[v6.1] kernel BUG in bio_chain
0 views
Skip to first unread message
syzbot
Jan 11, 2026, 10:09:26 AM (3 days ago) Jan 11
to syzkaller...@googlegroups.com
Hello,
syzbot found the following issue on:
HEAD commit: bec0e10ee67e Linux 6.1.160
git tree: linux-6.1.y
console output: https://syzkaller.appspot.com/x/log.txt?x=11b7099a580000
kernel config: https://syzkaller.appspot.com/x/.config?x=31ea1cecaf34f0db
dashboard link: https://syzkaller.appspot.com/bug?extid=2277e25fd71ff541a8fc
compiler: Debian clang version 20.1.8 (++20250708063551+0c9f909b7976-1~exp1~20250708183702.136), Debian LLD 20.1.8
userspace arch: arm64
Unfortunately, I don't have any reproducer for this issue yet.
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/0c7c6a53ac77/disk-bec0e10e.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/38567d4ccc5b/vmlinux-bec0e10e.xz
kernel image: https://storage.googleapis.com/syzbot-assets/5f0a7945f428/Image-bec0e10e.gz.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+2277e2...@syzkaller.appspotmail.com
gfs2: fsid=syz:syz.0: jid=0, already locked for use
gfs2: fsid=syz:syz.0: jid=0: Looking at journal...
------------[ cut here ]------------
kernel BUG at block/bio.c:335!
Internal error: Oops - BUG: 00000000f2000800 [#1] PREEMPT SMP
Modules linked in:
CPU: 0 PID: 4381 Comm: kworker/0:5 Not tainted syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/03/2025
Workqueue: gfs_recovery gfs2_recover_func
pstate: 82400005 (Nzcv daif +PAN -UAO +TCO -DIT -SSBS BTYPE=--)
pc : bio_chain+0x110/0x13c block/bio.c:335
lr : bio_chain+0x110/0x13c block/bio.c:335
sp : ffff800021177640
x29: ffff800021177640 x28: 0000000000000001 x27: 0000000000000000
x26: 0000000000000800 x25: ffff0000d9dcc628 x24: 0000000000000800
x23: 1fffe0001b3b98c8 x22: dfff800000000000 x21: ffff0000d9dcc600
x20: ffff0000d9dcc640 x19: ffff0000d9dccf00 x18: ffff800011a6bd40
x17: ffff80000a6ab7b8 x16: ffff8000082d35d8 x15: ffff8000086e9bc8
x14: ffff8000088cb548 x13: 1ffff00002a0a0b1 x12: 0000000000ff0100
x11: ff0080000a6ab15c x10: 0000000000000000 x9 : ffff80000a6ab15c
x8 : ffff0000d5261bc0 x7 : ffff80000a74ca4c x6 : 0000000000000000
x5 : 0000000000000000 x4 : 0000000000000000 x3 : 0000000000000002
x2 : 0000000000000008 x1 : ffff0000d9dccf00 x0 : ffff0000d9dcc600
Call trace:
bio_chain+0x110/0x13c block/bio.c:335
gfs2_chain_bio fs/gfs2/lops.c:494 [inline]
gfs2_find_jhead+0x718/0xb30 fs/gfs2/lops.c:559
gfs2_recover_func+0x4e0/0x1670 fs/gfs2/recovery.c:460
process_one_work+0x7f4/0x13a8 kernel/workqueue.c:2292
worker_thread+0x8c8/0xfbc kernel/workqueue.c:2439
kthread+0x250/0x2d8 kernel/kthread.c:376
ret_from_fork+0x10/0x20 arch/arm64/kernel/entry.S:850
Code: 54fffd6b 9788bb8e 17ffffe9 9777e48a (d4210000)
---[ end trace 0000000000000000 ]---
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
If the report is already addressed, let syzbot know by replying with:
#syz fix: exact-commit-title
If you want to overwrite report's subsystems, reply with:
#syz set subsystems: new-subsystem
(See the list of subsystem names on the web dashboard)
If the report is a duplicate of another one, reply with:
#syz dup: exact-subject-of-another-report
If you want to undo deduplication, reply with:
#syz undup
syzbot found the following issue on:
HEAD commit: bec0e10ee67e Linux 6.1.160
git tree: linux-6.1.y
console output: https://syzkaller.appspot.com/x/log.txt?x=11b7099a580000
kernel config: https://syzkaller.appspot.com/x/.config?x=31ea1cecaf34f0db
dashboard link: https://syzkaller.appspot.com/bug?extid=2277e25fd71ff541a8fc
compiler: Debian clang version 20.1.8 (++20250708063551+0c9f909b7976-1~exp1~20250708183702.136), Debian LLD 20.1.8
userspace arch: arm64
Unfortunately, I don't have any reproducer for this issue yet.
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/0c7c6a53ac77/disk-bec0e10e.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/38567d4ccc5b/vmlinux-bec0e10e.xz
kernel image: https://storage.googleapis.com/syzbot-assets/5f0a7945f428/Image-bec0e10e.gz.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+2277e2...@syzkaller.appspotmail.com
gfs2: fsid=syz:syz.0: jid=0, already locked for use
gfs2: fsid=syz:syz.0: jid=0: Looking at journal...
------------[ cut here ]------------
kernel BUG at block/bio.c:335!
Internal error: Oops - BUG: 00000000f2000800 [#1] PREEMPT SMP
Modules linked in:
CPU: 0 PID: 4381 Comm: kworker/0:5 Not tainted syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/03/2025
Workqueue: gfs_recovery gfs2_recover_func
pstate: 82400005 (Nzcv daif +PAN -UAO +TCO -DIT -SSBS BTYPE=--)
pc : bio_chain+0x110/0x13c block/bio.c:335
lr : bio_chain+0x110/0x13c block/bio.c:335
sp : ffff800021177640
x29: ffff800021177640 x28: 0000000000000001 x27: 0000000000000000
x26: 0000000000000800 x25: ffff0000d9dcc628 x24: 0000000000000800
x23: 1fffe0001b3b98c8 x22: dfff800000000000 x21: ffff0000d9dcc600
x20: ffff0000d9dcc640 x19: ffff0000d9dccf00 x18: ffff800011a6bd40
x17: ffff80000a6ab7b8 x16: ffff8000082d35d8 x15: ffff8000086e9bc8
x14: ffff8000088cb548 x13: 1ffff00002a0a0b1 x12: 0000000000ff0100
x11: ff0080000a6ab15c x10: 0000000000000000 x9 : ffff80000a6ab15c
x8 : ffff0000d5261bc0 x7 : ffff80000a74ca4c x6 : 0000000000000000
x5 : 0000000000000000 x4 : 0000000000000000 x3 : 0000000000000002
x2 : 0000000000000008 x1 : ffff0000d9dccf00 x0 : ffff0000d9dcc600
Call trace:
bio_chain+0x110/0x13c block/bio.c:335
gfs2_chain_bio fs/gfs2/lops.c:494 [inline]
gfs2_find_jhead+0x718/0xb30 fs/gfs2/lops.c:559
gfs2_recover_func+0x4e0/0x1670 fs/gfs2/recovery.c:460
process_one_work+0x7f4/0x13a8 kernel/workqueue.c:2292
worker_thread+0x8c8/0xfbc kernel/workqueue.c:2439
kthread+0x250/0x2d8 kernel/kthread.c:376
ret_from_fork+0x10/0x20 arch/arm64/kernel/entry.S:850
Code: 54fffd6b 9788bb8e 17ffffe9 9777e48a (d4210000)
---[ end trace 0000000000000000 ]---
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
If the report is already addressed, let syzbot know by replying with:
#syz fix: exact-commit-title
If you want to overwrite report's subsystems, reply with:
#syz set subsystems: new-subsystem
(See the list of subsystem names on the web dashboard)
If the report is a duplicate of another one, reply with:
#syz dup: exact-subject-of-another-report
If you want to undo deduplication, reply with:
#syz undup
syzbot
Jan 11, 2026, 10:20:33 AM (3 days ago) Jan 11
to syzkaller...@googlegroups.com
Hello,
syzbot found the following issue on:
HEAD commit: c596736dadab Linux 6.6.120
syzbot found the following issue on:
git tree: linux-6.6.y
console output: https://syzkaller.appspot.com/x/log.txt?x=1484ff92580000
kernel config: https://syzkaller.appspot.com/x/.config?x=691a6769a86ac817
dashboard link: https://syzkaller.appspot.com/bug?extid=6932c6833ad7f040732b
compiler: Debian clang version 20.1.8 (++20250708063551+0c9f909b7976-1~exp1~20250708183702.136), Debian LLD 20.1.8
Unfortunately, I don't have any reproducer for this issue yet.
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/855c94eb3eef/disk-c596736d.raw.xz
Downloadable assets:
vmlinux: https://storage.googleapis.com/syzbot-assets/b7510b30b774/vmlinux-c596736d.xz
kernel image: https://storage.googleapis.com/syzbot-assets/3ce7fe4f6991/bzImage-c596736d.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
gfs2: fsid=syz:syz: Now mounting FS (format 1801)...
gfs2: fsid=syz:syz.s: journal 0 mapped with 3 extents in 0ms
------------[ cut here ]------------
kernel BUG at block/bio.c:340!
invalid opcode: 0000 [#1] PREEMPT SMP KASAN
CPU: 0 PID: 7835 Comm: syz.0.895 Not tainted syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
RIP: 0010:bio_chain+0xe4/0xf0 block/bio.c:340
Code: d2 df dc fd f0 ff 43 1c 5b 41 5c 41 5d 41 5e 41 5f 5d c3 89 f9 80 e1 07 fe c1 38 c1 7c d4 e8 93 dd dc fd eb cd e8 bc 6d 85 fd <0f> 0b e8 b5 6d 85 fd 0f 0b 0f 1f 00 f3 0f 1e fa 55 41 57 41 56 41
RSP: 0018:ffffc90004dbf5b0 EFLAGS: 00010287
RAX: ffffffff84003d44 RBX: ffff88805f742dc0 RCX: 0000000000080000
RDX: ffffc90005021000 RSI: 000000000004e0b0 RDI: 000000000004e0b1
RBP: 0000000000000004 R08: ffffffff8e4a39ef R09: 1ffffffff1c9473d
R10: dffffc0000000000 R11: fffffbfff1c9473e R12: dffffc0000000000
R13: 1ffff1100bee8598 R14: ffff88805f742c80 R15: ffff88805f742cc0
FS: 00007f4f8bca36c0(0000) GS:ffff8880b8e00000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007f1da15ad000 CR3: 000000002d2dd000 CR4: 00000000003506f0
Call Trace:
<TASK>
gfs2_chain_bio fs/gfs2/lops.c:495 [inline]
gfs2_find_jhead+0x5fa/0xd20 fs/gfs2/lops.c:559
check_journal_clean+0x191/0x300 fs/gfs2/util.c:76
init_journal+0x17f1/0x2260 fs/gfs2/ops_fstype.c:828
init_inodes+0xdb/0x320 fs/gfs2/ops_fstype.c:886
gfs2_fill_super+0x1815/0x1f80 fs/gfs2/ops_fstype.c:1266
get_tree_bdev+0x3e4/0x510 fs/super.c:1591
gfs2_get_tree+0x51/0x1e0 fs/gfs2/ops_fstype.c:1344
vfs_get_tree+0x8c/0x280 fs/super.c:1764
do_new_mount+0x24b/0xa40 fs/namespace.c:3386
do_mount fs/namespace.c:3726 [inline]
__do_sys_mount fs/namespace.c:3935 [inline]
__se_sys_mount+0x2da/0x3c0 fs/namespace.c:3912
do_syscall_x64 arch/x86/entry/common.c:46 [inline]
do_syscall_64+0x55/0xb0 arch/x86/entry/common.c:76
entry_SYSCALL_64_after_hwframe+0x68/0xd2
RIP: 0033:0x7f4f8ad90eea
Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 de 1a 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007f4f8bca2e68 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
RAX: ffffffffffffffda RBX: 00007f4f8bca2ef0 RCX: 00007f4f8ad90eea
RDX: 000020000001f680 RSI: 000020000001f6c0 RDI: 00007f4f8bca2eb0
RBP: 000020000001f680 R08: 00007f4f8bca2ef0 R09: 0000000000000084
R10: 0000000000000084 R11: 0000000000000246 R12: 000020000001f6c0
R13: 00007f4f8bca2eb0 R14: 000000000001f707 R15: 00002000000000c0
</TASK>
Modules linked in:
---[ end trace 0000000000000000 ]---
RIP: 0010:bio_chain+0xe4/0xf0 block/bio.c:340
Code: d2 df dc fd f0 ff 43 1c 5b 41 5c 41 5d 41 5e 41 5f 5d c3 89 f9 80 e1 07 fe c1 38 c1 7c d4 e8 93 dd dc fd eb cd e8 bc 6d 85 fd <0f> 0b e8 b5 6d 85 fd 0f 0b 0f 1f 00 f3 0f 1e fa 55 41 57 41 56 41
RSP: 0018:ffffc90004dbf5b0 EFLAGS: 00010287
RAX: ffffffff84003d44 RBX: ffff88805f742dc0 RCX: 0000000000080000
RDX: ffffc90005021000 RSI: 000000000004e0b0 RDI: 000000000004e0b1
RBP: 0000000000000004 R08: ffffffff8e4a39ef R09: 1ffffffff1c9473d
R10: dffffc0000000000 R11: fffffbfff1c9473e R12: dffffc0000000000
R13: 1ffff1100bee8598 R14: ffff88805f742c80 R15: ffff88805f742cc0
FS: 00007f4f8bca36c0(0000) GS:ffff8880b8e00000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007fff7c9c2fa8 CR3: 000000002d2dd000 CR4: 00000000003506f0
syzbot
Jan 12, 2026, 2:13:27 AM (2 days ago) Jan 12
to syzkaller...@googlegroups.com
syzbot has found a reproducer for the following issue on:
HEAD commit: bec0e10ee67e Linux 6.1.160
git tree: linux-6.1.y
console output: https://syzkaller.appspot.com/x/log.txt?x=1768399a580000
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=11390052580000
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/0c7c6a53ac77/disk-bec0e10e.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/38567d4ccc5b/vmlinux-bec0e10e.xz
kernel image: https://storage.googleapis.com/syzbot-assets/5f0a7945f428/Image-bec0e10e.gz.xz
mounted in repro: https://storage.googleapis.com/syzbot-assets/22e8c7de3e16/mount_0.gz
fsck result: failed (log: https://syzkaller.appspot.com/x/fsck.log?x=144f65fa580000)
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+2277e2...@syzkaller.appspotmail.com
gfs2: fsid=syz:syz.0: jid=0, already locked for use
gfs2: fsid=syz:syz.0: jid=0: Looking at journal...
------------[ cut here ]------------
kernel BUG at block/bio.c:335!
Internal error: Oops - BUG: 00000000f2000800 [#1] PREEMPT SMP
Modules linked in:
CPU: 0 PID: 4350 Comm: kworker/0:4 Not tainted syzkaller #0
x29: ffff800020ce7640 x28: 0000000000000001 x27: 0000000000000000
x26: 0000000000000800 x25: ffff0000d81361a8 x24: 0000000000000800
x23: 1fffe0001b026c38 x22: dfff800000000000 x21: ffff0000d8136180
x20: ffff0000d81361c0 x19: ffff0000d8136000 x18: ffff800011a6bd40
#syz test: git://repo/address.git branch-or-commit-hash
If you attach or paste a git patch, syzbot will apply it before testing.
HEAD commit: bec0e10ee67e Linux 6.1.160
git tree: linux-6.1.y
kernel config: https://syzkaller.appspot.com/x/.config?x=31ea1cecaf34f0db
dashboard link: https://syzkaller.appspot.com/bug?extid=2277e25fd71ff541a8fc
compiler: Debian clang version 20.1.8 (++20250708063551+0c9f909b7976-1~exp1~20250708183702.136), Debian LLD 20.1.8
userspace arch: arm64
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=1794a844580000
dashboard link: https://syzkaller.appspot.com/bug?extid=2277e25fd71ff541a8fc
compiler: Debian clang version 20.1.8 (++20250708063551+0c9f909b7976-1~exp1~20250708183702.136), Debian LLD 20.1.8
userspace arch: arm64
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=11390052580000
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/0c7c6a53ac77/disk-bec0e10e.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/38567d4ccc5b/vmlinux-bec0e10e.xz
kernel image: https://storage.googleapis.com/syzbot-assets/5f0a7945f428/Image-bec0e10e.gz.xz
fsck result: failed (log: https://syzkaller.appspot.com/x/fsck.log?x=144f65fa580000)
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+2277e2...@syzkaller.appspotmail.com
gfs2: fsid=syz:syz.0: jid=0, already locked for use
gfs2: fsid=syz:syz.0: jid=0: Looking at journal...
------------[ cut here ]------------
kernel BUG at block/bio.c:335!
Internal error: Oops - BUG: 00000000f2000800 [#1] PREEMPT SMP
Modules linked in:
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/03/2025
Workqueue: gfs_recovery gfs2_recover_func
pstate: 82400005 (Nzcv daif +PAN -UAO +TCO -DIT -SSBS BTYPE=--)
pc : bio_chain+0x110/0x13c block/bio.c:335
lr : bio_chain+0x110/0x13c block/bio.c:335
sp : ffff800020ce7640
Workqueue: gfs_recovery gfs2_recover_func
pstate: 82400005 (Nzcv daif +PAN -UAO +TCO -DIT -SSBS BTYPE=--)
pc : bio_chain+0x110/0x13c block/bio.c:335
lr : bio_chain+0x110/0x13c block/bio.c:335
x29: ffff800020ce7640 x28: 0000000000000001 x27: 0000000000000000
x26: 0000000000000800 x25: ffff0000d81361a8 x24: 0000000000000800
x23: 1fffe0001b026c38 x22: dfff800000000000 x21: ffff0000d8136180
x20: ffff0000d81361c0 x19: ffff0000d8136000 x18: ffff800011a6bd40
x17: ffff80000a6ab7b8 x16: ffff8000082d35d8 x15: ffff8000086e9bc8
x14: ffff8000088cb548 x13: 1ffff00002a0a0b1 x12: 0000000000ff0100
x11: ff0080000a6ab15c x10: 0000000000000000 x9 : ffff80000a6ab15c
x8 : ffff0000cf2e0000 x7 : ffff80000a74ca4c x6 : 0000000000000000
x14: ffff8000088cb548 x13: 1ffff00002a0a0b1 x12: 0000000000ff0100
x11: ff0080000a6ab15c x10: 0000000000000000 x9 : ffff80000a6ab15c
x5 : 0000000000000000 x4 : 0000000000000000 x3 : 0000000000000002
x2 : 0000000000000008 x1 : ffff0000d8136000 x0 : ffff0000d8136180
Call trace:
bio_chain+0x110/0x13c block/bio.c:335
gfs2_chain_bio fs/gfs2/lops.c:494 [inline]
gfs2_find_jhead+0x718/0xb30 fs/gfs2/lops.c:559
gfs2_recover_func+0x4e0/0x1670 fs/gfs2/recovery.c:460
process_one_work+0x7f4/0x13a8 kernel/workqueue.c:2292
worker_thread+0x8c8/0xfbc kernel/workqueue.c:2439
kthread+0x250/0x2d8 kernel/kthread.c:376
ret_from_fork+0x10/0x20 arch/arm64/kernel/entry.S:850
Code: 54fffd6b 9788bb8e 17ffffe9 9777e48a (d4210000)
---[ end trace 0000000000000000 ]---
---
If you want syzbot to run the reproducer, reply with:
bio_chain+0x110/0x13c block/bio.c:335
gfs2_chain_bio fs/gfs2/lops.c:494 [inline]
gfs2_find_jhead+0x718/0xb30 fs/gfs2/lops.c:559
gfs2_recover_func+0x4e0/0x1670 fs/gfs2/recovery.c:460
process_one_work+0x7f4/0x13a8 kernel/workqueue.c:2292
worker_thread+0x8c8/0xfbc kernel/workqueue.c:2439
kthread+0x250/0x2d8 kernel/kthread.c:376
ret_from_fork+0x10/0x20 arch/arm64/kernel/entry.S:850
Code: 54fffd6b 9788bb8e 17ffffe9 9777e48a (d4210000)
---[ end trace 0000000000000000 ]---
---
#syz test: git://repo/address.git branch-or-commit-hash
If you attach or paste a git patch, syzbot will apply it before testing.
syzbot
Jan 12, 2026, 12:45:26 PM (2 days ago) Jan 12
to syzkaller...@googlegroups.com
syzbot has found a reproducer for the following issue on:
HEAD commit: c596736dadab Linux 6.6.120
git tree: linux-6.6.y
console output: https://syzkaller.appspot.com/x/log.txt?x=14d939fc580000
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=1783399a580000
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/855c94eb3eef/disk-c596736d.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/b7510b30b774/vmlinux-c596736d.xz
kernel image: https://storage.googleapis.com/syzbot-assets/3ce7fe4f6991/bzImage-c596736d.xz
mounted in repro: https://storage.googleapis.com/syzbot-assets/a88a1e68f488/mount_0.gz
fsck result: failed (log: https://syzkaller.appspot.com/x/fsck.log?x=1037299a580000)
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+6932c6...@syzkaller.appspotmail.com
syz.0.17[5931]: memfd_create() called without MFD_EXEC or MFD_NOEXEC_SEAL set
loop0: detected capacity change from 0 to 32768
gfs2: fsid=syz:syz: Trying to join cluster "lock_nolock", "syz:syz"
RAX: ffffffff84003d44 RBX: ffff88802e3b48c0 RCX: ffff888023c13c00
RDX: 0000000000000000 RSI: ffff88802e3b48c0 RDI: ffff88802e3b4a00
FS: 0000555590bc4500(0000) GS:ffff8880b8f00000(0000) knlGS:0000000000000000
RAX: ffffffffffffffda RBX: 00007fffa1ba5670 RCX: 00007fa08a190eea
RDX: 000020000001f680 RSI: 000020000001f6c0 RDI: 00007fffa1ba5630
RBP: 000020000001f680 R08: 00007fffa1ba5670 R09: 0000000000000084
RAX: ffffffff84003d44 RBX: ffff88802e3b48c0 RCX: ffff888023c13c00
RDX: 0000000000000000 RSI: ffff88802e3b48c0 RDI: ffff88802e3b4a00
FS: 0000555590bc4500(0000) GS:ffff8880b8e00000(0000) knlGS:0000000000000000
HEAD commit: c596736dadab Linux 6.6.120
git tree: linux-6.6.y
kernel config: https://syzkaller.appspot.com/x/.config?x=691a6769a86ac817
dashboard link: https://syzkaller.appspot.com/bug?extid=6932c6833ad7f040732b
compiler: Debian clang version 20.1.8 (++20250708063551+0c9f909b7976-1~exp1~20250708183702.136), Debian LLD 20.1.8
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=1435e5fa580000
dashboard link: https://syzkaller.appspot.com/bug?extid=6932c6833ad7f040732b
compiler: Debian clang version 20.1.8 (++20250708063551+0c9f909b7976-1~exp1~20250708183702.136), Debian LLD 20.1.8
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=1783399a580000
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/855c94eb3eef/disk-c596736d.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/b7510b30b774/vmlinux-c596736d.xz
kernel image: https://storage.googleapis.com/syzbot-assets/3ce7fe4f6991/bzImage-c596736d.xz
fsck result: failed (log: https://syzkaller.appspot.com/x/fsck.log?x=1037299a580000)
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+6932c6...@syzkaller.appspotmail.com
loop0: detected capacity change from 0 to 32768
gfs2: fsid=syz:syz: Trying to join cluster "lock_nolock", "syz:syz"
gfs2: fsid=syz:syz: Now mounting FS (format 1801)...
gfs2: fsid=syz:syz.s: journal 0 mapped with 3 extents in 0ms
------------[ cut here ]------------
kernel BUG at block/bio.c:340!
invalid opcode: 0000 [#1] PREEMPT SMP KASAN
CPU: 1 PID: 5931 Comm: syz.0.17 Not tainted syzkaller #0
gfs2: fsid=syz:syz.s: journal 0 mapped with 3 extents in 0ms
------------[ cut here ]------------
kernel BUG at block/bio.c:340!
invalid opcode: 0000 [#1] PREEMPT SMP KASAN
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
RIP: 0010:bio_chain+0xe4/0xf0 block/bio.c:340
Code: d2 df dc fd f0 ff 43 1c 5b 41 5c 41 5d 41 5e 41 5f 5d c3 89 f9 80 e1 07 fe c1 38 c1 7c d4 e8 93 dd dc fd eb cd e8 bc 6d 85 fd <0f> 0b e8 b5 6d 85 fd 0f 0b 0f 1f 00 f3 0f 1e fa 55 41 57 41 56 41
RSP: 0018:ffffc900033475b0 EFLAGS: 00010293
RIP: 0010:bio_chain+0xe4/0xf0 block/bio.c:340
Code: d2 df dc fd f0 ff 43 1c 5b 41 5c 41 5d 41 5e 41 5f 5d c3 89 f9 80 e1 07 fe c1 38 c1 7c d4 e8 93 dd dc fd eb cd e8 bc 6d 85 fd <0f> 0b e8 b5 6d 85 fd 0f 0b 0f 1f 00 f3 0f 1e fa 55 41 57 41 56 41
RAX: ffffffff84003d44 RBX: ffff88802e3b48c0 RCX: ffff888023c13c00
RDX: 0000000000000000 RSI: ffff88802e3b48c0 RDI: ffff88802e3b4a00
RBP: 0000000000000004 R08: ffffffff8e4a39ef R09: 1ffffffff1c9473d
R10: dffffc0000000000 R11: fffffbfff1c9473e R12: dffffc0000000000
R13: 1ffff11005c76948 R14: ffff88802e3b4a00 R15: ffff88802e3b4a40
R10: dffffc0000000000 R11: fffffbfff1c9473e R12: dffffc0000000000
FS: 0000555590bc4500(0000) GS:ffff8880b8f00000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007fbdbd7a2000 CR3: 0000000076e4c000 CR4: 00000000003506e0
Call Trace:
<TASK>
gfs2_chain_bio fs/gfs2/lops.c:495 [inline]
gfs2_find_jhead+0x5fa/0xd20 fs/gfs2/lops.c:559
check_journal_clean+0x191/0x300 fs/gfs2/util.c:76
init_journal+0x17f1/0x2260 fs/gfs2/ops_fstype.c:828
init_inodes+0xdb/0x320 fs/gfs2/ops_fstype.c:886
gfs2_fill_super+0x1815/0x1f80 fs/gfs2/ops_fstype.c:1266
get_tree_bdev+0x3e4/0x510 fs/super.c:1591
gfs2_get_tree+0x51/0x1e0 fs/gfs2/ops_fstype.c:1344
vfs_get_tree+0x8c/0x280 fs/super.c:1764
do_new_mount+0x24b/0xa40 fs/namespace.c:3386
do_mount fs/namespace.c:3726 [inline]
__do_sys_mount fs/namespace.c:3935 [inline]
__se_sys_mount+0x2da/0x3c0 fs/namespace.c:3912
do_syscall_x64 arch/x86/entry/common.c:46 [inline]
do_syscall_64+0x55/0xb0 arch/x86/entry/common.c:76
entry_SYSCALL_64_after_hwframe+0x68/0xd2
RIP: 0033:0x7fa08a190eea
<TASK>
gfs2_chain_bio fs/gfs2/lops.c:495 [inline]
gfs2_find_jhead+0x5fa/0xd20 fs/gfs2/lops.c:559
check_journal_clean+0x191/0x300 fs/gfs2/util.c:76
init_journal+0x17f1/0x2260 fs/gfs2/ops_fstype.c:828
init_inodes+0xdb/0x320 fs/gfs2/ops_fstype.c:886
gfs2_fill_super+0x1815/0x1f80 fs/gfs2/ops_fstype.c:1266
get_tree_bdev+0x3e4/0x510 fs/super.c:1591
gfs2_get_tree+0x51/0x1e0 fs/gfs2/ops_fstype.c:1344
vfs_get_tree+0x8c/0x280 fs/super.c:1764
do_new_mount+0x24b/0xa40 fs/namespace.c:3386
do_mount fs/namespace.c:3726 [inline]
__do_sys_mount fs/namespace.c:3935 [inline]
__se_sys_mount+0x2da/0x3c0 fs/namespace.c:3912
do_syscall_x64 arch/x86/entry/common.c:46 [inline]
do_syscall_64+0x55/0xb0 arch/x86/entry/common.c:76
entry_SYSCALL_64_after_hwframe+0x68/0xd2
Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 de 1a 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007fffa1ba55e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
RAX: ffffffffffffffda RBX: 00007fffa1ba5670 RCX: 00007fa08a190eea
RDX: 000020000001f680 RSI: 000020000001f6c0 RDI: 00007fffa1ba5630
RBP: 000020000001f680 R08: 00007fffa1ba5670 R09: 0000000000000084
R10: 0000000000000084 R11: 0000000000000246 R12: 000020000001f6c0
R13: 00007fffa1ba5630 R14: 000000000001f707 R15: 00002000000000c0
</TASK>
Modules linked in:
---[ end trace 0000000000000000 ]---
RIP: 0010:bio_chain+0xe4/0xf0 block/bio.c:340
Code: d2 df dc fd f0 ff 43 1c 5b 41 5c 41 5d 41 5e 41 5f 5d c3 89 f9 80 e1 07 fe c1 38 c1 7c d4 e8 93 dd dc fd eb cd e8 bc 6d 85 fd <0f> 0b e8 b5 6d 85 fd 0f 0b 0f 1f 00 f3 0f 1e fa 55 41 57 41 56 41
RSP: 0018:ffffc900033475b0 EFLAGS: 00010293
Modules linked in:
---[ end trace 0000000000000000 ]---
RIP: 0010:bio_chain+0xe4/0xf0 block/bio.c:340
Code: d2 df dc fd f0 ff 43 1c 5b 41 5c 41 5d 41 5e 41 5f 5d c3 89 f9 80 e1 07 fe c1 38 c1 7c d4 e8 93 dd dc fd eb cd e8 bc 6d 85 fd <0f> 0b e8 b5 6d 85 fd 0f 0b 0f 1f 00 f3 0f 1e fa 55 41 57 41 56 41
RAX: ffffffff84003d44 RBX: ffff88802e3b48c0 RCX: ffff888023c13c00
RDX: 0000000000000000 RSI: ffff88802e3b48c0 RDI: ffff88802e3b4a00
RBP: 0000000000000004 R08: ffffffff8e4a39ef R09: 1ffffffff1c9473d
R10: dffffc0000000000 R11: fffffbfff1c9473e R12: dffffc0000000000
R13: 1ffff11005c76948 R14: ffff88802e3b4a00 R15: ffff88802e3b4a40
R10: dffffc0000000000 R11: fffffbfff1c9473e R12: dffffc0000000000
FS: 0000555590bc4500(0000) GS:ffff8880b8e00000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007fbdbd1909c0 CR3: 0000000076e4c000 CR4: 00000000003506f0
Reply all
Reply to author
Forward
0 new messages