syzbot

 sign-in | mailing list | source | docs
🐞 Open [1487]
Subsystems
🐞 Fixed [6798]
🐞 Invalid [17555]
Missing Backports [222]
Crashes
Kernel Health Bugs/Month Bug Lifetimes Fuzzing
Total Repo Heatmap Subsystems Heatmap
💬 Send us feedback

kernel BUG in f2fs_write_end_io

Status: upstream: reported C repro on 2025/04/02 00:00
Subsystems: f2fs
[Documentation on labels]
Reported-by: syzbot+803dd716c4310d16ff3a@syzkaller.appspotmail.com
Fix commit: f2fs: fix to do sanity check on node footer in {read,write}_end_io
Patched on: [ci-upstream-linux-next-kasan-gce-root ci-upstream-rust-kasan-gce], missing on: [ci-qemu-gce-upstream-auto ci-qemu-native-arm64-kvm ci-qemu-upstream ci-qemu-upstream-386 ci-qemu2-arm32 ci-qemu2-arm64 ci-qemu2-arm64-compat ci-qemu2-arm64-mte ci-qemu2-riscv64 ci-snapshot-upstream-root ci-upstream-bpf-kasan-gce ci-upstream-bpf-next-kasan-gce ci-upstream-gce-arm64 ci-upstream-gce-leak ci-upstream-kasan-badwrites-root ci-upstream-kasan-gce ci-upstream-kasan-gce-386 ci-upstream-kasan-gce-root ci-upstream-kasan-gce-selinux-root ci-upstream-kasan-gce-smack-root ci-upstream-kmsan-gce-386-root ci-upstream-kmsan-gce-root ci-upstream-net-kasan-gce ci-upstream-net-this-kasan-gce ci2-upstream-fs ci2-upstream-kcsan-gce ci2-upstream-usb]
First crash: 264d, last: 4d07h
Cause bisection: the cause commit could be any of (bisect log):
  2aac2538a97d f2fs: do sanity check on xattr node footer in f2fs_get_xnode_page()
  1788971e0bfa f2fs: introduce FAULT_INCONSISTENT_FOOTER
  1cf6b5670af1 f2fs: do sanity check on inode footer in f2fs_get_inode_page()
  986c50f6bca1 f2fs: fix to avoid accessing uninitialized curseg
  c2ecba026586 f2fs: control nat_bits feature via mount option
  19426c4988aa Revert "f2fs: rebuild nat_bits during umount"
   
Discussions (10)
Title Replies (including bot) Last reply
[PATCH v4 2/2] f2fs: fix to do sanity check on node footer in {read,write}_end_io 1 (1) 2025/12/15 12:26
[PATCH v3 2/2] f2fs: fix to do sanity check on node footer in {read,write}_end_io 1 (1) 2025/12/09 11:29
[PATCH v2 2/2] f2fs: fix to do sanity check on node footer in {read,write}_end_io 1 (1) 2025/12/05 21:28
[syzbot] Monthly f2fs report (Nov 2025) 0 (1) 2025/11/03 13:10
[PATCH 2/2] f2fs: fix to do sanity check on node footer in {read,write}_end_io 1 (1) 2025/10/11 12:30
[syzbot] [f2fs?] kernel BUG in f2fs_write_end_io 2 (8) 2025/10/11 11:30
[syzbot] Monthly f2fs report (Oct 2025) 0 (1) 2025/10/03 06:37
[syzbot] Monthly f2fs report (Aug 2025) 0 (1) 2025/08/01 13:49
[syzbot] Monthly f2fs report (May 2025) 0 (1) 2025/06/03 11:11
[syzbot] Monthly f2fs report (Apr 2025) 0 (1) 2025/04/29 12:47
Last patch testing requests (5)
Created Duration User Patch Repo Result
2025/10/11 11:30 28m chao@kernel.org https://git.kernel.org/pub/scm/linux/kernel/git/chao/linux.git bugfix/syzbot OK log
2025/09/01 06:52 43m chao@kernel.org https://git.kernel.org/pub/scm/linux/kernel/git/chao/linux.git bugfix/syzbot report log
2025/08/11 11:41 14m chao@kernel.org https://git.kernel.org/pub/scm/linux/kernel/git/chao/linux.git bugfix/common report log
2025/08/11 11:05 21m chao@kernel.org https://git.kernel.org/pub/scm/linux/kernel/git/chao/linux.git bugfix/common report log
2025/04/29 14:18 15m retest repro upstream report log

Sample crash report:
------------[ cut here ]------------
kernel BUG at fs/f2fs/data.c:358!
Oops: invalid opcode: 0000 [#1] SMP KASAN PTI
CPU: 1 UID: 0 PID: 79 Comm: kworker/u8:5 Not tainted 6.16.0-syzkaller #0 PREEMPT(full) 
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
Workqueue: bat_events batadv_nc_worker
RIP: 0010:f2fs_write_end_io+0x806/0x810 fs/f2fs/data.c:357
Code: 80 35 1a fe e9 95 fe ff ff 44 89 f9 80 e1 07 38 c1 0f 8c ea fe ff ff 4c 89 ff e8 f5 35 1a fe e9 dd fe ff ff e8 4b 4e ba fd 90 <0f> 0b 0f 1f 84 00 00 00 00 00 90 90 90 90 90 90 90 90 90 90 90 90
RSP: 0018:ffffc90000a08c98 EFLAGS: 00010246
RAX: ffffffff8405d775 RBX: dffffc0000000000 RCX: ffff88801cf59e00
RDX: 0000000000000100 RSI: 0000000000000000 RDI: 000000000000000b
RBP: ffff88802cb35a00 R08: ffffea0001e1c16f R09: 1ffffd40003c382d
R10: dffffc0000000000 R11: fffff940003c382e R12: 000000000000000b
R13: ffffea0001e1c140 R14: 0000000000000001 R15: 0000000000000000
FS:  0000000000000000(0000) GS:ffff888125d57000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007f47489bd000 CR3: 0000000027f34000 CR4: 00000000003526f0
Call Trace:
 <IRQ>
 blk_update_request+0x5eb/0xe70 block/blk-mq.c:987
 blk_mq_end_request+0x3e/0x70 block/blk-mq.c:1149
 blk_complete_reqs block/blk-mq.c:1224 [inline]
 blk_done_softirq+0x107/0x160 block/blk-mq.c:1229
 handle_softirqs+0x283/0x870 kernel/softirq.c:579
 __do_softirq kernel/softirq.c:613 [inline]
 invoke_softirq kernel/softirq.c:453 [inline]
 __irq_exit_rcu+0xca/0x1f0 kernel/softirq.c:680
 irq_exit_rcu+0x9/0x30 kernel/softirq.c:696
 instr_sysvec_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1050 [inline]
 sysvec_apic_timer_interrupt+0xa6/0xc0 arch/x86/kernel/apic/apic.c:1050
 </IRQ>
 <TASK>
 asm_sysvec_apic_timer_interrupt+0x1a/0x20 arch/x86/include/asm/idtentry.h:702
RIP: 0010:lock_acquire+0x175/0x360 kernel/locking/lockdep.c:5875
Code: 00 00 00 00 9c 8f 44 24 30 f7 44 24 30 00 02 00 00 0f 85 cd 00 00 00 f7 44 24 08 00 02 00 00 74 01 fb 65 48 8b 05 6b 55 fe 10 <48> 3b 44 24 58 0f 85 f2 00 00 00 48 83 c4 60 5b 41 5c 41 5d 41 5e
RSP: 0018:ffffc9000237f980 EFLAGS: 00000206
RAX: 4e8787c037617300 RBX: 0000000000000000 RCX: 4e8787c037617300
RDX: 0000000000000000 RSI: ffffffff8db6fcc6 RDI: ffffffff8be1ba40
RBP: ffffffff8b345592 R08: 0000000000000000 R09: ffffffff8b345592
R10: dffffc0000000000 R11: ffffffff8b3454c0 R12: 0000000000000002
R13: ffffffff8e13f0e0 R14: 0000000000000000 R15: 0000000000000246
 rcu_lock_acquire include/linux/rcupdate.h:331 [inline]
 rcu_read_lock include/linux/rcupdate.h:841 [inline]
 batadv_nc_purge_orig_hash net/batman-adv/network-coding.c:408 [inline]
 batadv_nc_worker+0xef/0x610 net/batman-adv/network-coding.c:719
 process_one_work kernel/workqueue.c:3238 [inline]
 process_scheduled_works+0xade/0x17b0 kernel/workqueue.c:3321
 worker_thread+0x8a0/0xda0 kernel/workqueue.c:3402
 kthread+0x70e/0x8a0 kernel/kthread.c:464
 ret_from_fork+0x3fc/0x770 arch/x86/kernel/process.c:148
 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245
 </TASK>
Modules linked in:
---[ end trace 0000000000000000 ]---
RIP: 0010:f2fs_write_end_io+0x806/0x810 fs/f2fs/data.c:357
Code: 80 35 1a fe e9 95 fe ff ff 44 89 f9 80 e1 07 38 c1 0f 8c ea fe ff ff 4c 89 ff e8 f5 35 1a fe e9 dd fe ff ff e8 4b 4e ba fd 90 <0f> 0b 0f 1f 84 00 00 00 00 00 90 90 90 90 90 90 90 90 90 90 90 90
RSP: 0018:ffffc90000a08c98 EFLAGS: 00010246
RAX: ffffffff8405d775 RBX: dffffc0000000000 RCX: ffff88801cf59e00
RDX: 0000000000000100 RSI: 0000000000000000 RDI: 000000000000000b
RBP: ffff88802cb35a00 R08: ffffea0001e1c16f R09: 1ffffd40003c382d
R10: dffffc0000000000 R11: fffff940003c382e R12: 000000000000000b
R13: ffffea0001e1c140 R14: 0000000000000001 R15: 0000000000000000
FS:  0000000000000000(0000) GS:ffff888125d57000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007f47489bd000 CR3: 0000000027f34000 CR4: 00000000003526f0
----------------
Code disassembly (best guess):
   0:	00 00                	add    %al,(%rax)
   2:	00 00                	add    %al,(%rax)
   4:	9c                   	pushf
   5:	8f 44 24 30          	pop    0x30(%rsp)
   9:	f7 44 24 30 00 02 00 	testl  $0x200,0x30(%rsp)
  10:	00
  11:	0f 85 cd 00 00 00    	jne    0xe4
  17:	f7 44 24 08 00 02 00 	testl  $0x200,0x8(%rsp)
  1e:	00
  1f:	74 01                	je     0x22
  21:	fb                   	sti
  22:	65 48 8b 05 6b 55 fe 	mov    %gs:0x10fe556b(%rip),%rax        # 0x10fe5595
  29:	10
* 2a:	48 3b 44 24 58       	cmp    0x58(%rsp),%rax <-- trapping instruction
  2f:	0f 85 f2 00 00 00    	jne    0x127
  35:	48 83 c4 60          	add    $0x60,%rsp
  39:	5b                   	pop    %rbx
  3a:	41 5c                	pop    %r12
  3c:	41 5d                	pop    %r13
  3e:	41 5e                	pop    %r14

Crashes (225):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2025/07/28 21:00 upstream 038d61fd6422 6654ea9c .config console log report syz / log C [disk image] [vmlinux] [kernel image] [mounted in repro #1 (corrupt fs)] [mounted in repro #2 (corrupt fs)] ci2-upstream-fs kernel BUG in f2fs_write_end_io
2025/04/15 14:13 upstream 834a4a689699 85125322 .config console log report syz / log C [disk image (non-bootable)] [vmlinux] [kernel image] [mounted in repro (corrupt fs)] ci-snapshot-upstream-root kernel BUG in f2fs_write_end_io
2025/12/13 15:23 upstream 9551a26f17d9 d6526ea3 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs kernel BUG in f2fs_write_end_io
2025/12/11 06:08 upstream 0048fbb4011e d6526ea3 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs kernel BUG in f2fs_write_end_io
2025/12/09 07:09 upstream cfd4039213e7 d6526ea3 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs kernel BUG in f2fs_write_end_io
2025/12/08 14:42 upstream ba65a4e7120a d6526ea3 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs kernel BUG in f2fs_write_end_io
2025/12/08 04:10 upstream ba65a4e7120a d6526ea3 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs kernel BUG in f2fs_write_end_io
2025/12/05 07:56 upstream 2061f18ad76e d6526ea3 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs kernel BUG in f2fs_write_end_io
2025/12/04 14:30 upstream 8f7aa3d3c732 d6526ea3 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs kernel BUG in f2fs_write_end_io
2025/12/04 11:24 upstream 8f7aa3d3c732 d6526ea3 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs kernel BUG in f2fs_write_end_io
2025/12/03 15:45 upstream 3f9f0252130e d6526ea3 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs kernel BUG in f2fs_write_end_io
2025/12/03 07:53 upstream d61f1cc5db79 d6526ea3 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs kernel BUG in f2fs_write_end_io
2025/12/02 17:14 upstream 4a26e7032d7d d6526ea3 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs kernel BUG in f2fs_write_end_io
2025/12/02 15:23 upstream 4a26e7032d7d d6526ea3 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs kernel BUG in f2fs_write_end_io
2025/12/02 13:16 upstream 4a26e7032d7d d6526ea3 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs kernel BUG in f2fs_write_end_io
2025/12/02 01:16 upstream 1d18101a644e d6526ea3 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs kernel BUG in f2fs_write_end_io
2025/11/30 20:48 upstream e69c7c175115 d6526ea3 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs kernel BUG in f2fs_write_end_io
2025/11/30 12:38 upstream 6bda50f4333f d6526ea3 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs kernel BUG in f2fs_write_end_io
2025/11/30 09:36 upstream 6bda50f4333f d6526ea3 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs kernel BUG in f2fs_write_end_io
2025/11/30 08:22 upstream 6bda50f4333f d6526ea3 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs kernel BUG in f2fs_write_end_io
2025/11/29 19:00 upstream 19eef1d98eed d6526ea3 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs kernel BUG in f2fs_write_end_io
2025/11/29 17:58 upstream 19eef1d98eed d6526ea3 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs kernel BUG in f2fs_write_end_io
2025/11/29 07:11 upstream 19eef1d98eed d6526ea3 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs kernel BUG in f2fs_write_end_io
2025/11/28 10:22 upstream e1afacb68573 d6526ea3 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs kernel BUG in f2fs_write_end_io
2025/11/28 01:13 upstream e1afacb68573 d6526ea3 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs kernel BUG in f2fs_write_end_io
2025/11/27 10:11 upstream 4941a17751c9 d6526ea3 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs kernel BUG in f2fs_write_end_io
2025/11/27 02:59 upstream 4941a17751c9 d6526ea3 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs kernel BUG in f2fs_write_end_io
2025/11/25 17:47 upstream 8a2bcda5e139 64219f15 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs kernel BUG in f2fs_write_end_io
2025/11/24 23:49 upstream ac3fd01e4c1e bf6fe8fe .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs kernel BUG in f2fs_write_end_io
2025/11/24 01:27 upstream d0e88704d96c 4fb8ef37 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs kernel BUG in f2fs_write_end_io
2025/11/23 22:50 upstream d0e88704d96c 4fb8ef37 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs kernel BUG in f2fs_write_end_io
2025/11/23 20:49 upstream d13f3ac64efb 4fb8ef37 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs kernel BUG in f2fs_write_end_io
2025/11/23 17:51 upstream d13f3ac64efb 4fb8ef37 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs kernel BUG in f2fs_write_end_io
2025/11/23 07:25 upstream 89edd36fd801 4fb8ef37 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs kernel BUG in f2fs_write_end_io
2025/11/23 06:19 upstream 89edd36fd801 4fb8ef37 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs kernel BUG in f2fs_write_end_io
2025/11/23 01:22 upstream 89edd36fd801 4fb8ef37 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs kernel BUG in f2fs_write_end_io
2025/11/23 01:14 upstream 89edd36fd801 4fb8ef37 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs kernel BUG in f2fs_write_end_io
2025/11/22 20:06 upstream 89edd36fd801 4fb8ef37 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs kernel BUG in f2fs_write_end_io
2025/11/21 23:11 upstream 2eba5e05d9bc 4fb8ef37 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs kernel BUG in f2fs_write_end_io
2025/11/21 04:02 upstream 8e621c9a3375 2cc4c24a .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs kernel BUG in f2fs_write_end_io
2025/11/19 08:06 upstream 8b690556d8fe ef766cd7 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs kernel BUG in f2fs_write_end_io
2025/11/18 15:46 upstream e7c375b18160 ef766cd7 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs kernel BUG in f2fs_write_end_io
2025/11/18 14:45 upstream e7c375b18160 ef766cd7 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs kernel BUG in f2fs_write_end_io
2025/11/17 20:08 upstream e7c375b18160 ef766cd7 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs kernel BUG in f2fs_write_end_io
2025/11/17 07:49 upstream 6a23ae0a96a6 f7988ea4 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs kernel BUG in f2fs_write_end_io
2025/11/17 00:41 upstream 7254a2b52279 f7988ea4 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs kernel BUG in f2fs_write_end_io
2025/11/16 16:44 upstream 7254a2b52279 f7988ea4 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs kernel BUG in f2fs_write_end_io
2025/11/16 07:06 upstream f824272b6e3f f7988ea4 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs kernel BUG in f2fs_write_end_io
2025/10/07 14:46 upstream c746c3b51698 8ef35d49 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-badwrites-root kernel BUG in f2fs_write_end_io
2025/07/11 04:16 upstream bc9ff192a6c9 3cda49cf .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-root kernel BUG in f2fs_write_end_io
2025/03/31 13:06 upstream 4e82c87058f4 d3999433 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs kernel BUG in f2fs_write_end_io
2025/03/28 20:13 upstream acb4f33713b9 9a1a9e31 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs kernel BUG in f2fs_write_end_io
2025/12/04 08:46 upstream cc25df3e2e22 d1b870e1 .config console log report [disk image (non-bootable)] [vmlinux] [kernel image] ci-snapshot-upstream-root kernel BUG in f2fs_write_end_io
2025/10/16 21:02 linux-next 2433b8476165 19568248 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-linux-next-kasan-gce-root kernel BUG in f2fs_write_end_io
2025/10/02 15:38 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci 2213e57a69f0 49379ee0 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-gce-arm64 kernel BUG in f2fs_write_end_io
* Struck through repros no longer work on HEAD.