syzbot

 sign-in | mailing list | source | docs
🐞 Open [7]
🐞 Fixed [541]
🐞 Invalid [411]
Crashes
Kernel Health Bugs/Month Bug Lifetimes Fuzzing
💬 Send us feedback

panic: WARNING: circular locking detected: mm.mappingRWMutex -> kernel.fsContextMutex:

Status: fixed on 2025/09/17 13:21
Fix commit: 2c49d9fd3897 kernel: fix circular locking in FSContext.destroy
First crash: 5d21h, last: 2d02h

Sample crash report:
panic: WARNING: circular locking detected: mm.mappingRWMutex -> kernel.fsContextMutex:
	goroutine 934 [running]:
	gvisor.dev/gvisor/pkg/sync/locking.(*ancestorsAtomicPtrMap).RangeRepeatable(0xc0003b3970, 0xc0007c68b0)
		bazel-out/k8-fastbuild/bin/pkg/sync/locking/atomicptrmap_ancestors_unsafe.go:440 +0x314
	gvisor.dev/gvisor/pkg/sync/locking.checkLock(0xc0002bb050, 0xc0003b3950, {0x0, 0x0, 0x0})
		pkg/sync/locking/lockdep.go:112 +0x4eb
	gvisor.dev/gvisor/pkg/sync/locking.AddGLock(0xc0002bb050, 0xffffffffffffffff)
		pkg/sync/locking/lockdep.go:144 +0x37b
	gvisor.dev/gvisor/pkg/sentry/kernel.(*fsContextMutex).Lock(0xc000940488)
		bazel-out/k8-fastbuild/bin/pkg/sentry/kernel/fs_context_mutex.go:33 +0x4d
	gvisor.dev/gvisor/pkg/sentry/kernel.(*FSContext).RootDirectory(0xc000940480)
		pkg/sentry/kernel/fs_context.go:150 +0x65
	gvisor.dev/gvisor/pkg/sentry/kernel.(*Task).contextValue(0xc000d8f908, {0x1cdae80, 0x21877c0}, 0x1)
		pkg/sentry/kernel/task_context.go:99 +0x12ba
	gvisor.dev/gvisor/pkg/sentry/kernel.(*Task).Value(0xc000d8f908, {0x1cdae80, 0x21877c0})
		pkg/sentry/kernel/task_context.go:61 +0x85
	gvisor.dev/gvisor/pkg/sentry/vfs.RootFromContext({0x7f6fc1bbfaf0, 0xc000d8f908})
		pkg/sentry/vfs/context.go:88 +0x58
	gvisor.dev/gvisor/pkg/sentry/vfs.(*FileDescription).MappedName(0xc000826580, {0x21b8c30, 0xc000d8f908})
		pkg/sentry/vfs/file_description.go:818 +0x78
	gvisor.dev/gvisor/pkg/sentry/mm.(*MemoryManager).appendVMAMapsEntryLocked(0xa00a15?, {0x21b8c30, 0xc000d8f908}, {0xc000746008?, 0xc000dbbcc0?}, 0xc000c71250)
		pkg/sentry/mm/procfs.go:129 +0x32c
	gvisor.dev/gvisor/pkg/sentry/mm.(*MemoryManager).vmaSmapsEntryIntoLocked(0xc00073c008, {0x21b8c30, 0xc000d8f908}, {0xc000746008?, 0x48866c?}, 0xc0007b4100)
		pkg/sentry/mm/procfs.go:160 +0xb5
	gvisor.dev/gvisor/pkg/sentry/mm.(*MemoryManager).ReadSmapsDataInto(0xc00073c008, {0x21b8c30, 0xc000d8f908}, 0xc0007b4100)
		pkg/sentry/mm/procfs.go:141 +0x12e
	gvisor.dev/gvisor/pkg/sentry/fsimpl/proc.(*smapsData).Generate(0xc000d17508, {0x21b8c30, 0xc000d8f908}, 0xc0007b4100)
		pkg/sentry/fsimpl/proc/task_files.go:670 +0x9e
	gvisor.dev/gvisor/pkg/sentry/vfs.(*DynamicBytesFileDescriptionImpl).preadLocked(0xc0007b40e0, {0x21b8c30, 0xc000d8f908}, {{0x21ae5b8, 0xc00073c008}, {0x0, 0x1, 0x200000006140, 0x2000}, {0x0, ...}}, ...)
		pkg/sentry/vfs/file_description_impl_util.go:310 +0x1d9
	gvisor.dev/gvisor/pkg/sentry/vfs.(*DynamicBytesFileDescriptionImpl).Read(0xc0007b40e0, {0x21b8c30, 0xc000d8f908}, {{0x21ae5b8, 0xc00073c008}, {0x0, 0x1, 0x200000006140, 0x2000}, {0x0, ...}}, ...)
		pkg/sentry/vfs/file_description_impl_util.go:337 +0x128
	gvisor.dev/gvisor/pkg/sentry/fsimpl/kernfs.(*DynamicBytesFD).Read(0xc0007b40e0, {0x21b8c30, 0xc000d8f908}, {{0x21ae5b8, 0xc00073c008}, {0x0, 0x1, 0x200000006140, 0x2000}, {0x0, ...}}, ...)
		pkg/sentry/fsimpl/kernfs/dynamic_bytes_file.go:128 +0xa5
	gvisor.dev/gvisor/pkg/sentry/vfs.(*FileDescription).Read(0xc0007b4140, {0x21b8c30, 0xc000d8f908}, {{0x21ae5b8, 0xc00073c008}, {0x0, 0x1, 0x200000006140, 0x2000}, {0x0, ...}}, ...)
		pkg/sentry/vfs/file_description.go:653 +0x154
	gvisor.dev/gvisor/pkg/sentry/syscalls/linux.read(0xc000d8f908, 0xc0007b4140, {{0x21ae5b8, 0xc00073c008}, {0x0, 0x1, 0x200000006140, 0x2000}, {0x0, 0x1}}, ...)
		pkg/sentry/syscalls/linux/sys_read_write.go:93 +0xa5
	gvisor.dev/gvisor/pkg/sentry/syscalls/linux.Read(0xc000d8f908, 0x457b27?, {{0x3}, {0x200000006140}, {0x2000}, {0x3}, {0x0}, {0x0}})
		pkg/sentry/syscalls/linux/sys_read_write.go:62 +0x38f
	gvisor.dev/gvisor/pkg/sentry/kernel.(*Task).executeSyscall(0xc000d8f908, 0x0, {{0x3}, {0x200000006140}, {0x2000}, {0x3}, {0x0}, {0x0}})
		pkg/sentry/kernel/task_syscall.go:143 +0xb90
	gvisor.dev/gvisor/pkg/sentry/kernel.(*Task).doSyscallInvoke(0xc000d8f908, 0x0, {{0x3}, {0x200000006140}, {0x2000}, {0x3}, {0x0}, {0x0}})
		pkg/sentry/kernel/task_syscall.go:323 +0x85
	gvisor.dev/gvisor/pkg/sentry/kernel.(*Task).doSyscallEnter(0xc000d8f908, 0x0, {{0x3}, {0x200000006140}, {0x2000}, {0x3}, {0x0}, {0x0}})
		pkg/sentry/kernel/task_syscall.go:283 +0xc7
	gvisor.dev/gvisor/pkg/sentry/kernel.(*Task).doSyscall(0xc000d8f908)
		pkg/sentry/kernel/task_syscall.go:258 +0x53e
	gvisor.dev/gvisor/pkg/sentry/kernel.(*runApp).execute(0xc000d8f908?, 0xc000d8f908)
		pkg/sentry/kernel/task_run.go:269 +0x220c
	gvisor.dev/gvisor/pkg/sentry/kernel.(*Task).run(0xc000d8f908, 0xed)
		pkg/sentry/kernel/task_run.go:97 +0x402
	created by gvisor.dev/gvisor/pkg/sentry/kernel.(*Task).Start in goroutine 922
		pkg/sentry/kernel/task_start.go:416 +0x17e
	
	known lock chain: kernel.fsContextMutex -> vfs.inotifyEventMutex -> mm.mappingRWMutex
	
	====== kernel.fsContextMutex -> vfs.inotifyEventMutex =====
	goroutine 797 [running]:
	gvisor.dev/gvisor/pkg/sentry/vfs.(*inotifyEventMutex).Lock(0xc0008dc178)
		bazel-out/k8-fastbuild/bin/pkg/sentry/vfs/inotify_event_mutex.go:33 +0x4d
	gvisor.dev/gvisor/pkg/sentry/vfs.(*Inotify).queueEvent(0xc0008dc0e0, 0xc000dde140)
		pkg/sentry/vfs/inotify.go:276 +0x4e
	gvisor.dev/gvisor/pkg/sentry/vfs.(*Watches).HandleDeletion(0xc0008cb7a0, {0x21b8c30, 0xc0009d8588})
		pkg/sentry/vfs/inotify.go:537 +0x2fc
	gvisor.dev/gvisor/pkg/sentry/fsimpl/tmpfs.(*inode).decRef.func1()
		pkg/sentry/fsimpl/tmpfs/tmpfs.go:605 +0x65
	gvisor.dev/gvisor/pkg/sentry/fsimpl/tmpfs.(*inodeRefs).DecRef(0xc0008cb460, 0xc000c91b10)
		bazel-out/k8-fastbuild/bin/pkg/sentry/fsimpl/tmpfs/inode_refs.go:133 +0xb4
	gvisor.dev/gvisor/pkg/sentry/fsimpl/tmpfs.(*inode).decRef(0xc0008cb458, {0x21b8c30, 0xc0009d8588})
		pkg/sentry/fsimpl/tmpfs/tmpfs.go:604 +0xa5
	gvisor.dev/gvisor/pkg/sentry/fsimpl/tmpfs.(*dentry).DecRef(0xc0008cb408, {0x21b8c30, 0xc0009d8588})
		pkg/sentry/fsimpl/tmpfs/tmpfs.go:464 +0x65
	gvisor.dev/gvisor/pkg/sentry/vfs.(*Dentry).DecRef(0xc0008cb408, {0x21b8c30, 0xc0009d8588})
		pkg/sentry/vfs/dentry.go:156 +0x68
	gvisor.dev/gvisor/pkg/sentry/vfs.VirtualDentry.DecRef({0xc00024d080?, 0xc0008cb408?}, {0x21b8c30, 0xc0009d8588})
		pkg/sentry/vfs/vfs.go:1114 +0x5b
	gvisor.dev/gvisor/pkg/sentry/kernel.(*FSContext).destroy(0xc0009ed840, {0x21b8c30, 0xc0009d8588})
		pkg/sentry/kernel/fs_context.go:73 +0x16d
	gvisor.dev/gvisor/pkg/sentry/kernel.(*FSContext).DecRef.func1()
		pkg/sentry/kernel/fs_context.go:87 +0x59
	gvisor.dev/gvisor/pkg/sentry/kernel.(*FSContextRefs).DecRef(0xc0009ed840, 0xc000c91d10)
		bazel-out/k8-fastbuild/bin/pkg/sentry/kernel/fs_context_refs.go:133 +0xb4
	gvisor.dev/gvisor/pkg/sentry/kernel.(*FSContext).DecRef(0xc0009ed840, {0x21b8c30, 0xc0009d8588})
		pkg/sentry/kernel/fs_context.go:86 +0xa5
	gvisor.dev/gvisor/pkg/sentry/kernel.(*runExitMain).execute(0xc0009d8588?, 0xc0009d8588)
		pkg/sentry/kernel/task_exit.go:301 +0x7d3
	gvisor.dev/gvisor/pkg/sentry/kernel.(*Task).run(0xc0009d8588, 0xca)
		pkg/sentry/kernel/task_run.go:97 +0x402
	created by gvisor.dev/gvisor/pkg/sentry/kernel.(*Task).Start in goroutine 779
		pkg/sentry/kernel/task_start.go:416 +0x17e
	
	====== vfs.inotifyEventMutex -> mm.mappingRWMutex =====
	goroutine 653 [running]:
	gvisor.dev/gvisor/pkg/sentry/mm.(*mappingRWMutex).RLock(0xc000bfb05c)
		bazel-out/k8-fastbuild/bin/pkg/sentry/mm/mapping_mutex.go:59 +0x4d
	gvisor.dev/gvisor/pkg/sentry/mm.(*MemoryManager).withInternalMappings(0xc000bfb008, {0x21b8c30, 0xc000e2cc88}, {0xc000d38ef0?, 0x41465d?}, {0x6c?, 0x86?, 0x48?}, 0x0, 0xc000d38f38)
		pkg/sentry/mm/io.go:545 +0x145
	gvisor.dev/gvisor/pkg/sentry/mm.(*MemoryManager).CopyOut(0xc000bfb008, {0x21b8c30, 0xc000e2cc88}, 0x200000001fc0, {0xc000604270, 0x10, 0x10}, {0x1?, 0x0?})
		pkg/sentry/mm/io.go:130 +0x2e7
	gvisor.dev/gvisor/pkg/usermem.CopyOutVec({0x21b8c30, 0xc000e2cc88}, {0x21ae5b8, 0xc000bfb008}, {0x0?, 0xa00a15?, 0x48866c?, 0x48a355?}, {0xc000604270, 0x10, ...}, ...)
		pkg/usermem/usermem.go:264 +0x26b
	gvisor.dev/gvisor/pkg/usermem.IOSequence.CopyOut({{0x21ae5b8, 0xc000bfb008}, {0x0, 0x1, 0x200000001fc0, 0x2020}, {0x0, 0x1}}, {0x21b8c30, 0xc000e2cc88}, ...)
		pkg/usermem/usermem.go:482 +0xe8
	gvisor.dev/gvisor/pkg/sentry/vfs.(*Event).CopyTo(0xc000a4eb40, {0x21b8c30, 0xc000e2cc88}, {0xc000604270, 0x10, 0x10}, {{0x21ae5b8, 0xc000bfb008}, {0x0, 0x1, ...}, ...})
		pkg/sentry/vfs/inotify.go:693 +0x5a5
	gvisor.dev/gvisor/pkg/sentry/vfs.(*Inotify).Read(0xc0009b2000, {0x21b8c30, 0xc000e2cc88}, {{0x21ae5b8, 0xc000bfb008}, {0x0, 0x1, 0x200000001fc0, 0x2020}, {0x0, ...}}, ...)
		pkg/sentry/vfs/inotify.go:244 +0x632
	gvisor.dev/gvisor/pkg/sentry/vfs.(*FileDescription).Read(0xc0009b2000, {0x21b8c30, 0xc000e2cc88}, {{0x21ae5b8, 0xc000bfb008}, {0x0, 0x1, 0x200000001fc0, 0x2020}, {0x0, ...}}, ...)
		pkg/sentry/vfs/file_description.go:653 +0x154
	gvisor.dev/gvisor/pkg/sentry/syscalls/linux.read(0xc000e2cc88, 0xc0009b2000, {{0x21ae5b8, 0xc000bfb008}, {0x0, 0x1, 0x200000001fc0, 0x2020}, {0x0, 0x1}}, ...)
		pkg/sentry/syscalls/linux/sys_read_write.go:93 +0xa5
	gvisor.dev/gvisor/pkg/sentry/syscalls/linux.Read(0xc000e2cc88, 0x457b27?, {{0x4}, {0x200000001fc0}, {0x2020}, {0x0}, {0x0}, {0x0}})
		pkg/sentry/syscalls/linux/sys_read_write.go:62 +0x38f
	gvisor.dev/gvisor/pkg/sentry/kernel.(*Task).executeSyscall(0xc000e2cc88, 0x0, {{0x4}, {0x200000001fc0}, {0x2020}, {0x0}, {0x0}, {0x0}})
		pkg/sentry/kernel/task_syscall.go:143 +0xb90
	gvisor.dev/gvisor/pkg/sentry/kernel.(*Task).doSyscallInvoke(0xc000e2cc88, 0x0, {{0x4}, {0x200000001fc0}, {0x2020}, {0x0}, {0x0}, {0x0}})
		pkg/sentry/kernel/task_syscall.go:323 +0x85
	gvisor.dev/gvisor/pkg/sentry/kernel.(*Task).doSyscallEnter(0xc000e2cc88, 0x0, {{0x4}, {0x200000001fc0}, {0x2020}, {0x0}, {0x0}, {0x0}})
		pkg/sentry/kernel/task_syscall.go:283 +0xc7
	gvisor.dev/gvisor/pkg/sentry/kernel.(*Task).doSyscall(0xc000e2cc88)
		pkg/sentry/kernel/task_syscall.go:258 +0x53e
	gvisor.dev/gvisor/pkg/sentry/kernel.(*runApp).execute(0xc000e2cc88?, 0xc000e2cc88)
		pkg/sentry/kernel/task_run.go:269 +0x220c
	gvisor.dev/gvisor/pkg/sentry/kernel.(*Task).run(0xc000e2cc88, 0xa7)
		pkg/sentry/kernel/task_run.go:97 +0x402
	created by gvisor.dev/gvisor/pkg/sentry/kernel.(*Task).Start in goroutine 683
		pkg/sentry/kernel/task_start.go:416 +0x17e

Crashes (5):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2025/09/17 11:30 gvisor 20452a237b48 e2beed91 .config console log report info ci-gvisor-ptrace-3-race-cover panic: WARNING: circular locking detected: mm.mappingRWMutex -> kernel.fsContextMutex:
2025/09/17 10:28 gvisor 20452a237b48 e2beed91 .config console log report info ci-gvisor-ptrace-2-race panic: WARNING: circular locking detected: mm.mappingRWMutex -> kernel.fsContextMutex:
2025/09/17 10:06 gvisor 20452a237b48 e2beed91 .config console log report info ci-gvisor-ptrace-3-race-cover panic: WARNING: circular locking detected: mm.mappingRWMutex -> kernel.fsContextMutex:
2025/09/16 02:41 gvisor 9041e2310cf4 e2beed91 .config console log report info ci-gvisor-ptrace-3-race panic: WARNING: circular locking detected: mm.mappingRWMutex -> kernel.fsContextMutex:
2025/09/13 16:10 gvisor 57697a8f6350 e2beed91 .config console log report info ci-gvisor-ptrace-1-race-cover panic: WARNING: circular locking detected: mm.mappingRWMutex -> kernel.fsContextMutex:
* Struck through repros no longer work on HEAD.