syzbot

 sign-in | mailing list | source | docs
🐞 Open [1420]
Subsystems
🐞 Fixed [6982]
🐞 Invalid [18202]
Missing Backports [223]
Crashes
Kernel Health Bugs/Month Bug Lifetimes Fuzzing
Total Repo Heatmap Subsystems Heatmap
✨ AI
💬 Send us feedback

general protection fault in f2fs_in_warm_node_list

Status: upstream: reported C repro on 2026/02/18 10:28
Subsystems: f2fs
[Documentation on labels]
Reported-by: syzbot+6e4cb1cac5efc96ea0ca@syzkaller.appspotmail.com
Fix commit: f2fs: fix UAF caused by decrementing sbi->nr_pages[] in f2fs_write_end_io()
Patched on: [ci-upstream-linux-next-kasan-gce-root ci-upstream-rust-kasan-gce], missing on: [ci-qemu-gce-upstream-auto ci-qemu-native-arm64-kvm ci-qemu-upstream ci-qemu-upstream-386 ci-qemu2-arm32 ci-qemu2-arm64 ci-qemu2-arm64-compat ci-qemu2-arm64-mte ci-qemu2-riscv64 ci-snapshot-upstream-root ci-upstream-bpf-kasan-gce ci-upstream-bpf-next-kasan-gce ci-upstream-gce-arm64 ci-upstream-gce-leak ci-upstream-kasan-badwrites-root ci-upstream-kasan-gce ci-upstream-kasan-gce-386 ci-upstream-kasan-gce-root ci-upstream-kasan-gce-selinux-root ci-upstream-kasan-gce-smack-root ci-upstream-kmsan-gce-386-root ci-upstream-kmsan-gce-root ci-upstream-net-kasan-gce ci-upstream-net-this-kasan-gce ci2-upstream-fs ci2-upstream-kcsan-gce ci2-upstream-usb]
First crash: 68d, last: now
Cause bisection: failed (error log, bisect log)
  
Discussions (1)
Title Replies (including bot) Last reply
[syzbot] [f2fs?] general protection fault in f2fs_in_warm_node_list 1 (4) 2026/03/03 03:24
Last patch testing requests (1)
Created Duration User Patch Repo Result
2026/03/03 03:01 21m wangqing7171@gmail.com patch upstream report log

Sample crash report:
Oops: general protection fault, probably for non-canonical address 0xdffffc0000000006: 0000 [#1] SMP KASAN PTI
KASAN: null-ptr-deref in range [0x0000000000000030-0x0000000000000037]
CPU: 0 UID: 0 PID: 1466 Comm: kworker/u8:13 Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/27/2026
Workqueue: bat_events batadv_tt_purge
RIP: 0010:NODE_MAPPING fs/f2fs/f2fs.h:2260 [inline]
RIP: 0010:is_node_folio fs/f2fs/f2fs.h:2270 [inline]
RIP: 0010:f2fs_in_warm_node_list+0xbd/0x290 fs/f2fs/node.c:330
Code: 00 00 4d 03 3c 24 4c 89 f8 48 c1 e8 03 42 80 3c 28 00 74 08 4c 89 ff e8 91 82 fd fd 4d 8b 3f 49 83 c7 30 4c 89 f8 48 c1 e8 03 <42> 80 3c 28 00 74 08 4c 89 ff e8 74 82 fd fd 4d 3b 37 74 19 e8 fa
RSP: 0018:ffffc90005fef678 EFLAGS: 00010206
RAX: 0000000000000006 RBX: ffffea00016b5080 RCX: ffff888029ac1e80
RDX: 0000000000000100 RSI: 0000000000000000 RDI: 0000000000000100
RBP: ffffea00016b5098 R08: ffff888027441eab R09: 1ffff11004e883d5
R10: dffffc0000000000 R11: ffffed1004e883d6 R12: ffff88801132a798
R13: dffffc0000000000 R14: ffff88805ff12950 R15: 0000000000000030
FS:  0000000000000000(0000) GS:ffff88812633f000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007fd83f98d000 CR3: 0000000045182000 CR4: 00000000003526f0
Call Trace:
 <TASK>
 f2fs_write_end_io+0x7ab/0xff0 fs/f2fs/data.c:400
 blk_update_request+0x57e/0xe60 block/blk-mq.c:1016
 blk_mq_end_request+0x3e/0x70 block/blk-mq.c:1178
 blk_flush_complete_seq+0x687/0xce0 block/blk-flush.c:191
 flush_end_io+0xc40/0xf30 block/blk-flush.c:251
 __blk_mq_end_request+0x4a9/0x680 block/blk-mq.c:1168
 blk_complete_reqs block/blk-mq.c:1253 [inline]
 blk_done_softirq+0x10a/0x160 block/blk-mq.c:1258
 handle_softirqs+0x1de/0x6f0 kernel/softirq.c:622
 __do_softirq kernel/softirq.c:656 [inline]
 __local_bh_enable_ip+0x170/0x2b0 kernel/softirq.c:302
 local_bh_enable include/linux/bottom_half.h:33 [inline]
 spin_unlock_bh include/linux/spinlock_rt.h:116 [inline]
 batadv_tt_global_purge net/batman-adv/translation-table.c:2250 [inline]
 batadv_tt_purge+0x475/0xa10 net/batman-adv/translation-table.c:3510
 process_one_work kernel/workqueue.c:3275 [inline]
 process_scheduled_works+0xb02/0x1830 kernel/workqueue.c:3358
 worker_thread+0xa50/0xfc0 kernel/workqueue.c:3439
 kthread+0x388/0x470 kernel/kthread.c:436
 ret_from_fork+0x51e/0xb90 arch/x86/kernel/process.c:158
 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245
 </TASK>
Modules linked in:
---[ end trace 0000000000000000 ]---
RIP: 0010:NODE_MAPPING fs/f2fs/f2fs.h:2260 [inline]
RIP: 0010:is_node_folio fs/f2fs/f2fs.h:2270 [inline]
RIP: 0010:f2fs_in_warm_node_list+0xbd/0x290 fs/f2fs/node.c:330
Code: 00 00 4d 03 3c 24 4c 89 f8 48 c1 e8 03 42 80 3c 28 00 74 08 4c 89 ff e8 91 82 fd fd 4d 8b 3f 49 83 c7 30 4c 89 f8 48 c1 e8 03 <42> 80 3c 28 00 74 08 4c 89 ff e8 74 82 fd fd 4d 3b 37 74 19 e8 fa
RSP: 0018:ffffc90005fef678 EFLAGS: 00010206
RAX: 0000000000000006 RBX: ffffea00016b5080 RCX: ffff888029ac1e80
RDX: 0000000000000100 RSI: 0000000000000000 RDI: 0000000000000100
RBP: ffffea00016b5098 R08: ffff888027441eab R09: 1ffff11004e883d5
R10: dffffc0000000000 R11: ffffed1004e883d6 R12: ffff88801132a798
R13: dffffc0000000000 R14: ffff88805ff12950 R15: 0000000000000030
FS:  0000000000000000(0000) GS:ffff88812633f000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007fd83f98d000 CR3: 0000000045182000 CR4: 00000000003526f0
----------------
Code disassembly (best guess):
   0:	00 00                	add    %al,(%rax)
   2:	4d 03 3c 24          	add    (%r12),%r15
   6:	4c 89 f8             	mov    %r15,%rax
   9:	48 c1 e8 03          	shr    $0x3,%rax
   d:	42 80 3c 28 00       	cmpb   $0x0,(%rax,%r13,1)
  12:	74 08                	je     0x1c
  14:	4c 89 ff             	mov    %r15,%rdi
  17:	e8 91 82 fd fd       	call   0xfdfd82ad
  1c:	4d 8b 3f             	mov    (%r15),%r15
  1f:	49 83 c7 30          	add    $0x30,%r15
  23:	4c 89 f8             	mov    %r15,%rax
  26:	48 c1 e8 03          	shr    $0x3,%rax
* 2a:	42 80 3c 28 00       	cmpb   $0x0,(%rax,%r13,1) <-- trapping instruction
  2f:	74 08                	je     0x39
  31:	4c 89 ff             	mov    %r15,%rdi
  34:	e8 74 82 fd fd       	call   0xfdfd82ad
  39:	4d 3b 37             	cmp    (%r15),%r14
  3c:	74 19                	je     0x57
  3e:	e8                   	.byte 0xe8
  3f:	fa                   	cli

Crashes (4171):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2026/03/12 05:12 upstream b29fb8829bff 2d88ab01 .config console log report syz / log C [disk image] [vmlinux] [kernel image] [mounted in repro #1] [mounted in repro #2 (corrupt fs)] [mounted in repro #3 (corrupt fs)] ci2-upstream-fs general protection fault in f2fs_in_warm_node_list
2026/03/11 23:30 upstream b29fb8829bff 2d88ab01 .config console log report syz / log C [disk image] [vmlinux] [kernel image] [mounted in repro #1 (corrupt fs)] [mounted in repro #2 (corrupt fs)] ci2-upstream-fs general protection fault in f2fs_in_warm_node_list
2026/03/10 13:33 upstream 1f318b96cc84 6972f302 .config console log report syz / log C [disk image] [vmlinux] [kernel image] [mounted in repro (corrupt fs)] ci2-upstream-fs general protection fault in f2fs_in_warm_node_list
2026/03/10 10:37 upstream 1f318b96cc84 6972f302 .config console log report syz / log C [disk image] [vmlinux] [kernel image] [mounted in repro (corrupt fs)] ci2-upstream-fs general protection fault in f2fs_in_warm_node_list
2026/03/10 07:52 upstream 1f318b96cc84 6972f302 .config console log report syz / log C [disk image] [vmlinux] [kernel image] [mounted in repro (corrupt fs)] ci2-upstream-fs general protection fault in f2fs_in_warm_node_list
2026/03/10 05:07 upstream 1f318b96cc84 6972f302 .config console log report syz / log C [disk image] [vmlinux] [kernel image] [mounted in repro (corrupt fs)] ci2-upstream-fs general protection fault in f2fs_in_warm_node_list
2026/03/06 22:54 upstream 651690480a96 41d8037d .config console log report syz / log C [disk image] [vmlinux] [kernel image] [mounted in repro (corrupt fs)] ci2-upstream-fs general protection fault in f2fs_in_warm_node_list
2026/03/02 07:31 upstream 39c633261414 43249bac .config console log report syz / log C [disk image] [vmlinux] [kernel image] [mounted in repro (corrupt fs)] ci2-upstream-fs general protection fault in f2fs_in_warm_node_list
2026/03/02 01:35 upstream 39c633261414 43249bac .config console log report syz / log C [disk image] [vmlinux] [kernel image] [mounted in repro (corrupt fs)] ci2-upstream-fs general protection fault in f2fs_in_warm_node_list
2026/02/21 22:13 upstream d79526b89571 6e7b5511 .config console log report syz / log C [disk image] [vmlinux] [kernel image] [mounted in repro (corrupt fs)] ci2-upstream-fs general protection fault in f2fs_in_warm_node_list
2026/03/05 02:45 upstream ecc64d2dc9ff a9fe5c9e .config console log report syz / log [disk image] [vmlinux] [kernel image] [mounted in repro (corrupt fs)] ci2-upstream-fs general protection fault in f2fs_in_warm_node_list
2026/03/02 18:47 upstream 11439c4635ed b9dd6534 .config console log report syz / log [disk image] [vmlinux] [kernel image] [mounted in repro (corrupt fs)] ci2-upstream-fs general protection fault in f2fs_in_warm_node_list
2026/02/18 10:27 upstream 2961f841b025 39751c21 .config console log report syz / log [disk image (non-bootable)] [vmlinux] [kernel image] [mounted in repro (corrupt fs)] ci-snapshot-upstream-root general protection fault in f2fs_in_warm_node_list
2026/03/13 08:52 upstream 0257f64bdac7 2f7f359d .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs general protection fault in f2fs_in_warm_node_list
2026/03/13 07:52 upstream 0257f64bdac7 2f7f359d .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs general protection fault in f2fs_in_warm_node_list
2026/03/13 06:59 upstream 0257f64bdac7 2f7f359d .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs general protection fault in f2fs_in_warm_node_list
2026/03/13 05:39 upstream 0257f64bdac7 2f7f359d .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs general protection fault in f2fs_in_warm_node_list
2026/03/13 04:27 upstream 0257f64bdac7 2f7f359d .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs general protection fault in f2fs_in_warm_node_list
2026/03/13 03:14 upstream 0257f64bdac7 2f7f359d .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs general protection fault in f2fs_in_warm_node_list
2026/03/13 02:36 upstream 0257f64bdac7 2f7f359d .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs general protection fault in f2fs_in_warm_node_list
2026/03/13 01:27 upstream 0257f64bdac7 2f7f359d .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs general protection fault in f2fs_in_warm_node_list
2026/03/13 01:08 upstream 0257f64bdac7 2f7f359d .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs general protection fault in f2fs_in_warm_node_list
2026/03/13 00:00 upstream 0257f64bdac7 2f7f359d .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs general protection fault in f2fs_in_warm_node_list
2026/03/12 23:46 upstream 0257f64bdac7 2f7f359d .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs general protection fault in f2fs_in_warm_node_list
2026/03/12 22:09 upstream 80234b5ab240 4efadf07 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs general protection fault in f2fs_in_warm_node_list
2026/03/12 20:39 upstream 80234b5ab240 4efadf07 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs general protection fault in f2fs_in_warm_node_list
2026/03/12 19:48 upstream 80234b5ab240 4efadf07 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs general protection fault in f2fs_in_warm_node_list
2026/03/12 18:43 upstream 80234b5ab240 4efadf07 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs general protection fault in f2fs_in_warm_node_list
2026/03/12 18:32 upstream 80234b5ab240 4efadf07 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs general protection fault in f2fs_in_warm_node_list
2026/03/12 17:29 upstream 80234b5ab240 4efadf07 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs general protection fault in f2fs_in_warm_node_list
2026/03/12 17:20 upstream 80234b5ab240 4efadf07 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs general protection fault in f2fs_in_warm_node_list
2026/03/12 16:19 upstream 80234b5ab240 4efadf07 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs general protection fault in f2fs_in_warm_node_list
2026/03/12 15:09 upstream 80234b5ab240 4efadf07 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs general protection fault in f2fs_in_warm_node_list
2026/03/12 15:07 upstream 80234b5ab240 4efadf07 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs general protection fault in f2fs_in_warm_node_list
2026/03/12 14:00 upstream 80234b5ab240 4efadf07 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs general protection fault in f2fs_in_warm_node_list
2026/03/12 12:41 upstream 80234b5ab240 4efadf07 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs general protection fault in f2fs_in_warm_node_list
2026/03/12 11:38 upstream 80234b5ab240 4efadf07 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs general protection fault in f2fs_in_warm_node_list
2026/03/12 10:35 upstream 80234b5ab240 4efadf07 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs general protection fault in f2fs_in_warm_node_list
2026/03/12 09:14 upstream 80234b5ab240 2d88ab01 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs general protection fault in f2fs_in_warm_node_list
2026/03/12 08:32 upstream 80234b5ab240 2d88ab01 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs general protection fault in f2fs_in_warm_node_list
2026/03/12 07:06 upstream 80234b5ab240 2d88ab01 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs general protection fault in f2fs_in_warm_node_list
2026/03/12 06:24 upstream b29fb8829bff 2d88ab01 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs general protection fault in f2fs_in_warm_node_list
2026/03/12 04:54 upstream b29fb8829bff 2d88ab01 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs general protection fault in f2fs_in_warm_node_list
2026/03/12 04:49 upstream b29fb8829bff 2d88ab01 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs general protection fault in f2fs_in_warm_node_list
2026/03/12 03:35 upstream b29fb8829bff 2d88ab01 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs general protection fault in f2fs_in_warm_node_list
2026/03/12 02:04 upstream b29fb8829bff 2d88ab01 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs general protection fault in f2fs_in_warm_node_list
2026/03/12 00:55 upstream b29fb8829bff 2d88ab01 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs general protection fault in f2fs_in_warm_node_list
2026/03/11 23:48 upstream b29fb8829bff 2d88ab01 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs general protection fault in f2fs_in_warm_node_list
2026/03/11 22:53 upstream b29fb8829bff 2d88ab01 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs general protection fault in f2fs_in_warm_node_list
2026/03/11 21:47 upstream b29fb8829bff 2d88ab01 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs general protection fault in f2fs_in_warm_node_list
2026/03/11 20:42 upstream b29fb8829bff 2d88ab01 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs general protection fault in f2fs_in_warm_node_list
2026/03/11 19:04 upstream b29fb8829bff 2d88ab01 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs general protection fault in f2fs_in_warm_node_list
2026/03/11 18:45 upstream b29fb8829bff 2d88ab01 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs general protection fault in f2fs_in_warm_node_list
2026/03/11 17:21 upstream b29fb8829bff 2d88ab01 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs general protection fault in f2fs_in_warm_node_list
2026/03/11 16:50 upstream b29fb8829bff 2d88ab01 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs general protection fault in f2fs_in_warm_node_list
2026/03/11 15:29 upstream b29fb8829bff 2d88ab01 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs general protection fault in f2fs_in_warm_node_list
2026/01/04 00:00 upstream aacb0a6d604a d6526ea3 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs general protection fault in f2fs_in_warm_node_list
2026/02/18 12:57 upstream 2961f841b025 39751c21 .config console log report [disk image (non-bootable)] [vmlinux] [kernel image] ci-snapshot-upstream-root general protection fault in f2fs_in_warm_node_list
* Struck through repros no longer work on HEAD.