syzbot


BUG: unable to handle kernel paging request in tpg_fill_plane_buffer (2)

Status: upstream: reported syz repro on 2021/08/02 00:51
Reported-by: syzbot+131c14c1aaf101477188@syzkaller.appspotmail.com
First crash: 991d, last: 490d
Fix bisection: failed (error log, bisect log)
  
Similar bugs (7)
Kernel Title Repro Cause bisect Fix bisect Count Last Reported Patched Status
linux-4.19 BUG: unable to handle kernel paging request in tpg_fill_plane_buffer 4 1436d 1709d 0/1 auto-closed as invalid on 2020/09/11 05:35
linux-4.14 BUG: unable to handle kernel paging request in tpg_fill_plane_buffer 1 1541d 1541d 0/1 auto-closed as invalid on 2020/05/29 08:05
linux-4.14 BUG: unable to handle kernel paging request in tpg_fill_plane_buffer (2) 1 825d 825d 0/1 auto-closed as invalid on 2022/05/15 07:48
upstream BUG: unable to handle kernel paging request in tpg_fill_plane_buffer (2) media 1 375d 371d 0/26 auto-obsoleted due to no activity on 2023/07/09 12:46
upstream KASAN: vmalloc-out-of-bounds Write in tpg_fill_plane_buffer (2) media C inconclusive done 14 444d 956d 22/26 fixed on 2023/02/24 13:51
upstream BUG: unable to handle kernel paging request in tpg_fill_plane_buffer media ntfs3 syz done 17 1600d 1970d 0/26 auto-obsoleted due to no activity on 2022/12/18 03:07
linux-5.15 KASAN: vmalloc-out-of-bounds Write in tpg_fill_plane_buffer 1 366d 366d 0/3 auto-obsoleted due to no activity on 2023/08/17 04:37
Fix bisection attempts (3)
Created Duration User Patch Repo Result
2021/11/20 18:03 11m bisect fix linux-4.19.y error job log (0)
2021/10/01 02:36 32m bisect fix linux-4.19.y job log (0) log
2021/09/01 01:45 26m bisect fix linux-4.19.y job log (0) log

Sample crash report:
IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
Bluetooth: hci0: command 0x0409 tx timeout
Bluetooth: hci0: command 0x041b tx timeout
Bluetooth: hci0: command 0x040f tx timeout
BUG: unable to handle kernel paging request at ffffc90006f64000
PGD 13be43067 P4D 13be43067 PUD 23b831067 PMD b1528067 PTE 0
Oops: 0002 [#1] PREEMPT SMP KASAN
CPU: 0 PID: 9322 Comm: vivid-002-vid-c Not tainted 4.19.200-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
RIP: 0010:memcpy_erms+0x6/0x10 arch/x86/lib/memcpy_64.S:55
Code: eb 88 90 90 eb 1e 0f 1f 00 48 89 f8 48 89 d1 48 c1 e9 03 83 e2 07 f3 48 a5 89 d1 f3 a4 c3 66 0f 1f 44 00 00 48 89 f8 48 89 d1 <f3> a4 c3 0f 1f 80 00 00 00 00 48 89 f8 48 83 fa 20 72 7e 40 38 fe
RSP: 0018:ffff8880b2e1f838 EFLAGS: 00010246
RAX: ffffc90006f63fe0 RBX: 0000000000000280 RCX: 0000000000000260
RDX: 0000000000000280 RSI: ffffc900026d3020 RDI: ffffc90006f64000
RBP: ffffc900026d3000 R08: 0000000000000001 R09: fffff52000dec84b
R10: ffffc90006f6425f R11: 0000000000000000 R12: ffffc900026d3000
R13: dffffc0000000000 R14: ffffc90006f63fe0 R15: ffff888237ad5558
FS:  0000000000000000(0000) GS:ffff8880ba000000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: ffffc90006f64000 CR3: 00000000aab0f000 CR4: 00000000001406f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
 memcpy include/linux/string.h:377 [inline]
 tpg_fill_plane_pattern drivers/media/common/v4l2-tpg/v4l2-tpg-core.c:2365 [inline]
 tpg_fill_plane_buffer+0x11a0/0x2ff0 drivers/media/common/v4l2-tpg/v4l2-tpg-core.c:2446
 vivid_fillbuff+0x17b8/0x6560 drivers/media/platform/vivid/vivid-kthread-cap.c:473
 vivid_thread_vid_cap_tick drivers/media/platform/vivid/vivid-kthread-cap.c:707 [inline]
 vivid_thread_vid_cap+0x98f/0x2140 drivers/media/platform/vivid/vivid-kthread-cap.c:809
 kthread+0x33f/0x460 kernel/kthread.c:259
 ret_from_fork+0x24/0x30 arch/x86/entry/entry_64.S:415
Modules linked in:
CR2: ffffc90006f64000
---[ end trace d2d13475e007ccda ]---
RIP: 0010:memcpy_erms+0x6/0x10 arch/x86/lib/memcpy_64.S:55
Code: eb 88 90 90 eb 1e 0f 1f 00 48 89 f8 48 89 d1 48 c1 e9 03 83 e2 07 f3 48 a5 89 d1 f3 a4 c3 66 0f 1f 44 00 00 48 89 f8 48 89 d1 <f3> a4 c3 0f 1f 80 00 00 00 00 48 89 f8 48 83 fa 20 72 7e 40 38 fe
RSP: 0018:ffff8880b2e1f838 EFLAGS: 00010246
RAX: ffffc90006f63fe0 RBX: 0000000000000280 RCX: 0000000000000260
RDX: 0000000000000280 RSI: ffffc900026d3020 RDI: ffffc90006f64000
RBP: ffffc900026d3000 R08: 0000000000000001 R09: fffff52000dec84b
R10: ffffc90006f6425f R11: 0000000000000000 R12: ffffc900026d3000
R13: dffffc0000000000 R14: ffffc90006f63fe0 R15: ffff888237ad5558
FS:  0000000000000000(0000) GS:ffff8880ba000000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: ffffc90006f64000 CR3: 00000000aab0f000 CR4: 00000000001406f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400

Crashes (8):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2021/08/02 01:45 linux-4.19.y 53bd76690e27 6c236867 .config console log report syz ci2-linux-4-19 BUG: unable to handle kernel paging request in tpg_fill_plane_buffer
2022/12/15 17:59 linux-4.19.y 3f8a27f9e27b 6f9c033e .config console log report info [disk image] [vmlinux] ci2-linux-4-19 BUG: unable to handle kernel paging request in tpg_fill_plane_buffer
2022/09/01 10:12 linux-4.19.y 3f8a27f9e27b b01ec571 .config console log report info [disk image] [vmlinux] ci2-linux-4-19 BUG: unable to handle kernel paging request in tpg_fill_plane_buffer
2022/02/05 07:53 linux-4.19.y 3f8a27f9e27b e13a05ed .config console log report info ci2-linux-4-19 BUG: unable to handle kernel paging request in tpg_fill_plane_buffer
2022/01/14 21:52 linux-4.19.y 3f8a27f9e27b 53e00b45 .config console log report info ci2-linux-4-19 BUG: unable to handle kernel paging request in tpg_fill_plane_buffer
2021/10/21 18:03 linux-4.19.y 3f8a27f9e27b c5cb7da8 .config console log report info ci2-linux-4-19 BUG: unable to handle kernel paging request in tpg_fill_plane_buffer
2021/10/03 19:54 linux-4.19.y c2276d585654 db0f5787 .config console log report info ci2-linux-4-19 BUG: unable to handle kernel paging request in tpg_fill_plane_buffer
2021/08/02 00:50 linux-4.19.y 53bd76690e27 6c236867 .config console log report info ci2-linux-4-19 BUG: unable to handle kernel paging request in tpg_fill_plane_buffer
* Struck through repros no longer work on HEAD.