ci starts bisection 2025-10-09 08:22:43.900284542 +0000 UTC m=+120342.316847886 bisecting cause commit starting from 7c3ba4249a3604477ea9c077e10089ba7ddcaa03 building syzkaller on 7e2882b32698b70f3149aee00c41e3d2d941dca3 ensuring issue is reproducible on original commit 7c3ba4249a3604477ea9c077e10089ba7ddcaa03 testing commit 7c3ba4249a3604477ea9c077e10089ba7ddcaa03 gcc compiler: Debian clang version 20.1.8 (++20250708063551+0c9f909b7976-1~exp1~20250708183702.136), Debian LLD 20.1.8 kernel signature: 4847477bc05270f4a3f3849cbbd698162c2728a7f60c988ae80baff2e3b74cfc all runs: crashed: BUG: sleeping function called from invalid context in hook_sb_delete representative crash: BUG: sleeping function called from invalid context in hook_sb_delete, types: [ATOMIC_SLEEP] check whether we can drop unnecessary instrumentation disabling configs for [ubsan bug_or_warning kasan locking hang memleak], they are not needed testing commit 7c3ba4249a3604477ea9c077e10089ba7ddcaa03 gcc compiler: Debian clang version 20.1.8 (++20250708063551+0c9f909b7976-1~exp1~20250708183702.136), Debian LLD 20.1.8 kernel signature: 35717861ca1a6979c946de55d9c559b2c3b1fc10a9f0fd1944ccbb25cec0c247 all runs: crashed: BUG: sleeping function called from invalid context in hook_sb_delete representative crash: BUG: sleeping function called from invalid context in hook_sb_delete, types: [ATOMIC_SLEEP] the bug reproduces without the instrumentation disabling configs for [ubsan bug_or_warning kasan locking hang memleak], they are not needed kconfig minimization: base=4115 full=8560 leaves diff=2152 split chunks (needed=false): <2152> split chunk #0 of len 2152 into 5 parts testing without sub-chunk 1/5 disabling configs for [hang memleak ubsan bug_or_warning kasan locking], they are not needed testing commit 7c3ba4249a3604477ea9c077e10089ba7ddcaa03 gcc compiler: Debian clang version 20.1.8 (++20250708063551+0c9f909b7976-1~exp1~20250708183702.136), Debian LLD 20.1.8 kernel signature: e7261457672874ec22e6eaaebfcffda043b3b97ef6f4e2e4b6b00ec3f7c6986b all runs: crashed: BUG: sleeping function called from invalid context in hook_sb_delete representative crash: BUG: sleeping function called from invalid context in hook_sb_delete, types: [ATOMIC_SLEEP] the chunk can be dropped testing without sub-chunk 2/5 disabling configs for [memleak ubsan bug_or_warning kasan locking hang], they are not needed testing commit 7c3ba4249a3604477ea9c077e10089ba7ddcaa03 gcc compiler: Debian clang version 20.1.8 (++20250708063551+0c9f909b7976-1~exp1~20250708183702.136), Debian LLD 20.1.8 kernel signature: ae13c910092264ddcec66772ffc0edc97f4d6d2b437ac8648ff4602a59b632ca all runs: crashed: BUG: sleeping function called from invalid context in hook_sb_delete representative crash: BUG: sleeping function called from invalid context in hook_sb_delete, types: [ATOMIC_SLEEP] the chunk can be dropped testing without sub-chunk 3/5 disabling configs for [ubsan bug_or_warning kasan locking hang memleak], they are not needed testing commit 7c3ba4249a3604477ea9c077e10089ba7ddcaa03 gcc compiler: Debian clang version 20.1.8 (++20250708063551+0c9f909b7976-1~exp1~20250708183702.136), Debian LLD 20.1.8 kernel signature: 7eb498bad555c900273987c808500a457dfba96ab79931aaf42ba4cbd4f11453 all runs: crashed: BUG: sleeping function called from invalid context in hook_sb_delete representative crash: BUG: sleeping function called from invalid context in hook_sb_delete, types: [ATOMIC_SLEEP] the chunk can be dropped testing without sub-chunk 4/5 disabling configs for [ubsan bug_or_warning kasan locking hang memleak], they are not needed testing commit 7c3ba4249a3604477ea9c077e10089ba7ddcaa03 gcc compiler: Debian clang version 20.1.8 (++20250708063551+0c9f909b7976-1~exp1~20250708183702.136), Debian LLD 20.1.8 kernel signature: 89041471074317a96f768e5797d9036423bbdda6bff9f61e380eb2cd00c1234d all runs: crashed: BUG: sleeping function called from invalid context in hook_sb_delete representative crash: BUG: sleeping function called from invalid context in hook_sb_delete, types: [ATOMIC_SLEEP] the chunk can be dropped testing without sub-chunk 5/5 disabling configs for [hang memleak ubsan bug_or_warning kasan locking], they are not needed testing commit 7c3ba4249a3604477ea9c077e10089ba7ddcaa03 gcc compiler: Debian clang version 20.1.8 (++20250708063551+0c9f909b7976-1~exp1~20250708183702.136), Debian LLD 20.1.8 kernel signature: ca69c65660d6ac79ba047c9c9de7186b7c0a775eda24855d838b30a6a4ea6889 all runs: crashed: BUG: sleeping function called from invalid context in hook_sb_delete representative crash: BUG: sleeping function called from invalid context in hook_sb_delete, types: [ATOMIC_SLEEP] the chunk can be dropped disabling configs for [bug_or_warning kasan locking hang memleak ubsan], they are not needed picked [v6.17 v6.16 v6.15 v6.13 v6.11 v6.9 v6.7 v6.5 v6.2 v5.19 v5.16 v5.13 v5.10 v5.7 v5.4 v5.1 v4.19] out of 40 release tags testing release v6.17 testing commit e5f0a698b34ed76002dc5cff3804a61c80233a7a gcc compiler: Debian clang version 20.1.8 (++20250708063551+0c9f909b7976-1~exp1~20250708183702.136), Debian LLD 20.1.8 kernel signature: 5b4e662eadcb1f018617773f9a320e2544e51b0654de5cdb9b1b2a2b84ae5758 all runs: OK false negative chance: 0.000 # git bisect start 7c3ba4249a3604477ea9c077e10089ba7ddcaa03 e5f0a698b34ed76002dc5cff3804a61c80233a7a Bisecting: 6640 revisions left to test after this (roughly 13 steps) [f79e772258df311c2cb21594ca0996318e720d28] Merge tag 'media/v6.18-1' of git://git.kernel.org/pub/scm/linux/kernel/git/mchehab/linux-media testing commit f79e772258df311c2cb21594ca0996318e720d28 gcc compiler: Debian clang version 20.1.8 (++20250708063551+0c9f909b7976-1~exp1~20250708183702.136), Debian LLD 20.1.8 kernel signature: d92495b5a6bea64230e28ce1003f94a6c38ca4ca5a9092d37322581771ad60fb all runs: crashed: BUG: sleeping function called from invalid context in hook_sb_delete representative crash: BUG: sleeping function called from invalid context in hook_sb_delete, types: [ATOMIC_SLEEP] # git bisect bad f79e772258df311c2cb21594ca0996318e720d28 Bisecting: 2969 revisions left to test after this (roughly 12 steps) [0f048c878ee32a4259dbf28e0ad8fd0b71ee0085] Merge tag 'soc-dt-6.18' of git://git.kernel.org/pub/scm/linux/kernel/git/soc/soc testing commit 0f048c878ee32a4259dbf28e0ad8fd0b71ee0085 gcc compiler: Debian clang version 20.1.8 (++20250708063551+0c9f909b7976-1~exp1~20250708183702.136), Debian LLD 20.1.8 kernel signature: e2e4bf8912a064d5c8cbeda1fa82bf43a36647ed54af14ac21cd8e6d12fa0702 all runs: crashed: BUG: sleeping function called from invalid context in hook_sb_delete representative crash: BUG: sleeping function called from invalid context in hook_sb_delete, types: [ATOMIC_SLEEP] # git bisect bad 0f048c878ee32a4259dbf28e0ad8fd0b71ee0085 Bisecting: 1989 revisions left to test after this (roughly 11 steps) [c050daf69f3edf72e274eaa321f663b1779c4391] Merge tag 'pwm/for-6.18-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/ukleinek/linux testing commit c050daf69f3edf72e274eaa321f663b1779c4391 gcc compiler: Debian clang version 20.1.8 (++20250708063551+0c9f909b7976-1~exp1~20250708183702.136), Debian LLD 20.1.8 kernel signature: ce2a9afbe67c302b0cc522861ef1542d2737dc21c010e4da7b4540108fe2fc0f all runs: crashed: BUG: sleeping function called from invalid context in hook_sb_delete representative crash: BUG: sleeping function called from invalid context in hook_sb_delete, types: [ATOMIC_SLEEP] # git bisect bad c050daf69f3edf72e274eaa321f663b1779c4391 Bisecting: 949 revisions left to test after this (roughly 10 steps) [a23cd25baed2316e50597f8b67192bdc904f955b] Merge tag 'sched_ext-for-6.18' of git://git.kernel.org/pub/scm/linux/kernel/git/tj/sched_ext testing commit a23cd25baed2316e50597f8b67192bdc904f955b gcc compiler: Debian clang version 20.1.8 (++20250708063551+0c9f909b7976-1~exp1~20250708183702.136), Debian LLD 20.1.8 kernel signature: 846b6840d0d992e958efe2221895f3b8211bc5998ad2780266eeffd19834e18c all runs: crashed: BUG: sleeping function called from invalid context in hook_sb_delete representative crash: BUG: sleeping function called from invalid context in hook_sb_delete, types: [ATOMIC_SLEEP] # git bisect bad a23cd25baed2316e50597f8b67192bdc904f955b Bisecting: 492 revisions left to test after this (roughly 9 steps) [e2fffe1d958b3660bc4e07e6542d97b6cc168826] Merge tag 'crc-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/ebiggers/linux testing commit e2fffe1d958b3660bc4e07e6542d97b6cc168826 gcc compiler: Debian clang version 20.1.8 (++20250708063551+0c9f909b7976-1~exp1~20250708183702.136), Debian LLD 20.1.8 kernel signature: 6a2254b8f54ac10944fc76b09e3d9d6becc1db61d0ebd06463a9ff5060629275 all runs: crashed: BUG: sleeping function called from invalid context in hook_sb_delete representative crash: BUG: sleeping function called from invalid context in hook_sb_delete, types: [ATOMIC_SLEEP] # git bisect bad e2fffe1d958b3660bc4e07e6542d97b6cc168826 Bisecting: 251 revisions left to test after this (roughly 8 steps) [a40eb50a9566318a138b3e222fc4fe04e3932cda] Merge tag 'gfs2-for-6.18' of git://git.kernel.org/pub/scm/linux/kernel/git/gfs2/linux-gfs2 testing commit a40eb50a9566318a138b3e222fc4fe04e3932cda gcc compiler: Debian clang version 20.1.8 (++20250708063551+0c9f909b7976-1~exp1~20250708183702.136), Debian LLD 20.1.8 kernel signature: 835d4a1d18ddd96ac30038f28ce8e922cd23060f6c682a7926b6195f3d3573b7 all runs: crashed: BUG: sleeping function called from invalid context in hook_sb_delete representative crash: BUG: sleeping function called from invalid context in hook_sb_delete, types: [ATOMIC_SLEEP] # git bisect bad a40eb50a9566318a138b3e222fc4fe04e3932cda Bisecting: 108 revisions left to test after this (roughly 7 steps) [5484a4ea7a1f208b886b58dd55cc55f418930f8a] Merge tag 'vfs-6.18-rc1.afs' of git://git.kernel.org/pub/scm/linux/kernel/git/vfs/vfs testing commit 5484a4ea7a1f208b886b58dd55cc55f418930f8a gcc compiler: Debian clang version 20.1.8 (++20250708063551+0c9f909b7976-1~exp1~20250708183702.136), Debian LLD 20.1.8 kernel signature: 09fc22c47a906b90b1876371aa8fac11e6b6966f75a7efed940f4fca080a84af all runs: crashed: BUG: sleeping function called from invalid context in hook_sb_delete representative crash: BUG: sleeping function called from invalid context in hook_sb_delete, types: [ATOMIC_SLEEP] # git bisect bad 5484a4ea7a1f208b886b58dd55cc55f418930f8a Bisecting: 50 revisions left to test after this (roughly 6 steps) [3a2a5b278fb8d4cdb3154b8e4a38352b945f96fd] Merge tag 'vfs-6.18-rc1.mount' of git://git.kernel.org/pub/scm/linux/kernel/git/vfs/vfs testing commit 3a2a5b278fb8d4cdb3154b8e4a38352b945f96fd gcc compiler: Debian clang version 20.1.8 (++20250708063551+0c9f909b7976-1~exp1~20250708183702.136), Debian LLD 20.1.8 kernel signature: e4a78c5d663fde54396e96ee6d744e77f19f93046b69764c6582c5ca584c6cc8 all runs: OK false negative chance: 0.000 # git bisect good 3a2a5b278fb8d4cdb3154b8e4a38352b945f96fd Bisecting: 23 revisions left to test after this (roughly 5 steps) [029a4eb589129450f2735df825f784dd7e8c4c63] Merge tag 'vfs-6.18-rc1.iomap' of git://git.kernel.org/pub/scm/linux/kernel/git/vfs/vfs testing commit 029a4eb589129450f2735df825f784dd7e8c4c63 gcc compiler: Debian clang version 20.1.8 (++20250708063551+0c9f909b7976-1~exp1~20250708183702.136), Debian LLD 20.1.8 kernel signature: 326603223dfe091c0fcd3c7713f542ef7daf8722137afa3b696419d282375dda all runs: crashed: BUG: sleeping function called from invalid context in hook_sb_delete representative crash: BUG: sleeping function called from invalid context in hook_sb_delete, types: [ATOMIC_SLEEP] # git bisect bad 029a4eb589129450f2735df825f784dd7e8c4c63 Bisecting: 13 revisions left to test after this (roughly 4 steps) [8a3d00dde63a339d31d1fdeead24ddfd4d459c70] fsverity: check IS_VERITY() in fsverity_cleanup_inode() testing commit 8a3d00dde63a339d31d1fdeead24ddfd4d459c70 gcc compiler: Debian clang version 20.1.8 (++20250708063551+0c9f909b7976-1~exp1~20250708183702.136), Debian LLD 20.1.8 kernel signature: f579b0b4c70bb65c9579f1e1a8131e2ef2ae65e3dee6c20ef4d919ecb2a08eb5 all runs: OK false negative chance: 0.000 # git bisect good 8a3d00dde63a339d31d1fdeead24ddfd4d459c70 Bisecting: 6 revisions left to test after this (roughly 3 steps) [cde560f98a9b6e64dd675f6bd10137cc8243a32a] fs: expand dump_inode() testing commit cde560f98a9b6e64dd675f6bd10137cc8243a32a gcc compiler: Debian clang version 20.1.8 (++20250708063551+0c9f909b7976-1~exp1~20250708183702.136), Debian LLD 20.1.8 kernel signature: e4b7142e3131f50154d1f0bfa3c0773c44307fbed4fea81ab7ee4c1ed106a67f all runs: OK false negative chance: 0.000 # git bisect good cde560f98a9b6e64dd675f6bd10137cc8243a32a Bisecting: 3 revisions left to test after this (roughly 2 steps) [c59c965292f75e39cc4cfefb50d56d4b1900812e] Merge patch series "iomap: cleanups ahead of adding fuse support" testing commit c59c965292f75e39cc4cfefb50d56d4b1900812e gcc compiler: Debian clang version 20.1.8 (++20250708063551+0c9f909b7976-1~exp1~20250708183702.136), Debian LLD 20.1.8 kernel signature: b4b66487b5cf67b5feba1b17ad0e9fddf69eb2678b0cfc9e1bb3498f180876c5 all runs: OK false negative chance: 0.000 # git bisect good c59c965292f75e39cc4cfefb50d56d4b1900812e Bisecting: 1 revision left to test after this (roughly 1 step) [c3c616c53dbabddf32a0485bd133d8d3b9f6656a] Merge branch 'vfs-6.18.inode.refcount.preliminaries' testing commit c3c616c53dbabddf32a0485bd133d8d3b9f6656a gcc compiler: Debian clang version 20.1.8 (++20250708063551+0c9f909b7976-1~exp1~20250708183702.136), Debian LLD 20.1.8 kernel signature: a00668455f6973294ddfa448d4add2b49294bc458f45edacef40ce36c7a2d6c7 all runs: crashed: BUG: sleeping function called from invalid context in hook_sb_delete representative crash: BUG: sleeping function called from invalid context in hook_sb_delete, types: [ATOMIC_SLEEP] # git bisect bad c3c616c53dbabddf32a0485bd133d8d3b9f6656a Bisecting: 0 revisions left to test after this (roughly 0 steps) [2ef435a872abc347dc0a92f1c213bb0af3cbf195] fs: add might_sleep() annotation to iput() and more testing commit 2ef435a872abc347dc0a92f1c213bb0af3cbf195 gcc compiler: Debian clang version 20.1.8 (++20250708063551+0c9f909b7976-1~exp1~20250708183702.136), Debian LLD 20.1.8 kernel signature: b10953de25926a0b311f3a4c2adc171de9727f396cee64b76d8f1b67f49f0b06 all runs: crashed: BUG: sleeping function called from invalid context in hook_sb_delete representative crash: BUG: sleeping function called from invalid context in hook_sb_delete, types: [ATOMIC_SLEEP] # git bisect bad 2ef435a872abc347dc0a92f1c213bb0af3cbf195 2ef435a872abc347dc0a92f1c213bb0af3cbf195 is the first bad commit commit 2ef435a872abc347dc0a92f1c213bb0af3cbf195 Author: Max Kellermann Date: Wed Sep 17 17:36:31 2025 +0200 fs: add might_sleep() annotation to iput() and more When iput() drops the reference counter to zero, it may sleep via inode_wait_for_writeback(). This happens rarely because it's usually the dcache which evicts inodes, but really iput() should only ever be called in contexts where sleeping is allowed. This annotation allows finding buggy callers. Additionally, this patch annotates a few low-level functions that can call iput() conditionally. Cc: Mateusz Guzik Signed-off-by: Max Kellermann Link: https://lore.kernel.org/20250917153632.2228828-1-max.kellermann@ionos.com Reviewed-by: Jan Kara Signed-off-by: Christian Brauner fs/inode.c | 18 ++++++++++++++++++ 1 file changed, 18 insertions(+) accumulated error probability: 0.00 culprit signature: b10953de25926a0b311f3a4c2adc171de9727f396cee64b76d8f1b67f49f0b06 parent signature: e4b7142e3131f50154d1f0bfa3c0773c44307fbed4fea81ab7ee4c1ed106a67f revisions tested: 22, total time: 12h32m56.428621089s (build: 9h10m25.74861827s, test: 2h24m9.924808413s) first bad commit: 2ef435a872abc347dc0a92f1c213bb0af3cbf195 fs: add might_sleep() annotation to iput() and more recipients (to): ["brauner@kernel.org" "jack@suse.cz" "max.kellermann@ionos.com"] recipients (cc): [] crash: BUG: sleeping function called from invalid context in hook_sb_delete BUG: sleeping function called from invalid context at fs/inode.c:1928 in_atomic(): 1, irqs_disabled(): 0, non_block: 0, pid: 2421, name: syz-executor preempt_count: 1, expected: 0 RCU nest depth: 0, expected: 0 2 locks held by syz-executor/2421: #0: ffff88810eb240e0 (&type->s_umount_key#38){....}-{3:3}, at: __super_lock fs/super.c:57 [inline] #0: ffff88810eb240e0 (&type->s_umount_key#38){....}-{3:3}, at: __super_lock_excl fs/super.c:72 [inline] #0: ffff88810eb240e0 (&type->s_umount_key#38){....}-{3:3}, at: deactivate_super+0x33/0x40 fs/super.c:506 #1: ffff88810eb24998 (&s->s_inode_list_lock){....}-{2:2}, at: spin_lock include/linux/spinlock.h:351 [inline] #1: ffff88810eb24998 (&s->s_inode_list_lock){....}-{2:2}, at: hook_sb_delete+0x3e/0x310 security/landlock/fs.c:1279 Preemption disabled at: [<0000000000000000>] 0x0 CPU: 0 UID: 0 PID: 2421 Comm: syz-executor Not tainted syzkaller #0 PREEMPT(none) Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 Call Trace: dump_stack_lvl+0xa2/0xf0 lib/dump_stack.c:120 __might_resched+0x1bc/0x1e0 kernel/sched/core.c:8957 iput+0x1d/0x280 fs/inode.c:1928 hook_sb_delete+0x197/0x310 security/landlock/fs.c:1342 security_sb_delete+0x26/0x90 security/security.c:1428 generic_shutdown_super+0x49/0x110 fs/super.c:635 kill_anon_super+0x14/0xb0 fs/super.c:1282 deactivate_locked_super+0x36/0x150 fs/super.c:474 cleanup_mnt+0x7c/0x130 fs/namespace.c:1378 task_work_run+0x87/0xc0 kernel/task_work.c:227 resume_user_mode_work include/linux/resume_user_mode.h:50 [inline] exit_to_user_mode_loop+0xbf/0xd0 kernel/entry/common.c:43 exit_to_user_mode_prepare include/linux/irq-entry-common.h:225 [inline] syscall_exit_to_user_mode_work include/linux/entry-common.h:175 [inline] syscall_exit_to_user_mode include/linux/entry-common.h:210 [inline] do_syscall_64+0x181/0x250 arch/x86/entry/syscall_64.c:100 entry_SYSCALL_64_after_hwframe+0x77/0x7f RIP: 0033:0x7f83be5201f7 Code: a8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 a8 ff ff ff f7 d8 64 89 02 b8 RSP: 002b:00007ffef8abd3e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6 RAX: 0000000000000000 RBX: 00007f83be5a1d7d RCX: 00007f83be5201f7 RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffef8abd4a0 RBP: 00007ffef8abd4a0 R08: 0000000000000000 R09: 0000000000000000 R10: 00000000ffffffff R11: 0000000000000246 R12: 00007ffef8abe530 R13: 00007f83be5a1d7d R14: 000000000000f3c6 R15: 00007ffef8abe570 BUG: sleeping function called from invalid context at fs/inode.c:1928 in_atomic(): 1, irqs_disabled(): 0, non_block: 0, pid: 2421, name: syz-executor preempt_count: 1, expected: 0 RCU nest depth: 0, expected: 0 2 locks held by syz-executor/2421: #0: ffff88810132a0e0 (&type->s_umount_key#38){....}-{3:3}, at: __super_lock fs/super.c:57 [inline] #0: ffff88810132a0e0 (&type->s_umount_key#38){....}-{3:3}, at: __super_lock_excl fs/super.c:72 [inline] #0: ffff88810132a0e0 (&type->s_umount_key#38){....}-{3:3}, at: deactivate_super+0x33/0x40 fs/super.c:506 #1: ffff88810132a998 (&s->s_inode_list_lock){....}-{2:2}, at: spin_lock include/linux/spinlock.h:351 [inline] #1: ffff88810132a998 (&s->s_inode_list_lock){....}-{2:2}, at: hook_sb_delete+0x3e/0x310 security/landlock/fs.c:1279 Preemption disabled at: [<0000000000000000>] 0x0 CPU: 1 UID: 0 PID: 2421 Comm: syz-executor Tainted: G W syzkaller #0 PREEMPT(none) Tainted: [W]=WARN Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 Call Trace: dump_stack_lvl+0xa2/0xf0 lib/dump_stack.c:120 __might_resched+0x1bc/0x1e0 kernel/sched/core.c:8957 iput+0x1d/0x280 fs/inode.c:1928 hook_sb_delete+0x197/0x310 security/landlock/fs.c:1342 security_sb_delete+0x26/0x90 security/security.c:1428 generic_shutdown_super+0x49/0x110 fs/super.c:635 kill_anon_super+0x14/0xb0 fs/super.c:1282 deactivate_locked_super+0x36/0x150 fs/super.c:474 cleanup_mnt+0x7c/0x130 fs/namespace.c:1378 task_work_run+0x87/0xc0 kernel/task_work.c:227 resume_user_mode_work include/linux/resume_user_mode.h:50 [inline] exit_to_user_mode_loop+0xbf/0xd0 kernel/entry/common.c:43 exit_to_user_mode_prepare include/linux/irq-entry-common.h:225 [inline] syscall_exit_to_user_mode_work include/linux/entry-common.h:175 [inline] syscall_exit_to_user_mode include/linux/entry-common.h:210 [inline] do_syscall_64+0x181/0x250 arch/x86/entry/syscall_64.c:100 entry_SYSCALL_64_after_hwframe+0x77/0x7f RIP: 0033:0x7f83be5201f7 Code: a8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 a8 ff ff ff f7 d8 64 89 02 b8 RSP: 002b:00007ffef8abd3e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6 RAX: 0000000000000000 RBX: 00007f83be5a1d7d RCX: 00007f83be5201f7 RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffef8abd4a0 RBP: 00007ffef8abd4a0 R08: 0000000000000000 R09: 0000000000000000 R10: 00000000ffffffff R11: 0000000000000246 R12: 00007ffef8abe530 R13: 00007f83be5a1d7d R14: 000000000000f7c7 R15: 00007ffef8abe570 BUG: sleeping function called from invalid context at fs/inode.c:1928 in_atomic(): 1, irqs_disabled(): 0, non_block: 0, pid: 2421, name: syz-executor preempt_count: 1, expected: 0 RCU nest depth: 0, expected: 0 2 locks held by syz-executor/2421: #0: ffff88810e3c50e0 (&type->s_umount_key#38){....}-{3:3}, at: __super_lock fs/super.c:57 [inline] #0: ffff88810e3c50e0 (&type->s_umount_key#38){....}-{3:3}, at: __super_lock_excl fs/super.c:72 [inline] #0: ffff88810e3c50e0 (&type->s_umount_key#38){....}-{3:3}, at: deactivate_super+0x33/0x40 fs/super.c:506 #1: ffff88810e3c5998 (&s->s_inode_list_lock){....}-{2:2}, at: spin_lock include/linux/spinlock.h:351 [inline] #1: ffff88810e3c5998 (&s->s_inode_list_lock){....}-{2:2}, at: hook_sb_delete+0x3e/0x310 security/landlock/fs.c:1279 Preemption disabled at: [<0000000000000000>] 0x0 CPU: 0 UID: 0 PID: 2421 Comm: syz-executor Tainted: G W syzkaller #0 PREEMPT(none) Tainted: [W]=WARN Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 Call Trace: dump_stack_lvl+0xa2/0xf0 lib/dump_stack.c:120 __might_resched+0x1bc/0x1e0 kernel/sched/core.c:8957 iput+0x1d/0x280 fs/inode.c:1928 hook_sb_delete+0x197/0x310 security/landlock/fs.c:1342 security_sb_delete+0x26/0x90 security/security.c:1428 generic_shutdown_super+0x49/0x110 fs/super.c:635 kill_anon_super+0x14/0xb0 fs/super.c:1282 deactivate_locked_super+0x36/0x150 fs/super.c:474 cleanup_mnt+0x7c/0x130 fs/namespace.c:1378 task_work_run+0x87/0xc0 kernel/task_work.c:227 resume_user_mode_work include/linux/resume_user_mode.h:50 [inline] exit_to_user_mode_loop+0xbf/0xd0 kernel/entry/common.c:43 exit_to_user_mode_prepare include/linux/irq-entry-common.h:225 [inline] syscall_exit_to_user_mode_work include/linux/entry-common.h:175 [inline] syscall_exit_to_user_mode include/linux/entry-common.h:210 [inline] do_syscall_64+0x181/0x250 arch/x86/entry/syscall_64.c:100 entry_SYSCALL_64_after_hwframe+0x77/0x7f RIP: 0033:0x7f83be5201f7 Code: a8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 a8 ff ff ff f7 d8 64 89 02 b8 RSP: 002b:00007ffef8abd3e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6 RAX: 0000000000000000 RBX: 00007f83be5a1d7d RCX: 00007f83be5201f7 RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffef8abd4a0 RBP: 00007ffef8abd4a0 R08: 0000000000000000 R09: 0000000000000000 R10: 00000000ffffffff R11: 0000000000000246 R12: 00007ffef8abe530 R13: 00007f83be5a1d7d R14: 000000000000fbcc R15: 00007ffef8abe570 BUG: sleeping function called from invalid context at fs/inode.c:1928 in_atomic(): 1, irqs_disabled(): 0, non_block: 0, pid: 2421, name: syz-executor preempt_count: 1, expected: 0 RCU nest depth: 0, expected: 0 2 locks held by syz-executor/2421: #0: ffff88810e3c70e0 (&type->s_umount_key#38){....}-{3:3}, at: __super_lock fs/super.c:57 [inline] #0: ffff88810e3c70e0 (&type->s_umount_key#38){....}-{3:3}, at: __super_lock_excl fs/super.c:72 [inline] #0: ffff88810e3c70e0 (&type->s_umount_key#38){....}-{3:3}, at: deactivate_super+0x33/0x40 fs/super.c:506 #1: ffff88810e3c7998 (&s->s_inode_list_lock){....}-{2:2}, at: spin_lock include/linux/spinlock.h:351 [inline] #1: ffff88810e3c7998 (&s->s_inode_list_lock){....}-{2:2}, at: hook_sb_delete+0x3e/0x310 security/landlock/fs.c:1279 Preemption disabled at: [<0000000000000000>] 0x0 CPU: 1 UID: 0 PID: 2421 Comm: syz-executor Tainted: G W syzkaller #0 PREEMPT(none) Tainted: [W]=WARN Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 Call Trace: dump_stack_lvl+0xa2/0xf0 lib/dump_stack.c:120 __might_resched+0x1bc/0x1e0 kernel/sched/core.c:8957 iput+0x1d/0x280 fs/inode.c:1928 hook_sb_delete+0x197/0x310 security/landlock/fs.c:1342 security_sb_delete+0x26/0x90 security/security.c:1428 generic_shutdown_super+0x49/0x110 fs/super.c:635 kill_anon_super+0x14/0xb0 fs/super.c:1282 deactivate_locked_super+0x36/0x150 fs/super.c:474 cleanup_mnt+0x7c/0x130 fs/namespace.c:1378 task_work_run+0x87/0xc0 kernel/task_work.c:227 resume_user_mode_work include/linux/resume_user_mode.h:50 [inline] exit_to_user_mode_loop+0xbf/0xd0 kernel/entry/common.c:43 exit_to_user_mode_prepare include/linux/irq-entry-common.h:225 [inline] syscall_exit_to_user_mode_work include/linux/entry-common.h:175 [inline] syscall_exit_to_user_mode include/linux/entry-common.h:210 [inline] do_syscall_64+0x181/0x250 arch/x86/entry/syscall_64.c:100 entry_SYSCALL_64_after_hwframe+0x77/0x7f RIP: 0033:0x7f83be5201f7 Code: a8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 a8 ff ff ff f7 d8 64 89 02 b8 RSP: 002b:00007ffef8abd3e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6 RAX: 0000000000000000 RBX: 00007f83be5a1d7d RCX: 00007f83be5201f7 RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffef8abd4a0 RBP: 00007ffef8abd4a0 R08: 0000000000000000 R09: 0000000000000000 R10: 00000000ffffffff R11: 0000000000000246 R12: 00007ffef8abe530 R13: 00007f83be5a1d7d R14: 000000000000ffc9 R15: 00007ffef8abe570 BUG: sleeping function called from invalid context at fs/inode.c:1928 in_atomic(): 1, irqs_disabled(): 0, non_block: 0, pid: 2421, name: syz-executor preempt_count: 1, expected: 0 RCU nest depth: 0, expected: 0 2 locks held by syz-executor/2421: #0: ffff88810132d0e0 (&type->s_umount_key#38){....}-{3:3}, at: __super_lock fs/super.c:57 [inline] #0: ffff88810132d0e0 (&type->s_umount_key#38){....}-{3:3}, at: __super_lock_excl fs/super.c:72 [inline] #0: ffff88810132d0e0 (&type->s_umount_key#38){....}-{3:3}, at: deactivate_super+0x33/0x40 fs/super.c:506 #1: ffff88810132d998 (&s->s_inode_list_lock){....}-{2:2}, at: spin_lock include/linux/spinlock.h:351 [inline] #1: ffff88810132d998 (&s->s_inode_list_lock){....}-{2:2}, at: hook_sb_delete+0x3e/0x310 security/landlock/fs.c:1279 Preemption disabled at: [<0000000000000000>] 0x0 CPU: 1 UID: 0 PID: 2421 Comm: syz-executor Tainted: G W syzkaller #0 PREEMPT(none) Tainted: [W]=WARN Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 Call Trace: dump_stack_lvl+0xa2/0xf0 lib/dump_stack.c:120 __might_resched+0x1bc/0x1e0 kernel/sched/core.c:8957 iput+0x1d/0x280 fs/inode.c:1928 hook_sb_delete+0x197/0x310 security/landlock/fs.c:1342 security_sb_delete+0x26/0x90 security/security.c:1428 generic_shutdown_super+0x49/0x110 fs/super.c:635 kill_anon_super+0x14/0xb0 fs/super.c:1282 deactivate_locked_super+0x36/0x150 fs/super.c:474 cleanup_mnt+0x7c/0x130 fs/namespace.c:1378 task_work_run+0x87/0xc0 kernel/task_work.c:227 resume_user_mode_work include/linux/resume_user_mode.h:50 [inline] exit_to_user_mode_loop+0xbf/0xd0 kernel/entry/common.c:43 exit_to_user_mode_prepare include/linux/irq-entry-common.h:225 [inline] syscall_exit_to_user_mode_work include/linux/entry-common.h:175 [inline] syscall_exit_to_user_mode include/linux/entry-common.h:210 [inline] do_syscall_64+0x181/0x250 arch/x86/entry/syscall_64.c:100 entry_SYSCALL_64_after_hwframe+0x77/0x7f RIP: 0033:0x7f83be5201f7 Code: a8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 a8 ff ff ff f7 d8 64 89 02 b8 RSP: 002b:00007ffef8abd3e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6 RAX: 0000000000000000 RBX: 00007f83be5a1d7d RCX: 00007f83be5201f7 RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffef8abd4a0 RBP: 00007ffef8abd4a0 R08: 0000000000000000 R09: 0000000000000000 R10: 00000000ffffffff R11: 0000000000000246 R12: 00007ffef8abe530 R13: 00007f83be5a1d7d R14: 00000000000103cf R15: 00007ffef8abe570 BUG: sleeping function called from invalid context at fs/inode.c:1928 in_atomic(): 1, irqs_disabled(): 0, non_block: 0, pid: 2421, name: syz-executor preempt_count: 1, expected: 0 RCU nest depth: 0, expected: 0 2 locks held by syz-executor/2421: #0: ffff88810132a0e0 (&type->s_umount_key#38){....}-{3:3}, at: __super_lock fs/super.c:57 [inline] #0: ffff88810132a0e0 (&type->s_umount_key#38){....}-{3:3}, at: __super_lock_excl fs/super.c:72 [inline] #0: ffff88810132a0e0 (&type->s_umount_key#38){....}-{3:3}, at: deactivate_super+0x33/0x40 fs/super.c:506 #1: ffff88810132a998 (&s->s_inode_list_lock){....}-{2:2}, at: spin_lock include/linux/spinlock.h:351 [inline] #1: ffff88810132a998 (&s->s_inode_list_lock){....}-{2:2}, at: hook_sb_delete+0x3e/0x310 security/landlock/fs.c:1279 Preemption disabled at: [<0000000000000000>] 0x0 CPU: 1 UID: 0 PID: 2421 Comm: syz-executor Tainted: G W syzkaller #0 PREEMPT(none) Tainted: [W]=WARN Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 Call Trace: dump_stack_lvl+0xa2/0xf0 lib/dump_stack.c:120 __might_resched+0x1bc/0x1e0 kernel/sched/core.c:8957 iput+0x1d/0x280 fs/inode.c:1928 hook_sb_delete+0x197/0x310 security/landlock/fs.c:1342 security_sb_delete+0x26/0x90 security/security.c:1428 generic_shutdown_super+0x49/0x110 fs/super.c:635 kill_anon_super+0x14/0xb0 fs/super.c:1282 deactivate_locked_super+0x36/0x150 fs/super.c:474 cleanup_mnt+0x7c/0x130 fs/namespace.c:1378 task_work_run+0x87/0xc0 kernel/task_work.c:227 resume_user_mode_work include/linux/resume_user_mode.h:50 [inline] exit_to_user_mode_loop+0xbf/0xd0 kernel/entry/common.c:43 exit_to_user_mode_prepare include/linux/irq-entry-common.h:225 [inline] syscall_exit_to_user_mode_work include/linux/entry-common.h:175 [inline] syscall_exit_to_user_mode include/linux/entry-common.h:210 [inline] do_syscall_64+0x181/0x250 arch/x86/entry/syscall_64.c:100 entry_SYSCALL_64_after_hwframe+0x77/0x7f RIP: 0033:0x7f83be5201f7 Code: a8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 a8 ff ff ff f7 d8 64 89 02 b8 RSP: 002b:00007ffef8abd3e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6 RAX: 0000000000000000 RBX: 00007f83be5a1d7d RCX: 00007f83be5201f7 RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffef8abd4a0 RBP: 00007ffef8abd4a0 R08: 0000000000000000 R09: 0000000000000000 R10: 00000000ffffffff R11: 0000000000000246 R12: 00007ffef8abe530 R13: 00007f83be5a1d7d R14: 00000000000107cb R15: 00007ffef8abe570 BUG: sleeping function called from invalid context at fs/inode.c:1928 in_atomic(): 1, irqs_disabled(): 0, non_block: 0, pid: 2421, name: syz-executor preempt_count: 1, expected: 0 RCU nest depth: 0, expected: 0 2 locks held by syz-executor/2421: #0: ffff88810e3c40e0 (&type->s_umount_key#38){....}-{3:3}, at: __super_lock fs/super.c:57 [inline] #0: ffff88810e3c40e0 (&type->s_umount_key#38){....}-{3:3}, at: __super_lock_excl fs/super.c:72 [inline] #0: ffff88810e3c40e0 (&type->s_umount_key#38){....}-{3:3}, at: deactivate_super+0x33/0x40 fs/super.c:506 #1: ffff88810e3c4998 (&s->s_inode_list_lock){....}-{2:2}, at: spin_lock include/linux/spinlock.h:351 [inline] #1: ffff88810e3c4998 (&s->s_inode_list_lock){....}-{2:2}, at: hook_sb_delete+0x3e/0x310 security/landlock/fs.c:1279 Preemption disabled at: [<0000000000000000>] 0x0 CPU: 0 UID: 0 PID: 2421 Comm: syz-executor Tainted: G W syzkaller #0 PREEMPT(none) Tainted: [W]=WARN Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 Call Trace: dump_stack_lvl+0xa2/0xf0 lib/dump_stack.c:120 __might_resched+0x1bc/0x1e0 kernel/sched/core.c:8957 iput+0x1d/0x280 fs/inode.c:1928 hook_sb_delete+0x197/0x310 security/landlock/fs.c:1342 security_sb_delete+0x26/0x90 security/security.c:1428 generic_shutdown_super+0x49/0x110 fs/super.c:635 kill_anon_super+0x14/0xb0 fs/super.c:1282 deactivate_locked_super+0x36/0x150 fs/super.c:474 cleanup_mnt+0x7c/0x130 fs/namespace.c:1378 task_work_run+0x87/0xc0 kernel/task_work.c:227 resume_user_mode_work include/linux/resume_user_mode.h:50 [inline] exit_to_user_mode_loop+0xbf/0xd0 kernel/entry/common.c:43 exit_to_user_mode_prepare include/linux/irq-entry-common.h:225 [inline] syscall_exit_to_user_mode_work include/linux/entry-common.h:175 [inline] syscall_exit_to_user_mode include/linux/entry-common.h:210 [inline] do_syscall_64+0x181/0x250 arch/x86/entry/syscall_64.c:100 entry_SYSCALL_64_after_hwframe+0x77/0x7f RIP: 0033:0x7f83be5201f7 Code: a8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 a8 ff ff ff f7 d8 64 89 02 b8 RSP: 002b:00007ffef8abd3e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6 RAX: 0000000000000000 RBX: 00007f83be5a1d7d RCX: 00007f83be5201f7 RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffef8abd4a0 RBP: 00007ffef8abd4a0 R08: 0000000000000000 R09: 0000000000000000 R10: 00000000ffffffff R11: 0000000000000246 R12: 00007ffef8abe530 R13: 00007f83be5a1d7d R14: 0000000000010bbd R15: 00007ffef8abe570 BUG: sleeping function called from invalid context at fs/inode.c:1928 in_atomic(): 1, irqs_disabled(): 0, non_block: 0, pid: 2421, name: syz-executor preempt_count: 1, expected: 0 RCU nest depth: 0, expected: 0 2 locks held by syz-executor/2421: #0: ffff88810132d0e0 (&type->s_umount_key#38){....}-{3:3}, at: __super_lock fs/super.c:57 [inline] #0: ffff88810132d0e0 (&type->s_umount_key#38){....}-{3:3}, at: __super_lock_excl fs/super.c:72 [inline] #0: ffff88810132d0e0 (&type->s_umount_key#38){....}-{3:3}, at: deactivate_super+0x33/0x40 fs/super.c:506 #1: ffff88810132d998 (&s->s_inode_list_lock){....}-{2:2}, at: spin_lock include/linux/spinlock.h:351 [inline] #1: ffff88810132d998 (&s->s_inode_list_lock){....}-{2:2}, at: hook_sb_delete+0x3e/0x310 security/landlock/fs.c:1279 Preemption disabled at: [<0000000000000000>] 0x0 CPU: 1 UID: 0 PID: 2421 Comm: syz-executor Tainted: G W syzkaller #0 PREEMPT(none) Tainted: [W]=WARN Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 Call Trace: dump_stack_lvl+0xa2/0xf0 lib/dump_stack.c:120 __might_resched+0x1bc/0x1e0 kernel/sched/core.c:8957 iput+0x1d/0x280 fs/inode.c:1928 hook_sb_delete+0x197/0x310 security/landlock/fs.c:1342 security_sb_delete+0x26/0x90 security/security.c:1428 generic_shutdown_super+0x49/0x110 fs/super.c:635 kill_anon_super+0x14/0xb0 fs/super.c:1282 deactivate_locked_super+0x36/0x150 fs/super.c:474 cleanup_mnt+0x7c/0x130 fs/namespace.c:1378 task_work_run+0x87/0xc0 kernel/task_work.c:227 resume_user_mode_work include/linux/resume_user_mode.h:50 [inline] exit_to_user_mode_loop+0xbf/0xd0 kernel/entry/common.c:43 exit_to_user_mode_prepare include/linux/irq-entry-common.h:225 [inline] syscall_exit_to_user_mode_work include/linux/entry-common.h:175 [inline] syscall_exit_to_user_mode include/linux/entry-common.h:210 [inline] do_syscall_64+0x181/0x250 arch/x86/entry/syscall_64.c:100 entry_SYSCALL_64_after_hwframe+0x77/0x7f RIP: 0033:0x7f83be5201f7 Code: a8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 a8 ff ff ff f7 d8 64 89 02 b8 RSP: 002b:00007ffef8abd3e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6 RAX: 0000000000000000 RBX: 00007f83be5a1d7d RCX: 00007f83be5201f7 RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffef8abd4a0 RBP: 00007ffef8abd4a0 R08: 0000000000000000 R09: 0000000000000000 R10: 00000000ffffffff R11: 0000000000000246 R12: 00007ffef8abe530 R13: 00007f83be5a1d7d R14: 0000000000010faf R15: 00007ffef8abe570 BUG: sleeping function called from invalid context at fs/inode.c:1928 in_atomic(): 1, irqs_disabled(): 0, non_block: 0, pid: 2421, name: syz-executor preempt_count: 1, expected: 0 RCU nest depth: 0, expected: 0 2 locks held by syz-executor/2421: #0: ffff8881013280e0 (&type->s_umount_key#38){....}-{3:3}, at: __super_lock fs/super.c:57 [inline] #0: ffff8881013280e0 (&type->s_umount_key#38){....}-{3:3}, at: __super_lock_excl fs/super.c:72 [inline] #0: ffff8881013280e0 (&type->s_umount_key#38){....}-{3:3}, at: deactivate_super+0x33/0x40 fs/super.c:506 #1: ffff888101328998 (&s->s_inode_list_lock){....}-{2:2}, at: spin_lock include/linux/spinlock.h:351 [inline] #1: ffff888101328998 (&s->s_inode_list_lock){....}-{2:2}, at: hook_sb_delete+0x3e/0x310 security/landlock/fs.c:1279 Preemption disabled at: [<0000000000000000>] 0x0 CPU: 0 UID: 0 PID: 2421 Comm: syz-executor Tainted: G W syzkaller #0 PREEMPT(none) Tainted: [W]=WARN Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 Call Trace: dump_stack_lvl+0xa2/0xf0 lib/dump_stack.c:120 __might_resched+0x1bc/0x1e0 kernel/sched/core.c:8957 iput+0x1d/0x280 fs/inode.c:1928 hook_sb_delete+0x197/0x310 security/landlock/fs.c:1342 security_sb_delete+0x26/0x90 security/security.c:1428 generic_shutdown_super+0x49/0x110 fs/super.c:635 kill_anon_super+0x14/0xb0 fs/super.c:1282 deactivate_locked_super+0x36/0x150 fs/super.c:474 cleanup_mnt+0x7c/0x130 fs/namespace.c:1378 task_work_run+0x87/0xc0 kernel/task_work.c:227 resume_user_mode_work include/linux/resume_user_mode.h:50 [inline] exit_to_user_mode_loop+0xbf/0xd0 kernel/entry/common.c:43 exit_to_user_mode_prepare include/linux/irq-entry-common.h:225 [inline] syscall_exit_to_user_mode_work include/linux/entry-common.h:175 [inline] syscall_exit_to_user_mode include/linux/entry-common.h:210 [inline] do_syscall_64+0x181/0x250 arch/x86/entry/syscall_64.c:100 entry_SYSCALL_64_after_hwframe+0x77/0x7f RIP: 0033:0x7f83be5201f7 Code: a8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 a8 ff ff ff f7 d8 64 89 02 b8 RSP: 002b:00007ffef8abd3e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6 RAX: 0000000000000000 RBX: 00007f83be5a1d7d RCX: 00007f83be5201f7 RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffef8abd4a0 RBP: 00007ffef8abd4a0 R08: 0000000000000000 R09: 0000000000000000 R10: 00000000ffffffff R11: 0000000000000246 R12: 00007ffef8abe530 R13: 00007f83be5a1d7d R14: 00000000000113b5 R15: 00007ffef8abe570 BUG: sleeping function called from invalid context at fs/inode.c:1928 in_atomic(): 1, irqs_disabled(): 0, non_block: 0, pid: 2421, name: syz-executor preempt_count: 1, expected: 0 RCU nest depth: 0, expected: 0 2 locks held by syz-executor/2421: #0: ffff8881013290e0 (&type->s_umount_key#38){....}-{3:3}, at: __super_lock fs/super.c:57 [inline] #0: ffff8881013290e0 (&type->s_umount_key#38){....}-{3:3}, at: __super_lock_excl fs/super.c:72 [inline] #0: ffff8881013290e0 (&type->s_umount_key#38){....}-{3:3}, at: deactivate_super+0x33/0x40 fs/super.c:506 #1: ffff888101329998 (&s->s_inode_list_lock){....}-{2:2}, at: spin_lock include/linux/spinlock.h:351 [inline] #1: ffff888101329998 (&s->s_inode_list_lock){....}-{2:2}, at: hook_sb_delete+0x3e/0x310 security/landlock/fs.c:1279 Preemption disabled at: [<0000000000000000>] 0x0 CPU: 1 UID: 0 PID: 2421 Comm: syz-executor Tainted: G W syzkaller #0 PREEMPT(none) Tainted: [W]=WARN Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 Call Trace: dump_stack_lvl+0xa2/0xf0 lib/dump_stack.c:120 __might_resched+0x1bc/0x1e0 kernel/sched/core.c:8957 iput+0x1d/0x280 fs/inode.c:1928 hook_sb_delete+0x197/0x310 security/landlock/fs.c:1342 security_sb_delete+0x26/0x90 security/security.c:1428 generic_shutdown_super+0x49/0x110 fs/super.c:635 kill_anon_super+0x14/0xb0 fs/super.c:1282 deactivate_locked_super+0x36/0x150 fs/super.c:474 cleanup_mnt+0x7c/0x130 fs/namespace.c:1378 task_work_run+0x87/0xc0 kernel/task_work.c:227 resume_user_mode_work include/linux/resume_user_mode.h:50 [inline] exit_to_user_mode_loop+0xbf/0xd0 kernel/entry/common.c:43 exit_to_user_mode_prepare include/linux/irq-entry-common.h:225 [inline] syscall_exit_to_user_mode_work include/linux/entry-common.h:175 [inline] syscall_exit_to_user_mode include/linux/entry-common.h:210 [inline] do_syscall_64+0x181/0x250 arch/x86/entry/syscall_64.c:100 entry_SYSCALL_64_after_hwframe+0x77/0x7f RIP: 0033:0x7f83be5201f7 Code: a8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 a8 ff ff ff f7 d8 64 89 02 b8 RSP: 002b:00007ffef8abd3e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6 RAX: 0000000000000000 RBX: 00007f83be5a1d7d RCX: 00007f83be5201f7 RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffef8abd4a0 RBP: 00007ffef8abd4a0 R08: 0000000000000000 R09: 0000000000000000 R10: 00000000ffffffff R11: 0000000000000246 R12: 00007ffef8abe530 R13: 00007f83be5a1d7d R14: 00000000000117b1 R15: 00007ffef8abe570