Re: [syzbot] [comedi?] BUG: unable to handle kernel paging request in dt2815_attach

All of lore.kernel.org
 help / color / mirror / Atom feed

From: syzbot <syzbot+72f94b474d6e50b71ffc@syzkaller.appspotmail.com>
To: kartikey406@gmail.com, linux-kernel@vger.kernel.org,
	 syzkaller-bugs@googlegroups.com
Subject: Re: [syzbot] [comedi?] BUG: unable to handle kernel paging request in dt2815_attach
Date: Sun, 25 Jan 2026 21:36:02 -0800	[thread overview]
Message-ID: <6976fd42.050a0220.226181.0012.GAE@google.com> (raw)
In-Reply-To: <20260126051936.5684-1-kartikey406@gmail.com>

Hello,

syzbot has tested the proposed patch but the reproducer is still triggering an issue:
BUG: unable to handle kernel paging request in dt2815_attach

dt2815: After second outb
dt2815: Loop iteration 1, dev->iobase = 0x7d
dt2815: status = 0xff
dt2815: About to do second outb, dev = ffff8880408c7000, dev->iobase = 0x7d
BUG: unable to handle page fault for address: 000000007fffff90
#PF: supervisor write access in kernel mode
#PF: error_code(0x0002) - not-present page
PGD 465c6067 P4D 465c6067 PUD 0 
Oops: Oops: 0002 [#1] SMP KASAN NOPTI
CPU: 0 UID: 0 PID: 5846 Comm: syz.0.17 Not tainted syzkaller #0 PREEMPT(full) 
Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
RIP: 0010:__outb arch/x86/include/asm/shared/io.h:22 [inline]
RIP: 0010:dt2815_attach+0x6a8/0x9e0 drivers/comedi/drivers/dt2815.c:210
Code: 8b 96 d0 01 00 00 48 c7 c7 e0 f7 8b 8c 4c 89 f6 e8 7d 5f f5 ff 43 80 3c 27 00 74 08 4c 89 ef e8 ce 02 f9 00 41 8b 55 00 ff c2 <31> 66 90 48 c7 c7 60 f8 8b 8c e8 59 5f f5 ff 83 fd 63 75 9c eb 71
RSP: 0018:ffffc90001987a80 EFLAGS: 00010206
RAX: 000000000000004b RBX: ffffc90001987bc0 RCX: fd82e65c6f5c7300
RDX: 000000000000007e RSI: 0000000080000000 RDI: 0000000000000000
RBP: 0000000000000001 R08: ffffc90001987807 R09: 1ffff92000330f00
R10: dffffc0000000000 R11: fffff52000330f01 R12: dffffc0000000000
R13: ffff8880408c71d0 R14: ffff8880408c7000 R15: 1ffff11008118e3a
FS:  00007f4b609056c0(0000) GS:ffff88808cf1b000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 000000007fffff90 CR3: 00000000465ca000 CR4: 0000000000352ef0
Call Trace:
 <TASK>
 comedi_device_attach+0x51f/0x720 drivers/comedi/drivers.c:1069
 do_devconfig_ioctl drivers/comedi/comedi_fops.c:928 [inline]
 comedi_unlocked_ioctl+0x701/0x1240 drivers/comedi/comedi_fops.c:2240
 vfs_ioctl fs/ioctl.c:51 [inline]
 __do_sys_ioctl fs/ioctl.c:597 [inline]
 __se_sys_ioctl+0xfc/0x170 fs/ioctl.c:583
 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
 do_syscall_64+0xe2/0xf80 arch/x86/entry/syscall_64.c:94
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f4b5f99acb9
Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007f4b60905028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
RAX: ffffffffffffffda RBX: 00007f4b5fc15fa0 RCX: 00007f4b5f99acb9
RDX: 0000200000000080 RSI: 0000000040946400 RDI: 0000000000000003
RBP: 00007f4b5fa08bf7 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 00007f4b5fc16038 R14: 00007f4b5fc15fa0 R15: 00007ffc911b33b8
 </TASK>
Modules linked in:
CR2: 000000007fffff90
---[ end trace 0000000000000000 ]---
RIP: 0010:__outb arch/x86/include/asm/shared/io.h:22 [inline]
RIP: 0010:dt2815_attach+0x6a8/0x9e0 drivers/comedi/drivers/dt2815.c:210
Code: 8b 96 d0 01 00 00 48 c7 c7 e0 f7 8b 8c 4c 89 f6 e8 7d 5f f5 ff 43 80 3c 27 00 74 08 4c 89 ef e8 ce 02 f9 00 41 8b 55 00 ff c2 <31> 66 90 48 c7 c7 60 f8 8b 8c e8 59 5f f5 ff 83 fd 63 75 9c eb 71
RSP: 0018:ffffc90001987a80 EFLAGS: 00010206
RAX: 000000000000004b RBX: ffffc90001987bc0 RCX: fd82e65c6f5c7300
RDX: 000000000000007e RSI: 0000000080000000 RDI: 0000000000000000
RBP: 0000000000000001 R08: ffffc90001987807 R09: 1ffff92000330f00
R10: dffffc0000000000 R11: fffff52000330f01 R12: dffffc0000000000
R13: ffff8880408c71d0 R14: ffff8880408c7000 R15: 1ffff11008118e3a
FS:  00007f4b609056c0(0000) GS:ffff88808cf1b000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 000000007fffff90 CR3: 00000000465ca000 CR4: 0000000000352ef0
----------------
Code disassembly (best guess):
   0:	8b 96 d0 01 00 00    	mov    0x1d0(%rsi),%edx
   6:	48 c7 c7 e0 f7 8b 8c 	mov    $0xffffffff8c8bf7e0,%rdi
   d:	4c 89 f6             	mov    %r14,%rsi
  10:	e8 7d 5f f5 ff       	call   0xfff55f92
  15:	43 80 3c 27 00       	cmpb   $0x0,(%r15,%r12,1)
  1a:	74 08                	je     0x24
  1c:	4c 89 ef             	mov    %r13,%rdi
  1f:	e8 ce 02 f9 00       	call   0xf902f2
  24:	41 8b 55 00          	mov    0x0(%r13),%edx
  28:	ff c2                	inc    %edx
* 2a:	31 66 90             	xor    %esp,-0x70(%rsi) <-- trapping instruction
  2d:	48 c7 c7 60 f8 8b 8c 	mov    $0xffffffff8c8bf860,%rdi
  34:	e8 59 5f f5 ff       	call   0xfff55f92
  39:	83 fd 63             	cmp    $0x63,%ebp
  3c:	75 9c                	jne    0xffffffda
  3e:	eb 71                	jmp    0xb1


Tested on:

commit:         63804fed Linux 6.19-rc7
git tree:       upstream
console output: https://syzkaller.appspot.com/x/log.txt?x=15ba3002580000
kernel config:  https://syzkaller.appspot.com/x/.config?x=e2e5d7c9c1e01cf4
dashboard link: https://syzkaller.appspot.com/bug?extid=72f94b474d6e50b71ffc
compiler:       Debian clang version 21.1.8 (++20251221033036+2078da43e25a-1~exp1~20251221153213.50), Debian LLD 21.1.8
patch:          https://syzkaller.appspot.com/x/patch.diff?x=1214b9ac580000

next      parent reply	other threads:[~2026-01-26  5:36 UTC|newest]

Thread overview: 5+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
     [not found] <20260126051936.5684-1-kartikey406@gmail.com>
2026-01-26  5:36 ` syzbot [this message]
     [not found] <20260126064243.10298-1-kartikey406@gmail.com>
2026-01-26  7:04 ` [syzbot] [comedi?] BUG: unable to handle kernel paging request in dt2815_attach syzbot
     [not found] <20260126061729.9345-1-kartikey406@gmail.com>
2026-01-26  6:33 ` syzbot
     [not found] <20260126054835.7392-1-kartikey406@gmail.com>
2026-01-26  6:04 ` syzbot
2026-01-24  6:45 syzbot

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=6976fd42.050a0220.226181.0012.GAE@google.com \
    --to=syzbot+72f94b474d6e50b71ffc@syzkaller.appspotmail.com \
    --cc=kartikey406@gmail.com \
    --cc=linux-kernel@vger.kernel.org \
    --cc=syzkaller-bugs@googlegroups.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.