syzbot

 sign-in | mailing list | source | docs | 🏰
🐞 Open [1344]
Subsystems
🐞 Fixed [7090]
🐞 Invalid [18714]
Missing Backports [220]
Crashes
Kernel Health Bugs/Month Bug Lifetimes Fuzzing
Total Repo Heatmap Subsystems Heatmap
✨ AI
💬 Send us feedback

KASAN: null-ptr-deref Read in io_sqe_buffer_register

Status: upstream: reported C repro on 2025/09/04 15:36
Subsystems: io-uring
[Documentation on labels]
Reported-by: syzbot+1ab243d3eebb2aabf4a4@syzkaller.appspotmail.com
Fix commit: fixup: mm/gup: remove record_subpages()
Patched on: [ci-upstream-linux-next-kasan-gce-root ci-upstream-rust-kasan-gce], missing on: [ci-qemu-gce-upstream-auto ci-qemu-native-arm64-kvm ci-qemu-upstream ci-qemu-upstream-386 ci-qemu2-arm32 ci-qemu2-arm64 ci-qemu2-arm64-compat ci-qemu2-arm64-mte ci-qemu2-riscv64 ci-snapshot-upstream-root ci-upstream-bpf-kasan-gce ci-upstream-bpf-next-kasan-gce ci-upstream-gce-arm64 ci-upstream-gce-leak ci-upstream-kasan-badwrites-root ci-upstream-kasan-gce ci-upstream-kasan-gce-386 ci-upstream-kasan-gce-root ci-upstream-kasan-gce-selinux-root ci-upstream-kasan-gce-smack-root ci-upstream-kmsan-gce-386-root ci-upstream-kmsan-gce-root ci-upstream-net-kasan-gce ci-upstream-net-this-kasan-gce ci2-upstream-fs ci2-upstream-kcsan-gce ci2-upstream-usb]
First crash: 253d, last: 249d
✨ AI Jobs (1)
ID Workflow Result Correct Bug Created Started Finished Revision Error
43726a3a-9dc0-442a-b107-c73d86b8b928 assessment-security 💥 KASAN: null-ptr-deref Read in io_sqe_buffer_register 2026/05/15 11:44 2026/05/15 11:44 2026/05/15 11:45 9cd3beaadf14b3a22d15fd97a0bf081ee41ebe01 failed to run ["git" "pull" "origin" "HEAD" "--depth=1" "--allow-unrelated-histories"]: exit status 128 From /app/workdir/repo/linux * branch HEAD -> FETCH_HEAD error: unable to write file Documentation/devicetree/bindings/mmc/mmc-pwrseq-simple.yaml error: unable to write file Documentation/devicetree/bindings/mmc/mmc-slot.yaml error: unable to write file Documentation/devicetree/bindings/mmc/mmc-spi-slot.yaml error: unable to write file Documentation/devicetree/bindings/mmc/mmc.txt error: unable to write file Documentation/devicetree/bindings/mmc/moxa,moxart-mmc.txt error: unable to write file Documentation/devicetree/bindings/mmc/mtk-sd.yaml error: unable to write file Documentation/devicetree/bindings/mmc/mxs-mmc.yaml error: unable to write file Documentation/devicetree/bindings/mmc/npcm,sdhci.yaml error: unable to write file Documentation/devicetree/bindings/mmc/nuvoton,ma35d1-sdhci.yaml error: unable to write file Documentation/devicetree/bindings/mmc/nvidia,tegra20-sdhci.yaml error: unable to write file Documentation/devicetree/bindings/mmc/owl-mmc.yaml error: unable to write file Documentation/devicetree/bindings/mmc/pxa-mmc.txt error: unable to write file Documentation/devicetree/bindings/mmc/renesas,mmcif.yaml error: unable to write file Documentation/devicetree/bindings/mmc/renesas,sdhi.yaml error: unable to write file Documentation/devicetree/bindings/mmc/rockchip-dw-mshc.yaml error: unable to write file Documentation/devicetree/bindings/mmc/samsung,exynos-dw-mshc.yaml error: unable to write file Documentation/devicetree/bindings/mmc/samsung,s3c6410-sdhci.yaml error: unable to write file Documentation/devicetree/bindings/mmc/sdhci-am654.yaml error: unable to write file Documentation/devicetree/bindings/mmc/sdhci-common.yaml error: unable to write file Documentation/devicetree/bindings/mmc/sdhci-milbeaut.txt error: unable to write file Documentation/devicetree/bindings/mmc/sdhci-msm.yaml error: unable to write file Documentation/devicetree/bindings/mmc/sdhci-omap.txt error: unable to write file Documentation/devicetree/bindings/mmc/sdhci-pxa.yaml error: unable to write file Documentation/devicetree/bindings/mmc/sdhci-spear.txt error: unable to write file Documentation/devicetree/bindings/mmc/sdhci-st.txt error: unable to write file Documentation/devicetree/bindings/mmc/snps,dwcmshc-sdhci.yaml error: unable to write file Documentation/devicetree/bindings/mmc/socionext,uniphier-sd.yaml error: unable to write file Documentation/devicetree/bindings/mmc/spacemit,sdhci.yaml error: unable to write file Documentation/devicetree/bindings/mmc/sprd,sdhci-r11.yaml error: unable to write file Documentation/devicetree/bindings/mmc/starfive,jh7110-mmc.yaml error: unable to write file Documentation/devicetree/bindings/mmc/sunplus,mmc.yaml error: unable to write file Documentation/devicetree/bindings/mmc/synopsys-dw-mshc-common.yaml error: unable to write file Documentation/devicetree/bindings/mmc/synopsys-dw-mshc.yaml error: unable to write file Documentation/devicetree/bindings/mmc/ti-omap-hsmmc.txt error: unable to write file Documentation/devicetree/bindings/mmc/ti-omap.txt error: unable to write file Documentation/devicetree/bindings/mmc/usdhi6rol0.txt error: unable to write file Documentation/devicetree/bindings/mmc/wm,wm8505-sdhc.yaml fatal: cannot create directory at 'Documentation/devicetree/bindings/mtd': No space left on device
Cause bisection: introduced by (bisect log) :
commit da6b34293ff8dbb78f8b9278c9a492925bbf1f87
Author: David Hildenbrand <david@redhat.com>
Date: Mon Sep 1 15:03:40 2025 +0000

  mm/gup: remove record_subpages()

Crash: KASAN: null-ptr-deref Read in io_sqe_buffer_register (log)
Repro: C syz .config
  
Duplicate bugs (5)
Title Rank 🛈 Repro Cause bisect Fix bisect Count Last Reported Patched Status
general protection fault in io_check_coalesce_buffer io-uring 2 C 27 249d 252d 0/29 closed as dup on 2025/09/04 23:18
general protection fault in xxh64_update crypto 2 C error 11 249d 249d 0/29 closed as dup on 2025/09/08 18:47
KASAN: wild-memory-access Read in crypto_nhpoly1305_update_helper crypto 17 C done 13 251d 247d 0/29 closed as dup on 2025/09/10 06:35
KASAN: wild-memory-access Read in __sha512_update crypto 17 C 15 249d 249d 0/29 closed as dup on 2025/09/08 18:46
general protection fault in unpin_user_page_range_dirty_lock mm 2 C 4 249d 252d 0/29 closed as dup on 2025/09/05 13:27
Discussions (1)
Title Replies (including bot) Last reply
[syzbot] [io-uring?] KASAN: null-ptr-deref Read in io_sqe_buffer_register 6 (10) 2025/09/08 04:30
Similar bugs (1)
Kernel Title Rank 🛈 Repro Cause bisect Fix bisect Count Last Reported Patched Status
upstream general protection fault in io_sqe_buffer_register io-uring 2 C done 55 557d 559d 28/29 fixed on 2024/12/16 10:37
Last patch testing requests (2)
Created Duration User Patch Repo Result
2025/09/05 10:04 24m david@redhat.com https://github.com/davidhildenbrand/linux.git nth_page OK log
2025/09/05 07:43 34m david@redhat.com patch linux-next error

Sample crash report:
==================================================================
BUG: KASAN: null-ptr-deref in instrument_atomic_read include/linux/instrumented.h:68 [inline]
BUG: KASAN: null-ptr-deref in _test_bit include/asm-generic/bitops/instrumented-non-atomic.h:141 [inline]
BUG: KASAN: null-ptr-deref in PageCompound include/linux/page-flags.h:331 [inline]
BUG: KASAN: null-ptr-deref in io_buffer_account_pin io_uring/rsrc.c:668 [inline]
BUG: KASAN: null-ptr-deref in io_sqe_buffer_register+0x369/0x20a0 io_uring/rsrc.c:817
Read of size 8 at addr 0000000000000000 by task syz.0.17/6093

CPU: 0 UID: 0 PID: 6093 Comm: syz.0.17 Not tainted syzkaller #0 PREEMPT(full) 
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
Call Trace:
 <TASK>
 dump_stack_lvl+0x189/0x250 lib/dump_stack.c:120
 kasan_report+0x118/0x150 mm/kasan/report.c:595
 check_region_inline mm/kasan/generic.c:-1 [inline]
 kasan_check_range+0x2b0/0x2c0 mm/kasan/generic.c:200
 instrument_atomic_read include/linux/instrumented.h:68 [inline]
 _test_bit include/asm-generic/bitops/instrumented-non-atomic.h:141 [inline]
 PageCompound include/linux/page-flags.h:331 [inline]
 io_buffer_account_pin io_uring/rsrc.c:668 [inline]
 io_sqe_buffer_register+0x369/0x20a0 io_uring/rsrc.c:817
 io_sqe_buffers_register+0x3b9/0x8e0 io_uring/rsrc.c:913
 __io_uring_register io_uring/register.c:657 [inline]
 __do_sys_io_uring_register io_uring/register.c:926 [inline]
 __se_sys_io_uring_register+0xb85/0x11b0 io_uring/register.c:903
 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
 do_syscall_64+0xfa/0xfa0 arch/x86/entry/syscall_64.c:94
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f71d0b8ebe9
Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007ffc64956de8 EFLAGS: 00000246 ORIG_RAX: 00000000000001ab
RAX: ffffffffffffffda RBX: 00007f71d0dc5fa0 RCX: 00007f71d0b8ebe9
RDX: 00002000000002c0 RSI: 0000000000000000 RDI: 0000000000000003
RBP: 00007f71d0c11e19 R08: 0000000000000000 R09: 0000000000000000
R10: 100000000000011a R11: 0000000000000246 R12: 0000000000000000
R13: 00007f71d0dc5fa0 R14: 00007f71d0dc5fa0 R15: 0000000000000004
 </TASK>
==================================================================

Crashes (54):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2025/09/04 17:24 linux-next 4ac65880ebca d291dd2d .config console log report syz / log C [disk image] [vmlinux] [kernel image] ci-upstream-linux-next-kasan-gce-root KASAN: null-ptr-deref Read in io_sqe_buffer_register
2025/09/04 16:31 linux-next 4ac65880ebca d291dd2d .config console log report syz / log C [disk image] [vmlinux] [kernel image] ci-upstream-linux-next-kasan-gce-root KASAN: null-ptr-deref Read in io_sqe_buffer_register
2025/09/04 15:22 linux-next 4ac65880ebca d291dd2d .config console log report syz / log C [disk image] [vmlinux] [kernel image] ci-upstream-linux-next-kasan-gce-root KASAN: null-ptr-deref Read in io_sqe_buffer_register
2025/09/08 08:53 linux-next be5d4872e528 d291dd2d .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-linux-next-kasan-gce-root KASAN: null-ptr-deref Read in io_sqe_buffer_register
2025/09/08 05:29 linux-next be5d4872e528 d291dd2d .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-linux-next-kasan-gce-root KASAN: null-ptr-deref Read in io_sqe_buffer_register
2025/09/08 00:58 linux-next be5d4872e528 d291dd2d .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-linux-next-kasan-gce-root KASAN: null-ptr-deref Read in io_sqe_buffer_register
2025/09/07 22:50 linux-next be5d4872e528 d291dd2d .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-linux-next-kasan-gce-root KASAN: null-ptr-deref Read in io_sqe_buffer_register
2025/09/07 21:32 linux-next be5d4872e528 d291dd2d .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-linux-next-kasan-gce-root KASAN: null-ptr-deref Read in io_sqe_buffer_register
2025/09/07 18:22 linux-next be5d4872e528 d291dd2d .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-linux-next-kasan-gce-root KASAN: null-ptr-deref Read in io_sqe_buffer_register
2025/09/07 16:43 linux-next be5d4872e528 d291dd2d .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-linux-next-kasan-gce-root KASAN: null-ptr-deref Read in io_sqe_buffer_register
2025/09/07 16:37 linux-next be5d4872e528 d291dd2d .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-linux-next-kasan-gce-root KASAN: null-ptr-deref Read in io_sqe_buffer_register
2025/09/07 12:28 linux-next be5d4872e528 d291dd2d .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-linux-next-kasan-gce-root KASAN: null-ptr-deref Read in io_sqe_buffer_register
2025/09/07 06:29 linux-next be5d4872e528 d291dd2d .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-linux-next-kasan-gce-root KASAN: null-ptr-deref Read in io_sqe_buffer_register
2025/09/07 04:42 linux-next be5d4872e528 d291dd2d .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-linux-next-kasan-gce-root KASAN: null-ptr-deref Read in io_sqe_buffer_register
2025/09/07 04:10 linux-next be5d4872e528 d291dd2d .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-linux-next-kasan-gce-root KASAN: null-ptr-deref Read in io_sqe_buffer_register
2025/09/07 02:38 linux-next be5d4872e528 d291dd2d .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-linux-next-kasan-gce-root KASAN: null-ptr-deref Read in io_sqe_buffer_register
2025/09/07 02:19 linux-next be5d4872e528 d291dd2d .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-linux-next-kasan-gce-root KASAN: null-ptr-deref Read in io_sqe_buffer_register
2025/09/07 01:15 linux-next be5d4872e528 d291dd2d .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-linux-next-kasan-gce-root KASAN: null-ptr-deref Read in io_sqe_buffer_register
2025/09/06 21:31 linux-next be5d4872e528 d291dd2d .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-linux-next-kasan-gce-root KASAN: null-ptr-deref Read in io_sqe_buffer_register
2025/09/06 21:31 linux-next be5d4872e528 d291dd2d .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-linux-next-kasan-gce-root KASAN: null-ptr-deref Read in io_sqe_buffer_register
2025/09/06 21:27 linux-next be5d4872e528 d291dd2d .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-linux-next-kasan-gce-root KASAN: null-ptr-deref Read in io_sqe_buffer_register
2025/09/06 21:27 linux-next be5d4872e528 d291dd2d .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-linux-next-kasan-gce-root KASAN: null-ptr-deref Read in io_sqe_buffer_register
2025/09/06 21:17 linux-next be5d4872e528 d291dd2d .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-linux-next-kasan-gce-root KASAN: null-ptr-deref Read in io_sqe_buffer_register
2025/09/06 21:17 linux-next be5d4872e528 d291dd2d .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-linux-next-kasan-gce-root KASAN: null-ptr-deref Read in io_sqe_buffer_register
2025/09/06 21:14 linux-next be5d4872e528 d291dd2d .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-linux-next-kasan-gce-root KASAN: null-ptr-deref Read in io_sqe_buffer_register
2025/09/06 21:14 linux-next be5d4872e528 d291dd2d .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-linux-next-kasan-gce-root KASAN: null-ptr-deref Read in io_sqe_buffer_register
2025/09/06 20:42 linux-next be5d4872e528 d291dd2d .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-linux-next-kasan-gce-root KASAN: null-ptr-deref Read in io_sqe_buffer_register
2025/09/06 20:42 linux-next be5d4872e528 d291dd2d .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-linux-next-kasan-gce-root KASAN: null-ptr-deref Read in io_sqe_buffer_register
2025/09/06 14:57 linux-next be5d4872e528 d291dd2d .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-linux-next-kasan-gce-root KASAN: null-ptr-deref Read in io_sqe_buffer_register
2025/09/06 14:57 linux-next be5d4872e528 d291dd2d .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-linux-next-kasan-gce-root KASAN: null-ptr-deref Read in io_sqe_buffer_register
2025/09/06 13:55 linux-next be5d4872e528 d291dd2d .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-linux-next-kasan-gce-root KASAN: null-ptr-deref Read in io_sqe_buffer_register
2025/09/06 13:54 linux-next be5d4872e528 d291dd2d .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-linux-next-kasan-gce-root KASAN: null-ptr-deref Read in io_sqe_buffer_register
2025/09/06 13:54 linux-next be5d4872e528 d291dd2d .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-linux-next-kasan-gce-root KASAN: null-ptr-deref Read in io_sqe_buffer_register
2025/09/06 10:52 linux-next be5d4872e528 d291dd2d .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-linux-next-kasan-gce-root KASAN: null-ptr-deref Read in io_sqe_buffer_register
2025/09/06 10:51 linux-next be5d4872e528 d291dd2d .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-linux-next-kasan-gce-root KASAN: null-ptr-deref Read in io_sqe_buffer_register
2025/09/06 10:49 linux-next be5d4872e528 d291dd2d .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-linux-next-kasan-gce-root KASAN: null-ptr-deref Read in io_sqe_buffer_register
2025/09/06 10:49 linux-next be5d4872e528 d291dd2d .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-linux-next-kasan-gce-root KASAN: null-ptr-deref Read in io_sqe_buffer_register
2025/09/06 02:52 linux-next be5d4872e528 d291dd2d .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-linux-next-kasan-gce-root KASAN: null-ptr-deref Read in io_sqe_buffer_register
2025/09/05 18:54 linux-next be5d4872e528 d291dd2d .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-linux-next-kasan-gce-root KASAN: null-ptr-deref Read in io_sqe_buffer_register
2025/09/05 11:34 linux-next be5d4872e528 d291dd2d .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-linux-next-kasan-gce-root KASAN: null-ptr-deref Read in io_sqe_buffer_register
2025/09/04 14:39 linux-next 4ac65880ebca d291dd2d .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-linux-next-kasan-gce-root KASAN: null-ptr-deref Read in io_sqe_buffer_register
2025/09/04 14:39 linux-next 4ac65880ebca d291dd2d .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-linux-next-kasan-gce-root KASAN: null-ptr-deref Read in io_sqe_buffer_register
2025/09/04 12:00 linux-next 4ac65880ebca d291dd2d .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-linux-next-kasan-gce-root KASAN: null-ptr-deref Read in io_sqe_buffer_register
2025/09/04 11:51 linux-next 4ac65880ebca d291dd2d .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-linux-next-kasan-gce-root KASAN: null-ptr-deref Read in io_sqe_buffer_register
2025/09/04 11:37 linux-next 4ac65880ebca d291dd2d .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-linux-next-kasan-gce-root KASAN: null-ptr-deref Read in io_sqe_buffer_register
2025/09/04 09:45 linux-next 4ac65880ebca d291dd2d .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-linux-next-kasan-gce-root KASAN: null-ptr-deref Read in io_sqe_buffer_register
2025/09/04 09:45 linux-next 4ac65880ebca d291dd2d .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-linux-next-kasan-gce-root KASAN: null-ptr-deref Read in io_sqe_buffer_register
* Struck through repros no longer work on HEAD.