Re:Re: [PATCH] drm/prime: Fix unsupervised rb_tree corruption in drm_prime_remove_buf_handle

Next message: Andrew Lunn: "Re: [PATCH net-next v1 1/2] net: phy: realtek: add support for RTL8261"
Previous message: Andrew Lunn: "Re: [PATCH net-next v1 1/2] net: phy: realtek: add support for RTL8261"
In reply to: Christian K&#xF6;nig: "Re: [PATCH] drm/prime: Fix unsupervised rb_tree corruption in drm_prime_remove_buf_handle"
Next in thread: w15303746062: "[PATCH v2] drm/prime: fix dangling dmabuf entries after handle release"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: w15303746062

Date: Thu May 28 2026 - 08:42:47 EST

Hi Christian,

Thank you for the review and for catching this. You are absolutely right, and my analysis was flawed. Adding the lock inside `drm_prime_remove_buf_handle` would indeed cause a recursive deadlock.

The syzkaller crash was originally triggered on the v6.18 kernel. When investigating, I checked the latest mainline source for `drm_prime_remove_buf_handle` itself. Since I didn't see any synchronization changes within that specific function, I incorrectly assumed the concurrency issue was still completely unhandled, failing to notice that the upstream tree properly holds the lock in the caller (`drm_gem_object_release_handle`).

I will dive deeper into the code to see if there is still any hidden race condition under the current locking scheme, or if this is strictly a legacy issue that might only require a stable-tree backport. If a fix is still warranted, I will send a v2 patch.

Thanks again for your time and guidance!

Best regards,
Mingyu Wang