syzbot

 sign-in | mailing list | source | docs
🐞 Open [1492]
Subsystems
🐞 Fixed [6623]
🐞 Invalid [16944]
Missing Backports [209]
Crashes
Kernel Health Bugs/Month Bug Lifetimes Fuzzing
Total Repo Heatmap Subsystems Heatmap
💬 Send us feedback

VFS: Busy inodes after unmount (use-after-free) (3)

Status: upstream: reported C repro on 2025/09/30 20:17
Subsystems: isofs
[Documentation on labels]
Reported-by: syzbot+1d79ebe5383fc016cf07@syzkaller.appspotmail.com
First crash: 1d00h, last: 12h28m
Cause bisection: failed (error log, bisect log)
  
Discussions (1)
Title Replies (including bot) Last reply
[syzbot] [isofs?] VFS: Busy inodes after unmount (use-after-free) (3) 0 (2) 2025/10/01 08:59
Similar bugs (8)
Kernel Title Rank 🛈 Repro Cause bisect Fix bisect Count Last Reported Patched Status
android-54 VFS: Busy inodes after unmount (use-after-free) 2 C 4 892d 948d 0/2 auto-obsoleted due to no activity on 2023/08/20 15:35
upstream VFS: Busy inodes after unmount (use-after-free) (2) btrfs 2 C error 277 31d 143d 29/29 fixed on 2025/09/04 16:57
linux-6.1 VFS: Busy inodes after unmount (use-after-free) origin:lts-only 2 C inconclusive 1714 19h41m 927d 0/3 upstream: reported C repro on 2023/03/18 09:53
android-5-15 VFS: Busy inodes after unmount (use-after-free) origin:downstream 2 C error done 2 846d 948d 0/2 auto-obsoleted due to no activity on 2023/09/15 20:27
android-5-10 VFS: Busy inodes after unmount (use-after-free) 2 C done inconclusive 1 948d 948d 0/2 auto-obsoleted due to no activity on 2023/06/25 23:02
linux-6.6 VFS: Busy inodes after unmount (use-after-free) origin:upstream missing-backport 2 C 3 15d 63d 0/2 upstream: reported C repro on 2025/07/29 23:52
upstream VFS: Busy inodes after unmount (use-after-free) bcachefs 2 C error 55684 148d 979d 28/29 fixed on 2025/05/06 15:33
linux-5.15 VFS: Busy inodes after unmount (use-after-free) missing-backport origin:upstream 2 C unreliable 2347 20h51m 926d 0/3 upstream: reported C repro on 2023/03/19 11:46
Last patch testing requests (1)
Created Duration User Patch Repo Result
2025/10/01 08:59 kartikey406@gmail.com patch upstream running

Sample crash report:
VFS: Busy inodes after unmount of loop0 (iso9660)
------------[ cut here ]------------
kernel BUG at fs/super.c:653!
Oops: invalid opcode: 0000 [#1] SMP KASAN PTI
CPU: 1 UID: 0 PID: 5924 Comm: syz-executor Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
RIP: 0010:generic_shutdown_super+0x2bc/0x2c0 fs/super.c:651
Code: 03 42 80 3c 28 00 74 08 4c 89 f7 e8 6e 32 f3 ff 49 8b 16 48 81 c3 d0 07 00 00 48 c7 c7 60 90 d8 8a 48 89 de e8 85 59 fe fe 90 <0f> 0b 66 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 66 0f
RSP: 0018:ffffc90004c77d20 EFLAGS: 00010246
RAX: 0000000000000031 RBX: ffff8880304807d0 RCX: eaba184662d81a00
RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
RBP: 1ffff1100609011b R08: 0000000000000000 R09: 0000000000000000
R10: dffffc0000000000 R11: fffff5200098ef49 R12: 0000000000000000
R13: dffffc0000000000 R14: ffffffff8d5b82e0 R15: ffff8880304808d8
FS:  000055557c62d500(0000) GS:ffff888127125000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007ffc229a4bfc CR3: 0000000030bce000 CR4: 00000000003526f0
Call Trace:
 <TASK>
 kill_block_super+0x44/0x90 fs/super.c:1723
 deactivate_locked_super+0xb9/0x130 fs/super.c:474
 cleanup_mnt+0x425/0x4c0 fs/namespace.c:1318
 task_work_run+0x1d4/0x260 kernel/task_work.c:227
 resume_user_mode_work include/linux/resume_user_mode.h:50 [inline]
 exit_to_user_mode_loop+0xec/0x110 kernel/entry/common.c:43
 exit_to_user_mode_prepare include/linux/irq-entry-common.h:225 [inline]
 syscall_exit_to_user_mode_work include/linux/entry-common.h:175 [inline]
 syscall_exit_to_user_mode include/linux/entry-common.h:210 [inline]
 do_syscall_64+0x2bd/0x3b0 arch/x86/entry/syscall_64.c:100
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7fdcdd2001f7
Code: a8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 a8 ff ff ff f7 d8 64 89 02 b8
RSP: 002b:00007ffcee701e98 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6
RAX: 0000000000000000 RBX: 00007fdcdd281d7d RCX: 00007fdcdd2001f7
RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffcee701f50
RBP: 00007ffcee701f50 R08: 0000000000000000 R09: 0000000000000000
R10: 00000000ffffffff R11: 0000000000000246 R12: 00007ffcee702fe0
R13: 00007fdcdd281d7d R14: 000000000001d732 R15: 00007ffcee703020
 </TASK>
Modules linked in:
---[ end trace 0000000000000000 ]---
RIP: 0010:generic_shutdown_super+0x2bc/0x2c0 fs/super.c:651
Code: 03 42 80 3c 28 00 74 08 4c 89 f7 e8 6e 32 f3 ff 49 8b 16 48 81 c3 d0 07 00 00 48 c7 c7 60 90 d8 8a 48 89 de e8 85 59 fe fe 90 <0f> 0b 66 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 66 0f
RSP: 0018:ffffc90004c77d20 EFLAGS: 00010246
RAX: 0000000000000031 RBX: ffff8880304807d0 RCX: eaba184662d81a00
RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
RBP: 1ffff1100609011b R08: 0000000000000000 R09: 0000000000000000
R10: dffffc0000000000 R11: fffff5200098ef49 R12: 0000000000000000
R13: dffffc0000000000 R14: ffffffff8d5b82e0 R15: ffff8880304808d8
FS:  000055557c62d500(0000) GS:ffff888127125000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007ffc229a4bfc CR3: 0000000030bce000 CR4: 00000000003526f0

Crashes (7):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2025/09/30 20:57 upstream 30d4efb2f5a5 65a0eece .config console log report syz / log C [disk image] [vmlinux] [kernel image] [mounted in repro] ci2-upstream-fs VFS: Busy inodes after unmount (use-after-free)
2025/09/30 20:10 upstream 30d4efb2f5a5 65a0eece .config console log report syz / log C [disk image] [vmlinux] [kernel image] [mounted in repro] ci2-upstream-fs VFS: Busy inodes after unmount (use-after-free)
2025/09/30 19:31 upstream 30d4efb2f5a5 65a0eece .config console log report syz / log C [disk image] [vmlinux] [kernel image] [mounted in repro] ci2-upstream-fs VFS: Busy inodes after unmount (use-after-free)
2025/09/30 08:58 upstream 1896ce8eb6c6 86341da6 .config console log report syz / log C [disk image] [vmlinux] [kernel image] [mounted in repro] ci2-upstream-fs VFS: Busy inodes after unmount (use-after-free)
2025/09/30 13:06 upstream 1896ce8eb6c6 86341da6 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs VFS: Busy inodes after unmount (use-after-free)
2025/09/30 12:38 upstream 1896ce8eb6c6 86341da6 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-badwrites-root VFS: Busy inodes after unmount (use-after-free)
2025/09/30 12:35 upstream 1896ce8eb6c6 86341da6 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-root VFS: Busy inodes after unmount (use-after-free)
* Struck through repros no longer work on HEAD.