syzbot


BUG: sleeping function called from invalid context in ovl_cache_entry_new

Status: upstream: reported C repro on 2025/03/27 16:27
Subsystems: afs ntfs3
[Documentation on labels]
Reported-by: syzbot+54e6c2176ba76c56217e@syzkaller.appspotmail.com
Fix commit: a64e4d48a0b7 afs: Fix afs_dynroot_readdir() to not use the RCU read lock
Patched on: [ci-qemu-gce-upstream-auto ci-qemu-upstream ci-qemu-upstream-386 ci-qemu2-arm64 ci-qemu2-arm64-compat ci-qemu2-arm64-mte ci-snapshot-upstream-root ci-upstream-bpf-kasan-gce ci-upstream-bpf-next-kasan-gce ci-upstream-gce-leak ci-upstream-kasan-badwrites-root ci-upstream-kasan-gce ci-upstream-kasan-gce-386 ci-upstream-kasan-gce-root ci-upstream-kasan-gce-selinux-root ci-upstream-kasan-gce-smack-root ci-upstream-kmsan-gce-386-root ci-upstream-kmsan-gce-root ci-upstream-linux-next-kasan-gce-root ci-upstream-net-kasan-gce ci-upstream-net-this-kasan-gce ci2-upstream-fs ci2-upstream-kcsan-gce], missing on: [ci-qemu-native-arm64-kvm ci-qemu2-arm32 ci-qemu2-riscv64 ci-upstream-gce-arm64 ci2-upstream-usb]
First crash: 29d, last: 2d08h
Cause bisection: introduced by (bisect log) :
commit 1d0b929fc070b4115403a0a6206a0c6a62dd61f5
Author: David Howells <dhowells@redhat.com>
Date: Mon Feb 24 09:52:58 2025 +0000

  afs: Change dynroot to create contents on demand

Crash: BUG: sleeping function called from invalid context in ovl_cache_entry_new (log)
Repro: C syz .config
  
Discussions (2)
Title Replies (including bot) Last reply
[PATCH] afs: Fix afs_dynroot_readdir() to not use the RCU read lock 2 (2) 2025/04/09 10:13
[syzbot] [afs?] [ntfs3?] BUG: sleeping function called from invalid context in ovl_cache_entry_new 4 (8) 2025/03/31 11:07
Last patch testing requests (3)
Created Duration User Patch Repo Result
2025/03/31 08:06 30m dhowells@redhat.com patch upstream report log
2025/03/29 02:53 1h36m eadavis@qq.com patch upstream error
2025/03/28 17:46 13m dhowells@redhat.com patch upstream error

Sample crash report:
BUG: sleeping function called from invalid context at ./include/linux/sched/mm.h:321
in_atomic(): 0, irqs_disabled(): 0, non_block: 0, pid: 5821, name: syz-executor365
preempt_count: 0, expected: 0
RCU nest depth: 1, expected: 0
4 locks held by syz-executor365/5821:
 #0: ffff888032b155f8 (&f->f_pos_lock){+.+.}-{4:4}, at: fdget_pos+0x247/0x310 fs/file.c:1213
 #1: ffff888077c90cf8 (&ovl_i_mutex_dir_key[depth]){++++}-{4:4}, at: wrap_directory_iterator+0x5a/0xd0 fs/readdir.c:54
 #2: ffff88807d2c0148 (&type->i_mutex_dir_key#6){++++}-{4:4}, at: iterate_dir+0x4a6/0x760 fs/readdir.c:101
 #3: ffffffff8eb3a760 (rcu_read_lock){....}-{1:3}, at: rcu_lock_acquire include/linux/rcupdate.h:331 [inline]
 #3: ffffffff8eb3a760 (rcu_read_lock){....}-{1:3}, at: rcu_read_lock include/linux/rcupdate.h:841 [inline]
 #3: ffffffff8eb3a760 (rcu_read_lock){....}-{1:3}, at: afs_dynroot_readdir+0x466/0xbe0 fs/afs/dynroot.c:351
CPU: 0 UID: 0 PID: 5821 Comm: syz-executor365 Not tainted 6.14.0-syzkaller-01103-g2df0c02dab82 #0 PREEMPT(full) 
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
Call Trace:
 <TASK>
 __dump_stack lib/dump_stack.c:94 [inline]
 dump_stack_lvl+0x241/0x360 lib/dump_stack.c:120
 __might_resched+0x558/0x6c0 kernel/sched/core.c:8798
 might_alloc include/linux/sched/mm.h:321 [inline]
 slab_pre_alloc_hook mm/slub.c:4089 [inline]
 slab_alloc_node mm/slub.c:4167 [inline]
 __do_kmalloc_node mm/slub.c:4317 [inline]
 __kmalloc_noprof+0xd0/0x4d0 mm/slub.c:4330
 kmalloc_noprof include/linux/slab.h:906 [inline]
 ovl_cache_entry_new+0x39/0x7b0 fs/overlayfs/readdir.c:152
 ovl_cache_entry_add_rb fs/overlayfs/readdir.c:188 [inline]
 ovl_fill_merge+0x416/0x830 fs/overlayfs/readdir.c:266
 dir_emit include/linux/fs.h:3853 [inline]
 afs_dynroot_readdir_cells fs/afs/dynroot.c:310 [inline]
 afs_dynroot_readdir+0x814/0xbe0 fs/afs/dynroot.c:352
 iterate_dir+0x5a9/0x760 fs/readdir.c:108
 ovl_dir_read+0xfe/0x570 fs/overlayfs/readdir.c:313
 ovl_dir_read_merged+0x315/0x5e0 fs/overlayfs/readdir.c:369
 ovl_cache_get fs/overlayfs/readdir.c:422 [inline]
 ovl_iterate+0x1196/0x21c0 fs/overlayfs/readdir.c:783
 wrap_directory_iterator+0x91/0xd0 fs/readdir.c:65
 iterate_dir+0x5a9/0x760 fs/readdir.c:108
 __do_sys_getdents fs/readdir.c:322 [inline]
 __se_sys_getdents+0x1ff/0x4e0 fs/readdir.c:308
 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
 do_syscall_64+0xf3/0x230 arch/x86/entry/syscall_64.c:94
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f7c82f020f9
Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 61 17 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007fff5a9e9b58 EFLAGS: 00000246 ORIG_RAX: 000000000000004e
RAX: ffffffffffffffda RBX: 00007fff5a9e9c20 RCX: 00007f7c82f020f9
RDX: 0000000000000000 RSI: 0000000000000000 RDI: 00000000000000

Crashes (51):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2025/03/26 10:08 upstream 2df0c02dab82 89d30d73 .config strace log report syz / log C [disk image] [vmlinux] [kernel image] [mounted in repro] ci2-upstream-fs BUG: sleeping function called from invalid context in ovl_cache_entry_new
2025/03/26 09:04 upstream 2df0c02dab82 89d30d73 .config strace log report syz / log C [disk image] [vmlinux] [kernel image] [mounted in repro] ci2-upstream-fs BUG: sleeping function called from invalid context in ovl_cache_entry_new
2025/03/26 07:15 upstream 2df0c02dab82 89d30d73 .config strace log report syz / log C [disk image] [vmlinux] [kernel image] [mounted in repro] ci2-upstream-fs BUG: sleeping function called from invalid context in ovl_cache_entry_new
2025/03/26 05:52 upstream 2df0c02dab82 89d30d73 .config strace log report syz / log C [disk image] [vmlinux] [kernel image] [mounted in repro] ci2-upstream-fs BUG: sleeping function called from invalid context in ovl_cache_entry_new
2025/04/13 18:42 upstream 7cdabafc0012 0bd6db41 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-selinux-root BUG: sleeping function called from invalid context in ovl_cache_entry_new
2025/04/10 23:36 upstream 2eb959eeecc6 1ef3ab4d .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs BUG: sleeping function called from invalid context in ovl_cache_entry_new
2025/04/09 00:47 upstream bec7dcbc242c b133e63a .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-selinux-root BUG: sleeping function called from invalid context in ovl_cache_entry_new
2025/04/09 00:47 upstream bec7dcbc242c b133e63a .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-selinux-root BUG: sleeping function called from invalid context in ovl_cache_entry_new
2025/04/09 00:47 upstream bec7dcbc242c b133e63a .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-selinux-root BUG: sleeping function called from invalid context in ovl_cache_entry_new
2025/04/08 05:26 upstream 0af2f6be1b42 a2ada0e7 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-selinux-root BUG: sleeping function called from invalid context in ovl_cache_entry_new
2025/04/07 17:34 upstream 0af2f6be1b42 a2ada0e7 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-selinux-root BUG: sleeping function called from invalid context in ovl_cache_entry_new
2025/04/07 06:45 upstream 0af2f6be1b42 1c65791e .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs BUG: sleeping function called from invalid context in ovl_cache_entry_new
2025/04/04 08:30 upstream a2cc6ff5ec8f d7ae3a11 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-selinux-root BUG: sleeping function called from invalid context in ovl_cache_entry_new
2025/04/01 20:06 upstream 08733088b566 b8645499 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs BUG: sleeping function called from invalid context in ovl_cache_entry_new
2025/04/01 07:02 upstream 1e7857b28020 36d76a97 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs BUG: sleeping function called from invalid context in ovl_cache_entry_new
2025/04/01 07:01 upstream 1e7857b28020 36d76a97 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs BUG: sleeping function called from invalid context in ovl_cache_entry_new
2025/03/27 13:15 upstream 1e1ba8d23dae 20510e88 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs BUG: sleeping function called from invalid context in ovl_cache_entry_new
2025/03/27 11:03 upstream 1e1ba8d23dae 20510e88 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-root BUG: sleeping function called from invalid context in ovl_cache_entry_new
2025/03/27 11:03 upstream 1e1ba8d23dae 20510e88 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-root BUG: sleeping function called from invalid context in ovl_cache_entry_new
2025/03/27 10:35 upstream 1e1ba8d23dae 20510e88 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs BUG: sleeping function called from invalid context in ovl_cache_entry_new
2025/03/26 06:02 upstream 2df0c02dab82 89d30d73 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs BUG: sleeping function called from invalid context in ovl_cache_entry_new
2025/03/26 00:21 upstream 2df0c02dab82 875573af .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs BUG: sleeping function called from invalid context in ovl_cache_entry_new
2025/04/13 21:32 upstream 5aaaedb0cb54 0bd6db41 .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu-upstream BUG: sleeping function called from invalid context in ovl_cache_entry_new
2025/04/13 15:05 upstream 7cdabafc0012 0bd6db41 .config console log report [disk image (non-bootable)] [vmlinux] [kernel image] ci-snapshot-upstream-root BUG: sleeping function called from invalid context in ovl_cache_entry_new
2025/04/12 21:56 upstream 3bde70a2c827 0bd6db41 .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu-upstream BUG: sleeping function called from invalid context in ovl_cache_entry_new
2025/04/12 20:48 upstream 3bde70a2c827 0bd6db41 .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu-upstream BUG: sleeping function called from invalid context in ovl_cache_entry_new
2025/04/12 14:47 upstream 3bde70a2c827 0bd6db41 .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu-upstream BUG: sleeping function called from invalid context in ovl_cache_entry_new
2025/04/10 05:00 upstream 3b07108ada81 988b336c .config console log report [disk image (non-bootable)] [vmlinux] [kernel image] ci-snapshot-upstream-root BUG: sleeping function called from invalid context in ovl_cache_entry_new
2025/04/10 05:00 upstream 3b07108ada81 988b336c .config console log report [disk image (non-bootable)] [vmlinux] [kernel image] ci-snapshot-upstream-root BUG: sleeping function called from invalid context in ovl_cache_entry_new
2025/04/08 23:16 upstream bec7dcbc242c b133e63a .config console log report [disk image (non-bootable)] [vmlinux] [kernel image] ci-snapshot-upstream-root BUG: sleeping function called from invalid context in ovl_cache_entry_new
2025/04/08 23:16 upstream bec7dcbc242c b133e63a .config console log report [disk image (non-bootable)] [vmlinux] [kernel image] ci-snapshot-upstream-root BUG: sleeping function called from invalid context in ovl_cache_entry_new
2025/04/08 22:35 upstream bec7dcbc242c b133e63a .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu-upstream BUG: sleeping function called from invalid context in ovl_cache_entry_new
2025/04/08 22:35 upstream bec7dcbc242c b133e63a .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu-upstream BUG: sleeping function called from invalid context in ovl_cache_entry_new
2025/04/04 07:29 upstream 06a22366d6a1 1740c707 .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu-upstream BUG: sleeping function called from invalid context in ovl_cache_entry_new
2025/04/04 04:47 upstream 06a22366d6a1 1740c707 .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu-upstream BUG: sleeping function called from invalid context in ovl_cache_entry_new
2025/04/03 04:57 upstream a1b5bd45d4ee 996a9618 .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu-upstream BUG: sleeping function called from invalid context in ovl_cache_entry_new
2025/04/08 23:11 upstream bec7dcbc242c b133e63a .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu-upstream-386 BUG: sleeping function called from invalid context in ovl_cache_entry_new
2025/04/08 23:11 upstream bec7dcbc242c b133e63a .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu-upstream-386 BUG: sleeping function called from invalid context in ovl_cache_entry_new
2025/04/08 23:11 upstream bec7dcbc242c b133e63a .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu-upstream-386 BUG: sleeping function called from invalid context in ovl_cache_entry_new
2025/04/08 23:11 upstream bec7dcbc242c b133e63a .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu-upstream-386 BUG: sleeping function called from invalid context in ovl_cache_entry_new
2025/04/05 19:29 upstream a8662bcd2ff1 1c65791e .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu-upstream-386 BUG: sleeping function called from invalid context in ovl_cache_entry_new
2025/04/09 04:53 linux-next 7702d0130dc0 b133e63a .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-linux-next-kasan-gce-root BUG: sleeping function called from invalid context in ovl_cache_entry_new
2025/04/21 23:23 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci c72692105976 2a20f901 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-gce-arm64 BUG: sleeping function called from invalid context in ovl_cache_entry_new
2025/04/15 19:13 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci c72692105976 23b969b7 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-gce-arm64 BUG: sleeping function called from invalid context in ovl_cache_entry_new
2025/04/15 14:18 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci c72692105976 23b969b7 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-gce-arm64 BUG: sleeping function called from invalid context in ovl_cache_entry_new
* Struck through repros no longer work on HEAD.