syzbot

 sign-in | mailing list | source | docs
🐞 Open [1498]
Subsystems
🐞 Fixed [6527]
🐞 Invalid [16622]
Missing Backports [205]
Crashes
Kernel Health Bugs/Month Bug Lifetimes Fuzzing
Total Repo Heatmap Subsystems Heatmap
💬 Send us feedback

KASAN: null-ptr-deref Read in drop_buffers (4)

Status: moderation: reported on 2025/08/18 04:14
Subsystems: fs
[Documentation on labels]
Reported-by: syzbot+442c982d16f70806ac9b@syzkaller.appspotmail.com
First crash: 10d, last: 2h13m
Similar bugs (4)
Kernel Title Rank 🛈 Repro Cause bisect Fix bisect Count Last Reported Patched Status
upstream KASAN: null-ptr-deref Read in drop_buffers (2) jfs 11 C error 252 542d 753d 0/29 auto-obsoleted due to no activity on 2024/05/08 22:28
upstream KASAN: null-ptr-deref Read in drop_buffers kernfs 11 5 1029d 1029d 0/29 auto-obsoleted due to no activity on 2023/02/27 02:04
upstream KASAN: null-ptr-deref Read in drop_buffers (3) fs 17 C 98 160d 326d 0/29 auto-obsoleted due to no activity on 2025/06/08 23:43
linux-6.1 KASAN: slab-out-of-bounds Read in drop_buffers 17 1 204d 204d 0/3 auto-obsoleted due to no activity on 2025/05/11 23:03

Sample crash report:
==================================================================
BUG: KASAN: null-ptr-deref in instrument_atomic_read include/linux/instrumented.h:68 [inline]
BUG: KASAN: null-ptr-deref in atomic_read include/linux/atomic/atomic-instrumented.h:32 [inline]
BUG: KASAN: null-ptr-deref in buffer_busy fs/buffer.c:2886 [inline]
BUG: KASAN: null-ptr-deref in drop_buffers+0x65/0x4f0 fs/buffer.c:2898
Read of size 4 at addr 0000000000000060 by task syz.1.6642/25604

CPU: 1 UID: 0 PID: 25604 Comm: syz.1.6642 Not tainted syzkaller #0 PREEMPT(full) 
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
Call Trace:
 <TASK>
 dump_stack_lvl+0x189/0x250 lib/dump_stack.c:120
 kasan_report+0x118/0x150 mm/kasan/report.c:595
 check_region_inline mm/kasan/generic.c:-1 [inline]
 kasan_check_range+0x2b0/0x2c0 mm/kasan/generic.c:189
 instrument_atomic_read include/linux/instrumented.h:68 [inline]
 atomic_read include/linux/atomic/atomic-instrumented.h:32 [inline]
 buffer_busy fs/buffer.c:2886 [inline]
 drop_buffers+0x65/0x4f0 fs/buffer.c:2898
 try_to_free_buffers+0x1e1/0x2d0 fs/buffer.c:2952
 shrink_folio_list+0x20ac/0x4cd0 mm/vmscan.c:1518
 evict_folios+0x47f2/0x58b0 mm/vmscan.c:4744
 try_to_shrink_lruvec+0x8a3/0xb50 mm/vmscan.c:4907
 shrink_one+0x21b/0x7c0 mm/vmscan.c:4952
 shrink_many mm/vmscan.c:5015 [inline]
 lru_gen_shrink_node mm/vmscan.c:5093 [inline]
 shrink_node+0x314e/0x3760 mm/vmscan.c:6078
 shrink_zones mm/vmscan.c:6336 [inline]
 do_try_to_free_pages+0x668/0x1960 mm/vmscan.c:6398
 try_to_free_pages+0x8a2/0xdd0 mm/vmscan.c:6644
 __perform_reclaim mm/page_alloc.c:4310 [inline]
 __alloc_pages_direct_reclaim+0x144/0x300 mm/page_alloc.c:4332
 __alloc_pages_slowpath+0x5ff/0xce0 mm/page_alloc.c:4781
 __alloc_frozen_pages_noprof+0x319/0x370 mm/page_alloc.c:5161
 __alloc_pages_noprof mm/page_alloc.c:5182 [inline]
 __folio_alloc_noprof+0x18/0x120 mm/page_alloc.c:5192
 alloc_charge_folio+0x3c7/0x830 mm/khugepaged.c:1088
 collapse_huge_page mm/khugepaged.c:1132 [inline]
 hpage_collapse_scan_pmd+0x1298/0x3c60 mm/khugepaged.c:1436
 madvise_collapse+0x3d1/0xa40 mm/khugepaged.c:2813
 madvise_vma_behavior+0xec8/0x3af0 mm/madvise.c:1358
 madvise_walk_vmas+0x51c/0xa30 mm/madvise.c:1669
 madvise_do_behavior+0x38e/0x550 mm/madvise.c:1885
 do_madvise+0x1bc/0x270 mm/madvise.c:1978
 __do_sys_madvise mm/madvise.c:1987 [inline]
 __se_sys_madvise mm/madvise.c:1985 [inline]
 __x64_sys_madvise+0xa7/0xc0 mm/madvise.c:1985
 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
 do_syscall_64+0xfa/0x3b0 arch/x86/entry/syscall_64.c:94
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f110f38ebe9
Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007f1110201038 EFLAGS: 00000246 ORIG_RAX: 000000000000001c
RAX: ffffffffffffffda RBX: 00007f110f5b5fa0 RCX: 00007f110f38ebe9
RDX: 0000000000000019 RSI: 0000000000600003 RDI: 0000200000000000
RBP: 00007f110f411e19 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 00007f110f5b6038 R14: 00007f110f5b5fa0 R15: 00007ffc63835488
 </TASK>
==================================================================

Crashes (208):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2025/08/22 12:03 upstream 3957a5720157 bf27483f .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-root KASAN: null-ptr-deref Read in drop_buffers
2025/08/22 08:38 upstream 3957a5720157 bf27483f .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-badwrites-root KASAN: null-ptr-deref Read in drop_buffers
2025/08/22 05:54 upstream 3957a5720157 bf27483f .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs KASAN: null-ptr-deref Read in drop_buffers
2025/08/22 03:15 upstream 3957a5720157 bf27483f .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-root KASAN: null-ptr-deref Read in drop_buffers
2025/08/21 19:52 upstream 32b7144f806e 0b9605c8 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-root KASAN: null-ptr-deref Read in drop_buffers
2025/08/21 14:51 upstream 32b7144f806e 0b9605c8 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-badwrites-root KASAN: null-ptr-deref Read in drop_buffers
2025/08/21 11:56 upstream 41cd3fd15263 0b9605c8 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-root KASAN: null-ptr-deref Read in drop_buffers
2025/08/21 09:57 upstream 41cd3fd15263 0b9605c8 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-root KASAN: null-ptr-deref Read in drop_buffers
2025/08/21 04:54 upstream 41cd3fd15263 0b9605c8 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-root KASAN: null-ptr-deref Read in drop_buffers
2025/08/21 01:09 upstream 41cd3fd15263 0b9605c8 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-badwrites-root KASAN: null-ptr-deref Read in drop_buffers
2025/08/21 00:05 upstream 41cd3fd15263 bd178e57 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-badwrites-root KASAN: null-ptr-deref Read in drop_buffers
2025/08/20 23:04 upstream 41cd3fd15263 bd178e57 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-root KASAN: null-ptr-deref Read in drop_buffers
2025/08/20 21:16 upstream b19a97d57c15 bd178e57 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-root KASAN: null-ptr-deref Read in drop_buffers
2025/08/20 19:22 upstream b19a97d57c15 bd178e57 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-root KASAN: null-ptr-deref Read in drop_buffers
2025/08/20 17:36 upstream b19a97d57c15 bd178e57 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-badwrites-root KASAN: null-ptr-deref Read in drop_buffers
2025/08/20 17:16 upstream b19a97d57c15 bd178e57 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-badwrites-root KASAN: null-ptr-deref Read in drop_buffers
2025/08/20 11:29 upstream b19a97d57c15 79512909 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs KASAN: null-ptr-deref Read in drop_buffers
2025/08/20 08:47 upstream b19a97d57c15 79512909 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-root KASAN: null-ptr-deref Read in drop_buffers
2025/08/20 04:50 upstream b19a97d57c15 79512909 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-root KASAN: null-ptr-deref Read in drop_buffers
2025/08/20 03:04 upstream b19a97d57c15 79512909 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-root KASAN: null-ptr-deref Read in drop_buffers
2025/08/20 00:03 upstream b19a97d57c15 79512909 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-root KASAN: null-ptr-deref Read in drop_buffers
2025/08/19 22:09 upstream b19a97d57c15 79512909 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-root KASAN: null-ptr-deref Read in drop_buffers
2025/08/19 21:59 upstream b19a97d57c15 79512909 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-badwrites-root KASAN: null-ptr-deref Read in drop_buffers
2025/08/19 15:30 upstream be48bcf004f9 523f460e .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-root KASAN: null-ptr-deref Read in drop_buffers
2025/08/19 14:08 upstream be48bcf004f9 523f460e .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-root KASAN: null-ptr-deref Read in drop_buffers
2025/08/19 10:48 upstream be48bcf004f9 523f460e .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-root KASAN: null-ptr-deref Read in drop_buffers
2025/08/18 03:15 upstream 8d561baae505 1804e95e .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-root KASAN: null-ptr-deref Read in drop_buffers
2025/08/22 01:00 upstream 32b7144f806e 3e79b825 .config console log report [disk image (non-bootable)] [vmlinux] [kernel image] ci-snapshot-upstream-root KASAN: null-ptr-deref Read in drop_buffers
2025/08/20 05:52 upstream b19a97d57c15 79512909 .config console log report [disk image (non-bootable)] [vmlinux] [kernel image] ci-snapshot-upstream-root KASAN: null-ptr-deref Read in drop_buffers
2025/08/24 02:14 linux-next 7fa4d8dc380f bf27483f .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-linux-next-kasan-gce-root KASAN: null-ptr-deref Read in drop_buffers
2025/08/23 18:00 linux-next 7fa4d8dc380f bf27483f .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-linux-next-kasan-gce-root KASAN: null-ptr-deref Read in drop_buffers
2025/08/23 16:21 linux-next 7fa4d8dc380f bf27483f .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-linux-next-kasan-gce-root KASAN: null-ptr-deref Read in drop_buffers
2025/08/23 10:35 linux-next 7fa4d8dc380f bf27483f .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-linux-next-kasan-gce-root KASAN: null-ptr-deref Read in drop_buffers
2025/08/23 09:18 linux-next 7fa4d8dc380f bf27483f .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-linux-next-kasan-gce-root KASAN: null-ptr-deref Read in drop_buffers
2025/08/23 05:57 linux-next 7fa4d8dc380f bf27483f .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-linux-next-kasan-gce-root KASAN: null-ptr-deref Read in drop_buffers
2025/08/23 04:09 linux-next 7fa4d8dc380f bf27483f .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-linux-next-kasan-gce-root KASAN: null-ptr-deref Read in drop_buffers
2025/08/23 02:11 linux-next 7fa4d8dc380f bf27483f .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-linux-next-kasan-gce-root KASAN: null-ptr-deref Read in drop_buffers
2025/08/22 23:56 linux-next 7fa4d8dc380f bf27483f .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-linux-next-kasan-gce-root KASAN: null-ptr-deref Read in drop_buffers
2025/08/22 22:09 linux-next 7fa4d8dc380f bf27483f .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-linux-next-kasan-gce-root KASAN: null-ptr-deref Read in drop_buffers
2025/08/22 13:43 linux-next 7fa4d8dc380f bf27483f .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-linux-next-kasan-gce-root KASAN: null-ptr-deref Read in drop_buffers
2025/08/22 12:31 linux-next 7fa4d8dc380f bf27483f .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-linux-next-kasan-gce-root KASAN: null-ptr-deref Read in drop_buffers
2025/08/21 23:08 linux-next 7fa4d8dc380f bf27483f .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-linux-next-kasan-gce-root KASAN: null-ptr-deref Read in drop_buffers
2025/08/21 22:07 linux-next 7fa4d8dc380f 0b9605c8 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-linux-next-kasan-gce-root KASAN: null-ptr-deref Read in drop_buffers
2025/08/21 08:32 linux-next 7fa4d8dc380f 0b9605c8 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-linux-next-kasan-gce-root KASAN: null-ptr-deref Read in drop_buffers
2025/08/20 16:04 linux-next 5303936d609e bd178e57 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-linux-next-kasan-gce-root KASAN: null-ptr-deref Read in drop_buffers
2025/08/20 12:29 linux-next 5303936d609e bd178e57 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-linux-next-kasan-gce-root KASAN: null-ptr-deref Read in drop_buffers
2025/08/20 06:29 linux-next 5303936d609e 79512909 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-linux-next-kasan-gce-root KASAN: null-ptr-deref Read in drop_buffers
2025/08/19 20:18 linux-next 886e5e7b0432 523f460e .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-linux-next-kasan-gce-root KASAN: null-ptr-deref Read in drop_buffers
2025/08/19 08:27 linux-next 886e5e7b0432 523f460e .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-linux-next-kasan-gce-root KASAN: null-ptr-deref Read in drop_buffers
2025/08/14 04:12 linux-next 931e46dcbc7e 22ec1469 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-linux-next-kasan-gce-root KASAN: null-ptr-deref Read in drop_buffers
2025/08/17 02:07 upstream 90d970cade8e dcc075fb .config console log report [disk image (non-bootable)] [vmlinux] [kernel image] ci-snapshot-upstream-root KASAN: user-memory-access Read in drop_buffers
* Struck through repros no longer work on HEAD.