kernel BUG in gfs2_trans_add

Title	Replies (including bot)	Last reply
[syzbot] [gfs2?] kernel BUG in gfs2_trans_add_revoke	0 (1)	2026/03/26 16:58

Code: a2 c7 05 1c fd 24 00 00 00 00 00 eb 96 e8 e1 12 00 00 90 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 e8 ff ff ff f7 d8 64 89 02 b8 RSP: 002b:00007fff8e0b67e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6 RAX: 0000000000000000 RBX: 00007f3236032050 RCX: 00007f3235f9d9d7 RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007fff8e0b68a0 RBP: 00007fff8e0b68a0 R08: 00007fff8e0b78a0 R09: 00000000ffffffff R10: 0000000000000000 R11: 0000000000000246 R12: 00007fff8e0b7930 R13: 00007f3236032050 R14: 0000000000112335 R15: 00007fff8e0b7970 </TASK> gfs2: fsid=syz:syz.0: about to withdraw this file system ------------[ cut here ]------------ kernel BUG at fs/gfs2/trans.c:324! Oops: invalid opcode: 0000 [#1] SMP KASAN PTI CPU: 0 UID: 0 PID: 17968 Comm: syz-executor Tainted: G L syzkaller #0 PREEMPT(full) Tainted: [L]=SOFTLOCKUP Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 RIP: 0010:gfs2_trans_add_revoke+0xd1/0xe0 fs/gfs2/trans.c:324 Code: 41 5c 41 5d 41 5e 41 5f c3 cc cc cc cc cc 89 d9 80 e1 07 80 c1 03 38 c1 7c e3 48 89 df e8 37 2d 0a fe eb d9 e8 30 d2 a0 fd 90 <0f> 0b 66 66 66 66 2e 0f 1f 84 00 00 00 00 00 90 90 90 90 90 90 90 RSP: 0018:ffffc900065b7998 EFLAGS: 00010293 RAX: ffffffff84254920 RBX: ffff88802ffaf8f0 RCX: ffff88807decdb80 RDX: 0000000000000000 RSI: ffff8880596e6c40 RDI: ffff88807cb44000 RBP: ffff888034f550c0 R08: ffffffff90127bf7 R09: 1ffffffff2024f7e R10: dffffc0000000000 R11: fffffbfff2024f7f R12: ffff8880596e6c58 R13: dffffc0000000000 R14: ffff8880596e6c40 R15: ffff88807cb44000 FS: 000055557d13e500(0000) GS:ffff888125442000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 000055556d770a68 CR3: 00000000223dc000 CR4: 00000000003526f0 Call Trace: <TASK> __gfs2_ail_flush+0x12c/0x220 fs/gfs2/glops.c:78 gfs2_ail_flush+0xbd/0x100 fs/gfs2/glops.c:152 evict_linked_inode fs/gfs2/super.c:1397 [inline] gfs2_evict_inode+0x743/0x12d0 fs/gfs2/super.c:1465 evict+0x61e/0xb10 fs/inode.c:846 gfs2_evict_inodes fs/gfs2/ops_fstype.c:1760 [inline] gfs2_kill_sb+0x2bb/0x430 fs/gfs2/ops_fstype.c:1786 deactivate_locked_super+0xbc/0x130 fs/super.c:476 cleanup_mnt+0x437/0x4d0 fs/namespace.c:1312 task_work_run+0x1d9/0x270 kernel/task_work.c:233 resume_user_mode_work include/linux/resume_user_mode.h:50 [inline] __exit_to_user_mode_loop kernel/entry/common.c:67 [inline] exit_to_user_mode_loop+0xed/0x480 kernel/entry/common.c:98 __exit_to_user_mode_prepare include/linux/irq-entry-common.h:238 [inline] syscall_exit_to_user_mode_prepare include/linux/irq-entry-common.h:269 [inline] syscall_exit_to_user_mode include/linux/entry-common.h:328 [inline] do_syscall_64+0x33e/0xf80 arch/x86/entry/syscall_64.c:100 entry_SYSCALL_64_after_hwframe+0x77/0x7f RIP: 0033:0x7f3235f9d9d7 Code: a2 c7 05 1c fd 24 00 00 00 00 00 eb 96 e8 e1 12 00 00 90 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 e8 ff ff ff f7 d8 64 89 02 b8 RSP: 002b:00007fff8e0b67e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6 RAX: 0000000000000000 RBX: 00007f3236032050 RCX: 00007f3235f9d9d7 RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007fff8e0b68a0 RBP: 00007fff8e0b68a0 R08: 00007fff8e0b78a0 R09: 00000000ffffffff R10: 0000000000000000 R11: 0000000000000246 R12: 00007fff8e0b7930 R13: 00007f3236032050 R14: 0000000000112335 R15: 00007fff8e0b7970 </TASK> Modules linked in: ---[ end trace 0000000000000000 ]--- RIP: 0010:gfs2_trans_add_revoke+0xd1/0xe0 fs/gfs2/trans.c:324 Code: 41 5c 41 5d 41 5e 41 5f c3 cc cc cc cc cc 89 d9 80 e1 07 80 c1 03 38 c1 7c e3 48 89 df e8 37 2d 0a fe eb d9 e8 30 d2 a0 fd 90 <0f> 0b 66 66 66 66 2e 0f 1f 84 00 00 00 00 00 90 90 90 90 90 90 90 RSP: 0018:ffffc900065b7998 EFLAGS: 00010293 RAX: ffffffff84254920 RBX: ffff88802ffaf8f0 RCX: ffff88807decdb80 RDX: 0000000000000000 RSI: ffff8880596e6c40 RDI: ffff88807cb44000 RBP: ffff888034f550c0 R08: ffffffff90127bf7 R09: 1ffffffff2024f7e R10: dffffc0000000000 R11: fffffbfff2024f7f R12: ffff8880596e6c58 R13: dffffc0000000000 R14: ffff8880596e6c40 R15: ffff88807cb44000 FS: 000055557d13e500(0000) GS:ffff888125442000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 000055556d770a68 CR3: 00000000223dc000 CR4: 00000000003526f0 ---------------- Code disassembly (best guess): 0: a2 c7 05 1c fd 24 00 movabs %al,0x24fd1c05c7 7: 00 00 9: 00 00 add %al,(%rax) b: eb 96 jmp 0xffffffa3 d: e8 e1 12 00 00 call 0x12f3 12: 90 nop 13: 31 f6 xor %esi,%esi 15: e9 09 00 00 00 jmp 0x23 1a: 66 0f 1f 84 00 00 00 nopw 0x0(%rax,%rax,1) 21: 00 00 23: b8 a6 00 00 00 mov $0xa6,%eax 28: 0f 05 syscall * 2a: 48 3d 00 f0 ff ff cmp $0xfffffffffffff000,%rax <-- trapping instruction 30: 77 01 ja 0x33 32: c3 ret 33: 48 c7 c2 e8 ff ff ff mov $0xffffffffffffffe8,%rdx 3a: f7 d8 neg %eax 3c: 64 89 02 mov %eax,%fs:(%rdx) 3f: b8 .byte 0xb8

Crashes (3):
Time	Kernel	Commit	Syzkaller	Config	Log	Report	VM info	Assets (help?)	Manager	Title
2026/03/27 19:18	linux-next	e77a5a5cfe43	74a13a23	.config	console log	report	info	[disk image] [vmlinux] [kernel image]	ci-upstream-linux-next-kasan-gce-root	kernel BUG in gfs2_trans_add_revoke
2026/03/22 17:10	linux-next	785f0eb2f85d	5b92003d	.config	console log	report	info	[disk image] [vmlinux] [kernel image]	ci-upstream-linux-next-kasan-gce-root	kernel BUG in gfs2_trans_add_revoke
2026/03/22 16:56	linux-next	785f0eb2f85d	5b92003d	.config	console log	report	info	[disk image] [vmlinux] [kernel image]	ci-upstream-linux-next-kasan-gce-root	kernel BUG in gfs2_trans_add_revoke

Crashes (3):

Assets (help?)