syzbot

 sign-in | mailing list | source | docs
🐞 Open [1639]
Subsystems
🐞 Fixed [6010]
🐞 Invalid [14818]
Missing Backports [135]
Crashes
Kernel Health Bugs/Month Bug Lifetimes Fuzzing
Total Repo Heatmap Subsystems Heatmap
💬 Send us feedback

BUG: unable to handle kernel NULL pointer dereference in ext4_mb_add_groupinfo (2)

Status: upstream: reported on 2025/01/21 16:00
Subsystems: ext4
[Documentation on labels]
Reported-by: syzbot+c41c38d18cb10c84caee@syzkaller.appspotmail.com
First crash: 81d, last: 8d12h
Discussions (1)
Title Replies (including bot) Last reply
[syzbot] [ext4?] BUG: unable to handle kernel NULL pointer dereference in ext4_mb_add_groupinfo (2) 0 (1) 2025/01/21 16:00
Similar bugs (1)
Kernel Title Repro Cause bisect Fix bisect Count Last Reported Patched Status
upstream BUG: unable to handle kernel NULL pointer dereference in ext4_mb_add_groupinfo ext4 2 218d 234d 0/28 auto-obsoleted due to no activity on 2024/09/24 01:48

Sample crash report:
loop3: detected capacity change from 0 to 512
BUG: kernel NULL pointer dereference, address: 0000000000000012
#PF: supervisor read access in kernel mode
#PF: error_code(0x0000) - not-present page
PGD 800000007ee5d067 P4D 800000007ee5d067 PUD 33cf4067 PMD 0 
Oops: Oops: 0000 [#1] PREEMPT SMP KASAN PTI
CPU: 1 UID: 0 PID: 6142 Comm: syz.3.43 Not tainted 6.13.0-syzkaller-00918-g95ec54a420b8 #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024
RIP: 0010:___slab_alloc+0x595/0x14a0 mm/slub.c:3773
Code: 85 fb 00 00 00 65 4c 8b 2c 25 c0 d4 03 00 4c 89 6b 28 49 83 7e 10 00 0f 85 82 01 00 00 49 8b 5e 18 48 85 db 0f 84 ea 04 00 00 <48> 8b 43 10 49 89 46 18 8b 4c 24 10 83 f9 ff 74 15 48 8b 03 48 83
RSP: 0018:ffffc9000522f6c8 EFLAGS: 00010002
RAX: 7513f5baf7a4fb00 RBX: 0000000000000002 RCX: ffff88802fa9a8d8
RDX: dffffc0000000000 RSI: ffffffff8c0aab60 RDI: ffffffff8c5f49e0
RBP: 0000000000000202 R08: ffffffff9428e887 R09: 1ffffffff2851d10
R10: dffffc0000000000 R11: fffffbfff2851d11 R12: ffff888058f948c0
R13: ffff88802fa99e00 R14: ffffe8ffffd71220 R15: ffffffff81f839cf
FS:  00007fa654bc36c0(0000) GS:ffff8880b8700000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000000000000012 CR3: 000000003348a000 CR4: 00000000003526f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
 <TASK>
 __slab_alloc+0x58/0xa0 mm/slub.c:3920
 __slab_alloc_node mm/slub.c:3995 [inline]
 slab_alloc_node mm/slub.c:4156 [inline]
 kmem_cache_alloc_noprof+0x268/0x380 mm/slub.c:4175
 ext4_mb_add_groupinfo+0x6c3/0xfa0 fs/ext4/mballoc.c:3356
 ext4_mb_init_backend fs/ext4/mballoc.c:3435 [inline]
 ext4_mb_init+0x15ab/0x27e0 fs/ext4/mballoc.c:3733
 __ext4_fill_super fs/ext4/super.c:5559 [inline]
 ext4_fill_super+0x5f54/0x6e60 fs/ext4/super.c:5733
 get_tree_bdev_flags+0x48c/0x5c0 fs/super.c:1636
 vfs_get_tree+0x90/0x2b0 fs/super.c:1814
 do_new_mount+0x2be/0xb40 fs/namespace.c:3560
 do_mount fs/namespace.c:3900 [inline]
 __do_sys_mount fs/namespace.c:4111 [inline]
 __se_sys_mount+0x2d6/0x3c0 fs/namespace.c:4088
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7fa653d874ca
Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 de 1a 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007fa654bc2e68 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
RAX: ffffffffffffffda RBX: 00007fa654bc2ef0 RCX: 00007fa653d874ca
RDX: 0000000020000180 RSI: 0000000020000640 RDI: 00007fa654bc2eb0
RBP: 0000000020000180 R08: 00007fa654bc2ef0 R09: 0000000000000010
R10: 0000000000000010 R11: 0000000000000246 R12: 0000000020000640
R13: 00007fa654bc2eb0 R14: 000000000000047b R15: 0000000020000100
 </TASK>
Modules linked in:
CR2: 0000000000000012
---[ end trace 0000000000000000 ]---
RIP: 0010:___slab_alloc+0x595/0x14a0 mm/slub.c:3773
Code: 85 fb 00 00 00 65 4c 8b 2c 25 c0 d4 03 00 4c 89 6b 28 49 83 7e 10 00 0f 85 82 01 00 00 49 8b 5e 18 48 85 db 0f 84 ea 04 00 00 <48> 8b 43 10 49 89 46 18 8b 4c 24 10 83 f9 ff 74 15 48 8b 03 48 83
RSP: 0018:ffffc9000522f6c8 EFLAGS: 00010002
RAX: 7513f5baf7a4fb00 RBX: 0000000000000002 RCX: ffff88802fa9a8d8
RDX: dffffc0000000000 RSI: ffffffff8c0aab60 RDI: ffffffff8c5f49e0
RBP: 0000000000000202 R08: ffffffff9428e887 R09: 1ffffffff2851d10
R10: dffffc0000000000 R11: fffffbfff2851d11 R12: ffff888058f948c0
R13: ffff88802fa99e00 R14: ffffe8ffffd71220 R15: ffffffff81f839cf
FS:  00007fa654bc36c0(0000) GS:ffff8880b8700000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000000000000012 CR3: 000000003348a000 CR4: 00000000003526f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
----------------
Code disassembly (best guess):
   0:	85 fb                	test   %edi,%ebx
   2:	00 00                	add    %al,(%rax)
   4:	00 65 4c             	add    %ah,0x4c(%rbp)
   7:	8b 2c 25 c0 d4 03 00 	mov    0x3d4c0,%ebp
   e:	4c 89 6b 28          	mov    %r13,0x28(%rbx)
  12:	49 83 7e 10 00       	cmpq   $0x0,0x10(%r14)
  17:	0f 85 82 01 00 00    	jne    0x19f
  1d:	49 8b 5e 18          	mov    0x18(%r14),%rbx
  21:	48 85 db             	test   %rbx,%rbx
  24:	0f 84 ea 04 00 00    	je     0x514
* 2a:	48 8b 43 10          	mov    0x10(%rbx),%rax <-- trapping instruction
  2e:	49 89 46 18          	mov    %rax,0x18(%r14)
  32:	8b 4c 24 10          	mov    0x10(%rsp),%ecx
  36:	83 f9 ff             	cmp    $0xffffffff,%ecx
  39:	74 15                	je     0x50
  3b:	48 8b 03             	mov    (%rbx),%rax
  3e:	48                   	rex.W
  3f:	83                   	.byte 0x83

Crashes (5):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2025/01/21 15:59 upstream 95ec54a420b8 6e87cfa2 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs BUG: unable to handle kernel NULL pointer dereference in ext4_mb_add_groupinfo
2025/01/11 14:19 upstream 77a903cd8e5a 6dbc6a9b .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs BUG: unable to handle kernel NULL pointer dereference in ext4_mb_add_groupinfo
2025/01/01 08:47 upstream ccb98ccef0e5 d3ccff63 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-root BUG: unable to handle kernel NULL pointer dereference in ext4_mb_add_groupinfo
2024/12/12 14:35 upstream 231825b2e1ff 530e80f8 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs BUG: unable to handle kernel NULL pointer dereference in ext4_mb_add_groupinfo
2024/11/09 05:24 upstream f1dce1f09380 6b856513 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs BUG: unable to handle kernel NULL pointer dereference in ext4_mb_add_groupinfo
* Struck through repros no longer work on HEAD.