syzbot |
sign-in | mailing list | source | docs |
| 🐞 Open [895] ≡ Subsystems 🐞 Fixed [4880] 🐞 Invalid [11677] ⬇ Missing Backports [71] 📈 Kernel Health 📈 Bug Lifetimes 📈 Fuzzing 📈 Crashes | 💬 Send us feedback |
| Title | Repro | Cause bisect | Fix bisect | Count | Last | Reported | Patched | Status |
|---|---|---|---|---|---|---|---|---|
| BUG: corrupted list in corrupted (3) usb | C | 1 | 1265d | 1261d | 0/25 | closed as dup on 2020/06/24 12:45 | ||
| WARNING in em28xx_init_extension usb media | C | 4 | 1489d | 1531d | 0/25 | closed as dup on 2020/03/09 15:24 | ||
| KASAN: use-after-free Read in em28xx_init_extension usb media | C | 6 | 831d | 1536d | 0/25 | closed as dup on 2020/03/09 15:23 |
| Title | Replies (including bot) | Last reply |
|---|---|---|
| [PATCH 5.10 000/575] 5.10.80-rc1 review | 595 (595) | 2022/07/31 10:51 |
| [Bug 215241] New: "usbreset" tool causes hung task on kernel 5.15.3+ with Hauppauge WinTV dualHD | 6 (6) | 2021/12/08 22:07 |
| [PATCH 4.19 000/323] 4.19.218-rc1 review | 339 (339) | 2021/12/04 10:30 |
| [PATCH 5.15 000/917] 5.15.3-rc1 review | 945 (945) | 2021/11/24 18:04 |
| [PATCH 5.4 000/355] 5.4.160-rc1 review | 373 (373) | 2021/11/16 16:50 |
| [PATCH 5.14 000/849] 5.14.19-rc1 review | 859 (859) | 2021/11/16 14:04 |
| [PATCH] media: em28xx: fix corrupted list | 9 (9) | 2021/07/29 20:23 |
| BUG: corrupted list in em28xx_init_extension | 0 (1) | 2020/01/23 13:17 |
em28xx 1-1:0.108: Audio interface 108 found (Vendor Class) em28xx 1-1:0.108: unknown em28xx chip ID (0) em28xx 1-1:0.108: Config register raw data: 0xfffffffb em28xx 1-1:0.108: AC97 chip type couldn't be determined em28xx 1-1:0.108: No AC97 audio processor list_add corruption. prev->next should be next (ffffffff8d430ee0), but was ffffffff85ca68b8. (prev=ffff88801cdc4250). ------------[ cut here ]------------ kernel BUG at lib/list_debug.c:28! invalid opcode: 0000 [#1] PREEMPT SMP KASAN CPU: 0 PID: 5 Comm: kworker/0:0 Not tainted 5.14.0-rc2-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Workqueue: usb_hub_wq hub_event RIP: 0010:__list_add_valid+0xb6/0xc0 lib/list_debug.c:26 Code: 48 c7 c7 a0 79 93 8a 4c 89 e6 4c 89 f1 31 c0 e8 28 b3 5b fd 0f 0b 48 c7 c7 60 7a 93 8a 4c 89 f6 4c 89 e1 31 c0 e8 12 b3 5b fd <0f> 0b 0f 1f 84 00 00 00 00 00 41 57 41 56 41 54 53 49 89 fe 49 bc RSP: 0018:ffffc90000ca66e8 EFLAGS: 00010246 RAX: 0000000000000075 RBX: ffffffff8d430ee8 RCX: de978ae683561100 RDX: 0000000000000000 RSI: 0000000080000000 RDI: 0000000000000000 RBP: dffffc0000000000 R08: ffffffff81663b82 R09: ffffed1017389798 R10: ffffed1017389798 R11: 0000000000000000 R12: ffff88801cdc4250 R13: dffffc0000000000 R14: ffffffff8d430ee0 R15: ffff8880149bc250 FS: 0000000000000000(0000) GS:ffff8880b9c00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007fdd3e5a6740 CR3: 000000002c61d000 CR4: 00000000001506f0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: __list_add include/linux/list.h:67 [inline] list_add_tail include/linux/list.h:100 [inline] em28xx_init_extension+0x52/0x1d0 drivers/media/usb/em28xx/em28xx-core.c:1123 em28xx_init_dev+0x8e9/0x2b40 drivers/media/usb/em28xx/em28xx-cards.c:3630 em28xx_usb_probe+0x15b1/0x2fc0 drivers/media/usb/em28xx/em28xx-cards.c:3979 usb_probe_interface+0x633/0xb40 drivers/usb/core/driver.c:396 call_driver_probe+0x96/0x250 drivers/base/dd.c:517 really_probe+0x223/0x9c0 drivers/base/dd.c:595 __driver_probe_device+0x1f8/0x3e0 drivers/base/dd.c:747 driver_probe_device+0x50/0x240 drivers/base/dd.c:777 __device_attach_driver+0x1e1/0x3b0 drivers/base/dd.c:894 bus_for_each_drv+0x16a/0x1f0 drivers/base/bus.c:427 __device_attach+0x301/0x560 drivers/base/dd.c:965 bus_probe_device+0xb8/0x1f0 drivers/base/bus.c:487 device_add+0x1295/0x1790 drivers/base/core.c:3352 usb_set_configuration+0x1a86/0x2100 drivers/usb/core/message.c:2170 usb_generic_driver_probe+0x83/0x140 drivers/usb/core/generic.c:238 usb_probe_device+0x13a/0x260 drivers/usb/core/driver.c:293 call_driver_probe+0x96/0x250 drivers/base/dd.c:517 really_probe+0x223/0x9c0 drivers/base/dd.c:595 __driver_probe_device+0x1f8/0x3e0 drivers/base/dd.c:747 driver_probe_device+0x50/0x240 drivers/base/dd.c:777 __device_attach_driver+0x1e1/0x3b0 drivers/base/dd.c:894 bus_for_each_drv+0x16a/0x1f0 drivers/base/bus.c:427 __device_attach+0x301/0x560 drivers/base/dd.c:965 bus_probe_device+0xb8/0x1f0 drivers/base/bus.c:487 device_add+0x1295/0x1790 drivers/base/core.c:3352 usb_new_device+0x108a/0x1940 drivers/usb/core/hub.c:2559 hub_port_connect+0x1055/0x27a0 drivers/usb/core/hub.c:5300 hub_port_connect_change+0x5d0/0xbf0 drivers/usb/core/hub.c:5440 port_event+0xaee/0x1140 drivers/usb/core/hub.c:5586 hub_event+0x48d/0xd80 drivers/usb/core/hub.c:5668 process_one_work+0x833/0x10c0 kernel/workqueue.c:2276 process_scheduled_works kernel/workqueue.c:2338 [inline] worker_thread+0xe28/0x1320 kernel/workqueue.c:2424 kthread+0x453/0x480 kernel/kthread.c:319 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:295 Modules linked in: ---[ end trace 2992d227907d3a06 ]--- RIP: 0010:__list_add_valid+0xb6/0xc0 lib/list_debug.c:26 Code: 48 c7 c7 a0 79 93 8a 4c 89 e6 4c 89 f1 31 c0 e8 28 b3 5b fd 0f 0b 48 c7 c7 60 7a 93 8a 4c 89 f6 4c 89 e1 31 c0 e8 12 b3 5b fd <0f> 0b 0f 1f 84 00 00 00 00 00 41 57 41 56 41 54 53 49 89 fe 49 bc RSP: 0018:ffffc90000ca66e8 EFLAGS: 00010246 RAX: 0000000000000075 RBX: ffffffff8d430ee8 RCX: de978ae683561100 RDX: 0000000000000000 RSI: 0000000080000000 RDI: 0000000000000000 RBP: dffffc0000000000 R08: ffffffff81663b82 R09: ffffed1017389798 R10: ffffed1017389798 R11: 0000000000000000 R12: ffff88801cdc4250 R13: dffffc0000000000 R14: ffffffff8d430ee0 R15: ffff8880149bc250 FS: 0000000000000000(0000) GS:ffff8880b9c00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007f9f43406710 CR3: 000000002c61d000 CR4: 00000000001506f0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
| Time | Kernel | Commit | Syzkaller | Config | Log | Report | Syz repro | C repro | VM info | Assets (help?) | Manager | Title |
|---|---|---|---|---|---|---|---|---|---|---|---|---|
| 2021/07/20 21:25 | upstream | 8cae8cd89f05 | 1b201b48 | .config | console log | report | syz | C | ci-upstream-kasan-gce-smack-root | BUG: corrupted list in em28xx_init_extension | ||
| 2021/07/11 10:11 | upstream | 3dbdb38e2869 | 8f5a7b8c | .config | console log | report | syz | C | ci-upstream-kasan-gce-root | BUG: corrupted list in em28xx_init_extension | ||
| 2021/06/22 00:32 | upstream | 13311e74253f | aba2b2fb | .config | console log | report | syz | C | ci-upstream-kasan-gce-smack-root | BUG: corrupted list in em28xx_init_extension | ||
| 2021/06/13 15:00 | upstream | 8ecfa36cd4db | 1ba81399 | .config | console log | report | syz | C | ci-upstream-kasan-gce-root | BUG: corrupted list in em28xx_init_extension | ||
| 2021/03/02 18:38 | upstream | 7a7fd0de4a98 | 92ead296 | .config | console log | report | syz | C | ci-upstream-kasan-gce | BUG: corrupted list in em28xx_init_extension | ||
| 2021/02/08 01:30 | upstream | b75dba7f472c | 2ce644fc | .config | console log | report | syz | C | ci-upstream-kasan-gce | BUG: corrupted list in em28xx_init_extension | ||
| 2021/07/15 18:27 | linux-next | c1a6d08348fc | b9a2f64e | .config | console log | report | syz | C | ci-upstream-linux-next-kasan-gce-root | BUG: corrupted list in em28xx_init_extension | ||
| 2021/01/10 00:11 | https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing | 841081d89d5a | 2c1f2513 | .config | console log | report | syz | C | ci2-upstream-usb | |||
| 2020/12/22 10:27 | https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing | 3644e2d2dda7 | 04201c06 | .config | console log | report | syz | C | ci2-upstream-usb | |||
| 2020/07/06 03:13 | https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing | 768a07412843 | 22f87567 | .config | console log | report | syz | C | ci2-upstream-usb | |||
| 2020/06/09 06:39 | https://github.com/google/kasan.git usb-fuzzer | 2089c6ed5a17 | 0d60b78a | .config | console log | report | syz | C | ci2-upstream-usb | |||
| 2020/05/29 01:51 | https://github.com/google/kasan.git usb-fuzzer | d19c64b3d097 | d19ed305 | .config | console log | report | syz | C | ci2-upstream-usb | |||
| 2020/05/14 04:52 | https://github.com/google/kasan.git usb-fuzzer | 059e7e0ff26c | a885920d | .config | console log | report | syz | C | ci2-upstream-usb | |||
| 2020/03/06 18:04 | https://github.com/google/kasan.git usb-fuzzer | d6ff8147a51c | 7fb694ef | .config | console log | report | syz | C | ci2-upstream-usb | |||
| 2020/03/06 14:14 | https://github.com/google/kasan.git usb-fuzzer | d6ff8147a51c | 7fb694ef | .config | console log | report | syz | C | ci2-upstream-usb | |||
| 2020/02/29 23:47 | https://github.com/google/kasan.git usb-fuzzer | d6ff8147a51c | c88c7b75 | .config | console log | report | syz | C | ci2-upstream-usb | |||
| 2020/01/23 03:16 | https://github.com/google/kasan.git usb-fuzzer | 4cc301ee04d9 | 3334d684 | .config | console log | report | syz | C | ci2-upstream-usb | |||
| 2020/01/25 01:03 | https://github.com/google/kasan.git usb-fuzzer | cd234325a5f1 | 2e95ab33 | .config | console log | report | ci2-upstream-usb |