[v6.1] BUG: sleeping function called from invalid context in gfs2_withdraw
4 views
Skip to first unread message
syzbot
Mar 23, 2025, 2:44:26 PM3/23/25
to syzkaller...@googlegroups.com
Hello,
syzbot found the following issue on:
HEAD commit: 344a09659766 Linux 6.1.131
git tree: linux-6.1.y
console output: https://syzkaller.appspot.com/x/log.txt?x=17b2c43f980000
kernel config: https://syzkaller.appspot.com/x/.config?x=14d5dbae75afa499
dashboard link: https://syzkaller.appspot.com/bug?extid=3c60ffb83d033a8bb895
compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40
userspace arch: arm64
Unfortunately, I don't have any reproducer for this issue yet.
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/8c94453bbad3/disk-344a0965.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/6bf26518c790/vmlinux-344a0965.xz
kernel image: https://storage.googleapis.com/syzbot-assets/424da9a470eb/Image-344a0965.gz.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+3c60ff...@syzkaller.appspotmail.com
loop1: rw=1, sector=16778990, nr_sectors = 2 limit=32768
gfs2: fsid=syz:syz.0: Error 10 writing to journal, jid=0
gfs2: fsid=syz:syz.0: fatal: I/O error(s)
gfs2: fsid=syz:syz.0: about to withdraw this file system
BUG: sleeping function called from invalid context at kernel/sched/completion.c:101
in_atomic(): 1, irqs_disabled(): 0, non_block: 0, pid: 5579, name: syz.1.117
preempt_count: 1, expected: 0
RCU nest depth: 0, expected: 0
6 locks held by syz.1.117/5579:
#0: ffff0000fc890460 (sb_writers#13){.+.+}-{0:0}, at: mnt_want_write+0x44/0x9c fs/namespace.c:393
#1: ffff0000f45d0808 (&type->i_mutex_dir_key#10){++++}-{3:3}, at: inode_lock include/linux/fs.h:758 [inline]
#1: ffff0000f45d0808 (&type->i_mutex_dir_key#10){++++}-{3:3}, at: open_last_lookups fs/namei.c:3547 [inline]
#1: ffff0000f45d0808 (&type->i_mutex_dir_key#10){++++}-{3:3}, at: path_openat+0x5ec/0x2548 fs/namei.c:3780
#2: ffff0000fc890650 (sb_internal#6){.+.+}-{0:0}, at: gfs2_trans_begin+0xa8/0x11c fs/gfs2/trans.c:118
#3: ffff0000c3c2d058 (&sdp->sd_log_flush_lock){++++}-{3:3}, at: gfs2_log_flush+0xb4/0x1b20 fs/gfs2/log.c:1043
#4: ffff0000c3c2ce80 (&sdp->sd_log_lock){+.+.}-{2:2}, at: spin_lock include/linux/spinlock.h:351 [inline]
#4: ffff0000c3c2ce80 (&sdp->sd_log_lock){+.+.}-{2:2}, at: gfs2_log_lock fs/gfs2/log.h:32 [inline]
#4: ffff0000c3c2ce80 (&sdp->sd_log_lock){+.+.}-{2:2}, at: gfs2_flush_revokes+0x50/0x94 fs/gfs2/log.c:814
#5: ffff0000c3c2d248 (&sdp->sd_freeze_mutex){+.+.}-{3:3}, at: signal_our_withdraw fs/gfs2/util.c:155 [inline]
#5: ffff0000c3c2d248 (&sdp->sd_freeze_mutex){+.+.}-{3:3}, at: gfs2_withdraw+0x430/0x140c fs/gfs2/util.c:354
Preemption disabled at:
[<ffff80000a4375ac>] spin_lock include/linux/spinlock.h:351 [inline]
[<ffff80000a4375ac>] gfs2_log_lock fs/gfs2/log.h:32 [inline]
[<ffff80000a4375ac>] gfs2_flush_revokes+0x50/0x94 fs/gfs2/log.c:814
CPU: 1 PID: 5579 Comm: syz.1.117 Not tainted 6.1.131-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
Call trace:
dump_backtrace+0x1c8/0x1f4 arch/arm64/kernel/stacktrace.c:158
show_stack+0x2c/0x3c arch/arm64/kernel/stacktrace.c:165
__dump_stack lib/dump_stack.c:88 [inline]
dump_stack_lvl+0x108/0x170 lib/dump_stack.c:106
dump_stack+0x1c/0x58 lib/dump_stack.c:113
__might_resched+0x37c/0x4d8 kernel/sched/core.c:9957
__might_sleep+0x90/0xe4 kernel/sched/core.c:9886
__wait_for_common kernel/sched/completion.c:101 [inline]
wait_for_common kernel/sched/completion.c:117 [inline]
wait_for_completion+0x24/0x60 kernel/sched/completion.c:138
kthread_stop+0x1d8/0x8c0 kernel/kthread.c:711
signal_our_withdraw fs/gfs2/util.c:159 [inline]
gfs2_withdraw+0x49c/0x140c fs/gfs2/util.c:354
gfs2_ail1_empty+0x744/0x7d4 fs/gfs2/log.c:377
gfs2_flush_revokes+0x5c/0x94 fs/gfs2/log.c:815
revoke_lo_before_commit+0x3c/0x640 fs/gfs2/lops.c:869
lops_before_commit fs/gfs2/lops.h:40 [inline]
gfs2_log_flush+0x884/0x1b20 fs/gfs2/log.c:1102
gfs2_trans_end+0x2f8/0x4c4 fs/gfs2/trans.c:158
alloc_dinode+0x33c/0x478 fs/gfs2/inode.c:410
gfs2_create_inode+0xc58/0x1548 fs/gfs2/inode.c:711
gfs2_atomic_open+0xd8/0x1c4 fs/gfs2/inode.c:1292
atomic_open fs/namei.c:3345 [inline]
lookup_open fs/namei.c:3453 [inline]
open_last_lookups fs/namei.c:3550 [inline]
path_openat+0xbf8/0x2548 fs/namei.c:3780
do_filp_open+0x1bc/0x3cc fs/namei.c:3810
do_sys_openat2+0x128/0x3e0 fs/open.c:1318
do_sys_open fs/open.c:1334 [inline]
__do_sys_openat fs/open.c:1350 [inline]
__se_sys_openat fs/open.c:1345 [inline]
__arm64_sys_openat+0x1f0/0x240 fs/open.c:1345
__invoke_syscall arch/arm64/kernel/syscall.c:38 [inline]
invoke_syscall+0x98/0x2bc arch/arm64/kernel/syscall.c:52
el0_svc_common+0x138/0x258 arch/arm64/kernel/syscall.c:140
do_el0_svc+0x58/0x13c arch/arm64/kernel/syscall.c:204
el0_svc+0x58/0x168 arch/arm64/kernel/entry-common.c:637
el0t_64_sync_handler+0x84/0xf0 arch/arm64/kernel/entry-common.c:655
el0t_64_sync+0x18c/0x190 arch/arm64/kernel/entry.S:585
BUG: scheduling while atomic: syz.1.117/5579/0x00000002
6 locks held by syz.1.117/5579:
#0: ffff0000fc890460 (sb_writers#13){.+.+}-{0:0}, at: mnt_want_write+0x44/0x9c fs/namespace.c:393
#1: ffff0000f45d0808 (&type->i_mutex_dir_key#10){++++}-{3:3}, at: inode_lock include/linux/fs.h:758 [inline]
#1: ffff0000f45d0808 (&type->i_mutex_dir_key#10){++++}-{3:3}, at: open_last_lookups fs/namei.c:3547 [inline]
#1: ffff0000f45d0808 (&type->i_mutex_dir_key#10){++++}-{3:3}, at: path_openat+0x5ec/0x2548 fs/namei.c:3780
#2: ffff0000fc890650 (sb_internal#6){.+.+}-{0:0}, at: gfs2_trans_begin+0xa8/0x11c fs/gfs2/trans.c:118
#3: ffff0000c3c2d058 (&sdp->sd_log_flush_lock){++++}-{3:3}, at: gfs2_log_flush+0xb4/0x1b20 fs/gfs2/log.c:1043
#4: ffff0000c3c2ce80 (&sdp->sd_log_lock){+.+.}-{2:2}, at: spin_lock include/linux/spinlock.h:351 [inline]
#4: ffff0000c3c2ce80 (&sdp->sd_log_lock){+.+.}-{2:2}, at: gfs2_log_lock fs/gfs2/log.h:32 [inline]
#4: ffff0000c3c2ce80 (&sdp->sd_log_lock){+.+.}-{2:2}, at: gfs2_flush_revokes+0x50/0x94 fs/gfs2/log.c:814
#5: ffff0000c3c2d248 (&sdp->sd_freeze_mutex){+.+.}-{3:3}, at: signal_our_withdraw fs/gfs2/util.c:155 [inline]
#5: ffff0000c3c2d248 (&sdp->sd_freeze_mutex){+.+.}-{3:3}, at: gfs2_withdraw+0x430/0x140c fs/gfs2/util.c:354
Modules linked in:
Preemption disabled at:
[<ffff80000a4375ac>] spin_lock include/linux/spinlock.h:351 [inline]
[<ffff80000a4375ac>] gfs2_log_lock fs/gfs2/log.h:32 [inline]
[<ffff80000a4375ac>] gfs2_flush_revokes+0x50/0x94 fs/gfs2/log.c:814
CPU: 1 PID: 5579 Comm: syz.1.117 Tainted: G W 6.1.131-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
Call trace:
dump_backtrace+0x1c8/0x1f4 arch/arm64/kernel/stacktrace.c:158
show_stack+0x2c/0x3c arch/arm64/kernel/stacktrace.c:165
__dump_stack lib/dump_stack.c:88 [inline]
dump_stack_lvl+0x108/0x170 lib/dump_stack.c:106
dump_stack+0x1c/0x58 lib/dump_stack.c:113
__schedule_bug+0x12c/0x1e0 kernel/sched/core.c:5791
schedule_debug kernel/sched/core.c:5818 [inline]
__schedule+0xf8c/0x1d44 kernel/sched/core.c:6453
schedule+0xc4/0x170 kernel/sched/core.c:6636
schedule_timeout+0xb8/0x344 kernel/time/timer.c:1941
do_wait_for_common+0x30c/0x468 kernel/sched/completion.c:85
__wait_for_common kernel/sched/completion.c:106 [inline]
wait_for_common kernel/sched/completion.c:117 [inline]
wait_for_completion+0x48/0x60 kernel/sched/completion.c:138
kthread_stop+0x1d8/0x8c0 kernel/kthread.c:711
signal_our_withdraw fs/gfs2/util.c:165 [inline]
gfs2_withdraw+0x508/0x140c fs/gfs2/util.c:354
gfs2_ail1_empty+0x744/0x7d4 fs/gfs2/log.c:377
gfs2_flush_revokes+0x5c/0x94 fs/gfs2/log.c:815
revoke_lo_before_commit+0x3c/0x640 fs/gfs2/lops.c:869
lops_before_commit fs/gfs2/lops.h:40 [inline]
gfs2_log_flush+0x884/0x1b20 fs/gfs2/log.c:1102
gfs2_trans_end+0x2f8/0x4c4 fs/gfs2/trans.c:158
alloc_dinode+0x33c/0x478 fs/gfs2/inode.c:410
gfs2_create_inode+0xc58/0x1548 fs/gfs2/inode.c:711
gfs2_atomic_open+0xd8/0x1c4 fs/gfs2/inode.c:1292
atomic_open fs/namei.c:3345 [inline]
lookup_open fs/namei.c:3453 [inline]
open_last_lookups fs/namei.c:3550 [inline]
path_openat+0xbf8/0x2548 fs/namei.c:3780
do_filp_open+0x1bc/0x3cc fs/namei.c:3810
do_sys_openat2+0x128/0x3e0 fs/open.c:1318
do_sys_open fs/open.c:1334 [inline]
__do_sys_openat fs/open.c:1350 [inline]
__se_sys_openat fs/open.c:1345 [inline]
__arm64_sys_openat+0x1f0/0x240 fs/open.c:1345
__invoke_syscall arch/arm64/kernel/syscall.c:38 [inline]
invoke_syscall+0x98/0x2bc arch/arm64/kernel/syscall.c:52
el0_svc_common+0x138/0x258 arch/arm64/kernel/syscall.c:140
do_el0_svc+0x58/0x13c arch/arm64/kernel/syscall.c:204
el0_svc+0x58/0x168 arch/arm64/kernel/entry-common.c:637
el0t_64_sync_handler+0x84/0xf0 arch/arm64/kernel/entry-common.c:655
el0t_64_sync+0x18c/0x190 arch/arm64/kernel/entry.S:585
gfs2: fsid=syz:syz.0: Journal recovery skipped for jid 0 until next mount.
gfs2: fsid=syz:syz.0: Glock dequeues delayed: 0
=============================
[ BUG: Invalid wait context ]
6.1.131-syzkaller #0 Tainted: G W
-----------------------------
syz.1.117/5579 is trying to lock:
ffff8000184bcc88 (uevent_sock_mutex){+.+.}-{3:3}, at: kobject_uevent_env+0x4d0/0x874 lib/kobject_uevent.c:601
other info that might help us debug this:
context-{4:4}
5 locks held by syz.1.117/5579:
#0: ffff0000fc890460 (sb_writers#13){.+.+}-{0:0}, at: mnt_want_write+0x44/0x9c fs/namespace.c:393
#1: ffff0000f45d0808 (&type->i_mutex_dir_key#10){++++}-{3:3}, at: inode_lock include/linux/fs.h:758 [inline]
#1: ffff0000f45d0808 (&type->i_mutex_dir_key#10){++++}-{3:3}, at: open_last_lookups fs/namei.c:3547 [inline]
#1: ffff0000f45d0808 (&type->i_mutex_dir_key#10){++++}-{3:3}, at: path_openat+0x5ec/0x2548 fs/namei.c:3780
#2: ffff0000fc890650 (sb_internal#6){.+.+}-{0:0}, at: gfs2_trans_begin+0xa8/0x11c fs/gfs2/trans.c:118
#3: ffff0000c3c2d058 (&sdp->sd_log_flush_lock){++++}-{3:3}, at: gfs2_log_flush+0xb4/0x1b20 fs/gfs2/log.c:1043
#4: ffff0000c3c2ce80 (&sdp->sd_log_lock){+.+.}-{2:2}, at: spin_lock include/linux/spinlock.h:351 [inline]
#4: ffff0000c3c2ce80 (&sdp->sd_log_lock){+.+.}-{2:2}, at: gfs2_log_lock fs/gfs2/log.h:32 [inline]
#4: ffff0000c3c2ce80 (&sdp->sd_log_lock){+.+.}-{2:2}, at: gfs2_flush_revokes+0x50/0x94 fs/gfs2/log.c:814
stack backtrace:
CPU: 0 PID: 5579 Comm: syz.1.117 Tainted: G W 6.1.131-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
Call trace:
dump_backtrace+0x1c8/0x1f4 arch/arm64/kernel/stacktrace.c:158
show_stack+0x2c/0x3c arch/arm64/kernel/stacktrace.c:165
__dump_stack lib/dump_stack.c:88 [inline]
dump_stack_lvl+0x108/0x170 lib/dump_stack.c:106
dump_stack+0x1c/0x58 lib/dump_stack.c:113
print_lock_invalid_wait_context kernel/locking/lockdep.c:4701 [inline]
check_wait_context kernel/locking/lockdep.c:4762 [inline]
__lock_acquire+0x1b14/0x7680 kernel/locking/lockdep.c:4999
lock_acquire+0x26c/0x7cc kernel/locking/lockdep.c:5662
__mutex_lock_common+0x190/0x21a0 kernel/locking/mutex.c:603
__mutex_lock kernel/locking/mutex.c:747 [inline]
mutex_lock_nested+0x38/0x44 kernel/locking/mutex.c:799
kobject_uevent_env+0x4d0/0x874 lib/kobject_uevent.c:601
kobject_uevent+0x2c/0x3c lib/kobject_uevent.c:657
gfs2_withdraw+0xcfc/0x140c fs/gfs2/util.c:356
gfs2_ail1_empty+0x744/0x7d4 fs/gfs2/log.c:377
gfs2_flush_revokes+0x5c/0x94 fs/gfs2/log.c:815
revoke_lo_before_commit+0x3c/0x640 fs/gfs2/lops.c:869
lops_before_commit fs/gfs2/lops.h:40 [inline]
gfs2_log_flush+0x884/0x1b20 fs/gfs2/log.c:1102
gfs2_trans_end+0x2f8/0x4c4 fs/gfs2/trans.c:158
alloc_dinode+0x33c/0x478 fs/gfs2/inode.c:410
gfs2_create_inode+0xc58/0x1548 fs/gfs2/inode.c:711
gfs2_atomic_open+0xd8/0x1c4 fs/gfs2/inode.c:1292
atomic_open fs/namei.c:3345 [inline]
lookup_open fs/namei.c:3453 [inline]
open_last_lookups fs/namei.c:3550 [inline]
path_openat+0xbf8/0x2548 fs/namei.c:3780
do_filp_open+0x1bc/0x3cc fs/namei.c:3810
do_sys_openat2+0x128/0x3e0 fs/open.c:1318
do_sys_open fs/open.c:1334 [inline]
__do_sys_openat fs/open.c:1350 [inline]
__se_sys_openat fs/open.c:1345 [inline]
__arm64_sys_openat+0x1f0/0x240 fs/open.c:1345
__invoke_syscall arch/arm64/kernel/syscall.c:38 [inline]
invoke_syscall+0x98/0x2bc arch/arm64/kernel/syscall.c:52
el0_svc_common+0x138/0x258 arch/arm64/kernel/syscall.c:140
do_el0_svc+0x58/0x13c arch/arm64/kernel/syscall.c:204
el0_svc+0x58/0x168 arch/arm64/kernel/entry-common.c:637
el0t_64_sync_handler+0x84/0xf0 arch/arm64/kernel/entry-common.c:655
el0t_64_sync+0x18c/0x190 arch/arm64/kernel/entry.S:585
gfs2: fsid=syz:syz.0: File system withdrawn
CPU: 1 PID: 5579 Comm: syz.1.117 Tainted: G W 6.1.131-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
Call trace:
dump_backtrace+0x1c8/0x1f4 arch/arm64/kernel/stacktrace.c:158
show_stack+0x2c/0x3c arch/arm64/kernel/stacktrace.c:165
__dump_stack lib/dump_stack.c:88 [inline]
dump_stack_lvl+0x108/0x170 lib/dump_stack.c:106
dump_stack+0x1c/0x58 lib/dump_stack.c:113
gfs2_withdraw+0xdcc/0x140c fs/gfs2/util.c:366
gfs2_ail1_empty+0x744/0x7d4 fs/gfs2/log.c:377
gfs2_flush_revokes+0x5c/0x94 fs/gfs2/log.c:815
revoke_lo_before_commit+0x3c/0x640 fs/gfs2/lops.c:869
lops_before_commit fs/gfs2/lops.h:40 [inline]
gfs2_log_flush+0x884/0x1b20 fs/gfs2/log.c:1102
gfs2_trans_end+0x2f8/0x4c4 fs/gfs2/trans.c:158
alloc_dinode+0x33c/0x478 fs/gfs2/inode.c:410
gfs2_create_inode+0xc58/0x1548 fs/gfs2/inode.c:711
gfs2_atomic_open+0xd8/0x1c4 fs/gfs2/inode.c:1292
atomic_open fs/namei.c:3345 [inline]
lookup_open fs/namei.c:3453 [inline]
open_last_lookups fs/namei.c:3550 [inline]
path_openat+0xbf8/0x2548 fs/namei.c:3780
do_filp_open+0x1bc/0x3cc fs/namei.c:3810
do_sys_openat2+0x128/0x3e0 fs/open.c:1318
do_sys_open fs/open.c:1334 [inline]
__do_sys_openat fs/open.c:1350 [inline]
__se_sys_openat fs/open.c:1345 [inline]
__arm64_sys_openat+0x1f0/0x240 fs/open.c:1345
__invoke_syscall arch/arm64/kernel/syscall.c:38 [inline]
invoke_syscall+0x98/0x2bc arch/arm64/kernel/syscall.c:52
el0_svc_common+0x138/0x258 arch/arm64/kernel/syscall.c:140
do_el0_svc+0x58/0x13c arch/arm64/kernel/syscall.c:204
el0_svc+0x58/0x168 arch/arm64/kernel/entry-common.c:637
el0t_64_sync_handler+0x84/0xf0 arch/arm64/kernel/entry-common.c:655
el0t_64_sync+0x18c/0x190 arch/arm64/kernel/entry.S:585
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
If the report is already addressed, let syzbot know by replying with:
#syz fix: exact-commit-title
If you want to overwrite report's subsystems, reply with:
#syz set subsystems: new-subsystem
(See the list of subsystem names on the web dashboard)
If the report is a duplicate of another one, reply with:
#syz dup: exact-subject-of-another-report
If you want to undo deduplication, reply with:
#syz undup
syzbot found the following issue on:
HEAD commit: 344a09659766 Linux 6.1.131
git tree: linux-6.1.y
console output: https://syzkaller.appspot.com/x/log.txt?x=17b2c43f980000
kernel config: https://syzkaller.appspot.com/x/.config?x=14d5dbae75afa499
dashboard link: https://syzkaller.appspot.com/bug?extid=3c60ffb83d033a8bb895
compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40
userspace arch: arm64
Unfortunately, I don't have any reproducer for this issue yet.
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/8c94453bbad3/disk-344a0965.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/6bf26518c790/vmlinux-344a0965.xz
kernel image: https://storage.googleapis.com/syzbot-assets/424da9a470eb/Image-344a0965.gz.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+3c60ff...@syzkaller.appspotmail.com
loop1: rw=1, sector=16778990, nr_sectors = 2 limit=32768
gfs2: fsid=syz:syz.0: Error 10 writing to journal, jid=0
gfs2: fsid=syz:syz.0: fatal: I/O error(s)
gfs2: fsid=syz:syz.0: about to withdraw this file system
BUG: sleeping function called from invalid context at kernel/sched/completion.c:101
in_atomic(): 1, irqs_disabled(): 0, non_block: 0, pid: 5579, name: syz.1.117
preempt_count: 1, expected: 0
RCU nest depth: 0, expected: 0
6 locks held by syz.1.117/5579:
#0: ffff0000fc890460 (sb_writers#13){.+.+}-{0:0}, at: mnt_want_write+0x44/0x9c fs/namespace.c:393
#1: ffff0000f45d0808 (&type->i_mutex_dir_key#10){++++}-{3:3}, at: inode_lock include/linux/fs.h:758 [inline]
#1: ffff0000f45d0808 (&type->i_mutex_dir_key#10){++++}-{3:3}, at: open_last_lookups fs/namei.c:3547 [inline]
#1: ffff0000f45d0808 (&type->i_mutex_dir_key#10){++++}-{3:3}, at: path_openat+0x5ec/0x2548 fs/namei.c:3780
#2: ffff0000fc890650 (sb_internal#6){.+.+}-{0:0}, at: gfs2_trans_begin+0xa8/0x11c fs/gfs2/trans.c:118
#3: ffff0000c3c2d058 (&sdp->sd_log_flush_lock){++++}-{3:3}, at: gfs2_log_flush+0xb4/0x1b20 fs/gfs2/log.c:1043
#4: ffff0000c3c2ce80 (&sdp->sd_log_lock){+.+.}-{2:2}, at: spin_lock include/linux/spinlock.h:351 [inline]
#4: ffff0000c3c2ce80 (&sdp->sd_log_lock){+.+.}-{2:2}, at: gfs2_log_lock fs/gfs2/log.h:32 [inline]
#4: ffff0000c3c2ce80 (&sdp->sd_log_lock){+.+.}-{2:2}, at: gfs2_flush_revokes+0x50/0x94 fs/gfs2/log.c:814
#5: ffff0000c3c2d248 (&sdp->sd_freeze_mutex){+.+.}-{3:3}, at: signal_our_withdraw fs/gfs2/util.c:155 [inline]
#5: ffff0000c3c2d248 (&sdp->sd_freeze_mutex){+.+.}-{3:3}, at: gfs2_withdraw+0x430/0x140c fs/gfs2/util.c:354
Preemption disabled at:
[<ffff80000a4375ac>] spin_lock include/linux/spinlock.h:351 [inline]
[<ffff80000a4375ac>] gfs2_log_lock fs/gfs2/log.h:32 [inline]
[<ffff80000a4375ac>] gfs2_flush_revokes+0x50/0x94 fs/gfs2/log.c:814
CPU: 1 PID: 5579 Comm: syz.1.117 Not tainted 6.1.131-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
Call trace:
dump_backtrace+0x1c8/0x1f4 arch/arm64/kernel/stacktrace.c:158
show_stack+0x2c/0x3c arch/arm64/kernel/stacktrace.c:165
__dump_stack lib/dump_stack.c:88 [inline]
dump_stack_lvl+0x108/0x170 lib/dump_stack.c:106
dump_stack+0x1c/0x58 lib/dump_stack.c:113
__might_resched+0x37c/0x4d8 kernel/sched/core.c:9957
__might_sleep+0x90/0xe4 kernel/sched/core.c:9886
__wait_for_common kernel/sched/completion.c:101 [inline]
wait_for_common kernel/sched/completion.c:117 [inline]
wait_for_completion+0x24/0x60 kernel/sched/completion.c:138
kthread_stop+0x1d8/0x8c0 kernel/kthread.c:711
signal_our_withdraw fs/gfs2/util.c:159 [inline]
gfs2_withdraw+0x49c/0x140c fs/gfs2/util.c:354
gfs2_ail1_empty+0x744/0x7d4 fs/gfs2/log.c:377
gfs2_flush_revokes+0x5c/0x94 fs/gfs2/log.c:815
revoke_lo_before_commit+0x3c/0x640 fs/gfs2/lops.c:869
lops_before_commit fs/gfs2/lops.h:40 [inline]
gfs2_log_flush+0x884/0x1b20 fs/gfs2/log.c:1102
gfs2_trans_end+0x2f8/0x4c4 fs/gfs2/trans.c:158
alloc_dinode+0x33c/0x478 fs/gfs2/inode.c:410
gfs2_create_inode+0xc58/0x1548 fs/gfs2/inode.c:711
gfs2_atomic_open+0xd8/0x1c4 fs/gfs2/inode.c:1292
atomic_open fs/namei.c:3345 [inline]
lookup_open fs/namei.c:3453 [inline]
open_last_lookups fs/namei.c:3550 [inline]
path_openat+0xbf8/0x2548 fs/namei.c:3780
do_filp_open+0x1bc/0x3cc fs/namei.c:3810
do_sys_openat2+0x128/0x3e0 fs/open.c:1318
do_sys_open fs/open.c:1334 [inline]
__do_sys_openat fs/open.c:1350 [inline]
__se_sys_openat fs/open.c:1345 [inline]
__arm64_sys_openat+0x1f0/0x240 fs/open.c:1345
__invoke_syscall arch/arm64/kernel/syscall.c:38 [inline]
invoke_syscall+0x98/0x2bc arch/arm64/kernel/syscall.c:52
el0_svc_common+0x138/0x258 arch/arm64/kernel/syscall.c:140
do_el0_svc+0x58/0x13c arch/arm64/kernel/syscall.c:204
el0_svc+0x58/0x168 arch/arm64/kernel/entry-common.c:637
el0t_64_sync_handler+0x84/0xf0 arch/arm64/kernel/entry-common.c:655
el0t_64_sync+0x18c/0x190 arch/arm64/kernel/entry.S:585
BUG: scheduling while atomic: syz.1.117/5579/0x00000002
6 locks held by syz.1.117/5579:
#0: ffff0000fc890460 (sb_writers#13){.+.+}-{0:0}, at: mnt_want_write+0x44/0x9c fs/namespace.c:393
#1: ffff0000f45d0808 (&type->i_mutex_dir_key#10){++++}-{3:3}, at: inode_lock include/linux/fs.h:758 [inline]
#1: ffff0000f45d0808 (&type->i_mutex_dir_key#10){++++}-{3:3}, at: open_last_lookups fs/namei.c:3547 [inline]
#1: ffff0000f45d0808 (&type->i_mutex_dir_key#10){++++}-{3:3}, at: path_openat+0x5ec/0x2548 fs/namei.c:3780
#2: ffff0000fc890650 (sb_internal#6){.+.+}-{0:0}, at: gfs2_trans_begin+0xa8/0x11c fs/gfs2/trans.c:118
#3: ffff0000c3c2d058 (&sdp->sd_log_flush_lock){++++}-{3:3}, at: gfs2_log_flush+0xb4/0x1b20 fs/gfs2/log.c:1043
#4: ffff0000c3c2ce80 (&sdp->sd_log_lock){+.+.}-{2:2}, at: spin_lock include/linux/spinlock.h:351 [inline]
#4: ffff0000c3c2ce80 (&sdp->sd_log_lock){+.+.}-{2:2}, at: gfs2_log_lock fs/gfs2/log.h:32 [inline]
#4: ffff0000c3c2ce80 (&sdp->sd_log_lock){+.+.}-{2:2}, at: gfs2_flush_revokes+0x50/0x94 fs/gfs2/log.c:814
#5: ffff0000c3c2d248 (&sdp->sd_freeze_mutex){+.+.}-{3:3}, at: signal_our_withdraw fs/gfs2/util.c:155 [inline]
#5: ffff0000c3c2d248 (&sdp->sd_freeze_mutex){+.+.}-{3:3}, at: gfs2_withdraw+0x430/0x140c fs/gfs2/util.c:354
Modules linked in:
Preemption disabled at:
[<ffff80000a4375ac>] spin_lock include/linux/spinlock.h:351 [inline]
[<ffff80000a4375ac>] gfs2_log_lock fs/gfs2/log.h:32 [inline]
[<ffff80000a4375ac>] gfs2_flush_revokes+0x50/0x94 fs/gfs2/log.c:814
CPU: 1 PID: 5579 Comm: syz.1.117 Tainted: G W 6.1.131-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
Call trace:
dump_backtrace+0x1c8/0x1f4 arch/arm64/kernel/stacktrace.c:158
show_stack+0x2c/0x3c arch/arm64/kernel/stacktrace.c:165
__dump_stack lib/dump_stack.c:88 [inline]
dump_stack_lvl+0x108/0x170 lib/dump_stack.c:106
dump_stack+0x1c/0x58 lib/dump_stack.c:113
__schedule_bug+0x12c/0x1e0 kernel/sched/core.c:5791
schedule_debug kernel/sched/core.c:5818 [inline]
__schedule+0xf8c/0x1d44 kernel/sched/core.c:6453
schedule+0xc4/0x170 kernel/sched/core.c:6636
schedule_timeout+0xb8/0x344 kernel/time/timer.c:1941
do_wait_for_common+0x30c/0x468 kernel/sched/completion.c:85
__wait_for_common kernel/sched/completion.c:106 [inline]
wait_for_common kernel/sched/completion.c:117 [inline]
wait_for_completion+0x48/0x60 kernel/sched/completion.c:138
kthread_stop+0x1d8/0x8c0 kernel/kthread.c:711
signal_our_withdraw fs/gfs2/util.c:165 [inline]
gfs2_withdraw+0x508/0x140c fs/gfs2/util.c:354
gfs2_ail1_empty+0x744/0x7d4 fs/gfs2/log.c:377
gfs2_flush_revokes+0x5c/0x94 fs/gfs2/log.c:815
revoke_lo_before_commit+0x3c/0x640 fs/gfs2/lops.c:869
lops_before_commit fs/gfs2/lops.h:40 [inline]
gfs2_log_flush+0x884/0x1b20 fs/gfs2/log.c:1102
gfs2_trans_end+0x2f8/0x4c4 fs/gfs2/trans.c:158
alloc_dinode+0x33c/0x478 fs/gfs2/inode.c:410
gfs2_create_inode+0xc58/0x1548 fs/gfs2/inode.c:711
gfs2_atomic_open+0xd8/0x1c4 fs/gfs2/inode.c:1292
atomic_open fs/namei.c:3345 [inline]
lookup_open fs/namei.c:3453 [inline]
open_last_lookups fs/namei.c:3550 [inline]
path_openat+0xbf8/0x2548 fs/namei.c:3780
do_filp_open+0x1bc/0x3cc fs/namei.c:3810
do_sys_openat2+0x128/0x3e0 fs/open.c:1318
do_sys_open fs/open.c:1334 [inline]
__do_sys_openat fs/open.c:1350 [inline]
__se_sys_openat fs/open.c:1345 [inline]
__arm64_sys_openat+0x1f0/0x240 fs/open.c:1345
__invoke_syscall arch/arm64/kernel/syscall.c:38 [inline]
invoke_syscall+0x98/0x2bc arch/arm64/kernel/syscall.c:52
el0_svc_common+0x138/0x258 arch/arm64/kernel/syscall.c:140
do_el0_svc+0x58/0x13c arch/arm64/kernel/syscall.c:204
el0_svc+0x58/0x168 arch/arm64/kernel/entry-common.c:637
el0t_64_sync_handler+0x84/0xf0 arch/arm64/kernel/entry-common.c:655
el0t_64_sync+0x18c/0x190 arch/arm64/kernel/entry.S:585
gfs2: fsid=syz:syz.0: Journal recovery skipped for jid 0 until next mount.
gfs2: fsid=syz:syz.0: Glock dequeues delayed: 0
=============================
[ BUG: Invalid wait context ]
6.1.131-syzkaller #0 Tainted: G W
-----------------------------
syz.1.117/5579 is trying to lock:
ffff8000184bcc88 (uevent_sock_mutex){+.+.}-{3:3}, at: kobject_uevent_env+0x4d0/0x874 lib/kobject_uevent.c:601
other info that might help us debug this:
context-{4:4}
5 locks held by syz.1.117/5579:
#0: ffff0000fc890460 (sb_writers#13){.+.+}-{0:0}, at: mnt_want_write+0x44/0x9c fs/namespace.c:393
#1: ffff0000f45d0808 (&type->i_mutex_dir_key#10){++++}-{3:3}, at: inode_lock include/linux/fs.h:758 [inline]
#1: ffff0000f45d0808 (&type->i_mutex_dir_key#10){++++}-{3:3}, at: open_last_lookups fs/namei.c:3547 [inline]
#1: ffff0000f45d0808 (&type->i_mutex_dir_key#10){++++}-{3:3}, at: path_openat+0x5ec/0x2548 fs/namei.c:3780
#2: ffff0000fc890650 (sb_internal#6){.+.+}-{0:0}, at: gfs2_trans_begin+0xa8/0x11c fs/gfs2/trans.c:118
#3: ffff0000c3c2d058 (&sdp->sd_log_flush_lock){++++}-{3:3}, at: gfs2_log_flush+0xb4/0x1b20 fs/gfs2/log.c:1043
#4: ffff0000c3c2ce80 (&sdp->sd_log_lock){+.+.}-{2:2}, at: spin_lock include/linux/spinlock.h:351 [inline]
#4: ffff0000c3c2ce80 (&sdp->sd_log_lock){+.+.}-{2:2}, at: gfs2_log_lock fs/gfs2/log.h:32 [inline]
#4: ffff0000c3c2ce80 (&sdp->sd_log_lock){+.+.}-{2:2}, at: gfs2_flush_revokes+0x50/0x94 fs/gfs2/log.c:814
stack backtrace:
CPU: 0 PID: 5579 Comm: syz.1.117 Tainted: G W 6.1.131-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
Call trace:
dump_backtrace+0x1c8/0x1f4 arch/arm64/kernel/stacktrace.c:158
show_stack+0x2c/0x3c arch/arm64/kernel/stacktrace.c:165
__dump_stack lib/dump_stack.c:88 [inline]
dump_stack_lvl+0x108/0x170 lib/dump_stack.c:106
dump_stack+0x1c/0x58 lib/dump_stack.c:113
print_lock_invalid_wait_context kernel/locking/lockdep.c:4701 [inline]
check_wait_context kernel/locking/lockdep.c:4762 [inline]
__lock_acquire+0x1b14/0x7680 kernel/locking/lockdep.c:4999
lock_acquire+0x26c/0x7cc kernel/locking/lockdep.c:5662
__mutex_lock_common+0x190/0x21a0 kernel/locking/mutex.c:603
__mutex_lock kernel/locking/mutex.c:747 [inline]
mutex_lock_nested+0x38/0x44 kernel/locking/mutex.c:799
kobject_uevent_env+0x4d0/0x874 lib/kobject_uevent.c:601
kobject_uevent+0x2c/0x3c lib/kobject_uevent.c:657
gfs2_withdraw+0xcfc/0x140c fs/gfs2/util.c:356
gfs2_ail1_empty+0x744/0x7d4 fs/gfs2/log.c:377
gfs2_flush_revokes+0x5c/0x94 fs/gfs2/log.c:815
revoke_lo_before_commit+0x3c/0x640 fs/gfs2/lops.c:869
lops_before_commit fs/gfs2/lops.h:40 [inline]
gfs2_log_flush+0x884/0x1b20 fs/gfs2/log.c:1102
gfs2_trans_end+0x2f8/0x4c4 fs/gfs2/trans.c:158
alloc_dinode+0x33c/0x478 fs/gfs2/inode.c:410
gfs2_create_inode+0xc58/0x1548 fs/gfs2/inode.c:711
gfs2_atomic_open+0xd8/0x1c4 fs/gfs2/inode.c:1292
atomic_open fs/namei.c:3345 [inline]
lookup_open fs/namei.c:3453 [inline]
open_last_lookups fs/namei.c:3550 [inline]
path_openat+0xbf8/0x2548 fs/namei.c:3780
do_filp_open+0x1bc/0x3cc fs/namei.c:3810
do_sys_openat2+0x128/0x3e0 fs/open.c:1318
do_sys_open fs/open.c:1334 [inline]
__do_sys_openat fs/open.c:1350 [inline]
__se_sys_openat fs/open.c:1345 [inline]
__arm64_sys_openat+0x1f0/0x240 fs/open.c:1345
__invoke_syscall arch/arm64/kernel/syscall.c:38 [inline]
invoke_syscall+0x98/0x2bc arch/arm64/kernel/syscall.c:52
el0_svc_common+0x138/0x258 arch/arm64/kernel/syscall.c:140
do_el0_svc+0x58/0x13c arch/arm64/kernel/syscall.c:204
el0_svc+0x58/0x168 arch/arm64/kernel/entry-common.c:637
el0t_64_sync_handler+0x84/0xf0 arch/arm64/kernel/entry-common.c:655
el0t_64_sync+0x18c/0x190 arch/arm64/kernel/entry.S:585
gfs2: fsid=syz:syz.0: File system withdrawn
CPU: 1 PID: 5579 Comm: syz.1.117 Tainted: G W 6.1.131-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
Call trace:
dump_backtrace+0x1c8/0x1f4 arch/arm64/kernel/stacktrace.c:158
show_stack+0x2c/0x3c arch/arm64/kernel/stacktrace.c:165
__dump_stack lib/dump_stack.c:88 [inline]
dump_stack_lvl+0x108/0x170 lib/dump_stack.c:106
dump_stack+0x1c/0x58 lib/dump_stack.c:113
gfs2_withdraw+0xdcc/0x140c fs/gfs2/util.c:366
gfs2_ail1_empty+0x744/0x7d4 fs/gfs2/log.c:377
gfs2_flush_revokes+0x5c/0x94 fs/gfs2/log.c:815
revoke_lo_before_commit+0x3c/0x640 fs/gfs2/lops.c:869
lops_before_commit fs/gfs2/lops.h:40 [inline]
gfs2_log_flush+0x884/0x1b20 fs/gfs2/log.c:1102
gfs2_trans_end+0x2f8/0x4c4 fs/gfs2/trans.c:158
alloc_dinode+0x33c/0x478 fs/gfs2/inode.c:410
gfs2_create_inode+0xc58/0x1548 fs/gfs2/inode.c:711
gfs2_atomic_open+0xd8/0x1c4 fs/gfs2/inode.c:1292
atomic_open fs/namei.c:3345 [inline]
lookup_open fs/namei.c:3453 [inline]
open_last_lookups fs/namei.c:3550 [inline]
path_openat+0xbf8/0x2548 fs/namei.c:3780
do_filp_open+0x1bc/0x3cc fs/namei.c:3810
do_sys_openat2+0x128/0x3e0 fs/open.c:1318
do_sys_open fs/open.c:1334 [inline]
__do_sys_openat fs/open.c:1350 [inline]
__se_sys_openat fs/open.c:1345 [inline]
__arm64_sys_openat+0x1f0/0x240 fs/open.c:1345
__invoke_syscall arch/arm64/kernel/syscall.c:38 [inline]
invoke_syscall+0x98/0x2bc arch/arm64/kernel/syscall.c:52
el0_svc_common+0x138/0x258 arch/arm64/kernel/syscall.c:140
do_el0_svc+0x58/0x13c arch/arm64/kernel/syscall.c:204
el0_svc+0x58/0x168 arch/arm64/kernel/entry-common.c:637
el0t_64_sync_handler+0x84/0xf0 arch/arm64/kernel/entry-common.c:655
el0t_64_sync+0x18c/0x190 arch/arm64/kernel/entry.S:585
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
If the report is already addressed, let syzbot know by replying with:
#syz fix: exact-commit-title
If you want to overwrite report's subsystems, reply with:
#syz set subsystems: new-subsystem
(See the list of subsystem names on the web dashboard)
If the report is a duplicate of another one, reply with:
#syz dup: exact-subject-of-another-report
If you want to undo deduplication, reply with:
#syz undup
syzbot
Mar 23, 2025, 3:07:23 PM3/23/25
to syzkaller...@googlegroups.com
syzbot has found a reproducer for the following issue on:
HEAD commit: 344a09659766 Linux 6.1.131
git tree: linux-6.1.y
console output: https://syzkaller.appspot.com/x/log.txt?x=1488fe98580000
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=143e0804580000
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/8c94453bbad3/disk-344a0965.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/6bf26518c790/vmlinux-344a0965.xz
kernel image: https://storage.googleapis.com/syzbot-assets/424da9a470eb/Image-344a0965.gz.xz
mounted in repro: https://storage.googleapis.com/syzbot-assets/d69af8baecc4/mount_0.gz
fsck result: failed (log: https://syzkaller.appspot.com/x/fsck.log?x=103e0804580000)
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+3c60ff...@syzkaller.appspotmail.com
loop0: rw=1, sector=16778990, nr_sectors = 2 limit=32768
#0: ffff0000d999c460 (sb_writers#8){.+.+}-{0:0}, at: mnt_want_write+0x44/0x9c fs/namespace.c:393
#1: ffff0000e1ab8150 (&type->i_mutex_dir_key#6){+.+.}-{3:3}, at: inode_lock include/linux/fs.h:758 [inline]
#1: ffff0000e1ab8150 (&type->i_mutex_dir_key#6){+.+.}-{3:3}, at: open_last_lookups fs/namei.c:3547 [inline]
#1: ffff0000e1ab8150 (&type->i_mutex_dir_key#6){+.+.}-{3:3}, at: path_openat+0x5ec/0x2548 fs/namei.c:3780
#2: ffff0000d999c650 (sb_internal#2){.+.+}-{0:0}, at: gfs2_trans_begin+0xa8/0x11c fs/gfs2/trans.c:118
#3: ffff0000da939058 (&sdp->sd_log_flush_lock){++++}-{3:3}, at: gfs2_log_flush+0xb4/0x1b20 fs/gfs2/log.c:1043
#4: ffff0000da938e80 (&sdp->sd_log_lock){+.+.}-{2:2}, at: spin_lock include/linux/spinlock.h:351 [inline]
#4: ffff0000da938e80 (&sdp->sd_log_lock){+.+.}-{2:2}, at: gfs2_log_lock fs/gfs2/log.h:32 [inline]
#4: ffff0000da938e80 (&sdp->sd_log_lock){+.+.}-{2:2}, at: gfs2_flush_revokes+0x50/0x94 fs/gfs2/log.c:814
#5: ffff0000da939248 (&sdp->sd_freeze_mutex){+.+.}-{3:3}, at: signal_our_withdraw fs/gfs2/util.c:155 [inline]
#5: ffff0000da939248 (&sdp->sd_freeze_mutex){+.+.}-{3:3}, at: gfs2_withdraw+0x430/0x140c fs/gfs2/util.c:354
BUG: scheduling while atomic: syz-executor182/4298/0x00000002
6 locks held by syz-executor182/4298:
#0: ffff0000d999c460 (sb_writers#8){.+.+}-{0:0}, at: mnt_want_write+0x44/0x9c fs/namespace.c:393
#1: ffff0000e1ab8150 (&type->i_mutex_dir_key#6){+.+.}-{3:3}, at: inode_lock include/linux/fs.h:758 [inline]
#1: ffff0000e1ab8150 (&type->i_mutex_dir_key#6){+.+.}-{3:3}, at: open_last_lookups fs/namei.c:3547 [inline]
#1: ffff0000e1ab8150 (&type->i_mutex_dir_key#6){+.+.}-{3:3}, at: path_openat+0x5ec/0x2548 fs/namei.c:3780
#2: ffff0000d999c650 (sb_internal#2){.+.+}-{0:0}, at: gfs2_trans_begin+0xa8/0x11c fs/gfs2/trans.c:118
#3: ffff0000da939058 (&sdp->sd_log_flush_lock){++++}-{3:3}, at: gfs2_log_flush+0xb4/0x1b20 fs/gfs2/log.c:1043
#4: ffff0000da938e80 (&sdp->sd_log_lock){+.+.}-{2:2}, at: spin_lock include/linux/spinlock.h:351 [inline]
#4: ffff0000da938e80 (&sdp->sd_log_lock){+.+.}-{2:2}, at: gfs2_log_lock fs/gfs2/log.h:32 [inline]
#4: ffff0000da938e80 (&sdp->sd_log_lock){+.+.}-{2:2}, at: gfs2_flush_revokes+0x50/0x94 fs/gfs2/log.c:814
#5: ffff0000da939248 (&sdp->sd_freeze_mutex){+.+.}-{3:3}, at: signal_our_withdraw fs/gfs2/util.c:155 [inline]
#5: ffff0000da939248 (&sdp->sd_freeze_mutex){+.+.}-{3:3}, at: gfs2_withdraw+0x430/0x140c fs/gfs2/util.c:354
syz-executor182/4298 is trying to lock:
#0: ffff0000d999c460 (sb_writers#8){.+.+}-{0:0}, at: mnt_want_write+0x44/0x9c fs/namespace.c:393
#1: ffff0000e1ab8150 (&type->i_mutex_dir_key#6){+.+.}-{3:3}, at: inode_lock include/linux/fs.h:758 [inline]
#1: ffff0000e1ab8150 (&type->i_mutex_dir_key#6){+.+.}-{3:3}, at: open_last_lookups fs/namei.c:3547 [inline]
#1: ffff0000e1ab8150 (&type->i_mutex_dir_key#6){+.+.}-{3:3}, at: path_openat+0x5ec/0x2548 fs/namei.c:3780
#2: ffff0000d999c650 (sb_internal#2){.+.+}-{0:0}, at: gfs2_trans_begin+0xa8/0x11c fs/gfs2/trans.c:118
#3: ffff0000da939058 (&sdp->sd_log_flush_lock){++++}-{3:3}, at: gfs2_log_flush+0xb4/0x1b20 fs/gfs2/log.c:1043
#4: ffff0000da938e80 (&sdp->sd_log_lock){+.+.}-{2:2}, at: spin_lock include/linux/spinlock.h:351 [inline]
#4: ffff0000da938e80 (&sdp->sd_log_lock){+.+.}-{2:2}, at: gfs2_log_lock fs/gfs2/log.h:32 [inline]
#4: ffff0000da938e80 (&sdp->sd_log_lock){+.+.}-{2:2}, at: gfs2_flush_revokes+0x50/0x94 fs/gfs2/log.c:814
stack backtrace:
CPU: 1 PID: 4298 Comm: syz-executor182 Tainted: G W 6.1.131-syzkaller #0
CPU: 1 PID: 4298 Comm: syz-executor182 Tainted: G W 6.1.131-syzkaller #0
If you want syzbot to run the reproducer, reply with:
#syz test: git://repo/address.git branch-or-commit-hash
If you attach or paste a git patch, syzbot will apply it before testing.
HEAD commit: 344a09659766 Linux 6.1.131
git tree: linux-6.1.y
kernel config: https://syzkaller.appspot.com/x/.config?x=14d5dbae75afa499
dashboard link: https://syzkaller.appspot.com/bug?extid=3c60ffb83d033a8bb895
compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40
userspace arch: arm64
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=1288fe98580000
dashboard link: https://syzkaller.appspot.com/bug?extid=3c60ffb83d033a8bb895
compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40
userspace arch: arm64
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=143e0804580000
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/8c94453bbad3/disk-344a0965.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/6bf26518c790/vmlinux-344a0965.xz
kernel image: https://storage.googleapis.com/syzbot-assets/424da9a470eb/Image-344a0965.gz.xz
fsck result: failed (log: https://syzkaller.appspot.com/x/fsck.log?x=103e0804580000)
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+3c60ff...@syzkaller.appspotmail.com
gfs2: fsid=syz:syz.0: Error 10 writing to journal, jid=0
gfs2: fsid=syz:syz.0: fatal: I/O error(s)
gfs2: fsid=syz:syz.0: about to withdraw this file system
BUG: sleeping function called from invalid context at kernel/sched/completion.c:101
in_atomic(): 1, irqs_disabled(): 0, non_block: 0, pid: 4298, name: syz-executor182
gfs2: fsid=syz:syz.0: fatal: I/O error(s)
gfs2: fsid=syz:syz.0: about to withdraw this file system
BUG: sleeping function called from invalid context at kernel/sched/completion.c:101
preempt_count: 1, expected: 0
RCU nest depth: 0, expected: 0
6 locks held by syz-executor182/4298:
RCU nest depth: 0, expected: 0
#0: ffff0000d999c460 (sb_writers#8){.+.+}-{0:0}, at: mnt_want_write+0x44/0x9c fs/namespace.c:393
#1: ffff0000e1ab8150 (&type->i_mutex_dir_key#6){+.+.}-{3:3}, at: inode_lock include/linux/fs.h:758 [inline]
#1: ffff0000e1ab8150 (&type->i_mutex_dir_key#6){+.+.}-{3:3}, at: open_last_lookups fs/namei.c:3547 [inline]
#1: ffff0000e1ab8150 (&type->i_mutex_dir_key#6){+.+.}-{3:3}, at: path_openat+0x5ec/0x2548 fs/namei.c:3780
#2: ffff0000d999c650 (sb_internal#2){.+.+}-{0:0}, at: gfs2_trans_begin+0xa8/0x11c fs/gfs2/trans.c:118
#3: ffff0000da939058 (&sdp->sd_log_flush_lock){++++}-{3:3}, at: gfs2_log_flush+0xb4/0x1b20 fs/gfs2/log.c:1043
#4: ffff0000da938e80 (&sdp->sd_log_lock){+.+.}-{2:2}, at: spin_lock include/linux/spinlock.h:351 [inline]
#4: ffff0000da938e80 (&sdp->sd_log_lock){+.+.}-{2:2}, at: gfs2_log_lock fs/gfs2/log.h:32 [inline]
#4: ffff0000da938e80 (&sdp->sd_log_lock){+.+.}-{2:2}, at: gfs2_flush_revokes+0x50/0x94 fs/gfs2/log.c:814
#5: ffff0000da939248 (&sdp->sd_freeze_mutex){+.+.}-{3:3}, at: signal_our_withdraw fs/gfs2/util.c:155 [inline]
#5: ffff0000da939248 (&sdp->sd_freeze_mutex){+.+.}-{3:3}, at: gfs2_withdraw+0x430/0x140c fs/gfs2/util.c:354
Preemption disabled at:
[<ffff80000a4375ac>] spin_lock include/linux/spinlock.h:351 [inline]
[<ffff80000a4375ac>] gfs2_log_lock fs/gfs2/log.h:32 [inline]
[<ffff80000a4375ac>] gfs2_flush_revokes+0x50/0x94 fs/gfs2/log.c:814
CPU: 1 PID: 4298 Comm: syz-executor182 Not tainted 6.1.131-syzkaller #0
[<ffff80000a4375ac>] spin_lock include/linux/spinlock.h:351 [inline]
[<ffff80000a4375ac>] gfs2_log_lock fs/gfs2/log.h:32 [inline]
[<ffff80000a4375ac>] gfs2_flush_revokes+0x50/0x94 fs/gfs2/log.c:814
6 locks held by syz-executor182/4298:
#0: ffff0000d999c460 (sb_writers#8){.+.+}-{0:0}, at: mnt_want_write+0x44/0x9c fs/namespace.c:393
#1: ffff0000e1ab8150 (&type->i_mutex_dir_key#6){+.+.}-{3:3}, at: inode_lock include/linux/fs.h:758 [inline]
#1: ffff0000e1ab8150 (&type->i_mutex_dir_key#6){+.+.}-{3:3}, at: open_last_lookups fs/namei.c:3547 [inline]
#1: ffff0000e1ab8150 (&type->i_mutex_dir_key#6){+.+.}-{3:3}, at: path_openat+0x5ec/0x2548 fs/namei.c:3780
#2: ffff0000d999c650 (sb_internal#2){.+.+}-{0:0}, at: gfs2_trans_begin+0xa8/0x11c fs/gfs2/trans.c:118
#3: ffff0000da939058 (&sdp->sd_log_flush_lock){++++}-{3:3}, at: gfs2_log_flush+0xb4/0x1b20 fs/gfs2/log.c:1043
#4: ffff0000da938e80 (&sdp->sd_log_lock){+.+.}-{2:2}, at: spin_lock include/linux/spinlock.h:351 [inline]
#4: ffff0000da938e80 (&sdp->sd_log_lock){+.+.}-{2:2}, at: gfs2_log_lock fs/gfs2/log.h:32 [inline]
#4: ffff0000da938e80 (&sdp->sd_log_lock){+.+.}-{2:2}, at: gfs2_flush_revokes+0x50/0x94 fs/gfs2/log.c:814
#5: ffff0000da939248 (&sdp->sd_freeze_mutex){+.+.}-{3:3}, at: signal_our_withdraw fs/gfs2/util.c:155 [inline]
#5: ffff0000da939248 (&sdp->sd_freeze_mutex){+.+.}-{3:3}, at: gfs2_withdraw+0x430/0x140c fs/gfs2/util.c:354
Modules linked in:
Preemption disabled at:
[<ffff80000a4375ac>] spin_lock include/linux/spinlock.h:351 [inline]
[<ffff80000a4375ac>] gfs2_log_lock fs/gfs2/log.h:32 [inline]
[<ffff80000a4375ac>] gfs2_flush_revokes+0x50/0x94 fs/gfs2/log.c:814
CPU: 1 PID: 4298 Comm: syz-executor182 Tainted: G W 6.1.131-syzkaller #0
Preemption disabled at:
[<ffff80000a4375ac>] spin_lock include/linux/spinlock.h:351 [inline]
[<ffff80000a4375ac>] gfs2_log_lock fs/gfs2/log.h:32 [inline]
[<ffff80000a4375ac>] gfs2_flush_revokes+0x50/0x94 fs/gfs2/log.c:814
ffff8000184bcc88 (uevent_sock_mutex){+.+.}-{3:3}, at: kobject_uevent_env+0x4d0/0x874 lib/kobject_uevent.c:601
other info that might help us debug this:
context-{4:4}
5 locks held by syz-executor182/4298:
other info that might help us debug this:
context-{4:4}
#0: ffff0000d999c460 (sb_writers#8){.+.+}-{0:0}, at: mnt_want_write+0x44/0x9c fs/namespace.c:393
#1: ffff0000e1ab8150 (&type->i_mutex_dir_key#6){+.+.}-{3:3}, at: inode_lock include/linux/fs.h:758 [inline]
#1: ffff0000e1ab8150 (&type->i_mutex_dir_key#6){+.+.}-{3:3}, at: open_last_lookups fs/namei.c:3547 [inline]
#1: ffff0000e1ab8150 (&type->i_mutex_dir_key#6){+.+.}-{3:3}, at: path_openat+0x5ec/0x2548 fs/namei.c:3780
#2: ffff0000d999c650 (sb_internal#2){.+.+}-{0:0}, at: gfs2_trans_begin+0xa8/0x11c fs/gfs2/trans.c:118
#3: ffff0000da939058 (&sdp->sd_log_flush_lock){++++}-{3:3}, at: gfs2_log_flush+0xb4/0x1b20 fs/gfs2/log.c:1043
#4: ffff0000da938e80 (&sdp->sd_log_lock){+.+.}-{2:2}, at: spin_lock include/linux/spinlock.h:351 [inline]
#4: ffff0000da938e80 (&sdp->sd_log_lock){+.+.}-{2:2}, at: gfs2_log_lock fs/gfs2/log.h:32 [inline]
#4: ffff0000da938e80 (&sdp->sd_log_lock){+.+.}-{2:2}, at: gfs2_flush_revokes+0x50/0x94 fs/gfs2/log.c:814
stack backtrace:
CPU: 1 PID: 4298 Comm: syz-executor182 Tainted: G W 6.1.131-syzkaller #0
#syz test: git://repo/address.git branch-or-commit-hash
If you attach or paste a git patch, syzbot will apply it before testing.
Reply all
Reply to author
Forward
0 new messages