[v6.1] possible deadlock in lockref_get
0 views
Skip to first unread message
syzbot
8:45 AM (14 hours ago) 8:45 AM
to syzkaller...@googlegroups.com
Hello,
syzbot found the following issue on:
HEAD commit: c2fda4b3f577 Linux 6.1.156
git tree: linux-6.1.y
console output: https://syzkaller.appspot.com/x/log.txt?x=15bffb34580000
kernel config: https://syzkaller.appspot.com/x/.config?x=68aa5a3af1cb953a
dashboard link: https://syzkaller.appspot.com/bug?extid=91c2f1e296e2b870ab2f
compiler: Debian clang version 20.1.8 (++20250708063551+0c9f909b7976-1~exp1~20250708183702.136), Debian LLD 20.1.8
userspace arch: arm64
Unfortunately, I don't have any reproducer for this issue yet.
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/d8907607c809/disk-c2fda4b3.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/005117d6d256/vmlinux-c2fda4b3.xz
kernel image: https://storage.googleapis.com/syzbot-assets/56e478409d48/Image-c2fda4b3.gz.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+91c2f1...@syzkaller.appspotmail.com
============================================
WARNING: possible recursive locking detected
syzkaller #0 Not tainted
--------------------------------------------
kworker/0:1H/51 is trying to acquire lock:
ffff0000d7f0daa0 (&gl->gl_lockref.lock){+.+.}-{2:2}, at: spin_lock include/linux/spinlock.h:351 [inline]
ffff0000d7f0daa0 (&gl->gl_lockref.lock){+.+.}-{2:2}, at: lockref_get+0x20/0x78 lib/lockref.c:50
but task is already holding lock:
ffff0000d7f0daa0 (&gl->gl_lockref.lock){+.+.}-{2:2}, at: spin_lock include/linux/spinlock.h:351 [inline]
ffff0000d7f0daa0 (&gl->gl_lockref.lock){+.+.}-{2:2}, at: glock_work_func+0x98/0x428 fs/gfs2/glock.c:1074
other info that might help us debug this:
Possible unsafe locking scenario:
CPU0
----
lock(&gl->gl_lockref.lock);
lock(&gl->gl_lockref.lock);
*** DEADLOCK ***
May be due to missing lock nesting notation
3 locks held by kworker/0:1H/51:
#0: ffff0000c758d138 ((wq_completion)glock_workqueue){+.+.}-{0:0}, at: process_one_work+0x6b4/0x13a8 kernel/workqueue.c:2265
#1: ffff80001ce47c20 ((work_completion)(&(&gl->gl_work)->work)){+.+.}-{0:0}, at: process_one_work+0x6f8/0x13a8 kernel/workqueue.c:2267
#2: ffff0000d7f0daa0 (&gl->gl_lockref.lock){+.+.}-{2:2}, at: spin_lock include/linux/spinlock.h:351 [inline]
#2: ffff0000d7f0daa0 (&gl->gl_lockref.lock){+.+.}-{2:2}, at: glock_work_func+0x98/0x428 fs/gfs2/glock.c:1074
stack backtrace:
CPU: 0 PID: 51 Comm: kworker/0:1H Not tainted syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/30/2025
Workqueue: glock_workqueue glock_work_func
Call trace:
dump_backtrace+0x1c8/0x1f4 arch/arm64/kernel/stacktrace.c:158
show_stack+0x2c/0x3c arch/arm64/kernel/stacktrace.c:165
__dump_stack+0x30/0x40 lib/dump_stack.c:88
dump_stack_lvl+0xf8/0x160 lib/dump_stack.c:106
dump_stack+0x1c/0x5c lib/dump_stack.c:113
__lock_acquire+0x18b4/0x6544 kernel/locking/lockdep.c:-1
lock_acquire+0x20c/0x644 kernel/locking/lockdep.c:5662
__raw_spin_lock include/linux/spinlock_api_smp.h:133 [inline]
_raw_spin_lock+0x54/0x6c kernel/locking/spinlock.c:154
spin_lock include/linux/spinlock.h:351 [inline]
lockref_get+0x20/0x78 lib/lockref.c:50
gfs2_glock_hold fs/gfs2/glock.c:192 [inline]
do_xmote+0x4d8/0x1198 fs/gfs2/glock.c:806
run_queue+0x458/0x690 fs/gfs2/glock.c:918
glock_work_func+0x1fc/0x428 fs/gfs2/glock.c:1089
process_one_work+0x7f4/0x13a8 kernel/workqueue.c:2292
worker_thread+0x8c8/0xfbc kernel/workqueue.c:2439
kthread+0x250/0x2d8 kernel/kthread.c:376
ret_from_fork+0x10/0x20 arch/arm64/kernel/entry.S:850
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
If the report is already addressed, let syzbot know by replying with:
#syz fix: exact-commit-title
If you want to overwrite report's subsystems, reply with:
#syz set subsystems: new-subsystem
(See the list of subsystem names on the web dashboard)
If the report is a duplicate of another one, reply with:
#syz dup: exact-subject-of-another-report
If you want to undo deduplication, reply with:
#syz undup
syzbot found the following issue on:
HEAD commit: c2fda4b3f577 Linux 6.1.156
git tree: linux-6.1.y
console output: https://syzkaller.appspot.com/x/log.txt?x=15bffb34580000
kernel config: https://syzkaller.appspot.com/x/.config?x=68aa5a3af1cb953a
dashboard link: https://syzkaller.appspot.com/bug?extid=91c2f1e296e2b870ab2f
compiler: Debian clang version 20.1.8 (++20250708063551+0c9f909b7976-1~exp1~20250708183702.136), Debian LLD 20.1.8
userspace arch: arm64
Unfortunately, I don't have any reproducer for this issue yet.
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/d8907607c809/disk-c2fda4b3.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/005117d6d256/vmlinux-c2fda4b3.xz
kernel image: https://storage.googleapis.com/syzbot-assets/56e478409d48/Image-c2fda4b3.gz.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+91c2f1...@syzkaller.appspotmail.com
============================================
WARNING: possible recursive locking detected
syzkaller #0 Not tainted
--------------------------------------------
kworker/0:1H/51 is trying to acquire lock:
ffff0000d7f0daa0 (&gl->gl_lockref.lock){+.+.}-{2:2}, at: spin_lock include/linux/spinlock.h:351 [inline]
ffff0000d7f0daa0 (&gl->gl_lockref.lock){+.+.}-{2:2}, at: lockref_get+0x20/0x78 lib/lockref.c:50
but task is already holding lock:
ffff0000d7f0daa0 (&gl->gl_lockref.lock){+.+.}-{2:2}, at: spin_lock include/linux/spinlock.h:351 [inline]
ffff0000d7f0daa0 (&gl->gl_lockref.lock){+.+.}-{2:2}, at: glock_work_func+0x98/0x428 fs/gfs2/glock.c:1074
other info that might help us debug this:
Possible unsafe locking scenario:
CPU0
----
lock(&gl->gl_lockref.lock);
lock(&gl->gl_lockref.lock);
*** DEADLOCK ***
May be due to missing lock nesting notation
3 locks held by kworker/0:1H/51:
#0: ffff0000c758d138 ((wq_completion)glock_workqueue){+.+.}-{0:0}, at: process_one_work+0x6b4/0x13a8 kernel/workqueue.c:2265
#1: ffff80001ce47c20 ((work_completion)(&(&gl->gl_work)->work)){+.+.}-{0:0}, at: process_one_work+0x6f8/0x13a8 kernel/workqueue.c:2267
#2: ffff0000d7f0daa0 (&gl->gl_lockref.lock){+.+.}-{2:2}, at: spin_lock include/linux/spinlock.h:351 [inline]
#2: ffff0000d7f0daa0 (&gl->gl_lockref.lock){+.+.}-{2:2}, at: glock_work_func+0x98/0x428 fs/gfs2/glock.c:1074
stack backtrace:
CPU: 0 PID: 51 Comm: kworker/0:1H Not tainted syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/30/2025
Workqueue: glock_workqueue glock_work_func
Call trace:
dump_backtrace+0x1c8/0x1f4 arch/arm64/kernel/stacktrace.c:158
show_stack+0x2c/0x3c arch/arm64/kernel/stacktrace.c:165
__dump_stack+0x30/0x40 lib/dump_stack.c:88
dump_stack_lvl+0xf8/0x160 lib/dump_stack.c:106
dump_stack+0x1c/0x5c lib/dump_stack.c:113
__lock_acquire+0x18b4/0x6544 kernel/locking/lockdep.c:-1
lock_acquire+0x20c/0x644 kernel/locking/lockdep.c:5662
__raw_spin_lock include/linux/spinlock_api_smp.h:133 [inline]
_raw_spin_lock+0x54/0x6c kernel/locking/spinlock.c:154
spin_lock include/linux/spinlock.h:351 [inline]
lockref_get+0x20/0x78 lib/lockref.c:50
gfs2_glock_hold fs/gfs2/glock.c:192 [inline]
do_xmote+0x4d8/0x1198 fs/gfs2/glock.c:806
run_queue+0x458/0x690 fs/gfs2/glock.c:918
glock_work_func+0x1fc/0x428 fs/gfs2/glock.c:1089
process_one_work+0x7f4/0x13a8 kernel/workqueue.c:2292
worker_thread+0x8c8/0xfbc kernel/workqueue.c:2439
kthread+0x250/0x2d8 kernel/kthread.c:376
ret_from_fork+0x10/0x20 arch/arm64/kernel/entry.S:850
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
If the report is already addressed, let syzbot know by replying with:
#syz fix: exact-commit-title
If you want to overwrite report's subsystems, reply with:
#syz set subsystems: new-subsystem
(See the list of subsystem names on the web dashboard)
If the report is a duplicate of another one, reply with:
#syz dup: exact-subject-of-another-report
If you want to undo deduplication, reply with:
#syz undup
syzbot
10:24 AM (12 hours ago) 10:24 AM
to syzkaller...@googlegroups.com
syzbot has found a reproducer for the following issue on:
HEAD commit: c2fda4b3f577 Linux 6.1.156
git tree: linux-6.1.y
console output: https://syzkaller.appspot.com/x/log.txt?x=1615a67c580000
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=11680734580000
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/d8907607c809/disk-c2fda4b3.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/005117d6d256/vmlinux-c2fda4b3.xz
kernel image: https://storage.googleapis.com/syzbot-assets/56e478409d48/Image-c2fda4b3.gz.xz
mounted in repro: https://storage.googleapis.com/syzbot-assets/c0eaa6e786f0/mount_10.gz
fsck result: failed (log: https://syzkaller.appspot.com/x/fsck.log?x=10924b04580000)
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+91c2f1...@syzkaller.appspotmail.com
============================================
WARNING: possible recursive locking detected
syzkaller #0 Not tainted
--------------------------------------------
kworker/0:1H/78 is trying to acquire lock:
ffff0000d0e4b508 (&gl->gl_lockref.lock){+.+.}-{2:2}, at: spin_lock include/linux/spinlock.h:351 [inline]
ffff0000d0e4b508 (&gl->gl_lockref.lock){+.+.}-{2:2}, at: lockref_get+0x20/0x78 lib/lockref.c:50
but task is already holding lock:
ffff0000d0e4b508 (&gl->gl_lockref.lock){+.+.}-{2:2}, at: spin_lock include/linux/spinlock.h:351 [inline]
ffff0000d0e4b508 (&gl->gl_lockref.lock){+.+.}-{2:2}, at: glock_work_func+0x98/0x428 fs/gfs2/glock.c:1074
other info that might help us debug this:
Possible unsafe locking scenario:
CPU0
----
lock(&gl->gl_lockref.lock);
lock(&gl->gl_lockref.lock);
*** DEADLOCK ***
May be due to missing lock nesting notation
3 locks held by kworker/0:1H/78:
#0: ffff0000c7468d38 ((wq_completion)glock_workqueue){+.+.}-{0:0}, at: process_one_work+0x6b4/0x13a8 kernel/workqueue.c:2265
#1: ffff80001cfb7c20 ((work_completion)(&(&gl->gl_work)->work)){+.+.}-{0:0}, at: process_one_work+0x6f8/0x13a8 kernel/workqueue.c:2267
#2: ffff0000d0e4b508 (&gl->gl_lockref.lock){+.+.}-{2:2}, at: spin_lock include/linux/spinlock.h:351 [inline]
#2: ffff0000d0e4b508 (&gl->gl_lockref.lock){+.+.}-{2:2}, at: glock_work_func+0x98/0x428 fs/gfs2/glock.c:1074
stack backtrace:
CPU: 0 PID: 78 Comm: kworker/0:1H Not tainted syzkaller #0
#syz test: git://repo/address.git branch-or-commit-hash
If you attach or paste a git patch, syzbot will apply it before testing.
HEAD commit: c2fda4b3f577 Linux 6.1.156
git tree: linux-6.1.y
kernel config: https://syzkaller.appspot.com/x/.config?x=68aa5a3af1cb953a
dashboard link: https://syzkaller.appspot.com/bug?extid=91c2f1e296e2b870ab2f
compiler: Debian clang version 20.1.8 (++20250708063551+0c9f909b7976-1~exp1~20250708183702.136), Debian LLD 20.1.8
userspace arch: arm64
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=162f3dcd980000
dashboard link: https://syzkaller.appspot.com/bug?extid=91c2f1e296e2b870ab2f
compiler: Debian clang version 20.1.8 (++20250708063551+0c9f909b7976-1~exp1~20250708183702.136), Debian LLD 20.1.8
userspace arch: arm64
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=11680734580000
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/d8907607c809/disk-c2fda4b3.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/005117d6d256/vmlinux-c2fda4b3.xz
kernel image: https://storage.googleapis.com/syzbot-assets/56e478409d48/Image-c2fda4b3.gz.xz
fsck result: failed (log: https://syzkaller.appspot.com/x/fsck.log?x=10924b04580000)
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+91c2f1...@syzkaller.appspotmail.com
============================================
WARNING: possible recursive locking detected
syzkaller #0 Not tainted
--------------------------------------------
ffff0000d0e4b508 (&gl->gl_lockref.lock){+.+.}-{2:2}, at: spin_lock include/linux/spinlock.h:351 [inline]
ffff0000d0e4b508 (&gl->gl_lockref.lock){+.+.}-{2:2}, at: lockref_get+0x20/0x78 lib/lockref.c:50
but task is already holding lock:
ffff0000d0e4b508 (&gl->gl_lockref.lock){+.+.}-{2:2}, at: glock_work_func+0x98/0x428 fs/gfs2/glock.c:1074
other info that might help us debug this:
Possible unsafe locking scenario:
CPU0
----
lock(&gl->gl_lockref.lock);
lock(&gl->gl_lockref.lock);
*** DEADLOCK ***
May be due to missing lock nesting notation
#0: ffff0000c7468d38 ((wq_completion)glock_workqueue){+.+.}-{0:0}, at: process_one_work+0x6b4/0x13a8 kernel/workqueue.c:2265
#1: ffff80001cfb7c20 ((work_completion)(&(&gl->gl_work)->work)){+.+.}-{0:0}, at: process_one_work+0x6f8/0x13a8 kernel/workqueue.c:2267
#2: ffff0000d0e4b508 (&gl->gl_lockref.lock){+.+.}-{2:2}, at: spin_lock include/linux/spinlock.h:351 [inline]
#2: ffff0000d0e4b508 (&gl->gl_lockref.lock){+.+.}-{2:2}, at: glock_work_func+0x98/0x428 fs/gfs2/glock.c:1074
stack backtrace:
CPU: 0 PID: 78 Comm: kworker/0:1H Not tainted syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/30/2025
Workqueue: glock_workqueue glock_work_func
Call trace:
dump_backtrace+0x1c8/0x1f4 arch/arm64/kernel/stacktrace.c:158
show_stack+0x2c/0x3c arch/arm64/kernel/stacktrace.c:165
__dump_stack+0x30/0x40 lib/dump_stack.c:88
dump_stack_lvl+0xf8/0x160 lib/dump_stack.c:106
dump_stack+0x1c/0x5c lib/dump_stack.c:113
__lock_acquire+0x18b4/0x6544 kernel/locking/lockdep.c:-1
lock_acquire+0x20c/0x644 kernel/locking/lockdep.c:5662
__raw_spin_lock include/linux/spinlock_api_smp.h:133 [inline]
_raw_spin_lock+0x54/0x6c kernel/locking/spinlock.c:154
spin_lock include/linux/spinlock.h:351 [inline]
lockref_get+0x20/0x78 lib/lockref.c:50
gfs2_glock_hold fs/gfs2/glock.c:192 [inline]
do_xmote+0x4d8/0x1198 fs/gfs2/glock.c:806
run_queue+0x458/0x690 fs/gfs2/glock.c:918
glock_work_func+0x1fc/0x428 fs/gfs2/glock.c:1089
process_one_work+0x7f4/0x13a8 kernel/workqueue.c:2292
worker_thread+0x8c8/0xfbc kernel/workqueue.c:2439
kthread+0x250/0x2d8 kernel/kthread.c:376
ret_from_fork+0x10/0x20 arch/arm64/kernel/entry.S:850
---
If you want syzbot to run the reproducer, reply with:
Workqueue: glock_workqueue glock_work_func
Call trace:
dump_backtrace+0x1c8/0x1f4 arch/arm64/kernel/stacktrace.c:158
show_stack+0x2c/0x3c arch/arm64/kernel/stacktrace.c:165
__dump_stack+0x30/0x40 lib/dump_stack.c:88
dump_stack_lvl+0xf8/0x160 lib/dump_stack.c:106
dump_stack+0x1c/0x5c lib/dump_stack.c:113
__lock_acquire+0x18b4/0x6544 kernel/locking/lockdep.c:-1
lock_acquire+0x20c/0x644 kernel/locking/lockdep.c:5662
__raw_spin_lock include/linux/spinlock_api_smp.h:133 [inline]
_raw_spin_lock+0x54/0x6c kernel/locking/spinlock.c:154
spin_lock include/linux/spinlock.h:351 [inline]
lockref_get+0x20/0x78 lib/lockref.c:50
gfs2_glock_hold fs/gfs2/glock.c:192 [inline]
do_xmote+0x4d8/0x1198 fs/gfs2/glock.c:806
run_queue+0x458/0x690 fs/gfs2/glock.c:918
glock_work_func+0x1fc/0x428 fs/gfs2/glock.c:1089
process_one_work+0x7f4/0x13a8 kernel/workqueue.c:2292
worker_thread+0x8c8/0xfbc kernel/workqueue.c:2439
kthread+0x250/0x2d8 kernel/kthread.c:376
ret_from_fork+0x10/0x20 arch/arm64/kernel/entry.S:850
---
#syz test: git://repo/address.git branch-or-commit-hash
If you attach or paste a git patch, syzbot will apply it before testing.
Reply all
Reply to author
Forward
0 new messages