syzbot

 sign-in | mailing list | source | docs
🐞 Open [379]
🐞 Fixed [18]
🐞 Invalid [79]
Missing Backports [14]
Crashes
Kernel Health Bugs/Month Bug Lifetimes Fuzzing
💬 Send us feedback

BUG: spinlock bad magic in release_metapage

Status: upstream: reported C repro on 2025/11/25 20:12
Reported-by: syzbot+8f19aec650b306c0309d@syzkaller.appspotmail.com
First crash: 3d12h, last: 3d10h
Similar bugs (4)
Kernel Title Rank 🛈 Repro Cause bisect Fix bisect Count Last Reported Patched Status
linux-5.15 BUG: spinlock bad magic in release_metapage origin:upstream 4 C 87 3d00h 439d 0/3 upstream: reported C repro on 2024/09/15 11:43
upstream BUG: unable to handle kernel paging request in take_dentry_name_snapshot jfs overlayfs 17 C error done 30 601d 1093d 0/29 closed as dup on 2023/10/04 08:35
linux-6.1 BUG: spinlock bad magic in release_metapage origin:upstream 4 C error 79 66d 421d 0/3 upstream: reported C repro on 2024/10/04 04:01
upstream BUG: spinlock bad magic in release_metapage jfs 15 C inconclusive 786 15h18m 445d 0/29 upstream: reported C repro on 2024/09/10 08:16

Sample crash report:
BUG: spinlock bad magic on CPU#0, jfsCommit/112
 lock: 0xffff888060e31328, .magic: ffffffff, .owner: /-1, .owner_cpu: 512
CPU: 0 PID: 112 Comm: jfsCommit Not tainted syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
Call Trace:
 <TASK>
 dump_stack_lvl+0x16c/0x230 lib/dump_stack.c:106
 spin_bug kernel/locking/spinlock_debug.c:77 [inline]
 debug_spin_lock_before kernel/locking/spinlock_debug.c:85 [inline]
 do_raw_spin_lock+0x1c6/0x2c0 kernel/locking/spinlock_debug.c:114
 __raw_spin_lock_irqsave include/linux/spinlock_api_smp.h:111 [inline]
 _raw_spin_lock_irqsave+0xb4/0xf0 kernel/locking/spinlock.c:162
 __wake_up_common_lock kernel/sched/wait.c:137 [inline]
 __wake_up+0xf8/0x190 kernel/sched/wait.c:160
 unlock_metapage fs/jfs/jfs_metapage.c:38 [inline]
 release_metapage+0xc5/0x870 fs/jfs/jfs_metapage.c:765
 xtTruncate+0xe65/0x2dc0 fs/jfs/jfs_xtree.c:-1
 jfs_free_zero_link+0x33b/0x490 fs/jfs/namei.c:758
 jfs_evict_inode+0x35d/0x440 fs/jfs/inode.c:159
 evict+0x486/0x870 fs/inode.c:705
 txLazyCommit fs/jfs/jfs_txnmgr.c:2665 [inline]
 jfs_lazycommit+0x42b/0xa60 fs/jfs/jfs_txnmgr.c:2733
 kthread+0x2fa/0x390 kernel/kthread.c:388
 ret_from_fork+0x48/0x80 arch/x86/kernel/process.c:152
 ret_from_fork_asm+0x11/0x20 arch/x86/entry/entry_64.S:293
 </TASK>
================================================================================
UBSAN: array-index-out-of-bounds in kernel/locking/qspinlock.c:131:9
index 8887 is out of range for type 'unsigned long[8]'
CPU: 0 PID: 112 Comm: jfsCommit Not tainted syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
Call Trace:
 <TASK>
 dump_stack_lvl+0x16c/0x230 lib/dump_stack.c:106
 ubsan_epilogue+0xa/0x30 lib/ubsan.c:217
 __ubsan_handle_out_of_bounds+0xe3/0xf0 lib/ubsan.c:348
 decode_tail kernel/locking/qspinlock.c:131 [inline]
 __pv_queued_spin_lock_slowpath+0x92b/0x9d0 kernel/locking/qspinlock.c:471
 pv_queued_spin_lock_slowpath arch/x86/include/asm/paravirt.h:586 [inline]
 queued_spin_lock_slowpath arch/x86/include/asm/qspinlock.h:51 [inline]
 queued_spin_lock include/asm-generic/qspinlock.h:114 [inline]
 do_raw_spin_lock+0x24e/0x2c0 kernel/locking/spinlock_debug.c:115
 __raw_spin_lock_irqsave include/linux/spinlock_api_smp.h:111 [inline]
 _raw_spin_lock_irqsave+0xb4/0xf0 kernel/locking/spinlock.c:162
 __wake_up_common_lock kernel/sched/wait.c:137 [inline]
 __wake_up+0xf8/0x190 kernel/sched/wait.c:160
 unlock_metapage fs/jfs/jfs_metapage.c:38 [inline]
 release_metapage+0xc5/0x870 fs/jfs/jfs_metapage.c:765
 xtTruncate+0xe65/0x2dc0 fs/jfs/jfs_xtree.c:-1
 jfs_free_zero_link+0x33b/0x490 fs/jfs/namei.c:758
 jfs_evict_inode+0x35d/0x440 fs/jfs/inode.c:159
 evict+0x486/0x870 fs/inode.c:705
 txLazyCommit fs/jfs/jfs_txnmgr.c:2665 [inline]
 jfs_lazycommit+0x42b/0xa60 fs/jfs/jfs_txnmgr.c:2733
 kthread+0x2fa/0x390 kernel/kthread.c:388
 ret_from_fork+0x48/0x80 arch/x86/kernel/process.c:152
 ret_from_fork_asm+0x11/0x20 arch/x86/entry/entry_64.S:293
 </TASK>
================================================================================

Crashes (9):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2025/11/25 22:02 linux-6.6.y 1e89a1be4fe9 64219f15 .config console log report syz / log C [disk image] [vmlinux] [kernel image] [mounted in repro (corrupt fs)] ci2-linux-6-6-kasan BUG: spinlock bad magic in release_metapage
2025/11/25 20:37 linux-6.6.y 1e89a1be4fe9 64219f15 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-6-kasan BUG: spinlock bad magic in release_metapage
2025/11/25 20:34 linux-6.6.y 1e89a1be4fe9 64219f15 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-6-kasan BUG: spinlock bad magic in release_metapage
2025/11/25 20:31 linux-6.6.y 1e89a1be4fe9 64219f15 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-6-kasan BUG: spinlock bad magic in release_metapage
2025/11/25 20:29 linux-6.6.y 1e89a1be4fe9 64219f15 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-6-kasan BUG: spinlock bad magic in release_metapage
2025/11/25 20:25 linux-6.6.y 1e89a1be4fe9 64219f15 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-6-kasan BUG: spinlock bad magic in release_metapage
2025/11/25 20:22 linux-6.6.y 1e89a1be4fe9 64219f15 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-6-kasan BUG: spinlock bad magic in release_metapage
2025/11/25 20:15 linux-6.6.y 1e89a1be4fe9 64219f15 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-6-kasan BUG: spinlock bad magic in release_metapage
2025/11/25 20:12 linux-6.6.y 1e89a1be4fe9 64219f15 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-6-kasan BUG: spinlock bad magic in release_metapage
* Struck through repros no longer work on HEAD.