syzbot

 sign-in | mailing list | source | docs
🐞 Open [816]
🐞 Fixed [75]
🐞 Invalid [971]
Missing Backports [122]
Crashes
Kernel Health Bugs/Month Bug Lifetimes Fuzzing
💬 Send us feedback

KASAN: null-ptr-deref Read in fix_nodes

Status: upstream: reported C repro on 2023/04/15 23:10
Bug presence: origin:upstream
Labels: missing-backport
[Documentation on labels]
Reported-by: syzbot+96a6d1aee0cb04be440a@syzkaller.appspotmail.com
First crash: 863d, last: 12d
Fix commit to backport (bisect log) :
tree: upstream
commit fb6f20ecb121cef4d7946f834a6ee867c4e21b4a
Author: Jan Kara <jack@suse.cz>
Date: Thu Oct 17 10:28:23 2024 +0000

  reiserfs: The last commit

  
Fix bisection: the issue occurs on the latest tested release (bisect log)
Crash: KASAN: null-ptr-deref Read in fix_nodes (log)
Repro: C syz .config
  
Bug presence (3)
Date Name Commit Repro Result
2024/12/10 linux-5.15.y (ToT) 0a51d2d4527b C [report] KASAN: null-ptr-deref Read in fix_nodes
2023/05/28 upstream (ToT) 7877cb91f108 C [report] KASAN: null-ptr-deref Read in fix_nodes
2024/12/10 upstream (ToT) 7cb1b4663150 C Didn't crash
Similar bugs (4)
Kernel Title Rank 🛈 Repro Cause bisect Fix bisect Count Last Reported Patched Status
linux-6.1 KASAN: null-ptr-deref Read in fix_nodes origin:upstream missing-backport 11 C done 8 378d 862d 0/3 upstream: reported C repro on 2023/04/17 07:27
upstream KASAN: null-ptr-deref Read in fix_nodes fs 11 C done done 17 599d 868d 0/29 auto-obsoleted due to no activity on 2024/04/13 10:42
linux-4.19 general protection fault in fix_nodes 2 C error 1 991d 991d 0/1 upstream: reported C repro on 2022/12/08 10:03
linux-4.14 general protection fault in fix_nodes 2 syz error 1 985d 985d 0/1 upstream: reported syz repro on 2022/12/15 05:04
Last patch testing requests (6)
Created Duration User Patch Repo Result
2025/06/04 19:30 10m retest repro linux-5.15.y report log
2025/03/15 10:22 1h06m retest repro linux-5.15.y report log
2024/12/25 09:38 11m retest repro linux-5.15.y report log
2024/12/25 09:38 14m retest repro linux-5.15.y OK log
2024/10/15 02:17 0m retest repro linux-5.15.y error
2024/10/15 02:17 0m retest repro linux-5.15.y error
Fix bisection attempts (18)
Created Duration User Patch Repo Result
2025/06/21 11:14 8h15m fix candidate upstream OK (1) job log
2025/05/21 07:15 1h38m bisect fix linux-5.15.y OK (0) job log log
2025/04/18 02:14 1h54m bisect fix linux-5.15.y OK (0) job log log
2025/03/01 08:12 1h35m bisect fix linux-5.15.y OK (0) job log log
2025/01/30 02:25 2h57m bisect fix linux-5.15.y OK (0) job log log
2024/11/27 12:54 1h18m bisect fix linux-5.15.y OK (0) job log log
2024/10/17 01:00 2h06m bisect fix linux-5.15.y OK (0) job log log
2024/09/16 18:25 1h48m bisect fix linux-5.15.y OK (0) job log log
2024/08/13 13:13 4h06m bisect fix linux-5.15.y OK (0) job log log
2024/07/02 04:35 1h32m bisect fix linux-5.15.y OK (0) job log log
2024/05/25 18:00 1h41m bisect fix linux-5.15.y OK (0) job log log
2024/04/20 23:40 1h41m bisect fix linux-5.15.y OK (0) job log log
2024/03/19 00:26 1h32m bisect fix linux-5.15.y OK (0) job log log
2024/02/16 11:05 1h28m bisect fix linux-5.15.y OK (0) job log log
2024/01/09 05:34 1h35m bisect fix linux-5.15.y OK (0) job log log
2023/11/28 11:16 1h27m bisect fix linux-5.15.y OK (0) job log log
2023/09/23 22:31 1h28m bisect fix linux-5.15.y OK (0) job log log
2023/06/28 04:26 46m bisect fix linux-5.15.y OK (0) job log log

Sample crash report:
REISERFS error (device loop2): vs-5150 search_by_key: invalid format found in block 540. Fsck?
==================================================================
BUG: KASAN: null-ptr-deref in instrument_atomic_read include/linux/instrumented.h:71 [inline]
BUG: KASAN: null-ptr-deref in test_bit include/asm-generic/bitops/instrumented-non-atomic.h:134 [inline]
BUG: KASAN: null-ptr-deref in buffer_locked include/linux/buffer_head.h:122 [inline]
BUG: KASAN: null-ptr-deref in fix_nodes+0x435/0x82d0 fs/reiserfs/fix_node.c:2578
Read of size 8 at addr 0000000000000000 by task syz.2.118/4882

CPU: 1 PID: 4882 Comm: syz.2.118 Not tainted 5.15.189-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
Call Trace:
 <TASK>
 dump_stack_lvl+0x168/0x230 lib/dump_stack.c:106
 __kasan_report mm/kasan/report.c:438 [inline]
 kasan_report+0xd5/0x130 mm/kasan/report.c:451
 check_region_inline mm/kasan/generic.c:-1 [inline]
 kasan_check_range+0x27b/0x290 mm/kasan/generic.c:189
 instrument_atomic_read include/linux/instrumented.h:71 [inline]
 test_bit include/asm-generic/bitops/instrumented-non-atomic.h:134 [inline]
 buffer_locked include/linux/buffer_head.h:122 [inline]
 fix_nodes+0x435/0x82d0 fs/reiserfs/fix_node.c:2578
 reiserfs_cut_from_item+0x2e8/0x1ef0 fs/reiserfs/stree.c:1742
 reiserfs_do_truncate+0xa90/0x13e0 fs/reiserfs/stree.c:1973
 reiserfs_truncate_file+0x632/0xdc0 fs/reiserfs/inode.c:2318
 reiserfs_setattr+0xaa7/0x1010 fs/reiserfs/inode.c:3409
 notify_change+0xbcd/0xee0 fs/attr.c:505
 do_truncate+0x197/0x220 fs/open.c:65
 do_sys_ftruncate+0x31b/0x3d0 fs/open.c:193
 do_syscall_x64 arch/x86/entry/common.c:50 [inline]
 do_syscall_64+0x4c/0xa0 arch/x86/entry/common.c:80
 entry_SYSCALL_64_after_hwframe+0x66/0xd0
RIP: 0033:0x7f939d92abe9
Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007f939cf79038 EFLAGS: 00000246 ORIG_RAX: 000000000000004d
RAX: ffffffffffffffda RBX: 00007f939db52090 RCX: 00007f939d92abe9
RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000006
RBP: 00007f939d9ade19 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 00007f939db52128 R14: 00007f939db52090 R15: 00007fff89620408
 </TASK>
==================================================================

Crashes (10):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2025/08/13 16:10 linux-5.15.y c79648372d02 22ec1469 .config console log report syz / log C [disk image] [vmlinux] [kernel image] [mounted in repro (corrupt fs)] ci2-linux-5-15-kasan KASAN: null-ptr-deref Read in fix_nodes
2025/08/02 19:35 linux-5.15.y c79648372d02 7368264b .config console log report syz / log C [disk image] [vmlinux] [kernel image] [mounted in repro (corrupt fs)] ci2-linux-5-15-kasan KASAN: null-ptr-deref Read in fix_nodes
2023/05/28 05:08 linux-5.15.y 1fe619a7d252 cf184559 .config console log report syz C [disk image] [vmlinux] [kernel image] [mounted in repro] ci2-linux-5-15-kasan KASAN: null-ptr-deref Read in fix_nodes
2025/07/20 11:08 linux-5.15.y c79648372d02 7117feec .config console log report syz / log [disk image] [vmlinux] [kernel image] [mounted in repro (corrupt fs)] ci2-linux-5-15-kasan KASAN: null-ptr-deref Read in fix_nodes
2023/10/27 08:15 linux-5.15.y 12952a23a5da bf285f0c .config console log report syz [disk image] [vmlinux] [kernel image] [mounted in repro] ci2-linux-5-15-kasan KASAN: null-ptr-deref Read in fix_nodes
2023/12/10 05:34 linux-5.15.y 8a1d809b0545 28b24332 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan KASAN: null-ptr-deref Read in fix_nodes
2023/10/27 06:17 linux-5.15.y 12952a23a5da bf285f0c .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan KASAN: null-ptr-deref Read in fix_nodes
2023/10/18 08:27 linux-5.15.y 02e21884dcf2 342b9c55 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan KASAN: null-ptr-deref Read in fix_nodes
2023/07/12 06:31 linux-5.15.y d54cfc420586 2f19aa4f .config console log report syz [disk image] [vmlinux] [kernel image] [mounted in repro] ci2-linux-5-15-kasan KASAN: null-ptr-deref Read in fix_nodes
2023/04/15 23:09 linux-5.15.y 4fdad925aa1a ec410564 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan KASAN: null-ptr-deref Read in fix_nodes
* Struck through repros no longer work on HEAD.