general protection fault in su3000_i2c

Title	Replies (including bot)	Last reply
[PATCH] i2c: dev: Block zero-length messages	1 (1)	2025/08/22 02:09
[syzbot] [media?] general protection fault in su3000_i2c_transfer	0 (2)	2025/08/22 01:41

Title

Replies (including bot)

Last reply

[PATCH] i2c: dev: Block zero-length messages

1 (1)

2025/08/22 02:09

[syzbot] [media?] general protection fault in su3000_i2c_transfer

0 (2)

2025/08/22 01:41


Created	Duration	User	Patch	Repo	Result
2025/08/22 01:41	22m	lizhi.xu@windriver.com	patch	upstream	OK log

Oops: general protection fault, probably for non-canonical address 0xdffffc0000000002: 0000 [#1] SMP KASAN PTI KASAN: null-ptr-deref in range [0x0000000000000010-0x0000000000000017] CPU: 1 UID: 0 PID: 5865 Comm: syz-executor259 Not tainted 6.17.0-rc1-syzkaller-00224-g8d561baae505 #0 PREEMPT(full) Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 RIP: 0010:su3000_i2c_transfer+0x1ad/0x1040 drivers/media/usb/dvb-usb/dw2102.c:740 Code: 4c 89 f8 48 c1 e8 03 49 bc 00 00 00 00 00 fc ff df 42 80 3c 20 00 74 08 4c 89 ff e8 8d b6 3c fa 49 8b 1f 48 89 d8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 0f 85 5f 09 00 00 0f b6 1b 48 8b 44 24 38 42 RSP: 0018:ffffc9000411faa8 EFLAGS: 00010202 RAX: 0000000000000002 RBX: 0000000000000010 RCX: 0000000000000003 RDX: ffffffff87e65d05 RSI: ffffffff8f0d3a50 RDI: 0000000000001900 RBP: 0000000000000000 R08: ffff888032dd0000 R09: 0000000000000002 R10: 0000000000001a00 R11: 0000000000000000 R12: dffffc0000000000 R13: 1ffff1100fb25968 R14: 0000000000000002 R15: ffff88807d92cb48 FS: 000055556ae14380(0000) GS:ffff888125d1b000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 000055b6f1430230 CR3: 000000007277a000 CR4: 00000000003526f0 Call Trace: <TASK> __i2c_transfer+0x871/0x2170 drivers/i2c/i2c-core-base.c:-1 i2c_transfer+0x25b/0x3a0 drivers/i2c/i2c-core-base.c:2320 i2cdev_ioctl_rdwr+0x460/0x740 drivers/i2c/i2c-dev.c:306 i2cdev_ioctl+0x64b/0x7f0 drivers/i2c/i2c-dev.c:467 vfs_ioctl fs/ioctl.c:51 [inline] __do_sys_ioctl fs/ioctl.c:598 [inline] __se_sys_ioctl+0xf9/0x170 fs/ioctl.c:584 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline] do_syscall_64+0xfa/0x3b0 arch/x86/entry/syscall_64.c:94 entry_SYSCALL_64_after_hwframe+0x77/0x7f RIP: 0033:0x7fc919191e19 Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 31 17 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 RSP: 002b:00007ffcc5ebd038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 RAX: ffffffffffffffda RBX: 00007fc9191cd533 RCX: 00007fc919191e19 RDX: 0000200000000a40 RSI: 0000000000000707 RDI: 0000000000000004 RBP: 00007fc919205610 R08: 0000000000002a00 R09: 00007ffcc5ebd208 R10: 0000000000000001 R11: 0000000000000246 R12: 0000000000000001 R13: 00007ffcc5ebd1f8 R14: 0000000000000001 R15: 0000000000000001 </TASK> Modules linked in: ---[ end trace 0000000000000000 ]--- RIP: 0010:su3000_i2c_transfer+0x1ad/0x1040 drivers/media/usb/dvb-usb/dw2102.c:740 Code: 4c 89 f8 48 c1 e8 03 49 bc 00 00 00 00 00 fc ff df 42 80 3c 20 00 74 08 4c 89 ff e8 8d b6 3c fa 49 8b 1f 48 89 d8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 0f 85 5f 09 00 00 0f b6 1b 48 8b 44 24 38 42 RSP: 0018:ffffc9000411faa8 EFLAGS: 00010202 RAX: 0000000000000002 RBX: 0000000000000010 RCX: 0000000000000003 RDX: ffffffff87e65d05 RSI: ffffffff8f0d3a50 RDI: 0000000000001900 RBP: 0000000000000000 R08: ffff888032dd0000 R09: 0000000000000002 R10: 0000000000001a00 R11: 0000000000000000 R12: dffffc0000000000 R13: 1ffff1100fb25968 R14: 0000000000000002 R15: ffff88807d92cb48 FS: 000055556ae14380(0000) GS:ffff888125c1b000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 0000562d24ac2168 CR3: 000000007277a000 CR4: 00000000003526f0 ---------------- Code disassembly (best guess): 0: 4c 89 f8 mov %r15,%rax 3: 48 c1 e8 03 shr $0x3,%rax 7: 49 bc 00 00 00 00 00 movabs $0xdffffc0000000000,%r12 e: fc ff df 11: 42 80 3c 20 00 cmpb $0x0,(%rax,%r12,1) 16: 74 08 je 0x20 18: 4c 89 ff mov %r15,%rdi 1b: e8 8d b6 3c fa call 0xfa3cb6ad 20: 49 8b 1f mov (%r15),%rbx 23: 48 89 d8 mov %rbx,%rax 26: 48 c1 e8 03 shr $0x3,%rax * 2a: 42 0f b6 04 20 movzbl (%rax,%r12,1),%eax <-- trapping instruction 2f: 84 c0 test %al,%al 31: 0f 85 5f 09 00 00 jne 0x996 37: 0f b6 1b movzbl (%rbx),%ebx 3a: 48 8b 44 24 38 mov 0x38(%rsp),%rax 3f: 42 rex.X

Time	Kernel	Commit	Syzkaller	Config	Log	Report	Syz repro	C repro	VM info	Assets (help?)	Manager	Title
2025/08/18 02:00	upstream	8d561baae505	1804e95e	.config	strace log	report	syz / log	C		[disk image] [vmlinux] [kernel image]	ci-upstream-kasan-gce	general protection fault in su3000_i2c_transfer
2025/08/18 01:15	upstream	8d561baae505	1804e95e	.config	strace log	report	syz / log	C		[disk image] [vmlinux] [kernel image]	ci-upstream-kasan-gce	general protection fault in su3000_i2c_transfer
2025/08/18 00:44	upstream	8d561baae505	1804e95e	.config	strace log	report	syz / log	C		[disk image] [vmlinux] [kernel image]	ci-upstream-kasan-gce	general protection fault in su3000_i2c_transfer
2025/08/18 02:57	linux-next	931e46dcbc7e	1804e95e	.config	strace log	report	syz / log	C		[disk image] [vmlinux] [kernel image]	ci-upstream-rust-kasan-gce	general protection fault in su3000_i2c_transfer
2025/08/18 02:01	linux-next	931e46dcbc7e	1804e95e	.config	strace log	report	syz / log	C		[disk image] [vmlinux] [kernel image]	ci-upstream-rust-kasan-gce	general protection fault in su3000_i2c_transfer
2025/08/18 00:30	upstream	8d561baae505	1804e95e	.config	console log	report			info	[disk image] [vmlinux] [kernel image]	ci-upstream-kasan-gce	general protection fault in su3000_i2c_transfer
2025/08/18 00:12	upstream	8d561baae505	1804e95e	.config	console log	report			info	[disk image] [vmlinux] [kernel image]	ci-upstream-kasan-gce	general protection fault in su3000_i2c_transfer
2025/08/24 01:19	upstream	8d245acc1e88	bf27483f	.config	console log	report			info	[disk image] [vmlinux] [kernel image]	ci-upstream-kasan-gce-386	general protection fault in su3000_i2c_transfer