syzbot

 sign-in | mailing list | source | docs
🐞 Open [705]
🐞 Fixed [108]
🐞 Invalid [635]
Missing Backports [60]
Crashes
Kernel Health Bugs/Month Bug Lifetimes Fuzzing
💬 Send us feedback

BUG: Dentry still in use in unmount

Status: upstream: reported C repro on 2025/01/06 14:20
Bug presence: origin:lts-only
[Documentation on labels]
Reported-by: syzbot+d7dfbc1b53951d7719af@syzkaller.appspotmail.com
First crash: 30d, last: 29d
Bug presence (2)
Date Name Commit Repro Result
2025/01/07 linux-6.1.y (ToT) 7dc732d24ff7 C [report] BUG: Dentry still in use in unmount
2025/01/07 upstream (ToT) fbfd64d25c7a C Didn't crash
Similar bugs (5)
Kernel Title Repro Cause bisect Fix bisect Count Last Reported Patched Status
upstream BUG: Dentry still in use in unmount f2fs C done 58 417d 894d 25/28 fixed on 2024/01/20 21:18
android-5-10 BUG: Dentry still in use [unmount of ext4 loop0] C error 63 1162d 1201d 0/2 closed as dup on 2021/10/28 13:08
upstream BUG: Dentry still in use in unmount (2) fs 1 56d 52d 0/28 moderation: reported on 2024/12/16 01:50
android-5-10 BUG: Dentry still in use in unmount C done 1184 1078d 1091d 2/2 fixed on 2022/02/25 03:20
android-54 BUG: Dentry still in use [unmount of ramfs ramfs] C 476 1097d 1419d 0/2 auto-obsoleted due to no activity on 2023/04/21 02:49
Fix bisection attempts (1)
Created Duration User Patch Repo Result
2025/01/17 11:41 3h43m fix candidate upstream OK (0) job log

Sample crash report:
gfs2: fsid=syz:syz.0: first mount done, others may mount
BUG: Dentry 00000000868f9618{i=925,n=/}  still in use (5) [unmount of gfs2 loop0]
------------[ cut here ]------------
WARNING: CPU: 0 PID: 4291 at fs/dcache.c:1681 umount_check+0x180/0x1bc fs/dcache.c:1672
Modules linked in:
CPU: 0 PID: 4291 Comm: syz-executor371 Not tainted 6.1.123-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
pstate: 60400005 (nZCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)
pc : umount_check+0x180/0x1bc fs/dcache.c:1672
lr : umount_check+0x180/0x1bc fs/dcache.c:1672
sp : ffff800021587760
x29: ffff800021587760 x28: ffff7000042b0f48 x27: ffff0000df4c6a48
x26: ffff800021587a40 x25: dfff800000000000 x24: ffff0000da2fe000
x23: dfff800000000000 x22: ffff8000161c2440 x21: 0000000000000005
x20: 0000000000000925 x19: ffff0000df4c6a48 x18: ffff800021586cc0
x17: 756f6d6e755b2029 x16: ffff80001232d384 x15: 0000000000000000
x14: 00000000ffffffff x13: 0000000000000001 x12: 0000000000000001
x11: 0000000000ff0100 x10: 0000000000000000 x9 : 9e0395660b568c00
x8 : 9e0395660b568c00 x7 : 0000000000000001 x6 : 0000000000000001
x5 : ffff800021587078 x4 : ffff800015b731c0 x3 : ffff8000085869b0
x2 : 0000000000000001 x1 : 0000000100000001 x0 : 0000000000000051
Call trace:
 umount_check+0x180/0x1bc fs/dcache.c:1672
 d_walk+0x6c/0x660 fs/dcache.c:1367
 do_one_tree+0x44/0xfc fs/dcache.c:1688
 shrink_dcache_for_umount+0x80/0x12c fs/dcache.c:1704
 generic_shutdown_super+0x68/0x328 fs/super.c:473
 kill_block_super+0x70/0xdc fs/super.c:1470
 gfs2_kill_sb+0xc0/0xd4
 deactivate_locked_super+0xac/0x124 fs/super.c:332
 deactivate_super+0xf0/0x110 fs/super.c:363
 gfs2_thaw_super+0x18c/0x25c fs/gfs2/super.c:828
 do_vfs_ioctl+0x1024/0x26f8
 __do_sys_ioctl fs/ioctl.c:868 [inline]
 __se_sys_ioctl fs/ioctl.c:856 [inline]
 __arm64_sys_ioctl+0xe4/0x1c8 fs/ioctl.c:856
 __invoke_syscall arch/arm64/kernel/syscall.c:38 [inline]
 invoke_syscall+0x98/0x2bc arch/arm64/kernel/syscall.c:52
 el0_svc_common+0x138/0x258 arch/arm64/kernel/syscall.c:140
 do_el0_svc+0x58/0x13c arch/arm64/kernel/syscall.c:204
 el0_svc+0x58/0x168 arch/arm64/kernel/entry-common.c:637
 el0t_64_sync_handler+0x84/0xf0 arch/arm64/kernel/entry-common.c:655
 el0t_64_sync+0x18c/0x190 arch/arm64/kernel/entry.S:585
irq event stamp: 96078
hardirqs last  enabled at (96077): [<ffff80000833f25c>] __up_console_sem+0xb4/0x100 kernel/printk/printk.c:261
hardirqs last disabled at (96078): [<ffff800012329064>] el1_dbg+0x24/0x80 arch/arm64/kernel/entry-common.c:405
softirqs last  enabled at (95770): [<ffff800008030408>] local_bh_enable+0x10/0x34 include/linux/bottom_half.h:32
softirqs last disabled at (95768): [<ffff8000080303d4>] local_bh_disable+0x10/0x34 include/linux/bottom_half.h:19
---[ end trace 0000000000000000 ]---
BUG: Dentry 00000000868f9618{i=925,n=/}  still in use (5) [unmount of gfs2 loop0]
------------[ cut here ]------------
WARNING: CPU: 0 PID: 4291 at fs/dcache.c:1681 umount_check+0x180/0x1bc fs/dcache.c:1672
Modules linked in:
CPU: 0 PID: 4291 Comm: syz-executor371 Tainted: G        W          6.1.123-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
pstate: 60400005 (nZCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)
pc : umount_check+0x180/0x1bc fs/dcache.c:1672
lr : umount_check+0x180/0x1bc fs/dcache.c:1672
sp : ffff800021587760
x29: ffff800021587760 x28: ffff0000df4c6b60 x27: ffff0000df4c6a48
x26: ffff0000df4c6a48 x25: dfff800000000000 x24: ffff0000da2fe000
x23: dfff800000000000 x22: ffff8000161c2440 x21: 0000000000000005
x20: 0000000000000925 x19: ffff0000df4c6a48 x18: ffff800021586cc0
x17: 756f6d6e755b2029 x16: ffff80001227ac80 x15: 0000000000000000
x14: 00000000ffffffff x13: 0000000000000001 x12: 0000000000000001
x11: 0000000000ff0100 x10: 0000000000000000 x9 : 9e0395660b568c00
x8 : 9e0395660b568c00 x7 : 0000000000000001 x6 : 0000000000000001
x5 : ffff800021587078 x4 : ffff800015b731c0 x3 : ffff800008349ebc
x2 : 0000000000000001 x1 : 0000000100000002 x0 : 0000000000000051
Call trace:
 umount_check+0x180/0x1bc fs/dcache.c:1672
 d_walk+0x6c/0x660 fs/dcache.c:1367
 do_one_tree+0x44/0xfc fs/dcache.c:1688
 shrink_dcache_for_umount+0x80/0x12c fs/dcache.c:1704
 generic_shutdown_super+0x68/0x328 fs/super.c:473
 kill_block_super+0x70/0xdc fs/super.c:1470
 gfs2_kill_sb+0xc0/0xd4
 deactivate_locked_super+0xac/0x124 fs/super.c:332
 deactivate_super+0xf0/0x110 fs/super.c:363
 gfs2_thaw_super+0x18c/0x25c fs/gfs2/super.c:828
 do_vfs_ioctl+0x1024/0x26f8
 __do_sys_ioctl fs/ioctl.c:868 [inline]
 __se_sys_ioctl fs/ioctl.c:856 [inline]
 __arm64_sys_ioctl+0xe4/0x1c8 fs/ioctl.c:856
 __invoke_syscall arch/arm64/kernel/syscall.c:38 [inline]
 invoke_syscall+0x98/0x2bc arch/arm64/kernel/syscall.c:52
 el0_svc_common+0x138/0x258 arch/arm64/kernel/syscall.c:140
 do_el0_svc+0x58/0x13c arch/arm64/kernel/syscall.c:204
 el0_svc+0x58/0x168 arch/arm64/kernel/entry-common.c:637
 el0t_64_sync_handler+0x84/0xf0 arch/arm64/kernel/entry-common.c:655
 el0t_64_sync+0x18c/0x190 arch/arm64/kernel/entry.S:585
irq event stamp: 96220
hardirqs last  enabled at (96219): [<ffff80000833f25c>] __up_console_sem+0xb4/0x100 kernel/printk/printk.c:261
hardirqs last disabled at (96220): [<ffff800012329064>] el1_dbg+0x24/0x80 arch/arm64/kernel/entry-common.c:405
softirqs last  enabled at (96200): [<ffff8000081c3414>] softirq_handle_end kernel/softirq.c:414 [inline]
softirqs last  enabled at (96200): [<ffff8000081c3414>] handle_softirqs+0xb84/0xd58 kernel/softirq.c:599
softirqs last disabled at (96081): [<ffff800008020174>] __do_softirq+0x14/0x20 kernel/softirq.c:605
---[ end trace 0000000000000000 ]---

Crashes (3):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2025/01/06 14:37 linux-6.1.y 7dc732d24ff7 f3558dbf .config console log report syz / log C [disk image] [vmlinux] [kernel image] [mounted in repro] ci2-linux-6-1-kasan-arm64 BUG: Dentry still in use in unmount
2025/01/06 14:21 linux-6.1.y 7dc732d24ff7 f3558dbf .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan-arm64 BUG: Dentry still in use in unmount
2025/01/06 14:19 linux-6.1.y 7dc732d24ff7 f3558dbf .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan-arm64 BUG: Dentry still in use in unmount
* Struck through repros no longer work on HEAD.