8 c0 51 94 fc 49 8b 1f 48 c7 c7 40 96 73 8c 4c 89 f6 48 89 da 8b 5c 24 0c 89 d9 e8 c5 9c eb fb 90 <0f> 0b 90 90 49 be 00 00 00 00 00 fc ff df e9 68 fb ff ff 44 89 e9 RSP: 0018:c900037cfac0 EFLAGS: 00010246 RAX: 080b7da53130ae00 RBX: RCX: 88804f0bda00 RDX: RSI: 0001 RDI: RBP: c900037cfc00 R08: 8155daa2 R09: fbfff1cf9fd8 R10: dc00 R11: fbfff1cf9fd8 R12: 1920006f9f64 R13: 0ed5 R14: 8c86d500 R15: 888025074010 FS: 7faa906a96c0() GS:8880b870() knlGS: CS: 0010 DS: ES: CR0: 80050033 CR2: 7faa9075a366 CR3: 4f7a8000 CR4: 003526f0 DR0: DR1: DR2: DR3: DR6: fffe0ff0 DR7: 0400 Call Trace: drm_fb_helper_ioctl+0x114/0x140 drivers/gpu/drm/drm_fb_helper.c:1093 do_fb_ioctl+0x40a/0x7b0 drivers/video/fbdev/core/fb_chrdev.c:155 vfs_ioctl fs/ioctl.c:51 [inline] __do_sys_ioctl fs/ioctl.c:907 [inline] __se_sys_ioctl+0xf9/0x170 fs/ioctl.c:893 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x77/0x7f RIP: 0033:0x7faa906f6109 Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 31 1b 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 RSP: 002b:7faa906a9208 EFLAGS: 0246 ORIG_RAX: 0010 RAX: ffda RBX: 7faa907783e8 RCX: 7faa906f6109 RDX: RSI: 40044620 RDI: 0003 RBP: 7faa907783e0 R08: R09: R10: R11: 0246 R12: ffb0 R13: R14: 3062662f7665642f R15: 6d6f692f7665642f --- If you want syzbot to run the reproducer, reply with: #syz test: git://repo/address.git branch-or-commit-hash If you attach or paste a git patch, syzbot will apply it before testing.
[syzbot] [dri?] [virt?] INFO: task hung in drm_atomic_get_plane_state
Hello, syzbot found the following issue on: HEAD commit:3efc57369a0c Merge tag 'for-linus' of git://git.kernel.org.. git tree: upstream console output: https://syzkaller.appspot.com/x/log.txt?x=12964d9f98 kernel config: https://syzkaller.appspot.com/x/.config?x=a4fcb065287cdb84 dashboard link: https://syzkaller.appspot.com/bug?extid=eee643fdccb7c015b3a6 compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 Unfortunately, I don't have any reproducer for this issue yet. Downloadable assets: disk image (non-bootable): https://storage.googleapis.com/syzbot-assets/7feb34a89c2a/non_bootable_disk-3efc5736.raw.xz vmlinux: https://storage.googleapis.com/syzbot-assets/d0988c372a39/vmlinux-3efc5736.xz kernel image: https://storage.googleapis.com/syzbot-assets/8547f30d7e9d/bzImage-3efc5736.xz IMPORTANT: if you fix the issue, please add the following tag to the commit: Reported-by: syzbot+eee643fdccb7c015b...@syzkaller.appspotmail.com INFO: task swapper/0:1 blocked for more than 143 seconds. Not tainted 6.11.0-syzkaller-11993-g3efc57369a0c #0 "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. task:swapper/0 state:D stack:17904 pid:1 tgid:1 ppid:0 flags:0x4000 Call Trace: context_switch kernel/sched/core.c:5315 [inline] __schedule+0x1895/0x4b30 kernel/sched/core.c:6675 __schedule_loop kernel/sched/core.c:6752 [inline] schedule+0x14b/0x320 kernel/sched/core.c:6767 schedule_preempt_disabled+0x13/0x30 kernel/sched/core.c:6824 __mutex_lock_common kernel/locking/mutex.c:684 [inline] __ww_mutex_lock+0xec5/0x2790 kernel/locking/mutex.c:759 ww_mutex_lock+0x40/0x1f0 kernel/locking/mutex.c:876 modeset_lock+0x2bf/0x650 drivers/gpu/drm/drm_modeset_lock.c:314 drm_atomic_get_plane_state+0x1c1/0x500 drivers/gpu/drm/drm_atomic.c:541 drm_client_modeset_commit_atomic+0x1a1/0x7e0 drivers/gpu/drm/drm_client_modeset.c:1020 drm_client_modeset_commit_locked+0xe0/0x520 drivers/gpu/drm/drm_client_modeset.c:1171 pan_display_atomic drivers/gpu/drm/drm_fb_helper.c:1371 [inline] drm_fb_helper_pan_display+0x379/0xc10 drivers/gpu/drm/drm_fb_helper.c:1431 fb_pan_display+0x3a3/0x680 drivers/video/fbdev/core/fbmem.c:191 bit_update_start+0x4d/0x1c0 drivers/video/fbdev/core/bitblit.c:381 fbcon_switch+0x144b/0x2250 drivers/video/fbdev/core/fbcon.c:2186 redraw_screen+0x546/0xe90 drivers/tty/vt/vt.c:957 fbcon_prepare_logo+0x9ba/0xd20 drivers/video/fbdev/core/fbcon.c:633 con2fb_init_display drivers/video/fbdev/core/fbcon.c:819 [inline] set_con2fb_map+0xc24/0x11e0 drivers/video/fbdev/core/fbcon.c:885 do_fb_registered drivers/video/fbdev/core/fbcon.c:2992 [inline] fbcon_fb_registered+0x251/0x620 drivers/video/fbdev/core/fbcon.c:3008 do_register_framebuffer drivers/video/fbdev/core/fbmem.c:449 [inline] register_framebuffer+0x654/0x810 drivers/video/fbdev/core/fbmem.c:515 __drm_fb_helper_initial_config_and_unlock+0x1716/0x1df0 drivers/gpu/drm/drm_fb_helper.c:1869 drm_fbdev_shmem_client_hotplug+0x16e/0x230 drivers/gpu/drm/drm_fbdev_shmem.c:250 drm_client_register+0x17f/0x210 drivers/gpu/drm/drm_client.c:141 virtio_gpu_probe+0x22e/0x3c0 drivers/gpu/drm/virtio/virtgpu_drv.c:106 virtio_dev_probe+0x931/0xc80 drivers/virtio/virtio.c:341 really_probe+0x2b8/0xad0 drivers/base/dd.c:658 __driver_probe_device+0x1a2/0x390 drivers/base/dd.c:800 driver_probe_device+0x50/0x430 drivers/base/dd.c:830 __driver_attach+0x45f/0x710 drivers/base/dd.c:1216 bus_for_each_dev+0x239/0x2b0 drivers/base/bus.c:370 bus_add_driver+0x346/0x670 drivers/base/bus.c:675 driver_register+0x23a/0x320 drivers/base/driver.c:246 do_one_initcall+0x248/0x880 init/main.c:1269 do_initcall_level+0x157/0x210 init/main.c:1331 do_initcalls+0x3f/0x80 init/main.c:1347 kernel_init_freeable+0x435/0x5d0 init/main.c:1580 kernel_init+0x1d/0x2b0 init/main.c:1469 ret_from_fork+0x4b/0x80 arch/x86/kernel/process.c:147 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244 INFO: task kworker/0:1:9 blocked for more than 143 seconds. Not tainted 6.11.0-syzkaller-11993-g3efc57369a0c #0 "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. task:kworker/0:1 state:D stack:26192 pid:9 tgid:9 ppid:2 flags:0x4000 Workqueue: events virtio_gpu_dequeue_ctrl_func Call Trace: context_switch kernel/sched/core.c:5315 [inline] __schedule+0x1895/0x4b30 kernel/sched/core.c:6675 __schedule_loop kernel/sched/core.c:6752 [inline] schedule+0x14b/0x320 kernel/sched/core.c:6767 schedule_preempt_disabled+0x13/0x30 kernel/sched/core.c:6824 __mutex_lock_common kernel/locking/mutex.c:684 [inline] __mutex_lock+0x6a7/0xd70 kernel/locking/mutex.c:752 drm_client_dev_hotplug+0xd0/0x3c0 drivers/gpu/drm/drm_client.c:230 virtio_gpu_dequeue_ctrl_func+0x605/0xa50 drivers/gpu/drm/virtio/virtgpu_vq.c:235 process_one_work kernel/workqueue.c:3229 [inline] process_scheduled_works+0xa63/0x1850 kernel/wo
[syzbot] Monthly dri report (Sep 2024)
Hello dri maintainers/developers, This is a 31-day syzbot report for the dri subsystem. All related reports/information can be found at: https://syzkaller.appspot.com/upstream/s/dri During the period, 0 new issues were detected and 0 were fixed. In total, 18 issues are still open and 31 have been fixed so far. Some of the still happening issues: Ref Crashes Repro Title <1> 569 Yes WARNING in drm_syncobj_array_find https://syzkaller.appspot.com/bug?extid=95416f957d84e858b377 <2> 292 Yes WARNING in vkms_get_vblank_timestamp (2) https://syzkaller.appspot.com/bug?extid=93bd128a383695391534 <3> 66 Yes WARNING in drm_mode_create_lease_ioctl https://syzkaller.appspot.com/bug?extid=6754751ad05524dae739 <4> 17 Yes WARNING in drm_gem_prime_fd_to_handle https://syzkaller.appspot.com/bug?extid=268d319a7bfd92f4ae01 <5> 11 Yes divide error in drm_mode_vrefresh https://syzkaller.appspot.com/bug?extid=622bba18029bcde672e1 <6> 8 NoWARNING in drm_wait_one_vblank (2) https://syzkaller.appspot.com/bug?extid=147ba789658184f0ce04 <7> 4 Yes WARNING in drm_gem_object_handle_put_unlocked https://syzkaller.appspot.com/bug?extid=ef3256a360c02207a4cb <8> 4 Yes divide error in drm_mode_debug_printmodeline https://syzkaller.appspot.com/bug?extid=2e93e6fb36e6fdc56574 --- This report is generated by a bot. It may contain errors. See https://goo.gl/tpsmEJ for more information about syzbot. syzbot engineers can be reached at syzkal...@googlegroups.com. To disable reminders for individual bugs, reply with the following command: #syz set no-reminders To change bug's subsystems, reply with: #syz set subsystems: new-subsystem You may send multiple commands in a single email message.
[syzbot] [btrfs?] [fbdev?] BUG: unable to handle kernel NULL pointer dereference in fbcon_putcs (3)
Hello, syzbot found the following issue on: HEAD commit:da3ea35007d0 Linux 6.11-rc7 git tree: upstream console output: https://syzkaller.appspot.com/x/log.txt?x=15662a8b98 kernel config: https://syzkaller.appspot.com/x/.config?x=61d235cb8d15001c dashboard link: https://syzkaller.appspot.com/bug?extid=3d613ae53c031502687a compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 syz repro: https://syzkaller.appspot.com/x/repro.syz?x=1222142058 C reproducer: https://syzkaller.appspot.com/x/repro.c?x=1133a79798 Downloadable assets: disk image (non-bootable): https://storage.googleapis.com/syzbot-assets/7bc7510fe41f/non_bootable_disk-da3ea350.raw.xz vmlinux: https://storage.googleapis.com/syzbot-assets/1ab780d224f6/vmlinux-da3ea350.xz kernel image: https://storage.googleapis.com/syzbot-assets/834dde85c1c2/bzImage-da3ea350.xz mounted in repro: https://storage.googleapis.com/syzbot-assets/f56cd5277a08/mount_8.gz IMPORTANT: if you fix the issue, please add the following tag to the commit: Reported-by: syzbot+3d613ae53c0315026...@syzkaller.appspotmail.com BTRFS info (device loop0): disabling free space tree BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) BUG: kernel NULL pointer dereference, address: #PF: supervisor instruction fetch in kernel mode #PF: error_code(0x0010) - not-present page PGD 357e5067 P4D 357e5067 PUD 3c1d6067 PMD 0 Oops: Oops: 0010 [#1] PREEMPT SMP KASAN NOPTI CPU: 0 UID: 0 PID: 5093 Comm: syz-executor182 Not tainted 6.11.0-rc7-syzkaller #0 Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 RIP: 0010:0x0 Code: Unable to access opcode bytes at 0xffd6. RSP: 0018:c90002c5f6b8 EFLAGS: 00010282 RAX: RBX: 88801acc9000 RCX: 0001 RDX: 888033fd413e RSI: 88801f5cb000 RDI: 88801acc9000 RBP: 1110067fa827 R08: R09: 009f R10: 0002 R11: R12: 88801f5cb000 R13: dc00 R14: R15: 888033fd413e FS: 86260380() GS:88801fe0() knlGS: CS: 0010 DS: ES: CR0: 80050033 CR2: ffd6 CR3: 409ee000 CR4: 00350ef0 DR0: DR1: DR2: DR3: DR6: fffe0ff0 DR7: 0400 Call Trace: fbcon_putcs+0x255/0x390 drivers/video/fbdev/core/fbcon.c:1288 do_update_region+0x396/0x450 drivers/tty/vt/vt.c:619 invert_screen+0x401/0xe50 drivers/tty/vt/vt.c:740 highlight drivers/tty/vt/selection.c:57 [inline] clear_selection+0x59/0x80 drivers/tty/vt/selection.c:87 vc_do_resize+0x6e6/0x17f0 drivers/tty/vt/vt.c:1187 vc_resize include/linux/vt_kern.h:49 [inline] fbcon_set_disp+0xac9/0x11d0 drivers/video/fbdev/core/fbcon.c:1389 con2fb_init_display drivers/video/fbdev/core/fbcon.c:794 [inline] set_con2fb_map+0xa6c/0x10a0 drivers/video/fbdev/core/fbcon.c:865 fbcon_set_con2fb_map_ioctl+0x207/0x320 drivers/video/fbdev/core/fbcon.c:3092 do_fb_ioctl+0x38f/0x7b0 drivers/video/fbdev/core/fb_chrdev.c:138 vfs_ioctl fs/ioctl.c:51 [inline] __do_sys_ioctl fs/ioctl.c:907 [inline] __se_sys_ioctl+0xfc/0x170 fs/ioctl.c:893 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x77/0x7f RIP: 0033:0x7f7cf95f6fa9 Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 f1 17 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 RSP: 002b:7ffdb38b4c58 EFLAGS: 0246 ORIG_RAX: 0010 RAX: ffda RBX: 7573617461646f6e RCX: 7f7cf95f6fa9 RDX: 20c0 RSI: 4610 RDI: 0003 RBP: 7f7cf96705f0 R08: 862614c0 R09: 862614c0 R10: 862614c0 R11: 0246 R12: 7ffdb38b4c80 R13: 7ffdb38b4ea8 R14: 431bde82d7b634db R15: 7f7cf964001d Modules linked in: CR2: ---[ end trace ]--- RIP: 0010:0x0 Code: Unable to access opcode bytes at 0xffd6. RSP: 0018:c90002c5f6b8 EFLAGS: 00010282 RAX: RBX: 88801acc9000 RCX: 0001 RDX: 888033fd413e RSI: 88801f5cb000 RDI: 88801acc9000 RBP: 1110067fa827 R08: R09: 009f R10: 0002 R11: R12: 88801f5cb000 R13: dc00 R14: R15: 888033fd413e FS: 86260380() GS:88801fe0() knlGS: CS: 0010 DS: ES: CR0: 80050033 CR2: ffd6 CR3: 409ee000 CR4: 00350ef0 DR0: DR1: DR2: DR3: 00
Re: [syzbot] [fbdev?] KASAN: vmalloc-out-of-bounds Write in imageblit (4)
syzbot has found a reproducer for the following issue on: HEAD commit:c7fb1692dc01 Merge tag 'for-linus' of git://git.kernel.org.. git tree: upstream console output: https://syzkaller.appspot.com/x/log.txt?x=11742d6398 kernel config: https://syzkaller.appspot.com/x/.config?x=660f6eb11f9c7dc5 dashboard link: https://syzkaller.appspot.com/bug?extid=c4b7aa0513823e2ea880 compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 syz repro: https://syzkaller.appspot.com/x/repro.syz?x=1170365398 C reproducer: https://syzkaller.appspot.com/x/repro.c?x=154565b798 Downloadable assets: disk image (non-bootable): https://storage.googleapis.com/syzbot-assets/7bc7510fe41f/non_bootable_disk-c7fb1692.raw.xz vmlinux: https://storage.googleapis.com/syzbot-assets/246da487db6f/vmlinux-c7fb1692.xz kernel image: https://storage.googleapis.com/syzbot-assets/f0ea1e4dac0f/bzImage-c7fb1692.xz IMPORTANT: if you fix the issue, please add the following tag to the commit: Reported-by: syzbot+c4b7aa0513823e2ea...@syzkaller.appspotmail.com R10: 0001 R11: 0246 R12: 0001 R13: 431bde82d7b634db R14: 0001 R15: 0001 == BUG: KASAN: vmalloc-out-of-bounds in fast_imageblit drivers/video/fbdev/core/sysimgblt.c:257 [inline] BUG: KASAN: vmalloc-out-of-bounds in sys_imageblit+0x1ec6/0x2b00 drivers/video/fbdev/core/sysimgblt.c:326 Write of size 4 at addr c90001c41000 by task syz-executor161/5103 CPU: 0 UID: 0 PID: 5103 Comm: syz-executor161 Not tainted 6.11.0-rc6-syzkaller-00048-gc7fb1692dc01 #0 Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 Call Trace: __dump_stack lib/dump_stack.c:93 [inline] dump_stack_lvl+0x241/0x360 lib/dump_stack.c:119 print_address_description mm/kasan/report.c:377 [inline] print_report+0x169/0x550 mm/kasan/report.c:488 kasan_report+0x143/0x180 mm/kasan/report.c:601 fast_imageblit drivers/video/fbdev/core/sysimgblt.c:257 [inline] sys_imageblit+0x1ec6/0x2b00 drivers/video/fbdev/core/sysimgblt.c:326 drm_fbdev_shmem_defio_imageblit+0x2e/0x100 drivers/gpu/drm/drm_fbdev_shmem.c:39 bit_putcs+0x18ba/0x1db0 fbcon_putcs+0x255/0x390 drivers/video/fbdev/core/fbcon.c:1288 do_update_region+0x396/0x450 drivers/tty/vt/vt.c:619 redraw_screen+0x902/0xe90 drivers/tty/vt/vt.c:971 con2fb_init_display drivers/video/fbdev/core/fbcon.c:794 [inline] set_con2fb_map+0xa6c/0x10a0 drivers/video/fbdev/core/fbcon.c:865 fbcon_set_con2fb_map_ioctl+0x207/0x320 drivers/video/fbdev/core/fbcon.c:3092 do_fb_ioctl+0x38f/0x7b0 drivers/video/fbdev/core/fb_chrdev.c:138 vfs_ioctl fs/ioctl.c:51 [inline] __do_sys_ioctl fs/ioctl.c:907 [inline] __se_sys_ioctl+0xfc/0x170 fs/ioctl.c:893 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x77/0x7f RIP: 0033:0x7feb9b353729 Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 a1 1a 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 RSP: 002b:7ffde9b9f968 EFLAGS: 0246 ORIG_RAX: 0010 RAX: ffda RBX: 7ffde9b9f980 RCX: 7feb9b353729 RDX: 20c0 RSI: 4610 RDI: 0003 RBP: 0001 R08: 7ffde9b9f707 R09: 00a0 R10: 0001 R11: 0246 R12: 0001 R13: 431bde82d7b634db R14: 0001 R15: 0001 The buggy address belongs to the virtual mapping at [c90001941000, c90001c42000) created by: drm_gem_shmem_vmap+0x3ac/0x630 drivers/gpu/drm/drm_gem_shmem_helper.c:343 Memory state around the buggy address: c90001c40f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 c90001c40f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 >c90001c41000: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 ^ c90001c41080: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 c90001c41100: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 == --- If you want syzbot to run the reproducer, reply with: #syz test: git://repo/address.git branch-or-commit-hash If you attach or paste a git patch, syzbot will apply it before testing.
[syzbot] [fbdev?] KASAN: vmalloc-out-of-bounds Write in imageblit (4)
Hello, syzbot found the following issue on: HEAD commit:670c12ce09a8 Merge tag 'for-6.11/dm-fixes' of git://git.ke.. git tree: upstream console output: https://syzkaller.appspot.com/x/log.txt?x=11d41cdd98 kernel config: https://syzkaller.appspot.com/x/.config?x=7229118d88b4a71b dashboard link: https://syzkaller.appspot.com/bug?extid=c4b7aa0513823e2ea880 compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 Unfortunately, I don't have any reproducer for this issue yet. Downloadable assets: disk image (non-bootable): https://storage.googleapis.com/syzbot-assets/7bc7510fe41f/non_bootable_disk-670c12ce.raw.xz vmlinux: https://storage.googleapis.com/syzbot-assets/fdc54e331300/vmlinux-670c12ce.xz kernel image: https://storage.googleapis.com/syzbot-assets/e69f58032670/bzImage-670c12ce.xz IMPORTANT: if you fix the issue, please add the following tag to the commit: Reported-by: syzbot+c4b7aa0513823e2ea...@syzkaller.appspotmail.com FAULT_INJECTION: forcing a failure. name fail_page_alloc, interval 1, probability 0, space 0, times 1 CPU: 0 UID: 0 PID: 5106 Comm: syz.0.0 Not tainted 6.11.0-rc3-syzkaller-00221-g670c12ce09a8 #0 Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 Call Trace: __dump_stack lib/dump_stack.c:93 [inline] dump_stack_lvl+0x241/0x360 lib/dump_stack.c:119 fail_dump lib/fault-inject.c:52 [inline] should_fail_ex+0x3b0/0x4e0 lib/fault-inject.c:153 prepare_alloc_pages+0x1da/0x5d0 mm/page_alloc.c:4473 __alloc_pages_noprof+0x166/0x6c0 mm/page_alloc.c:4689 __alloc_pages_node_noprof include/linux/gfp.h:269 [inline] alloc_pages_node_noprof include/linux/gfp.h:296 [inline] ___kmalloc_large_node+0x8b/0x1d0 mm/slub.c:4103 __kmalloc_large_node_noprof+0x1a/0x80 mm/slub.c:4130 __do_kmalloc_node mm/slub.c:4146 [inline] __kmalloc_noprof+0x2ae/0x400 mm/slub.c:4170 kmalloc_noprof include/linux/slab.h:685 [inline] kzalloc_noprof include/linux/slab.h:807 [inline] vc_do_resize+0x31b/0x17f0 drivers/tty/vt/vt.c:1174 vc_resize include/linux/vt_kern.h:49 [inline] fbcon_set_disp+0xac9/0x11d0 drivers/video/fbdev/core/fbcon.c:1389 con2fb_init_display drivers/video/fbdev/core/fbcon.c:794 [inline] set_con2fb_map+0xa6c/0x10a0 drivers/video/fbdev/core/fbcon.c:865 fbcon_set_con2fb_map_ioctl+0x207/0x320 drivers/video/fbdev/core/fbcon.c:3092 do_fb_ioctl+0x38f/0x7b0 drivers/video/fbdev/core/fb_chrdev.c:138 vfs_ioctl fs/ioctl.c:51 [inline] __do_sys_ioctl fs/ioctl.c:907 [inline] __se_sys_ioctl+0xfc/0x170 fs/ioctl.c:893 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x77/0x7f RIP: 0033:0x7f76311799b9 Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 RSP: 002b:7f7631f9d038 EFLAGS: 0246 ORIG_RAX: 0010 RAX: ffda RBX: 7f7631315f80 RCX: 7f76311799b9 RDX: 20c0 RSI: 4610 RDI: 0003 RBP: 7f7631f9d090 R08: R09: R10: R11: 0246 R12: 0002 R13: R14: 7f7631315f80 R15: 7ffcf9b0e3e8 == BUG: KASAN: vmalloc-out-of-bounds in fast_imageblit drivers/video/fbdev/core/sysimgblt.c:257 [inline] BUG: KASAN: vmalloc-out-of-bounds in sys_imageblit+0x1ec6/0x2b00 drivers/video/fbdev/core/sysimgblt.c:326 Write of size 4 at addr c90001c19000 by task syz.0.0/5106 CPU: 0 UID: 0 PID: 5106 Comm: syz.0.0 Not tainted 6.11.0-rc3-syzkaller-00221-g670c12ce09a8 #0 Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 Call Trace: __dump_stack lib/dump_stack.c:93 [inline] dump_stack_lvl+0x241/0x360 lib/dump_stack.c:119 print_address_description mm/kasan/report.c:377 [inline] print_report+0x169/0x550 mm/kasan/report.c:488 kasan_report+0x143/0x180 mm/kasan/report.c:601 fast_imageblit drivers/video/fbdev/core/sysimgblt.c:257 [inline] sys_imageblit+0x1ec6/0x2b00 drivers/video/fbdev/core/sysimgblt.c:326 drm_fbdev_shmem_defio_imageblit+0x2e/0x100 drivers/gpu/drm/drm_fbdev_shmem.c:39 bit_putcs+0x18ba/0x1db0 fbcon_putcs+0x255/0x390 drivers/video/fbdev/core/fbcon.c:1288 do_update_region+0x396/0x450 drivers/tty/vt/vt.c:619 redraw_screen+0x902/0xe90 drivers/tty/vt/vt.c:971 con2fb_init_display drivers/video/fbdev/core/fbcon.c:794 [inline] set_con2fb_map+0xa6c/0x10a0 drivers/video/fbdev/core/fbcon.c:865 fbcon_set_con2fb_map_ioctl+0x207/0x320 drivers/video/fbdev/core/fbcon.c:3092 do_fb_ioctl+0x38f/0x7b0 drivers/video/fbdev/core/fb_chrdev.c:138 vfs_ioctl fs/ioctl.c:51 [inline] __do_sys_ioctl fs/ioctl.c:907 [inline] __se_sys_ioctl+0xfc/0x170 fs/ioctl.c:893 do_syscall_x64 arch/x86/entr
Re: [syzbot] [mm?] kernel BUG in filemap_unaccount_folio
syzbot suspects this issue was fixed by commit: commit 7d79cd784470395539bda91bf0b3505ff5b2ab6d Author: Vivek Kasireddy Date: Mon Jun 24 06:36:13 2024 + udmabuf: use vmf_insert_pfn and VM_PFNMAP for handling mmap bisection log: https://syzkaller.appspot.com/x/bisect.txt?x=17dad69198 start commit: 9b6de136b5f0 Merge tag 'loongarch-fixes-6.7-1' of git://gi.. git tree: upstream kernel config: https://syzkaller.appspot.com/x/.config?x=6ae1a4ee971a7305 dashboard link: https://syzkaller.appspot.com/bug?extid=17a207d226b8a5fb0fd9 syz repro: https://syzkaller.appspot.com/x/repro.syz?x=15f58d6768 C reproducer: https://syzkaller.appspot.com/x/repro.c?x=10a78c62e8 If the result looks correct, please mark the issue as fixed by replying with: #syz fix: udmabuf: use vmf_insert_pfn and VM_PFNMAP for handling mmap For information about bisection process see: https://goo.gl/tpsmEJ#bisection
[syzbot] Monthly dri report (Aug 2024)
Hello dri maintainers/developers, This is a 31-day syzbot report for the dri subsystem. All related reports/information can be found at: https://syzkaller.appspot.com/upstream/s/dri During the period, 1 new issues were detected and 0 were fixed. In total, 21 issues are still open and 31 have been fixed so far. Some of the still happening issues: Ref Crashes Repro Title <1> 480 Yes WARNING in drm_syncobj_array_find https://syzkaller.appspot.com/bug?extid=95416f957d84e858b377 <2> 288 Yes WARNING in vkms_get_vblank_timestamp (2) https://syzkaller.appspot.com/bug?extid=93bd128a383695391534 <3> 64 Yes WARNING in drm_mode_create_lease_ioctl https://syzkaller.appspot.com/bug?extid=6754751ad05524dae739 <4> 17 Yes WARNING in drm_gem_prime_fd_to_handle https://syzkaller.appspot.com/bug?extid=268d319a7bfd92f4ae01 <5> 4 Yes divide error in drm_mode_debug_printmodeline https://syzkaller.appspot.com/bug?extid=2e93e6fb36e6fdc56574 <6> 3 Yes WARNING in drm_prime_fd_to_handle_ioctl https://syzkaller.appspot.com/bug?extid=0da81ccba2345eeb7f48 <7> 3 NoWARNING in drm_wait_one_vblank (2) https://syzkaller.appspot.com/bug?extid=147ba789658184f0ce04 <8> 2 Yes WARNING in drm_prime_destroy_file_private (2) https://syzkaller.appspot.com/bug?extid=59dcc2e7283a6f5f5ba1 --- This report is generated by a bot. It may contain errors. See https://goo.gl/tpsmEJ for more information about syzbot. syzbot engineers can be reached at syzkal...@googlegroups.com. To disable reminders for individual bugs, reply with the following command: #syz set no-reminders To change bug's subsystems, reply with: #syz set subsystems: new-subsystem You may send multiple commands in a single email message.
[syzbot] [dri?] WARNING in drm_wait_one_vblank (2)
Hello, syzbot found the following issue on: HEAD commit:6342649c33d2 Merge tag 'block-6.11-20240726' of git://git... git tree: upstream console output: https://syzkaller.appspot.com/x/log.txt?x=1443cb0398 kernel config: https://syzkaller.appspot.com/x/.config?x=5efb917b1462a973 dashboard link: https://syzkaller.appspot.com/bug?extid=147ba789658184f0ce04 compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 Unfortunately, I don't have any reproducer for this issue yet. Downloadable assets: disk image: https://storage.googleapis.com/syzbot-assets/6057dd16bc1c/disk-6342649c.raw.xz vmlinux: https://storage.googleapis.com/syzbot-assets/4121b87a6477/vmlinux-6342649c.xz kernel image: https://storage.googleapis.com/syzbot-assets/57d676edb7cb/bzImage-6342649c.xz IMPORTANT: if you fix the issue, please add the following tag to the commit: Reported-by: syzbot+147ba789658184f0c...@syzkaller.appspotmail.com [ cut here ] platform vkms: [drm] vblank wait timed out on crtc 0 WARNING: CPU: 1 PID: 7412 at drivers/gpu/drm/drm_vblank.c:1307 drm_wait_one_vblank+0x976/0x9f0 drivers/gpu/drm/drm_vblank.c:1307 Modules linked in: CPU: 1 UID: 0 PID: 7412 Comm: syz.1.410 Not tainted 6.10.0-syzkaller-12881-g6342649c33d2 #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024 RIP: 0010:drm_wait_one_vblank+0x976/0x9f0 drivers/gpu/drm/drm_vblank.c:1307 Code: 80 3c 08 00 74 08 4c 89 ff e8 76 0a 9c fc 49 8b 1f 48 c7 c7 e0 f4 72 8c 4c 89 f6 48 89 da 8b 5c 24 0c 89 d9 e8 0b e1 f6 fb 90 <0f> 0b 90 90 49 be 00 00 00 00 00 fc ff df e9 68 fb ff ff 44 89 e9 RSP: 0018:c90003f87ac0 EFLAGS: 00010246 RAX: 1af066dba6c5c900 RBX: RCX: 0004 RDX: c900041f9000 RSI: 00031631 RDI: 00031632 RBP: c90003f87c00 R08: 815592f2 R09: fbfff1cf9f80 R10: dc00 R11: fbfff1cf9f80 R12: 1920007f0f64 R13: 2635 R14: 8c861520 R15: 888020618010 FS: 7ff6598ef6c0() GS:8880b930() knlGS: CS: 0010 DS: ES: CR0: 80050033 CR2: 7ff6598ced58 CR3: 4b096000 CR4: 003506f0 DR0: DR1: DR2: DR3: DR6: fffe0ff0 DR7: 0400 Call Trace: drm_fb_helper_ioctl+0x114/0x140 drivers/gpu/drm/drm_fb_helper.c:1088 do_fb_ioctl+0x40a/0x7b0 drivers/video/fbdev/core/fb_chrdev.c:155 vfs_ioctl fs/ioctl.c:51 [inline] __do_sys_ioctl fs/ioctl.c:907 [inline] __se_sys_ioctl+0xfc/0x170 fs/ioctl.c:893 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x77/0x7f RIP: 0033:0x7ff658b77299 Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 RSP: 002b:7ff6598ef048 EFLAGS: 0246 ORIG_RAX: 0010 RAX: ffda RBX: 7ff658d05f80 RCX: 7ff658b77299 RDX: RSI: 40044620 RDI: 0003 RBP: 7ff658be48e6 R08: R09: R10: R11: 0246 R12: R13: 000b R14: 7ff658d05f80 R15: 7ff658e2fa38 --- This report is generated by a bot. It may contain errors. See https://goo.gl/tpsmEJ for more information about syzbot. syzbot engineers can be reached at syzkal...@googlegroups.com. syzbot will keep track of this issue. See: https://goo.gl/tpsmEJ#status for how to communicate with syzbot. If the report is already addressed, let syzbot know by replying with: #syz fix: exact-commit-title If you want to overwrite report's subsystems, reply with: #syz set subsystems: new-subsystem (See the list of subsystem names on the web dashboard) If the report is a duplicate of another one, reply with: #syz dup: exact-subject-of-another-report If you want to undo deduplication, reply with: #syz undup
[syzbot] [fbdev?] KASAN: global-out-of-bounds Read in bit_putcs (3)
Hello, syzbot found the following issue on: HEAD commit:c912bf709078 Merge remote-tracking branches 'origin/arm64-.. git tree: git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci console output: https://syzkaller.appspot.com/x/log.txt?x=13b495bd98 kernel config: https://syzkaller.appspot.com/x/.config?x=35545feca25ede03 dashboard link: https://syzkaller.appspot.com/bug?extid=793cf822d213be1a74f2 compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 userspace arch: arm64 Unfortunately, I don't have any reproducer for this issue yet. Downloadable assets: disk image: https://storage.googleapis.com/syzbot-assets/caeac6485006/disk-c912bf70.raw.xz vmlinux: https://storage.googleapis.com/syzbot-assets/501c87f28da9/vmlinux-c912bf70.xz kernel image: https://storage.googleapis.com/syzbot-assets/6812e99b7182/Image-c912bf70.gz.xz IMPORTANT: if you fix the issue, please add the following tag to the commit: Reported-by: syzbot+793cf822d213be1a7...@syzkaller.appspotmail.com == BUG: KASAN: global-out-of-bounds in __fb_pad_aligned_buffer include/linux/fb.h:633 [inline] BUG: KASAN: global-out-of-bounds in bit_putcs_aligned drivers/video/fbdev/core/bitblit.c:96 [inline] BUG: KASAN: global-out-of-bounds in bit_putcs+0x9b8/0xe30 drivers/video/fbdev/core/bitblit.c:185 Read of size 1 at addr 80008b830d80 by task syz.1.1270/10828 CPU: 0 PID: 10828 Comm: syz.1.1270 Not tainted 6.10.0-rc7-syzkaller-gc912bf709078 #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 Call trace: dump_backtrace+0x1b8/0x1e4 arch/arm64/kernel/stacktrace.c:317 show_stack+0x2c/0x3c arch/arm64/kernel/stacktrace.c:324 __dump_stack lib/dump_stack.c:88 [inline] dump_stack_lvl+0xe4/0x150 lib/dump_stack.c:114 print_address_description mm/kasan/report.c:377 [inline] print_report+0x198/0x538 mm/kasan/report.c:488 kasan_report+0xd8/0x138 mm/kasan/report.c:601 __asan_report_load1_noabort+0x20/0x2c mm/kasan/report_generic.c:378 __fb_pad_aligned_buffer include/linux/fb.h:633 [inline] bit_putcs_aligned drivers/video/fbdev/core/bitblit.c:96 [inline] bit_putcs+0x9b8/0xe30 drivers/video/fbdev/core/bitblit.c:185 fbcon_putcs+0x318/0x4e8 drivers/video/fbdev/core/fbcon.c:1288 do_update_region+0x1e8/0x3d0 drivers/tty/vt/vt.c:609 update_region+0x1e0/0x478 drivers/tty/vt/vt.c:633 vcs_write+0x90c/0x10c8 drivers/tty/vt/vc_screen.c:698 do_loop_readv_writev fs/read_write.c:764 [inline] vfs_writev+0x5c8/0xb80 fs/read_write.c:973 do_writev+0x178/0x304 fs/read_write.c:1018 __do_sys_writev fs/read_write.c:1091 [inline] __se_sys_writev fs/read_write.c:1088 [inline] __arm64_sys_writev+0x80/0x94 fs/read_write.c:1088 __invoke_syscall arch/arm64/kernel/syscall.c:34 [inline] invoke_syscall+0x98/0x2b8 arch/arm64/kernel/syscall.c:48 el0_svc_common+0x130/0x23c arch/arm64/kernel/syscall.c:131 do_el0_svc+0x48/0x58 arch/arm64/kernel/syscall.c:150 el0_svc+0x54/0x168 arch/arm64/kernel/entry-common.c:712 el0t_64_sync_handler+0x84/0xfc arch/arm64/kernel/entry-common.c:730 el0t_64_sync+0x190/0x194 arch/arm64/kernel/entry.S:598 The buggy address belongs to the variable: oid_data+0x340/0x3a0 The buggy address belongs to the virtual mapping at [80008b26, 80008ee2) created by: declare_kernel_vmas+0x58/0xb8 arch/arm64/mm/mmu.c:770 The buggy address belongs to the physical page: page: refcount:1 mapcount:0 mapping: index:0x0 pfn:0x1a9430 flags: 0x5ffc0002000(reserved|node=0|zone=2|lastcpupid=0x7ff) raw: 05ffc0002000 fdffc5a50c08 fdffc5a50c08 raw: 0001 page dumped because: kasan: bad access detected Memory state around the buggy address: 80008b830c80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80008b830d00: 00 00 00 07 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 >80008b830d80: f9 f9 f9 f9 f9 f9 f9 f9 00 00 00 00 06 f9 f9 f9 ^ 80008b830e00: 05 f9 f9 f9 06 f9 f9 f9 00 00 00 00 00 00 00 00 80008b830e80: 00 00 00 00 00 00 00 00 00 00 00 00 00 02 f9 f9 == --- This report is generated by a bot. It may contain errors. See https://goo.gl/tpsmEJ for more information about syzbot. syzbot engineers can be reached at syzkal...@googlegroups.com. syzbot will keep track of this issue. See: https://goo.gl/tpsmEJ#status for how to communicate with syzbot. If the report is already addressed, let syzbot know by replying with: #syz fix: exact-commit-title If you want to overwrite report's subsystems, reply with: #syz set subsystems: new-subsystem (See the list of subsystem names on the web dashboard) If the report is a duplicate of another one, reply with: #syz dup: exact-subject-of-another-report If you want to undo deduplication, reply with: #syz undup
[syzbot] Monthly dri report (Jul 2024)
Hello dri maintainers/developers, This is a 31-day syzbot report for the dri subsystem. All related reports/information can be found at: https://syzkaller.appspot.com/upstream/s/dri During the period, 3 new issues were detected and 0 were fixed. In total, 21 issues are still open and 31 have been fixed so far. Some of the still happening issues: Ref Crashes Repro Title <1> 468 Yes WARNING in drm_syncobj_array_find https://syzkaller.appspot.com/bug?extid=95416f957d84e858b377 <2> 278 Yes WARNING in vkms_get_vblank_timestamp (2) https://syzkaller.appspot.com/bug?extid=93bd128a383695391534 <3> 38 Yes WARNING in drm_mode_create_lease_ioctl https://syzkaller.appspot.com/bug?extid=6754751ad05524dae739 <4> 17 Yes WARNING in drm_gem_prime_fd_to_handle https://syzkaller.appspot.com/bug?extid=268d319a7bfd92f4ae01 <5> 13 NoWARNING in drm_atomic_helper_wait_for_vblanks (3) https://syzkaller.appspot.com/bug?extid=0ac28002caff799b9e57 <6> 10 Yes divide error in drm_mode_vrefresh https://syzkaller.appspot.com/bug?extid=622bba18029bcde672e1 <7> 4 Yes WARNING in drm_gem_object_handle_put_unlocked https://syzkaller.appspot.com/bug?extid=ef3256a360c02207a4cb <8> 4 Yes divide error in drm_mode_debug_printmodeline https://syzkaller.appspot.com/bug?extid=2e93e6fb36e6fdc56574 <9> 2 Yes WARNING in drm_prime_destroy_file_private (2) https://syzkaller.appspot.com/bug?extid=59dcc2e7283a6f5f5ba1 --- This report is generated by a bot. It may contain errors. See https://goo.gl/tpsmEJ for more information about syzbot. syzbot engineers can be reached at syzkal...@googlegroups.com. To disable reminders for individual bugs, reply with the following command: #syz set no-reminders To change bug's subsystems, reply with: #syz set subsystems: new-subsystem You may send multiple commands in a single email message.
[syzbot] [dri?] possible deadlock in drm_modeset_lock
Hello,
syzbot found the following issue on:
HEAD commit:8e2f4becf4fa Merge remote-tracking branch 'tglx/devmsi-arm..
git tree: git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git
for-kernelci
console output: https://syzkaller.appspot.com/x/log.txt?x=10676a9e98
kernel config: https://syzkaller.appspot.com/x/.config?x=15349546db652fd3
dashboard link: https://syzkaller.appspot.com/bug?extid=2e171785a12db2e2bd5d
compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian)
2.40
userspace arch: arm64
Unfortunately, I don't have any reproducer for this issue yet.
Downloadable assets:
disk image:
https://storage.googleapis.com/syzbot-assets/ee71a34a1c26/disk-8e2f4bec.raw.xz
vmlinux:
https://storage.googleapis.com/syzbot-assets/f8a6bf3c4b1c/vmlinux-8e2f4bec.xz
kernel image:
https://storage.googleapis.com/syzbot-assets/236760504de5/Image-8e2f4bec.gz.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+2e171785a12db2e2b...@syzkaller.appspotmail.com
==
WARNING: possible circular locking dependency detected
6.10.0-rc6-syzkaller-g8e2f4becf4fa #0 Not tainted
--
syz.4.1912/14164 is trying to acquire lock:
ccd2e988 (&mm->mmap_lock){}-{3:3}, at: __might_fault+0x9c/0x124
mm/memory.c:6233
but task is already holding lock:
c8f64518 (crtc_ww_class_mutex){+.+.}-{3:3}, at:
drm_modeset_lock+0x78/0xa4 drivers/gpu/drm/drm_modeset_lock.c:398
which lock already depends on the new lock.
the existing dependency chain (in reverse order) is:
-> #8 (crtc_ww_class_mutex){+.+.}-{3:3}:
__mutex_lock_common+0x190/0x21a0 kernel/locking/mutex.c:608
__ww_mutex_lock kernel/locking/mutex.c:759 [inline]
ww_mutex_lock+0x64/0x3a4 kernel/locking/mutex.c:876
modeset_lock+0x278/0x59c drivers/gpu/drm/drm_modeset_lock.c:314
drm_modeset_lock+0x64/0xa4 drivers/gpu/drm/drm_modeset_lock.c:396
drmm_mode_config_init+0xba0/0x1280 drivers/gpu/drm/drm_mode_config.c:454
vkms_modeset_init drivers/gpu/drm/vkms/vkms_drv.c:156 [inline]
vkms_create drivers/gpu/drm/vkms/vkms_drv.c:215 [inline]
vkms_init+0x2fc/0x600 drivers/gpu/drm/vkms/vkms_drv.c:252
do_one_initcall+0x24c/0x9c0 init/main.c:1267
do_initcall_level+0x154/0x214 init/main.c:1329
do_initcalls+0x58/0xac init/main.c:1345
do_basic_setup+0x8c/0xa0 init/main.c:1364
kernel_init_freeable+0x324/0x478 init/main.c:1578
kernel_init+0x24/0x2a0 init/main.c:1467
ret_from_fork+0x10/0x20 arch/arm64/kernel/entry.S:860
-> #7 (crtc_ww_class_acquire){+.+.}-{0:0}:
ww_acquire_init include/linux/ww_mutex.h:149 [inline]
drm_modeset_acquire_init+0x194/0x330
drivers/gpu/drm/drm_modeset_lock.c:250
drm_client_modeset_commit_atomic+0xe0/0x730
drivers/gpu/drm/drm_client_modeset.c:1002
drm_client_modeset_commit_locked+0xd0/0x4a8
drivers/gpu/drm/drm_client_modeset.c:1166
drm_client_modeset_commit+0x50/0x7c
drivers/gpu/drm/drm_client_modeset.c:1192
__drm_fb_helper_restore_fbdev_mode_unlocked+0xd4/0x178
drivers/gpu/drm/drm_fb_helper.c:251
drm_fb_helper_set_par+0xc4/0x110 drivers/gpu/drm/drm_fb_helper.c:1347
fbcon_init+0xf34/0x1eb8 drivers/video/fbdev/core/fbcon.c:1093
visual_init+0x27c/0x548 drivers/tty/vt/vt.c:1011
do_bind_con_driver+0x7dc/0xe04 drivers/tty/vt/vt.c:3833
do_take_over_console+0x4ac/0x5f0 drivers/tty/vt/vt.c:4399
do_fbcon_takeover+0x158/0x260 drivers/video/fbdev/core/fbcon.c:531
do_fb_registered drivers/video/fbdev/core/fbcon.c:2968 [inline]
fbcon_fb_registered+0x370/0x4ec drivers/video/fbdev/core/fbcon.c:2988
do_register_framebuffer drivers/video/fbdev/core/fbmem.c:449 [inline]
register_framebuffer+0x470/0x610 drivers/video/fbdev/core/fbmem.c:515
__drm_fb_helper_initial_config_and_unlock+0x13b0/0x19a4
drivers/gpu/drm/drm_fb_helper.c:1871
drm_fb_helper_initial_config+0x48/0x64
drivers/gpu/drm/drm_fb_helper.c:1936
drm_fbdev_generic_client_hotplug+0x158/0x22c
drivers/gpu/drm/drm_fbdev_generic.c:278
drm_client_register+0x144/0x1e0 drivers/gpu/drm/drm_client.c:141
drm_fbdev_generic_setup+0x11c/0x2cc
drivers/gpu/drm/drm_fbdev_generic.c:340
vkms_create drivers/gpu/drm/vkms/vkms_drv.c:226 [inline]
vkms_init+0x4f0/0x600 drivers/gpu/drm/vkms/vkms_drv.c:252
do_one_initcall+0x24c/0x9c0 init/main.c:1267
do_initcall_level+0x154/0x214 init/main.c:1329
do_initcalls+0x58/0xac init/main.c:1345
do_basic_setup+0x8c/0xa0 init/main.c:1364
kernel_init_freeable+0x324/0x478 init/main.c:1578
kernel_init+0x24/0x2a0 init/main.c:1467
ret_from_fork+0x10/0x20 arch/arm64/kernel/entry.S:860
-> #6 (&client->modeset_mutex){+.+.}-{3:3}:
__mutex_lock_common+0x190/
[syzbot] [dri?] possible deadlock in modeset_lock
Hello,
syzbot found the following issue on:
HEAD commit:661e504db04c Merge tag 'for-6.10-rc6-tag' of git://git.ker..
git tree: upstream
console output: https://syzkaller.appspot.com/x/log.txt?x=144e9f9998
kernel config: https://syzkaller.appspot.com/x/.config?x=864caee5f78cab51
dashboard link: https://syzkaller.appspot.com/bug?extid=6cebc1af246fe020a2f0
compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian)
2.40
Unfortunately, I don't have any reproducer for this issue yet.
Downloadable assets:
disk image:
https://storage.googleapis.com/syzbot-assets/3e115f4e545a/disk-661e504d.raw.xz
vmlinux:
https://storage.googleapis.com/syzbot-assets/48cfbafd84c8/vmlinux-661e504d.xz
kernel image:
https://storage.googleapis.com/syzbot-assets/b19b9de9b5fd/bzImage-661e504d.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+6cebc1af246fe020a...@syzkaller.appspotmail.com
==
WARNING: possible circular locking dependency detected
6.10.0-rc6-syzkaller-00163-g661e504db04c #0 Not tainted
--
syz.3.2274/16483 is trying to acquire lock:
88807aca9e18 (&mm->mmap_lock){}-{3:3}, at: __might_fault+0xaa/0x120
mm/memory.c:6234
but task is already holding lock:
88801fc08518 (crtc_ww_class_mutex){+.+.}-{3:3}, at:
modeset_lock+0x2bf/0x650 drivers/gpu/drm/drm_modeset_lock.c:314
which lock already depends on the new lock.
the existing dependency chain (in reverse order) is:
-> #8 (crtc_ww_class_mutex){+.+.}-{3:3}:
lock_acquire+0x1ed/0x550 kernel/locking/lockdep.c:5754
__mutex_lock_common kernel/locking/mutex.c:608 [inline]
__ww_mutex_lock+0x1ac/0x2790 kernel/locking/mutex.c:759
ww_mutex_lock+0x40/0x1f0 kernel/locking/mutex.c:876
modeset_lock+0x2bf/0x650 drivers/gpu/drm/drm_modeset_lock.c:314
drmm_mode_config_init+0xe91/0x17d0 drivers/gpu/drm/drm_mode_config.c:454
vkms_modeset_init drivers/gpu/drm/vkms/vkms_drv.c:156 [inline]
vkms_create drivers/gpu/drm/vkms/vkms_drv.c:215 [inline]
vkms_init+0x380/0x730 drivers/gpu/drm/vkms/vkms_drv.c:252
do_one_initcall+0x24a/0x880 init/main.c:1267
do_initcall_level+0x157/0x210 init/main.c:1329
do_initcalls+0x3f/0x80 init/main.c:1345
kernel_init_freeable+0x435/0x5d0 init/main.c:1578
kernel_init+0x1d/0x2b0 init/main.c:1467
ret_from_fork+0x4d/0x80 arch/x86/kernel/process.c:147
ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244
-> #7 (crtc_ww_class_acquire){+.+.}-{0:0}:
lock_acquire+0x1ed/0x550 kernel/locking/lockdep.c:5754
ww_acquire_init include/linux/ww_mutex.h:149 [inline]
drm_modeset_acquire_init+0x1b7/0x360
drivers/gpu/drm/drm_modeset_lock.c:250
drm_client_modeset_commit_atomic+0xd5/0x7e0
drivers/gpu/drm/drm_client_modeset.c:1002
drm_client_modeset_commit_locked+0xe0/0x520
drivers/gpu/drm/drm_client_modeset.c:1166
drm_client_modeset_commit+0x4a/0x70
drivers/gpu/drm/drm_client_modeset.c:1192
__drm_fb_helper_restore_fbdev_mode_unlocked+0xc3/0x170
drivers/gpu/drm/drm_fb_helper.c:251
drm_fb_helper_set_par+0xaf/0x100 drivers/gpu/drm/drm_fb_helper.c:1347
fbcon_init+0x112d/0x2100 drivers/video/fbdev/core/fbcon.c:1093
visual_init+0x2e9/0x660 drivers/tty/vt/vt.c:1011
do_bind_con_driver+0x863/0xf60 drivers/tty/vt/vt.c:3833
do_take_over_console+0x5e7/0x750 drivers/tty/vt/vt.c:4399
do_fbcon_takeover+0x11a/0x200 drivers/video/fbdev/core/fbcon.c:531
do_fb_registered drivers/video/fbdev/core/fbcon.c:2968 [inline]
fbcon_fb_registered+0x364/0x620 drivers/video/fbdev/core/fbcon.c:2988
do_register_framebuffer drivers/video/fbdev/core/fbmem.c:449 [inline]
register_framebuffer+0x66f/0x820 drivers/video/fbdev/core/fbmem.c:515
__drm_fb_helper_initial_config_and_unlock+0x1716/0x1df0
drivers/gpu/drm/drm_fb_helper.c:1871
drm_fbdev_generic_client_hotplug+0x16e/0x230
drivers/gpu/drm/drm_fbdev_generic.c:278
drm_client_register+0x181/0x210 drivers/gpu/drm/drm_client.c:141
vkms_create drivers/gpu/drm/vkms/vkms_drv.c:226 [inline]
vkms_init+0x5f5/0x730 drivers/gpu/drm/vkms/vkms_drv.c:252
do_one_initcall+0x24a/0x880 init/main.c:1267
do_initcall_level+0x157/0x210 init/main.c:1329
do_initcalls+0x3f/0x80 init/main.c:1345
kernel_init_freeable+0x435/0x5d0 init/main.c:1578
kernel_init+0x1d/0x2b0 init/main.c:1467
ret_from_fork+0x4d/0x80 arch/x86/kernel/process.c:147
ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244
-> #6 (&client->modeset_mutex){+.+.}-{3:3}:
lock_acquire+0x1ed/0x550 kernel/locking/lockdep.c:5754
__mutex_lock_common kernel/locking/mutex.c:608 [inline]
__mutex_lock+0x136/0xd70 kernel/locking/mutex.c:752
drm_client_modes
[syzbot] [dri?] WARNING in drm_mode_create_lease_ioctl
Hello, syzbot found the following issue on: HEAD commit:ac2193b4b460 Merge branches 'for-next/misc', 'for-next/kse.. git tree: git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci console output: https://syzkaller.appspot.com/x/log.txt?x=101cc88298 kernel config: https://syzkaller.appspot.com/x/.config?x=36900d37ec67d13f dashboard link: https://syzkaller.appspot.com/bug?extid=6754751ad05524dae739 compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 userspace arch: arm64 syz repro: https://syzkaller.appspot.com/x/repro.syz?x=16c17cd698 C reproducer: https://syzkaller.appspot.com/x/repro.c?x=15879c8298 Downloadable assets: disk image: https://storage.googleapis.com/syzbot-assets/2c4f87d36ca3/disk-ac2193b4.raw.xz vmlinux: https://storage.googleapis.com/syzbot-assets/8410475de662/vmlinux-ac2193b4.xz kernel image: https://storage.googleapis.com/syzbot-assets/495a4ced254d/Image-ac2193b4.gz.xz IMPORTANT: if you fix the issue, please add the following tag to the commit: Reported-by: syzbot+6754751ad05524dae...@syzkaller.appspotmail.com [ cut here ] WARNING: CPU: 0 PID: 6281 at mm/page_alloc.c:4654 __alloc_pages_noprof+0x324/0x6c0 mm/page_alloc.c:4654 Modules linked in: CPU: 0 PID: 6281 Comm: syz-executor181 Tainted: GW 6.10.0-rc3-syzkaller-gac2193b4b460 #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/02/2024 pstate: 6045 (nZCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--) pc : __alloc_pages_noprof+0x324/0x6c0 mm/page_alloc.c:4654 lr : __alloc_pages_noprof+0xc8/0x6c0 mm/page_alloc.c:4648 sp : 800099017600 x29: 8000990176f0 x28: 800099017620 x27: dfff8000 x26: 700013202ec4 x25: x24: 800099017640 x23: x22: 00040dc0 x21: 100013202ec8 x20: 800099017660 x19: 000b x18: 8000990176e0 x17: c88a x16: 80008afa5980 x15: 0005 x14: 100013202ecc x13: x12: x11: 700013202ed1 x10: 100013202ed0 x9 : 0001 x8 : 80009232a000 x7 : x6 : e07d0900 x5 : e07d0900 x4 : x3 : 0020 x2 : 0008 x1 : x0 : 800099017660 Call trace: __alloc_pages_noprof+0x324/0x6c0 mm/page_alloc.c:4654 __alloc_pages_node_noprof include/linux/gfp.h:269 [inline] alloc_pages_node_noprof include/linux/gfp.h:296 [inline] __kmalloc_large_node+0xbc/0x200 mm/slub.c:4067 __do_kmalloc_node mm/slub.c:4110 [inline] __kmalloc_noprof+0x360/0x494 mm/slub.c:4135 kmalloc_noprof include/linux/slab.h:664 [inline] kmalloc_array_noprof include/linux/slab.h:699 [inline] fill_object_idr drivers/gpu/drm/drm_lease.c:389 [inline] drm_mode_create_lease_ioctl+0x4b0/0x17e4 drivers/gpu/drm/drm_lease.c:522 drm_ioctl_kernel+0x26c/0x368 drivers/gpu/drm/drm_ioctl.c:744 drm_ioctl+0x5e4/0xae4 drivers/gpu/drm/drm_ioctl.c:841 vfs_ioctl fs/ioctl.c:51 [inline] __do_sys_ioctl fs/ioctl.c:907 [inline] __se_sys_ioctl fs/ioctl.c:893 [inline] __arm64_sys_ioctl+0x14c/0x1c8 fs/ioctl.c:893 __invoke_syscall arch/arm64/kernel/syscall.c:34 [inline] invoke_syscall+0x98/0x2b8 arch/arm64/kernel/syscall.c:48 el0_svc_common+0x130/0x23c arch/arm64/kernel/syscall.c:133 do_el0_svc+0x48/0x58 arch/arm64/kernel/syscall.c:152 el0_svc+0x54/0x168 arch/arm64/kernel/entry-common.c:712 el0t_64_sync_handler+0x84/0xfc arch/arm64/kernel/entry-common.c:730 el0t_64_sync+0x190/0x194 arch/arm64/kernel/entry.S:598 irq event stamp: 14766 hardirqs last enabled at (14765): [] __exit_to_kernel_mode arch/arm64/kernel/entry-common.c:85 [inline] hardirqs last enabled at (14765): [] exit_to_kernel_mode+0xdc/0x10c arch/arm64/kernel/entry-common.c:95 hardirqs last disabled at (14766): [] el1_dbg+0x24/0x80 arch/arm64/kernel/entry-common.c:470 softirqs last enabled at (8860): [] softirq_handle_end kernel/softirq.c:400 [inline] softirqs last enabled at (8860): [] handle_softirqs+0xa3c/0xbfc kernel/softirq.c:582 softirqs last disabled at (8855): [] __do_softirq+0x14/0x20 kernel/softirq.c:588 ---[ end trace ]--- --- This report is generated by a bot. It may contain errors. See https://goo.gl/tpsmEJ for more information about syzbot. syzbot engineers can be reached at syzkal...@googlegroups.com. syzbot will keep track of this issue. See: https://goo.gl/tpsmEJ#status for how to communicate with syzbot. If the report is already addressed, let syzbot know by replying with: #syz fix: exact-commit-title If you want syzbot to run the reproducer, reply with: #syz test: git://repo/address.git branch-or-commit-hash If you attach or paste a git patch, syzbot will apply it before testing. If you want to overwrite report's subsystems, reply with: #syz set subsystems: new-subsystem (See the list of subsystem names on the web dashboard) If the report is a
Re: [syzbot] [net?] [nfc?] INFO: task hung in nfc_targets_found
syzbot suspects this issue was fixed by commit: commit 487fa28fa8b60417642ac58e8beda6e2509d18f9 Author: Helge Deller Date: Sat Apr 27 17:43:51 2024 + parisc: Define sigset_t in parisc uapi header bisection log: https://syzkaller.appspot.com/x/bisect.txt?x=17038a6198 start commit: acc657692aed keys, dns: Fix size check of V1 server-list h.. git tree: upstream kernel config: https://syzkaller.appspot.com/x/.config?x=5c882ebde8a5f3b4 dashboard link: https://syzkaller.appspot.com/bug?extid=2b131f51bb4af224ab40 syz repro: https://syzkaller.appspot.com/x/repro.syz?x=103698bde8 C reproducer: https://syzkaller.appspot.com/x/repro.c?x=1617e0fbe8 If the result looks correct, please mark the issue as fixed by replying with: #syz fix: parisc: Define sigset_t in parisc uapi header For information about bisection process see: https://goo.gl/tpsmEJ#bisection
Re: [syzbot] [dri?] [media?] general protection fault in udmabuf_create (2)
Hello, syzbot has tested the proposed patch and the reproducer did not trigger any issue: Reported-and-tested-by: syzbot+40c7dad27267f6183...@syzkaller.appspotmail.com Tested on: commit: c7db1220 fixup! udmabuf: pin the pages using memfd_pin.. git tree: https://gitlab.freedesktop.org/Vivek/drm-tip.git syzbot_fixes console output: https://syzkaller.appspot.com/x/log.txt?x=133a93e298 kernel config: https://syzkaller.appspot.com/x/.config?x=58a2adb83f90b327 dashboard link: https://syzkaller.appspot.com/bug?extid=40c7dad27267f61839d4 compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 Note: no patches were applied. Note: testing is done by a robot and is best-effort only.
[syzbot] Monthly dri report (Jun 2024)
Hello dri maintainers/developers, This is a 31-day syzbot report for the dri subsystem. All related reports/information can be found at: https://syzkaller.appspot.com/upstream/s/dri During the period, 2 new issues were detected and 0 were fixed. In total, 18 issues are still open and 31 have been fixed so far. Some of the still happening issues: Ref Crashes Repro Title <1> 462 Yes WARNING in drm_syncobj_array_find https://syzkaller.appspot.com/bug?extid=95416f957d84e858b377 <2> 335 Yes inconsistent lock state in sync_timeline_debug_remove https://syzkaller.appspot.com/bug?extid=7dcd254b8987a29f6450 <3> 277 Yes inconsistent lock state in sync_info_debugfs_show https://syzkaller.appspot.com/bug?extid=007bfe0f3330f6e1e7d1 <4> 265 Yes WARNING in vkms_get_vblank_timestamp (2) https://syzkaller.appspot.com/bug?extid=93bd128a383695391534 <5> 17 Yes WARNING in drm_gem_prime_fd_to_handle https://syzkaller.appspot.com/bug?extid=268d319a7bfd92f4ae01 <6> 10 Yes divide error in drm_mode_vrefresh https://syzkaller.appspot.com/bug?extid=622bba18029bcde672e1 <7> 9 Yes general protection fault in udmabuf_create (2) https://syzkaller.appspot.com/bug?extid=40c7dad27267f61839d4 <8> 6 NoWARNING in drm_atomic_helper_wait_for_vblanks (3) https://syzkaller.appspot.com/bug?extid=0ac28002caff799b9e57 <9> 3 Yes divide error in drm_mode_convert_to_umode https://syzkaller.appspot.com/bug?extid=0d7a3627fb6a42cf0863 --- This report is generated by a bot. It may contain errors. See https://goo.gl/tpsmEJ for more information about syzbot. syzbot engineers can be reached at syzkal...@googlegroups.com. To disable reminders for individual bugs, reply with the following command: #syz set no-reminders To change bug's subsystems, reply with: #syz set subsystems: new-subsystem You may send multiple commands in a single email message.
[syzbot] [mm?] general protection fault in dequeue_hugetlb_folio_nodemask
Hello,
syzbot found the following issue on:
HEAD commit:0e1980c40b6e Add linux-next specific files for 20240531
git tree: linux-next
console+strace: https://syzkaller.appspot.com/x/log.txt?x=166086f298
kernel config: https://syzkaller.appspot.com/x/.config?x=d9c3ca4e54577b88
dashboard link: https://syzkaller.appspot.com/bug?extid=c019f68a83ef9b456444
compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian)
2.40
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=12f4094a98
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=15e1e43298
Downloadable assets:
disk image:
https://storage.googleapis.com/syzbot-assets/44fb1d8b5978/disk-0e1980c4.raw.xz
vmlinux:
https://storage.googleapis.com/syzbot-assets/a66ce5caf0b2/vmlinux-0e1980c4.xz
kernel image:
https://storage.googleapis.com/syzbot-assets/8992fc8fe046/bzImage-0e1980c4.xz
The issue was bisected to:
commit cd94d1b182d2986378550c9087571991bfee01d4
Author: Mario Limonciello
Date: Thu May 2 18:32:17 2024 +
dm/amd/pm: Fix problems with reboot/shutdown for some SMU 13.0.4/13.0.11
users
bisection log: https://syzkaller.appspot.com/x/bisect.txt?x=176121c298
console output: https://syzkaller.appspot.com/x/log.txt?x=10e121c298
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+c019f68a83ef9b456...@syzkaller.appspotmail.com
Fixes: cd94d1b182d2 ("dm/amd/pm: Fix problems with reboot/shutdown for some SMU
13.0.4/13.0.11 users")
Oops: general protection fault, probably for non-canonical address
0xdc000489: [#1] PREEMPT SMP KASAN PTI
KASAN: probably user-memory-access in range
[0x2448-0x244f]
CPU: 1 PID: 5089 Comm: syz-executor257 Not tainted
6.10.0-rc1-next-20240531-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google
04/02/2024
RIP: 0010:zonelist_zone_idx include/linux/mmzone.h:1613 [inline]
RIP: 0010:next_zones_zonelist include/linux/mmzone.h:1644 [inline]
RIP: 0010:first_zones_zonelist include/linux/mmzone.h:1670 [inline]
RIP: 0010:dequeue_hugetlb_folio_nodemask+0x193/0xe40 mm/hugetlb.c:1362
Code: 13 9b a0 ff c7 44 24 14 00 00 00 00 83 7c 24 40 00 0f 85 97 0c 00 00 48
83 7c 24 20 00 0f 85 45 09 00 00 48 89 d8 48 c1 e8 03 <42> 0f b6 04 28 84 c0 0f
85 58 09 00 00 44 8b 33 44 89 f7 8b 5c 24
RSP: 0018:c900035ef720 EFLAGS: 00010002
RAX: 0489 RBX: 2448 RCX: 888026ef
RDX: RSI: RDI:
RBP: c900035ef858 R08: 81f5e070 R09: f520006bdee8
R10: dc00 R11: f520006bdee8 R12:
R13: dc00 R14: R15:
FS: 64010380() GS:8880b950() knlGS:
CS: 0010 DS: ES: CR0: 80050033
CR2: 005fdeb8 CR3: 7bd96000 CR4: 003506f0
DR0: DR1: DR2:
DR3: DR6: fffe0ff0 DR7: 0400
Call Trace:
alloc_hugetlb_folio_nodemask+0xae/0x3f0 mm/hugetlb.c:2603
memfd_alloc_folio+0x15e/0x390 mm/memfd.c:75
memfd_pin_folios+0x1066/0x1720 mm/gup.c:3864
udmabuf_create+0x658/0x11c0 drivers/dma-buf/udmabuf.c:353
udmabuf_ioctl_create drivers/dma-buf/udmabuf.c:420 [inline]
udmabuf_ioctl+0x304/0x4f0 drivers/dma-buf/udmabuf.c:451
vfs_ioctl fs/ioctl.c:51 [inline]
__do_sys_ioctl fs/ioctl.c:907 [inline]
__se_sys_ioctl+0xfc/0x170 fs/ioctl.c:893
do_syscall_x64 arch/x86/entry/common.c:52 [inline]
do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83
entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f5151a7a369
Code: 48 83 c4 28 c3 e8 37 17 00 00 0f 1f 80 00 00 00 00 48 89 f8 48 89 f7 48
89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01
c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:7ffd962ee9e8 EFLAGS: 0246 ORIG_RAX: 0010
RAX: ffda RBX: 7ffd962eebb8 RCX: 7f5151a7a369
RDX: 22c0 RSI: 40187542 RDI: 0003
RBP: 7f5151aed610 R08: 7ffd962eebb8 R09: 7ffd962eebb8
R10: 7ffd962eebb8 R11: 0246 R12: 0001
R13: 7ffd962eeba8 R14: 0001 R15: 0001
Modules linked in:
---[ end trace ]---
RIP: 0010:zonelist_zone_idx include/linux/mmzone.h:1613 [inline]
RIP: 0010:next_zones_zonelist include/linux/mmzone.h:1644 [inline]
RIP: 0010:first_zones_zonelist include/linux/mmzone.h:1670 [inline]
RIP: 0010:dequeue_hugetlb_folio_nodemask+0x193/0xe40 mm/hugetlb.c:1362
Code: 13 9b a0 ff c7 44 24 14 00 00 00 00 83 7c 24 40 00 0f 85 97 0c 00 00 48
83 7c 24 20 00 0f 85 45 09 00 00 48 89 d8 48 c1 e8 03 <42> 0f b6 04 28 84 c0 0f
85 58 09 00 00 44 8b 33 44 89 f7 8b 5c 24
RSP: 0018:c900035ef720 EFLAGS: 00010002
RAX: 0489 RBX: 2448 RCX: 888026ef
RDX: 00
Re: [syzbot] [fs?] KASAN: slab-use-after-free Read in __fput (2)
syzbot has bisected this issue to:
commit ff2d23843f7fb4f13055be5a4a9a20ddd04e6e9c
Author: Michel Dänzer
Date: Fri Jul 23 07:58:57 2021 +
dma-buf/poll: Get a file reference for outstanding fence callbacks
bisection log: https://syzkaller.appspot.com/x/bisect.txt?x=17c1007c98
start commit: 5eb4573ea63d Merge tag 'soc-fixes-6.9-2' of git://git.kern..
git tree: upstream
final oops: https://syzkaller.appspot.com/x/report.txt?x=1421007c98
console output: https://syzkaller.appspot.com/x/log.txt?x=1021007c98
kernel config: https://syzkaller.appspot.com/x/.config?x=9d985095f83428be
dashboard link: https://syzkaller.appspot.com/bug?extid=5d4cb6b4409edfd18646
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=11a13cf898
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=15c4d2f898
Reported-by: syzbot+5d4cb6b4409edfd18...@syzkaller.appspotmail.com
Fixes: ff2d23843f7f ("dma-buf/poll: Get a file reference for outstanding fence
callbacks")
For information about bisection process see: https://goo.gl/tpsmEJ#bisection
[syzbot] Monthly dri report (May 2024)
Hello dri maintainers/developers, This is a 31-day syzbot report for the dri subsystem. All related reports/information can be found at: https://syzkaller.appspot.com/upstream/s/dri During the period, 0 new issues were detected and 0 were fixed. In total, 16 issues are still open and 31 have been fixed so far. Some of the still happening issues: Ref Crashes Repro Title <1> 460 Yes WARNING in drm_syncobj_array_find https://syzkaller.appspot.com/bug?extid=95416f957d84e858b377 <2> 258 Yes inconsistent lock state in sync_timeline_debug_remove https://syzkaller.appspot.com/bug?extid=7dcd254b8987a29f6450 <3> 253 Yes WARNING in vkms_get_vblank_timestamp (2) https://syzkaller.appspot.com/bug?extid=93bd128a383695391534 <4> 206 Yes inconsistent lock state in sync_info_debugfs_show https://syzkaller.appspot.com/bug?extid=007bfe0f3330f6e1e7d1 <5> 24 Yes kernel BUG in vmf_insert_pfn_prot (2) https://syzkaller.appspot.com/bug?extid=398e17b61dab22cc56bc <6> 16 Yes WARNING in drm_gem_prime_fd_to_handle https://syzkaller.appspot.com/bug?extid=268d319a7bfd92f4ae01 <7> 9 Yes divide error in drm_mode_vrefresh https://syzkaller.appspot.com/bug?extid=622bba18029bcde672e1 <8> 4 Yes WARNING in drm_gem_object_handle_put_unlocked https://syzkaller.appspot.com/bug?extid=ef3256a360c02207a4cb <9> 4 Yes divide error in drm_mode_debug_printmodeline https://syzkaller.appspot.com/bug?extid=2e93e6fb36e6fdc56574 --- This report is generated by a bot. It may contain errors. See https://goo.gl/tpsmEJ for more information about syzbot. syzbot engineers can be reached at syzkal...@googlegroups.com. To disable reminders for individual bugs, reply with the following command: #syz set no-reminders To change bug's subsystems, reply with: #syz set subsystems: new-subsystem You may send multiple commands in a single email message.
[syzbot] Monthly dri report (Apr 2024)
Hello dri maintainers/developers, This is a 31-day syzbot report for the dri subsystem. All related reports/information can be found at: https://syzkaller.appspot.com/upstream/s/dri During the period, 0 new issues were detected and 0 were fixed. In total, 19 issues are still open and 31 have been fixed so far. Some of the still happening issues: Ref Crashes Repro Title <1> 428 Yes WARNING in drm_syncobj_array_find https://syzkaller.appspot.com/bug?extid=95416f957d84e858b377 <2> 235 Yes WARNING in vkms_get_vblank_timestamp (2) https://syzkaller.appspot.com/bug?extid=93bd128a383695391534 <3> 192 Yes inconsistent lock state in sync_timeline_debug_remove https://syzkaller.appspot.com/bug?extid=7dcd254b8987a29f6450 <4> 126 Yes inconsistent lock state in sync_info_debugfs_show https://syzkaller.appspot.com/bug?extid=007bfe0f3330f6e1e7d1 <5> 14 Yes kernel BUG in vmf_insert_pfn_prot (2) https://syzkaller.appspot.com/bug?extid=398e17b61dab22cc56bc <6> 9 Yes divide error in drm_mode_vrefresh https://syzkaller.appspot.com/bug?extid=622bba18029bcde672e1 <7> 4 Yes divide error in drm_mode_debug_printmodeline https://syzkaller.appspot.com/bug?extid=2e93e6fb36e6fdc56574 --- This report is generated by a bot. It may contain errors. See https://goo.gl/tpsmEJ for more information about syzbot. syzbot engineers can be reached at syzkal...@googlegroups.com. To disable reminders for individual bugs, reply with the following command: #syz set no-reminders To change bug's subsystems, reply with: #syz set subsystems: new-subsystem You may send multiple commands in a single email message.
[syzbot] Monthly dri report (Mar 2024)
Hello dri maintainers/developers, This is a 31-day syzbot report for the dri subsystem. All related reports/information can be found at: https://syzkaller.appspot.com/upstream/s/dri During the period, 2 new issues were detected and 0 were fixed. In total, 21 issues are still open and 31 have been fixed so far. Some of the still happening issues: Ref Crashes Repro Title <1> 287 Yes WARNING in drm_syncobj_array_find https://syzkaller.appspot.com/bug?extid=95416f957d84e858b377 <2> 133 Yes inconsistent lock state in sync_timeline_debug_remove https://syzkaller.appspot.com/bug?extid=7dcd254b8987a29f6450 <3> 90 Yes inconsistent lock state in sync_info_debugfs_show https://syzkaller.appspot.com/bug?extid=007bfe0f3330f6e1e7d1 <4> 12 Yes WARNING in drm_gem_prime_fd_to_handle https://syzkaller.appspot.com/bug?extid=268d319a7bfd92f4ae01 <5> 10 Yes kernel BUG in vmf_insert_pfn_prot (2) https://syzkaller.appspot.com/bug?extid=398e17b61dab22cc56bc <6> 4 Yes WARNING in drm_gem_object_handle_put_unlocked https://syzkaller.appspot.com/bug?extid=ef3256a360c02207a4cb <7> 3 Yes divide error in drm_mode_convert_to_umode https://syzkaller.appspot.com/bug?extid=0d7a3627fb6a42cf0863 <8> 2 Yes KASAN: slab-use-after-free Read in drm_atomic_helper_wait_for_vblanks (2) https://syzkaller.appspot.com/bug?extid=0f999d26a4fd79c3a23b <9> 2 Yes WARNING in drm_prime_destroy_file_private (2) https://syzkaller.appspot.com/bug?extid=59dcc2e7283a6f5f5ba1 <10> 2 Yes divide error in drm_mode_debug_printmodeline https://syzkaller.appspot.com/bug?extid=2e93e6fb36e6fdc56574 --- This report is generated by a bot. It may contain errors. See https://goo.gl/tpsmEJ for more information about syzbot. syzbot engineers can be reached at syzkal...@googlegroups.com. To disable reminders for individual bugs, reply with the following command: #syz set no-reminders To change bug's subsystems, reply with: #syz set subsystems: new-subsystem You may send multiple commands in a single email message.
Re: [syzbot] [dri?] [media?] inconsistent lock state in valid_state (2)
syzbot has found a reproducer for the following issue on:
HEAD commit:d206a76d7d27 Linux 6.8-rc6
git tree: upstream
console+strace: https://syzkaller.appspot.com/x/log.txt?x=12eea10618
kernel config: https://syzkaller.appspot.com/x/.config?x=fad652894fc96962
dashboard link: https://syzkaller.appspot.com/bug?extid=a225ee3df7e7f9372dbe
compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian)
2.40
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=1537934a18
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=1704b3e218
Downloadable assets:
disk image:
https://storage.googleapis.com/syzbot-assets/6fa98109295d/disk-d206a76d.raw.xz
vmlinux:
https://storage.googleapis.com/syzbot-assets/613b4087d09d/vmlinux-d206a76d.xz
kernel image:
https://storage.googleapis.com/syzbot-assets/d8cd6514daf9/bzImage-d206a76d.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+a225ee3df7e7f9372...@syzkaller.appspotmail.com
WARNING: inconsistent lock state
6.8.0-rc6-syzkaller #0 Not tainted
inconsistent {HARDIRQ-ON-W} -> {IN-HARDIRQ-W} usage.
syz-executor120/5070 [HC1[1]:SC0[0]:HE0:SE1] takes:
8ea8cd18 (sync_timeline_list_lock){?.+.}-{2:2}, at:
sync_timeline_debug_remove+0x2c/0x150 drivers/dma-buf/sync_debug.c:31
{HARDIRQ-ON-W} state was registered at:
trace_hardirqs_on+0x28/0x40 kernel/trace/trace_preemptirq.c:61
__raw_spin_unlock_irq include/linux/spinlock_api_smp.h:159 [inline]
_raw_spin_unlock_irq+0x23/0x50 kernel/locking/spinlock.c:202
spin_unlock_irq include/linux/spinlock.h:401 [inline]
sync_print_obj drivers/dma-buf/sync_debug.c:118 [inline]
sync_info_debugfs_show+0x158/0x4d0 drivers/dma-buf/sync_debug.c:153
seq_read_iter+0x445/0xd60 fs/seq_file.c:230
seq_read+0x3a3/0x4f0 fs/seq_file.c:162
vfs_read+0x204/0xb70 fs/read_write.c:474
ksys_read+0x1a0/0x2c0 fs/read_write.c:619
do_syscall_64+0xf9/0x240
entry_SYSCALL_64_after_hwframe+0x6f/0x77
irq event stamp: 9608
hardirqs last enabled at (9607): [] __raw_spin_unlock_irq
include/linux/spinlock_api_smp.h:159 [inline]
hardirqs last enabled at (9607): []
_raw_spin_unlock_irq+0x23/0x50 kernel/locking/spinlock.c:202
hardirqs last disabled at (9608): [] sysvec_irq_work+0xe/0xb0
arch/x86/kernel/irq_work.c:17
softirqs last enabled at (9124): [] invoke_softirq
kernel/softirq.c:427 [inline]
softirqs last enabled at (9124): []
__irq_exit_rcu+0xf1/0x1c0 kernel/softirq.c:632
softirqs last disabled at (9119): [] invoke_softirq
kernel/softirq.c:427 [inline]
softirqs last disabled at (9119): []
__irq_exit_rcu+0xf1/0x1c0 kernel/softirq.c:632
other info that might help us debug this:
Possible unsafe locking scenario:
CPU0
lock(sync_timeline_list_lock);
lock(sync_timeline_list_lock);
*** DEADLOCK ***
no locks held by syz-executor120/5070.
stack backtrace:
CPU: 0 PID: 5070 Comm: syz-executor120 Not tainted 6.8.0-rc6-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google
01/25/2024
Call Trace:
__dump_stack lib/dump_stack.c:88 [inline]
dump_stack_lvl+0x1e7/0x2e0 lib/dump_stack.c:106
valid_state+0x13a/0x1c0 kernel/locking/lockdep.c:4013
mark_lock_irq+0xbb/0xc20 kernel/locking/lockdep.c:4216
mark_lock+0x223/0x350 kernel/locking/lockdep.c:4678
mark_usage kernel/locking/lockdep.c:4564 [inline]
__lock_acquire+0xb8d/0x1fd0 kernel/locking/lockdep.c:5091
lock_acquire+0x1e3/0x530 kernel/locking/lockdep.c:5754
__raw_spin_lock_irqsave include/linux/spinlock_api_smp.h:110 [inline]
_raw_spin_lock_irqsave+0xd5/0x120 kernel/locking/spinlock.c:162
sync_timeline_debug_remove+0x2c/0x150 drivers/dma-buf/sync_debug.c:31
sync_timeline_free drivers/dma-buf/sw_sync.c:125 [inline]
kref_put include/linux/kref.h:65 [inline]
sync_timeline_put drivers/dma-buf/sw_sync.c:137 [inline]
timeline_fence_release+0x204/0x250 drivers/dma-buf/sw_sync.c:165
kref_put include/linux/kref.h:65 [inline]
dma_fence_put include/linux/dma-fence.h:297 [inline]
dma_fence_array_release+0x13e/0x240 drivers/dma-buf/dma-fence-array.c:120
irq_work_single+0xe1/0x240 kernel/irq_work.c:221
irq_work_run_list kernel/irq_work.c:252 [inline]
irq_work_run+0x18b/0x350 kernel/irq_work.c:261
__sysvec_irq_work+0xa8/0x3e0 arch/x86/kernel/irq_work.c:22
sysvec_irq_work+0x8f/0xb0 arch/x86/kernel/irq_work.c:17
asm_sysvec_irq_work+0x1a/0x20 arch/x86/include/asm/idtentry.h:674
RIP: 0010:__raw_spin_unlock_irq include/linux/spinlock_api_smp.h:160 [inline]
RIP: 0010:_raw_spin_unlock_irq+0x29/0x50 kernel/locking/spinlock.c:202
Code: 90 f3 0f 1e fa 53 48 89 fb 48 83 c7 18 48 8b 74 24 08 e8 da 4b ff f5 48
89 df e8 92 8b 00 f6 e8 ad aa 28 f6 fb bf 01 00 00 00 62 5c f2 f5 65 8b 05
e3 cd 91 74 85 c0 74 06 5b c3 cc cc cc cc
RSP: 0018:c90003a87b50 EFLAGS: 0282
RAX: 9ede7a61d4cee000 RBX: 888015fb5f30 RCX: 94485303
RDX: dc00
Re: [syzbot] [dri?] KASAN: slab-use-after-free Read in drm_atomic_helper_wait_for_vblanks (2)
syzbot has found a reproducer for the following issue on: HEAD commit:c664e16bb1ba Merge tag 'docs-6.8-fixes2' of git://git.lwn... git tree: upstream console output: https://syzkaller.appspot.com/x/log.txt?x=14f8d1e018 kernel config: https://syzkaller.appspot.com/x/.config?x=df82262440d95bc4 dashboard link: https://syzkaller.appspot.com/bug?extid=0f999d26a4fd79c3a23b compiler: gcc (Debian 12.2.0-14) 12.2.0, GNU ld (GNU Binutils for Debian) 2.40 syz repro: https://syzkaller.appspot.com/x/repro.syz?x=1086cd4818 C reproducer: https://syzkaller.appspot.com/x/repro.c?x=11fcdba218 Downloadable assets: disk image (non-bootable): https://storage.googleapis.com/syzbot-assets/7bc7510fe41f/non_bootable_disk-c664e16b.raw.xz vmlinux: https://storage.googleapis.com/syzbot-assets/c838390fdb6c/vmlinux-c664e16b.xz kernel image: https://storage.googleapis.com/syzbot-assets/d25123cb1896/bzImage-c664e16b.xz IMPORTANT: if you fix the issue, please add the following tag to the commit: Reported-by: syzbot+0f999d26a4fd79c3a...@syzkaller.appspotmail.com == BUG: KASAN: slab-use-after-free in drm_atomic_helper_wait_for_vblanks.part.0+0x84f/0x930 drivers/gpu/drm/drm_atomic_helper.c:1661 Read of size 1 at addr 88802d6f0409 by task kworker/u16:1/13 CPU: 1 PID: 13 Comm: kworker/u16:1 Not tainted 6.8.0-rc4-syzkaller-5-gc664e16bb1ba #0 Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014 Workqueue: events_unbound commit_work Call Trace: __dump_stack lib/dump_stack.c:88 [inline] dump_stack_lvl+0xd9/0x1b0 lib/dump_stack.c:106 print_address_description mm/kasan/report.c:377 [inline] print_report+0xc4/0x620 mm/kasan/report.c:488 kasan_report+0xda/0x110 mm/kasan/report.c:601 drm_atomic_helper_wait_for_vblanks.part.0+0x84f/0x930 drivers/gpu/drm/drm_atomic_helper.c:1661 drm_atomic_helper_wait_for_vblanks drivers/gpu/drm/drm_atomic_helper.c:1657 [inline] drm_atomic_helper_commit_tail+0xcb/0xf0 drivers/gpu/drm/drm_atomic_helper.c:1757 commit_tail+0x356/0x410 drivers/gpu/drm/drm_atomic_helper.c:1834 process_one_work+0x889/0x15e0 kernel/workqueue.c:2633 process_scheduled_works kernel/workqueue.c:2706 [inline] worker_thread+0x8b9/0x12a0 kernel/workqueue.c:2787 kthread+0x2c6/0x3b0 kernel/kthread.c:388 ret_from_fork+0x45/0x80 arch/x86/kernel/process.c:147 ret_from_fork_asm+0x1b/0x30 arch/x86/entry/entry_64.S:242 Allocated by task 5401: kasan_save_stack+0x33/0x60 mm/kasan/common.c:47 kasan_save_track+0x14/0x30 mm/kasan/common.c:68 poison_kmalloc_redzone mm/kasan/common.c:372 [inline] __kasan_kmalloc+0xaa/0xb0 mm/kasan/common.c:389 kmalloc include/linux/slab.h:590 [inline] drm_atomic_helper_crtc_duplicate_state+0x70/0xd0 drivers/gpu/drm/drm_atomic_state_helper.c:177 drm_atomic_get_crtc_state+0x162/0x440 drivers/gpu/drm/drm_atomic.c:362 page_flip_common+0x57/0x320 drivers/gpu/drm/drm_atomic_helper.c:3629 drm_atomic_helper_page_flip+0xb6/0x190 drivers/gpu/drm/drm_atomic_helper.c:3690 drm_mode_page_flip_ioctl+0x103f/0x1470 drivers/gpu/drm/drm_plane.c:1489 drm_ioctl_kernel+0x1ec/0x3e0 drivers/gpu/drm/drm_ioctl.c:744 drm_ioctl+0x5d8/0xc00 drivers/gpu/drm/drm_ioctl.c:841 vfs_ioctl fs/ioctl.c:51 [inline] __do_sys_ioctl fs/ioctl.c:871 [inline] __se_sys_ioctl fs/ioctl.c:857 [inline] __x64_sys_ioctl+0x193/0x220 fs/ioctl.c:857 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0xd5/0x270 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x6f/0x77 Freed by task 5401: kasan_save_stack+0x33/0x60 mm/kasan/common.c:47 kasan_save_track+0x14/0x30 mm/kasan/common.c:68 kasan_save_free_info+0x3f/0x60 mm/kasan/generic.c:640 poison_slab_object mm/kasan/common.c:241 [inline] __kasan_slab_free+0x121/0x1c0 mm/kasan/common.c:257 kasan_slab_free include/linux/kasan.h:184 [inline] slab_free_hook mm/slub.c:2121 [inline] slab_free mm/slub.c:4299 [inline] kfree+0x124/0x370 mm/slub.c:4409 drm_atomic_state_default_clear+0x3aa/0xde0 drivers/gpu/drm/drm_atomic.c:225 drm_atomic_state_clear drivers/gpu/drm/drm_atomic.c:294 [inline] __drm_atomic_state_free+0x185/0x2b0 drivers/gpu/drm/drm_atomic.c:311 kref_put include/linux/kref.h:65 [inline] drm_atomic_state_put include/drm/drm_atomic.h:490 [inline] drm_client_modeset_commit_atomic+0x6db/0x810 drivers/gpu/drm/drm_client_modeset.c:1057 drm_client_modeset_commit_locked+0x14d/0x580 drivers/gpu/drm/drm_client_modeset.c:1154 drm_client_modeset_commit+0x4f/0x80 drivers/gpu/drm/drm_client_modeset.c:1180 __drm_fb_helper_restore_fbdev_mode_unlocked drivers/gpu/drm/drm_fb_helper.c:251 [inline] __drm_fb_helper_restore_fbdev_mode_unlocked drivers/gpu/drm/drm_fb_helper.c:230 [inline] drm_fb_helper_restore_fbdev_mode_unlocked drivers/gpu/drm/drm_fb_helper.c:278 [inline] drm_fb_helper_lastclose+0xc7/0x160 drivers/gpu/drm/drm_fb_helper.c:2005 drm_fbdev_generic_client_restore+0x2c/0x40 drive
Re: [syzbot] [dri?] divide error in drm_mode_convert_to_umode
syzbot has bisected this issue to:
commit ea40d7857d5250e5400f38c69ef9e17321e9c4a2
Author: Daniel Vetter
Date: Fri Oct 9 23:21:56 2020 +
drm/vkms: fbdev emulation support
bisection log: https://syzkaller.appspot.com/x/bisect.txt?x=14426df418
start commit: 445a555e0623 Add linux-next specific files for 20240209
git tree: linux-next
final oops: https://syzkaller.appspot.com/x/report.txt?x=16426df418
console output: https://syzkaller.appspot.com/x/log.txt?x=12426df418
kernel config: https://syzkaller.appspot.com/x/.config?x=85aa3388229f9ea9
dashboard link: https://syzkaller.appspot.com/bug?extid=0d7a3627fb6a42cf0863
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=17d4bd4818
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=106ae64218
Reported-by: syzbot+0d7a3627fb6a42cf0...@syzkaller.appspotmail.com
Fixes: ea40d7857d52 ("drm/vkms: fbdev emulation support")
For information about bisection process see: https://goo.gl/tpsmEJ#bisection
[syzbot] [dri?] KASAN: slab-use-after-free Read in drm_atomic_helper_wait_for_vblanks (2)
Hello, syzbot found the following issue on: HEAD commit:a5b6244cf87c Merge tag 'block-6.8-2024-02-10' of git://git.. git tree: upstream console output: https://syzkaller.appspot.com/x/log.txt?x=15e9ad5018 kernel config: https://syzkaller.appspot.com/x/.config?x=53985487b59d9442 dashboard link: https://syzkaller.appspot.com/bug?extid=0f999d26a4fd79c3a23b compiler: gcc (Debian 12.2.0-14) 12.2.0, GNU ld (GNU Binutils for Debian) 2.40 Unfortunately, I don't have any reproducer for this issue yet. Downloadable assets: disk image (non-bootable): https://storage.googleapis.com/syzbot-assets/7bc7510fe41f/non_bootable_disk-a5b6244c.raw.xz vmlinux: https://storage.googleapis.com/syzbot-assets/08ca7654741a/vmlinux-a5b6244c.xz kernel image: https://storage.googleapis.com/syzbot-assets/0396d079aa1e/bzImage-a5b6244c.xz IMPORTANT: if you fix the issue, please add the following tag to the commit: Reported-by: syzbot+0f999d26a4fd79c3a...@syzkaller.appspotmail.com == BUG: KASAN: slab-use-after-free in drm_atomic_helper_wait_for_vblanks.part.0+0x84f/0x930 drivers/gpu/drm/drm_atomic_helper.c:1661 Read of size 1 at addr 888026066009 by task kworker/u16:8/1094 CPU: 2 PID: 1094 Comm: kworker/u16:8 Not tainted 6.8.0-rc3-syzkaller-00293-ga5b6244cf87c #0 Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014 Workqueue: events_unbound commit_work Call Trace: __dump_stack lib/dump_stack.c:88 [inline] dump_stack_lvl+0xd9/0x1b0 lib/dump_stack.c:106 print_address_description mm/kasan/report.c:377 [inline] print_report+0xc4/0x620 mm/kasan/report.c:488 kasan_report+0xda/0x110 mm/kasan/report.c:601 drm_atomic_helper_wait_for_vblanks.part.0+0x84f/0x930 drivers/gpu/drm/drm_atomic_helper.c:1661 drm_atomic_helper_wait_for_vblanks drivers/gpu/drm/drm_atomic_helper.c:1657 [inline] drm_atomic_helper_commit_tail+0xcb/0xf0 drivers/gpu/drm/drm_atomic_helper.c:1757 commit_tail+0x356/0x410 drivers/gpu/drm/drm_atomic_helper.c:1834 process_one_work+0x889/0x15e0 kernel/workqueue.c:2633 process_scheduled_works kernel/workqueue.c:2706 [inline] worker_thread+0x8b9/0x12a0 kernel/workqueue.c:2787 kthread+0x2c6/0x3b0 kernel/kthread.c:388 ret_from_fork+0x45/0x80 arch/x86/kernel/process.c:147 ret_from_fork_asm+0x1b/0x30 arch/x86/entry/entry_64.S:242 Allocated by task 16480: kasan_save_stack+0x33/0x60 mm/kasan/common.c:47 kasan_save_track+0x14/0x30 mm/kasan/common.c:68 poison_kmalloc_redzone mm/kasan/common.c:372 [inline] __kasan_kmalloc+0xaa/0xb0 mm/kasan/common.c:389 kmalloc include/linux/slab.h:590 [inline] drm_atomic_helper_crtc_duplicate_state+0x70/0xd0 drivers/gpu/drm/drm_atomic_state_helper.c:177 drm_atomic_get_crtc_state+0x162/0x440 drivers/gpu/drm/drm_atomic.c:362 page_flip_common+0x57/0x320 drivers/gpu/drm/drm_atomic_helper.c:3629 drm_atomic_helper_page_flip+0xb6/0x190 drivers/gpu/drm/drm_atomic_helper.c:3690 drm_mode_page_flip_ioctl+0x103f/0x1470 drivers/gpu/drm/drm_plane.c:1489 drm_ioctl_kernel+0x1ec/0x3e0 drivers/gpu/drm/drm_ioctl.c:744 drm_ioctl+0x5d8/0xc00 drivers/gpu/drm/drm_ioctl.c:841 vfs_ioctl fs/ioctl.c:51 [inline] __do_sys_ioctl fs/ioctl.c:871 [inline] __se_sys_ioctl fs/ioctl.c:857 [inline] __x64_sys_ioctl+0x193/0x220 fs/ioctl.c:857 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0xd5/0x270 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x6f/0x77 Freed by task 16474: kasan_save_stack+0x33/0x60 mm/kasan/common.c:47 kasan_save_track+0x14/0x30 mm/kasan/common.c:68 kasan_save_free_info+0x3f/0x60 mm/kasan/generic.c:640 poison_slab_object mm/kasan/common.c:241 [inline] __kasan_slab_free+0x121/0x1c0 mm/kasan/common.c:257 kasan_slab_free include/linux/kasan.h:184 [inline] slab_free_hook mm/slub.c:2121 [inline] slab_free mm/slub.c:4299 [inline] kfree+0x124/0x370 mm/slub.c:4409 drm_atomic_state_default_clear+0x3aa/0xde0 drivers/gpu/drm/drm_atomic.c:225 drm_atomic_state_clear drivers/gpu/drm/drm_atomic.c:294 [inline] __drm_atomic_state_free+0x185/0x2b0 drivers/gpu/drm/drm_atomic.c:311 kref_put include/linux/kref.h:65 [inline] drm_atomic_state_put include/drm/drm_atomic.h:490 [inline] drm_client_modeset_commit_atomic+0x6db/0x810 drivers/gpu/drm/drm_client_modeset.c:1057 drm_client_modeset_commit_locked+0x14d/0x580 drivers/gpu/drm/drm_client_modeset.c:1154 drm_client_modeset_commit+0x4f/0x80 drivers/gpu/drm/drm_client_modeset.c:1180 __drm_fb_helper_restore_fbdev_mode_unlocked drivers/gpu/drm/drm_fb_helper.c:251 [inline] __drm_fb_helper_restore_fbdev_mode_unlocked drivers/gpu/drm/drm_fb_helper.c:230 [inline] drm_fb_helper_restore_fbdev_mode_unlocked drivers/gpu/drm/drm_fb_helper.c:278 [inline] drm_fb_helper_lastclose+0xc7/0x160 drivers/gpu/drm/drm_fb_helper.c:2005 drm_fbdev_generic_client_restore+0x2c/0x40 drivers/gpu/drm/drm_fbdev_generic.c:258 drm_client_dev_restore+0x188/0x2a0 drivers/gpu/drm/d
[syzbot] [dri?] divide error in drm_mode_convert_to_umode
Hello, syzbot found the following issue on: HEAD commit:445a555e0623 Add linux-next specific files for 20240209 git tree: linux-next console+strace: https://syzkaller.appspot.com/x/log.txt?x=175fa6ec18 kernel config: https://syzkaller.appspot.com/x/.config?x=85aa3388229f9ea9 dashboard link: https://syzkaller.appspot.com/bug?extid=0d7a3627fb6a42cf0863 compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 syz repro: https://syzkaller.appspot.com/x/repro.syz?x=17d4bd4818 C reproducer: https://syzkaller.appspot.com/x/repro.c?x=106ae64218 Downloadable assets: disk image: https://storage.googleapis.com/syzbot-assets/9188bb84c998/disk-445a555e.raw.xz vmlinux: https://storage.googleapis.com/syzbot-assets/3ce0c98eabb2/vmlinux-445a555e.xz kernel image: https://storage.googleapis.com/syzbot-assets/ab801b1c1d6d/bzImage-445a555e.xz IMPORTANT: if you fix the issue, please add the following tag to the commit: Reported-by: syzbot+0d7a3627fb6a42cf0...@syzkaller.appspotmail.com divide error: [#1] PREEMPT SMP KASAN PTI CPU: 0 PID: 5068 Comm: syz-executor201 Not tainted 6.8.0-rc3-next-20240209-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024 RIP: 0010:drm_mode_vrefresh drivers/gpu/drm/drm_modes.c:1303 [inline] RIP: 0010:drm_mode_convert_to_umode+0x36a/0xc30 drivers/gpu/drm/drm_modes.c:2594 Code: 0f b7 03 66 83 f8 02 b9 01 00 00 00 0f 43 c8 0f b7 c1 44 0f af f8 44 89 f0 48 69 c8 e8 03 00 00 44 89 f8 d1 e8 48 01 c8 31 d2 <49> f7 f7 48 89 c3 eb 1a e8 19 a2 47 fc eb 05 e8 12 a2 47 fc 48 8b RSP: 0018:c900034ff660 EFLAGS: 00010246 RAX: 1f40 RBX: 8880176d9016 RCX: 1f40 RDX: RSI: c900034ff720 RDI: dc00 RBP: 0200 R08: 854c389a R09: 8880176d900a R10: dc00 R11: ed100366d143 R12: 111002edb202 R13: 8880176d9000 R14: 0008 R15: FS: 55c18380() GS:8880b940() knlGS: CS: 0010 DS: ES: CR0: 80050033 CR2: 005fdeb8 CR3: 11012000 CR4: 003506f0 DR0: DR1: DR2: DR3: DR6: fffe0ff0 DR7: 0400 Call Trace: drm_atomic_set_mode_for_crtc+0x14a/0x4a0 drivers/gpu/drm/drm_atomic_uapi.c:82 __drm_atomic_helper_set_config+0x255/0xf80 drivers/gpu/drm/drm_atomic.c:1679 drm_atomic_helper_set_config+0x8b/0x150 drivers/gpu/drm/drm_atomic_helper.c:3263 drm_mode_setcrtc+0xbae/0x17c0 drivers/gpu/drm/drm_crtc.c:886 drm_ioctl_kernel+0x33a/0x440 drivers/gpu/drm/drm_ioctl.c:744 drm_ioctl+0x63a/0xb10 drivers/gpu/drm/drm_ioctl.c:841 vfs_ioctl fs/ioctl.c:51 [inline] __do_sys_ioctl fs/ioctl.c:871 [inline] __se_sys_ioctl+0xfc/0x170 fs/ioctl.c:857 do_syscall_64+0xfb/0x240 entry_SYSCALL_64_after_hwframe+0x6d/0x75 RIP: 0033:0x7fd888e1b7e9 Code: 48 83 c4 28 c3 e8 37 17 00 00 0f 1f 80 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 RSP: 002b:7ffd99378a68 EFLAGS: 0246 ORIG_RAX: 0010 RAX: ffda RBX: 7ffd99378c38 RCX: 7fd888e1b7e9 RDX: 2400 RSI: c06864a2 RDI: 0003 RBP: 7fd888e8e610 R08: 0005 R09: 7ffd99378c38 R10: 0001 R11: 0246 R12: 0001 R13: 7ffd99378c28 R14: 0001 R15: 0001 Modules linked in: ---[ end trace ]--- RIP: 0010:drm_mode_vrefresh drivers/gpu/drm/drm_modes.c:1303 [inline] RIP: 0010:drm_mode_convert_to_umode+0x36a/0xc30 drivers/gpu/drm/drm_modes.c:2594 Code: 0f b7 03 66 83 f8 02 b9 01 00 00 00 0f 43 c8 0f b7 c1 44 0f af f8 44 89 f0 48 69 c8 e8 03 00 00 44 89 f8 d1 e8 48 01 c8 31 d2 <49> f7 f7 48 89 c3 eb 1a e8 19 a2 47 fc eb 05 e8 12 a2 47 fc 48 8b RSP: 0018:c900034ff660 EFLAGS: 00010246 RAX: 1f40 RBX: 8880176d9016 RCX: 1f40 RDX: RSI: c900034ff720 RDI: dc00 RBP: 0200 R08: 854c389a R09: 8880176d900a R10: dc00 R11: ed100366d143 R12: 111002edb202 R13: 8880176d9000 R14: 0008 R15: FS: 55c18380() GS:8880b950() knlGS: CS: 0010 DS: ES: CR0: 80050033 CR2: 7fd888e95270 CR3: 11012000 CR4: 003506f0 DR0: DR1: DR2: DR3: DR6: fffe0ff0 DR7: 0400 Code disassembly (best guess): 0: 0f b7 03movzwl (%rbx),%eax 3: 66 83 f8 02 cmp$0x2,%ax 7: b9 01 00 00 00 mov$0x1,%ecx c: 0f 43 c8cmovae %eax,%ecx f: 0f b7 c1movzwl %cx,%eax
Re: [syzbot] [dri?] WARNING in vkms_get_vblank_timestamp (2)
syzbot has bisected this issue to:
commit ea40d7857d5250e5400f38c69ef9e17321e9c4a2
Author: Daniel Vetter
Date: Fri Oct 9 23:21:56 2020 +
drm/vkms: fbdev emulation support
bisection log: https://syzkaller.appspot.com/x/bisect.txt?x=1282dbffe8
start commit: 6764c317b6bb Merge tag 'scsi-fixes' of git://git.kernel.or..
git tree: upstream
final oops: https://syzkaller.appspot.com/x/report.txt?x=1182dbffe8
console output: https://syzkaller.appspot.com/x/log.txt?x=1682dbffe8
kernel config: https://syzkaller.appspot.com/x/.config?x=2c0ac5dfae6ecc58
dashboard link: https://syzkaller.appspot.com/bug?extid=93bd128a383695391534
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=12067e6018
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=102774b7e8
Reported-by: syzbot+93bd128a383695391...@syzkaller.appspotmail.com
Fixes: ea40d7857d52 ("drm/vkms: fbdev emulation support")
For information about bisection process see: https://goo.gl/tpsmEJ#bisection
[syzbot] [dri?] [media?] inconsistent lock state in valid_state (2)
Hello,
syzbot found the following issue on:
HEAD commit:021533194476 Kconfig: Disable -Wstringop-overflow for GCC ..
git tree: upstream
console output: https://syzkaller.appspot.com/x/log.txt?x=10a82db018
kernel config: https://syzkaller.appspot.com/x/.config?x=457249c250b93697
dashboard link: https://syzkaller.appspot.com/bug?extid=a225ee3df7e7f9372dbe
compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian)
2.40
Unfortunately, I don't have any reproducer for this issue yet.
Downloadable assets:
disk image:
https://storage.googleapis.com/syzbot-assets/da8c6426660d/disk-02153319.raw.xz
vmlinux:
https://storage.googleapis.com/syzbot-assets/a866aaa09be9/vmlinux-02153319.xz
kernel image:
https://storage.googleapis.com/syzbot-assets/4a5680d805d7/bzImage-02153319.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+a225ee3df7e7f9372...@syzkaller.appspotmail.com
WARNING: inconsistent lock state
6.8.0-rc2-syzkaller-00199-g021533194476 #0 Not tainted
inconsistent {IN-HARDIRQ-W} -> {HARDIRQ-ON-W} usage.
syz-executor.4/9508 [HC0[0]:SC0[0]:HE0:SE1] takes:
8ea8c5d8 (sync_timeline_list_lock){?...}-{2:2}, at: spin_lock_irq
include/linux/spinlock.h:376 [inline]
8ea8c5d8 (sync_timeline_list_lock){?...}-{2:2}, at:
sync_info_debugfs_show+0x94/0x4d0 drivers/dma-buf/sync_debug.c:147
{IN-HARDIRQ-W} state was registered at:
lock_acquire+0x1e3/0x530 kernel/locking/lockdep.c:5754
__raw_spin_lock_irqsave include/linux/spinlock_api_smp.h:110 [inline]
_raw_spin_lock_irqsave+0xd5/0x120 kernel/locking/spinlock.c:162
sync_timeline_debug_remove+0x2c/0x150 drivers/dma-buf/sync_debug.c:31
sync_timeline_free drivers/dma-buf/sw_sync.c:125 [inline]
kref_put include/linux/kref.h:65 [inline]
sync_timeline_put drivers/dma-buf/sw_sync.c:137 [inline]
timeline_fence_release+0x204/0x250 drivers/dma-buf/sw_sync.c:165
kref_put include/linux/kref.h:65 [inline]
dma_fence_put include/linux/dma-fence.h:297 [inline]
dma_fence_array_release+0x13e/0x240 drivers/dma-buf/dma-fence-array.c:120
irq_work_single+0xe1/0x240 kernel/irq_work.c:221
irq_work_run_list kernel/irq_work.c:252 [inline]
irq_work_run+0x18b/0x350 kernel/irq_work.c:261
__sysvec_irq_work+0xa8/0x3e0 arch/x86/kernel/irq_work.c:22
sysvec_irq_work+0x8f/0xb0 arch/x86/kernel/irq_work.c:17
asm_sysvec_irq_work+0x1a/0x20 arch/x86/include/asm/idtentry.h:674
__raw_spin_unlock_irq include/linux/spinlock_api_smp.h:160 [inline]
_raw_spin_unlock_irq+0x29/0x50 kernel/locking/spinlock.c:202
spin_unlock_irq include/linux/spinlock.h:401 [inline]
sw_sync_debugfs_release+0x14b/0x1d0 drivers/dma-buf/sw_sync.c:359
__fput+0x429/0x8a0 fs/file_table.c:376
task_work_run+0x24e/0x310 kernel/task_work.c:180
exit_task_work include/linux/task_work.h:38 [inline]
do_exit+0xa2c/0x2740 kernel/exit.c:871
do_group_exit+0x206/0x2c0 kernel/exit.c:1020
__do_sys_exit_group kernel/exit.c:1031 [inline]
__se_sys_exit_group kernel/exit.c:1029 [inline]
__x64_sys_exit_group+0x3f/0x40 kernel/exit.c:1029
do_syscall_64+0xf9/0x240
entry_SYSCALL_64_after_hwframe+0x6f/0x77
irq event stamp: 364
hardirqs last enabled at (363): []
__raw_spin_unlock_irqrestore include/linux/spinlock_api_smp.h:151 [inline]
hardirqs last enabled at (363): []
_raw_spin_unlock_irqrestore+0x8f/0x140 kernel/locking/spinlock.c:194
hardirqs last disabled at (364): [] __raw_spin_lock_irq
include/linux/spinlock_api_smp.h:117 [inline]
hardirqs last disabled at (364): []
_raw_spin_lock_irq+0xad/0x120 kernel/locking/spinlock.c:170
softirqs last enabled at (0): [] rcu_lock_acquire
include/linux/rcupdate.h:298 [inline]
softirqs last enabled at (0): [] rcu_read_lock
include/linux/rcupdate.h:750 [inline]
softirqs last enabled at (0): [] copy_process+0x9c3/0x3fc0
kernel/fork.c:2366
softirqs last disabled at (0): [<>] 0x0
other info that might help us debug this:
Possible unsafe locking scenario:
CPU0
lock(sync_timeline_list_lock);
lock(sync_timeline_list_lock);
*** DEADLOCK ***
3 locks held by syz-executor.4/9508:
#0: 888086cd7748 (&f->f_pos_lock){+.+.}-{3:3}, at: __fdget_pos+0x258/0x320
fs/file.c:1191
#1: 88801f9c8448 (&p->lock){+.+.}-{3:3}, at: seq_read_iter+0xb7/0xd60
fs/seq_file.c:182
#2: 8ea8c5d8 (sync_timeline_list_lock){?...}-{2:2}, at: spin_lock_irq
include/linux/spinlock.h:376 [inline]
#2: 8ea8c5d8 (sync_timeline_list_lock){?...}-{2:2}, at:
sync_info_debugfs_show+0x94/0x4d0 drivers/dma-buf/sync_debug.c:147
stack backtrace:
CPU: 0 PID: 9508 Comm: syz-executor.4 Not tainted
6.8.0-rc2-syzkaller-00199-g021533194476 #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google
01/25/2024
Call Trace:
__dump_stack lib/dump_stack.c:88 [inline]
dump_stack_lvl+0x1e7/0x2e0 lib/dump_stack.c:106
valid_stat
[syzbot] Monthly dri report (Feb 2024)
Hello dri maintainers/developers, This is a 31-day syzbot report for the dri subsystem. All related reports/information can be found at: https://syzkaller.appspot.com/upstream/s/dri During the period, 1 new issues were detected and 0 were fixed. In total, 17 issues are still open and 31 have been fixed so far. Some of the still happening issues: Ref Crashes Repro Title <1> 375 Yes WARNING in drm_wait_one_vblank https://syzkaller.appspot.com/bug?extid=6f7fe2dbc479dca0ed17 <2> 213 Yes WARNING in drm_syncobj_array_find https://syzkaller.appspot.com/bug?extid=95416f957d84e858b377 <3> 182 Yes WARNING in vkms_get_vblank_timestamp (2) https://syzkaller.appspot.com/bug?extid=93bd128a383695391534 <4> 132 Yes inconsistent lock state in sync_timeline_debug_remove https://syzkaller.appspot.com/bug?extid=7dcd254b8987a29f6450 <5> 87 Yes inconsistent lock state in sync_info_debugfs_show https://syzkaller.appspot.com/bug?extid=007bfe0f3330f6e1e7d1 <6> 10 Yes WARNING in drm_gem_prime_fd_to_handle https://syzkaller.appspot.com/bug?extid=268d319a7bfd92f4ae01 <7> 6 Yes divide error in drm_mode_vrefresh https://syzkaller.appspot.com/bug?extid=622bba18029bcde672e1 --- This report is generated by a bot. It may contain errors. See https://goo.gl/tpsmEJ for more information about syzbot. syzbot engineers can be reached at syzkal...@googlegroups.com. To disable reminders for individual bugs, reply with the following command: #syz set no-reminders To change bug's subsystems, reply with: #syz set subsystems: new-subsystem You may send multiple commands in a single email message.
Re: [syzbot] [dri?] WARNING in vkms_get_vblank_timestamp (2)
syzbot has found a reproducer for the following issue on: HEAD commit:6764c317b6bb Merge tag 'scsi-fixes' of git://git.kernel.or.. git tree: upstream console+strace: https://syzkaller.appspot.com/x/log.txt?x=12be332818 kernel config: https://syzkaller.appspot.com/x/.config?x=2c0ac5dfae6ecc58 dashboard link: https://syzkaller.appspot.com/bug?extid=93bd128a383695391534 compiler: gcc (Debian 12.2.0-14) 12.2.0, GNU ld (GNU Binutils for Debian) 2.40 syz repro: https://syzkaller.appspot.com/x/repro.syz?x=12067e6018 C reproducer: https://syzkaller.appspot.com/x/repro.c?x=102774b7e8 Downloadable assets: disk image: https://storage.googleapis.com/syzbot-assets/90c636d7609b/disk-6764c317.raw.xz vmlinux: https://storage.googleapis.com/syzbot-assets/9d76784c4adc/vmlinux-6764c317.xz kernel image: https://storage.googleapis.com/syzbot-assets/4fa116a29660/bzImage-6764c317.xz IMPORTANT: if you fix the issue, please add the following tag to the commit: Reported-by: syzbot+93bd128a383695391...@syzkaller.appspotmail.com [ cut here ] WARNING: CPU: 1 PID: 5107 at drivers/gpu/drm/vkms/vkms_crtc.c:103 vkms_get_vblank_timestamp+0x1dc/0x250 drivers/gpu/drm/vkms/vkms_crtc.c:103 Modules linked in: CPU: 1 PID: 5107 Comm: syz-executor297 Not tainted 6.8.0-rc2-syzkaller-00055-g6764c317b6bb #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024 RIP: 0010:vkms_get_vblank_timestamp+0x1dc/0x250 drivers/gpu/drm/vkms/vkms_crtc.c:103 Code: 08 fc e8 a7 f4 f6 fb 4c 89 e1 48 ba 00 00 00 00 00 fc ff df 48 c1 e9 03 80 3c 11 00 75 67 49 89 04 24 eb c0 e8 c5 0f 08 fc 90 <0f> 0b 90 eb b5 e8 6a bf 61 fc e9 d8 fe ff ff e8 c0 bf 61 fc e9 6a RSP: 0018:c9000473f5d8 EFLAGS: 00010093 RAX: RBX: 001a34a6b1e9 RCX: 8584597f RDX: 888023a3 RSI: 858459fb RDI: 0006 RBP: 88801fab R08: 0006 R09: 001a34a6b1e9 R10: 001a34a6b1e9 R11: 0004 R12: c9000473f700 R13: 001a34a6b1e9 R14: 4e20 R15: 85845820 FS: 55568380() GS:8880b950() knlGS: CS: 0010 DS: ES: CR0: 80050033 CR2: 2240 CR3: 22742000 CR4: 00350ef0 Call Trace: drm_crtc_get_last_vbltimestamp+0x106/0x1b0 drivers/gpu/drm/drm_vblank.c:867 drm_get_last_vbltimestamp drivers/gpu/drm/drm_vblank.c:886 [inline] drm_update_vblank_count+0x1b1/0x9d0 drivers/gpu/drm/drm_vblank.c:298 drm_crtc_accurate_vblank_count+0xc2/0x260 drivers/gpu/drm/drm_vblank.c:411 drm_crtc_arm_vblank_event+0xfb/0x2b0 drivers/gpu/drm/drm_vblank.c:1097 vkms_crtc_atomic_flush+0x10b/0x2b0 drivers/gpu/drm/vkms/vkms_crtc.c:258 drm_atomic_helper_commit_planes+0x61f/0x1000 drivers/gpu/drm/drm_atomic_helper.c:2820 vkms_atomic_commit_tail+0x5e/0x240 drivers/gpu/drm/vkms/vkms_drv.c:73 commit_tail+0x287/0x410 drivers/gpu/drm/drm_atomic_helper.c:1832 drm_atomic_helper_commit+0x2fd/0x380 drivers/gpu/drm/drm_atomic_helper.c:2072 drm_atomic_commit+0x20e/0x2e0 drivers/gpu/drm/drm_atomic.c:1514 drm_atomic_helper_set_config+0x141/0x1c0 drivers/gpu/drm/drm_atomic_helper.c:3271 drm_mode_setcrtc+0xd0a/0x1690 drivers/gpu/drm/drm_crtc.c:886 drm_ioctl_kernel+0x1ef/0x3e0 drivers/gpu/drm/drm_ioctl.c:744 drm_ioctl+0x5d8/0xc00 drivers/gpu/drm/drm_ioctl.c:841 vfs_ioctl fs/ioctl.c:51 [inline] __do_sys_ioctl fs/ioctl.c:871 [inline] __se_sys_ioctl fs/ioctl.c:857 [inline] __x64_sys_ioctl+0x196/0x220 fs/ioctl.c:857 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0xd8/0x270 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x6f/0x77 RIP: 0033:0x7f0d5d4bdd89 Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 71 19 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 RSP: 002b:7ffe26838708 EFLAGS: 0246 ORIG_RAX: 0010 RAX: ffda RBX: RCX: 7f0d5d4bdd89 RDX: 2300 RSI: c06864a2 RDI: 0003 RBP: R08: R09: 55569610 R10: R11: 0246 R12: R13: R14: R15: 0000 --- If you want syzbot to run the reproducer, reply with: #syz test: git://repo/address.git branch-or-commit-hash If you attach or paste a git patch, syzbot will apply it before testing.
[syzbot] [dri?] [virtualization?] upstream boot error: INFO: task hung in virtio_gpu_queue_fenced_ctrl_buffer
Hello, syzbot found the following issue on: HEAD commit:615d30064886 Merge tag 'trace-v6.8-rc1' of git://git.kerne.. git tree: upstream console output: https://syzkaller.appspot.com/x/log.txt?x=167456f7e8 kernel config: https://syzkaller.appspot.com/x/.config?x=e6c3b3d5f71246cb dashboard link: https://syzkaller.appspot.com/bug?extid=22e2c28c99235275f109 compiler: gcc (Debian 12.2.0-14) 12.2.0, GNU ld (GNU Binutils for Debian) 2.40 Downloadable assets: disk image (non-bootable): https://storage.googleapis.com/syzbot-assets/7bc7510fe41f/non_bootable_disk-615d3006.raw.xz vmlinux: https://storage.googleapis.com/syzbot-assets/4bf0b27acaa4/vmlinux-615d3006.xz kernel image: https://storage.googleapis.com/syzbot-assets/3133809ff35d/bzImage-615d3006.xz IMPORTANT: if you fix the issue, please add the following tag to the commit: Reported-by: syzbot+22e2c28c99235275f...@syzkaller.appspotmail.com INFO: task swapper/0:1 blocked for more than 143 seconds. Not tainted 6.8.0-rc1-syzkaller-00029-g615d30064886 #0 "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. task:swapper/0 state:D stack:22288 pid:1 tgid:1 ppid:0 flags:0x4000 Call Trace: context_switch kernel/sched/core.c:5400 [inline] __schedule+0xf12/0x5c00 kernel/sched/core.c:6727 __schedule_loop kernel/sched/core.c:6802 [inline] schedule+0xe9/0x270 kernel/sched/core.c:6817 virtio_gpu_queue_ctrl_sgs drivers/gpu/drm/virtio/virtgpu_vq.c:341 [inline] virtio_gpu_queue_fenced_ctrl_buffer+0x497/0xff0 drivers/gpu/drm/virtio/virtgpu_vq.c:415 virtio_gpu_resource_flush drivers/gpu/drm/virtio/virtgpu_plane.c:162 [inline] virtio_gpu_primary_plane_update+0x1059/0x1590 drivers/gpu/drm/virtio/virtgpu_plane.c:237 drm_atomic_helper_commit_planes+0x92f/0xfe0 drivers/gpu/drm/drm_atomic_helper.c:2800 drm_atomic_helper_commit_tail+0x69/0xf0 drivers/gpu/drm/drm_atomic_helper.c:1749 commit_tail+0x353/0x410 drivers/gpu/drm/drm_atomic_helper.c:1834 drm_atomic_helper_commit+0x2f9/0x380 drivers/gpu/drm/drm_atomic_helper.c:2072 drm_atomic_commit+0x20b/0x2d0 drivers/gpu/drm/drm_atomic.c:1514 drm_client_modeset_commit_atomic+0x6c2/0x810 drivers/gpu/drm/drm_client_modeset.c:1051 drm_client_modeset_commit_locked+0x14d/0x580 drivers/gpu/drm/drm_client_modeset.c:1154 pan_display_atomic drivers/gpu/drm/drm_fb_helper.c:1370 [inline] drm_fb_helper_pan_display+0x2a5/0x990 drivers/gpu/drm/drm_fb_helper.c:1430 fb_pan_display+0x477/0x7c0 drivers/video/fbdev/core/fbmem.c:191 bit_update_start+0x49/0x1f0 drivers/video/fbdev/core/bitblit.c:390 fbcon_switch+0xbb3/0x12e0 drivers/video/fbdev/core/fbcon.c:2170 redraw_screen+0x2bd/0x750 drivers/tty/vt/vt.c:969 fbcon_prepare_logo+0x9f8/0xc80 drivers/video/fbdev/core/fbcon.c:616 con2fb_init_display drivers/video/fbdev/core/fbcon.c:803 [inline] set_con2fb_map+0xcea/0x1050 drivers/video/fbdev/core/fbcon.c:867 do_fb_registered drivers/video/fbdev/core/fbcon.c:3007 [inline] fbcon_fb_registered+0x21d/0x660 drivers/video/fbdev/core/fbcon.c:3023 do_register_framebuffer drivers/video/fbdev/core/fbmem.c:449 [inline] register_framebuffer+0x4b2/0x860 drivers/video/fbdev/core/fbmem.c:515 __drm_fb_helper_initial_config_and_unlock+0xd7c/0x1650 drivers/gpu/drm/drm_fb_helper.c:1871 drm_fb_helper_initial_config drivers/gpu/drm/drm_fb_helper.c:1936 [inline] drm_fb_helper_initial_config+0x44/0x60 drivers/gpu/drm/drm_fb_helper.c:1928 drm_fbdev_generic_client_hotplug+0x19e/0x270 drivers/gpu/drm/drm_fbdev_generic.c:279 drm_client_register+0x195/0x280 drivers/gpu/drm/drm_client.c:141 drm_fbdev_generic_setup+0x184/0x340 drivers/gpu/drm/drm_fbdev_generic.c:341 virtio_gpu_probe+0x1be/0x3c0 drivers/gpu/drm/virtio/virtgpu_drv.c:105 virtio_dev_probe+0x5e4/0x980 drivers/virtio/virtio.c:311 call_driver_probe drivers/base/dd.c:579 [inline] really_probe+0x234/0xc90 drivers/base/dd.c:658 __driver_probe_device+0x1de/0x4b0 drivers/base/dd.c:800 driver_probe_device+0x4c/0x1a0 drivers/base/dd.c:830 __driver_attach+0x274/0x570 drivers/base/dd.c:1216 bus_for_each_dev+0x13c/0x1d0 drivers/base/bus.c:368 bus_add_driver+0x2e9/0x630 drivers/base/bus.c:673 driver_register+0x15c/0x4a0 drivers/base/driver.c:246 do_one_initcall+0x11c/0x650 init/main.c:1236 do_initcall_level init/main.c:1298 [inline] do_initcalls init/main.c:1314 [inline] do_basic_setup init/main.c:1333 [inline] kernel_init_freeable+0x687/0xc10 init/main.c:1551 kernel_init+0x1c/0x2a0 init/main.c:1441 ret_from_fork+0x45/0x80 arch/x86/kernel/process.c:147 ret_from_fork_asm+0x11/0x20 arch/x86/entry/entry_64.S:242 INFO: task kworker/0:0:8 blocked for more than 143 seconds. Not tainted 6.8.0-rc1-syzkaller-00029-g615d30064886 #0 "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. task:kworker/0:0 state:D stack:28208 pid:8 tgid:8 ppid:2 flags:0x4000 Workqueue: events virtio_gpu_dequeue_ctrl_func Call Trace: context_swi
[syzbot] [dri?] BUG: scheduling while atomic in drm_atomic_helper_wait_for_flip_done
Hello, syzbot found the following issue on: HEAD commit:1b1934dbbdcf Merge tag 'docs-6.8-2' of git://git.lwn.net/l.. git tree: upstream console output: https://syzkaller.appspot.com/x/log.txt?x=1029adbde8 kernel config: https://syzkaller.appspot.com/x/.config?x=68ea41b98043e6e8 dashboard link: https://syzkaller.appspot.com/bug?extid=06fa1063cca8163ea541 compiler: aarch64-linux-gnu-gcc (Debian 12.2.0-14) 12.2.0, GNU ld (GNU Binutils for Debian) 2.40 userspace arch: arm64 Unfortunately, I don't have any reproducer for this issue yet. Downloadable assets: disk image (non-bootable): https://storage.googleapis.com/syzbot-assets/384ffdcca292/non_bootable_disk-1b1934db.raw.xz vmlinux: https://storage.googleapis.com/syzbot-assets/00b728a4f3de/vmlinux-1b1934db.xz kernel image: https://storage.googleapis.com/syzbot-assets/5a3fe8452d59/Image-1b1934db.gz.xz IMPORTANT: if you fix the issue, please add the following tag to the commit: Reported-by: syzbot+06fa1063cca8163ea...@syzkaller.appspotmail.com BUG: scheduling while atomic: syz-executor.0/29225/0x0002 Modules linked in: CPU: 1 PID: 29225 Comm: syz-executor.0 Not tainted 6.7.0-syzkaller-10085-g1b1934dbbdcf #0 Hardware name: linux,dummy-virt (DT) Call trace: dump_backtrace+0x94/0xec arch/arm64/kernel/stacktrace.c:291 show_stack+0x18/0x24 arch/arm64/kernel/stacktrace.c:298 __dump_stack lib/dump_stack.c:88 [inline] dump_stack_lvl+0x48/0x60 lib/dump_stack.c:106 dump_stack+0x18/0x24 lib/dump_stack.c:113 __schedule_bug+0x50/0x68 kernel/sched/core.c:5943 schedule_debug kernel/sched/core.c:5970 [inline] __schedule+0x7f4/0x8a8 kernel/sched/core.c:6620 __schedule_loop kernel/sched/core.c:6802 [inline] schedule+0x34/0xc8 kernel/sched/core.c:6817 schedule_timeout+0x8c/0x100 kernel/time/timer.c:2183 do_wait_for_common kernel/sched/completion.c:95 [inline] __wait_for_common kernel/sched/completion.c:116 [inline] wait_for_common kernel/sched/completion.c:127 [inline] wait_for_completion_timeout+0x74/0x16c kernel/sched/completion.c:167 drm_atomic_helper_wait_for_flip_done+0x6c/0xc4 drivers/gpu/drm/drm_atomic_helper.c:1719 vkms_atomic_commit_tail+0x60/0xd0 drivers/gpu/drm/vkms/vkms_drv.c:81 commit_tail+0xa4/0x18c drivers/gpu/drm/drm_atomic_helper.c:1832 drm_atomic_helper_commit+0x164/0x178 drivers/gpu/drm/drm_atomic_helper.c:2072 drm_atomic_commit+0xa8/0xe0 drivers/gpu/drm/drm_atomic.c:1514 drm_client_modeset_commit_atomic+0x210/0x270 drivers/gpu/drm/drm_client_modeset.c:1051 drm_client_modeset_commit_locked+0x5c/0x188 drivers/gpu/drm/drm_client_modeset.c:1154 drm_client_modeset_commit+0x30/0x58 drivers/gpu/drm/drm_client_modeset.c:1180 __drm_fb_helper_restore_fbdev_mode_unlocked drivers/gpu/drm/drm_fb_helper.c:251 [inline] __drm_fb_helper_restore_fbdev_mode_unlocked+0xa8/0xe8 drivers/gpu/drm/drm_fb_helper.c:230 drm_fb_helper_set_par+0x30/0x4c drivers/gpu/drm/drm_fb_helper.c:1344 fb_set_var+0x21c/0x488 drivers/video/fbdev/core/fbmem.c:312 fbcon_switch+0x214/0x4d0 drivers/video/fbdev/core/fbcon.c:2110 flush_scrollback drivers/tty/vt/vt.c:912 [inline] csi_J+0x254/0x260 drivers/tty/vt/vt.c:1527 do_con_trol drivers/tty/vt/vt.c:2408 [inline] do_con_write+0x1a30/0x1e2c drivers/tty/vt/vt.c:2905 con_write+0x18/0x68 drivers/tty/vt/vt.c:3251 gsmld_write+0x64/0xd0 drivers/tty/n_gsm.c:3724 iterate_tty_write drivers/tty/tty_io.c:1021 [inline] file_tty_write.constprop.0+0x134/0x28c drivers/tty/tty_io.c:1092 tty_write+0x14/0x20 drivers/tty/tty_io.c:1113 call_write_iter include/linux/fs.h:2085 [inline] new_sync_write fs/read_write.c:497 [inline] vfs_write+0x1dc/0x2f4 fs/read_write.c:590 ksys_write+0x70/0x104 fs/read_write.c:643 __do_sys_write fs/read_write.c:655 [inline] __se_sys_write fs/read_write.c:652 [inline] __arm64_sys_write+0x1c/0x28 fs/read_write.c:652 __invoke_syscall arch/arm64/kernel/syscall.c:37 [inline] invoke_syscall+0x48/0x114 arch/arm64/kernel/syscall.c:51 el0_svc_common.constprop.0+0x40/0xe0 arch/arm64/kernel/syscall.c:136 do_el0_svc+0x1c/0x28 arch/arm64/kernel/syscall.c:155 el0_svc+0x34/0xd8 arch/arm64/kernel/entry-common.c:678 el0t_64_sync_handler+0x100/0x12c arch/arm64/kernel/entry-common.c:696 el0t_64_sync+0x19c/0x1a0 arch/arm64/kernel/entry.S:595 BUG: scheduling while atomic: syz-executor.0/29225/0x Modules linked in: CPU: 0 PID: 29225 Comm: syz-executor.0 Tainted: GW 6.7.0-syzkaller-10085-g1b1934dbbdcf #0 Hardware name: linux,dummy-virt (DT) Call trace: dump_backtrace+0x94/0xec arch/arm64/kernel/stacktrace.c:291 show_stack+0x18/0x24 arch/arm64/kernel/stacktrace.c:298 __dump_stack lib/dump_stack.c:88 [inline] dump_stack_lvl+0x48/0x60 lib/dump_stack.c:106 dump_stack+0x18/0x24 lib/dump_stack.c:113 __schedule_bug+0x50/0x68 kernel/sched/core.c:5943 schedule_debug kernel/sched/core.c:5970 [inline] __schedule+0x7f4/0x8a8 kernel/sched/core.c:6620 __schedule_loop kernel/sched/core.c:6802 [inline] schedule+0x34/0xc8 kernel/sc
Re: [syzbot] [net?] [nfc?] INFO: task hung in nfc_targets_found
syzbot has bisected this issue to:
commit d665e3c9d37ad31aec2d0d9d086e7c903ddd7250
Author: Uwe Kleine-König
Date: Sun May 7 16:26:06 2023 +
drm/sun4i: Convert to platform remove callback returning void
bisection log: https://syzkaller.appspot.com/x/bisect.txt?x=146b91f5e8
start commit: acc657692aed keys, dns: Fix size check of V1 server-list h..
git tree: upstream
final oops: https://syzkaller.appspot.com/x/report.txt?x=166b91f5e8
console output: https://syzkaller.appspot.com/x/log.txt?x=126b91f5e8
kernel config: https://syzkaller.appspot.com/x/.config?x=5c882ebde8a5f3b4
dashboard link: https://syzkaller.appspot.com/bug?extid=2b131f51bb4af224ab40
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=103698bde8
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=1617e0fbe8
Reported-by: syzbot+2b131f51bb4af224a...@syzkaller.appspotmail.com
Fixes: d665e3c9d37a ("drm/sun4i: Convert to platform remove callback returning
void")
For information about bisection process see: https://goo.gl/tpsmEJ#bisection
[syzbot] Monthly dri report (Jan 2024)
Hello dri maintainers/developers, This is a 31-day syzbot report for the dri subsystem. All related reports/information can be found at: https://syzkaller.appspot.com/upstream/s/dri During the period, 4 new issues were detected and 0 were fixed. In total, 18 issues are still open and 31 have been fixed so far. Some of the still happening issues: Ref Crashes Repro Title <1> 375 Yes WARNING in drm_wait_one_vblank https://syzkaller.appspot.com/bug?extid=6f7fe2dbc479dca0ed17 <2> 147 Yes WARNING in vkms_get_vblank_timestamp (2) https://syzkaller.appspot.com/bug?extid=93bd128a383695391534 <3> 143 Yes WARNING in drm_syncobj_array_find https://syzkaller.appspot.com/bug?extid=95416f957d84e858b377 <4> 94 Yes inconsistent lock state in sync_timeline_debug_remove https://syzkaller.appspot.com/bug?extid=7dcd254b8987a29f6450 <5> 54 Yes inconsistent lock state in sync_info_debugfs_show https://syzkaller.appspot.com/bug?extid=007bfe0f3330f6e1e7d1 <6> 9 Yes kernel BUG in vmf_insert_pfn_prot (2) https://syzkaller.appspot.com/bug?extid=398e17b61dab22cc56bc <7> 6 Yes WARNING in drm_gem_prime_fd_to_handle https://syzkaller.appspot.com/bug?extid=268d319a7bfd92f4ae01 <8> 5 Yes divide error in drm_mode_vrefresh https://syzkaller.appspot.com/bug?extid=622bba18029bcde672e1 <9> 1 Yes divide error in drm_mode_debug_printmodeline https://syzkaller.appspot.com/bug?extid=2e93e6fb36e6fdc56574 --- This report is generated by a bot. It may contain errors. See https://goo.gl/tpsmEJ for more information about syzbot. syzbot engineers can be reached at syzkal...@googlegroups.com. To disable reminders for individual bugs, reply with the following command: #syz set no-reminders To change bug's subsystems, reply with: #syz set subsystems: new-subsystem You may send multiple commands in a single email message.
[syzbot] [dri?] [media?] memory leak in get_sg_table
Hello, syzbot found the following issue on: HEAD commit:fbafc3e621c3 Merge tag 'for_linus' of git://git.kernel.org.. git tree: upstream console output: https://syzkaller.appspot.com/x/log.txt?x=10ae11cee8 kernel config: https://syzkaller.appspot.com/x/.config?x=e81921f96ae24ec0 dashboard link: https://syzkaller.appspot.com/bug?extid=9b4adfed366b14496e7e compiler: gcc (Debian 12.2.0-14) 12.2.0, GNU ld (GNU Binutils for Debian) 2.40 syz repro: https://syzkaller.appspot.com/x/repro.syz?x=1635d436e8 C reproducer: https://syzkaller.appspot.com/x/repro.c?x=15e8171ae8 Downloadable assets: disk image: https://storage.googleapis.com/syzbot-assets/76e4a40f41aa/disk-fbafc3e6.raw.xz vmlinux: https://storage.googleapis.com/syzbot-assets/a2f88511ce98/vmlinux-fbafc3e6.xz kernel image: https://storage.googleapis.com/syzbot-assets/2b21933ed8f1/bzImage-fbafc3e6.xz IMPORTANT: if you fix the issue, please add the following tag to the commit: Reported-by: syzbot+9b4adfed366b14496...@syzkaller.appspotmail.com Warning: Permanently added '10.128.0.162' (ED25519) to the list of known hosts. executing program executing program BUG: memory leak unreferenced object 0x88810af03840 (size 16): comm "syz-executor111", pid 5038, jiffies 4294942820 (age 13.250s) hex dump (first 16 bytes): 80 8b 89 0b 81 88 ff ff 04 00 00 00 04 00 00 00 backtrace: [] kmemleak_alloc_recursive include/linux/kmemleak.h:42 [inline] [] slab_post_alloc_hook mm/slab.h:766 [inline] [] slab_alloc_node mm/slub.c:3478 [inline] [] __kmem_cache_alloc_node+0x2dd/0x3f0 mm/slub.c:3517 [] kmalloc_trace+0x25/0x90 mm/slab_common.c:1098 [] kmalloc include/linux/slab.h:600 [inline] [] kzalloc include/linux/slab.h:721 [inline] [] get_sg_table.isra.0+0x2a/0xe0 drivers/dma-buf/udmabuf.c:93 [] begin_cpu_udmabuf+0x63/0xa0 drivers/dma-buf/udmabuf.c:156 [] dma_buf_begin_cpu_access+0x3b/0xc0 drivers/dma-buf/dma-buf.c:1402 [] dma_buf_ioctl+0x550/0x660 drivers/dma-buf/dma-buf.c:475 [] vfs_ioctl fs/ioctl.c:51 [inline] [] __do_sys_ioctl fs/ioctl.c:871 [inline] [] __se_sys_ioctl fs/ioctl.c:857 [inline] [] __x64_sys_ioctl+0xf2/0x140 fs/ioctl.c:857 [] do_syscall_x64 arch/x86/entry/common.c:52 [inline] [] do_syscall_64+0x3f/0x110 arch/x86/entry/common.c:83 [] entry_SYSCALL_64_after_hwframe+0x63/0x6b BUG: memory leak unreferenced object 0x88810b898b80 (size 128): comm "syz-executor111", pid 5038, jiffies 4294942820 (age 13.250s) hex dump (first 32 bytes): c0 09 2a 04 00 ea ff ff 00 00 00 00 00 10 00 00 ..*. 00 70 82 0a 01 00 00 00 00 10 00 00 00 00 00 00 .p.. backtrace: [] kmemleak_alloc_recursive include/linux/kmemleak.h:42 [inline] [] slab_post_alloc_hook mm/slab.h:766 [inline] [] slab_alloc_node mm/slub.c:3478 [inline] [] __kmem_cache_alloc_node+0x2dd/0x3f0 mm/slub.c:3517 [] __do_kmalloc_node mm/slab_common.c:1006 [inline] [] __kmalloc+0x4b/0x150 mm/slab_common.c:1020 [] kmalloc_array include/linux/slab.h:637 [inline] [] sg_kmalloc lib/scatterlist.c:167 [inline] [] get_next_sg lib/scatterlist.c:402 [inline] [] sg_alloc_append_table_from_pages+0x35f/0x770 lib/scatterlist.c:526 [] sg_alloc_table_from_pages_segment+0x8c/0x120 lib/scatterlist.c:586 [] sg_alloc_table_from_pages include/linux/scatterlist.h:477 [inline] [] get_sg_table.isra.0+0x5e/0xe0 drivers/dma-buf/udmabuf.c:96 [] begin_cpu_udmabuf+0x63/0xa0 drivers/dma-buf/udmabuf.c:156 [] dma_buf_begin_cpu_access+0x3b/0xc0 drivers/dma-buf/dma-buf.c:1402 [] dma_buf_ioctl+0x550/0x660 drivers/dma-buf/dma-buf.c:475 [] vfs_ioctl fs/ioctl.c:51 [inline] [] __do_sys_ioctl fs/ioctl.c:871 [inline] [] __se_sys_ioctl fs/ioctl.c:857 [inline] [] __x64_sys_ioctl+0xf2/0x140 fs/ioctl.c:857 [] do_syscall_x64 arch/x86/entry/common.c:52 [inline] [] do_syscall_64+0x3f/0x110 arch/x86/entry/common.c:83 [] entry_SYSCALL_64_after_hwframe+0x63/0x6b --- This report is generated by a bot. It may contain errors. See https://goo.gl/tpsmEJ for more information about syzbot. syzbot engineers can be reached at syzkal...@googlegroups.com. syzbot will keep track of this issue. See: https://goo.gl/tpsmEJ#status for how to communicate with syzbot. If the report is already addressed, let syzbot know by replying with: #syz fix: exact-commit-title If you want syzbot to run the reproducer, reply with: #syz test: git://repo/address.git branch-or-commit-hash If you attach or paste a git patch, syzbot will apply it before testing. If you want to overwrite report's subsystems, reply with: #syz set subsystems: new-subsystem (See the list of subsystem names on the web dashboard) If the report is a duplicate of another one, reply with: #syz dup: exact-subject-of-another-report If you want to undo deduplication, reply with: #syz undup
[syzbot] [dri?] WARNING in drm_prime_destroy_file_private (2)
Hello,
syzbot found the following issue on:
HEAD commit:5254c0cbc92d Merge tag 'block-6.7-2023-12-22' of git://git..
git tree: upstream
console+strace: https://syzkaller.appspot.com/x/log.txt?x=10cc6995e8
kernel config: https://syzkaller.appspot.com/x/.config?x=314e9ad033a7d3a7
dashboard link: https://syzkaller.appspot.com/bug?extid=59dcc2e7283a6f5f5ba1
compiler: gcc (Debian 12.2.0-14) 12.2.0, GNU ld (GNU Binutils for Debian)
2.40
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=13e35809e8
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=155d5fd6e8
Downloadable assets:
disk image:
https://storage.googleapis.com/syzbot-assets/ebe09a5995ee/disk-5254c0cb.raw.xz
vmlinux:
https://storage.googleapis.com/syzbot-assets/02178d7f5f98/vmlinux-5254c0cb.xz
kernel image:
https://storage.googleapis.com/syzbot-assets/12307f47d87c/bzImage-5254c0cb.xz
The issue was bisected to:
commit ea4452de2ae987342fadbdd2c044034e6480daad
Author: Qi Zheng
Date: Fri Nov 18 10:00:11 2022 +
mm: fix unexpected changes to {failslab|fail_page_alloc}.attr
bisection log: https://syzkaller.appspot.com/x/bisect.txt?x=13027f76e8
final oops: https://syzkaller.appspot.com/x/report.txt?x=10827f76e8
console output: https://syzkaller.appspot.com/x/log.txt?x=17027f76e8
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+59dcc2e7283a6f5f5...@syzkaller.appspotmail.com
Fixes: ea4452de2ae9 ("mm: fix unexpected changes to
{failslab|fail_page_alloc}.attr")
R10: R11: 0246 R12: 7efe98069194
R13: 7efe97fd2210 R14: 0002 R15: 6972642f7665642f
[ cut here ]
WARNING: CPU: 0 PID: 5107 at drivers/gpu/drm/drm_prime.c:227
drm_prime_destroy_file_private+0x43/0x60 drivers/gpu/drm/drm_prime.c:227
Modules linked in:
CPU: 0 PID: 5107 Comm: syz-executor227 Not tainted
6.7.0-rc6-syzkaller-00248-g5254c0cbc92d #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google
11/17/2023
RIP: 0010:drm_prime_destroy_file_private+0x43/0x60
drivers/gpu/drm/drm_prime.c:227
Code: 00 00 fc ff df 48 89 fa 48 c1 ea 03 80 3c 02 00 75 21 48 8b 83 90 00 00
00 48 85 c0 75 06 5b e9 13 f1 93 fc e8 0e f1 93 fc 90 <0f> 0b 90 5b e9 04 f1 93
fc e8 3f 9b ea fc eb d8 66 66 2e 0f 1f 84
RSP: 0018:c90003bdf9e0 EFLAGS: 00010293
RAX: RBX: 888019f28378 RCX: c90003bdf9b0
RDX: 888018ff9dc0 RSI: 84f380c2 RDI: 888019f28408
RBP: 888019f28000 R08: 0001 R09: 0001
R10: 8f193a57 R11: R12: 88814829a000
R13: 888019f282a8 R14: 88814829a068 R15: 88814829a0a0
FS: () GS:8880b980() knlGS:
CS: 0010 DS: ES: CR0: 80050033
CR2: 7efe98050410 CR3: 6d1ff000 CR4: 00350ef0
Call Trace:
drm_file_free.part.0+0x738/0xb90 drivers/gpu/drm/drm_file.c:290
drm_file_free drivers/gpu/drm/drm_file.c:247 [inline]
drm_close_helper.isra.0+0x180/0x1f0 drivers/gpu/drm/drm_file.c:307
drm_release+0x22a/0x4f0 drivers/gpu/drm/drm_file.c:494
__fput+0x270/0xb70 fs/file_table.c:394
task_work_run+0x14d/0x240 kernel/task_work.c:180
exit_task_work include/linux/task_work.h:38 [inline]
do_exit+0xa8a/0x2ad0 kernel/exit.c:869
do_group_exit+0xd4/0x2a0 kernel/exit.c:1018
get_signal+0x23b5/0x2790 kernel/signal.c:2904
arch_do_signal_or_restart+0x90/0x7f0 arch/x86/kernel/signal.c:309
exit_to_user_mode_loop kernel/entry/common.c:168 [inline]
exit_to_user_mode_prepare+0x121/0x240 kernel/entry/common.c:204
__syscall_exit_to_user_mode_work kernel/entry/common.c:285 [inline]
syscall_exit_to_user_mode+0x1e/0x60 kernel/entry/common.c:296
do_syscall_64+0x4d/0x110 arch/x86/entry/common.c:89
entry_SYSCALL_64_after_hwframe+0x63/0x6b
RIP: 0033:0x7efe98014769
Code: Unable to access opcode bytes at 0x7efe9801473f.
RSP: 002b:7efe97fd2208 EFLAGS: 0246 ORIG_RAX: 00ca
RAX: fe00 RBX: 7efe9809c408 RCX: 7efe98014769
RDX: RSI: 0080 RDI: 7efe9809c408
RBP: 7efe9809c400 R08: 3131 R09: 3131
R10: R11: 0246 R12: 7efe98069194
R13: 7efe97fd2210 R14: 0002 R15: 6972642f7665642f
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzkal...@googlegroups.com.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
For information about bisection process see: https://goo.gl/tpsmEJ#bisection
If the report is already addressed, let syzbot know by replying with:
#syz fix: exact-commit-title
If you want syzbot to run the reproducer, reply with:
#syz test: git://repo/address.git branch-or-commit-hash
If you attach or past
[syzbot] Monthly dri report (Nov 2023)
Hello dri maintainers/developers, This is a 31-day syzbot report for the dri subsystem. All related reports/information can be found at: https://syzkaller.appspot.com/upstream/s/dri During the period, 1 new issues were detected and 0 were fixed. In total, 15 issues are still open and 30 have been fixed so far. Some of the still happening issues: Ref Crashes Repro Title <1> 375 Yes WARNING in drm_wait_one_vblank https://syzkaller.appspot.com/bug?extid=6f7fe2dbc479dca0ed17 <2> 129 Yes WARNING in vkms_get_vblank_timestamp (2) https://syzkaller.appspot.com/bug?extid=93bd128a383695391534 <3> 116 Yes WARNING in drm_syncobj_array_find https://syzkaller.appspot.com/bug?extid=95416f957d84e858b377 <4> 72 Yes inconsistent lock state in sync_timeline_debug_remove https://syzkaller.appspot.com/bug?extid=7dcd254b8987a29f6450 <5> 40 Yes KMSAN: uninit-value in drm_mode_setcrtc https://syzkaller.appspot.com/bug?extid=4fad2e57beb6397ab2fc <6> 36 Yes inconsistent lock state in sync_info_debugfs_show https://syzkaller.appspot.com/bug?extid=007bfe0f3330f6e1e7d1 <7> 9 Yes kernel BUG in vmf_insert_pfn_prot (2) https://syzkaller.appspot.com/bug?extid=398e17b61dab22cc56bc <8> 5 Yes divide error in drm_mode_vrefresh https://syzkaller.appspot.com/bug?extid=622bba18029bcde672e1 --- This report is generated by a bot. It may contain errors. See https://goo.gl/tpsmEJ for more information about syzbot. syzbot engineers can be reached at syzkal...@googlegroups.com. To disable reminders for individual bugs, reply with the following command: #syz set no-reminders To change bug's subsystems, reply with: #syz set subsystems: new-subsystem You may send multiple commands in a single email message.
[syzbot] [dri?] divide error in drm_mode_debug_printmodeline
Hello,
syzbot found the following issue on:
HEAD commit:ac347a0655db Merge tag 'arm64-fixes' of git://git.kernel.o..
git tree: upstream
console+strace: https://syzkaller.appspot.com/x/log.txt?x=101ba588e8
kernel config: https://syzkaller.appspot.com/x/.config?x=88e7ba51eecd9cd6
dashboard link: https://syzkaller.appspot.com/bug?extid=2e93e6fb36e6fdc56574
compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian)
2.40
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=11252f9768
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=10fd2498e8
Downloadable assets:
disk image:
https://storage.googleapis.com/syzbot-assets/8fcb90d89768/disk-ac347a06.raw.xz
vmlinux:
https://storage.googleapis.com/syzbot-assets/360d9341a71c/vmlinux-ac347a06.xz
kernel image:
https://storage.googleapis.com/syzbot-assets/a370aa406c63/bzImage-ac347a06.xz
The issue was bisected to:
commit ea40d7857d5250e5400f38c69ef9e17321e9c4a2
Author: Daniel Vetter
Date: Fri Oct 9 23:21:56 2020 +
drm/vkms: fbdev emulation support
bisection log: https://syzkaller.appspot.com/x/bisect.txt?x=1058223f68
final oops: https://syzkaller.appspot.com/x/report.txt?x=1258223f68
console output: https://syzkaller.appspot.com/x/log.txt?x=1458223f68
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+2e93e6fb36e6fdc56...@syzkaller.appspotmail.com
Fixes: ea40d7857d52 ("drm/vkms: fbdev emulation support")
divide error: [#1] PREEMPT SMP KASAN
CPU: 0 PID: 5068 Comm: syz-executor357 Not tainted
6.6.0-syzkaller-16039-gac347a0655db #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google
10/09/2023
RIP: 0010:drm_mode_vrefresh drivers/gpu/drm/drm_modes.c:1303 [inline]
RIP: 0010:drm_mode_debug_printmodeline+0x118/0x4e0
drivers/gpu/drm/drm_modes.c:60
Code: 00 41 0f b7 07 66 83 f8 02 b9 01 00 00 00 0f 43 c8 0f b7 c1 0f af e8 44
89 f0 48 69 c8 e8 03 00 00 89 e8 d1 e8 48 01 c8 31 d2 <48> f7 f5 49 89 c6 eb 0c
e8 fb 07 66 fc eb 05 e8 f4 07 66 fc 48 89
RSP: 0018:c9000391f8d0 EFLAGS: 00010246
RAX: 0001f400 RBX: 888025045000 RCX: 0001f400
RDX: RSI: 8000 RDI: 888025045018
RBP: R08: 8528b9af R09:
R10: c9000391f8a0 R11: f52000723f17 R12: 0080
R13: dc00 R14: 0080 R15: 888025045016
FS: 56932380() GS:8880b980() knlGS:
CS: 0010 DS: ES: CR0: 80050033
CR2: 005fdeb8 CR3: 7fcff000 CR4: 003506f0
DR0: DR1: DR2:
DR3: DR6: fffe0ff0 DR7: 0400
Call Trace:
drm_mode_setcrtc+0x83b/0x1880 drivers/gpu/drm/drm_crtc.c:794
drm_ioctl_kernel+0x362/0x500 drivers/gpu/drm/drm_ioctl.c:792
drm_ioctl+0x636/0xb00 drivers/gpu/drm/drm_ioctl.c:895
vfs_ioctl fs/ioctl.c:51 [inline]
__do_sys_ioctl fs/ioctl.c:871 [inline]
__se_sys_ioctl+0xf8/0x170 fs/ioctl.c:857
do_syscall_x64 arch/x86/entry/common.c:51 [inline]
do_syscall_64+0x44/0x110 arch/x86/entry/common.c:82
entry_SYSCALL_64_after_hwframe+0x63/0x6b
RIP: 0033:0x7f6c63dd6729
Code: 48 83 c4 28 c3 e8 37 17 00 00 0f 1f 80 00 00 00 00 48 89 f8 48 89 f7 48
89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01
c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:7ffcde0dd0e8 EFLAGS: 0246 ORIG_RAX: 0010
RAX: ffda RBX: 7ffcde0dd2b8 RCX: 7f6c63dd6729
RDX: 2180 RSI: c06864a2 RDI: 0003
RBP: 7f6c63e49610 R08: f4e6 R09: 7ffcde0dd2b8
R10: 0003 R11: 0246 R12: 0001
R13: 7ffcde0dd2a8 R14: 0001 R15: 0001
Modules linked in:
---[ end trace ]---
RIP: 0010:drm_mode_vrefresh drivers/gpu/drm/drm_modes.c:1303 [inline]
RIP: 0010:drm_mode_debug_printmodeline+0x118/0x4e0
drivers/gpu/drm/drm_modes.c:60
Code: 00 41 0f b7 07 66 83 f8 02 b9 01 00 00 00 0f 43 c8 0f b7 c1 0f af e8 44
89 f0 48 69 c8 e8 03 00 00 89 e8 d1 e8 48 01 c8 31 d2 <48> f7 f5 49 89 c6 eb 0c
e8 fb 07 66 fc eb 05 e8 f4 07 66 fc 48 89
RSP: 0018:c9000391f8d0 EFLAGS: 00010246
RAX: 0001f400 RBX: 888025045000 RCX: 0001f400
RDX: RSI: 8000 RDI: 888025045018
RBP: R08: 8528b9af R09:
R10: c9000391f8a0 R11: f52000723f17 R12: 0080
R13: dc00 R14: 0080 R15: 888025045016
FS: 56932380() GS:8880b990() knlGS:
CS: 0010 DS: ES: CR0: 80050033
CR2: 0064392c CR3: 7fcff000 CR4: 003506f0
DR0: DR1: DR2:
DR3: DR6:
Re: [syzbot] [dri?] kernel BUG in vmf_insert_pfn_prot (2)
syzbot has bisected this issue to:
commit 45d9c8dde4cd8589f9180309ec60f0da2ce486e4
Author: Daniel Vetter
Date: Thu Aug 12 13:14:12 2021 +
drm/vgem: use shmem helpers
bisection log: https://syzkaller.appspot.com/x/bisect.txt?x=126094df68
start commit: d2f51b3516da Merge tag 'rtc-6.7' of git://git.kernel.org/p..
git tree: upstream
final oops: https://syzkaller.appspot.com/x/report.txt?x=116094df68
console output: https://syzkaller.appspot.com/x/log.txt?x=166094df68
kernel config: https://syzkaller.appspot.com/x/.config?x=1ffa1cec3b40f3ce
dashboard link: https://syzkaller.appspot.com/bug?extid=398e17b61dab22cc56bc
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=16344918e8
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=156bb2c0e8
Reported-by: syzbot+398e17b61dab22cc5...@syzkaller.appspotmail.com
Fixes: 45d9c8dde4cd ("drm/vgem: use shmem helpers")
For information about bisection process see: https://goo.gl/tpsmEJ#bisection
Re: [syzbot] [dri?] kernel BUG in vmf_insert_pfn_prot (2)
syzbot has found a reproducer for the following issue on: HEAD commit:d2f51b3516da Merge tag 'rtc-6.7' of git://git.kernel.org/p.. git tree: upstream console+strace: https://syzkaller.appspot.com/x/log.txt?x=1422ebef68 kernel config: https://syzkaller.appspot.com/x/.config?x=1ffa1cec3b40f3ce dashboard link: https://syzkaller.appspot.com/bug?extid=398e17b61dab22cc56bc compiler: gcc (Debian 12.2.0-14) 12.2.0, GNU ld (GNU Binutils for Debian) 2.40 syz repro: https://syzkaller.appspot.com/x/repro.syz?x=16344918e8 C reproducer: https://syzkaller.appspot.com/x/repro.c?x=156bb2c0e8 Downloadable assets: disk image: https://storage.googleapis.com/syzbot-assets/01a7f380fc8d/disk-d2f51b35.raw.xz vmlinux: https://storage.googleapis.com/syzbot-assets/c2fe46c74542/vmlinux-d2f51b35.xz kernel image: https://storage.googleapis.com/syzbot-assets/247d6a0567c5/bzImage-d2f51b35.xz IMPORTANT: if you fix the issue, please add the following tag to the commit: Reported-by: syzbot+398e17b61dab22cc5...@syzkaller.appspotmail.com [ cut here ] kernel BUG at mm/memory.c:2216! invalid opcode: [#1] PREEMPT SMP KASAN CPU: 1 PID: 5067 Comm: syz-executor340 Not tainted 6.6.0-syzkaller-14651-gd2f51b3516da #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/09/2023 RIP: 0010:vmf_insert_pfn_prot+0x247/0x430 mm/memory.c:2216 Code: 0f 0b e8 7c e6 bd ff 49 89 ef bf 20 00 00 00 41 83 e7 28 4c 89 fe e8 f8 e1 bd ff 49 83 ff 20 0f 85 aa fe ff ff e8 59 e6 bd ff <0f> 0b 48 bd ff ff ff ff ff ff 0f 00 e8 48 e6 bd ff 4c 89 f6 48 89 RSP: 0018:c90003bbf758 EFLAGS: 00010293 RAX: RBX: 88802847ec00 RCX: 81cab618 RDX: 888015bd1dc0 RSI: 81cab627 RDI: 0007 RBP: 0c040474 R08: 0007 R09: 0020 R10: 0020 R11: 0009 R12: 20ffd000 R13: 192000777eec R14: 0001e529 R15: 0020 FS: 55e2a480() GS:8880b990() knlGS: CS: 0010 DS: ES: CR0: 80050033 CR2: 20ffd000 CR3: 2aae7000 CR4: 003506f0 DR0: DR1: DR2: DR3: DR6: fffe0ff0 DR7: 0400 Call Trace: drm_gem_shmem_fault+0x207/0x400 drivers/gpu/drm/drm_gem_shmem_helper.c:531 __do_fault+0x107/0x5f0 mm/memory.c:4265 do_read_fault mm/memory.c:4628 [inline] do_fault mm/memory.c:4762 [inline] do_pte_missing mm/memory.c:3730 [inline] handle_pte_fault mm/memory.c:5038 [inline] __handle_mm_fault+0x2682/0x3d60 mm/memory.c:5179 handle_mm_fault+0x478/0xa00 mm/memory.c:5344 do_user_addr_fault+0x3d1/0x1000 arch/x86/mm/fault.c:1413 handle_page_fault arch/x86/mm/fault.c:1505 [inline] exc_page_fault+0x5c/0xd0 arch/x86/mm/fault.c:1561 asm_exc_page_fault+0x26/0x30 arch/x86/include/asm/idtentry.h:570 RIP: 0010:rep_movs_alternative+0x4a/0x70 arch/x86/lib/copy_user_64.S:71 Code: 75 f1 c3 66 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 8b 06 48 89 07 48 83 c6 08 48 83 c7 08 83 e9 08 74 df 83 f9 08 73 e8 eb c9 a4 c3 48 89 c8 48 c1 e9 03 83 e0 07 f3 48 a5 89 c1 85 c9 75 b3 RSP: 0018:c90003bbfb50 EFLAGS: 00050206 RAX: 0001 RBX: 20ffd000 RCX: 1000 RDX: RSI: 20ffd000 RDI: 888018796000 RBP: 1000 R08: 0001 R09: ed10030f2dff R10: 888018796fff R11: R12: 20ffe000 R13: 888018796000 R14: R15: 20ffd000 copy_user_generic arch/x86/include/asm/uaccess_64.h:112 [inline] raw_copy_from_user arch/x86/include/asm/uaccess_64.h:127 [inline] _copy_from_user+0xc2/0xf0 lib/usercopy.c:23 copy_from_user include/linux/uaccess.h:183 [inline] snd_rawmidi_kernel_write1+0x360/0x860 sound/core/rawmidi.c:1618 snd_rawmidi_write+0x26e/0xc00 sound/core/rawmidi.c:1687 vfs_write+0x2a4/0xdf0 fs/read_write.c:582 ksys_write+0x1f0/0x250 fs/read_write.c:637 do_syscall_x64 arch/x86/entry/common.c:51 [inline] do_syscall_64+0x3f/0x110 arch/x86/entry/common.c:82 entry_SYSCALL_64_after_hwframe+0x63/0x6b RIP: 0033:0x7f31add88d69 Code: 48 83 c4 28 c3 e8 37 17 00 00 0f 1f 80 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 RSP: 002b:7ffdd9a49ee8 EFLAGS: 0246 ORIG_RAX: 0001 RAX: ffda RBX: 7ffdd9a49f00 RCX: 7f31add88d69 RDX: fd2c RSI: 2000 RDI: 0004 RBP: 7ffdd9a49f08 R08: R09: R10: 7ffdd9a49f08 R11: 0246 R12: R13: 7ffdd9a4a168 R14: 0001 R15: 0001 Modules linked in: ---[ end trace ]--- RIP: 0010:vmf_insert_pfn_prot+0x247/0x430 mm/memory.c:2216 Code: 0f 0b e8 7c e6 bd ff 49 89 ef bf 20 00 00 00 41 83 e7 28 4c
[syzbot] Monthly dri report (Oct 2023)
Hello dri maintainers/developers, This is a 31-day syzbot report for the dri subsystem. All related reports/information can be found at: https://syzkaller.appspot.com/upstream/s/dri During the period, 1 new issues were detected and 0 were fixed. In total, 15 issues are still open and 30 have been fixed so far. Some of the still happening issues: Ref Crashes Repro Title <1> 375 Yes WARNING in drm_wait_one_vblank https://syzkaller.appspot.com/bug?extid=6f7fe2dbc479dca0ed17 <2> 110 Yes WARNING in vkms_get_vblank_timestamp (2) https://syzkaller.appspot.com/bug?extid=93bd128a383695391534 <3> 78 Yes WARNING in drm_syncobj_array_find https://syzkaller.appspot.com/bug?extid=95416f957d84e858b377 <4> 35 Yes inconsistent lock state in sync_info_debugfs_show https://syzkaller.appspot.com/bug?extid=007bfe0f3330f6e1e7d1 <5> 22 Yes KMSAN: uninit-value in drm_mode_setcrtc https://syzkaller.appspot.com/bug?extid=4fad2e57beb6397ab2fc <6> 4 Yes WARNING in drm_gem_object_handle_put_unlocked https://syzkaller.appspot.com/bug?extid=ef3256a360c02207a4cb <7> 3 Yes kernel BUG in vmf_insert_pfn_prot (2) https://syzkaller.appspot.com/bug?extid=398e17b61dab22cc56bc <8> 2 Yes WARNING in drm_prime_fd_to_handle_ioctl https://syzkaller.appspot.com/bug?extid=0da81ccba2345eeb7f48 --- This report is generated by a bot. It may contain errors. See https://goo.gl/tpsmEJ for more information about syzbot. syzbot engineers can be reached at syzkal...@googlegroups.com. To disable reminders for individual bugs, reply with the following command: #syz set no-reminders To change bug's subsystems, reply with: #syz set subsystems: new-subsystem You may send multiple commands in a single email message.
[syzbot] [dri?] WARNING in drm_prime_fd_to_handle_ioctl
Hello,
syzbot found the following issue on:
HEAD commit:1c8b86a3799f Merge tag 'xsa441-6.6-tag' of git://git.kerne..
git tree: upstream
console+strace: https://syzkaller.appspot.com/x/log.txt?x=13005e3168
kernel config: https://syzkaller.appspot.com/x/.config?x=32d0b9b42ceb8b10
dashboard link: https://syzkaller.appspot.com/bug?extid=0da81ccba2345eeb7f48
compiler: gcc (Debian 12.2.0-14) 12.2.0, GNU ld (GNU Binutils for Debian)
2.40
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=13c4834568
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=101b367968
Downloadable assets:
disk image:
https://storage.googleapis.com/syzbot-assets/45e9377886e9/disk-1c8b86a3.raw.xz
vmlinux:
https://storage.googleapis.com/syzbot-assets/9511a41a6d1e/vmlinux-1c8b86a3.xz
kernel image:
https://storage.googleapis.com/syzbot-assets/fac07e1c3c1a/bzImage-1c8b86a3.xz
The issue was bisected to:
commit 85e26dd5100a182bf8448050427539c0a66ab793
Author: Christian König
Date: Thu Jan 26 09:24:26 2023 +
drm/client: fix circular reference counting issue
bisection log: https://syzkaller.appspot.com/x/bisect.txt?x=14cf17f168
final oops: https://syzkaller.appspot.com/x/report.txt?x=16cf17f168
console output: https://syzkaller.appspot.com/x/log.txt?x=12cf17f168
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+0da81ccba2345eeb7...@syzkaller.appspotmail.com
Fixes: 85e26dd5100a ("drm/client: fix circular reference counting issue")
[ cut here ]
WARNING: CPU: 0 PID: 5040 at drivers/gpu/drm/drm_prime.c:326
drm_gem_prime_fd_to_handle drivers/gpu/drm/drm_prime.c:326 [inline]
WARNING: CPU: 0 PID: 5040 at drivers/gpu/drm/drm_prime.c:326
drm_prime_fd_to_handle_ioctl+0x555/0x600 drivers/gpu/drm/drm_prime.c:374
Modules linked in:
CPU: 0 PID: 5040 Comm: syz-executor405 Not tainted
6.6.0-rc5-syzkaller-00055-g1c8b86a3799f #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google
09/06/2023
RIP: 0010:drm_gem_prime_fd_to_handle drivers/gpu/drm/drm_prime.c:326 [inline]
RIP: 0010:drm_prime_fd_to_handle_ioctl+0x555/0x600
drivers/gpu/drm/drm_prime.c:374
Code: 89 df e8 0e 9b 26 fd f0 48 ff 03 e9 7e fd ff ff e8 b0 dc d0 fc 4c 89 f7
44 89 eb e8 75 73 8b 05 e9 da fe ff ff e8 9b dc d0 fc <0f> 0b e9 5d fd ff ff e8
3f 94 26 fd e9 3a fc ff ff 48 8b 7c 24 08
RSP: 0018:c90003a5fc70 EFLAGS: 00010293
RAX: RBX: 888018f14c00 RCX:
RDX: 88801d691dc0 RSI: 84b6ea15 RDI: 8881476f3928
RBP: 88801fac5400 R08: 0007 R09: f000
R10: 8881476f3800 R11: R12: c90003a5fe10
R13: 8881476f3800 R14: 88801c590c10 R15:
FS: 555d6380() GS:8880b980() knlGS:
CS: 0010 DS: ES: CR0: 80050033
CR2: 555db75f4058 CR3: 72209000 CR4: 00350ef0
Call Trace:
drm_ioctl_kernel+0x280/0x4c0 drivers/gpu/drm/drm_ioctl.c:789
drm_ioctl+0x5cb/0xbf0 drivers/gpu/drm/drm_ioctl.c:892
vfs_ioctl fs/ioctl.c:51 [inline]
__do_sys_ioctl fs/ioctl.c:871 [inline]
__se_sys_ioctl fs/ioctl.c:857 [inline]
__x64_sys_ioctl+0x18f/0x210 fs/ioctl.c:857
do_syscall_x64 arch/x86/entry/common.c:50 [inline]
do_syscall_64+0x38/0xb0 arch/x86/entry/common.c:80
entry_SYSCALL_64_after_hwframe+0x63/0xcd
RIP: 0033:0x7f0c8214be69
Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 c1 17 00 00 90 48 89 f8 48 89 f7 48
89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01
c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:7fff6f4156f8 EFLAGS: 0246 ORIG_RAX: 0010
RAX: ffda RBX: RCX: 7f0c8214be69
RDX: 2000 RSI: c00c642e RDI: 0003
RBP: R08: 00a0 R09: 00a0
R10: 00a0 R11: 0246 R12:
R13: 7f0c821c3820 R14: 7fff6f415720 R15: 7fff6f415710
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzkal...@googlegroups.com.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
For information about bisection process see: https://goo.gl/tpsmEJ#bisection
If the bug is already fixed, let syzbot know by replying with:
#syz fix: exact-commit-title
If you want syzbot to run the reproducer, reply with:
#syz test: git://repo/address.git branch-or-commit-hash
If you attach or paste a git patch, syzbot will apply it before testing.
If you want to overwrite bug's subsystems, reply with:
#syz set subsystems: new-subsystem
(See the list of subsystem names on the web dashboard)
If the bug is a duplicate of another bug, reply with:
#syz dup: exact-subject-of-another-report
If you want to
[syzbot] Monthly dri report (Sep 2023)
Hello dri maintainers/developers, This is a 31-day syzbot report for the dri subsystem. All related reports/information can be found at: https://syzkaller.appspot.com/upstream/s/dri During the period, 3 new issues were detected and 0 were fixed. In total, 14 issues are still open and 30 have been fixed so far. Some of the still happening issues: Ref Crashes Repro Title <1> 361 Yes WARNING in drm_wait_one_vblank https://syzkaller.appspot.com/bug?extid=6f7fe2dbc479dca0ed17 <2> 83 Yes WARNING in vkms_get_vblank_timestamp (2) https://syzkaller.appspot.com/bug?extid=93bd128a383695391534 <3> 43 Yes WARNING in drm_syncobj_array_find https://syzkaller.appspot.com/bug?extid=95416f957d84e858b377 <4> 6 Nolinux-next boot error: WARNING: bad unlock balance in vkms_vblank_simulate https://syzkaller.appspot.com/bug?extid=204dd7e9a83cb8855b63 <5> 5 Yes divide error in drm_mode_vrefresh https://syzkaller.appspot.com/bug?extid=622bba18029bcde672e1 <6> 3 Yes WARNING in drm_gem_object_handle_put_unlocked https://syzkaller.appspot.com/bug?extid=ef3256a360c02207a4cb <7> 2 Yes memory leak in vma_node_allow https://syzkaller.appspot.com/bug?extid=58ea3177ba8bd0a5d8ee --- This report is generated by a bot. It may contain errors. See https://goo.gl/tpsmEJ for more information about syzbot. syzbot engineers can be reached at syzkal...@googlegroups.com. To disable reminders for individual bugs, reply with the following command: #syz set no-reminders To change bug's subsystems, reply with: #syz set subsystems: new-subsystem You may send multiple commands in a single email message.
[syzbot] [dri?] linux-next boot error: WARNING: bad unlock balance in vkms_vblank_simulate
Hello, syzbot found the following issue on: HEAD commit:e143016b56ec Add linux-next specific files for 20230913 git tree: linux-next console output: https://syzkaller.appspot.com/x/log.txt?x=164c5ac7a8 kernel config: https://syzkaller.appspot.com/x/.config?x=76ee1517f109f01a dashboard link: https://syzkaller.appspot.com/bug?extid=204dd7e9a83cb8855b63 compiler: gcc (Debian 12.2.0-14) 12.2.0, GNU ld (GNU Binutils for Debian) 2.40 Downloadable assets: disk image: https://storage.googleapis.com/syzbot-assets/845fe7fc2fee/disk-e143016b.raw.xz vmlinux: https://storage.googleapis.com/syzbot-assets/d74646a84425/vmlinux-e143016b.xz kernel image: https://storage.googleapis.com/syzbot-assets/bfbe2696ea96/bzImage-e143016b.xz IMPORTANT: if you fix the issue, please add the following tag to the commit: Reported-by: syzbot+204dd7e9a83cb8855...@syzkaller.appspotmail.com = WARNING: bad unlock balance detected! 6.6.0-rc1-next-20230913-syzkaller #0 Not tainted - swapper/0/0 is trying to release lock (&vkms_out->enabled_lock) at: [] vkms_vblank_simulate+0x159/0x3d0 drivers/gpu/drm/vkms/vkms_crtc.c:34 but there are no more locks to release! other info that might help us debug this: no locks held by swapper/0/0. stack backtrace: CPU: 0 PID: 0 Comm: swapper/0 Not tainted 6.6.0-rc1-next-20230913-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/04/2023 Call Trace: __dump_stack lib/dump_stack.c:88 [inline] dump_stack_lvl+0xd9/0x1b0 lib/dump_stack.c:106 __lock_release kernel/locking/lockdep.c:5430 [inline] lock_release+0x4b5/0x680 kernel/locking/lockdep.c:5773 __mutex_unlock_slowpath+0xa3/0x640 kernel/locking/mutex.c:907 vkms_vblank_simulate+0x159/0x3d0 drivers/gpu/drm/vkms/vkms_crtc.c:34 __run_hrtimer kernel/time/hrtimer.c:1688 [inline] __hrtimer_run_queues+0x203/0xc10 kernel/time/hrtimer.c:1752 hrtimer_interrupt+0x31b/0x800 kernel/time/hrtimer.c:1814 local_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1063 [inline] __sysvec_apic_timer_interrupt+0x105/0x3f0 arch/x86/kernel/apic/apic.c:1080 sysvec_apic_timer_interrupt+0x8e/0xc0 arch/x86/kernel/apic/apic.c:1074 asm_sysvec_apic_timer_interrupt+0x1a/0x20 arch/x86/include/asm/idtentry.h:645 RIP: 0010:native_irq_disable arch/x86/include/asm/irqflags.h:37 [inline] RIP: 0010:arch_local_irq_disable arch/x86/include/asm/irqflags.h:72 [inline] RIP: 0010:acpi_safe_halt+0x1b/0x20 drivers/acpi/processor_idle.c:113 Code: ed c3 66 66 2e 0f 1f 84 00 00 00 00 00 66 90 65 48 8b 04 25 c0 bc 03 00 48 8b 00 a8 08 75 0c 66 90 0f 00 2d 17 b9 b2 00 fb f4 c3 0f 1f 00 0f b6 47 08 3c 01 74 0b 3c 02 74 05 8b 7f 04 eb 9f RSP: :8c807d70 EFLAGS: 0246 RAX: 4000 RBX: 0001 RCX: 8a41858e RDX: 0001 RSI: 88801368d800 RDI: 88801368d864 RBP: 88801368d864 R08: 0001 R09: ed1017306dbd R10: 8880b9836deb R11: R12: 88801730 R13: 8d661d60 R14: R15: acpi_idle_enter+0xc5/0x160 drivers/acpi/processor_idle.c:707 cpuidle_enter_state+0x82/0x500 drivers/cpuidle/cpuidle.c:267 cpuidle_enter+0x4e/0xa0 drivers/cpuidle/cpuidle.c:388 cpuidle_idle_call kernel/sched/idle.c:215 [inline] do_idle+0x315/0x3f0 kernel/sched/idle.c:282 cpu_startup_entry+0x18/0x20 kernel/sched/idle.c:379 rest_init+0x16f/0x2b0 init/main.c:726 arch_call_rest_init+0x13/0x30 init/main.c:823 start_kernel+0x39f/0x480 init/main.c:1068 x86_64_start_reservations+0x18/0x30 arch/x86/kernel/head64.c:556 x86_64_start_kernel+0xb2/0xc0 arch/x86/kernel/head64.c:537 secondary_startup_64_no_verify+0x166/0x16b Code disassembly (best guess): 0: ed in (%dx),%eax 1: c3 ret 2: 66 66 2e 0f 1f 84 00data16 cs nopw 0x0(%rax,%rax,1) 9: 00 00 00 00 d: 66 90 xchg %ax,%ax f: 65 48 8b 04 25 c0 bcmov%gs:0x3bcc0,%rax 16: 03 00 18: 48 8b 00mov(%rax),%rax 1b: a8 08 test $0x8,%al 1d: 75 0c jne0x2b 1f: 66 90 xchg %ax,%ax 21: 0f 00 2d 17 b9 b2 00verw 0xb2b917(%rip)# 0xb2b93f 28: fb sti 29: f4 hlt * 2a: fa cli <-- trapping instruction 2b: c3 ret 2c: 0f 1f 00nopl (%rax) 2f: 0f b6 47 08 movzbl 0x8(%rdi),%eax 33: 3c 01 cmp$0x1,%al 35: 74 0b je 0x42 37: 3c 02 cmp$0x2,%al 39: 74 05 je 0x40 3b: 8b 7f 04mov0x4(%rdi),%edi 3e: eb 9f jmp0xffdf --- This report is generated by a bot. It may contain errors. See https://goo.gl/tpsmE
[syzbot] [dri?] WARNING in drm_gem_object_handle_put_unlocked
Hello, syzbot found the following issue on: HEAD commit:0bb80ecc33a8 Linux 6.6-rc1 git tree: upstream console+strace: https://syzkaller.appspot.com/x/log.txt?x=1002530c68 kernel config: https://syzkaller.appspot.com/x/.config?x=f4894cf58531f dashboard link: https://syzkaller.appspot.com/bug?extid=ef3256a360c02207a4cb compiler: gcc (Debian 12.2.0-14) 12.2.0, GNU ld (GNU Binutils for Debian) 2.40 syz repro: https://syzkaller.appspot.com/x/repro.syz?x=14a79ca068 C reproducer: https://syzkaller.appspot.com/x/repro.c?x=1690040268 Downloadable assets: disk image: https://storage.googleapis.com/syzbot-assets/eeb0cac260c7/disk-0bb80ecc.raw.xz vmlinux: https://storage.googleapis.com/syzbot-assets/a3c360110254/vmlinux-0bb80ecc.xz kernel image: https://storage.googleapis.com/syzbot-assets/22b81065ba5f/bzImage-0bb80ecc.xz IMPORTANT: if you fix the issue, please add the following tag to the commit: Reported-by: syzbot+ef3256a360c02207a...@syzkaller.appspotmail.com R10: R11: 0246 R12: 7fda971e917c R13: 7fda97153210 R14: 0023647261632f69 R15: 6972642f7665642f [ cut here ] WARNING: CPU: 1 PID: 5043 at drivers/gpu/drm/drm_gem.c:225 drm_gem_object_handle_put_unlocked+0x299/0x390 drivers/gpu/drm/drm_gem.c:225 Modules linked in: CPU: 1 PID: 5043 Comm: syz-executor141 Not tainted 6.6.0-rc1-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/04/2023 RIP: 0010:drm_gem_object_handle_put_unlocked+0x299/0x390 drivers/gpu/drm/drm_gem.c:225 Code: ea 03 0f b6 04 02 84 c0 74 0c 3c 03 7f 08 4c 89 f7 e8 2b 06 2a fd c7 83 20 01 00 00 00 00 00 00 e9 98 fe ff ff e8 57 44 d4 fc <0f> 0b 5b 5d 41 5c 41 5d 41 5e e9 48 44 d4 fc e8 43 44 d4 fc 48 8d RSP: 0018:c90003d5fbb8 EFLAGS: 00010293 RAX: RBX: 888027b61000 RCX: RDX: 888014fcbb80 RSI: 84b38a29 RDI: 0005 RBP: 888027b61004 R08: 0005 R09: R10: R11: 0001 R12: 88801d14 R13: 888027b61008 R14: R15: 888027b61018 FS: 7fda971536c0() GS:8880b990() knlGS: CS: 0010 DS: ES: CR0: 80050033 CR2: 7fda971fe794 CR3: 72975000 CR4: 003506e0 DR0: DR1: DR2: DR3: DR6: fffe0ff0 DR7: 0400 Call Trace: drm_gem_handle_create_tail+0x32f/0x540 drivers/gpu/drm/drm_gem.c:407 drm_gem_shmem_create_with_handle drivers/gpu/drm/drm_gem_shmem_helper.c:417 [inline] drm_gem_shmem_dumb_create+0x21a/0x310 drivers/gpu/drm/drm_gem_shmem_helper.c:505 drm_mode_create_dumb drivers/gpu/drm/drm_dumb_buffers.c:96 [inline] drm_mode_create_dumb_ioctl+0x268/0x2f0 drivers/gpu/drm/drm_dumb_buffers.c:102 drm_ioctl_kernel+0x280/0x4c0 drivers/gpu/drm/drm_ioctl.c:789 drm_ioctl+0x5cb/0xbf0 drivers/gpu/drm/drm_ioctl.c:892 vfs_ioctl fs/ioctl.c:51 [inline] __do_sys_ioctl fs/ioctl.c:871 [inline] __se_sys_ioctl fs/ioctl.c:857 [inline] __x64_sys_ioctl+0x18f/0x210 fs/ioctl.c:857 do_syscall_x64 arch/x86/entry/common.c:50 [inline] do_syscall_64+0x38/0xb0 arch/x86/entry/common.c:80 entry_SYSCALL_64_after_hwframe+0x63/0xcd RIP: 0033:0x7fda971954e9 Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 51 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 RSP: 002b:7fda971531f8 EFLAGS: 0246 ORIG_RAX: 0010 RAX: ffda RBX: 7fda9721c3e8 RCX: 7fda971954e9 RDX: 2080 RSI: c02064b2 RDI: 0003 RBP: 7fda9721c3e0 R08: 7fda97152f96 R09: R10: R11: 0246 R12: 7fda971e917c R13: 7fda97153210 R14: 0023647261632f69 R15: 6972642f7665642f --- This report is generated by a bot. It may contain errors. See https://goo.gl/tpsmEJ for more information about syzbot. syzbot engineers can be reached at syzkal...@googlegroups.com. syzbot will keep track of this issue. See: https://goo.gl/tpsmEJ#status for how to communicate with syzbot. If the bug is already fixed, let syzbot know by replying with: #syz fix: exact-commit-title If you want syzbot to run the reproducer, reply with: #syz test: git://repo/address.git branch-or-commit-hash If you attach or paste a git patch, syzbot will apply it before testing. If you want to overwrite bug's subsystems, reply with: #syz set subsystems: new-subsystem (See the list of subsystem names on the web dashboard) If the bug is a duplicate of another bug, reply with: #syz dup: exact-subject-of-another-report If you want to undo deduplication, reply with: #syz undup
Re: [syzbot] [mm?] kernel BUG in filemap_unaccount_folio
syzbot has bisected this issue to:
commit 5c074eeabbd332b11559f7fc1e89d456f94801fb
Author: Gerd Hoffmann
Date: Wed Nov 14 12:20:29 2018 +
udmabuf: set read/write flag when exporting
bisection log: https://syzkaller.appspot.com/x/bisect.txt?x=12b21bbfa8
start commit: db906f0ca6bb Merge tag 'phy-for-6.6' of git://git.kernel.o..
git tree: upstream
final oops: https://syzkaller.appspot.com/x/report.txt?x=11b21bbfa8
console output: https://syzkaller.appspot.com/x/log.txt?x=16b21bbfa8
kernel config: https://syzkaller.appspot.com/x/.config?x=3bd57a1ac08277b0
dashboard link: https://syzkaller.appspot.com/bug?extid=17a207d226b8a5fb0fd9
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=11609f3868
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=14c1fc0068
Reported-by: syzbot+17a207d226b8a5fb0...@syzkaller.appspotmail.com
Fixes: 5c074eeabbd3 ("udmabuf: set read/write flag when exporting")
For information about bisection process see: https://goo.gl/tpsmEJ#bisection
[syzbot] [dri?] WARNING in drm_syncobj_array_find
Hello, syzbot found the following issue on: HEAD commit:0468be89b3fa Merge tag 'iommu-updates-v6.6' of git://git.k.. git tree: upstream console output: https://syzkaller.appspot.com/x/log.txt?x=13571367a8 kernel config: https://syzkaller.appspot.com/x/.config?x=39744401c57166fc dashboard link: https://syzkaller.appspot.com/bug?extid=95416f957d84e858b377 compiler: gcc (Debian 12.2.0-14) 12.2.0, GNU ld (GNU Binutils for Debian) 2.40 syz repro: https://syzkaller.appspot.com/x/repro.syz?x=111c39a868 C reproducer: https://syzkaller.appspot.com/x/repro.c?x=1267d83fa8 Downloadable assets: disk image (non-bootable): https://storage.googleapis.com/syzbot-assets/7bc7510fe41f/non_bootable_disk-0468be89.raw.xz vmlinux: https://storage.googleapis.com/syzbot-assets/7feba36779de/vmlinux-0468be89.xz kernel image: https://storage.googleapis.com/syzbot-assets/b1cdc0506491/bzImage-0468be89.xz IMPORTANT: if you fix the issue, please add the following tag to the commit: Reported-by: syzbot+95416f957d84e858b...@syzkaller.appspotmail.com [ cut here ] WARNING: CPU: 2 PID: 5141 at mm/page_alloc.c:4415 __alloc_pages+0x3ab/0x4a0 mm/page_alloc.c:4415 Modules linked in: CPU: 2 PID: 5141 Comm: syz-executor127 Not tainted 6.5.0-syzkaller-10885-g0468be89b3fa #0 Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014 RIP: 0010:__alloc_pages+0x3ab/0x4a0 mm/page_alloc.c:4415 Code: ff ff 00 0f 84 2f fe ff ff 80 ce 01 e9 27 fe ff ff 83 fe 0a 0f 86 3a fd ff ff 80 3d c9 37 e6 0c 00 75 09 c6 05 c0 37 e6 0c 01 <0f> 0b 45 31 f6 e9 97 fe ff ff e8 b6 10 9e ff 84 c0 0f 85 8a fe ff RSP: 0018:c900030b7a18 EFLAGS: 00010246 RAX: RBX: 00040cc0 RCX: RDX: RSI: 0016 RDI: 00040cc0 RBP: 192000616f44 R08: 0005 R09: R10: ff1f R11: R12: 0016 R13: R14: 84b4e215 R15: 888013722000 FS: 555a4380() GS:88806b80() knlGS: CS: 0010 DS: ES: CR0: 80050033 CR2: 21c0 CR3: 2accd000 CR4: 00350ee0 DR0: DR1: DR2: DR3: DR6: fffe0ff0 DR7: 0400 Call Trace: __alloc_pages_node include/linux/gfp.h:237 [inline] alloc_pages_node include/linux/gfp.h:260 [inline] __kmalloc_large_node+0x87/0x1c0 mm/slab_common.c:1164 __do_kmalloc_node mm/slab_common.c:1011 [inline] __kmalloc.cold+0xb/0xe0 mm/slab_common.c:1036 kmalloc_array include/linux/slab.h:636 [inline] drm_syncobj_array_find+0x35/0x3c0 drivers/gpu/drm/drm_syncobj.c:1246 drm_syncobj_timeline_signal_ioctl+0x21f/0x860 drivers/gpu/drm/drm_syncobj.c:1533 drm_ioctl_kernel+0x280/0x4c0 drivers/gpu/drm/drm_ioctl.c:789 drm_ioctl+0x5cb/0xbf0 drivers/gpu/drm/drm_ioctl.c:892 vfs_ioctl fs/ioctl.c:51 [inline] __do_sys_ioctl fs/ioctl.c:871 [inline] __se_sys_ioctl fs/ioctl.c:857 [inline] __x64_sys_ioctl+0x18f/0x210 fs/ioctl.c:857 do_syscall_x64 arch/x86/entry/common.c:50 [inline] do_syscall_64+0x38/0xb0 arch/x86/entry/common.c:80 entry_SYSCALL_64_after_hwframe+0x63/0xcd RIP: 0033:0x7ff62d53f129 Code: 48 83 c4 28 c3 e8 37 17 00 00 0f 1f 80 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 RSP: 002b:7ffe7c669ea8 EFLAGS: 0246 ORIG_RAX: 0010 RAX: ffda RBX: 7ffe7c66a078 RCX: 7ff62d53f129 RDX: 2500 RSI: c01864cd RDI: 0003 RBP: 7ff62d5b2610 R08: 0023647261632f69 R09: 7ffe7c66a078 R10: 001f R11: 0246 R12: 0001 R13: 7ffe7c66a068 R14: 0001 R15: 0001 --- This report is generated by a bot. It may contain errors. See https://goo.gl/tpsmEJ for more information about syzbot. syzbot engineers can be reached at syzkal...@googlegroups.com. syzbot will keep track of this issue. See: https://goo.gl/tpsmEJ#status for how to communicate with syzbot. If the bug is already fixed, let syzbot know by replying with: #syz fix: exact-commit-title If you want syzbot to run the reproducer, reply with: #syz test: git://repo/address.git branch-or-commit-hash If you attach or paste a git patch, syzbot will apply it before testing. If you want to overwrite bug's subsystems, reply with: #syz set subsystems: new-subsystem (See the list of subsystem names on the web dashboard) If the bug is a duplicate of another bug, reply with: #syz dup: exact-subject-of-another-report If you want to undo deduplication, reply with: #syz undup
[syzbot] Monthly dri report (Aug 2023)
Hello dri maintainers/developers, This is a 31-day syzbot report for the dri subsystem. All related reports/information can be found at: https://syzkaller.appspot.com/upstream/s/dri During the period, 3 new issues were detected and 0 were fixed. In total, 11 issues are still open and 30 have been fixed so far. Some of the still happening issues: Ref Crashes Repro Title <1> 345 Yes WARNING in drm_wait_one_vblank https://syzkaller.appspot.com/bug?extid=6f7fe2dbc479dca0ed17 <2> 62 Yes WARNING in vkms_get_vblank_timestamp (2) https://syzkaller.appspot.com/bug?extid=93bd128a383695391534 <3> 33 Yes inconsistent lock state in sync_info_debugfs_show https://syzkaller.appspot.com/bug?extid=007bfe0f3330f6e1e7d1 <4> 4 Yes divide error in drm_mode_vrefresh https://syzkaller.appspot.com/bug?extid=622bba18029bcde672e1 --- This report is generated by a bot. It may contain errors. See https://goo.gl/tpsmEJ for more information about syzbot. syzbot engineers can be reached at syzkal...@googlegroups.com. To disable reminders for individual bugs, reply with the following command: #syz set no-reminders To change bug's subsystems, reply with: #syz set subsystems: new-subsystem You may send multiple commands in a single email message.
[syzbot] [dri?] [reiserfs?] WARNING: bad unlock balance in vkms_vblank_simulate
Hello, syzbot found the following issue on: HEAD commit:71cd4fc492ec Add linux-next specific files for 20230808 git tree: linux-next console+strace: https://syzkaller.appspot.com/x/log.txt?x=11faa1eda8 kernel config: https://syzkaller.appspot.com/x/.config?x=e36b5ba725f7349d dashboard link: https://syzkaller.appspot.com/bug?extid=5671b8bcd5178fe56c23 compiler: gcc (Debian 12.2.0-14) 12.2.0, GNU ld (GNU Binutils for Debian) 2.40 syz repro: https://syzkaller.appspot.com/x/repro.syz?x=17a54d0ba8 C reproducer: https://syzkaller.appspot.com/x/repro.c?x=13e2281ba8 Downloadable assets: disk image: https://storage.googleapis.com/syzbot-assets/5ea26a69f422/disk-71cd4fc4.raw.xz vmlinux: https://storage.googleapis.com/syzbot-assets/c4a6b00863bf/vmlinux-71cd4fc4.xz kernel image: https://storage.googleapis.com/syzbot-assets/888c2025ec30/bzImage-71cd4fc4.xz mounted in repro: https://storage.googleapis.com/syzbot-assets/3620b064e309/mount_0.gz IMPORTANT: if you fix the issue, please add the following tag to the commit: Reported-by: syzbot+5671b8bcd5178fe56...@syzkaller.appspotmail.com = WARNING: bad unlock balance detected! 6.5.0-rc5-next-20230808-syzkaller #0 Not tainted - swapper/0/0 is trying to release lock (&vkms_out->enabled_lock) at: [] vkms_vblank_simulate+0x159/0x3d0 drivers/gpu/drm/vkms/vkms_crtc.c:34 but there are no more locks to release! other info that might help us debug this: no locks held by swapper/0/0. stack backtrace: CPU: 0 PID: 0 Comm: swapper/0 Not tainted 6.5.0-rc5-next-20230808-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/26/2023 Call Trace: __dump_stack lib/dump_stack.c:88 [inline] dump_stack_lvl+0xd9/0x1b0 lib/dump_stack.c:106 __lock_release kernel/locking/lockdep.c:5438 [inline] lock_release+0x4b5/0x680 kernel/locking/lockdep.c:5781 __mutex_unlock_slowpath+0xa3/0x640 kernel/locking/mutex.c:907 vkms_vblank_simulate+0x159/0x3d0 drivers/gpu/drm/vkms/vkms_crtc.c:34 __run_hrtimer kernel/time/hrtimer.c:1688 [inline] __hrtimer_run_queues+0x203/0xc10 kernel/time/hrtimer.c:1752 hrtimer_interrupt+0x31b/0x800 kernel/time/hrtimer.c:1814 local_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1098 [inline] __sysvec_apic_timer_interrupt+0x14a/0x430 arch/x86/kernel/apic/apic.c:1115 sysvec_apic_timer_interrupt+0x8e/0xc0 arch/x86/kernel/apic/apic.c:1109 asm_sysvec_apic_timer_interrupt+0x1a/0x20 arch/x86/include/asm/idtentry.h:645 RIP: 0010:native_irq_disable arch/x86/include/asm/irqflags.h:37 [inline] RIP: 0010:arch_local_irq_disable arch/x86/include/asm/irqflags.h:72 [inline] RIP: 0010:acpi_safe_halt+0x1b/0x20 drivers/acpi/processor_idle.c:113 Code: ed c3 66 66 2e 0f 1f 84 00 00 00 00 00 66 90 65 48 8b 04 25 c0 bc 03 00 48 8b 00 a8 08 75 0c 66 90 0f 00 2d 57 9d 99 00 fb f4 c3 0f 1f 00 0f b6 47 08 3c 01 74 0b 3c 02 74 05 8b 7f 04 eb 9f RSP: :8c607d70 EFLAGS: 0246 RAX: 4000 RBX: 0001 RCX: 8a3a232e RDX: 0001 RSI: 888144e77800 RDI: 888144e77864 RBP: 888144e77864 R08: 0001 R09: ed1017306dbd R10: 8880b9836deb R11: R12: 888141ed8000 R13: 8d45c680 R14: R15: acpi_idle_enter+0xc5/0x160 drivers/acpi/processor_idle.c:707 cpuidle_enter_state+0x82/0x500 drivers/cpuidle/cpuidle.c:267 cpuidle_enter+0x4e/0xa0 drivers/cpuidle/cpuidle.c:388 cpuidle_idle_call kernel/sched/idle.c:215 [inline] do_idle+0x315/0x3f0 kernel/sched/idle.c:282 cpu_startup_entry+0x18/0x20 kernel/sched/idle.c:379 rest_init+0x16f/0x2b0 init/main.c:726 arch_call_rest_init+0x13/0x30 init/main.c:823 start_kernel+0x39f/0x480 init/main.c:1068 x86_64_start_reservations+0x18/0x30 arch/x86/kernel/head64.c:556 x86_64_start_kernel+0xb2/0xc0 arch/x86/kernel/head64.c:537 secondary_startup_64_no_verify+0x167/0x16b Code disassembly (best guess): 0: ed in (%dx),%eax 1: c3 ret 2: 66 66 2e 0f 1f 84 00data16 cs nopw 0x0(%rax,%rax,1) 9: 00 00 00 00 d: 66 90 xchg %ax,%ax f: 65 48 8b 04 25 c0 bcmov%gs:0x3bcc0,%rax 16: 03 00 18: 48 8b 00mov(%rax),%rax 1b: a8 08 test $0x8,%al 1d: 75 0c jne0x2b 1f: 66 90 xchg %ax,%ax 21: 0f 00 2d 57 9d 99 00verw 0x999d57(%rip)# 0x999d7f 28: fb sti 29: f4 hlt * 2a: fa cli <-- trapping instruction 2b: c3 ret 2c: 0f 1f 00nopl (%rax) 2f: 0f b6 47 08 movzbl 0x8(%rdi),%eax 33: 3c 01 cmp$0x1,%al 35: 74 0b je 0x42 37: 3c 02 cmp$0x2,%al 3
[syzbot] [virt?] [dri?] upstream boot error: INFO: task hung in drm_atomic_get_plane_state
Hello, syzbot found the following issue on: HEAD commit:f837f0a3c948 Merge tag 'arm64-fixes' of git://git.kernel.o.. git tree: upstream console output: https://syzkaller.appspot.com/x/log.txt?x=13c9adbea8 kernel config: https://syzkaller.appspot.com/x/.config?x=d98efd5949c43d64 dashboard link: https://syzkaller.appspot.com/bug?extid=f0f99b966af80ec818db compiler: gcc (Debian 12.2.0-14) 12.2.0, GNU ld (GNU Binutils for Debian) 2.40 Downloadable assets: disk image (non-bootable): https://storage.googleapis.com/syzbot-assets/7bc7510fe41f/non_bootable_disk-f837f0a3.raw.xz vmlinux: https://storage.googleapis.com/syzbot-assets/eafb76f00a9a/vmlinux-f837f0a3.xz kernel image: https://storage.googleapis.com/syzbot-assets/e48f89fd580f/bzImage-f837f0a3.xz IMPORTANT: if you fix the issue, please add the following tag to the commit: Reported-by: syzbot+f0f99b966af80ec81...@syzkaller.appspotmail.com INFO: task swapper/0:1 blocked for more than 143 seconds. Not tainted 6.5.0-rc3-syzkaller-00225-gf837f0a3c948 #0 "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. task:swapper/0 state:D stack:22144 pid:1 ppid:0 flags:0x4000 Call Trace: context_switch kernel/sched/core.c:5381 [inline] __schedule+0xee1/0x59f0 kernel/sched/core.c:6710 schedule+0xe7/0x1b0 kernel/sched/core.c:6786 schedule_preempt_disabled+0x13/0x20 kernel/sched/core.c:6845 __mutex_lock_common kernel/locking/mutex.c:679 [inline] __ww_mutex_lock.constprop.0+0x133b/0x2f50 kernel/locking/mutex.c:754 ww_mutex_lock+0x37/0x140 kernel/locking/mutex.c:871 modeset_lock+0x482/0x6b0 drivers/gpu/drm/drm_modeset_lock.c:314 drm_modeset_lock drivers/gpu/drm/drm_modeset_lock.c:396 [inline] drm_modeset_lock+0x59/0x90 drivers/gpu/drm/drm_modeset_lock.c:392 drm_atomic_get_plane_state+0x199/0x580 drivers/gpu/drm/drm_atomic.c:544 drm_client_modeset_commit_atomic+0x246/0x810 drivers/gpu/drm/drm_client_modeset.c:1003 drm_client_modeset_commit_locked+0x14d/0x570 drivers/gpu/drm/drm_client_modeset.c:1154 pan_display_atomic drivers/gpu/drm/drm_fb_helper.c:1370 [inline] drm_fb_helper_pan_display+0x2a5/0x990 drivers/gpu/drm/drm_fb_helper.c:1430 fb_pan_display+0x477/0x7c0 drivers/video/fbdev/core/fbmem.c:819 bit_update_start+0x49/0x1f0 drivers/video/fbdev/core/bitblit.c:390 fbcon_switch+0xbb1/0x12e0 drivers/video/fbdev/core/fbcon.c:2167 redraw_screen+0x2bd/0x750 drivers/tty/vt/vt.c:970 con2fb_init_display drivers/video/fbdev/core/fbcon.c:805 [inline] set_con2fb_map+0x793/0x1050 drivers/video/fbdev/core/fbcon.c:864 do_fb_registered drivers/video/fbdev/core/fbcon.c:3004 [inline] fbcon_fb_registered+0x21d/0x660 drivers/video/fbdev/core/fbcon.c:3020 do_register_framebuffer drivers/video/fbdev/core/fbmem.c:1497 [inline] register_framebuffer+0x530/0x940 drivers/video/fbdev/core/fbmem.c:1571 __drm_fb_helper_initial_config_and_unlock+0xd7c/0x1600 drivers/gpu/drm/drm_fb_helper.c:1871 drm_fb_helper_initial_config drivers/gpu/drm/drm_fb_helper.c:1936 [inline] drm_fb_helper_initial_config+0x44/0x60 drivers/gpu/drm/drm_fb_helper.c:1928 drm_fbdev_generic_client_hotplug+0x1a7/0x270 drivers/gpu/drm/drm_fbdev_generic.c:280 drm_client_register+0x195/0x280 drivers/gpu/drm/drm_client.c:149 drm_fbdev_generic_setup+0x11c/0x330 drivers/gpu/drm/drm_fbdev_generic.c:342 virtio_gpu_probe+0x1be/0x3b0 drivers/gpu/drm/virtio/virtgpu_drv.c:105 virtio_dev_probe+0x56c/0x870 drivers/virtio/virtio.c:305 call_driver_probe drivers/base/dd.c:579 [inline] really_probe+0x234/0xc90 drivers/base/dd.c:658 __driver_probe_device+0x1de/0x4b0 drivers/base/dd.c:798 driver_probe_device+0x4c/0x1a0 drivers/base/dd.c:828 __driver_attach+0x274/0x570 drivers/base/dd.c:1214 bus_for_each_dev+0x13c/0x1d0 drivers/base/bus.c:368 bus_add_driver+0x2e9/0x630 drivers/base/bus.c:673 driver_register+0x15c/0x4a0 drivers/base/driver.c:246 do_one_initcall+0x117/0x630 init/main.c:1232 do_initcall_level init/main.c:1294 [inline] do_initcalls init/main.c:1310 [inline] do_basic_setup init/main.c:1329 [inline] kernel_init_freeable+0x5bd/0x8f0 init/main.c:1546 kernel_init+0x1c/0x2a0 init/main.c:1437 ret_from_fork+0x2c/0x70 arch/x86/kernel/process.c:145 ret_from_fork_asm+0x11/0x20 arch/x86/entry/entry_64.S:296 RIP: :0x0 Code: Unable to access opcode bytes at 0xffd6. RSP: : EFLAGS: ORIG_RAX: RAX: RBX: RCX: RDX: RSI: RDI: RBP: R08: R09: R10: R11: R12: R13: R14: R15: INFO: task kworker/0:1:8 blocked for more than 143 seconds. Not tainted 6.5.0-rc3-syzkaller-00225-gf837f0a3c948 #0 "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. task:kworker/0:1
[syzbot] Monthly dri report (Jul 2023)
Hello dri maintainers/developers, This is a 31-day syzbot report for the dri subsystem. All related reports/information can be found at: https://syzkaller.appspot.com/upstream/s/dri During the period, 1 new issues were detected and 0 were fixed. In total, 8 issues are still open and 30 have been fixed so far. Some of the still happening issues: Ref Crashes Repro Title <1> 322 Yes WARNING in drm_wait_one_vblank https://syzkaller.appspot.com/bug?extid=6f7fe2dbc479dca0ed17 <2> 36 Yes WARNING in vkms_get_vblank_timestamp (2) https://syzkaller.appspot.com/bug?extid=93bd128a383695391534 <3> 33 Yes inconsistent lock state in sync_info_debugfs_show https://syzkaller.appspot.com/bug?extid=007bfe0f3330f6e1e7d1 <4> 1 Yes memory leak in vma_node_allow https://syzkaller.appspot.com/bug?extid=58ea3177ba8bd0a5d8ee --- This report is generated by a bot. It may contain errors. See https://goo.gl/tpsmEJ for more information about syzbot. syzbot engineers can be reached at syzkal...@googlegroups.com. To disable reminders for individual bugs, reply with the following command: #syz set no-reminders To change bug's subsystems, reply with: #syz set subsystems: new-subsystem You may send multiple commands in a single email message.
Re: [syzbot] [dri?] WARNING in vkms_get_vblank_timestamp (2)
syzbot has found a reproducer for the following issue on: HEAD commit:e40939bbfc68 Merge branch 'for-next/core' into for-kernelci git tree: git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci console output: https://syzkaller.appspot.com/x/log.txt?x=12abeba2a8 kernel config: https://syzkaller.appspot.com/x/.config?x=c4a2640e4213bc2f dashboard link: https://syzkaller.appspot.com/bug?extid=93bd128a383695391534 compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 userspace arch: arm64 syz repro: https://syzkaller.appspot.com/x/repro.syz?x=107c6d56a8 Downloadable assets: disk image: https://storage.googleapis.com/syzbot-assets/9d87aa312c0e/disk-e40939bb.raw.xz vmlinux: https://storage.googleapis.com/syzbot-assets/22a11d32a8b2/vmlinux-e40939bb.xz kernel image: https://storage.googleapis.com/syzbot-assets/0978b5788b52/Image-e40939bb.gz.xz IMPORTANT: if you fix the issue, please add the following tag to the commit: Reported-by: syzbot+93bd128a383695391...@syzkaller.appspotmail.com [ cut here ] WARNING: CPU: 1 PID: 25438 at drivers/gpu/drm/vkms/vkms_crtc.c:103 vkms_get_vblank_timestamp+0x1a4/0x1d4 drivers/gpu/drm/vkms/vkms_crtc.c:103 Modules linked in: CPU: 1 PID: 25438 Comm: syz-executor.4 Not tainted 6.4.0-rc7-syzkaller-ge40939bbfc68 #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/03/2023 pstate: 8045 (Nzcv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--) pc : vkms_get_vblank_timestamp+0x1a4/0x1d4 drivers/gpu/drm/vkms/vkms_crtc.c:103 lr : vkms_get_vblank_timestamp+0x1a4/0x1d4 drivers/gpu/drm/vkms/vkms_crtc.c:103 sp : 800097a271f0 x29: 800097a271f0 x28: c612f080 x27: x26: 100012f44e4c x25: 100012f44e70 x24: x23: cb948000 x22: dfff8000 x21: 00df48e233a8 x20: 00df48e233a8 x19: 800097a27380 x18: 800097a27d28 x17: x16: 80008a395170 x15: x14: 100011bde0ac x13: x12: 80009a3d9000 x11: x10: x9 : x8 : d881b780 x7 : x6 : 80009a3d9000 x5 : d08378e8 x4 : d08378a8 x3 : x2 : 800097a27380 x1 : 00df48e233a8 x0 : 00df48e233a8 Call trace: vkms_get_vblank_timestamp+0x1a4/0x1d4 drivers/gpu/drm/vkms/vkms_crtc.c:103 drm_crtc_get_last_vbltimestamp drivers/gpu/drm/drm_vblank.c:877 [inline] drm_crtc_next_vblank_start+0x1d4/0x3e0 drivers/gpu/drm/drm_vblank.c:1012 set_fence_deadline drivers/gpu/drm/drm_atomic_helper.c:1537 [inline] drm_atomic_helper_wait_for_fences+0x200/0x7c4 drivers/gpu/drm/drm_atomic_helper.c:1584 drm_atomic_helper_commit+0x500/0x94c drivers/gpu/drm/drm_atomic_helper.c:2013 drm_atomic_commit+0x24c/0x2a0 drivers/gpu/drm/drm_atomic.c:1503 drm_client_modeset_commit_atomic+0x5a4/0x730 drivers/gpu/drm/drm_client_modeset.c:1045 drm_client_modeset_commit_locked+0xd0/0x4a8 drivers/gpu/drm/drm_client_modeset.c:1148 drm_client_modeset_commit+0x50/0x7c drivers/gpu/drm/drm_client_modeset.c:1174 __drm_fb_helper_restore_fbdev_mode_unlocked drivers/gpu/drm/drm_fb_helper.c:251 [inline] drm_fb_helper_restore_fbdev_mode_unlocked drivers/gpu/drm/drm_fb_helper.c:278 [inline] drm_fb_helper_lastclose+0xc0/0x160 drivers/gpu/drm/drm_fb_helper.c:2363 drm_fbdev_generic_client_restore+0x3c/0x50 drivers/gpu/drm/drm_fbdev_generic.c:260 drm_client_dev_restore+0x12c/0x24c drivers/gpu/drm/drm_client.c:236 drm_lastclose drivers/gpu/drm/drm_file.c:462 [inline] drm_release+0x500/0x608 drivers/gpu/drm/drm_file.c:493 __fput+0x30c/0x7bc fs/file_table.c:321 fput+0x20/0x30 fs/file_table.c:349 task_work_run+0x230/0x2e0 kernel/task_work.c:179 resume_user_mode_work include/linux/resume_user_mode.h:49 [inline] do_notify_resume+0x2180/0x3c90 arch/arm64/kernel/signal.c:1305 exit_to_user_mode_prepare arch/arm64/kernel/entry-common.c:137 [inline] exit_to_user_mode arch/arm64/kernel/entry-common.c:144 [inline] el0_svc+0x94/0x160 arch/arm64/kernel/entry-common.c:648 el0t_64_sync_handler+0x84/0xfc arch/arm64/kernel/entry-common.c:665 el0t_64_sync+0x190/0x194 arch/arm64/kernel/entry.S:591 irq event stamp: 2010 hardirqs last enabled at (2009): [] __exit_to_kernel_mode arch/arm64/kernel/entry-common.c:84 [inline] hardirqs last enabled at (2009): [] exit_to_kernel_mode+0xdc/0x10c arch/arm64/kernel/entry-common.c:94 hardirqs last disabled at (2010): [] el1_dbg+0x24/0x80 arch/arm64/kernel/entry-common.c:407 softirqs last enabled at (1920): [] local_bh_enable+0x10/0x34 include/linux/bottom_half.h:32 softirqs last disabled at (1918): [] local_bh_disable+0x10/0x34 include/linux/bottom_half.h:19 ---[ end trace ]--- --- If you want syzbot to run the reproducer, reply with: #syz test: git://repo/address.git branch-or-commit-hash If you attach or paste a git patch, syzbot will apply it before testing.
Re: [syzbot] [dri?] KMSAN: uninit-value in drm_mode_setcrtc
Hello, syzbot has tested the proposed patch and the reproducer did not trigger any issue: Reported-and-tested-by: syzbot+4fad2e57beb6397ab...@syzkaller.appspotmail.com Tested on: commit: d1d7f15c DO-NOT-SUBMIT: kmsan: add the kmsan_exceed_ma.. git tree: https://github.com/google/kmsan.git master console output: https://syzkaller.appspot.com/x/log.txt?x=101d3fdaa8 kernel config: https://syzkaller.appspot.com/x/.config?x=36e4a2f8150fbc62 dashboard link: https://syzkaller.appspot.com/bug?extid=4fad2e57beb6397ab2fc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 patch: https://syzkaller.appspot.com/x/patch.diff?x=15430342a8 Note: testing is done by a robot and is best-effort only.
[syzbot] [dri?] KASAN: slab-use-after-free Read in drm_atomic_helper_wait_for_vblanks
Hello, syzbot found the following issue on: HEAD commit:03275585cabd afs: Fix accidental truncation when storing d.. git tree: upstream console output: https://syzkaller.appspot.com/x/log.txt?x=16db258ca8 kernel config: https://syzkaller.appspot.com/x/.config?x=d576750da57ebbb5 dashboard link: https://syzkaller.appspot.com/bug?extid=380dcf72caf0b5ef5537 compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2 userspace arch: i386 Unfortunately, I don't have any reproducer for this issue yet. Downloadable assets: disk image (non-bootable): https://storage.googleapis.com/syzbot-assets/7bc7510fe41f/non_bootable_disk-03275585.raw.xz vmlinux: https://storage.googleapis.com/syzbot-assets/6d035553cd50/vmlinux-03275585.xz kernel image: https://storage.googleapis.com/syzbot-assets/2fd7f855c25e/bzImage-03275585.xz IMPORTANT: if you fix the issue, please add the following tag to the commit: Reported-by: syzbot+380dcf72caf0b5ef5...@syzkaller.appspotmail.com BUG: KASAN: slab-use-after-free in drm_atomic_helper_wait_for_vblanks.part.0+0x77a/0x860 drivers/gpu/drm/drm_atomic_helper.c:1650 Read of size 1 at addr 888023f61009 by task kworker/u17:6/4248 CPU: 3 PID: 4248 Comm: kworker/u17:6 Not tainted 6.4.0-syzkaller-11472-g03275585cabd #0 Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.14.0-2 04/01/2014 Workqueue: events_unbound commit_work Call Trace: __dump_stack lib/dump_stack.c:88 [inline] dump_stack_lvl+0xd9/0x150 lib/dump_stack.c:106 print_address_description.constprop.0+0x2c/0x3c0 mm/kasan/report.c:364 print_report mm/kasan/report.c:475 [inline] kasan_report+0x11d/0x130 mm/kasan/report.c:588 drm_atomic_helper_wait_for_vblanks.part.0+0x77a/0x860 drivers/gpu/drm/drm_atomic_helper.c:1650 drm_atomic_helper_wait_for_vblanks drivers/gpu/drm/drm_atomic_helper.c:1646 [inline] drm_atomic_helper_commit_tail+0xc7/0xf0 drivers/gpu/drm/drm_atomic_helper.c:1746 commit_tail+0x32d/0x420 drivers/gpu/drm/drm_atomic_helper.c:1823 process_one_work+0xa34/0x16f0 kernel/workqueue.c:2597 worker_thread+0x67d/0x10c0 kernel/workqueue.c:2748 kthread+0x344/0x440 kernel/kthread.c:389 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:308 Allocated by task 28853: kasan_save_stack+0x22/0x40 mm/kasan/common.c:45 kasan_set_track+0x25/0x30 mm/kasan/common.c:52 kasan_kmalloc mm/kasan/common.c:374 [inline] kasan_kmalloc mm/kasan/common.c:333 [inline] __kasan_kmalloc+0xa2/0xb0 mm/kasan/common.c:383 kmalloc include/linux/slab.h:579 [inline] drm_atomic_helper_crtc_duplicate_state+0x6f/0xc0 drivers/gpu/drm/drm_atomic_state_helper.c:177 drm_simple_kms_crtc_duplicate_state+0x8b/0xb0 drivers/gpu/drm/drm_simple_kms_helper.c:166 drm_atomic_get_crtc_state+0x179/0x470 drivers/gpu/drm/drm_atomic.c:353 page_flip_common+0x57/0x310 drivers/gpu/drm/drm_atomic_helper.c:3589 drm_atomic_helper_page_flip+0xb8/0x190 drivers/gpu/drm/drm_atomic_helper.c:3650 drm_mode_page_flip_ioctl+0xf20/0x12a0 drivers/gpu/drm/drm_plane.c:1373 drm_ioctl_kernel+0x281/0x4e0 drivers/gpu/drm/drm_ioctl.c:788 drm_ioctl+0x577/0xb30 drivers/gpu/drm/drm_ioctl.c:891 drm_compat_ioctl+0x375/0x4b0 drivers/gpu/drm/drm_ioc32.c:988 __do_compat_sys_ioctl+0x25b/0x2b0 fs/ioctl.c:968 do_syscall_32_irqs_on arch/x86/entry/common.c:112 [inline] __do_fast_syscall_32+0x65/0xf0 arch/x86/entry/common.c:178 do_fast_syscall_32+0x33/0x70 arch/x86/entry/common.c:203 entry_SYSENTER_compat_after_hwframe+0x70/0x82 Freed by task 28850: kasan_save_stack+0x22/0x40 mm/kasan/common.c:45 kasan_set_track+0x25/0x30 mm/kasan/common.c:52 kasan_save_free_info+0x2b/0x40 mm/kasan/generic.c:521 kasan_slab_free mm/kasan/common.c:236 [inline] kasan_slab_free+0x160/0x1c0 mm/kasan/common.c:200 kasan_slab_free include/linux/kasan.h:162 [inline] slab_free_hook mm/slub.c:1792 [inline] slab_free_freelist_hook+0x8b/0x1c0 mm/slub.c:1818 slab_free mm/slub.c:3801 [inline] __kmem_cache_free+0xb8/0x2d0 mm/slub.c:3814 drm_simple_kms_crtc_destroy_state+0x8c/0xb0 drivers/gpu/drm/drm_simple_kms_helper.c:177 drm_atomic_state_default_clear+0x3a7/0xdd0 drivers/gpu/drm/drm_atomic.c:219 drm_atomic_state_clear drivers/gpu/drm/drm_atomic.c:288 [inline] __drm_atomic_state_free+0x176/0x2b0 drivers/gpu/drm/drm_atomic.c:304 kref_put include/linux/kref.h:65 [inline] drm_atomic_state_put include/drm/drm_atomic.h:490 [inline] drm_client_modeset_commit_atomic+0x6b0/0x7e0 drivers/gpu/drm/drm_client_modeset.c:1051 drm_client_modeset_commit_locked+0x149/0x580 drivers/gpu/drm/drm_client_modeset.c:1148 drm_client_modeset_commit+0x51/0x80 drivers/gpu/drm/drm_client_modeset.c:1174 __drm_fb_helper_restore_fbdev_mode_unlocked drivers/gpu/drm/drm_fb_helper.c:251 [inline] __drm_fb_helper_restore_fbdev_mode_unlocked drivers/gpu/drm/drm_fb_helper.c:230 [inline] drm_fb_helper_restore_fbdev_mode_unlocked drivers/gpu/drm/drm_fb_helper.c:278 [inline] drm_fb_helper_lastclose+0xc5/0x170 drivers/gpu/drm/drm_fb_hel
Re: [syzbot] [dri?] divide error in drm_mode_vrefresh
Hello, syzbot has tested the proposed patch and the reproducer did not trigger any issue: Reported-and-tested-by: syzbot+622bba18029bcde67...@syzkaller.appspotmail.com Tested on: commit: 1c7873e3 mm: lock newly mapped VMA with corrected orde.. git tree: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git master console output: https://syzkaller.appspot.com/x/log.txt?x=101196d2a8 kernel config: https://syzkaller.appspot.com/x/.config?x=8f6b0c7ae2c9c303 dashboard link: https://syzkaller.appspot.com/bug?extid=622bba18029bcde672e1 compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2 patch: https://syzkaller.appspot.com/x/patch.diff?x=10e44354a8 Note: testing is done by a robot and is best-effort only.
[syzbot] Monthly dri report (Jun 2023)
Hello dri maintainers/developers, This is a 31-day syzbot report for the dri subsystem. All related reports/information can be found at: https://syzkaller.appspot.com/upstream/s/dri During the period, 3 new issues were detected and 0 were fixed. In total, 7 issues are still open and 30 have been fixed so far. Some of the still happening issues: Ref Crashes Repro Title <1> 297 Yes WARNING in drm_wait_one_vblank https://syzkaller.appspot.com/bug?extid=6f7fe2dbc479dca0ed17 <2> 32 Yes inconsistent lock state in sync_info_debugfs_show https://syzkaller.appspot.com/bug?extid=007bfe0f3330f6e1e7d1 <3> 16 NoWARNING in vkms_get_vblank_timestamp (2) https://syzkaller.appspot.com/bug?extid=93bd128a383695391534 <4> 2 Yes divide error in drm_mode_vrefresh https://syzkaller.appspot.com/bug?extid=622bba18029bcde672e1 --- This report is generated by a bot. It may contain errors. See https://goo.gl/tpsmEJ for more information about syzbot. syzbot engineers can be reached at syzkal...@googlegroups.com. To disable reminders for individual bugs, reply with the following command: #syz set no-reminders To change bug's subsystems, reply with: #syz set subsystems: new-subsystem You may send multiple commands in a single email message.
[syzbot] [dri?] divide error in drm_mode_vrefresh
Hello,
syzbot found the following issue on:
HEAD commit:1639fae5132b Merge tag 'drm-fixes-2023-06-17' of git://ano..
git tree: upstream
console+strace: https://syzkaller.appspot.com/x/log.txt?x=153ae86b28
kernel config: https://syzkaller.appspot.com/x/.config?x=ac246111fb601aec
dashboard link: https://syzkaller.appspot.com/bug?extid=622bba18029bcde672e1
compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for
Debian) 2.35.2
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=12fcd51728
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=15de513728
Downloadable assets:
disk image:
https://storage.googleapis.com/syzbot-assets/ddaf9fb256b7/disk-1639fae5.raw.xz
vmlinux:
https://storage.googleapis.com/syzbot-assets/82b7be81b931/vmlinux-1639fae5.xz
kernel image:
https://storage.googleapis.com/syzbot-assets/926a973a103a/bzImage-1639fae5.xz
The issue was bisected to:
commit 565b4824c39fa335cba2028a09d7beb7112f3c9a
Author: Jiri Pirko
Date: Mon Feb 6 09:41:51 2023 +
devlink: change port event netdev notifier from per-net to global
bisection log: https://syzkaller.appspot.com/x/bisect.txt?x=1010a33728
final oops: https://syzkaller.appspot.com/x/report.txt?x=1210a33728
console output: https://syzkaller.appspot.com/x/log.txt?x=1410a33728
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+622bba18029bcde67...@syzkaller.appspotmail.com
Fixes: 565b4824c39f ("devlink: change port event netdev notifier from per-net
to global")
divide error: [#1] PREEMPT SMP KASAN
CPU: 1 PID: 5003 Comm: syz-executor375 Not tainted
6.4.0-rc6-syzkaller-00242-g1639fae5132b #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google
05/27/2023
RIP: 0010:drm_mode_vrefresh+0x19d/0x1f0 drivers/gpu/drm/drm_modes.c:1303
Code: e8 58 3c e3 fc 66 83 fb 01 76 09 e8 4d 40 e3 fc 44 0f af e3 e8 44 40 e3
fc 48 69 ed e8 03 00 00 44 89 e0 31 d2 d1 e8 48 01 e8 <49> f7 f4 49 89 c4 eb 03
45 31 e4 e8 23 40 e3 fc 44 89 e0 5b 5d 41
RSP: 0018:c90003bdfa00 EFLAGS: 00010206
RAX: 0001f400 RBX: 0400 RCX:
RDX: RSI: 84a1069c RDI: 0003
RBP: 0001f400 R08: 0003 R09: 0001
R10: 0400 R11: 81d6ebf5 R12:
R13: R14: R15: 0008
FS: 561e3300() GS:8880b990() knlGS:
CS: 0010 DS: ES: CR0: 80050033
CR2: 005fdeb8 CR3: 7b315000 CR4: 003506e0
DR0: DR1: DR2:
DR3: DR6: fffe0ff0 DR7: 0400
Call Trace:
drm_mode_debug_printmodeline+0x22c/0x2f0 drivers/gpu/drm/drm_modes.c:60
drm_mode_setcrtc+0x116b/0x1650 drivers/gpu/drm/drm_crtc.c:794
drm_ioctl_kernel+0x281/0x4e0 drivers/gpu/drm/drm_ioctl.c:788
drm_ioctl+0x577/0xb30 drivers/gpu/drm/drm_ioctl.c:891
vfs_ioctl fs/ioctl.c:51 [inline]
__do_sys_ioctl fs/ioctl.c:870 [inline]
__se_sys_ioctl fs/ioctl.c:856 [inline]
__x64_sys_ioctl+0x197/0x210 fs/ioctl.c:856
do_syscall_x64 arch/x86/entry/common.c:50 [inline]
do_syscall_64+0x39/0xb0 arch/x86/entry/common.c:80
entry_SYSCALL_64_after_hwframe+0x63/0xcd
RIP: 0033:0x7fca321fac59
Code: 28 c3 e8 2a 14 00 00 66 2e 0f 1f 84 00 00 00 00 00 48 89 f8 48 89 f7 48
89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01
c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
RSP: 002b:7fff9cb913d8 EFLAGS: 0246 ORIG_RAX: 0010
RAX: ffda RBX: RCX: 7fca321fac59
RDX: 2180 RSI: c06864a2 RDI: 0003
RBP: 7fca321ba4d0 R08: f4e6 R09:
R10: 0003 R11: 0246 R12: 7fca321ba560
R13: R14: R15:
Modules linked in:
---[ end trace ]---
RIP: 0010:drm_mode_vrefresh+0x19d/0x1f0 drivers/gpu/drm/drm_modes.c:1303
Code: e8 58 3c e3 fc 66 83 fb 01 76 09 e8 4d 40 e3 fc 44 0f af e3 e8 44 40 e3
fc 48 69 ed e8 03 00 00 44 89 e0 31 d2 d1 e8 48 01 e8 <49> f7 f4 49 89 c4 eb 03
45 31 e4 e8 23 40 e3 fc 44 89 e0 5b 5d 41
RSP: 0018:c90003bdfa00 EFLAGS: 00010206
RAX: 0001f400 RBX: 0400 RCX:
RDX: RSI: 84a1069c RDI: 0003
RBP: 0001f400 R08: 0003 R09: 0001
R10: 0400 R11: 81d6ebf5 R12:
R13: R14: R15: 0008
FS: 561e3300() GS:8880b990() knlGS:
CS: 0010 DS: ES: CR0: 80050033
CR2: 005fdeb8 CR3: 7b315000 CR4: 003506e0
DR0: DR1: DR2:
DR3:
[syzbot] [dri?] KMSAN: uninit-value in drm_mode_setcrtc
Hello, syzbot found the following issue on: HEAD commit:2741f1b02117 string: use __builtin_memcpy() in strlcpy/str.. git tree: https://github.com/google/kmsan.git master console+strace: https://syzkaller.appspot.com/x/log.txt?x=17bb33d128 kernel config: https://syzkaller.appspot.com/x/.config?x=753079601b2300f9 dashboard link: https://syzkaller.appspot.com/bug?extid=4fad2e57beb6397ab2fc compiler: Debian clang version 15.0.7, GNU ld (GNU Binutils for Debian) 2.35.2 syz repro: https://syzkaller.appspot.com/x/repro.syz?x=16d669a528 C reproducer: https://syzkaller.appspot.com/x/repro.c?x=14d8f09528 Downloadable assets: disk image: https://storage.googleapis.com/syzbot-assets/ebd05512d8d7/disk-2741f1b0.raw.xz vmlinux: https://storage.googleapis.com/syzbot-assets/aa555b09582c/vmlinux-2741f1b0.xz kernel image: https://storage.googleapis.com/syzbot-assets/5ea0934e02cc/bzImage-2741f1b0.xz IMPORTANT: if you fix the issue, please add the following tag to the commit: Reported-by: syzbot+4fad2e57beb6397ab...@syzkaller.appspotmail.com = BUG: KMSAN: uninit-value in drm_mode_setcrtc+0x1ad3/0x24a0 drivers/gpu/drm/drm_crtc.c:896 drm_mode_setcrtc+0x1ad3/0x24a0 drivers/gpu/drm/drm_crtc.c:896 drm_ioctl_kernel+0x5ae/0x730 drivers/gpu/drm/drm_ioctl.c:788 drm_ioctl+0xd12/0x1590 drivers/gpu/drm/drm_ioctl.c:891 vfs_ioctl fs/ioctl.c:51 [inline] __do_sys_ioctl fs/ioctl.c:870 [inline] __se_sys_ioctl+0x222/0x400 fs/ioctl.c:856 __x64_sys_ioctl+0x96/0xe0 fs/ioctl.c:856 do_syscall_x64 arch/x86/entry/common.c:50 [inline] do_syscall_64+0x41/0xc0 arch/x86/entry/common.c:80 entry_SYSCALL_64_after_hwframe+0x63/0xcd Uninit was created at: slab_post_alloc_hook+0x12d/0xb60 mm/slab.h:716 slab_alloc_node mm/slub.c:3451 [inline] __kmem_cache_alloc_node+0x4ff/0x8b0 mm/slub.c:3490 __do_kmalloc_node mm/slab_common.c:965 [inline] __kmalloc+0x121/0x3c0 mm/slab_common.c:979 kmalloc_array include/linux/slab.h:596 [inline] drm_mode_setcrtc+0x1dba/0x24a0 drivers/gpu/drm/drm_crtc.c:846 drm_ioctl_kernel+0x5ae/0x730 drivers/gpu/drm/drm_ioctl.c:788 drm_ioctl+0xd12/0x1590 drivers/gpu/drm/drm_ioctl.c:891 vfs_ioctl fs/ioctl.c:51 [inline] __do_sys_ioctl fs/ioctl.c:870 [inline] __se_sys_ioctl+0x222/0x400 fs/ioctl.c:856 __x64_sys_ioctl+0x96/0xe0 fs/ioctl.c:856 do_syscall_x64 arch/x86/entry/common.c:50 [inline] do_syscall_64+0x41/0xc0 arch/x86/entry/common.c:80 entry_SYSCALL_64_after_hwframe+0x63/0xcd CPU: 1 PID: 4955 Comm: syz-executor275 Not tainted 6.4.0-rc4-syzkaller-g2741f1b02117 #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/25/2023 = --- This report is generated by a bot. It may contain errors. See https://goo.gl/tpsmEJ for more information about syzbot. syzbot engineers can be reached at syzkal...@googlegroups.com. syzbot will keep track of this issue. See: https://goo.gl/tpsmEJ#status for how to communicate with syzbot. If the bug is already fixed, let syzbot know by replying with: #syz fix: exact-commit-title If you want syzbot to run the reproducer, reply with: #syz test: git://repo/address.git branch-or-commit-hash If you attach or paste a git patch, syzbot will apply it before testing. If you want to change bug's subsystems, reply with: #syz set subsystems: new-subsystem (See the list of subsystem names on the web dashboard) If the bug is a duplicate of another bug, reply with: #syz dup: exact-subject-of-another-report If you want to undo deduplication, reply with: #syz undup
Re: [syzbot] kernel BUG in vmf_insert_pfn_prot
syzbot suspects this issue was fixed by commit: commit a5b44c4adb1699661d22e5152fb26885f30a2e4c Author: Thomas Zimmermann Date: Mon Mar 20 15:07:44 2023 + drm/fbdev-generic: Always use shadow buffering bisection log: https://syzkaller.appspot.com/x/bisect.txt?x=1025ee0728 start commit: 0326074ff465 Merge tag 'net-next-6.1' of git://git.kernel... git tree: upstream kernel config: https://syzkaller.appspot.com/x/.config?x=d323d85b1f8a4ed7 dashboard link: https://syzkaller.appspot.com/bug?extid=2d4f8693f438d2bd4bdb syz repro: https://syzkaller.appspot.com/x/repro.syz?x=14fd118288 C reproducer: https://syzkaller.appspot.com/x/repro.c?x=1756751488 If the result looks correct, please mark the issue as fixed by replying with: #syz fix: drm/fbdev-generic: Always use shadow buffering For information about bisection process see: https://goo.gl/tpsmEJ#bisection
[syzbot] [dri?] WARNING in vkms_get_vblank_timestamp (2)
Hello, syzbot found the following issue on: HEAD commit:022ce8862dff Merge tag 'i2c-for-6.4-rc6' of git://git.kern.. git tree: upstream console output: https://syzkaller.appspot.com/x/log.txt?x=1048185328 kernel config: https://syzkaller.appspot.com/x/.config?x=3c980bfe8b399968 dashboard link: https://syzkaller.appspot.com/bug?extid=93bd128a383695391534 compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2 Unfortunately, I don't have any reproducer for this issue yet. Downloadable assets: disk image: https://storage.googleapis.com/syzbot-assets/e269ece6e54d/disk-022ce886.raw.xz vmlinux: https://storage.googleapis.com/syzbot-assets/0cf01bd0/vmlinux-022ce886.xz kernel image: https://storage.googleapis.com/syzbot-assets/07fc105d62a4/bzImage-022ce886.xz IMPORTANT: if you fix the issue, please add the following tag to the commit: Reported-by: syzbot+93bd128a383695391...@syzkaller.appspotmail.com [ cut here ] WARNING: CPU: 0 PID: 2682 at drivers/gpu/drm/vkms/vkms_crtc.c:103 vkms_get_vblank_timestamp+0x1cf/0x240 drivers/gpu/drm/vkms/vkms_crtc.c:103 Modules linked in: CPU: 0 PID: 2682 Comm: syz-executor.0 Not tainted 6.4.0-rc5-syzkaller-00305-g022ce8862dff #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/25/2023 RIP: 0010:vkms_get_vblank_timestamp+0x1cf/0x240 drivers/gpu/drm/vkms/vkms_crtc.c:103 Code: 8d 70 fc e8 f3 97 60 fc 4c 89 e1 48 ba 00 00 00 00 00 fc ff df 48 c1 e9 03 80 3c 11 00 75 65 49 89 04 24 eb c4 e8 c1 8d 70 fc <0f> 0b eb bb e8 58 57 c3 fc e9 de fe ff ff e8 8e 57 c3 fc e9 78 fe RSP: 0018:c90015a47268 EFLAGS: 00010212 RAX: 3abb RBX: 02914d969319 RCX: c90003d42000 RDX: 0004 RSI: 8513b91f RDI: 0006 RBP: 88801e794000 R08: 0006 R09: 02914d969319 R10: 02914d969319 R11: R12: c90015a473d0 R13: 02914d969319 R14: 4e20 R15: 8513b750 FS: 7f166b7c6700() GS:8880b980() knlGS: CS: 0010 DS: ES: CR0: 80050033 CR2: 7fd002c54fc0 CR3: 7a976000 CR4: 003506f0 DR0: DR1: DR2: DR3: DR6: fffe0ff0 DR7: 0400 Call Trace: drm_crtc_get_last_vbltimestamp+0x102/0x1a0 drivers/gpu/drm/drm_vblank.c:877 drm_crtc_next_vblank_start+0x186/0x300 drivers/gpu/drm/drm_vblank.c:1012 set_fence_deadline drivers/gpu/drm/drm_atomic_helper.c:1537 [inline] drm_atomic_helper_wait_for_fences+0x1f3/0x840 drivers/gpu/drm/drm_atomic_helper.c:1584 drm_atomic_helper_commit drivers/gpu/drm/drm_atomic_helper.c:2013 [inline] drm_atomic_helper_commit+0x1bd/0x370 drivers/gpu/drm/drm_atomic_helper.c:1985 drm_atomic_commit+0x20a/0x300 drivers/gpu/drm/drm_atomic.c:1503 drm_client_modeset_commit_atomic+0x69b/0x7e0 drivers/gpu/drm/drm_client_modeset.c:1045 drm_client_modeset_commit_locked+0x149/0x580 drivers/gpu/drm/drm_client_modeset.c:1148 pan_display_atomic drivers/gpu/drm/drm_fb_helper.c:1728 [inline] drm_fb_helper_pan_display+0x28f/0x970 drivers/gpu/drm/drm_fb_helper.c:1788 fb_pan_display+0x2fb/0x6c0 drivers/video/fbdev/core/fbmem.c:924 bit_update_start+0x49/0x1f0 drivers/video/fbdev/core/bitblit.c:390 fbcon_switch+0xbcf/0x1380 drivers/video/fbdev/core/fbcon.c:2169 redraw_screen+0x2bd/0x740 drivers/tty/vt/vt.c:970 vc_do_resize+0xee5/0x1180 drivers/tty/vt/vt.c:1292 fbcon_modechanged+0x32d/0x620 drivers/video/fbdev/core/fbcon.c:2693 fbcon_update_vcs+0x3e/0x50 drivers/video/fbdev/core/fbcon.c:2749 do_fb_ioctl+0x6e2/0x750 drivers/video/fbdev/core/fbmem.c:1127 fb_ioctl+0xeb/0x150 drivers/video/fbdev/core/fbmem.c:1204 vfs_ioctl fs/ioctl.c:51 [inline] __do_sys_ioctl fs/ioctl.c:870 [inline] __se_sys_ioctl fs/ioctl.c:856 [inline] __x64_sys_ioctl+0x197/0x210 fs/ioctl.c:856 do_syscall_x64 arch/x86/entry/common.c:50 [inline] do_syscall_64+0x39/0xb0 arch/x86/entry/common.c:80 entry_SYSCALL_64_after_hwframe+0x63/0xcd RIP: 0033:0x7f166aa8c169 Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 f1 19 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 RSP: 002b:7f166b7c6168 EFLAGS: 0246 ORIG_RAX: 0010 RAX: ffda RBX: 7f166ababf80 RCX: 7f166aa8c169 RDX: 2040 RSI: 4601 RDI: 0005 RBP: 7f166aae7ca1 R08: R09: R10: R11: 0246 R12: R13: 7f166accfb1f R14: 7f166b7c6300 R15: 00022000 --- This report is generated by a bot. It may contain errors. See https://goo.gl/tpsmEJ for more information about syzbot. syzbot engineers can be reached at syzkal...@googlegroups.com. syzbot will keep track of this issue. See: https://goo.gl/tpsmEJ#status for how
Re: [syzbot] [fbdev?] general protection fault in soft_cursor
Hello, syzbot has tested the proposed patch and the reproducer did not trigger any issue: Reported-and-tested-by: syzbot+d910bd780e6efac35...@syzkaller.appspotmail.com Tested on: commit: 9ee79acc fbcon: Prevent softcursor if no font set git tree: https://github.com/hdeller/linux.git console output: https://syzkaller.appspot.com/x/log.txt?x=136dee6d28 kernel config: https://syzkaller.appspot.com/x/.config?x=8860074b9a9d6c45 dashboard link: https://syzkaller.appspot.com/bug?extid=d910bd780e6efac35869 compiler: Debian clang version 15.0.7, GNU ld (GNU Binutils for Debian) 2.35.2 userspace arch: arm64 Note: no patches were applied. Note: testing is done by a robot and is best-effort only.
[syzbot] [fbdev?] general protection fault in soft_cursor
Hello, syzbot found the following issue on: HEAD commit:eb0f1697d729 Merge branch 'for-next/core', remote-tracking.. git tree: git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci console output: https://syzkaller.appspot.com/x/log.txt?x=10e08bde28 kernel config: https://syzkaller.appspot.com/x/.config?x=8860074b9a9d6c45 dashboard link: https://syzkaller.appspot.com/bug?extid=d910bd780e6efac35869 compiler: Debian clang version 15.0.7, GNU ld (GNU Binutils for Debian) 2.35.2 userspace arch: arm64 syz repro: https://syzkaller.appspot.com/x/repro.syz?x=103d17a928 C reproducer: https://syzkaller.appspot.com/x/repro.c?x=1151bb1928 Downloadable assets: disk image: https://storage.googleapis.com/syzbot-assets/034232da7cff/disk-eb0f1697.raw.xz vmlinux: https://storage.googleapis.com/syzbot-assets/b11411bec33e/vmlinux-eb0f1697.xz kernel image: https://storage.googleapis.com/syzbot-assets/a53c52e170dd/Image-eb0f1697.gz.xz IMPORTANT: if you fix the issue, please add the following tag to the commit: Reported-by: syzbot+d910bd780e6efac35...@syzkaller.appspotmail.com == BUG: KASAN: null-ptr-deref in soft_cursor+0x384/0x6b4 drivers/video/fbdev/core/softcursor.c:70 Read of size 16 at addr 0200 by task kworker/u4:1/12 CPU: 0 PID: 12 Comm: kworker/u4:1 Not tainted 6.4.0-rc3-syzkaller-geb0f1697d729 #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/28/2023 Workqueue: events_power_efficient fb_flashcursor Call trace: dump_backtrace+0x1b8/0x1e4 arch/arm64/kernel/stacktrace.c:233 show_stack+0x2c/0x44 arch/arm64/kernel/stacktrace.c:240 __dump_stack lib/dump_stack.c:88 [inline] dump_stack_lvl+0xd0/0x124 lib/dump_stack.c:106 print_report+0xe4/0x514 mm/kasan/report.c:465 kasan_report+0xd4/0x130 mm/kasan/report.c:572 kasan_check_range+0x264/0x2a4 mm/kasan/generic.c:187 __asan_memcpy+0x3c/0x84 mm/kasan/shadow.c:105 soft_cursor+0x384/0x6b4 drivers/video/fbdev/core/softcursor.c:70 bit_cursor+0x113c/0x1a64 drivers/video/fbdev/core/bitblit.c:377 fb_flashcursor+0x35c/0x54c drivers/video/fbdev/core/fbcon.c:380 process_one_work+0x788/0x12d4 kernel/workqueue.c:2405 worker_thread+0x8e0/0xfe8 kernel/workqueue.c:2552 kthread+0x288/0x310 kernel/kthread.c:379 ret_from_fork+0x10/0x20 arch/arm64/kernel/entry.S:853 == --- This report is generated by a bot. It may contain errors. See https://goo.gl/tpsmEJ for more information about syzbot. syzbot engineers can be reached at syzkal...@googlegroups.com. syzbot will keep track of this issue. See: https://goo.gl/tpsmEJ#status for how to communicate with syzbot. If the bug is already fixed, let syzbot know by replying with: #syz fix: exact-commit-title If you want syzbot to run the reproducer, reply with: #syz test: git://repo/address.git branch-or-commit-hash If you attach or paste a git patch, syzbot will apply it before testing. If you want to change bug's subsystems, reply with: #syz set subsystems: new-subsystem (See the list of subsystem names on the web dashboard) If the bug is a duplicate of another bug, reply with: #syz dup: exact-subject-of-another-report If you want to undo deduplication, reply with: #syz undup
[syzbot] [fbdev?] memory leak in fbcon_set_font (3)
Hello, syzbot found the following issue on: HEAD commit:0dd2a6fb1e34 Merge tag 'tty-6.4-rc3' of git://git.kernel.o.. git tree: upstream console output: https://syzkaller.appspot.com/x/log.txt?x=12f1564128 kernel config: https://syzkaller.appspot.com/x/.config?x=8944c5b480b57ee6 dashboard link: https://syzkaller.appspot.com/bug?extid=6fda7f092994bd03fad1 compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2 syz repro: https://syzkaller.appspot.com/x/repro.syz?x=17c2cf0928 C reproducer: https://syzkaller.appspot.com/x/repro.c?x=1632581928 Downloadable assets: disk image: https://storage.googleapis.com/syzbot-assets/2961112b4460/disk-0dd2a6fb.raw.xz vmlinux: https://storage.googleapis.com/syzbot-assets/8ef8e1887351/vmlinux-0dd2a6fb.xz kernel image: https://storage.googleapis.com/syzbot-assets/4a1c984d6f73/bzImage-0dd2a6fb.xz IMPORTANT: if you fix the issue, please add the following tag to the commit: Reported-by: syzbot+6fda7f092994bd03f...@syzkaller.appspotmail.com BUG: memory leak unreferenced object 0x88810eb6 (size 26640): comm "syz-executor100", pid 4988, jiffies 4294944215 (age 14.910s) hex dump (first 32 bytes): 03 cc 4b ef 00 00 00 00 00 68 00 00 01 00 00 00 ..K..h.. 0d e4 73 70 56 3e d4 50 e7 4f ba 9e e1 5c c0 c3 ..spV>.P.O...\.. backtrace: [] __do_kmalloc_node mm/slab_common.c:954 [inline] [] __kmalloc+0xb7/0x120 mm/slab_common.c:979 [] kmalloc include/linux/slab.h:563 [inline] [] fbcon_set_font+0x1ed/0x4a0 drivers/video/fbdev/core/fbcon.c:2502 [] con_font_set drivers/tty/vt/vt.c:4626 [inline] [] con_font_op+0x5ae/0x730 drivers/tty/vt/vt.c:4673 [] vt_k_ioctl drivers/tty/vt/vt_ioctl.c:474 [inline] [] vt_ioctl+0x468/0x1d90 drivers/tty/vt/vt_ioctl.c:752 [] tty_ioctl+0x4c1/0xd00 drivers/tty/tty_io.c:2777 [] vfs_ioctl fs/ioctl.c:51 [inline] [] __do_sys_ioctl fs/ioctl.c:870 [inline] [] __se_sys_ioctl fs/ioctl.c:856 [inline] [] __x64_sys_ioctl+0x100/0x140 fs/ioctl.c:856 [] do_syscall_x64 arch/x86/entry/common.c:50 [inline] [] do_syscall_64+0x39/0xb0 arch/x86/entry/common.c:80 [] entry_SYSCALL_64_after_hwframe+0x63/0xcd --- This report is generated by a bot. It may contain errors. See https://goo.gl/tpsmEJ for more information about syzbot. syzbot engineers can be reached at syzkal...@googlegroups.com. syzbot will keep track of this issue. See: https://goo.gl/tpsmEJ#status for how to communicate with syzbot. If the bug is already fixed, let syzbot know by replying with: #syz fix: exact-commit-title If you want syzbot to run the reproducer, reply with: #syz test: git://repo/address.git branch-or-commit-hash If you attach or paste a git patch, syzbot will apply it before testing. If you want to change bug's subsystems, reply with: #syz set subsystems: new-subsystem (See the list of subsystem names on the web dashboard) If the bug is a duplicate of another bug, reply with: #syz dup: exact-subject-of-another-report If you want to undo deduplication, reply with: #syz undup
[syzbot] Monthly dri report (May 2023)
Hello dri maintainers/developers, This is a 31-day syzbot report for the dri subsystem. All related reports/information can be found at: https://syzkaller.appspot.com/upstream/s/dri During the period, 0 new issues were detected and 0 were fixed. In total, 4 issues are still open and 30 have been fixed so far. Some of the still happening issues: Ref Crashes Repro Title <1> 278 Yes WARNING in drm_wait_one_vblank https://syzkaller.appspot.com/bug?extid=6f7fe2dbc479dca0ed17 <2> 32 Yes inconsistent lock state in sync_info_debugfs_show https://syzkaller.appspot.com/bug?extid=007bfe0f3330f6e1e7d1 <3> 1 Yes memory leak in vma_node_allow https://syzkaller.appspot.com/bug?extid=58ea3177ba8bd0a5d8ee --- This report is generated by a bot. It may contain errors. See https://goo.gl/tpsmEJ for more information about syzbot. syzbot engineers can be reached at syzkal...@googlegroups.com. To disable reminders for individual bugs, reply with the following command: #syz set no-reminders To change bug's subsystems, reply with: #syz set subsystems: new-subsystem You may send multiple commands in a single email message.
Re: [syzbot] [fbdev?] [usb?] WARNING in dlfb_submit_urb/usb_submit_urb (2)
Hello, syzbot has tested the proposed patch and the reproducer did not trigger any issue: Reported-and-tested-by: syzbot+0e22d63dcebb802b9...@syzkaller.appspotmail.com Tested on: commit: a4422ff2 usb: typec: qcom: Add Qualcomm PMIC Type-C dr.. git tree: https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git console output: https://syzkaller.appspot.com/x/log.txt?x=10b6b9a628 kernel config: https://syzkaller.appspot.com/x/.config?x=2414a945e4542ec1 dashboard link: https://syzkaller.appspot.com/bug?extid=0e22d63dcebb802b9bc8 compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2 patch: https://syzkaller.appspot.com/x/patch.diff?x=1374e5a628 Note: testing is done by a robot and is best-effort only.
Re: [syzbot] [fbdev?] [usb?] WARNING in dlfb_submit_urb/usb_submit_urb (2)
Hello, syzbot tried to test the proposed patch but the build/boot failed: failed to apply patch: checking file drivers/usb/core/urb.c patch: unexpected end of file in patch Tested on: commit: a4422ff2 usb: typec: qcom: Add Qualcomm PMIC Type-C dr.. git tree: https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing dashboard link: https://syzkaller.appspot.com/bug?extid=0e22d63dcebb802b9bc8 compiler: patch: https://syzkaller.appspot.com/x/patch.diff?x=1524090e28
[syzbot] [fbdev?] [usb?] WARNING in dlfb_submit_urb/usb_submit_urb (2)
Hello, syzbot found the following issue on: HEAD commit:a4422ff22142 usb: typec: qcom: Add Qualcomm PMIC Type-C dr.. git tree: https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing console output: https://syzkaller.appspot.com/x/log.txt?x=1524556628 kernel config: https://syzkaller.appspot.com/x/.config?x=2414a945e4542ec1 dashboard link: https://syzkaller.appspot.com/bug?extid=0e22d63dcebb802b9bc8 compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2 syz repro: https://syzkaller.appspot.com/x/repro.syz?x=1720fd3a28 C reproducer: https://syzkaller.appspot.com/x/repro.c?x=171a73ea28 Downloadable assets: disk image: https://storage.googleapis.com/syzbot-assets/414817142fb7/disk-a4422ff2.raw.xz vmlinux: https://storage.googleapis.com/syzbot-assets/448dba0d344e/vmlinux-a4422ff2.xz kernel image: https://storage.googleapis.com/syzbot-assets/d0ad9fe848e2/bzImage-a4422ff2.xz IMPORTANT: if you fix the issue, please add the following tag to the commit: Reported-by: syzbot+0e22d63dcebb802b9...@syzkaller.appspotmail.com usb 1-1: Read EDID byte 0 failed: -71 usb 1-1: Unable to get valid EDID from device/display [ cut here ] usb 1-1: BOGUS urb xfer, pipe 3 != type 1 WARNING: CPU: 0 PID: 9 at drivers/usb/core/urb.c:504 usb_submit_urb+0xed6/0x1880 drivers/usb/core/urb.c:504 Modules linked in: CPU: 0 PID: 9 Comm: kworker/0:1 Not tainted 6.4.0-rc1-syzkaller-00016-ga4422ff22142 #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/28/2023 Workqueue: usb_hub_wq hub_event RIP: 0010:usb_submit_urb+0xed6/0x1880 drivers/usb/core/urb.c:504 Code: 7c 24 18 e8 7c dc 5a fd 48 8b 7c 24 18 e8 42 ca 0b ff 41 89 d8 44 89 e1 4c 89 ea 48 89 c6 48 c7 c7 60 34 cc 86 e8 0a fa 25 fd <0f> 0b e9 58 f8 ff ff e8 4e dc 5a fd 48 81 c5 b8 05 00 00 e9 84 f7 RSP: 0018:c909ed48 EFLAGS: 00010282 RAX: RBX: 0001 RCX: RDX: 88810365 RSI: 81163677 RDI: 0001 RBP: 88810cb32940 R08: 0001 R09: R10: 0001 R11: 0001 R12: 0003 R13: 88810cf426b8 R14: 0003 R15: 888104272100 FS: () GS:8881f660() knlGS: CS: 0010 DS: ES: CR0: 80050033 CR2: 562147be3b70 CR3: 00011038 CR4: 003506f0 DR0: DR1: DR2: DR3: DR6: fffe0ff0 DR7: 0400 Call Trace: dlfb_submit_urb+0x92/0x180 drivers/video/fbdev/udlfb.c:1980 dlfb_set_video_mode+0x21f0/0x2950 drivers/video/fbdev/udlfb.c:315 dlfb_ops_set_par+0x2a7/0x8d0 drivers/video/fbdev/udlfb.c: dlfb_usb_probe+0x149a/0x2710 drivers/video/fbdev/udlfb.c:1743 usb_probe_interface+0x30f/0x960 drivers/usb/core/driver.c:396 call_driver_probe drivers/base/dd.c:579 [inline] really_probe+0x240/0xca0 drivers/base/dd.c:658 __driver_probe_device+0x1df/0x4b0 drivers/base/dd.c:800 driver_probe_device+0x4c/0x1a0 drivers/base/dd.c:830 __device_attach_driver+0x1d4/0x2e0 drivers/base/dd.c:958 bus_for_each_drv+0x149/0x1d0 drivers/base/bus.c:457 __device_attach+0x1e4/0x4b0 drivers/base/dd.c:1030 bus_probe_device+0x17c/0x1c0 drivers/base/bus.c:532 device_add+0x112d/0x1a40 drivers/base/core.c:3625 usb_set_configuration+0x1196/0x1bc0 drivers/usb/core/message.c:2211 usb_generic_driver_probe+0xcf/0x130 drivers/usb/core/generic.c:238 usb_probe_device+0xd8/0x2c0 drivers/usb/core/driver.c:293 call_driver_probe drivers/base/dd.c:579 [inline] really_probe+0x240/0xca0 drivers/base/dd.c:658 __driver_probe_device+0x1df/0x4b0 drivers/base/dd.c:800 driver_probe_device+0x4c/0x1a0 drivers/base/dd.c:830 __device_attach_driver+0x1d4/0x2e0 drivers/base/dd.c:958 bus_for_each_drv+0x149/0x1d0 drivers/base/bus.c:457 __device_attach+0x1e4/0x4b0 drivers/base/dd.c:1030 bus_probe_device+0x17c/0x1c0 drivers/base/bus.c:532 device_add+0x112d/0x1a40 drivers/base/core.c:3625 usb_new_device+0xcb2/0x19d0 drivers/usb/core/hub.c:2575 hub_port_connect drivers/usb/core/hub.c:5407 [inline] hub_port_connect_change drivers/usb/core/hub.c:5551 [inline] port_event drivers/usb/core/hub.c:5711 [inline] hub_event+0x2e3d/0x4ed0 drivers/usb/core/hub.c:5793 process_one_work+0x99a/0x15e0 kernel/workqueue.c:2405 worker_thread+0x67d/0x10c0 kernel/workqueue.c:2552 kthread+0x344/0x440 kernel/kthread.c:379 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:308 --- This report is generated by a bot. It may contain errors. See https://goo.gl/tpsmEJ for more information about syzbot. syzbot engineers can be reached at syzkal...@googlegroups.com. syzbot will keep track of this issue. See: https://goo.gl/tpsmEJ#status for how to communicate with syzbot. If the bug is already fixed, let syzbot know by replying with: #syz fix: exact-commit-title If you want syzbot to run the repr
Re: [syzbot] [dri?] WARNING in vkms_get_vblank_timestamp
Hello, syzbot has tested the proposed patch and the reproducer did not trigger any issue: Reported-and-tested-by: syzbot+75cc0f9f7e6324dd2...@syzkaller.appspotmail.com Tested on: commit: 7d8214bb Add linux-next specific files for 20230412 git tree: linux-next console output: https://syzkaller.appspot.com/x/log.txt?x=1387763dc8 kernel config: https://syzkaller.appspot.com/x/.config?x=923e20c1867d7c1c dashboard link: https://syzkaller.appspot.com/bug?extid=75cc0f9f7e6324dd2501 compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2 Note: no patches were applied. Note: testing is done by a robot and is best-effort only.
[syzbot] [dri?] WARNING in vkms_get_vblank_timestamp
Hello, syzbot found the following issue on: HEAD commit:4b0f4525dc4f Add linux-next specific files for 20230331 git tree: linux-next console output: https://syzkaller.appspot.com/x/log.txt?x=13ea0159c8 kernel config: https://syzkaller.appspot.com/x/.config?x=85cc4b935a1f7194 dashboard link: https://syzkaller.appspot.com/bug?extid=75cc0f9f7e6324dd2501 compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2 syz repro: https://syzkaller.appspot.com/x/repro.syz?x=15cb3659c8 Downloadable assets: disk image: https://storage.googleapis.com/syzbot-assets/8d06bb015df3/disk-4b0f4525.raw.xz vmlinux: https://storage.googleapis.com/syzbot-assets/6a1c1ebf3724/vmlinux-4b0f4525.xz kernel image: https://storage.googleapis.com/syzbot-assets/4bb2b8d6cd7d/bzImage-4b0f4525.xz IMPORTANT: if you fix the issue, please add the following tag to the commit: Reported-by: syzbot+75cc0f9f7e6324dd2...@syzkaller.appspotmail.com [ cut here ] WARNING: CPU: 1 PID: 6019 at drivers/gpu/drm/vkms/vkms_crtc.c:103 vkms_get_vblank_timestamp+0x1cf/0x240 drivers/gpu/drm/vkms/vkms_crtc.c:103 Modules linked in: CPU: 1 PID: 6019 Comm: syz-executor.1 Not tainted 6.3.0-rc4-next-20230331-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/02/2023 RIP: 0010:vkms_get_vblank_timestamp+0x1cf/0x240 drivers/gpu/drm/vkms/vkms_crtc.c:103 Code: ce 73 fc e8 53 e9 63 fc 4c 89 e1 48 ba 00 00 00 00 00 fc ff df 48 c1 e9 03 80 3c 11 00 75 65 49 89 04 24 eb c4 e8 b1 ce 73 fc <0f> 0b eb bb e8 d8 80 c6 fc e9 de fe ff ff e8 0e 81 c6 fc e9 78 fe RSP: 0018:c9000b3873d8 EFLAGS: 00010293 RAX: RBX: 004e19fc6e8a RCX: RDX: 8880756257c0 RSI: 850f429f RDI: 0006 RBP: 88801dc84000 R08: 0006 R09: 004e19fc6e8a R10: 004e19fc6e8a R11: R12: c9000b387540 R13: 004e19fc6e8a R14: 4e20 R15: 850f40d0 FS: 7f5372809700() GS:8880b990() knlGS: CS: 0010 DS: ES: CR0: 80050033 CR2: 202fc000 CR3: 27361000 CR4: 003506e0 DR0: DR1: DR2: DR3: DR6: fffe0ff0 DR7: 0400 Call Trace: drm_crtc_get_last_vbltimestamp+0x102/0x1a0 drivers/gpu/drm/drm_vblank.c:877 drm_crtc_next_vblank_start+0x13f/0x2b0 drivers/gpu/drm/drm_vblank.c:1006 set_fence_deadline drivers/gpu/drm/drm_atomic_helper.c:1531 [inline] drm_atomic_helper_wait_for_fences+0x1b4/0x780 drivers/gpu/drm/drm_atomic_helper.c:1578 drm_atomic_helper_commit drivers/gpu/drm/drm_atomic_helper.c:2007 [inline] drm_atomic_helper_commit+0x1bd/0x370 drivers/gpu/drm/drm_atomic_helper.c:1979 drm_atomic_commit+0x20a/0x300 drivers/gpu/drm/drm_atomic.c:1503 drm_client_modeset_commit_atomic+0x69b/0x7e0 drivers/gpu/drm/drm_client_modeset.c:1045 drm_client_modeset_commit_locked+0x149/0x580 drivers/gpu/drm/drm_client_modeset.c:1148 pan_display_atomic drivers/gpu/drm/drm_fb_helper.c:1690 [inline] drm_fb_helper_pan_display+0x28f/0x970 drivers/gpu/drm/drm_fb_helper.c:1750 fb_pan_display+0x2fb/0x6c0 drivers/video/fbdev/core/fbmem.c:924 bit_update_start+0x49/0x1f0 drivers/video/fbdev/core/bitblit.c:387 fbcon_switch+0xbcf/0x1380 drivers/video/fbdev/core/fbcon.c:2169 redraw_screen+0x2bd/0x740 drivers/tty/vt/vt.c:965 fbcon_modechanged+0x526/0x620 drivers/video/fbdev/core/fbcon.c:2704 fbcon_update_vcs+0x3e/0x50 drivers/video/fbdev/core/fbcon.c:2749 do_fb_ioctl+0x6d7/0x740 drivers/video/fbdev/core/fbmem.c:1125 fb_ioctl+0xeb/0x150 drivers/video/fbdev/core/fbmem.c:1202 vfs_ioctl fs/ioctl.c:51 [inline] __do_sys_ioctl fs/ioctl.c:870 [inline] __se_sys_ioctl fs/ioctl.c:856 [inline] __x64_sys_ioctl+0x197/0x210 fs/ioctl.c:856 do_syscall_x64 arch/x86/entry/common.c:50 [inline] do_syscall_64+0x39/0xb0 arch/x86/entry/common.c:80 entry_SYSCALL_64_after_hwframe+0x63/0xcd RIP: 0033:0x7f5371a8c0f9 Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 f1 19 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 RSP: 002b:7f5372809168 EFLAGS: 0246 ORIG_RAX: 0010 RAX: ffda RBX: 7f5371bac050 RCX: 7f5371a8c0f9 RDX: 2000 RSI: 4601 RDI: 0005 RBP: 7f5371ae7b39 R08: R09: R10: R11: 0246 R12: R13: 7ffd0e5e571f R14: 7f5372809300 R15: 00022000 --- This report is generated by a bot. It may contain errors. See https://goo.gl/tpsmEJ for more information about syzbot. syzbot engineers can be reached at syzkal...@googlegroups.com. syzbot will keep track of this issue. See: https://goo.gl/tpsmEJ#status for how to communicate with syzbot. syzbot can test patches for this issue,
[syzbot] [dri?] general protection fault in drm_crtc_next_vblank_start
Hello,
syzbot found the following issue on:
HEAD commit:a6d9e3034536 Add linux-next specific files for 20230330
git tree: linux-next
console+strace: https://syzkaller.appspot.com/x/log.txt?x=1001d1cdc8
kernel config: https://syzkaller.appspot.com/x/.config?x=aceb117f7924508e
dashboard link: https://syzkaller.appspot.com/bug?extid=54280c5aea19802490b5
compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for
Debian) 2.35.2
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=13435a2ec8
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=139c9c21c8
Downloadable assets:
disk image:
https://storage.googleapis.com/syzbot-assets/ec1f900ea929/disk-a6d9e303.raw.xz
vmlinux:
https://storage.googleapis.com/syzbot-assets/fabbf89c0d22/vmlinux-a6d9e303.xz
kernel image:
https://storage.googleapis.com/syzbot-assets/1ed05d6192fa/bzImage-a6d9e303.xz
The issue was bisected to:
commit d39e48ca80c0960b039cb38633957f0040f63e1a
Author: Rob Clark
Date: Fri Sep 3 18:47:54 2021 +
drm/atomic-helper: Set fence deadline for vblank
bisection log: https://syzkaller.appspot.com/x/bisect.txt?x=12d260c9c8
final oops: https://syzkaller.appspot.com/x/report.txt?x=11d260c9c8
console output: https://syzkaller.appspot.com/x/log.txt?x=16d260c9c8
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+54280c5aea1980249...@syzkaller.appspotmail.com
Fixes: d39e48ca80c0 ("drm/atomic-helper: Set fence deadline for vblank")
[drm] Initialized udl 0.0.1 20120220 for 1-1:0.0 on minor 2
[drm] Initialized udl on minor 2
udl 1-1:0.0: [drm] *ERROR* Read EDID byte 0 failed err ffb9
udl 1-1:0.0: [drm] Cannot find any crtc or sizes
general protection fault, probably for non-canonical address
0xdc28: [#1] PREEMPT SMP KASAN
KASAN: null-ptr-deref in range [0x0140-0x0147]
CPU: 0 PID: 9 Comm: kworker/0:1 Not tainted 6.3.0-rc4-next-20230330-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google
03/02/2023
Workqueue: usb_hub_wq hub_event
RIP: 0010:drm_crtc_next_vblank_start+0xb3/0x2b0
drivers/gpu/drm/drm_vblank.c:1003
Code: e8 01 00 00 48 69 db 38 02 00 00 48 b8 00 00 00 00 00 fc ff df 49 03 9d
38 03 00 00 4c 8d ab 44 01 00 00 4c 89 ea 48 c1 ea 03 <0f> b6 14 02 4c 89 e8 83
e0 07 83 c0 03 38 d0 7c 08 84 d2 0f 85 67
RSP: 0018:c90e6bb0 EFLAGS: 00010207
RAX: dc00 RBX: RCX:
RDX: 0028 RSI: 849f2afb RDI: 888079558338
RBP: c90e6c48 R08: 0005 R09:
R10: 0001 R11: 0010 R12: 8880795590d8
R13: 0144 R14: 8880795590d8 R15: dc00
FS: () GS:8880b980() knlGS:
CS: 0010 DS: ES: CR0: 80050033
CR2: 7f17191c7688 CR3: 281af000 CR4: 003506f0
DR0: DR1: DR2:
DR3: DR6: fffe0ff0 DR7: 0400
Call Trace:
set_fence_deadline drivers/gpu/drm/drm_atomic_helper.c:1531 [inline]
drm_atomic_helper_wait_for_fences+0x1b4/0x780
drivers/gpu/drm/drm_atomic_helper.c:1578
drm_atomic_helper_commit drivers/gpu/drm/drm_atomic_helper.c:2007 [inline]
drm_atomic_helper_commit+0x1bd/0x370 drivers/gpu/drm/drm_atomic_helper.c:1979
drm_atomic_commit+0x20a/0x300 drivers/gpu/drm/drm_atomic.c:1503
drm_client_modeset_commit_atomic+0x69b/0x7e0
drivers/gpu/drm/drm_client_modeset.c:1045
drm_client_modeset_commit_locked+0x149/0x580
drivers/gpu/drm/drm_client_modeset.c:1148
drm_client_modeset_commit+0x51/0x80 drivers/gpu/drm/drm_client_modeset.c:1174
drm_fb_helper_single_fb_probe drivers/gpu/drm/drm_fb_helper.c:1983 [inline]
__drm_fb_helper_initial_config_and_unlock+0x118a/0x1510
drivers/gpu/drm/drm_fb_helper.c:2169
drm_fb_helper_initial_config drivers/gpu/drm/drm_fb_helper.c:2259 [inline]
drm_fb_helper_initial_config+0x42/0x60 drivers/gpu/drm/drm_fb_helper.c:2251
drm_fbdev_generic_client_hotplug+0x1ab/0x270
drivers/gpu/drm/drm_fbdev_generic.c:281
drm_fbdev_generic_setup+0x127/0x3b0 drivers/gpu/drm/drm_fbdev_generic.c:343
udl_usb_probe+0x120/0x190 drivers/gpu/drm/udl/udl_drv.c:120
usb_probe_interface+0x30f/0x960 drivers/usb/core/driver.c:396
call_driver_probe drivers/base/dd.c:579 [inline]
really_probe+0x240/0xca0 drivers/base/dd.c:658
__driver_probe_device+0x1df/0x4d0 drivers/base/dd.c:795
driver_probe_device+0x4c/0x1a0 drivers/base/dd.c:825
__device_attach_driver+0x1d4/0x2e0 drivers/base/dd.c:953
bus_for_each_drv+0x149/0x1d0 drivers/base/bus.c:457
__device_attach+0x1e4/0x4b0 drivers/base/dd.c:1025
bus_probe_device+0x17c/0x1c0 drivers/base/bus.c:532
device_add+0x11c4/0x1c50 drivers/base/core.c:3616
usb_set_configuration+0x10ee/0x1af0 drivers/usb/core/message.c:2171
usb_generic_driver_probe+0xcf/0x130 drivers/usb/co
[syzbot] [dri?] BUG: sleeping function called from invalid context in _vm_unmap_aliases
Hello,
syzbot found the following issue on:
HEAD commit:f3594f0204b7 Add linux-next specific files for 20230321
git tree: linux-next
console output: https://syzkaller.appspot.com/x/log.txt?x=161552eec8
kernel config: https://syzkaller.appspot.com/x/.config?x=f22105589e896af1
dashboard link: https://syzkaller.appspot.com/bug?extid=a9a2bb6afe9eb31efc56
compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for
Debian) 2.35.2
Unfortunately, I don't have any reproducer for this issue yet.
Downloadable assets:
disk image:
https://storage.googleapis.com/syzbot-assets/0b755145006a/disk-f3594f02.raw.xz
vmlinux:
https://storage.googleapis.com/syzbot-assets/fca26e328a81/vmlinux-f3594f02.xz
kernel image:
https://storage.googleapis.com/syzbot-assets/39744d7d289f/bzImage-f3594f02.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+a9a2bb6afe9eb31ef...@syzkaller.appspotmail.com
BUG: sleeping function called from invalid context at kernel/locking/mutex.c:580
in_atomic(): 0, irqs_disabled(): 0, non_block: 0, pid: 10028, name:
syz-executor.4
preempt_count: 0, expected: 0
RCU nest depth: 1, expected: 0
3 locks held by syz-executor.4/10028:
#0: 88807597afd8 (&mm->mmap_lock){}-{3:3}, at:
mmap_write_lock_killable include/linux/mmap_lock.h:110 [inline]
#0: 88807597afd8 (&mm->mmap_lock){}-{3:3}, at:
vm_mmap_pgoff+0x158/0x3b0 mm/util.c:541
#1: 888081123270 (&shmem->pages_lock){+.+.}-{3:3}, at:
drm_gem_shmem_get_pages+0x53/0x180 drivers/gpu/drm/drm_gem_shmem_helper.c:216
#2: 8c796500 (rcu_read_lock){}-{1:2}, at:
_vm_unmap_aliases.part.0+0x138/0x560 mm/vmalloc.c:2182
CPU: 1 PID: 10028 Comm: syz-executor.4 Not tainted
6.3.0-rc3-next-20230321-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google
03/02/2023
Call Trace:
__dump_stack lib/dump_stack.c:88 [inline]
dump_stack_lvl+0x136/0x150 lib/dump_stack.c:106
__might_resched+0x358/0x580 kernel/sched/core.c:10059
__mutex_lock_common kernel/locking/mutex.c:580 [inline]
__mutex_lock+0x9f/0x1350 kernel/locking/mutex.c:747
_vm_unmap_aliases.part.0+0x1ca/0x560 mm/vmalloc.c:2187
_vm_unmap_aliases mm/vmalloc.c:2181 [inline]
vm_unmap_aliases+0x49/0x50 mm/vmalloc.c:2230
change_page_attr_set_clr+0x226/0x470 arch/x86/mm/pat/set_memory.c:1837
cpa_set_pages_array arch/x86/mm/pat/set_memory.c:1892 [inline]
_set_pages_array+0x1c6/0x220 arch/x86/mm/pat/set_memory.c:2230
drm_gem_shmem_get_pages_locked+0x155/0x240
drivers/gpu/drm/drm_gem_shmem_helper.c:191
drm_gem_shmem_get_pages+0x71/0x180 drivers/gpu/drm/drm_gem_shmem_helper.c:219
drm_gem_shmem_mmap drivers/gpu/drm/drm_gem_shmem_helper.c:636 [inline]
drm_gem_shmem_mmap+0x153/0x540 drivers/gpu/drm/drm_gem_shmem_helper.c:620
drm_gem_mmap_obj+0x1b6/0x6c0 drivers/gpu/drm/drm_gem.c:1046
drm_gem_mmap+0x41d/0x780 drivers/gpu/drm/drm_gem.c:1124
call_mmap include/linux/fs.h:1859 [inline]
mmap_region+0x694/0x28d0 mm/mmap.c:2652
do_mmap+0x831/0xf60 mm/mmap.c:1438
vm_mmap_pgoff+0x1a2/0x3b0 mm/util.c:543
ksys_mmap_pgoff+0x41f/0x5a0 mm/mmap.c:1484
do_syscall_x64 arch/x86/entry/common.c:50 [inline]
do_syscall_64+0x39/0xb0 arch/x86/entry/common.c:80
entry_SYSCALL_64_after_hwframe+0x63/0xcd
RIP: 0033:0x7f905968c0f9
Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 f1 19 00 00 90 48 89 f8 48 89 f7 48
89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01
c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:7f905a3fa168 EFLAGS: 0246 ORIG_RAX: 0009
RAX: ffda RBX: 7f90597abf80 RCX: 7f905968c0f9
RDX: RSI: 3028 RDI: 20ffc000
RBP: 7f90596e7b39 R08: 0004 R09: 0001
R10: 0012 R11: 0246 R12:
R13: 7ffcde03503f R14: 7f905a3fa300 R15: 00022000
=
[ BUG: Invalid wait context ]
6.3.0-rc3-next-20230321-syzkaller #0 Tainted: GW
-
syz-executor.4/10028 is trying to lock:
888027c7a068 (&vb->lock){+.+.}-{3:3}, at:
_vm_unmap_aliases.part.0+0x1ca/0x560 mm/vmalloc.c:2187
other info that might help us debug this:
context-{4:4}
3 locks held by syz-executor.4/10028:
#0: 88807597afd8 (&mm->mmap_lock){}-{3:3}, at:
mmap_write_lock_killable include/linux/mmap_lock.h:110 [inline]
#0: 88807597afd8 (&mm->mmap_lock){}-{3:3}, at:
vm_mmap_pgoff+0x158/0x3b0 mm/util.c:541
#1: 888081123270 (&shmem->pages_lock){+.+.}-{3:3}, at:
drm_gem_shmem_get_pages+0x53/0x180 drivers/gpu/drm/drm_gem_shmem_helper.c:216
#2: 8c796500 (rcu_read_lock){}-{1:2}, at:
_vm_unmap_aliases.part.0+0x138/0x560 mm/vmalloc.c:2182
stack backtrace:
CPU: 1 PID: 10028 Comm: syz-executor.4 Tainted: GW
6.3.0-rc3-next-20230321-syzkaller #0
Hardware name: Google Google Comput
[syzbot] [fbdev?] KASAN: use-after-free Write in fbcon_get_font
Hello, syzbot found the following issue on: HEAD commit:fe15c26ee26e Linux 6.3-rc1 git tree: git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci console output: https://syzkaller.appspot.com/x/log.txt?x=11bc9c16c8 kernel config: https://syzkaller.appspot.com/x/.config?x=7573cbcd881a88c9 dashboard link: https://syzkaller.appspot.com/bug?extid=5a04eb16db96950bb112 compiler: Debian clang version 15.0.7, GNU ld (GNU Binutils for Debian) 2.35.2 userspace arch: arm64 syz repro: https://syzkaller.appspot.com/x/repro.syz?x=135becbac8 C reproducer: https://syzkaller.appspot.com/x/repro.c?x=1182c9d2c8 Downloadable assets: disk image: https://storage.googleapis.com/syzbot-assets/89d41abd07bd/disk-fe15c26e.raw.xz vmlinux: https://storage.googleapis.com/syzbot-assets/fa75f5030ade/vmlinux-fe15c26e.xz kernel image: https://storage.googleapis.com/syzbot-assets/590d0f5903ee/Image-fe15c26e.gz.xz IMPORTANT: if you fix the issue, please add the following tag to the commit: Reported-by: syzbot+5a04eb16db96950bb...@syzkaller.appspotmail.com == BUG: KASAN: use-after-free in fbcon_get_font+0x240/0x8cc drivers/video/fbdev/core/fbcon.c:2290 Write of size 22062 at addr e1bfabd6 by task syz-executor329/5944 CPU: 0 PID: 5944 Comm: syz-executor329 Not tainted 6.3.0-rc1-syzkaller-gfe15c26ee26e #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/02/2023 Call trace: dump_backtrace+0x1c8/0x1f4 arch/arm64/kernel/stacktrace.c:158 show_stack+0x2c/0x3c arch/arm64/kernel/stacktrace.c:165 __dump_stack lib/dump_stack.c:88 [inline] dump_stack_lvl+0xd0/0x124 lib/dump_stack.c:106 print_address_description mm/kasan/report.c:319 [inline] print_report+0x174/0x514 mm/kasan/report.c:430 kasan_report+0xd4/0x130 mm/kasan/report.c:536 kasan_check_range+0x264/0x2a4 mm/kasan/generic.c:187 __asan_memset+0x40/0x70 mm/kasan/shadow.c:84 fbcon_get_font+0x240/0x8cc drivers/video/fbdev/core/fbcon.c:2290 con_font_get drivers/tty/vt/vt.c:4559 [inline] con_font_op+0x468/0xfa0 drivers/tty/vt/vt.c:4674 vt_k_ioctl drivers/tty/vt/vt_ioctl.c:474 [inline] vt_ioctl+0x1a90/0x252c drivers/tty/vt/vt_ioctl.c:752 tty_ioctl+0x8a4/0xd8c drivers/tty/tty_io.c:2777 vfs_ioctl fs/ioctl.c:51 [inline] __do_sys_ioctl fs/ioctl.c:870 [inline] __se_sys_ioctl fs/ioctl.c:856 [inline] __arm64_sys_ioctl+0x14c/0x1c8 fs/ioctl.c:856 __invoke_syscall arch/arm64/kernel/syscall.c:38 [inline] invoke_syscall+0x98/0x2c0 arch/arm64/kernel/syscall.c:52 el0_svc_common+0x138/0x258 arch/arm64/kernel/syscall.c:142 do_el0_svc+0x64/0x198 arch/arm64/kernel/syscall.c:193 el0_svc+0x58/0x168 arch/arm64/kernel/entry-common.c:637 el0t_64_sync_handler+0x84/0xf0 arch/arm64/kernel/entry-common.c:655 el0t_64_sync+0x190/0x194 arch/arm64/kernel/entry.S:591 The buggy address belongs to the physical page: page:c3c989b0 refcount:1 mapcount:0 mapping: index:0x0 pfn:0x121800 head:c3c989b0 order:10 entire_mapcount:0 nr_pages_mapped:0 pincount:0 flags: 0x5ffc001(head|node=0|zone=2|lastcpupid=0x7ff) raw: 05ffc001 dead0122 raw: 0001 page dumped because: kasan: bad access detected Memory state around the buggy address: e1bfff00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 e1bfff80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 >e1c0: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ^ e1c00080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff e1c00100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff == --- This report is generated by a bot. It may contain errors. See https://goo.gl/tpsmEJ for more information about syzbot. syzbot engineers can be reached at syzkal...@googlegroups.com. syzbot will keep track of this issue. See: https://goo.gl/tpsmEJ#status for how to communicate with syzbot. syzbot can test patches for this issue, for details see: https://goo.gl/tpsmEJ#testing-patches
Re: [syzbot] [hardening?] [mm?] BUG: bad usercopy in con_font_op
syzbot has bisected this issue to:
commit 24d69384bcd34b9dcaf5dab744bf7096e84d1abd
Author: Samuel Thibault
Date: Thu Jan 19 15:19:16 2023 +
VT: Add KD_FONT_OP_SET/GET_TALL operations
bisection log: https://syzkaller.appspot.com/x/bisect.txt?x=120b3232c8
start commit: 2eb29d59ddf0 Merge tag 'drm-next-2023-03-03-1' of git://an..
git tree: upstream
final oops: https://syzkaller.appspot.com/x/report.txt?x=110b3232c8
console output: https://syzkaller.appspot.com/x/log.txt?x=160b3232c8
kernel config: https://syzkaller.appspot.com/x/.config?x=cab35c936731a347
dashboard link: https://syzkaller.appspot.com/bug?extid=3af17071816b61e807ed
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=10b71504c8
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=16f02d9cc8
Reported-by: syzbot+3af17071816b61e80...@syzkaller.appspotmail.com
Fixes: 24d69384bcd3 ("VT: Add KD_FONT_OP_SET/GET_TALL operations")
For information about bisection process see: https://goo.gl/tpsmEJ#bisection
[syzbot] memory leak in vma_node_allow
Hello, syzbot found the following issue on: HEAD commit:0983f6bf2bfc Merge tag 'devicetree-fixes-for-6.2-2' of git.. git tree: upstream console output: https://syzkaller.appspot.com/x/log.txt?x=134dab4d48 kernel config: https://syzkaller.appspot.com/x/.config?x=9e55e71813900595 dashboard link: https://syzkaller.appspot.com/bug?extid=58ea3177ba8bd0a5d8ee compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2 syz repro: https://syzkaller.appspot.com/x/repro.syz?x=15052a8348 C reproducer: https://syzkaller.appspot.com/x/repro.c?x=13073cfb48 Downloadable assets: disk image: https://storage.googleapis.com/syzbot-assets/dfe2e2ac7b39/disk-0983f6bf.raw.xz vmlinux: https://storage.googleapis.com/syzbot-assets/bd09e355e210/vmlinux-0983f6bf.xz kernel image: https://storage.googleapis.com/syzbot-assets/8409e5f10fab/bzImage-0983f6bf.xz IMPORTANT: if you fix the issue, please add the following tag to the commit: Reported-by: syzbot+58ea3177ba8bd0a5d...@syzkaller.appspotmail.com Warning: Permanently added '10.128.1.168' (ECDSA) to the list of known hosts. executing program executing program BUG: memory leak unreferenced object 0x88810f1c75c0 (size 64): comm "syz-executor750", pid 5060, jiffies 4294945258 (age 13.860s) hex dump (first 32 bytes): 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 d6 e4 04 81 88 ff ff backtrace: [] kmalloc_trace+0x24/0x90 mm/slab_common.c:1062 [] kmalloc include/linux/slab.h:580 [inline] [] vma_node_allow+0x3a/0x150 drivers/gpu/drm/drm_vma_manager.c:255 [] drm_gem_handle_create_tail+0x10e/0x250 drivers/gpu/drm/drm_gem.c:377 [] drm_gem_shmem_create_with_handle drivers/gpu/drm/drm_gem_shmem_helper.c:432 [inline] [] drm_gem_shmem_dumb_create+0xbd/0x200 drivers/gpu/drm/drm_gem_shmem_helper.c:534 [] drm_mode_create_dumb+0x11b/0x150 drivers/gpu/drm/drm_dumb_buffers.c:96 [] drm_ioctl_kernel+0x148/0x260 drivers/gpu/drm/drm_ioctl.c:788 [] drm_ioctl+0x2f0/0x500 drivers/gpu/drm/drm_ioctl.c:891 [] vfs_ioctl fs/ioctl.c:51 [inline] [] __do_sys_ioctl fs/ioctl.c:870 [inline] [] __se_sys_ioctl fs/ioctl.c:856 [inline] [] __x64_sys_ioctl+0x100/0x140 fs/ioctl.c:856 [] do_syscall_x64 arch/x86/entry/common.c:50 [inline] [] do_syscall_64+0x39/0xb0 arch/x86/entry/common.c:80 [] entry_SYSCALL_64_after_hwframe+0x63/0xcd BUG: memory leak unreferenced object 0x888109662d80 (size 64): comm "syz-executor750", pid 5060, jiffies 4294945258 (age 13.870s) hex dump (first 32 bytes): 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 d6 e4 04 81 88 ff ff backtrace: [] kmalloc_trace+0x24/0x90 mm/slab_common.c:1062 [] kmalloc include/linux/slab.h:580 [inline] [] vma_node_allow+0x3a/0x150 drivers/gpu/drm/drm_vma_manager.c:255 [] drm_gem_handle_create_tail+0x10e/0x250 drivers/gpu/drm/drm_gem.c:377 [] drm_gem_shmem_create_with_handle drivers/gpu/drm/drm_gem_shmem_helper.c:432 [inline] [] drm_gem_shmem_dumb_create+0xbd/0x200 drivers/gpu/drm/drm_gem_shmem_helper.c:534 [] drm_mode_create_dumb+0x11b/0x150 drivers/gpu/drm/drm_dumb_buffers.c:96 [] drm_ioctl_kernel+0x148/0x260 drivers/gpu/drm/drm_ioctl.c:788 [] drm_ioctl+0x2f0/0x500 drivers/gpu/drm/drm_ioctl.c:891 [] vfs_ioctl fs/ioctl.c:51 [inline] [] __do_sys_ioctl fs/ioctl.c:870 [inline] [] __se_sys_ioctl fs/ioctl.c:856 [inline] [] __x64_sys_ioctl+0x100/0x140 fs/ioctl.c:856 [] do_syscall_x64 arch/x86/entry/common.c:50 [inline] [] do_syscall_64+0x39/0xb0 arch/x86/entry/common.c:80 [] entry_SYSCALL_64_after_hwframe+0x63/0xcd BUG: memory leak unreferenced object 0x888109662900 (size 64): comm "syz-executor750", pid 5069, jiffies 4294945834 (age 8.110s) hex dump (first 32 bytes): 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ce 8f 09 81 88 ff ff backtrace: [] kmalloc_trace+0x24/0x90 mm/slab_common.c:1062 [] kmalloc include/linux/slab.h:580 [inline] [] vma_node_allow+0x3a/0x150 drivers/gpu/drm/drm_vma_manager.c:255 [] drm_gem_handle_create_tail+0x10e/0x250 drivers/gpu/drm/drm_gem.c:377 [] drm_gem_shmem_create_with_handle drivers/gpu/drm/drm_gem_shmem_helper.c:432 [inline] [] drm_gem_shmem_dumb_create+0xbd/0x200 drivers/gpu/drm/drm_gem_shmem_helper.c:534 [] drm_mode_create_dumb+0x11b/0x150 drivers/gpu/drm/drm_dumb_buffers.c:96 [] drm_ioctl_kernel+0x148/0x260 drivers/gpu/drm/drm_ioctl.c:788 [] drm_ioctl+0x2f0/0x500 drivers/gpu/drm/drm_ioctl.c:891 [] vfs_ioctl fs/ioctl.c:51 [inline] [] __do_sys_ioctl fs/ioctl.c:870 [inline] [] __se_sys_ioctl fs/ioctl.c:856 [inline] [] __x64_sys_ioctl+0x100/0x140 fs/ioctl.c:856 []
[syzbot] UBSAN: shift-out-of-bounds in fbcon_set_font
Hello, syzbot found the following issue on: HEAD commit:691781f561e9 Add linux-next specific files for 20230123 git tree: linux-next console+strace: https://syzkaller.appspot.com/x/log.txt?x=148d181548 kernel config: https://syzkaller.appspot.com/x/.config?x=804cddf7ddbc6c64 dashboard link: https://syzkaller.appspot.com/bug?extid=ac877d1de3aa7263e7f4 compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2 syz repro: https://syzkaller.appspot.com/x/repro.syz?x=12b92cb948 C reproducer: https://syzkaller.appspot.com/x/repro.c?x=169917fe48 Downloadable assets: disk image: https://storage.googleapis.com/syzbot-assets/95b9320565c9/disk-691781f5.raw.xz vmlinux: https://storage.googleapis.com/syzbot-assets/c5f3482fee79/vmlinux-691781f5.xz kernel image: https://storage.googleapis.com/syzbot-assets/63516279b1a1/bzImage-691781f5.xz IMPORTANT: if you fix the issue, please add the following tag to the commit: Reported-by: syzbot+ac877d1de3aa7263e...@syzkaller.appspotmail.com UBSAN: shift-out-of-bounds in drivers/video/fbdev/core/fbcon.c:2489:33 shift exponent 38 is too large for 32-bit type 'int' CPU: 0 PID: 5087 Comm: syz-executor580 Not tainted 6.2.0-rc5-next-20230123-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/12/2023 Call Trace: __dump_stack lib/dump_stack.c:88 [inline] dump_stack_lvl+0xd1/0x138 lib/dump_stack.c:106 ubsan_epilogue+0xa/0x31 lib/ubsan.c:151 __ubsan_handle_shift_out_of_bounds.cold+0xb1/0x187 lib/ubsan.c:321 fbcon_set_font.cold+0x19/0x3c drivers/video/fbdev/core/fbcon.c:2489 con_font_set drivers/tty/vt/vt.c:4624 [inline] con_font_op+0xb52/0xf10 drivers/tty/vt/vt.c:4671 vt_k_ioctl drivers/tty/vt/vt_ioctl.c:474 [inline] vt_ioctl+0x620/0x2df0 drivers/tty/vt/vt_ioctl.c:752 tty_ioctl+0x762/0x1670 drivers/tty/tty_io.c:2777 vfs_ioctl fs/ioctl.c:51 [inline] __do_sys_ioctl fs/ioctl.c:870 [inline] __se_sys_ioctl fs/ioctl.c:856 [inline] __x64_sys_ioctl+0x197/0x210 fs/ioctl.c:856 do_syscall_x64 arch/x86/entry/common.c:50 [inline] do_syscall_64+0x39/0xb0 arch/x86/entry/common.c:80 entry_SYSCALL_64_after_hwframe+0x63/0xcd RIP: 0033:0x7fadea3c92c9 Code: 28 c3 e8 2a 14 00 00 66 2e 0f 1f 84 00 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 RSP: 002b:7ffeb231fd88 EFLAGS: 0246 ORIG_RAX: 0010 RAX: ffda RBX: RCX: 7fadea3c92c9 RDX: 2040 RSI: 4b72 RDI: 0003 RBP: 7fadea38d0b0 R08: 000d R09: R10: R11: 0246 R12: 7fadea38d140 R13: R14: R15: --- This report is generated by a bot. It may contain errors. See https://goo.gl/tpsmEJ for more information about syzbot. syzbot engineers can be reached at syzkal...@googlegroups.com. syzbot will keep track of this issue. See: https://goo.gl/tpsmEJ#status for how to communicate with syzbot. syzbot can test patches for this issue, for details see: https://goo.gl/tpsmEJ#testing-patches
[syzbot] linux-next boot error: WARNING in __drm_atomic_helper_set_config
Hello, syzbot found the following issue on: HEAD commit:469a89fd3bb7 Add linux-next specific files for 20230106 git tree: linux-next console output: https://syzkaller.appspot.com/x/log.txt?x=121d243248 kernel config: https://syzkaller.appspot.com/x/.config?x=a94f9b6b8eb07a36 dashboard link: https://syzkaller.appspot.com/bug?extid=0bf79afd497528c0df0d compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2 Downloadable assets: disk image: https://storage.googleapis.com/syzbot-assets/2df1b88ce6c4/disk-469a89fd.raw.xz vmlinux: https://storage.googleapis.com/syzbot-assets/ea2517e6b476/vmlinux-469a89fd.xz kernel image: https://storage.googleapis.com/syzbot-assets/7539708cb8ba/bzImage-469a89fd.xz IMPORTANT: if you fix the issue, please add the following tag to the commit: Reported-by: syzbot+0bf79afd497528c0d...@syzkaller.appspotmail.com qnx6: QNX6 filesystem 1.0.0 registered. fuse: init (API version 7.38) orangefs_debugfs_init: called with debug mask: :none: :0: orangefs_init: module version upstream loaded JFS: nTxBlock = 8192, nTxLock = 65536 SGI XFS with ACLs, security attributes, realtime, quota, no debug enabled 9p: Installing v9fs 9p2000 file system support NILFS version 2 loaded befs: version: 0.9.3 ocfs2: Registered cluster interface o2cb ocfs2: Registered cluster interface user OCFS2 User DLM kernel interface loaded gfs2: GFS2 installed ceph: loaded (mds proto 32) NET: Registered PF_ALG protocol family xor: automatically using best checksumming function avx async_tx: api initialized (async) Key type asymmetric registered Asymmetric key parser 'x509' registered Asymmetric key parser 'pkcs8' registered Key type pkcs7_test registered Block layer SCSI generic (bsg) driver version 0.4 loaded (major 240) io scheduler mq-deadline registered io scheduler kyber registered io scheduler bfq registered input: Power Button as /devices/LNXSYSTM:00/LNXPWRBN:00/input/input0 ACPI: button: Power Button [PWRF] input: Sleep Button as /devices/LNXSYSTM:00/LNXSLPBN:00/input/input1 ACPI: button: Sleep Button [SLPF] ACPI: \_SB_.LNKC: Enabled at IRQ 11 virtio-pci :00:03.0: virtio_pci: leaving for legacy driver ACPI: \_SB_.LNKD: Enabled at IRQ 10 virtio-pci :00:04.0: virtio_pci: leaving for legacy driver ACPI: \_SB_.LNKB: Enabled at IRQ 10 virtio-pci :00:06.0: virtio_pci: leaving for legacy driver virtio-pci :00:07.0: virtio_pci: leaving for legacy driver N_HDLC line discipline registered with maxframe=4096 Serial: 8250/16550 driver, 4 ports, IRQ sharing enabled 00:03: ttyS0 at I/O 0x3f8 (irq = 4, base_baud = 115200) is a 16550A 00:04: ttyS1 at I/O 0x2f8 (irq = 3, base_baud = 115200) is a 16550A 00:05: ttyS2 at I/O 0x3e8 (irq = 6, base_baud = 115200) is a 16550A 00:06: ttyS3 at I/O 0x2e8 (irq = 7, base_baud = 115200) is a 16550A Non-volatile memory driver v1.3 Linux agpgart interface v0.103 ACPI: bus type drm_connector registered [drm] Initialized vgem 1.0.0 20120112 for vgem on minor 0 [drm] Initialized vkms 1.0.0 20180514 for vkms on minor 1 platform vkms: [drm] bpp/depth value of 32/0 not supported platform vkms: [drm] No compatible format found [ cut here ] WARNING: CPU: 0 PID: 1 at drivers/gpu/drm/drm_atomic.c:1604 __drm_atomic_helper_set_config+0xa2d/0xe80 drivers/gpu/drm/drm_atomic.c:1604 Modules linked in: CPU: 0 PID: 1 Comm: swapper/0 Not tainted 6.2.0-rc2-next-20230106-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 RIP: 0010:__drm_atomic_helper_set_config+0xa2d/0xe80 drivers/gpu/drm/drm_atomic.c:1604 Code: b6 04 02 84 c0 74 09 3c 03 7f 05 e8 dd cb 48 fd 45 89 75 38 e9 0f fb ff ff e8 6f e4 fa fc 0f 0b e9 a5 f7 ff ff e8 63 e4 fa fc <0f> 0b e9 4f f7 ff ff e8 57 e4 fa fc 48 8d 7d 08 48 b8 00 00 00 00 RSP: :c9067808 EFLAGS: 00010293 RAX: RBX: 888146916380 RCX: RDX: 88814019 RSI: 8486c8fd RDI: 0007 RBP: 888146917500 R08: 0007 R09: f000 R10: 888146985000 R11: 0005 R12: 88814691b700 R13: 888146985000 R14: 888146985800 R15: 88801deccdc0 FS: () GS:8880b980() knlGS: CS: 0010 DS: ES: CR0: 80050033 CR2: 88823000 CR3: 0c48e000 CR4: 003506f0 DR0: DR1: DR2: DR3: DR6: fffe0ff0 DR7: 0400 Call Trace: drm_client_modeset_commit_atomic+0x535/0x7e0 drivers/gpu/drm/drm_client_modeset.c:1026 drm_client_modeset_commit_locked+0x149/0x580 drivers/gpu/drm/drm_client_modeset.c:1148 drm_client_modeset_commit+0x51/0x80 drivers/gpu/drm/drm_client_modeset.c:1174 drm_fb_helper_single_fb_probe drivers/gpu/drm/drm_fb_helper.c:1944 [inline] __drm_fb_helper_initial_config_and_unlock.cold+0x2ef/0x386 drivers/gp
Re: [syzbot] WARNING: locking bug in inet_autobind
syzbot has found a reproducer for the following issue on:
HEAD commit:1b929c02afd3 Linux 6.2-rc1
git tree: upstream
console output: https://syzkaller.appspot.com/x/log.txt?x=145c6a6848
kernel config: https://syzkaller.appspot.com/x/.config?x=2651619a26b4d687
dashboard link: https://syzkaller.appspot.com/bug?extid=94cc2a66fc228b23f360
compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for
Debian) 2.35.2
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=13e13e3248
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=13790f0848
Downloadable assets:
disk image:
https://storage.googleapis.com/syzbot-assets/d1849f1ca322/disk-1b929c02.raw.xz
vmlinux:
https://storage.googleapis.com/syzbot-assets/924cb8aa4ada/vmlinux-1b929c02.xz
kernel image:
https://storage.googleapis.com/syzbot-assets/8c7330dae0a0/bzImage-1b929c02.xz
The issue was bisected to:
commit c0d9271ecbd891cdeb0fad1edcdd99ee717a655f
Author: Yong Zhao
Date: Fri Feb 1 23:36:21 2019 +
drm/amdgpu: Delete user queue doorbell variables
bisection log: https://syzkaller.appspot.com/x/bisect.txt?x=1433ece4a0
final oops: https://syzkaller.appspot.com/x/report.txt?x=1633ece4a0
console output: https://syzkaller.appspot.com/x/log.txt?x=1233ece4a0
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+94cc2a66fc228b23f...@syzkaller.appspotmail.com
Fixes: c0d9271ecbd8 ("drm/amdgpu: Delete user queue doorbell variables")
[ cut here ]
Looking for class "l2tp_sock" with key l2tp_socket_class, but found a different
class "slock-AF_INET6" with the same key
WARNING: CPU: 0 PID: 7280 at kernel/locking/lockdep.c:937
look_up_lock_class+0x97/0x110 kernel/locking/lockdep.c:937
Modules linked in:
CPU: 0 PID: 7280 Comm: syz-executor835 Not tainted 6.2.0-rc1-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google
10/26/2022
RIP: 0010:look_up_lock_class+0x97/0x110 kernel/locking/lockdep.c:937
Code: 17 48 81 fa e0 e5 f6 8f 74 59 80 3d 5d bc 57 04 00 75 50 48 c7 c7 00 4d
4c 8a 48 89 04 24 c6 05 49 bc 57 04 01 e8 a9 42 b9 ff <0f> 0b 48 8b 04 24 eb 31
9c 5a 80 e6 02 74 95 e8 45 38 02 fa 85 c0
RSP: 0018:c9000b5378b8 EFLAGS: 00010082
RAX: RBX: 91c06a00 RCX:
RDX: 8880292d RSI: 8166721c RDI: f520016a6f09
RBP: R08: 0005 R09:
R10: 8201 R11: 20676e696b6f6f4c R12:
R13: 88802a5820b0 R14: R15:
FS: 7f1fd7a97700() GS:8880b980() knlGS:
CS: 0010 DS: ES: CR0: 80050033
CR2: 2100 CR3: 78ab4000 CR4: 003506f0
DR0: DR1: DR2:
DR3: DR6: fffe0ff0 DR7: 0400
Call Trace:
register_lock_class+0xbe/0x1120 kernel/locking/lockdep.c:1289
__lock_acquire+0x109/0x56d0 kernel/locking/lockdep.c:4934
lock_acquire kernel/locking/lockdep.c:5668 [inline]
lock_acquire+0x1e3/0x630 kernel/locking/lockdep.c:5633
__raw_spin_lock_bh include/linux/spinlock_api_smp.h:126 [inline]
_raw_spin_lock_bh+0x33/0x40 kernel/locking/spinlock.c:178
spin_lock_bh include/linux/spinlock.h:355 [inline]
lock_sock_nested+0x5f/0xf0 net/core/sock.c:3473
lock_sock include/net/sock.h:1725 [inline]
inet_autobind+0x1a/0x190 net/ipv4/af_inet.c:177
inet_send_prepare net/ipv4/af_inet.c:813 [inline]
inet_send_prepare+0x325/0x4e0 net/ipv4/af_inet.c:807
inet6_sendmsg+0x43/0xe0 net/ipv6/af_inet6.c:655
sock_sendmsg_nosec net/socket.c:714 [inline]
sock_sendmsg+0xd3/0x120 net/socket.c:734
__sys_sendto+0x23a/0x340 net/socket.c:2117
__do_sys_sendto net/socket.c:2129 [inline]
__se_sys_sendto net/socket.c:2125 [inline]
__x64_sys_sendto+0xe1/0x1b0 net/socket.c:2125
do_syscall_x64 arch/x86/entry/common.c:50 [inline]
do_syscall_64+0x39/0xb0 arch/x86/entry/common.c:80
entry_SYSCALL_64_after_hwframe+0x63/0xcd
RIP: 0033:0x7f1fd78538b9
Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 15 00 00 90 48 89 f8 48 89 f7 48
89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01
c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:7f1fd7a971f8 EFLAGS: 0212 ORIG_RAX: 002c
RAX: ffda RBX: 7f1fd78f0038 RCX: 7f1fd78538b9
RDX: RSI: RDI: 0004
RBP: 7f1fd78f0030 R08: 2100 R09: 001c
R10: 04008000 R11: 0212 R12: 7f1fd78f003c
R13: 7f1fd79ffc8f R14: 7f1fd7a97300 R15: 00022000
Re: [syzbot] WARNING in drm_wait_one_vblank
Hello, syzbot has tested the proposed patch but the reproducer is still triggering an issue: WARNING in drm_wait_one_vblank platform vkms: vblank wait timed out on crtc 0 WARNING: CPU: 1 PID: 4329 at drivers/gpu/drm/drm_vblank.c:1269 drm_wait_one_vblank+0x2bc/0x500 drivers/gpu/drm/drm_vblank.c:1269 Modules linked in: CPU: 1 PID: 4329 Comm: syz-executor.5 Not tainted 6.1.0-rc8-syzkaller-00148-g0d1409e4ff08 #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 RIP: 0010:drm_wait_one_vblank+0x2bc/0x500 drivers/gpu/drm/drm_vblank.c:1269 Code: 85 f6 0f 84 a3 01 00 00 e8 a1 82 03 fd 4c 89 ef e8 19 34 1b 00 44 89 e1 4c 89 f2 48 c7 c7 80 67 5d 8a 48 89 c6 e8 1b 54 d1 04 <0f> 0b e9 87 fe ff ff e8 78 82 03 fd 31 ff 4c 89 ee e8 5e 7f 03 fd RSP: 0018:c90003887b40 EFLAGS: 00010282 RAX: RBX: 187a RCX: RDX: 888077e56080 RSI: 81615618 RDI: f52000710f5a RBP: 888146b6c000 R08: 0005 R09: R10: 8000 R11: R12: R13: 88801e146010 R14: 888146fb2dc0 R15: 888146ffe030 FS: 7fd446839700() GS:8880b9b0() knlGS: CS: 0010 DS: ES: CR0: 80050033 CR2: 55d58fce0300 CR3: 66c1d000 CR4: 003506e0 DR0: DR1: DR2: DR3: DR6: fffe0ff0 DR7: 0400 Call Trace: drm_fb_helper_ioctl+0x159/0x1a0 drivers/gpu/drm/drm_fb_helper.c:1259 do_fb_ioctl+0x1d5/0x6e0 drivers/video/fbdev/core/fbmem.c:1188 fb_ioctl+0xe7/0x150 drivers/video/fbdev/core/fbmem.c:1202 vfs_ioctl fs/ioctl.c:51 [inline] __do_sys_ioctl fs/ioctl.c:870 [inline] __se_sys_ioctl fs/ioctl.c:856 [inline] __x64_sys_ioctl+0x193/0x200 fs/ioctl.c:856 do_syscall_x64 arch/x86/entry/common.c:50 [inline] do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80 entry_SYSCALL_64_after_hwframe+0x63/0xcd RIP: 0033:0x7fd445689409 Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 RSP: 002b:7fd446839168 EFLAGS: 0246 ORIG_RAX: 0010 RAX: ffda RBX: 7fd44579bf80 RCX: 7fd445689409 RDX: RSI: 40044620 RDI: 0003 RBP: 7fd4468391d0 R08: R09: R10: R11: 0246 R12: 0001 R13: 7493021f R14: 7fd446839300 R15: 00022000 Tested on: commit: 0d1409e4 Merge tag 'drm-fixes-2022-12-09' of git://ano.. git tree: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git master console output: https://syzkaller.appspot.com/x/log.txt?x=10bf8cb788 kernel config: https://syzkaller.appspot.com/x/.config?x=f99d4932d068617a dashboard link: https://syzkaller.appspot.com/bug?extid=6f7fe2dbc479dca0ed17 compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2 Note: no patches were applied.
[syzbot] memory leak in fbcon_set_font (2)
Hello, syzbot found the following issue on: HEAD commit:c2bf05db6c78 Merge tag 'i2c-for-6.1-rc8' of git://git.kern.. git tree: upstream console output: https://syzkaller.appspot.com/x/log.txt?x=171883d588 kernel config: https://syzkaller.appspot.com/x/.config?x=979161df0e247659 dashboard link: https://syzkaller.appspot.com/bug?extid=25bdb7b1703639abd498 compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2 syz repro: https://syzkaller.appspot.com/x/repro.syz?x=14fff84d88 C reproducer: https://syzkaller.appspot.com/x/repro.c?x=135806a788 Downloadable assets: disk image: https://storage.googleapis.com/syzbot-assets/63cd45bf1d68/disk-c2bf05db.raw.xz vmlinux: https://storage.googleapis.com/syzbot-assets/bafbfb42c660/vmlinux-c2bf05db.xz kernel image: https://storage.googleapis.com/syzbot-assets/9f803a721cfc/bzImage-c2bf05db.xz IMPORTANT: if you fix the issue, please add the following tag to the commit: Reported-by: syzbot+25bdb7b1703639abd...@syzkaller.appspotmail.com BUG: memory leak unreferenced object 0x888111648000 (size 18448): comm "syz-executor148", pid 3653, jiffies 4294970435 (age 13.520s) hex dump (first 32 bytes): 85 44 7e c7 00 00 00 00 00 48 00 00 00 00 00 00 .D~..H.. 92 30 86 d2 8c 38 30 9e e7 a3 05 00 9f 09 33 bb .0...80...3. backtrace: [] __do_kmalloc_node mm/slab_common.c:943 [inline] [] __kmalloc+0xb3/0x120 mm/slab_common.c:968 [] kmalloc include/linux/slab.h:558 [inline] [] fbcon_set_font+0x1a9/0x470 drivers/video/fbdev/core/fbcon.c:2508 [] con_font_set drivers/tty/vt/vt.c:4667 [inline] [] con_font_op+0x3a9/0x600 drivers/tty/vt/vt.c:4713 [] vt_k_ioctl drivers/tty/vt/vt_ioctl.c:474 [inline] [] vt_ioctl+0x14fd/0x1a80 drivers/tty/vt/vt_ioctl.c:752 [] tty_ioctl+0x6d5/0xbe0 drivers/tty/tty_io.c:2771 [] vfs_ioctl fs/ioctl.c:51 [inline] [] __do_sys_ioctl fs/ioctl.c:870 [inline] [] __se_sys_ioctl fs/ioctl.c:856 [inline] [] __x64_sys_ioctl+0xfc/0x140 fs/ioctl.c:856 [] do_syscall_x64 arch/x86/entry/common.c:50 [inline] [] do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80 [] entry_SYSCALL_64_after_hwframe+0x63/0xcd BUG: memory leak unreferenced object 0x888110b18000 (size 18448): comm "syz-executor148", pid 3655, jiffies 4294971001 (age 7.860s) hex dump (first 32 bytes): 85 44 7e c7 00 00 00 00 00 48 00 00 00 00 00 00 .D~..H.. 92 30 86 d2 8c 38 30 9e e7 a3 05 00 9f 09 33 bb .0...80...3. backtrace: [] __do_kmalloc_node mm/slab_common.c:943 [inline] [] __kmalloc+0xb3/0x120 mm/slab_common.c:968 [] kmalloc include/linux/slab.h:558 [inline] [] fbcon_set_font+0x1a9/0x470 drivers/video/fbdev/core/fbcon.c:2508 [] con_font_set drivers/tty/vt/vt.c:4667 [inline] [] con_font_op+0x3a9/0x600 drivers/tty/vt/vt.c:4713 [] vt_k_ioctl drivers/tty/vt/vt_ioctl.c:474 [inline] [] vt_ioctl+0x14fd/0x1a80 drivers/tty/vt/vt_ioctl.c:752 [] tty_ioctl+0x6d5/0xbe0 drivers/tty/tty_io.c:2771 [] vfs_ioctl fs/ioctl.c:51 [inline] [] __do_sys_ioctl fs/ioctl.c:870 [inline] [] __se_sys_ioctl fs/ioctl.c:856 [inline] [] __x64_sys_ioctl+0xfc/0x140 fs/ioctl.c:856 [] do_syscall_x64 arch/x86/entry/common.c:50 [inline] [] do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80 [] entry_SYSCALL_64_after_hwframe+0x63/0xcd write to /proc/sys/kernel/hung_task_check_interval_secs failed: No such file or directory write to /proc/sys/kernel/softlockup_all_cpu_backtrace failed: No such file or directory write to /proc/sys/kernel/hung_task_check_interval_secs failed: No such file or directory write to /proc/sys/kernel/softlockup_all_cpu_backtrace failed: No such file or directory --- This report is generated by a bot. It may contain errors. See https://goo.gl/tpsmEJ for more information about syzbot. syzbot engineers can be reached at syzkal...@googlegroups.com. syzbot will keep track of this issue. See: https://goo.gl/tpsmEJ#status for how to communicate with syzbot. syzbot can test patches for this issue, for details see: https://goo.gl/tpsmEJ#testing-patches
[syzbot] linux-next boot error: WARNING in fb_deferred_io_schedule_flush
Hello, syzbot found the following issue on: HEAD commit:736b6d81d93c Add linux-next specific files for 20221123 git tree: linux-next console output: https://syzkaller.appspot.com/x/log.txt?x=13780ab188 kernel config: https://syzkaller.appspot.com/x/.config?x=84cf3b793149c9bf dashboard link: https://syzkaller.appspot.com/bug?extid=62debf5fcd57b5a592e1 compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2 Downloadable assets: disk image: https://storage.googleapis.com/syzbot-assets/b1f9b28c7e06/disk-736b6d81.raw.xz vmlinux: https://storage.googleapis.com/syzbot-assets/139697685008/vmlinux-736b6d81.xz kernel image: https://storage.googleapis.com/syzbot-assets/6ff62230b292/bzImage-736b6d81.xz IMPORTANT: if you fix the issue, please add the following tag to the commit: Reported-by: syzbot+62debf5fcd57b5a59...@syzkaller.appspotmail.com QNX4 filesystem 0.2.3 registered. qnx6: QNX6 filesystem 1.0.0 registered. fuse: init (API version 7.38) orangefs_debugfs_init: called with debug mask: :none: :0: orangefs_init: module version upstream loaded JFS: nTxBlock = 8192, nTxLock = 65536 SGI XFS with ACLs, security attributes, realtime, quota, no debug enabled 9p: Installing v9fs 9p2000 file system support NILFS version 2 loaded befs: version: 0.9.3 ocfs2: Registered cluster interface o2cb ocfs2: Registered cluster interface user OCFS2 User DLM kernel interface loaded gfs2: GFS2 installed ceph: loaded (mds proto 32) NET: Registered PF_ALG protocol family xor: automatically using best checksumming function avx async_tx: api initialized (async) Key type asymmetric registered Asymmetric key parser 'x509' registered Asymmetric key parser 'pkcs8' registered Key type pkcs7_test registered alg: self-tests for CTR-KDF (hmac(sha256)) passed Block layer SCSI generic (bsg) driver version 0.4 loaded (major 240) io scheduler mq-deadline registered io scheduler kyber registered io scheduler bfq registered input: Power Button as /devices/LNXSYSTM:00/LNXPWRBN:00/input/input0 ACPI: button: Power Button [PWRF] input: Sleep Button as /devices/LNXSYSTM:00/LNXSLPBN:00/input/input1 ACPI: button: Sleep Button [SLPF] ACPI: \_SB_.LNKC: Enabled at IRQ 11 virtio-pci :00:03.0: virtio_pci: leaving for legacy driver ACPI: \_SB_.LNKD: Enabled at IRQ 10 virtio-pci :00:04.0: virtio_pci: leaving for legacy driver ACPI: \_SB_.LNKB: Enabled at IRQ 10 virtio-pci :00:06.0: virtio_pci: leaving for legacy driver virtio-pci :00:07.0: virtio_pci: leaving for legacy driver N_HDLC line discipline registered with maxframe=4096 Serial: 8250/16550 driver, 4 ports, IRQ sharing enabled 00:03: ttyS0 at I/O 0x3f8 (irq = 4, base_baud = 115200) is a 16550A 00:04: ttyS1 at I/O 0x2f8 (irq = 3, base_baud = 115200) is a 16550A 00:05: ttyS2 at I/O 0x3e8 (irq = 6, base_baud = 115200) is a 16550A 00:06: ttyS3 at I/O 0x2e8 (irq = 7, base_baud = 115200) is a 16550A Non-volatile memory driver v1.3 Linux agpgart interface v0.103 ACPI: bus type drm_connector registered [drm] Initialized vgem 1.0.0 20120112 for vgem on minor 0 [drm] Initialized vkms 1.0.0 20180514 for vkms on minor 1 [ cut here ] WARNING: CPU: 0 PID: 1 at drivers/video/fbdev/core/fb_defio.c:340 fb_deferred_io_schedule_flush+0x9f/0xf0 drivers/video/fbdev/core/fb_defio.c:340 Modules linked in: CPU: 0 PID: 1 Comm: swapper/0 Not tainted 6.1.0-rc6-next-20221123-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 RIP: 0010:fb_deferred_io_schedule_flush+0x9f/0xf0 drivers/video/fbdev/core/fb_defio.c:340 Code: c1 e8 03 80 3c 30 00 75 38 48 8b 35 43 81 27 0a bf 08 00 00 00 e8 c1 05 06 fd 48 83 c4 10 5b 5d e9 66 76 34 fd e8 61 76 34 fd <0f> 0b 48 83 c4 10 5b 5d e9 54 76 34 fd e8 6f 97 82 fd e9 7a ff ff RSP: :c90672d8 EFLAGS: 00010293 RAX: RBX: 88801e2d RCX: RDX: 88814015 RSI: 844c552f RDI: 88801e2d0418 RBP: R08: 0001 R09: 9133aa47 R10: 0001 R11: 0001 R12: R13: 0008 R14: 88801e281940 R15: 00d0 FS: () GS:8880b980() knlGS: CS: 0010 DS: ES: CR0: 80050033 CR2: 88823000 CR3: 0c48e000 CR4: 003506f0 DR0: DR1: DR2: DR3: DR6: fffe0ff0 DR7: 0400 Call Trace: drm_fb_helper_damage drivers/gpu/drm/drm_fb_helper.c:602 [inline] drm_fb_helper_sys_imageblit+0x2c9/0x380 drivers/gpu/drm/drm_fb_helper.c:883 drm_fbdev_fb_imageblit+0x17d/0x260 drivers/gpu/drm/drm_fbdev_generic.c:157 soft_cursor+0x514/0xa30 drivers/video/fbdev/core/softcursor.c:74 bit_cursor+0xf13/0x17a0 drivers/video/fbdev/core/bitblit.c:377 fbcon_cursor+0x3e0/0x550 drivers/video/fbdev/core/fbcon.c:1330 hide_cursor+0x85/0x2
Re: [syzbot] inconsistent lock state in sync_info_debugfs_show
syzbot has bisected this issue to:
commit 997acaf6b4b59c6a9c259740312a69ea549cc684
Author: Mark Rutland
Date: Mon Jan 11 15:37:07 2021 +
lockdep: report broken irq restoration
bisection log: https://syzkaller.appspot.com/x/bisect.txt?x=115b350d88
start commit: 84368d882b96 Merge tag 'soc-fixes-6.1-3' of git://git.kern..
git tree: upstream
final oops: https://syzkaller.appspot.com/x/report.txt?x=135b350d88
console output: https://syzkaller.appspot.com/x/log.txt?x=155b350d88
kernel config: https://syzkaller.appspot.com/x/.config?x=6f4e5e9899396248
dashboard link: https://syzkaller.appspot.com/bug?extid=007bfe0f3330f6e1e7d1
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=164376f988
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=16cf096588
Reported-by: syzbot+007bfe0f3330f6e1e...@syzkaller.appspotmail.com
Fixes: 997acaf6b4b5 ("lockdep: report broken irq restoration")
For information about bisection process see: https://goo.gl/tpsmEJ#bisection
Re: [syzbot] inconsistent lock state in sync_info_debugfs_show
syzbot has found a reproducer for the following issue on:
HEAD commit:84368d882b96 Merge tag 'soc-fixes-6.1-3' of git://git.kern..
git tree: upstream
console+strace: https://syzkaller.appspot.com/x/log.txt?x=1670fb6588
kernel config: https://syzkaller.appspot.com/x/.config?x=6f4e5e9899396248
dashboard link: https://syzkaller.appspot.com/bug?extid=007bfe0f3330f6e1e7d1
compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for
Debian) 2.35.2
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=164376f988
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=16cf096588
Downloadable assets:
disk image:
https://storage.googleapis.com/syzbot-assets/031b6e68785d/disk-84368d88.raw.xz
vmlinux:
https://storage.googleapis.com/syzbot-assets/cff5e66b90e8/vmlinux-84368d88.xz
kernel image:
https://storage.googleapis.com/syzbot-assets/e75525784a66/bzImage-84368d88.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+007bfe0f3330f6e1e...@syzkaller.appspotmail.com
WARNING: inconsistent lock state
6.1.0-rc5-syzkaller-00144-g84368d882b96 #0 Not tainted
inconsistent {IN-HARDIRQ-W} -> {HARDIRQ-ON-W} usage.
syz-executor333/3645 [HC0[0]:SC0[0]:HE0:SE1] takes:
8d295c38 (sync_timeline_list_lock){?...}-{2:2}, at: spin_lock_irq
include/linux/spinlock.h:375 [inline]
8d295c38 (sync_timeline_list_lock){?...}-{2:2}, at:
sync_info_debugfs_show+0x31/0x200 drivers/dma-buf/sync_debug.c:147
{IN-HARDIRQ-W} state was registered at:
lock_acquire kernel/locking/lockdep.c:5668 [inline]
lock_acquire+0x1e3/0x630 kernel/locking/lockdep.c:5633
__raw_spin_lock_irqsave include/linux/spinlock_api_smp.h:110 [inline]
_raw_spin_lock_irqsave+0x3d/0x60 kernel/locking/spinlock.c:162
sync_timeline_debug_remove+0x29/0x1a0 drivers/dma-buf/sync_debug.c:31
sync_timeline_free drivers/dma-buf/sw_sync.c:104 [inline]
kref_put include/linux/kref.h:65 [inline]
sync_timeline_put drivers/dma-buf/sw_sync.c:116 [inline]
timeline_fence_release+0x267/0x340 drivers/dma-buf/sw_sync.c:144
dma_fence_release+0x14b/0x690 drivers/dma-buf/dma-fence.c:559
kref_put include/linux/kref.h:65 [inline]
dma_fence_put include/linux/dma-fence.h:276 [inline]
dma_fence_array_release+0x1fa/0x2d0 drivers/dma-buf/dma-fence-array.c:120
dma_fence_release+0x14b/0x690 drivers/dma-buf/dma-fence.c:559
kref_put include/linux/kref.h:65 [inline]
dma_fence_put include/linux/dma-fence.h:276 [inline]
irq_dma_fence_array_work+0xa9/0xd0 drivers/dma-buf/dma-fence-array.c:52
irq_work_single+0x124/0x260 kernel/irq_work.c:211
irq_work_run_list kernel/irq_work.c:242 [inline]
irq_work_run_list+0x91/0xc0 kernel/irq_work.c:225
irq_work_run+0x58/0xd0 kernel/irq_work.c:251
__sysvec_irq_work+0xce/0x4e0 arch/x86/kernel/irq_work.c:22
sysvec_irq_work+0x92/0xc0 arch/x86/kernel/irq_work.c:17
asm_sysvec_irq_work+0x1a/0x20 arch/x86/include/asm/idtentry.h:675
__raw_spin_unlock_irq include/linux/spinlock_api_smp.h:160 [inline]
_raw_spin_unlock_irq+0x29/0x50 kernel/locking/spinlock.c:202
spin_unlock_irq include/linux/spinlock.h:400 [inline]
sw_sync_debugfs_release+0x162/0x240 drivers/dma-buf/sw_sync.c:321
__fput+0x27c/0xa90 fs/file_table.c:320
task_work_run+0x16f/0x270 kernel/task_work.c:179
ptrace_notify+0x118/0x140 kernel/signal.c:2354
ptrace_report_syscall include/linux/ptrace.h:420 [inline]
ptrace_report_syscall_exit include/linux/ptrace.h:482 [inline]
syscall_exit_work kernel/entry/common.c:251 [inline]
syscall_exit_to_user_mode_prepare+0x129/0x280 kernel/entry/common.c:278
__syscall_exit_to_user_mode_work kernel/entry/common.c:283 [inline]
syscall_exit_to_user_mode+0xd/0x50 kernel/entry/common.c:296
do_syscall_64+0x46/0xb0 arch/x86/entry/common.c:86
entry_SYSCALL_64_after_hwframe+0x63/0xcd
irq event stamp: 638
hardirqs last enabled at (637): []
___slab_alloc+0xca0/0x1400 mm/slub.c:3132
hardirqs last disabled at (638): [] __raw_spin_lock_irq
include/linux/spinlock_api_smp.h:117 [inline]
hardirqs last disabled at (638): []
_raw_spin_lock_irq+0x45/0x50 kernel/locking/spinlock.c:170
softirqs last enabled at (538): [] invoke_softirq
kernel/softirq.c:445 [inline]
softirqs last enabled at (538): []
__irq_exit_rcu+0x123/0x180 kernel/softirq.c:650
softirqs last disabled at (505): [] invoke_softirq
kernel/softirq.c:445 [inline]
softirqs last disabled at (505): []
__irq_exit_rcu+0x123/0x180 kernel/softirq.c:650
other info that might help us debug this:
Possible unsafe locking scenario:
CPU0
lock(sync_timeline_list_lock);
lock(sync_timeline_list_lock);
*** DEADLOCK ***
2 locks held by syz-executor333/3645:
#0: 888021f8c8b8 (&p->lock){+.+.}-{3:3}, at: seq_read_iter+0xe3/0x1280
fs/seq_file.c:182
#1: 8d295c38 (sync_timeline_list_lock){?...}-{2:2}, at: spin_lock_irq
include/linux/spinloc
[syzbot] inconsistent lock state in mark_held_locks
Hello,
syzbot found the following issue on:
HEAD commit:e01d50cbd6ee Merge tag 'vfio-v6.1-rc6' of https://github.c..
git tree: upstream
console output: https://syzkaller.appspot.com/x/log.txt?x=145f640188
kernel config: https://syzkaller.appspot.com/x/.config?x=e9039cbe1d7613aa
dashboard link: https://syzkaller.appspot.com/bug?extid=65422ff0767f378aacfb
compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for
Debian) 2.35.2
Unfortunately, I don't have any reproducer for this issue yet.
Downloadable assets:
disk image:
https://storage.googleapis.com/syzbot-assets/43fe73693a6c/disk-e01d50cb.raw.xz
vmlinux:
https://storage.googleapis.com/syzbot-assets/35e1240adbc1/vmlinux-e01d50cb.xz
kernel image:
https://storage.googleapis.com/syzbot-assets/3b532cce5d0b/bzImage-e01d50cb.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+65422ff0767f378aa...@syzkaller.appspotmail.com
WARNING: inconsistent lock state
6.1.0-rc5-syzkaller-8-ge01d50cbd6ee #0 Not tainted
inconsistent {IN-HARDIRQ-W} -> {HARDIRQ-ON-W} usage.
syz-executor.4/7818 [HC0[0]:SC0[0]:HE0:SE1] takes:
8cb76bb8 (sync_timeline_list_lock){?...}-{2:2}, at: spin_lock_irq
include/linux/spinlock.h:375 [inline]
8cb76bb8 (sync_timeline_list_lock){?...}-{2:2}, at:
sync_info_debugfs_show+0x2d/0x200 drivers/dma-buf/sync_debug.c:147
{IN-HARDIRQ-W} state was registered at:
lock_acquire kernel/locking/lockdep.c:5668 [inline]
lock_acquire+0x1df/0x630 kernel/locking/lockdep.c:5633
__raw_spin_lock_irqsave include/linux/spinlock_api_smp.h:110 [inline]
_raw_spin_lock_irqsave+0x39/0x50 kernel/locking/spinlock.c:162
sync_timeline_debug_remove+0x25/0x190 drivers/dma-buf/sync_debug.c:31
sync_timeline_free drivers/dma-buf/sw_sync.c:104 [inline]
kref_put include/linux/kref.h:65 [inline]
sync_timeline_put drivers/dma-buf/sw_sync.c:116 [inline]
timeline_fence_release+0x263/0x340 drivers/dma-buf/sw_sync.c:144
dma_fence_release+0x147/0x680 drivers/dma-buf/dma-fence.c:559
kref_put include/linux/kref.h:65 [inline]
dma_fence_put include/linux/dma-fence.h:276 [inline]
dma_fence_array_release+0x1f6/0x2d0 drivers/dma-buf/dma-fence-array.c:120
dma_fence_release+0x147/0x680 drivers/dma-buf/dma-fence.c:559
kref_put include/linux/kref.h:65 [inline]
dma_fence_put include/linux/dma-fence.h:276 [inline]
irq_dma_fence_array_work+0xa5/0xd0 drivers/dma-buf/dma-fence-array.c:52
irq_work_single+0x120/0x250 kernel/irq_work.c:211
irq_work_run_list kernel/irq_work.c:242 [inline]
irq_work_run_list+0x91/0xc0 kernel/irq_work.c:225
irq_work_run+0x54/0xd0 kernel/irq_work.c:251
__sysvec_irq_work+0xca/0x4d0 arch/x86/kernel/irq_work.c:22
sysvec_irq_work+0x8e/0xc0 arch/x86/kernel/irq_work.c:17
asm_sysvec_irq_work+0x16/0x20 arch/x86/include/asm/idtentry.h:675
__raw_spin_unlock_irq include/linux/spinlock_api_smp.h:160 [inline]
_raw_spin_unlock_irq+0x25/0x40 kernel/locking/spinlock.c:202
spin_unlock_irq include/linux/spinlock.h:400 [inline]
sw_sync_debugfs_release+0x15e/0x230 drivers/dma-buf/sw_sync.c:321
__fput+0x27c/0xa90 fs/file_table.c:320
task_work_run+0x16b/0x270 kernel/task_work.c:179
exit_task_work include/linux/task_work.h:38 [inline]
do_exit+0xb35/0x2a20 kernel/exit.c:820
do_group_exit+0xd0/0x2a0 kernel/exit.c:950
get_signal+0x21a1/0x2430 kernel/signal.c:2858
arch_do_signal_or_restart+0x82/0x2300 arch/x86/kernel/signal.c:869
exit_to_user_mode_loop kernel/entry/common.c:168 [inline]
exit_to_user_mode_prepare+0x15f/0x250 kernel/entry/common.c:203
__syscall_exit_to_user_mode_work kernel/entry/common.c:285 [inline]
syscall_exit_to_user_mode+0x19/0x50 kernel/entry/common.c:296
ret_from_fork+0x15/0x30 arch/x86/entry/entry_64.S:299
irq event stamp: 288
hardirqs last enabled at (287): []
mod_objcg_state+0x591/0xa50 mm/memcontrol.c:3213
hardirqs last disabled at (288): [] __raw_spin_lock_irq
include/linux/spinlock_api_smp.h:117 [inline]
hardirqs last disabled at (288): []
_raw_spin_lock_irq+0x41/0x50 kernel/locking/spinlock.c:170
softirqs last enabled at (0): [] copy_process+0x2129/0x7190
kernel/fork.c:2198
softirqs last disabled at (0): [<>] 0x0
other info that might help us debug this:
Possible unsafe locking scenario:
CPU0
lock(sync_timeline_list_lock);
lock(sync_timeline_list_lock);
*** DEADLOCK ***
3 locks held by syz-executor.4/7818:
#0: 8880412b59e8 (&f->f_pos_lock){+.+.}-{3:3}, at: __fdget_pos+0xe3/0x100
fs/file.c:1037
#1: 888017a97418 (&p->lock){+.+.}-{3:3}, at: seq_read_iter+0xdf/0x1280
fs/seq_file.c:182
#2: 8cb76bb8 (sync_timeline_list_lock){?...}-{2:2}, at: spin_lock_irq
include/linux/spinlock.h:375 [inline]
#2: 8cb76bb8 (sync_timeline_list_lock){?...}-{2:2}, at:
sync_info_debugfs_show+0x2d/0x200 drivers/dma-buf/sync_de
Re: [syzbot] possible deadlock in vfs_fileattr_set
syzbot has bisected this issue to:
commit 6dd6b7643e723b4779e59c8ad97bd5db6ff3bb12
Author: Thomas Zimmermann
Date: Mon Jan 18 13:14:19 2021 +
drm/vmwgfx: Remove reference to struct drm_device.pdev
bisection log: https://syzkaller.appspot.com/x/bisect.txt?x=1418e6a588
start commit: f8f60f322f06 Add linux-next specific files for 2022
git tree: linux-next
final oops: https://syzkaller.appspot.com/x/report.txt?x=1618e6a588
console output: https://syzkaller.appspot.com/x/log.txt?x=1218e6a588
kernel config: https://syzkaller.appspot.com/x/.config?x=85ba52c07cd97289
dashboard link: https://syzkaller.appspot.com/bug?extid=abe01a74653f00aabe3e
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=138b76ae88
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=16ab1bfe88
Reported-by: syzbot+abe01a74653f00aab...@syzkaller.appspotmail.com
Fixes: 6dd6b7643e72 ("drm/vmwgfx: Remove reference to struct drm_device.pdev")
For information about bisection process see: https://goo.gl/tpsmEJ#bisection
[syzbot] inconsistent lock state in trace_hardirqs_on
Hello,
syzbot found the following issue on:
HEAD commit:bbed346d5a96 Merge branch 'for-next/core' into for-kernelci
git tree: git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git
for-kernelci
console output: https://syzkaller.appspot.com/x/log.txt?x=14c82f3988
kernel config: https://syzkaller.appspot.com/x/.config?x=3a4a45d2d827c1e
dashboard link: https://syzkaller.appspot.com/bug?extid=6d6c13e35721fb4393fd
compiler: Debian clang version
13.0.1-++20220126092033+75e33f71c2da-1~exp1~20220126212112.63, GNU ld (GNU
Binutils for Debian) 2.35.2
userspace arch: arm64
Unfortunately, I don't have any reproducer for this issue yet.
Downloadable assets:
disk image:
https://storage.googleapis.com/syzbot-assets/e8e91bc79312/disk-bbed346d.raw.xz
vmlinux:
https://storage.googleapis.com/syzbot-assets/c1cb3fb3b77e/vmlinux-bbed346d.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+6d6c13e35721fb439...@syzkaller.appspotmail.com
WARNING: inconsistent lock state
6.0.0-rc7-syzkaller-18095-gbbed346d5a96 #0 Not tainted
inconsistent {IN-HARDIRQ-W} -> {HARDIRQ-ON-W} usage.
syz-executor.4/21937 [HC0[0]:SC0[0]:HE0:SE1] takes:
8d6384c8 (sync_timeline_list_lock){?...}-{2:2}, at: spin_lock_irq
include/linux/spinlock.h:374 [inline]
8d6384c8 (sync_timeline_list_lock){?...}-{2:2}, at:
sync_info_debugfs_show+0x54/0x2dc drivers/dma-buf/sync_debug.c:147
{IN-HARDIRQ-W} state was registered at:
lock_acquire+0x100/0x1f8 kernel/locking/lockdep.c:5666
__raw_spin_lock_irqsave include/linux/spinlock_api_smp.h:110 [inline]
_raw_spin_lock_irqsave+0x6c/0xb4 kernel/locking/spinlock.c:162
sync_timeline_debug_remove+0x24/0x80 drivers/dma-buf/sync_debug.c:31
sync_timeline_free drivers/dma-buf/sw_sync.c:104 [inline]
kref_put include/linux/kref.h:65 [inline]
sync_timeline_put drivers/dma-buf/sw_sync.c:116 [inline]
timeline_fence_release+0xe0/0x15c drivers/dma-buf/sw_sync.c:144
dma_fence_release+0x70/0x11c drivers/dma-buf/dma-fence.c:549
kref_put include/linux/kref.h:65 [inline]
dma_fence_put include/linux/dma-fence.h:276 [inline]
dma_fence_array_release+0xac/0x154 drivers/dma-buf/dma-fence-array.c:120
dma_fence_release+0x70/0x11c drivers/dma-buf/dma-fence.c:549
kref_put include/linux/kref.h:65 [inline]
dma_fence_put include/linux/dma-fence.h:276 [inline]
irq_dma_fence_array_work+0x84/0x11c drivers/dma-buf/dma-fence-array.c:52
irq_work_single kernel/irq_work.c:211 [inline]
irq_work_run_list kernel/irq_work.c:242 [inline]
irq_work_run+0xc4/0x29c kernel/irq_work.c:251
do_handle_IPI arch/arm64/kernel/smp.c:899 [inline]
ipi_handler+0x120/0x1a8 arch/arm64/kernel/smp.c:922
handle_percpu_devid_irq+0xb0/0x1c8 kernel/irq/chip.c:930
generic_handle_irq_desc include/linux/irqdesc.h:158 [inline]
handle_irq_desc kernel/irq/irqdesc.c:648 [inline]
generic_handle_domain_irq+0x4c/0x6c kernel/irq/irqdesc.c:704
__gic_handle_irq drivers/irqchip/irq-gic-v3.c:695 [inline]
__gic_handle_irq_from_irqson drivers/irqchip/irq-gic-v3.c:746 [inline]
gic_handle_irq+0x78/0x1b4 drivers/irqchip/irq-gic-v3.c:790
call_on_irq_stack+0x2c/0x54 arch/arm64/kernel/entry.S:889
do_interrupt_handler+0x7c/0xc0 arch/arm64/kernel/entry-common.c:274
__el1_irq arch/arm64/kernel/entry-common.c:470 [inline]
el1_interrupt+0x34/0x68 arch/arm64/kernel/entry-common.c:485
el1h_64_irq_handler+0x18/0x24 arch/arm64/kernel/entry-common.c:490
el1h_64_irq+0x64/0x68 arch/arm64/kernel/entry.S:577
arch_local_irq_enable arch/arm64/include/asm/irqflags.h:35 [inline]
__raw_spin_unlock_irq include/linux/spinlock_api_smp.h:159 [inline]
_raw_spin_unlock_irq+0x44/0x70 kernel/locking/spinlock.c:202
spin_unlock_irq include/linux/spinlock.h:399 [inline]
sw_sync_debugfs_release+0xa8/0x158 drivers/dma-buf/sw_sync.c:321
__fput+0x198/0x3dc fs/file_table.c:320
fput+0x20/0x30 fs/file_table.c:353
task_work_run+0xc4/0x14c kernel/task_work.c:177
exit_task_work include/linux/task_work.h:38 [inline]
do_exit+0x26c/0xbe0 kernel/exit.c:795
__arm64_sys_exit_group+0x0/0x18 kernel/exit.c:925
__do_sys_exit_group kernel/exit.c:936 [inline]
__se_sys_exit_group kernel/exit.c:934 [inline]
__wake_up_parent+0x0/0x40 kernel/exit.c:934
__invoke_syscall arch/arm64/kernel/syscall.c:38 [inline]
invoke_syscall arch/arm64/kernel/syscall.c:52 [inline]
el0_svc_common+0x138/0x220 arch/arm64/kernel/syscall.c:142
do_el0_svc+0x48/0x164 arch/arm64/kernel/syscall.c:206
el0_svc+0x58/0x150 arch/arm64/kernel/entry-common.c:636
el0t_64_sync_handler+0x84/0xf0 arch/arm64/kernel/entry-common.c:654
el0t_64_sync+0x18c/0x190 arch/arm64/kernel/entry.S:581
irq event stamp: 872
hardirqs last enabled at (871): []
mod_objcg_state+0x19c/0x204 mm/memcontrol.c:3158
hardirqs last disabled at (872): [] __raw_spin_lock_irq
include/linux/spinlock_api_smp.h:117 [inline]
hardirqs las
Re: [syzbot] memory leak in drm_vma_node_allow
syzbot has found a reproducer for the following issue on: HEAD commit:f141df371335 Merge tag 'audit-pr-20221107' of git://git.ke.. git tree: upstream console output: https://syzkaller.appspot.com/x/log.txt?x=123bdcd188 kernel config: https://syzkaller.appspot.com/x/.config?x=f7ebe38e4b66a7b dashboard link: https://syzkaller.appspot.com/bug?extid=04639d98c75c52e41b8a compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2 syz repro: https://syzkaller.appspot.com/x/repro.syz?x=158ec0c188 C reproducer: https://syzkaller.appspot.com/x/repro.c?x=120cc3e188 Downloadable assets: disk image: https://storage.googleapis.com/syzbot-assets/d056ae4a8f32/disk-f141df37.raw.xz vmlinux: https://storage.googleapis.com/syzbot-assets/02fdf71b87b4/vmlinux-f141df37.xz kernel image: https://storage.googleapis.com/syzbot-assets/14078d70a64d/bzImage-f141df37.xz IMPORTANT: if you fix the issue, please add the following tag to the commit: Reported-by: syzbot+04639d98c75c52e41...@syzkaller.appspotmail.com executing program executing program executing program executing program BUG: memory leak unreferenced object 0x88810f65f0c0 (size 64): comm "syz-executor402", pid 3630, jiffies 4294948375 (age 13.410s) hex dump (first 32 bytes): 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 94 b3 05 81 88 ff ff backtrace: [] kmalloc_trace+0x20/0x90 mm/slab_common.c:1046 [] kmalloc include/linux/slab.h:576 [inline] [] drm_vma_node_allow+0x32/0x120 drivers/gpu/drm/drm_vma_manager.c:274 [] drm_gem_handle_create_tail+0x10a/0x250 drivers/gpu/drm/drm_gem.c:377 [] drm_gem_shmem_create_with_handle drivers/gpu/drm/drm_gem_shmem_helper.c:432 [inline] [] drm_gem_shmem_dumb_create+0xb9/0x200 drivers/gpu/drm/drm_gem_shmem_helper.c:534 [] drm_mode_create_dumb+0x117/0x150 drivers/gpu/drm/drm_dumb_buffers.c:96 [] drm_ioctl_kernel+0x144/0x260 drivers/gpu/drm/drm_ioctl.c:788 [] drm_ioctl+0x2ec/0x4f0 drivers/gpu/drm/drm_ioctl.c:891 [] vfs_ioctl fs/ioctl.c:51 [inline] [] __do_sys_ioctl fs/ioctl.c:870 [inline] [] __se_sys_ioctl fs/ioctl.c:856 [inline] [] __x64_sys_ioctl+0xfc/0x140 fs/ioctl.c:856 [] do_syscall_x64 arch/x86/entry/common.c:50 [inline] [] do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80 [] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[syzbot] KASAN: use-after-free Read in drm_gem_handle_delete
Hello, syzbot found the following issue on: HEAD commit:b229b6ca5abb Merge tag 'perf-tools-fixes-for-v6.1-2022-10-.. git tree: upstream console output: https://syzkaller.appspot.com/x/log.txt?x=14dddf5e88 kernel config: https://syzkaller.appspot.com/x/.config?x=a66c6c673fb555e8 dashboard link: https://syzkaller.appspot.com/bug?extid=6a195db6dbcc80732ab9 compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2 Unfortunately, I don't have any reproducer for this issue yet. Downloadable assets: disk image: https://storage.googleapis.com/syzbot-assets/7a7054f95968/disk-b229b6ca.raw.xz vmlinux: https://storage.googleapis.com/syzbot-assets/907d97ef4d30/vmlinux-b229b6ca.xz kernel image: https://storage.googleapis.com/syzbot-assets/5f5f3eb6d623/bzImage-b229b6ca.xz IMPORTANT: if you fix the issue, please add the following tag to the commit: Reported-by: syzbot+6a195db6dbcc80732...@syzkaller.appspotmail.com == BUG: KASAN: use-after-free in drm_gem_object_release_handle drivers/gpu/drm/drm_gem.c:239 [inline] BUG: KASAN: use-after-free in drm_gem_handle_delete+0x149/0x160 drivers/gpu/drm/drm_gem.c:273 Read of size 8 at addr 8880742879e8 by task syz-executor.4/5245 CPU: 0 PID: 5245 Comm: syz-executor.4 Not tainted 6.1.0-rc2-syzkaller-00105-gb229b6ca5abb #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/11/2022 Call Trace: __dump_stack lib/dump_stack.c:88 [inline] dump_stack_lvl+0xcd/0x134 lib/dump_stack.c:106 print_address_description mm/kasan/report.c:284 [inline] print_report+0x15e/0x45d mm/kasan/report.c:395 kasan_report+0xbb/0x1f0 mm/kasan/report.c:495 drm_gem_object_release_handle drivers/gpu/drm/drm_gem.c:239 [inline] drm_gem_handle_delete+0x149/0x160 drivers/gpu/drm/drm_gem.c:273 drm_mode_destroy_dumb drivers/gpu/drm/drm_dumb_buffers.c:145 [inline] drm_mode_destroy_dumb_ioctl+0xf2/0x140 drivers/gpu/drm/drm_dumb_buffers.c:153 drm_ioctl_kernel+0x27d/0x4e0 drivers/gpu/drm/drm_ioctl.c:788 drm_ioctl+0x3e2/0xa30 drivers/gpu/drm/drm_ioctl.c:891 vfs_ioctl fs/ioctl.c:51 [inline] __do_sys_ioctl fs/ioctl.c:870 [inline] __se_sys_ioctl fs/ioctl.c:856 [inline] __x64_sys_ioctl+0x193/0x200 fs/ioctl.c:856 do_syscall_x64 arch/x86/entry/common.c:50 [inline] do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80 entry_SYSCALL_64_after_hwframe+0x63/0xcd RIP: 0033:0x7f649b68b5a9 Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 RSP: 002b:7f649c434168 EFLAGS: 0246 ORIG_RAX: 0010 RAX: ffda RBX: 7f649b7ac050 RCX: 7f649b68b5a9 RDX: 2200 RSI: c00464b4 RDI: 0003 RBP: 7f649b6e67b0 R08: R09: R10: R11: 0246 R12: R13: 7f649b8cfb1f R14: 7f649c434300 R15: 00022000 Allocated by task 5186: kasan_save_stack+0x1e/0x40 mm/kasan/common.c:45 kasan_set_track+0x21/0x30 mm/kasan/common.c:52 kasan_kmalloc mm/kasan/common.c:371 [inline] kasan_kmalloc mm/kasan/common.c:330 [inline] __kasan_kmalloc+0xa1/0xb0 mm/kasan/common.c:380 kmalloc include/linux/slab.h:576 [inline] kzalloc include/linux/slab.h:712 [inline] vgem_gem_create_object+0x38/0xb0 drivers/gpu/drm/vgem/vgem_drv.c:98 __drm_gem_shmem_create+0x80/0x480 drivers/gpu/drm/drm_gem_shmem_helper.c:62 drm_gem_shmem_create drivers/gpu/drm/drm_gem_shmem_helper.c:127 [inline] drm_gem_shmem_create_with_handle drivers/gpu/drm/drm_gem_shmem_helper.c:424 [inline] drm_gem_shmem_dumb_create+0x13c/0x380 drivers/gpu/drm/drm_gem_shmem_helper.c:534 drm_mode_create_dumb+0x26c/0x2f0 drivers/gpu/drm/drm_dumb_buffers.c:96 drm_ioctl_kernel+0x27d/0x4e0 drivers/gpu/drm/drm_ioctl.c:788 drm_ioctl+0x3e2/0xa30 drivers/gpu/drm/drm_ioctl.c:891 vfs_ioctl fs/ioctl.c:51 [inline] __do_sys_ioctl fs/ioctl.c:870 [inline] __se_sys_ioctl fs/ioctl.c:856 [inline] __x64_sys_ioctl+0x193/0x200 fs/ioctl.c:856 do_syscall_x64 arch/x86/entry/common.c:50 [inline] do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80 entry_SYSCALL_64_after_hwframe+0x63/0xcd Freed by task 5186: kasan_save_stack+0x1e/0x40 mm/kasan/common.c:45 kasan_set_track+0x21/0x30 mm/kasan/common.c:52 kasan_save_free_info+0x2a/0x40 mm/kasan/generic.c:511 kasan_slab_free mm/kasan/common.c:236 [inline] kasan_slab_free+0x160/0x1c0 mm/kasan/common.c:200 kasan_slab_free include/linux/kasan.h:177 [inline] slab_free_hook mm/slub.c:1724 [inline] slab_free_freelist_hook+0x8b/0x1c0 mm/slub.c:1750 slab_free mm/slub.c:3661 [inline] __kmem_cache_free+0xab/0x3b0 mm/slub.c:3674 drm_gem_object_free drivers/gpu/drm/drm_gem.c:961 [inline] kref_put include/linux/kref.h:65 [inline] __drm_gem_object_put include/drm/drm_g
Re: [syzbot] KASAN: use-after-free Read in task_work_run (2)
syzbot has found a reproducer for the following issue on: HEAD commit:88619e77b33d net: stmmac: rk3588: Allow multiple gmac cont.. git tree: bpf console output: https://syzkaller.appspot.com/x/log.txt?x=1646d6f288 kernel config: https://syzkaller.appspot.com/x/.config?x=a66c6c673fb555e8 dashboard link: https://syzkaller.appspot.com/bug?extid=9228d6098455bb209ec8 compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2 syz repro: https://syzkaller.appspot.com/x/repro.syz?x=12bc425e88 C reproducer: https://syzkaller.appspot.com/x/repro.c?x=1126516e88 Downloadable assets: disk image: https://storage.googleapis.com/syzbot-assets/f8435d5c2c21/disk-88619e77.raw.xz vmlinux: https://storage.googleapis.com/syzbot-assets/551d8a013e81/vmlinux-88619e77.xz kernel image: https://storage.googleapis.com/syzbot-assets/7d3f5c29064d/bzImage-88619e77.xz IMPORTANT: if you fix the issue, please add the following tag to the commit: Reported-by: syzbot+9228d6098455bb209...@syzkaller.appspotmail.com == BUG: KASAN: use-after-free in task_work_run+0x1b0/0x270 kernel/task_work.c:178 Read of size 8 at addr 8880752b1c18 by task syz-executor361/3766 CPU: 0 PID: 3766 Comm: syz-executor361 Not tainted 6.1.0-rc2-syzkaller-00073-g88619e77b33d #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/11/2022 Call Trace: __dump_stack lib/dump_stack.c:88 [inline] dump_stack_lvl+0xcd/0x134 lib/dump_stack.c:106 print_address_description mm/kasan/report.c:284 [inline] print_report+0x15e/0x45d mm/kasan/report.c:395 kasan_report+0xbb/0x1f0 mm/kasan/report.c:495 task_work_run+0x1b0/0x270 kernel/task_work.c:178 exit_task_work include/linux/task_work.h:38 [inline] do_exit+0xb35/0x2a20 kernel/exit.c:820 do_group_exit+0xd0/0x2a0 kernel/exit.c:950 get_signal+0x21a1/0x2430 kernel/signal.c:2858 arch_do_signal_or_restart+0x82/0x2300 arch/x86/kernel/signal.c:869 exit_to_user_mode_loop kernel/entry/common.c:168 [inline] exit_to_user_mode_prepare+0x15f/0x250 kernel/entry/common.c:203 __syscall_exit_to_user_mode_work kernel/entry/common.c:285 [inline] syscall_exit_to_user_mode+0x19/0x50 kernel/entry/common.c:296 do_syscall_64+0x42/0xb0 arch/x86/entry/common.c:86 entry_SYSCALL_64_after_hwframe+0x63/0xcd RIP: 0033:0x7fb9f674b089 Code: Unable to access opcode bytes at 0x7fb9f674b05f. RSP: 002b:7fb9f66fb318 EFLAGS: 0246 ORIG_RAX: 00ca RAX: 0001 RBX: 7fb9f67da1a8 RCX: 7fb9f674b089 RDX: 000f4240 RSI: 0081 RDI: 7fb9f67da1ac RBP: 7fb9f67da1a0 R08: R09: R10: R11: 0246 R12: 00310400 R13: 7fff658570cf R14: 7fb9f66fb400 R15: 00022000 Allocated by task 3766: kasan_save_stack+0x1e/0x40 mm/kasan/common.c:45 kasan_set_track+0x21/0x30 mm/kasan/common.c:52 __kasan_slab_alloc+0x7e/0x80 mm/kasan/common.c:325 kasan_slab_alloc include/linux/kasan.h:201 [inline] slab_post_alloc_hook mm/slab.h:737 [inline] slab_alloc_node mm/slub.c:3398 [inline] kmem_cache_alloc_node+0x2fc/0x400 mm/slub.c:3443 perf_event_alloc.part.0+0x69/0x3bc0 kernel/events/core.c:11625 perf_event_alloc kernel/events/core.c:12174 [inline] __do_sys_perf_event_open+0x4ae/0x32d0 kernel/events/core.c:12272 do_syscall_x64 arch/x86/entry/common.c:50 [inline] do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80 entry_SYSCALL_64_after_hwframe+0x63/0xcd Freed by task 0: kasan_save_stack+0x1e/0x40 mm/kasan/common.c:45 kasan_set_track+0x21/0x30 mm/kasan/common.c:52 kasan_save_free_info+0x2a/0x40 mm/kasan/generic.c:511 kasan_slab_free mm/kasan/common.c:236 [inline] kasan_slab_free+0x160/0x1c0 mm/kasan/common.c:200 kasan_slab_free include/linux/kasan.h:177 [inline] slab_free_hook mm/slub.c:1724 [inline] slab_free_freelist_hook+0x8b/0x1c0 mm/slub.c:1750 slab_free mm/slub.c:3661 [inline] kmem_cache_free+0xea/0x5b0 mm/slub.c:3683 rcu_do_batch kernel/rcu/tree.c:2250 [inline] rcu_core+0x81f/0x1980 kernel/rcu/tree.c:2510 __do_softirq+0x1f7/0xad8 kernel/softirq.c:571 Last potentially related work creation: kasan_save_stack+0x1e/0x40 mm/kasan/common.c:45 __kasan_record_aux_stack+0xbc/0xd0 mm/kasan/generic.c:481 call_rcu+0x99/0x820 kernel/rcu/tree.c:2798 put_event kernel/events/core.c:5095 [inline] perf_event_release_kernel+0x6f2/0x940 kernel/events/core.c:5210 perf_release+0x33/0x40 kernel/events/core.c:5220 __fput+0x27c/0xa90 fs/file_table.c:320 task_work_run+0x16b/0x270 kernel/task_work.c:179 resume_user_mode_work include/linux/resume_user_mode.h:49 [inline] exit_to_user_mode_loop kernel/entry/common.c:171 [inline] exit_to_user_mode_prepare+0x23c/0x250 kernel/entry/common.c:203 __syscall_exit_to_user_mode_work kernel/entry/common.c:285 [inline] syscall_exit_to_user_mode+0x19/0x50 kernel/entry/common.c:296 do_syscall_64+0x42/0xb0 arch/x86
[syzbot] WARNING: locking bug in complete_all (2)
Hello, syzbot found the following issue on: HEAD commit:bbed346d5a96 Merge branch 'for-next/core' into for-kernelci git tree: git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci console output: https://syzkaller.appspot.com/x/log.txt?x=13b7a1b888 kernel config: https://syzkaller.appspot.com/x/.config?x=aae2d21e7dd80684 dashboard link: https://syzkaller.appspot.com/bug?extid=89f4560b096bdbf2cd4b compiler: Debian clang version 13.0.1-++20220126092033+75e33f71c2da-1~exp1~20220126212112.63, GNU ld (GNU Binutils for Debian) 2.35.2 userspace arch: arm64 Unfortunately, I don't have any reproducer for this issue yet. Downloadable assets: disk image: https://storage.googleapis.com/syzbot-assets/11078f50b80b/disk-bbed346d.raw.xz vmlinux: https://storage.googleapis.com/syzbot-assets/398e5f1e6c84/vmlinux-bbed346d.xz IMPORTANT: if you fix the issue, please add the following tag to the commit: Reported-by: syzbot+89f4560b096bdbf2c...@syzkaller.appspotmail.com [ cut here ] DEBUG_LOCKS_WARN_ON(1) WARNING: CPU: 1 PID: 976 at kernel/locking/lockdep.c:231 check_wait_context kernel/locking/lockdep.c:4727 [inline] WARNING: CPU: 1 PID: 976 at kernel/locking/lockdep.c:231 __lock_acquire+0x2b0/0x30a4 kernel/locking/lockdep.c:5003 Modules linked in: CPU: 1 PID: 976 Comm: kworker/u4:3 Not tainted 6.0.0-rc7-syzkaller-18095-gbbed346d5a96 #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/26/2022 Workqueue: bat_events batadv_nc_worker pstate: 604000c5 (nZCv daIF +PAN -UAO -TCO -DIT -SSBS BTYPE=--) pc : check_wait_context kernel/locking/lockdep.c:4727 [inline] pc : __lock_acquire+0x2b0/0x30a4 kernel/locking/lockdep.c:5003 lr : hlock_class kernel/locking/lockdep.c:231 [inline] lr : check_wait_context kernel/locking/lockdep.c:4727 [inline] lr : __lock_acquire+0x298/0x30a4 kernel/locking/lockdep.c:5003 sp : 8800ba20 x29: 8800bb00 x28: 0004 x27: c6431b20 x26: fc9faa30 x25: c6432550 x24: 0080 x23: x22: 0001 x21: x20: x19: aaab27e894723d1c x18: ba7e x17: 8001f1d7d000 x16: 8db49158 x15: c6431a80 x14: x13: 0012 x12: 8d5ef920 x11: ff80881c0d5c x10: 8dd0b198 x9 : 68ac72b3ffb08100 x8 : x7 : 4e5241575f534b43 x6 : 8819545c x5 : x4 : 0001 x3 : x2 : x1 : 000100010003 x0 : 0016 Call trace: check_wait_context kernel/locking/lockdep.c:4727 [inline] __lock_acquire+0x2b0/0x30a4 kernel/locking/lockdep.c:5003 lock_acquire+0x100/0x1f8 kernel/locking/lockdep.c:5666 __raw_spin_lock_irqsave include/linux/spinlock_api_smp.h:110 [inline] _raw_spin_lock_irqsave+0x6c/0xb4 kernel/locking/spinlock.c:162 complete_all+0x24/0xa0 kernel/sched/completion.c:63 drm_send_event_helper+0x50/0x228 drivers/gpu/drm/drm_file.c:783 drm_send_event_timestamp_locked+0x34/0x48 drivers/gpu/drm/drm_file.c:827 send_vblank_event drivers/gpu/drm/drm_vblank.c:1016 [inline] drm_handle_vblank_events+0x258/0x334 drivers/gpu/drm/drm_vblank.c:1914 drm_handle_vblank+0x188/0x310 drivers/gpu/drm/drm_vblank.c:1975 drm_crtc_handle_vblank+0x24/0x38 drivers/gpu/drm/drm_vblank.c:2009 vkms_vblank_simulate+0x84/0x1b4 drivers/gpu/drm/vkms/vkms_crtc.c:29 __run_hrtimer kernel/time/hrtimer.c:1685 [inline] __hrtimer_run_queues+0x210/0x390 kernel/time/hrtimer.c:1749 hrtimer_interrupt+0x12c/0x510 kernel/time/hrtimer.c:1811 timer_handler drivers/clocksource/arm_arch_timer.c:653 [inline] arch_timer_handler_virt+0x58/0x6c drivers/clocksource/arm_arch_timer.c:664 handle_percpu_devid_irq+0xb0/0x1c8 kernel/irq/chip.c:930 generic_handle_irq_desc include/linux/irqdesc.h:158 [inline] handle_irq_desc kernel/irq/irqdesc.c:648 [inline] generic_handle_domain_irq+0x4c/0x6c kernel/irq/irqdesc.c:704 gic_handle_irq+0x78/0x1b4 drivers/irqchip/irq-gic.c:359 call_on_irq_stack+0x2c/0x54 arch/arm64/kernel/entry.S:889 do_interrupt_handler+0x7c/0xc0 arch/arm64/kernel/entry-common.c:274 __el1_irq arch/arm64/kernel/entry-common.c:470 [inline] el1_interrupt+0x34/0x68 arch/arm64/kernel/entry-common.c:485 el1h_64_irq_handler+0x18/0x24 arch/arm64/kernel/entry-common.c:490 el1h_64_irq+0x64/0x68 arch/arm64/kernel/entry.S:577 arch_local_irq_enable arch/arm64/include/asm/irqflags.h:35 [inline] __local_bh_enable_ip+0x144/0x1a4 kernel/softirq.c:401 __raw_spin_unlock_bh include/linux/spinlock_api_smp.h:167 [inline] _raw_spin_unlock_bh+0x48/0x58 kernel/locking/spinlock.c:210 spin_unlock_bh include/linux/spinlock.h:394 [inline] batadv_nc_purge_paths+0x1d0/0x214 net/batman-adv/network-coding.c:471 batadv_nc_worker+0x394/0x484 net/batman-adv/network-coding.c:720 process_one_work+0x2d8/0x504 kernel/workqueue.c:2289 worker_thread+0x340/0x610 kernel/workqueue.c:2436 kthread+0x1
[syzbot] WARNING: refcount bug in drm_gem_object_handle_put_unlocked
Hello, syzbot found the following issue on: HEAD commit:a41a877bc12d Merge branch 'for-next/fixes' into for-kernelci git tree: git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci console output: https://syzkaller.appspot.com/x/log.txt?x=17ae17bd08 kernel config: https://syzkaller.appspot.com/x/.config?x=5cea15779c42821c dashboard link: https://syzkaller.appspot.com/bug?extid=c512687fff9d22327436 compiler: Debian clang version 13.0.1-++20220126092033+75e33f71c2da-1~exp1~20220126212112.63, GNU ld (GNU Binutils for Debian) 2.35.2 userspace arch: arm64 syz repro: https://syzkaller.appspot.com/x/repro.syz?x=10e8fee508 C reproducer: https://syzkaller.appspot.com/x/repro.c?x=16b6bf1308 IMPORTANT: if you fix the issue, please add the following tag to the commit: Reported-by: syzbot+c512687fff9d22327...@syzkaller.appspotmail.com [ cut here ] refcount_t: underflow; use-after-free. WARNING: CPU: 0 PID: 3029 at lib/refcount.c:28 refcount_warn_saturate+0x1a0/0x1c8 lib/refcount.c:28 Modules linked in: CPU: 0 PID: 3029 Comm: syz-executor717 Not tainted 6.0.0-rc2-syzkaller-16455-ga41a877bc12d #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/22/2022 pstate: 6045 (nZCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--) pc : refcount_warn_saturate+0x1a0/0x1c8 lib/refcount.c:28 lr : refcount_warn_saturate+0x1a0/0x1c8 lib/refcount.c:28 sp : 80001200baa0 x29: 80001200baa0 x28: 000a201d x27: 2000 x26: dead0100 x25: x24: 0001 x23: 0001 x22: x21: x20: 0003 x19: 8d937000 x18: 00c0 x17: 8dd7a698 x16: 8dbb8658 x15: c10a4f80 x14: x13: x12: c10a4f80 x11: ff80881c39dc x10: x9 : 9016e5cf66052a00 x8 : 9016e5cf66052a00 x7 : 88197c8c x6 : x5 : 0080 x4 : 0001 x3 : x2 : x1 : 0001 x0 : 0026 Call trace: refcount_warn_saturate+0x1a0/0x1c8 lib/refcount.c:28 __refcount_sub_and_test include/linux/refcount.h:283 [inline] __refcount_dec_and_test include/linux/refcount.h:315 [inline] refcount_dec_and_test include/linux/refcount.h:333 [inline] kref_put include/linux/kref.h:64 [inline] __drm_gem_object_put include/drm/drm_gem.h:381 [inline] drm_gem_object_put include/drm/drm_gem.h:394 [inline] drm_gem_object_handle_put_unlocked+0x178/0x190 drivers/gpu/drm/drm_gem.c:240 drm_gem_object_release_handle+0x90/0xa8 drivers/gpu/drm/drm_gem.c:259 idr_for_each+0xf0/0x174 lib/idr.c:208 drm_gem_release+0x30/0x48 drivers/gpu/drm/drm_gem.c:932 drm_file_free+0x220/0x2cc drivers/gpu/drm/drm_file.c:281 drm_close_helper drivers/gpu/drm/drm_file.c:308 [inline] drm_release+0x108/0x22c drivers/gpu/drm/drm_file.c:495 __fput+0x198/0x3bc fs/file_table.c:320 fput+0x20/0x30 fs/file_table.c:353 task_work_run+0xc4/0x208 kernel/task_work.c:177 exit_task_work include/linux/task_work.h:38 [inline] do_exit+0x26c/0xbb8 kernel/exit.c:795 do_group_exit+0x60/0xe8 kernel/exit.c:925 __do_sys_exit_group kernel/exit.c:936 [inline] __se_sys_exit_group kernel/exit.c:934 [inline] __wake_up_parent+0x0/0x40 kernel/exit.c:934 __invoke_syscall arch/arm64/kernel/syscall.c:38 [inline] invoke_syscall arch/arm64/kernel/syscall.c:52 [inline] el0_svc_common+0x138/0x220 arch/arm64/kernel/syscall.c:142 do_el0_svc+0x48/0x154 arch/arm64/kernel/syscall.c:206 el0_svc+0x58/0x150 arch/arm64/kernel/entry-common.c:624 el0t_64_sync_handler+0x84/0xf0 arch/arm64/kernel/entry-common.c:642 el0t_64_sync+0x18c/0x190 irq event stamp: 12698 hardirqs last enabled at (12697): [] __up_console_sem+0xb0/0xfc kernel/printk/printk.c:264 hardirqs last disabled at (12698): [] el1_dbg+0x24/0x5c arch/arm64/kernel/entry-common.c:395 softirqs last enabled at (12442): [] _stext+0x2e4/0x37c softirqs last disabled at (12417): [] do_softirq_own_stack include/asm-generic/softirq_stack.h:10 [inline] softirqs last disabled at (12417): [] invoke_softirq+0x70/0xbc kernel/softirq.c:452 ---[ end trace ]--- --- This report is generated by a bot. It may contain errors. See https://goo.gl/tpsmEJ for more information about syzbot. syzbot engineers can be reached at syzkal...@googlegroups.com. syzbot will keep track of this issue. See: https://goo.gl/tpsmEJ#status for how to communicate with syzbot. syzbot can test patches for this issue, for details see: https://goo.gl/tpsmEJ#testing-patches
[syzbot] KASAN: use-after-free Read in udl_get_urb_timeout
Hello,
syzbot found the following issue on:
HEAD commit:5b6a4bf680d6 Add linux-next specific files for 20220818
git tree: linux-next
console+strace: https://syzkaller.appspot.com/x/log.txt?x=12341a3d08
kernel config: https://syzkaller.appspot.com/x/.config?x=ead6107a3bbe3c62
dashboard link: https://syzkaller.appspot.com/bug?extid=f24934fe125a19d77eae
compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for
Debian) 2.35.2
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=1273186708
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=165b64f308
The issue was bisected to:
commit e25d5954264d1871ab2792c7ca2298b811462500
Author: Takashi Iwai
Date: Thu Aug 4 07:58:25 2022 +
drm/udl: Kill pending URBs at suspend and disconnect
bisection log: https://syzkaller.appspot.com/x/bisect.txt?x=1393a8eb08
final oops: https://syzkaller.appspot.com/x/report.txt?x=1053a8eb08
console output: https://syzkaller.appspot.com/x/log.txt?x=1793a8eb08
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+f24934fe125a19d77...@syzkaller.appspotmail.com
Fixes: e25d5954264d ("drm/udl: Kill pending URBs at suspend and disconnect")
[drm:udl_init.cold] *ERROR* Unrecognized vendor firmware descriptor
[drm:udl_init] *ERROR* Selecting channel failed
[drm] Initialized udl 0.0.1 20120220 for 1-1:0.0 on minor 2
[drm] Initialized udl on minor 2
[drm:udl_get_edid_block] *ERROR* Read EDID byte 0 failed err ffb9
udl 1-1:0.0: [drm] Cannot find any crtc or sizes
usb 1-1: USB disconnect, device number 2
==
BUG: KASAN: use-after-free in __list_add_valid+0x93/0xb0 lib/list_debug.c:27
Read of size 8 at addr 8880756fce88 by task kworker/0:2/146
CPU: 0 PID: 146 Comm: kworker/0:2 Not tainted 6.0.0-rc1-next-20220818-syzkaller
#0
kworker/0:2[146] cmdline: ��a�
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google
07/22/2022
Workqueue: usb_hub_wq hub_event
Call Trace:
__dump_stack lib/dump_stack.c:122 [inline]
dump_stack_lvl+0xcd/0x134 lib/dump_stack.c:140
print_address_description mm/kasan/report.c:317 [inline]
print_report.cold+0x2ba/0x719 mm/kasan/report.c:433
kasan_report+0xb1/0x1e0 mm/kasan/report.c:495
__list_add_valid+0x93/0xb0 lib/list_debug.c:27
__list_add include/linux/list.h:69 [inline]
list_add include/linux/list.h:88 [inline]
list_move include/linux/list.h:218 [inline]
udl_get_urb_timeout+0x20e/0x550 drivers/gpu/drm/udl/udl_main.c:250
udl_free_urb_list+0x15f/0x250 drivers/gpu/drm/udl/udl_main.c:156
udl_drop_usb+0xd0/0x160 drivers/gpu/drm/udl/udl_main.c:358
udl_usb_disconnect+0x3f/0x50 drivers/gpu/drm/udl/udl_drv.c:114
usb_unbind_interface+0x1d8/0x8e0 drivers/usb/core/driver.c:458
device_remove drivers/base/dd.c:520 [inline]
device_remove+0x11f/0x170 drivers/base/dd.c:512
__device_release_driver drivers/base/dd.c:1209 [inline]
device_release_driver_internal+0x4a1/0x700 drivers/base/dd.c:1235
bus_remove_device+0x2e3/0x590 drivers/base/bus.c:529
device_del+0x4f3/0xc80 drivers/base/core.c:3704
usb_disable_device+0x356/0x7a0 drivers/usb/core/message.c:1419
usb_disconnect.cold+0x259/0x6ed drivers/usb/core/hub.c:2235
hub_port_connect drivers/usb/core/hub.c:5197 [inline]
hub_port_connect_change drivers/usb/core/hub.c:5497 [inline]
port_event drivers/usb/core/hub.c:5653 [inline]
hub_event+0x1f86/0x4610 drivers/usb/core/hub.c:5735
process_one_work+0x991/0x1610 kernel/workqueue.c:2289
process_scheduled_works kernel/workqueue.c:2352 [inline]
worker_thread+0x854/0x1080 kernel/workqueue.c:2438
kthread+0x2e4/0x3a0 kernel/kthread.c:376
ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:306
Allocated by task 146:
kasan_save_stack+0x1e/0x40 mm/kasan/common.c:38
kasan_set_track mm/kasan/common.c:45 [inline]
set_alloc_info mm/kasan/common.c:437 [inline]
kasan_kmalloc mm/kasan/common.c:516 [inline]
kasan_kmalloc mm/kasan/common.c:475 [inline]
__kasan_kmalloc+0xa9/0xd0 mm/kasan/common.c:525
kmalloc include/linux/slab.h:606 [inline]
kzalloc include/linux/slab.h:739 [inline]
udl_alloc_urb_list drivers/gpu/drm/udl/udl_main.c:190 [inline]
udl_init+0x736/0xc80 drivers/gpu/drm/udl/udl_main.c:331
udl_driver_create drivers/gpu/drm/udl/udl_drv.c:79 [inline]
udl_usb_probe+0x4f/0x100 drivers/gpu/drm/udl/udl_drv.c:94
usb_probe_interface+0x30b/0x7f0 drivers/usb/core/driver.c:396
call_driver_probe drivers/base/dd.c:530 [inline]
really_probe+0x249/0xb90 drivers/base/dd.c:609
__driver_probe_device+0x1df/0x4d0 drivers/base/dd.c:748
driver_probe_device+0x4c/0x1a0 drivers/base/dd.c:778
__device_attach_driver+0x206/0x2e0 drivers/base/dd.c:901
bus_for_each_drv+0x15f/0x1e0 drivers/base/bus.c:427
__device_attach+0x1e4/0x530 drivers/base/dd.c:973
bus_probe_device+0x1e4/0x290 drivers/base/bus.c:487
device_add+0xbd5/0x1e90 drivers/base/core.c:3517
usb_set_configuration+0x1
[syzbot] general protection fault in release_udmabuf
Hello, syzbot found the following issue on: HEAD commit:7ebfc85e2cd7 Merge tag 'net-6.0-rc1' of git://git.kernel.o.. git tree: upstream console+strace: https://syzkaller.appspot.com/x/log.txt?x=1331f44708 kernel config: https://syzkaller.appspot.com/x/.config?x=924833c12349a8c0 dashboard link: https://syzkaller.appspot.com/bug?extid=c80e9ef5d8bb45894db0 compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2 syz repro: https://syzkaller.appspot.com/x/repro.syz?x=1601336b08 C reproducer: https://syzkaller.appspot.com/x/repro.c?x=16d3292d08 Bisection is inconclusive: the issue happens on the oldest tested release. bisection log: https://syzkaller.appspot.com/x/bisect.txt?x=16e01a3d08 final oops: https://syzkaller.appspot.com/x/report.txt?x=15e01a3d08 console output: https://syzkaller.appspot.com/x/log.txt?x=11e01a3d08 IMPORTANT: if you fix the issue, please add the following tag to the commit: Reported-by: syzbot+c80e9ef5d8bb45894...@syzkaller.appspotmail.com general protection fault, probably for non-canonical address 0xdc00: [#1] PREEMPT SMP KASAN KASAN: null-ptr-deref in range [0x-0x0007] CPU: 0 PID: 3609 Comm: syz-executor487 Not tainted 5.19.0-syzkaller-13930-g7ebfc85e2cd7 #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/22/2022 RIP: 0010:dma_unmap_sgtable include/linux/dma-mapping.h:378 [inline] RIP: 0010:put_sg_table drivers/dma-buf/udmabuf.c:89 [inline] RIP: 0010:release_udmabuf+0xcb/0x4f0 drivers/dma-buf/udmabuf.c:114 Code: 48 89 fa 48 c1 ea 03 80 3c 02 00 0f 85 2b 04 00 00 48 8d 7d 0c 4c 8b 63 30 48 b8 00 00 00 00 00 fc ff df 48 89 fa 48 c1 ea 03 <0f> b6 14 02 48 89 f8 83 e0 07 83 c0 03 38 d0 7c 08 84 d2 0f 85 e2 RSP: 0018:c900037efd30 EFLAGS: 00010246 RAX: dc00 RBX: 8cb67800 RCX: RDX: RSI: 84ad27e0 RDI: RBP: fff4 R08: 0005 R09: R10: R11: 0008c07c R12: 88801fa05000 R13: 888073db07e8 R14: 888025c25440 R15: FS: 55fc4300() GS:8880b9a0() knlGS: CS: 0010 DS: ES: CR0: 80050033 CR2: 7fc1c0ce06e4 CR3: 715e6000 CR4: 003506f0 DR0: DR1: DR2: DR3: DR6: fffe0ff0 DR7: 0400 Call Trace: dma_buf_release+0x157/0x2d0 drivers/dma-buf/dma-buf.c:78 __dentry_kill+0x42b/0x640 fs/dcache.c:612 dentry_kill fs/dcache.c:733 [inline] dput+0x806/0xdb0 fs/dcache.c:913 __fput+0x39c/0x9d0 fs/file_table.c:333 task_work_run+0xdd/0x1a0 kernel/task_work.c:177 ptrace_notify+0x114/0x140 kernel/signal.c:2353 ptrace_report_syscall include/linux/ptrace.h:420 [inline] ptrace_report_syscall_exit include/linux/ptrace.h:482 [inline] syscall_exit_work kernel/entry/common.c:249 [inline] syscall_exit_to_user_mode_prepare+0x129/0x280 kernel/entry/common.c:276 __syscall_exit_to_user_mode_work kernel/entry/common.c:281 [inline] syscall_exit_to_user_mode+0x9/0x50 kernel/entry/common.c:294 do_syscall_64+0x42/0xb0 arch/x86/entry/common.c:86 entry_SYSCALL_64_after_hwframe+0x63/0xcd RIP: 0033:0x7fc1c0c35b6b Code: 0f 05 48 3d 00 f0 ff ff 77 45 c3 0f 1f 40 00 48 83 ec 18 89 7c 24 0c e8 63 fc ff ff 8b 7c 24 0c 41 89 c0 b8 03 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 35 44 89 c7 89 44 24 0c e8 a1 fc ff ff 8b 44 RSP: 002b:7ffd78a06090 EFLAGS: 0293 ORIG_RAX: 0003 RAX: RBX: 0007 RCX: 7fc1c0c35b6b RDX: 2280 RSI: 40086200 RDI: 0006 RBP: 0007 R08: R09: R10: R11: 0293 R12: 000c R13: 0003 R14: 7fc1c0cfe4a0 R15: 7ffd78a06140 Modules linked in: ---[ end trace ]--- RIP: 0010:dma_unmap_sgtable include/linux/dma-mapping.h:378 [inline] RIP: 0010:put_sg_table drivers/dma-buf/udmabuf.c:89 [inline] RIP: 0010:release_udmabuf+0xcb/0x4f0 drivers/dma-buf/udmabuf.c:114 Code: 48 89 fa 48 c1 ea 03 80 3c 02 00 0f 85 2b 04 00 00 48 8d 7d 0c 4c 8b 63 30 48 b8 00 00 00 00 00 fc ff df 48 89 fa 48 c1 ea 03 <0f> b6 14 02 48 89 f8 83 e0 07 83 c0 03 38 d0 7c 08 84 d2 0f 85 e2 RSP: 0018:c900037efd30 EFLAGS: 00010246 RAX: dc00 RBX: 8cb67800 RCX: RDX: RSI: 84ad27e0 RDI: RBP: fff4 R08: 0005 R09: R10: R11: 0008c07c R12: 88801fa05000 R13: 888073db07e8 R14: 888025c25440 R15: FS: 55fc4300() GS:8880b9b0() knlGS: CS: 0010 DS: ES: CR0: 80050033 CR2: 564b46eeb2c8 CR3: 715e60
[syzbot] general protection fault in drm_gem_object_handle_put_unlocked
Hello, syzbot found the following issue on: HEAD commit:7ebfc85e2cd7 Merge tag 'net-6.0-rc1' of git://git.kernel.o.. git tree: upstream console output: https://syzkaller.appspot.com/x/log.txt?x=143d292d08 kernel config: https://syzkaller.appspot.com/x/.config?x=924833c12349a8c0 dashboard link: https://syzkaller.appspot.com/bug?extid=87b9744712425638eaae compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2 Unfortunately, I don't have any reproducer for this issue yet. IMPORTANT: if you fix the issue, please add the following tag to the commit: Reported-by: syzbot+87b9744712425638e...@syzkaller.appspotmail.com general protection fault, probably for non-canonical address 0xf0cffc45c56c: [#1] PREEMPT SMP KASAN KASAN: maybe wild-memory-access in range [0x8680022e2b60-0x8680022e2b67] CPU: 1 PID: 7930 Comm: syz-executor.2 Not tainted 5.19.0-syzkaller-13930-g7ebfc85e2cd7 #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/22/2022 RIP: 0010:__mutex_lock_common kernel/locking/mutex.c:582 [inline] RIP: 0010:__mutex_lock+0xec/0x1350 kernel/locking/mutex.c:747 Code: d0 7c 08 84 d2 0f 85 58 0f 00 00 8b 15 cd e2 99 07 85 d2 75 29 48 8d 7d 60 48 b8 00 00 00 00 00 fc ff df 48 89 fa 48 c1 ea 03 <80> 3c 02 00 0f 85 40 0f 00 00 48 3b 6d 60 0f 85 a5 08 00 00 bf 01 RSP: 0018:c90002dbfac8 EFLAGS: 00010217 RAX: dc00 RBX: RCX: 0001 RDX: 10d00045c56c RSI: RDI: 8680022e2b65 RBP: 8680022e2b05 R08: 846dcdd0 R09: R10: 8880 R11: 0008c07c R12: R13: dc00 R14: 8880 R15: 888020f75004 FS: 5631e400() GS:8880b9b0() knlGS: CS: 0010 DS: ES: CR0: 80050033 CR2: 001b2f322000 CR3: 1cdc5000 CR4: 00350ee0 Call Trace: drm_gem_object_handle_put_unlocked+0x90/0x390 drivers/gpu/drm/drm_gem.c:231 drm_gem_object_release_handle+0xe3/0x110 drivers/gpu/drm/drm_gem.c:259 idr_for_each+0x113/0x220 lib/idr.c:208 drm_gem_release+0x22/0x30 drivers/gpu/drm/drm_gem.c:932 drm_file_free.part.0+0x805/0xb80 drivers/gpu/drm/drm_file.c:281 drm_file_free drivers/gpu/drm/drm_file.c:248 [inline] drm_close_helper.isra.0+0x17d/0x1f0 drivers/gpu/drm/drm_file.c:308 drm_release+0x1e6/0x530 drivers/gpu/drm/drm_file.c:495 __fput+0x277/0x9d0 fs/file_table.c:320 task_work_run+0xdd/0x1a0 kernel/task_work.c:177 resume_user_mode_work include/linux/resume_user_mode.h:49 [inline] exit_to_user_mode_loop kernel/entry/common.c:169 [inline] exit_to_user_mode_prepare+0x23c/0x250 kernel/entry/common.c:201 __syscall_exit_to_user_mode_work kernel/entry/common.c:283 [inline] syscall_exit_to_user_mode+0x19/0x50 kernel/entry/common.c:294 do_syscall_64+0x42/0xb0 arch/x86/entry/common.c:86 entry_SYSCALL_64_after_hwframe+0x63/0xcd RIP: 0033:0x7f0de2a3bebb Code: 0f 05 48 3d 00 f0 ff ff 77 45 c3 0f 1f 40 00 48 83 ec 18 89 7c 24 0c e8 63 fc ff ff 8b 7c 24 0c 41 89 c0 b8 03 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 35 44 89 c7 89 44 24 0c e8 a1 fc ff ff 8b 44 RSP: 002b:7ffe90db73b0 EFLAGS: 0293 ORIG_RAX: 0003 RAX: RBX: 0004 RCX: 7f0de2a3bebb RDX: 7f0de2ba0288 RSI: RDI: 0003 RBP: 7f0de2b9d980 R08: R09: 7f0de2ba0290 R10: 7ffe90db74b0 R11: 0293 R12: 00058518 R13: 7ffe90db74b0 R14: 7f0de2b9bf80 R15: 0032 Modules linked in: ---[ end trace ]--- RIP: 0010:__mutex_lock_common kernel/locking/mutex.c:582 [inline] RIP: 0010:__mutex_lock+0xec/0x1350 kernel/locking/mutex.c:747 Code: d0 7c 08 84 d2 0f 85 58 0f 00 00 8b 15 cd e2 99 07 85 d2 75 29 48 8d 7d 60 48 b8 00 00 00 00 00 fc ff df 48 89 fa 48 c1 ea 03 <80> 3c 02 00 0f 85 40 0f 00 00 48 3b 6d 60 0f 85 a5 08 00 00 bf 01 RSP: 0018:c90002dbfac8 EFLAGS: 00010217 RAX: dc00 RBX: RCX: 0001 RDX: 10d00045c56c RSI: RDI: 8680022e2b65 RBP: 8680022e2b05 R08: 846dcdd0 R09: R10: 8880 R11: 0008c07c R12: R13: dc00 R14: 8880 R15: 888020f75004 FS: 5631e400() GS:8880b9b0() knlGS: CS: 0010 DS: ES: CR0: 80050033 CR2: 7f1f7d27af80 CR3: 1cdc5000 CR4: 00350ee0 Code disassembly (best guess): 0: d0 7c 08 84 sarb -0x7c(%rax,%rcx,1) 4: d2 0f rorb %cl,(%rdi) 6: 85 58 0ftest %ebx,0xf(%rax) 9: 00 00 add%al,(%rax) b: 8b 15 cd e2 99 07 mov0x799e2cd(%rip),%edx# 0x799e2de 11: 85 d2 test %edx,%edx 13: 75 29
Re: [syzbot] BUG: unable to handle kernel paging request in bitfill_aligned (3)
syzbot has found a reproducer for the following issue on: HEAD commit:7ebfc85e2cd7 Merge tag 'net-6.0-rc1' of git://git.kernel.o.. git tree: upstream console+strace: https://syzkaller.appspot.com/x/log.txt?x=179c3aa508 kernel config: https://syzkaller.appspot.com/x/.config?x=20bc0b329895d963 dashboard link: https://syzkaller.appspot.com/bug?extid=a168dbeaaa7778273c1b compiler: Debian clang version 13.0.1-++20220126092033+75e33f71c2da-1~exp1~20220126212112.63, GNU ld (GNU Binutils for Debian) 2.35.2 syz repro: https://syzkaller.appspot.com/x/repro.syz?x=16e0ef4b08 C reproducer: https://syzkaller.appspot.com/x/repro.c?x=11a1183d08 IMPORTANT: if you fix the issue, please add the following tag to the commit: Reported-by: syzbot+a168dbeaaa7778273...@syzkaller.appspotmail.com BUG: unable to handle page fault for address: c900043a1000 #PF: supervisor write access in kernel mode #PF: error_code(0x0002) - not-present page PGD 1267 P4D 1267 PUD 121c9067 PMD 14733a067 PTE 0 Oops: 0002 [#1] PREEMPT SMP KASAN CPU: 1 PID: 3633 Comm: syz-executor339 Not tainted 5.19.0-syzkaller-13930-g7ebfc85e2cd7 #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/22/2022 RIP: 0010:memset64 arch/x86/include/asm/string_64.h:49 [inline] RIP: 0010:memset_l include/linux/string.h:128 [inline] RIP: 0010:bitfill_aligned+0x1ad/0x270 drivers/video/fbdev/core/sysfillrect.c:53 Code: 08 49 31 ef eb 66 e8 52 38 03 fd 45 89 e6 4c 8b 64 24 10 44 89 f0 31 d2 f7 f3 89 c3 48 8b 6c 24 08 48 89 e8 4c 89 e7 48 89 d9 48 ab 31 ff 44 89 ee e8 46 3c 03 fd 4d 85 ed 74 5f 4d 8d 24 dc RSP: 0018:c90003a6f7e8 EFLAGS: 00010246 RAX: RBX: 0ffc RCX: 01fc RDX: RSI: RDI: c900043a1000 RBP: R08: 848659ae R09: 0040 R10: 0002 R11: 888021ffd880 R12: c9000439a000 R13: R14: 0003ff00 R15: FS: 56df7300() GS:8880b9b0() knlGS: CS: 0010 DS: ES: CR0: 80050033 CR2: c900043a1000 CR3: 72ba CR4: 003506e0 DR0: DR1: DR2: DR3: DR6: fffe0ff0 DR7: 0400 Call Trace: sys_fillrect+0x5ce/0x7f0 drivers/video/fbdev/core/sysfillrect.c:281 drm_fb_helper_sys_fillrect drivers/gpu/drm/drm_fb_helper.c:807 [inline] drm_fbdev_fb_fillrect+0x163/0x300 drivers/gpu/drm/drm_fb_helper.c:2322 bit_clear_margins+0x3f1/0x6e0 drivers/video/fbdev/core/bitblit.c:232 fbcon_clear_margins drivers/video/fbdev/core/fbcon.c:1306 [inline] fbcon_do_set_font+0xd7c/0x1330 drivers/video/fbdev/core/fbcon.c:2431 fbcon_set_font+0xc29/0xf70 drivers/video/fbdev/core/fbcon.c:2519 con_font_set drivers/tty/vt/vt.c:4666 [inline] con_font_op+0xbe8/0x1070 drivers/tty/vt/vt.c:4710 vt_k_ioctl drivers/tty/vt/vt_ioctl.c:474 [inline] vt_ioctl+0x172e/0x1d00 drivers/tty/vt/vt_ioctl.c:752 tty_ioctl+0x874/0xc60 drivers/tty/tty_io.c:2778 vfs_ioctl fs/ioctl.c:51 [inline] __do_sys_ioctl fs/ioctl.c:870 [inline] __se_sys_ioctl+0xfb/0x170 fs/ioctl.c:856 do_syscall_x64 arch/x86/entry/common.c:50 [inline] do_syscall_64+0x2b/0x70 arch/x86/entry/common.c:80 entry_SYSCALL_64_after_hwframe+0x63/0xcd RIP: 0033:0x7efe5924e239 Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 b1 14 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 RSP: 002b:7fffba970648 EFLAGS: 0246 ORIG_RAX: 0010 RAX: ffda RBX: 0001 RCX: 7efe5924e239 RDX: 2000 RSI: 4b72 RDI: 0004 RBP: 7fffba970660 R08: 0001 R09: R10: R11: 0246 R12: 0005 R13: 7fffba97065c R14: 7fffba970680 R15: 7fffba970670 Modules linked in: CR2: c900043a1000 ---[ end trace ]--- RIP: 0010:memset64 arch/x86/include/asm/string_64.h:49 [inline] RIP: 0010:memset_l include/linux/string.h:128 [inline] RIP: 0010:bitfill_aligned+0x1ad/0x270 drivers/video/fbdev/core/sysfillrect.c:53 Code: 08 49 31 ef eb 66 e8 52 38 03 fd 45 89 e6 4c 8b 64 24 10 44 89 f0 31 d2 f7 f3 89 c3 48 8b 6c 24 08 48 89 e8 4c 89 e7 48 89 d9 48 ab 31 ff 44 89 ee e8 46 3c 03 fd 4d 85 ed 74 5f 4d 8d 24 dc RSP: 0018:c90003a6f7e8 EFLAGS: 00010246 RAX: RBX: 0ffc RCX: 01fc RDX: RSI: RDI: c900043a1000 RBP: R08: 848659ae R09: 0040 R10: 0002 R11: 888021ffd880 R12: c9000439a000 R13: R14: 0003ff00 R15: FS: 56df7300() GS:8880b9b0() knlGS: CS: 0010 DS: ES: CR0: 80050033 CR2:
[syzbot] KASAN: invalid-free in free_prealloced_shrinker
Hello,
syzbot found the following issue on:
HEAD commit:cb71b93c2dc3 Add linux-next specific files for 20220628
git tree: linux-next
console+strace: https://syzkaller.appspot.com/x/log.txt?x=1362115208
kernel config: https://syzkaller.appspot.com/x/.config?x=badbc1adb2d582eb
dashboard link: https://syzkaller.appspot.com/bug?extid=8b481578352d4637f510
compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for
Debian) 2.35.2
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=150c25fc08
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=1308956208
The issue was bisected to:
commit bec0918551a79c3c6b63a493a80e35e8b402804f
Author: Roman Gushchin
Date: Wed Jun 1 03:22:24 2022 +
mm: shrinkers: provide shrinkers with names
bisection log: https://syzkaller.appspot.com/x/bisect.txt?x=17451fd008
final oops: https://syzkaller.appspot.com/x/report.txt?x=14c51fd008
console output: https://syzkaller.appspot.com/x/log.txt?x=10c51fd008
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+8b481578352d4637f...@syzkaller.appspotmail.com
Fixes: bec0918551a7 ("mm: shrinkers: provide shrinkers with names")
==
BUG: KASAN: double-free in slab_free mm/slub.c:3534 [inline]
BUG: KASAN: double-free in kfree+0xe2/0x4d0 mm/slub.c:4562
CPU: 0 PID: 3647 Comm: syz-executor232 Not tainted
5.19.0-rc4-next-20220628-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google
06/29/2022
Call Trace:
__dump_stack lib/dump_stack.c:88 [inline]
dump_stack_lvl+0xcd/0x134 lib/dump_stack.c:106
print_address_description mm/kasan/report.c:317 [inline]
print_report.cold+0x2ba/0x719 mm/kasan/report.c:433
kasan_report_invalid_free+0x8f/0x1a0 mm/kasan/report.c:462
kasan_slab_free+0x18b/0x1c0 mm/kasan/common.c:355
kasan_slab_free include/linux/kasan.h:200 [inline]
slab_free_hook mm/slub.c:1754 [inline]
slab_free_freelist_hook+0x8b/0x1c0 mm/slub.c:1780
slab_free mm/slub.c:3534 [inline]
kfree+0xe2/0x4d0 mm/slub.c:4562
kfree_const+0x51/0x60 mm/util.c:41
free_prealloced_shrinker+0x32/0x160 mm/vmscan.c:658
destroy_unused_super.part.0+0x106/0x170 fs/super.c:185
destroy_unused_super fs/super.c:278 [inline]
alloc_super+0x8bd/0xaa0 fs/super.c:277
sget_fc+0x13e/0x7c0 fs/super.c:530
vfs_get_super fs/super.c:1134 [inline]
get_tree_nodev+0x24/0x1d0 fs/super.c:1169
vfs_get_tree+0x89/0x2f0 fs/super.c:1501
do_new_mount fs/namespace.c:3040 [inline]
path_mount+0x1320/0x1fa0 fs/namespace.c:3370
do_mount fs/namespace.c:3383 [inline]
__do_sys_mount fs/namespace.c:3591 [inline]
__se_sys_mount fs/namespace.c:3568 [inline]
__x64_sys_mount+0x27f/0x300 fs/namespace.c:3568
do_syscall_x64 arch/x86/entry/common.c:50 [inline]
do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80
entry_SYSCALL_64_after_hwframe+0x46/0xb0
RIP: 0033:0x7f84280f4ef9
Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 51 15 00 00 90 48 89 f8 48 89 f7 48
89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01
c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
RSP: 002b:7ffc55338338 EFLAGS: 0246 ORIG_RAX: 00a5
RAX: ffda RBX: 0003 RCX: 7f84280f4ef9
RDX: 20c0 RSI: 2080 RDI:
RBP: 7ffc55338360 R08: R09: 7ffc55338370
R10: R11: 0246 R12: 0003
R13: 7ffc55338380 R14: 7ffc553383c0 R15: 0006
Allocated by task 143:
kasan_save_stack+0x1e/0x40 mm/kasan/common.c:38
kasan_set_track mm/kasan/common.c:45 [inline]
set_alloc_info mm/kasan/common.c:436 [inline]
kasan_kmalloc mm/kasan/common.c:515 [inline]
kasan_kmalloc mm/kasan/common.c:474 [inline]
__kasan_kmalloc+0xa9/0xd0 mm/kasan/common.c:524
kmalloc include/linux/slab.h:605 [inline]
kzalloc include/linux/slab.h:733 [inline]
rh_call_control drivers/usb/core/hcd.c:514 [inline]
rh_urb_enqueue drivers/usb/core/hcd.c:848 [inline]
usb_hcd_submit_urb+0x661/0x2220 drivers/usb/core/hcd.c:1551
usb_submit_urb+0x86d/0x1880 drivers/usb/core/urb.c:594
usb_start_wait_urb+0x101/0x4b0 drivers/usb/core/message.c:58
usb_internal_control_msg drivers/usb/core/message.c:102 [inline]
usb_control_msg+0x31c/0x4a0 drivers/usb/core/message.c:153
get_port_status drivers/usb/core/hub.c:580 [inline]
hub_ext_port_status+0x112/0x450 drivers/usb/core/hub.c:597
usb_hub_port_status drivers/usb/core/hub.c:619 [inline]
hub_activate+0xa5c/0x1c90 drivers/usb/core/hub.c:1129
process_one_work+0x991/0x1610 kernel/workqueue.c:2289
worker_thread+0x665/0x1080 kernel/workqueue.c:2436
kthread+0x2e9/0x3a0 kernel/kthread.c:376
ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:302
Freed by task 3647:
kasan_save_stack+0x1e/0x40 mm/kasan/common.c:38
kasan_set_track+0x21/0x30 mm/kasan/common.c:45
kasan_set_free_info+0x20/0x30 mm
[syzbot] BUG: unable to handle kernel paging request in bitfill_aligned (3)
Hello, syzbot found the following issue on: HEAD commit:e35e5b6f695d Merge tag 'xsa-5.19-tag' of git://git.kernel... git tree: upstream console output: https://syzkaller.appspot.com/x/log.txt?x=17f49bbc08 kernel config: https://syzkaller.appspot.com/x/.config?x=f3bf7765b1ebd721 dashboard link: https://syzkaller.appspot.com/bug?extid=a168dbeaaa7778273c1b compiler: Debian clang version 13.0.1-++20220126092033+75e33f71c2da-1~exp1~20220126212112.63, GNU ld (GNU Binutils for Debian) 2.35.2 Unfortunately, I don't have any reproducer for this issue yet. IMPORTANT: if you fix the issue, please add the following tag to the commit: Reported-by: syzbot+a168dbeaaa7778273...@syzkaller.appspotmail.com BUG: unable to handle page fault for address: c90004331000 #PF: supervisor write access in kernel mode #PF: error_code(0x0002) - not-present page PGD 11c00067 P4D 11c00067 PUD 11dc5067 PMD 1cffd067 PTE 0 Oops: 0002 [#1] PREEMPT SMP KASAN CPU: 0 PID: 11483 Comm: syz-executor.4 Not tainted 5.19.0-rc5-syzkaller-00056-ge35e5b6f695d #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/29/2022 RIP: 0010:memset64 arch/x86/include/asm/string_64.h:49 [inline] RIP: 0010:memset_l include/linux/string.h:128 [inline] RIP: 0010:bitfill_aligned+0x1ad/0x270 drivers/video/fbdev/core/sysfillrect.c:53 Code: 08 49 31 ef eb 66 e8 32 9c 05 fd 45 89 e6 4c 8b 64 24 10 44 89 f0 31 d2 f7 f3 89 c3 48 8b 6c 24 08 48 89 e8 4c 89 e7 48 89 d9 48 ab 31 ff 44 89 ee e8 26 a0 05 fd 4d 85 ed 74 5f 4d 8d 24 dc RSP: 0018:c9000ae3f7e8 EFLAGS: 00010246 RAX: RBX: 1800 RCX: 1200 RDX: RSI: 0bca RDI: c90004331000 RBP: R08: 8481e07e R09: 0040 R10: 0002 R11: 88803938d880 R12: c9000432e000 R13: R14: 0006 R15: FS: 7f8c16811700() GS:8880b9a0() knlGS: CS: 0010 DS: ES: CR0: 80050033 CR2: c90004331000 CR3: 6dd66000 CR4: 003506f0 DR0: DR1: DR2: DR3: DR6: fffe0ff0 DR7: 0400 Call Trace: sys_fillrect+0x5ce/0x7f0 drivers/video/fbdev/core/sysfillrect.c:281 drm_fb_helper_sys_fillrect drivers/gpu/drm/drm_fb_helper.c:795 [inline] drm_fbdev_fb_fillrect+0x163/0x300 drivers/gpu/drm/drm_fb_helper.c:2310 bit_clear_margins+0x3f1/0x6e0 drivers/video/fbdev/core/bitblit.c:232 fbcon_clear_margins drivers/video/fbdev/core/fbcon.c:1304 [inline] fbcon_do_set_font+0xd7c/0x1330 drivers/video/fbdev/core/fbcon.c:2434 fbcon_set_font+0xa9c/0xd80 drivers/video/fbdev/core/fbcon.c:2517 con_font_set drivers/tty/vt/vt.c:4666 [inline] con_font_op+0xbe8/0x1070 drivers/tty/vt/vt.c:4710 vt_k_ioctl drivers/tty/vt/vt_ioctl.c:474 [inline] vt_ioctl+0x172e/0x1d00 drivers/tty/vt/vt_ioctl.c:752 tty_ioctl+0x874/0xc60 drivers/tty/tty_io.c:2778 vfs_ioctl fs/ioctl.c:51 [inline] __do_sys_ioctl fs/ioctl.c:870 [inline] __se_sys_ioctl+0xfb/0x170 fs/ioctl.c:856 do_syscall_x64 arch/x86/entry/common.c:50 [inline] do_syscall_64+0x2b/0x70 arch/x86/entry/common.c:80 entry_SYSCALL_64_after_hwframe+0x46/0xb0 RIP: 0033:0x7f8c15689109 Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 RSP: 002b:7f8c16811168 EFLAGS: 0246 ORIG_RAX: 0010 RAX: ffda RBX: 7f8c1579bf60 RCX: 7f8c15689109 RDX: 2040 RSI: 4b72 RDI: 0003 RBP: 7f8c156e305d R08: R09: R10: R11: 0246 R12: R13: 7ffdfe77e39f R14: 7f8c16811300 R15: 00022000 Modules linked in: CR2: c90004331000 ---[ end trace ]--- RIP: 0010:memset64 arch/x86/include/asm/string_64.h:49 [inline] RIP: 0010:memset_l include/linux/string.h:128 [inline] RIP: 0010:bitfill_aligned+0x1ad/0x270 drivers/video/fbdev/core/sysfillrect.c:53 Code: 08 49 31 ef eb 66 e8 32 9c 05 fd 45 89 e6 4c 8b 64 24 10 44 89 f0 31 d2 f7 f3 89 c3 48 8b 6c 24 08 48 89 e8 4c 89 e7 48 89 d9 48 ab 31 ff 44 89 ee e8 26 a0 05 fd 4d 85 ed 74 5f 4d 8d 24 dc RSP: 0018:c9000ae3f7e8 EFLAGS: 00010246 RAX: RBX: 1800 RCX: 1200 RDX: RSI: 0bca RDI: c90004331000 RBP: R08: 8481e07e R09: 0040 R10: 0002 R11: 88803938d880 R12: c9000432e000 R13: R14: 0006 R15: FS: 7f8c16811700() GS:8880b9a0() knlGS: CS: 0010 DS: ES: CR0: 80050033 CR2: c90004331000 CR3: 6dd66000 CR4: 003506f0 DR0: DR1:
[syzbot] general protection fault in virtio_gpu_object_create (2)
Hello, syzbot found the following issue on: HEAD commit:089866061428 Merge tag 'libnvdimm-fixes-5.19-rc5' of git:/.. git tree: upstream console output: https://syzkaller.appspot.com/x/log.txt?x=15ce44ec08 kernel config: https://syzkaller.appspot.com/x/.config?x=3a010dbf6a7af480 dashboard link: https://syzkaller.appspot.com/bug?extid=2f09dba03ce3f3b0a2cf compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2 syz repro: https://syzkaller.appspot.com/x/repro.syz?x=1365015008 C reproducer: https://syzkaller.appspot.com/x/repro.c?x=16687b6c08 IMPORTANT: if you fix the issue, please add the following tag to the commit: Reported-by: syzbot+2f09dba03ce3f3b0a...@syzkaller.appspotmail.com general protection fault, probably for non-canonical address 0xdc00: [#1] PREEMPT SMP KASAN KASAN: null-ptr-deref in range [0x-0x0007] CPU: 0 PID: 3668 Comm: syz-executor918 Not tainted 5.19.0-rc4-syzkaller-00187-g089866061428 #0 Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.14.0-2 04/01/2014 RIP: 0010:virtio_gpu_object_shmem_init drivers/gpu/drm/virtio/virtgpu_object.c:183 [inline] RIP: 0010:virtio_gpu_object_create+0x29b/0xd90 drivers/gpu/drm/virtio/virtgpu_object.c:249 Code: 89 de e8 98 3c ed fc 48 85 db 0f 85 9f 03 00 00 e8 2a 40 ed fc 49 8d 7f 0c 48 b8 00 00 00 00 00 fc ff df 48 89 fa 48 c1 ea 03 <0f> b6 14 02 48 89 f8 83 e0 07 83 c0 03 38 d0 7c 08 84 d2 0f 85 82 RSP: 0018:c90002e5fad0 EFLAGS: 00010246 RAX: dc00 RBX: RCX: RDX: RSI: 848c5756 RDI: RBP: 88802286b800 R08: 0007 R09: R10: R11: 0001 R12: c90002e5fbd0 R13: 88801c4c0010 R14: 88801c4c R15: fff4 FS: 56654300() GS:88802c80() knlGS: CS: 0010 DS: ES: CR0: 80050033 CR2: 7fa12e2a42a4 CR3: 15c4e000 CR4: 00150ef0 DR0: DR1: DR2: DR3: DR6: fffe0ff0 DR7: 0400 Call Trace: virtio_gpu_gem_create drivers/gpu/drm/virtio/virtgpu_gem.c:42 [inline] virtio_gpu_mode_dumb_create+0x319/0x5c0 drivers/gpu/drm/virtio/virtgpu_gem.c:90 drm_mode_create_dumb+0x26c/0x2f0 drivers/gpu/drm/drm_dumb_buffers.c:96 drm_ioctl_kernel+0x27d/0x4e0 drivers/gpu/drm/drm_ioctl.c:782 drm_ioctl+0x51e/0x9d0 drivers/gpu/drm/drm_ioctl.c:885 vfs_ioctl fs/ioctl.c:51 [inline] __do_sys_ioctl fs/ioctl.c:870 [inline] __se_sys_ioctl fs/ioctl.c:856 [inline] __x64_sys_ioctl+0x193/0x200 fs/ioctl.c:856 do_syscall_x64 arch/x86/entry/common.c:50 [inline] do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80 entry_SYSCALL_64_after_hwframe+0x46/0xb0 RIP: 0033:0x7fa12e24c699 Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 b1 14 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 RSP: 002b:7fff25d83428 EFLAGS: 0246 ORIG_RAX: 0010 RAX: ffda RBX: 0002 RCX: 7fa12e24c699 RDX: 2000 RSI: c02064b2 RDI: 0003 RBP: 7fff25d83440 R08: 0002 R09: 0001 R10: R11: 0246 R12: 0004 R13: 431bde82d7b634db R14: R15: Modules linked in: ---[ end trace ]--- RIP: 0010:virtio_gpu_object_shmem_init drivers/gpu/drm/virtio/virtgpu_object.c:183 [inline] RIP: 0010:virtio_gpu_object_create+0x29b/0xd90 drivers/gpu/drm/virtio/virtgpu_object.c:249 Code: 89 de e8 98 3c ed fc 48 85 db 0f 85 9f 03 00 00 e8 2a 40 ed fc 49 8d 7f 0c 48 b8 00 00 00 00 00 fc ff df 48 89 fa 48 c1 ea 03 <0f> b6 14 02 48 89 f8 83 e0 07 83 c0 03 38 d0 7c 08 84 d2 0f 85 82 RSP: 0018:c90002e5fad0 EFLAGS: 00010246 RAX: dc00 RBX: RCX: RDX: RSI: 848c5756 RDI: RBP: 88802286b800 R08: 0007 R09: R10: R11: 0001 R12: c90002e5fbd0 R13: 88801c4c0010 R14: 88801c4c R15: fff4 FS: 56654300() GS:88802c80() knlGS: CS: 0010 DS: ES: CR0: 80050033 CR2: 7fa12e2a42a4 CR3: 15c4e000 CR4: 00150ef0 DR0: DR1: DR2: DR3: DR6: fffe0ff0 DR7: 0400 Code disassembly (best guess): 0: 89 de mov%ebx,%esi 2: e8 98 3c ed fc callq 0xfced3c9f 7: 48 85 dbtest %rbx,%rbx a: 0f 85 9f 03 00 00 jne0x3af 10: e8 2a 40 ed fc callq 0xfced403f 15: 49 8d 7f 0c lea0xc
[syzbot] WARNING in dma_map_sgtable (2)
Hello, syzbot found the following issue on: HEAD commit:7e062cda7d90 Merge tag 'net-next-5.19' of git://git.kernel.. git tree: upstream console+strace: https://syzkaller.appspot.com/x/log.txt?x=172151d3f0 kernel config: https://syzkaller.appspot.com/x/.config?x=e9d71d3c07c36588 dashboard link: https://syzkaller.appspot.com/bug?extid=3ba551855046ba3b3806 compiler: Debian clang version 13.0.1-++20220126092033+75e33f71c2da-1~exp1~20220126212112.63, GNU ld (GNU Binutils for Debian) 2.35.2 syz repro: https://syzkaller.appspot.com/x/repro.syz?x=12918503f0 C reproducer: https://syzkaller.appspot.com/x/repro.c?x=1386fa39f0 Bisection is inconclusive: the issue happens on the oldest tested release. bisection log: https://syzkaller.appspot.com/x/bisect.txt?x=14107ee5f0 final oops: https://syzkaller.appspot.com/x/report.txt?x=16107ee5f0 console output: https://syzkaller.appspot.com/x/log.txt?x=12107ee5f0 IMPORTANT: if you fix the issue, please add the following tag to the commit: Reported-by: syzbot+3ba551855046ba3b3...@syzkaller.appspotmail.com [ cut here ] WARNING: CPU: 0 PID: 3610 at kernel/dma/mapping.c:188 dma_map_sgtable+0x203/0x260 kernel/dma/mapping.c:264 Modules linked in: CPU: 0 PID: 3610 Comm: syz-executor162 Not tainted 5.18.0-syzkaller-04943-g7e062cda7d90 #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 RIP: 0010:__dma_map_sg_attrs kernel/dma/mapping.c:188 [inline] RIP: 0010:dma_map_sgtable+0x203/0x260 kernel/dma/mapping.c:264 Code: 75 15 e8 50 5f 14 00 eb cb e8 49 5f 14 00 eb c4 e8 42 5f 14 00 eb bd e8 3b 5f 14 00 0f 0b bd fb ff ff ff eb af e8 2d 5f 14 00 <0f> 0b 31 ed 48 bb 00 00 00 00 00 fc ff df e9 7b ff ff ff 89 e9 80 RSP: 0018:c9000305fd40 EFLAGS: 00010293 RAX: 81723873 RBX: dc00 RCX: 88801fbb8000 RDX: RSI: 0001 RDI: 0002 RBP: 8881487e5408 R08: 81723743 R09: ed1003592c9e R10: ed1003592c9e R11: 111003592c9c R12: 8881487e5000 R13: 88801ac964e0 R14: R15: 0001 FS: 56c2a300() GS:8880b9a0() knlGS: CS: 0010 DS: ES: CR0: 80050033 CR2: 005d84c8 CR3: 1f1ef000 CR4: 003506f0 DR0: DR1: DR2: DR3: DR6: fffe0ff0 DR7: 0400 Call Trace: get_sg_table+0xf9/0x150 drivers/dma-buf/udmabuf.c:72 begin_cpu_udmabuf+0xf5/0x160 drivers/dma-buf/udmabuf.c:126 dma_buf_begin_cpu_access+0xd8/0x170 drivers/dma-buf/dma-buf.c:1172 dma_buf_ioctl+0x2a0/0x2f0 drivers/dma-buf/dma-buf.c:363 vfs_ioctl fs/ioctl.c:51 [inline] __do_sys_ioctl fs/ioctl.c:870 [inline] __se_sys_ioctl+0xfb/0x170 fs/ioctl.c:856 do_syscall_x64 arch/x86/entry/common.c:50 [inline] do_syscall_64+0x2b/0x70 arch/x86/entry/common.c:80 entry_SYSCALL_64_after_hwframe+0x46/0xb0 RIP: 0033:0x7f8bf9c6dc19 Code: 28 c3 e8 2a 14 00 00 66 2e 0f 1f 84 00 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 RSP: 002b:7ffd7cfae1d8 EFLAGS: 0246 ORIG_RAX: 0010 RAX: ffda RBX: RCX: 7f8bf9c6dc19 RDX: 2100 RSI: 40086200 RDI: 0006 RBP: 7f8bf9c31dc0 R08: R09: R10: R11: 0246 R12: 7f8bf9c31e50 R13: R14: R15: --- This report is generated by a bot. It may contain errors. See https://goo.gl/tpsmEJ for more information about syzbot. syzbot engineers can be reached at syzkal...@googlegroups.com. syzbot will keep track of this issue. See: https://goo.gl/tpsmEJ#status for how to communicate with syzbot. For information about bisection process see: https://goo.gl/tpsmEJ#bisection syzbot can test patches for this issue, for details see: https://goo.gl/tpsmEJ#testing-patches
[syzbot] WARNING in drm_atomic_helper_wait_for_vblanks (2)
Hello, syzbot found the following issue on: HEAD commit:9be9ed2612b5 Merge tag 'platform-drivers-x86-v5.18-4' of g.. git tree: upstream console output: https://syzkaller.appspot.com/x/log.txt?x=12dc2e49f0 kernel config: https://syzkaller.appspot.com/x/.config?x=6ab029f8aaef5349 dashboard link: https://syzkaller.appspot.com/bug?extid=f95421e61338eb84132a compiler: arm-linux-gnueabi-gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2 userspace arch: arm Unfortunately, I don't have any reproducer for this issue yet. IMPORTANT: if you fix the issue, please add the following tag to the commit: Reported-by: syzbot+f95421e61338eb841...@syzkaller.appspotmail.com [ cut here ] WARNING: CPU: 1 PID: 11618 at drivers/gpu/drm/drm_atomic_helper.c:1529 drm_atomic_helper_wait_for_vblanks.part.0+0x2ac/0x2b8 drivers/gpu/drm/drm_atomic_helper.c:1529 [CRTC:33:crtc-0] vblank wait timed out Modules linked in: Kernel panic - not syncing: panic_on_warn set ... CPU: 1 PID: 11618 Comm: syz-executor.0 Not tainted 5.18.0-rc6-syzkaller #0 Hardware name: ARM-Versatile Express Backtrace: [<816dadf0>] (dump_backtrace) from [<816db120>] (show_stack+0x18/0x1c arch/arm/kernel/traps.c:253) r7:81d665f4 r6:8b64 r5:6093 r4:81d73dd4 [<816db108>] (show_stack) from [<816e3a20>] (__dump_stack lib/dump_stack.c:88 [inline]) [<816db108>] (show_stack) from [<816e3a20>] (dump_stack_lvl+0x48/0x54 lib/dump_stack.c:106) [<816e39d8>] (dump_stack_lvl) from [<816e3a44>] (dump_stack+0x18/0x1c lib/dump_stack.c:113) r5: r4:82442d14 [<816e3a2c>] (dump_stack) from [<816dbcbc>] (panic+0x11c/0x360 kernel/panic.c:250) [<816dbba0>] (panic) from [<80242928>] (__warn+0x98/0x198 kernel/panic.c:599) r3:0001 r2: r1: r0:81d665f4 r7:80913100 [<80242890>] (__warn) from [<816dbf9c>] (warn_slowpath_fmt+0x9c/0xd4 kernel/panic.c:629) r8:0009 r7:80913100 r6:05f9 r5:81dd6170 r4:81dd677c [<816dbf04>] (warn_slowpath_fmt) from [<80913100>] (drm_atomic_helper_wait_for_vblanks.part.0+0x2ac/0x2b8 drivers/gpu/drm/drm_atomic_helper.c:1529) r8:649a r7: r6:82a1d000 r5:829e0050 r4: [<80912e54>] (drm_atomic_helper_wait_for_vblanks.part.0) from [<80914620>] (drm_atomic_helper_wait_for_vblanks drivers/gpu/drm/drm_atomic_helper.c:1505 [inline]) [<80912e54>] (drm_atomic_helper_wait_for_vblanks.part.0) from [<80914620>] (drm_atomic_helper_commit_tail+0x84/0x94 drivers/gpu/drm/drm_atomic_helper.c:1605) r10:8425185c r9:83f0e800 r8: r7:0136 r6:739d46c0 r5:83f0e800 r4:82a1d000 [<8091459c>] (drm_atomic_helper_commit_tail) from [<80915170>] (commit_tail+0x164/0x18c drivers/gpu/drm/drm_atomic_helper.c:1682) r5: r4:82a1d000 [<8091500c>] (commit_tail) from [<80915d3c>] (drm_atomic_helper_commit drivers/gpu/drm/drm_atomic_helper.c:1900 [inline]) [<8091500c>] (commit_tail) from [<80915d3c>] (drm_atomic_helper_commit+0x14c/0x170 drivers/gpu/drm/drm_atomic_helper.c:1833) r9:83f0e800 r8:82a1d02c r7: r6:83f0e800 r5: r4:82a1d000 [<80915bf0>] (drm_atomic_helper_commit) from [<80934bb4>] (drm_atomic_commit+0x58/0x5c drivers/gpu/drm/drm_atomic.c:1434) r9:83f0e800 r8:829e0340 r7:0001 r6:0001 r5:83f0e800 r4:82a1d000 [<80934b5c>] (drm_atomic_commit) from [<8094c7bc>] (drm_client_modeset_commit_atomic+0x200/0x248 drivers/gpu/drm/drm_client_modeset.c:1044) r5:83f0e9ac r4:82a1d000 [<8094c5bc>] (drm_client_modeset_commit_atomic) from [<8094c8dc>] (drm_client_modeset_commit_locked+0x64/0x18c drivers/gpu/drm/drm_client_modeset.c:1147) r10:5ac3c35a r9:83f0e894 r8:81ddde34 r7:8417ea18 r6:8417ea00 r5:83f0e800 r4:83f0e800 [<8094c878>] (drm_client_modeset_commit_locked) from [<8094ca30>] (drm_client_modeset_commit+0x2c/0x48 drivers/gpu/drm/drm_client_modeset.c:1173) r9:83f0e894 r8:81ddde34 r7:8417eab4 r6: r5:83f0e800 r4:8417ea00 [<8094ca04>] (drm_client_modeset_commit) from [<8091db08>] (__drm_fb_helper_restore_fbdev_mode_unlocked drivers/gpu/drm/drm_fb_helper.c:252 [inline]) [<8094ca04>] (drm_client_modeset_commit) from [<8091db08>] (__drm_fb_helper_restore_fbdev_mode_unlocked drivers/gpu/drm/drm_fb_helper.c:231 [inline]) [<8094ca04>] (drm_client_modeset_commit) from [<8091db08>] (drm_fb_helper_restore_fbdev_mode_unlocked drivers/gpu/drm/drm_fb_helper.c:279 [inline]) [<8094ca04>] (drm_client_modeset_commit) from [<8091db08>] (drm_fb_helper_lastclose drivers/gpu/drm/drm_fb_helper.c:2035 [inline]) [<8094ca04>] (drm_client_modeset_commit) from [<8091db08>] (drm_fbdev_client_restore+0x5c/0x98 drivers/gpu/drm/drm_fb_helper.c:2445) r5:82349ecc r4:8417ea00 [<8091daac>] (drm_fbdev_client_restore) from [<8094c21
