syzbot

 sign-in | mailing list | source | docs
🞠Open [453]
🞠Fixed [23]
🞠Invalid [201]
⬇ Missing Backports [17]
≡ Crashes
Kernel Health Bugs/Month Bug Lifetimes Fuzzing
💬 Send us feedback

kernel BUG in gfs2_withdraw (2)

Status: upstream: reported C repro on 2026/04/04 08:25
Bug presence: origin:lts-only
[Documentation on labels]
Reported-by: syzbot+8623802f4fb0eb61f2cf@syzkaller.appspotmail.com
First crash: 7d12h, last: 7d07h
Bug presence (2)
Date Name Commit Repro Result
2026/04/04 linux-6.6.y (ToT) 08667c1437c0 C [report] kernel BUG in gfs2_withdraw
2026/04/04 upstream (ToT) 7ca6d1cfec80 C Didn't crash
Similar bugs (5)
Kernel Title Rank 🛈 Repro Cause bisect Fix bisect Count Last Reported Patched Status
linux-5.15 kernel BUG in gfs2_withdraw origin:upstream -1 C error 78 2d11h 564d 0/3 upstream: reported C repro on 2024/09/24 07:11
upstream kernel BUG in gfs2_withdraw (2) gfs2 -1 C 17 134d 237d 0/29 auto-obsoleted due to no activity on 2026/02/27 12:40
linux-6.1 kernel BUG in gfs2_withdraw origin:upstream missing-backport -1 C error 50 100d 496d 0/3 upstream: reported C repro on 2024/12/01 20:36
upstream kernel BUG in gfs2_withdraw gfs2 -1 C inconclusive 2553 268d 586d 0/29 closed as invalid on 2025/07/21 16:08
linux-6.6 kernel BUG in gfs2_withdraw -1 1 291d 291d 0/2 auto-obsoleted due to no activity on 2025/10/02 11:20
Fix bisection attempts (1)
Created Duration User Patch Repo Result
2026/04/04 23:36 1m fix candidate upstream error job log

Sample crash report:
  bh = 2073 (magic number)
  function = gfs2_meta_buffer, file = fs/gfs2/meta_io.c, line = 503
gfs2: fsid=#ãöúSÖñ^Ñ°Õ~oó»Á$®.s: about to withdraw this file system
------------[ cut here ]------------
kernel BUG at fs/gfs2/util.c:331!
invalid opcode: 0000 [#1] PREEMPT SMP KASAN
CPU: 0 PID: 5917 Comm: syz.0.17 Not tainted syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
RIP: 0010:gfs2_withdraw+0x132c/0x13d0 fs/gfs2/util.c:331
Code: ff 44 89 f9 80 e1 07 80 c1 03 38 c1 0f 8c 5b fb ff ff 4c 89 ff 49 89 f6 e8 b1 ef 2d fe 4c 89 f6 e9 48 fb ff ff e8 b4 b3 d5 fd <0f> 0b 44 89 f9 80 e1 07 80 c1 03 38 c1 0f 8c a2 fb ff ff 4c 89 ff
RSP: 0018:ffffc900046cf320 EFLAGS: 00010293
RAX: ffffffff83b16c6c RBX: ffff888024938340 RCX: ffff888025ed5a00
RDX: 0000000000000000 RSI: 0000000000000004 RDI: 0000000000000000
RBP: ffffc900046cf4b8 R08: ffffc900046cf027 R09: 1ffff920008d9e04
R10: dffffc0000000000 R11: fffff520008d9e05 R12: ffff888024938000
R13: dffffc0000000000 R14: 0000000000000004 R15: 1ffff11004927015
FS:  000055555c4a7500(0000) GS:ffff8880b8e00000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007ff816c4b53c CR3: 000000007c122000 CR4: 00000000003506f0
Call Trace:
 <TASK>
 gfs2_meta_check_ii+0x72/0x90 fs/gfs2/util.c:490
 gfs2_metatype_check_i fs/gfs2/util.h:126 [inline]
 gfs2_meta_buffer+0x236/0x310 fs/gfs2/meta_io.c:503
 gfs2_meta_inode_buffer fs/gfs2/meta_io.h:72 [inline]
 gfs2_inode_refresh+0xc1/0x1000 fs/gfs2/glops.c:488
 gfs2_instantiate+0x162/0x220 fs/gfs2/glock.c:483
 gfs2_glock_holder_ready fs/gfs2/glock.c:1362 [inline]
 gfs2_glock_wait+0x1d4/0x2a0 fs/gfs2/glock.c:1382
 gfs2_glock_nq_init fs/gfs2/glock.h:253 [inline]
 gfs2_lookupi+0x3de/0x640 fs/gfs2/inode.c:328
 gfs2_lookup_meta+0xb0/0x180 fs/gfs2/inode.c:279
 init_journal+0x1c2/0x2330 fs/gfs2/ops_fstype.c:743
 init_inodes+0xdb/0x320 fs/gfs2/ops_fstype.c:886
 gfs2_fill_super+0x17bc/0x1f30 fs/gfs2/ops_fstype.c:1266
 get_tree_bdev+0x3f3/0x520 fs/super.c:1591
 gfs2_get_tree+0x51/0x1e0 fs/gfs2/ops_fstype.c:1344
 vfs_get_tree+0x8c/0x280 fs/super.c:1764
 do_new_mount+0x24b/0xa40 fs/namespace.c:3386
 do_mount fs/namespace.c:3726 [inline]
 __do_sys_mount fs/namespace.c:3935 [inline]
 __se_sys_mount+0x2e7/0x3d0 fs/namespace.c:3912
 do_syscall_x64 arch/x86/entry/common.c:46 [inline]
 do_syscall_64+0x55/0xa0 arch/x86/entry/common.c:76
 entry_SYSCALL_64_after_hwframe+0x68/0xd2
RIP: 0033:0x7ff816b9da8a
Code: 48 c7 c2 e8 ff ff ff f7 d8 64 89 02 b8 ff ff ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007ffe0f0f6ad8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
RAX: ffffffffffffffda RBX: 00007ffe0f0f6b60 RCX: 00007ff816b9da8a
RDX: 0000200000000400 RSI: 0000200000012500 RDI: 00007ffe0f0f6b20
RBP: 0000200000000400 R08: 00007ffe0f0f6b60 R09: 0000000000200001
R10: 0000000000200001 R11: 0000000000000246 R12: 0000200000012500
R13: 00007ffe0f0f6b20 R14: 0000000000012625 R15: 0000200000000000
 </TASK>
Modules linked in:
---[ end trace 0000000000000000 ]---
RIP: 0010:gfs2_withdraw+0x132c/0x13d0 fs/gfs2/util.c:331
Code: ff 44 89 f9 80 e1 07 80 c1 03 38 c1 0f 8c 5b fb ff ff 4c 89 ff 49 89 f6 e8 b1 ef 2d fe 4c 89 f6 e9 48 fb ff ff e8 b4 b3 d5 fd <0f> 0b 44 89 f9 80 e1 07 80 c1 03 38 c1 0f 8c a2 fb ff ff 4c 89 ff
RSP: 0018:ffffc900046cf320 EFLAGS: 00010293
RAX: ffffffff83b16c6c RBX: ffff888024938340 RCX: ffff888025ed5a00
RDX: 0000000000000000 RSI: 0000000000000004 RDI: 0000000000000000
RBP: ffffc900046cf4b8 R08: ffffc900046cf027 R09: 1ffff920008d9e04
R10: dffffc0000000000 R11: fffff520008d9e05 R12: ffff888024938000
R13: dffffc0000000000 R14: 0000000000000004 R15: 1ffff11004927015
FS:  000055555c4a7500(0000) GS:ffff8880b8f00000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007f476e1b0000 CR3: 000000007c122000 CR4: 00000000003506e0

Crashes (1):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2026/04/04 08:25 linux-6.6.y c09fbcd31ae6 4440e7c2 .config console log report syz / log C [disk image] [vmlinux] [kernel image] [mounted in repro (corrupt fs)] ci2-linux-6-6-kasan kernel BUG in gfs2_withdraw
* Struck through repros no longer work on HEAD.