WARNING in drm_mode_createblob_ioctl

All of lore.kernel.org
 help / color / mirror / Atom feed

From: syzbot <syzbot+fb77e97ebf0612ee6914@syzkaller.appspotmail.com>
To: airlied@linux.ie, daniel@ffwll.ch,
	dri-devel@lists.freedesktop.org, linux-kernel@vger.kernel.org,
	maarten.lankhorst@linux.intel.com, mripard@kernel.org,
	sean@poorly.run, syzkaller-bugs@googlegroups.com
Subject: WARNING in drm_mode_createblob_ioctl
Date: Sun, 13 Oct 2019 23:09:09 -0700	[thread overview]
Message-ID: <000000000000b2de3a0594d8b4ca@google.com> (raw)

Hello,

syzbot found the following crash on:

HEAD commit:    8ada228a Add linux-next specific files for 20191011
git tree:       linux-next
console output: https://syzkaller.appspot.com/x/log.txt?x=1423a87f600000
kernel config:  https://syzkaller.appspot.com/x/.config?x=7cf4eed5fe42c31a
dashboard link: https://syzkaller.appspot.com/bug?extid=fb77e97ebf0612ee6914
compiler:       gcc (GCC) 9.0.0 20181231 (experimental)

Unfortunately, I don't have any reproducer for this crash yet.

IMPORTANT: if you fix the bug, please add the following tag to the commit:
Reported-by: syzbot+fb77e97ebf0612ee6914@syzkaller.appspotmail.com

------------[ cut here ]------------
WARNING: CPU: 1 PID: 30449 at include/linux/thread_info.h:150  
check_copy_size include/linux/thread_info.h:150 [inline]
WARNING: CPU: 1 PID: 30449 at include/linux/thread_info.h:150  
copy_from_user include/linux/uaccess.h:143 [inline]
WARNING: CPU: 1 PID: 30449 at include/linux/thread_info.h:150  
drm_mode_createblob_ioctl+0x398/0x490 drivers/gpu/drm/drm_property.c:800
Kernel panic - not syncing: panic_on_warn set ...
CPU: 1 PID: 30449 Comm: syz-executor.5 Not tainted 5.4.0-rc2-next-20191011  
#0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS  
Google 01/01/2011
Call Trace:
  __dump_stack lib/dump_stack.c:77 [inline]
  dump_stack+0x172/0x1f0 lib/dump_stack.c:113
  panic+0x2e3/0x75c kernel/panic.c:221
  __warn.cold+0x2f/0x35 kernel/panic.c:582
  report_bug+0x289/0x300 lib/bug.c:195
  fixup_bug arch/x86/kernel/traps.c:174 [inline]
  fixup_bug arch/x86/kernel/traps.c:169 [inline]
  do_error_trap+0x11b/0x200 arch/x86/kernel/traps.c:267
  do_invalid_op+0x37/0x50 arch/x86/kernel/traps.c:286
  invalid_op+0x23/0x30 arch/x86/entry/entry_64.S:1028
RIP: 0010:check_copy_size include/linux/thread_info.h:150 [inline]
RIP: 0010:copy_from_user include/linux/uaccess.h:143 [inline]
RIP: 0010:drm_mode_createblob_ioctl+0x398/0x490  
drivers/gpu/drm/drm_property.c:800
Code: c1 ea 03 80 3c 02 00 0f 85 ed 00 00 00 49 89 5d 00 e8 3c 28 cb fd 4c  
89 f7 e8 64 92 9e 03 31 c0 e9 75 fd ff ff e8 28 28 cb fd <0f> 0b e8 21 28  
cb fd 4d 85 e4 b8 f2 ff ff ff 0f 84 5b fd ff ff 89
RSP: 0018:ffff8880584efaa8 EFLAGS: 00010246
RAX: 0000000000040000 RBX: ffff8880a3a90000 RCX: ffffc900109da000
RDX: 0000000000040000 RSI: ffffffff83a7eaf8 RDI: 0000000000000007
RBP: ffff8880584efae8 R08: ffff888096c40080 R09: ffffed1014752110
R10: ffffed101475210f R11: ffff8880a3a9087f R12: ffffc90014907000
R13: ffff888028aa0000 R14: 000000009a6c7969 R15: ffffc90014907058


---
This bug is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzkaller@googlegroups.com.

syzbot will keep track of this bug report. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.

next             reply	other threads:[~2019-10-14  6:09 UTC|newest]

Thread overview: 19+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2019-10-14  6:09 syzbot [this message]
2019-10-14  9:16 ` WARNING in drm_mode_createblob_ioctl Daniel Vetter
2019-10-14  9:16   ` Daniel Vetter
2019-10-14  9:39   ` syzbot
2019-10-14 10:43     ` Dmitry Vyukov
2019-11-06 12:30 ` syzbot
2019-11-06 12:30   ` syzbot
2019-11-06 15:20 ` syzbot
2019-11-06 15:20   ` syzbot
2019-11-06 15:23   ` Daniel Vetter
2019-11-06 15:23     ` Daniel Vetter
2019-11-06 15:28     ` Daniel Vetter
2019-11-06 15:28       ` Daniel Vetter
2019-11-06 15:33       ` Dmitry Vyukov
2019-11-06 15:33         ` Dmitry Vyukov
2019-11-06 15:56         ` Daniel Vetter
2019-11-06 15:56           ` Daniel Vetter
2019-11-06 15:36     ` Dmitry Vyukov
2019-11-06 15:36       ` Dmitry Vyukov

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=000000000000b2de3a0594d8b4ca@google.com \
    --to=syzbot+fb77e97ebf0612ee6914@syzkaller.appspotmail.com \
    --cc=airlied@linux.ie \
    --cc=daniel@ffwll.ch \
    --cc=dri-devel@lists.freedesktop.org \
    --cc=linux-kernel@vger.kernel.org \
    --cc=maarten.lankhorst@linux.intel.com \
    --cc=mripard@kernel.org \
    --cc=sean@poorly.run \
    --cc=syzkaller-bugs@googlegroups.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.