KASAN: null-ptr-deref Read in fix

Date	Name	Commit	Repro	Result
2024/12/10	linux-5.15.y (ToT)	0a51d2d4527b	C	[report] KASAN: null-ptr-deref Read in fix_nodes
2023/05/28	upstream (ToT)	7877cb91f108	C	[report] KASAN: null-ptr-deref Read in fix_nodes
2024/12/10	upstream (ToT)	7cb1b4663150	C	Didn't crash

Date

Name

Commit

Repro

Result

2024/12/10

linux-5.15.y (ToT)

0a51d2d4527b

[report] KASAN: null-ptr-deref Read in fix_nodes

2023/05/28

upstream (ToT)

7877cb91f108

[report] KASAN: null-ptr-deref Read in fix_nodes

2024/12/10

upstream (ToT)

7cb1b4663150

Didn't crash

Kernel	Title	Repro	Cause bisect	Fix bisect	Count	Last	Reported	Patched	Status
linux-6.1	KASAN: null-ptr-deref Read in fix_nodes origin:upstream missing-backport	C		done	8	277d	760d	0/3	upstream: reported C repro on 2023/04/17 07:27
upstream	KASAN: null-ptr-deref Read in fix_nodes reiserfs	C	done	done	17	498d	767d	0/28	auto-obsoleted due to no activity on 2024/04/13 10:42
linux-4.19	general protection fault in fix_nodes	C		error	1	890d	890d	0/1	upstream: reported C repro on 2022/12/08 10:03
linux-4.14	general protection fault in fix_nodes	syz		error	1	884d	884d	0/1	upstream: reported syz repro on 2022/12/15 05:04

linux-6.1

KASAN: null-ptr-deref Read in fix_nodes origin:upstream missing-backport

done

277d

760d

0/3

upstream: reported C repro on 2023/04/17 07:27

upstream

KASAN: null-ptr-deref Read in fix_nodes reiserfs

done

498d

767d

0/28

auto-obsoleted due to no activity on 2024/04/13 10:42

linux-4.19

general protection fault in fix_nodes

error

890d

0/1

upstream: reported C repro on 2022/12/08 10:03

linux-4.14

general protection fault in fix_nodes

syz

error

884d

0/1

upstream: reported syz repro on 2022/12/15 05:04

Created	Duration	User	Repo	Result
2025/03/15 10:22	1h06m	retest repro	linux-5.15.y	report log
2024/12/25 09:38	11m	retest repro	linux-5.15.y	report log
2024/12/25 09:38	14m	retest repro	linux-5.15.y	OK log
2024/10/15 02:17	0m	retest repro	linux-5.15.y	error
2024/10/15 02:17	0m	retest repro	linux-5.15.y	error

Created

Duration

User

Patch

Repo

Result

2025/03/15 10:22

1h06m

retest repro

linux-5.15.y

report log

2024/12/25 09:38

11m

retest repro

linux-5.15.y

report log

2024/12/25 09:38

14m

retest repro

linux-5.15.y

OK log

2024/10/15 02:17

retest repro

linux-5.15.y

error

2024/10/15 02:17

retest repro

linux-5.15.y

error


Created	Duration	User	Repo	Result
2025/04/18 02:14	1h54m	bisect fix	linux-5.15.y	OK (0) job log log
2025/03/01 08:12	1h35m	bisect fix	linux-5.15.y	OK (0) job log log
2025/01/30 02:25	2h57m	bisect fix	linux-5.15.y	OK (0) job log log
2024/11/27 12:54	1h18m	bisect fix	linux-5.15.y	OK (0) job log log
2024/10/17 01:00	2h06m	bisect fix	linux-5.15.y	OK (0) job log log
2024/09/16 18:25	1h48m	bisect fix	linux-5.15.y	OK (0) job log log
2024/08/13 13:13	4h06m	bisect fix	linux-5.15.y	OK (0) job log log
2024/07/02 04:35	1h32m	bisect fix	linux-5.15.y	OK (0) job log log
2024/05/25 18:00	1h41m	bisect fix	linux-5.15.y	OK (0) job log log
2024/04/20 23:40	1h41m	bisect fix	linux-5.15.y	OK (0) job log log
2024/03/19 00:26	1h32m	bisect fix	linux-5.15.y	OK (0) job log log
2024/02/16 11:05	1h28m	bisect fix	linux-5.15.y	OK (0) job log log
2024/01/09 05:34	1h35m	bisect fix	linux-5.15.y	OK (0) job log log
2023/11/28 11:16	1h27m	bisect fix	linux-5.15.y	OK (0) job log log
2023/09/23 22:31	1h28m	bisect fix	linux-5.15.y	OK (0) job log log
2023/06/28 04:26	46m	bisect fix	linux-5.15.y	OK (0) job log log

REISERFS warning: reiserfs-5093 is_leaf: item entry count seems wrong *3.5*[2 1 0(1) DIR], item_len 35, item_location 4029, free_space(entry_count) 2 REISERFS error (device loop4): vs-5150 search_by_key: invalid format found in block 540. Fsck? ================================================================== BUG: KASAN: null-ptr-deref in instrument_atomic_read include/linux/instrumented.h:71 [inline] BUG: KASAN: null-ptr-deref in test_bit include/asm-generic/bitops/instrumented-non-atomic.h:134 [inline] BUG: KASAN: null-ptr-deref in buffer_locked include/linux/buffer_head.h:122 [inline] BUG: KASAN: null-ptr-deref in fix_nodes+0x44d/0x8c70 fs/reiserfs/fix_node.c:2578 Read of size 8 at addr 0000000000000000 by task syz-executor349/3583 CPU: 0 PID: 3583 Comm: syz-executor349 Not tainted 5.15.113-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/25/2023 Call Trace: <TASK> __dump_stack lib/dump_stack.c:88 [inline] dump_stack_lvl+0x1e3/0x2cb lib/dump_stack.c:106 __kasan_report mm/kasan/report.c:438 [inline] kasan_report+0x161/0x1c0 mm/kasan/report.c:451 kasan_check_range+0x27e/0x290 mm/kasan/generic.c:189 instrument_atomic_read include/linux/instrumented.h:71 [inline] test_bit include/asm-generic/bitops/instrumented-non-atomic.h:134 [inline] buffer_locked include/linux/buffer_head.h:122 [inline] fix_nodes+0x44d/0x8c70 fs/reiserfs/fix_node.c:2578 reiserfs_cut_from_item+0x463/0x2560 fs/reiserfs/stree.c:1742 reiserfs_do_truncate+0xa12/0x15b0 fs/reiserfs/stree.c:1973 reiserfs_truncate_file+0x638/0xda0 fs/reiserfs/inode.c:2318 reiserfs_setattr+0xa4d/0xf90 fs/reiserfs/inode.c:3409 notify_change+0xd4d/0x1000 fs/attr.c:488 do_truncate+0x21c/0x300 fs/open.c:65 handle_truncate fs/namei.c:3195 [inline] do_open fs/namei.c:3542 [inline] path_openat+0x28a0/0x2f20 fs/namei.c:3672 do_filp_open+0x21c/0x460 fs/namei.c:3699 do_sys_openat2+0x13b/0x500 fs/open.c:1211 do_sys_open fs/open.c:1227 [inline] __do_sys_open fs/open.c:1235 [inline] __se_sys_open fs/open.c:1231 [inline] __x64_sys_open+0x221/0x270 fs/open.c:1231 do_syscall_x64 arch/x86/entry/common.c:50 [inline] do_syscall_64+0x3d/0xb0 arch/x86/entry/common.c:80 entry_SYSCALL_64_after_hwframe+0x61/0xcb RIP: 0033:0x7fd29449ee29 Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 61 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 RSP: 002b:00007fd28c4001f8 EFLAGS: 00000246 ORIG_RAX: 0000000000000002 RAX: ffffffffffffffda RBX: 00007fd29451d7e8 RCX: 00007fd29449ee29 RDX: 0000000000000000 RSI: 000000000014937e RDI: 0000000020000180 RBP: 00007fd29451d7e0 R08: 00007fd28c400700 R09: 0000000000000000 R10: 00007fd28c400700 R11: 0000000000000246 R12: 00007fd29451d7ec R13: 00007ffd6edb6f1f R14: 00007fd28c400300 R15: 0000000000022000 </TASK> ==================================================================

Crashes (7):
Time	Kernel	Commit	Syzkaller	Config	Log	Report	Syz repro	C repro	VM info	Assets (help?)	Manager	Title
2023/05/28 05:08	linux-5.15.y	1fe619a7d252	cf184559	.config	console log	report	syz	C		[disk image] [vmlinux] [kernel image] [mounted in repro]	ci2-linux-5-15-kasan	KASAN: null-ptr-deref Read in fix_nodes
2023/10/27 08:15	linux-5.15.y	12952a23a5da	bf285f0c	.config	console log	report	syz			[disk image] [vmlinux] [kernel image] [mounted in repro]	ci2-linux-5-15-kasan	KASAN: null-ptr-deref Read in fix_nodes
2023/12/10 05:34	linux-5.15.y	8a1d809b0545	28b24332	.config	console log	report			info	[disk image] [vmlinux] [kernel image]	ci2-linux-5-15-kasan	KASAN: null-ptr-deref Read in fix_nodes
2023/10/27 06:17	linux-5.15.y	12952a23a5da	bf285f0c	.config	console log	report			info	[disk image] [vmlinux] [kernel image]	ci2-linux-5-15-kasan	KASAN: null-ptr-deref Read in fix_nodes
2023/10/18 08:27	linux-5.15.y	02e21884dcf2	342b9c55	.config	console log	report			info	[disk image] [vmlinux] [kernel image]	ci2-linux-5-15-kasan	KASAN: null-ptr-deref Read in fix_nodes
2023/07/12 06:31	linux-5.15.y	d54cfc420586	2f19aa4f	.config	console log	report	syz			[disk image] [vmlinux] [kernel image] [mounted in repro]	ci2-linux-5-15-kasan	KASAN: null-ptr-deref Read in fix_nodes
2023/04/15 23:09	linux-5.15.y	4fdad925aa1a	ec410564	.config	console log	report			info	[disk image] [vmlinux] [kernel image]	ci2-linux-5-15-kasan	KASAN: null-ptr-deref Read in fix_nodes

Crashes (7):

Assets (help?)