syzbot

 sign-in | mailing list | source | docs
🐞 Open [681]
🐞 Fixed [69]
🐞 Invalid [840]
Missing Backports [101]
Crashes
Kernel Health Bugs/Month Bug Lifetimes Fuzzing
💬 Send us feedback

BUG: sleeping function called from invalid context in gfs2_glock_nq

Status: upstream: reported C repro on 2025/03/23 19:17
Bug presence: origin:upstream
[Documentation on labels]
Reported-by: syzbot+bb997aca7747d265b7b1@syzkaller.appspotmail.com
First crash: 26d, last: 4d09h
Bug presence (1)
Date Name Commit Repro Result
2025/03/24 upstream (ToT) 38fec10eb60d C [report] INFO: task hung in lock_buffer
Last patch testing requests (2)
Created Duration User Patch Repo Result
2025/04/14 23:41 30m retest repro linux-5.15.y report log
2025/04/14 23:41 11m retest repro linux-5.15.y report log

Sample crash report:
loop0: rw=1, want=16778992, limit=32768
gfs2: fsid=syz:syz.0: Error 10 writing to journal, jid=0
gfs2: fsid=syz:syz.0: fatal: I/O error(s)
gfs2: fsid=syz:syz.0: about to withdraw this file system
BUG: sleeping function called from invalid context at fs/gfs2/glock.c:1281
in_atomic(): 1, irqs_disabled(): 0, non_block: 0, pid: 4024, name: syz-executor158
5 locks held by syz-executor158/4024:
 #0: ffff0000cb852460 (sb_writers#8){.+.+}-{0:0}, at: mnt_want_write+0x44/0x9c fs/namespace.c:377
 #1: ffff0000ddf30150 (&type->i_mutex_dir_key#6){+.+.}-{3:3}, at: inode_lock include/linux/fs.h:787 [inline]
 #1: ffff0000ddf30150 (&type->i_mutex_dir_key#6){+.+.}-{3:3}, at: open_last_lookups fs/namei.c:3529 [inline]
 #1: ffff0000ddf30150 (&type->i_mutex_dir_key#6){+.+.}-{3:3}, at: path_openat+0x640/0x26cc fs/namei.c:3739
 #2: ffff0000cb852650 (sb_internal#2){.+.+}-{0:0}, at: gfs2_trans_begin+0x128/0x1cc fs/gfs2/trans.c:118
 #3: ffff0000cb3bd0a8 (&sdp->sd_log_flush_lock){++++}-{3:3}, at: gfs2_log_flush+0xbc/0x21d4 fs/gfs2/log.c:1035
 #4: ffff0000cb3bced0 (&sdp->sd_log_lock){+.+.}-{2:2}, at: spin_lock include/linux/spinlock.h:363 [inline]
 #4: ffff0000cb3bced0 (&sdp->sd_log_lock){+.+.}-{2:2}, at: gfs2_log_lock fs/gfs2/log.h:32 [inline]
 #4: ffff0000cb3bced0 (&sdp->sd_log_lock){+.+.}-{2:2}, at: gfs2_flush_revokes+0x50/0x94 fs/gfs2/log.c:806
Preemption disabled at:
[<ffff80000a336f28>] spin_lock include/linux/spinlock.h:363 [inline]
[<ffff80000a336f28>] gfs2_log_lock fs/gfs2/log.h:32 [inline]
[<ffff80000a336f28>] gfs2_flush_revokes+0x50/0x94 fs/gfs2/log.c:806
CPU: 0 PID: 4024 Comm: syz-executor158 Not tainted 5.15.179-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
Call trace:
 dump_backtrace+0x0/0x530 arch/arm64/kernel/stacktrace.c:152
 show_stack+0x2c/0x3c arch/arm64/kernel/stacktrace.c:216
 __dump_stack lib/dump_stack.c:88 [inline]
 dump_stack_lvl+0x108/0x170 lib/dump_stack.c:106
 dump_stack+0x1c/0x58 lib/dump_stack.c:113
 ___might_sleep+0x380/0x4dc kernel/sched/core.c:9638
 __might_sleep+0x98/0xf0 kernel/sched/core.c:9592
 gfs2_glock_wait fs/gfs2/glock.c:1281 [inline]
 gfs2_glock_nq+0xac8/0x144c fs/gfs2/glock.c:1538
 gfs2_glock_nq_init fs/gfs2/glock.h:246 [inline]
 gfs2_freeze_lock+0x64/0xd8 fs/gfs2/util.c:107
 signal_our_withdraw fs/gfs2/util.c:160 [inline]
 gfs2_withdraw+0x4b0/0x12a4 fs/gfs2/util.c:343
 gfs2_ail1_empty+0x758/0x7e8 fs/gfs2/log.c:369
 gfs2_flush_revokes+0x5c/0x94 fs/gfs2/log.c:807
 revoke_lo_before_commit+0x3c/0x640 fs/gfs2/lops.c:872
 lops_before_commit fs/gfs2/lops.h:40 [inline]
 gfs2_log_flush+0x958/0x21d4 fs/gfs2/log.c:1094
 gfs2_trans_end+0x300/0x4cc fs/gfs2/trans.c:158
 alloc_dinode+0x33c/0x478 fs/gfs2/inode.c:419
 gfs2_create_inode+0xbe0/0x14c4 fs/gfs2/inode.c:720
 gfs2_atomic_open+0xd8/0x1c4 fs/gfs2/inode.c:1295
 atomic_open fs/namei.c:3325 [inline]
 lookup_open fs/namei.c:3433 [inline]
 open_last_lookups fs/namei.c:3532 [inline]
 path_openat+0xc54/0x26cc fs/namei.c:3739
 do_filp_open+0x1a8/0x3b4 fs/namei.c:3769
 do_sys_openat2+0x128/0x3e0 fs/open.c:1253
 do_sys_open fs/open.c:1269 [inline]
 __do_sys_openat fs/open.c:1285 [inline]
 __se_sys_openat fs/open.c:1280 [inline]
 __arm64_sys_openat+0x1f0/0x240 fs/open.c:1280
 __invoke_syscall arch/arm64/kernel/syscall.c:38 [inline]
 invoke_syscall+0x98/0x2b8 arch/arm64/kernel/syscall.c:52
 el0_svc_common+0x138/0x258 arch/arm64/kernel/syscall.c:142
 do_el0_svc+0x58/0x14c arch/arm64/kernel/syscall.c:181
 el0_svc+0x7c/0x1f0 arch/arm64/kernel/entry-common.c:608
 el0t_64_sync_handler+0x84/0xe4 arch/arm64/kernel/entry-common.c:626
 el0t_64_sync+0x1a0/0x1a4 arch/arm64/kernel/entry.S:584

=============================
[ BUG: Invalid wait context ]
5.15.179-syzkaller #0 Tainted: G        W        
-----------------------------
syz-executor158/4024 is trying to lock:
ffff0000c72cc488 (&wq->mutex){+.+.}-{3:3}, at: flush_workqueue+0x170/0x11c4 kernel/workqueue.c:2833
other info that might help us debug this:
context-{4:4}
5 locks held by syz-executor158/4024:
 #0: ffff0000cb852460 (sb_writers#8){.+.+}-{0:0}, at: mnt_want_write+0x44/0x9c fs/namespace.c:377
 #1: ffff0000ddf30150 (&type->i_mutex_dir_key#6){+.+.}-{3:3}, at: inode_lock include/linux/fs.h:787 [inline]
 #1: ffff0000ddf30150 (&type->i_mutex_dir_key#6){+.+.}-{3:3}, at: open_last_lookups fs/namei.c:3529 [inline]
 #1: ffff0000ddf30150 (&type->i_mutex_dir_key#6){+.+.}-{3:3}, at: path_openat+0x640/0x26cc fs/namei.c:3739
 #2: ffff0000cb852650 (sb_internal#2){.+.+}-{0:0}, at: gfs2_trans_begin+0x128/0x1cc fs/gfs2/trans.c:118
 #3: ffff0000cb3bd0a8 (&sdp->sd_log_flush_lock){++++}-{3:3}, at: gfs2_log_flush+0xbc/0x21d4 fs/gfs2/log.c:1035
 #4: ffff0000cb3bced0 (&sdp->sd_log_lock){+.+.}-{2:2}, at: spin_lock include/linux/spinlock.h:363 [inline]
 #4: ffff0000cb3bced0 (&sdp->sd_log_lock){+.+.}-{2:2}, at: gfs2_log_lock fs/gfs2/log.h:32 [inline]
 #4: ffff0000cb3bced0 (&sdp->sd_log_lock){+.+.}-{2:2}, at: gfs2_flush_revokes+0x50/0x94 fs/gfs2/log.c:806
stack backtrace:
CPU: 0 PID: 4024 Comm: syz-executor158 Tainted: G        W         5.15.179-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
Call trace:
 dump_backtrace+0x0/0x530 arch/arm64/kernel/stacktrace.c:152
 show_stack+0x2c/0x3c arch/arm64/kernel/stacktrace.c:216
 __dump_stack lib/dump_stack.c:88 [inline]
 dump_stack_lvl+0x108/0x170 lib/dump_stack.c:106
 dump_stack+0x1c/0x58 lib/dump_stack.c:113
 print_lock_invalid_wait_context kernel/locking/lockdep.c:4664 [inline]
 check_wait_context kernel/locking/lockdep.c:4725 [inline]
 __lock_acquire+0x1af0/0x7638 kernel/locking/lockdep.c:4962
 lock_acquire+0x240/0x77c kernel/locking/lockdep.c:5623
 __mutex_lock_common+0x194/0x2154 kernel/locking/mutex.c:596
 __mutex_lock kernel/locking/mutex.c:729 [inline]
 mutex_lock_nested+0xa4/0xf8 kernel/locking/mutex.c:743
 flush_workqueue+0x170/0x11c4 kernel/workqueue.c:2833
 gfs2_flush_delete_work+0x34/0x44 fs/gfs2/glock.c:2108
 gfs2_make_fs_ro+0xb4/0x554 fs/gfs2/super.c:529
 signal_our_withdraw fs/gfs2/util.c:166 [inline]
 gfs2_withdraw+0x4ec/0x12a4 fs/gfs2/util.c:343
 gfs2_ail1_empty+0x758/0x7e8 fs/gfs2/log.c:369
 gfs2_flush_revokes+0x5c/0x94 fs/gfs2/log.c:807
 revoke_lo_before_commit+0x3c/0x640 fs/gfs2/lops.c:872
 lops_before_commit fs/gfs2/lops.h:40 [inline]
 gfs2_log_flush+0x958/0x21d4 fs/gfs2/log.c:1094
 gfs2_trans_end+0x300/0x4cc fs/gfs2/trans.c:158
 alloc_dinode+0x33c/0x478 fs/gfs2/inode.c:419
 gfs2_create_inode+0xbe0/0x14c4 fs/gfs2/inode.c:720
 gfs2_atomic_open+0xd8/0x1c4 fs/gfs2/inode.c:1295
 atomic_open fs/namei.c:3325 [inline]
 lookup_open fs/namei.c:3433 [inline]
 open_last_lookups fs/namei.c:3532 [inline]
 path_openat+0xc54/0x26cc fs/namei.c:3739
 do_filp_open+0x1a8/0x3b4 fs/namei.c:3769
 do_sys_openat2+0x128/0x3e0 fs/open.c:1253
 do_sys_open fs/open.c:1269 [inline]
 __do_sys_openat fs/open.c:1285 [inline]
 __se_sys_openat fs/open.c:1280 [inline]
 __arm64_sys_openat+0x1f0/0x240 fs/open.c:1280
 __invoke_syscall arch/arm64/kernel/syscall.c:38 [inline]
 invoke_syscall+0x98/0x2b8 arch/arm64/kernel/syscall.c:52
 el0_svc_common+0x138/0x258 arch/arm64/kernel/syscall.c:142
 do_el0_svc+0x58/0x14c arch/arm64/kernel/syscall.c:181
 el0_svc+0x7c/0x1f0 arch/arm64/kernel/entry-common.c:608
 el0t_64_sync_handler+0x84/0xe4 arch/arm64/kernel/entry-common.c:626
 el0t_64_sync+0x1a0/0x1a4 arch/arm64/kernel/entry.S:584
BUG: scheduling while atomic: syz-executor158/4024/0x00000002
INFO: lockdep is turned off.
Modules linked in:
Preemption disabled at:
[<ffff80000a336f28>] spin_lock include/linux/spinlock.h:363 [inline]
[<ffff80000a336f28>] gfs2_log_lock fs/gfs2/log.h:32 [inline]
[<ffff80000a336f28>] gfs2_flush_revokes+0x50/0x94 fs/gfs2/log.c:806
CPU: 0 PID: 4024 Comm: syz-executor158 Tainted: G        W         5.15.179-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
Call trace:
 dump_backtrace+0x0/0x530 arch/arm64/kernel/stacktrace.c:152
 show_stack+0x2c/0x3c arch/arm64/kernel/stacktrace.c:216
 __dump_stack lib/dump_stack.c:88 [inline]
 dump_stack_lvl+0x108/0x170 lib/dump_stack.c:106
 dump_stack+0x1c/0x58 lib/dump_stack.c:113
 __schedule_bug+0x12c/0x1e0 kernel/sched/core.c:5571
 schedule_debug kernel/sched/core.c:5598 [inline]
 __schedule+0xfa8/0x1e48 kernel/sched/core.c:6266
 schedule+0x11c/0x1c8 kernel/sched/core.c:6458
 schedule_timeout+0xb8/0x344 kernel/time/timer.c:1890
 do_wait_for_common+0x214/0x388 kernel/sched/completion.c:85
 __wait_for_common kernel/sched/completion.c:106 [inline]
 wait_for_common kernel/sched/completion.c:117 [inline]
 wait_for_completion+0x4c/0x64 kernel/sched/completion.c:138
 kthread_stop+0x1a0/0x788 kernel/kthread.c:666
 gfs2_make_fs_ro+0x12c/0x554 fs/gfs2/super.c:533
 signal_our_withdraw fs/gfs2/util.c:166 [inline]
 gfs2_withdraw+0x4ec/0x12a4 fs/gfs2/util.c:343
 gfs2_ail1_empty+0x758/0x7e8 fs/gfs2/log.c:369
 gfs2_flush_revokes+0x5c/0x94 fs/gfs2/log.c:807
 revoke_lo_before_commit+0x3c/0x640 fs/gfs2/lops.c:872
 lops_before_commit fs/gfs2/lops.h:40 [inline]
 gfs2_log_flush+0x958/0x21d4 fs/gfs2/log.c:1094
 gfs2_trans_end+0x300/0x4cc fs/gfs2/trans.c:158
 alloc_dinode+0x33c/0x478 fs/gfs2/inode.c:419
 gfs2_create_inode+0xbe0/0x14c4 fs/gfs2/inode.c:720
 gfs2_atomic_open+0xd8/0x1c4 fs/gfs2/inode.c:1295
 atomic_open fs/namei.c:3325 [inline]
 lookup_open fs/namei.c:3433 [inline]
 open_last_lookups fs/namei.c:3532 [inline]
 path_openat+0xc54/0x26cc fs/namei.c:3739
 do_filp_open+0x1a8/0x3b4 fs/namei.c:3769
 do_sys_openat2+0x128/0x3e0 fs/open.c:1253
 do_sys_open fs/open.c:1269 [inline]
 __do_sys_openat fs/open.c:1285 [inline]
 __se_sys_openat fs/open.c:1280 [inline]
 __arm64_sys_openat+0x1f0/0x240 fs/open.c:1280
 __invoke_syscall arch/arm64/kernel/syscall.c:38 [inline]
 invoke_syscall+0x98/0x2b8 arch/arm64/kernel/syscall.c:52
 el0_svc_common+0x138/0x258 arch/arm64/kernel/syscall.c:142
 do_el0_svc+0x58/0x14c arch/arm64/kernel/syscall.c:181
 el0_svc+0x7c/0x1f0 arch/arm64/kernel/entry-common.c:608
 el0t_64_sync_handler+0x84/0xe4 arch/arm64/kernel/entry-common.c:626
 el0t_64_sync+0x1a0/0x1a4 arch/arm64/kernel/entry.S:584
gfs2: fsid=syz:syz.0: Journal recovery skipped for jid 0 until next mount.
gfs2: fsid=syz:syz.0: Glock dequeues delayed: 0
gfs2: fsid=syz:syz.0: File system withdrawn
CPU: 0 PID: 4024 Comm: syz-executor158 Tainted: G        W         5.15.179-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
Call trace:
 dump_backtrace+0x0/0x530 arch/arm64/kernel/stacktrace.c:152
 show_stack+0x2c/0x3c arch/arm64/kernel/stacktrace.c:216
 __dump_stack lib/dump_stack.c:88 [inline]
 dump_stack_lvl+0x108/0x170 lib/dump_stack.c:106
 dump_stack+0x1c/0x58 lib/dump_stack.c:113
 gfs2_withdraw+0xeac/0x12a4 fs/gfs2/util.c:355
 gfs2_ail1_empty+0x758/0x7e8 fs/gfs2/log.c:369
 gfs2_flush_revokes+0x5c/0x94 fs/gfs2/log.c:807
 revoke_lo_before_commit+0x3c/0x640 fs/gfs2/lops.c:872
 lops_before_commit fs/gfs2/lops.h:40 [inline]
 gfs2_log_flush+0x958/0x21d4 fs/gfs2/log.c:1094
 gfs2_trans_end+0x300/0x4cc fs/gfs2/trans.c:158
 alloc_dinode+0x33c/0x478 fs/gfs2/inode.c:419
 gfs2_create_inode+0xbe0/0x14c4 fs/gfs2/inode.c:720
 gfs2_atomic_open+0xd8/0x1c4 fs/gfs2/inode.c:1295
 atomic_open fs/namei.c:3325 [inline]
 lookup_open fs/namei.c:3433 [inline]
 open_last_lookups fs/namei.c:3532 [inline]
 path_openat+0xc54/0x26cc fs/namei.c:3739
 do_filp_open+0x1a8/0x3b4 fs/namei.c:3769
 do_sys_openat2+0x128/0x3e0 fs/open.c:1253
 do_sys_open fs/open.c:1269 [inline]
 __do_sys_openat fs/open.c:1285 [inline]
 __se_sys_openat fs/open.c:1280 [inline]
 __arm64_sys_openat+0x1f0/0x240 fs/open.c:1280
 __invoke_syscall arch/arm64/kernel/syscall.c:38 [inline]
 invoke_syscall+0x98/0x2b8 arch/arm64/kernel/syscall.c:52
 el0_svc_common+0x138/0x258 arch/arm64/kernel/syscall.c:142
 do_el0_svc+0x58/0x14c arch/arm64/kernel/syscall.c:181
 el0_svc+0x7c/0x1f0 arch/arm64/kernel/entry-common.c:608
 el0t_64_sync_handler+0x84/0xe4 arch/arm64/kernel/entry-common.c:626
 el0t_64_sync+0x1a0/0x1a4 arch/arm64/kernel/entry.S:584

Crashes (6):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2025/03/23 20:17 linux-5.15.y 0c935c049b5c 4e8d3850 .config console log report syz / log C [disk image] [vmlinux] [kernel image] [mounted in repro (corrupt fs)] ci2-linux-5-15-kasan-arm64 BUG: sleeping function called from invalid context in gfs2_glock_nq
2025/03/23 19:36 linux-5.15.y 0c935c049b5c 4e8d3850 .config console log report syz / log C [disk image] [vmlinux] [kernel image] [mounted in repro (corrupt fs)] ci2-linux-5-15-kasan-arm64 BUG: sleeping function called from invalid context in gfs2_glock_nq
2025/03/31 21:06 linux-5.15.y 0c935c049b5c d3999433 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan-arm64 BUG: sleeping function called from invalid context in gfs2_glock_nq
2025/03/31 21:06 linux-5.15.y 0c935c049b5c d3999433 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan-arm64 BUG: sleeping function called from invalid context in gfs2_glock_nq
2025/03/23 19:17 linux-5.15.y 0c935c049b5c 4e8d3850 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan-arm64 BUG: sleeping function called from invalid context in gfs2_glock_nq
2025/03/23 19:16 linux-5.15.y 0c935c049b5c 4e8d3850 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan-arm64 BUG: sleeping function called from invalid context in gfs2_glock_nq
* Struck through repros no longer work on HEAD.