syzbot

 sign-in | mailing list | source | docs
🐞 Open [1592]
Subsystems
🐞 Fixed [6233]
🐞 Invalid [15779]
Missing Backports [183]
Crashes
Kernel Health Bugs/Month Bug Lifetimes Fuzzing
Total Repo Heatmap Subsystems Heatmap
💬 Send us feedback

general protection fault in btrfs_root_node

Status: upstream: reported C repro on 2024/09/03 16:42
Subsystems: btrfs
[Documentation on labels]
Reported-by: syzbot+9c3e0cdfbfe351b0bc0e@syzkaller.appspotmail.com
First crash: 259d, last: 3d02h
Cause bisection: introduced by (bisect log) :
commit 42437a6386ffeaaf200731e73d723ea491f3fe7d
Author: Josef Bacik <josef@toxicpanda.com>
Date: Fri Oct 16 15:29:18 2020 +0000

  btrfs: introduce mount option rescue=ignorebadroots

Crash: BUG: unable to handle kernel NULL pointer dereference in btrfs_root_node (log)
Repro: C syz .config
  
Discussions (7)
Title Replies (including bot) Last reply
[syzbot] Monthly btrfs report (Apr 2025) 0 (1) 2025/04/23 07:50
[syzbot] Monthly btrfs report (Mar 2025) 0 (1) 2025/03/22 18:47
[syzbot] Monthly btrfs report (Feb 2025) 0 (1) 2025/02/19 12:35
[syzbot] Monthly btrfs report (Jan 2025) 0 (1) 2025/01/20 08:14
[syzbot] Monthly btrfs report (Dec 2024) 0 (1) 2024/12/19 18:39
[syzbot] [btrfs?] general protection fault in btrfs_root_node 0 (5) 2024/11/12 10:47
[PATCH] btrfs: Added null check to extent_root variable 6 (6) 2024/09/04 21:31
Similar bugs (3)
Kernel Title Repro Cause bisect Fix bisect Count Last Reported Patched Status
linux-5.15 KASAN: null-ptr-deref Write in btrfs_root_node (2) origin:lts-only C done 35 21h49m 607d 0/3 upstream: reported C repro on 2023/09/18 04:34
linux-6.1 BUG: unable to handle kernel paging request in btrfs_root_node origin:upstream C 11 9d20h 201d 0/3 upstream: reported C repro on 2024/10/27 14:03
linux-5.15 KASAN: null-ptr-deref Write in btrfs_root_node 1 754d 754d 0/3 auto-obsoleted due to no activity on 2023/08/22 05:04
Last patch testing requests (4)
Created Duration User Patch Repo Result
2024/09/16 03:11 14m retest repro upstream report log
2024/09/04 02:12 19m ghanshyam1898@gmail.com patch upstream OK log
2024/09/04 01:43 0m ghanshyam1898@gmail.com patch upstream error
2024/09/04 01:38 0m ghanshyam1898@gmail.com patch upstream error

Sample crash report:
BTRFS info (device loop0): using crc32c (crc32c-x86_64) checksum algorithm
BTRFS info (device loop0): disk space caching is enabled
BTRFS warning (device loop0): space cache v1 is being deprecated and will be removed in a future release, please use -o space_cache=v2
Oops: general protection fault, probably for non-canonical address 0xdffffc0000000003: 0000 [#1] PREEMPT SMP KASAN PTI
KASAN: null-ptr-deref in range [0x0000000000000018-0x000000000000001f]
CPU: 0 UID: 0 PID: 5826 Comm: syz-executor345 Not tainted 6.14.0-rc2-syzkaller-00041-g4dc1d1bec898 #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024
RIP: 0010:btrfs_root_node+0x86/0x3b0 fs/btrfs/ctree.c:193
Code: 60 da c7 fd 48 83 c4 08 e8 c7 41 1b 08 89 c3 31 ff 89 c6 e8 0c 85 ec fd 85 db 74 17 e8 d3 3c d2 fd 84 c0 74 1c e8 ba 80 ec fd <43> 80 3c 3c 00 75 4b eb 51 e8 ac 80 ec fd 43 80 3c 3c 00 75 3d eb
RSP: 0018:ffffc90003fff6c0 EFLAGS: 00010293
RAX: ffffffff83d2ce86 RBX: 0000000000000001 RCX: ffff88807cab1e00
RDX: 0000000000000000 RSI: ffffffff8c5fb8e0 RDI: ffffffff8c5fb8a0
RBP: ffffc90003fff8b0 R08: ffffffff83d2ce74 R09: 1ffffffff2858d08
R10: dffffc0000000000 R11: fffffbfff2858d09 R12: 0000000000000003
R13: dffffc0000000000 R14: 0000000000000018 R15: dffffc0000000000
FS:  000055556741b380(0000) GS:ffff8880b8600000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000564b0e4d9700 CR3: 0000000029d66000 CR4: 00000000003526f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
 <TASK>
 btrfs_read_lock_root_node+0x27/0xd0 fs/btrfs/locking.c:264
 btrfs_build_ref_tree+0x112/0x16f0 fs/btrfs/ref-verify.c:1006
 open_ctree+0x202c/0x2ab0 fs/btrfs/disk-io.c:3593
 btrfs_fill_super fs/btrfs/super.c:972 [inline]
 btrfs_get_tree_super fs/btrfs/super.c:1898 [inline]
 btrfs_get_tree+0x12da/0x1a30 fs/btrfs/super.c:2093
 vfs_get_tree+0x90/0x2b0 fs/super.c:1814
 fc_mount+0x1b/0xb0 fs/namespace.c:1271
 btrfs_get_tree_subvol fs/btrfs/super.c:2051 [inline]
 btrfs_get_tree+0x6b1/0x1a30 fs/btrfs/super.c:2094
 vfs_get_tree+0x90/0x2b0 fs/super.c:1814
 do_new_mount+0x2be/0xb40 fs/namespace.c:3560
 do_mount fs/namespace.c:3900 [inline]
 __do_sys_mount fs/namespace.c:4111 [inline]
 __se_sys_mount+0x2d6/0x3c0 fs/namespace.c:4088
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f0a549a6d7a
Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 5e 04 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007ffcd46fc678 EFLAGS: 00000282 ORIG_RAX: 00000000000000a5
RAX: ffffffffffffffda RBX: 00007ffcd46fc690 RCX: 00007f0a549a6d7a
RDX: 0000400000005100 RSI: 0000400000000000 RDI: 00007ffcd46fc690
RBP: 0000400000000000 R08: 00007ffcd46fc6d0 R09: 0000000000005103
R10: 0000000000004c41 R11: 0000000000000282 R12: 0000400000005100
R13: 0000000000000004 R14: 0000000000000003 R15: 00007ffcd46fc6d0
 </TASK>
Modules linked in:
---[ end trace 0000000000000000 ]---
RIP: 0010:btrfs_root_node+0x86/0x3b0 fs/btrfs/ctree.c:193
Code: 60 da c7 fd 48 83 c4 08 e8 c7 41 1b 08 89 c3 31 ff 89 c6 e8 0c 85 ec fd 85 db 74 17 e8 d3 3c d2 fd 84 c0 74 1c e8 ba 80 ec fd <43> 80 3c 3c 00 75 4b eb 51 e8 ac 80 ec fd 43 80 3c 3c 00 75 3d eb
RSP: 0018:ffffc90003fff6c0 EFLAGS: 00010293
RAX: ffffffff83d2ce86 RBX: 0000000000000001 RCX: ffff88807cab1e00
RDX: 0000000000000000 RSI: ffffffff8c5fb8e0 RDI: ffffffff8c5fb8a0
RBP: ffffc90003fff8b0 R08: ffffffff83d2ce74 R09: 1ffffffff2858d08
R10: dffffc0000000000 R11: fffffbfff2858d09 R12: 0000000000000003
R13: dffffc0000000000 R14: 0000000000000018 R15: dffffc0000000000
FS:  000055556741b380(0000) GS:ffff8880b8600000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000564b0e4d9700 CR3: 0000000029d66000 CR4: 00000000003526f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
----------------
Code disassembly (best guess), 1 bytes skipped:
   0:	da c7                	fcmovb %st(7),%st
   2:	fd                   	std
   3:	48 83 c4 08          	add    $0x8,%rsp
   7:	e8 c7 41 1b 08       	call   0x81b41d3
   c:	89 c3                	mov    %eax,%ebx
   e:	31 ff                	xor    %edi,%edi
  10:	89 c6                	mov    %eax,%esi
  12:	e8 0c 85 ec fd       	call   0xfdec8523
  17:	85 db                	test   %ebx,%ebx
  19:	74 17                	je     0x32
  1b:	e8 d3 3c d2 fd       	call   0xfdd23cf3
  20:	84 c0                	test   %al,%al
  22:	74 1c                	je     0x40
  24:	e8 ba 80 ec fd       	call   0xfdec80e3
* 29:	43 80 3c 3c 00       	cmpb   $0x0,(%r12,%r15,1) <-- trapping instruction
  2e:	75 4b                	jne    0x7b
  30:	eb 51                	jmp    0x83
  32:	e8 ac 80 ec fd       	call   0xfdec80e3
  37:	43 80 3c 3c 00       	cmpb   $0x0,(%r12,%r15,1)
  3c:	75 3d                	jne    0x7b
  3e:	eb                   	.byte 0xeb

Crashes (416):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2025/02/13 05:09 upstream 4dc1d1bec898 b27c2402 .config strace log report syz / log C [disk image] [vmlinux] [kernel image] [mounted in repro (corrupt fs)] ci2-upstream-fs general protection fault in btrfs_root_node
2024/12/07 12:46 upstream b5f217084ab3 9ac0fdc6 .config strace log report syz / log C [disk image] [vmlinux] [kernel image] [mounted in repro] ci2-upstream-fs general protection fault in btrfs_root_node
2024/11/11 09:16 upstream 2d5404caa8c7 6b856513 .config strace log report syz / log C [disk image] [vmlinux] [kernel image] [mounted in repro] ci2-upstream-fs general protection fault in btrfs_root_node
2025/02/09 05:16 upstream 9946eaf552b1 ef44b750 .config console log report syz / log C [disk image (non-bootable)] [vmlinux] [kernel image] [mounted in repro (corrupt fs)] ci-snapshot-upstream-root general protection fault in btrfs_root_node
2024/08/30 16:47 upstream 20371ba12063 db150e23 .config console log report syz / log C [disk image (non-bootable)] [vmlinux] [kernel image] [mounted in repro] ci-snapshot-upstream-root general protection fault in btrfs_root_node
2024/11/23 08:08 upstream 06afb0f36106 68da6d95 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-root general protection fault in btrfs_root_node
2025/05/08 22:12 upstream 2c89c1b655c0 bb813bcc .config console log report [disk image (non-bootable)] [vmlinux] [kernel image] ci-snapshot-upstream-root general protection fault in btrfs_root_node
2025/05/08 16:38 upstream d76bb1ebb558 dbf35fa1 .config console log report [disk image (non-bootable)] [vmlinux] [kernel image] ci-snapshot-upstream-root general protection fault in btrfs_root_node
2025/05/08 14:01 upstream d76bb1ebb558 dbf35fa1 .config console log report [disk image (non-bootable)] [vmlinux] [kernel image] ci-snapshot-upstream-root general protection fault in btrfs_root_node
2025/05/07 21:15 upstream 707df3375124 dbf35fa1 .config console log report [disk image (non-bootable)] [vmlinux] [kernel image] ci-snapshot-upstream-root general protection fault in btrfs_root_node
2025/05/06 10:10 upstream 01f95500a162 ae98e6b9 .config console log report [disk image (non-bootable)] [vmlinux] [kernel image] ci-snapshot-upstream-root general protection fault in btrfs_root_node
2025/05/06 05:49 upstream 01f95500a162 ae98e6b9 .config console log report [disk image (non-bootable)] [vmlinux] [kernel image] ci-snapshot-upstream-root general protection fault in btrfs_root_node
2025/05/04 18:10 upstream e8ab83e34bdc b0714e37 .config console log report [disk image (non-bootable)] [vmlinux] [kernel image] ci-snapshot-upstream-root general protection fault in btrfs_root_node
2025/05/02 19:41 upstream ebd297a2affa d7f099d1 .config console log report [disk image (non-bootable)] [vmlinux] [kernel image] ci-snapshot-upstream-root general protection fault in btrfs_root_node
2025/04/30 19:47 upstream b6ea1680d0ac 937aafd7 .config console log report [disk image (non-bootable)] [vmlinux] [kernel image] ci-snapshot-upstream-root general protection fault in btrfs_root_node
2025/04/30 18:43 upstream b6ea1680d0ac 937aafd7 .config console log report [disk image (non-bootable)] [vmlinux] [kernel image] ci-snapshot-upstream-root general protection fault in btrfs_root_node
2025/04/27 20:55 upstream 5bc1018675ec c6b4fb39 .config console log report [disk image (non-bootable)] [vmlinux] [kernel image] ci-snapshot-upstream-root general protection fault in btrfs_root_node
2025/04/27 15:50 upstream 5bc1018675ec c6b4fb39 .config console log report [disk image (non-bootable)] [vmlinux] [kernel image] ci-snapshot-upstream-root general protection fault in btrfs_root_node
2025/04/27 12:24 upstream 5bc1018675ec c6b4fb39 .config console log report [disk image (non-bootable)] [vmlinux] [kernel image] ci-snapshot-upstream-root general protection fault in btrfs_root_node
2025/04/27 06:53 upstream 5bc1018675ec c6b4fb39 .config console log report [disk image (non-bootable)] [vmlinux] [kernel image] ci-snapshot-upstream-root general protection fault in btrfs_root_node
2025/04/27 05:25 upstream 5bc1018675ec c6b4fb39 .config console log report [disk image (non-bootable)] [vmlinux] [kernel image] ci-snapshot-upstream-root general protection fault in btrfs_root_node
2025/04/26 08:05 upstream c3137514f1f1 c6b4fb39 .config console log report [disk image (non-bootable)] [vmlinux] [kernel image] ci-snapshot-upstream-root general protection fault in btrfs_root_node
2025/04/25 20:52 upstream 02ddfb981de8 dea5c7e4 .config console log report [disk image (non-bootable)] [vmlinux] [kernel image] ci-snapshot-upstream-root general protection fault in btrfs_root_node
2025/04/25 18:52 upstream 02ddfb981de8 dea5c7e4 .config console log report [disk image (non-bootable)] [vmlinux] [kernel image] ci-snapshot-upstream-root general protection fault in btrfs_root_node
2025/04/24 16:27 upstream a79be02bba5c 9c80ffa0 .config console log report [disk image (non-bootable)] [vmlinux] [kernel image] ci-snapshot-upstream-root general protection fault in btrfs_root_node
2025/04/24 05:01 upstream a79be02bba5c 9882047a .config console log report [disk image (non-bootable)] [vmlinux] [kernel image] ci-snapshot-upstream-root general protection fault in btrfs_root_node
2025/04/23 15:47 upstream bc3372351d0c 57d54c08 .config console log report [disk image (non-bootable)] [vmlinux] [kernel image] ci-snapshot-upstream-root general protection fault in btrfs_root_node
2025/04/23 12:17 upstream bc3372351d0c 57d54c08 .config console log report [disk image (non-bootable)] [vmlinux] [kernel image] ci-snapshot-upstream-root general protection fault in btrfs_root_node
2025/04/23 03:49 upstream bc3372351d0c 53a8b9bd .config console log report [disk image (non-bootable)] [vmlinux] [kernel image] ci-snapshot-upstream-root general protection fault in btrfs_root_node
2025/04/22 20:56 upstream a33b5a08cbbd 53a8b9bd .config console log report [disk image (non-bootable)] [vmlinux] [kernel image] ci-snapshot-upstream-root general protection fault in btrfs_root_node
2025/04/21 10:11 upstream 9d7a0577c9db 2a20f901 .config console log report [disk image (non-bootable)] [vmlinux] [kernel image] ci-snapshot-upstream-root general protection fault in btrfs_root_node
2025/04/20 20:08 upstream 6fea5fabd332 2a20f901 .config console log report [disk image (non-bootable)] [vmlinux] [kernel image] ci-snapshot-upstream-root general protection fault in btrfs_root_node
2025/04/20 08:08 upstream 119009db2674 2a20f901 .config console log report [disk image (non-bootable)] [vmlinux] [kernel image] ci-snapshot-upstream-root general protection fault in btrfs_root_node
2025/04/20 01:00 upstream 8560697b23dc 2a20f901 .config console log report [disk image (non-bootable)] [vmlinux] [kernel image] ci-snapshot-upstream-root general protection fault in btrfs_root_node
2025/04/19 18:39 upstream 8560697b23dc 2a20f901 .config console log report [disk image (non-bootable)] [vmlinux] [kernel image] ci-snapshot-upstream-root general protection fault in btrfs_root_node
2025/04/18 18:47 upstream fc96b232f8e7 2a20f901 .config console log report [disk image (non-bootable)] [vmlinux] [kernel image] ci-snapshot-upstream-root general protection fault in btrfs_root_node
2025/04/18 04:43 upstream b5c6891b2c5b 2a20f901 .config console log report [disk image (non-bootable)] [vmlinux] [kernel image] ci-snapshot-upstream-root general protection fault in btrfs_root_node
2025/04/18 01:48 upstream b5c6891b2c5b 2a20f901 .config console log report [disk image (non-bootable)] [vmlinux] [kernel image] ci-snapshot-upstream-root general protection fault in btrfs_root_node
2025/04/16 20:21 upstream c62f4b82d571 a95239b1 .config console log report [disk image (non-bootable)] [vmlinux] [kernel image] ci-snapshot-upstream-root general protection fault in btrfs_root_node
2025/04/16 07:11 upstream 1a1d569a75f3 a95239b1 .config console log report [disk image (non-bootable)] [vmlinux] [kernel image] ci-snapshot-upstream-root general protection fault in btrfs_root_node
2025/04/15 07:43 upstream 834a4a689699 0bd6db41 .config console log report [disk image (non-bootable)] [vmlinux] [kernel image] ci-snapshot-upstream-root general protection fault in btrfs_root_node
2025/04/15 02:11 upstream 834a4a689699 0bd6db41 .config console log report [disk image (non-bootable)] [vmlinux] [kernel image] ci-snapshot-upstream-root general protection fault in btrfs_root_node
2025/04/13 20:27 upstream 5aaaedb0cb54 0bd6db41 .config console log report [disk image (non-bootable)] [vmlinux] [kernel image] ci-snapshot-upstream-root general protection fault in btrfs_root_node
2025/04/13 12:24 upstream 7cdabafc0012 0bd6db41 .config console log report [disk image (non-bootable)] [vmlinux] [kernel image] ci-snapshot-upstream-root general protection fault in btrfs_root_node
2025/04/12 20:50 upstream 3bde70a2c827 0bd6db41 .config console log report [disk image (non-bootable)] [vmlinux] [kernel image] ci-snapshot-upstream-root general protection fault in btrfs_root_node
2025/04/11 22:20 upstream 900241a5cc15 12ba9c21 .config console log report [disk image (non-bootable)] [vmlinux] [kernel image] ci-snapshot-upstream-root general protection fault in btrfs_root_node
2025/01/06 13:28 linux-next 8155b4ef3466 f3558dbf .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-linux-next-kasan-gce-root general protection fault in btrfs_root_node
2025/05/14 03:37 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci c32f8dc5aaf9 7344edeb .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-gce-arm64 BUG: unable to handle kernel paging request in btrfs_root_node
2025/05/12 10:05 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci c32f8dc5aaf9 77908e5f .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-gce-arm64 BUG: unable to handle kernel paging request in btrfs_root_node
2025/05/06 12:45 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci e0f4c8dd9d2d ae98e6b9 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-gce-arm64 BUG: unable to handle kernel paging request in btrfs_root_node
2025/04/28 06:33 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci c72692105976 c6b4fb39 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-gce-arm64 BUG: unable to handle kernel paging request in btrfs_root_node
2025/04/25 00:11 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci c72692105976 9c80ffa0 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-gce-arm64 BUG: unable to handle kernel paging request in btrfs_root_node
2025/04/16 12:09 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci c72692105976 23b969b7 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-gce-arm64 BUG: unable to handle kernel paging request in btrfs_root_node
2025/04/14 11:17 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci 2fe2b96c3818 0bd6db41 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-gce-arm64 BUG: unable to handle kernel paging request in btrfs_root_node
2025/04/14 02:28 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci 2fe2b96c3818 0bd6db41 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-gce-arm64 BUG: unable to handle kernel paging request in btrfs_root_node
* Struck through repros no longer work on HEAD.