syzbot

 sign-in | mailing list | source | docs
🐞 Open [1507]
Subsystems
🐞 Fixed [6532]
🐞 Invalid [16669]
Missing Backports [202]
Crashes
Kernel Health Bugs/Month Bug Lifetimes Fuzzing
Total Repo Heatmap Subsystems Heatmap
💬 Send us feedback

general protection fault in btrfs_root_node

Status: upstream: reported C repro on 2024/09/03 16:42
Subsystems: btrfs
[Documentation on labels]
Reported-by: syzbot+9c3e0cdfbfe351b0bc0e@syzkaller.appspotmail.com
First crash: 365d, last: 1d09h
Cause bisection: introduced by (bisect log) :
commit 42437a6386ffeaaf200731e73d723ea491f3fe7d
Author: Josef Bacik <josef@toxicpanda.com>
Date: Fri Oct 16 15:29:18 2020 +0000

  btrfs: introduce mount option rescue=ignorebadroots

Crash: BUG: unable to handle kernel NULL pointer dereference in btrfs_root_node (log)
Repro: C syz .config
  
Discussions (11)
Title Replies (including bot) Last reply
[syzbot] Monthly btrfs report (Aug 2025) 0 (1) 2025/08/26 07:13
[syzbot] Monthly btrfs report (Jul 2025) 0 (1) 2025/07/25 12:39
[syzbot] Monthly btrfs report (Jun 2025) 0 (1) 2025/06/24 07:33
[syzbot] Monthly btrfs report (May 2025) 0 (1) 2025/05/24 10:05
[syzbot] Monthly btrfs report (Apr 2025) 0 (1) 2025/04/23 07:50
[syzbot] Monthly btrfs report (Mar 2025) 0 (1) 2025/03/22 18:47
[syzbot] Monthly btrfs report (Feb 2025) 0 (1) 2025/02/19 12:35
[syzbot] Monthly btrfs report (Jan 2025) 0 (1) 2025/01/20 08:14
[syzbot] Monthly btrfs report (Dec 2024) 0 (1) 2024/12/19 18:39
[syzbot] [btrfs?] general protection fault in btrfs_root_node 0 (5) 2024/11/12 10:47
[PATCH] btrfs: Added null check to extent_root variable 6 (6) 2024/09/04 21:31
Similar bugs (3)
Kernel Title Rank 🛈 Repro Cause bisect Fix bisect Count Last Reported Patched Status
linux-5.15 KASAN: null-ptr-deref Write in btrfs_root_node (2) origin:lts-only 12 C done 42 19d 712d 0/3 upstream: reported C repro on 2023/09/18 04:34
linux-6.1 BUG: unable to handle kernel paging request in btrfs_root_node origin:upstream 8 C error 18 30d 307d 0/3 upstream: reported C repro on 2024/10/27 14:03
linux-5.15 KASAN: null-ptr-deref Write in btrfs_root_node 12 1 859d 859d 0/3 auto-obsoleted due to no activity on 2023/08/22 05:04
Last patch testing requests (4)
Created Duration User Patch Repo Result
2024/09/16 03:11 14m retest repro upstream report log
2024/09/04 02:12 19m ghanshyam1898@gmail.com patch upstream OK log
2024/09/04 01:43 0m ghanshyam1898@gmail.com patch upstream error
2024/09/04 01:38 0m ghanshyam1898@gmail.com patch upstream error

Sample crash report:
Oops: general protection fault, probably for non-canonical address 0xdffffc0000000003: 0000 [#1] SMP KASAN PTI
KASAN: null-ptr-deref in range [0x0000000000000018-0x000000000000001f]
CPU: 0 UID: 0 PID: 5840 Comm: syz-executor163 Not tainted 6.16.0-rc5-syzkaller #0 PREEMPT(full) 
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
RIP: 0010:btrfs_root_node+0x7f/0x3b0 fs/btrfs/ctree.c:193
Code: b7 c3 e3 fd 48 83 c4 08 e8 5e 96 ad 07 89 c5 31 ff 89 c6 e8 c3 bf 05 fe 85 ed 74 17 e8 3a b5 ec fd 84 c0 74 1c e8 71 bb 05 fe <42> 80 3c 2b 00 75 4b eb 51 e8 63 bb 05 fe 42 80 3c 2b 00 75 3d eb
RSP: 0018:ffffc9000403f710 EFLAGS: 00010293
RAX: ffffffff83ba696f RBX: 0000000000000003 RCX: ffff888033858000
RDX: 0000000000000000 RSI: ffffffff8be1c1e0 RDI: ffffffff8be1c1a0
RBP: 0000000000000001 R08: 0000000000000000 R09: ffffffff83ba692c
R10: dffffc0000000000 R11: ffffed100e6c500e R12: ffffffff83ba692c
R13: dffffc0000000000 R14: 0000000000000018 R15: 0000000000000000
FS:  000055559500a380(0000) GS:ffff888125c51000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 000055e309b8c168 CR3: 0000000071dd2000 CR4: 00000000003526f0
Call Trace:
 <TASK>
 btrfs_read_lock_root_node+0x27/0xd0 fs/btrfs/locking.c:263
 btrfs_build_ref_tree+0x110/0x13e0 fs/btrfs/ref-verify.c:1006
 open_ctree+0x1d81/0x2800 fs/btrfs/disk-io.c:3595
 btrfs_fill_super+0x19d/0x2e0 fs/btrfs/super.c:968
 btrfs_get_tree_super fs/btrfs/super.c:1893 [inline]
 btrfs_get_tree+0x107c/0x1630 fs/btrfs/super.c:2088
 vfs_get_tree+0x8f/0x2b0 fs/super.c:1804
 fc_mount+0x1c/0xb0 fs/namespace.c:1290
 btrfs_get_tree_subvol fs/btrfs/super.c:2046 [inline]
 btrfs_get_tree+0x67d/0x1630 fs/btrfs/super.c:2089
 vfs_get_tree+0x8f/0x2b0 fs/super.c:1804
 do_new_mount+0x24a/0xa40 fs/namespace.c:3902
 do_mount fs/namespace.c:4239 [inline]
 __do_sys_mount fs/namespace.c:4450 [inline]
 __se_sys_mount+0x317/0x410 fs/namespace.c:4427
 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
 do_syscall_64+0xfa/0x3b0 arch/x86/entry/syscall_64.c:94
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f2a1afeea7a
Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 5e 04 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007fff597c50e8 EFLAGS: 00000282 ORIG_RAX: 00000000000000a5
RAX: ffffffffffffffda RBX: 00007fff597c5100 RCX: 00007f2a1afeea7a
RDX: 0000200000000080 RSI: 00002000000000c0 RDI: 00007fff597c5100
RBP: 00002000000000c0 R08: 00007fff597c5140 R09: 00000000000055c5
R10: 000000000001c005 R11: 0000000000000282 R12: 0000200000000080
R13: 0000000000000004 R14: 0000000000000003 R15: 00007fff597c5140
 </TASK>
Modules linked in:
---[ end trace 0000000000000000 ]---
RIP: 0010:btrfs_root_node+0x7f/0x3b0 fs/btrfs/ctree.c:193
Code: b7 c3 e3 fd 48 83 c4 08 e8 5e 96 ad 07 89 c5 31 ff 89 c6 e8 c3 bf 05 fe 85 ed 74 17 e8 3a b5 ec fd 84 c0 74 1c e8 71 bb 05 fe <42> 80 3c 2b 00 75 4b eb 51 e8 63 bb 05 fe 42 80 3c 2b 00 75 3d eb
RSP: 0018:ffffc9000403f710 EFLAGS: 00010293
RAX: ffffffff83ba696f RBX: 0000000000000003 RCX: ffff888033858000
RDX: 0000000000000000 RSI: ffffffff8be1c1e0 RDI: ffffffff8be1c1a0
RBP: 0000000000000001 R08: 0000000000000000 R09: ffffffff83ba692c
R10: dffffc0000000000 R11: ffffed100e6c500e R12: ffffffff83ba692c
R13: dffffc0000000000 R14: 0000000000000018 R15: 0000000000000000
FS:  000055559500a380(0000) GS:ffff888125c51000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 000055e309b8c168 CR3: 0000000071dd2000 CR4: 00000000003526f0
----------------
Code disassembly (best guess):
   0:	b7 c3                	mov    $0xc3,%bh
   2:	e3 fd                	jrcxz  0x1
   4:	48 83 c4 08          	add    $0x8,%rsp
   8:	e8 5e 96 ad 07       	call   0x7ad966b
   d:	89 c5                	mov    %eax,%ebp
   f:	31 ff                	xor    %edi,%edi
  11:	89 c6                	mov    %eax,%esi
  13:	e8 c3 bf 05 fe       	call   0xfe05bfdb
  18:	85 ed                	test   %ebp,%ebp
  1a:	74 17                	je     0x33
  1c:	e8 3a b5 ec fd       	call   0xfdecb55b
  21:	84 c0                	test   %al,%al
  23:	74 1c                	je     0x41
  25:	e8 71 bb 05 fe       	call   0xfe05bb9b
* 2a:	42 80 3c 2b 00       	cmpb   $0x0,(%rbx,%r13,1) <-- trapping instruction
  2f:	75 4b                	jne    0x7c
  31:	eb 51                	jmp    0x84
  33:	e8 63 bb 05 fe       	call   0xfe05bb9b
  38:	42 80 3c 2b 00       	cmpb   $0x0,(%rbx,%r13,1)
  3d:	75 3d                	jne    0x7c
  3f:	eb                   	.byte 0xeb

Crashes (613):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2025/07/07 03:08 upstream d7b8f8e20813 4f67c4ae .config strace log report syz / log C [disk image] [vmlinux] [kernel image] [mounted in repro (corrupt fs)] ci2-upstream-fs general protection fault in btrfs_root_node
2025/05/26 19:23 upstream 0ff41df1cb26 874a1386 .config strace log report syz / log C [disk image] [vmlinux] [kernel image] [mounted in repro (corrupt fs)] ci2-upstream-fs general protection fault in btrfs_root_node
2025/02/13 05:09 upstream 4dc1d1bec898 b27c2402 .config strace log report syz / log C [disk image] [vmlinux] [kernel image] [mounted in repro (corrupt fs)] ci2-upstream-fs general protection fault in btrfs_root_node
2024/12/07 12:46 upstream b5f217084ab3 9ac0fdc6 .config strace log report syz / log C [disk image] [vmlinux] [kernel image] [mounted in repro] ci2-upstream-fs general protection fault in btrfs_root_node
2024/11/11 09:16 upstream 2d5404caa8c7 6b856513 .config strace log report syz / log C [disk image] [vmlinux] [kernel image] [mounted in repro] ci2-upstream-fs general protection fault in btrfs_root_node
2025/05/27 11:53 upstream ddddf9d64f73 874a1386 .config console log report syz / log C [disk image (non-bootable)] [vmlinux] [kernel image] [mounted in repro (corrupt fs)] ci-snapshot-upstream-root general protection fault in btrfs_root_node
2025/02/09 05:16 upstream 9946eaf552b1 ef44b750 .config console log report syz / log C [disk image (non-bootable)] [vmlinux] [kernel image] [mounted in repro (corrupt fs)] ci-snapshot-upstream-root general protection fault in btrfs_root_node
2024/08/30 16:47 upstream 20371ba12063 db150e23 .config console log report syz / log C [disk image (non-bootable)] [vmlinux] [kernel image] [mounted in repro] ci-snapshot-upstream-root general protection fault in btrfs_root_node
2025/08/03 04:40 upstream 186f3edfdd41 7368264b .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-root general protection fault in btrfs_root_node
2025/07/30 21:07 upstream 4b290aae788e f8f2b4da .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-root general protection fault in btrfs_root_node
2025/08/29 14:11 upstream 07d9df80082b 3e1beec6 .config console log report [disk image (non-bootable)] [vmlinux] [kernel image] ci-snapshot-upstream-root general protection fault in btrfs_root_node
2025/08/29 06:06 upstream 07d9df80082b d401b9d7 .config console log report [disk image (non-bootable)] [vmlinux] [kernel image] ci-snapshot-upstream-root general protection fault in btrfs_root_node
2025/08/26 04:36 upstream b6add54ba618 bf27483f .config console log report [disk image (non-bootable)] [vmlinux] [kernel image] ci-snapshot-upstream-root general protection fault in btrfs_root_node
2025/08/24 09:03 upstream 8d245acc1e88 bf27483f .config console log report [disk image (non-bootable)] [vmlinux] [kernel image] ci-snapshot-upstream-root general protection fault in btrfs_root_node
2025/08/23 02:00 upstream cf6fc5eefc5b bf27483f .config console log report [disk image (non-bootable)] [vmlinux] [kernel image] ci-snapshot-upstream-root general protection fault in btrfs_root_node
2025/08/22 18:43 upstream cf6fc5eefc5b bf27483f .config console log report [disk image (non-bootable)] [vmlinux] [kernel image] ci-snapshot-upstream-root general protection fault in btrfs_root_node
2025/08/21 17:23 upstream 32b7144f806e 3e79b825 .config console log report [disk image (non-bootable)] [vmlinux] [kernel image] ci-snapshot-upstream-root general protection fault in btrfs_root_node
2025/08/20 04:00 upstream b19a97d57c15 79512909 .config console log report [disk image (non-bootable)] [vmlinux] [kernel image] ci-snapshot-upstream-root general protection fault in btrfs_root_node
2025/08/20 01:39 upstream b19a97d57c15 79512909 .config console log report [disk image (non-bootable)] [vmlinux] [kernel image] ci-snapshot-upstream-root general protection fault in btrfs_root_node
2025/08/19 07:58 upstream be48bcf004f9 52052143 .config console log report [disk image (non-bootable)] [vmlinux] [kernel image] ci-snapshot-upstream-root general protection fault in btrfs_root_node
2025/08/18 23:23 upstream be48bcf004f9 52052143 .config console log report [disk image (non-bootable)] [vmlinux] [kernel image] ci-snapshot-upstream-root general protection fault in btrfs_root_node
2025/08/18 05:00 upstream 8d561baae505 dcc075fb .config console log report [disk image (non-bootable)] [vmlinux] [kernel image] ci-snapshot-upstream-root general protection fault in btrfs_root_node
2025/08/17 18:26 upstream 99bade344cfa dcc075fb .config console log report [disk image (non-bootable)] [vmlinux] [kernel image] ci-snapshot-upstream-root general protection fault in btrfs_root_node
2025/08/17 16:18 upstream 99bade344cfa dcc075fb .config console log report [disk image (non-bootable)] [vmlinux] [kernel image] ci-snapshot-upstream-root general protection fault in btrfs_root_node
2025/08/17 14:54 upstream 99bade344cfa dcc075fb .config console log report [disk image (non-bootable)] [vmlinux] [kernel image] ci-snapshot-upstream-root general protection fault in btrfs_root_node
2025/08/14 23:26 upstream 0cc53520e68b dcc075fb .config console log report [disk image (non-bootable)] [vmlinux] [kernel image] ci-snapshot-upstream-root general protection fault in btrfs_root_node
2025/08/12 02:01 upstream 8f5ae30d69d7 c06e8995 .config console log report [disk image (non-bootable)] [vmlinux] [kernel image] ci-snapshot-upstream-root general protection fault in btrfs_root_node
2025/08/10 08:33 upstream 561c80369df0 32a0e5ed .config console log report [disk image (non-bootable)] [vmlinux] [kernel image] ci-snapshot-upstream-root general protection fault in btrfs_root_node
2025/08/09 08:21 upstream 37816488247d 32a0e5ed .config console log report [disk image (non-bootable)] [vmlinux] [kernel image] ci-snapshot-upstream-root general protection fault in btrfs_root_node
2025/08/06 21:30 upstream 479058002c32 4bd24a3e .config console log report [disk image (non-bootable)] [vmlinux] [kernel image] ci-snapshot-upstream-root general protection fault in btrfs_root_node
2025/08/05 03:56 upstream 35a813e010b9 f5bcc8dc .config console log report [disk image (non-bootable)] [vmlinux] [kernel image] ci-snapshot-upstream-root general protection fault in btrfs_root_node
2025/08/04 18:12 upstream d2eedaa3909b abdcb213 .config console log report [disk image (non-bootable)] [vmlinux] [kernel image] ci-snapshot-upstream-root general protection fault in btrfs_root_node
2025/08/04 03:18 upstream 352af6a011d5 7368264b .config console log report [disk image (non-bootable)] [vmlinux] [kernel image] ci-snapshot-upstream-root general protection fault in btrfs_root_node
2025/08/03 17:01 upstream 186f3edfdd41 7368264b .config console log report [disk image (non-bootable)] [vmlinux] [kernel image] ci-snapshot-upstream-root general protection fault in btrfs_root_node
2025/08/02 07:47 upstream a6923c06a3b2 7368264b .config console log report [disk image (non-bootable)] [vmlinux] [kernel image] ci-snapshot-upstream-root general protection fault in btrfs_root_node
2025/08/01 19:42 upstream 89748acdf226 40127d41 .config console log report [disk image (non-bootable)] [vmlinux] [kernel image] ci-snapshot-upstream-root general protection fault in btrfs_root_node
2025/07/31 03:43 upstream 4b290aae788e f8f2b4da .config console log report [disk image (non-bootable)] [vmlinux] [kernel image] ci-snapshot-upstream-root general protection fault in btrfs_root_node
2025/07/30 18:53 upstream 4b290aae788e f8f2b4da .config console log report [disk image (non-bootable)] [vmlinux] [kernel image] ci-snapshot-upstream-root general protection fault in btrfs_root_node
2025/07/29 21:13 upstream 86aa72182095 ba28e0a8 .config console log report [disk image (non-bootable)] [vmlinux] [kernel image] ci-snapshot-upstream-root general protection fault in btrfs_root_node
2025/07/29 19:31 upstream 86aa72182095 ba28e0a8 .config console log report [disk image (non-bootable)] [vmlinux] [kernel image] ci-snapshot-upstream-root general protection fault in btrfs_root_node
2025/07/29 18:03 upstream 86aa72182095 ba28e0a8 .config console log report [disk image (non-bootable)] [vmlinux] [kernel image] ci-snapshot-upstream-root general protection fault in btrfs_root_node
2025/07/28 09:51 upstream b711733e89a3 fb8f743d .config console log report [disk image (non-bootable)] [vmlinux] [kernel image] ci-snapshot-upstream-root general protection fault in btrfs_root_node
2025/01/06 13:28 linux-next 8155b4ef3466 f3558dbf .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-linux-next-kasan-gce-root general protection fault in btrfs_root_node
2025/08/22 23:37 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci 8f5ae30d69d7 bf27483f .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-gce-arm64 BUG: unable to handle kernel paging request in btrfs_root_node
2025/08/22 22:03 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci 8f5ae30d69d7 bf27483f .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-gce-arm64 BUG: unable to handle kernel paging request in btrfs_root_node
2025/08/22 09:11 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci 8f5ae30d69d7 bf27483f .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-gce-arm64 BUG: unable to handle kernel paging request in btrfs_root_node
2025/08/21 06:04 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci 8f5ae30d69d7 0b9605c8 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-gce-arm64 BUG: unable to handle kernel paging request in btrfs_root_node
2025/08/19 13:18 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci 8f5ae30d69d7 523f460e .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-gce-arm64 BUG: unable to handle kernel paging request in btrfs_root_node
2025/08/18 02:00 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci 8f5ae30d69d7 1804e95e .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-gce-arm64 BUG: unable to handle kernel paging request in btrfs_root_node
2025/08/16 07:23 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci 8f5ae30d69d7 1804e95e .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-gce-arm64 BUG: unable to handle kernel paging request in btrfs_root_node
2025/08/11 01:05 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci 82af5ea7c611 32a0e5ed .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-gce-arm64 BUG: unable to handle kernel paging request in btrfs_root_node
2025/08/10 15:03 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci 82af5ea7c611 32a0e5ed .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-gce-arm64 BUG: unable to handle kernel paging request in btrfs_root_node
2025/08/03 14:54 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci 82af5ea7c611 7368264b .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-gce-arm64 BUG: unable to handle kernel paging request in btrfs_root_node
2025/08/03 13:14 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci 82af5ea7c611 7368264b .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-gce-arm64 BUG: unable to handle kernel paging request in btrfs_root_node
2025/07/28 06:01 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci 82af5ea7c611 fb8f743d .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-gce-arm64 BUG: unable to handle kernel paging request in btrfs_root_node
* Struck through repros no longer work on HEAD.