From: syzbot <syzbot+aa8212f63ea8ffaf3bfa@syzkaller.appspotmail.com>
To: bwinther@cisco.com, hverkuil@xs4all.nl, keescook@chromium.org,
linux-kernel@vger.kernel.org, linux-media@vger.kernel.org,
mchehab@kernel.org, syzkaller-bugs@googlegroups.com
Subject: BUG: unable to handle kernel paging request in tpg_fill_plane_buffer
Date: Mon, 26 Nov 2018 23:01:04 -0800 [thread overview]
Message-ID: <0000000000005b7c64057ba003fb@google.com> (raw)
Hello,
syzbot found the following crash on:
HEAD commit: 6f8b52ba442c Merge tag 'hwmon-for-v4.20-rc5' of git://git...
git tree: upstream
console output: https://syzkaller.appspot.com/x/log.txt?x=15fd354d400000
kernel config: https://syzkaller.appspot.com/x/.config?x=c94f9f0c0363db4b
dashboard link: https://syzkaller.appspot.com/bug?extid=aa8212f63ea8ffaf3bfa
compiler: gcc (GCC) 8.0.1 20180413 (experimental)
Unfortunately, I don't have any reproducer for this crash yet.
IMPORTANT: if you fix the bug, please add the following tag to the commit:
Reported-by: syzbot+aa8212f63ea8ffaf3bfa@syzkaller.appspotmail.com
BUG: unable to handle kernel paging request at ffffc90005b5c340
PGD 1da95a067 P4D 1da95a067 PUD 1da95b067 PMD 1c4863067 PTE 0
Oops: 0002 [#1] PREEMPT SMP KASAN
CPU: 0 PID: 5439 Comm: vivid-000-vid-c Not tainted 4.20.0-rc4+ #130
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS
Google 01/01/2011
RIP: 0010:memcpy_erms+0x6/0x10 arch/x86/lib/memcpy_64.S:54
Code: 90 90 90 90 eb 1e 0f 1f 00 48 89 f8 48 89 d1 48 c1 e9 03 83 e2 07 f3
48 a5 89 d1 f3 a4 c3 66 0f 1f 44 00 00 48 89 f8 48 89 d1 <f3> a4 c3 0f 1f
80 00 00 00 00 48 89 f8 48 83 fa 20 72 7e 40 38 fe
RSP: 0018:ffff888150467518 EFLAGS: 00010246
RAX: ffffc90005b5c340 RBX: 0000000000000080 RCX: 0000000000000080
RDX: 0000000000000080 RSI: ffffc90001da3000 RDI: ffffc90005b5c340
RBP: ffff888150467538 R08: fffff52000b6b878 R09: fffff52000b6b868
R10: fffff52000b6b877 R11: ffffc90005b5c3bf R12: ffffc90005b5c340
R13: ffffc90001da3000 R14: dffffc0000000000 R15: ffff8881cb2c5e50
FS: 0000000000000000(0000) GS:ffff8881dae00000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: ffffc90005b5c340 CR3: 00000001846a4000 CR4: 00000000001406f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
memcpy include/linux/string.h:352 [inline]
tpg_fill_plane_pattern drivers/media/common/v4l2-tpg/v4l2-tpg-core.c:2382
[inline]
tpg_fill_plane_buffer+0x193f/0x44c0
drivers/media/common/v4l2-tpg/v4l2-tpg-core.c:2481
vivid_fillbuff+0x1d0d/0x68e0
drivers/media/platform/vivid/vivid-kthread-cap.c:473
vivid_thread_vid_cap_tick
drivers/media/platform/vivid/vivid-kthread-cap.c:709 [inline]
vivid_thread_vid_cap+0xbc1/0x2650
drivers/media/platform/vivid/vivid-kthread-cap.c:813
kthread+0x35a/0x440 kernel/kthread.c:246
ret_from_fork+0x3a/0x50 arch/x86/entry/entry_64.S:352
Modules linked in:
CR2: ffffc90005b5c340
---[ end trace 22cabf1d47b26daf ]---
RIP: 0010:memcpy_erms+0x6/0x10 arch/x86/lib/memcpy_64.S:54
Code: 90 90 90 90 eb 1e 0f 1f 00 48 89 f8 48 89 d1 48 c1 e9 03 83 e2 07 f3
48 a5 89 d1 f3 a4 c3 66 0f 1f 44 00 00 48 89 f8 48 89 d1 <f3> a4 c3 0f 1f
80 00 00 00 00 48 89 f8 48 83 fa 20 72 7e 40 38 fe
RSP: 0018:ffff888150467518 EFLAGS: 00010246
RAX: ffffc90005b5c340 RBX: 0000000000000080 RCX: 0000000000000080
RDX: 0000000000000080 RSI: ffffc90001da3000 RDI: ffffc90005b5c340
RBP: ffff888150467538 R08: fffff52000b6b878 R09: fffff52000b6b868
R10: fffff52000b6b877 R11: ffffc90005b5c3bf R12: ffffc90005b5c340
R13: ffffc90001da3000 R14: dffffc0000000000 R15: ffff8881cb2c5e50
FS: 0000000000000000(0000) GS:ffff8881dae00000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: ffffc90005b5c340 CR3: 00000001846a4000 CR4: 00000000001406f0
kobject: 'loop0' (00000000664d120c): kobject_uevent_env
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
kobject: 'loop0' (00000000664d120c): fill_kobj_path: path
= '/devices/virtual/block/loop0'
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
---
This bug is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzkaller@googlegroups.com.
syzbot will keep track of this bug report. See:
https://goo.gl/tpsmEJ#bug-status-tracking for how to communicate with
syzbot.
next reply other threads:[~2018-11-27 17:57 UTC|newest]
Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-11-27 7:01 syzbot [this message]
2018-12-25 12:37 ` BUG: unable to handle kernel paging request in tpg_fill_plane_buffer syzbot
2019-04-10 4:44 ` syzbot
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=0000000000005b7c64057ba003fb@google.com \
--to=syzbot+aa8212f63ea8ffaf3bfa@syzkaller.appspotmail.com \
--cc=bwinther@cisco.com \
--cc=hverkuil@xs4all.nl \
--cc=keescook@chromium.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-media@vger.kernel.org \
--cc=mchehab@kernel.org \
--cc=syzkaller-bugs@googlegroups.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.