syzbot

 sign-in | mailing list | source | docs
🐞 Open [41]
🐞 Fixed [469]
🐞 Invalid [348]
Crashes
Kernel Health Bugs/Month Bug Lifetimes Fuzzing
💬 Send us feedback

panic: Decrementing non-positive ref count ADDR, owned by tmpfs.inode (3)

Status: fixed on 2023/11/17 08:30
Fix commit: 77b137ffd8ec Fix umount not unmounting all the mounts it is supposed to.
First crash: 377d, last: 377d
Similar bugs (3)
Kernel Title Repro Cause bisect Fix bisect Count Last Reported Patched Status
gvisor panic: Decrementing non-positive ref count ADDR, owned by tmpfs.inode C 27 726d 727d 14/26 fixed on 2022/12/01 12:27
gvisor panic: Decrementing non-positive ref count ADDR, owned by tmpfs.inode (2) C 47 566d 571d 26/26 fixed on 2023/05/17 09:52
gvisor panic: Decrementing non-positive ref count ADDR, owned by tmpfs.inode (4) C 22 311d 318d 26/26 fixed on 2024/01/22 18:53

Sample crash report:
panic: Decrementing non-positive ref count 0xc000276858, owned by tmpfs.inode

goroutine 307 [running]:
panic({0x298360?, 0xc00104c480?})
	GOROOT/src/runtime/panic.go:1017 +0x3ac fp=0xc000e3ccf8 sp=0xc000e3cc48 pc=0x12bcd6c
gvisor.dev/gvisor/pkg/sentry/fsimpl/tmpfs.(*inodeRefs).DecRef(0xc000276858, 0xc000e3cd70)
	bazel-out/k8-fastbuild-ST-3dcbe13c9b87/bin/pkg/sentry/fsimpl/tmpfs/inode_refs.go:126 +0x12c fp=0xc000e3cd60 sp=0xc000e3ccf8 pc=0x1a702ac
gvisor.dev/gvisor/pkg/sentry/fsimpl/tmpfs.(*inode).decRef(...)
	pkg/sentry/fsimpl/tmpfs/tmpfs.go:599
gvisor.dev/gvisor/pkg/sentry/fsimpl/tmpfs.(*dentry).DecRef(0xc000276800, {0x7efef8, 0xc0009d0a80})
	pkg/sentry/fsimpl/tmpfs/tmpfs.go:457 +0x8b fp=0xc000e3cda0 sp=0xc000e3cd60 pc=0x1a7a12b
gvisor.dev/gvisor/pkg/sentry/vfs.(*Dentry).DecRef(0xc000276800, {0x7efef8, 0xc0009d0a80})
	pkg/sentry/vfs/dentry.go:156 +0x5a fp=0xc000e3cdc8 sp=0xc000e3cda0 pc=0x182feda
gvisor.dev/gvisor/pkg/sentry/vfs.(*VirtualFilesystem).unlockMounts(0xc0004601d8, {0x7efef8, 0xc0009d0a80})
	pkg/sentry/vfs/vfs.go:1030 +0x1e9 fp=0xc000e3cea0 sp=0xc000e3cdc8 pc=0x186bb29
gvisor.dev/gvisor/pkg/sentry/vfs.(*Mount).destroy.func1()
	pkg/sentry/vfs/mount.go:826 +0x50 fp=0xc000e3cee0 sp=0xc000e3cea0 pc=0x184e870
runtime.deferreturn()
	GOROOT/src/runtime/panic.go:477 +0x31 fp=0xc000e3cf18 sp=0xc000e3cee0 pc=0x12bbeb1
gvisor.dev/gvisor/pkg/sentry/vfs.(*Mount).destroy(0xc0005c0370, {0x7efef8, 0xc0009d0a80})
	pkg/sentry/vfs/mount.go:839 +0x4ad fp=0xc000e3d050 sp=0xc000e3cf18 pc=0x184e78d
gvisor.dev/gvisor/pkg/sentry/vfs.(*Mount).DecRef(0xc0005c0370, {0x7efef8, 0xc0009d0a80})
	pkg/sentry/vfs/mount.go:820 +0x79 fp=0xc000e3d078 sp=0xc000e3d050 pc=0x184e299
gvisor.dev/gvisor/pkg/sentry/vfs.VirtualDentry.DecRef({0xc0005c0370?, 0xc000d22000?}, {0x7efef8, 0xc0009d0a80})
	pkg/sentry/vfs/vfs.go:1086 +0x85 fp=0xc000e3d0b0 sp=0xc000e3d078 pc=0x186bcc5
gvisor.dev/gvisor/pkg/sentry/vfs.(*VirtualFilesystem).UmountAt.func1()
	pkg/sentry/vfs/mount.go:575 +0x5e fp=0xc000e3d100 sp=0xc000e3d0b0 pc=0x184cf9e
runtime.deferreturn()
	GOROOT/src/runtime/panic.go:477 +0x31 fp=0xc000e3d138 sp=0xc000e3d100 pc=0x12bbeb1
gvisor.dev/gvisor/pkg/sentry/vfs.(*VirtualFilesystem).UmountAt(0xc0004601d8, {0x7efef8, 0xc0009d0a80}, 0xc0004675c0, 0xc000011400?, 0xc000e3d360)
	pkg/sentry/vfs/mount.go:602 +0x4aa fp=0xc000e3d2d8 sp=0xc000e3d138 pc=0x184cb2a
gvisor.dev/gvisor/pkg/sentry/syscalls/linux.Umount2(0xc0009d0a80, 0xc000e3d598?, {{0x7f1d2354f9c0}, {0xa}, {0x0}, {0xffffffff}, {0x0}, {0x0}})
	pkg/sentry/syscalls/linux/sys_mount.go:164 +0x3d1 fp=0xc000e3d4d8 sp=0xc000e3d2d8 pc=0x1e17cb1
gvisor.dev/gvisor/pkg/sentry/kernel.(*Task).executeSyscall(0xc0009d0a80, 0xa6, {{0x7f1d2354f9c0}, {0xa}, {0x0}, {0xffffffff}, {0x0}, {0x0}})
	pkg/sentry/kernel/task_syscall.go:142 +0x8b5 fp=0xc000e3d8f8 sp=0xc000e3d4d8 pc=0x1c09b15
gvisor.dev/gvisor/pkg/sentry/kernel.(*Task).doSyscallInvoke(0xc0009d0a80, 0x253b240?, {{0x7f1d2354f9c0}, {0xa}, {0x0}, {0xffffffff}, {0x0}, {0x0}})
	pkg/sentry/kernel/task_syscall.go:322 +0x6c fp=0xc000e3d998 sp=0xc000e3d8f8 pc=0x1c0b94c
gvisor.dev/gvisor/pkg/sentry/kernel.(*Task).doSyscallEnter(0xc000e3db58?, 0x2125e59?, {{0x7f1d2354f9c0}, {0xa}, {0x0}, {0xffffffff}, {0x0}, {0x0}})
	pkg/sentry/kernel/task_syscall.go:282 +0x87 fp=0xc000e3da10 sp=0xc000e3d998 pc=0x1c0b307
gvisor.dev/gvisor/pkg/sentry/kernel.(*Task).doSyscall(0xc0009d0a80)
	pkg/sentry/kernel/task_syscall.go:257 +0x4f0 fp=0xc000e3db68 sp=0xc000e3da10 pc=0x1c0ae90
gvisor.dev/gvisor/pkg/sentry/kernel.(*runApp).execute(0xc0009d0a80?, 0xc0009d0a80)
	pkg/sentry/kernel/task_run.go:269 +0x1e08 fp=0xc000e3de70 sp=0xc000e3db68 pc=0x1bf5708
gvisor.dev/gvisor/pkg/sentry/kernel.(*Task).run(0xc0009d0a80, 0xf)
	pkg/sentry/kernel/task_run.go:98 +0x43b fp=0xc000e3dfb0 sp=0xc000e3de70 pc=0x1bf301b
gvisor.dev/gvisor/pkg/sentry/kernel.(*Task).Start.func1()
	pkg/sentry/kernel/task_start.go:391 +0x45 fp=0xc000e3dfe0 sp=0xc000e3dfb0 pc=0x1c078a5
runtime.goexit()
	src/runtime/asm_amd64.s:1650 +0x1 fp=0xc000e3dfe8 sp=0xc000e3dfe0 pc=0x12f5d81
created by gvisor.dev/gvisor/pkg/sentry/kernel.(*Task).Start in goroutine 291
	pkg/sentry/kernel/task_start.go:391 +0x1ae

Crashes (16):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2023/11/15 13:51 gvisor 3ab01aedb874 cb976f63 .config console log report syz C ci-gvisor-ptrace-2-race panic: Decrementing non-positive ref count ADDR, owned by tmpfs.inode
2023/11/15 13:51 gvisor 3ab01aedb874 cb976f63 .config console log report syz C ci-gvisor-systrap-1-race panic: Decrementing non-positive ref count ADDR, owned by tmpfs.inode
2023/11/15 13:51 gvisor 3ab01aedb874 cb976f63 .config console log report syz C ci-gvisor-ptrace-1-race panic: Decrementing non-positive ref count ADDR, owned by tmpfs.inode
2023/11/15 13:51 gvisor 3ab01aedb874 cb976f63 console log report syz C ci-gvisor-kvm panic: Decrementing non-positive ref count ADDR, owned by tmpfs.inode
2023/11/15 13:49 gvisor 3ab01aedb874 cb976f63 console log report syz C ci-gvisor-systrap-1 panic: Decrementing non-positive ref count ADDR, owned by tmpfs.inode
2023/11/15 13:48 gvisor 3ab01aedb874 cb976f63 .config console log report syz C ci-gvisor-ptrace-3-race panic: Decrementing non-positive ref count ADDR, owned by tmpfs.inode
2023/11/15 12:36 gvisor 3ab01aedb874 cb976f63 console log report syz C ci-gvisor-ptrace-1 panic: Decrementing non-positive ref count ADDR, owned by tmpfs.inode
2023/11/15 12:36 gvisor 3ab01aedb874 cb976f63 console log report syz C ci-gvisor-ptrace-2 panic: Decrementing non-positive ref count ADDR, owned by tmpfs.inode
2023/11/15 11:56 gvisor 3ab01aedb874 cb976f63 console log report syz C ci-gvisor-ptrace-3 panic: Decrementing non-positive ref count ADDR, owned by tmpfs.inode
2023/11/15 11:50 gvisor 3ab01aedb874 cb976f63 .config console log report syz C ci-gvisor-ptrace-2-race panic: Decrementing non-positive ref count ADDR, owned by tmpfs.inode
2023/11/15 11:49 gvisor 3ab01aedb874 cb976f63 .config console log report syz C ci-gvisor-ptrace-3-race panic: Decrementing non-positive ref count ADDR, owned by tmpfs.inode
2023/11/15 10:39 gvisor 3ab01aedb874 cb976f63 .config console log report syz C ci-gvisor-systrap-1-race panic: Decrementing non-positive ref count ADDR, owned by tmpfs.inode
2023/11/15 10:35 gvisor 3ab01aedb874 cb976f63 console log report syz C ci-gvisor-kvm panic: Decrementing non-positive ref count ADDR, owned by tmpfs.inode
2023/11/15 10:35 gvisor 3ab01aedb874 cb976f63 .config console log report syz C ci-gvisor-ptrace-1-race panic: Decrementing non-positive ref count ADDR, owned by tmpfs.inode
2023/11/15 13:48 gvisor ceb1b69e35ec cb976f63 console log report syz C ci-gvisor-arm64-systrap-1 panic: Decrementing non-positive ref count ADDR, owned by tmpfs.inode
2023/11/15 10:20 gvisor ceb1b69e35ec cb976f63 console log report syz C ci-gvisor-arm64-systrap-1 panic: Decrementing non-positive ref count ADDR, owned by tmpfs.inode
* Struck through repros no longer work on HEAD.