syzbot

 sign-in | mailing list | source | docs
🐞 Open [801]
🐞 Fixed [135]
🐞 Invalid [910]
Missing Backports [76]
Crashes
Kernel Health Bugs/Month Bug Lifetimes Fuzzing
💬 Send us feedback

BUG: unable to handle kernel paging request in fq_codel_enqueue

Status: upstream: reported on 2025/08/01 20:04
Reported-by: syzbot+339e7ece7243e5f5ff77@syzkaller.appspotmail.com
First crash: 81d, last: 31d
Similar bugs (10)
Kernel Title Rank 🛈 Repro Cause bisect Fix bisect Count Last Reported Patched Status
upstream general protection fault in fq_codel_enqueue (3) net 2 C inconclusive 5 1207d 1453d 22/29 fixed on 2023/02/24 13:50
linux-4.19 general protection fault in fq_codel_enqueue (2) 2 C error 14 1148d 1880d 0/1 upstream: reported C repro on 2020/08/28 22:42
android-5-10 general protection fault in fq_codel_enqueue (2) 2 2 547d 549d 0/2 auto-obsoleted due to no activity on 2024/07/20 23:55
android-5-15 general protection fault in fq_codel_enqueue 2 1 577d 577d 0/2 auto-obsoleted due to no activity on 2024/06/21 01:28
linux-4.14 general protection fault in fq_codel_enqueue 2 C inconclusive 6 1410d 2003d 0/1 upstream: reported C repro on 2020/04/27 21:56
linux-5.15 general protection fault in fq_codel_enqueue 2 2 2d00h 76d 0/3 upstream: reported on 2025/08/06 04:45
upstream general protection fault in fq_codel_enqueue (2) 2 C done 34 1480d 1880d 0/29 closed as invalid on 2021/10/07 21:22
android-5-10 general protection fault in fq_codel_enqueue 2 1 1182d 1182d 0/2 auto-obsoleted due to no activity on 2022/10/25 22:19
linux-4.19 general protection fault in fq_codel_enqueue 2 C done 5 1978d 2006d 1/1 fixed on 2020/06/21 14:03
upstream general protection fault in fq_codel_enqueue net 2 C done 25 1926d 2011d 15/29 fixed on 2020/07/17 17:58

Sample crash report:
Unable to handle kernel paging request at virtual address dfff800000000000
KASAN: null-ptr-deref in range [0x0000000000000000-0x0000000000000007]
Mem abort info:
  ESR = 0x0000000096000006
  EC = 0x25: DABT (current EL), IL = 32 bits
  SET = 0, FnV = 0
  EA = 0, S1PTW = 0
  FSC = 0x06: level 2 translation fault
Data abort info:
  ISV = 0, ISS = 0x00000006
  CM = 0, WnR = 0
[dfff800000000000] address between user and kernel address ranges
Internal error: Oops: 0000000096000006 [#1] PREEMPT SMP
Modules linked in:
CPU: 1 PID: 21 Comm: ksoftirqd/1 Not tainted syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/30/2025
pstate: 42400005 (nZcv daif +PAN -UAO +TCO -DIT -SSBS BTYPE=--)
pc : dequeue_head net/sched/sch_fq_codel.c:120 [inline]
pc : fq_codel_drop net/sched/sch_fq_codel.c:168 [inline]
pc : fq_codel_enqueue+0x79c/0xf38 net/sched/sch_fq_codel.c:230
lr : fq_codel_drop net/sched/sch_fq_codel.c:162 [inline]
lr : fq_codel_enqueue+0x728/0xf38 net/sched/sch_fq_codel.c:230
sp : ffff80001c937320
x29: ffff80001c937430 x28: 0000000000000000 x27: 0000000000000000
x26: 0000000000000000 x25: 0000000000000001 x24: ffff0000ea2a0000
x23: 0000000000000000 x22: ffff0000c36fcad0 x21: ffff80001c937620
x20: dfff800000000000 x19: 0000000000000000 x18: 000000006bbcf466
x17: 00000000ffff0000 x16: ffff8000082d22d4 x15: 0000000000000000
x14: 0000000000000003 x13: 1ffff00002a180b1 x12: 0000000000ff0100
x11: ff0080000ffaca10 x10: 0000000000000000 x9 : 1fffe0001d454000
x8 : 0000000000000000 x7 : ffff8000083b9864 x6 : 0000000000000000
x5 : 0000000000000080 x4 : 0000000000000001 x3 : 0000000000000000
x2 : ffff0000c36fcb28 x1 : 0000000000000000 x0 : 0000000000000000
Call trace:
 dequeue_head net/sched/sch_fq_codel.c:120 [inline]
 fq_codel_drop net/sched/sch_fq_codel.c:168 [inline]
 fq_codel_enqueue+0x79c/0xf38 net/sched/sch_fq_codel.c:230
 qdisc_enqueue include/net/sch_generic.h:816 [inline]
 tbf_enqueue+0x2dc/0x610 net/sched/sch_tbf.c:257
 dev_qdisc_enqueue+0x5c/0x38c net/core/dev.c:3875
 __dev_xmit_skb net/core/dev.c:3964 [inline]
 __dev_queue_xmit+0xad0/0x309c net/core/dev.c:4312
 dev_queue_xmit include/linux/netdevice.h:3051 [inline]
 tipc_l2_send_msg+0x29c/0x35c net/tipc/bearer.c:518
 tipc_bearer_xmit_skb+0x244/0x384 net/tipc/bearer.c:577
 tipc_disc_timeout+0x4c8/0x608 net/tipc/discover.c:338
 call_timer_fn+0x1b8/0x964 kernel/time/timer.c:1504
 expire_timers kernel/time/timer.c:1549 [inline]
 __run_timers+0x460/0x6bc kernel/time/timer.c:1820
 run_timer_softirq+0x7c/0x114 kernel/time/timer.c:1833
 handle_softirqs+0x318/0xc6c kernel/softirq.c:596
 run_ksoftirqd+0x7c/0x2a0 kernel/softirq.c:963
 smpboot_thread_fn+0x4b0/0x964 kernel/smpboot.c:164
 kthread+0x250/0x2d8 kernel/kthread.c:376
 ret_from_fork+0x10/0x20 arch/arm64/kernel/entry.S:850
Code: aa1803e0 9624a7a8 f9400317 d343fee8 (38746908) 
---[ end trace 0000000000000000 ]---
----------------
Code disassembly (best guess):
   0:	aa1803e0 	mov	x0, x24
   4:	9624a7a8 	bl	0xfffffffff8929ea4
   8:	f9400317 	ldr	x23, [x24]
   c:	d343fee8 	lsr	x8, x23, #3
* 10:	38746908 	ldrb	w8, [x8, x20] <-- trapping instruction

Crashes (13):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2025/09/02 21:49 linux-6.1.y f89b6e15694c 96a211bc .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan-arm64 BUG: unable to handle kernel paging request in fq_codel_enqueue
2025/08/30 08:18 linux-6.1.y f89b6e15694c 807a3b61 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan-arm64 BUG: unable to handle kernel paging request in fq_codel_enqueue
2025/08/01 20:04 linux-6.1.y 3594f306da12 40127d41 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan-arm64 BUG: unable to handle kernel paging request in fq_codel_enqueue
2025/08/01 20:04 linux-6.1.y 3594f306da12 40127d41 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan-arm64 BUG: unable to handle kernel paging request in fq_codel_enqueue
2025/09/20 22:33 linux-6.1.y 363a599da6d9 67c37560 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan general protection fault in fq_codel_enqueue
2025/09/18 13:54 linux-6.1.y 3db754f56897 e2beed91 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan general protection fault in fq_codel_enqueue
2025/08/26 21:56 linux-6.1.y 0bc96de781b4 e12e5ba4 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan general protection fault in fq_codel_enqueue
2025/08/22 08:13 linux-6.1.y 0bc96de781b4 bf27483f .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan general protection fault in fq_codel_enqueue
2025/08/20 19:30 linux-6.1.y 0bc96de781b4 0b9605c8 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan general protection fault in fq_codel_enqueue
2025/08/12 22:44 linux-6.1.y 3594f306da12 22ec1469 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan general protection fault in fq_codel_enqueue
2025/08/01 21:00 linux-6.1.y 3594f306da12 40127d41 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan general protection fault in fq_codel_enqueue
2025/08/01 20:58 linux-6.1.y 3594f306da12 40127d41 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan general protection fault in fq_codel_enqueue
2025/08/01 20:57 linux-6.1.y 3594f306da12 40127d41 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan general protection fault in fq_codel_enqueue
* Struck through repros no longer work on HEAD.