syzbot

 sign-in | mailing list | source | docs
🐞 Open [1651]
Subsystems
🐞 Fixed [6000]
🐞 Invalid [14793]
Missing Backports [135]
Crashes
Kernel Health Bugs/Month Bug Lifetimes Fuzzing
Total Repo Heatmap Subsystems Heatmap
💬 Send us feedback

BUG: unable to handle kernel NULL pointer dereference in rb_insert_color

Status: closed as invalid on 2018/01/30 21:43
Subsystems: ext4
[Documentation on labels]
Reported-by: syzbot+eb13811afcefe99cfe45081054e7883f569f949d@syzkaller.appspotmail.com
First crash: 2600d, last: 2599d
Discussions (1)
Title Replies (including bot) Last reply
Re: BUG: unable to handle kernel NULL pointer dereference in rb_insert_color 9 (9) 2019/12/12 12:25

Sample crash report:
sctp: [Deprecated]: syz-executor6 (pid 4202) Use of int in max_burst socket option.
Use struct sctp_assoc_value instead
BUG: unable to handle kernel NULL pointer dereference at 0000000000000008
sctp: [Deprecated]: syz-executor4 (pid 4240) Use of int in max_burst socket option.
Use struct sctp_assoc_value instead
sctp: [Deprecated]: syz-executor4 (pid 4240) Use of int in max_burst socket option.
Use struct sctp_assoc_value instead
IP: __rb_insert lib/rbtree.c:126 [inline]
IP: rb_insert_color+0x17/0x190 lib/rbtree.c:452
PGD 0 P4D 0 
Oops: 0000 [#1] SMP
Dumping ftrace buffer:
   (ftrace buffer empty)
Modules linked in:
CPU: 0 PID: 4244 Comm: modprobe Not tainted 4.15.0-rc3-next-20171214+ #67
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
RIP: 0010:__rb_insert lib/rbtree.c:126 [inline]
RIP: 0010:rb_insert_color+0x17/0x190 lib/rbtree.c:452
RSP: 0018:ffffc900010a7c08 EFLAGS: 00010246
RAX: 0000000000000000 RBX: 0000000000000000 RCX: ffffffff814ddcb9
RDX: ffff8801ebedf988 RSI: ffff8801ebfd6400 RDI: ffff88021413a408
RBP: ffffc900010a7c08 R08: 000000000002bcf8 R09: ffff88021413a400
R10: 0000000000000000 R11: 0000000000000000 R12: ffff88021413a400
R13: ffff8801ebedf990 R14: 00000000a34fc52a R15: ffff8801ebedf988
FS:  00007f85a5155700(0000) GS:ffff88021fc00000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000000000000008 CR3: 00000001eaccd006 CR4: 00000000001606f0
DR0: 0000000020000000 DR1: 0000000020000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000600
Call Trace:
 ext4_htree_store_dirent+0x122/0x160 fs/ext4/dir.c:488
 htree_dirblock_to_tree+0x112/0x300 fs/ext4/namei.c:1019
 ext4_htree_fill_tree+0xdf/0x410 fs/ext4/namei.c:1096
 ext4_dx_readdir fs/ext4/dir.c:575 [inline]
 ext4_readdir+0x8cf/0xd70 fs/ext4/dir.c:122
 iterate_dir+0xb8/0x200 fs/readdir.c:51
 SYSC_getdents fs/readdir.c:231 [inline]
 SyS_getdents+0xcc/0x1b0 fs/readdir.c:212
 entry_SYSCALL_64_fastpath+0x1f/0x96
RIP: 0033:0x7f85a4a45575
RSP: 002b:00007ffc9b5be120 EFLAGS: 00000246 ORIG_RAX: 000000000000004e
RAX: ffffffffffffffda RBX: 00007f85a4d23e98 RCX: 00007f85a4a45575
RDX: 0000000000008000 RSI: 00005633094701e0 RDI: 0000000000000000
RBP: 00007f85a4d23e40 R08: 00005633094701e0 R09: 00007f85a4d23e90
R10: 0000000000000000 R11: 0000000000000246 R12: 00005633094701b0
R13: 0000000000018e21 R14: 0000000000000000 R15: 0000000000000004
Code: 48 85 d2 75 eb 5d c3 31 c0 5d c3 66 0f 1f 84 00 00 00 00 00 55 48 8b 17 48 89 e5 48 85 d2 0f 84 4c 01 00 00 48 8b 02 a8 01 75 5e <48> 8b 48 08 49 89 c0 48 39 d1 74 54 48 85 c9 74 09 f6 01 01 0f 
RIP: __rb_insert lib/rbtree.c:126 [inline] RSP: ffffc900010a7c08
RIP: rb_insert_color+0x17/0x190 lib/rbtree.c:452 RSP: ffffc900010a7c08
CR2: 0000000000000008
BUG: unable to handle kernel paging request at 0000000100000001
---[ end trace c403bd3ebad2ccb0 ]---

Crashes (2):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2017/12/16 09:11 linux-next 6084b576dca2 b6f0c91b .config console log report ci-upstream-next-kasan-gce
2017/12/15 07:42 linux-next 6084b576dca2 ac20b98c .config console log report ci-upstream-next-kasan-gce
* Struck through repros no longer work on HEAD.