syzbot

 sign-in | mailing list | source | docs
🐞 Open [1516]
Subsystems
🐞 Fixed [6635]
🐞 Invalid [17003]
Missing Backports [212]
Crashes
Kernel Health Bugs/Month Bug Lifetimes Fuzzing
Total Repo Heatmap Subsystems Heatmap
💬 Send us feedback

general protection fault in su3000_i2c_transfer

Status: upstream: reported C repro on 2025/08/22 00:15
Subsystems: usb media
[Documentation on labels]
Reported-by: syzbot+d99f3a288cc7d8ef60fb@syzkaller.appspotmail.com
First crash: 53d, last: 3d20h
Cause bisection: introduced by (bisect log) :
commit 0e148a522b8453115038193e19ec7bea71403e4a
Author: Michael Bunk <micha@freedict.org>
Date: Sun Jan 16 11:22:36 2022 +0000

  media: dw2102: Don't translate i2c read into write

Crash: BUG: unable to handle kernel NULL pointer dereference in su3000_i2c_transfer (log)
Repro: C syz .config
  
Discussions (3)
Title Replies (including bot) Last reply
[syzbot] Monthly media report (Sep 2025) 0 (1) 2025/09/26 05:14
[PATCH] i2c: dev: Block zero-length messages 1 (1) 2025/08/22 02:09
[syzbot] [media?] general protection fault in su3000_i2c_transfer 0 (2) 2025/08/22 01:41
Similar bugs (2)
Kernel Title Rank 🛈 Repro Cause bisect Fix bisect Count Last Reported Patched Status
linux-6.6 general protection fault in su3000_i2c_transfer origin:upstream 2 C 5 24d 32d 0/2 upstream: reported C repro on 2025/09/08 01:49
linux-6.1 general protection fault in su3000_i2c_transfer origin:upstream 2 C 9 32d 45d 0/3 upstream: reported C repro on 2025/08/26 01:58
Last patch testing requests (1)
Created Duration User Patch Repo Result
2025/08/22 01:41 22m lizhi.xu@windriver.com patch upstream OK log

Sample crash report:
Oops: general protection fault, probably for non-canonical address 0xdffffc0000000002: 0000 [#1] SMP KASAN PTI
KASAN: null-ptr-deref in range [0x0000000000000010-0x0000000000000017]
CPU: 1 UID: 0 PID: 5865 Comm: syz-executor259 Not tainted 6.17.0-rc1-syzkaller-00224-g8d561baae505 #0 PREEMPT(full) 
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
RIP: 0010:su3000_i2c_transfer+0x1ad/0x1040 drivers/media/usb/dvb-usb/dw2102.c:740
Code: 4c 89 f8 48 c1 e8 03 49 bc 00 00 00 00 00 fc ff df 42 80 3c 20 00 74 08 4c 89 ff e8 8d b6 3c fa 49 8b 1f 48 89 d8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 0f 85 5f 09 00 00 0f b6 1b 48 8b 44 24 38 42
RSP: 0018:ffffc9000411faa8 EFLAGS: 00010202

RAX: 0000000000000002 RBX: 0000000000000010 RCX: 0000000000000003
RDX: ffffffff87e65d05 RSI: ffffffff8f0d3a50 RDI: 0000000000001900
RBP: 0000000000000000 R08: ffff888032dd0000 R09: 0000000000000002
R10: 0000000000001a00 R11: 0000000000000000 R12: dffffc0000000000
R13: 1ffff1100fb25968 R14: 0000000000000002 R15: ffff88807d92cb48
FS:  000055556ae14380(0000) GS:ffff888125d1b000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 000055b6f1430230 CR3: 000000007277a000 CR4: 00000000003526f0
Call Trace:
 <TASK>
 __i2c_transfer+0x871/0x2170 drivers/i2c/i2c-core-base.c:-1
 i2c_transfer+0x25b/0x3a0 drivers/i2c/i2c-core-base.c:2320
 i2cdev_ioctl_rdwr+0x460/0x740 drivers/i2c/i2c-dev.c:306
 i2cdev_ioctl+0x64b/0x7f0 drivers/i2c/i2c-dev.c:467
 vfs_ioctl fs/ioctl.c:51 [inline]
 __do_sys_ioctl fs/ioctl.c:598 [inline]
 __se_sys_ioctl+0xf9/0x170 fs/ioctl.c:584
 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
 do_syscall_64+0xfa/0x3b0 arch/x86/entry/syscall_64.c:94
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7fc919191e19
Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 31 17 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007ffcc5ebd038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
RAX: ffffffffffffffda RBX: 00007fc9191cd533 RCX: 00007fc919191e19
RDX: 0000200000000a40 RSI: 0000000000000707 RDI: 0000000000000004
RBP: 00007fc919205610 R08: 0000000000002a00 R09: 00007ffcc5ebd208
R10: 0000000000000001 R11: 0000000000000246 R12: 0000000000000001
R13: 00007ffcc5ebd1f8 R14: 0000000000000001 R15: 0000000000000001
 </TASK>
Modules linked in:
---[ end trace 0000000000000000 ]---
RIP: 0010:su3000_i2c_transfer+0x1ad/0x1040 drivers/media/usb/dvb-usb/dw2102.c:740
Code: 4c 89 f8 48 c1 e8 03 49 bc 00 00 00 00 00 fc ff df 42 80 3c 20 00 74 08 4c 89 ff e8 8d b6 3c fa 49 8b 1f 48 89 d8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 0f 85 5f 09 00 00 0f b6 1b 48 8b 44 24 38 42
RSP: 0018:ffffc9000411faa8 EFLAGS: 00010202
RAX: 0000000000000002 RBX: 0000000000000010 RCX: 0000000000000003
RDX: ffffffff87e65d05 RSI: ffffffff8f0d3a50 RDI: 0000000000001900
RBP: 0000000000000000 R08: ffff888032dd0000 R09: 0000000000000002
R10: 0000000000001a00 R11: 0000000000000000 R12: dffffc0000000000
R13: 1ffff1100fb25968 R14: 0000000000000002 R15: ffff88807d92cb48
FS:  000055556ae14380(0000) GS:ffff888125c1b000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000562d24ac2168 CR3: 000000007277a000 CR4: 00000000003526f0
----------------
Code disassembly (best guess):
   0:	4c 89 f8             	mov    %r15,%rax
   3:	48 c1 e8 03          	shr    $0x3,%rax
   7:	49 bc 00 00 00 00 00 	movabs $0xdffffc0000000000,%r12
   e:	fc ff df
  11:	42 80 3c 20 00       	cmpb   $0x0,(%rax,%r12,1)
  16:	74 08                	je     0x20
  18:	4c 89 ff             	mov    %r15,%rdi
  1b:	e8 8d b6 3c fa       	call   0xfa3cb6ad
  20:	49 8b 1f             	mov    (%r15),%rbx
  23:	48 89 d8             	mov    %rbx,%rax
  26:	48 c1 e8 03          	shr    $0x3,%rax
* 2a:	42 0f b6 04 20       	movzbl (%rax,%r12,1),%eax <-- trapping instruction
  2f:	84 c0                	test   %al,%al
  31:	0f 85 5f 09 00 00    	jne    0x996
  37:	0f b6 1b             	movzbl (%rbx),%ebx
  3a:	48 8b 44 24 38       	mov    0x38(%rsp),%rax
  3f:	42                   	rex.X

Crashes (66):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2025/08/18 02:00 upstream 8d561baae505 1804e95e .config strace log report syz / log C [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce general protection fault in su3000_i2c_transfer
2025/08/18 01:15 upstream 8d561baae505 1804e95e .config strace log report syz / log C [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce general protection fault in su3000_i2c_transfer
2025/08/18 00:44 upstream 8d561baae505 1804e95e .config strace log report syz / log C [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce general protection fault in su3000_i2c_transfer
2025/09/10 07:40 linux-next 65dd046ef558 fdeaa69b .config console log report syz / log C [disk image] [vmlinux] [kernel image] ci-upstream-rust-kasan-gce general protection fault in su3000_i2c_transfer
2025/08/27 04:02 linux-next 7fa4d8dc380f e12e5ba4 .config console log report syz / log C [disk image] [vmlinux] [kernel image] ci-upstream-rust-kasan-gce general protection fault in su3000_i2c_transfer
2025/08/18 02:57 linux-next 931e46dcbc7e 1804e95e .config strace log report syz / log C [disk image] [vmlinux] [kernel image] ci-upstream-rust-kasan-gce general protection fault in su3000_i2c_transfer
2025/08/18 02:01 linux-next 931e46dcbc7e 1804e95e .config strace log report syz / log C [disk image] [vmlinux] [kernel image] ci-upstream-rust-kasan-gce general protection fault in su3000_i2c_transfer
2025/09/30 23:06 upstream 30d4efb2f5a5 65a0eece .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-selinux-root general protection fault in su3000_i2c_transfer
2025/09/28 23:06 upstream 8f9736633f8c 001c9061 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce general protection fault in su3000_i2c_transfer
2025/09/26 11:06 upstream 4ff71af020ae 0abd0691 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-root general protection fault in su3000_i2c_transfer
2025/09/22 01:26 upstream 2d5bd41a4505 67c37560 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce general protection fault in su3000_i2c_transfer
2025/09/15 00:05 upstream 79e8447ec662 e2beed91 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce general protection fault in su3000_i2c_transfer
2025/09/14 21:44 upstream f83a4f2a4d8c e2beed91 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-selinux-root general protection fault in su3000_i2c_transfer
2025/09/14 03:08 upstream 5cd64d4f9268 e2beed91 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-selinux-root general protection fault in su3000_i2c_transfer
2025/09/14 00:41 upstream 5cd64d4f9268 e2beed91 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce general protection fault in su3000_i2c_transfer
2025/09/12 19:09 upstream 320475fbd590 e2beed91 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-selinux-root general protection fault in su3000_i2c_transfer
2025/09/08 16:08 upstream 76eeb9b8de98 d291dd2d .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-root general protection fault in su3000_i2c_transfer
2025/09/08 14:39 upstream 76eeb9b8de98 d291dd2d .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-selinux-root general protection fault in su3000_i2c_transfer
2025/09/08 02:58 upstream 6ab41fca2e80 d291dd2d .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-smack-root general protection fault in su3000_i2c_transfer
2025/09/08 02:57 upstream 6ab41fca2e80 d291dd2d .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-smack-root general protection fault in su3000_i2c_transfer
2025/09/07 23:14 upstream 6ab41fca2e80 d291dd2d .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce general protection fault in su3000_i2c_transfer
2025/09/07 23:13 upstream 6ab41fca2e80 d291dd2d .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce general protection fault in su3000_i2c_transfer
2025/09/07 23:13 upstream 6ab41fca2e80 d291dd2d .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce general protection fault in su3000_i2c_transfer
2025/09/07 23:12 upstream 6ab41fca2e80 d291dd2d .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce general protection fault in su3000_i2c_transfer
2025/09/05 05:54 upstream 08b06c30a445 d291dd2d .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-root general protection fault in su3000_i2c_transfer
2025/09/01 19:51 upstream b320789d6883 807a3b61 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-selinux-root general protection fault in su3000_i2c_transfer
2025/09/01 19:51 upstream b320789d6883 807a3b61 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-selinux-root general protection fault in su3000_i2c_transfer
2025/08/31 09:46 upstream c8bc81a52d5a 807a3b61 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-selinux-root general protection fault in su3000_i2c_transfer
2025/08/28 19:24 upstream 07d9df80082b 443c11c7 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-selinux-root general protection fault in su3000_i2c_transfer
2025/08/28 07:29 upstream 39f90c196721 e12e5ba4 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce general protection fault in su3000_i2c_transfer
2025/08/28 03:10 upstream 39f90c196721 e12e5ba4 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-selinux-root general protection fault in su3000_i2c_transfer
2025/08/28 03:10 upstream 39f90c196721 e12e5ba4 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-selinux-root general protection fault in su3000_i2c_transfer
2025/08/28 03:09 upstream 39f90c196721 e12e5ba4 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-selinux-root general protection fault in su3000_i2c_transfer
2025/08/28 03:09 upstream 39f90c196721 e12e5ba4 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-selinux-root general protection fault in su3000_i2c_transfer
2025/08/26 17:15 upstream fab1beda7597 bf27483f .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-root general protection fault in su3000_i2c_transfer
2025/08/25 23:22 upstream 1b237f190eb3 bf27483f .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-badwrites-root general protection fault in su3000_i2c_transfer
2025/08/25 21:14 upstream 1b237f190eb3 bf27483f .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-smack-root general protection fault in su3000_i2c_transfer
2025/08/25 21:14 upstream 1b237f190eb3 bf27483f .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-smack-root general protection fault in su3000_i2c_transfer
2025/08/25 19:27 upstream b6add54ba618 bf27483f .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce general protection fault in su3000_i2c_transfer
2025/08/25 02:46 upstream c330cb607721 bf27483f .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-root general protection fault in su3000_i2c_transfer
2025/08/18 00:30 upstream 8d561baae505 1804e95e .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce general protection fault in su3000_i2c_transfer
2025/08/18 00:12 upstream 8d561baae505 1804e95e .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce general protection fault in su3000_i2c_transfer
2025/10/06 10:06 upstream 7a405dbb0f03 49379ee0 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-386 general protection fault in su3000_i2c_transfer
2025/09/28 00:45 upstream 51a24b7deaae 001c9061 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-386 general protection fault in su3000_i2c_transfer
2025/09/25 22:20 upstream bf40f4b87761 0abd0691 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-386 general protection fault in su3000_i2c_transfer
2025/09/25 20:42 upstream bf40f4b87761 0abd0691 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-386 general protection fault in su3000_i2c_transfer
2025/09/22 23:59 upstream 07e27ad16399 0ac7291c .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-386 general protection fault in su3000_i2c_transfer
2025/09/12 02:41 upstream 02ffd6f89c50 e2beed91 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-386 general protection fault in su3000_i2c_transfer
2025/09/08 00:18 upstream 6ab41fca2e80 d291dd2d .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-386 general protection fault in su3000_i2c_transfer
2025/09/08 00:18 upstream 6ab41fca2e80 d291dd2d .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-386 general protection fault in su3000_i2c_transfer
2025/08/24 01:19 upstream 8d245acc1e88 bf27483f .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-386 general protection fault in su3000_i2c_transfer
2025/09/19 20:19 linux-next 846bd2225ec3 67c37560 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-rust-kasan-gce general protection fault in su3000_i2c_transfer
2025/09/12 01:21 linux-next 5f540c4aade9 e2beed91 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-rust-kasan-gce general protection fault in su3000_i2c_transfer
2025/09/11 11:53 linux-next 5f540c4aade9 fdeaa69b .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-linux-next-kasan-gce-root general protection fault in su3000_i2c_transfer
2025/09/11 09:51 linux-next 5f540c4aade9 fdeaa69b .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-linux-next-kasan-gce-root general protection fault in su3000_i2c_transfer
2025/09/08 00:33 linux-next be5d4872e528 d291dd2d .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-linux-next-kasan-gce-root general protection fault in su3000_i2c_transfer
2025/09/08 00:32 linux-next be5d4872e528 d291dd2d .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-linux-next-kasan-gce-root general protection fault in su3000_i2c_transfer
2025/09/08 00:08 linux-next be5d4872e528 d291dd2d .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-linux-next-kasan-gce-root general protection fault in su3000_i2c_transfer
2025/08/26 21:56 linux-next 7fa4d8dc380f e12e5ba4 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-rust-kasan-gce general protection fault in su3000_i2c_transfer
2025/08/26 09:33 linux-next 7fa4d8dc380f bf27483f .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-linux-next-kasan-gce-root general protection fault in su3000_i2c_transfer
2025/08/25 20:45 linux-next 7fa4d8dc380f bf27483f .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-rust-kasan-gce general protection fault in su3000_i2c_transfer
2025/08/24 21:35 linux-next 7fa4d8dc380f bf27483f .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-rust-kasan-gce general protection fault in su3000_i2c_transfer
* Struck through repros no longer work on HEAD.