syzbot

 sign-in | mailing list | source | docs
🐞 Open [1437]
Subsystems
🐞 Fixed [6949]
🐞 Invalid [18115]
Missing Backports [223]
Crashes
Kernel Health Bugs/Month Bug Lifetimes Fuzzing
Total Repo Heatmap Subsystems Heatmap
✨ AI
💬 Send us feedback

general protection fault in su3000_i2c_transfer

Status: upstream: reported C repro on 2025/08/22 00:15
Subsystems: usb media
[Documentation on labels]
Reported-by: syzbot+d99f3a288cc7d8ef60fb@syzkaller.appspotmail.com
First crash: 195d, last: 2d20h
Cause bisection: introduced by (bisect log) :
commit 0e148a522b8453115038193e19ec7bea71403e4a
Author: Michael Bunk <micha@freedict.org>
Date: Sun Jan 16 11:22:36 2022 +0000

  media: dw2102: Don't translate i2c read into write

Crash: BUG: unable to handle kernel NULL pointer dereference in su3000_i2c_transfer (log)
Repro: C syz .config
  
Discussions (9)
Title Replies (including bot) Last reply
[PATCH] media: dw2102: Fix null-ptr-deref in su3000_i2c_transfer() 1 (1) 2026/02/27 12:25
[syzbot] Monthly media report (Jan 2026) 0 (1) 2026/01/29 11:51
[syzbot] Monthly media report (Dec 2025) 0 (1) 2025/12/29 10:38
[PATCH v2] media: dw2102: validate I2C messages in su3000_i2c_transfer() 1 (1) 2025/12/10 05:55
[PATCH] media: dw2102: validate I2C messages in su3000_i2c_transfer() 1 (2) 2025/12/08 04:00
[syzbot] [media?] general protection fault in su3000_i2c_transfer 0 (4) 2025/12/08 02:33
[syzbot] Monthly media report (Oct 2025) 0 (1) 2025/10/27 12:50
[syzbot] Monthly media report (Sep 2025) 0 (1) 2025/09/26 05:14
[PATCH] i2c: dev: Block zero-length messages 1 (1) 2025/08/22 02:09
Similar bugs (3)
Kernel Title Rank 🛈 Repro Cause bisect Fix bisect Count Last Reported Patched Status
linux-6.6 general protection fault in su3000_i2c_transfer origin:upstream 2 C error 7 61d 174d 0/2 upstream: reported C repro on 2025/09/08 01:49
linux-5.15 general protection fault in su3000_i2c_transfer origin:upstream 2 C 4 6d17h 6d19h 0/3 upstream: reported C repro on 2026/02/22 08:06
linux-6.1 general protection fault in su3000_i2c_transfer origin:upstream 2 C error 14 58d 187d 0/3 upstream: reported C repro on 2025/08/26 01:58
Last patch testing requests (4)
Created Duration User Patch Repo Result
2025/12/08 02:33 45m dharanitharan725@gmail.com patch upstream OK log
2025/12/08 03:13 31m dharanitharan725@gmail.com patch upstream OK log
2025/12/08 02:25 58m dharanitharan725@gmail.com patch upstream OK log
2025/08/22 01:41 22m lizhi.xu@windriver.com patch upstream OK log

Sample crash report:
Oops: general protection fault, probably for non-canonical address 0xdffffc0000000002: 0000 [#1] SMP KASAN NOPTI
KASAN: null-ptr-deref in range [0x0000000000000010-0x0000000000000017]
CPU: 1 UID: 0 PID: 5981 Comm: syz.0.17 Not tainted syzkaller #0 PREEMPT(full) 
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
RIP: 0010:su3000_i2c_transfer+0x610/0xea0 drivers/media/usb/dvb-usb/dw2102.c:740
Code: 42 ec f9 48 8d 7b 08 48 89 f8 48 c1 e8 03 42 80 3c 38 00 0f 85 81 07 00 00 48 8b 5b 08 48 89 d8 48 89 da 48 c1 e8 03 83 e2 07 <42> 0f b6 04 38 38 d0 7f 08 84 c0 0f 85 52 07 00 00 48 8b 44 24 10
RSP: 0018:ffffc900038e7c30 EFLAGS: 00010246
RAX: 0000000000000002 RBX: 0000000000000010 RCX: ffffffff87d29fa5
RDX: 0000000000000000 RSI: ffffffff87d2a429 RDI: ffff88802fcaae48
RBP: 0000000000000000 R08: 0000000000000003 R09: 0000000000001a00
R10: 0000000000001900 R11: ffff888031070b30 R12: ffff88803560ac00
R13: 0000000000001900 R14: 0000000000000001 R15: dffffc0000000000
FS:  00005555817f9500(0000) GS:ffff8881249f5000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000001b2ed63fff CR3: 000000007d7d3000 CR4: 00000000003526f0
Call Trace:
 <TASK>
 __i2c_transfer+0x6b6/0x2100 drivers/i2c/i2c-core-base.c:2261
 i2c_transfer drivers/i2c/i2c-core-base.c:2317 [inline]
 i2c_transfer+0x1da/0x380 drivers/i2c/i2c-core-base.c:2293
 i2cdev_ioctl_rdwr+0x373/0x710 drivers/i2c/i2c-dev.c:306
 i2cdev_ioctl+0x628/0x840 drivers/i2c/i2c-dev.c:467
 vfs_ioctl fs/ioctl.c:51 [inline]
 __do_sys_ioctl fs/ioctl.c:597 [inline]
 __se_sys_ioctl fs/ioctl.c:583 [inline]
 __x64_sys_ioctl+0x18e/0x210 fs/ioctl.c:583
 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
 do_syscall_64+0xcd/0xf80 arch/x86/entry/syscall_64.c:94
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7fa4d2f8f749
Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007ffe2ab9b448 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
RAX: ffffffffffffffda RBX: 00007fa4d31e5fa0 RCX: 00007fa4d2f8f749
RDX: 0000200000000080 RSI: 0000000000000707 RDI: 0000000000000004
RBP: 00007fa4d3013f91 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 00007fa4d31e5fa0 R14: 00007fa4d31e5fa0 R15: 0000000000000003
 </TASK>
Modules linked in:
---[ end trace 0000000000000000 ]---
RIP: 0010:su3000_i2c_transfer+0x610/0xea0 drivers/media/usb/dvb-usb/dw2102.c:740
Code: 42 ec f9 48 8d 7b 08 48 89 f8 48 c1 e8 03 42 80 3c 38 00 0f 85 81 07 00 00 48 8b 5b 08 48 89 d8 48 89 da 48 c1 e8 03 83 e2 07 <42> 0f b6 04 38 38 d0 7f 08 84 c0 0f 85 52 07 00 00 48 8b 44 24 10
RSP: 0018:ffffc900038e7c30 EFLAGS: 00010246
RAX: 0000000000000002 RBX: 0000000000000010 RCX: ffffffff87d29fa5
RDX: 0000000000000000 RSI: ffffffff87d2a429 RDI: ffff88802fcaae48
RBP: 0000000000000000 R08: 0000000000000003 R09: 0000000000001a00
R10: 0000000000001900 R11: ffff888031070b30 R12: ffff88803560ac00
R13: 0000000000001900 R14: 0000000000000001 R15: dffffc0000000000
FS:  00005555817f9500(0000) GS:ffff8881249f5000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000001b2ed63fff CR3: 000000007d7d3000 CR4: 00000000003526f0
----------------
Code disassembly (best guess):
   0:	42 ec                	rex.X in (%dx),%al
   2:	f9                   	stc
   3:	48 8d 7b 08          	lea    0x8(%rbx),%rdi
   7:	48 89 f8             	mov    %rdi,%rax
   a:	48 c1 e8 03          	shr    $0x3,%rax
   e:	42 80 3c 38 00       	cmpb   $0x0,(%rax,%r15,1)
  13:	0f 85 81 07 00 00    	jne    0x79a
  19:	48 8b 5b 08          	mov    0x8(%rbx),%rbx
  1d:	48 89 d8             	mov    %rbx,%rax
  20:	48 89 da             	mov    %rbx,%rdx
  23:	48 c1 e8 03          	shr    $0x3,%rax
  27:	83 e2 07             	and    $0x7,%edx
* 2a:	42 0f b6 04 38       	movzbl (%rax,%r15,1),%eax <-- trapping instruction
  2f:	38 d0                	cmp    %dl,%al
  31:	7f 08                	jg     0x3b
  33:	84 c0                	test   %al,%al
  35:	0f 85 52 07 00 00    	jne    0x78d
  3b:	48 8b 44 24 10       	mov    0x10(%rsp),%rax

Crashes (221):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2025/12/20 08:22 upstream dd9b004b7ff3 d6526ea3 .config console log report syz / log C [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-selinux-root general protection fault in su3000_i2c_transfer
2025/08/18 02:00 upstream 8d561baae505 1804e95e .config strace log report syz / log C [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce general protection fault in su3000_i2c_transfer
2025/08/18 01:15 upstream 8d561baae505 1804e95e .config strace log report syz / log C [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce general protection fault in su3000_i2c_transfer
2025/08/18 00:44 upstream 8d561baae505 1804e95e .config strace log report syz / log C [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce general protection fault in su3000_i2c_transfer
2026/02/22 09:38 linux-next d4906ae14a5f 6e7b5511 .config console log report syz / log C [disk image] [vmlinux] [kernel image] ci-upstream-rust-kasan-gce general protection fault in su3000_i2c_transfer
2025/12/20 22:05 linux-next cc3aa43b44bd d6526ea3 .config console log report syz / log C [disk image] [vmlinux] [kernel image] ci-upstream-rust-kasan-gce general protection fault in su3000_i2c_transfer
2025/09/10 07:40 linux-next 65dd046ef558 fdeaa69b .config console log report syz / log C [disk image] [vmlinux] [kernel image] ci-upstream-rust-kasan-gce general protection fault in su3000_i2c_transfer
2025/08/27 04:02 linux-next 7fa4d8dc380f e12e5ba4 .config console log report syz / log C [disk image] [vmlinux] [kernel image] ci-upstream-rust-kasan-gce general protection fault in su3000_i2c_transfer
2025/08/18 02:57 linux-next 931e46dcbc7e 1804e95e .config strace log report syz / log C [disk image] [vmlinux] [kernel image] ci-upstream-rust-kasan-gce general protection fault in su3000_i2c_transfer
2025/08/18 02:01 linux-next 931e46dcbc7e 1804e95e .config strace log report syz / log C [disk image] [vmlinux] [kernel image] ci-upstream-rust-kasan-gce general protection fault in su3000_i2c_transfer
2026/02/26 03:38 upstream d9d32e5bd5a4 e0f78d93 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce general protection fault in su3000_i2c_transfer
2026/02/25 17:24 upstream 7dff99b35460 df2e85d4 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-selinux-root general protection fault in su3000_i2c_transfer
2026/02/25 14:38 upstream 7dff99b35460 df2e85d4 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce general protection fault in su3000_i2c_transfer
2026/02/24 19:29 upstream 7dff99b35460 96b1aa46 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-root general protection fault in su3000_i2c_transfer
2026/02/24 16:53 upstream 7dff99b35460 96b1aa46 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-selinux-root general protection fault in su3000_i2c_transfer
2026/02/24 15:41 upstream 7dff99b35460 96b1aa46 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-selinux-root general protection fault in su3000_i2c_transfer
2026/02/24 14:17 upstream 7dff99b35460 96b1aa46 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce general protection fault in su3000_i2c_transfer
2026/02/24 05:27 upstream 7dff99b35460 41d2fa6a .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce general protection fault in su3000_i2c_transfer
2026/02/22 14:37 upstream 32a92f8c8932 6e7b5511 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-selinux-root general protection fault in su3000_i2c_transfer
2026/02/22 00:21 upstream d79526b89571 6e7b5511 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-selinux-root general protection fault in su3000_i2c_transfer
2026/02/21 16:16 upstream a95f71ad3e2e 6e7b5511 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-smack-root general protection fault in su3000_i2c_transfer
2026/02/18 09:33 upstream d295082ea672 39751c21 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-selinux-root general protection fault in su3000_i2c_transfer
2026/02/15 21:26 upstream bb7a3fc2c976 1e62d198 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce general protection fault in su3000_i2c_transfer
2026/02/14 01:38 upstream cd7a5651db26 1e62d198 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-selinux-root general protection fault in su3000_i2c_transfer
2026/02/09 05:12 upstream e98f34af6116 4c131dc4 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-selinux-root general protection fault in su3000_i2c_transfer
2026/01/28 16:26 upstream 1f97d9dcf536 004c195c .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce general protection fault in su3000_i2c_transfer
2026/01/28 07:53 upstream 1f97d9dcf536 3029c699 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-root general protection fault in su3000_i2c_transfer
2026/01/25 03:42 upstream 12a0094839d0 40acda8a .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-selinux-root general protection fault in su3000_i2c_transfer
2026/01/24 22:01 upstream 12a0094839d0 40acda8a .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce general protection fault in su3000_i2c_transfer
2026/01/24 07:13 upstream 62085877ae65 4f25b9b4 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-root general protection fault in su3000_i2c_transfer
2026/01/24 06:49 upstream 62085877ae65 4f25b9b4 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce general protection fault in su3000_i2c_transfer
2026/01/24 05:15 upstream 62085877ae65 4f25b9b4 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce general protection fault in su3000_i2c_transfer
2026/01/22 04:09 upstream cf38b2340c0e 101dad69 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce general protection fault in su3000_i2c_transfer
2026/01/09 05:04 upstream 79b95d74470d d6526ea3 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-selinux-root general protection fault in su3000_i2c_transfer
2026/01/09 04:53 upstream 79b95d74470d d6526ea3 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-selinux-root general protection fault in su3000_i2c_transfer
2026/01/06 10:43 upstream 7f98ab9da046 d6526ea3 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-selinux-root general protection fault in su3000_i2c_transfer
2025/08/25 23:22 upstream 1b237f190eb3 bf27483f .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-badwrites-root general protection fault in su3000_i2c_transfer
2026/02/23 19:57 upstream 6de23f81a5e0 305c0ec5 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-386 general protection fault in su3000_i2c_transfer
2026/02/21 10:54 upstream a95f71ad3e2e 6e7b5511 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-386 general protection fault in su3000_i2c_transfer
2026/02/16 01:26 upstream bb7a3fc2c976 1e62d198 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-386 general protection fault in su3000_i2c_transfer
2026/02/16 00:14 upstream bb7a3fc2c976 1e62d198 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-386 general protection fault in su3000_i2c_transfer
2026/02/15 08:04 upstream ca4ee40bf13d 1e62d198 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-386 general protection fault in su3000_i2c_transfer
2026/02/11 08:40 upstream dc855b77719f 441e25b7 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-386 general protection fault in su3000_i2c_transfer
2026/02/07 11:11 upstream 2687c848e578 f20fc9f9 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-386 general protection fault in su3000_i2c_transfer
2026/01/29 07:31 upstream 8dfce8991b95 b78a7341 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-386 general protection fault in su3000_i2c_transfer
2026/01/28 17:58 upstream 1f97d9dcf536 004c195c .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-386 general protection fault in su3000_i2c_transfer
2026/01/23 22:18 upstream c072629f05d7 3181850c .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-386 general protection fault in su3000_i2c_transfer
2026/01/16 05:23 upstream 603c05a1639f d6526ea3 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-386 general protection fault in su3000_i2c_transfer
2026/01/10 06:13 upstream 372800cb95a3 d6526ea3 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-386 general protection fault in su3000_i2c_transfer
2026/01/07 02:06 upstream f0b9d8eb98df d6526ea3 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-386 general protection fault in su3000_i2c_transfer
2026/01/06 08:11 upstream 7f98ab9da046 d6526ea3 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-386 general protection fault in su3000_i2c_transfer
2026/02/26 06:30 linux-next 877552aa8758 e0f78d93 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-rust-kasan-gce general protection fault in su3000_i2c_transfer
2026/02/07 04:44 linux-next 9845cf73f7db f20fc9f9 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-rust-kasan-gce general protection fault in su3000_i2c_transfer
2026/02/01 19:49 linux-next 4c87cdd03284 6b8752f2 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-linux-next-kasan-gce-root general protection fault in su3000_i2c_transfer
2026/01/25 06:41 linux-next ca3a02fda4da 40acda8a .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-linux-next-kasan-gce-root general protection fault in su3000_i2c_transfer
2026/01/24 17:12 linux-next ca3a02fda4da 40acda8a .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-rust-kasan-gce general protection fault in su3000_i2c_transfer
2026/01/23 14:56 linux-next a0c666c25aee 3181850c .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-rust-kasan-gce general protection fault in su3000_i2c_transfer
2026/01/08 02:20 linux-next f96074c6d01d d6526ea3 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-rust-kasan-gce general protection fault in su3000_i2c_transfer
2026/01/06 07:06 linux-next 6cd6c1203113 d6526ea3 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-rust-kasan-gce general protection fault in su3000_i2c_transfer
* Struck through repros no longer work on HEAD.