syzbot

 sign-in | mailing list | source | docs
🐞 Open [824]
🐞 Fixed [76]
🐞 Invalid [998]
Missing Backports [122]
Crashes
Kernel Health Bugs/Month Bug Lifetimes Fuzzing
💬 Send us feedback

KASAN: null-ptr-deref Read in __wait_on_buffer

Status: upstream: reported on 2025/09/14 17:21
Reported-by: syzbot+e72c01cff764acdfa94a@syzkaller.appspotmail.com
First crash: 11h06m, last: 11h06m
Similar bugs (1)
Kernel Title Rank 🛈 Repro Cause bisect Fix bisect Count Last Reported Patched Status
upstream KASAN: null-ptr-deref Read in __wait_on_buffer fs 11 5 732d 884d 0/29 auto-obsoleted due to no activity on 2023/12/22 05:12

Sample crash report:
==================================================================
BUG: KASAN: null-ptr-deref in instrument_atomic_read include/linux/instrumented.h:71 [inline]
BUG: KASAN: null-ptr-deref in test_bit include/asm-generic/bitops/instrumented-non-atomic.h:134 [inline]
BUG: KASAN: null-ptr-deref in wait_on_bit_io include/linux/wait_bit.h:99 [inline]
BUG: KASAN: null-ptr-deref in __wait_on_buffer+0x30/0x90 fs/buffer.c:122
Read of size 8 at addr 0000000000000000 by task syz.0.12/4343

CPU: 1 PID: 4343 Comm: syz.0.12 Not tainted syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
Call Trace:
 <TASK>
 dump_stack_lvl+0x168/0x230 lib/dump_stack.c:106
 __kasan_report mm/kasan/report.c:438 [inline]
 kasan_report+0xd5/0x130 mm/kasan/report.c:451
 check_region_inline mm/kasan/generic.c:-1 [inline]
 kasan_check_range+0x27b/0x290 mm/kasan/generic.c:189
 instrument_atomic_read include/linux/instrumented.h:71 [inline]
 test_bit include/asm-generic/bitops/instrumented-non-atomic.h:134 [inline]
 wait_on_bit_io include/linux/wait_bit.h:99 [inline]
 __wait_on_buffer+0x30/0x90 fs/buffer.c:122
 flush_commit_list+0xf3c/0x1d70 fs/reiserfs/journal.c:1069
 flush_older_commits fs/reiserfs/journal.c:919 [inline]
 flush_commit_list+0x462/0x1d70 fs/reiserfs/journal.c:995
 do_journal_end+0x38ad/0x42d0 fs/reiserfs/journal.c:4372
 journal_end_sync fs/reiserfs/journal.c:3535 [inline]
 __commit_trans_jl fs/reiserfs/journal.c:3877 [inline]
 reiserfs_commit_for_inode+0xa1d/0xb40 fs/reiserfs/journal.c:3920
 reiserfs_sync_file+0x11b/0x270 fs/reiserfs/file.c:159
 generic_write_sync include/linux/fs.h:2989 [inline]
 generic_file_write_iter+0x157/0x1b0 mm/filemap.c:3948
 call_write_iter include/linux/fs.h:2172 [inline]
 new_sync_write fs/read_write.c:507 [inline]
 vfs_write+0x712/0xd00 fs/read_write.c:594
 ksys_pwrite64 fs/read_write.c:701 [inline]
 __do_sys_pwrite64 fs/read_write.c:711 [inline]
 __se_sys_pwrite64 fs/read_write.c:708 [inline]
 __x64_sys_pwrite64+0x194/0x220 fs/read_write.c:708
 do_syscall_x64 arch/x86/entry/common.c:50 [inline]
 do_syscall_64+0x4c/0xa0 arch/x86/entry/common.c:80
 entry_SYSCALL_64_after_hwframe+0x66/0xd0
RIP: 0033:0x7f48b91b6ba9
Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007f48b741e038 EFLAGS: 00000246 ORIG_RAX: 0000000000000012
RAX: ffffffffffffffda RBX: 00007f48b93fdfa0 RCX: 00007f48b91b6ba9
RDX: 000000000000fdef RSI: 0000200000000140 RDI: 0000000000000009
RBP: 00007f48b9239e19 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000e7c R11: 0000000000000246 R12: 0000000000000000
R13: 00007f48b93fe038 R14: 00007f48b93fdfa0 R15: 00007fff0c084868
 </TASK>
==================================================================

Crashes (1):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2025/09/14 17:21 linux-5.15.y 43bb85222e53 e2beed91 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan KASAN: null-ptr-deref Read in __wait_on_buffer
* Struck through repros no longer work on HEAD.