syzbot

 sign-in | mailing list | source | docs
🐞 Open [41]
🐞 Fixed [469]
🐞 Invalid [348]
Crashes
Kernel Health Bugs/Month Bug Lifetimes Fuzzing
💬 Send us feedback

panic: kernfs.Dentry.DecRef() called without holding a reference (2)

Status: fixed on 2022/12/01 12:27
Fix commit: 1823b16fccf7 Clean up DecRefs in mount methods.
First crash: 727d, last: 726d
Similar bugs (1)
Kernel Title Repro Cause bisect Fix bisect Count Last Reported Patched Status
gvisor panic: kernfs.Dentry.DecRef() called without holding a reference C 87 1126d 1130d 14/26 fixed on 2021/10/27 00:49

Sample crash report:
panic: kernfs.Dentry.DecRef() called without holding a reference

goroutine 213 [running]:
panic({0x172f380, 0x1b224a0})
	GOROOT/src/runtime/panic.go:941 +0x397 fp=0xc0007bee78 sp=0xc0007bedb8 pc=0x438397
gvisor.dev/gvisor/pkg/sentry/fsimpl/kernfs.(*Dentry).DecRef(0xc0003226c0, {0x1b3c770, 0xc0005ff500})
	pkg/sentry/fsimpl/kernfs/kernfs.go:290 +0x158 fp=0xc0007beeb0 sp=0xc0007bee78 pc=0xa557d8
gvisor.dev/gvisor/pkg/sentry/vfs.(*Dentry).DecRef(0xc0003226c0, {0x1b3c770, 0xc0005ff500})
	pkg/sentry/vfs/dentry.go:155 +0x6e fp=0xc0007beed8 sp=0xc0007beeb0 pc=0x95f78e
gvisor.dev/gvisor/pkg/sentry/vfs.VirtualDentry.DecRef({0xc000794b00?, 0xc0003226c0?}, {0x1b3c770, 0xc0005ff500})
	pkg/sentry/vfs/vfs.go:926 +0x6a fp=0xc0007bef10 sp=0xc0007beed8 pc=0x99998a
gvisor.dev/gvisor/pkg/sentry/vfs.(*VirtualFilesystem).BindAt.func2()
	pkg/sentry/vfs/mount.go:575 +0x65 fp=0xc0007bef60 sp=0xc0007bef10 pc=0x97f9c5
runtime.deferreturn()
	GOROOT/src/runtime/panic.go:436 +0x33 fp=0xc0007befa0 sp=0xc0007bef60 pc=0x4374b3
gvisor.dev/gvisor/pkg/sentry/vfs.(*VirtualFilesystem).BindAt(0xc00044b0d0, {0x1b3c770?, 0xc0005ff500}, 0xc000322630?, 0xc00053d800?, 0x7?)
	pkg/sentry/vfs/mount.go:604 +0x7a7 fp=0xc0007bf248 sp=0xc0007befa0 pc=0x97f307
gvisor.dev/gvisor/pkg/sentry/syscalls/linux.Mount(0xc0005ff500, {{0x20000240}, {0x20000280}, {0x0}, {0x2001411}, {0x0}, {0x7ffdee227e78}})
	pkg/sentry/syscalls/linux/sys_mount.go:84 +0x5ea fp=0xc0007bf5b0 sp=0xc0007bf248 pc=0xefaaaa
gvisor.dev/gvisor/pkg/sentry/kernel.(*Task).executeSyscall(0xc0005ff500, 0xa5, {{0x20000240}, {0x20000280}, {0x0}, {0x2001411}, {0x0}, {0x7ffdee227e78}})
	pkg/sentry/kernel/task_syscall.go:142 +0xab8 fp=0xc0007bf9f8 sp=0xc0007bf5b0 pc=0xce1278
gvisor.dev/gvisor/pkg/sentry/kernel.(*Task).doSyscallInvoke(0xc0005ff500, 0x1?, {{0x20000240}, {0x20000280}, {0x0}, {0x2001411}, {0x0}, {0x7ffdee227e78}})
	pkg/sentry/kernel/task_syscall.go:322 +0x8e fp=0xc0007bfa98 sp=0xc0007bf9f8 pc=0xce340e
gvisor.dev/gvisor/pkg/sentry/kernel.(*Task).doSyscallEnter(0xc00037e870?, 0x46fdec?, {{0x20000240}, {0x20000280}, {0x0}, {0x2001411}, {0x0}, {0x7ffdee227e78}})
	pkg/sentry/kernel/task_syscall.go:282 +0xc5 fp=0xc0007bfb10 sp=0xc0007bfa98 pc=0xce2ce5
gvisor.dev/gvisor/pkg/sentry/kernel.(*Task).doSyscall(0xc0005ff500)
	pkg/sentry/kernel/task_syscall.go:257 +0x53b fp=0xc0007bfc38 sp=0xc0007bfb10 pc=0xce27db
gvisor.dev/gvisor/pkg/sentry/kernel.(*runApp).execute(0xc0005ff500?, 0xc0005ff500)
	pkg/sentry/kernel/task_run.go:253 +0x1e2b fp=0xc0007bfec0 sp=0xc0007bfc38 pc=0xccbdab
gvisor.dev/gvisor/pkg/sentry/kernel.(*Task).run(0xc0005ff500, 0xd)
	pkg/sentry/kernel/task_run.go:94 +0x2c2 fp=0xc0007bffb0 sp=0xc0007bfec0 pc=0xcc95c2
gvisor.dev/gvisor/pkg/sentry/kernel.(*Task).Start.func1()
	pkg/sentry/kernel/task_start.go:378 +0x48 fp=0xc0007bffe0 sp=0xc0007bffb0 pc=0xcde988
runtime.goexit()
	src/runtime/asm_amd64.s:1571 +0x1 fp=0xc0007bffe8 sp=0xc0007bffe0 pc=0x46e1c1
created by gvisor.dev/gvisor/pkg/sentry/kernel.(*Task).Start
	pkg/sentry/kernel/task_start.go:378 +0x1d0

Crashes (61):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2022/11/30 22:56 gvisor 50f04e5aac0d 4c2a66e8 .config console log report syz C ci-gvisor-ptrace-3-race-cover panic: kernfs.Dentry.DecRef() called without holding a reference
2022/11/30 22:16 gvisor 50f04e5aac0d 4c2a66e8 .config console log report syz C ci-gvisor-ptrace-3-race-cover panic: kernfs.Dentry.DecRef() called without holding a reference
2022/11/30 20:34 gvisor 50f04e5aac0d 4c2a66e8 .config console log report syz C ci-gvisor-ptrace-3-race-cover panic: kernfs.Dentry.DecRef() called without holding a reference
2022/11/30 16:27 gvisor 50f04e5aac0d 4c2a66e8 .config console log report syz C ci-gvisor-kvm panic: kernfs.Dentry.DecRef() called without holding a reference
2022/11/30 16:27 gvisor 50f04e5aac0d 4c2a66e8 .config console log report syz C ci-gvisor-ptrace-1-race panic: kernfs.Dentry.DecRef() called without holding a reference
2022/11/30 16:13 gvisor 50f04e5aac0d 4c2a66e8 .config console log report syz C ci-gvisor-kvm-cover panic: kernfs.Dentry.DecRef() called without holding a reference
2022/11/30 16:08 gvisor 50f04e5aac0d 4c2a66e8 .config console log report syz C ci-gvisor-ptrace-2 panic: kernfs.Dentry.DecRef() called without holding a reference
2022/11/30 16:08 gvisor 50f04e5aac0d 4c2a66e8 .config console log report syz C ci-gvisor-ptrace-1 panic: kernfs.Dentry.DecRef() called without holding a reference
2022/11/30 16:08 gvisor 50f04e5aac0d 4c2a66e8 .config console log report syz C ci-gvisor-ptrace-1-cover panic: kernfs.Dentry.DecRef() called without holding a reference
2022/11/30 16:07 gvisor 50f04e5aac0d 4c2a66e8 .config console log report syz C ci-gvisor-ptrace-3 panic: kernfs.Dentry.DecRef() called without holding a reference
2022/11/30 16:07 gvisor 50f04e5aac0d 4c2a66e8 .config console log report syz C ci-gvisor-ptrace-3-cover panic: kernfs.Dentry.DecRef() called without holding a reference
2022/11/30 16:06 gvisor 50f04e5aac0d 4c2a66e8 .config console log report syz C ci-gvisor-ptrace-2-cover panic: kernfs.Dentry.DecRef() called without holding a reference
2022/11/30 16:05 gvisor 50f04e5aac0d 4c2a66e8 .config console log report syz C ci-gvisor-ptrace-2-race panic: kernfs.Dentry.DecRef() called without holding a reference
2022/11/30 16:04 gvisor 50f04e5aac0d 4c2a66e8 .config console log report syz C ci-gvisor-ptrace-3-race panic: kernfs.Dentry.DecRef() called without holding a reference
2022/11/30 15:46 gvisor 50f04e5aac0d 4c2a66e8 .config console log report syz C ci-gvisor-ptrace-3-race-cover panic: kernfs.Dentry.DecRef() called without holding a reference
2022/11/30 15:27 gvisor 50f04e5aac0d 4c2a66e8 .config console log report syz C ci-gvisor-kvm panic: kernfs.Dentry.DecRef() called without holding a reference
2022/11/30 15:27 gvisor 50f04e5aac0d 4c2a66e8 .config console log report syz C ci-gvisor-ptrace-1-race panic: kernfs.Dentry.DecRef() called without holding a reference
2022/11/30 15:07 gvisor 50f04e5aac0d 4c2a66e8 .config console log report syz C ci-gvisor-kvm panic: kernfs.Dentry.DecRef() called without holding a reference
2022/11/30 15:06 gvisor 50f04e5aac0d 4c2a66e8 .config console log report syz C ci-gvisor-ptrace-1-race panic: kernfs.Dentry.DecRef() called without holding a reference
2022/11/30 15:04 gvisor 50f04e5aac0d 4c2a66e8 .config console log report syz C ci-gvisor-ptrace-2-race panic: kernfs.Dentry.DecRef() called without holding a reference
2022/11/30 14:43 gvisor 50f04e5aac0d 4c2a66e8 .config console log report syz C ci-gvisor-ptrace-1 panic: kernfs.Dentry.DecRef() called without holding a reference
2022/11/30 14:41 gvisor 50f04e5aac0d 4c2a66e8 .config console log report syz C ci-gvisor-ptrace-2-race panic: kernfs.Dentry.DecRef() called without holding a reference
2022/11/30 14:41 gvisor 50f04e5aac0d 4c2a66e8 .config console log report syz C ci-gvisor-ptrace-3-race panic: kernfs.Dentry.DecRef() called without holding a reference
2022/11/30 14:23 gvisor 50f04e5aac0d 4c2a66e8 .config console log report syz C ci-gvisor-ptrace-1 panic: kernfs.Dentry.DecRef() called without holding a reference
2022/11/30 14:21 gvisor 50f04e5aac0d 4c2a66e8 .config console log report syz C ci-gvisor-ptrace-3-race panic: kernfs.Dentry.DecRef() called without holding a reference
2022/11/30 14:14 gvisor 50f04e5aac0d 4c2a66e8 .config console log report syz C ci-gvisor-ptrace-2 panic: kernfs.Dentry.DecRef() called without holding a reference
2022/11/30 14:09 gvisor 50f04e5aac0d 4c2a66e8 .config console log report syz C ci-gvisor-kvm-cover panic: kernfs.Dentry.DecRef() called without holding a reference
2022/11/30 14:03 gvisor 50f04e5aac0d 4c2a66e8 .config console log report syz C ci-gvisor-kvm panic: kernfs.Dentry.DecRef() called without holding a reference
2022/11/30 14:03 gvisor 50f04e5aac0d 4c2a66e8 .config console log report syz C ci-gvisor-ptrace-1-race panic: kernfs.Dentry.DecRef() called without holding a reference
2022/11/30 13:54 gvisor 50f04e5aac0d 4c2a66e8 .config console log report syz C ci-gvisor-ptrace-2 panic: kernfs.Dentry.DecRef() called without holding a reference
2022/11/30 13:52 gvisor 50f04e5aac0d 4c2a66e8 .config console log report syz C ci-gvisor-kvm-cover panic: kernfs.Dentry.DecRef() called without holding a reference
2022/11/30 13:42 gvisor 50f04e5aac0d 4c2a66e8 .config console log report syz C ci-gvisor-ptrace-2-cover panic: kernfs.Dentry.DecRef() called without holding a reference
2022/11/30 13:41 gvisor 50f04e5aac0d 4c2a66e8 .config console log report syz C ci-gvisor-ptrace-2-race panic: kernfs.Dentry.DecRef() called without holding a reference
2022/11/30 13:34 gvisor 50f04e5aac0d 4c2a66e8 .config console log report syz C ci-gvisor-ptrace-3 panic: kernfs.Dentry.DecRef() called without holding a reference
2022/11/30 13:24 gvisor 50f04e5aac0d 4c2a66e8 .config console log report syz C ci-gvisor-ptrace-3-cover panic: kernfs.Dentry.DecRef() called without holding a reference
2022/11/30 13:23 gvisor 50f04e5aac0d 4c2a66e8 .config console log report syz C ci-gvisor-ptrace-1-cover panic: kernfs.Dentry.DecRef() called without holding a reference
2022/11/30 13:22 gvisor 50f04e5aac0d 4c2a66e8 .config console log report syz C ci-gvisor-ptrace-1 panic: kernfs.Dentry.DecRef() called without holding a reference
2022/11/30 13:13 gvisor 50f04e5aac0d 4c2a66e8 .config console log report syz C ci-gvisor-ptrace-3 panic: kernfs.Dentry.DecRef() called without holding a reference
2022/11/30 13:04 gvisor 50f04e5aac0d 4c2a66e8 .config console log report syz C ci-gvisor-ptrace-3-cover panic: kernfs.Dentry.DecRef() called without holding a reference
2022/11/30 12:54 gvisor 50f04e5aac0d 4c2a66e8 .config console log report syz C ci-gvisor-ptrace-2 panic: kernfs.Dentry.DecRef() called without holding a reference
2022/11/30 12:44 gvisor 50f04e5aac0d 4c2a66e8 .config console log report syz C ci-gvisor-ptrace-1-cover panic: kernfs.Dentry.DecRef() called without holding a reference
2022/11/30 12:40 gvisor 50f04e5aac0d 4c2a66e8 .config console log report syz C ci-gvisor-ptrace-2-cover panic: kernfs.Dentry.DecRef() called without holding a reference
2022/11/30 12:26 gvisor 50f04e5aac0d 4c2a66e8 .config console log report syz C ci-gvisor-ptrace-1-cover panic: kernfs.Dentry.DecRef() called without holding a reference
2022/11/30 12:23 gvisor 50f04e5aac0d 4c2a66e8 .config console log report syz C ci-gvisor-ptrace-3-cover panic: kernfs.Dentry.DecRef() called without holding a reference
2022/11/30 12:23 gvisor 50f04e5aac0d 4c2a66e8 .config console log report syz C ci-gvisor-ptrace-2-cover panic: kernfs.Dentry.DecRef() called without holding a reference
2022/11/30 12:13 gvisor 50f04e5aac0d 4c2a66e8 .config console log report syz C ci-gvisor-ptrace-3 panic: kernfs.Dentry.DecRef() called without holding a reference
2022/11/30 11:50 gvisor 50f04e5aac0d 4c2a66e8 .config console log report syz C ci-gvisor-kvm-cover panic: kernfs.Dentry.DecRef() called without holding a reference
2022/12/01 04:29 gvisor 50f04e5aac0d 4c2a66e8 .config console log report info ci-gvisor-kvm-cover panic: kernfs.Dentry.DecRef() called without holding a reference
2022/12/01 04:29 gvisor 50f04e5aac0d 4c2a66e8 .config console log report info ci-gvisor-kvm-cover panic: kernfs.Dentry.DecRef() called without holding a reference
2022/11/30 14:18 gvisor 50f04e5aac0d 4c2a66e8 .config console log report info ci-gvisor-ptrace-2-race-cover panic: kernfs.Dentry.DecRef() called without holding a reference
2022/11/30 14:10 gvisor 50f04e5aac0d 4c2a66e8 .config console log report info ci-gvisor-ptrace-1-race-cover panic: kernfs.Dentry.DecRef() called without holding a reference
2022/11/30 13:32 gvisor 50f04e5aac0d 4c2a66e8 .config console log report info ci-gvisor-ptrace-2-race-cover panic: kernfs.Dentry.DecRef() called without holding a reference
2022/11/30 12:42 gvisor 50f04e5aac0d 4c2a66e8 .config console log report info ci-gvisor-ptrace-1-race-cover panic: kernfs.Dentry.DecRef() called without holding a reference
2022/11/30 12:14 gvisor 50f04e5aac0d 4c2a66e8 .config console log report info ci-gvisor-ptrace-3-race-cover panic: kernfs.Dentry.DecRef() called without holding a reference
2022/11/30 11:29 gvisor 50f04e5aac0d 4c2a66e8 .config console log report info ci-gvisor-ptrace-1-cover panic: kernfs.Dentry.DecRef() called without holding a reference
2022/11/30 11:25 gvisor 50f04e5aac0d 4c2a66e8 .config console log report info ci-gvisor-ptrace-2-cover panic: kernfs.Dentry.DecRef() called without holding a reference
2022/11/30 11:21 gvisor 50f04e5aac0d 4c2a66e8 .config console log report info ci-gvisor-ptrace-1-cover panic: kernfs.Dentry.DecRef() called without holding a reference
2022/11/30 11:09 gvisor 50f04e5aac0d 4c2a66e8 .config console log report info ci-gvisor-ptrace-2-cover panic: kernfs.Dentry.DecRef() called without holding a reference
2022/11/30 11:05 gvisor 50f04e5aac0d 4c2a66e8 .config console log report info ci-gvisor-kvm-cover panic: kernfs.Dentry.DecRef() called without holding a reference
2022/11/30 10:56 gvisor 50f04e5aac0d 4c2a66e8 .config console log report info ci-gvisor-kvm-cover panic: kernfs.Dentry.DecRef() called without holding a reference
2022/11/30 10:47 gvisor 50f04e5aac0d 4c2a66e8 .config console log report info ci-gvisor-ptrace-3-race-cover panic: kernfs.Dentry.DecRef() called without holding a reference
* Struck through repros no longer work on HEAD.