syzbot

 sign-in | mailing list | source | docs
🐞 Open [908]
🐞 Fixed [143]
🐞 Invalid [1099]
Missing Backports [73]
Crashes
Kernel Health Bugs/Month Bug Lifetimes Fuzzing
💬 Send us feedback

general protection fault in dvb_dmxdev_feed_restart

Status: upstream: reported on 2026/05/04 10:28
Reported-by: syzbot+c7b2b10d92b6de2e4a09@syzkaller.appspotmail.com
First crash: 7d23h, last: 7d23h

Sample crash report:
general protection fault, probably for non-canonical address 0xdffffc0000000221: 0000 [#1] PREEMPT SMP KASAN
KASAN: probably user-memory-access in range [0x0000000000001108-0x000000000000110f]
CPU: 1 PID: 6278 Comm: syz.5.575 Not tainted syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
RIP: 0010:dvb_dmxdev_feed_start drivers/media/dvb-core/dmxdev.c:510 [inline]
RIP: 0010:dvb_dmxdev_feed_restart+0x402/0x6b0 drivers/media/dvb-core/dmxdev.c:539
Code: e8 03 48 bb 00 00 00 00 00 fc ff df 80 3c 18 00 74 05 e8 11 5e 0d fb 49 8b 4c 2f 08 48 8d b9 08 11 00 00 48 89 f8 48 c1 e8 03 <80> 3c 18 00 74 0b 48 89 cb e8 f0 5d 0d fb 48 89 d9 48 89 cf 48 83
RSP: 0018:ffffc9001e897c08 EFLAGS: 00010206
RAX: 0000000000000221 RBX: dffffc0000000000 RCX: 0000000000000000
RDX: 0000000000000000 RSI: ffffffff8d8af3e0 RDI: 0000000000001108
RBP: 0000000000000000 R08: ffff88807ccb0000 R09: 0000000000000002
R10: 0000000000000002 R11: 0000000000000000 R12: 0000000000000001
R13: ffffc9000630c060 R14: 1ffff92000c6180b R15: ffffc9000630c000
FS:  000055557c738500(0000) GS:ffff8880b8f00000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007fea8bc17dac CR3: 0000000074b3f000 CR4: 00000000003506e0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
 <TASK>
 dvb_dmxdev_filter_stop+0x620/0x710 drivers/media/dvb-core/dmxdev.c:566
 dvb_dmxdev_filter_free drivers/media/dvb-core/dmxdev.c:842 [inline]
 dvb_demux_release+0x92/0x640 drivers/media/dvb-core/dmxdev.c:1248
 __fput+0x22c/0x920 fs/file_table.c:320
 task_work_run+0x1d0/0x260 kernel/task_work.c:203
 resume_user_mode_work include/linux/resume_user_mode.h:49 [inline]
 exit_to_user_mode_loop+0xe6/0x110 kernel/entry/common.c:177
 exit_to_user_mode_prepare+0xee/0x180 kernel/entry/common.c:210
 __syscall_exit_to_user_mode_work kernel/entry/common.c:292 [inline]
 syscall_exit_to_user_mode+0x16/0x40 kernel/entry/common.c:303
 do_syscall_64+0x58/0xa0 arch/x86/entry/common.c:82
 entry_SYSCALL_64_after_hwframe+0x68/0xd2
RIP: 0033:0x7f468579cdd9
Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007ffee702ee28 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4
RAX: 0000000000000000 RBX: 00007ffee702ef10 RCX: 00007f468579cdd9
RDX: 0000000000000000 RSI: 000000000000001e RDI: 0000000000000003
RBP: 000000000002821b R08: 0000000000000001 R09: 0000000000000000
R10: 0000001b32420000 R11: 0000000000000246 R12: 00007ffee702ef50
R13: 00007f4685a15fac R14: 000000000002829c R15: 00007f4685a15fa0
 </TASK>
Modules linked in:
---[ end trace 0000000000000000 ]---
RIP: 0010:dvb_dmxdev_feed_start drivers/media/dvb-core/dmxdev.c:510 [inline]
RIP: 0010:dvb_dmxdev_feed_restart+0x402/0x6b0 drivers/media/dvb-core/dmxdev.c:539
Code: e8 03 48 bb 00 00 00 00 00 fc ff df 80 3c 18 00 74 05 e8 11 5e 0d fb 49 8b 4c 2f 08 48 8d b9 08 11 00 00 48 89 f8 48 c1 e8 03 <80> 3c 18 00 74 0b 48 89 cb e8 f0 5d 0d fb 48 89 d9 48 89 cf 48 83
RSP: 0018:ffffc9001e897c08 EFLAGS: 00010206
RAX: 0000000000000221 RBX: dffffc0000000000 RCX: 0000000000000000
RDX: 0000000000000000 RSI: ffffffff8d8af3e0 RDI: 0000000000001108
RBP: 0000000000000000 R08: ffff88807ccb0000 R09: 0000000000000002
R10: 0000000000000002 R11: 0000000000000000 R12: 0000000000000001
R13: ffffc9000630c060 R14: 1ffff92000c6180b R15: ffffc9000630c000
FS:  000055557c738500(0000) GS:ffff8880b8e00000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007fda6ea17dac CR3: 0000000074b3f000 CR4: 00000000003506f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
----------------
Code disassembly (best guess):
   0:	e8 03 48 bb 00       	call   0xbb4808
   5:	00 00                	add    %al,(%rax)
   7:	00 00                	add    %al,(%rax)
   9:	fc                   	cld
   a:	ff                   	lcall  (bad)
   b:	df 80 3c 18 00 74    	filds  0x7400183c(%rax)
  11:	05 e8 11 5e 0d       	add    $0xd5e11e8,%eax
  16:	fb                   	sti
  17:	49 8b 4c 2f 08       	mov    0x8(%r15,%rbp,1),%rcx
  1c:	48 8d b9 08 11 00 00 	lea    0x1108(%rcx),%rdi
  23:	48 89 f8             	mov    %rdi,%rax
  26:	48 c1 e8 03          	shr    $0x3,%rax
* 2a:	80 3c 18 00          	cmpb   $0x0,(%rax,%rbx,1) <-- trapping instruction
  2e:	74 0b                	je     0x3b
  30:	48 89 cb             	mov    %rcx,%rbx
  33:	e8 f0 5d 0d fb       	call   0xfb0d5e28
  38:	48 89 d9             	mov    %rbx,%rcx
  3b:	48 89 cf             	mov    %rcx,%rdi
  3e:	48                   	rex.W
  3f:	83                   	.byte 0x83

Crashes (1):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2026/05/04 10:27 linux-6.1.y 4931e0e1673d 85f1bcf2 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan general protection fault in dvb_dmxdev_feed_restart
* Struck through repros no longer work on HEAD.