syzbot

 sign-in | mailing list | source | docs
🐞 Open [800]
🐞 Fixed [135]
🐞 Invalid [910]
Missing Backports [76]
Crashes
Kernel Health Bugs/Month Bug Lifetimes Fuzzing
💬 Send us feedback

possible deadlock in lockref_get

Status: upstream: reported C repro on 2025/10/16 12:45
Bug presence: origin:upstream
[Documentation on labels]
Reported-by: syzbot+91c2f1e296e2b870ab2f@syzkaller.appspotmail.com
First crash: 4d18h, last: 4d08h
Bug presence (1)
Date Name Commit Repro Result
2025/10/18 upstream (ToT) f406055cb18c C [report] KASAN: slab-use-after-free Write in gfs2_qd_dealloc

Sample crash report:
============================================
WARNING: possible recursive locking detected
syzkaller #0 Not tainted
--------------------------------------------
kworker/1:1H/51 is trying to acquire lock:
ffff0000d9911558 (&gl->gl_lockref.lock){+.+.}-{2:2}, at: spin_lock include/linux/spinlock.h:351 [inline]
ffff0000d9911558 (&gl->gl_lockref.lock){+.+.}-{2:2}, at: lockref_get+0x20/0x78 lib/lockref.c:50

but task is already holding lock:
ffff0000d9911558 (&gl->gl_lockref.lock){+.+.}-{2:2}, at: spin_lock include/linux/spinlock.h:351 [inline]
ffff0000d9911558 (&gl->gl_lockref.lock){+.+.}-{2:2}, at: glock_work_func+0x98/0x428 fs/gfs2/glock.c:1074

other info that might help us debug this:
 Possible unsafe locking scenario:

       CPU0
       ----
  lock(&gl->gl_lockref.lock);
  lock(&gl->gl_lockref.lock);

 *** DEADLOCK ***

 May be due to missing lock nesting notation

3 locks held by kworker/1:1H/51:
 #0: ffff0000c4fbc538 ((wq_completion)glock_workqueue){+.+.}-{0:0}, at: process_one_work+0x6b4/0x13a8 kernel/workqueue.c:2265
 #1: ffff80001ce47c20 ((work_completion)(&(&gl->gl_work)->work)){+.+.}-{0:0}, at: process_one_work+0x6f8/0x13a8 kernel/workqueue.c:2267
 #2: ffff0000d9911558 (&gl->gl_lockref.lock){+.+.}-{2:2}, at: spin_lock include/linux/spinlock.h:351 [inline]
 #2: ffff0000d9911558 (&gl->gl_lockref.lock){+.+.}-{2:2}, at: glock_work_func+0x98/0x428 fs/gfs2/glock.c:1074

stack backtrace:
CPU: 1 PID: 51 Comm: kworker/1:1H Not tainted syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/30/2025
Workqueue: glock_workqueue glock_work_func
Call trace:
 dump_backtrace+0x1c8/0x1f4 arch/arm64/kernel/stacktrace.c:158
 show_stack+0x2c/0x3c arch/arm64/kernel/stacktrace.c:165
 __dump_stack+0x30/0x40 lib/dump_stack.c:88
 dump_stack_lvl+0xf8/0x160 lib/dump_stack.c:106
 dump_stack+0x1c/0x5c lib/dump_stack.c:113
 __lock_acquire+0x18b4/0x6544 kernel/locking/lockdep.c:-1
 lock_acquire+0x20c/0x644 kernel/locking/lockdep.c:5662
 __raw_spin_lock include/linux/spinlock_api_smp.h:133 [inline]
 _raw_spin_lock+0x54/0x6c kernel/locking/spinlock.c:154
 spin_lock include/linux/spinlock.h:351 [inline]
 lockref_get+0x20/0x78 lib/lockref.c:50
 gfs2_glock_hold fs/gfs2/glock.c:192 [inline]
 do_xmote+0x4d8/0x1198 fs/gfs2/glock.c:806
 run_queue+0x458/0x690 fs/gfs2/glock.c:918
 glock_work_func+0x1fc/0x428 fs/gfs2/glock.c:1089
 process_one_work+0x7f4/0x13a8 kernel/workqueue.c:2292
 worker_thread+0x8c8/0xfbc kernel/workqueue.c:2439
 kthread+0x250/0x2d8 kernel/kthread.c:376
 ret_from_fork+0x10/0x20 arch/arm64/kernel/entry.S:850

Crashes (7):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2025/10/16 22:07 linux-6.1.y c2fda4b3f577 19568248 .config console log report syz / log C [disk image] [vmlinux] [kernel image] [mounted in repro (corrupt fs)] ci2-linux-6-1-kasan-arm64 possible deadlock in lockref_get
2025/10/16 19:03 linux-6.1.y c2fda4b3f577 19568248 .config console log report syz / log C [disk image] [vmlinux] [kernel image] [mounted in repro (corrupt fs)] ci2-linux-6-1-kasan-arm64 possible deadlock in lockref_get
2025/10/16 17:23 linux-6.1.y c2fda4b3f577 19568248 .config console log report syz / log C [disk image] [vmlinux] [kernel image] [mounted in repro (corrupt fs)] ci2-linux-6-1-kasan-arm64 possible deadlock in lockref_get
2025/10/16 15:50 linux-6.1.y c2fda4b3f577 19568248 .config console log report syz / log C [disk image] [vmlinux] [kernel image] [mounted in repro (corrupt fs)] ci2-linux-6-1-kasan-arm64 possible deadlock in lockref_get
2025/10/16 14:23 linux-6.1.y c2fda4b3f577 19568248 .config console log report syz / log C [disk image] [vmlinux] [kernel image] [mounted in repro (corrupt fs)] ci2-linux-6-1-kasan-arm64 possible deadlock in lockref_get
2025/10/16 20:28 linux-6.1.y c2fda4b3f577 19568248 .config console log report syz / log [disk image] [vmlinux] [kernel image] [mounted in repro (corrupt fs)] ci2-linux-6-1-kasan-arm64 possible deadlock in lockref_get
2025/10/16 12:45 linux-6.1.y c2fda4b3f577 19568248 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan-arm64 possible deadlock in lockref_get
* Struck through repros no longer work on HEAD.