syzbot


Applied filters: Label=subsystems:media (drop)
Title Repro Cause bisect Fix bisect Count Last Reported Patched Closed Patch
KASAN: use-after-free Read in __media_entity_remove_links usb media C 7 1659d 1757d 25/28 278d 68035c80e129 media: uvcvideo: Avoid cyclic entity chains due to malformed USB descriptors
KASAN: slab-out-of-bounds Read in imon_probe media usb syz 2 387d 409d 25/28 292d a1766a4fd83b media: imon: fix access to invalid resource for the second interface
UBSAN: shift-out-of-bounds in set_flicker usb media syz 5 337d 417d 25/28 292d 099be1822d1f media: gspca: cpia1: shift-out-of-bounds in set_flicker
general protection fault in dma_fence_array_first dri media C done 7 923d 923d 22/28 544d 21d139d73f77 dma-buf/sync-file: fix logic error in new fence merge code
general protection fault in sg_alloc_append_table_from_pages dri media C done 477 624d 1090d 22/28 591d 2b6dd600dd72 udmabuf: validate ubuf->pagecount
KASAN: vmalloc-out-of-bounds Write in tpg_fill_plane_buffer (2) media C inconclusive done 14 616d 1128d 22/28 591d 94a7ad928346 media: vivid: fix compose size exceed boundary
general protection fault in release_udmabuf dri media C inconclusive 31 730d 781d 22/28 591d d9c04a1b7a15 udmabuf: Set ubuf->sg = NULL if the creation of sg table fails
KMSAN: kernel-infoleak in v4l2_compat_put_array_args media 8 689d 993d 22/28 591d 4e768c8e34e6 media: v4l2-compat-ioctl32.c: zero buffer passed to v4l2_compat_get_array_args()
KASAN: use-after-free Read in si470x_int_in_callback (2) usb media C error 7303 659d 1816d 22/28 591d 7d21e0b1b41b media: si470x: Fix use-after-free in si470x_int_in_callback()
memory leak in airspy_probe media usb C 1 793d 789d 22/28 591d 23bc5eb55f8c media: airspy: fix memory leak in airspy probe
memory leak in dvb_usb_device_init media usb syz 1 697d 867d 22/28 591d 94d90fb06b94 media: dvb-usb: fix memory leak in dvb_usb_adapter_init()
linux-next boot error: WARNING: refcount bug in dvb_register_device media 42 671d 679d 22/28 591d 3a664569b71b media: dvbdev: fix refcnt bug
KMSAN: uninit-value in dvb_usb_adapter_dvb_init (2) usb media C 34 1205d 1420d 20/28 936d c5453769f77c media: dvb-usb: fix uninit-value in dvb_usb_adapter_dvb_init 899a61a3305d media: usb: dvd-usb: fix uninit-value bug in dibusb_read_eeprom_byte()
KMSAN: uninit-value in legacy_dvb_usb_read_remote_control media usb C 186 1054d 1395d 20/28 944d afae4ef7d5ad media: dvb-usb: fix ununit-value in az6027_rc_query
INFO: trying to register non-static key in mxl111sf_ctrl_msg usb media C 73 1899d 2003d 20/28 944d 44870a9e7a3c media: mxl111sf: change mutex_init() location
BUG: corrupted list in em28xx_init_extension usb media C error 18 1175d 1719d 20/28 944d 2c98b8a3458d media: em28xx: add missing em28xx_close_extension
KMSAN: uninit-value in number (3) media C 8575 1063d 1306d 20/28 1063d eaaea4681984 media: gspca/sq905.c: fix uninitialized variable
memory leak in zr364xx_start_readpipe media usb C 2 1212d 1239d 20/28 1063d 0a045eac8d04 media: zr364xx: fix memory leak in zr364xx_start_readpipe
KMSAN: uninit-value in video_usercopy (2) media 13058 1109d 1301d 20/28 1063d c344f07aa1b4 media: v4l2-core: ignore native time32 ioctls on 64-bit
memory leak in hdcs_probe_1020 media usb C 1 1290d 1286d 20/28 1063d 4f4e6644cd87 media: gscpa/stv06xx: fix memory leak
memory leak in dvb_create_media_graph usb media C 26 1268d 1426d 20/28 1063d bf9a40ae8d72 media: dvbdev: Fix memory leak in dvb_media_device_free()
memory leak in hdcs_probe_1x00 usb media C 1 1319d 1319d 20/28 1063d 4f4e6644cd87 media: gscpa/stv06xx: fix memory leak
memory leak in em28xx_dvb_init media usb C 1 1301d 1301d 20/28 1063d 0ae10a7dc899 media: em28xx: fix memory leak
memory leak in cinergyt2_fe_attach usb media C 3 1368d 1425d 20/28 1063d 9ad1efee086e media: dvd_usb: memory leak in cinergyt2_fe_attach
general protection fault in udmabuf_create dri media C done 2 1157d 1154d 20/28 1063d b9770b0b6eac udmabuf: fix general protection fault in udmabuf_create
WARNING: zero-size vmalloc in dvb_dmx_init usb media C 62 1185d 1249d 20/28 1063d c680ed46e418 media: dvb-usb: fix wrong definition
WARNING in __vmalloc_node_range media usb C 7 1249d 1250d 20/28 1063d c680ed46e418 media: dvb-usb: fix wrong definition
memory leak in usb_urb_init media usb C 1 1376d 1372d 20/28 1063d b7cd0da982e3 media: dvb-usb: fix memory leak in dvb_usb_adapter_init
memory leak in v4l2_ctrl_handler_init_class usb media C 12 1268d 1320d 20/28 1063d 9c39be40c015 media: drivers/media/usb: fix memory leak in zr364xx_probe
UBSAN: shift-out-of-bounds in mceusb_dev_printdata media usb C error 331 1324d 1391d 20/28 1277d 9dec0f48a75e media: mceusb: sanity check for prescaler value
UBSAN: shift-out-of-bounds in std_validate media C unreliable 2 1357d 1357d 20/28 1277d 048c96e28674 media: v4l2-ctrls.c: fix shift-out-of-bounds in std_validate
memory leak in zr364xx_probe usb media C 6 1331d 1384d 20/28 1277d ea354b6ddd6f media: zr364xx: fix memory leaks in probe()
UBSAN: shift-out-of-bounds in mceusb_dev_recv media usb C 13 1324d 1388d 20/28 1277d 1b43bad31fb0 media: mceusb: Fix potential out-of-bounds shift
memory leak in video_usercopy media C 19 1325d 1388d 20/28 1277d fb18802a338b media: v4l: ioctl: Fix memory leak in video_usercopy
kernel BUG at drivers/dma-buf/dma-buf.c:LINE! dri media syz error done 11 1425d 1675d 19/28 1308d e722a295cf49 staging: ion: remove from the tree
KASAN: global-out-of-bounds Read in precalculate_color media C done done 170 1482d 1775d 15/28 1421d e3158a5e7e66 media: vivid: Fix global-out-of-bounds read in precalculate_color()
UBSAN: array-index-out-of-bounds in precalculate_color media C 153 1456d 1481d 15/28 1421d e3158a5e7e66 media: vivid: Fix global-out-of-bounds read in precalculate_color()
WARNING in ati_remote_sendpacket/usb_submit_urb usb media C 22 1592d 1903d 15/28 1421d a8be80053ea7 media: ati_remote: sanity check for both endpoints
KASAN: use-after-free Read in rc_dev_uevent media 1 1523d 1522d 15/28 1474d 4f0835d6677d media: rc: uevent sysfs file races with rc_unregister_device()
KMSAN: uninit-value in video_usercopy media C 28 1539d 1539d 15/28 1474d 4ffb879ea648 media: media/v4l2-core: Fix kernel-infoleak in video_put_user()
KASAN: null-ptr-deref Write in media_request_close media C done 17 1525d 1573d 15/28 1482d e30cc79cc80f media: media-request: Fix crash if memory allocation fails
general protection fault in go7007_usb_probe usb media C 2103 1521d 1630d 15/28 1482d 137641287eb4 go7007: add sanity checking for endpoints
KASAN: use-after-free Read in dmabuffs_dname dri media 1 1680d 1676d 15/28 1529d 4ab59c3c638c dma-buf: Move dma_buf_release() from fops to dentry_ops
WARNING in flexcop_usb_probe/usb_submit_urb usb media C 4 1837d 1874d 15/28 1671d 1b976fc6d684 media: b2c2-flexcop-usb: add sanity checking
KASAN: user-memory-access Write in video_usercopy media 3 1734d 1734d 15/28 1693d 1dc8b65c944e media: v4l2-core: only zero-out ioctl-read buffers
KMSAN: uninit-value in sd_init (2) media usb C 94 1799d 1795d 15/28 1693d de89d0864f66 media: gspca: zero usb_buf
KMSAN: uninit-value in digitv_rc_query media usb C 4 1812d 1795d 15/28 1693d eecc70d22ae5 media: digitv: don't continue if remote control state can't be read 569bc8d6a6a5 media: dvb-usb/dvb-usb-urb.c: initialize actlen to 0
KMSAN: uninit-value in number media usb C 190 1697d 1795d 15/28 1693d 51d0c99b391f media: af9005: uninitialized variable printked
KMSAN: uninit-value in i2c_w (2) media usb C 3 1807d 1795d 15/28 1693d de89d0864f66 media: gspca: zero usb_buf
KMSAN: uninit-value in read_sensor_register (2) media usb C 44 1800d 1818d 15/28 1693d de89d0864f66 media: gspca: zero usb_buf
WARNING in uvc_scan_chain_forward usb media C 6 1733d 1757d 15/28 1693d 68035c80e129 media: uvcvideo: Avoid cyclic entity chains due to malformed USB descriptors
KMSAN: uninit-value in dvb_usb_adapter_dvb_init media 1 1803d 1795d 15/28 1693d 26cff637121d media: vp7045: do not read uninitialized values if usb transfer fails
KASAN: null-ptr-deref Read in refcount_sub_and_test_checked (2) media C inconclusive done 916 1953d 2154d 15/28 1693d 62dcb4f41836 media: vb2: check memory model for VIDIOC_CREATE_BUFS
general protection fault in flexcop_usb_probe usb media C 403 1775d 2005d 15/28 1761d 1b976fc6d684 media: b2c2-flexcop-usb: add sanity checking
kernel BUG at kernel/time/timer.c:LINE! (4) media usb syz 1 1831d 1827d 15/28 1761d f3f5ba42c58d media: imon: invalid dereference in imon_touch_event
INFO: trying to register non-static key in ida_destroy usb media C 4272 1774d 1897d 15/28 1761d 8c279e9394ca media: uvcvideo: Fix error path in control parsing failure
general protection fault in vb2_mmap media C inconclusive done 21 2113d 2158d 13/28 1792d cd26d1c4d1bc media: vb2: vb2_mmap: move lock up
WARNING in dma_buf_vunmap dri media C done done 17 2118d 2156d 13/28 1792d 62dcb4f41836 media: vb2: check memory model for VIDIOC_CREATE_BUFS
KASAN: use-after-free Write in __vb2_cleanup_fileio media C done inconclusive 2 2167d 2170d 13/28 1796d d65842f7126a media: vb2: add waiting_in_dqbuf flag
WARNING in em28xx_usb_disconnect usb media C 8 1854d 1886d 13/28 1819d 46e4a26615cc media: em28xx: modules workqueue not inited for 2nd device
KASAN: use-after-free Read in si470x_int_in_callback usb media C 25 1828d 1917d 13/28 1819d 0d616f2a3fdb media: radio/si470x: kill urb on error
KMSAN: uninit-value in read_sensor_register media usb C 25 1819d 1949d 13/28 1819d 4843a543fad3 media: gspca: zero usb_buf on error
KASAN: slab-out-of-bounds Read in hdpvr_probe usb media C 10 1855d 1931d 13/28 1819d 8b8900b729e4 media: hdpvr: add terminating 0 at end of string
KASAN: slab-out-of-bounds Read in technisat_usb2_rc_query usb media C 2236 1865d 2003d 13/28 1819d 0c4df39e504b media: technisat-usb2: break out of loop at end of buffer
KASAN: global-out-of-bounds Read in dvb_pll_attach media usb C 2 1857d 1916d 13/28 1819d c268e7adea52 media: dvb-frontends: use ida for pll number
KASAN: global-out-of-bounds Read in hdpvr_probe usb media C 15 1872d 1985d 13/28 1819d d4a6a9537bc3 media: hdpvr: Add device num check and handling
KMSAN: uninit-value in i2c_w usb media C 2 1953d 1952d 13/28 1819d 4843a543fad3 media: gspca: zero usb_buf on error
KMSAN: uninit-value in sd_init media usb C 122 1819d 1952d 13/28 1819d 4843a543fad3 media: gspca: zero usb_buf on error
WARNING in iguanair_probe/usb_submit_urb media usb C 3 1850d 1900d 13/28 1819d ab1cbdf159be media: iguanair: add sanity checks
KASAN: use-after-free Read in cpia2_usb_disconnect usb media C 3 1917d 2001d 12/28 1890d eff73de2b160 media: cpia2_usb: first wake up, then free in disconnect
KASAN: slab-out-of-bounds Read in au0828_rc_unregister (2) media 11 1961d 1972d 12/28 1890d 6d0d1ff9ff21 media: au0828: fix null dereference in error path
KASAN: null-ptr-deref Read in zr364xx_vidioc_querycap usb media C 76 1898d 1988d 12/28 1890d 5d2e73a5f80a media: usb:zr364xx:Fix KASAN:null-ptr-deref Read in zr364xx_vidioc_querycap
KASAN: use-after-free Read in v4l2_release usb media C 275 1898d 2002d 12/28 1890d c666355e60dd media: radio-raremono: change devm_k*alloc to k*alloc
general protection fault in smsusb_init_device media usb C 23 1960d 1999d 12/28 1937d 31e0456de5be media: usb: siano: Fix general protection fault in smsusb
kernel BUG at arch/x86/mm/physaddr.c:LINE! (2) media C done 522 1942d 2152d 12/28 1942d dad7e270ba71 media: vivid: use vfree() instead of kfree() for dev->bitmap_cap
WARNING in get_q_data media C 649 2068d 2078d 11/28 2020d db9a01b32ca9 media: vicodec: check type in g/s_selection
KMSAN: kernel-infoleak in video_usercopy media C 410 2021d 2120d 11/28 2020d f45f3f753b0a media: v4l2-ctrls.c/uvc: zero v4l2_event
general protection fault in __vb2_queue_free media C 38 2113d 2169d 11/28 2097d 62dcb4f41836 media: vb2: check memory model for VIDIOC_CREATE_BUFS
INFO: task hung in flush_workqueue media C 293 2116d 2167d 11/28 2097d 52117be68b82 media: vim2m: use cancel_delayed_work_sync instead of flush_schedule_work
KASAN: null-ptr-deref Write in kthread_stop media C 2527 2113d 2170d 11/28 2097d 701f49bc028e media: vivid: fix error handling of kthread_run
divide error in vivid_vid_cap_s_dv_timings media C 108 2113d 2170d 11/28 2097d 9729d6d282a6 media: vivid: set min width/height to a value > 0
KASAN: use-after-free Read in vb2_mmap media C 276 2113d 2169d 11/28 2097d cd26d1c4d1bc media: vb2: vb2_mmap: move lock up
BUG: pagefault on kernel address ADDR in non-whitelisted uaccess media C 17 2122d 2167d 11/28 2097d 560ccb75c2ca media: vivid: free bitmap_cap when updating std/timings/etc.
KASAN: global-out-of-bounds Read in tpg_print_str_4 media C 52 2135d 2160d 11/28 2097d e5f71a27fa12 media: v4l2-tpg: array index could become negative
KASAN: null-ptr-deref Read in refcount_sub_and_test_checked media C 31 2163d 2194d 11/28 2156d fda21d46cce2 ipv6: do not leave garbage in rt->fib6_metrics