syzbot

 sign-in | mailing list | source | docs
🐞 Open [8]
🐞 Fixed [560]
🐞 Invalid [418]
Crashes
Kernel Health Bugs/Month Bug Lifetimes Fuzzing
💬 Send us feedback

panic: WARNING: circular locking detected: vfs.inotifyEventMutex -> mm.mappingRWMutex: (2)

Status: fixed on 2025/09/17 13:21
Fix commit: 2c49d9fd3897 kernel: fix circular locking in FSContext.destroy
First crash: 126d, last: 122d
Similar bugs (1)
Kernel Title Rank 🛈 Repro Cause bisect Fix bisect Count Last Reported Patched Status
gvisor panic: WARNING: circular locking detected: vfs.inotifyEventMutex -> mm.mappingRWMutex: 2 syz 40 1310d 1312d 0/26 closed as invalid on 2024/12/13 00:14

Sample crash report:
panic: WARNING: circular locking detected: vfs.inotifyEventMutex -> mm.mappingRWMutex:
	goroutine 2928 [running]:
	gvisor.dev/gvisor/pkg/sync/locking.(*ancestorsAtomicPtrMap).RangeRepeatable(0xc000314da0, 0xc000c44b60)
		bazel-out/k8-fastbuild/bin/pkg/sync/locking/atomicptrmap_ancestors_unsafe.go:440 +0x314
	gvisor.dev/gvisor/pkg/sync/locking.checkLock(0xc000315d40, 0xc000314d80, {0x0, 0x0, 0x0})
		pkg/sync/locking/lockdep.go:112 +0x4eb
	gvisor.dev/gvisor/pkg/sync/locking.AddGLock(0xc000315d40, 0xffffffffffffffff)
		pkg/sync/locking/lockdep.go:144 +0x37b
	gvisor.dev/gvisor/pkg/sentry/mm.(*mappingRWMutex).RLock(0xc000c5e05c)
		bazel-out/k8-fastbuild/bin/pkg/sentry/mm/mapping_mutex.go:59 +0x4d
	gvisor.dev/gvisor/pkg/sentry/mm.(*MemoryManager).withInternalMappings(0xc000c5e008, {0x21b8b30, 0xc000da8008}, {0x1?, 0x47bf53?}, {0x6c?, 0x86?, 0x48?}, 0x0, 0xc000c44f38)
		pkg/sentry/mm/io.go:545 +0x145
	gvisor.dev/gvisor/pkg/sentry/mm.(*MemoryManager).CopyOut(0xc000c5e008, {0x21b8b30, 0xc000da8008}, 0x200000004000, {0xc000a8f6f0, 0x10, 0x10}, {0x1?, 0x0?})
		pkg/sentry/mm/io.go:130 +0x2e7
	gvisor.dev/gvisor/pkg/usermem.CopyOutVec({0x21b8b30, 0xc000da8008}, {0x21ae4b8, 0xc000c5e008}, {0x0?, 0xa00a15?, 0x48866c?, 0x48a355?}, {0xc000a8f6f0, 0x10, ...}, ...)
		pkg/usermem/usermem.go:264 +0x26b
	gvisor.dev/gvisor/pkg/usermem.IOSequence.CopyOut({{0x21ae4b8, 0xc000c5e008}, {0x0, 0x1, 0x200000004000, 0x2020}, {0x0, 0x1}}, {0x21b8b30, 0xc000da8008}, ...)
		pkg/usermem/usermem.go:482 +0xe8
	gvisor.dev/gvisor/pkg/sentry/vfs.(*Event).CopyTo(0xc00113cec0, {0x21b8b30, 0xc000da8008}, {0xc000a8f6f0, 0x10, 0x10}, {{0x21ae4b8, 0xc000c5e008}, {0x0, 0x1, ...}, ...})
		pkg/sentry/vfs/inotify.go:693 +0x5a5
	gvisor.dev/gvisor/pkg/sentry/vfs.(*Inotify).Read(0xc00056a000, {0x21b8b30, 0xc000da8008}, {{0x21ae4b8, 0xc000c5e008}, {0x0, 0x1, 0x200000004000, 0x2020}, {0x0, ...}}, ...)
		pkg/sentry/vfs/inotify.go:244 +0x632
	gvisor.dev/gvisor/pkg/sentry/vfs.(*FileDescription).Read(0xc00056a000, {0x21b8b30, 0xc000da8008}, {{0x21ae4b8, 0xc000c5e008}, {0x0, 0x1, 0x200000004000, 0x2020}, {0x0, ...}}, ...)
		pkg/sentry/vfs/file_description.go:653 +0x154
	gvisor.dev/gvisor/pkg/sentry/syscalls/linux.read(0xc000da8008, 0xc00056a000, {{0x21ae4b8, 0xc000c5e008}, {0x0, 0x1, 0x200000004000, 0x2020}, {0x0, 0x1}}, ...)
		pkg/sentry/syscalls/linux/sys_read_write.go:93 +0xa5
	gvisor.dev/gvisor/pkg/sentry/syscalls/linux.Read(0xc000da8008, 0x140?, {{0x6}, {0x200000004000}, {0x2020}, {0x0}, {0x0}, {0x0}})
		pkg/sentry/syscalls/linux/sys_read_write.go:62 +0x38f
	gvisor.dev/gvisor/pkg/sentry/kernel.(*Task).executeSyscall(0xc000da8008, 0x0, {{0x6}, {0x200000004000}, {0x2020}, {0x0}, {0x0}, {0x0}})
		pkg/sentry/kernel/task_syscall.go:143 +0xb90
	gvisor.dev/gvisor/pkg/sentry/kernel.(*Task).doSyscallInvoke(0xc000da8008, 0x0, {{0x6}, {0x200000004000}, {0x2020}, {0x0}, {0x0}, {0x0}})
		pkg/sentry/kernel/task_syscall.go:323 +0x85
	gvisor.dev/gvisor/pkg/sentry/kernel.(*Task).doSyscallEnter(0xc000da8008, 0x0, {{0x6}, {0x200000004000}, {0x2020}, {0x0}, {0x0}, {0x0}})
		pkg/sentry/kernel/task_syscall.go:283 +0xc7
	gvisor.dev/gvisor/pkg/sentry/kernel.(*Task).doSyscall(0xc000da8008)
		pkg/sentry/kernel/task_syscall.go:258 +0x53e
	gvisor.dev/gvisor/pkg/sentry/kernel.(*runApp).execute(0xc000da8008?, 0xc000da8008)
		pkg/sentry/kernel/task_run.go:269 +0x220c
	gvisor.dev/gvisor/pkg/sentry/kernel.(*Task).run(0xc000da8008, 0x316)
		pkg/sentry/kernel/task_run.go:97 +0x402
	created by gvisor.dev/gvisor/pkg/sentry/kernel.(*Task).Start in goroutine 2971
		pkg/sentry/kernel/task_start.go:416 +0x17e
	
	known lock chain: mm.mappingRWMutex -> kernel.fsContextMutex -> vfs.inotifyEventMutex
	
	====== mm.mappingRWMutex -> kernel.fsContextMutex =====
	goroutine 1510 [running]:
	gvisor.dev/gvisor/pkg/sentry/kernel.(*fsContextMutex).Lock(0xc00137d888)
		bazel-out/k8-fastbuild/bin/pkg/sentry/kernel/fs_context_mutex.go:33 +0x4d
	gvisor.dev/gvisor/pkg/sentry/kernel.(*FSContext).RootDirectory(0xc00137d880)
		pkg/sentry/kernel/fs_context.go:150 +0x65
	gvisor.dev/gvisor/pkg/sentry/kernel.(*Task).contextValue(0xc000749908, {0x1cdad80, 0x21876a0}, 0x1)
		pkg/sentry/kernel/task_context.go:99 +0x12ba
	gvisor.dev/gvisor/pkg/sentry/kernel.(*Task).Value(0xc000749908, {0x1cdad80, 0x21876a0})
		pkg/sentry/kernel/task_context.go:61 +0x85
	gvisor.dev/gvisor/pkg/sentry/vfs.RootFromContext({0x7f5236702140, 0xc000749908})
		pkg/sentry/vfs/context.go:88 +0x58
	gvisor.dev/gvisor/pkg/sentry/vfs.(*FileDescription).MappedName(0xc0004f4900, {0x21b8b30, 0xc000749908})
		pkg/sentry/vfs/file_description.go:818 +0x78
	gvisor.dev/gvisor/pkg/sentry/mm.(*MemoryManager).appendVMAMapsEntryLocked(0xc000956100?, {0x21b8b30, 0xc000749908}, {0xc00055db08?, 0xc000d92fb8?}, 0xc001182550)
		pkg/sentry/mm/procfs.go:129 +0x32c
	gvisor.dev/gvisor/pkg/sentry/mm.(*MemoryManager).vmaSmapsEntryIntoLocked(0xc001014008, {0x21b8b30, 0xc000749908}, {0xc00055db08?, 0x48866c?}, 0xc000956100)
		pkg/sentry/mm/procfs.go:160 +0xb5
	gvisor.dev/gvisor/pkg/sentry/mm.(*MemoryManager).ReadSmapsDataInto(0xc001014008, {0x21b8b30, 0xc000749908}, 0xc000956100)
		pkg/sentry/mm/procfs.go:141 +0x12e
	gvisor.dev/gvisor/pkg/sentry/fsimpl/proc.(*smapsData).Generate(0xc000cad508, {0x21b8b30, 0xc000749908}, 0xc000956100)
		pkg/sentry/fsimpl/proc/task_files.go:670 +0x9e
	gvisor.dev/gvisor/pkg/sentry/vfs.(*DynamicBytesFileDescriptionImpl).preadLocked(0xc0009560e0, {0x21b8b30, 0xc000749908}, {{0x21ae4b8, 0xc001014008}, {0x0, 0x1, 0x200000006140, 0x2000}, {0x0, ...}}, ...)
		pkg/sentry/vfs/file_description_impl_util.go:310 +0x1d9
	gvisor.dev/gvisor/pkg/sentry/vfs.(*DynamicBytesFileDescriptionImpl).Read(0xc0009560e0, {0x21b8b30, 0xc000749908}, {{0x21ae4b8, 0xc001014008}, {0x0, 0x1, 0x200000006140, 0x2000}, {0x0, ...}}, ...)
		pkg/sentry/vfs/file_description_impl_util.go:337 +0x128
	gvisor.dev/gvisor/pkg/sentry/fsimpl/kernfs.(*DynamicBytesFD).Read(0xc0009560e0, {0x21b8b30, 0xc000749908}, {{0x21ae4b8, 0xc001014008}, {0x0, 0x1, 0x200000006140, 0x2000}, {0x0, ...}}, ...)
		pkg/sentry/fsimpl/kernfs/dynamic_bytes_file.go:128 +0xa5
	gvisor.dev/gvisor/pkg/sentry/vfs.(*FileDescription).Read(0xc000956140, {0x21b8b30, 0xc000749908}, {{0x21ae4b8, 0xc001014008}, {0x0, 0x1, 0x200000006140, 0x2000}, {0x0, ...}}, ...)
		pkg/sentry/vfs/file_description.go:653 +0x154
	gvisor.dev/gvisor/pkg/sentry/syscalls/linux.read(0xc000749908, 0xc000956140, {{0x21ae4b8, 0xc001014008}, {0x0, 0x1, 0x200000006140, 0x2000}, {0x0, 0x1}}, ...)
		pkg/sentry/syscalls/linux/sys_read_write.go:93 +0xa5
	gvisor.dev/gvisor/pkg/sentry/syscalls/linux.Read(0xc000749908, 0x20?, {{0x5}, {0x200000006140}, {0x2000}, {0x5}, {0x0}, {0x0}})
		pkg/sentry/syscalls/linux/sys_read_write.go:62 +0x38f
	gvisor.dev/gvisor/pkg/sentry/kernel.(*Task).executeSyscall(0xc000749908, 0x0, {{0x5}, {0x200000006140}, {0x2000}, {0x5}, {0x0}, {0x0}})
		pkg/sentry/kernel/task_syscall.go:143 +0xb90
	gvisor.dev/gvisor/pkg/sentry/kernel.(*Task).doSyscallInvoke(0xc000749908, 0x0, {{0x5}, {0x200000006140}, {0x2000}, {0x5}, {0x0}, {0x0}})
		pkg/sentry/kernel/task_syscall.go:323 +0x85
	gvisor.dev/gvisor/pkg/sentry/kernel.(*Task).doSyscallEnter(0xc000749908, 0x0, {{0x5}, {0x200000006140}, {0x2000}, {0x5}, {0x0}, {0x0}})
		pkg/sentry/kernel/task_syscall.go:283 +0xc7
	gvisor.dev/gvisor/pkg/sentry/kernel.(*Task).doSyscall(0xc000749908)
		pkg/sentry/kernel/task_syscall.go:258 +0x53e
	gvisor.dev/gvisor/pkg/sentry/kernel.(*runApp).execute(0xc000749908?, 0xc000749908)
		pkg/sentry/kernel/task_run.go:269 +0x220c
	gvisor.dev/gvisor/pkg/sentry/kernel.(*Task).run(0xc000749908, 0x171)
		pkg/sentry/kernel/task_run.go:97 +0x402
	created by gvisor.dev/gvisor/pkg/sentry/kernel.(*Task).Start in goroutine 1483
		pkg/sentry/kernel/task_start.go:416 +0x17e
	
	====== kernel.fsContextMutex -> vfs.inotifyEventMutex =====
	goroutine 675 [running]:
	gvisor.dev/gvisor/pkg/sentry/vfs.(*inotifyEventMutex).Lock(0xc00092e178)
		bazel-out/k8-fastbuild/bin/pkg/sentry/vfs/inotify_event_mutex.go:33 +0x4d
	gvisor.dev/gvisor/pkg/sentry/vfs.(*Inotify).queueEvent(0xc00092e0e0, 0xc000cb5ac0)
		pkg/sentry/vfs/inotify.go:276 +0x4e
	gvisor.dev/gvisor/pkg/sentry/vfs.(*Watch).Notify(0xc001320a20, {0x0, 0x0}, 0x400, 0x0)
		pkg/sentry/vfs/inotify.go:604 +0x10b
	gvisor.dev/gvisor/pkg/sentry/vfs.(*Watches).Notify(0xc00101cba0, {0x21b8b30, 0xc0013a2008}, {0x0, 0x0}, 0x400, 0x0, 0x1, 0x1)
		pkg/sentry/vfs/inotify.go:476 +0x1fe
	gvisor.dev/gvisor/pkg/sentry/vfs.(*Watches).HandleDeletion(0xc00101cba0, {0x21b8b30, 0xc0013a2008})
		pkg/sentry/vfs/inotify.go:510 +0x86
	gvisor.dev/gvisor/pkg/sentry/fsimpl/tmpfs.(*inode).decRef.func1()
		pkg/sentry/fsimpl/tmpfs/tmpfs.go:605 +0x65
	gvisor.dev/gvisor/pkg/sentry/fsimpl/tmpfs.(*inodeRefs).DecRef(0xc00101c860, 0xc000bb7b10)
		bazel-out/k8-fastbuild/bin/pkg/sentry/fsimpl/tmpfs/inode_refs.go:133 +0xb4
	gvisor.dev/gvisor/pkg/sentry/fsimpl/tmpfs.(*inode).decRef(0xc00101c858, {0x21b8b30, 0xc0013a2008})
		pkg/sentry/fsimpl/tmpfs/tmpfs.go:604 +0xa5
	gvisor.dev/gvisor/pkg/sentry/fsimpl/tmpfs.(*dentry).DecRef(0xc00101c808, {0x21b8b30, 0xc0013a2008})
		pkg/sentry/fsimpl/tmpfs/tmpfs.go:464 +0x65
	gvisor.dev/gvisor/pkg/sentry/vfs.(*Dentry).DecRef(0xc00101c808, {0x21b8b30, 0xc0013a2008})
		pkg/sentry/vfs/dentry.go:156 +0x68
	gvisor.dev/gvisor/pkg/sentry/vfs.VirtualDentry.DecRef({0xc000b0e0b0?, 0xc00101c808?}, {0x21b8b30, 0xc0013a2008})
		pkg/sentry/vfs/vfs.go:1114 +0x5b
	gvisor.dev/gvisor/pkg/sentry/kernel.(*FSContext).destroy(0xc000edb1c0, {0x21b8b30, 0xc0013a2008})
		pkg/sentry/kernel/fs_context.go:73 +0x16d
	gvisor.dev/gvisor/pkg/sentry/kernel.(*FSContext).DecRef.func1()
		pkg/sentry/kernel/fs_context.go:87 +0x59
	gvisor.dev/gvisor/pkg/sentry/kernel.(*FSContextRefs).DecRef(0xc000edb1c0, 0xc000bb7d10)
		bazel-out/k8-fastbuild/bin/pkg/sentry/kernel/fs_context_refs.go:133 +0xb4
	gvisor.dev/gvisor/pkg/sentry/kernel.(*FSContext).DecRef(0xc000edb1c0, {0x21b8b30, 0xc0013a2008})
		pkg/sentry/kernel/fs_context.go:86 +0xa5
	gvisor.dev/gvisor/pkg/sentry/kernel.(*runExitMain).execute(0xc0013a2008?, 0xc0013a2008)
		pkg/sentry/kernel/task_exit.go:301 +0x7d3
	gvisor.dev/gvisor/pkg/sentry/kernel.(*Task).run(0xc0013a2008, 0x72)
		pkg/sentry/kernel/task_run.go:97 +0x402
	created by gvisor.dev/gvisor/pkg/sentry/kernel.(*Task).Start in goroutine 621
		pkg/sentry/kernel/task_start.go:416 +0x17e

Crashes (5):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2025/09/15 19:46 gvisor 57697a8f6350 e2beed91 .config console log report info ci-gvisor-systrap-1-race-cover panic: WARNING: circular locking detected: vfs.inotifyEventMutex -> mm.mappingRWMutex:
2025/09/14 01:08 gvisor 57697a8f6350 e2beed91 .config console log report info ci-gvisor-ptrace-3-race panic: WARNING: circular locking detected: vfs.inotifyEventMutex -> mm.mappingRWMutex:
2025/09/12 01:34 gvisor 57697a8f6350 e2beed91 .config console log report info ci-gvisor-ptrace-2-race panic: WARNING: circular locking detected: vfs.inotifyEventMutex -> mm.mappingRWMutex:
2025/09/15 06:32 gvisor 57697a8f6350 e2beed91 .config console log report info ci-gvisor-arm64-ptrace-1-race panic: WARNING: circular locking detected: vfs.inotifyEventMutex -> mm.mappingRWMutex:
2025/09/13 16:14 gvisor 57697a8f6350 e2beed91 .config console log report info ci-gvisor-arm64-ptrace-1-race panic: WARNING: circular locking detected: vfs.inotifyEventMutex -> mm.mappingRWMutex:
* Struck through repros no longer work on HEAD.