WARNING in idr_destroy
22 views
Skip to first unread message
syzbot
Mar 3, 2020, 2:49:14 AM3/3/20
to air...@linux.ie, dan...@ffwll.ch, dri-...@lists.freedesktop.org, linux-...@vger.kernel.org, maarten....@linux.intel.com, mri...@kernel.org, syzkall...@googlegroups.com
Hello,
syzbot found the following crash on:
HEAD commit: 63623fd4 Merge tag 'for-linus' of git://git.kernel.org/pub..
git tree: upstream
console output: https://syzkaller.appspot.com/x/log.txt?x=10e978e3e00000
kernel config: https://syzkaller.appspot.com/x/.config?x=5d2e033af114153f
dashboard link: https://syzkaller.appspot.com/bug?extid=05835159fe322770fe3d
compiler: clang version 10.0.0 (https://github.com/llvm/llvm-project/ c2443155a0fb245c8f17f2c1c72b6ea391e86e81)
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=14e978e3e00000
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=10b1a819e00000
IMPORTANT: if you fix the bug, please add the following tag to the commit:
Reported-by: syzbot+058351...@syzkaller.appspotmail.com
R10: 0000000000000000 R11: 0000000000000246 R12: 00000000006dbc2c
R13: 00007fc6b3362d90 R14: 0000000000000004 R15: 000000000000002d
------------[ cut here ]------------
WARNING: CPU: 0 PID: 12260 at lib/radix-tree.c:682 radix_tree_free_nodes lib/radix-tree.c:682 [inline]
WARNING: CPU: 0 PID: 12260 at lib/radix-tree.c:682 idr_destroy+0x1ae/0x260 lib/radix-tree.c:1572
Kernel panic - not syncing: panic_on_warn set ...
CPU: 0 PID: 12260 Comm: syz-executor386 Not tainted 5.6.0-rc3-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
__dump_stack lib/dump_stack.c:77 [inline]
dump_stack+0x1fb/0x318 lib/dump_stack.c:118
panic+0x264/0x7a9 kernel/panic.c:221
__warn+0x209/0x210 kernel/panic.c:582
report_bug+0x1b6/0x2f0 lib/bug.c:195
fixup_bug arch/x86/kernel/traps.c:174 [inline]
do_error_trap+0xcf/0x1c0 arch/x86/kernel/traps.c:267
do_invalid_op+0x36/0x40 arch/x86/kernel/traps.c:286
invalid_op+0x23/0x30 arch/x86/entry/entry_64.S:1027
RIP: 0010:radix_tree_free_nodes lib/radix-tree.c:682 [inline]
RIP: 0010:idr_destroy+0x1ae/0x260 lib/radix-tree.c:1572
Code: b5 63 f9 48 89 df 48 c7 c6 c0 0a 13 88 e8 6a ce 50 f9 4c 3b 65 b8 74 57 e8 cf b5 63 f9 4d 89 fc e9 67 ff ff ff e8 c2 b5 63 f9 <0f> 0b eb d5 89 f9 80 e1 07 38 c1 7c 84 e8 c0 de a0 f9 e9 7a ff ff
RSP: 0018:ffffc90005107ba0 EFLAGS: 00010293
RAX: ffffffff881363be RBX: ffff888087dba998 RCX: ffff888094062300
RDX: 0000000000000000 RSI: 0000000000000040 RDI: ffff888087dba988
RBP: ffffc90005107be8 R08: ffffffff88136330 R09: ffffed1012a78181
R10: ffffed1012a78181 R11: 0000000000000000 R12: ffff888087dba980
R13: 0000000000000000 R14: dffffc0000000000 R15: 0000000000000000
drm_mode_create_lease_ioctl+0x1347/0x1860 drivers/gpu/drm/drm_lease.c:583
drm_ioctl_kernel+0x2cf/0x410 drivers/gpu/drm/drm_ioctl.c:786
drm_ioctl+0x52f/0x890 drivers/gpu/drm/drm_ioctl.c:886
vfs_ioctl fs/ioctl.c:47 [inline]
ksys_ioctl fs/ioctl.c:763 [inline]
__do_sys_ioctl fs/ioctl.c:772 [inline]
__se_sys_ioctl+0x113/0x190 fs/ioctl.c:770
__x64_sys_ioctl+0x7b/0x90 fs/ioctl.c:770
do_syscall_64+0xf7/0x1c0 arch/x86/entry/common.c:294
entry_SYSCALL_64_after_hwframe+0x49/0xbe
RIP: 0033:0x44a4b9
Code: e8 0c e8 ff ff 48 83 c4 18 c3 0f 1f 80 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 9b cc fb ff c3 66 2e 0f 1f 84 00 00 00 00
RSP: 002b:00007fc6b3362d88 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
RAX: ffffffffffffffda RBX: 00000000006dbc28 RCX: 000000000044a4b9
RDX: 0000000020000040 RSI: ffffffffffffffc6 RDI: 0000000000000003
RBP: 00000000006dbc20 R08: 0000000000000001 R09: 0000000000000039
R10: 0000000000000000 R11: 0000000000000246 R12: 00000000006dbc2c
R13: 00007fc6b3362d90 R14: 0000000000000004 R15: 000000000000002d
Kernel Offset: disabled
Rebooting in 86400 seconds..
---
This bug is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this bug report. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
syzbot can test patches for this bug, for details see:
https://goo.gl/tpsmEJ#testing-patches
syzbot found the following crash on:
HEAD commit: 63623fd4 Merge tag 'for-linus' of git://git.kernel.org/pub..
git tree: upstream
console output: https://syzkaller.appspot.com/x/log.txt?x=10e978e3e00000
kernel config: https://syzkaller.appspot.com/x/.config?x=5d2e033af114153f
dashboard link: https://syzkaller.appspot.com/bug?extid=05835159fe322770fe3d
compiler: clang version 10.0.0 (https://github.com/llvm/llvm-project/ c2443155a0fb245c8f17f2c1c72b6ea391e86e81)
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=14e978e3e00000
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=10b1a819e00000
IMPORTANT: if you fix the bug, please add the following tag to the commit:
Reported-by: syzbot+058351...@syzkaller.appspotmail.com
R10: 0000000000000000 R11: 0000000000000246 R12: 00000000006dbc2c
R13: 00007fc6b3362d90 R14: 0000000000000004 R15: 000000000000002d
------------[ cut here ]------------
WARNING: CPU: 0 PID: 12260 at lib/radix-tree.c:682 radix_tree_free_nodes lib/radix-tree.c:682 [inline]
WARNING: CPU: 0 PID: 12260 at lib/radix-tree.c:682 idr_destroy+0x1ae/0x260 lib/radix-tree.c:1572
Kernel panic - not syncing: panic_on_warn set ...
CPU: 0 PID: 12260 Comm: syz-executor386 Not tainted 5.6.0-rc3-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
__dump_stack lib/dump_stack.c:77 [inline]
dump_stack+0x1fb/0x318 lib/dump_stack.c:118
panic+0x264/0x7a9 kernel/panic.c:221
__warn+0x209/0x210 kernel/panic.c:582
report_bug+0x1b6/0x2f0 lib/bug.c:195
fixup_bug arch/x86/kernel/traps.c:174 [inline]
do_error_trap+0xcf/0x1c0 arch/x86/kernel/traps.c:267
do_invalid_op+0x36/0x40 arch/x86/kernel/traps.c:286
invalid_op+0x23/0x30 arch/x86/entry/entry_64.S:1027
RIP: 0010:radix_tree_free_nodes lib/radix-tree.c:682 [inline]
RIP: 0010:idr_destroy+0x1ae/0x260 lib/radix-tree.c:1572
Code: b5 63 f9 48 89 df 48 c7 c6 c0 0a 13 88 e8 6a ce 50 f9 4c 3b 65 b8 74 57 e8 cf b5 63 f9 4d 89 fc e9 67 ff ff ff e8 c2 b5 63 f9 <0f> 0b eb d5 89 f9 80 e1 07 38 c1 7c 84 e8 c0 de a0 f9 e9 7a ff ff
RSP: 0018:ffffc90005107ba0 EFLAGS: 00010293
RAX: ffffffff881363be RBX: ffff888087dba998 RCX: ffff888094062300
RDX: 0000000000000000 RSI: 0000000000000040 RDI: ffff888087dba988
RBP: ffffc90005107be8 R08: ffffffff88136330 R09: ffffed1012a78181
R10: ffffed1012a78181 R11: 0000000000000000 R12: ffff888087dba980
R13: 0000000000000000 R14: dffffc0000000000 R15: 0000000000000000
drm_mode_create_lease_ioctl+0x1347/0x1860 drivers/gpu/drm/drm_lease.c:583
drm_ioctl_kernel+0x2cf/0x410 drivers/gpu/drm/drm_ioctl.c:786
drm_ioctl+0x52f/0x890 drivers/gpu/drm/drm_ioctl.c:886
vfs_ioctl fs/ioctl.c:47 [inline]
ksys_ioctl fs/ioctl.c:763 [inline]
__do_sys_ioctl fs/ioctl.c:772 [inline]
__se_sys_ioctl+0x113/0x190 fs/ioctl.c:770
__x64_sys_ioctl+0x7b/0x90 fs/ioctl.c:770
do_syscall_64+0xf7/0x1c0 arch/x86/entry/common.c:294
entry_SYSCALL_64_after_hwframe+0x49/0xbe
RIP: 0033:0x44a4b9
Code: e8 0c e8 ff ff 48 83 c4 18 c3 0f 1f 80 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 9b cc fb ff c3 66 2e 0f 1f 84 00 00 00 00
RSP: 002b:00007fc6b3362d88 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
RAX: ffffffffffffffda RBX: 00000000006dbc28 RCX: 000000000044a4b9
RDX: 0000000020000040 RSI: ffffffffffffffc6 RDI: 0000000000000003
RBP: 00000000006dbc20 R08: 0000000000000001 R09: 0000000000000039
R10: 0000000000000000 R11: 0000000000000246 R12: 00000000006dbc2c
R13: 00007fc6b3362d90 R14: 0000000000000004 R15: 000000000000002d
Kernel Offset: disabled
Rebooting in 86400 seconds..
---
This bug is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this bug report. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
syzbot can test patches for this bug, for details see:
https://goo.gl/tpsmEJ#testing-patches
syzbot
Mar 11, 2020, 12:36:03 AM3/11/20
to a...@unstable.cc, air...@linux.ie, air...@redhat.com, alexande...@amd.com, b.a.t...@lists.open-mesh.org, christia...@amd.com, dan...@ffwll.ch, da...@davemloft.net, dri-...@lists.freedesktop.org, gre...@linuxfoundation.org, hdeg...@redhat.com, kra...@redhat.com, linux-...@vger.kernel.org, maarten....@linux.intel.com, marekl...@neomailbox.ch, mri...@kernel.org, net...@vger.kernel.org, nor...@tronnes.org, s...@simonwunderlich.de, syzkall...@googlegroups.com, tg...@linutronix.de, tzimm...@suse.de
syzbot has bisected this bug to:
commit 5b3709793d151e6e12eb6a38a5da3f7fc2923d3a
Author: Thomas Zimmermann <tzimm...@suse.de>
Date: Wed May 8 08:26:19 2019 +0000
drm/ast: Convert AST driver to |struct drm_gem_vram_object|
bisection log: https://syzkaller.appspot.com/x/bisect.txt?x=15a66fb5e00000
start commit: 63623fd4 Merge tag 'for-linus' of git://git.kernel.org/pub..
git tree: upstream
final crash: https://syzkaller.appspot.com/x/report.txt?x=17a66fb5e00000
console output: https://syzkaller.appspot.com/x/log.txt?x=13a66fb5e00000
Fixes: 5b3709793d15 ("drm/ast: Convert AST driver to |struct drm_gem_vram_object|")
For information about bisection process see: https://goo.gl/tpsmEJ#bisection
commit 5b3709793d151e6e12eb6a38a5da3f7fc2923d3a
Author: Thomas Zimmermann <tzimm...@suse.de>
Date: Wed May 8 08:26:19 2019 +0000
drm/ast: Convert AST driver to |struct drm_gem_vram_object|
bisection log: https://syzkaller.appspot.com/x/bisect.txt?x=15a66fb5e00000
start commit: 63623fd4 Merge tag 'for-linus' of git://git.kernel.org/pub..
git tree: upstream
final crash: https://syzkaller.appspot.com/x/report.txt?x=17a66fb5e00000
console output: https://syzkaller.appspot.com/x/log.txt?x=13a66fb5e00000
kernel config: https://syzkaller.appspot.com/x/.config?x=5d2e033af114153f
dashboard link: https://syzkaller.appspot.com/bug?extid=05835159fe322770fe3d
dashboard link: https://syzkaller.appspot.com/bug?extid=05835159fe322770fe3d
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=14e978e3e00000
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=10b1a819e00000
Reported-by: syzbot+058351...@syzkaller.appspotmail.com
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=10b1a819e00000
Fixes: 5b3709793d15 ("drm/ast: Convert AST driver to |struct drm_gem_vram_object|")
For information about bisection process see: https://goo.gl/tpsmEJ#bisection
Qiujun Huang
Mar 13, 2020, 9:25:35 PM3/13/20
to syzbot, maarten....@linux.intel.com, mri...@kernel.org, air...@linux.ie, dan...@ffwll.ch, dri-...@lists.freedesktop.org, linux-...@vger.kernel.org, syzkall...@googlegroups.com, wi...@infradead.org
We need to get idr_mutex first for idr_alloc.
diff --git a/drivers/gpu/drm/drm_lease.c b/drivers/gpu/drm/drm_lease.c
index b481cafdde28..aa72c8344ec7 100644
--- a/drivers/gpu/drm/drm_lease.c
+++ b/drivers/gpu/drm/drm_lease.c
@@ -420,6 +420,7 @@ static int fill_object_idr(struct drm_device *dev,
/* add their IDs to the lease request - taking into account
universal planes */
+ mutex_lock(&dev->mode_config.idr_mutex);
for (o = 0; o < object_count; o++) {
struct drm_mode_object *obj = objects[o];
u32 object_id = objects[o]->id;
@@ -457,6 +458,7 @@ static int fill_object_idr(struct drm_device *dev,
}
}
}
+ mutex_unlock(&dev->mode_config.idr_mutex);
ret = 0;
out_free_objects:
diff --git a/drivers/gpu/drm/drm_lease.c b/drivers/gpu/drm/drm_lease.c
index b481cafdde28..aa72c8344ec7 100644
--- a/drivers/gpu/drm/drm_lease.c
+++ b/drivers/gpu/drm/drm_lease.c
@@ -420,6 +420,7 @@ static int fill_object_idr(struct drm_device *dev,
/* add their IDs to the lease request - taking into account
universal planes */
+ mutex_lock(&dev->mode_config.idr_mutex);
for (o = 0; o < object_count; o++) {
struct drm_mode_object *obj = objects[o];
u32 object_id = objects[o]->id;
@@ -457,6 +458,7 @@ static int fill_object_idr(struct drm_device *dev,
}
}
}
+ mutex_unlock(&dev->mode_config.idr_mutex);
ret = 0;
out_free_objects:
Qiujun Huang
Mar 13, 2020, 10:09:49 PM3/13/20
to syzbot, air...@linux.ie, dan...@ffwll.ch, dri-...@lists.freedesktop.org, linux-...@vger.kernel.org, maarten....@linux.intel.com, mri...@kernel.org, syzkall...@googlegroups.com
#syz test: https://github.com/hqj/hqjagain_test.git drm
syzbot
Mar 14, 2020, 12:02:03 AM3/14/20
to air...@linux.ie, anen...@gmail.com, dan...@ffwll.ch, dri-...@lists.freedesktop.org, linux-...@vger.kernel.org, maarten....@linux.intel.com, mri...@kernel.org, syzkall...@googlegroups.com
Hello,
syzbot has tested the proposed patch but the reproducer still triggered crash:
WARNING in idr_destroy
RBP: 000000000076bf20 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000004
R13: 0000000000000203 R14: 00000000004c3e56 R15: 0000000000000008
------------[ cut here ]------------
WARNING: CPU: 1 PID: 9261 at lib/radix-tree.c:682 radix_tree_free_nodes lib/radix-tree.c:682 [inline]
WARNING: CPU: 1 PID: 9261 at lib/radix-tree.c:682 idr_destroy+0x1ae/0x260 lib/radix-tree.c:1572
RSP: 0018:ffffc90001e47ba0 EFLAGS: 00010293
RAX: ffffffff8817cc0e RBX: ffff8880914be458 RCX: ffff8880a6fee040
RDX: 0000000000000000 RSI: 0000000000000040 RDI: ffff8880914be448
RBP: ffffc90001e47be8 R08: ffffffff8817cb80 R09: ffffed10130a7981
R10: ffffed10130a7981 R11: 0000000000000000 R12: ffff8880914be440
Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00
RSP: 002b:00007f833d7e0c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
RAX: ffffffffffffffda RBX: 00007f833d7e16d4 RCX: 000000000045c479
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000004
R13: 0000000000000203 R14: 00000000004c3e56 R15: 0000000000000008
commit: 48d976f6 drm/lease: fix WARNING in idr_destroy
git tree: https://github.com/hqj/hqjagain_test.git drm
console output: https://syzkaller.appspot.com/x/log.txt?x=17a15753e00000
kernel config: https://syzkaller.appspot.com/x/.config?x=cec95cb58b6f6294
syzbot has tested the proposed patch but the reproducer still triggered crash:
WARNING in idr_destroy
RBP: 000000000076bf20 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000004
R13: 0000000000000203 R14: 00000000004c3e56 R15: 0000000000000008
------------[ cut here ]------------
WARNING: CPU: 1 PID: 9261 at lib/radix-tree.c:682 radix_tree_free_nodes lib/radix-tree.c:682 [inline]
WARNING: CPU: 1 PID: 9261 at lib/radix-tree.c:682 idr_destroy+0x1ae/0x260 lib/radix-tree.c:1572
Kernel panic - not syncing: panic_on_warn set ...
CPU: 1 PID: 9261 Comm: syz-executor.2 Not tainted 5.6.0-rc5-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
__dump_stack lib/dump_stack.c:77 [inline]
dump_stack+0x1fb/0x318 lib/dump_stack.c:118
panic+0x264/0x7a9 kernel/panic.c:221
__warn+0x209/0x210 kernel/panic.c:582
report_bug+0x1b6/0x2f0 lib/bug.c:195
fixup_bug arch/x86/kernel/traps.c:174 [inline]
do_error_trap+0xcf/0x1c0 arch/x86/kernel/traps.c:267
do_invalid_op+0x36/0x40 arch/x86/kernel/traps.c:286
invalid_op+0x23/0x30 arch/x86/entry/entry_64.S:1027
RIP: 0010:radix_tree_free_nodes lib/radix-tree.c:682 [inline]
RIP: 0010:idr_destroy+0x1ae/0x260 lib/radix-tree.c:1572
Code: 53 5f f9 48 89 df 48 c7 c6 10 73 17 88 e8 ca 6c 4c f9 4c 3b 65 b8 74 57 e8 7f 53 5f f9 4d 89 fc e9 67 ff ff ff e8 72 53 5f f9 <0f> 0b eb d5 89 f9 80 e1 07 38 c1 7c 84 e8 e0 85 9c f9 e9 7a ff ff
Call Trace:
__dump_stack lib/dump_stack.c:77 [inline]
dump_stack+0x1fb/0x318 lib/dump_stack.c:118
panic+0x264/0x7a9 kernel/panic.c:221
__warn+0x209/0x210 kernel/panic.c:582
report_bug+0x1b6/0x2f0 lib/bug.c:195
fixup_bug arch/x86/kernel/traps.c:174 [inline]
do_error_trap+0xcf/0x1c0 arch/x86/kernel/traps.c:267
do_invalid_op+0x36/0x40 arch/x86/kernel/traps.c:286
invalid_op+0x23/0x30 arch/x86/entry/entry_64.S:1027
RIP: 0010:radix_tree_free_nodes lib/radix-tree.c:682 [inline]
RIP: 0010:idr_destroy+0x1ae/0x260 lib/radix-tree.c:1572
RSP: 0018:ffffc90001e47ba0 EFLAGS: 00010293
RAX: ffffffff8817cc0e RBX: ffff8880914be458 RCX: ffff8880a6fee040
RDX: 0000000000000000 RSI: 0000000000000040 RDI: ffff8880914be448
RBP: ffffc90001e47be8 R08: ffffffff8817cb80 R09: ffffed10130a7981
R10: ffffed10130a7981 R11: 0000000000000000 R12: ffff8880914be440
R13: 0000000000000000 R14: dffffc0000000000 R15: 0000000000000000
drm_mode_create_lease_ioctl+0x133c/0x1860 drivers/gpu/drm/drm_lease.c:585
drm_ioctl_kernel+0x2cf/0x410 drivers/gpu/drm/drm_ioctl.c:786
drm_ioctl+0x52f/0x890 drivers/gpu/drm/drm_ioctl.c:886
vfs_ioctl fs/ioctl.c:47 [inline]
ksys_ioctl fs/ioctl.c:763 [inline]
__do_sys_ioctl fs/ioctl.c:772 [inline]
__se_sys_ioctl+0x113/0x190 fs/ioctl.c:770
__x64_sys_ioctl+0x7b/0x90 fs/ioctl.c:770
do_syscall_64+0xf7/0x1c0 arch/x86/entry/common.c:294
entry_SYSCALL_64_after_hwframe+0x49/0xbe
RIP: 0033:0x45c479
drm_ioctl+0x52f/0x890 drivers/gpu/drm/drm_ioctl.c:886
vfs_ioctl fs/ioctl.c:47 [inline]
ksys_ioctl fs/ioctl.c:763 [inline]
__do_sys_ioctl fs/ioctl.c:772 [inline]
__se_sys_ioctl+0x113/0x190 fs/ioctl.c:770
__x64_sys_ioctl+0x7b/0x90 fs/ioctl.c:770
do_syscall_64+0xf7/0x1c0 arch/x86/entry/common.c:294
entry_SYSCALL_64_after_hwframe+0x49/0xbe
Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00
RSP: 002b:00007f833d7e0c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
RAX: ffffffffffffffda RBX: 00007f833d7e16d4 RCX: 000000000045c479
RDX: 0000000020000040 RSI: ffffffffffffffc6 RDI: 0000000000000003
RBP: 000000000076bf20 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000004
R13: 0000000000000203 R14: 00000000004c3e56 R15: 0000000000000008
Kernel Offset: disabled
Rebooting in 86400 seconds..
Tested on:
Rebooting in 86400 seconds..
commit: 48d976f6 drm/lease: fix WARNING in idr_destroy
git tree: https://github.com/hqj/hqjagain_test.git drm
console output: https://syzkaller.appspot.com/x/log.txt?x=17a15753e00000
kernel config: https://syzkaller.appspot.com/x/.config?x=cec95cb58b6f6294
Qiujun Huang
Mar 14, 2020, 1:49:04 AM3/14/20
to syzbot, air...@linux.ie, dan...@ffwll.ch, dri-...@lists.freedesktop.org, linux-...@vger.kernel.org, maarten....@linux.intel.com, mri...@kernel.org, syzkall...@googlegroups.com
syzbot
Mar 14, 2020, 5:13:03 AM3/14/20
to air...@linux.ie, anen...@gmail.com, dan...@ffwll.ch, dri-...@lists.freedesktop.org, linux-...@vger.kernel.org, maarten....@linux.intel.com, mri...@kernel.org, syzkall...@googlegroups.com
Hello,
syzbot has tested the proposed patch but the reproducer still triggered crash:
WARNING in idr_destroy
RBP: 000000000076bf20 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000004
R13: 0000000000000203 R14: 00000000004c3e56 R15: 0000000000000008
------------[ cut here ]------------
WARNING: CPU: 0 PID: 9124 at lib/radix-tree.c:682 radix_tree_free_nodes lib/radix-tree.c:682 [inline]
syzbot has tested the proposed patch but the reproducer still triggered crash:
WARNING in idr_destroy
RBP: 000000000076bf20 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000004
R13: 0000000000000203 R14: 00000000004c3e56 R15: 0000000000000008
------------[ cut here ]------------
WARNING: CPU: 0 PID: 9124 at lib/radix-tree.c:682 idr_destroy+0x1ae/0x260 lib/radix-tree.c:1572
Kernel panic - not syncing: panic_on_warn set ...
CPU: 0 PID: 9124 Comm: syz-executor.0 Not tainted 5.6.0-rc5-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
__dump_stack lib/dump_stack.c:77 [inline]
dump_stack+0x1fb/0x318 lib/dump_stack.c:118
panic+0x264/0x7a9 kernel/panic.c:221
__warn+0x209/0x210 kernel/panic.c:582
report_bug+0x1b6/0x2f0 lib/bug.c:195
fixup_bug arch/x86/kernel/traps.c:174 [inline]
do_error_trap+0xcf/0x1c0 arch/x86/kernel/traps.c:267
do_invalid_op+0x36/0x40 arch/x86/kernel/traps.c:286
invalid_op+0x23/0x30 arch/x86/entry/entry_64.S:1027
RIP: 0010:radix_tree_free_nodes lib/radix-tree.c:682 [inline]
RIP: 0010:idr_destroy+0x1ae/0x260 lib/radix-tree.c:1572
Code: 43 5f f9 48 89 df 48 c7 c6 10 83 17 88 e8 ca 5c 4c f9 4c 3b 65 b8 74 57 e8 7f 43 5f f9 4d 89 fc e9 67 ff ff ff e8 72 43 5f f9 <0f> 0b eb d5 89 f9 80 e1 07 38 c1 7c 84 e8 e0 75 9c f9 e9 7a ff ff
Call Trace:
__dump_stack lib/dump_stack.c:77 [inline]
dump_stack+0x1fb/0x318 lib/dump_stack.c:118
panic+0x264/0x7a9 kernel/panic.c:221
__warn+0x209/0x210 kernel/panic.c:582
report_bug+0x1b6/0x2f0 lib/bug.c:195
fixup_bug arch/x86/kernel/traps.c:174 [inline]
do_error_trap+0xcf/0x1c0 arch/x86/kernel/traps.c:267
do_invalid_op+0x36/0x40 arch/x86/kernel/traps.c:286
invalid_op+0x23/0x30 arch/x86/entry/entry_64.S:1027
RIP: 0010:radix_tree_free_nodes lib/radix-tree.c:682 [inline]
RIP: 0010:idr_destroy+0x1ae/0x260 lib/radix-tree.c:1572
RSP: 0018:ffffc900021b7ba0 EFLAGS: 00010293
RAX: ffffffff8817dc0e RBX: ffff8880aa010598 RCX: ffff888096740440
RDX: 0000000000000000 RSI: 0000000000000040 RDI: ffff8880aa010588
RBP: ffffc900021b7be8 R08: ffffffff8817db80 R09: ffffed1011809f91
R10: ffffed1011809f91 R11: 0000000000000000 R12: ffff8880aa010580
R13: 0000000000000000 R14: dffffc0000000000 R15: 0000000000000000
drm_mode_create_lease_ioctl+0x13c9/0x18c0 drivers/gpu/drm/drm_lease.c:587
drm_ioctl_kernel+0x2cf/0x410 drivers/gpu/drm/drm_ioctl.c:786
drm_ioctl+0x52f/0x890 drivers/gpu/drm/drm_ioctl.c:886
vfs_ioctl fs/ioctl.c:47 [inline]
ksys_ioctl fs/ioctl.c:763 [inline]
__do_sys_ioctl fs/ioctl.c:772 [inline]
__se_sys_ioctl+0x113/0x190 fs/ioctl.c:770
__x64_sys_ioctl+0x7b/0x90 fs/ioctl.c:770
do_syscall_64+0xf7/0x1c0 arch/x86/entry/common.c:294
entry_SYSCALL_64_after_hwframe+0x49/0xbe
RIP: 0033:0x45c479
Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00
RSP: 002b:00007f680fc16c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
drm_ioctl+0x52f/0x890 drivers/gpu/drm/drm_ioctl.c:886
vfs_ioctl fs/ioctl.c:47 [inline]
ksys_ioctl fs/ioctl.c:763 [inline]
__do_sys_ioctl fs/ioctl.c:772 [inline]
__se_sys_ioctl+0x113/0x190 fs/ioctl.c:770
__x64_sys_ioctl+0x7b/0x90 fs/ioctl.c:770
do_syscall_64+0xf7/0x1c0 arch/x86/entry/common.c:294
entry_SYSCALL_64_after_hwframe+0x49/0xbe
RIP: 0033:0x45c479
Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00
RAX: ffffffffffffffda RBX: 00007f680fc176d4 RCX: 000000000045c479
RDX: 0000000020000040 RSI: ffffffffffffffc6 RDI: 0000000000000003
RBP: 000000000076bf20 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000004
R13: 0000000000000203 R14: 00000000004c3e56 R15: 0000000000000008
Kernel Offset: disabled
Rebooting in 86400 seconds..
Tested on:
commit: 7f398516 drm/lease: fix stack variable uninitialized
RBP: 000000000076bf20 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000004
R13: 0000000000000203 R14: 00000000004c3e56 R15: 0000000000000008
Kernel Offset: disabled
Rebooting in 86400 seconds..
Tested on:
git tree: https://github.com/hqj/hqjagain_test.git drm
console output: https://syzkaller.appspot.com/x/log.txt?x=1227a1f9e00000
syzbot
Mar 14, 2020, 9:22:04 AM3/14/20
to anen...@gmail.com, syzkall...@googlegroups.com
Hello,
syzbot has tested the proposed patch but the reproducer still triggered crash:
WARNING in idr_destroy
RBP: 000000000076bf20 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000004
R13: 0000000000000203 R14: 00000000004c3e56 R15: 0000000000000008
------------[ cut here ]------------
WARNING: CPU: 0 PID: 9508 at lib/radix-tree.c:682 radix_tree_free_nodes lib/radix-tree.c:682 [inline]
syzbot has tested the proposed patch but the reproducer still triggered crash:
WARNING in idr_destroy
RBP: 000000000076bf20 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000004
R13: 0000000000000203 R14: 00000000004c3e56 R15: 0000000000000008
------------[ cut here ]------------
WARNING: CPU: 0 PID: 9508 at lib/radix-tree.c:682 idr_destroy+0x1ae/0x260 lib/radix-tree.c:1572
Kernel panic - not syncing: panic_on_warn set ...
CPU: 0 PID: 9508 Comm: syz-executor.4 Not tainted 5.6.0-rc5-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
__dump_stack lib/dump_stack.c:77 [inline]
dump_stack+0x1fb/0x318 lib/dump_stack.c:118
panic+0x264/0x7a9 kernel/panic.c:221
__warn+0x209/0x210 kernel/panic.c:582
report_bug+0x1b6/0x2f0 lib/bug.c:195
fixup_bug arch/x86/kernel/traps.c:174 [inline]
do_error_trap+0xcf/0x1c0 arch/x86/kernel/traps.c:267
do_invalid_op+0x36/0x40 arch/x86/kernel/traps.c:286
invalid_op+0x23/0x30 arch/x86/entry/entry_64.S:1027
RIP: 0010:radix_tree_free_nodes lib/radix-tree.c:682 [inline]
RIP: 0010:idr_destroy+0x1ae/0x260 lib/radix-tree.c:1572
Code: 53 5f f9 48 89 df 48 c7 c6 10 73 17 88 e8 ca 6c 4c f9 4c 3b 65 b8 74 57 e8 7f 53 5f f9 4d 89 fc e9 67 ff ff ff e8 72 53 5f f9 <0f> 0b eb d5 89 f9 80 e1 07 38 c1 7c 84 e8 e0 85 9c f9 e9 7a ff ff
Call Trace:
__dump_stack lib/dump_stack.c:77 [inline]
dump_stack+0x1fb/0x318 lib/dump_stack.c:118
panic+0x264/0x7a9 kernel/panic.c:221
__warn+0x209/0x210 kernel/panic.c:582
report_bug+0x1b6/0x2f0 lib/bug.c:195
fixup_bug arch/x86/kernel/traps.c:174 [inline]
do_error_trap+0xcf/0x1c0 arch/x86/kernel/traps.c:267
do_invalid_op+0x36/0x40 arch/x86/kernel/traps.c:286
invalid_op+0x23/0x30 arch/x86/entry/entry_64.S:1027
RIP: 0010:radix_tree_free_nodes lib/radix-tree.c:682 [inline]
RIP: 0010:idr_destroy+0x1ae/0x260 lib/radix-tree.c:1572
RSP: 0018:ffffc90002e07b98 EFLAGS: 00010293
RAX: ffffffff8817cc0e RBX: ffff8880912d5398 RCX: ffff88809f87c280
RDX: 0000000000000000 RSI: 0000000000000040 RDI: ffff8880912d5388
RBP: ffffc90002e07be0 R08: ffffffff8817cb80 R09: ffffed1012082f91
R10: ffffed1012082f91 R11: 0000000000000000 R12: ffff8880912d5380
R13: 0000000000000000 R14: dffffc0000000000 R15: 0000000000000000
drm_mode_create_lease_ioctl+0x1397/0x1870 drivers/gpu/drm/drm_lease.c:588
drm_ioctl_kernel+0x2cf/0x410 drivers/gpu/drm/drm_ioctl.c:786
drm_ioctl+0x52f/0x890 drivers/gpu/drm/drm_ioctl.c:886
vfs_ioctl fs/ioctl.c:47 [inline]
ksys_ioctl fs/ioctl.c:763 [inline]
__do_sys_ioctl fs/ioctl.c:772 [inline]
__se_sys_ioctl+0x113/0x190 fs/ioctl.c:770
__x64_sys_ioctl+0x7b/0x90 fs/ioctl.c:770
do_syscall_64+0xf7/0x1c0 arch/x86/entry/common.c:294
entry_SYSCALL_64_after_hwframe+0x49/0xbe
RIP: 0033:0x45c479
Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00
RSP: 002b:00007fb93480fc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
drm_ioctl+0x52f/0x890 drivers/gpu/drm/drm_ioctl.c:886
vfs_ioctl fs/ioctl.c:47 [inline]
ksys_ioctl fs/ioctl.c:763 [inline]
__do_sys_ioctl fs/ioctl.c:772 [inline]
__se_sys_ioctl+0x113/0x190 fs/ioctl.c:770
__x64_sys_ioctl+0x7b/0x90 fs/ioctl.c:770
do_syscall_64+0xf7/0x1c0 arch/x86/entry/common.c:294
entry_SYSCALL_64_after_hwframe+0x49/0xbe
RIP: 0033:0x45c479
Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00
RAX: ffffffffffffffda RBX: 00007fb9348106d4 RCX: 000000000045c479
RDX: 0000000020000040 RSI: ffffffffffffffc6 RDI: 0000000000000003
RBP: 000000000076bf20 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000004
R13: 0000000000000203 R14: 00000000004c3e56 R15: 0000000000000008
Kernel Offset: disabled
Rebooting in 86400 seconds..
Tested on:
commit: acf3dd38 drm/release: fix warning in idr_destory
RBP: 000000000076bf20 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000004
R13: 0000000000000203 R14: 00000000004c3e56 R15: 0000000000000008
Kernel Offset: disabled
Rebooting in 86400 seconds..
Tested on:
git tree: https://github.com/hqj/hqjagain_test.git drm
console output: https://syzkaller.appspot.com/x/log.txt?x=12210d45e00000
syzbot
Mar 14, 2020, 2:38:03 PM3/14/20
to anen...@gmail.com, syzkall...@googlegroups.com
Hello,
syzbot has tested the proposed patch but the reproducer still triggered crash:
WARNING in idr_destroy
RSP: 002b:00007f889ce46c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
syzbot has tested the proposed patch but the reproducer still triggered crash:
WARNING in idr_destroy
RAX: ffffffffffffffda RBX: 00007f889ce476d4 RCX: 000000000045c479
RDX: 0000000020000040 RSI: ffffffffffffffc6 RDI: 0000000000000003
RBP: 000000000076bf20 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000004
R13: 0000000000000203 R14: 00000000004c3e56 R15: 0000000000000008
------------[ cut here ]------------
RBP: 000000000076bf20 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000004
R13: 0000000000000203 R14: 00000000004c3e56 R15: 0000000000000008
WARNING: CPU: 0 PID: 9669 at lib/radix-tree.c:682 radix_tree_free_nodes lib/radix-tree.c:682 [inline]
WARNING: CPU: 0 PID: 9669 at lib/radix-tree.c:682 idr_destroy+0x1ae/0x260 lib/radix-tree.c:1572
Kernel panic - not syncing: panic_on_warn set ...
CPU: 0 PID: 9669 Comm: syz-executor.5 Not tainted 5.6.0-rc5-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
__dump_stack lib/dump_stack.c:77 [inline]
dump_stack+0x1fb/0x318 lib/dump_stack.c:118
panic+0x264/0x7a9 kernel/panic.c:221
__warn+0x209/0x210 kernel/panic.c:582
report_bug+0x1b6/0x2f0 lib/bug.c:195
fixup_bug arch/x86/kernel/traps.c:174 [inline]
do_error_trap+0xcf/0x1c0 arch/x86/kernel/traps.c:267
do_invalid_op+0x36/0x40 arch/x86/kernel/traps.c:286
invalid_op+0x23/0x30 arch/x86/entry/entry_64.S:1027
RIP: 0010:radix_tree_free_nodes lib/radix-tree.c:682 [inline]
RIP: 0010:idr_destroy+0x1ae/0x260 lib/radix-tree.c:1572
Code: 43 5f f9 48 89 df 48 c7 c6 10 83 17 88 e8 ca 5c 4c f9 4c 3b 65 b8 74 57 e8 7f 43 5f f9 4d 89 fc e9 67 ff ff ff e8 72 43 5f f9 <0f> 0b eb d5 89 f9 80 e1 07 38 c1 7c 84 e8 e0 75 9c f9 e9 7a ff ff
Call Trace:
__dump_stack lib/dump_stack.c:77 [inline]
dump_stack+0x1fb/0x318 lib/dump_stack.c:118
panic+0x264/0x7a9 kernel/panic.c:221
__warn+0x209/0x210 kernel/panic.c:582
report_bug+0x1b6/0x2f0 lib/bug.c:195
fixup_bug arch/x86/kernel/traps.c:174 [inline]
do_error_trap+0xcf/0x1c0 arch/x86/kernel/traps.c:267
do_invalid_op+0x36/0x40 arch/x86/kernel/traps.c:286
invalid_op+0x23/0x30 arch/x86/entry/entry_64.S:1027
RIP: 0010:radix_tree_free_nodes lib/radix-tree.c:682 [inline]
RIP: 0010:idr_destroy+0x1ae/0x260 lib/radix-tree.c:1572
RSP: 0018:ffffc9000372fb98 EFLAGS: 00010293
RAX: ffffffff8817dc0e RBX: ffff88808bbf68d8 RCX: ffff8880a03720c0
RDX: 0000000000000000 RSI: 0000000000000040 RDI: ffff88808bbf68c8
RBP: ffffc9000372fbe0 R08: ffffffff8817db80 R09: ffffed101218ae31
R10: ffffed101218ae31 R11: 0000000000000000 R12: ffff88808bbf68c0
R13: 0000000000000000 R14: dffffc0000000000 R15: 0000000000000000
drm_mode_create_lease_ioctl+0x1394/0x1840 drivers/gpu/drm/drm_lease.c:608
drm_ioctl_kernel+0x2cf/0x410 drivers/gpu/drm/drm_ioctl.c:786
drm_ioctl+0x52f/0x890 drivers/gpu/drm/drm_ioctl.c:886
vfs_ioctl fs/ioctl.c:47 [inline]
ksys_ioctl fs/ioctl.c:763 [inline]
__do_sys_ioctl fs/ioctl.c:772 [inline]
__se_sys_ioctl+0x113/0x190 fs/ioctl.c:770
__x64_sys_ioctl+0x7b/0x90 fs/ioctl.c:770
do_syscall_64+0xf7/0x1c0 arch/x86/entry/common.c:294
entry_SYSCALL_64_after_hwframe+0x49/0xbe
RIP: 0033:0x45c479
Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00
RSP: 002b:00007f889ce46c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
drm_ioctl+0x52f/0x890 drivers/gpu/drm/drm_ioctl.c:886
vfs_ioctl fs/ioctl.c:47 [inline]
ksys_ioctl fs/ioctl.c:763 [inline]
__do_sys_ioctl fs/ioctl.c:772 [inline]
__se_sys_ioctl+0x113/0x190 fs/ioctl.c:770
__x64_sys_ioctl+0x7b/0x90 fs/ioctl.c:770
do_syscall_64+0xf7/0x1c0 arch/x86/entry/common.c:294
entry_SYSCALL_64_after_hwframe+0x49/0xbe
RIP: 0033:0x45c479
Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00
RAX: ffffffffffffffda RBX: 00007f889ce476d4 RCX: 000000000045c479
RDX: 0000000020000040 RSI: ffffffffffffffc6 RDI: 0000000000000003
RBP: 000000000076bf20 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000004
R13: 0000000000000203 R14: 00000000004c3e56 R15: 0000000000000008
Kernel Offset: disabled
Rebooting in 86400 seconds..
Tested on:
commit: f2600320 add log
RBP: 000000000076bf20 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000004
R13: 0000000000000203 R14: 00000000004c3e56 R15: 0000000000000008
Kernel Offset: disabled
Rebooting in 86400 seconds..
Tested on:
git tree: https://github.com/hqj/hqjagain_test.git drm
console output: https://syzkaller.appspot.com/x/log.txt?x=161cc52de00000
syzbot
Mar 14, 2020, 2:47:04 PM3/14/20
to anen...@gmail.com, syzkall...@googlegroups.com
Hello,
syzbot has tested the proposed patch but the reproducer still triggered crash:
WARNING in idr_destroy
syzbot has tested the proposed patch but the reproducer still triggered crash:
WARNING in idr_destroy
RBP: 000000000076bf20 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000004
R13: 0000000000000203 R14: 00000000004c3e56 R15: 0000000000000008
------------[ cut here ]------------
WARNING: CPU: 0 PID: 9346 at lib/radix-tree.c:682 radix_tree_free_nodes lib/radix-tree.c:682 [inline]
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000004
R13: 0000000000000203 R14: 00000000004c3e56 R15: 0000000000000008
------------[ cut here ]------------
WARNING: CPU: 0 PID: 9346 at lib/radix-tree.c:682 idr_destroy+0x1ae/0x260 lib/radix-tree.c:1572
Kernel panic - not syncing: panic_on_warn set ...
CPU: 0 PID: 9346 Comm: syz-executor.3 Not tainted 5.6.0-rc5-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
__dump_stack lib/dump_stack.c:77 [inline]
dump_stack+0x1fb/0x318 lib/dump_stack.c:118
panic+0x264/0x7a9 kernel/panic.c:221
__warn+0x209/0x210 kernel/panic.c:582
report_bug+0x1b6/0x2f0 lib/bug.c:195
fixup_bug arch/x86/kernel/traps.c:174 [inline]
do_error_trap+0xcf/0x1c0 arch/x86/kernel/traps.c:267
do_invalid_op+0x36/0x40 arch/x86/kernel/traps.c:286
invalid_op+0x23/0x30 arch/x86/entry/entry_64.S:1027
RIP: 0010:radix_tree_free_nodes lib/radix-tree.c:682 [inline]
RIP: 0010:idr_destroy+0x1ae/0x260 lib/radix-tree.c:1572
Code: 43 5f f9 48 89 df 48 c7 c6 10 83 17 88 e8 ca 5c 4c f9 4c 3b 65 b8 74 57 e8 7f 43 5f f9 4d 89 fc e9 67 ff ff ff e8 72 43 5f f9 <0f> 0b eb d5 89 f9 80 e1 07 38 c1 7c 84 e8 e0 75 9c f9 e9 7a ff ff
RSP: 0018:ffffc9000261fb98 EFLAGS: 00010293
Call Trace:
__dump_stack lib/dump_stack.c:77 [inline]
dump_stack+0x1fb/0x318 lib/dump_stack.c:118
panic+0x264/0x7a9 kernel/panic.c:221
__warn+0x209/0x210 kernel/panic.c:582
report_bug+0x1b6/0x2f0 lib/bug.c:195
fixup_bug arch/x86/kernel/traps.c:174 [inline]
do_error_trap+0xcf/0x1c0 arch/x86/kernel/traps.c:267
do_invalid_op+0x36/0x40 arch/x86/kernel/traps.c:286
invalid_op+0x23/0x30 arch/x86/entry/entry_64.S:1027
RIP: 0010:radix_tree_free_nodes lib/radix-tree.c:682 [inline]
RIP: 0010:idr_destroy+0x1ae/0x260 lib/radix-tree.c:1572
Code: 43 5f f9 48 89 df 48 c7 c6 10 83 17 88 e8 ca 5c 4c f9 4c 3b 65 b8 74 57 e8 7f 43 5f f9 4d 89 fc e9 67 ff ff ff e8 72 43 5f f9 <0f> 0b eb d5 89 f9 80 e1 07 38 c1 7c 84 e8 e0 75 9c f9 e9 7a ff ff
RAX: ffffffff8817dc0e RBX: ffff888092604c98 RCX: ffff888096484380
RDX: 0000000000000000 RSI: 0000000000000040 RDI: ffff888092604c88
RBP: ffffc9000261fbe0 R08: ffffffff8817db80 R09: ffffed10130c4299
R10: ffffed10130c4299 R11: 0000000000000000 R12: ffff888092604c80
R13: 0000000000000000 R14: dffffc0000000000 R15: 0000000000000000
drm_mode_create_lease_ioctl+0x1394/0x1840 drivers/gpu/drm/drm_lease.c:608
drm_ioctl_kernel+0x2cf/0x410 drivers/gpu/drm/drm_ioctl.c:786
drm_ioctl+0x52f/0x890 drivers/gpu/drm/drm_ioctl.c:886
vfs_ioctl fs/ioctl.c:47 [inline]
ksys_ioctl fs/ioctl.c:763 [inline]
__do_sys_ioctl fs/ioctl.c:772 [inline]
__se_sys_ioctl+0x113/0x190 fs/ioctl.c:770
__x64_sys_ioctl+0x7b/0x90 fs/ioctl.c:770
do_syscall_64+0xf7/0x1c0 arch/x86/entry/common.c:294
entry_SYSCALL_64_after_hwframe+0x49/0xbe
RIP: 0033:0x45c479
Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00
RSP: 002b:00007fa1cc721c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
drm_mode_create_lease_ioctl+0x1394/0x1840 drivers/gpu/drm/drm_lease.c:608
drm_ioctl_kernel+0x2cf/0x410 drivers/gpu/drm/drm_ioctl.c:786
drm_ioctl+0x52f/0x890 drivers/gpu/drm/drm_ioctl.c:886
vfs_ioctl fs/ioctl.c:47 [inline]
ksys_ioctl fs/ioctl.c:763 [inline]
__do_sys_ioctl fs/ioctl.c:772 [inline]
__se_sys_ioctl+0x113/0x190 fs/ioctl.c:770
__x64_sys_ioctl+0x7b/0x90 fs/ioctl.c:770
do_syscall_64+0xf7/0x1c0 arch/x86/entry/common.c:294
entry_SYSCALL_64_after_hwframe+0x49/0xbe
RIP: 0033:0x45c479
Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00
RAX: ffffffffffffffda RBX: 00007fa1cc7226d4 RCX: 000000000045c479
RDX: 0000000020000040 RSI: ffffffffffffffc6 RDI: 0000000000000003
RBP: 000000000076bf20 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000004
R13: 0000000000000203 R14: 00000000004c3e56 R15: 0000000000000008
Kernel Offset: disabled
Rebooting in 86400 seconds..
Tested on:
commit: f2600320 add log
git tree: https://github.com/hqj/hqjagain_test.git drm
console output: https://syzkaller.appspot.com/x/log.txt?x=13b71619e00000
RBP: 000000000076bf20 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000004
R13: 0000000000000203 R14: 00000000004c3e56 R15: 0000000000000008
Kernel Offset: disabled
Rebooting in 86400 seconds..
Tested on:
commit: f2600320 add log
git tree: https://github.com/hqj/hqjagain_test.git drm
syzbot
Mar 14, 2020, 8:36:04 PM3/14/20
to anen...@gmail.com, syzkall...@googlegroups.com
Hello,
syzbot has tested the proposed patch but the reproducer still triggered crash:
WARNING in idr_destroy
RBP: 000000000076bf20 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000004
R13: 0000000000000203 R14: 00000000004c3e56 R15: 0000000000000008
------------[ cut here ]------------
WARNING: CPU: 0 PID: 9015 at lib/radix-tree.c:682 radix_tree_free_nodes lib/radix-tree.c:682 [inline]
syzbot has tested the proposed patch but the reproducer still triggered crash:
WARNING in idr_destroy
RBP: 000000000076bf20 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000004
R13: 0000000000000203 R14: 00000000004c3e56 R15: 0000000000000008
------------[ cut here ]------------
WARNING: CPU: 0 PID: 9015 at lib/radix-tree.c:682 idr_destroy+0x1ae/0x260 lib/radix-tree.c:1572
Kernel panic - not syncing: panic_on_warn set ...
CPU: 0 PID: 9015 Comm: syz-executor.0 Not tainted 5.6.0-rc5-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
__dump_stack lib/dump_stack.c:77 [inline]
dump_stack+0x1fb/0x318 lib/dump_stack.c:118
panic+0x264/0x7a9 kernel/panic.c:221
__warn+0x209/0x210 kernel/panic.c:582
report_bug+0x1b6/0x2f0 lib/bug.c:195
fixup_bug arch/x86/kernel/traps.c:174 [inline]
do_error_trap+0xcf/0x1c0 arch/x86/kernel/traps.c:267
do_invalid_op+0x36/0x40 arch/x86/kernel/traps.c:286
invalid_op+0x23/0x30 arch/x86/entry/entry_64.S:1027
RIP: 0010:radix_tree_free_nodes lib/radix-tree.c:682 [inline]
RIP: 0010:idr_destroy+0x1ae/0x260 lib/radix-tree.c:1572
Code: 53 5f f9 48 89 df 48 c7 c6 10 73 17 88 e8 ca 6c 4c f9 4c 3b 65 b8 74 57 e8 7f 53 5f f9 4d 89 fc e9 67 ff ff ff e8 72 53 5f f9 <0f> 0b eb d5 89 f9 80 e1 07 38 c1 7c 84 e8 e0 85 9c f9 e9 7a ff ff
Call Trace:
__dump_stack lib/dump_stack.c:77 [inline]
dump_stack+0x1fb/0x318 lib/dump_stack.c:118
panic+0x264/0x7a9 kernel/panic.c:221
__warn+0x209/0x210 kernel/panic.c:582
report_bug+0x1b6/0x2f0 lib/bug.c:195
fixup_bug arch/x86/kernel/traps.c:174 [inline]
do_error_trap+0xcf/0x1c0 arch/x86/kernel/traps.c:267
do_invalid_op+0x36/0x40 arch/x86/kernel/traps.c:286
invalid_op+0x23/0x30 arch/x86/entry/entry_64.S:1027
RIP: 0010:radix_tree_free_nodes lib/radix-tree.c:682 [inline]
RIP: 0010:idr_destroy+0x1ae/0x260 lib/radix-tree.c:1572
RSP: 0018:ffffc90007c9fb98 EFLAGS: 00010293
RAX: ffffffff8817cc0e RBX: ffff888091dd7158 RCX: ffff888098304140
RDX: 0000000000000000 RSI: 0000000000000040 RDI: ffff888091dd7148
RBP: ffffc90007c9fbe0 R08: ffffffff8817cb80 R09: ffffed10131c9991
R10: ffffed10131c9991 R11: 0000000000000000 R12: ffff888091dd7140
R13: 0000000000000000 R14: dffffc0000000000 R15: 0000000000000000
drm_mode_create_lease_ioctl+0x1397/0x1870 drivers/gpu/drm/drm_lease.c:588
drm_ioctl_kernel+0x2cf/0x410 drivers/gpu/drm/drm_ioctl.c:786
drm_ioctl+0x52f/0x890 drivers/gpu/drm/drm_ioctl.c:886
vfs_ioctl fs/ioctl.c:47 [inline]
ksys_ioctl fs/ioctl.c:763 [inline]
__do_sys_ioctl fs/ioctl.c:772 [inline]
__se_sys_ioctl+0x113/0x190 fs/ioctl.c:770
__x64_sys_ioctl+0x7b/0x90 fs/ioctl.c:770
do_syscall_64+0xf7/0x1c0 arch/x86/entry/common.c:294
entry_SYSCALL_64_after_hwframe+0x49/0xbe
RIP: 0033:0x45c479
Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00
RSP: 002b:00007f688d2a0c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
drm_ioctl+0x52f/0x890 drivers/gpu/drm/drm_ioctl.c:886
vfs_ioctl fs/ioctl.c:47 [inline]
ksys_ioctl fs/ioctl.c:763 [inline]
__do_sys_ioctl fs/ioctl.c:772 [inline]
__se_sys_ioctl+0x113/0x190 fs/ioctl.c:770
__x64_sys_ioctl+0x7b/0x90 fs/ioctl.c:770
do_syscall_64+0xf7/0x1c0 arch/x86/entry/common.c:294
entry_SYSCALL_64_after_hwframe+0x49/0xbe
RIP: 0033:0x45c479
Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00
RAX: ffffffffffffffda RBX: 00007f688d2a16d4 RCX: 000000000045c479
RDX: 0000000020000040 RSI: ffffffffffffffc6 RDI: 0000000000000003
RBP: 000000000076bf20 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000004
R13: 0000000000000203 R14: 00000000004c3e56 R15: 0000000000000008
Kernel Offset: disabled
Rebooting in 86400 seconds..
Tested on:
commit: 682dec1b log for lease
RBP: 000000000076bf20 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000004
R13: 0000000000000203 R14: 00000000004c3e56 R15: 0000000000000008
Kernel Offset: disabled
Rebooting in 86400 seconds..
Tested on:
git tree: https://github.com/hqj/hqjagain_test.git drm
console output: https://syzkaller.appspot.com/x/log.txt?x=17652555e00000
syzbot
Mar 14, 2020, 8:57:03 PM3/14/20
to anen...@gmail.com, syzkall...@googlegroups.com
Hello,
syzbot has tested the proposed patch but the reproducer still triggered crash:
WARNING in idr_destroy
RBP: 000000000076bf20 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000004
R13: 0000000000000203 R14: 00000000004c3e56 R15: 0000000000000008
------------[ cut here ]------------
WARNING: CPU: 1 PID: 9226 at lib/radix-tree.c:682 radix_tree_free_nodes lib/radix-tree.c:682 [inline]
syzbot has tested the proposed patch but the reproducer still triggered crash:
WARNING in idr_destroy
RBP: 000000000076bf20 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000004
R13: 0000000000000203 R14: 00000000004c3e56 R15: 0000000000000008
------------[ cut here ]------------
WARNING: CPU: 1 PID: 9226 at lib/radix-tree.c:682 idr_destroy+0x1ae/0x260 lib/radix-tree.c:1572
Kernel panic - not syncing: panic_on_warn set ...
CPU: 1 PID: 9226 Comm: syz-executor.1 Not tainted 5.6.0-rc5-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
__dump_stack lib/dump_stack.c:77 [inline]
dump_stack+0x1fb/0x318 lib/dump_stack.c:118
panic+0x264/0x7a9 kernel/panic.c:221
__warn+0x209/0x210 kernel/panic.c:582
report_bug+0x1b6/0x2f0 lib/bug.c:195
fixup_bug arch/x86/kernel/traps.c:174 [inline]
do_error_trap+0xcf/0x1c0 arch/x86/kernel/traps.c:267
do_invalid_op+0x36/0x40 arch/x86/kernel/traps.c:286
invalid_op+0x23/0x30 arch/x86/entry/entry_64.S:1027
RIP: 0010:radix_tree_free_nodes lib/radix-tree.c:682 [inline]
RIP: 0010:idr_destroy+0x1ae/0x260 lib/radix-tree.c:1572
Code: 53 5f f9 48 89 df 48 c7 c6 10 73 17 88 e8 ca 6c 4c f9 4c 3b 65 b8 74 57 e8 7f 53 5f f9 4d 89 fc e9 67 ff ff ff e8 72 53 5f f9 <0f> 0b eb d5 89 f9 80 e1 07 38 c1 7c 84 e8 e0 85 9c f9 e9 7a ff ff
RSP: 0018:ffffc90002157b98 EFLAGS: 00010293
Call Trace:
__dump_stack lib/dump_stack.c:77 [inline]
dump_stack+0x1fb/0x318 lib/dump_stack.c:118
panic+0x264/0x7a9 kernel/panic.c:221
__warn+0x209/0x210 kernel/panic.c:582
report_bug+0x1b6/0x2f0 lib/bug.c:195
fixup_bug arch/x86/kernel/traps.c:174 [inline]
do_error_trap+0xcf/0x1c0 arch/x86/kernel/traps.c:267
do_invalid_op+0x36/0x40 arch/x86/kernel/traps.c:286
invalid_op+0x23/0x30 arch/x86/entry/entry_64.S:1027
RIP: 0010:radix_tree_free_nodes lib/radix-tree.c:682 [inline]
RIP: 0010:idr_destroy+0x1ae/0x260 lib/radix-tree.c:1572
Code: 53 5f f9 48 89 df 48 c7 c6 10 73 17 88 e8 ca 6c 4c f9 4c 3b 65 b8 74 57 e8 7f 53 5f f9 4d 89 fc e9 67 ff ff ff e8 72 53 5f f9 <0f> 0b eb d5 89 f9 80 e1 07 38 c1 7c 84 e8 e0 85 9c f9 e9 7a ff ff
RAX: ffffffff8817cc0e RBX: ffff888096005c58 RCX: ffff888092fe0500
RDX: 0000000000000000 RSI: 0000000000000040 RDI: ffff888096005c48
RBP: ffffc90002157be0 R08: ffffffff8817cb80 R09: ffffed1012cf3719
R10: ffffed1012cf3719 R11: 0000000000000000 R12: ffff888096005c40
R13: 0000000000000000 R14: dffffc0000000000 R15: 0000000000000000
drm_mode_create_lease_ioctl+0x1397/0x1870 drivers/gpu/drm/drm_lease.c:588
drm_ioctl_kernel+0x2cf/0x410 drivers/gpu/drm/drm_ioctl.c:786
drm_ioctl+0x52f/0x890 drivers/gpu/drm/drm_ioctl.c:886
vfs_ioctl fs/ioctl.c:47 [inline]
ksys_ioctl fs/ioctl.c:763 [inline]
__do_sys_ioctl fs/ioctl.c:772 [inline]
__se_sys_ioctl+0x113/0x190 fs/ioctl.c:770
__x64_sys_ioctl+0x7b/0x90 fs/ioctl.c:770
do_syscall_64+0xf7/0x1c0 arch/x86/entry/common.c:294
entry_SYSCALL_64_after_hwframe+0x49/0xbe
RIP: 0033:0x45c479
Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00
RSP: 002b:00007f750df38c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
drm_mode_create_lease_ioctl+0x1397/0x1870 drivers/gpu/drm/drm_lease.c:588
drm_ioctl_kernel+0x2cf/0x410 drivers/gpu/drm/drm_ioctl.c:786
drm_ioctl+0x52f/0x890 drivers/gpu/drm/drm_ioctl.c:886
vfs_ioctl fs/ioctl.c:47 [inline]
ksys_ioctl fs/ioctl.c:763 [inline]
__do_sys_ioctl fs/ioctl.c:772 [inline]
__se_sys_ioctl+0x113/0x190 fs/ioctl.c:770
__x64_sys_ioctl+0x7b/0x90 fs/ioctl.c:770
do_syscall_64+0xf7/0x1c0 arch/x86/entry/common.c:294
entry_SYSCALL_64_after_hwframe+0x49/0xbe
RIP: 0033:0x45c479
Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00
RAX: ffffffffffffffda RBX: 00007f750df396d4 RCX: 000000000045c479
RDX: 0000000020000040 RSI: ffffffffffffffc6 RDI: 0000000000000003
RBP: 000000000076bf20 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000004
R13: 0000000000000203 R14: 00000000004c3e56 R15: 0000000000000008
Kernel Offset: disabled
Rebooting in 86400 seconds..
Tested on:
commit: cce73214 debug log
RBP: 000000000076bf20 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000004
R13: 0000000000000203 R14: 00000000004c3e56 R15: 0000000000000008
Kernel Offset: disabled
Rebooting in 86400 seconds..
Tested on:
git tree: https://github.com/hqj/hqjagain_test.git drm
console output: https://syzkaller.appspot.com/x/log.txt?x=117e9919e00000
syzbot
Mar 14, 2020, 10:05:04 PM3/14/20
to anen...@gmail.com, syzkall...@googlegroups.com
Hello,
syzbot has tested the proposed patch but the reproducer still triggered crash:
WARNING in idr_destroy
------------[ cut here ]------------
syzbot has tested the proposed patch but the reproducer still triggered crash:
WARNING in idr_destroy
WARNING: CPU: 0 PID: 8861 at lib/radix-tree.c:682 radix_tree_free_nodes lib/radix-tree.c:682 [inline]
WARNING: CPU: 0 PID: 8861 at lib/radix-tree.c:682 idr_destroy+0x1ae/0x260 lib/radix-tree.c:1572
Kernel panic - not syncing: panic_on_warn set ...
CPU: 0 PID: 8861 Comm: syz-executor.2 Not tainted 5.6.0-rc5-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
__dump_stack lib/dump_stack.c:77 [inline]
dump_stack+0x1fb/0x318 lib/dump_stack.c:118
panic+0x264/0x7a9 kernel/panic.c:221
__warn+0x209/0x210 kernel/panic.c:582
report_bug+0x1b6/0x2f0 lib/bug.c:195
fixup_bug arch/x86/kernel/traps.c:174 [inline]
do_error_trap+0xcf/0x1c0 arch/x86/kernel/traps.c:267
do_invalid_op+0x36/0x40 arch/x86/kernel/traps.c:286
invalid_op+0x23/0x30 arch/x86/entry/entry_64.S:1027
RIP: 0010:radix_tree_free_nodes lib/radix-tree.c:682 [inline]
RIP: 0010:idr_destroy+0x1ae/0x260 lib/radix-tree.c:1572
Code: 53 5f f9 48 89 df 48 c7 c6 10 73 17 88 e8 ca 6c 4c f9 4c 3b 65 b8 74 57 e8 7f 53 5f f9 4d 89 fc e9 67 ff ff ff e8 72 53 5f f9 <0f> 0b eb d5 89 f9 80 e1 07 38 c1 7c 84 e8 e0 85 9c f9 e9 7a ff ff
RSP: 0018:ffffc90004677b90 EFLAGS: 00010293
Call Trace:
__dump_stack lib/dump_stack.c:77 [inline]
dump_stack+0x1fb/0x318 lib/dump_stack.c:118
panic+0x264/0x7a9 kernel/panic.c:221
__warn+0x209/0x210 kernel/panic.c:582
report_bug+0x1b6/0x2f0 lib/bug.c:195
fixup_bug arch/x86/kernel/traps.c:174 [inline]
do_error_trap+0xcf/0x1c0 arch/x86/kernel/traps.c:267
do_invalid_op+0x36/0x40 arch/x86/kernel/traps.c:286
invalid_op+0x23/0x30 arch/x86/entry/entry_64.S:1027
RIP: 0010:radix_tree_free_nodes lib/radix-tree.c:682 [inline]
RIP: 0010:idr_destroy+0x1ae/0x260 lib/radix-tree.c:1572
Code: 53 5f f9 48 89 df 48 c7 c6 10 73 17 88 e8 ca 6c 4c f9 4c 3b 65 b8 74 57 e8 7f 53 5f f9 4d 89 fc e9 67 ff ff ff e8 72 53 5f f9 <0f> 0b eb d5 89 f9 80 e1 07 38 c1 7c 84 e8 e0 85 9c f9 e9 7a ff ff
RAX: ffffffff8817cc0e RBX: ffff888091291a18 RCX: ffff8880988c40c0
RDX: 0000000000000000 RSI: 0000000000000040 RDI: ffff888091291a08
RBP: ffffc90004677bd8 R08: ffffffff8817cb80 R09: ffffed101268d789
R10: ffffed101268d789 R11: 0000000000000000 R12: ffff888091291a00
R13: 0000000000000000 R14: dffffc0000000000 R15: 0000000000000000
drm_mode_create_lease_ioctl+0x125c/0x18d0 drivers/gpu/drm/drm_lease.c:588
drm_ioctl_kernel+0x2cf/0x410 drivers/gpu/drm/drm_ioctl.c:786
drm_ioctl+0x52f/0x890 drivers/gpu/drm/drm_ioctl.c:886
vfs_ioctl fs/ioctl.c:47 [inline]
ksys_ioctl fs/ioctl.c:763 [inline]
__do_sys_ioctl fs/ioctl.c:772 [inline]
__se_sys_ioctl+0x113/0x190 fs/ioctl.c:770
__x64_sys_ioctl+0x7b/0x90 fs/ioctl.c:770
do_syscall_64+0xf7/0x1c0 arch/x86/entry/common.c:294
entry_SYSCALL_64_after_hwframe+0x49/0xbe
RIP: 0033:0x45c479
Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00
RSP: 002b:00007f9010a26c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
drm_ioctl+0x52f/0x890 drivers/gpu/drm/drm_ioctl.c:886
vfs_ioctl fs/ioctl.c:47 [inline]
ksys_ioctl fs/ioctl.c:763 [inline]
__do_sys_ioctl fs/ioctl.c:772 [inline]
__se_sys_ioctl+0x113/0x190 fs/ioctl.c:770
__x64_sys_ioctl+0x7b/0x90 fs/ioctl.c:770
do_syscall_64+0xf7/0x1c0 arch/x86/entry/common.c:294
entry_SYSCALL_64_after_hwframe+0x49/0xbe
RIP: 0033:0x45c479
Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00
RAX: ffffffffffffffda RBX: 00007f9010a276d4 RCX: 000000000045c479
RDX: 0000000020000040 RSI: ffffffffffffffc6 RDI: 0000000000000003
RBP: 000000000076bf20 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000004
R13: 0000000000000203 R14: 00000000004c3e56 R15: 0000000000000008
Kernel Offset: disabled
Rebooting in 86400 seconds..
Tested on:
commit: 9af693c5 log in detail
RBP: 000000000076bf20 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000004
R13: 0000000000000203 R14: 00000000004c3e56 R15: 0000000000000008
Kernel Offset: disabled
Rebooting in 86400 seconds..
Tested on:
git tree: https://github.com/hqj/hqjagain_test.git drm
console output: https://syzkaller.appspot.com/x/log.txt?x=158077fde00000
syzbot
Mar 15, 2020, 2:10:02 AM3/15/20
to anen...@gmail.com, syzkall...@googlegroups.com
Hello,
syzbot has tested the proposed patch but the reproducer still triggered crash:
WARNING in idr_destroy
syzbot has tested the proposed patch but the reproducer still triggered crash:
WARNING in idr_destroy
RDX: 0000000020000040 RSI: ffffffffffffffc6 RDI: 0000000000000003
RBP: 000000000076bf20 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000004
R13: 0000000000000203 R14: 00000000004c3e56 R15: 0000000000000008
hqjagain: lessor 0xffff88809ec55400. drm_mode_create_lease_ioctl 583
RBP: 000000000076bf20 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000004
R13: 0000000000000203 R14: 00000000004c3e56 R15: 0000000000000008
hqjagain: lessor 0xffff88809ec55800. drm_master_destroy 332
hqjagain: lessor 0xffff88809ec55800. drm_master_destroy 342
------------[ cut here ]------------
WARNING: CPU: 1 PID: 9307 at lib/radix-tree.c:682 radix_tree_free_nodes lib/radix-tree.c:682 [inline]
WARNING: CPU: 1 PID: 9307 at lib/radix-tree.c:682 idr_destroy+0x1ae/0x260 lib/radix-tree.c:1572
Kernel panic - not syncing: panic_on_warn set ...
CPU: 1 PID: 9307 Comm: syz-executor.2 Not tainted 5.6.0-rc5-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
__dump_stack lib/dump_stack.c:77 [inline]
dump_stack+0x1fb/0x318 lib/dump_stack.c:118
panic+0x264/0x7a9 kernel/panic.c:221
__warn+0x209/0x210 kernel/panic.c:582
report_bug+0x1b6/0x2f0 lib/bug.c:195
fixup_bug arch/x86/kernel/traps.c:174 [inline]
do_error_trap+0xcf/0x1c0 arch/x86/kernel/traps.c:267
do_invalid_op+0x36/0x40 arch/x86/kernel/traps.c:286
invalid_op+0x23/0x30 arch/x86/entry/entry_64.S:1027
RIP: 0010:radix_tree_free_nodes lib/radix-tree.c:682 [inline]
RIP: 0010:idr_destroy+0x1ae/0x260 lib/radix-tree.c:1572
Code: 43 5f f9 48 89 df 48 c7 c6 10 83 17 88 e8 ca 5c 4c f9 4c 3b 65 b8 74 57 e8 7f 43 5f f9 4d 89 fc e9 67 ff ff ff e8 72 43 5f f9 <0f> 0b eb d5 89 f9 80 e1 07 38 c1 7c 84 e8 e0 75 9c f9 e9 7a ff ff
Call Trace:
__dump_stack lib/dump_stack.c:77 [inline]
dump_stack+0x1fb/0x318 lib/dump_stack.c:118
panic+0x264/0x7a9 kernel/panic.c:221
__warn+0x209/0x210 kernel/panic.c:582
report_bug+0x1b6/0x2f0 lib/bug.c:195
fixup_bug arch/x86/kernel/traps.c:174 [inline]
do_error_trap+0xcf/0x1c0 arch/x86/kernel/traps.c:267
do_invalid_op+0x36/0x40 arch/x86/kernel/traps.c:286
invalid_op+0x23/0x30 arch/x86/entry/entry_64.S:1027
RIP: 0010:radix_tree_free_nodes lib/radix-tree.c:682 [inline]
RIP: 0010:idr_destroy+0x1ae/0x260 lib/radix-tree.c:1572
RSP: 0018:ffffc900024f7b90 EFLAGS: 00010293
RAX: ffffffff8817dc0e RBX: ffff8880aa0c2cd8 RCX: ffff88809f41a100
RDX: 0000000000000000 RSI: 0000000000000040 RDI: ffff8880aa0c2cc8
RBP: ffffc900024f7bd8 R08: ffffffff8817db80 R09: ffffed1012600b89
R10: ffffed1012600b89 R11: 0000000000000000 R12: ffff8880aa0c2cc0
R13: 0000000000000000 R14: dffffc0000000000 R15: 0000000000000000
drm_mode_create_lease_ioctl+0x129b/0x1900 drivers/gpu/drm/drm_lease.c:590
drm_ioctl_kernel+0x2cf/0x410 drivers/gpu/drm/drm_ioctl.c:786
drm_ioctl+0x52f/0x890 drivers/gpu/drm/drm_ioctl.c:886
vfs_ioctl fs/ioctl.c:47 [inline]
ksys_ioctl fs/ioctl.c:763 [inline]
__do_sys_ioctl fs/ioctl.c:772 [inline]
__se_sys_ioctl+0x113/0x190 fs/ioctl.c:770
__x64_sys_ioctl+0x7b/0x90 fs/ioctl.c:770
do_syscall_64+0xf7/0x1c0 arch/x86/entry/common.c:294
entry_SYSCALL_64_after_hwframe+0x49/0xbe
RIP: 0033:0x45c479
Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00
RSP: 002b:00007f0b5dd26c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
drm_ioctl+0x52f/0x890 drivers/gpu/drm/drm_ioctl.c:886
vfs_ioctl fs/ioctl.c:47 [inline]
ksys_ioctl fs/ioctl.c:763 [inline]
__do_sys_ioctl fs/ioctl.c:772 [inline]
__se_sys_ioctl+0x113/0x190 fs/ioctl.c:770
__x64_sys_ioctl+0x7b/0x90 fs/ioctl.c:770
do_syscall_64+0xf7/0x1c0 arch/x86/entry/common.c:294
entry_SYSCALL_64_after_hwframe+0x49/0xbe
RIP: 0033:0x45c479
Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00
RAX: ffffffffffffffda RBX: 00007f0b5dd276d4 RCX: 000000000045c479
RDX: 0000000020000040 RSI: ffffffffffffffc6 RDI: 0000000000000003
RBP: 000000000076bf20 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000004
R13: 0000000000000203 R14: 00000000004c3e56 R15: 0000000000000008
Kernel Offset: disabled
Rebooting in 86400 seconds..
Tested on:
commit: 16c3face add log
RBP: 000000000076bf20 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000004
R13: 0000000000000203 R14: 00000000004c3e56 R15: 0000000000000008
Kernel Offset: disabled
Rebooting in 86400 seconds..
Tested on:
git tree: https://github.com/hqj/hqjagain_test.git drm
console output: https://syzkaller.appspot.com/x/log.txt?x=10de9c1de00000
syzbot
Mar 15, 2020, 4:02:04 AM3/15/20
to anen...@gmail.com, syzkall...@googlegroups.com
Hello,
syzbot has tested the proposed patch but the reproducer still triggered crash:
KASAN: use-after-free Read in idr_destroy
syzbot has tested the proposed patch but the reproducer still triggered crash:
==================================================================
BUG: KASAN: use-after-free in __read_once_size include/linux/compiler.h:199 [inline]
BUG: KASAN: use-after-free in radix_tree_free_nodes lib/radix-tree.c:671 [inline]
BUG: KASAN: use-after-free in idr_destroy+0xa3/0x260 lib/radix-tree.c:1572
Read of size 8 at addr ffff8880a1bc40e8 by task syz-executor.4/8795
CPU: 0 PID: 8795 Comm: syz-executor.4 Not tainted 5.6.0-rc5-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
__dump_stack lib/dump_stack.c:77 [inline]
dump_stack+0x1fb/0x318 lib/dump_stack.c:118
print_address_description+0x74/0x5c0 mm/kasan/report.c:374
Call Trace:
__dump_stack lib/dump_stack.c:77 [inline]
dump_stack+0x1fb/0x318 lib/dump_stack.c:118
__kasan_report+0x149/0x1c0 mm/kasan/report.c:506
kasan_report+0x26/0x50 mm/kasan/common.c:641
__asan_report_load8_noabort+0x14/0x20 mm/kasan/generic_report.c:135
__read_once_size include/linux/compiler.h:199 [inline]
radix_tree_free_nodes lib/radix-tree.c:671 [inline]
idr_destroy+0xa3/0x260 lib/radix-tree.c:1572
drm_mode_create_lease_ioctl+0x12b3/0x19b0 drivers/gpu/drm/drm_lease.c:595
drm_ioctl_kernel+0x2cf/0x410 drivers/gpu/drm/drm_ioctl.c:786
drm_ioctl+0x52f/0x890 drivers/gpu/drm/drm_ioctl.c:886
vfs_ioctl fs/ioctl.c:47 [inline]
ksys_ioctl fs/ioctl.c:763 [inline]
__do_sys_ioctl fs/ioctl.c:772 [inline]
__se_sys_ioctl+0x113/0x190 fs/ioctl.c:770
__x64_sys_ioctl+0x7b/0x90 fs/ioctl.c:770
do_syscall_64+0xf7/0x1c0 arch/x86/entry/common.c:294
entry_SYSCALL_64_after_hwframe+0x49/0xbe
RIP: 0033:0x45c479
Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00
RSP: 002b:00007fd522751c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
drm_ioctl+0x52f/0x890 drivers/gpu/drm/drm_ioctl.c:886
vfs_ioctl fs/ioctl.c:47 [inline]
ksys_ioctl fs/ioctl.c:763 [inline]
__do_sys_ioctl fs/ioctl.c:772 [inline]
__se_sys_ioctl+0x113/0x190 fs/ioctl.c:770
__x64_sys_ioctl+0x7b/0x90 fs/ioctl.c:770
do_syscall_64+0xf7/0x1c0 arch/x86/entry/common.c:294
entry_SYSCALL_64_after_hwframe+0x49/0xbe
RIP: 0033:0x45c479
Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00
RAX: ffffffffffffffda RBX: 00007fd5227526d4 RCX: 000000000045c479
RDX: 0000000020000040 RSI: ffffffffffffffc6 RDI: 0000000000000003
RBP: 000000000076bf20 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000004
R13: 0000000000000203 R14: 00000000004c3e56 R15: 0000000000000008
Allocated by task 8795:
RBP: 000000000076bf20 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000004
R13: 0000000000000203 R14: 00000000004c3e56 R15: 0000000000000008
save_stack mm/kasan/common.c:72 [inline]
set_track mm/kasan/common.c:80 [inline]
__kasan_kmalloc+0x118/0x1c0 mm/kasan/common.c:515
kasan_slab_alloc+0xf/0x20 mm/kasan/common.c:523
slab_post_alloc_hook mm/slab.h:584 [inline]
slab_alloc mm/slab.c:3320 [inline]
kmem_cache_alloc+0x1f5/0x2e0 mm/slab.c:3484
radix_tree_node_alloc+0x81/0x390 lib/radix-tree.c:285
idr_get_free+0x2cb/0x8c0 lib/radix-tree.c:1515
idr_alloc_u32 lib/idr.c:46 [inline]
idr_alloc+0x14a/0x290 lib/idr.c:87
fill_object_idr drivers/gpu/drm/drm_lease.c:437 [inline]
drm_mode_create_lease_ioctl+0x7cc/0x19b0 drivers/gpu/drm/drm_lease.c:535
drm_ioctl_kernel+0x2cf/0x410 drivers/gpu/drm/drm_ioctl.c:786
drm_ioctl+0x52f/0x890 drivers/gpu/drm/drm_ioctl.c:886
vfs_ioctl fs/ioctl.c:47 [inline]
ksys_ioctl fs/ioctl.c:763 [inline]
__do_sys_ioctl fs/ioctl.c:772 [inline]
__se_sys_ioctl+0x113/0x190 fs/ioctl.c:770
__x64_sys_ioctl+0x7b/0x90 fs/ioctl.c:770
do_syscall_64+0xf7/0x1c0 arch/x86/entry/common.c:294
entry_SYSCALL_64_after_hwframe+0x49/0xbe
Freed by task 8699:
drm_ioctl+0x52f/0x890 drivers/gpu/drm/drm_ioctl.c:886
vfs_ioctl fs/ioctl.c:47 [inline]
ksys_ioctl fs/ioctl.c:763 [inline]
__do_sys_ioctl fs/ioctl.c:772 [inline]
__se_sys_ioctl+0x113/0x190 fs/ioctl.c:770
__x64_sys_ioctl+0x7b/0x90 fs/ioctl.c:770
do_syscall_64+0xf7/0x1c0 arch/x86/entry/common.c:294
entry_SYSCALL_64_after_hwframe+0x49/0xbe
save_stack mm/kasan/common.c:72 [inline]
set_track mm/kasan/common.c:80 [inline]
kasan_set_free_info mm/kasan/common.c:337 [inline]
__kasan_slab_free+0x12e/0x1e0 mm/kasan/common.c:476
kasan_slab_free+0xe/0x10 mm/kasan/common.c:485
__cache_free mm/slab.c:3426 [inline]
kmem_cache_free+0x81/0xf0 mm/slab.c:3694
radix_tree_node_rcu_free+0x73/0x80 lib/radix-tree.c:313
rcu_do_batch kernel/rcu/tree.c:2186 [inline]
rcu_core+0x81b/0x10c0 kernel/rcu/tree.c:2410
rcu_core_si+0x9/0x10 kernel/rcu/tree.c:2419
__do_softirq+0x283/0x7bd kernel/softirq.c:292
The buggy address belongs to the object at ffff8880a1bc40c0
which belongs to the cache radix_tree_node of size 576
The buggy address is located 40 bytes inside of
576-byte region [ffff8880a1bc40c0, ffff8880a1bc4300)
The buggy address belongs to the page:
page:ffffea000286f100 refcount:1 mapcount:0 mapping:ffff8880aa4311c0 index:0xffff8880a1bc4ffb
flags: 0xfffe0000000200(slab)
raw: 00fffe0000000200 ffffea0002464148 ffffea0002a80f88 ffff8880aa4311c0
raw: ffff8880a1bc4ffb ffff8880a1bc40c0 0000000100000005 0000000000000000
page dumped because: kasan: bad access detected
Memory state around the buggy address:
ffff8880a1bc3f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
ffff8880a1bc4000: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
>ffff8880a1bc4080: fc fc fc fc fc fc fc fc fb fb fb fb fb fb fb fb
^
ffff8880a1bc4100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
ffff8880a1bc4180: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
==================================================================
Tested on:
commit: 2ddaea35 add log
git tree: https://github.com/hqj/hqjagain_test.git drm
console output: https://syzkaller.appspot.com/x/log.txt?x=15b62275e00000
syzbot
Mar 15, 2020, 12:56:03 PM3/15/20
to anen...@gmail.com, syzkall...@googlegroups.com
Hello,
syzbot has tested the proposed patch and the reproducer did not trigger crash:
Reported-and-tested-by: syzbot+058351...@syzkaller.appspotmail.com
Tested on:
commit: 1b275d33 drm/lease: fix warning in idr_destroy
git tree: https://github.com/hqj/hqjagain_test.git idr_destroy
syzbot has tested the proposed patch and the reproducer did not trigger crash:
Reported-and-tested-by: syzbot+058351...@syzkaller.appspotmail.com
Tested on:
commit: 1b275d33 drm/lease: fix warning in idr_destroy
git tree: https://github.com/hqj/hqjagain_test.git idr_destroy
kernel config: https://syzkaller.appspot.com/x/.config?x=cec95cb58b6f6294
dashboard link: https://syzkaller.appspot.com/bug?extid=05835159fe322770fe3d
compiler: clang version 10.0.0 (https://github.com/llvm/llvm-project/ c2443155a0fb245c8f17f2c1c72b6ea391e86e81)
Note: testing is done by a robot and is best-effort only.
dashboard link: https://syzkaller.appspot.com/bug?extid=05835159fe322770fe3d
compiler: clang version 10.0.0 (https://github.com/llvm/llvm-project/ c2443155a0fb245c8f17f2c1c72b6ea391e86e81)
syzbot
Mar 15, 2020, 10:59:03 PM3/15/20
to anen...@gmail.com, syzkall...@googlegroups.com
Qiujun Huang
Mar 17, 2020, 12:27:53 AM3/17/20
to syzbot, syzkall...@googlegroups.com
syzbot
Mar 17, 2020, 1:14:03 AM3/17/20
to anen...@gmail.com, syzkall...@googlegroups.com
Qiujun Huang
Mar 17, 2020, 10:18:11 PM3/17/20
to syzbot, air...@linux.ie, Daniel Vetter, dri-...@lists.freedesktop.org, linux-...@vger.kernel.org, maarten....@linux.intel.com, mri...@kernel.org, syzkall...@googlegroups.com
syzbot
Mar 18, 2020, 3:19:04 AM3/18/20
to air...@linux.ie, anen...@gmail.com, dan...@ffwll.ch, dri-...@lists.freedesktop.org, linux-...@vger.kernel.org, maarten....@linux.intel.com, mri...@kernel.org, syzkall...@googlegroups.com
Hello,
syzbot has tested the proposed patch and the reproducer did not trigger crash:
Reported-and-tested-by: syzbot+058351...@syzkaller.appspotmail.com
Tested on:
commit: b1289238 drm/lease: fix WARNING in idr_destroy
syzbot has tested the proposed patch and the reproducer did not trigger crash:
Reported-and-tested-by: syzbot+058351...@syzkaller.appspotmail.com
Tested on:
syzbot
Mar 21, 2020, 11:32:32 AM3/21/20
to Qiujun Huang, anen...@gmail.com, syzkall...@googlegroups.com
> #syz fix: drm/lease: fix WARNING in idr_destroy
Your 'fix:' command is accepted, but please keep syzkall...@googlegroups.com mailing list in CC next time. It serves as a history of what happened with each bug report. Thank you.
Your 'fix:' command is accepted, but please keep syzkall...@googlegroups.com mailing list in CC next time. It serves as a history of what happened with each bug report. Thank you.
Reply all
Reply to author
Forward
0 new messages