syzbot

 sign-in | mailing list | source | docs
🐞 Open [78]
🐞 Fixed [22]
🐞 Invalid [368]
Crashes
Kernel Health Bugs/Month Bug Lifetimes Fuzzing
💬 Send us feedback

BUG: unable to handle kernel paging request in qlist_free_all

Status: auto-obsoleted due to no activity on 2025/07/08 02:12
First crash: 101d, last: 101d
Similar bugs (9)
Kernel Title Rank 🛈 Repro Cause bisect Fix bisect Count Last Reported Patched Status
linux-4.19 BUG: unable to handle kernel NULL pointer dereference in qlist_free_all (2) 10 8 1282d 1519d 0/1 auto-closed as invalid on 2022/05/13 11:55
upstream BUG: unable to handle kernel paging request in qlist_free_all (2) mm 8 4 2784d 2790d 0/29 closed as invalid on 2017/12/05 10:45
upstream BUG: unable to handle kernel paging request in qlist_free_all (5) fs 8 2 2304d 2306d 0/29 auto-closed as invalid on 2019/09/24 08:20
upstream BUG: unable to handle kernel paging request in qlist_free_all mm 8 1 2818d 2818d 0/29 closed as invalid on 2017/10/30 13:35
upstream BUG: unable to handle kernel paging request in qlist_free_all (7) kernel 10 20 1323d 1544d 0/29 auto-closed as invalid on 2022/03/03 13:56
upstream BUG: unable to handle kernel paging request in qlist_free_all (4) kernel 8 syz 17 2567d 2687d 0/29 closed as dup on 2018/07/08 14:57
upstream BUG: unable to handle kernel paging request in qlist_free_all (6) kernfs 8 1 1747d 1743d 0/29 auto-closed as invalid on 2021/01/03 14:25
upstream BUG: unable to handle kernel NULL pointer dereference in qlist_free_all (9) net 10 1 162d 162d 0/29 closed as invalid on 2025/03/17 11:18
linux-4.14 BUG: unable to handle kernel NULL pointer dereference in qlist_free_all (2) 10 3 1526d 1550d 0/1 auto-closed as invalid on 2021/09/12 03:17

Sample crash report:
BUG: unable to handle page fault for address: ffff8881e6a39000
#PF: supervisor read access in kernel mode
#PF: error_code(0x0000) - not-present page
PGD 7801067 P4D 7801067 PUD 1e1d5b063 PMD 1dd85b063 PTE ffff8881d7e3a268
Oops: 0000 [#1] PREEMPT SMP KASAN
CPU: 0 PID: 164 Comm: udevd Not tainted 5.4.290-syzkaller-00002-g41adfeb3d639 #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
RIP: 0010:qlist_free_all+0x3b/0xb0 mm/kasan/quarantine.c:165
Code: ff 0f 84 85 00 00 00 49 89 f5 49 bf 00 00 00 00 00 ea ff ff 49 bc 00 00 00 80 7f 77 00 00 eb 1a 48 ff c9 48 89 c8 48 8b 70 18 <48> 8b 1f e8 0d 05 00 00 48 89 df 48 85 db 74 3b 4c 89 ee 4d 85 ed
RSP: 0018:ffff8881ec1afa58 EFLAGS: 00010286
RAX: ffffea00079a8e00 RBX: ffff8881e6a39000 RCX: ffffea00079a8e00
RDX: 0000000080100009 RSI: ffff8881f5c0c000 RDI: ffff8881e6a39000
RBP: 00000000000002f2 R08: ffff8881e7ca1e00 R09: ffffffff81944010
R10: ffff8881e7ca1e00 R11: dffffc0000000001 R12: 0000777f80000000
R13: 0000000000000000 R14: ffff8881ec1afa88 R15: ffffea0000000000
FS:  00007fdffad17c80(0000) GS:ffff8881f6e00000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: ffff8881e6a39000 CR3: 00000001edbbc000 CR4: 00000000003406b0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000600
Call Trace:
 quarantine_reduce+0x1d9/0x210 mm/kasan/quarantine.c:260
 __kasan_kmalloc+0x41/0x210 mm/kasan/common.c:507
 slab_post_alloc_hook mm/slab.h:584 [inline]
 slab_alloc_node mm/slub.c:2829 [inline]
 slab_alloc mm/slub.c:2837 [inline]
 kmem_cache_alloc+0xd9/0x250 mm/slub.c:2842
 getname_flags+0xb8/0x4e0 fs/namei.c:141
 user_path_at_empty+0x28/0x50 fs/namei.c:2703
 do_readlinkat+0x114/0x3a0 fs/stat.c:398
 __do_sys_readlink fs/stat.c:431 [inline]
 __se_sys_readlink fs/stat.c:428 [inline]
 __x64_sys_readlink+0x7b/0x90 fs/stat.c:428
 do_syscall_64+0xca/0x1c0 arch/x86/entry/common.c:290
 entry_SYSCALL_64_after_hwframe+0x5c/0xc1
RIP: 0033:0x7fdffae43d47
Code: 73 01 c3 48 8b 0d e1 90 0d 00 f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 b8 59 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 8b 0d b1 90 0d 00 f7 d8 64 89 01 48
RSP: 002b:00007ffd3bb06b28 EFLAGS: 00000246 ORIG_RAX: 0000000000000059
RAX: ffffffffffffffda RBX: 00007ffd3bb06b38 RCX: 00007fdffae43d47
RDX: 0000000000000400 RSI: 00007ffd3bb06b38 RDI: 00007ffd3bb07018
RBP: 0000000000000400 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000007 R11: 0000000000000246 R12: 00007ffd3bb07018
R13: 00007ffd3bb06f88 R14: 0000562913b942c0 R15: 0000000000000000
Modules linked in:
CR2: ffff8881e6a39000
---[ end trace d2fbb6d0c28e2eb0 ]---
RIP: 0010:qlist_free_all+0x3b/0xb0 mm/kasan/quarantine.c:165
Code: ff 0f 84 85 00 00 00 49 89 f5 49 bf 00 00 00 00 00 ea ff ff 49 bc 00 00 00 80 7f 77 00 00 eb 1a 48 ff c9 48 89 c8 48 8b 70 18 <48> 8b 1f e8 0d 05 00 00 48 89 df 48 85 db 74 3b 4c 89 ee 4d 85 ed
RSP: 0018:ffff8881ec1afa58 EFLAGS: 00010286
RAX: ffffea00079a8e00 RBX: ffff8881e6a39000 RCX: ffffea00079a8e00
RDX: 0000000080100009 RSI: ffff8881f5c0c000 RDI: ffff8881e6a39000
RBP: 00000000000002f2 R08: ffff8881e7ca1e00 R09: ffffffff81944010
R10: ffff8881e7ca1e00 R11: dffffc0000000001 R12: 0000777f80000000
R13: 0000000000000000 R14: ffff8881ec1afa88 R15: ffffea0000000000
FS:  00007fdffad17c80(0000) GS:ffff8881f6e00000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: ffff8881e6a39000 CR3: 00000001edbbc000 CR4: 00000000003406b0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000600
----------------
Code disassembly (best guess):
   0:	ff 0f                	decl   (%rdi)
   2:	84 85 00 00 00 49    	test   %al,0x49000000(%rbp)
   8:	89 f5                	mov    %esi,%ebp
   a:	49 bf 00 00 00 00 00 	movabs $0xffffea0000000000,%r15
  11:	ea ff ff
  14:	49 bc 00 00 00 80 7f 	movabs $0x777f80000000,%r12
  1b:	77 00 00
  1e:	eb 1a                	jmp    0x3a
  20:	48 ff c9             	dec    %rcx
  23:	48 89 c8             	mov    %rcx,%rax
  26:	48 8b 70 18          	mov    0x18(%rax),%rsi
* 2a:	48 8b 1f             	mov    (%rdi),%rbx <-- trapping instruction
  2d:	e8 0d 05 00 00       	call   0x53f
  32:	48 89 df             	mov    %rbx,%rdi
  35:	48 85 db             	test   %rbx,%rbx
  38:	74 3b                	je     0x75
  3a:	4c 89 ee             	mov    %r13,%rsi
  3d:	4d 85 ed             	test   %r13,%r13

Crashes (1):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2025/04/09 02:09 android12-5.4 41adfeb3d639 a775275d .config console log report info [disk image] [vmlinux] [kernel image] ci2-android-5-4-perf-kasan BUG: unable to handle kernel paging request in qlist_free_all
* Struck through repros no longer work on HEAD.