syzbot

 sign-in | mailing list | source | docs | 🏰
🐞 Open [1341]
Subsystems
🐞 Fixed [7118]
🐞 Invalid [18804]
Missing Backports [220]
Crashes
Kernel Health Bugs/Month Bug Lifetimes Fuzzing
Total Repo Heatmap Subsystems Heatmap
✨ AI
💬 Send us feedback

kernel BUG in ext4_ext_map_blocks

Status: upstream: reported on 2026/03/01 17:40
Subsystems: ext4
[Documentation on labels]
Reported-by: syzbot+b20d00cf1ba477ac419f@syzkaller.appspotmail.com
First crash: 90d, last: 84d
✨ AI Jobs (1)
ID Workflow Result Correct Bug Created Started Finished Revision Error
e3bdc382-6308-4e8e-9682-b55636215ad4 assessment-security 💥 kernel BUG in ext4_ext_map_blocks 2026/05/14 14:05 2026/05/14 14:05 2026/05/14 14:06 6ccb967e465e832a7bfd7a116ad00d52a0923a5d failed to run ["git" "pull" "origin" "HEAD" "--depth=1" "--allow-unrelated-histories"]: exit status 128 From /app/workdir/repo/linux * branch HEAD -> FETCH_HEAD Updating files: 19% (18236/93011) Updating files: 20% (18603/93011) Updating files: 21% (19533/93011) Updating files: 22% (20463/93011) Updating files: 23% (21393/93011) Updating files: 24% (22323/93011) Updating files: 25% (23253/93011) Updating files: 26% (24183/93011) Updating files: 27% (25113/93011) Updating files: 28% (26044/93011) Updating files: 28% (26742/93011) Updating files: 29% (26974/93011) Updating files: 30% (27904/93011) Updating files: 31% (28834/93011) Updating files: 32% (29764/93011) error: unable to write file drivers/ata/ahci_imx.c error: unable to write file drivers/ata/ahci_mtk.c error: unable to write file drivers/ata/ahci_mvebu.c error: unable to write file drivers/ata/ahci_octeon.c error: unable to write file drivers/ata/ahci_platform.c error: unable to write file drivers/ata/ahci_qoriq.c error: unable to write file drivers/ata/ahci_seattle.c Updating files: 33% (30694/93011) error: unable to write file drivers/ata/ahci_st.c error: unable to write file drivers/ata/ahci_sunxi.c error: unable to write file drivers/ata/ahci_tegra.c error: unable to write file drivers/ata/ahci_xgene.c error: unable to write file drivers/ata/ata_generic.c error: unable to write file drivers/ata/ata_piix.c error: unable to write file drivers/ata/libahci.c error: unable to write file drivers/ata/libahci_platform.c error: unable to write file drivers/ata/libata-acpi.c error: unable to write file drivers/ata/libata-core.c error: unable to write file drivers/ata/libata-eh.c error: unable to write file drivers/ata/libata-pata-timings.c error: unable to write file drivers/ata/libata-pmp.c error: unable to write file drivers/ata/libata-sata.c error: unable to write file drivers/ata/libata-scsi.c error: unable to write file drivers/ata/libata-sff.c error: unable to write file drivers/ata/libata-trace.c error: unable to write file drivers/ata/libata-transport.c error: unable to write file drivers/ata/libata-transport.h error: unable to write file drivers/ata/libata-zpodd.c error: unable to write file drivers/ata/libata.h error: unable to write file drivers/ata/pata_acpi.c error: unable to write file drivers/ata/pata_ali.c error: unable to write file drivers/ata/pata_amd.c error: unable to write file drivers/ata/pata_arasan_cf.c error: unable to write file drivers/ata/pata_artop.c error: unable to write file drivers/ata/pata_atiixp.c error: unable to write file drivers/ata/pata_atp867x.c error: unable to write file drivers/ata/pata_buddha.c error: unable to write file drivers/ata/pata_cmd640.c error: unable to write file drivers/ata/pata_cmd64x.c error: unable to write file drivers/ata/pata_cs5520.c error: unable to write file drivers/ata/pata_cs5530.c error: unable to write file drivers/ata/pata_cs5535.c error: unable to write file drivers/ata/pata_cs5536.c error: unable to write file drivers/ata/pata_cypress.c error: unable to write file drivers/ata/pata_efar.c error: unable to write file drivers/ata/pata_ep93xx.c error: unable to write file drivers/ata/pata_falcon.c error: unable to write file drivers/ata/pata_ftide010.c error: unable to write file drivers/ata/pata_gayle.c error: unable to write file drivers/ata/pata_hpt366.c error: unable to write file drivers/ata/pata_hpt37x.c error: unable to write file drivers/ata/pata_hpt3x2n.c error: unable to write file drivers/ata/pata_hpt3x3.c error: unable to write file drivers/ata/pata_icside.c error: unable to write file drivers/ata/pata_imx.c error: unable to write file drivers/ata/pata_isapnp.c error: unable to write file drivers/ata/pata_it8213.c error: unable to write file drivers/ata/pata_it821x.c error: unable to write file drivers/ata/pata_ixp4xx_cf.c error: unable to write file drivers/ata/pata_jmicron.c error: unable to write file drivers/ata/pata_legacy.c error: unable to write file drivers/ata/pata_macio.c error: unable to write file drivers/ata/pata_marvell.c error: unab
Discussions (1)
Title Replies (including bot) Last reply
[syzbot] [ext4?] kernel BUG in ext4_ext_map_blocks 0 (1) 2026/03/01 17:40
Similar bugs (1)
Kernel Title Rank 🛈 Repro Cause bisect Fix bisect Count Last Reported Patched Status
android-5-10 kernel BUG in ext4_ext_map_blocks -1 1 81d 81d 0/2 premoderation: reported on 2026/03/07 00:43

Sample crash report:
------------[ cut here ]------------
kernel BUG at fs/ext4/extents.c:2286!
Oops: invalid opcode: 0000 [#1] SMP KASAN NOPTI
CPU: 0 UID: 0 PID: 14244 Comm: syz.7.1999 Not tainted syzkaller #0 PREEMPT(full) 
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
RIP: 0010:ext4_ext_find_hole fs/ext4/extents.c:2286 [inline]
RIP: 0010:ext4_ext_determine_insert_hole fs/ext4/extents.c:4174 [inline]
RIP: 0010:ext4_ext_map_blocks+0x5539/0x58b0 fs/ext4/extents.c:4343
Code: 29 ff 65 48 ff 43 08 e9 e6 ae ff ff e8 10 ef 44 ff 90 0f 0b e8 08 ef 44 ff 90 0f 0b e8 00 ef 44 ff 90 0f 0b e8 f8 ee 44 ff 90 <0f> 0b 65 44 8b 3d 41 19 9b 10 bf 07 00 00 00 44 89 fe e8 20 f3 44
RSP: 0018:ffffc900047beec0 EFLAGS: 00010283
RAX: ffffffff8280a6e8 RBX: 000000000000001a RCX: 0000000000080000
RDX: ffffc90005636000 RSI: 000000000002fc66 RDI: 000000000002fc67
RBP: ffffc900047bf190 R08: ffffc900047bf087 R09: ffffc900047bf060
R10: dffffc0000000000 R11: fffff520008f7e11 R12: 0000000000000000
R13: 0000000000000000 R14: ffff888068c6140c R15: ffff888068c61430
FS:  00007fa3895f76c0(0000) GS:ffff888125464000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000200000012000 CR3: 0000000052cd6000 CR4: 0000000000350ef0
Call Trace:
 <TASK>
 ext4_map_query_blocks+0x13b/0xa00 fs/ext4/inode.c:553
 ext4_map_blocks+0x444/0x11d0 fs/ext4/inode.c:771
 _ext4_get_block+0x1e3/0x470 fs/ext4/inode.c:909
 ext4_get_block_unwritten+0x2e/0x100 fs/ext4/inode.c:942
 ext4_block_write_begin+0xb14/0x1950 fs/ext4/inode.c:1196
 ext4_write_begin+0xb40/0x18c0 fs/ext4/ext4_jbd2.h:-1
 ext4_da_write_begin+0x355/0xd80 fs/ext4/inode.c:3123
 generic_perform_write+0x2e2/0x8f0 mm/filemap.c:4314
 ext4_buffered_write_iter+0xce/0x3a0 fs/ext4/file.c:300
 ext4_file_write_iter+0x298/0x1bf0 fs/ext4/file.c:-1
 new_sync_write fs/read_write.c:595 [inline]
 vfs_write+0x61d/0xb90 fs/read_write.c:688
 ksys_pwrite64 fs/read_write.c:795 [inline]
 __do_sys_pwrite64 fs/read_write.c:803 [inline]
 __se_sys_pwrite64 fs/read_write.c:800 [inline]
 __x64_sys_pwrite64+0x199/0x230 fs/read_write.c:800
 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
 do_syscall_64+0x14d/0xf80 arch/x86/entry/syscall_64.c:94
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7fa38879c799
Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007fa3895f7028 EFLAGS: 00000246 ORIG_RAX: 0000000000000012
RAX: ffffffffffffffda RBX: 00007fa388a15fa0 RCX: 00007fa38879c799
RDX: 00000000200000c1 RSI: 00002000000000c0 RDI: 0000000000000007
RBP: 00007fa388832bd9 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000009000 R11: 0000000000000246 R12: 0000000000000000
R13: 00007fa388a16038 R14: 00007fa388a15fa0 R15: 00007ffd0d5ea0a8
 </TASK>
Modules linked in:
---[ end trace 0000000000000000 ]---
RIP: 0010:ext4_ext_find_hole fs/ext4/extents.c:2286 [inline]
RIP: 0010:ext4_ext_determine_insert_hole fs/ext4/extents.c:4174 [inline]
RIP: 0010:ext4_ext_map_blocks+0x5539/0x58b0 fs/ext4/extents.c:4343
Code: 29 ff 65 48 ff 43 08 e9 e6 ae ff ff e8 10 ef 44 ff 90 0f 0b e8 08 ef 44 ff 90 0f 0b e8 00 ef 44 ff 90 0f 0b e8 f8 ee 44 ff 90 <0f> 0b 65 44 8b 3d 41 19 9b 10 bf 07 00 00 00 44 89 fe e8 20 f3 44
RSP: 0018:ffffc900047beec0 EFLAGS: 00010283
RAX: ffffffff8280a6e8 RBX: 000000000000001a RCX: 0000000000080000
RDX: ffffc90005636000 RSI: 000000000002fc66 RDI: 000000000002fc67
RBP: ffffc900047bf190 R08: ffffc900047bf087 R09: ffffc900047bf060
R10: dffffc0000000000 R11: fffff520008f7e11 R12: 0000000000000000
R13: 0000000000000000 R14: ffff888068c6140c R15: ffff888068c61430
FS:  00007fa3895f76c0(0000) GS:ffff888125464000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007f1effe3fe9c CR3: 0000000052cd6000 CR4: 0000000000350ef0

Crashes (2):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2026/03/03 17:37 upstream af4e9ef3d784 4180d919 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-root kernel BUG in ext4_ext_map_blocks
2026/02/25 17:35 upstream 7dff99b35460 94a9671e .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs kernel BUG in ext4_ext_map_blocks
* Struck through repros no longer work on HEAD.