Re: [syzbot] [gfs2?] WARNING in rgblk_free (2)

Re: [syzbot] [gfs2?] WARNING in rgblk_free (2)

[syzbot]

Hello,

syzbot tried to test the proposed patch but the build/boot failed:

lost connection to test machine



syzkaller login: qemu-system-x86_64: ahci: PRDT length for NCQ command (0x0) is smaller than the requested size (0xc0000)
qemu-system-x86_64: ahci: PRDT length for NCQ command (0x0) is smaller than the requested size (0x400000)
[   89.858685][ T1014] ata1.00: Read log 0x10 page 0x00 failed, Emask 0x1
[   89.861727][ T1014] ata1: failed to read log page 10h (errno=-5)
[   89.864528][ T1014] ata1.00: exception Emask 0x1 SAct 0x40001800 SErr 0x0 action 0x0
[   89.882551][ T1014] ata1.00: irq_stat 0x41000000
[   89.890503][ T1014] ata1.00: failed command: WRITE FPDMA QUEUED
[   89.893877][ T1014] ata1.00: cmd 61/00:58:36:a1:04/20:00:00:00:00/40 tag 11 ncq dma 4194304 ou
[   89.893877][ T1014]          res 50/04:00:00:00:00/00:00:00:00:00/00 Emask 0x1 (device error)
[   89.915460][ T1014] ata1.00: status: { DRDY }
[   89.920297][ T1014] ata1.00: error: { ABRT }
[   89.923386][ T1014] ata1.00: failed command: WRITE FPDMA QUEUED
[   89.931869][ T1014] ata1.00: cmd 61/00:60:36:c1:04/20:00:00:00:00/40 tag 12 ncq dma 4194304 ou
[   89.931869][ T1014]          res 50/04:00:00:00:00/00:00:00:00:00/00 Emask 0x1 (device error)
[   89.950869][ T1014] ata1.00: status: { DRDY }
[   89.956448][ T1014] ata1.00: error: { ABRT }
[   89.958509][ T1014] ata1.00: failed command: WRITE FPDMA QUEUED
[   89.961206][ T1014] ata1.00: cmd 61/00:f0:6e:4d:04/06:00:00:00:00/40 tag 30 ncq dma 786432 out
[   89.961206][ T1014]          res 50/04:00:00:00:00/00:00:00:00:00/00 Emask 0x1 (device error)
[   89.982304][ T1014] ata1.00: status: { DRDY }
[   89.991443][ T1014] ata1.00: error: { ABRT }
[   90.000906][ T1014] ata1.00: configured for UDMA/100
[   90.010275][ T1014] ata1: EH complete
qemu-system-x86_64: ahci: PRDT length for NCQ command (0x0) is smaller than the requested size (0x400000)
Warning: Permanently added '[localhost]:64818' (ED25519) to the list of known hosts.
2026/04/17 10:25:55 parsed 1 programs
[   96.907509][    T9] cfg80211: failed to load regulatory.db
[   98.569240][ T5315] cgroup: Unknown subsys name 'net'
[   98.640395][ T5315] cgroup: Unknown subsys name 'cpuset'
[   98.647229][ T5315] cgroup: Unknown subsys name 'rlimit'
[  142.980103][ T1317] ieee802154 phy0 wpan0: encryption failed: -22
[  142.983476][ T1317] ieee802154 phy1 wpan1: encryption failed: -22
[  157.075680][ T1014] ata1.00: exception Emask 0x0 SAct 0x800 SErr 0x0 action 0x6 frozen
[  157.079696][ T1014] ata1.00: failed command: WRITE FPDMA QUEUED
[  157.082402][ T1014] ata1.00: cmd 61/00:58:36:61:05/20:00:00:00:00/40 tag 11 ncq dma 4194304 ou
[  157.082402][ T1014]          res 40/00:00:00:00:00/00:00:00:00:00/00 Emask 0x4 (timeout)
[  157.090593][ T1014] ata1.00: status: { DRDY }
[  157.092972][ T1014] ata1: hard resetting link
[  157.416392][ T1014] ata1: SATA link up 1.5 Gbps (SStatus 113 SControl 300)
[  157.420997][ T1014] ata1.00: configured for UDMA/100
[  157.424015][ T1014] ata1: EH complete
qemu-system-x86_64: ahci: PRDT length for NCQ command (0x0) is smaller than the requested size (0x400000)
[  157.446324][ T1014] ata1.00: Read log 0x10 page 0x00 failed, Emask 0x1
[  157.449310][ T1014] ata1: failed to read log page 10h (errno=-5)
[  157.451924][ T1014] ata1.00: NCQ disabled due to excessive errors
[  157.454677][ T1014] ata1.00: exception Emask 0x1 SAct 0x200000 SErr 0x0 action 0x0
[  157.470790][ T1014] ata1.00: irq_stat 0x41000000
[  157.480554][ T1014] ata1.00: failed command: WRITE FPDMA QUEUED
[  157.483383][ T1014] ata1.00: cmd 61/00:a8:36:61:05/20:00:00:00:00/40 tag 21 ncq dma 4194304 ou
[  157.483383][ T1014]          res 50/04:00:00:00:00/00:00:00:00:00/00 Emask 0x1 (device error)
[  157.491197][ T1014] ata1.00: status: { DRDY }
[  157.493200][ T1014] ata1.00: error: { ABRT }
[  157.496680][ T1014] ata1.00: configured for UDMA/100
[  157.499460][ T1014] ata1: EH complete
qemu-system-x86_64: hw/ide/core.c:934: ide_dma_cb: Assertion `prep_size >= 0 && prep_size <= n * 512' failed.
Connection to localhost closed by remote host.


syzkaller build log:
go env (err=<nil>)
AR='ar'
CC='gcc'
CGO_CFLAGS='-O2 -g'
CGO_CPPFLAGS=''
CGO_CXXFLAGS='-O2 -g'
CGO_ENABLED='1'
CGO_FFLAGS='-O2 -g'
CGO_LDFLAGS='-O2 -g'
CXX='g++'
GCCGO='gccgo'
GO111MODULE='auto'
GOAMD64='v1'
GOARCH='amd64'
GOAUTH='netrc'
GOBIN=''
GOCACHE='/syzkaller/.cache/go-build'
GOCACHEPROG=''
GODEBUG=''
GOENV='/syzkaller/.config/go/env'
GOEXE=''
GOEXPERIMENT=''
GOFIPS140='off'
GOFLAGS=''
GOGCCFLAGS='-fPIC -m64 -pthread -Wl,--no-gc-sections -fmessage-length=0 -ffile-prefix-map=/tmp/go-build3275867337=/tmp/go-build -gno-record-gcc-switches'
GOHOSTARCH='amd64'
GOHOSTOS='linux'
GOINSECURE=''
GOMOD='/syzkaller/jobs/linux/gopath/src/github.com/google/syzkaller/go.mod'
GOMODCACHE='/syzkaller/jobs/linux/gopath/pkg/mod'
GONOPROXY=''
GONOSUMDB=''
GOOS='linux'
GOPATH='/syzkaller/jobs/linux/gopath'
GOPRIVATE=''
GOPROXY='https://proxy.golang.org,direct'
GOROOT='/usr/local/go'
GOSUMDB='sum.golang.org'
GOTELEMETRY='local'
GOTELEMETRYDIR='/syzkaller/.config/go/telemetry'
GOTMPDIR=''
GOTOOLCHAIN='auto'
GOTOOLDIR='/usr/local/go/pkg/tool/linux_amd64'
GOVCS=''
GOVERSION='go1.26.0'
GOWORK=''
PKG_CONFIG='pkg-config'

git status (err=<nil>)
HEAD detached at d1b870e1003b
nothing to commit, working tree clean


tput: No value for $TERM and no -T specified
tput: No value for $TERM and no -T specified
Makefile:31: run command via tools/syz-env for best compatibility, see:
Makefile:32: https://github.com/google/syzkaller/blob/master/docs/contributing.md#using-syz-env
go list -f '{{.Stale}}' -ldflags="-s -w -X github.com/google/syzkaller/prog.GitRevision=d1b870e1003b52891d2196c1e2ee42fe905010ba -X github.com/google/syzkaller/prog.gitRevisionDate=20251128-125159"  ./sys/syz-sysgen | grep -q false || go install -ldflags="-s -w -X github.com/google/syzkaller/prog.GitRevision=d1b870e1003b52891d2196c1e2ee42fe905010ba -X github.com/google/syzkaller/prog.gitRevisionDate=20251128-125159"  ./sys/syz-sysgen
make .descriptions
tput: No value for $TERM and no -T specified
tput: No value for $TERM and no -T specified
Makefile:31: run command via tools/syz-env for best compatibility, see:
Makefile:32: https://github.com/google/syzkaller/blob/master/docs/contributing.md#using-syz-env
bin/syz-sysgen
touch .descriptions
GOOS=linux GOARCH=amd64 go build -ldflags="-s -w -X github.com/google/syzkaller/prog.GitRevision=d1b870e1003b52891d2196c1e2ee42fe905010ba -X github.com/google/syzkaller/prog.gitRevisionDate=20251128-125159"  -o ./bin/linux_amd64/syz-execprog github.com/google/syzkaller/tools/syz-execprog
mkdir -p ./bin/linux_amd64
g++ -o ./bin/linux_amd64/syz-executor executor/executor.cc \
	-m64 -O2 -pthread -Wall -Werror -Wparentheses -Wunused-const-variable -Wframe-larger-than=16384 -Wno-stringop-overflow -Wno-array-bounds -Wno-format-overflow -Wno-unused-but-set-variable -Wno-unused-command-line-argument -static-pie -std=c++17 -I. -Iexecutor/_include   -DGOOS_linux=1 -DGOARCH_amd64=1 \
	-DHOSTGOOS_linux=1 -DGIT_REVISION=\"d1b870e1003b52891d2196c1e2ee42fe905010ba\"
/usr/bin/ld: /tmp/ccpJgQJT.o: in function `Connection::Connect(char const*, char const*)':
executor.cc:(.text._ZN10Connection7ConnectEPKcS1_[_ZN10Connection7ConnectEPKcS1_]+0x386): warning: Using 'gethostbyname' in statically linked applications requires at runtime the shared libraries from the glibc version used for linking
./tools/check-syzos.sh 2>/dev/null



Tested on:

commit:         43cfbdda Merge tag 'for-linus-iommufd' of git://git.ke..
git tree:       https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git master
kernel config:  https://syzkaller.appspot.com/x/.config?x=54b300c91b61ad10
dashboard link: https://syzkaller.appspot.com/bug?extid=3e2c95229d1ab81a0bfd
compiler:       Debian clang version 21.1.8 (++20251221033036+2078da43e25a-1~exp1~20251221153213.50), Debian LLD 21.1.8
patch:          https://syzkaller.appspot.com/x/patch.diff?x=11f70fca580000

Re: [syzbot] [gfs2?] WARNING in rgblk_free (2)

[syzbot]

Hello,

syzbot tried to test the proposed patch but the build/boot failed:

failed to copy syz-execprog to VM: scp failed: failed to run ["scp" "-P" "64862" "-F" "/dev/null" "-o" "UserKnownHostsFile=/dev/null" "-o" "IdentitiesOnly=yes" "-o" "BatchMode=yes" "-o" "StrictHostKeyChecking=no" "-o" "ConnectTimeout=10" "-v" "/syzkaller/jobs/linux/gopath/src/github.com/google/syzkaller/bin/linux_amd64/syz-execprog" "root@localhost:/syz-execprog"]: exit status 1
Executing: program /usr/bin/ssh host localhost, user root, command sftp
debug1: OpenSSH_10.0p2 Debian-7, OpenSSL 3.5.4 30 Sep 2025
debug1: Reading configuration data /dev/null
debug1: Connecting to localhost [::1] port 64862.
debug1: connect to address ::1 port 64862: Connection refused
debug1: Connecting to localhost [127.0.0.1] port 64862.
debug1: fd 3 clearing O_NONBLOCK
debug1: Connection established.
debug1: identity file /root/.ssh/id_rsa type -1
debug1: identity file /root/.ssh/id_rsa-cert type -1
debug1: identity file /root/.ssh/id_ecdsa type -1
debug1: identity file /root/.ssh/id_ecdsa-cert type -1
debug1: identity file /root/.ssh/id_ecdsa_sk type -1
debug1: identity file /root/.ssh/id_ecdsa_sk-cert type -1
debug1: identity file /root/.ssh/id_ed25519 type -1
debug1: identity file /root/.ssh/id_ed25519-cert type -1
debug1: identity file /root/.ssh/id_ed25519_sk type -1
debug1: identity file /root/.ssh/id_ed25519_sk-cert type -1
debug1: identity file /root/.ssh/id_xmss type -1
debug1: identity file /root/.ssh/id_xmss-cert type -1
debug1: Local version string SSH-2.0-OpenSSH_10.0p2 Debian-7
debug1: Remote protocol version 2.0, remote software version OpenSSH_9.9
debug1: compat_banner: match: OpenSSH_9.9 pat OpenSSH* compat 0x04000000
debug1: Authenticating to localhost:64862 as 'root'
debug1: load_hostkeys: fopen /etc/ssh/ssh_known_hosts: No such file or directory
debug1: load_hostkeys: fopen /etc/ssh/ssh_known_hosts2: No such file or directory
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: algorithm: mlkem768x25519-sha256
debug1: kex: host key algorithm: ssh-ed25519
debug1: kex: server->client cipher: chacha20-poly1305@openssh.com MAC: <implicit> compression: none
debug1: kex: client->server cipher: chacha20-poly1305@openssh.com MAC: <implicit> compression: none
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: SSH2_MSG_KEX_ECDH_REPLY received
debug1: Server host key: ssh-ed25519 SHA256:EAvWV3GG8odMD+k20F251zjwXNDbyLo/P7N2oY0DvFQ
debug1: load_hostkeys: fopen /etc/ssh/ssh_known_hosts: No such file or directory
debug1: load_hostkeys: fopen /etc/ssh/ssh_known_hosts2: No such file or directory
debug1: checking without port identifier
debug1: load_hostkeys: fopen /etc/ssh/ssh_known_hosts: No such file or directory
debug1: load_hostkeys: fopen /etc/ssh/ssh_known_hosts2: No such file or directory
Warning: Permanently added '[localhost]:64862' (ED25519) to the list of known hosts.
debug1: ssh_packet_send2_wrapped: resetting send seqnr 3
debug1: rekey out after 134217728 blocks
debug1: SSH2_MSG_NEWKEYS sent
debug1: Sending SSH2_MSG_EXT_INFO
debug1: expecting SSH2_MSG_NEWKEYS
debug1: ssh_packet_read_poll2: resetting read seqnr 3
debug1: SSH2_MSG_NEWKEYS received
debug1: rekey in after 134217728 blocks
debug1: SSH2_MSG_EXT_INFO received
debug1: kex_ext_info_client_parse: server-sig-algs=<ssh-ed25519,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,sk-ssh-ed25519@openssh.com,sk-ecdsa-sha2-nistp256@openssh.com,rsa-sha2-512,rsa-sha2-256>
debug1: kex_ext_info_check_ver: publickey-hostbound@openssh.com=<0>
debug1: kex_ext_info_check_ver: ping@openssh.com=<0>
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: SSH2_MSG_EXT_INFO received
debug1: kex_ext_info_client_parse: server-sig-algs=<ssh-ed25519,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,sk-ssh-ed25519@openssh.com,sk-ecdsa-sha2-nistp256@openssh.com,rsa-sha2-512,rsa-sha2-256>
Authenticated to localhost ([127.0.0.1]:64862) using "none".
debug1: channel 0: new session [client-session] (inactive timeout: 0)
debug1: Requesting no-more-sessions@openssh.com
debug1: Entering interactive session.
debug1: pledge: network
debug1: client_input_global_request: rtype hostkeys-00@openssh.com want_reply 0
debug1: Sending subsystem: sftp
debug1: pledge: fork
Read from remote host localhost: Connection reset by peer
client_loop: send disconnect: Broken pipe
lost connection




syzkaller build log:
go env (err=<nil>)
AR='ar'
CC='gcc'
CGO_CFLAGS='-O2 -g'
CGO_CPPFLAGS=''
CGO_CXXFLAGS='-O2 -g'
CGO_ENABLED='1'
CGO_FFLAGS='-O2 -g'
CGO_LDFLAGS='-O2 -g'
CXX='g++'
GCCGO='gccgo'
GO111MODULE='auto'
GOAMD64='v1'
GOARCH='amd64'
GOAUTH='netrc'
GOBIN=''
GOCACHE='/syzkaller/.cache/go-build'
GOCACHEPROG=''
GODEBUG=''
GOENV='/syzkaller/.config/go/env'
GOEXE=''
GOEXPERIMENT=''
GOFIPS140='off'
GOFLAGS=''
GOGCCFLAGS='-fPIC -m64 -pthread -Wl,--no-gc-sections -fmessage-length=0 -ffile-prefix-map=/tmp/go-build2177672693=/tmp/go-build -gno-record-gcc-switches'
GOHOSTARCH='amd64'
GOHOSTOS='linux'
GOINSECURE=''
GOMOD='/syzkaller/jobs/linux/gopath/src/github.com/google/syzkaller/go.mod'
GOMODCACHE='/syzkaller/jobs/linux/gopath/pkg/mod'
GONOPROXY=''
GONOSUMDB=''
GOOS='linux'
GOPATH='/syzkaller/jobs/linux/gopath'
GOPRIVATE=''
GOPROXY='https://proxy.golang.org,direct'
GOROOT='/usr/local/go'
GOSUMDB='sum.golang.org'
GOTELEMETRY='local'
GOTELEMETRYDIR='/syzkaller/.config/go/telemetry'
GOTMPDIR=''
GOTOOLCHAIN='auto'
GOTOOLDIR='/usr/local/go/pkg/tool/linux_amd64'
GOVCS=''
GOVERSION='go1.26.0'
GOWORK=''
PKG_CONFIG='pkg-config'

git status (err=<nil>)
HEAD detached at d1b870e1003b
nothing to commit, working tree clean


tput: No value for $TERM and no -T specified
tput: No value for $TERM and no -T specified
Makefile:31: run command via tools/syz-env for best compatibility, see:
Makefile:32: https://github.com/google/syzkaller/blob/master/docs/contributing.md#using-syz-env
go list -f '{{.Stale}}' -ldflags="-s -w -X github.com/google/syzkaller/prog.GitRevision=d1b870e1003b52891d2196c1e2ee42fe905010ba -X github.com/google/syzkaller/prog.gitRevisionDate=20251128-125159"  ./sys/syz-sysgen | grep -q false || go install -ldflags="-s -w -X github.com/google/syzkaller/prog.GitRevision=d1b870e1003b52891d2196c1e2ee42fe905010ba -X github.com/google/syzkaller/prog.gitRevisionDate=20251128-125159"  ./sys/syz-sysgen
make .descriptions
tput: No value for $TERM and no -T specified
tput: No value for $TERM and no -T specified
Makefile:31: run command via tools/syz-env for best compatibility, see:
Makefile:32: https://github.com/google/syzkaller/blob/master/docs/contributing.md#using-syz-env
bin/syz-sysgen
touch .descriptions
GOOS=linux GOARCH=amd64 go build -ldflags="-s -w -X github.com/google/syzkaller/prog.GitRevision=d1b870e1003b52891d2196c1e2ee42fe905010ba -X github.com/google/syzkaller/prog.gitRevisionDate=20251128-125159"  -o ./bin/linux_amd64/syz-execprog github.com/google/syzkaller/tools/syz-execprog
mkdir -p ./bin/linux_amd64
g++ -o ./bin/linux_amd64/syz-executor executor/executor.cc \
	-m64 -O2 -pthread -Wall -Werror -Wparentheses -Wunused-const-variable -Wframe-larger-than=16384 -Wno-stringop-overflow -Wno-array-bounds -Wno-format-overflow -Wno-unused-but-set-variable -Wno-unused-command-line-argument -static-pie -std=c++17 -I. -Iexecutor/_include   -DGOOS_linux=1 -DGOARCH_amd64=1 \
	-DHOSTGOOS_linux=1 -DGIT_REVISION=\"d1b870e1003b52891d2196c1e2ee42fe905010ba\"
/usr/bin/ld: /tmp/ccbsbvqP.o: in function `Connection::Connect(char const*, char const*)':
executor.cc:(.text._ZN10Connection7ConnectEPKcS1_[_ZN10Connection7ConnectEPKcS1_]+0x386): warning: Using 'gethostbyname' in statically linked applications requires at runtime the shared libraries from the glibc version used for linking
./tools/check-syzos.sh 2>/dev/null



Tested on:

commit:         d730905b Merge tag 'mips_7.1' of git://git.kernel.org/..
git tree:       https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git master
kernel config:  https://syzkaller.appspot.com/x/.config?x=54b300c91b61ad10
dashboard link: https://syzkaller.appspot.com/bug?extid=3e2c95229d1ab81a0bfd
compiler:       Debian clang version 21.1.8 (++20251221033036+2078da43e25a-1~exp1~20251221153213.50), Debian LLD 21.1.8
patch:          https://syzkaller.appspot.com/x/patch.diff?x=17626f16580000

[syzbot] [gfs2?] WARNING in rgblk_free (2)

[syzbot]

Hello,

syzbot found the following issue on:

HEAD commit:    54e82e93ca93 Merge tag 'core_urgent_for_v6.19_rc4' of git:..
git tree:       upstream
console output: https://syzkaller.appspot.com/x/log.txt?x=1216e5fa580000
kernel config:  https://syzkaller.appspot.com/x/.config?x=513255d80ab78f2b
dashboard link: https://syzkaller.appspot.com/bug?extid=3e2c95229d1ab81a0bfd
compiler:       Debian clang version 20.1.8 (++20250708063551+0c9f909b7976-1~exp1~20250708183702.136), Debian LLD 20.1.8
syz repro:      https://syzkaller.appspot.com/x/repro.syz?x=11b4bc3a580000
C reproducer:   https://syzkaller.appspot.com/x/repro.c?x=1015b922580000

Downloadable assets:
disk image (non-bootable): https://storage.googleapis.com/syzbot-assets/d900f083ada3/non_bootable_disk-54e82e93.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/f3befb5f53a4/vmlinux-54e82e93.xz
kernel image: https://storage.googleapis.com/syzbot-assets/92820ca1dbd8/bzImage-54e82e93.xz
mounted in repro: https://storage.googleapis.com/syzbot-assets/074df7c33445/mount_0.gz
  fsck result: failed (log: https://syzkaller.appspot.com/x/fsck.log?x=10da39fc580000)

IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+3e2c95229d1ab81a0bfd@syzkaller.appspotmail.com

gfs2: fsid=syz:syz.0: first mount done, others may mount
gfs2: fsid=syz:syz.0: found 1 quota changes
------------[ cut here ]------------
WARNING: fs/gfs2/rgrp.c:2267 at rgblk_free+0x136/0x750 fs/gfs2/rgrp.c:2267, CPU#0: syz.0.17/5483
Modules linked in:
CPU: 0 UID: 0 PID: 5483 Comm: syz.0.17 Not tainted syzkaller #0 PREEMPT(full) 
Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
RIP: 0010:rgblk_free+0x136/0x750 fs/gfs2/rgrp.c:2267
Code: c0 0f 85 fe 05 00 00 45 8b 36 44 89 f7 44 89 e6 e8 cf 42 b9 fd 45 39 e6 76 2e e8 05 41 b9 fd e9 89 00 00 00 e8 fb 40 b9 fd 90 <0f> 0b 65 48 8b 05 b0 f9 78 0e 48 3b 84 24 80 00 00 00 0f 85 a0 05
RSP: 0018:ffffc90002797a80 EFLAGS: 00010293
RAX: ffffffff8407c5a6 RBX: ffff88801fce7000 RCX: ffff888000634980
RDX: 0000000000000000 RSI: 0000000000000927 RDI: 0000000025540013
RBP: ffff88801fce7000 R08: ffffffff8f824677 R09: 1ffffffff1f048ce
R10: dffffc0000000000 R11: fffffbfff1f048cf R12: 0000000000000927
R13: 0000000000000001 R14: 0000000025540013 R15: dffffc0000000000
FS:  000055556242d500(0000) GS:ffff88808d414000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000000000000000 CR3: 0000000011b5f000 CR4: 0000000000352ef0
Call Trace:
 <TASK>
 gfs2_unlink_di+0x296/0x420 fs/gfs2/rgrp.c:2566
 gfs2_unlink_inode+0x11d/0x180 fs/gfs2/inode.c:1226
 gfs2_unlink+0x448/0x550 fs/gfs2/inode.c:1298
 vfs_rmdir+0x512/0x660 fs/namei.c:5236
 do_rmdir+0x27f/0x4a0 fs/namei.c:5291
 __do_sys_rmdir fs/namei.c:5315 [inline]
 __se_sys_rmdir fs/namei.c:5313 [inline]
 __x64_sys_rmdir+0x47/0x50 fs/namei.c:5313
 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
 do_syscall_64+0xec/0xf80 arch/x86/entry/syscall_64.c:94
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7fbfb358f7c9
Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007ffc4142d868 EFLAGS: 00000246 ORIG_RAX: 0000000000000054
RAX: ffffffffffffffda RBX: 00007fbfb37e5fa0 RCX: 00007fbfb358f7c9
RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000200000000100
RBP: 00007fbfb3613f91 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 00007fbfb37e5fa0 R14: 00007fbfb37e5fa0 R15: 0000000000000001
 </TASK>


---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzkaller@googlegroups.com.

syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.

If the report is already addressed, let syzbot know by replying with:
#syz fix: exact-commit-title

If you want syzbot to run the reproducer, reply with:
#syz test: git://repo/address.git branch-or-commit-hash
If you attach or paste a git patch, syzbot will apply it before testing.

If you want to overwrite report's subsystems, reply with:
#syz set subsystems: new-subsystem
(See the list of subsystem names on the web dashboard)

If the report is a duplicate of another one, reply with:
#syz dup: exact-subject-of-another-report

If you want to undo deduplication, reply with:
#syz undup

Re: [syzbot] [gfs2?] WARNING in rgblk_free (2)

[Andrew Price]

On 12/01/2026 15:49, syzbot wrote:
> Hello,
> 
> syzbot found the following issue on:
> 
> HEAD commit:    54e82e93ca93 Merge tag 'core_urgent_for_v6.19_rc4' of git:..
> git tree:       upstream
> console output: https://syzkaller.appspot.com/x/log.txt?x=1216e5fa580000
> kernel config:  https://syzkaller.appspot.com/x/.config?x=513255d80ab78f2b
> dashboard link: https://syzkaller.appspot.com/bug?extid=3e2c95229d1ab81a0bfd
> compiler:       Debian clang version 20.1.8 (++20250708063551+0c9f909b7976-1~exp1~20250708183702.136), Debian LLD 20.1.8
> syz repro:      https://syzkaller.appspot.com/x/repro.syz?x=11b4bc3a580000
> C reproducer:   https://syzkaller.appspot.com/x/repro.c?x=1015b922580000
> 
> Downloadable assets:
> disk image (non-bootable): https://storage.googleapis.com/syzbot-assets/d900f083ada3/non_bootable_disk-54e82e93.raw.xz
> vmlinux: https://storage.googleapis.com/syzbot-assets/f3befb5f53a4/vmlinux-54e82e93.xz
> kernel image: https://storage.googleapis.com/syzbot-assets/92820ca1dbd8/bzImage-54e82e93.xz
> mounted in repro: https://storage.googleapis.com/syzbot-assets/074df7c33445/mount_0.gz
>   fsck result: failed (log: https://syzkaller.appspot.com/x/fsck.log?x=10da39fc580000)
> 
> IMPORTANT: if you fix the issue, please add the following tag to the commit:
> Reported-by: syzbot+3e2c95229d1ab81a0bfd@syzkaller.appspotmail.com
> 
> gfs2: fsid=syz:syz.0: first mount done, others may mount
> gfs2: fsid=syz:syz.0: found 1 quota changes
> ------------[ cut here ]------------
> WARNING: fs/gfs2/rgrp.c:2267 at rgblk_free+0x136/0x750 fs/gfs2/rgrp.c:2267, CPU#0: syz.0.17/5483

The test is scribbling on an rindex entry's ri_data0.

#syz test

--- a/fs/gfs2/rgrp.c
+++ b/fs/gfs2/rgrp.c
@@ -871,11 +871,15 @@ static int rgd_insert(struct gfs2_rgrpd *rgd)
                                                  rd_node);
 
                parent = *newn;
-               if (rgd->rd_addr < cur->rd_addr)
+               if (rgd->rd_addr < cur->rd_addr) {
+                       if (rgd->rd_data0 + rgd->rd_data > cur->rd_addr)
+                               return -EUCLEAN;
                        newn = &((*newn)->rb_left);
-               else if (rgd->rd_addr > cur->rd_addr)
+               } else if (rgd->rd_addr > cur->rd_addr) {
+                       if (rgd->rd_addr < cur->rd_data0)
+                               return -EUCLEAN;
                        newn = &((*newn)->rb_right);
-               else
+               } else
                        return -EEXIST;
        }
 
@@ -944,7 +948,8 @@ static int read_rindex_entry(struct gfs2_inode *ip)
                return 0;
        }
 
-       error = 0; /* someone else read in the rgrp; free it and ignore it */
+       if (error == -EEXIST)
+               error = 0; /* someone else read in the rgrp; free it and ignore it */
 fail_glock:
        gfs2_glock_put(rgd->rd_gl);
 

Re: [syzbot] [gfs2?] WARNING in rgblk_free (2)

[syzbot]

Hello,

syzbot has tested the proposed patch and the reproducer did not trigger any issue:

Reported-by: syzbot+3e2c95229d1ab81a0bfd@syzkaller.appspotmail.com
Tested-by: syzbot+3e2c95229d1ab81a0bfd@syzkaller.appspotmail.com

Tested on:

commit:         0f61b186 Linux 6.19-rc5
git tree:       upstream
console output: https://syzkaller.appspot.com/x/log.txt?x=1030a99a580000
kernel config:  https://syzkaller.appspot.com/x/.config?x=3027d9a5f96d82ca
dashboard link: https://syzkaller.appspot.com/bug?extid=3e2c95229d1ab81a0bfd
compiler:       Debian clang version 20.1.8 (++20250708063551+0c9f909b7976-1~exp1~20250708183702.136), Debian LLD 20.1.8
patch:          https://syzkaller.appspot.com/x/patch.diff?x=13a3e5fa580000

Note: testing is done by a robot and is best-effort only.