syzbot

 sign-in | mailing list | source | docs
🐞 Open [1574]
Subsystems
🐞 Fixed [6355]
🐞 Invalid [16200]
Missing Backports [194]
Crashes
Kernel Health Bugs/Month Bug Lifetimes Fuzzing
Total Repo Heatmap Subsystems Heatmap
💬 Send us feedback

KASAN: null-ptr-deref Read in gfs2_drop_inode

Status: upstream: reported C repro on 2025/05/26 11:03
Subsystems: gfs2
[Documentation on labels]
Reported-by: syzbot+b12826218502df019f9d@syzkaller.appspotmail.com
Fix commit: 9126d2754c5e gfs2: Don't clear sb->s_fs_info in gfs2_sys_fs_add
Patched on: [ci-qemu-gce-upstream-auto ci-qemu-upstream ci-qemu-upstream-386 ci-qemu2-arm32 ci-qemu2-arm64 ci-qemu2-arm64-compat ci-qemu2-arm64-mte ci-qemu2-riscv64 ci-snapshot-upstream-root ci-upstream-bpf-kasan-gce ci-upstream-bpf-next-kasan-gce ci-upstream-gce-arm64 ci-upstream-gce-leak ci-upstream-kasan-badwrites-root ci-upstream-kasan-gce ci-upstream-kasan-gce-386 ci-upstream-kasan-gce-root ci-upstream-kasan-gce-selinux-root ci-upstream-kasan-gce-smack-root ci-upstream-kmsan-gce-386-root ci-upstream-kmsan-gce-root ci-upstream-linux-next-kasan-gce-root ci-upstream-net-kasan-gce ci-upstream-net-this-kasan-gce ci-upstream-rust-kasan-gce ci2-upstream-fs ci2-upstream-kcsan-gce ci2-upstream-usb], missing on: [ci-qemu-native-arm64-kvm]
First crash: 43d, last: 31d
Cause bisection: introduced by (bisect log) :
commit ae9f3bd8259a0a8f67be2420e66bb05fbb95af48
Author: Andreas Gruenbacher <agruenba@redhat.com>
Date: Sat Apr 5 22:31:37 2025 +0000

  gfs2: replace sd_aspace with sd_inode

Crash: KASAN: null-ptr-deref Read in gfs2_drop_inode (log)
Repro: C syz .config
  
Discussions (1)
Title Replies (including bot) Last reply
[syzbot] [gfs2?] KASAN: null-ptr-deref Read in gfs2_drop_inode 0 (3) 2025/06/02 12:05
Last patch testing requests (1)
Created Duration User Patch Repo Result
2025/06/02 12:05 27m anprice@redhat.com git://git.kernel.org/pub/scm/linux/kernel/git/gfs2/linux-gfs2.git for-next OK log

Sample crash report:
==================================================================
BUG: KASAN: null-ptr-deref in instrument_atomic_read include/linux/instrumented.h:68 [inline]
BUG: KASAN: null-ptr-deref in _test_bit include/asm-generic/bitops/instrumented-non-atomic.h:141 [inline]
BUG: KASAN: null-ptr-deref in gfs2_drop_inode+0x20c/0x3a0 fs/gfs2/super.c:1052
Read of size 8 at addr 00000000000000a8 by task syz-executor322/5858

CPU: 0 UID: 0 PID: 5858 Comm: syz-executor322 Not tainted 6.15.0-syzkaller-11061-g7f9039c524a3 #0 PREEMPT(full) 
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
Call Trace:
 <TASK>
 dump_stack_lvl+0x189/0x250 lib/dump_stack.c:120
 kasan_report+0x118/0x150 mm/kasan/report.c:634
 check_region_inline mm/kasan/generic.c:-1 [inline]
 kasan_check_range+0x2b0/0x2c0 mm/kasan/generic.c:189
 instrument_atomic_read include/linux/instrumented.h:68 [inline]
 _test_bit include/asm-generic/bitops/instrumented-non-atomic.h:141 [inline]
 gfs2_drop_inode+0x20c/0x3a0 fs/gfs2/super.c:1052
 iput_final fs/inode.c:1868 [inline]
 iput+0x45d/0x9d0 fs/inode.c:1924
 gfs2_fill_super+0x1418/0x2010 fs/gfs2/ops_fstype.c:1314
 get_tree_bdev_flags+0x40e/0x4d0 fs/super.c:1679
 gfs2_get_tree+0x51/0x1e0 fs/gfs2/ops_fstype.c:1333
 vfs_get_tree+0x92/0x2b0 fs/super.c:1802
 do_new_mount+0x24a/0xa40 fs/namespace.c:3856
 do_mount fs/namespace.c:4193 [inline]
 __do_sys_mount fs/namespace.c:4404 [inline]
 __se_sys_mount+0x317/0x410 fs/namespace.c:4381
 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
 do_syscall_64+0xfa/0x3b0 arch/x86/entry/syscall_64.c:94
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7fec93895c5a
Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 8e 04 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007ffe55450bf8 EFLAGS: 00000282 ORIG_RAX: 00000000000000a5
RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007fec93895c5a
RDX: 0000200000000240 RSI: 0000200000001c00 RDI: 00007ffe55450c50
RBP: 0000000000000004 R08: 00007ffe55450c90 R09: 00000000000125dc
R10: 0000000001000800 R11: 0000000000000282 R12: 0000000001000000
R13: 00007ffe55450c90 R14: 0000200000001c00 R15: 0000000000000003
 </TASK>
==================================================================

Crashes (1050):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2025/06/03 06:58 upstream 7f9039c524a3 b396b4bf .config strace log report syz / log C [disk image] [vmlinux] [kernel image] [mounted in repro (corrupt fs)] ci-upstream-kasan-gce-root KASAN: null-ptr-deref Read in gfs2_drop_inode
2025/06/01 11:10 upstream 4cb6c8af8591 3d2f584d .config strace log report syz / log C [disk image] [vmlinux] [kernel image] [mounted in repro (clean fs)] ci-upstream-kasan-gce-root KASAN: null-ptr-deref Read in gfs2_drop_inode
2025/05/31 07:59 upstream 8477ab143069 3d2f584d .config strace log report syz / log C [disk image] [vmlinux] [kernel image] [mounted in repro (corrupt fs)] ci-upstream-kasan-gce-root KASAN: null-ptr-deref Read in gfs2_drop_inode
2025/05/30 03:34 upstream e0797d3b91de 3d2f584d .config strace log report syz / log C [disk image] [vmlinux] [kernel image] [mounted in repro (clean fs)] ci-upstream-kasan-gce-root KASAN: null-ptr-deref Read in gfs2_drop_inode
2025/05/30 02:50 upstream e0797d3b91de 3d2f584d .config strace log report syz / log C [disk image] [vmlinux] [kernel image] [mounted in repro (corrupt fs)] ci-upstream-kasan-gce-root KASAN: null-ptr-deref Read in gfs2_drop_inode
2025/05/30 02:10 upstream e0797d3b91de 3d2f584d .config strace log report syz / log C [disk image] [vmlinux] [kernel image] [mounted in repro (corrupt fs)] ci-upstream-kasan-gce-root KASAN: null-ptr-deref Read in gfs2_drop_inode
2025/05/30 01:29 upstream e0797d3b91de 3d2f584d .config strace log report syz / log C [disk image] [vmlinux] [kernel image] [mounted in repro (corrupt fs)] ci-upstream-kasan-gce-root KASAN: null-ptr-deref Read in gfs2_drop_inode
2025/06/02 22:16 linux-next 3a83b350b5be b396b4bf .config strace log report syz / log C [disk image] [vmlinux] [kernel image] [mounted in repro (corrupt fs)] ci-upstream-linux-next-kasan-gce-root KASAN: null-ptr-deref Read in gfs2_drop_inode
2025/06/02 00:10 linux-next 3a83b350b5be 3d2f584d .config strace log report syz / log C [disk image] [vmlinux] [kernel image] [mounted in repro (clean fs)] ci-upstream-linux-next-kasan-gce-root KASAN: null-ptr-deref Read in gfs2_drop_inode
2025/05/31 09:45 linux-next 3a83b350b5be 3d2f584d .config strace log report syz / log C [disk image] [vmlinux] [kernel image] [mounted in repro (corrupt fs)] ci-upstream-linux-next-kasan-gce-root KASAN: null-ptr-deref Read in gfs2_drop_inode
2025/05/30 20:48 linux-next 3a83b350b5be 3d2f584d .config strace log report syz / log C [disk image] [vmlinux] [kernel image] [mounted in repro (clean fs)] ci-upstream-linux-next-kasan-gce-root KASAN: null-ptr-deref Read in gfs2_drop_inode
2025/05/29 22:01 linux-next 2a628f951ed5 3d2f584d .config strace log report syz / log C [disk image] [vmlinux] [kernel image] [mounted in repro (clean fs)] ci-upstream-linux-next-kasan-gce-root KASAN: null-ptr-deref Read in gfs2_drop_inode
2025/05/29 07:30 linux-next 64d12554715c 3d2f584d .config strace log report syz / log C [disk image] [vmlinux] [kernel image] [mounted in repro (corrupt fs)] ci-upstream-linux-next-kasan-gce-root KASAN: null-ptr-deref Read in gfs2_drop_inode
2025/05/29 05:06 linux-next 64d12554715c 3d2f584d .config strace log report syz / log C [disk image] [vmlinux] [kernel image] [mounted in repro (corrupt fs)] ci-upstream-linux-next-kasan-gce-root KASAN: null-ptr-deref Read in gfs2_drop_inode
2025/05/29 03:02 linux-next 64d12554715c 3d2f584d .config strace log report syz / log C [disk image] [vmlinux] [kernel image] [mounted in repro (corrupt fs)] ci-upstream-linux-next-kasan-gce-root KASAN: null-ptr-deref Read in gfs2_drop_inode
2025/05/29 00:23 linux-next 64d12554715c 3d2f584d .config strace log report syz / log C [disk image] [vmlinux] [kernel image] [mounted in repro (corrupt fs)] ci-upstream-linux-next-kasan-gce-root KASAN: null-ptr-deref Read in gfs2_drop_inode
2025/05/28 05:56 linux-next fefff2755f2a 874a1386 .config strace log report syz / log C [disk image] [vmlinux] [kernel image] [mounted in repro (clean fs)] ci-upstream-linux-next-kasan-gce-root KASAN: null-ptr-deref Read in gfs2_drop_inode
2025/05/23 20:28 linux-next 176e917e010c f8cc0c83 .config strace log report syz / log C [disk image] [vmlinux] [kernel image] [mounted in repro (clean fs)] ci-upstream-linux-next-kasan-gce-root KASAN: null-ptr-deref Read in gfs2_drop_inode
2025/06/03 11:56 upstream 7f9039c524a3 b396b4bf .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-root KASAN: null-ptr-deref Read in gfs2_drop_inode
2025/06/03 05:32 upstream 7f9039c524a3 b396b4bf .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-root KASAN: null-ptr-deref Read in gfs2_drop_inode
2025/06/03 03:41 upstream 7f9039c524a3 b396b4bf .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-root KASAN: null-ptr-deref Read in gfs2_drop_inode
2025/06/03 02:37 upstream 7f9039c524a3 b396b4bf .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-root KASAN: null-ptr-deref Read in gfs2_drop_inode
2025/06/03 00:27 upstream 7f9039c524a3 b396b4bf .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-badwrites-root KASAN: null-ptr-deref Read in gfs2_drop_inode
2025/06/03 00:27 upstream 7f9039c524a3 b396b4bf .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-root KASAN: null-ptr-deref Read in gfs2_drop_inode
2025/06/02 23:18 upstream 7f9039c524a3 b396b4bf .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-root KASAN: null-ptr-deref Read in gfs2_drop_inode
2025/06/02 20:44 upstream cd2e103d57e5 b396b4bf .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-root KASAN: null-ptr-deref Read in gfs2_drop_inode
2025/06/02 19:24 upstream cd2e103d57e5 b396b4bf .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-root KASAN: null-ptr-deref Read in gfs2_drop_inode
2025/06/02 13:20 upstream cd2e103d57e5 b396b4bf .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-badwrites-root KASAN: null-ptr-deref Read in gfs2_drop_inode
2025/06/02 13:17 upstream cd2e103d57e5 b396b4bf .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-root KASAN: null-ptr-deref Read in gfs2_drop_inode
2025/06/02 06:12 upstream cd2e103d57e5 3d2f584d .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-badwrites-root KASAN: null-ptr-deref Read in gfs2_drop_inode
2025/06/02 01:13 upstream 7d4e49a77d99 3d2f584d .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-root KASAN: null-ptr-deref Read in gfs2_drop_inode
2025/06/01 18:04 upstream 7d4e49a77d99 3d2f584d .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-badwrites-root KASAN: null-ptr-deref Read in gfs2_drop_inode
2025/06/01 16:35 upstream 7d4e49a77d99 3d2f584d .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-badwrites-root KASAN: null-ptr-deref Read in gfs2_drop_inode
2025/06/01 14:31 upstream 7d4e49a77d99 3d2f584d .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-root KASAN: null-ptr-deref Read in gfs2_drop_inode
2025/06/01 13:20 upstream 4cb6c8af8591 3d2f584d .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-root KASAN: null-ptr-deref Read in gfs2_drop_inode
2025/06/01 11:13 upstream 4cb6c8af8591 3d2f584d .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-root KASAN: null-ptr-deref Read in gfs2_drop_inode
2025/06/01 10:33 upstream 4cb6c8af8591 3d2f584d .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-root KASAN: null-ptr-deref Read in gfs2_drop_inode
2025/06/01 10:31 upstream 4cb6c8af8591 3d2f584d .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-root KASAN: null-ptr-deref Read in gfs2_drop_inode
2025/06/01 05:14 upstream 4cb6c8af8591 3d2f584d .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-badwrites-root KASAN: null-ptr-deref Read in gfs2_drop_inode
2025/06/01 03:47 upstream 4cb6c8af8591 3d2f584d .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-badwrites-root KASAN: null-ptr-deref Read in gfs2_drop_inode
2025/06/01 03:12 upstream 4cb6c8af8591 3d2f584d .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-badwrites-root KASAN: null-ptr-deref Read in gfs2_drop_inode
2025/06/01 01:10 upstream 4cb6c8af8591 3d2f584d .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-root KASAN: null-ptr-deref Read in gfs2_drop_inode
2025/05/31 22:42 upstream 0f70f5b08a47 3d2f584d .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-root KASAN: null-ptr-deref Read in gfs2_drop_inode
2025/06/02 22:17 linux-next 3a83b350b5be b396b4bf .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-linux-next-kasan-gce-root KASAN: null-ptr-deref Read in gfs2_drop_inode
2025/06/02 14:23 linux-next 3a83b350b5be b396b4bf .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-linux-next-kasan-gce-root KASAN: null-ptr-deref Read in gfs2_drop_inode
2025/06/02 09:38 linux-next 3a83b350b5be 3d2f584d .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-linux-next-kasan-gce-root KASAN: null-ptr-deref Read in gfs2_drop_inode
2025/06/02 07:26 linux-next 3a83b350b5be 3d2f584d .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-linux-next-kasan-gce-root KASAN: null-ptr-deref Read in gfs2_drop_inode
2025/06/02 07:20 linux-next 3a83b350b5be 3d2f584d .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-linux-next-kasan-gce-root KASAN: null-ptr-deref Read in gfs2_drop_inode
2025/06/02 04:54 linux-next 3a83b350b5be 3d2f584d .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-linux-next-kasan-gce-root KASAN: null-ptr-deref Read in gfs2_drop_inode
2025/06/02 03:54 linux-next 3a83b350b5be 3d2f584d .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-linux-next-kasan-gce-root KASAN: null-ptr-deref Read in gfs2_drop_inode
2025/06/02 03:32 linux-next 3a83b350b5be 3d2f584d .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-linux-next-kasan-gce-root KASAN: null-ptr-deref Read in gfs2_drop_inode
2025/06/02 02:18 linux-next 3a83b350b5be 3d2f584d .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-linux-next-kasan-gce-root KASAN: null-ptr-deref Read in gfs2_drop_inode
2025/06/02 02:18 linux-next 3a83b350b5be 3d2f584d .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-linux-next-kasan-gce-root KASAN: null-ptr-deref Read in gfs2_drop_inode
2025/06/01 22:24 linux-next 3a83b350b5be 3d2f584d .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-linux-next-kasan-gce-root KASAN: null-ptr-deref Read in gfs2_drop_inode
2025/06/01 21:57 linux-next 3a83b350b5be 3d2f584d .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-linux-next-kasan-gce-root KASAN: null-ptr-deref Read in gfs2_drop_inode
2025/06/01 20:39 linux-next 3a83b350b5be 3d2f584d .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-linux-next-kasan-gce-root KASAN: null-ptr-deref Read in gfs2_drop_inode
2025/06/01 15:32 linux-next 3a83b350b5be 3d2f584d .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-linux-next-kasan-gce-root KASAN: null-ptr-deref Read in gfs2_drop_inode
2025/06/01 12:40 linux-next 3a83b350b5be 3d2f584d .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-linux-next-kasan-gce-root KASAN: null-ptr-deref Read in gfs2_drop_inode
2025/06/01 08:09 linux-next 3a83b350b5be 3d2f584d .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-linux-next-kasan-gce-root KASAN: null-ptr-deref Read in gfs2_drop_inode
2025/06/01 07:24 linux-next 3a83b350b5be 3d2f584d .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-linux-next-kasan-gce-root KASAN: null-ptr-deref Read in gfs2_drop_inode
2025/06/01 06:20 linux-next 3a83b350b5be 3d2f584d .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-linux-next-kasan-gce-root KASAN: null-ptr-deref Read in gfs2_drop_inode
2025/06/01 02:12 linux-next 3a83b350b5be 3d2f584d .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-linux-next-kasan-gce-root KASAN: null-ptr-deref Read in gfs2_drop_inode
2025/06/01 00:19 linux-next 3a83b350b5be 3d2f584d .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-linux-next-kasan-gce-root KASAN: null-ptr-deref Read in gfs2_drop_inode
2025/05/31 22:39 linux-next 3a83b350b5be 3d2f584d .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-linux-next-kasan-gce-root KASAN: null-ptr-deref Read in gfs2_drop_inode
* Struck through repros no longer work on HEAD.