BUG: sleeping function called from invalid context in gfs2

Date	Name	Commit	Repro	Result
2025/03/28	upstream (ToT)	4fa118e5b79f	C	[report] unregister_netdevice: waiting for DEV to become free

Kernel	Title	Repro	Cause bisect	Fix bisect	Count	Last	Reported	Patched	Status
upstream	BUG: sleeping function called from invalid context in gfs2_withdraw gfs2	C	error	done	182	473d	594d	25/28	fixed on 2024/03/20 11:33

upstream

BUG: sleeping function called from invalid context in gfs2_withdraw gfs2

error

done

182

473d

594d

25/28

fixed on 2024/03/20 11:33

loop0: rw=1, sector=16778990, nr_sectors = 2 limit=32768 gfs2: fsid=syz:syz.0: Error 10 writing to journal, jid=0 gfs2: fsid=syz:syz.0: fatal: I/O error(s) gfs2: fsid=syz:syz.0: about to withdraw this file system BUG: sleeping function called from invalid context at kernel/sched/completion.c:101 in_atomic(): 1, irqs_disabled(): 0, non_block: 0, pid: 4290, name: syz-executor166 preempt_count: 1, expected: 0 RCU nest depth: 0, expected: 0 6 locks held by syz-executor166/4290: #0: ffff0000d960e460 (sb_writers#8){.+.+}-{0:0}, at: mnt_want_write+0x44/0x9c fs/namespace.c:393 #1: ffff0000d7ac0150 (&type->i_mutex_dir_key#6){+.+.}-{3:3}, at: inode_lock include/linux/fs.h:758 [inline] #1: ffff0000d7ac0150 (&type->i_mutex_dir_key#6){+.+.}-{3:3}, at: open_last_lookups fs/namei.c:3547 [inline] #1: ffff0000d7ac0150 (&type->i_mutex_dir_key#6){+.+.}-{3:3}, at: path_openat+0x5ec/0x2548 fs/namei.c:3780 #2: ffff0000d960e650 (sb_internal#2){.+.+}-{0:0}, at: gfs2_trans_begin+0xa8/0x11c fs/gfs2/trans.c:118 #3: ffff0000d895d058 (&sdp->sd_log_flush_lock){++++}-{3:3}, at: gfs2_log_flush+0xb4/0x1b20 fs/gfs2/log.c:1043 #4: ffff0000d895ce80 (&sdp->sd_log_lock){+.+.}-{2:2}, at: spin_lock include/linux/spinlock.h:351 [inline] #4: ffff0000d895ce80 (&sdp->sd_log_lock){+.+.}-{2:2}, at: gfs2_log_lock fs/gfs2/log.h:32 [inline] #4: ffff0000d895ce80 (&sdp->sd_log_lock){+.+.}-{2:2}, at: gfs2_flush_revokes+0x50/0x94 fs/gfs2/log.c:814 #5: ffff0000d895d248 (&sdp->sd_freeze_mutex){+.+.}-{3:3}, at: signal_our_withdraw fs/gfs2/util.c:155 [inline] #5: ffff0000d895d248 (&sdp->sd_freeze_mutex){+.+.}-{3:3}, at: gfs2_withdraw+0x430/0x140c fs/gfs2/util.c:354 Preemption disabled at: [<ffff80000a4375ac>] spin_lock include/linux/spinlock.h:351 [inline] [<ffff80000a4375ac>] gfs2_log_lock fs/gfs2/log.h:32 [inline] [<ffff80000a4375ac>] gfs2_flush_revokes+0x50/0x94 fs/gfs2/log.c:814 CPU: 0 PID: 4290 Comm: syz-executor166 Not tainted 6.1.131-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 Call trace: dump_backtrace+0x1c8/0x1f4 arch/arm64/kernel/stacktrace.c:158 show_stack+0x2c/0x3c arch/arm64/kernel/stacktrace.c:165 __dump_stack lib/dump_stack.c:88 [inline] dump_stack_lvl+0x108/0x170 lib/dump_stack.c:106 dump_stack+0x1c/0x58 lib/dump_stack.c:113 __might_resched+0x37c/0x4d8 kernel/sched/core.c:9957 __might_sleep+0x90/0xe4 kernel/sched/core.c:9886 __wait_for_common kernel/sched/completion.c:101 [inline] wait_for_common kernel/sched/completion.c:117 [inline] wait_for_completion+0x24/0x60 kernel/sched/completion.c:138 kthread_stop+0x1d8/0x8c0 kernel/kthread.c:711 signal_our_withdraw fs/gfs2/util.c:159 [inline] gfs2_withdraw+0x49c/0x140c fs/gfs2/util.c:354 gfs2_ail1_empty+0x744/0x7d4 fs/gfs2/log.c:377 gfs2_flush_revokes+0x5c/0x94 fs/gfs2/log.c:815 revoke_lo_before_commit+0x3c/0x640 fs/gfs2/lops.c:869 lops_before_commit fs/gfs2/lops.h:40 [inline] gfs2_log_flush+0x884/0x1b20 fs/gfs2/log.c:1102 gfs2_trans_end+0x2f8/0x4c4 fs/gfs2/trans.c:158 alloc_dinode+0x33c/0x478 fs/gfs2/inode.c:410 gfs2_create_inode+0xc58/0x1548 fs/gfs2/inode.c:711 gfs2_atomic_open+0xd8/0x1c4 fs/gfs2/inode.c:1292 atomic_open fs/namei.c:3345 [inline] lookup_open fs/namei.c:3453 [inline] open_last_lookups fs/namei.c:3550 [inline] path_openat+0xbf8/0x2548 fs/namei.c:3780 do_filp_open+0x1bc/0x3cc fs/namei.c:3810 do_sys_openat2+0x128/0x3e0 fs/open.c:1318 do_sys_open fs/open.c:1334 [inline] __do_sys_openat fs/open.c:1350 [inline] __se_sys_openat fs/open.c:1345 [inline] __arm64_sys_openat+0x1f0/0x240 fs/open.c:1345 __invoke_syscall arch/arm64/kernel/syscall.c:38 [inline] invoke_syscall+0x98/0x2bc arch/arm64/kernel/syscall.c:52 el0_svc_common+0x138/0x258 arch/arm64/kernel/syscall.c:140 do_el0_svc+0x58/0x13c arch/arm64/kernel/syscall.c:204 el0_svc+0x58/0x168 arch/arm64/kernel/entry-common.c:637 el0t_64_sync_handler+0x84/0xf0 arch/arm64/kernel/entry-common.c:655 el0t_64_sync+0x18c/0x190 arch/arm64/kernel/entry.S:585 BUG: scheduling while atomic: syz-executor166/4290/0x00000002 6 locks held by syz-executor166/4290: #0: ffff0000d960e460 (sb_writers#8){.+.+}-{0:0}, at: mnt_want_write+0x44/0x9c fs/namespace.c:393 #1: ffff0000d7ac0150 (&type->i_mutex_dir_key#6){+.+.}-{3:3}, at: inode_lock include/linux/fs.h:758 [inline] #1: ffff0000d7ac0150 (&type->i_mutex_dir_key#6){+.+.}-{3:3}, at: open_last_lookups fs/namei.c:3547 [inline] #1: ffff0000d7ac0150 (&type->i_mutex_dir_key#6){+.+.}-{3:3}, at: path_openat+0x5ec/0x2548 fs/namei.c:3780 #2: ffff0000d960e650 (sb_internal#2){.+.+}-{0:0}, at: gfs2_trans_begin+0xa8/0x11c fs/gfs2/trans.c:118 #3: ffff0000d895d058 (&sdp->sd_log_flush_lock){++++}-{3:3}, at: gfs2_log_flush+0xb4/0x1b20 fs/gfs2/log.c:1043 #4: ffff0000d895ce80 (&sdp->sd_log_lock){+.+.}-{2:2}, at: spin_lock include/linux/spinlock.h:351 [inline] #4: ffff0000d895ce80 (&sdp->sd_log_lock){+.+.}-{2:2}, at: gfs2_log_lock fs/gfs2/log.h:32 [inline] #4: ffff0000d895ce80 (&sdp->sd_log_lock){+.+.}-{2:2}, at: gfs2_flush_revokes+0x50/0x94 fs/gfs2/log.c:814 #5: ffff0000d895d248 (&sdp->sd_freeze_mutex){+.+.}-{3:3}, at: signal_our_withdraw fs/gfs2/util.c:155 [inline] #5: ffff0000d895d248 (&sdp->sd_freeze_mutex){+.+.}-{3:3}, at: gfs2_withdraw+0x430/0x140c fs/gfs2/util.c:354 Modules linked in: Preemption disabled at: [<ffff80000a4375ac>] spin_lock include/linux/spinlock.h:351 [inline] [<ffff80000a4375ac>] gfs2_log_lock fs/gfs2/log.h:32 [inline] [<ffff80000a4375ac>] gfs2_flush_revokes+0x50/0x94 fs/gfs2/log.c:814 CPU: 0 PID: 4290 Comm: syz-executor166 Tainted: G W 6.1.131-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 Call trace: dump_backtrace+0x1c8/0x1f4 arch/arm64/kernel/stacktrace.c:158 show_stack+0x2c/0x3c arch/arm64/kernel/stacktrace.c:165 __dump_stack lib/dump_stack.c:88 [inline] dump_stack_lvl+0x108/0x170 lib/dump_stack.c:106 dump_stack+0x1c/0x58 lib/dump_stack.c:113 __schedule_bug+0x12c/0x1e0 kernel/sched/core.c:5791 schedule_debug kernel/sched/core.c:5818 [inline] __schedule+0xf8c/0x1d44 kernel/sched/core.c:6453 schedule+0xc4/0x170 kernel/sched/core.c:6636 schedule_timeout+0xb8/0x344 kernel/time/timer.c:1941 do_wait_for_common+0x30c/0x468 kernel/sched/completion.c:85 __wait_for_common kernel/sched/completion.c:106 [inline] wait_for_common kernel/sched/completion.c:117 [inline] wait_for_completion+0x48/0x60 kernel/sched/completion.c:138 kthread_stop+0x1d8/0x8c0 kernel/kthread.c:711 signal_our_withdraw fs/gfs2/util.c:165 [inline] gfs2_withdraw+0x508/0x140c fs/gfs2/util.c:354 gfs2_ail1_empty+0x744/0x7d4 fs/gfs2/log.c:377 gfs2_flush_revokes+0x5c/0x94 fs/gfs2/log.c:815 revoke_lo_before_commit+0x3c/0x640 fs/gfs2/lops.c:869 lops_before_commit fs/gfs2/lops.h:40 [inline] gfs2_log_flush+0x884/0x1b20 fs/gfs2/log.c:1102 gfs2_trans_end+0x2f8/0x4c4 fs/gfs2/trans.c:158 alloc_dinode+0x33c/0x478 fs/gfs2/inode.c:410 gfs2_create_inode+0xc58/0x1548 fs/gfs2/inode.c:711 gfs2_atomic_open+0xd8/0x1c4 fs/gfs2/inode.c:1292 atomic_open fs/namei.c:3345 [inline] lookup_open fs/namei.c:3453 [inline] open_last_lookups fs/namei.c:3550 [inline] path_openat+0xbf8/0x2548 fs/namei.c:3780 do_filp_open+0x1bc/0x3cc fs/namei.c:3810 do_sys_openat2+0x128/0x3e0 fs/open.c:1318 do_sys_open fs/open.c:1334 [inline] __do_sys_openat fs/open.c:1350 [inline] __se_sys_openat fs/open.c:1345 [inline] __arm64_sys_openat+0x1f0/0x240 fs/open.c:1345 __invoke_syscall arch/arm64/kernel/syscall.c:38 [inline] invoke_syscall+0x98/0x2bc arch/arm64/kernel/syscall.c:52 el0_svc_common+0x138/0x258 arch/arm64/kernel/syscall.c:140 do_el0_svc+0x58/0x13c arch/arm64/kernel/syscall.c:204 el0_svc+0x58/0x168 arch/arm64/kernel/entry-common.c:637 el0t_64_sync_handler+0x84/0xf0 arch/arm64/kernel/entry-common.c:655 el0t_64_sync+0x18c/0x190 arch/arm64/kernel/entry.S:585 gfs2: fsid=syz:syz.0: Journal recovery skipped for jid 0 until next mount. gfs2: fsid=syz:syz.0: Glock dequeues delayed: 0 ============================= [ BUG: Invalid wait context ] 6.1.131-syzkaller #0 Tainted: G W ----------------------------- syz-executor166/4290 is trying to lock: ffff8000184bcc88 (uevent_sock_mutex){+.+.}-{3:3}, at: kobject_uevent_env+0x4d0/0x874 lib/kobject_uevent.c:601 other info that might help us debug this: context-{4:4} 5 locks held by syz-executor166/4290: #0: ffff0000d960e460 (sb_writers#8){.+.+}-{0:0}, at: mnt_want_write+0x44/0x9c fs/namespace.c:393 #1: ffff0000d7ac0150 (&type->i_mutex_dir_key#6){+.+.}-{3:3}, at: inode_lock include/linux/fs.h:758 [inline] #1: ffff0000d7ac0150 (&type->i_mutex_dir_key#6){+.+.}-{3:3}, at: open_last_lookups fs/namei.c:3547 [inline] #1: ffff0000d7ac0150 (&type->i_mutex_dir_key#6){+.+.}-{3:3}, at: path_openat+0x5ec/0x2548 fs/namei.c:3780 #2: ffff0000d960e650 (sb_internal#2){.+.+}-{0:0}, at: gfs2_trans_begin+0xa8/0x11c fs/gfs2/trans.c:118 #3: ffff0000d895d058 (&sdp->sd_log_flush_lock){++++}-{3:3}, at: gfs2_log_flush+0xb4/0x1b20 fs/gfs2/log.c:1043 #4: ffff0000d895ce80 (&sdp->sd_log_lock){+.+.}-{2:2}, at: spin_lock include/linux/spinlock.h:351 [inline] #4: ffff0000d895ce80 (&sdp->sd_log_lock){+.+.}-{2:2}, at: gfs2_log_lock fs/gfs2/log.h:32 [inline] #4: ffff0000d895ce80 (&sdp->sd_log_lock){+.+.}-{2:2}, at: gfs2_flush_revokes+0x50/0x94 fs/gfs2/log.c:814 stack backtrace: CPU: 0 PID: 4290 Comm: syz-executor166 Tainted: G W 6.1.131-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 Call trace: dump_backtrace+0x1c8/0x1f4 arch/arm64/kernel/stacktrace.c:158 show_stack+0x2c/0x3c arch/arm64/kernel/stacktrace.c:165 __dump_stack lib/dump_stack.c:88 [inline] dump_stack_lvl+0x108/0x170 lib/dump_stack.c:106 dump_stack+0x1c/0x58 lib/dump_stack.c:113 print_lock_invalid_wait_context kernel/locking/lockdep.c:4701 [inline] check_wait_context kernel/locking/lockdep.c:4762 [inline] __lock_acquire+0x1b14/0x7680 kernel/locking/lockdep.c:4999 lock_acquire+0x26c/0x7cc kernel/locking/lockdep.c:5662 __mutex_lock_common+0x190/0x21a0 kernel/locking/mutex.c:603 __mutex_lock kernel/locking/mutex.c:747 [inline] mutex_lock_nested+0x38/0x44 kernel/locking/mutex.c:799 kobject_uevent_env+0x4d0/0x874 lib/kobject_uevent.c:601 kobject_uevent+0x2c/0x3c lib/kobject_uevent.c:657 gfs2_withdraw+0xcfc/0x140c fs/gfs2/util.c:356 gfs2_ail1_empty+0x744/0x7d4 fs/gfs2/log.c:377 gfs2_flush_revokes+0x5c/0x94 fs/gfs2/log.c:815 revoke_lo_before_commit+0x3c/0x640 fs/gfs2/lops.c:869 lops_before_commit fs/gfs2/lops.h:40 [inline] gfs2_log_flush+0x884/0x1b20 fs/gfs2/log.c:1102 gfs2_trans_end+0x2f8/0x4c4 fs/gfs2/trans.c:158 alloc_dinode+0x33c/0x478 fs/gfs2/inode.c:410 gfs2_create_inode+0xc58/0x1548 fs/gfs2/inode.c:711 gfs2_atomic_open+0xd8/0x1c4 fs/gfs2/inode.c:1292 atomic_open fs/namei.c:3345 [inline] lookup_open fs/namei.c:3453 [inline] open_last_lookups fs/namei.c:3550 [inline] path_openat+0xbf8/0x2548 fs/namei.c:3780 do_filp_open+0x1bc/0x3cc fs/namei.c:3810 do_sys_openat2+0x128/0x3e0 fs/open.c:1318 do_sys_open fs/open.c:1334 [inline] __do_sys_openat fs/open.c:1350 [inline] __se_sys_openat fs/open.c:1345 [inline] __arm64_sys_openat+0x1f0/0x240 fs/open.c:1345 __invoke_syscall arch/arm64/kernel/syscall.c:38 [inline] invoke_syscall+0x98/0x2bc arch/arm64/kernel/syscall.c:52 el0_svc_common+0x138/0x258 arch/arm64/kernel/syscall.c:140 do_el0_svc+0x58/0x13c arch/arm64/kernel/syscall.c:204 el0_svc+0x58/0x168 arch/arm64/kernel/entry-common.c:637 el0t_64_sync_handler+0x84/0xf0 arch/arm64/kernel/entry-common.c:655 el0t_64_sync+0x18c/0x190 arch/arm64/kernel/entry.S:585 gfs2: fsid=syz:syz.0: File system withdrawn CPU: 0 PID: 4290 Comm: syz-executor166 Tainted: G W 6.1.131-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 Call trace: dump_backtrace+0x1c8/0x1f4 arch/arm64/kernel/stacktrace.c:158 show_stack+0x2c/0x3c arch/arm64/kernel/stacktrace.c:165 __dump_stack lib/dump_stack.c:88 [inline] dump_stack_lvl+0x108/0x170 lib/dump_stack.c:106 dump_stack+0x1c/0x58 lib/dump_stack.c:113 gfs2_withdraw+0xdcc/0x140c fs/gfs2/util.c:366 gfs2_ail1_empty+0x744/0x7d4 fs/gfs2/log.c:377 gfs2_flush_revokes+0x5c/0x94 fs/gfs2/log.c:815 revoke_lo_before_commit+0x3c/0x640 fs/gfs2/lops.c:869 lops_before_commit fs/gfs2/lops.h:40 [inline] gfs2_log_flush+0x884/0x1b20 fs/gfs2/log.c:1102 gfs2_trans_end+0x2f8/0x4c4 fs/gfs2/trans.c:158 alloc_dinode+0x33c/0x478 fs/gfs2/inode.c:410 gfs2_create_inode+0xc58/0x1548 fs/gfs2/inode.c:711 gfs2_atomic_open+0xd8/0x1c4 fs/gfs2/inode.c:1292 atomic_open fs/namei.c:3345 [inline] lookup_open fs/namei.c:3453 [inline] open_last_lookups fs/namei.c:3550 [inline] path_openat+0xbf8/0x2548 fs/namei.c:3780 do_filp_open+0x1bc/0x3cc fs/namei.c:3810 do_sys_openat2+0x128/0x3e0 fs/open.c:1318 do_sys_open fs/open.c:1334 [inline] __do_sys_openat fs/open.c:1350 [inline] __se_sys_openat fs/open.c:1345 [inline] __arm64_sys_openat+0x1f0/0x240 fs/open.c:1345 __invoke_syscall arch/arm64/kernel/syscall.c:38 [inline] invoke_syscall+0x98/0x2bc arch/arm64/kernel/syscall.c:52 el0_svc_common+0x138/0x258 arch/arm64/kernel/syscall.c:140 do_el0_svc+0x58/0x13c arch/arm64/kernel/syscall.c:204 el0_svc+0x58/0x168 arch/arm64/kernel/entry-common.c:637 el0t_64_sync_handler+0x84/0xf0 arch/arm64/kernel/entry-common.c:655 el0t_64_sync+0x18c/0x190 arch/arm64/kernel/entry.S:585

Crashes (6):
Time	Kernel	Commit	Syzkaller	Config	Log	Report	Syz repro	C repro	VM info	Assets (help?)	Manager	Title
2025/03/23 20:29	linux-6.1.y	344a09659766	4e8d3850	.config	console log	report	syz / log	C		[disk image] [vmlinux] [kernel image] [mounted in repro (corrupt fs)]	ci2-linux-6-1-kasan-arm64	BUG: sleeping function called from invalid context in gfs2_withdraw
2025/03/23 19:06	linux-6.1.y	344a09659766	4e8d3850	.config	console log	report	syz / log	C		[disk image] [vmlinux] [kernel image] [mounted in repro (corrupt fs)]	ci2-linux-6-1-kasan-arm64	BUG: sleeping function called from invalid context in gfs2_withdraw
2025/03/26 12:48	linux-6.1.y	344a09659766	89d30d73	.config	console log	report			info	[disk image] [vmlinux] [kernel image]	ci2-linux-6-1-kasan-arm64	BUG: sleeping function called from invalid context in gfs2_withdraw
2025/03/26 12:48	linux-6.1.y	344a09659766	89d30d73	.config	console log	report			info	[disk image] [vmlinux] [kernel image]	ci2-linux-6-1-kasan-arm64	BUG: sleeping function called from invalid context in gfs2_withdraw
2025/03/23 18:46	linux-6.1.y	344a09659766	4e8d3850	.config	console log	report			info	[disk image] [vmlinux] [kernel image]	ci2-linux-6-1-kasan-arm64	BUG: sleeping function called from invalid context in gfs2_withdraw
2025/03/23 18:44	linux-6.1.y	344a09659766	4e8d3850	.config	console log	report			info	[disk image] [vmlinux] [kernel image]	ci2-linux-6-1-kasan-arm64	BUG: sleeping function called from invalid context in gfs2_withdraw

Crashes (6):

Assets (help?)