syzbot

 sign-in | mailing list | source | docs
🐞 Open [1571]
Subsystems
🐞 Fixed [5936]
🐞 Invalid [14430]
Missing Backports [102]
Crashes
Kernel Health Bugs/Month Bug Lifetimes Fuzzing
Total Repo Heatmap Subsystems Heatmap
💬 Send us feedback

Applied filters: Label=subsystems:media (drop)
Title Repro Cause bisect Fix bisect Count Last Reported Patched Closed Patch
WARNING in uvc_status_unregister usb media C done 29237 6m 62d 1/28 never media: uvcvideo: Fix deadlock during uvc_probe
WARNING in iguanair_probe/usb_submit_urb (2) media C done 6 10d 85d 1/28 never media: rc: iguanair: handle timeouts
KMSAN: uninit-value in dib3000mb_attach (2) usb media C 4871 4h10m 1520d 1/28 never media: dvb-frontends: dib3000mb: fix uninit-value in dib3000_write_reg
WARNING in media_create_pad_link usb media C done done 104 29d 1681d 28/28 5d06h 3dd075fe8ebb media: uvcvideo: Require entities to have a non-zero unique ID
WARNING in __v4l2_ctrl_modify_dimensions media C 237 30d 109d 28/28 5d06h 9f070b1862f3 media: v4l2-core: v4l2-dv-timings: check cvt/gtf result
KASAN: use-after-free Read in __media_entity_remove_links usb media C 7 1734d 1832d 25/28 353d 68035c80e129 media: uvcvideo: Avoid cyclic entity chains due to malformed USB descriptors
KASAN: slab-out-of-bounds Read in imon_probe media usb syz 2 461d 483d 25/28 366d a1766a4fd83b media: imon: fix access to invalid resource for the second interface
UBSAN: shift-out-of-bounds in set_flicker usb media syz 5 411d 491d 25/28 366d 099be1822d1f media: gspca: cpia1: shift-out-of-bounds in set_flicker
general protection fault in dma_fence_array_first dri media C done 7 997d 997d 22/28 618d 21d139d73f77 dma-buf/sync-file: fix logic error in new fence merge code
general protection fault in sg_alloc_append_table_from_pages dri media C done 477 698d 1164d 22/28 666d 2b6dd600dd72 udmabuf: validate ubuf->pagecount
KASAN: vmalloc-out-of-bounds Write in tpg_fill_plane_buffer (2) media C inconclusive done 14 691d 1202d 22/28 666d 94a7ad928346 media: vivid: fix compose size exceed boundary
general protection fault in release_udmabuf dri media C inconclusive 31 804d 855d 22/28 666d d9c04a1b7a15 udmabuf: Set ubuf->sg = NULL if the creation of sg table fails
KMSAN: kernel-infoleak in v4l2_compat_put_array_args media 8 763d 1067d 22/28 666d 4e768c8e34e6 media: v4l2-compat-ioctl32.c: zero buffer passed to v4l2_compat_get_array_args()
KASAN: use-after-free Read in si470x_int_in_callback (2) usb media C error 7303 734d 1891d 22/28 666d 7d21e0b1b41b media: si470x: Fix use-after-free in si470x_int_in_callback()
memory leak in airspy_probe media usb C 1 867d 863d 22/28 666d 23bc5eb55f8c media: airspy: fix memory leak in airspy probe
memory leak in dvb_usb_device_init media usb syz 1 771d 941d 22/28 666d 94d90fb06b94 media: dvb-usb: fix memory leak in dvb_usb_adapter_init()
linux-next boot error: WARNING: refcount bug in dvb_register_device media 42 746d 754d 22/28 666d 3a664569b71b media: dvbdev: fix refcnt bug
KMSAN: uninit-value in dvb_usb_adapter_dvb_init (2) usb media C 34 1279d 1495d 20/28 1011d c5453769f77c media: dvb-usb: fix uninit-value in dvb_usb_adapter_dvb_init 899a61a3305d media: usb: dvd-usb: fix uninit-value bug in dibusb_read_eeprom_byte()
KMSAN: uninit-value in legacy_dvb_usb_read_remote_control media usb C 186 1129d 1469d 20/28 1019d afae4ef7d5ad media: dvb-usb: fix ununit-value in az6027_rc_query
INFO: trying to register non-static key in mxl111sf_ctrl_msg usb media C 73 1974d 2077d 20/28 1019d 44870a9e7a3c media: mxl111sf: change mutex_init() location
BUG: corrupted list in em28xx_init_extension usb media C error 18 1249d 1794d 20/28 1019d 2c98b8a3458d media: em28xx: add missing em28xx_close_extension
KMSAN: uninit-value in number (3) media C 8575 1137d 1381d 20/28 1137d eaaea4681984 media: gspca/sq905.c: fix uninitialized variable
memory leak in zr364xx_start_readpipe media usb C 2 1287d 1314d 20/28 1137d 0a045eac8d04 media: zr364xx: fix memory leak in zr364xx_start_readpipe
KMSAN: uninit-value in video_usercopy (2) media 13058 1183d 1376d 20/28 1137d c344f07aa1b4 media: v4l2-core: ignore native time32 ioctls on 64-bit
memory leak in hdcs_probe_1020 media usb C 1 1364d 1360d 20/28 1137d 4f4e6644cd87 media: gscpa/stv06xx: fix memory leak
memory leak in dvb_create_media_graph usb media C 26 1343d 1501d 20/28 1137d bf9a40ae8d72 media: dvbdev: Fix memory leak in dvb_media_device_free()
memory leak in hdcs_probe_1x00 usb media C 1 1394d 1394d 20/28 1137d 4f4e6644cd87 media: gscpa/stv06xx: fix memory leak
memory leak in em28xx_dvb_init media usb C 1 1376d 1376d 20/28 1137d 0ae10a7dc899 media: em28xx: fix memory leak
memory leak in cinergyt2_fe_attach usb media C 3 1442d 1500d 20/28 1137d 9ad1efee086e media: dvd_usb: memory leak in cinergyt2_fe_attach
general protection fault in udmabuf_create dri media C done 2 1232d 1229d 20/28 1137d b9770b0b6eac udmabuf: fix general protection fault in udmabuf_create
WARNING: zero-size vmalloc in dvb_dmx_init usb media C 62 1259d 1323d 20/28 1137d c680ed46e418 media: dvb-usb: fix wrong definition
WARNING in __vmalloc_node_range media usb C 7 1323d 1325d 20/28 1137d c680ed46e418 media: dvb-usb: fix wrong definition
memory leak in usb_urb_init media usb C 1 1450d 1446d 20/28 1137d b7cd0da982e3 media: dvb-usb: fix memory leak in dvb_usb_adapter_init
memory leak in v4l2_ctrl_handler_init_class usb media C 12 1342d 1394d 20/28 1137d 9c39be40c015 media: drivers/media/usb: fix memory leak in zr364xx_probe
UBSAN: shift-out-of-bounds in mceusb_dev_printdata media usb C error 331 1398d 1466d 20/28 1351d 9dec0f48a75e media: mceusb: sanity check for prescaler value
UBSAN: shift-out-of-bounds in std_validate media C unreliable 2 1431d 1431d 20/28 1351d 048c96e28674 media: v4l2-ctrls.c: fix shift-out-of-bounds in std_validate
memory leak in zr364xx_probe usb media C 6 1406d 1459d 20/28 1351d ea354b6ddd6f media: zr364xx: fix memory leaks in probe()
UBSAN: shift-out-of-bounds in mceusb_dev_recv media usb C 13 1398d 1462d 20/28 1351d 1b43bad31fb0 media: mceusb: Fix potential out-of-bounds shift
memory leak in video_usercopy media C 19 1400d 1463d 20/28 1351d fb18802a338b media: v4l: ioctl: Fix memory leak in video_usercopy
kernel BUG at drivers/dma-buf/dma-buf.c:LINE! dri media syz error done 11 1500d 1749d 19/28 1382d e722a295cf49 staging: ion: remove from the tree
KASAN: global-out-of-bounds Read in precalculate_color media C done done 170 1556d 1849d 15/28 1496d e3158a5e7e66 media: vivid: Fix global-out-of-bounds read in precalculate_color()
UBSAN: array-index-out-of-bounds in precalculate_color media C 153 1530d 1556d 15/28 1496d e3158a5e7e66 media: vivid: Fix global-out-of-bounds read in precalculate_color()
WARNING in ati_remote_sendpacket/usb_submit_urb usb media C 22 1667d 1978d 15/28 1496d a8be80053ea7 media: ati_remote: sanity check for both endpoints
KASAN: use-after-free Read in rc_dev_uevent media 1 1597d 1597d 15/28 1548d 4f0835d6677d media: rc: uevent sysfs file races with rc_unregister_device()
KMSAN: uninit-value in video_usercopy media C 28 1613d 1613d 15/28 1548d 4ffb879ea648 media: media/v4l2-core: Fix kernel-infoleak in video_put_user()
KASAN: null-ptr-deref Write in media_request_close media C done 17 1599d 1648d 15/28 1556d e30cc79cc80f media: media-request: Fix crash if memory allocation fails
general protection fault in go7007_usb_probe usb media C 2103 1596d 1704d 15/28 1556d 137641287eb4 go7007: add sanity checking for endpoints
KASAN: use-after-free Read in dmabuffs_dname dri media 1 1754d 1750d 15/28 1603d 4ab59c3c638c dma-buf: Move dma_buf_release() from fops to dentry_ops
WARNING in flexcop_usb_probe/usb_submit_urb usb media C 4 1911d 1949d 15/28 1745d 1b976fc6d684 media: b2c2-flexcop-usb: add sanity checking
KASAN: user-memory-access Write in video_usercopy media 3 1808d 1809d 15/28 1768d 1dc8b65c944e media: v4l2-core: only zero-out ioctl-read buffers
KMSAN: uninit-value in sd_init (2) media usb C 94 1874d 1870d 15/28 1768d de89d0864f66 media: gspca: zero usb_buf
KMSAN: uninit-value in digitv_rc_query media usb C 4 1886d 1869d 15/28 1768d eecc70d22ae5 media: digitv: don't continue if remote control state can't be read 569bc8d6a6a5 media: dvb-usb/dvb-usb-urb.c: initialize actlen to 0
KMSAN: uninit-value in number media usb C 190 1772d 1870d 15/28 1768d 51d0c99b391f media: af9005: uninitialized variable printked
KMSAN: uninit-value in i2c_w (2) media usb C 3 1881d 1869d 15/28 1768d de89d0864f66 media: gspca: zero usb_buf
KMSAN: uninit-value in read_sensor_register (2) media usb C 44 1875d 1892d 15/28 1768d de89d0864f66 media: gspca: zero usb_buf
WARNING in uvc_scan_chain_forward usb media C 6 1807d 1832d 15/28 1768d 68035c80e129 media: uvcvideo: Avoid cyclic entity chains due to malformed USB descriptors
KMSAN: uninit-value in dvb_usb_adapter_dvb_init media 1 1877d 1870d 15/28 1768d 26cff637121d media: vp7045: do not read uninitialized values if usb transfer fails
KASAN: null-ptr-deref Read in refcount_sub_and_test_checked (2) media C inconclusive done 916 2027d 2229d 15/28 1768d 62dcb4f41836 media: vb2: check memory model for VIDIOC_CREATE_BUFS
general protection fault in flexcop_usb_probe usb media C 403 1849d 2080d 15/28 1835d 1b976fc6d684 media: b2c2-flexcop-usb: add sanity checking
kernel BUG at kernel/time/timer.c:LINE! (4) media usb syz 1 1905d 1902d 15/28 1835d f3f5ba42c58d media: imon: invalid dereference in imon_touch_event
INFO: trying to register non-static key in ida_destroy usb media C 4272 1849d 1971d 15/28 1835d 8c279e9394ca media: uvcvideo: Fix error path in control parsing failure
general protection fault in vb2_mmap media C inconclusive done 21 2188d 2232d 13/28 1866d cd26d1c4d1bc media: vb2: vb2_mmap: move lock up
WARNING in dma_buf_vunmap dri media C done done 17 2192d 2230d 13/28 1866d 62dcb4f41836 media: vb2: check memory model for VIDIOC_CREATE_BUFS
KASAN: use-after-free Write in __vb2_cleanup_fileio media C done inconclusive 2 2242d 2244d 13/28 1870d d65842f7126a media: vb2: add waiting_in_dqbuf flag
WARNING in em28xx_usb_disconnect usb media C 8 1928d 1961d 13/28 1893d 46e4a26615cc media: em28xx: modules workqueue not inited for 2nd device
KASAN: use-after-free Read in si470x_int_in_callback usb media C 25 1903d 1992d 13/28 1893d 0d616f2a3fdb media: radio/si470x: kill urb on error
KMSAN: uninit-value in read_sensor_register media usb C 25 1893d 2023d 13/28 1893d 4843a543fad3 media: gspca: zero usb_buf on error
KASAN: slab-out-of-bounds Read in hdpvr_probe usb media C 10 1930d 2005d 13/28 1893d 8b8900b729e4 media: hdpvr: add terminating 0 at end of string
KASAN: slab-out-of-bounds Read in technisat_usb2_rc_query usb media C 2236 1939d 2077d 13/28 1893d 0c4df39e504b media: technisat-usb2: break out of loop at end of buffer
KASAN: global-out-of-bounds Read in dvb_pll_attach media usb C 2 1931d 1990d 13/28 1893d c268e7adea52 media: dvb-frontends: use ida for pll number
KASAN: global-out-of-bounds Read in hdpvr_probe usb media C 15 1946d 2060d 13/28 1893d d4a6a9537bc3 media: hdpvr: Add device num check and handling
KMSAN: uninit-value in i2c_w usb media C 2 2027d 2026d 13/28 1893d 4843a543fad3 media: gspca: zero usb_buf on error
KMSAN: uninit-value in sd_init media usb C 122 1893d 2026d 13/28 1893d 4843a543fad3 media: gspca: zero usb_buf on error
WARNING in iguanair_probe/usb_submit_urb media usb C 3 1924d 1975d 13/28 1893d ab1cbdf159be media: iguanair: add sanity checks
KASAN: use-after-free Read in cpia2_usb_disconnect usb media C 3 1991d 2076d 12/28 1965d eff73de2b160 media: cpia2_usb: first wake up, then free in disconnect
KASAN: slab-out-of-bounds Read in au0828_rc_unregister (2) media 11 2036d 2047d 12/28 1965d 6d0d1ff9ff21 media: au0828: fix null dereference in error path
KASAN: null-ptr-deref Read in zr364xx_vidioc_querycap usb media C 76 1972d 2063d 12/28 1965d 5d2e73a5f80a media: usb:zr364xx:Fix KASAN:null-ptr-deref Read in zr364xx_vidioc_querycap
KASAN: use-after-free Read in v4l2_release usb media C 275 1973d 2077d 12/28 1965d c666355e60dd media: radio-raremono: change devm_k*alloc to k*alloc
general protection fault in smsusb_init_device media usb C 23 2035d 2074d 12/28 2011d 31e0456de5be media: usb: siano: Fix general protection fault in smsusb
kernel BUG at arch/x86/mm/physaddr.c:LINE! (2) media C done 522 2017d 2226d 12/28 2016d dad7e270ba71 media: vivid: use vfree() instead of kfree() for dev->bitmap_cap
WARNING in get_q_data media C 649 2143d 2152d 11/28 2095d db9a01b32ca9 media: vicodec: check type in g/s_selection
KMSAN: kernel-infoleak in video_usercopy media C 410 2095d 2195d 11/28 2095d f45f3f753b0a media: v4l2-ctrls.c/uvc: zero v4l2_event
general protection fault in __vb2_queue_free media C 38 2187d 2243d 11/28 2171d 62dcb4f41836 media: vb2: check memory model for VIDIOC_CREATE_BUFS
INFO: task hung in flush_workqueue media C 293 2190d 2241d 11/28 2171d 52117be68b82 media: vim2m: use cancel_delayed_work_sync instead of flush_schedule_work
KASAN: null-ptr-deref Write in kthread_stop media C 2527 2187d 2245d 11/28 2171d 701f49bc028e media: vivid: fix error handling of kthread_run
divide error in vivid_vid_cap_s_dv_timings media C 108 2187d 2244d 11/28 2171d 9729d6d282a6 media: vivid: set min width/height to a value > 0
KASAN: use-after-free Read in vb2_mmap media C 276 2187d 2244d 11/28 2171d cd26d1c4d1bc media: vb2: vb2_mmap: move lock up
BUG: pagefault on kernel address ADDR in non-whitelisted uaccess media C 17 2196d 2241d 11/28 2171d 560ccb75c2ca media: vivid: free bitmap_cap when updating std/timings/etc.
KASAN: global-out-of-bounds Read in tpg_print_str_4 media C 52 2210d 2235d 11/28 2171d e5f71a27fa12 media: v4l2-tpg: array index could become negative
KASAN: null-ptr-deref Read in refcount_sub_and_test_checked media C 31 2238d 2269d 11/28 2230d fda21d46cce2 ipv6: do not leave garbage in rt->fib6_metrics