| Date | Name | Commit | Repro | Result |
|---|---|---|---|---|
| 2025/12/07 | upstream (ToT) | 67a454e6b1c6 | C | [report] BUG: spinlock bad magic in release_metapage |
syzbot |
sign-in | mailing list | source | docs |
| Date | Name | Commit | Repro | Result |
|---|---|---|---|---|
| 2025/12/07 | upstream (ToT) | 67a454e6b1c6 | C | [report] BUG: spinlock bad magic in release_metapage |
| Kernel | Title | Rank 🛈 | Repro | Cause bisect | Fix bisect | Count | Last | Reported | Patched | Status |
|---|---|---|---|---|---|---|---|---|---|---|
| linux-5.15 | BUG: spinlock bad magic in release_metapage origin:upstream | 19 | C | error | 95 | 31d | 634d | 0/3 | upstream: reported C repro on 2024/09/15 11:43 | |
| upstream | BUG: unable to handle kernel paging request in take_dentry_name_snapshot jfs overlayfs | 17 | C | error | done | 30 | 796d | 1288d | 0/29 | closed as dup on 2023/10/04 08:35 |
| linux-6.1 | BUG: spinlock bad magic in release_metapage origin:upstream | 4 | C | error | 88 | 22d | 615d | 0/3 | upstream: reported C repro on 2024/10/04 04:01 | |
| upstream | BUG: spinlock bad magic in release_metapage jfs prio:high | 15 | C | inconclusive | 864 | 26d | 639d | 0/29 | upstream: reported C repro on 2024/09/10 08:16 | |
| linux-6.1 | BUG: spinlock bad magic in btrfs_encoded_read_endio | 4 | 4 | 25d | 83d | 0/3 | upstream: reported on 2026/03/20 05:11 |
| Created | Duration | User | Patch | Repo | Result |
|---|---|---|---|---|---|
| 2026/01/29 14:49 | 0m | bisect fix | linux-6.6.y | error job log | |
| 2025/12/28 20:14 | 1h47m | bisect fix | linux-6.6.y | OK (0) job log log |
BUG: spinlock bad magic on CPU#0, jfsCommit/113 ================================================================== BUG: KASAN: slab-out-of-bounds in string_nocheck lib/vsprintf.c:645 [inline] BUG: KASAN: slab-out-of-bounds in string+0x223/0x2b0 lib/vsprintf.c:727 Read of size 1 at addr ffff88805e9a12a8 by task jfsCommit/113 CPU: 0 PID: 113 Comm: jfsCommit Not tainted syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026 Call Trace: <TASK> dump_stack_lvl+0x18c/0x250 lib/dump_stack.c:106 print_address_description mm/kasan/report.c:364 [inline] print_report+0xa8/0x210 mm/kasan/report.c:468 kasan_report+0x117/0x150 mm/kasan/report.c:581 string_nocheck lib/vsprintf.c:645 [inline] string+0x223/0x2b0 lib/vsprintf.c:727 vsnprintf+0xf72/0x1ba0 lib/vsprintf.c:2823 vprintk_store+0x3ec/0xda0 kernel/printk/printk.c:2226 vprintk_emit+0x117/0x610 kernel/printk/printk.c:2322 _printk+0xde/0x130 kernel/printk/printk.c:2366 spin_dump+0x101/0x1a0 kernel/locking/spinlock_debug.c:63 spin_bug kernel/locking/spinlock_debug.c:77 [inline] debug_spin_lock_before kernel/locking/spinlock_debug.c:85 [inline] do_raw_spin_lock+0x1bf/0x2c0 kernel/locking/spinlock_debug.c:114 __raw_spin_lock_irqsave include/linux/spinlock_api_smp.h:111 [inline] _raw_spin_lock_irqsave+0xc0/0x100 kernel/locking/spinlock.c:162 __wake_up_common_lock kernel/sched/wait.c:137 [inline] __wake_up+0x10b/0x1a0 kernel/sched/wait.c:160 unlock_metapage fs/jfs/jfs_metapage.c:38 [inline] release_metapage+0xc5/0x870 fs/jfs/jfs_metapage.c:765 xtTruncate+0xebe/0x2ec0 fs/jfs/jfs_xtree.c:-1 jfs_free_zero_link+0x35c/0x4c0 fs/jfs/namei.c:758 jfs_evict_inode+0x35d/0x440 fs/jfs/inode.c:159 evict+0x4ca/0x8d0 fs/inode.c:705 txLazyCommit fs/jfs/jfs_txnmgr.c:2665 [inline] jfs_lazycommit+0x429/0xa70 fs/jfs/jfs_txnmgr.c:2733 kthread+0x2fa/0x390 kernel/kthread.c:388 ret_from_fork+0x48/0x80 arch/x86/kernel/process.c:152 ret_from_fork_asm+0x11/0x20 arch/x86/entry/entry_64.S:293 </TASK> The buggy address belongs to the object at ffff88805e9a1280 which belongs to the cache jfs_ip of size 2240 The buggy address is located 40 bytes inside of allocated 2240-byte region [ffff88805e9a1280, ffff88805e9a1b40) The buggy address belongs to the physical page: page:ffffea00017a6800 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x5e9a0 head:ffffea00017a6800 order:3 entire_mapcount:0 nr_pages_mapped:0 pincount:0 memcg:ffff888076bdf901 flags: 0xfff00000000840(slab|head|node=0|zone=1|lastcpupid=0x7ff) page_type: 0xffffffff() raw: 00fff00000000840 ffff8881436ddc80 dead000000000122 0000000000000000 raw: 0000000000000000 00000000800d000d 00000001ffffffff ffff888076bdf901 page dumped because: kasan: bad access detected page_owner tracks the page as allocated page last allocated via order 3, migratetype Reclaimable, gfp_mask 0x1d2050(__GFP_IO|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC|__GFP_HARDWALL|__GFP_RECLAIMABLE), pid 5931, tgid 5931 (syz.0.17), ts 90617312086, free_ts 24316853060 set_page_owner include/linux/page_owner.h:31 [inline] post_alloc_hook+0x1c1/0x200 mm/page_alloc.c:1581 prep_new_page mm/page_alloc.c:1588 [inline] get_page_from_freelist+0x1951/0x19e0 mm/page_alloc.c:3220 __alloc_pages+0x1f0/0x460 mm/page_alloc.c:4500 alloc_slab_page+0x5d/0x160 mm/slub.c:1881 allocate_slab mm/slub.c:2028 [inline] new_slab+0x87/0x2d0 mm/slub.c:2081 ___slab_alloc+0xc5d/0x12f0 mm/slub.c:3253 __slab_alloc mm/slub.c:3339 [inline] __slab_alloc_node mm/slub.c:3392 [inline] slab_alloc_node mm/slub.c:3485 [inline] slab_alloc mm/slub.c:3503 [inline] __kmem_cache_alloc_lru mm/slub.c:3510 [inline] kmem_cache_alloc_lru+0x1aa/0x2d0 mm/slub.c:3526 alloc_inode_sb include/linux/fs.h:2946 [inline] jfs_alloc_inode+0x28/0x60 fs/jfs/super.c:105 alloc_inode fs/inode.c:261 [inline] iget_locked+0x1ad/0x840 fs/inode.c:1359 jfs_iget+0x24/0x440 fs/jfs/inode.c:29 jfs_lookup+0x221/0x420 fs/jfs/namei.c:1469 lookup_one_qstr_excl+0x112/0x250 fs/namei.c:1617 do_renameat2+0x44e/0xce0 fs/namei.c:4974 __do_sys_rename fs/namei.c:5079 [inline] __se_sys_rename fs/namei.c:5077 [inline] __x64_sys_rename+0x86/0x90 fs/namei.c:5077 do_syscall_x64 arch/x86/entry/common.c:46 [inline] do_syscall_64+0x55/0xb0 arch/x86/entry/common.c:76 entry_SYSCALL_64_after_hwframe+0x68/0xd2 page last free stack trace: reset_page_owner include/linux/page_owner.h:24 [inline] free_pages_prepare mm/page_alloc.c:1181 [inline] free_unref_page_prepare+0x7b2/0x8c0 mm/page_alloc.c:2365 free_unref_page+0x32/0x2e0 mm/page_alloc.c:2458 free_contig_range+0xa1/0x150 mm/page_alloc.c:6420 destroy_args+0x80/0x850 mm/debug_vm_pgtable.c:1015 debug_vm_pgtable+0x411/0x440 mm/debug_vm_pgtable.c:1400 do_one_initcall+0x242/0x790 init/main.c:1249 do_initcall_level+0x137/0x1f0 init/main.c:1311 do_initcalls+0x69/0xd0 init/main.c:1327 kernel_init_freeable+0x3ed/0x580 init/main.c:1564 kernel_init+0x1d/0x1c0 init/main.c:1454 ret_from_fork+0x48/0x80 arch/x86/kernel/process.c:152 ret_from_fork_asm+0x11/0x20 arch/x86/entry/entry_64.S:293 Memory state around the buggy address: ffff88805e9a1180: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ffff88805e9a1200: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc >ffff88805e9a1280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc ^ ffff88805e9a1300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc ffff88805e9a1380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc ==================================================================
| Time | Kernel | Commit | Syzkaller | Config | Log | Report | Syz repro | C repro | VM info | Assets (help?) | Manager | Title |
|---|---|---|---|---|---|---|---|---|---|---|---|---|
| 2026/06/06 18:29 | linux-6.6.y | 924b4a879cbb | cc095639 | .config | console log | report | syz / log | C | [disk image] [vmlinux] [kernel image] [mounted in repro (corrupt fs)] | ci2-linux-6-6-kasan | BUG: spinlock bad magic in release_metapage | |
| 2025/11/25 22:02 | linux-6.6.y | 1e89a1be4fe9 | 64219f15 | .config | console log | report | syz / log | C | [disk image] [vmlinux] [kernel image] [mounted in repro (corrupt fs)] | ci2-linux-6-6-kasan | BUG: spinlock bad magic in release_metapage | |
| 2025/12/30 14:46 | linux-6.6.y | 5fa4793a2d2d | d6526ea3 | .config | console log | report | info | [disk image] [vmlinux] [kernel image] | ci2-linux-6-6-kasan | BUG: spinlock bad magic in release_metapage | ||
| 2025/11/25 20:37 | linux-6.6.y | 1e89a1be4fe9 | 64219f15 | .config | console log | report | info | [disk image] [vmlinux] [kernel image] | ci2-linux-6-6-kasan | BUG: spinlock bad magic in release_metapage | ||
| 2025/11/25 20:34 | linux-6.6.y | 1e89a1be4fe9 | 64219f15 | .config | console log | report | info | [disk image] [vmlinux] [kernel image] | ci2-linux-6-6-kasan | BUG: spinlock bad magic in release_metapage | ||
| 2025/11/25 20:31 | linux-6.6.y | 1e89a1be4fe9 | 64219f15 | .config | console log | report | info | [disk image] [vmlinux] [kernel image] | ci2-linux-6-6-kasan | BUG: spinlock bad magic in release_metapage | ||
| 2025/11/25 20:29 | linux-6.6.y | 1e89a1be4fe9 | 64219f15 | .config | console log | report | info | [disk image] [vmlinux] [kernel image] | ci2-linux-6-6-kasan | BUG: spinlock bad magic in release_metapage | ||
| 2025/11/25 20:25 | linux-6.6.y | 1e89a1be4fe9 | 64219f15 | .config | console log | report | info | [disk image] [vmlinux] [kernel image] | ci2-linux-6-6-kasan | BUG: spinlock bad magic in release_metapage | ||
| 2025/11/25 20:22 | linux-6.6.y | 1e89a1be4fe9 | 64219f15 | .config | console log | report | info | [disk image] [vmlinux] [kernel image] | ci2-linux-6-6-kasan | BUG: spinlock bad magic in release_metapage | ||
| 2025/11/25 20:15 | linux-6.6.y | 1e89a1be4fe9 | 64219f15 | .config | console log | report | info | [disk image] [vmlinux] [kernel image] | ci2-linux-6-6-kasan | BUG: spinlock bad magic in release_metapage | ||
| 2025/11/25 20:12 | linux-6.6.y | 1e89a1be4fe9 | 64219f15 | .config | console log | report | info | [disk image] [vmlinux] [kernel image] | ci2-linux-6-6-kasan | BUG: spinlock bad magic in release_metapage |