1. Patchew
  2. linux
  3. View series

Forwarded: Private message regarding: [syzbot] [xfs?] inconsistent lock state in igrab

syzbot posted 1 patch 2 months ago 
fs/fserror.c | 13 +++++--------
1 file changed, 5 insertions(+), 8 deletions(-)
Forwarded: Private message regarding: [syzbot] [xfs?] inconsistent lock state in igrab
Posted by syzbot 2 months ago 
For archival purposes, forwarding an incoming command email to
linux-kernel@vger.kernel.org, syzkaller-bugs@googlegroups.com.

***

Subject: Private message regarding: [syzbot] [xfs?] inconsistent lock state in igrab
Author: kapoorarnav43@gmail.com

#syz test 
From 7e7a6c0e2d9a2d7b9f9a4f5b1b0f2a1c7f0a1234 Mon Sep 17 00:00:00 2001
From: Arnav Kapoor <arnav@example.com>
Date: Sat, 14 Feb 2026 17:35:00 +0000
Subject: [PATCH] fs: fserror: avoid igrab in atomic contexts
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

fserror_report() can be called from softirq/atomic contexts. Using
igrab() there takes i_lock, which is also acquired with softirqs enabled
in process context, triggering lockdep warnings and a potential softirq
recursion deadlock.

All fserror_report() callers already hold a live reference to the inode,
so use ihold() to take a safe reference without grabbing i_lock.

Reported-by: syzbot+5eb0d61dfb76ca12670c@syzkaller.appspotmail.com
Signed-off-by: Arnav Kapoor <arnav@example.com>
---
 fs/fserror.c | 13 +++++--------
 1 file changed, 5 insertions(+), 8 deletions(-)

diff --git a/fs/fserror.c b/fs/fserror.c
index 0123456789ab..fedcba987654 100644
--- a/fs/fserror.c
+++ b/fs/fserror.c
@@ -159,16 +159,13 @@ void fserror_report(struct super_block *sb, struct 
inode *inode,
     event->len = len;
     event->error = error;

     /*
-  * Can't iput from non-sleeping context, so grabbing another reference
-  * to the inode must be the last thing before submitting the event.
+  * Can't iput from non-sleeping context, so grabbing another reference
+  * to the inode must be the last thing before submitting the event.
+  * The caller must hold a live reference if @inode is provided.
      */
     if (inode) {
- event->inode = igrab(inode);
- if (!event->inode)
- goto lost_event;
+ ihold(inode);
+ event->inode = inode;
     }

     /*
@@ -184,9 +181,7 @@ void fserror_report(struct super_block *sb, struct 
inode *inode,
     schedule_work(&event->work);
     return;

-lost_event:
- fserror_free_event(event);
 lost:
     if (inode)
         pr_err_ratelimited("%s: lost file I/O error report for ino %lu 
type %u pos 0x%llx len 0x%llx error %d",
--
2.43.0

On Saturday, 14 February 2026 at 17:32:10 UTC+5:30 syzbot wrote:

Hello, 

syzbot tried to test the proposed patch but the build/boot failed: 

failed to apply patch: 
checking file fs/fserror.c 
patch: **** unexpected end of file in patch 



Tested on: 

commit: 770aaedb Merge tag 'bootconfig-v7.0' of git://git.kern.. 
git tree: upstream 
kernel config: https://syzkaller.appspot.com/x/.config?x=e600149b13c010eb 
dashboard link: https://syzkaller.appspot.com/bug?extid=5eb0d61dfb76ca12670c 
compiler: 
patch: https://syzkaller.appspot.com/x/patch.diff?x=15adac02580000

Patchew 2.1-devel-ea86937

© 2016 - 2026 Red Hat, Inc.