syzbot

 sign-in | mailing list | source | docs
🐞 Open [1386]
Subsystems
🐞 Fixed [7023]
🐞 Invalid [18339]
Missing Backports [223]
Crashes
Kernel Health Bugs/Month Bug Lifetimes Fuzzing
Total Repo Heatmap Subsystems Heatmap
✨ AI
💬 Send us feedback

general protection fault in f2fs_in_warm_node_list

Status: upstream: reported C repro on 2026/02/18 10:28
Subsystems: f2fs
[Documentation on labels]
Reported-by: syzbot+6e4cb1cac5efc96ea0ca@syzkaller.appspotmail.com
Fix commit: f2fs: fix UAF caused by decrementing sbi->nr_pages[] in f2fs_write_end_io()
Patched on: [ci-upstream-linux-next-kasan-gce-root ci-upstream-rust-kasan-gce], missing on: [ci-qemu-gce-upstream-auto ci-qemu-native-arm64-kvm ci-qemu-upstream ci-qemu-upstream-386 ci-qemu2-arm32 ci-qemu2-arm64 ci-qemu2-arm64-compat ci-qemu2-arm64-mte ci-qemu2-riscv64 ci-snapshot-upstream-root ci-upstream-bpf-kasan-gce ci-upstream-bpf-next-kasan-gce ci-upstream-gce-arm64 ci-upstream-gce-leak ci-upstream-kasan-badwrites-root ci-upstream-kasan-gce ci-upstream-kasan-gce-386 ci-upstream-kasan-gce-root ci-upstream-kasan-gce-selinux-root ci-upstream-kasan-gce-smack-root ci-upstream-kmsan-gce-386-root ci-upstream-kmsan-gce-root ci-upstream-net-kasan-gce ci-upstream-net-this-kasan-gce ci2-upstream-fs ci2-upstream-kcsan-gce ci2-upstream-usb]
First crash: 83d, last: 35m
Cause bisection: failed (error log, bisect log)
  
Discussions (1)
Title Replies (including bot) Last reply
[syzbot] [f2fs?] general protection fault in f2fs_in_warm_node_list 1 (4) 2026/03/03 03:24
Similar bugs (1)
Kernel Title Rank 🛈 Repro Cause bisect Fix bisect Count Last Reported Patched Status
android-6-1 general protection fault in f2fs_in_warm_node_list 2 1 2d17h 2d17h 0/2 premoderation: reported on 2026/03/25 16:06
Last patch testing requests (1)
Created Duration User Patch Repo Result
2026/03/03 03:01 21m wangqing7171@gmail.com patch upstream report log

Sample crash report:
Oops: general protection fault, probably for non-canonical address 0xdffffc0000000006: 0000 [#1] SMP KASAN PTI
KASAN: null-ptr-deref in range [0x0000000000000030-0x0000000000000037]
CPU: 0 UID: 0 PID: 20 Comm: rcuc/0 Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
RIP: 0010:NODE_MAPPING fs/f2fs/f2fs.h:2260 [inline]
RIP: 0010:is_node_folio fs/f2fs/f2fs.h:2270 [inline]
RIP: 0010:f2fs_in_warm_node_list+0xbd/0x290 fs/f2fs/node.c:330
Code: 00 00 4d 03 3c 24 4c 89 f8 48 c1 e8 03 42 80 3c 28 00 74 08 4c 89 ff e8 91 04 fd fd 4d 8b 3f 49 83 c7 30 4c 89 f8 48 c1 e8 03 <42> 80 3c 28 00 74 08 4c 89 ff e8 74 04 fd fd 4d 3b 37 74 19 e8 aa
RSP: 0018:ffffc900001977e8 EFLAGS: 00010206
RAX: 0000000000000006 RBX: ffffea0000e44d40 RCX: ffff88801ca98000
RDX: 0000000000000100 RSI: 0000000000000000 RDI: 0000000000000100
RBP: ffffea0000e44d58 R08: ffff88802e66dbab R09: 1ffff11005ccdb75
R10: dffffc0000000000 R11: ffffed1005ccdb76 R12: ffff8880346f0798
R13: dffffc0000000000 R14: ffff88805e873cd0 R15: 0000000000000030
FS:  0000000000000000(0000) GS:ffff888126338000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00000335a1b42000 CR3: 0000000044f78000 CR4: 00000000003526f0
Call Trace:
 <TASK>
 f2fs_write_end_io+0x7ab/0xff0 fs/f2fs/data.c:400
 blk_update_request+0x57e/0xe60 block/blk-mq.c:1016
 blk_mq_end_request+0x3e/0x70 block/blk-mq.c:1178
 blk_flush_complete_seq+0x687/0xce0 block/blk-flush.c:191
 flush_end_io+0xc40/0xf30 block/blk-flush.c:251
 __blk_mq_end_request+0x4a9/0x680 block/blk-mq.c:1168
 blk_complete_reqs block/blk-mq.c:1253 [inline]
 blk_done_softirq+0x10a/0x160 block/blk-mq.c:1258
 handle_softirqs+0x1de/0x6f0 kernel/softirq.c:622
 __do_softirq kernel/softirq.c:656 [inline]
 __local_bh_enable_ip+0x170/0x2b0 kernel/softirq.c:302
 local_bh_enable include/linux/bottom_half.h:33 [inline]
 rcu_do_batch kernel/rcu/tree.c:2636 [inline]
 rcu_core kernel/rcu/tree.c:2869 [inline]
 rcu_cpu_kthread+0x9e8/0x1470 kernel/rcu/tree.c:2957
 smpboot_thread_fn+0x541/0xa50 kernel/smpboot.c:160
 kthread+0x388/0x470 kernel/kthread.c:436
 ret_from_fork+0x51e/0xb90 arch/x86/kernel/process.c:158
 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245
 </TASK>
Modules linked in:
---[ end trace 0000000000000000 ]---
RIP: 0010:NODE_MAPPING fs/f2fs/f2fs.h:2260 [inline]
RIP: 0010:is_node_folio fs/f2fs/f2fs.h:2270 [inline]
RIP: 0010:f2fs_in_warm_node_list+0xbd/0x290 fs/f2fs/node.c:330
Code: 00 00 4d 03 3c 24 4c 89 f8 48 c1 e8 03 42 80 3c 28 00 74 08 4c 89 ff e8 91 04 fd fd 4d 8b 3f 49 83 c7 30 4c 89 f8 48 c1 e8 03 <42> 80 3c 28 00 74 08 4c 89 ff e8 74 04 fd fd 4d 3b 37 74 19 e8 aa
RSP: 0018:ffffc900001977e8 EFLAGS: 00010206
RAX: 0000000000000006 RBX: ffffea0000e44d40 RCX: ffff88801ca98000
RDX: 0000000000000100 RSI: 0000000000000000 RDI: 0000000000000100
RBP: ffffea0000e44d58 R08: ffff88802e66dbab R09: 1ffff11005ccdb75
R10: dffffc0000000000 R11: ffffed1005ccdb76 R12: ffff8880346f0798
R13: dffffc0000000000 R14: ffff88805e873cd0 R15: 0000000000000030
FS:  0000000000000000(0000) GS:ffff888126338000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00000335a1b42000 CR3: 0000000044f78000 CR4: 00000000003526f0
----------------
Code disassembly (best guess):
   0:	00 00                	add    %al,(%rax)
   2:	4d 03 3c 24          	add    (%r12),%r15
   6:	4c 89 f8             	mov    %r15,%rax
   9:	48 c1 e8 03          	shr    $0x3,%rax
   d:	42 80 3c 28 00       	cmpb   $0x0,(%rax,%r13,1)
  12:	74 08                	je     0x1c
  14:	4c 89 ff             	mov    %r15,%rdi
  17:	e8 91 04 fd fd       	call   0xfdfd04ad
  1c:	4d 8b 3f             	mov    (%r15),%r15
  1f:	49 83 c7 30          	add    $0x30,%r15
  23:	4c 89 f8             	mov    %r15,%rax
  26:	48 c1 e8 03          	shr    $0x3,%rax
* 2a:	42 80 3c 28 00       	cmpb   $0x0,(%rax,%r13,1) <-- trapping instruction
  2f:	74 08                	je     0x39
  31:	4c 89 ff             	mov    %r15,%rdi
  34:	e8 74 04 fd fd       	call   0xfdfd04ad
  39:	4d 3b 37             	cmp    (%r15),%r14
  3c:	74 19                	je     0x57
  3e:	e8                   	.byte 0xe8
  3f:	aa                   	stos   %al,%es:(%rdi)

Crashes (7347):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2026/03/27 05:10 upstream 46b513250491 766b6434 .config console log report syz / log C [disk image] [vmlinux] [kernel image] [mounted in repro (corrupt fs)] ci2-upstream-fs general protection fault in f2fs_in_warm_node_list
2026/03/25 16:27 upstream bbeb83d3182a 8ee77f7d .config console log report syz / log C [disk image] [vmlinux] [kernel image] [mounted in repro (corrupt fs)] ci2-upstream-fs general protection fault in f2fs_in_warm_node_list
2026/03/25 16:10 upstream bbeb83d3182a 8ee77f7d .config console log report syz / log C [disk image] [vmlinux] [kernel image] [mounted in repro (corrupt fs)] ci2-upstream-fs general protection fault in f2fs_in_warm_node_list
2026/03/25 01:11 upstream e3c33bc767b5 74e70d19 .config console log report syz / log C [disk image] [vmlinux] [kernel image] [mounted in repro (corrupt fs)] ci2-upstream-fs general protection fault in f2fs_in_warm_node_list
2026/03/23 01:54 upstream 8d8bd2a5aa98 5b92003d .config console log report syz / log C [disk image] [vmlinux] [kernel image] [mounted in repro (corrupt fs)] ci2-upstream-fs general protection fault in f2fs_in_warm_node_list
2026/03/22 07:59 upstream 113ae7b4decc 5b92003d .config console log report syz / log C [disk image] [vmlinux] [kernel image] [mounted in repro #1 (corrupt fs)] [mounted in repro #2 (corrupt fs)] ci2-upstream-fs general protection fault in f2fs_in_warm_node_list
2026/03/19 18:25 upstream 8a30aeb0d1b4 bd6dcb30 .config console log report syz / log C [disk image] [vmlinux] [kernel image] [mounted in repro (corrupt fs)] ci2-upstream-fs general protection fault in f2fs_in_warm_node_list
2026/03/12 05:12 upstream b29fb8829bff 2d88ab01 .config console log report syz / log C [disk image] [vmlinux] [kernel image] [mounted in repro #1] [mounted in repro #2 (corrupt fs)] [mounted in repro #3 (corrupt fs)] ci2-upstream-fs general protection fault in f2fs_in_warm_node_list
2026/03/11 23:30 upstream b29fb8829bff 2d88ab01 .config console log report syz / log C [disk image] [vmlinux] [kernel image] [mounted in repro #1 (corrupt fs)] [mounted in repro #2 (corrupt fs)] ci2-upstream-fs general protection fault in f2fs_in_warm_node_list
2026/03/10 13:33 upstream 1f318b96cc84 6972f302 .config console log report syz / log C [disk image] [vmlinux] [kernel image] [mounted in repro (corrupt fs)] ci2-upstream-fs general protection fault in f2fs_in_warm_node_list
2026/03/10 10:37 upstream 1f318b96cc84 6972f302 .config console log report syz / log C [disk image] [vmlinux] [kernel image] [mounted in repro (corrupt fs)] ci2-upstream-fs general protection fault in f2fs_in_warm_node_list
2026/03/10 07:52 upstream 1f318b96cc84 6972f302 .config console log report syz / log C [disk image] [vmlinux] [kernel image] [mounted in repro (corrupt fs)] ci2-upstream-fs general protection fault in f2fs_in_warm_node_list
2026/03/10 05:07 upstream 1f318b96cc84 6972f302 .config console log report syz / log C [disk image] [vmlinux] [kernel image] [mounted in repro (corrupt fs)] ci2-upstream-fs general protection fault in f2fs_in_warm_node_list
2026/03/06 22:54 upstream 651690480a96 41d8037d .config console log report syz / log C [disk image] [vmlinux] [kernel image] [mounted in repro (corrupt fs)] ci2-upstream-fs general protection fault in f2fs_in_warm_node_list
2026/03/02 07:31 upstream 39c633261414 43249bac .config console log report syz / log C [disk image] [vmlinux] [kernel image] [mounted in repro (corrupt fs)] ci2-upstream-fs general protection fault in f2fs_in_warm_node_list
2026/03/02 01:35 upstream 39c633261414 43249bac .config console log report syz / log C [disk image] [vmlinux] [kernel image] [mounted in repro (corrupt fs)] ci2-upstream-fs general protection fault in f2fs_in_warm_node_list
2026/02/21 22:13 upstream d79526b89571 6e7b5511 .config console log report syz / log C [disk image] [vmlinux] [kernel image] [mounted in repro (corrupt fs)] ci2-upstream-fs general protection fault in f2fs_in_warm_node_list
2026/03/21 12:43 upstream 42bddab0563f 5b92003d .config console log report syz / log [disk image] [vmlinux] [kernel image] [mounted in repro #1 (corrupt fs)] [mounted in repro #2 (corrupt fs)] [mounted in repro #3 (corrupt fs)] ci2-upstream-fs general protection fault in f2fs_in_warm_node_list
2026/03/18 21:58 upstream a989fde763f4 0199f9a1 .config console log report syz / log [disk image] [vmlinux] [kernel image] [mounted in repro #1] [mounted in repro #2 (corrupt fs)] [mounted in repro #3] ci2-upstream-fs general protection fault in f2fs_in_warm_node_list
2026/03/05 02:45 upstream ecc64d2dc9ff a9fe5c9e .config console log report syz / log [disk image] [vmlinux] [kernel image] [mounted in repro (corrupt fs)] ci2-upstream-fs general protection fault in f2fs_in_warm_node_list
2026/03/02 18:47 upstream 11439c4635ed b9dd6534 .config console log report syz / log [disk image] [vmlinux] [kernel image] [mounted in repro (corrupt fs)] ci2-upstream-fs general protection fault in f2fs_in_warm_node_list
2026/02/18 10:27 upstream 2961f841b025 39751c21 .config console log report syz / log [disk image (non-bootable)] [vmlinux] [kernel image] [mounted in repro (corrupt fs)] ci-snapshot-upstream-root general protection fault in f2fs_in_warm_node_list
2026/03/28 08:03 upstream 7df48e363130 356bdfc9 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs general protection fault in f2fs_in_warm_node_list
2026/03/28 07:54 upstream 7df48e363130 356bdfc9 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs general protection fault in f2fs_in_warm_node_list
2026/03/28 06:47 upstream 7df48e363130 356bdfc9 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs general protection fault in f2fs_in_warm_node_list
2026/03/28 05:38 upstream 7df48e363130 356bdfc9 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs general protection fault in f2fs_in_warm_node_list
2026/03/28 04:37 upstream 7df48e363130 356bdfc9 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs general protection fault in f2fs_in_warm_node_list
2026/03/28 04:06 upstream 7df48e363130 356bdfc9 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs general protection fault in f2fs_in_warm_node_list
2026/03/28 02:53 upstream 7df48e363130 356bdfc9 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs general protection fault in f2fs_in_warm_node_list
2026/03/28 02:39 upstream 7df48e363130 356bdfc9 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs general protection fault in f2fs_in_warm_node_list
2026/03/28 01:30 upstream 7df48e363130 356bdfc9 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs general protection fault in f2fs_in_warm_node_list
2026/03/28 00:44 upstream 7df48e363130 74a13a23 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs general protection fault in f2fs_in_warm_node_list
2026/03/27 23:44 upstream 7df48e363130 74a13a23 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs general protection fault in f2fs_in_warm_node_list
2026/03/27 23:00 upstream 7df48e363130 74a13a23 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs general protection fault in f2fs_in_warm_node_list
2026/03/27 21:59 upstream 7df48e363130 74a13a23 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs general protection fault in f2fs_in_warm_node_list
2026/03/27 21:37 upstream 7df48e363130 74a13a23 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs general protection fault in f2fs_in_warm_node_list
2026/03/27 20:09 upstream 46b513250491 74a13a23 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs general protection fault in f2fs_in_warm_node_list
2026/03/27 19:06 upstream 46b513250491 74a13a23 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs general protection fault in f2fs_in_warm_node_list
2026/03/27 18:59 upstream 46b513250491 74a13a23 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs general protection fault in f2fs_in_warm_node_list
2026/03/27 17:57 upstream 46b513250491 74a13a23 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs general protection fault in f2fs_in_warm_node_list
2026/03/27 16:51 upstream 46b513250491 74a13a23 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs general protection fault in f2fs_in_warm_node_list
2026/03/27 16:34 upstream 46b513250491 74a13a23 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs general protection fault in f2fs_in_warm_node_list
2026/03/27 15:27 upstream 46b513250491 74a13a23 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs general protection fault in f2fs_in_warm_node_list
2026/03/27 14:36 upstream 46b513250491 74a13a23 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs general protection fault in f2fs_in_warm_node_list
2026/03/27 13:34 upstream 46b513250491 74a13a23 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs general protection fault in f2fs_in_warm_node_list
2026/03/27 13:10 upstream 46b513250491 74a13a23 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs general protection fault in f2fs_in_warm_node_list
2026/03/27 12:09 upstream 46b513250491 766b6434 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs general protection fault in f2fs_in_warm_node_list
2026/03/27 11:25 upstream 46b513250491 766b6434 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs general protection fault in f2fs_in_warm_node_list
2026/03/27 10:07 upstream 46b513250491 766b6434 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs general protection fault in f2fs_in_warm_node_list
2026/03/27 09:38 upstream 46b513250491 766b6434 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs general protection fault in f2fs_in_warm_node_list
2026/03/27 08:32 upstream 46b513250491 766b6434 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs general protection fault in f2fs_in_warm_node_list
2026/03/27 07:30 upstream 46b513250491 766b6434 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs general protection fault in f2fs_in_warm_node_list
2026/03/27 07:20 upstream 46b513250491 766b6434 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs general protection fault in f2fs_in_warm_node_list
2026/03/27 06:16 upstream 46b513250491 766b6434 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs general protection fault in f2fs_in_warm_node_list
2026/03/27 04:46 upstream 46b513250491 766b6434 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs general protection fault in f2fs_in_warm_node_list
2026/03/27 03:58 upstream 46b513250491 766b6434 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs general protection fault in f2fs_in_warm_node_list
2026/03/27 02:48 upstream 46b513250491 766b6434 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs general protection fault in f2fs_in_warm_node_list
2026/03/27 02:09 upstream 46b513250491 766b6434 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs general protection fault in f2fs_in_warm_node_list
2026/03/27 00:43 upstream 0138af2472df 766b6434 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs general protection fault in f2fs_in_warm_node_list
2026/03/27 00:26 upstream 0138af2472df 766b6434 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs general protection fault in f2fs_in_warm_node_list
2026/03/26 23:17 upstream 0138af2472df 766b6434 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs general protection fault in f2fs_in_warm_node_list
2026/03/26 22:01 upstream 0138af2472df 766b6434 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs general protection fault in f2fs_in_warm_node_list
2026/03/26 21:38 upstream 0138af2472df 766b6434 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs general protection fault in f2fs_in_warm_node_list
2026/03/26 20:33 upstream 0138af2472df 766b6434 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs general protection fault in f2fs_in_warm_node_list
2026/01/04 00:00 upstream aacb0a6d604a d6526ea3 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs general protection fault in f2fs_in_warm_node_list
2026/03/18 07:27 upstream f0caa1d49cc0 c8810548 .config console log report [disk image (non-bootable)] [vmlinux] [kernel image] ci-snapshot-upstream-root general protection fault in f2fs_in_warm_node_list
* Struck through repros no longer work on HEAD.