syzbot

 sign-in | mailing list | source | docs
🐞 Open [41]
🐞 Fixed [469]
🐞 Invalid [348]
Crashes
Kernel Health Bugs/Month Bug Lifetimes Fuzzing
💬 Send us feedback

panic: Incrementing non-positive count ADDR on tmpfs.inode (2)

Status: fixed on 2022/12/01 12:27
Fix commit: 1823b16fccf7 Clean up DecRefs in mount methods.
First crash: 727d, last: 726d
Similar bugs (3)
Kernel Title Repro Cause bisect Fix bisect Count Last Reported Patched Status
gvisor panic: Incrementing non-positive count ADDR on tmpfs.inode syz 2 1472d 1472d 0/26 fixed on 2020/11/18 07:03
gvisor panic: Incrementing non-positive count ADDR on tmpfs.inode (4) C 24 375d 377d 26/26 fixed on 2023/11/17 08:30
gvisor panic: Incrementing non-positive count ADDR on tmpfs.inode (3) 6 566d 588d 26/26 fixed on 2023/05/26 03:35

Sample crash report:
panic: Incrementing non-positive count 0xc0009f8408 on tmpfs.inode

goroutine 159 [running]:
panic({0x172f380, 0xc00075a3a0})
	GOROOT/src/runtime/panic.go:941 +0x397 fp=0xc000846d80 sp=0xc000846cc0 pc=0x438397
gvisor.dev/gvisor/pkg/sentry/fsimpl/tmpfs.(*inodeRefs).IncRef(0xc0009f8408)
	bazel-out/k8-fastbuild-ST-3dcbe13c9b87/bin/pkg/sentry/fsimpl/tmpfs/inode_refs.go:80 +0xfa fp=0xc000846de0 sp=0xc000846d80 pc=0xb4db5a
gvisor.dev/gvisor/pkg/sentry/fsimpl/tmpfs.(*inode).incRef(0xc0009f8400)
	pkg/sentry/fsimpl/tmpfs/tmpfs.go:520 +0x46 fp=0xc000846e00 sp=0xc000846de0 pc=0xb59646
gvisor.dev/gvisor/pkg/sentry/fsimpl/tmpfs.(*dentry).IncRef(0xc000832460)
	pkg/sentry/fsimpl/tmpfs/tmpfs.go:377 +0x54 fp=0xc000846e20 sp=0xc000846e00 pc=0xb58ad4
gvisor.dev/gvisor/pkg/sentry/fsimpl/tmpfs.(*filesystem).GetDentryAt(0xc000926000, {0x1b3c770, 0xc000959500}, 0xc000679200, {0x0?})
	pkg/sentry/fsimpl/tmpfs/filesystem.go:258 +0x21a fp=0xc000846f08 sp=0xc000846e20 pc=0xb41cda
gvisor.dev/gvisor/pkg/sentry/vfs.(*VirtualFilesystem).GetDentryAt(0x408f0d?, {0x1b3c770, 0xc000959500}, 0x471185?, 0x46fe0c?, 0xc000846fd7)
	pkg/sentry/vfs/vfs.go:229 +0x135 fp=0xc000846fa0 sp=0xc000846f08 pc=0x993a75
gvisor.dev/gvisor/pkg/sentry/vfs.(*VirtualFilesystem).BindAt(0xc00059c1d0, {0x1b3c770?, 0xc000959500}, 0xc0009f8000?, 0xc00060cf00?, 0x7?)
	pkg/sentry/vfs/mount.go:571 +0xd0 fp=0xc000847248 sp=0xc000846fa0 pc=0x97ec30
gvisor.dev/gvisor/pkg/sentry/syscalls/linux.Mount(0xc000959500, {{0x20000240}, {0x200000c0}, {0x0}, {0x1000}, {0x0}, {0x7f002b569e78}})
	pkg/sentry/syscalls/linux/sys_mount.go:84 +0x5ea fp=0xc0008475b0 sp=0xc000847248 pc=0xefaaaa
gvisor.dev/gvisor/pkg/sentry/kernel.(*Task).executeSyscall(0xc000959500, 0xa5, {{0x20000240}, {0x200000c0}, {0x0}, {0x1000}, {0x0}, {0x7f002b569e78}})
	pkg/sentry/kernel/task_syscall.go:142 +0xab8 fp=0xc0008479f8 sp=0xc0008475b0 pc=0xce1278
gvisor.dev/gvisor/pkg/sentry/kernel.(*Task).doSyscallInvoke(0xc000959500, 0x1?, {{0x20000240}, {0x200000c0}, {0x0}, {0x1000}, {0x0}, {0x7f002b569e78}})
	pkg/sentry/kernel/task_syscall.go:322 +0x8e fp=0xc000847a98 sp=0xc0008479f8 pc=0xce340e
gvisor.dev/gvisor/pkg/sentry/kernel.(*Task).doSyscallEnter(0xc000b0e0f0?, 0x46fdec?, {{0x20000240}, {0x200000c0}, {0x0}, {0x1000}, {0x0}, {0x7f002b569e78}})
	pkg/sentry/kernel/task_syscall.go:282 +0xc5 fp=0xc000847b10 sp=0xc000847a98 pc=0xce2ce5
gvisor.dev/gvisor/pkg/sentry/kernel.(*Task).doSyscall(0xc000959500)
	pkg/sentry/kernel/task_syscall.go:257 +0x53b fp=0xc000847c38 sp=0xc000847b10 pc=0xce27db
gvisor.dev/gvisor/pkg/sentry/kernel.(*runApp).execute(0xc000959500?, 0xc000959500)
	pkg/sentry/kernel/task_run.go:253 +0x1e2b fp=0xc000847ec0 sp=0xc000847c38 pc=0xccbdab
gvisor.dev/gvisor/pkg/sentry/kernel.(*Task).run(0xc000959500, 0xd)
	pkg/sentry/kernel/task_run.go:94 +0x2c2 fp=0xc000847fb0 sp=0xc000847ec0 pc=0xcc95c2
gvisor.dev/gvisor/pkg/sentry/kernel.(*Task).Start.func1()
	pkg/sentry/kernel/task_start.go:378 +0x48 fp=0xc000847fe0 sp=0xc000847fb0 pc=0xcde988
runtime.goexit()
	src/runtime/asm_amd64.s:1571 +0x1 fp=0xc000847fe8 sp=0xc000847fe0 pc=0x46e1c1
created by gvisor.dev/gvisor/pkg/sentry/kernel.(*Task).Start
	pkg/sentry/kernel/task_start.go:378 +0x1d0

Crashes (56):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2022/11/30 23:24 gvisor 50f04e5aac0d 4c2a66e8 .config console log report syz C ci-gvisor-ptrace-3-race-cover panic: Incrementing non-positive count ADDR on tmpfs.inode
2022/11/30 21:42 gvisor 50f04e5aac0d 4c2a66e8 .config console log report syz C ci-gvisor-ptrace-3-race-cover panic: Incrementing non-positive count ADDR on tmpfs.inode
2022/11/30 21:11 gvisor 50f04e5aac0d 4c2a66e8 .config console log report syz C ci-gvisor-ptrace-3-race-cover panic: Incrementing non-positive count ADDR on tmpfs.inode
2022/11/30 15:46 gvisor 50f04e5aac0d 4c2a66e8 .config console log report syz C ci-gvisor-kvm panic: Incrementing non-positive count ADDR on tmpfs.inode
2022/11/30 15:45 gvisor 50f04e5aac0d 4c2a66e8 .config console log report syz C ci-gvisor-ptrace-1-race panic: Incrementing non-positive count ADDR on tmpfs.inode
2022/11/30 15:23 gvisor 50f04e5aac0d 4c2a66e8 .config console log report syz C ci-gvisor-ptrace-2-race panic: Incrementing non-positive count ADDR on tmpfs.inode
2022/11/30 15:05 gvisor 50f04e5aac0d 4c2a66e8 .config console log report syz C ci-gvisor-ptrace-1 panic: Incrementing non-positive count ADDR on tmpfs.inode
2022/11/30 15:02 gvisor 50f04e5aac0d 4c2a66e8 .config console log report syz C ci-gvisor-ptrace-3-race panic: Incrementing non-positive count ADDR on tmpfs.inode
2022/11/30 14:49 gvisor 50f04e5aac0d 4c2a66e8 .config console log report syz C ci-gvisor-ptrace-1-cover panic: Incrementing non-positive count ADDR on tmpfs.inode
2022/11/30 14:42 gvisor 50f04e5aac0d 4c2a66e8 .config console log report syz C ci-gvisor-kvm panic: Incrementing non-positive count ADDR on tmpfs.inode
2022/11/30 14:41 gvisor 50f04e5aac0d 4c2a66e8 .config console log report syz C ci-gvisor-ptrace-1-race panic: Incrementing non-positive count ADDR on tmpfs.inode
2022/11/30 14:32 gvisor 50f04e5aac0d 4c2a66e8 .config console log report syz C ci-gvisor-ptrace-2 panic: Incrementing non-positive count ADDR on tmpfs.inode
2022/11/30 14:28 gvisor 50f04e5aac0d 4c2a66e8 .config console log report syz C ci-gvisor-kvm-cover panic: Incrementing non-positive count ADDR on tmpfs.inode
2022/11/30 14:22 gvisor 50f04e5aac0d 4c2a66e8 .config console log report syz C ci-gvisor-ptrace-1-cover panic: Incrementing non-positive count ADDR on tmpfs.inode
2022/11/30 14:22 gvisor 50f04e5aac0d 4c2a66e8 .config console log report syz C ci-gvisor-ptrace-3 panic: Incrementing non-positive count ADDR on tmpfs.inode
2022/11/30 14:22 gvisor 50f04e5aac0d 4c2a66e8 .config console log report syz C ci-gvisor-kvm panic: Incrementing non-positive count ADDR on tmpfs.inode
2022/11/30 14:21 gvisor 50f04e5aac0d 4c2a66e8 .config console log report syz C ci-gvisor-ptrace-1-race panic: Incrementing non-positive count ADDR on tmpfs.inode
2022/11/30 14:20 gvisor 50f04e5aac0d 4c2a66e8 .config console log report syz C ci-gvisor-ptrace-2-cover panic: Incrementing non-positive count ADDR on tmpfs.inode
2022/11/30 14:20 gvisor 50f04e5aac0d 4c2a66e8 .config console log report syz C ci-gvisor-ptrace-2-race panic: Incrementing non-positive count ADDR on tmpfs.inode
2022/11/30 14:01 gvisor 50f04e5aac0d 4c2a66e8 .config console log report syz C ci-gvisor-ptrace-1 panic: Incrementing non-positive count ADDR on tmpfs.inode
2022/11/30 14:00 gvisor 50f04e5aac0d 4c2a66e8 .config console log report syz C ci-gvisor-ptrace-2-race panic: Incrementing non-positive count ADDR on tmpfs.inode
2022/11/30 13:59 gvisor 50f04e5aac0d 4c2a66e8 .config console log report syz C ci-gvisor-ptrace-3-race panic: Incrementing non-positive count ADDR on tmpfs.inode
2022/11/30 13:52 gvisor 50f04e5aac0d 4c2a66e8 .config console log report syz C ci-gvisor-ptrace-3-cover panic: Incrementing non-positive count ADDR on tmpfs.inode
2022/11/30 13:41 gvisor 50f04e5aac0d 4c2a66e8 .config console log report syz C ci-gvisor-ptrace-1 panic: Incrementing non-positive count ADDR on tmpfs.inode
2022/11/30 13:39 gvisor 50f04e5aac0d 4c2a66e8 .config console log report syz C ci-gvisor-ptrace-3-race panic: Incrementing non-positive count ADDR on tmpfs.inode
2022/11/30 13:32 gvisor 50f04e5aac0d 4c2a66e8 .config console log report syz C ci-gvisor-ptrace-2 panic: Incrementing non-positive count ADDR on tmpfs.inode
2022/11/30 13:19 gvisor 50f04e5aac0d 4c2a66e8 .config console log report syz C ci-gvisor-ptrace-2-cover panic: Incrementing non-positive count ADDR on tmpfs.inode
2022/11/30 13:12 gvisor 50f04e5aac0d 4c2a66e8 .config console log report syz C ci-gvisor-ptrace-2 panic: Incrementing non-positive count ADDR on tmpfs.inode
2022/11/30 13:02 gvisor 50f04e5aac0d 4c2a66e8 .config console log report syz C ci-gvisor-ptrace-1-cover panic: Incrementing non-positive count ADDR on tmpfs.inode
2022/11/30 12:59 gvisor 50f04e5aac0d 4c2a66e8 .config console log report syz C ci-gvisor-ptrace-2-cover panic: Incrementing non-positive count ADDR on tmpfs.inode
2022/11/30 12:52 gvisor 50f04e5aac0d 4c2a66e8 .config console log report syz C ci-gvisor-ptrace-3 panic: Incrementing non-positive count ADDR on tmpfs.inode
2022/11/30 12:45 gvisor 50f04e5aac0d 4c2a66e8 .config console log report syz C ci-gvisor-kvm-cover panic: Incrementing non-positive count ADDR on tmpfs.inode
2022/11/30 12:42 gvisor 50f04e5aac0d 4c2a66e8 .config console log report syz C ci-gvisor-ptrace-3-cover panic: Incrementing non-positive count ADDR on tmpfs.inode
2022/11/30 12:32 gvisor 50f04e5aac0d 4c2a66e8 .config console log report syz C ci-gvisor-ptrace-3 panic: Incrementing non-positive count ADDR on tmpfs.inode
2022/11/30 12:25 gvisor 50f04e5aac0d 4c2a66e8 .config console log report syz C ci-gvisor-kvm-cover panic: Incrementing non-positive count ADDR on tmpfs.inode
2022/11/30 12:12 gvisor 50f04e5aac0d 4c2a66e8 .config console log report syz C ci-gvisor-ptrace-1-cover panic: Incrementing non-positive count ADDR on tmpfs.inode
2022/11/30 12:03 gvisor 50f04e5aac0d 4c2a66e8 .config console log report syz C ci-gvisor-ptrace-3-cover panic: Incrementing non-positive count ADDR on tmpfs.inode
2022/12/01 10:56 gvisor 50f04e5aac0d 4c2a66e8 .config console log report info ci-gvisor-kvm-cover panic: Incrementing non-positive count ADDR on tmpfs.inode
2022/12/01 07:56 gvisor 50f04e5aac0d 4c2a66e8 .config console log report info ci-gvisor-kvm-cover panic: Incrementing non-positive count ADDR on tmpfs.inode
2022/11/30 22:56 gvisor 50f04e5aac0d 4c2a66e8 .config console log report info ci-gvisor-ptrace-2-cover panic: Incrementing non-positive count ADDR on tmpfs.inode
2022/11/30 20:48 gvisor 50f04e5aac0d 4c2a66e8 .config console log report info ci-gvisor-ptrace-2 panic: Incrementing non-positive count ADDR on tmpfs.inode
2022/11/30 19:09 gvisor 50f04e5aac0d 4c2a66e8 .config console log report info ci-gvisor-ptrace-2-cover panic: Incrementing non-positive count ADDR on tmpfs.inode
2022/11/30 19:02 gvisor 50f04e5aac0d 4c2a66e8 .config console log report info ci-gvisor-ptrace-1-cover panic: Incrementing non-positive count ADDR on tmpfs.inode
2022/11/30 19:00 gvisor 50f04e5aac0d 4c2a66e8 .config console log report info ci-gvisor-ptrace-3-cover panic: Incrementing non-positive count ADDR on tmpfs.inode
2022/11/30 18:51 gvisor 50f04e5aac0d 4c2a66e8 .config console log report info ci-gvisor-ptrace-3-cover panic: Incrementing non-positive count ADDR on tmpfs.inode
2022/11/30 18:47 gvisor 50f04e5aac0d 4c2a66e8 .config console log report info ci-gvisor-ptrace-3-cover panic: Incrementing non-positive count ADDR on tmpfs.inode
2022/11/30 17:51 gvisor 50f04e5aac0d 4c2a66e8 .config console log report info ci-gvisor-ptrace-1-race panic: Incrementing non-positive count ADDR on tmpfs.inode
2022/11/30 15:51 gvisor 50f04e5aac0d 4c2a66e8 .config console log report info ci-gvisor-ptrace-3-cover panic: Incrementing non-positive count ADDR on tmpfs.inode
* Struck through repros no longer work on HEAD.