From: syzbot <syzbot+1a247e36149ffd709a9b@syzkaller.appspotmail.com>
To: isely@pobox.com, linux-kernel@vger.kernel.org,
linux-media@vger.kernel.org, mchehab@kernel.org,
paskripkin@gmail.com, syzkaller-bugs@googlegroups.com
Subject: Re: [syzbot] UBSAN: array-index-out-of-bounds in pvr2_i2c_core_init
Date: Thu, 14 Apr 2022 13:14:07 -0700 [thread overview]
Message-ID: <000000000000b48bc305dca2efcd@google.com> (raw)
In-Reply-To: <88a47762-fac7-6158-1730-344bb2905fc9@gmail.com>
Hello,
syzbot has tested the proposed patch but the reproducer is still triggering an issue:
WARNING in pvr2_hdw_create
pvrusb2: Hardware description: OnAir USB2 Hybrid USB tuner
------------[ cut here ]------------
WARNING: CPU: 1 PID: 3607 at kernel/workqueue.c:3066 __flush_work+0x926/0xb10 kernel/workqueue.c:3066
Modules linked in:
CPU: 1 PID: 3607 Comm: kworker/1:4 Not tainted 5.18.0-rc2-syzkaller-00187-g115acbb56978-dirty #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Workqueue: usb_hub_wq hub_event
RIP: 0010:__flush_work+0x926/0xb10 kernel/workqueue.c:3066
Code: ff 41 89 c4 89 8d 88 fe ff ff e8 d5 2b 77 00 48 0f ba 2b 03 e9 6a fa ff ff e8 c6 8f 2b 00 0f 0b e9 5a fc ff ff e8 ba 8f 2b 00 <0f> 0b 45 31 f6 e9 4b fc ff ff e8 eb 28 77 00 e9 3a fb ff ff e8 a1
RSP: 0018:ffffc90003d1ee00 EFLAGS: 00010293
RAX: 0000000000000000 RBX: ffff88806e4040d0 RCX: 0000000000000000
RDX: ffff88801e1eba00 RSI: ffffffff814d8be6 RDI: 0000000000000003
RBP: ffffc90003d1ef98 R08: 0000000000000000 R09: 0000000000000001
R10: ffffffff814d8365 R11: 0000000000000000 R12: dffffc0000000000
R13: ffff88806e405678 R14: 0000000000000001 R15: ffff88806e4040e8
FS: 0000000000000000(0000) GS:ffff8880b9d00000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007ffd4ad80638 CR3: 000000002067b000 CR4: 00000000003506e0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
<TASK>
pvr2_hdw_create+0x11da/0x2630 drivers/media/usb/pvrusb2/pvrusb2-hdw.c:2612
pvr2_context_create+0x1ae/0x280 drivers/media/usb/pvrusb2/pvrusb2-context.c:222
pvr_probe+0x21/0xc0 drivers/media/usb/pvrusb2/pvrusb2-main.c:62
usb_probe_interface+0x315/0x7f0 drivers/usb/core/driver.c:396
call_driver_probe drivers/base/dd.c:542 [inline]
really_probe+0x23e/0xb20 drivers/base/dd.c:621
__driver_probe_device+0x338/0x4d0 drivers/base/dd.c:752
driver_probe_device+0x4c/0x1a0 drivers/base/dd.c:782
__device_attach_driver+0x20b/0x2f0 drivers/base/dd.c:899
bus_for_each_drv+0x15f/0x1e0 drivers/base/bus.c:427
__device_attach+0x228/0x4a0 drivers/base/dd.c:970
bus_probe_device+0x1e4/0x290 drivers/base/bus.c:487
device_add+0xb83/0x1e20 drivers/base/core.c:3405
usb_set_configuration+0x101e/0x1900 drivers/usb/core/message.c:2170
usb_generic_driver_probe+0xba/0x100 drivers/usb/core/generic.c:238
usb_probe_device+0xd9/0x2c0 drivers/usb/core/driver.c:293
call_driver_probe drivers/base/dd.c:542 [inline]
really_probe+0x23e/0xb20 drivers/base/dd.c:621
__driver_probe_device+0x338/0x4d0 drivers/base/dd.c:752
driver_probe_device+0x4c/0x1a0 drivers/base/dd.c:782
__device_attach_driver+0x20b/0x2f0 drivers/base/dd.c:899
bus_for_each_drv+0x15f/0x1e0 drivers/base/bus.c:427
__device_attach+0x228/0x4a0 drivers/base/dd.c:970
bus_probe_device+0x1e4/0x290 drivers/base/bus.c:487
device_add+0xb83/0x1e20 drivers/base/core.c:3405
usb_new_device.cold+0x641/0x1091 drivers/usb/core/hub.c:2566
hub_port_connect drivers/usb/core/hub.c:5363 [inline]
hub_port_connect_change drivers/usb/core/hub.c:5507 [inline]
port_event drivers/usb/core/hub.c:5665 [inline]
hub_event+0x25c6/0x4680 drivers/usb/core/hub.c:5747
process_one_work+0x996/0x1610 kernel/workqueue.c:2289
process_scheduled_works kernel/workqueue.c:2352 [inline]
worker_thread+0x854/0x1080 kernel/workqueue.c:2438
kthread+0x2e9/0x3a0 kernel/kthread.c:376
ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:298
</TASK>
Tested on:
commit: 115acbb5 Merge tag 's390-5.18-3' of git://git.kernel.o..
git tree: upstream
console output: https://syzkaller.appspot.com/x/log.txt?x=12ef7197700000
kernel config: https://syzkaller.appspot.com/x/.config?x=eb177500e563582f
dashboard link: https://syzkaller.appspot.com/bug?extid=1a247e36149ffd709a9b
compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2
patch: https://syzkaller.appspot.com/x/patch.diff?x=14838637700000
next prev parent reply other threads:[~2022-04-14 20:14 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-04-14 18:47 [syzbot] UBSAN: array-index-out-of-bounds in pvr2_i2c_core_init syzbot
2022-04-14 20:04 ` Pavel Skripkin
2022-04-14 20:14 ` syzbot [this message]
2022-04-14 20:18 ` Pavel Skripkin
2022-04-14 23:31 ` syzbot
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=000000000000b48bc305dca2efcd@google.com \
--to=syzbot+1a247e36149ffd709a9b@syzkaller.appspotmail.com \
--cc=isely@pobox.com \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-media@vger.kernel.org \
--cc=mchehab@kernel.org \
--cc=paskripkin@gmail.com \
--cc=syzkaller-bugs@googlegroups.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.