syzbot

 sign-in | mailing list | source | docs
🐞 Open [885]
🐞 Fixed [141]
🐞 Invalid [1018]
Missing Backports [73]
Crashes
Kernel Health Bugs/Month Bug Lifetimes Fuzzing
💬 Send us feedback

BUG: unable to handle kernel paging request in rose_transmit_link

Status: upstream: reported C repro on 2026/02/17 22:46
Reported-by: syzbot+55358196b0552f16868f@syzkaller.appspotmail.com
First crash: 3d18h, last: 3d15h
Bug presence (1)
Date Name Commit Repro Result
2026/02/18 upstream (ToT) 2961f841b025 C Failed due to an error; will retry later
Similar bugs (8)
Kernel Title Rank 🛈 Repro Cause bisect Fix bisect Count Last Reported Patched Status
upstream general protection fault in rose_transmit_link (3) hams 10 27 705d 1332d 0/29 auto-obsoleted due to no activity on 2024/06/26 03:46
linux-6.1 KASAN: use-after-free Read in rose_transmit_link 19 75 120d 289d 0/3 auto-obsoleted due to no activity on 2026/01/02 00:59
upstream general protection fault in rose_transmit_link (4) hams 21 C error 1866 4h41m 36d 0/29 upstream: reported C repro on 2026/01/15 20:26
linux-5.15 KASAN: use-after-free Read in rose_transmit_link origin:upstream 19 C 143 7d17h 294d 0/3 upstream: reported C repro on 2025/05/03 13:00
linux-6.6 general protection fault in rose_transmit_link origin:upstream 2 C error 10 2d19h 45d 0/2 upstream: reported C repro on 2026/01/06 18:54
upstream general protection fault in rose_transmit_link (2) hams 2 3 1462d 1479d 0/29 auto-closed as invalid on 2022/05/21 05:59
linux-4.19 general protection fault in rose_transmit_link 2 1 1484d 1484d 0/1 auto-closed as invalid on 2022/05/29 13:41
linux-6.6 KASAN: slab-use-after-free Read in rose_transmit_link origin:upstream missing-backport 19 C done 43 172d 232d 2/2 fixed on 2025/10/12 11:51

Sample crash report:
IPv6: ADDRCONF(NETDEV_CHANGE): bpq0: link becomes ready
Unable to handle kernel paging request at virtual address dfff800000000006
KASAN: null-ptr-deref in range [0x0000000000000030-0x0000000000000037]
Mem abort info:
  ESR = 0x0000000096000006
  EC = 0x25: DABT (current EL), IL = 32 bits
  SET = 0, FnV = 0
  EA = 0, S1PTW = 0
  FSC = 0x06: level 2 translation fault
Data abort info:
  ISV = 0, ISS = 0x00000006
  CM = 0, WnR = 0
[dfff800000000006] address between user and kernel address ranges
Internal error: Oops: 0000000096000006 [#1] PREEMPT SMP
Modules linked in:
CPU: 1 PID: 4455 Comm: syz.0.17 Not tainted syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/03/2025
pstate: 82400005 (Nzcv daif +PAN -UAO +TCO -DIT -SSBS BTYPE=--)
pc : rose_transmit_link+0x40/0x668 net/rose/rose_link.c:266
lr : rose_transmit_link+0x34/0x668 net/rose/rose_link.c:263
sp : ffff800021567760
x29: ffff800021567760 x28: dfff800000000000 x27: ffff7000042acefc
x26: dfff800000000000 x25: 0000000000000032 x24: 0000000000000000
x23: ffff0000d4aec5ad x22: 0000000000000000 x21: 0000000000000036
x20: ffff0000d14d1280 x19: 0000000000000000 x18: ffff800011b8bf60
x17: ffff80000fd47170 x16: ffff8000082d9364 x15: 0000000000000000
x14: 000000000000000f x13: 0000000000ff0100 x12: 0000000000ff0100
x11: ff00800010b80a94 x10: 0000000000000000 x9 : 0000000000000006
x8 : 0000000000000006 x7 : 0000000000000000 x6 : 000000000000003f
x5 : 0000000000000040 x4 : 0000000000000000 x3 : ffff80000fd637bc
x2 : 0000000000000001 x1 : 0000000000000000 x0 : ffff0000d14d1280
Call trace:
 rose_transmit_link+0x40/0x668 net/rose/rose_link.c:266
 rose_write_internal+0xefc/0x17d0 net/rose/rose_subr.c:198
 rose_release+0x208/0x4d4 net/rose/af_rose.c:671
 __sock_release net/socket.c:654 [inline]
 sock_close+0xb4/0x1f8 net/socket.c:1399
 __fput+0x1bc/0x7b8 fs/file_table.c:320
 ____fput+0x20/0x30 fs/file_table.c:348
 task_work_run+0x1ec/0x278 kernel/task_work.c:203
 get_signal+0x111c/0x1304 kernel/signal.c:2648
 do_signal arch/arm64/kernel/signal.c:1095 [inline]
 do_notify_resume+0x33c/0x2aa4 arch/arm64/kernel/signal.c:1148
 prepare_exit_to_user_mode arch/arm64/kernel/entry-common.c:137 [inline]
 exit_to_user_mode arch/arm64/kernel/entry-common.c:142 [inline]
 el0_svc+0x98/0x128 arch/arm64/kernel/entry-common.c:638
 el0t_64_sync_handler+0x84/0xf0 arch/arm64/kernel/entry-common.c:655
 el0t_64_sync+0x18c/0x190 arch/arm64/kernel/entry.S:585
Code: 97d1b2a8 9100da75 d343fea8 12000aa9 (38fa6908) 
---[ end trace 0000000000000000 ]---
----------------
Code disassembly (best guess):
   0:	97d1b2a8 	bl	0xffffffffff46caa0
   4:	9100da75 	add	x21, x19, #0x36
   8:	d343fea8 	lsr	x8, x21, #3
   c:	12000aa9 	and	w9, w21, #0x7
* 10:	38fa6908 	ldrsb	w8, [x8, x26] <-- trapping instruction

Crashes (3):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2026/02/18 00:58 linux-6.1.y 8ce36b2849ef 06ec4f7b .config console log report syz / log C [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan-arm64 BUG: unable to handle kernel paging request in rose_transmit_link
2026/02/17 22:46 linux-6.1.y 8ce36b2849ef 06ec4f7b .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan-arm64 BUG: unable to handle kernel paging request in rose_transmit_link
2026/02/17 22:46 linux-6.1.y 8ce36b2849ef 06ec4f7b .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan-arm64 BUG: unable to handle kernel paging request in rose_transmit_link
* Struck through repros no longer work on HEAD.