general protection fault in rose_transmit

Date	Name	Commit	Repro	Result
2026/04/08	upstream (ToT)	3036cd0d3328	C	Didn't crash

Date

Name

Commit

Repro

Result

2026/04/08

upstream (ToT)

3036cd0d3328

Didn't crash

Kernel	Title	Rank 🛈	Repro	Cause bisect	Fix bisect	Count	Last	Reported	Patched	Status
upstream	general protection fault in rose_transmit_link (3) hams	10				27	770d	1397d	0/29	auto-obsoleted due to no activity on 2024/06/26 03:46
upstream	general protection fault in rose_transmit_link (2) hams	2				3	1527d	1544d	0/29	auto-closed as invalid on 2022/05/21 05:59
upstream	general protection fault in rose_transmit_link (4) hams	21	C	error		2058	31d	101d	27/29	upstream: reported C repro on 2026/01/15 20:26
upstream	general protection fault in rose_transmit_link hams	2				1	2456d	2452d	0/29	auto-closed as invalid on 2019/11/03 18:16
linux-4.19	general protection fault in rose_transmit_link	2				1	1549d	1549d	0/1	auto-closed as invalid on 2022/05/29 13:41
linux-5.15	KASAN: use-after-free Read in rose_transmit_link origin:upstream	19	C			214	3h56m	359d	0/3	upstream: reported C repro on 2025/05/03 13:00
linux-6.1	KASAN: use-after-free Read in rose_transmit_link	19				75	185d	354d	0/3	auto-obsoleted due to no activity on 2026/01/02 00:59
linux-6.1	BUG: unable to handle kernel paging request in rose_transmit_link	8	C		error	3	68d	68d	0/3	upstream: reported C repro on 2026/02/17 22:46
linux-6.6	KASAN: slab-use-after-free Read in rose_transmit_link origin:upstream missing-backport	19	C		done	43	237d	297d	2/2	fixed on 2025/10/12 11:51

general protection fault, probably for non-canonical address 0xdffffc0000000006: 0000 [#1] PREEMPT SMP KASAN KASAN: null-ptr-deref in range [0x0000000000000030-0x0000000000000037] CPU: 0 PID: 27869 Comm: syz.6.6416 Not tainted syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 RIP: 0010:rose_transmit_link+0x32/0x740 net/rose/rose_link.c:266 Code: 56 41 55 41 54 53 48 83 ec 18 48 89 f5 49 89 fc 49 be 00 00 00 00 00 fc ff df e8 49 b6 0d f8 4c 8d 7d 36 4c 89 f8 48 c1 e8 03 <42> 0f b6 04 30 84 c0 0f 85 65 05 00 00 41 0f b6 1f 31 ff 89 de e8 RSP: 0018:ffffc9000470f910 EFLAGS: 00010207 RAX: 0000000000000006 RBX: 0000000000000000 RCX: 0000000000080000 RDX: ffffc9000ffd5000 RSI: 000000000000a9bf RDI: 000000000000a9c0 RBP: 0000000000000000 R08: ffff88802f661e00 R09: 0000000000000008 R10: 000000000000000f R11: 0000000000000002 R12: ffff88804136b8c0 R13: dffffc0000000000 R14: dffffc0000000000 R15: 0000000000000036 FS: 00007f7e404556c0(0000) GS:ffff8880b8e00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 0000001b30420ff8 CR3: 00000000645de000 CR4: 00000000003506f0 DR0: 0000000000000008 DR1: 0000000000000007 DR2: 0000000000000004 DR3: 0000000000000008 DR6: 00000000ffff0ff0 DR7: 0000000000000400 Call Trace: <TASK> rose_write_internal+0x124b/0x1b50 net/rose/rose_subr.c:198 rose_release+0x236/0x4e0 net/rose/af_rose.c:671 __sock_release net/socket.c:659 [inline] sock_close+0xbd/0x230 net/socket.c:1420 __fput+0x234/0x970 fs/file_table.c:384 task_work_run+0x1d4/0x260 kernel/task_work.c:245 get_signal+0x1235/0x13f0 kernel/signal.c:2678 arch_do_signal_or_restart+0xc2/0x800 arch/x86/kernel/signal.c:310 exit_to_user_mode_loop+0x70/0x110 kernel/entry/common.c:174 exit_to_user_mode_prepare+0xee/0x180 kernel/entry/common.c:210 __syscall_exit_to_user_mode_work kernel/entry/common.c:291 [inline] syscall_exit_to_user_mode+0x1a/0x50 kernel/entry/common.c:302 do_syscall_64+0x61/0xa0 arch/x86/entry/common.c:82 entry_SYSCALL_64_after_hwframe+0x68/0xd2 RIP: 0033:0x7f7e3f59c629 Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 RSP: 002b:00007f7e40455028 EFLAGS: 00000246 ORIG_RAX: 000000000000002a RAX: 0000000000000000 RBX: 00007f7e3f815fa0 RCX: 00007f7e3f59c629 RDX: 000000000000001c RSI: 0000200000000040 RDI: 0000000000000004 RBP: 00007f7e3f632b39 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 R13: 00007f7e3f816038 R14: 00007f7e3f815fa0 R15: 00007fff869f3d98 </TASK> Modules linked in: ---[ end trace 0000000000000000 ]--- RIP: 0010:rose_transmit_link+0x32/0x740 net/rose/rose_link.c:266 Code: 56 41 55 41 54 53 48 83 ec 18 48 89 f5 49 89 fc 49 be 00 00 00 00 00 fc ff df e8 49 b6 0d f8 4c 8d 7d 36 4c 89 f8 48 c1 e8 03 <42> 0f b6 04 30 84 c0 0f 85 65 05 00 00 41 0f b6 1f 31 ff 89 de e8 RSP: 0018:ffffc9000470f910 EFLAGS: 00010207 RAX: 0000000000000006 RBX: 0000000000000000 RCX: 0000000000080000 RDX: ffffc9000ffd5000 RSI: 000000000000a9bf RDI: 000000000000a9c0 RBP: 0000000000000000 R08: ffff88802f661e00 R09: 0000000000000008 R10: 000000000000000f R11: 0000000000000002 R12: ffff88804136b8c0 R13: dffffc0000000000 R14: dffffc0000000000 R15: 0000000000000036 FS: 00007f7e404556c0(0000) GS:ffff8880b8e00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 0000001b30420ff8 CR3: 00000000645de000 CR4: 00000000003506f0 DR0: 0000000000000008 DR1: 0000000000000007 DR2: 0000000000000004 DR3: 0000000000000008 DR6: 00000000ffff0ff0 DR7: 0000000000000400 ---------------- Code disassembly (best guess): 0: 56 push %rsi 1: 41 55 push %r13 3: 41 54 push %r12 5: 53 push %rbx 6: 48 83 ec 18 sub $0x18,%rsp a: 48 89 f5 mov %rsi,%rbp d: 49 89 fc mov %rdi,%r12 10: 49 be 00 00 00 00 00 movabs $0xdffffc0000000000,%r14 17: fc ff df 1a: e8 49 b6 0d f8 call 0xf80db668 1f: 4c 8d 7d 36 lea 0x36(%rbp),%r15 23: 4c 89 f8 mov %r15,%rax 26: 48 c1 e8 03 shr $0x3,%rax * 2a: 42 0f b6 04 30 movzbl (%rax,%r14,1),%eax <-- trapping instruction 2f: 84 c0 test %al,%al 31: 0f 85 65 05 00 00 jne 0x59c 37: 41 0f b6 1f movzbl (%r15),%ebx 3b: 31 ff xor %edi,%edi 3d: 89 de mov %ebx,%esi 3f: e8 .byte 0xe8

Time	Kernel	Commit	Syzkaller	Config	Log	Report	Syz repro	C repro	VM info	Assets (help?)	Manager	Title
2026/02/18 21:04	linux-6.6.y	56865d9b7074	77d4d919	.config	console log	report			info	[disk image] [vmlinux] [kernel image]	ci2-linux-6-6-kasan	general protection fault in rose_transmit_link
2026/02/18 09:20	linux-6.6.y	56865d9b7074	39751c21	.config	console log	report			info	[disk image] [vmlinux] [kernel image]	ci2-linux-6-6-kasan	general protection fault in rose_transmit_link
2026/01/07 07:52	linux-6.6.y	5fa4793a2d2d	d6526ea3	.config	console log	report	syz / log	C		[disk image] [vmlinux] [kernel image]	ci2-linux-6-6-kasan	general protection fault in rose_transmit_link
2026/01/07 05:51	linux-6.6.y	5fa4793a2d2d	d6526ea3	.config	console log	report	syz / log	C		[disk image] [vmlinux] [kernel image]	ci2-linux-6-6-kasan	general protection fault in rose_transmit_link
2026/01/07 03:57	linux-6.6.y	5fa4793a2d2d	d6526ea3	.config	console log	report	syz / log	C		[disk image] [vmlinux] [kernel image]	ci2-linux-6-6-kasan	general protection fault in rose_transmit_link
2026/01/07 02:13	linux-6.6.y	5fa4793a2d2d	d6526ea3	.config	console log	report	syz / log	C		[disk image] [vmlinux] [kernel image]	ci2-linux-6-6-kasan	general protection fault in rose_transmit_link
2026/01/07 00:25	linux-6.6.y	5fa4793a2d2d	d6526ea3	.config	console log	report	syz / log	C		[disk image] [vmlinux] [kernel image]	ci2-linux-6-6-kasan	general protection fault in rose_transmit_link
2026/01/06 22:32	linux-6.6.y	5fa4793a2d2d	d6526ea3	.config	console log	report	syz / log	C		[disk image] [vmlinux] [kernel image]	ci2-linux-6-6-kasan	general protection fault in rose_transmit_link
2026/01/06 20:45	linux-6.6.y	5fa4793a2d2d	d6526ea3	.config	console log	report	syz / log	C		[disk image] [vmlinux] [kernel image]	ci2-linux-6-6-kasan	general protection fault in rose_transmit_link
2026/01/06 18:54	linux-6.6.y	5fa4793a2d2d	d6526ea3	.config	console log	report			info	[disk image] [vmlinux] [kernel image]	ci2-linux-6-6-kasan	general protection fault in rose_transmit_link