syzbot

 sign-in | mailing list | source | docs
🐞 Open [1435]
Subsystems
🐞 Fixed [6894]
🐞 Invalid [17932]
Missing Backports [224]
Crashes
Kernel Health Bugs/Month Bug Lifetimes Fuzzing
Total Repo Heatmap Subsystems Heatmap
💬 Send us feedback

general protection fault in su3000_i2c_transfer

Status: upstream: reported C repro on 2025/08/22 00:15
Subsystems: usb media
[Documentation on labels]
Reported-by: syzbot+d99f3a288cc7d8ef60fb@syzkaller.appspotmail.com
First crash: 167d, last: 3d12h
Cause bisection: introduced by (bisect log) :
commit 0e148a522b8453115038193e19ec7bea71403e4a
Author: Michael Bunk <micha@freedict.org>
Date: Sun Jan 16 11:22:36 2022 +0000

  media: dw2102: Don't translate i2c read into write

Crash: BUG: unable to handle kernel NULL pointer dereference in su3000_i2c_transfer (log)
Repro: C syz .config
  
Discussions (8)
Title Replies (including bot) Last reply
[syzbot] Monthly media report (Jan 2026) 0 (1) 2026/01/29 11:51
[syzbot] Monthly media report (Dec 2025) 0 (1) 2025/12/29 10:38
[PATCH v2] media: dw2102: validate I2C messages in su3000_i2c_transfer() 1 (1) 2025/12/10 05:55
[PATCH] media: dw2102: validate I2C messages in su3000_i2c_transfer() 1 (2) 2025/12/08 04:00
[syzbot] [media?] general protection fault in su3000_i2c_transfer 0 (4) 2025/12/08 02:33
[syzbot] Monthly media report (Oct 2025) 0 (1) 2025/10/27 12:50
[syzbot] Monthly media report (Sep 2025) 0 (1) 2025/09/26 05:14
[PATCH] i2c: dev: Block zero-length messages 1 (1) 2025/08/22 02:09
Similar bugs (2)
Kernel Title Rank 🛈 Repro Cause bisect Fix bisect Count Last Reported Patched Status
linux-6.6 general protection fault in su3000_i2c_transfer origin:upstream 2 C error 7 34d 146d 0/2 upstream: reported C repro on 2025/09/08 01:49
linux-6.1 general protection fault in su3000_i2c_transfer origin:upstream 2 C error 14 31d 159d 0/3 upstream: reported C repro on 2025/08/26 01:58
Last patch testing requests (4)
Created Duration User Patch Repo Result
2025/12/08 02:33 45m dharanitharan725@gmail.com patch upstream OK log
2025/12/08 03:13 31m dharanitharan725@gmail.com patch upstream OK log
2025/12/08 02:25 58m dharanitharan725@gmail.com patch upstream OK log
2025/08/22 01:41 22m lizhi.xu@windriver.com patch upstream OK log

Sample crash report:
Oops: general protection fault, probably for non-canonical address 0xdffffc0000000002: 0000 [#1] SMP KASAN NOPTI
KASAN: null-ptr-deref in range [0x0000000000000010-0x0000000000000017]
CPU: 1 UID: 0 PID: 5981 Comm: syz.0.17 Not tainted syzkaller #0 PREEMPT(full) 
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
RIP: 0010:su3000_i2c_transfer+0x610/0xea0 drivers/media/usb/dvb-usb/dw2102.c:740
Code: 42 ec f9 48 8d 7b 08 48 89 f8 48 c1 e8 03 42 80 3c 38 00 0f 85 81 07 00 00 48 8b 5b 08 48 89 d8 48 89 da 48 c1 e8 03 83 e2 07 <42> 0f b6 04 38 38 d0 7f 08 84 c0 0f 85 52 07 00 00 48 8b 44 24 10
RSP: 0018:ffffc900038e7c30 EFLAGS: 00010246
RAX: 0000000000000002 RBX: 0000000000000010 RCX: ffffffff87d29fa5
RDX: 0000000000000000 RSI: ffffffff87d2a429 RDI: ffff88802fcaae48
RBP: 0000000000000000 R08: 0000000000000003 R09: 0000000000001a00
R10: 0000000000001900 R11: ffff888031070b30 R12: ffff88803560ac00
R13: 0000000000001900 R14: 0000000000000001 R15: dffffc0000000000
FS:  00005555817f9500(0000) GS:ffff8881249f5000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000001b2ed63fff CR3: 000000007d7d3000 CR4: 00000000003526f0
Call Trace:
 <TASK>
 __i2c_transfer+0x6b6/0x2100 drivers/i2c/i2c-core-base.c:2261
 i2c_transfer drivers/i2c/i2c-core-base.c:2317 [inline]
 i2c_transfer+0x1da/0x380 drivers/i2c/i2c-core-base.c:2293
 i2cdev_ioctl_rdwr+0x373/0x710 drivers/i2c/i2c-dev.c:306
 i2cdev_ioctl+0x628/0x840 drivers/i2c/i2c-dev.c:467
 vfs_ioctl fs/ioctl.c:51 [inline]
 __do_sys_ioctl fs/ioctl.c:597 [inline]
 __se_sys_ioctl fs/ioctl.c:583 [inline]
 __x64_sys_ioctl+0x18e/0x210 fs/ioctl.c:583
 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
 do_syscall_64+0xcd/0xf80 arch/x86/entry/syscall_64.c:94
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7fa4d2f8f749
Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007ffe2ab9b448 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
RAX: ffffffffffffffda RBX: 00007fa4d31e5fa0 RCX: 00007fa4d2f8f749
RDX: 0000200000000080 RSI: 0000000000000707 RDI: 0000000000000004
RBP: 00007fa4d3013f91 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 00007fa4d31e5fa0 R14: 00007fa4d31e5fa0 R15: 0000000000000003
 </TASK>
Modules linked in:
---[ end trace 0000000000000000 ]---
RIP: 0010:su3000_i2c_transfer+0x610/0xea0 drivers/media/usb/dvb-usb/dw2102.c:740
Code: 42 ec f9 48 8d 7b 08 48 89 f8 48 c1 e8 03 42 80 3c 38 00 0f 85 81 07 00 00 48 8b 5b 08 48 89 d8 48 89 da 48 c1 e8 03 83 e2 07 <42> 0f b6 04 38 38 d0 7f 08 84 c0 0f 85 52 07 00 00 48 8b 44 24 10
RSP: 0018:ffffc900038e7c30 EFLAGS: 00010246
RAX: 0000000000000002 RBX: 0000000000000010 RCX: ffffffff87d29fa5
RDX: 0000000000000000 RSI: ffffffff87d2a429 RDI: ffff88802fcaae48
RBP: 0000000000000000 R08: 0000000000000003 R09: 0000000000001a00
R10: 0000000000001900 R11: ffff888031070b30 R12: ffff88803560ac00
R13: 0000000000001900 R14: 0000000000000001 R15: dffffc0000000000
FS:  00005555817f9500(0000) GS:ffff8881249f5000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000001b2ed63fff CR3: 000000007d7d3000 CR4: 00000000003526f0
----------------
Code disassembly (best guess):
   0:	42 ec                	rex.X in (%dx),%al
   2:	f9                   	stc
   3:	48 8d 7b 08          	lea    0x8(%rbx),%rdi
   7:	48 89 f8             	mov    %rdi,%rax
   a:	48 c1 e8 03          	shr    $0x3,%rax
   e:	42 80 3c 38 00       	cmpb   $0x0,(%rax,%r15,1)
  13:	0f 85 81 07 00 00    	jne    0x79a
  19:	48 8b 5b 08          	mov    0x8(%rbx),%rbx
  1d:	48 89 d8             	mov    %rbx,%rax
  20:	48 89 da             	mov    %rbx,%rdx
  23:	48 c1 e8 03          	shr    $0x3,%rax
  27:	83 e2 07             	and    $0x7,%edx
* 2a:	42 0f b6 04 38       	movzbl (%rax,%r15,1),%eax <-- trapping instruction
  2f:	38 d0                	cmp    %dl,%al
  31:	7f 08                	jg     0x3b
  33:	84 c0                	test   %al,%al
  35:	0f 85 52 07 00 00    	jne    0x78d
  3b:	48 8b 44 24 10       	mov    0x10(%rsp),%rax

Crashes (190):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2025/12/20 08:22 upstream dd9b004b7ff3 d6526ea3 .config console log report syz / log C [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-selinux-root general protection fault in su3000_i2c_transfer
2025/08/18 02:00 upstream 8d561baae505 1804e95e .config strace log report syz / log C [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce general protection fault in su3000_i2c_transfer
2025/08/18 01:15 upstream 8d561baae505 1804e95e .config strace log report syz / log C [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce general protection fault in su3000_i2c_transfer
2025/08/18 00:44 upstream 8d561baae505 1804e95e .config strace log report syz / log C [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce general protection fault in su3000_i2c_transfer
2025/12/20 22:05 linux-next cc3aa43b44bd d6526ea3 .config console log report syz / log C [disk image] [vmlinux] [kernel image] ci-upstream-rust-kasan-gce general protection fault in su3000_i2c_transfer
2025/09/10 07:40 linux-next 65dd046ef558 fdeaa69b .config console log report syz / log C [disk image] [vmlinux] [kernel image] ci-upstream-rust-kasan-gce general protection fault in su3000_i2c_transfer
2025/08/27 04:02 linux-next 7fa4d8dc380f e12e5ba4 .config console log report syz / log C [disk image] [vmlinux] [kernel image] ci-upstream-rust-kasan-gce general protection fault in su3000_i2c_transfer
2025/08/18 02:57 linux-next 931e46dcbc7e 1804e95e .config strace log report syz / log C [disk image] [vmlinux] [kernel image] ci-upstream-rust-kasan-gce general protection fault in su3000_i2c_transfer
2025/08/18 02:01 linux-next 931e46dcbc7e 1804e95e .config strace log report syz / log C [disk image] [vmlinux] [kernel image] ci-upstream-rust-kasan-gce general protection fault in su3000_i2c_transfer
2026/01/28 16:26 upstream 1f97d9dcf536 004c195c .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce general protection fault in su3000_i2c_transfer
2026/01/28 07:53 upstream 1f97d9dcf536 3029c699 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-root general protection fault in su3000_i2c_transfer
2026/01/25 03:42 upstream 12a0094839d0 40acda8a .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-selinux-root general protection fault in su3000_i2c_transfer
2026/01/24 22:01 upstream 12a0094839d0 40acda8a .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce general protection fault in su3000_i2c_transfer
2026/01/24 07:13 upstream 62085877ae65 4f25b9b4 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-root general protection fault in su3000_i2c_transfer
2026/01/24 06:49 upstream 62085877ae65 4f25b9b4 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce general protection fault in su3000_i2c_transfer
2026/01/24 05:15 upstream 62085877ae65 4f25b9b4 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce general protection fault in su3000_i2c_transfer
2026/01/22 04:09 upstream cf38b2340c0e 101dad69 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce general protection fault in su3000_i2c_transfer
2026/01/09 05:04 upstream 79b95d74470d d6526ea3 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-selinux-root general protection fault in su3000_i2c_transfer
2026/01/09 04:53 upstream 79b95d74470d d6526ea3 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-selinux-root general protection fault in su3000_i2c_transfer
2026/01/06 10:43 upstream 7f98ab9da046 d6526ea3 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-selinux-root general protection fault in su3000_i2c_transfer
2026/01/05 18:02 upstream 3609fa95fb0f d6526ea3 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-root general protection fault in su3000_i2c_transfer
2026/01/04 20:33 upstream 54e82e93ca93 d6526ea3 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce general protection fault in su3000_i2c_transfer
2026/01/03 14:00 upstream 805f9a061372 d6526ea3 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce general protection fault in su3000_i2c_transfer
2025/12/26 12:54 upstream ccd1cdca5cd4 d6526ea3 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-smack-root general protection fault in su3000_i2c_transfer
2025/12/25 22:56 upstream ccd1cdca5cd4 d6526ea3 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-smack-root general protection fault in su3000_i2c_transfer
2025/12/25 09:38 upstream ccd1cdca5cd4 d6526ea3 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-root general protection fault in su3000_i2c_transfer
2025/12/25 08:34 upstream ccd1cdca5cd4 d6526ea3 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-root general protection fault in su3000_i2c_transfer
2025/12/25 02:57 upstream ccd1cdca5cd4 d6526ea3 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce general protection fault in su3000_i2c_transfer
2025/12/25 01:08 upstream ccd1cdca5cd4 d6526ea3 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce general protection fault in su3000_i2c_transfer
2025/12/20 07:55 upstream dd9b004b7ff3 d6526ea3 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-selinux-root general protection fault in su3000_i2c_transfer
2025/12/17 15:22 upstream ea1013c15392 d6526ea3 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-selinux-root general protection fault in su3000_i2c_transfer
2025/12/17 05:26 upstream 40fbbd64bba6 d6526ea3 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-smack-root general protection fault in su3000_i2c_transfer
2025/12/16 18:50 upstream 40fbbd64bba6 d6526ea3 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce general protection fault in su3000_i2c_transfer
2025/12/16 07:15 upstream 8f0b4cce4481 d6526ea3 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-selinux-root general protection fault in su3000_i2c_transfer
2025/12/13 12:55 upstream 9551a26f17d9 d6526ea3 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-selinux-root general protection fault in su3000_i2c_transfer
2025/12/08 06:07 upstream 67a454e6b1c6 d6526ea3 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-selinux-root general protection fault in su3000_i2c_transfer
2025/11/26 19:56 upstream 30f09200cc4a d6526ea3 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-root general protection fault in su3000_i2c_transfer
2025/11/26 11:39 upstream 30f09200cc4a 64219f15 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce general protection fault in su3000_i2c_transfer
2025/11/25 22:12 upstream 8a2bcda5e139 64219f15 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce general protection fault in su3000_i2c_transfer
2025/08/25 23:22 upstream 1b237f190eb3 bf27483f .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-badwrites-root general protection fault in su3000_i2c_transfer
2026/01/29 07:31 upstream 8dfce8991b95 b78a7341 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-386 general protection fault in su3000_i2c_transfer
2026/01/28 17:58 upstream 1f97d9dcf536 004c195c .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-386 general protection fault in su3000_i2c_transfer
2026/01/23 22:18 upstream c072629f05d7 3181850c .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-386 general protection fault in su3000_i2c_transfer
2026/01/16 05:23 upstream 603c05a1639f d6526ea3 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-386 general protection fault in su3000_i2c_transfer
2026/01/10 06:13 upstream 372800cb95a3 d6526ea3 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-386 general protection fault in su3000_i2c_transfer
2026/01/07 02:06 upstream f0b9d8eb98df d6526ea3 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-386 general protection fault in su3000_i2c_transfer
2026/01/06 08:11 upstream 7f98ab9da046 d6526ea3 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-386 general protection fault in su3000_i2c_transfer
2026/01/05 14:33 upstream 3609fa95fb0f d6526ea3 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-386 general protection fault in su3000_i2c_transfer
2026/01/03 17:26 upstream 805f9a061372 d6526ea3 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-386 general protection fault in su3000_i2c_transfer
2025/12/16 17:19 upstream 40fbbd64bba6 d6526ea3 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-386 general protection fault in su3000_i2c_transfer
2025/12/16 07:19 upstream 8f0b4cce4481 d6526ea3 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-386 general protection fault in su3000_i2c_transfer
2025/12/12 22:54 upstream 187d0801404f d6526ea3 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-386 general protection fault in su3000_i2c_transfer
2025/11/27 10:32 upstream 4941a17751c9 d6526ea3 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-386 general protection fault in su3000_i2c_transfer
2025/11/26 01:38 upstream 8a2bcda5e139 64219f15 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-386 general protection fault in su3000_i2c_transfer
2025/11/25 07:03 upstream ac3fd01e4c1e 64219f15 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-386 general protection fault in su3000_i2c_transfer
2026/01/25 06:41 linux-next ca3a02fda4da 40acda8a .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-linux-next-kasan-gce-root general protection fault in su3000_i2c_transfer
2026/01/24 17:12 linux-next ca3a02fda4da 40acda8a .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-rust-kasan-gce general protection fault in su3000_i2c_transfer
2026/01/23 14:56 linux-next a0c666c25aee 3181850c .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-rust-kasan-gce general protection fault in su3000_i2c_transfer
2026/01/08 02:20 linux-next f96074c6d01d d6526ea3 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-rust-kasan-gce general protection fault in su3000_i2c_transfer
2026/01/06 07:06 linux-next 6cd6c1203113 d6526ea3 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-rust-kasan-gce general protection fault in su3000_i2c_transfer
2025/12/23 06:39 linux-next cc3aa43b44bd d6526ea3 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-rust-kasan-gce general protection fault in su3000_i2c_transfer
2025/12/18 17:43 linux-next 1058ca9db0ed d6526ea3 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-rust-kasan-gce general protection fault in su3000_i2c_transfer
2025/12/16 12:40 linux-next 4a5663c04bb6 d6526ea3 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-rust-kasan-gce general protection fault in su3000_i2c_transfer
2025/11/28 00:08 linux-next ef68bf704646 d6526ea3 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-linux-next-kasan-gce-root general protection fault in su3000_i2c_transfer
2025/11/26 23:20 linux-next 663d0d1af3fa d6526ea3 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-linux-next-kasan-gce-root general protection fault in su3000_i2c_transfer
2025/11/25 21:49 linux-next 92fd6e84175b 64219f15 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-rust-kasan-gce general protection fault in su3000_i2c_transfer
* Struck through repros no longer work on HEAD.