syzbot

 sign-in | mailing list | source | docs
🐞 Open [1651]
Subsystems
🐞 Fixed [6000]
🐞 Invalid [14793]
Missing Backports [135]
Crashes
Kernel Health Bugs/Month Bug Lifetimes Fuzzing
Total Repo Heatmap Subsystems Heatmap
💬 Send us feedback

BUG: unable to handle kernel NULL pointer dereference in dtInsertEntry

Status: fixed on 2024/03/20 11:33
Subsystems: jfs
[Documentation on labels]
Reported-by: syzbot+c853277dcbfa2182e9aa@syzkaller.appspotmail.com
Fix commit: 6f861765464f fs: Block writes to mounted block devices
First crash: 855d, last: 361d
Cause bisection: failed (error log, bisect log)
  
Fix bisection: fixed by (bisect log) :
commit 6f861765464f43a71462d52026fbddfc858239a5
Author: Jan Kara <jack@suse.cz>
Date: Wed Nov 1 17:43:10 2023 +0000

  fs: Block writes to mounted block devices

  
Discussions (1)
Title Replies (including bot) Last reply
[syzbot] BUG: unable to handle kernel NULL pointer dereference in dtInsertEntry 1 (3) 2024/03/11 16:36
Similar bugs (6)
Kernel Title Repro Cause bisect Fix bisect Count Last Reported Patched Status
upstream UBSAN: array-index-out-of-bounds in dtInsertEntry jfs C inconclusive 17 7d00h 116d 0/28 upstream: reported C repro on 2024/10/03 19:10
linux-4.19 general protection fault in dtInsertEntry C error 4 808d 855d 0/1 upstream: reported C repro on 2022/09/26 01:50
linux-5.15 BUG: unable to handle kernel paging request in dtInsertEntry origin:upstream missing-backport C error 175 1d12h 600d 0/3 upstream: reported C repro on 2023/06/07 09:20
linux-6.1 BUG: unable to handle kernel paging request in dtInsertEntry C error 17 155d 600d 0/3 auto-obsoleted due to no activity on 2024/12/03 11:36
linux-4.14 general protection fault in dtInsertEntry C 3 698d 855d 0/1 upstream: reported C repro on 2022/09/25 23:44
upstream general protection fault in dtInsertEntry jfs C inconclusive 501 168d 293d 27/28 fixed on 2024/08/14 03:44
Last patch testing requests (10)
Created Duration User Patch Repo Result
2024/03/07 09:50 35m retest repro upstream OK log
2024/02/22 05:41 22m retest repro git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci OK log
2024/01/28 07:25 20m retest repro git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci report log
2024/01/28 07:25 17m retest repro git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci report log
2024/01/28 07:25 30m retest repro upstream OK log
2024/01/27 05:38 20m retest repro upstream OK log
2024/01/26 20:31 21m retest repro upstream OK log
2024/01/26 20:31 16m retest repro upstream OK log
2024/01/26 20:31 19m retest repro upstream OK log
2024/01/22 09:21 26m retest repro upstream OK log
Fix bisection attempts (7)
Created Duration User Patch Repo Result
2024/03/10 09:30 4h27m bisect fix upstream OK (1) job log
2023/07/18 09:27 1h32m bisect fix upstream OK (0) job log log
2023/05/30 04:57 20m bisect fix upstream OK (0) job log log
2023/04/30 04:17 39m bisect fix upstream OK (0) job log log
2023/03/31 03:35 40m bisect fix upstream OK (0) job log log
2023/02/28 15:37 20m bisect fix upstream OK (0) job log log
2023/01/28 21:02 22m bisect fix upstream OK (0) job log log

Sample crash report:
loop0: detected capacity change from 0 to 32768
Unable to handle kernel NULL pointer dereference at virtual address 0000000000000008
Mem abort info:
  ESR = 0x0000000096000046
  EC = 0x25: DABT (current EL), IL = 32 bits
  SET = 0, FnV = 0
  EA = 0, S1PTW = 0
  FSC = 0x06: level 2 translation fault
Data abort info:
  ISV = 0, ISS = 0x00000046
  CM = 0, WnR = 1
user pgtable: 4k pages, 48-bit VAs, pgdp=000000010bcb4000
[0000000000000008] pgd=080000010bc93003, p4d=080000010bc93003, pud=080000010bd0b003, pmd=0000000000000000
Internal error: Oops: 0000000096000046 [#1] PREEMPT SMP
Modules linked in:
CPU: 0 PID: 3073 Comm: syz-executor340 Not tainted 6.0.0-rc7-syzkaller-18095-gbbed346d5a96 #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/26/2022
pstate: 80400005 (Nzcv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)
pc : dtInsertEntry+0x470/0x660 fs/jfs/jfs_dtree.c:3708
lr : dtInsertEntry+0x468/0x660 fs/jfs/jfs_dtree.c:3708
sp : ffff80000ff73820
x29: ffff80000ff738a0 x28: ffff0000ca51aed8 x27: ffff0000ca51aef8
x26: 0000000000000000 x25: 000000000000000d x24: 0000000000000001
x23: 0000000000000000 x22: 0000000000000073 x21: 0000000000000002
x20: ffff80000ff73908 x19: 0000000000000079 x18: ffff80000ff73a90
x17: 0000000000000000 x16: 0000000000000000 x15: 0000000000000000
x14: 0000000000000000 x13: 0000000000008000 x12: ffff80000d5335c0
x11: ff80800008d4af20 x10: 0000000000000000 x9 : 0000000000000000
x8 : 00000000000000ff x7 : ffff800008d5b764 x6 : 0000000000000000
x5 : 0000000000000000 x4 : ffff80000ff73900 x3 : ffff80000ff73908
x2 : ffff80000ff739b0 x1 : 0000000000000000 x0 : 0000000000000000
Call trace:
 dtInsertEntry+0x470/0x660
 dtInsert+0x21c/0x378 fs/jfs/jfs_dtree.c:886
 jfs_create+0x390/0x488 fs/jfs/namei.c:137
 lookup_open fs/namei.c:3413 [inline]
 open_last_lookups fs/namei.c:3481 [inline]
 path_openat+0x804/0x11c4 fs/namei.c:3688
 do_filp_open+0xdc/0x1b8 fs/namei.c:3718
 do_sys_openat2+0xb8/0x22c fs/open.c:1313
 do_sys_open fs/open.c:1329 [inline]
 __do_sys_openat fs/open.c:1345 [inline]
 __se_sys_openat fs/open.c:1340 [inline]
 __arm64_sys_openat+0xb0/0xe0 fs/open.c:1340
 __invoke_syscall arch/arm64/kernel/syscall.c:38 [inline]
 invoke_syscall arch/arm64/kernel/syscall.c:52 [inline]
 el0_svc_common+0x138/0x220 arch/arm64/kernel/syscall.c:142
 do_el0_svc+0x48/0x164 arch/arm64/kernel/syscall.c:206
 el0_svc+0x58/0x150 arch/arm64/kernel/entry-common.c:636
 el0t_64_sync_handler+0x84/0xf0 arch/arm64/kernel/entry-common.c:654
 el0t_64_sync+0x18c/0x190 arch/arm64/kernel/entry.S:581
Code: 370800d3 97d5533e f9400fe9 52801fe8 (39002128) 
---[ end trace 0000000000000000 ]---
----------------
Code disassembly (best guess):
   0:	370800d3 	tbnz	w19, #1, 0x18
   4:	97d5533e 	bl	0xffffffffff554cfc
   8:	f9400fe9 	ldr	x9, [sp, #24]
   c:	52801fe8 	mov	w8, #0xff                  	// #255
* 10:	39002128 	strb	w8, [x9, #8] <-- trapping instruction

Crashes (29):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2022/10/02 19:26 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci bbed346d5a96 feb56351 .config console log report syz C [disk image] [vmlinux] ci-upstream-gce-arm64 BUG: unable to handle kernel NULL pointer dereference in dtInsertEntry
2022/09/26 02:18 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci c194837ebb57 0042f2b4 .config console log report syz C [disk image] [vmlinux] ci-upstream-gce-arm64 BUG: unable to handle kernel NULL pointer dereference in dtInsertEntry
2024/01/06 19:59 upstream 95c8a35f1c01 d0304e9c .config strace log report syz C [disk image] [vmlinux] [kernel image] [mounted in repro] ci-upstream-kasan-gce-selinux-root general protection fault in dtInsertEntry
2023/10/31 05:46 upstream 14ab6d425e80 b5729d82 .config strace log report syz C [disk image] [vmlinux] [kernel image] [mounted in repro] ci-upstream-kasan-gce-smack-root general protection fault in dtInsertEntry
2023/06/07 08:10 upstream a4d7d7011219 a4ae4f42 .config strace log report syz C [disk image] [vmlinux] [kernel image] [mounted in repro] ci2-upstream-fs general protection fault in dtInsertEntry
2023/06/07 07:42 upstream a4d7d7011219 a4ae4f42 .config strace log report syz C [mounted in repro] ci-upstream-kasan-gce-root general protection fault in dtInsertEntry
2022/10/08 22:29 upstream e8bc52cb8df8 aea5da89 .config strace log report syz C [disk image] [vmlinux] [mounted in repro] ci-upstream-kasan-gce-root general protection fault in dtInsertEntry
2022/10/03 08:09 upstream a962b54e162c feb56351 .config strace log report syz C [disk image] [vmlinux] ci2-upstream-fs general protection fault in dtInsertEntry
2022/09/27 10:25 upstream 3800a713b607 10323ddf .config strace log report syz C ci2-upstream-fs general protection fault in dtInsertEntry
2023/08/14 09:25 linux-next 21ef7b1e17d0 39990d51 .config strace log report syz C [disk image] [vmlinux] [kernel image] [mounted in repro] ci-upstream-linux-next-kasan-gce-root general protection fault in dtInsertEntry
2022/11/04 16:21 linux-next 0cdb3579f1ee 6d752409 .config strace log report syz C [disk image] [vmlinux] [kernel image] [mounted in repro] ci-upstream-linux-next-kasan-gce-root general protection fault in dtInsertEntry
2023/06/08 03:37 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci 7579d8f9bf90 7086cdb9 .config console log report syz C [disk image] [vmlinux] [kernel image] [mounted in repro] ci-upstream-gce-arm64 BUG: unable to handle kernel paging request in dtInsertEntry
2022/11/01 00:33 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci bbed346d5a96 2a71366b .config console log report info [disk image] [vmlinux] ci-upstream-gce-arm64 BUG: unable to handle kernel NULL pointer dereference in dtInsertEntry
2022/10/27 12:51 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci bbed346d5a96 86777b7f .config console log report info [disk image] [vmlinux] ci-upstream-gce-arm64 BUG: unable to handle kernel NULL pointer dereference in dtInsertEntry
2024/02/01 18:05 upstream 6764c317b6bb 81024119 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs UBSAN: array-index-out-of-bounds in dtInsertEntry
2024/01/28 16:43 upstream 8a696a29c690 cc4a4020 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs KASAN: slab-use-after-free Read in dtInsertEntry
2024/01/01 23:41 upstream 610a9b8f49fb fb427a07 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs UBSAN: array-index-out-of-bounds in dtInsertEntry
2023/11/30 02:14 upstream 3b47bc037bd4 6e78f9ce .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-smack-root KASAN: slab-use-after-free Read in dtInsertEntry
2023/11/03 16:28 upstream 8f6f76a6a29f c4ac074c .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs UBSAN: array-index-out-of-bounds in dtInsertEntry
2023/09/19 03:56 upstream 2cf0f7156238 0b6a67ac .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu-upstream-386 UBSAN: array-index-out-of-bounds in dtInsertEntry
2023/08/04 10:12 upstream c1a515d3c027 74621247 .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu-upstream UBSAN: array-index-out-of-bounds in dtInsertEntry
2023/06/07 07:28 upstream a4d7d7011219 a4ae4f42 .config console log report info ci-upstream-kasan-gce-root general protection fault in dtInsertEntry
2022/11/24 00:29 upstream eb7081409f94 52fdf57a .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs KASAN: slab-out-of-bounds Read in dtInsertEntry
2022/10/20 07:51 upstream 55be6084c8e0 b31320fc .config console log report info [disk image] [vmlinux] ci-upstream-kasan-gce-root KASAN: slab-out-of-bounds Read in dtInsertEntry
2022/10/19 16:41 upstream 493ffd6605b2 b31320fc .config console log report info [disk image] [vmlinux] ci2-upstream-fs general protection fault in dtInsertEntry
2022/10/19 06:49 upstream 493ffd6605b2 b31320fc .config console log report info [disk image] [vmlinux] ci2-upstream-fs general protection fault in dtInsertEntry
2022/10/16 07:30 upstream 493ffd6605b2 67cb024c .config console log report info ci2-upstream-fs general protection fault in dtInsertEntry
2022/10/13 02:27 upstream 493ffd6605b2 3f6b40a1 .config console log report info [disk image] [vmlinux] ci2-upstream-fs general protection fault in dtInsertEntry
2024/02/02 02:16 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci 41bccc98fb79 81024119 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-gce-arm64 KASAN: slab-out-of-bounds Read in dtInsertEntry
* Struck through repros no longer work on HEAD.