syzbot


Applied filters: Label=subsystems:media (drop)
Title Repro Cause bisect Fix bisect Count Last Reported Patched Closed Patch
KASAN: use-after-free Read in __media_entity_remove_links usb media C 7 1638d 1737d 25/28 257d 68035c80e129 media: uvcvideo: Avoid cyclic entity chains due to malformed USB descriptors
KASAN: slab-out-of-bounds Read in imon_probe media usb syz 2 366d 388d 25/28 271d a1766a4fd83b media: imon: fix access to invalid resource for the second interface
UBSAN: shift-out-of-bounds in set_flicker usb media syz 5 316d 396d 25/28 271d 099be1822d1f media: gspca: cpia1: shift-out-of-bounds in set_flicker
general protection fault in dma_fence_array_first dri media C done 7 902d 902d 22/28 523d 21d139d73f77 dma-buf/sync-file: fix logic error in new fence merge code
general protection fault in sg_alloc_append_table_from_pages dri media C done 477 603d 1069d 22/28 570d 2b6dd600dd72 udmabuf: validate ubuf->pagecount
KASAN: vmalloc-out-of-bounds Write in tpg_fill_plane_buffer (2) media C inconclusive done 14 595d 1107d 22/28 570d 94a7ad928346 media: vivid: fix compose size exceed boundary
general protection fault in release_udmabuf dri media C inconclusive 31 709d 760d 22/28 570d d9c04a1b7a15 udmabuf: Set ubuf->sg = NULL if the creation of sg table fails
KMSAN: kernel-infoleak in v4l2_compat_put_array_args media 8 668d 972d 22/28 570d 4e768c8e34e6 media: v4l2-compat-ioctl32.c: zero buffer passed to v4l2_compat_get_array_args()
KASAN: use-after-free Read in si470x_int_in_callback (2) usb media C error 7303 638d 1795d 22/28 570d 7d21e0b1b41b media: si470x: Fix use-after-free in si470x_int_in_callback()
memory leak in airspy_probe media usb C 1 772d 768d 22/28 570d 23bc5eb55f8c media: airspy: fix memory leak in airspy probe
memory leak in dvb_usb_device_init media usb syz 1 676d 846d 22/28 570d 94d90fb06b94 media: dvb-usb: fix memory leak in dvb_usb_adapter_init()
linux-next boot error: WARNING: refcount bug in dvb_register_device media 42 650d 659d 22/28 570d 3a664569b71b media: dvbdev: fix refcnt bug
KMSAN: uninit-value in dvb_usb_adapter_dvb_init (2) usb media C 34 1184d 1399d 20/28 915d c5453769f77c media: dvb-usb: fix uninit-value in dvb_usb_adapter_dvb_init 899a61a3305d media: usb: dvd-usb: fix uninit-value bug in dibusb_read_eeprom_byte()
KMSAN: uninit-value in legacy_dvb_usb_read_remote_control media usb C 186 1034d 1374d 20/28 923d afae4ef7d5ad media: dvb-usb: fix ununit-value in az6027_rc_query
INFO: trying to register non-static key in mxl111sf_ctrl_msg usb media C 73 1879d 1982d 20/28 923d 44870a9e7a3c media: mxl111sf: change mutex_init() location
BUG: corrupted list in em28xx_init_extension usb media C error 18 1154d 1699d 20/28 923d 2c98b8a3458d media: em28xx: add missing em28xx_close_extension
KMSAN: uninit-value in number (3) media C 8575 1042d 1286d 20/28 1042d eaaea4681984 media: gspca/sq905.c: fix uninitialized variable
memory leak in zr364xx_start_readpipe media usb C 2 1191d 1219d 20/28 1042d 0a045eac8d04 media: zr364xx: fix memory leak in zr364xx_start_readpipe
KMSAN: uninit-value in video_usercopy (2) media 13058 1088d 1281d 20/28 1042d c344f07aa1b4 media: v4l2-core: ignore native time32 ioctls on 64-bit
memory leak in hdcs_probe_1020 media usb C 1 1269d 1265d 20/28 1042d 4f4e6644cd87 media: gscpa/stv06xx: fix memory leak
memory leak in dvb_create_media_graph usb media C 26 1248d 1405d 20/28 1042d bf9a40ae8d72 media: dvbdev: Fix memory leak in dvb_media_device_free()
memory leak in hdcs_probe_1x00 usb media C 1 1299d 1298d 20/28 1042d 4f4e6644cd87 media: gscpa/stv06xx: fix memory leak
memory leak in em28xx_dvb_init media usb C 1 1281d 1281d 20/28 1042d 0ae10a7dc899 media: em28xx: fix memory leak
memory leak in cinergyt2_fe_attach usb media C 3 1347d 1404d 20/28 1042d 9ad1efee086e media: dvd_usb: memory leak in cinergyt2_fe_attach
general protection fault in udmabuf_create dri media C done 2 1137d 1133d 20/28 1042d b9770b0b6eac udmabuf: fix general protection fault in udmabuf_create
WARNING: zero-size vmalloc in dvb_dmx_init usb media C 62 1164d 1228d 20/28 1042d c680ed46e418 media: dvb-usb: fix wrong definition
WARNING in __vmalloc_node_range media usb C 7 1228d 1230d 20/28 1042d c680ed46e418 media: dvb-usb: fix wrong definition
memory leak in usb_urb_init media usb C 1 1355d 1351d 20/28 1042d b7cd0da982e3 media: dvb-usb: fix memory leak in dvb_usb_adapter_init
memory leak in v4l2_ctrl_handler_init_class usb media C 12 1247d 1299d 20/28 1042d 9c39be40c015 media: drivers/media/usb: fix memory leak in zr364xx_probe
UBSAN: shift-out-of-bounds in mceusb_dev_printdata media usb C error 331 1303d 1370d 20/28 1256d 9dec0f48a75e media: mceusb: sanity check for prescaler value
UBSAN: shift-out-of-bounds in std_validate media C unreliable 2 1336d 1336d 20/28 1256d 048c96e28674 media: v4l2-ctrls.c: fix shift-out-of-bounds in std_validate
memory leak in zr364xx_probe usb media C 6 1311d 1363d 20/28 1256d ea354b6ddd6f media: zr364xx: fix memory leaks in probe()
UBSAN: shift-out-of-bounds in mceusb_dev_recv media usb C 13 1303d 1367d 20/28 1256d 1b43bad31fb0 media: mceusb: Fix potential out-of-bounds shift
memory leak in video_usercopy media C 19 1305d 1368d 20/28 1256d fb18802a338b media: v4l: ioctl: Fix memory leak in video_usercopy
kernel BUG at drivers/dma-buf/dma-buf.c:LINE! dri media syz error done 11 1405d 1654d 19/28 1287d e722a295cf49 staging: ion: remove from the tree
KASAN: global-out-of-bounds Read in precalculate_color media C done done 170 1461d 1754d 15/28 1401d e3158a5e7e66 media: vivid: Fix global-out-of-bounds read in precalculate_color()
UBSAN: array-index-out-of-bounds in precalculate_color media C 153 1435d 1461d 15/28 1401d e3158a5e7e66 media: vivid: Fix global-out-of-bounds read in precalculate_color()
WARNING in ati_remote_sendpacket/usb_submit_urb usb media C 22 1572d 1883d 15/28 1401d a8be80053ea7 media: ati_remote: sanity check for both endpoints
KASAN: use-after-free Read in rc_dev_uevent media 1 1502d 1502d 15/28 1453d 4f0835d6677d media: rc: uevent sysfs file races with rc_unregister_device()
KMSAN: uninit-value in video_usercopy media C 28 1518d 1518d 15/28 1453d 4ffb879ea648 media: media/v4l2-core: Fix kernel-infoleak in video_put_user()
KASAN: null-ptr-deref Write in media_request_close media C done 17 1504d 1553d 15/28 1461d e30cc79cc80f media: media-request: Fix crash if memory allocation fails
general protection fault in go7007_usb_probe usb media C 2103 1501d 1609d 15/28 1461d 137641287eb4 go7007: add sanity checking for endpoints
KASAN: use-after-free Read in dmabuffs_dname dri media 1 1659d 1655d 15/28 1508d 4ab59c3c638c dma-buf: Move dma_buf_release() from fops to dentry_ops
WARNING in flexcop_usb_probe/usb_submit_urb usb media C 4 1816d 1854d 15/28 1650d 1b976fc6d684 media: b2c2-flexcop-usb: add sanity checking
KASAN: user-memory-access Write in video_usercopy media 3 1713d 1714d 15/28 1672d 1dc8b65c944e media: v4l2-core: only zero-out ioctl-read buffers
KMSAN: uninit-value in sd_init (2) media usb C 94 1778d 1775d 15/28 1672d de89d0864f66 media: gspca: zero usb_buf
KMSAN: uninit-value in digitv_rc_query media usb C 4 1791d 1774d 15/28 1672d eecc70d22ae5 media: digitv: don't continue if remote control state can't be read 569bc8d6a6a5 media: dvb-usb/dvb-usb-urb.c: initialize actlen to 0
KMSAN: uninit-value in number media usb C 190 1677d 1775d 15/28 1672d 51d0c99b391f media: af9005: uninitialized variable printked
KMSAN: uninit-value in i2c_w (2) media usb C 3 1786d 1774d 15/28 1672d de89d0864f66 media: gspca: zero usb_buf
KMSAN: uninit-value in read_sensor_register (2) media usb C 44 1780d 1797d 15/28 1672d de89d0864f66 media: gspca: zero usb_buf
WARNING in uvc_scan_chain_forward usb media C 6 1712d 1737d 15/28 1672d 68035c80e129 media: uvcvideo: Avoid cyclic entity chains due to malformed USB descriptors
KMSAN: uninit-value in dvb_usb_adapter_dvb_init media 1 1782d 1775d 15/28 1672d 26cff637121d media: vp7045: do not read uninitialized values if usb transfer fails
KASAN: null-ptr-deref Read in refcount_sub_and_test_checked (2) media C inconclusive done 916 1932d 2134d 15/28 1673d 62dcb4f41836 media: vb2: check memory model for VIDIOC_CREATE_BUFS
general protection fault in flexcop_usb_probe usb media C 403 1754d 1985d 15/28 1740d 1b976fc6d684 media: b2c2-flexcop-usb: add sanity checking
kernel BUG at kernel/time/timer.c:LINE! (4) media usb syz 1 1810d 1806d 15/28 1740d f3f5ba42c58d media: imon: invalid dereference in imon_touch_event
INFO: trying to register non-static key in ida_destroy usb media C 4272 1753d 1876d 15/28 1740d 8c279e9394ca media: uvcvideo: Fix error path in control parsing failure
general protection fault in vb2_mmap media C inconclusive done 21 2093d 2137d 13/28 1771d cd26d1c4d1bc media: vb2: vb2_mmap: move lock up
WARNING in dma_buf_vunmap dri media C done done 17 2097d 2135d 13/28 1771d 62dcb4f41836 media: vb2: check memory model for VIDIOC_CREATE_BUFS
KASAN: use-after-free Write in __vb2_cleanup_fileio media C done inconclusive 2 2147d 2149d 13/28 1775d d65842f7126a media: vb2: add waiting_in_dqbuf flag
WARNING in em28xx_usb_disconnect usb media C 8 1833d 1866d 13/28 1798d 46e4a26615cc media: em28xx: modules workqueue not inited for 2nd device
KASAN: use-after-free Read in si470x_int_in_callback usb media C 25 1808d 1897d 13/28 1798d 0d616f2a3fdb media: radio/si470x: kill urb on error
KMSAN: uninit-value in read_sensor_register media usb C 25 1798d 1928d 13/28 1798d 4843a543fad3 media: gspca: zero usb_buf on error
KASAN: slab-out-of-bounds Read in hdpvr_probe usb media C 10 1835d 1910d 13/28 1798d 8b8900b729e4 media: hdpvr: add terminating 0 at end of string
KASAN: slab-out-of-bounds Read in technisat_usb2_rc_query usb media C 2236 1844d 1982d 13/28 1798d 0c4df39e504b media: technisat-usb2: break out of loop at end of buffer
KASAN: global-out-of-bounds Read in dvb_pll_attach media usb C 2 1836d 1895d 13/28 1798d c268e7adea52 media: dvb-frontends: use ida for pll number
KASAN: global-out-of-bounds Read in hdpvr_probe usb media C 15 1851d 1965d 13/28 1798d d4a6a9537bc3 media: hdpvr: Add device num check and handling
KMSAN: uninit-value in i2c_w usb media C 2 1932d 1931d 13/28 1798d 4843a543fad3 media: gspca: zero usb_buf on error
KMSAN: uninit-value in sd_init media usb C 122 1798d 1931d 13/28 1798d 4843a543fad3 media: gspca: zero usb_buf on error
WARNING in iguanair_probe/usb_submit_urb media usb C 3 1829d 1880d 13/28 1798d ab1cbdf159be media: iguanair: add sanity checks
KASAN: use-after-free Read in cpia2_usb_disconnect usb media C 3 1896d 1981d 12/28 1869d eff73de2b160 media: cpia2_usb: first wake up, then free in disconnect
KASAN: slab-out-of-bounds Read in au0828_rc_unregister (2) media 11 1941d 1951d 12/28 1869d 6d0d1ff9ff21 media: au0828: fix null dereference in error path
KASAN: null-ptr-deref Read in zr364xx_vidioc_querycap usb media C 76 1877d 1968d 12/28 1869d 5d2e73a5f80a media: usb:zr364xx:Fix KASAN:null-ptr-deref Read in zr364xx_vidioc_querycap
KASAN: use-after-free Read in v4l2_release usb media C 275 1878d 1981d 12/28 1869d c666355e60dd media: radio-raremono: change devm_k*alloc to k*alloc
general protection fault in smsusb_init_device media usb C 23 1940d 1979d 12/28 1916d 31e0456de5be media: usb: siano: Fix general protection fault in smsusb
kernel BUG at arch/x86/mm/physaddr.c:LINE! (2) media C done 522 1921d 2131d 12/28 1921d dad7e270ba71 media: vivid: use vfree() instead of kfree() for dev->bitmap_cap
WARNING in get_q_data media C 649 2048d 2057d 11/28 2000d db9a01b32ca9 media: vicodec: check type in g/s_selection
KMSAN: kernel-infoleak in video_usercopy media C 410 2000d 2100d 11/28 2000d f45f3f753b0a media: v4l2-ctrls.c/uvc: zero v4l2_event
general protection fault in __vb2_queue_free media C 38 2092d 2148d 11/28 2076d 62dcb4f41836 media: vb2: check memory model for VIDIOC_CREATE_BUFS
INFO: task hung in flush_workqueue media C 293 2095d 2146d 11/28 2076d 52117be68b82 media: vim2m: use cancel_delayed_work_sync instead of flush_schedule_work
KASAN: null-ptr-deref Write in kthread_stop media C 2527 2092d 2150d 11/28 2076d 701f49bc028e media: vivid: fix error handling of kthread_run
divide error in vivid_vid_cap_s_dv_timings media C 108 2092d 2149d 11/28 2076d 9729d6d282a6 media: vivid: set min width/height to a value > 0
KASAN: use-after-free Read in vb2_mmap media C 276 2092d 2149d 11/28 2076d cd26d1c4d1bc media: vb2: vb2_mmap: move lock up
BUG: pagefault on kernel address ADDR in non-whitelisted uaccess media C 17 2101d 2146d 11/28 2076d 560ccb75c2ca media: vivid: free bitmap_cap when updating std/timings/etc.
KASAN: global-out-of-bounds Read in tpg_print_str_4 media C 52 2115d 2139d 11/28 2076d e5f71a27fa12 media: v4l2-tpg: array index could become negative
KASAN: null-ptr-deref Read in refcount_sub_and_test_checked media C 31 2143d 2174d 11/28 2135d fda21d46cce2 ipv6: do not leave garbage in rt->fib6_metrics