syzbot


BUG: Dentry still in use in unmount

Status: fixed on 2024/01/20 21:18
Subsystems: f2fs
[Documentation on labels]
Reported-by: syzbot+8608bb4553edb8c78f41@syzkaller.appspotmail.com
Fix commit: 413ba91089c7 ovl: fix dentry reference leak after changes to underlying layers
First crash: 584d, last: 103d
Cause bisection: introduced by (bisect log) :
commit c63e56a4a6523fcb1358e1878607d77a40b534bb
Author: Amir Goldstein <amir73il@gmail.com>
Date: Wed Aug 16 09:42:18 2023 +0000

  ovl: do not open/llseek lower file with upper sb_writers held

Crash: VFS: Busy inodes after unmount (use-after-free) (log)
Repro: C syz .config
  
Discussions (2)
Title Replies (including bot) Last reply
[syzbot] BUG: Dentry still in use in unmount 3 (7) 2023/12/17 09:36
[PATCH] ovl: fix BUG: Dentry still in use in unmount 2 (2) 2023/12/17 09:32
Similar bugs (4)
Kernel Title Repro Cause bisect Fix bisect Count Last Reported Patched Status
android-5-10 BUG: Dentry still in use [unmount of ext4 loop0] C error 63 848d 886d 0/2 closed as dup on 2021/10/28 13:08
android-5-10 BUG: Dentry still in use in unmount C done 1184 764d 776d 2/2 fixed on 2022/02/25 03:20
android-54 BUG: Dentry still in use [unmount of ramfs ramfs] C 476 783d 1105d 0/2 auto-obsoleted due to no activity on 2023/04/21 02:49
android-54 BUG: Dentry still in use [unmount of f2fs loop0] C 1 1123d 1123d 0/2 auto-obsoleted due to no activity on 2023/04/17 22:58
Last patch testing requests (6)
Created Duration User Patch Repo Result
2023/12/17 09:16 19m amir73il@gmail.com https://github.com/amir73il/linux ovl-fixes OK log
2023/12/17 05:43 20m eadavis@qq.com patch https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git 3bd7d7488169 OK log
2023/12/17 03:39 23m eadavis@qq.com patch https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git 3bd7d7488169 report log
2023/11/23 14:42 31m retest repro git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci report log
2023/09/05 17:53 26m retest repro git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci report log
2023/06/25 08:24 24m retest repro git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci report log

Sample crash report:
------------[ cut here ]------------
BUG: Dentry ffff88801b3b3780{i=1a,n=#3}  still in use (1) [unmount of f2fs loop0]
WARNING: CPU: 1 PID: 5066 at fs/dcache.c:1675 umount_check+0x189/0x1e0 fs/dcache.c:1667
Modules linked in:
CPU: 1 PID: 5066 Comm: syz-executor112 Not tainted 6.7.0-rc5-syzkaller-00200-g3bd7d7488169 #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/17/2023
RIP: 0010:umount_check+0x189/0x1e0 fs/dcache.c:1667
Code: e8 ff 4c 8b 0b 48 81 c5 60 06 00 00 48 c7 c7 c0 c7 77 8b 4c 89 fe 4c 89 f2 4c 89 f9 45 89 e8 55 e8 8c c8 52 ff 48 83 c4 08 90 <0f> 0b 90 90 31 c0 5b 41 5c 41 5d 41 5e 41 5f 5d c3 89 f9 80 e1 07
RSP: 0018:ffffc90003907978 EFLAGS: 00010286
RAX: 5c88eadd9c337600 RBX: ffffffff8dec05e0 RCX: ffff888066840000
RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
RBP: ffff88801d672660 R08: ffffffff81545d52 R09: 1ffff92000720e80
R10: dffffc0000000000 R11: fffff52000720e81 R12: dffffc0000000000
R13: 0000000000000001 R14: 000000000000001a R15: ffff88801b3b3780
FS:  0000000000000000(0000) GS:ffff8880b9900000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 000000000045bcf0 CR3: 0000000016ba9000 CR4: 00000000003506f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
 <TASK>
 d_walk+0x1f6/0x6e0 fs/dcache.c:1386
 do_one_tree+0x35/0xe0 fs/dcache.c:1682
 shrink_dcache_for_umount+0x7d/0x130 fs/dcache.c:1698
 generic_shutdown_super+0x6a/0x2c0 fs/super.c:668
 kill_block_super+0x44/0x90 fs/super.c:1667
 kill_f2fs_super+0x303/0x3b0 fs/f2fs/super.c:4933
 deactivate_locked_super+0xc1/0x130 fs/super.c:484
 cleanup_mnt+0x426/0x4c0 fs/namespace.c:1256
 task_work_run+0x24a/0x300 kernel/task_work.c:180
 exit_task_work include/linux/task_work.h:38 [inline]
 do_exit+0xa34/0x2750 kernel/exit.c:871
 do_group_exit+0x206/0x2c0 kernel/exit.c:1021
 __do_sys_exit_group kernel/exit.c:1032 [inline]
 __se_sys_exit_group kernel/exit.c:1030 [inline]
 __x64_sys_exit_group+0x3f/0x40 kernel/exit.c:1030
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0x45/0x110 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x63/0x6b
RIP: 0033:0x7f401ccb3a49
Code: Unable to access opcode bytes at 0x7f401ccb3a1f.
RSP: 002b:00007ffc063484e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7
RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 00007f401ccb3a49
RDX: 000000000000003c RSI: 00000000000000e7 RDI: 0000000000000001
RBP: 00007f401cd342d0 R08: ffffffffffffffb8 R09: 00007ffc063485c0
R10: 00007ffc063485c0 R11: 0000000000000246 R12: 00007f401cd342d0
R13: 0000000000000000 R14: 00007f401cd35040 R15: 00007f401cc81f70
 </TASK>

Crashes (58):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2023/12/16 10:07 upstream 3bd7d7488169 3222d10c .config strace log report syz C [disk image] [vmlinux] [kernel image] [mounted in repro] ci2-upstream-fs BUG: Dentry still in use in unmount
2022/08/25 21:03 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci a41a877bc12d 9b5bf4cd .config console log report syz C ci-upstream-gce-arm64 BUG: Dentry still in use in unmount
2023/12/16 09:16 upstream 3bd7d7488169 3222d10c .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs BUG: Dentry still in use in unmount
2023/07/06 07:18 upstream d528014517f2 ba5dba36 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs BUG: Dentry still in use in unmount
2023/04/16 07:48 upstream a7a55e27ad72 ec410564 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs BUG: Dentry still in use in unmount
2023/04/10 15:44 upstream 09a9639e56c0 71147e29 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs BUG: Dentry still in use in unmount
2023/04/01 10:02 upstream 5a57b48fdfcb f325deb0 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs BUG: Dentry still in use in unmount
2023/02/20 01:03 upstream 925cf0457d7e bcdf85f8 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs BUG: Dentry still in use in unmount
2023/02/10 12:38 upstream 38c1e0c65865 e29a17f5 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs BUG: Dentry still in use in unmount
2023/02/09 20:14 upstream 35674e787518 07980f9d .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs BUG: Dentry still in use in unmount
2023/02/09 01:25 upstream 0983f6bf2bfc fc9c934e .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs BUG: Dentry still in use in unmount
2022/12/21 17:49 upstream b6bb9676f216 4067838e .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-smack-root BUG: Dentry still in use in unmount
2022/11/04 12:48 upstream ee6050c8af96 6d752409 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs BUG: Dentry still in use in unmount
2022/10/20 03:04 upstream 493ffd6605b2 b31320fc .config console log report info [disk image] [vmlinux] ci2-upstream-fs BUG: Dentry still in use in unmount
2022/10/17 04:55 upstream 493ffd6605b2 67cb024c .config console log report info [disk image] [vmlinux] ci2-upstream-fs BUG: Dentry still in use in unmount
2022/10/07 10:56 upstream ffb39098bf87 8a212197 .config console log report info [disk image] [vmlinux] ci-upstream-kasan-gce-smack-root BUG: Dentry still in use in unmount
2023/11/09 09:34 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci 8de1e7afcc1c 4862372a .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-gce-arm64 BUG: Dentry still in use in unmount
2023/01/28 19:31 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci c62c88e05937 9dfcf09c .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-gce-arm64 BUG: Dentry still in use in unmount
2023/01/19 12:41 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci 9598c377d828 1b826a2f .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-gce-arm64 BUG: Dentry still in use in unmount
2023/01/17 16:20 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci 9598c377d828 aedf5331 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-gce-arm64 BUG: Dentry still in use in unmount
2023/01/09 09:52 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci ae87308093bc 1dac8c7a .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-gce-arm64 BUG: Dentry still in use in unmount
2023/01/07 16:59 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci ae87308093bc 1dac8c7a .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-gce-arm64 BUG: Dentry still in use in unmount
2023/01/05 16:24 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci 247f34f7b803 1dac8c7a .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-gce-arm64 BUG: Dentry still in use in unmount
2022/12/31 13:44 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci a5541c0811a0 ab32d508 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-gce-arm64 BUG: Dentry still in use in unmount
2022/12/29 18:41 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci a5541c0811a0 44712fbc .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-gce-arm64 BUG: Dentry still in use in unmount
2022/12/23 22:55 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci a5541c0811a0 9da18ae8 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-gce-arm64 BUG: Dentry still in use in unmount
2022/12/20 10:47 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci a5541c0811a0 d3e76707 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-gce-arm64 BUG: Dentry still in use in unmount
2022/12/19 08:44 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci a5541c0811a0 05494336 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-gce-arm64 BUG: Dentry still in use in unmount
2022/12/19 08:33 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci a5541c0811a0 05494336 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-gce-arm64 BUG: Dentry still in use in unmount
2022/12/18 10:31 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci a5541c0811a0 05494336 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-gce-arm64 BUG: Dentry still in use in unmount
2022/12/13 17:14 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci a5541c0811a0 e660de91 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-gce-arm64 BUG: Dentry still in use in unmount
2022/12/11 18:39 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci a5541c0811a0 67be1ae7 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-gce-arm64 BUG: Dentry still in use in unmount
2022/12/09 19:43 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci a5541c0811a0 67be1ae7 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-gce-arm64 BUG: Dentry still in use in unmount
2022/11/30 00:38 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci cdb931b58ff5 05dc7993 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-gce-arm64 BUG: Dentry still in use in unmount
2022/11/29 11:29 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci 6d464646530f ca9683b8 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-gce-arm64 BUG: Dentry still in use in unmount
2022/11/21 21:58 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci a77d28d13789 1c576c23 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-gce-arm64 BUG: Dentry still in use in unmount
2022/11/09 07:43 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci 56751c56c2a2 5fa28208 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-gce-arm64 BUG: Dentry still in use in unmount
2022/11/09 07:42 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci 56751c56c2a2 5fa28208 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-gce-arm64 BUG: Dentry still in use in unmount
2022/11/08 05:07 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci 3577a7611842 881db35d .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-gce-arm64 BUG: Dentry still in use in unmount
2022/10/15 01:25 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci bbed346d5a96 67cb024c .config console log report info [disk image] [vmlinux] ci-upstream-gce-arm64 BUG: Dentry still in use in unmount
2022/10/12 20:00 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci bbed346d5a96 89b5a509 .config console log report info ci-upstream-gce-arm64 BUG: Dentry still in use in unmount
2022/10/12 15:10 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci bbed346d5a96 89b5a509 .config console log report info ci-upstream-gce-arm64 BUG: Dentry still in use in unmount
2022/10/08 18:35 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci bbed346d5a96 aea5da89 .config console log report info [disk image] [vmlinux] ci-upstream-gce-arm64 BUG: Dentry still in use in unmount
2022/10/08 18:18 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci bbed346d5a96 aea5da89 .config console log report info [disk image] [vmlinux] ci-upstream-gce-arm64 BUG: Dentry still in use in unmount
2022/10/07 08:25 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci bbed346d5a96 8a212197 .config console log report info [disk image] [vmlinux] ci-upstream-gce-arm64 BUG: Dentry still in use in unmount
2022/10/03 12:15 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci bbed346d5a96 feb56351 .config console log report info [disk image] [vmlinux] ci-upstream-gce-arm64 BUG: Dentry still in use in unmount
2022/09/30 14:52 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci 5911b92626df feb56351 .config console log report info [disk image] [vmlinux] ci-upstream-gce-arm64 BUG: Dentry still in use in unmount
2022/09/15 00:40 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci a6b443748715 b884348d .config console log report info ci-upstream-gce-arm64 BUG: Dentry still in use in unmount
2022/09/08 00:08 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci 25050c56fa3c 435aeef7 .config console log report info ci-upstream-gce-arm64 BUG: Dentry still in use in unmount
2022/09/07 23:43 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci 25050c56fa3c c5b7bc57 .config console log report info ci-upstream-gce-arm64 BUG: Dentry still in use in unmount
2022/09/07 13:43 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci 25050c56fa3c c5b7bc57 .config console log report info ci-upstream-gce-arm64 BUG: Dentry still in use in unmount
2022/09/05 09:31 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci 85413d1e802e 922294ab .config console log report info ci-upstream-gce-arm64 BUG: Dentry still in use in unmount
2022/08/25 15:51 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci a41a877bc12d 9b5bf4cd .config console log report info ci-upstream-gce-arm64 BUG: Dentry still in use in unmount
2022/08/25 15:28 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci a41a877bc12d 9b5bf4cd .config console log report info ci-upstream-gce-arm64 BUG: Dentry still in use in unmount
2022/08/25 14:10 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci a41a877bc12d e5fb9cf5 .config console log report info ci-upstream-gce-arm64 BUG: Dentry still in use in unmount
2022/08/24 13:25 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci a41a877bc12d 514514f6 .config console log report info ci-upstream-gce-arm64 BUG: Dentry still in use in unmount
2022/08/22 10:42 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci 680fb5b009e8 26a13b38 .config console log report info ci-upstream-gce-arm64 BUG: Dentry still in use in unmount
* Struck through repros no longer work on HEAD.