Re: [syzbot] [media?] WARNING in call_s_stream

All of lore.kernel.org
 help / color / mirror / Atom feed

From: syzbot <syzbot+5bcd7c809d365e14c4df@syzkaller.appspotmail.com>
To: hverkuil-cisco@xs4all.nl, kieran.bingham@ideasonboard.com,
	 laurent.pinchart@ideasonboard.com, linux-kernel@vger.kernel.org,
	 linux-media@vger.kernel.org, mchehab@kernel.org,
	sakari.ailus@linux.intel.com,  skhan@linuxfoundation.org,
	syzkaller-bugs@googlegroups.com,  tfiga@chromium.org
Subject: Re: [syzbot] [media?] WARNING in call_s_stream
Date: Sun, 15 Dec 2024 04:12:28 -0800	[thread overview]
Message-ID: <675ec7ac.050a0220.37aaf.00f9.GAE@google.com> (raw)
In-Reply-To: <0000000000008cabee0614a97e81@google.com>

syzbot has found a reproducer for the following issue on:

HEAD commit:    2d8308bf5b67 Merge tag 'scsi-fixes' of git://git.kernel.or..
git tree:       upstream
console output: https://syzkaller.appspot.com/x/log.txt?x=149594f8580000
kernel config:  https://syzkaller.appspot.com/x/.config?x=b874549ac3d0b012
dashboard link: https://syzkaller.appspot.com/bug?extid=5bcd7c809d365e14c4df
compiler:       gcc (Debian 12.2.0-14) 12.2.0, GNU ld (GNU Binutils for Debian) 2.40
syz repro:      https://syzkaller.appspot.com/x/repro.syz?x=13ba07e8580000
C reproducer:   https://syzkaller.appspot.com/x/repro.c?x=10bac344580000

Downloadable assets:
disk image (non-bootable): https://storage.googleapis.com/syzbot-assets/7feb34a89c2a/non_bootable_disk-2d8308bf.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/f42110acb18e/vmlinux-2d8308bf.xz
kernel image: https://storage.googleapis.com/syzbot-assets/d819752d1b01/bzImage-2d8308bf.xz

IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+5bcd7c809d365e14c4df@syzkaller.appspotmail.com

0 pages HighMem/MovableOnly
281646 pages reserved
0 pages cma reserved
vimc vimc.0: subdev_call error Scaler
------------[ cut here ]------------
WARNING: CPU: 0 PID: 5933 at drivers/media/v4l2-core/v4l2-subdev.c:460 call_s_stream+0x2df/0x350 drivers/media/v4l2-core/v4l2-subdev.c:460
Modules linked in:
CPU: 0 UID: 0 PID: 5933 Comm: syz-executor330 Not tainted 6.13.0-rc2-syzkaller-00362-g2d8308bf5b67 #0
Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
RIP: 0010:call_s_stream+0x2df/0x350 drivers/media/v4l2-core/v4l2-subdev.c:460
Code: c1 ea 03 80 3c 02 00 75 75 48 8b bb 08 01 00 00 44 89 e2 48 c7 c6 00 17 4f 8c e8 bc 43 39 fe e9 54 fe ff ff e8 62 79 0e fa 90 <0f> 0b 90 e9 cb fe ff ff 4c 89 f7 e8 11 27 71 fa e9 48 fd ff ff e8
RSP: 0018:ffffc900035cfa60 EFLAGS: 00010293
RAX: 0000000000000000 RBX: ffff8880275bf020 RCX: ffffffff878b879e
RDX: ffff8880216e0000 RSI: ffffffff878b8a1e RDI: 0000000000000000
RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000001 R12: dffffc0000000000
R13: 0000000000000000 R14: ffff8880275bf198 R15: ffffffff87de3560
FS:  0000555584c4b380(0000) GS:ffff88806a600000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007ffee98411d8 CR3: 0000000034912000 CR4: 0000000000352ef0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
 <TASK>
 vimc_streamer_pipeline_terminate+0x218/0x320 drivers/media/test-drivers/vimc/vimc-streamer.c:62
 vimc_streamer_pipeline_init drivers/media/test-drivers/vimc/vimc-streamer.c:101 [inline]
 vimc_streamer_s_stream+0x650/0x9a0 drivers/media/test-drivers/vimc/vimc-streamer.c:203
 vimc_capture_start_streaming+0xa1/0x130 drivers/media/test-drivers/vimc/vimc-capture.c:256
 vb2_start_streaming+0x15f/0x5a0 drivers/media/common/videobuf2/videobuf2-core.c:1789
 vb2_core_streamon+0x2a7/0x450 drivers/media/common/videobuf2/videobuf2-core.c:2348
 vb2_streamon drivers/media/common/videobuf2/videobuf2-v4l2.c:875 [inline]
 vb2_ioctl_streamon+0xf4/0x170 drivers/media/common/videobuf2/videobuf2-v4l2.c:1118
 __video_do_ioctl+0xaf0/0xf00 drivers/media/v4l2-core/v4l2-ioctl.c:3122
 video_usercopy+0x4d2/0x1620 drivers/media/v4l2-core/v4l2-ioctl.c:3463
 v4l2_ioctl+0x1ba/0x250 drivers/media/v4l2-core/v4l2-dev.c:366
 vfs_ioctl fs/ioctl.c:51 [inline]
 __do_sys_ioctl fs/ioctl.c:906 [inline]
 __se_sys_ioctl fs/ioctl.c:892 [inline]
 __x64_sys_ioctl+0x190/0x200 fs/ioctl.c:892
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f2b85c01b19
Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007ffee98412d8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 00007f2b85c01b19
RDX: 0000000020000000 RSI: 0000000040045612 RDI: 0000000000000005
RBP: 00007f2b85c430f3 R08: 00007ffee9841077 R09: 0000000000000000
R10: 0000000000000001 R11: 0000000000000246 R12: 00007f2b85c431c6
R13: 00007ffee98412f0 R14: 00007f2b85c43014 R15: 00007f2b85c4314b
 </TASK>


---
If you want syzbot to run the reproducer, reply with:
#syz test: git://repo/address.git branch-or-commit-hash
If you attach or paste a git patch, syzbot will apply it before testing.

next prev parent reply	other threads:[~2024-12-15 12:12 UTC|newest]

Thread overview: 10+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2024-03-27 19:34 [syzbot] [media?] WARNING in call_s_stream syzbot
2024-04-16  6:00 ` Tomasz Figa
2024-04-16  6:53   ` Laurent Pinchart
2024-12-15 12:12 ` syzbot [this message]
2025-02-24 14:30 ` Nikita Zhandarovich
2025-02-24 14:52   ` syzbot
2025-02-24 15:01 ` Nikita Zhandarovich
2025-02-24 15:38   ` syzbot
2025-03-02 13:43 ` Nikita Zhandarovich
2025-03-02 14:12   ` syzbot

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=675ec7ac.050a0220.37aaf.00f9.GAE@google.com \
    --to=syzbot+5bcd7c809d365e14c4df@syzkaller.appspotmail.com \
    --cc=hverkuil-cisco@xs4all.nl \
    --cc=kieran.bingham@ideasonboard.com \
    --cc=laurent.pinchart@ideasonboard.com \
    --cc=linux-kernel@vger.kernel.org \
    --cc=linux-media@vger.kernel.org \
    --cc=mchehab@kernel.org \
    --cc=sakari.ailus@linux.intel.com \
    --cc=skhan@linuxfoundation.org \
    --cc=syzkaller-bugs@googlegroups.com \
    --cc=tfiga@chromium.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.