syzbot

 sign-in | mailing list | source | docs
🐞 Open [1469]
Subsystems
🐞 Fixed [6815]
🐞 Invalid [17635]
Missing Backports [225]
Crashes
Kernel Health Bugs/Month Bug Lifetimes Fuzzing
Total Repo Heatmap Subsystems Heatmap
💬 Send us feedback

KASAN: null-ptr-deref Read in drop_buffers (5)

Status: upstream: reported on 2025/11/10 12:38
Subsystems: fs
[Documentation on labels]
Reported-by: syzbot+e07658f51ca22ab65b4e@syzkaller.appspotmail.com
First crash: 53d, last: 46d
Discussions (3)
Title Replies (including bot) Last reply
[PATCH v2] fs: add NULL check in drop_buffers() to prevent null-ptr-deref 11 (11) 2025/12/11 12:50
[PATCH] fs: add NULL check in drop_buffers() to prevent null-ptr-deref 1 (1) 2025/12/08 18:48
[syzbot] [fs?] KASAN: null-ptr-deref Read in drop_buffers (5) 0 (1) 2025/11/10 12:38
Similar bugs (6)
Kernel Title Rank 🛈 Repro Cause bisect Fix bisect Count Last Reported Patched Status
upstream KASAN: null-ptr-deref Read in drop_buffers (2) jfs 11 C error 252 668d 879d 0/29 auto-obsoleted due to no activity on 2024/05/08 22:28
upstream KASAN: null-ptr-deref Read in drop_buffers kernfs 11 5 1155d 1155d 0/29 auto-obsoleted due to no activity on 2023/02/27 02:04
upstream KASAN: null-ptr-deref Read in drop_buffers (4) fs 17 228 123d 132d 0/29 auto-obsoleted due to no activity on 2025/10/15 13:15
upstream KASAN: null-ptr-deref Read in drop_buffers (3) fs 17 C 98 286d 452d 0/29 auto-obsoleted due to no activity on 2025/06/08 23:43
linux-6.1 KASAN: slab-out-of-bounds Read in drop_buffers 17 1 330d 330d 0/3 auto-obsoleted due to no activity on 2025/05/11 23:03
linux-6.1 KASAN: slab-out-of-bounds Read in drop_buffers (2) origin:lts-only 17 C 6 2h24m 99d 0/3 upstream: reported C repro on 2025/09/19 09:12

Sample crash report:
==================================================================
BUG: KASAN: null-ptr-deref in instrument_atomic_read include/linux/instrumented.h:68 [inline]
BUG: KASAN: null-ptr-deref in atomic_read include/linux/atomic/atomic-instrumented.h:32 [inline]
BUG: KASAN: null-ptr-deref in buffer_busy fs/buffer.c:2886 [inline]
BUG: KASAN: null-ptr-deref in drop_buffers.constprop.0+0x89/0x340 fs/buffer.c:2898
Read of size 4 at addr 0000000000000060 by task kswapd0/85

CPU: 1 UID: 0 PID: 85 Comm: kswapd0 Not tainted syzkaller #0 PREEMPT(full) 
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
Call Trace:
 <TASK>
 __dump_stack lib/dump_stack.c:94 [inline]
 dump_stack_lvl+0x116/0x1f0 lib/dump_stack.c:120
 kasan_report+0xe0/0x110 mm/kasan/report.c:595
 check_region_inline mm/kasan/generic.c:194 [inline]
 kasan_check_range+0x100/0x1b0 mm/kasan/generic.c:200
 instrument_atomic_read include/linux/instrumented.h:68 [inline]
 atomic_read include/linux/atomic/atomic-instrumented.h:32 [inline]
 buffer_busy fs/buffer.c:2886 [inline]
 drop_buffers.constprop.0+0x89/0x340 fs/buffer.c:2898
 try_to_free_buffers+0x21c/0x2d0 fs/buffer.c:2952
 filemap_release_folio+0x219/0x280 mm/filemap.c:4423
 shrink_folio_list+0x28a5/0x4800 mm/vmscan.c:1519
 evict_folios+0x79c/0x1b30 mm/vmscan.c:4745
 try_to_shrink_lruvec+0x585/0x9b0 mm/vmscan.c:4908
 shrink_one+0x3e3/0x7a0 mm/vmscan.c:4953
 shrink_many mm/vmscan.c:5016 [inline]
 lru_gen_shrink_node mm/vmscan.c:5094 [inline]
 shrink_node+0x26cb/0x3d80 mm/vmscan.c:6081
 kswapd_shrink_node mm/vmscan.c:6941 [inline]
 balance_pgdat+0xbb8/0x1a50 mm/vmscan.c:7124
 kswapd+0x590/0xb90 mm/vmscan.c:7389
 kthread+0x3c5/0x780 kernel/kthread.c:463
 ret_from_fork+0x675/0x7d0 arch/x86/kernel/process.c:158
 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245
 </TASK>
==================================================================

Crashes (5):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2025/11/11 09:24 upstream 4427259cc7f7 4e1406b4 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-badwrites-root KASAN: null-ptr-deref Read in drop_buffers
2025/11/10 19:43 upstream 4ea7c1717f3f 4e1406b4 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-badwrites-root KASAN: null-ptr-deref Read in drop_buffers
2025/11/09 00:48 upstream 7bb4d6512545 4e1406b4 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-badwrites-root KASAN: null-ptr-deref Read in drop_buffers
2025/11/06 04:32 upstream dc77806cf3b4 a6c9c731 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-badwrites-root KASAN: null-ptr-deref Read in drop_buffers
2025/11/04 23:53 upstream 17d85f33a83b a6c9c731 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-badwrites-root KASAN: null-ptr-deref Read in drop_buffers
* Struck through repros no longer work on HEAD.