Re: [syzbot] [kernel?] UBSAN: shift-out-of-bounds in pcl726_attach

From: Hillf Danton
Date: Sat Jul 05 2025 - 08:47:47 EST

Next message: Yao Zi: "[PATCH] LoongArch: Avoid in-place string operation on FDT content"
Previous message: Dmitry Baryshkov: "Re: [PATCH v2] arm64: dts: qcom: x1-crd: add USB DisplayPort audio"
In reply to: syzbot: "[syzbot] [kernel?] UBSAN: shift-out-of-bounds in pcl726_attach"
Next in thread: syzbot: "Re: [syzbot] [kernel?] UBSAN: shift-out-of-bounds in pcl726_attach"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

> Date: Sat, 05 Jul 2025 04:02:32 -0700
> Hello,
>
> syzbot found the following issue on:
>
> HEAD commit: c435a4f487e8 Merge tag 'riscv-for-linus-6.16-rc5' of git:/..
> git tree: upstream
> console output: https://syzkaller.appspot.com/x/log.txt?x=14ea4f70580000
> kernel config: https://syzkaller.appspot.com/x/.config?x=5ba6cef8f153bfeb
> dashboard link: https://syzkaller.appspot.com/bug?extid=5cd373521edd68bebcb3
> compiler: gcc (Debian 12.2.0-14) 12.2.0, GNU ld (GNU Binutils for Debian) 2.40
> syz repro: https://syzkaller.appspot.com/x/repro.syz?x=1116c582580000
> C reproducer: https://syzkaller.appspot.com/x/repro.c?x=12ea4f70580000

#syz test

--- x/drivers/comedi/drivers/pcl726.c
+++ y/drivers/comedi/drivers/pcl726.c
@@ -316,6 +316,8 @@ static int pcl726_attach(struct comedi_d
int ret;
int i;

+ if (it->options[1] < 0 || it->options[1] > 31)
+ return -EINVAL;
ret = comedi_request_region(dev, it->options[0], board->io_len);
if (ret)
return ret;
--

Next message: Yao Zi: "[PATCH] LoongArch: Avoid in-place string operation on FDT content"
Previous message: Dmitry Baryshkov: "Re: [PATCH v2] arm64: dts: qcom: x1-crd: add USB DisplayPort audio"
In reply to: syzbot: "[syzbot] [kernel?] UBSAN: shift-out-of-bounds in pcl726_attach"
Next in thread: syzbot: "Re: [syzbot] [kernel?] UBSAN: shift-out-of-bounds in pcl726_attach"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]