syzbot


BUG: unable to handle kernel NULL pointer dereference in ext4_mb_add_groupinfo (2)

Status: upstream: reported on 2025/01/21 16:00
Subsystems: ext4
[Documentation on labels]
Reported-by: syzbot+c41c38d18cb10c84caee@syzkaller.appspotmail.com
First crash: 101d, last: 6d03h
Discussions (1)
Title Replies (including bot) Last reply
[syzbot] [ext4?] BUG: unable to handle kernel NULL pointer dereference in ext4_mb_add_groupinfo (2) 0 (1) 2025/01/21 16:00
Similar bugs (1)
Kernel Title Repro Cause bisect Fix bisect Count Last Reported Patched Status
upstream BUG: unable to handle kernel NULL pointer dereference in ext4_mb_add_groupinfo ext4 2 237d 253d 0/28 auto-obsoleted due to no activity on 2024/09/24 01:48

Sample crash report:
loop4: detected capacity change from 0 to 512
BUG: kernel NULL pointer dereference, address: 0000000000000013
#PF: supervisor read access in kernel mode
#PF: error_code(0x0000) - not-present page
PGD 31f4d067 P4D 31f4d067 PUD 0 
Oops: Oops: 0000 [#1] PREEMPT SMP KASAN NOPTI
CPU: 0 UID: 0 PID: 6179 Comm: syz.4.56 Not tainted 6.14.0-rc2-syzkaller-00039-g09fbf3d50205 #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024
RIP: 0010:___slab_alloc+0x26d/0x1720 mm/slub.c:3769
Code: ff 75 0b 49 83 7f 28 00 0f 85 92 06 00 00 4d 89 77 28 48 83 7b 10 00 0f 85 fb 04 00 00 4c 8b 7b 18 4d 85 ff 0f 84 88 05 00 00 <49> 8b 47 10 83 bd 68 ff ff ff ff 48 89 43 18 74 20 49 8b 07 48 83
RSP: 0018:ffffc9000bd77780 EFLAGS: 00010006
RAX: 0000000000000000 RBX: ffffe8ffffc766c0 RCX: ffffffff8195b34e
RDX: 0000000000000001 RSI: ffffffff82114611 RDI: 0000000000000000
RBP: ffffc9000bd77860 R08: 0000000000000000 R09: fffffbfff2dd6f98
R10: ffffffff96eb7cc7 R11: 0000000000000001 R12: ffff88802a77e3c0
R13: 0000000000000206 R14: ffff888034d5da00 R15: 0000000000000003
FS:  00007fadc194f6c0(0000) GS:ffff8880b8600000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000000000000013 CR3: 00000000556ec000 CR4: 0000000000350ef0
Call Trace:
 <TASK>
 __slab_alloc.constprop.0+0x56/0xb0 mm/slub.c:3916
 __slab_alloc_node mm/slub.c:3991 [inline]
 slab_alloc_node mm/slub.c:4152 [inline]
 kmem_cache_alloc_noprof+0xfa/0x3d0 mm/slub.c:4171
 ext4_mb_add_groupinfo+0x445/0x1100 fs/ext4/mballoc.c:3356
 ext4_mb_init_backend fs/ext4/mballoc.c:3435 [inline]
 ext4_mb_init+0x11df/0x2640 fs/ext4/mballoc.c:3733
 __ext4_fill_super fs/ext4/super.c:5551 [inline]
 ext4_fill_super+0x8b72/0xb160 fs/ext4/super.c:5722
 get_tree_bdev_flags+0x38e/0x620 fs/super.c:1636
 vfs_get_tree+0x8e/0x340 fs/super.c:1814
 do_new_mount fs/namespace.c:3560 [inline]
 path_mount+0x14e6/0x1f10 fs/namespace.c:3887
 do_mount fs/namespace.c:3900 [inline]
 __do_sys_mount fs/namespace.c:4111 [inline]
 __se_sys_mount fs/namespace.c:4088 [inline]
 __x64_sys_mount+0x28f/0x310 fs/namespace.c:4088
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7fadc0b8e58a
Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 de 1a 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007fadc194ee68 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
RAX: ffffffffffffffda RBX: 00007fadc194eef0 RCX: 00007fadc0b8e58a
RDX: 0000400000000180 RSI: 0000400000000080 RDI: 00007fadc194eeb0
RBP: 0000400000000180 R08: 00007fadc194eef0 R09: 0000000000000002
R10: 0000000000000002 R11: 0000000000000246 R12: 0000400000000080
R13: 00007fadc194eeb0 R14: 00000000000004be R15: 00004000000000c0
 </TASK>
Modules linked in:
CR2: 0000000000000013
---[ end trace 0000000000000000 ]---
RIP: 0010:___slab_alloc+0x26d/0x1720 mm/slub.c:3769
Code: ff 75 0b 49 83 7f 28 00 0f 85 92 06 00 00 4d 89 77 28 48 83 7b 10 00 0f 85 fb 04 00 00 4c 8b 7b 18 4d 85 ff 0f 84 88 05 00 00 <49> 8b 47 10 83 bd 68 ff ff ff ff 48 89 43 18 74 20 49 8b 07 48 83
RSP: 0018:ffffc9000bd77780 EFLAGS: 00010006
RAX: 0000000000000000 RBX: ffffe8ffffc766c0 RCX: ffffffff8195b34e
RDX: 0000000000000001 RSI: ffffffff82114611 RDI: 0000000000000000
RBP: ffffc9000bd77860 R08: 0000000000000000 R09: fffffbfff2dd6f98
R10: ffffffff96eb7cc7 R11: 0000000000000001 R12: ffff88802a77e3c0
R13: 0000000000000206 R14: ffff888034d5da00 R15: 0000000000000003
FS:  00007fadc194f6c0(0000) GS:ffff8880b8600000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000000000000013 CR3: 00000000556ec000 CR4: 0000000000350ef0
----------------
Code disassembly (best guess):
   0:	ff 75 0b             	push   0xb(%rbp)
   3:	49 83 7f 28 00       	cmpq   $0x0,0x28(%r15)
   8:	0f 85 92 06 00 00    	jne    0x6a0
   e:	4d 89 77 28          	mov    %r14,0x28(%r15)
  12:	48 83 7b 10 00       	cmpq   $0x0,0x10(%rbx)
  17:	0f 85 fb 04 00 00    	jne    0x518
  1d:	4c 8b 7b 18          	mov    0x18(%rbx),%r15
  21:	4d 85 ff             	test   %r15,%r15
  24:	0f 84 88 05 00 00    	je     0x5b2
* 2a:	49 8b 47 10          	mov    0x10(%r15),%rax <-- trapping instruction
  2e:	83 bd 68 ff ff ff ff 	cmpl   $0xffffffff,-0x98(%rbp)
  35:	48 89 43 18          	mov    %rax,0x18(%rbx)
  39:	74 20                	je     0x5b
  3b:	49 8b 07             	mov    (%r15),%rax
  3e:	48                   	rex.W
  3f:	83                   	.byte 0x83

Crashes (7):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2025/02/12 06:39 upstream 09fbf3d50205 f2baddf5 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-badwrites-root BUG: unable to handle kernel NULL pointer dereference in ext4_mb_add_groupinfo
2025/01/21 15:59 upstream 95ec54a420b8 6e87cfa2 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs BUG: unable to handle kernel NULL pointer dereference in ext4_mb_add_groupinfo
2025/01/11 14:19 upstream 77a903cd8e5a 6dbc6a9b .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs BUG: unable to handle kernel NULL pointer dereference in ext4_mb_add_groupinfo
2025/01/01 08:47 upstream ccb98ccef0e5 d3ccff63 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-root BUG: unable to handle kernel NULL pointer dereference in ext4_mb_add_groupinfo
2024/12/12 14:35 upstream 231825b2e1ff 530e80f8 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs BUG: unable to handle kernel NULL pointer dereference in ext4_mb_add_groupinfo
2024/11/09 05:24 upstream f1dce1f09380 6b856513 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs BUG: unable to handle kernel NULL pointer dereference in ext4_mb_add_groupinfo
2025/02/11 06:32 upstream febbc555cf0f 43f51a00 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs BUG: unable to handle kernel paging request in ext4_mb_add_groupinfo
* Struck through repros no longer work on HEAD.