syzbot


kernel BUG in vfs_get_tree (2)

Status: fixed on 2025/07/16 19:06
Subsystems: bcachefs
[Documentation on labels]
Reported-by: syzbot+10a214d962941493d1dd@syzkaller.appspotmail.com
Fix commit: 9c6185609947 bcachefs: Call bch2_fs_start before getting vfs superblock
First crash: 52d, last: 51d
Cause bisection: introduced by (bisect log) :
commit ad7a2ae339342ce4721993e637ecd9f7dc654f3b
Author: Kent Overstreet <kent.overstreet@linux.dev>
Date: Mon Jun 2 00:22:17 2025 +0000

  bcachefs: Add missing restart handling to check_topology()

Crash: kernel BUG in vfs_get_tree (log)
Repro: C syz .config
  
Discussions (1)
Title Replies (including bot) Last reply
[syzbot] [bcachefs?] kernel BUG in vfs_get_tree (2) 0 (2) 2025/06/19 20:57
Similar bugs (1)
Kernel Title Rank 🛈 Repro Cause bisect Fix bisect Count Last Reported Patched Status
upstream kernel BUG in vfs_get_tree bcachefs -1 C done 318 294d 338d 28/29 fixed on 2024/10/22 11:57
Last patch testing requests (1)
Created Duration User Patch Repo Result
2025/06/19 06:05 29m retest repro linux-next OK log

Sample crash report:
bcachefs: bch2_fs_get_tree() error: ENOMEM
Filesystem bcachefs get_tree() didn't set fc->root, returned 12
------------[ cut here ]------------
kernel BUG at fs/super.c:1812!
Oops: invalid opcode: 0000 [#1] SMP KASAN PTI
CPU: 1 UID: 0 PID: 6640 Comm: syz.0.134 Not tainted 6.15.0-next-20250604-syzkaller #0 PREEMPT(full) 
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
RIP: 0010:vfs_get_tree+0x29f/0x2b0 fs/super.c:1812
Code: 1b 48 89 d8 48 c1 e8 03 42 80 3c 28 00 74 08 48 89 df e8 14 8b ee ff 48 8b 33 48 c7 c7 00 31 99 8b 44 89 f2 e8 d2 42 f2 fe 90 <0f> 0b 66 66 66 66 66 66 2e 0f 1f 84 00 00 00 00 00 90 90 90 90 90
RSP: 0018:ffffc9000f657d58 EFLAGS: 00010246
RAX: 000000000000003f RBX: ffffffff8e7829a0 RCX: 4f1da245cd4ec400
RDX: ffffc9000c489000 RSI: 000000000007ffff RDI: 0000000000080000
RBP: 0000000000000000 R08: 0000000000000003 R09: 0000000000000004
R10: dffffc0000000000 R11: fffffbfff1bfa9ec R12: 1ffff11004f47796
R13: dffffc0000000000 R14: 000000000000000c R15: 0000000000000000
FS:  00007fa909df66c0(0000) GS:ffff888125d4d000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00005618bc112000 CR3: 000000007931e000 CR4: 00000000003526f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
 <TASK>
 do_new_mount+0x24a/0xa40 fs/namespace.c:3874
 do_mount fs/namespace.c:4211 [inline]
 __do_sys_mount fs/namespace.c:4422 [inline]
 __se_sys_mount+0x317/0x410 fs/namespace.c:4399
 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
 do_syscall_64+0xfa/0x3b0 arch/x86/entry/syscall_64.c:94
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7fa90bf900ca
Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 de 1a 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007fa909df5e68 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
RAX: ffffffffffffffda RBX: 00007fa909df5ef0 RCX: 00007fa90bf900ca
RDX: 00002000000000c0 RSI: 0000200000000000 RDI: 00007fa909df5eb0
RBP: 00002000000000c0 R08: 00007fa909df5ef0 R09: 0000000000800000
R10: 0000000000800000 R11: 0000000000000246 R12: 0000200000000000
R13: 00007fa909df5eb0 R14: 000000000000594c R15: 0000200000000680
 </TASK>
Modules linked in:
---[ end trace 0000000000000000 ]---
RIP: 0010:vfs_get_tree+0x29f/0x2b0 fs/super.c:1812
Code: 1b 48 89 d8 48 c1 e8 03 42 80 3c 28 00 74 08 48 89 df e8 14 8b ee ff 48 8b 33 48 c7 c7 00 31 99 8b 44 89 f2 e8 d2 42 f2 fe 90 <0f> 0b 66 66 66 66 66 66 2e 0f 1f 84 00 00 00 00 00 90 90 90 90 90
RSP: 0018:ffffc9000f657d58 EFLAGS: 00010246
RAX: 000000000000003f RBX: ffffffff8e7829a0 RCX: 4f1da245cd4ec400
RDX: ffffc9000c489000 RSI: 000000000007ffff RDI: 0000000000080000
RBP: 0000000000000000 R08: 0000000000000003 R09: 0000000000000004
R10: dffffc0000000000 R11: fffffbfff1bfa9ec R12: 1ffff11004f47796
R13: dffffc0000000000 R14: 000000000000000c R15: 0000000000000000
FS:  00007fa909df66c0(0000) GS:ffff888125d4d000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00005618bc112000 CR3: 000000007931e000 CR4: 00000000003526f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400

Crashes (22):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2025/06/04 20:51 linux-next 911483b25612 fd5e6e61 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-linux-next-kasan-gce-root kernel BUG in vfs_get_tree
2025/06/04 20:50 linux-next 911483b25612 fd5e6e61 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-linux-next-kasan-gce-root kernel BUG in vfs_get_tree
2025/06/04 20:50 linux-next 911483b25612 fd5e6e61 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-linux-next-kasan-gce-root kernel BUG in vfs_get_tree
2025/06/04 13:38 linux-next 911483b25612 a30356b7 .config strace log report syz / log C [disk image] [vmlinux] [kernel image] [mounted in repro] ci-upstream-linux-next-kasan-gce-root kernel BUG in vfs_get_tree
2025/06/04 08:48 linux-next 911483b25612 a30356b7 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-linux-next-kasan-gce-root kernel BUG in vfs_get_tree
2025/06/04 08:48 linux-next 911483b25612 a30356b7 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-linux-next-kasan-gce-root kernel BUG in vfs_get_tree
2025/06/04 08:48 linux-next 911483b25612 a30356b7 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-linux-next-kasan-gce-root kernel BUG in vfs_get_tree
2025/06/04 08:45 linux-next 911483b25612 a30356b7 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-linux-next-kasan-gce-root kernel BUG in vfs_get_tree
2025/06/04 08:45 linux-next 911483b25612 a30356b7 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-linux-next-kasan-gce-root kernel BUG in vfs_get_tree
2025/06/04 08:32 linux-next 911483b25612 a30356b7 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-linux-next-kasan-gce-root kernel BUG in vfs_get_tree
2025/06/04 08:31 linux-next 911483b25612 a30356b7 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-linux-next-kasan-gce-root kernel BUG in vfs_get_tree
2025/06/04 08:26 linux-next 911483b25612 a30356b7 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-linux-next-kasan-gce-root kernel BUG in vfs_get_tree
2025/06/04 08:25 linux-next 911483b25612 a30356b7 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-linux-next-kasan-gce-root kernel BUG in vfs_get_tree
2025/06/04 08:25 linux-next 911483b25612 a30356b7 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-linux-next-kasan-gce-root kernel BUG in vfs_get_tree
2025/06/04 08:21 linux-next 911483b25612 a30356b7 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-linux-next-kasan-gce-root kernel BUG in vfs_get_tree
2025/06/04 06:41 linux-next 911483b25612 a30356b7 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-linux-next-kasan-gce-root kernel BUG in vfs_get_tree
2025/06/04 06:38 linux-next 911483b25612 a30356b7 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-linux-next-kasan-gce-root kernel BUG in vfs_get_tree
2025/06/04 06:38 linux-next 911483b25612 a30356b7 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-linux-next-kasan-gce-root kernel BUG in vfs_get_tree
2025/06/04 06:26 linux-next 911483b25612 a30356b7 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-linux-next-kasan-gce-root kernel BUG in vfs_get_tree
2025/06/04 06:25 linux-next 911483b25612 a30356b7 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-linux-next-kasan-gce-root kernel BUG in vfs_get_tree
2025/06/04 05:44 linux-next 911483b25612 a30356b7 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-linux-next-kasan-gce-root kernel BUG in vfs_get_tree
2025/06/04 05:44 linux-next 911483b25612 a30356b7 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-linux-next-kasan-gce-root kernel BUG in vfs_get_tree
* Struck through repros no longer work on HEAD.