syzbot

 sign-in | mailing list | source | docs | 🏰
🐞 Open [1340]
Subsystems
🐞 Fixed [7118]
🐞 Invalid [18801]
Missing Backports [220]
Crashes
Kernel Health Bugs/Month Bug Lifetimes Fuzzing
Total Repo Heatmap Subsystems Heatmap
✨ AI
💬 Send us feedback

BUG: unable to handle kernel paging request in evict (2)

Status: upstream: reported C repro on 2024/11/25 06:06
Subsystems: jfs
[Documentation on labels]
Reported-by: syzbot+34226167ebf8da2171a9@syzkaller.appspotmail.com
First crash: 647d, last: 129d
Cause bisection: the issue happens on the oldest tested release (bisect log)
Crash: KASAN: use-after-free Write in diWrite (log)
Repro: C syz .config
  
Fix bisection: failed (error log, bisect log)
  
✨ AI Jobs (1)
ID Workflow Result Correct Bug Created Started Finished Revision Error
bfd94631-4f92-4494-a650-7599a4d153c8 assessment-security 💥 BUG: unable to handle kernel paging request in evict (2) 2026/05/25 03:00 2026/05/25 03:00 2026/05/25 03:28 c69befb30ac10e158cc9d1557b508ee3f0eca1de failed to run ["make" "KERNELVERSION=syzkaller" "KERNELRELEASE=syzkaller" "LOCALVERSION=-syzkaller" "-j" "32" "ARCH=x86_64" "CC=ccache clang" "LD=ld.lld" "O=/app/workdir/cache/build/47f88a867e6eafd5363f07947ca0e0cc5deee3a8" "-s" "bzImage" "compile_commands.json"]: exit status 2 Root cause: ld.lld: error: undefined symbol: wcslen * * Restart config... * * * General setup * Compile also drivers which will not load (COMPILE_TEST) [N/y/?] n Compile the kernel with warnings as errors (WERROR) [N/y/?] n Local version - append to kernel release (LOCALVERSION) [] Automatically append version information to the version string (LOCALVERSION_AUTO) [Y/n/?] y Build ID Salt (BUILD_SALT) [] Kernel compression mode > 1. Gzip (KERNEL_GZIP) 2. Bzip2 (KERNEL_BZIP2) 3. LZMA (KERNEL_LZMA) 4. XZ (KERNEL_XZ) 5. LZO (KERNEL_LZO) 6. LZ4 (KERNEL_LZ4) 7. ZSTD (KERNEL_ZSTD) choice[1-7?]: 1 Default init path (DEFAULT_INIT) [] Default hostname (DEFAULT_HOSTNAME) [(none)] (none) System V IPC (SYSVIPC) [Y/n/?] y POSIX Message Queues (POSIX_MQUEUE) [Y/n/?] y General notification queue (WATCH_QUEUE) [Y/n/?] y Enable process_vm_readv/writev syscalls (CROSS_MEMORY_ATTACH) [Y/n/?] y uselib syscall (for libc5 and earlier) (USELIB) [N/y/?] n Auditing support (AUDIT) [Y/n/?] y Preemption Model 1. No Forced Preemption (Server) (PREEMPT_NONE) 2. Voluntary Kernel Preemption (Desktop) (PREEMPT_VOLUNTARY) > 3. Preemptible Kernel (Low-Latency Desktop) (PREEMPT) 4. Scheduler controlled preemption model (PREEMPT_LAZY) choice[1-4?]: 3 Fully Preemptible Kernel (Real-Time) (PREEMPT_RT) [N/y/?] n Preemption behaviour defined on boot (PREEMPT_DYNAMIC) [Y/n/?] y Core Scheduling for SMT (SCHED_CORE) [Y/n/?] y CPU isolation (CPU_ISOLATION) [Y/n/?] y Kernel .config support (IKCONFIG) [Y/n/m/?] y Enable access to .config through /proc/config.gz (IKCONFIG_PROC) [Y/n/?] y Enable kernel headers through /sys/kernel/kheaders.tar.xz (IKHEADERS) [N/m/y/?] n Kernel log buffer size (16 => 64KB, 17 => 128KB) (LOG_BUF_SHIFT) [18] 18 CPU kernel log buffer size contribution (13 => 8 KB, 17 => 128KB) (LOG_CPU_MAX_BUF_SHIFT) [12] 12 Printk indexing debugfs interface (PRINTK_INDEX) [N/y/?] n Memory placement aware NUMA scheduler (NUMA_BALANCING) [Y/n/?] y Automatically enable NUMA aware memory/task placement (NUMA_BALANCING_DEFAULT_ENABLED) [Y/n/?] y Checkpoint/restore support (CHECKPOINT_RESTORE) [Y/n/?] y Automatic process group scheduling (SCHED_AUTOGROUP) [N/y/?] n Kernel->user space relay support (formerly relayfs) (RELAY) [Y/?] y Initial RAM filesystem and RAM disk (initramfs/initrd) support (BLK_DEV_INITRD) [Y/n/?] y Initramfs source file(s) (INITRAMFS_SOURCE) [] Support initial ramdisk/ramfs compressed using gzip (RD_GZIP) [Y/n/?] y Support initial ramdisk/ramfs compressed using bzip2 (RD_BZIP2) [Y/n/?] y Support initial ramdisk/ramfs compressed using LZMA (RD_LZMA) [Y/n/?] y Support initial ramdisk/ramfs compressed using XZ (RD_XZ) [Y/n/?] y Support initial ramdisk/ramfs compressed using LZO (RD_LZO) [Y/n/?] y Support initial ramdisk/ramfs compressed using LZ4 (RD_LZ4) [Y/n/?] y Support initial ramdisk/ramfs compressed using ZSTD (RD_ZSTD) [Y/n/?] y Boot config support (BOOT_CONFIG) [N/y/?] n Preserve cpio archive mtimes in initramfs (INITRAMFS_PRESERVE_MTIME) [Y/n/?] y Compiler optimization level > 1. Optimize for performance (-O2) (CC_OPTIMIZE_FOR_PERFORMANCE) 2. Optimize for size (-Os) (CC_OPTIMIZE_FOR_SIZE) choice[1-2?]: 1 Enable madvise/fadvise syscalls (ADVISE_SYSCALLS) [Y/n/?] y Enable membarrier() system call (MEMBARRIER) [Y/?] y Enable kcmp() system call (KCMP) [Y/?] y Enable rseq() system call (RSEQ) [Y/n/?] y Enable debugging of rseq() system call (DEBUG_RSEQ) [N/y/?] n Enable cachestat() system call (CACHESTAT_SYSCALL) [Y/n/?] y PC/104 support (PC104) [N/y/?] n Load all symbols for debugging/ksymoops (KALLSYMS) [Y/?] y Test the basic functions and performance of kallsyms (KALLSYMS_SELFTEST) [N/y/?] n Include all symbols in kallsyms (KALLSYMS_ALL) [Y/?] y Profiling support (PROFILING) [Y/n/?] y Rust support (RUST) [N/y/?] (
Discussions (1)
Title Replies (including bot) Last reply
[syzbot] [ntfs3?] BUG: unable to handle kernel paging request in evict (2) 0 (1) 2024/11/25 06:06
Similar bugs (6)
Kernel Title Rank 🛈 Repro Cause bisect Fix bisect Count Last Reported Patched Status
linux-5.15 BUG: unable to handle kernel paging request in evict 8 10 446d 623d 0/3 auto-obsoleted due to no activity on 2025/06/14 08:06
upstream BUG: unable to handle kernel paging request in evict exfat 19 C error done 23 1295d 1339d 22/29 fixed on 2023/02/24 13:50
android-5-15 KASAN: use-after-free Read in evict fat 19 1 1230d 1230d 0/2 auto-obsoleted due to no activity on 2023/04/20 02:58
linux-4.14 BUG: corrupted list in evict 8 1 2099d 2099d 0/1 auto-closed as invalid on 2020/12/24 11:20
upstream BUG: corrupted list in evict fs 8 1 2145d 2140d 0/29 auto-closed as invalid on 2020/09/09 12:35
linux-4.19 BUG: corrupted list in evict 8 1 2197d 2197d 0/1 auto-closed as invalid on 2020/09/17 09:05
Last patch testing requests (10)
Created Duration User Patch Repo Result
2026/05/18 04:38 21m retest repro upstream error
2026/05/05 19:36 31m retest repro upstream report log
2026/05/05 00:09 22m retest repro upstream error
2026/05/05 00:09 25m retest repro upstream error
2026/05/04 12:24 28m retest repro linux-next report log
2026/05/04 12:24 37m retest repro linux-next report log
2026/05/04 12:24 26m retest repro linux-next report log
2026/04/15 07:06 14m retest repro upstream report log
2026/03/28 11:41 17m retest repro upstream error
2026/03/28 11:41 19m retest repro upstream log
Fix bisection attempts (5)
Created Duration User Patch Repo Result
2026/02/16 11:43 1m bisect fix upstream error job log
2025/08/30 14:48 1h56m bisect fix upstream OK (0) job log log
2025/06/18 23:58 1h45m bisect fix upstream OK (0) job log log
2025/03/22 00:51 3h31m bisect fix upstream OK (0) job log log
2025/01/30 08:03 1h55m bisect fix upstream OK (0) job log log

Sample crash report:
Oops: general protection fault, probably for non-canonical address 0xdffffc0100000001: 0000 [#1] PREEMPT SMP KASAN PTI
KASAN: probably user-memory-access in range [0x0000000800000008-0x000000080000000f]
CPU: 0 UID: 0 PID: 5836 Comm: syz-executor997 Not tainted 6.14.0-rc1-syzkaller-00235-g9946eaf552b1 #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024
RIP: 0010:__hlist_del include/linux/list.h:982 [inline]
RIP: 0010:hlist_del_init_rcu include/linux/rculist.h:228 [inline]
RIP: 0010:__remove_inode_hash fs/inode.c:671 [inline]
RIP: 0010:remove_inode_hash include/linux/fs.h:3325 [inline]
RIP: 0010:evict+0x64f/0x9a0 fs/inode.c:804
Code: 4c 89 ff e8 f3 2e e6 ff 4d 89 27 4d 85 e4 74 61 e8 16 1c 82 ff 49 83 c4 08 4c 89 e0 48 c1 e8 03 48 b9 00 00 00 00 00 fc ff df <80> 3c 08 00 74 08 4c 89 e7 e8 c3 2e e6 ff 4d 89 3c 24 eb 38 e8 e8
RSP: 0018:ffffc90003fdf9c0 EFLAGS: 00010202
RAX: 0000000100000001 RBX: 1ffff1100e7397a1 RCX: dffffc0000000000
RDX: 0000000000000000 RSI: 0000000000000004 RDI: ffffc90003fdf940
RBP: ffffc90003fdfaf0 R08: 0000000000000003 R09: fffff520007fbf28
R10: dffffc0000000000 R11: fffff520007fbf28 R12: 0000000800000008
R13: ffff8880739cbc00 R14: ffff8880739cbd08 R15: ffffc90000c4c388
FS:  0000555591cae480(0000) GS:ffff8880b8600000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007ffca91c5000 CR3: 0000000076844000 CR4: 00000000003526f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
 <TASK>
 dispose_list fs/inode.c:845 [inline]
 evict_inodes+0x6f6/0x790 fs/inode.c:899
 generic_shutdown_super+0xa0/0x2d0 fs/super.c:627
 kill_block_super+0x44/0x90 fs/super.c:1710
 deactivate_locked_super+0xc4/0x130 fs/super.c:473
 cleanup_mnt+0x41f/0x4b0 fs/namespace.c:1413
 task_work_run+0x24f/0x310 kernel/task_work.c:227
 ptrace_notify+0x2d2/0x380 kernel/signal.c:2522
 ptrace_report_syscall include/linux/ptrace.h:415 [inline]
 ptrace_report_syscall_exit include/linux/ptrace.h:477 [inline]
 syscall_exit_work+0xc7/0x1d0 kernel/entry/common.c:173
 syscall_exit_to_user_mode_prepare kernel/entry/common.c:200 [inline]
 __syscall_exit_to_user_mode_work kernel/entry/common.c:205 [inline]
 syscall_exit_to_user_mode+0x24a/0x340 kernel/entry/common.c:218
 do_syscall_64+0x100/0x230 arch/x86/entry/common.c:89
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f2505837cc7
Code: 00 00 00 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 b8 ff ff ff f7 d8 64 89 02 b8
RSP: 002b:00007ffca91c3388 EFLAGS: 00000206 ORIG_RAX: 00000000000000a6
RAX: 0000000000000000 RBX: 0000000000000002 RCX: 00007f2505837cc7
RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffca91c3440
RBP: 00007ffca91c3440 R08: 0000000000000000 R09: 0000000000000000
R10: 00000000ffffffff R11: 0000000000000206 R12: 00007ffca91c44b0
R13: 0000555591caf7c0 R14: 0000000000016c6b R15: 0000000000000001
 </TASK>
Modules linked in:
---[ end trace 0000000000000000 ]---
RIP: 0010:__hlist_del include/linux/list.h:982 [inline]
RIP: 0010:hlist_del_init_rcu include/linux/rculist.h:228 [inline]
RIP: 0010:__remove_inode_hash fs/inode.c:671 [inline]
RIP: 0010:remove_inode_hash include/linux/fs.h:3325 [inline]
RIP: 0010:evict+0x64f/0x9a0 fs/inode.c:804
Code: 4c 89 ff e8 f3 2e e6 ff 4d 89 27 4d 85 e4 74 61 e8 16 1c 82 ff 49 83 c4 08 4c 89 e0 48 c1 e8 03 48 b9 00 00 00 00 00 fc ff df <80> 3c 08 00 74 08 4c 89 e7 e8 c3 2e e6 ff 4d 89 3c 24 eb 38 e8 e8
RSP: 0018:ffffc90003fdf9c0 EFLAGS: 00010202
RAX: 0000000100000001 RBX: 1ffff1100e7397a1 RCX: dffffc0000000000
RDX: 0000000000000000 RSI: 0000000000000004 RDI: ffffc90003fdf940
RBP: ffffc90003fdfaf0 R08: 0000000000000003 R09: fffff520007fbf28
R10: dffffc0000000000 R11: fffff520007fbf28 R12: 0000000800000008
R13: ffff8880739cbc00 R14: ffff8880739cbd08 R15: ffffc90000c4c388
FS:  0000555591cae480(0000) GS:ffff8880b8600000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007ffca91c5000 CR3: 0000000076844000 CR4: 00000000003526f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
----------------
Code disassembly (best guess):
   0:	4c 89 ff             	mov    %r15,%rdi
   3:	e8 f3 2e e6 ff       	call   0xffe62efb
   8:	4d 89 27             	mov    %r12,(%r15)
   b:	4d 85 e4             	test   %r12,%r12
   e:	74 61                	je     0x71
  10:	e8 16 1c 82 ff       	call   0xff821c2b
  15:	49 83 c4 08          	add    $0x8,%r12
  19:	4c 89 e0             	mov    %r12,%rax
  1c:	48 c1 e8 03          	shr    $0x3,%rax
  20:	48 b9 00 00 00 00 00 	movabs $0xdffffc0000000000,%rcx
  27:	fc ff df
* 2a:	80 3c 08 00          	cmpb   $0x0,(%rax,%rcx,1) <-- trapping instruction
  2e:	74 08                	je     0x38
  30:	4c 89 e7             	mov    %r12,%rdi
  33:	e8 c3 2e e6 ff       	call   0xffe62efb
  38:	4d 89 3c 24          	mov    %r15,(%r12)
  3c:	eb 38                	jmp    0x76
  3e:	e8                   	.byte 0xe8
  3f:	e8                   	.byte 0xe8

Crashes (21):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2025/02/09 07:09 upstream 9946eaf552b1 ef44b750 .config strace log report syz / log C [disk image] [vmlinux] [kernel image] [mounted in repro (corrupt fs)] ci2-upstream-fs general protection fault in evict
2024/11/25 06:05 upstream 9f16d5e6f220 68da6d95 .config console log report syz / log C [disk image] [vmlinux] [kernel image] [mounted in repro] ci2-upstream-fs general protection fault in evict
2025/10/20 03:49 upstream d9043c79ba68 1c8c8cd8 .config console log report syz / log C [disk image (non-bootable)] [vmlinux] [kernel image] [mounted in repro (corrupt fs)] ci-snapshot-upstream-root BUG: corrupted list in evict
2025/10/20 02:16 upstream d9043c79ba68 1c8c8cd8 .config console log report syz / log C [disk image (non-bootable)] [vmlinux] [kernel image] [mounted in repro (corrupt fs)] ci-snapshot-upstream-root BUG: corrupted list in evict
2025/05/03 18:04 upstream 95d3481af6dc b0714e37 .config console log report syz / log C [disk image (non-bootable)] [vmlinux] [kernel image] [mounted in repro (corrupt fs)] ci-snapshot-upstream-root general protection fault in evict
2025/05/03 15:30 upstream 95d3481af6dc b0714e37 .config console log report syz / log C [disk image (non-bootable)] [vmlinux] [kernel image] [mounted in repro (corrupt fs)] ci-snapshot-upstream-root general protection fault in evict
2025/12/01 00:52 linux-next 7d31f578f323 d6526ea3 .config console log report syz / log C [disk image] [vmlinux] [kernel image] [mounted in repro (corrupt fs)] ci-upstream-linux-next-kasan-gce-root BUG: corrupted list in evict
2025/11/30 23:15 linux-next 7d31f578f323 d6526ea3 .config console log report syz / log C [disk image] [vmlinux] [kernel image] [mounted in repro (corrupt fs)] ci-upstream-linux-next-kasan-gce-root BUG: corrupted list in evict
2025/11/30 21:46 linux-next 7d31f578f323 d6526ea3 .config console log report syz / log C [disk image] [vmlinux] [kernel image] [mounted in repro (corrupt fs)] ci-upstream-linux-next-kasan-gce-root BUG: corrupted list in evict
2025/07/13 07:19 upstream 3f31a806a62e 3cda49cf .config console log report syz / log [disk image (non-bootable)] [vmlinux] [kernel image] [mounted in repro (corrupt fs)] ci-snapshot-upstream-root general protection fault in evict
2024/09/02 16:54 upstream 67784a74e258 1eda0d14 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-badwrites-root BUG: unable to handle kernel paging request in evict
2024/08/28 22:34 upstream 86987d84b968 940f38c1 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-badwrites-root BUG: unable to handle kernel paging request in evict
2024/08/17 10:38 upstream e5fa841af679 dbc93b08 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-badwrites-root BUG: unable to handle kernel paging request in evict
2024/12/21 11:56 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci 573067a5a685 d7f584ee .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-gce-arm64 BUG: unable to handle kernel paging request in evict
2025/05/03 14:04 upstream 95d3481af6dc b0714e37 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs general protection fault in evict
2025/02/18 10:53 upstream 2408a807bfc3 c37c7249 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs general protection fault in evict
2025/02/18 10:53 upstream 2408a807bfc3 c37c7249 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs general protection fault in evict
2024/11/25 05:15 upstream 9f16d5e6f220 68da6d95 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs general protection fault in evict
2025/04/21 03:37 upstream 6fea5fabd332 2a20f901 .config console log report [disk image (non-bootable)] [vmlinux] [kernel image] ci-snapshot-upstream-root general protection fault in evict
2024/12/28 21:21 linux-next 8155b4ef3466 d3ccff63 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-linux-next-kasan-gce-root general protection fault in evict
2026/01/03 10:48 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci 8f0b4cce4481 d6526ea3 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-gce-arm64 BUG: corrupted list in evict
* Struck through repros no longer work on HEAD.