syzbot |
sign-in | mailing list | source | docs |
| Title | Replies (including bot) | Last reply |
|---|---|---|
| [PATCH 0/2] media: dvb-usbv2: Prevent usb race condition, buffer overflow az6007 | 3 (3) | 2025/04/21 16:33 |
| [syzbot] [media?] BUG: corrupted list in az6007_i2c_xfer | 4 (9) | 2025/04/21 16:12 |
| [PATCH] media: az6007: Add upper bound check to the data of device state | 2 (2) | 2025/04/21 15:11 |
usb read operation failed. (-71) ------------[ cut here ]------------ UBSAN: array-index-out-of-bounds in drivers/media/usb/dvb-usb-v2/az6007.c:821:30 index 4096 is out of range for type 'unsigned char [4096]' CPU: 1 UID: 0 PID: 5832 Comm: syz-executor328 Not tainted 6.15.0-rc2-syzkaller-00493-gac71fabf1567 #0 PREEMPT(full) Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 Call Trace: <TASK> __dump_stack lib/dump_stack.c:94 [inline] dump_stack_lvl+0x16c/0x1f0 lib/dump_stack.c:120 ubsan_epilogue lib/ubsan.c:231 [inline] __ubsan_handle_out_of_bounds+0x11c/0x160 lib/ubsan.c:453 az6007_i2c_xfer+0x549/0xc30 drivers/media/usb/dvb-usb-v2/az6007.c:821 __i2c_transfer+0x6b3/0x2190 drivers/i2c/i2c-core-base.c:2259 i2c_transfer drivers/i2c/i2c-core-base.c:2315 [inline] i2c_transfer+0x1da/0x380 drivers/i2c/i2c-core-base.c:2291 i2c_transfer_buffer_flags+0x10c/0x190 drivers/i2c/i2c-core-base.c:2343 i2c_master_recv include/linux/i2c.h:79 [inline] i2cdev_read+0x111/0x280 drivers/i2c/i2c-dev.c:155 do_loop_readv_writev fs/read_write.c:845 [inline] do_loop_readv_writev fs/read_write.c:833 [inline] vfs_readv+0x6bc/0x8a0 fs/read_write.c:1018 do_preadv+0x1af/0x270 fs/read_write.c:1130 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline] do_syscall_64+0xcd/0x260 arch/x86/entry/syscall_64.c:94 entry_SYSCALL_64_after_hwframe+0x77/0x7f RIP: 0033:0x7f4d458f3929 Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 c1 17 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 RSP: 002b:00007ffe002f51e8 EFLAGS: 00000246 ORIG_RAX: 0000000000000127 RAX: ffffffffffffffda RBX: 00007ffe002f5230 RCX: 00007f4d458f3929 RDX: 0000000000000001 RSI: 00002000000025c0 RDI: 0000000000000004 RBP: 0000000000000000 R08: 000000000000007e R09: 00007ffe002f5230 R10: 0000000000000002 R11: 0000000000000246 R12: 00000000000f4240 R13: 00007ffe002f54b8 R14: 00007ffe002f521c R15: 00007ffe002f5220 </TASK> ---[ end trace ]---
| Time | Kernel | Commit | Syzkaller | Config | Log | Report | Syz repro | C repro | VM info | Assets (help?) | Manager | Title |
|---|---|---|---|---|---|---|---|---|---|---|---|---|
| 2025/04/21 01:40 | upstream | ac71fabf1567 | 2a20f901 | .config | strace log | report | syz / log | C | [disk image] [vmlinux] [kernel image] | ci-upstream-kasan-gce-selinux-root | UBSAN: array-index-out-of-bounds in az6007_i2c_xfer | |
| 2025/02/06 18:14 | upstream | 92514ef226f5 | 577d049b | .config | console log | report | info | [disk image] [vmlinux] [kernel image] | ci-upstream-kasan-gce-smack-root | BUG: corrupted list in az6007_i2c_xfer | ||
| 2025/04/21 00:30 | upstream | ac71fabf1567 | 2a20f901 | .config | console log | report | info | [disk image] [vmlinux] [kernel image] | ci-upstream-kasan-gce-selinux-root | UBSAN: array-index-out-of-bounds in az6007_i2c_xfer | ||
| 2025/04/21 08:20 | upstream | ac71fabf1567 | 2a20f901 | .config | console log | report | info | [disk image] [vmlinux] [kernel image] | ci-upstream-kasan-gce-386 | UBSAN: array-index-out-of-bounds in az6007_i2c_xfer |