Re: [syzbot] [gfs2?] WARNING in filename_mkdirat

From: NeilBrown

Date: Tue Feb 17 2026 - 17:19:34 EST

On Tue, 17 Feb 2026, NeilBrown wrote:
> On Tue, 17 Feb 2026, Christian Brauner wrote:
> > On Mon, Feb 16, 2026 at 04:30:27PM -0800, syzbot wrote:
> > > Hello,
> > >
> > > syzbot found the following issue on:
> > >
> > > HEAD commit: 0f2acd3148e0 Merge tag 'm68knommu-for-v7.0' of git://git.k..
> > > git tree: upstream
> > > console output: https://syzkaller.appspot.com/x/log.txt?x=15331c02580000
> > > kernel config: https://syzkaller.appspot.com/x/.config?x=ac00553de86d6bf0
> > > dashboard link: https://syzkaller.appspot.com/bug?extid=0ea5108a1f5fb4fcc2d8
> > > compiler: Debian clang version 21.1.8 (++20251221033036+2078da43e25a-1~exp1~20251221153213.50), Debian LLD 21.1.8
> > > syz repro: https://syzkaller.appspot.com/x/repro.syz?x=146b295a580000
> > >
> > > Downloadable assets:
> > > disk image (non-bootable): https://storage.googleapis.com/syzbot-assets/d900f083ada3/non_bootable_disk-0f2acd31.raw.xz
> > > vmlinux: https://storage.googleapis.com/syzbot-assets/b7d134e71e9c/vmlinux-0f2acd31.xz
> > > kernel image: https://storage.googleapis.com/syzbot-assets/b18643058ceb/bzImage-0f2acd31.xz
> > > mounted in repro: https://storage.googleapis.com/syzbot-assets/bbfed09077d3/mount_1.gz
> > > fsck result: OK (log: https://syzkaller.appspot.com/x/fsck.log?x=106b295a580000)
> > >
> > > IMPORTANT: if you fix the issue, please add the following tag to the commit:
> > > Reported-by: syzbot+0ea5108a1f5fb4fcc2d8@xxxxxxxxxxxxxxxxxxxxxxxxx
> >
> > Neil, is this something you have time to look into?
>
> The reproducer appears to mount a gfs2 filesystem and mkdir 3
> directories:
> ./file1
> ./file1/file4
> ./file1/file4/file7
>
> and somewhere in there it crashes because vfs_mkdir() returns a
> non-error dentry for which ->d_parent->d_inode is not locked and
> end_creating_path() tries to up_write().
>
> Presumably either ->d_parent has changed or the inode was unlocked?
>
> gfs2_mkdir() never returns a dentry, so it must be returning NULL.
>
> It's weird - but that is no surprise.
>
> I'll try building a kernel myself and see if the reproducer still fires.
> if so some printk tracing my reveal something.

Unfortunately that didn't work out.
Using the provided vmlinux and root image and repro, and a syzkaller I
compiled from current git, I cannot trigger the crash.

I'll have another look at the code but I don't hold out a lot of hope.

NeilBrown