syzbot

 sign-in | mailing list | source | docs
🐞 Open [96]
🐞 Fixed [6]
🐞 Invalid [2]
Crashes
Kernel Health Bugs/Month Bug Lifetimes Fuzzing
Total Repo Heatmap
💬 Send us feedback

general protection fault in netfs_write_collection_worker

Status: premoderation: reported syz repro on 2025/07/04 17:08
Bug presence: origin:upstream
[Documentation on labels]
Reported-by: syzbot+fe142364a7f057cc15db@syzkaller.appspotmail.com
First crash: 55d, last: 55d
Bug presence (2)
Date Name Commit Repro Result
2025/07/06 lts (merge base) e0e2f7824338 syz [report] WARNING in p9pdu_vwritef
2025/07/06 upstream (ToT) 1f988d0788f5 syz [report] INFO: task hung in v9fs_evict_inode
Similar bugs (1)
Kernel Title Rank 🛈 Repro Cause bisect Fix bisect Count Last Reported Patched Status
upstream general protection fault in netfs_write_collection_worker netfs 2 14 221d 319d 28/29 fixed on 2025/05/06 15:33
Last patch testing requests (1)
Created Duration User Patch Repo Result
2025/07/19 10:15 7m retest repro android16-6.12 report log

Sample crash report:
Oops: general protection fault, probably for non-canonical address 0xdffffc0000000001: 0000 [#1] PREEMPT SMP KASAN PTI
KASAN: null-ptr-deref in range [0x0000000000000008-0x000000000000000f]
CPU: 1 UID: 0 PID: 351 Comm: kworker/u8:4 Not tainted 6.12.30-syzkaller-ge2bf362ee23b #0 e1c904518e9113895a28c59b25a6002cdacb68bf
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
Workqueue: events_unbound netfs_write_collection_worker

RIP: 0010:folioq_folio include/linux/folio_queue.h:277 [inline]
RIP: 0010:netfs_writeback_unlock_folios fs/netfs/write_collect.c:107 [inline]
RIP: 0010:netfs_collect_write_results fs/netfs/write_collect.c:493 [inline]
RIP: 0010:netfs_write_collection_worker+0x138b/0x49b0 fs/netfs/write_collect.c:550
Code: 1e 0f 87 80 04 00 00 e8 f3 b6 75 ff 48 89 5c 24 48 4c 89 b4 24 b0 00 00 00 4b 8d 5c f7 08 48 89 d8 48 c1 e8 03 48 89 44 24 40 <42> 80 3c 28 00 74 08 48 89 df e8 e6 ae cb ff 48 89 9c 24 a8 00 00
RSP: 0018:ffffc900096ff9e0 EFLAGS: 00010202
RAX: 0000000000000001 RBX: 0000000000000008 RCX: ffff888109744c00
RDX: 0000000000000000 RSI: 0000000000000000 RDI: 000000000000001f
RBP: ffffc900096ffc98 R08: ffff888100ac1453 R09: 1ffff1102015828a
R10: dffffc0000000000 R11: ffffed102015828b R12: 0000000000000000
R13: dffffc0000000000 R14: 0000000000000000 R15: 0000000000000000
FS:  0000000000000000(0000) GS:ffff8881f6f00000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000200000001000 CR3: 000000011712e000 CR4: 00000000003526b0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
 <TASK>
 process_one_work kernel/workqueue.c:3238 [inline]
 process_scheduled_works+0x7d5/0x1020 kernel/workqueue.c:3319
 worker_thread+0xc58/0x1250 kernel/workqueue.c:3400
 kthread+0x2c7/0x370 kernel/kthread.c:389
 ret_from_fork+0x64/0xa0 arch/x86/kernel/process.c:153
 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244
 </TASK>
Modules linked in:
---[ end trace 0000000000000000 ]---
RIP: 0010:folioq_folio include/linux/folio_queue.h:277 [inline]
RIP: 0010:netfs_writeback_unlock_folios fs/netfs/write_collect.c:107 [inline]
RIP: 0010:netfs_collect_write_results fs/netfs/write_collect.c:493 [inline]
RIP: 0010:netfs_write_collection_worker+0x138b/0x49b0 fs/netfs/write_collect.c:550
Code: 1e 0f 87 80 04 00 00 e8 f3 b6 75 ff 48 89 5c 24 48 4c 89 b4 24 b0 00 00 00 4b 8d 5c f7 08 48 89 d8 48 c1 e8 03 48 89 44 24 40 <42> 80 3c 28 00 74 08 48 89 df e8 e6 ae cb ff 48 89 9c 24 a8 00 00
RSP: 0018:ffffc900096ff9e0 EFLAGS: 00010202

RAX: 0000000000000001 RBX: 0000000000000008 RCX: ffff888109744c00
RDX: 0000000000000000 RSI: 0000000000000000 RDI: 000000000000001f
RBP: ffffc900096ffc98 R08: ffff888100ac1453 R09: 1ffff1102015828a
R10: dffffc0000000000 R11: ffffed102015828b R12: 0000000000000000
R13: dffffc0000000000 R14: 0000000000000000 R15: 0000000000000000
FS:  0000000000000000(0000) GS:ffff8881f6f00000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000200000001000 CR3: 000000011712e000 CR4: 00000000003526b0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
----------------
Code disassembly (best guess), 1 bytes skipped:
   0:	0f 87 80 04 00 00    	ja     0x486
   6:	e8 f3 b6 75 ff       	call   0xff75b6fe
   b:	48 89 5c 24 48       	mov    %rbx,0x48(%rsp)
  10:	4c 89 b4 24 b0 00 00 	mov    %r14,0xb0(%rsp)
  17:	00
  18:	4b 8d 5c f7 08       	lea    0x8(%r15,%r14,8),%rbx
  1d:	48 89 d8             	mov    %rbx,%rax
  20:	48 c1 e8 03          	shr    $0x3,%rax
  24:	48 89 44 24 40       	mov    %rax,0x40(%rsp)
* 29:	42 80 3c 28 00       	cmpb   $0x0,(%rax,%r13,1) <-- trapping instruction
  2e:	74 08                	je     0x38
  30:	48 89 df             	mov    %rbx,%rdi
  33:	e8 e6 ae cb ff       	call   0xffcbaf1e
  38:	48                   	rex.W
  39:	89                   	.byte 0x89
  3a:	9c                   	pushf
  3b:	24 a8                	and    $0xa8,%al

Crashes (1):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2025/07/04 17:07 android16-6.12 e2bf362ee23b d869b261 .config console log report syz / log [disk image] [vmlinux] [kernel image] ci2-android-6-12-rust general protection fault in netfs_write_collection_worker
* Struck through repros no longer work on HEAD.