syzbot

 sign-in | mailing list | source | docs
🐞 Open [1407]
Subsystems
🐞 Fixed [6988]
🐞 Invalid [18220]
Missing Backports [223]
Crashes
Kernel Health Bugs/Month Bug Lifetimes Fuzzing
Total Repo Heatmap Subsystems Heatmap
✨ AI
💬 Send us feedback

general protection fault in f2fs_in_warm_node_list

Status: upstream: reported C repro on 2026/02/18 10:28
Subsystems: f2fs
[Documentation on labels]
Reported-by: syzbot+6e4cb1cac5efc96ea0ca@syzkaller.appspotmail.com
Fix commit: f2fs: fix UAF caused by decrementing sbi->nr_pages[] in f2fs_write_end_io()
Patched on: [ci-upstream-linux-next-kasan-gce-root ci-upstream-rust-kasan-gce], missing on: [ci-qemu-gce-upstream-auto ci-qemu-native-arm64-kvm ci-qemu-upstream ci-qemu-upstream-386 ci-qemu2-arm32 ci-qemu2-arm64 ci-qemu2-arm64-compat ci-qemu2-arm64-mte ci-qemu2-riscv64 ci-snapshot-upstream-root ci-upstream-bpf-kasan-gce ci-upstream-bpf-next-kasan-gce ci-upstream-gce-arm64 ci-upstream-gce-leak ci-upstream-kasan-badwrites-root ci-upstream-kasan-gce ci-upstream-kasan-gce-386 ci-upstream-kasan-gce-root ci-upstream-kasan-gce-selinux-root ci-upstream-kasan-gce-smack-root ci-upstream-kmsan-gce-386-root ci-upstream-kmsan-gce-root ci-upstream-net-kasan-gce ci-upstream-net-this-kasan-gce ci2-upstream-fs ci2-upstream-kcsan-gce ci2-upstream-usb]
First crash: 70d, last: 16m
Cause bisection: failed (error log, bisect log)
  
Discussions (1)
Title Replies (including bot) Last reply
[syzbot] [f2fs?] general protection fault in f2fs_in_warm_node_list 1 (4) 2026/03/03 03:24
Last patch testing requests (1)
Created Duration User Patch Repo Result
2026/03/03 03:01 21m wangqing7171@gmail.com patch upstream report log

Sample crash report:
Oops: general protection fault, probably for non-canonical address 0xdffffc0000000006: 0000 [#1] SMP KASAN PTI
KASAN: null-ptr-deref in range [0x0000000000000030-0x0000000000000037]
CPU: 0 UID: 0 PID: 1466 Comm: kworker/u8:13 Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/27/2026
Workqueue: bat_events batadv_tt_purge
RIP: 0010:NODE_MAPPING fs/f2fs/f2fs.h:2260 [inline]
RIP: 0010:is_node_folio fs/f2fs/f2fs.h:2270 [inline]
RIP: 0010:f2fs_in_warm_node_list+0xbd/0x290 fs/f2fs/node.c:330
Code: 00 00 4d 03 3c 24 4c 89 f8 48 c1 e8 03 42 80 3c 28 00 74 08 4c 89 ff e8 91 82 fd fd 4d 8b 3f 49 83 c7 30 4c 89 f8 48 c1 e8 03 <42> 80 3c 28 00 74 08 4c 89 ff e8 74 82 fd fd 4d 3b 37 74 19 e8 fa
RSP: 0018:ffffc90005fef678 EFLAGS: 00010206
RAX: 0000000000000006 RBX: ffffea00016b5080 RCX: ffff888029ac1e80
RDX: 0000000000000100 RSI: 0000000000000000 RDI: 0000000000000100
RBP: ffffea00016b5098 R08: ffff888027441eab R09: 1ffff11004e883d5
R10: dffffc0000000000 R11: ffffed1004e883d6 R12: ffff88801132a798
R13: dffffc0000000000 R14: ffff88805ff12950 R15: 0000000000000030
FS:  0000000000000000(0000) GS:ffff88812633f000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007fd83f98d000 CR3: 0000000045182000 CR4: 00000000003526f0
Call Trace:
 <TASK>
 f2fs_write_end_io+0x7ab/0xff0 fs/f2fs/data.c:400
 blk_update_request+0x57e/0xe60 block/blk-mq.c:1016
 blk_mq_end_request+0x3e/0x70 block/blk-mq.c:1178
 blk_flush_complete_seq+0x687/0xce0 block/blk-flush.c:191
 flush_end_io+0xc40/0xf30 block/blk-flush.c:251
 __blk_mq_end_request+0x4a9/0x680 block/blk-mq.c:1168
 blk_complete_reqs block/blk-mq.c:1253 [inline]
 blk_done_softirq+0x10a/0x160 block/blk-mq.c:1258
 handle_softirqs+0x1de/0x6f0 kernel/softirq.c:622
 __do_softirq kernel/softirq.c:656 [inline]
 __local_bh_enable_ip+0x170/0x2b0 kernel/softirq.c:302
 local_bh_enable include/linux/bottom_half.h:33 [inline]
 spin_unlock_bh include/linux/spinlock_rt.h:116 [inline]
 batadv_tt_global_purge net/batman-adv/translation-table.c:2250 [inline]
 batadv_tt_purge+0x475/0xa10 net/batman-adv/translation-table.c:3510
 process_one_work kernel/workqueue.c:3275 [inline]
 process_scheduled_works+0xb02/0x1830 kernel/workqueue.c:3358
 worker_thread+0xa50/0xfc0 kernel/workqueue.c:3439
 kthread+0x388/0x470 kernel/kthread.c:436
 ret_from_fork+0x51e/0xb90 arch/x86/kernel/process.c:158
 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245
 </TASK>
Modules linked in:
---[ end trace 0000000000000000 ]---
RIP: 0010:NODE_MAPPING fs/f2fs/f2fs.h:2260 [inline]
RIP: 0010:is_node_folio fs/f2fs/f2fs.h:2270 [inline]
RIP: 0010:f2fs_in_warm_node_list+0xbd/0x290 fs/f2fs/node.c:330
Code: 00 00 4d 03 3c 24 4c 89 f8 48 c1 e8 03 42 80 3c 28 00 74 08 4c 89 ff e8 91 82 fd fd 4d 8b 3f 49 83 c7 30 4c 89 f8 48 c1 e8 03 <42> 80 3c 28 00 74 08 4c 89 ff e8 74 82 fd fd 4d 3b 37 74 19 e8 fa
RSP: 0018:ffffc90005fef678 EFLAGS: 00010206
RAX: 0000000000000006 RBX: ffffea00016b5080 RCX: ffff888029ac1e80
RDX: 0000000000000100 RSI: 0000000000000000 RDI: 0000000000000100
RBP: ffffea00016b5098 R08: ffff888027441eab R09: 1ffff11004e883d5
R10: dffffc0000000000 R11: ffffed1004e883d6 R12: ffff88801132a798
R13: dffffc0000000000 R14: ffff88805ff12950 R15: 0000000000000030
FS:  0000000000000000(0000) GS:ffff88812633f000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007fd83f98d000 CR3: 0000000045182000 CR4: 00000000003526f0
----------------
Code disassembly (best guess):
   0:	00 00                	add    %al,(%rax)
   2:	4d 03 3c 24          	add    (%r12),%r15
   6:	4c 89 f8             	mov    %r15,%rax
   9:	48 c1 e8 03          	shr    $0x3,%rax
   d:	42 80 3c 28 00       	cmpb   $0x0,(%rax,%r13,1)
  12:	74 08                	je     0x1c
  14:	4c 89 ff             	mov    %r15,%rdi
  17:	e8 91 82 fd fd       	call   0xfdfd82ad
  1c:	4d 8b 3f             	mov    (%r15),%r15
  1f:	49 83 c7 30          	add    $0x30,%r15
  23:	4c 89 f8             	mov    %r15,%rax
  26:	48 c1 e8 03          	shr    $0x3,%rax
* 2a:	42 80 3c 28 00       	cmpb   $0x0,(%rax,%r13,1) <-- trapping instruction
  2f:	74 08                	je     0x39
  31:	4c 89 ff             	mov    %r15,%rdi
  34:	e8 74 82 fd fd       	call   0xfdfd82ad
  39:	4d 3b 37             	cmp    (%r15),%r14
  3c:	74 19                	je     0x57
  3e:	e8                   	.byte 0xe8
  3f:	fa                   	cli

Crashes (4589):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2026/03/12 05:12 upstream b29fb8829bff 2d88ab01 .config console log report syz / log C [disk image] [vmlinux] [kernel image] [mounted in repro #1] [mounted in repro #2 (corrupt fs)] [mounted in repro #3 (corrupt fs)] ci2-upstream-fs general protection fault in f2fs_in_warm_node_list
2026/03/11 23:30 upstream b29fb8829bff 2d88ab01 .config console log report syz / log C [disk image] [vmlinux] [kernel image] [mounted in repro #1 (corrupt fs)] [mounted in repro #2 (corrupt fs)] ci2-upstream-fs general protection fault in f2fs_in_warm_node_list
2026/03/10 13:33 upstream 1f318b96cc84 6972f302 .config console log report syz / log C [disk image] [vmlinux] [kernel image] [mounted in repro (corrupt fs)] ci2-upstream-fs general protection fault in f2fs_in_warm_node_list
2026/03/10 10:37 upstream 1f318b96cc84 6972f302 .config console log report syz / log C [disk image] [vmlinux] [kernel image] [mounted in repro (corrupt fs)] ci2-upstream-fs general protection fault in f2fs_in_warm_node_list
2026/03/10 07:52 upstream 1f318b96cc84 6972f302 .config console log report syz / log C [disk image] [vmlinux] [kernel image] [mounted in repro (corrupt fs)] ci2-upstream-fs general protection fault in f2fs_in_warm_node_list
2026/03/10 05:07 upstream 1f318b96cc84 6972f302 .config console log report syz / log C [disk image] [vmlinux] [kernel image] [mounted in repro (corrupt fs)] ci2-upstream-fs general protection fault in f2fs_in_warm_node_list
2026/03/06 22:54 upstream 651690480a96 41d8037d .config console log report syz / log C [disk image] [vmlinux] [kernel image] [mounted in repro (corrupt fs)] ci2-upstream-fs general protection fault in f2fs_in_warm_node_list
2026/03/02 07:31 upstream 39c633261414 43249bac .config console log report syz / log C [disk image] [vmlinux] [kernel image] [mounted in repro (corrupt fs)] ci2-upstream-fs general protection fault in f2fs_in_warm_node_list
2026/03/02 01:35 upstream 39c633261414 43249bac .config console log report syz / log C [disk image] [vmlinux] [kernel image] [mounted in repro (corrupt fs)] ci2-upstream-fs general protection fault in f2fs_in_warm_node_list
2026/02/21 22:13 upstream d79526b89571 6e7b5511 .config console log report syz / log C [disk image] [vmlinux] [kernel image] [mounted in repro (corrupt fs)] ci2-upstream-fs general protection fault in f2fs_in_warm_node_list
2026/03/05 02:45 upstream ecc64d2dc9ff a9fe5c9e .config console log report syz / log [disk image] [vmlinux] [kernel image] [mounted in repro (corrupt fs)] ci2-upstream-fs general protection fault in f2fs_in_warm_node_list
2026/03/02 18:47 upstream 11439c4635ed b9dd6534 .config console log report syz / log [disk image] [vmlinux] [kernel image] [mounted in repro (corrupt fs)] ci2-upstream-fs general protection fault in f2fs_in_warm_node_list
2026/02/18 10:27 upstream 2961f841b025 39751c21 .config console log report syz / log [disk image (non-bootable)] [vmlinux] [kernel image] [mounted in repro (corrupt fs)] ci-snapshot-upstream-root general protection fault in f2fs_in_warm_node_list
2026/03/15 08:05 upstream 267594792a71 ee8d34d6 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs general protection fault in f2fs_in_warm_node_list
2026/03/15 07:50 upstream 267594792a71 ee8d34d6 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs general protection fault in f2fs_in_warm_node_list
2026/03/15 06:24 upstream 69237f8c1f69 ee8d34d6 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs general protection fault in f2fs_in_warm_node_list
2026/03/15 05:19 upstream 69237f8c1f69 ee8d34d6 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs general protection fault in f2fs_in_warm_node_list
2026/03/15 04:38 upstream 69237f8c1f69 ee8d34d6 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs general protection fault in f2fs_in_warm_node_list
2026/03/15 03:30 upstream 69237f8c1f69 ee8d34d6 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs general protection fault in f2fs_in_warm_node_list
2026/03/15 03:08 upstream 69237f8c1f69 ee8d34d6 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs general protection fault in f2fs_in_warm_node_list
2026/03/15 01:56 upstream 69237f8c1f69 ee8d34d6 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs general protection fault in f2fs_in_warm_node_list
2026/03/15 00:45 upstream 69237f8c1f69 ee8d34d6 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs general protection fault in f2fs_in_warm_node_list
2026/03/15 00:13 upstream 69237f8c1f69 ee8d34d6 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs general protection fault in f2fs_in_warm_node_list
2026/03/14 23:09 upstream 69237f8c1f69 ee8d34d6 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs general protection fault in f2fs_in_warm_node_list
2026/03/14 22:04 upstream 69237f8c1f69 ee8d34d6 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs general protection fault in f2fs_in_warm_node_list
2026/03/14 21:55 upstream 69237f8c1f69 ee8d34d6 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs general protection fault in f2fs_in_warm_node_list
2026/03/14 20:46 upstream 69237f8c1f69 ee8d34d6 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs general protection fault in f2fs_in_warm_node_list
2026/03/14 19:53 upstream 69237f8c1f69 ee8d34d6 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs general protection fault in f2fs_in_warm_node_list
2026/03/14 18:50 upstream 69237f8c1f69 ee8d34d6 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs general protection fault in f2fs_in_warm_node_list
2026/03/14 18:25 upstream 69237f8c1f69 ee8d34d6 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs general protection fault in f2fs_in_warm_node_list
2026/03/14 17:11 upstream 1c9982b49613 ee8d34d6 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs general protection fault in f2fs_in_warm_node_list
2026/03/14 15:57 upstream 1c9982b49613 ee8d34d6 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs general protection fault in f2fs_in_warm_node_list
2026/03/14 15:07 upstream 1c9982b49613 ee8d34d6 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs general protection fault in f2fs_in_warm_node_list
2026/03/14 14:03 upstream 1c9982b49613 ee8d34d6 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs general protection fault in f2fs_in_warm_node_list
2026/03/14 12:53 upstream 1c9982b49613 ee8d34d6 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs general protection fault in f2fs_in_warm_node_list
2026/03/14 11:45 upstream 1c9982b49613 ee8d34d6 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs general protection fault in f2fs_in_warm_node_list
2026/03/14 10:43 upstream 1c9982b49613 ee8d34d6 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs general protection fault in f2fs_in_warm_node_list
2026/03/14 10:35 upstream 1c9982b49613 ee8d34d6 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs general protection fault in f2fs_in_warm_node_list
2026/03/14 09:19 upstream 1c9982b49613 ee8d34d6 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs general protection fault in f2fs_in_warm_node_list
2026/03/14 08:17 upstream 1c9982b49613 ee8d34d6 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs general protection fault in f2fs_in_warm_node_list
2026/03/14 06:59 upstream 1c9982b49613 ee8d34d6 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs general protection fault in f2fs_in_warm_node_list
2026/03/14 06:26 upstream 1c9982b49613 ee8d34d6 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs general protection fault in f2fs_in_warm_node_list
2026/03/14 05:25 upstream 1c9982b49613 ee8d34d6 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs general protection fault in f2fs_in_warm_node_list
2026/03/14 04:34 upstream 1c9982b49613 ee8d34d6 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs general protection fault in f2fs_in_warm_node_list
2026/03/14 01:56 upstream b36eb6e3f5d8 351cb5cf .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs general protection fault in f2fs_in_warm_node_list
2026/03/14 00:55 upstream b36eb6e3f5d8 351cb5cf .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs general protection fault in f2fs_in_warm_node_list
2026/03/13 23:55 upstream b36eb6e3f5d8 351cb5cf .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs general protection fault in f2fs_in_warm_node_list
2026/03/13 23:38 upstream b36eb6e3f5d8 351cb5cf .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs general protection fault in f2fs_in_warm_node_list
2026/03/13 22:36 upstream b36eb6e3f5d8 351cb5cf .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs general protection fault in f2fs_in_warm_node_list
2026/03/13 21:27 upstream b36eb6e3f5d8 351cb5cf .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs general protection fault in f2fs_in_warm_node_list
2026/03/13 21:21 upstream b36eb6e3f5d8 351cb5cf .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs general protection fault in f2fs_in_warm_node_list
2026/03/13 20:21 upstream b36eb6e3f5d8 351cb5cf .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs general protection fault in f2fs_in_warm_node_list
2026/03/13 19:19 upstream b36eb6e3f5d8 351cb5cf .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs general protection fault in f2fs_in_warm_node_list
2026/03/13 18:38 upstream b36eb6e3f5d8 351cb5cf .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs general protection fault in f2fs_in_warm_node_list
2026/03/13 17:25 upstream 0257f64bdac7 351cb5cf .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs general protection fault in f2fs_in_warm_node_list
2026/01/04 00:00 upstream aacb0a6d604a d6526ea3 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs general protection fault in f2fs_in_warm_node_list
2026/02/18 12:57 upstream 2961f841b025 39751c21 .config console log report [disk image (non-bootable)] [vmlinux] [kernel image] ci-snapshot-upstream-root general protection fault in f2fs_in_warm_node_list
* Struck through repros no longer work on HEAD.