syzbot

 sign-in | mailing list | source | docs
🐞 Open [128]
🐞 Fixed [69]
🐞 Invalid [273]
Crashes
Kernel Health Bugs/Month Bug Lifetimes Fuzzing
💬 Send us feedback

kernel BUG in ext4_mb_release_inode_pa

Status: upstream: reported C repro on 2024/11/03 14:27
Reported-by: syzbot+d3c89c58559390a48d89@syzkaller.appspotmail.com
First crash: 518d, last: 1d22h
Similar bugs (5)
Kernel Title Rank 🛈 Repro Cause bisect Fix bisect Count Last Reported Patched Status
android-5-15 kernel BUG in ext4_mb_release_inode_pa origin:lts -1 syz 7 24d 425d 0/2 premoderation: reported syz repro on 2024/12/22 22:32
linux-6.1 kernel BUG in ext4_mb_release_inode_pa -1 1 281d 281d 0/3 auto-obsoleted due to no activity on 2025/08/23 07:17
upstream kernel BUG in ext4_mb_release_inode_pa ext4 -1 syz unreliable error 1 822d 818d 0/29 auto-obsoleted due to no activity on 2024/02/29 10:29
linux-6.1 kernel BUG in ext4_mb_release_inode_pa (2) origin:upstream -1 C error 2 33d 139d 0/3 upstream: reported C repro on 2025/10/04 09:03
android-6-1 kernel BUG in ext4_mb_release_inode_pa origin:lts -1 C 6 4d08h 432d 0/2 upstream: reported C repro on 2024/12/15 14:57
Last patch testing requests (10)
Created Duration User Patch Repo Result
2026/02/14 16:25 6m retest repro android13-5.10-lts report log
2026/01/16 05:16 8m retest repro android13-5.10-lts report log
2026/01/16 05:16 8m retest repro android13-5.10-lts report log
2026/01/16 05:16 7m retest repro android13-5.10-lts report log
2026/01/16 05:16 6m retest repro android13-5.10-lts report log
2025/12/25 13:30 6m retest repro android13-5.10-lts report log
2025/12/06 13:56 53m retest repro android13-5.10-lts report log
2025/11/06 14:39 6m retest repro android13-5.10-lts report log
2025/11/06 14:39 7m retest repro android13-5.10-lts report log
2025/11/06 14:39 5m retest repro android13-5.10-lts report log
Fix bisection attempts (1)
Created Duration User Patch Repo Result
2025/02/27 23:23 1h04m bisect fix android13-5.10-lts OK (0) job log log

Sample crash report:
EXT4-fs (loop1): pa ffff888126889f18: logic 0, phys. 193, len 32
EXT4-fs error (device loop1): ext4_mb_release_inode_pa:4375: group 0, free 4, pa_free 16
EXT4-fs (loop1): Remounting filesystem read-only
------------[ cut here ]------------
kernel BUG at fs/ext4/mballoc.c:4348!
invalid opcode: 0000 [#1] PREEMPT SMP KASAN
CPU: 0 PID: 380 Comm: syz.1.18 Not tainted syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
RIP: 0010:ext4_mb_release_inode_pa+0x9e8/0x9f0 fs/ext4/mballoc.c:4348
Code: 80 c2 03 38 c2 0f 8c 42 fe ff ff 48 89 df 41 89 ce e8 ec 95 cb ff 44 89 f1 e9 2f fe ff ff e8 ef 14 91 ff 0f 0b e8 e8 14 91 ff <0f> 0b 66 0f 1f 44 00 00 55 48 89 e5 41 57 41 56 53 48 89 fb 49 bf
RSP: 0018:ffffc90000e568e0 EFLAGS: 00010293
RAX: ffffffff81d3a168 RBX: 0000000000000060 RCX: ffff88812ae713c0
RDX: 0000000000000000 RSI: 0000000000000060 RDI: 0000000000000000
RBP: ffffc90000e56a30 R08: 0000000000000003 R09: 0000000000000004
R10: dffffc0000000000 R11: fffff520001cad38 R12: dffffc0000000000
R13: 0000000000000503 R14: 0000000000000503 R15: ffff8881268f6738
FS:  00007f639352d6c0(0000) GS:ffff8881f7000000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007f639350cd58 CR3: 0000000112203000 CR4: 00000000003506b0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
 ext4_mb_discard_group_preallocations+0xba9/0xde0 fs/ext4/mballoc.c:4494
 ext4_mb_discard_preallocations fs/ext4/mballoc.c:5060 [inline]
 ext4_mb_discard_preallocations_should_retry+0x156/0x600 fs/ext4/mballoc.c:5081
 ext4_mb_new_blocks+0x315e/0x4340 fs/ext4/mballoc.c:5284
 ext4_alloc_branch fs/ext4/indirect.c:340 [inline]
 ext4_ind_map_blocks+0xff8/0x2240 fs/ext4/indirect.c:633
 ext4_map_blocks+0x91e/0x1bd0 fs/ext4/inode.c:676
 _ext4_get_block+0x1d1/0x4e0 fs/ext4/inode.c:817
 ext4_get_block+0x39/0x50 fs/ext4/inode.c:834
 ext4_block_write_begin+0x573/0x1340 fs/ext4/inode.c:1101
 ext4_write_begin+0x67e/0x1690 fs/ext4/ext4_jbd2.h:-1
 generic_perform_write+0x2ce/0x540 mm/filemap.c:3509
 ext4_buffered_write_iter+0x4b8/0x640 fs/ext4/file.c:271
 ext4_file_write_iter+0x53f/0x1980 fs/ext4/file.c:-1
 do_iter_readv_writev+0x478/0x5f0 fs/read_write.c:-1
 do_iter_write+0x189/0x630 fs/read_write.c:866
 vfs_writev+0x2a9/0x530 fs/read_write.c:939
 do_writev+0x14e/0x2c0 fs/read_write.c:982
 __do_sys_writev fs/read_write.c:1055 [inline]
 __se_sys_writev fs/read_write.c:1052 [inline]
 __x64_sys_writev+0x7d/0x90 fs/read_write.c:1052
 do_syscall_64+0x31/0x40 arch/x86/entry/common.c:46
 entry_SYSCALL_64_after_hwframe+0x61/0xcb
RIP: 0033:0x7f63936ca629
Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007f639352d028 EFLAGS: 00000246 ORIG_RAX: 0000000000000014
RAX: ffffffffffffffda RBX: 00007f6393943fa0 RCX: 00007f63936ca629
RDX: 0000000000000001 RSI: 0000200000000140 RDI: 0000000000000005
RBP: 00007f6393760b39 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 00007f6393944038 R14: 00007f6393943fa0 R15: 00007ffd2f8f8d98
Modules linked in:
---[ end trace 328a90b3f6bb507b ]---
RIP: 0010:ext4_mb_release_inode_pa+0x9e8/0x9f0 fs/ext4/mballoc.c:4348
Code: 80 c2 03 38 c2 0f 8c 42 fe ff ff 48 89 df 41 89 ce e8 ec 95 cb ff 44 89 f1 e9 2f fe ff ff e8 ef 14 91 ff 0f 0b e8 e8 14 91 ff <0f> 0b 66 0f 1f 44 00 00 55 48 89 e5 41 57 41 56 53 48 89 fb 49 bf
RSP: 0018:ffffc90000e568e0 EFLAGS: 00010293
RAX: ffffffff81d3a168 RBX: 0000000000000060 RCX: ffff88812ae713c0
RDX: 0000000000000000 RSI: 0000000000000060 RDI: 0000000000000000
RBP: ffffc90000e56a30 R08: 0000000000000003 R09: 0000000000000004
R10: dffffc0000000000 R11: fffff520001cad38 R12: dffffc0000000000
R13: 0000000000000503 R14: 0000000000000503 R15: ffff8881268f6738
FS:  00007f639352d6c0(0000) GS:ffff8881f7000000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007f639350cd58 CR3: 0000000112203000 CR4: 00000000003506b0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400

Crashes (7):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2026/02/19 08:28 android13-5.10-lts e8b14e1cefe8 746545b8 .config console log report syz / log C [disk image] [vmlinux] [kernel image] [mounted in repro #1 (clean fs)] [mounted in repro #2 (corrupt fs)] [mounted in repro #3 (clean fs)] ci2-android-5-10 kernel BUG in ext4_mb_release_inode_pa
2024/11/04 06:47 android13-5.10-lts e5e5644ea27f f00eed24 .config console log report syz / log C [disk image] [vmlinux] [kernel image] [mounted in repro #1] [mounted in repro #2] ci2-android-5-10 kernel BUG in ext4_mb_release_inode_pa
2024/11/03 14:24 android13-5.10-lts e5e5644ea27f f00eed24 .config console log report syz / log C [disk image] [vmlinux] [kernel image] [mounted in repro] ci2-android-5-10 kernel BUG in ext4_mb_release_inode_pa
2024/11/04 07:26 android13-5.10-lts e5e5644ea27f f00eed24 .config console log report syz / log [disk image] [vmlinux] [kernel image] [mounted in repro #1] [mounted in repro #2] ci2-android-5-10 kernel BUG in ext4_mb_release_inode_pa
2024/11/03 13:05 android13-5.10-lts e5e5644ea27f f00eed24 .config console log report syz / log [disk image] [vmlinux] [kernel image] [mounted in repro] ci2-android-5-10 kernel BUG in ext4_mb_release_inode_pa
2024/11/02 08:56 android13-5.10-lts e5e5644ea27f f00eed24 .config console log report syz / log [disk image] [vmlinux] [kernel image] [mounted in repro] ci2-android-5-10 kernel BUG in ext4_mb_release_inode_pa
2024/09/20 18:55 android13-5.10-lts 8d23314f588a 6f888b75 .config console log report syz / log [disk image] [vmlinux] [kernel image] [mounted in repro] ci2-android-5-10 kernel BUG in ext4_mb_release_inode_pa
* Struck through repros no longer work on HEAD.