From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mail-ot1-f69.google.com (mail-ot1-f69.google.com [209.85.210.69]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 0112F42050 for ; Sun, 21 Jun 2026 05:33:50 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.210.69 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1782020032; cv=none; b=iq6/G0tjGtZYYt7RHGf8tIEZc3c2hUDDty+Pl6wx8vQYzQymQri16f20RLhjERPbBJJHhlqx2gC1XxZze3HRl+Mj1jN7WB1aA5F1IdW/RqRPcfyjtMHUp+t1PZZvWwMAj6pkoiTEx1UahmZ22TJW/fqhp4jFX4TdfP+9zU7l/8E= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1782020032; c=relaxed/simple; bh=r7K7i3qiATtyvquJurpbFOiB3I1MdgJSeZjYyRKquE0=; h=MIME-Version:Date:In-Reply-To:Message-ID:Subject:From:To: Content-Type; b=CYbanVx+tY7kUS5ffFC4ifUUKNdFdIWokTN5RM0RR8HVHkJRbfZoe50PWU7MjCKiAX/hqrQFSYzWdLiDX/1n51glyZemA8uCRdX5lruBVzFq9TURkVMT3RwDpWkgzGH+kTJ6hCsC35LWz1MtkKmFlSj4aMj6aJOelSWueEk2M8Q= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dmarc=fail (p=none dis=none) header.from=syzkaller.appspotmail.com; spf=pass smtp.mailfrom=M3KW2WVRGUFZ5GODRSRYTGD7.apphosting.bounces.google.com; arc=none smtp.client-ip=209.85.210.69 Authentication-Results: smtp.subspace.kernel.org; dmarc=fail (p=none dis=none) header.from=syzkaller.appspotmail.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=M3KW2WVRGUFZ5GODRSRYTGD7.apphosting.bounces.google.com Received: by mail-ot1-f69.google.com with SMTP id 46e09a7af769-7e932c1e6d7so4643454a34.1 for ; Sat, 20 Jun 2026 22:33:50 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1782020030; x=1782624830; h=to:from:subject:message-id:in-reply-to:date:mime-version :x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=+JNlQ4ckCrUcn8LD+yNK+teTo2KzW7RVYf+dzmlFcjA=; b=jAsSbAWfgf8zBnEu1uMcHE98MbC2fs4mEi/TYuqSTp1ZgLLYGD9IOxYGjyYTSuBAvP gmcFJDS+XLhGXVtOWU9jW4ojDei/WSXBOWLTTGsJI1sFDT8vIvSqaqCqtJCRwRuFL3yq FupEbwtHuCMjEP55lf/LlY3EQt3A0EaVVauMFIiMHItkb8M0soOyHkjaRa/RO/G36bCL qbqpnBqAuD/a5aea+W1ZNYR7GUgWtwEjJWUR7KLd0z7dJVZbBCXLoYrzRmbEMXL0Wod+ CFoHxMM79zAncDjH4b4UMikvdNAGYkTgBgTYUi2hLm2+VK0gHckFbYaMSmyjz7p0fX9z 8zTA== X-Gm-Message-State: AOJu0YxJc/olGeVomF9Qy/9KCcXex4qlbGYvLVxPKkOZ8lrR7alnHU+H y0uUPrq8MpSsllqoz7+7LjFqnI87khu6iy0S2iB41lZ+RVTt88QiIHRastQ6uZzKw7x7sqrG8I3 58o5WwpD0WvJDCI2DLeeN2hof1b2fOXG9raCeCBrjfcJaMxskpq0jXn2etmM= Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-Received: by 2002:a05:6808:4c86:b0:489:79d8:135b with SMTP id 5614622812f47-48979d81734mr6460668b6e.25.1782020030116; Sat, 20 Jun 2026 22:33:50 -0700 (PDT) Date: Sat, 20 Jun 2026 22:33:50 -0700 In-Reply-To: <6854cfb9.a00a0220.137b3.0028.GAE@google.com> X-Google-Appengine-App-Id: s~syzkaller X-Google-Appengine-App-Id-Alias: syzkaller Message-ID: <6a3777be.c19584c1.44bb3.0006.GAE@google.com> Subject: Forwarded: Re: [syzbot] [usb?] WARNING in dib0700_ctrl_rd/usb_submit_urb From: syzbot To: linux-kernel@vger.kernel.org, syzkaller-bugs@googlegroups.com Content-Type: text/plain; charset="UTF-8" For archival purposes, forwarding an incoming command email to linux-kernel@vger.kernel.org, syzkaller-bugs@googlegroups.com. *** Subject: Re: [syzbot] [usb?] WARNING in dib0700_ctrl_rd/usb_submit_urb Author: contact@henrialfonso.com #syz test: git://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git 9afe652958c3 diff --git a/drivers/media/usb/dvb-usb/dib0700_core.c b/drivers/media/usb/dvb-usb/dib0700_core.c index 986e552f0a97..000000000000 100644 @@ -311,6 +311,11 @@ static int dib0700_i2c_xfer_legacy(struct i2c_adapter *adap, st->buf[0] = REQUEST_I2C_READ; st->buf[1] |= 1; + if (msg[i + 1].len == 0) { + result = -EINVAL; + goto unlock; + } + /* special thing in the current firmware: when length is zero the read-failed */ len = dib0700_ctrl_rd(d, st->buf, msg[i].len + 2, st->buf, msg[i + 1].len);