| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 30 Mar 2021 08:26:20 -0700
From: syzbot <syzbot+015dd7cdbbbc2c180c65@...kaller.appspotmail.com>
To: akpm@...ux-foundation.org, bp@...en8.de, daniel.vetter@...ll.ch,
daniel.vetter@...el.com, hpa@...or.com, jmattson@...gle.com,
jmorris@...ei.org, joro@...tes.org, kvm@...r.kernel.org,
linux-kernel@...r.kernel.org, linux-media@...r.kernel.org,
linux-mm@...ck.org, linux-security-module@...r.kernel.org,
m.szyprowski@...sung.com, mchehab@...nel.org, mingo@...hat.com,
pbonzini@...hat.com, seanjc@...gle.com, serge@...lyn.com,
syzkaller-bugs@...glegroups.com, tfiga@...omium.org,
tglx@...utronix.de, vkuznets@...hat.com, wanpengli@...cent.com,
x86@...nel.org
Subject: [syzbot] WARNING in unsafe_follow_pfn
Hello,
syzbot found the following issue on:
HEAD commit: 93129492 Add linux-next specific files for 20210326
git tree: linux-next
console output: https://syzkaller.appspot.com/x/log.txt?x=169ab21ad00000
kernel config: https://syzkaller.appspot.com/x/.config?x=6f2f73285ea94c45
dashboard link: https://syzkaller.appspot.com/bug?extid=015dd7cdbbbc2c180c65
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=119b8d06d00000
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=112e978ad00000
The issue was bisected to:
commit d40b9fdee6dc819d8fc35f70c345cbe0394cde4c
Author: Daniel Vetter <daniel.vetter@...ll.ch>
Date: Tue Mar 16 15:33:01 2021 +0000
mm: Add unsafe_follow_pfn
bisection log: https://syzkaller.appspot.com/x/bisect.txt?x=122d2016d00000
final oops: https://syzkaller.appspot.com/x/report.txt?x=112d2016d00000
console output: https://syzkaller.appspot.com/x/log.txt?x=162d2016d00000
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+015dd7cdbbbc2c180c65@...kaller.appspotmail.com
Fixes: d40b9fdee6dc ("mm: Add unsafe_follow_pfn")
------------[ cut here ]------------
unsafe follow_pfn usage
WARNING: CPU: 1 PID: 8426 at mm/memory.c:4807 unsafe_follow_pfn+0x20f/0x260 mm/memory.c:4807
Modules linked in:
CPU: 0 PID: 8426 Comm: syz-executor677 Not tainted 5.12.0-rc4-next-20210326-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
RIP: 0010:unsafe_follow_pfn+0x20f/0x260 mm/memory.c:4807
Code: 8b 7c 24 20 49 89 6d 00 e8 6e 84 64 07 e9 30 ff ff ff e8 f4 19 cb ff 48 c7 c7 40 1f 76 89 c6 05 56 eb 09 0c 01 e8 34 1a 21 07 <0f> 0b e9 71 fe ff ff 41 bc ea ff ff ff e9 06 ff ff ff e8 1a 65 0f
RSP: 0018:ffffc9000161f660 EFLAGS: 00010282
RAX: 0000000000000000 RBX: 1ffff920002c3ecc RCX: 0000000000000000
RDX: ffff88801954d580 RSI: ffffffff815c3fd5 RDI: fffff520002c3ebe
RBP: ffff888023d56948 R08: 0000000000000000 R09: 0000000000000000
R10: ffffffff815bd77e R11: 0000000000000000 R12: 0000000021000000
R13: ffff8880143a4010 R14: 0000000000000000 R15: 0000000000000110
FS: 00000000005d1300(0000) GS:ffff8880b9c00000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007f172c4cd6c0 CR3: 0000000011f70000 CR4: 00000000001506f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
get_vaddr_frames+0x337/0x600 drivers/media/common/videobuf2/frame_vector.c:72
vb2_create_framevec+0x55/0xc0 drivers/media/common/videobuf2/videobuf2-memops.c:50
vb2_vmalloc_get_userptr+0xce/0x4c0 drivers/media/common/videobuf2/videobuf2-vmalloc.c:90
__prepare_userptr+0x342/0x15f0 drivers/media/common/videobuf2/videobuf2-core.c:1128
__buf_prepare+0x635/0x7d0 drivers/media/common/videobuf2/videobuf2-core.c:1367
vb2_core_qbuf+0xa9d/0x11c0 drivers/media/common/videobuf2/videobuf2-core.c:1658
vb2_qbuf+0x135/0x1a0 drivers/media/common/videobuf2/videobuf2-v4l2.c:820
vb2_ioctl_qbuf+0xfb/0x140 drivers/media/common/videobuf2/videobuf2-v4l2.c:1050
v4l_qbuf drivers/media/v4l2-core/v4l2-ioctl.c:2027 [inline]
v4l_qbuf+0x92/0xc0 drivers/media/v4l2-core/v4l2-ioctl.c:2021
__video_do_ioctl+0xb94/0xe20 drivers/media/v4l2-core/v4l2-ioctl.c:2951
video_usercopy+0x253/0x1300 drivers/media/v4l2-core/v4l2-ioctl.c:3297
v4l2_ioctl+0x1b3/0x250 drivers/media/v4l2-core/v4l2-dev.c:366
vfs_ioctl fs/ioctl.c:48 [inline]
__do_sys_ioctl fs/ioctl.c:753 [inline]
__se_sys_ioctl fs/ioctl.c:739 [inline]
__x64_sys_ioctl+0x193/0x200 fs/ioctl.c:739
do_syscall_64+0x2d/0x70 arch/x86/entry/common.c:46
entry_SYSCALL_64_after_hwframe+0x44/0xae
RIP: 0033:0x443639
Code: 28 c3 e8 2a 14 00 00 66 2e 0f 1f 84 00 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007ffee3065668 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000443639
RDX: 0000000020000140 RSI: 00000000c058560f RDI: 0000000000000004
RBP: 00000000004031e0 R08: 00000000004004a0 R09: 00000000004004a0
R10: 00236962762f7665 R11: 0000000000000246 R12: 0000000000403270
R13: 0000000000000000 R14: 00000000004b1018 R15: 00000000004004a0
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzkaller@...glegroups.com.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
For information about bisection process see: https://goo.gl/tpsmEJ#bisection
syzbot can test patches for this issue, for details see:
https://goo.gl/tpsmEJ#testing-patches
Powered by blists - more mailing lists