* Re: [syzbot] [comedi?] BUG: unable to handle kernel paging request in dt2815_attach
[not found] <20260126061729.9345-1-kartikey406@gmail.com>
@ 2026-01-26 6:33 ` syzbot
0 siblings, 0 replies; 5+ messages in thread
From: syzbot @ 2026-01-26 6:33 UTC (permalink / raw)
To: kartikey406, linux-kernel, syzkaller-bugs
Hello,
syzbot has tested the proposed patch but the reproducer is still triggering an issue:
BUG: unable to handle kernel paging request in dt2815_attach
dt2815: [PID 5821] ENTER dt2815_attach, it->options[0] = 0x7d
dt2815: [PID 5821] after comedi_request_region, dev->iobase = 0x7d
dt2815: [PID 5821] About to do FIRST outb, dev = ffff888040506800, dev->iobase = 0x7d
BUG: unable to handle page fault for address: 000000007fffff90
#PF: supervisor write access in kernel mode
#PF: error_code(0x0002) - not-present page
PGD 57fb4067 P4D 57fb4067 PUD 0
Oops: Oops: 0002 [#1] SMP KASAN NOPTI
CPU: 0 UID: 0 PID: 5821 Comm: syz.0.18 Not tainted syzkaller #0 PREEMPT(full)
Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
RIP: 0010:__outb arch/x86/include/asm/shared/io.h:22 [inline]
RIP: 0010:dt2815_attach+0x6e0/0x1110 drivers/comedi/drivers/dt2815.c:187
Code: f5 ff 48 bd 00 00 00 00 00 fc ff df 41 80 3c 2c 00 74 12 4c 89 f7 e8 9f 02 f9 00 48 bd 00 00 00 00 00 fc ff df 41 8b 16 ff c2 <31> 66 90 41 0f b6 44 2d 00 84 c0 0f 85 00 08 00 00 8b 33 48 c7 c7
RSP: 0018:ffffc90002a8fa78 EFLAGS: 00010206
RAX: 0000000000000055 RBX: ffff88803405cf98 RCX: c9cdd809989aea00
RDX: 000000000000007e RSI: 0000000080000000 RDI: 0000000000000000
RBP: dffffc0000000000 R08: ffff88801fc247d3 R09: 1ffff11003f848fa
R10: dffffc0000000000 R11: ffffed1003f848fb R12: 1ffff110080a0d3a
R13: 1ffff1100680b9f3 R14: ffff8880405069d0 R15: ffff888040506800
FS: 00007f8323dfe6c0(0000) GS:ffff88808cf1b000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 000000007fffff90 CR3: 0000000057ff9000 CR4: 0000000000352ef0
Call Trace:
<TASK>
comedi_device_attach+0x51f/0x720 drivers/comedi/drivers.c:1069
do_devconfig_ioctl drivers/comedi/comedi_fops.c:928 [inline]
comedi_unlocked_ioctl+0x701/0x1240 drivers/comedi/comedi_fops.c:2240
vfs_ioctl fs/ioctl.c:51 [inline]
__do_sys_ioctl fs/ioctl.c:597 [inline]
__se_sys_ioctl+0xfc/0x170 fs/ioctl.c:583
do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
do_syscall_64+0xe2/0xf80 arch/x86/entry/syscall_64.c:94
entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f832479acb9
Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007f8323dfe028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
RAX: ffffffffffffffda RBX: 00007f8324a15fa0 RCX: 00007f832479acb9
RDX: 0000200000000080 RSI: 0000000040946400 RDI: 0000000000000003
RBP: 00007f8324808bf7 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 00007f8324a16038 R14: 00007f8324a15fa0 R15: 00007fff45a7cad8
</TASK>
Modules linked in:
CR2: 000000007fffff90
---[ end trace 0000000000000000 ]---
RIP: 0010:__outb arch/x86/include/asm/shared/io.h:22 [inline]
RIP: 0010:dt2815_attach+0x6e0/0x1110 drivers/comedi/drivers/dt2815.c:187
Code: f5 ff 48 bd 00 00 00 00 00 fc ff df 41 80 3c 2c 00 74 12 4c 89 f7 e8 9f 02 f9 00 48 bd 00 00 00 00 00 fc ff df 41 8b 16 ff c2 <31> 66 90 41 0f b6 44 2d 00 84 c0 0f 85 00 08 00 00 8b 33 48 c7 c7
RSP: 0018:ffffc90002a8fa78 EFLAGS: 00010206
RAX: 0000000000000055 RBX: ffff88803405cf98 RCX: c9cdd809989aea00
RDX: 000000000000007e RSI: 0000000080000000 RDI: 0000000000000000
RBP: dffffc0000000000 R08: ffff88801fc247d3 R09: 1ffff11003f848fa
R10: dffffc0000000000 R11: ffffed1003f848fb R12: 1ffff110080a0d3a
R13: 1ffff1100680b9f3 R14: ffff8880405069d0 R15: ffff888040506800
FS: 00007f8323dfe6c0(0000) GS:ffff88808cf1b000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 000000007fffff90 CR3: 0000000057ff9000 CR4: 0000000000352ef0
----------------
Code disassembly (best guess):
0: f5 cmc
1: ff 48 bd decl -0x43(%rax)
4: 00 00 add %al,(%rax)
6: 00 00 add %al,(%rax)
8: 00 fc add %bh,%ah
a: ff lcall (bad)
b: df 41 80 filds -0x80(%rcx)
e: 3c 2c cmp $0x2c,%al
10: 00 74 12 4c add %dh,0x4c(%rdx,%rdx,1)
14: 89 f7 mov %esi,%edi
16: e8 9f 02 f9 00 call 0xf902ba
1b: 48 bd 00 00 00 00 00 movabs $0xdffffc0000000000,%rbp
22: fc ff df
25: 41 8b 16 mov (%r14),%edx
28: ff c2 inc %edx
* 2a: 31 66 90 xor %esp,-0x70(%rsi) <-- trapping instruction
2d: 41 0f b6 44 2d 00 movzbl 0x0(%r13,%rbp,1),%eax
33: 84 c0 test %al,%al
35: 0f 85 00 08 00 00 jne 0x83b
3b: 8b 33 mov (%rbx),%esi
3d: 48 rex.W
3e: c7 .byte 0xc7
3f: c7 .byte 0xc7
Tested on:
commit: 63804fed Linux 6.19-rc7
git tree: upstream
console output: https://syzkaller.appspot.com/x/log.txt?x=12d6905a580000
kernel config: https://syzkaller.appspot.com/x/.config?x=e2e5d7c9c1e01cf4
dashboard link: https://syzkaller.appspot.com/bug?extid=72f94b474d6e50b71ffc
compiler: Debian clang version 21.1.8 (++20251221033036+2078da43e25a-1~exp1~20251221153213.50), Debian LLD 21.1.8
patch: https://syzkaller.appspot.com/x/patch.diff?x=16a40a44580000
^ permalink raw reply [flat|nested] 5+ messages in thread
[parent not found: <20260126064243.10298-1-kartikey406@gmail.com>]
[parent not found: <20260126054835.7392-1-kartikey406@gmail.com>]
* Re: [syzbot] [comedi?] BUG: unable to handle kernel paging request in dt2815_attach
[not found] <20260126054835.7392-1-kartikey406@gmail.com>
@ 2026-01-26 6:04 ` syzbot
0 siblings, 0 replies; 5+ messages in thread
From: syzbot @ 2026-01-26 6:04 UTC (permalink / raw)
To: kartikey406, linux-kernel, syzkaller-bugs
Hello,
syzbot has tested the proposed patch but the reproducer is still triggering an issue:
BUG: unable to handle kernel NULL pointer dereference in dt2815_attach
BUG: kernel NULL pointer dereference, address: 0000000000000390
#PF: supervisor write access in kernel mode
#PF: error_code(0x0002) - not-present page
PGD 365dc067 P4D 365dc067 PUD 0
Oops: Oops: 0002 [#1] SMP KASAN NOPTI
CPU: 0 UID: 0 PID: 5841 Comm: syz.0.18 Not tainted syzkaller #0 PREEMPT(full)
Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
RIP: 0010:__outb arch/x86/include/asm/shared/io.h:22 [inline]
RIP: 0010:dt2815_attach+0x4f3/0xa40 drivers/comedi/drivers/dt2815.c:179
Code: 24 4c 8d b8 d0 01 00 00 4c 89 fb 48 c1 eb 03 42 80 3c 2b 00 74 08 4c 89 ff e8 a9 00 4c f9 48 8b 04 24 8b 90 d0 01 00 00 ff c2 <31> 66 90 bf e8 03 00 00 be b8 0b 00 00 ba 02 00 00 00 e8 56 0a 9e
RSP: 0018:ffffc90002befa88 EFLAGS: 00010206
RAX: ffff888040c87000 RBX: 1ffff11008190e3a RCX: 0000000000000000
RDX: 000000000000007e RSI: 0000000000000400 RDI: 0000000000000000
RBP: 0000000000000400 R08: 0000000000000dc0 R09: 00000000ffffffff
R10: 000000000000000a R11: ffffffff81ae5bd0 R12: ffffc90002befc04
R13: dffffc0000000000 R14: ffffc90002befbc0 R15: ffff888040c871d0
FS: 00007fa9eb7d96c0(0000) GS:ffff88808cf1b000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000000000000390 CR3: 00000000595eb000 CR4: 0000000000352ef0
Call Trace:
<TASK>
comedi_device_attach+0x51f/0x720 drivers/comedi/drivers.c:1069
do_devconfig_ioctl drivers/comedi/comedi_fops.c:928 [inline]
comedi_unlocked_ioctl+0x701/0x1240 drivers/comedi/comedi_fops.c:2240
vfs_ioctl fs/ioctl.c:51 [inline]
__do_sys_ioctl fs/ioctl.c:597 [inline]
__se_sys_ioctl+0xfc/0x170 fs/ioctl.c:583
do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
do_syscall_64+0xe2/0xf80 arch/x86/entry/syscall_64.c:94
entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7fa9ea99acb9
Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007fa9eb7d9028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
RAX: ffffffffffffffda RBX: 00007fa9eac15fa0 RCX: 00007fa9ea99acb9
RDX: 0000200000000080 RSI: 0000000040946400 RDI: 0000000000000003
RBP: 00007fa9eaa08bf7 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 00007fa9eac16038 R14: 00007fa9eac15fa0 R15: 00007fff0dbc24e8
</TASK>
Modules linked in:
CR2: 0000000000000390
---[ end trace 0000000000000000 ]---
RIP: 0010:__outb arch/x86/include/asm/shared/io.h:22 [inline]
RIP: 0010:dt2815_attach+0x4f3/0xa40 drivers/comedi/drivers/dt2815.c:179
Code: 24 4c 8d b8 d0 01 00 00 4c 89 fb 48 c1 eb 03 42 80 3c 2b 00 74 08 4c 89 ff e8 a9 00 4c f9 48 8b 04 24 8b 90 d0 01 00 00 ff c2 <31> 66 90 bf e8 03 00 00 be b8 0b 00 00 ba 02 00 00 00 e8 56 0a 9e
RSP: 0018:ffffc90002befa88 EFLAGS: 00010206
RAX: ffff888040c87000 RBX: 1ffff11008190e3a RCX: 0000000000000000
RDX: 000000000000007e RSI: 0000000000000400 RDI: 0000000000000000
RBP: 0000000000000400 R08: 0000000000000dc0 R09: 00000000ffffffff
R10: 000000000000000a R11: ffffffff81ae5bd0 R12: ffffc90002befc04
R13: dffffc0000000000 R14: ffffc90002befbc0 R15: ffff888040c871d0
FS: 00007fa9eb7d96c0(0000) GS:ffff88808cf1b000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000000000000390 CR3: 00000000595eb000 CR4: 0000000000352ef0
----------------
Code disassembly (best guess):
0: 24 4c and $0x4c,%al
2: 8d b8 d0 01 00 00 lea 0x1d0(%rax),%edi
8: 4c 89 fb mov %r15,%rbx
b: 48 c1 eb 03 shr $0x3,%rbx
f: 42 80 3c 2b 00 cmpb $0x0,(%rbx,%r13,1)
14: 74 08 je 0x1e
16: 4c 89 ff mov %r15,%rdi
19: e8 a9 00 4c f9 call 0xf94c00c7
1e: 48 8b 04 24 mov (%rsp),%rax
22: 8b 90 d0 01 00 00 mov 0x1d0(%rax),%edx
28: ff c2 inc %edx
* 2a: 31 66 90 xor %esp,-0x70(%rsi) <-- trapping instruction
2d: bf e8 03 00 00 mov $0x3e8,%edi
32: be b8 0b 00 00 mov $0xbb8,%esi
37: ba 02 00 00 00 mov $0x2,%edx
3c: e8 .byte 0xe8
3d: 56 push %rsi
3e: 0a .byte 0xa
3f: 9e sahf
Tested on:
commit: 63804fed Linux 6.19-rc7
git tree: upstream
console output: https://syzkaller.appspot.com/x/log.txt?x=1083f294580000
kernel config: https://syzkaller.appspot.com/x/.config?x=e2e5d7c9c1e01cf4
dashboard link: https://syzkaller.appspot.com/bug?extid=72f94b474d6e50b71ffc
compiler: Debian clang version 21.1.8 (++20251221033036+2078da43e25a-1~exp1~20251221153213.50), Debian LLD 21.1.8
patch: https://syzkaller.appspot.com/x/patch.diff?x=164bfe8a580000
^ permalink raw reply [flat|nested] 5+ messages in thread
[parent not found: <20260126051936.5684-1-kartikey406@gmail.com>]
* Re: [syzbot] [comedi?] BUG: unable to handle kernel paging request in dt2815_attach
[not found] <20260126051936.5684-1-kartikey406@gmail.com>
@ 2026-01-26 5:36 ` syzbot
0 siblings, 0 replies; 5+ messages in thread
From: syzbot @ 2026-01-26 5:36 UTC (permalink / raw)
To: kartikey406, linux-kernel, syzkaller-bugs
Hello,
syzbot has tested the proposed patch but the reproducer is still triggering an issue:
BUG: unable to handle kernel paging request in dt2815_attach
dt2815: After second outb
dt2815: Loop iteration 1, dev->iobase = 0x7d
dt2815: status = 0xff
dt2815: About to do second outb, dev = ffff8880408c7000, dev->iobase = 0x7d
BUG: unable to handle page fault for address: 000000007fffff90
#PF: supervisor write access in kernel mode
#PF: error_code(0x0002) - not-present page
PGD 465c6067 P4D 465c6067 PUD 0
Oops: Oops: 0002 [#1] SMP KASAN NOPTI
CPU: 0 UID: 0 PID: 5846 Comm: syz.0.17 Not tainted syzkaller #0 PREEMPT(full)
Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
RIP: 0010:__outb arch/x86/include/asm/shared/io.h:22 [inline]
RIP: 0010:dt2815_attach+0x6a8/0x9e0 drivers/comedi/drivers/dt2815.c:210
Code: 8b 96 d0 01 00 00 48 c7 c7 e0 f7 8b 8c 4c 89 f6 e8 7d 5f f5 ff 43 80 3c 27 00 74 08 4c 89 ef e8 ce 02 f9 00 41 8b 55 00 ff c2 <31> 66 90 48 c7 c7 60 f8 8b 8c e8 59 5f f5 ff 83 fd 63 75 9c eb 71
RSP: 0018:ffffc90001987a80 EFLAGS: 00010206
RAX: 000000000000004b RBX: ffffc90001987bc0 RCX: fd82e65c6f5c7300
RDX: 000000000000007e RSI: 0000000080000000 RDI: 0000000000000000
RBP: 0000000000000001 R08: ffffc90001987807 R09: 1ffff92000330f00
R10: dffffc0000000000 R11: fffff52000330f01 R12: dffffc0000000000
R13: ffff8880408c71d0 R14: ffff8880408c7000 R15: 1ffff11008118e3a
FS: 00007f4b609056c0(0000) GS:ffff88808cf1b000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 000000007fffff90 CR3: 00000000465ca000 CR4: 0000000000352ef0
Call Trace:
<TASK>
comedi_device_attach+0x51f/0x720 drivers/comedi/drivers.c:1069
do_devconfig_ioctl drivers/comedi/comedi_fops.c:928 [inline]
comedi_unlocked_ioctl+0x701/0x1240 drivers/comedi/comedi_fops.c:2240
vfs_ioctl fs/ioctl.c:51 [inline]
__do_sys_ioctl fs/ioctl.c:597 [inline]
__se_sys_ioctl+0xfc/0x170 fs/ioctl.c:583
do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
do_syscall_64+0xe2/0xf80 arch/x86/entry/syscall_64.c:94
entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f4b5f99acb9
Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007f4b60905028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
RAX: ffffffffffffffda RBX: 00007f4b5fc15fa0 RCX: 00007f4b5f99acb9
RDX: 0000200000000080 RSI: 0000000040946400 RDI: 0000000000000003
RBP: 00007f4b5fa08bf7 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 00007f4b5fc16038 R14: 00007f4b5fc15fa0 R15: 00007ffc911b33b8
</TASK>
Modules linked in:
CR2: 000000007fffff90
---[ end trace 0000000000000000 ]---
RIP: 0010:__outb arch/x86/include/asm/shared/io.h:22 [inline]
RIP: 0010:dt2815_attach+0x6a8/0x9e0 drivers/comedi/drivers/dt2815.c:210
Code: 8b 96 d0 01 00 00 48 c7 c7 e0 f7 8b 8c 4c 89 f6 e8 7d 5f f5 ff 43 80 3c 27 00 74 08 4c 89 ef e8 ce 02 f9 00 41 8b 55 00 ff c2 <31> 66 90 48 c7 c7 60 f8 8b 8c e8 59 5f f5 ff 83 fd 63 75 9c eb 71
RSP: 0018:ffffc90001987a80 EFLAGS: 00010206
RAX: 000000000000004b RBX: ffffc90001987bc0 RCX: fd82e65c6f5c7300
RDX: 000000000000007e RSI: 0000000080000000 RDI: 0000000000000000
RBP: 0000000000000001 R08: ffffc90001987807 R09: 1ffff92000330f00
R10: dffffc0000000000 R11: fffff52000330f01 R12: dffffc0000000000
R13: ffff8880408c71d0 R14: ffff8880408c7000 R15: 1ffff11008118e3a
FS: 00007f4b609056c0(0000) GS:ffff88808cf1b000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 000000007fffff90 CR3: 00000000465ca000 CR4: 0000000000352ef0
----------------
Code disassembly (best guess):
0: 8b 96 d0 01 00 00 mov 0x1d0(%rsi),%edx
6: 48 c7 c7 e0 f7 8b 8c mov $0xffffffff8c8bf7e0,%rdi
d: 4c 89 f6 mov %r14,%rsi
10: e8 7d 5f f5 ff call 0xfff55f92
15: 43 80 3c 27 00 cmpb $0x0,(%r15,%r12,1)
1a: 74 08 je 0x24
1c: 4c 89 ef mov %r13,%rdi
1f: e8 ce 02 f9 00 call 0xf902f2
24: 41 8b 55 00 mov 0x0(%r13),%edx
28: ff c2 inc %edx
* 2a: 31 66 90 xor %esp,-0x70(%rsi) <-- trapping instruction
2d: 48 c7 c7 60 f8 8b 8c mov $0xffffffff8c8bf860,%rdi
34: e8 59 5f f5 ff call 0xfff55f92
39: 83 fd 63 cmp $0x63,%ebp
3c: 75 9c jne 0xffffffda
3e: eb 71 jmp 0xb1
Tested on:
commit: 63804fed Linux 6.19-rc7
git tree: upstream
console output: https://syzkaller.appspot.com/x/log.txt?x=15ba3002580000
kernel config: https://syzkaller.appspot.com/x/.config?x=e2e5d7c9c1e01cf4
dashboard link: https://syzkaller.appspot.com/bug?extid=72f94b474d6e50b71ffc
compiler: Debian clang version 21.1.8 (++20251221033036+2078da43e25a-1~exp1~20251221153213.50), Debian LLD 21.1.8
patch: https://syzkaller.appspot.com/x/patch.diff?x=1214b9ac580000
^ permalink raw reply [flat|nested] 5+ messages in thread
* [syzbot] [comedi?] BUG: unable to handle kernel paging request in dt2815_attach
@ 2026-01-24 6:45 syzbot
0 siblings, 0 replies; 5+ messages in thread
From: syzbot @ 2026-01-24 6:45 UTC (permalink / raw)
To: abbotti, hsweeten, linux-kernel, syzkaller-bugs
Hello,
syzbot found the following issue on:
HEAD commit: c072629f05d7 Merge tag 'v6.19-p4' of git://git.kernel.org/..
git tree: upstream
console output: https://syzkaller.appspot.com/x/log.txt?x=158b8bfa580000
kernel config: https://syzkaller.appspot.com/x/.config?x=e2e5d7c9c1e01cf4
dashboard link: https://syzkaller.appspot.com/bug?extid=72f94b474d6e50b71ffc
compiler: Debian clang version 21.1.8 (++20251221033036+2078da43e25a-1~exp1~20251221153213.50), Debian LLD 21.1.8
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=10144452580000
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=1434df9a580000
Downloadable assets:
disk image (non-bootable): https://storage.googleapis.com/syzbot-assets/d900f083ada3/non_bootable_disk-c072629f.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/bd5acf0ccc3e/vmlinux-c072629f.xz
kernel image: https://storage.googleapis.com/syzbot-assets/ab6178baf781/bzImage-c072629f.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+72f94b474d6e50b71ffc@syzkaller.appspotmail.com
BUG: unable to handle page fault for address: fffffffffffffff0
#PF: supervisor write access in kernel mode
#PF: error_code(0x0002) - not-present page
PGD e14b067 P4D e14b067 PUD e14d067 PMD 0
Oops: Oops: 0002 [#1] SMP KASAN NOPTI
CPU: 0 UID: 0 PID: 5496 Comm: syz.0.17 Not tainted syzkaller #0 PREEMPT(full)
Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
RIP: 0010:__outb arch/x86/include/asm/shared/io.h:22 [inline]
RIP: 0010:dt2815_attach+0x5a3/0x8f0 drivers/comedi/drivers/dt2815.c:199
Code: e6 83 e6 60 31 ff e8 0c 7d e3 f8 41 83 e4 60 74 35 e8 c1 78 e3 f8 42 80 3c 2b 00 74 08 4c 89 ff e8 32 0b 4c f9 41 8b 17 ff c2 <31> 66 90 83 fd 63 75 1e e9 96 00 00 00 e8 9b 78 e3 f8 83 fd 63 75
RSP: 0018:ffffc90002a5fa78 EFLAGS: 00010206
RAX: ffffffff88df2f7f RBX: 1ffff110081a053a RCX: ffff888011d224c0
RDX: 000000000000007e RSI: 0000000000000060 RDI: 0000000000000000
RBP: 0000000000000001 R08: ffff888011d224c0 R09: 0000000000000002
R10: 0000000000000004 R11: 0000000000000000 R12: 0000000000000060
R13: dffffc0000000000 R14: ffffc90002a5fbc0 R15: ffff888040d029d0
FS: 000055555a3d0500(0000) GS:ffff88808cf1d000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: fffffffffffffff0 CR3: 0000000040fed000 CR4: 0000000000352ef0
Call Trace:
<TASK>
comedi_device_attach+0x51f/0x720 drivers/comedi/drivers.c:1069
do_devconfig_ioctl drivers/comedi/comedi_fops.c:928 [inline]
comedi_unlocked_ioctl+0x701/0x1240 drivers/comedi/comedi_fops.c:2240
vfs_ioctl fs/ioctl.c:51 [inline]
__do_sys_ioctl fs/ioctl.c:597 [inline]
__se_sys_ioctl+0xfc/0x170 fs/ioctl.c:583
do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
do_syscall_64+0xe2/0xf80 arch/x86/entry/syscall_64.c:94
entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f975339acb9
Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007ffc13841358 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
RAX: ffffffffffffffda RBX: 00007f9753615fa0 RCX: 00007f975339acb9
RDX: 0000200000000080 RSI: 0000000040946400 RDI: 0000000000000003
RBP: 00007f9753408bf7 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 00007f9753615fac R14: 00007f9753615fa0 R15: 00007f9753615fa0
</TASK>
Modules linked in:
CR2: fffffffffffffff0
---[ end trace 0000000000000000 ]---
RIP: 0010:__outb arch/x86/include/asm/shared/io.h:22 [inline]
RIP: 0010:dt2815_attach+0x5a3/0x8f0 drivers/comedi/drivers/dt2815.c:199
Code: e6 83 e6 60 31 ff e8 0c 7d e3 f8 41 83 e4 60 74 35 e8 c1 78 e3 f8 42 80 3c 2b 00 74 08 4c 89 ff e8 32 0b 4c f9 41 8b 17 ff c2 <31> 66 90 83 fd 63 75 1e e9 96 00 00 00 e8 9b 78 e3 f8 83 fd 63 75
RSP: 0018:ffffc90002a5fa78 EFLAGS: 00010206
RAX: ffffffff88df2f7f RBX: 1ffff110081a053a RCX: ffff888011d224c0
RDX: 000000000000007e RSI: 0000000000000060 RDI: 0000000000000000
RBP: 0000000000000001 R08: ffff888011d224c0 R09: 0000000000000002
R10: 0000000000000004 R11: 0000000000000000 R12: 0000000000000060
R13: dffffc0000000000 R14: ffffc90002a5fbc0 R15: ffff888040d029d0
FS: 000055555a3d0500(0000) GS:ffff88808cf1d000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: fffffffffffffff0 CR3: 0000000040fed000 CR4: 0000000000352ef0
----------------
Code disassembly (best guess):
0: e6 83 out %al,$0x83
2: e6 60 out %al,$0x60
4: 31 ff xor %edi,%edi
6: e8 0c 7d e3 f8 call 0xf8e37d17
b: 41 83 e4 60 and $0x60,%r12d
f: 74 35 je 0x46
11: e8 c1 78 e3 f8 call 0xf8e378d7
16: 42 80 3c 2b 00 cmpb $0x0,(%rbx,%r13,1)
1b: 74 08 je 0x25
1d: 4c 89 ff mov %r15,%rdi
20: e8 32 0b 4c f9 call 0xf94c0b57
25: 41 8b 17 mov (%r15),%edx
28: ff c2 inc %edx
* 2a: 31 66 90 xor %esp,-0x70(%rsi) <-- trapping instruction
2d: 83 fd 63 cmp $0x63,%ebp
30: 75 1e jne 0x50
32: e9 96 00 00 00 jmp 0xcd
37: e8 9b 78 e3 f8 call 0xf8e378d7
3c: 83 fd 63 cmp $0x63,%ebp
3f: 75 .byte 0x75
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzkaller@googlegroups.com.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
If the report is already addressed, let syzbot know by replying with:
#syz fix: exact-commit-title
If you want syzbot to run the reproducer, reply with:
#syz test: git://repo/address.git branch-or-commit-hash
If you attach or paste a git patch, syzbot will apply it before testing.
If you want to overwrite report's subsystems, reply with:
#syz set subsystems: new-subsystem
(See the list of subsystem names on the web dashboard)
If the report is a duplicate of another one, reply with:
#syz dup: exact-subject-of-another-report
If you want to undo deduplication, reply with:
#syz undup
^ permalink raw reply [flat|nested] 5+ messages in thread
end of thread, other threads:[~2026-01-26 7:04 UTC | newest]
Thread overview: 5+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
[not found] <20260126061729.9345-1-kartikey406@gmail.com>
2026-01-26 6:33 ` [syzbot] [comedi?] BUG: unable to handle kernel paging request in dt2815_attach syzbot
[not found] <20260126064243.10298-1-kartikey406@gmail.com>
2026-01-26 7:04 ` syzbot
[not found] <20260126054835.7392-1-kartikey406@gmail.com>
2026-01-26 6:04 ` syzbot
[not found] <20260126051936.5684-1-kartikey406@gmail.com>
2026-01-26 5:36 ` syzbot
2026-01-24 6:45 syzbot
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.