BUG: Dentry still in use in unmount
24 views
Skip to first unread message
syzbot
Feb 10, 2022, 5:48:21 PM2/10/22
to syzkaller-a...@googlegroups.com
Hello,
syzbot found the following issue on:
HEAD commit: ca562bf79c65 Merge branch 'android12-5.10' into `android12..
git tree: android12-5.10-lts
console output: https://syzkaller.appspot.com/x/log.txt?x=17021574700000
kernel config: https://syzkaller.appspot.com/x/.config?x=807098b76927f238
dashboard link: https://syzkaller.appspot.com/bug?extid=1ef2d95db299942fba18
compiler: Debian clang version 11.0.1-2, GNU ld (GNU Binutils for Debian) 2.35.2
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=1198ef0c700000
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=108adbb4700000
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+1ef2d9...@syzkaller.appspotmail.com
BUG: Dentry ffff88811a146bb0{i=4,n=.incomplete} still in use (1) [unmount of tmpfs tmpfs]
------------[ cut here ]------------
WARNING: CPU: 0 PID: 378 at fs/dcache.c:1616 umount_check+0x18d/0x1d0 fs/dcache.c:1607
Modules linked in:
CPU: 0 PID: 378 Comm: syz-executor682 Not tainted 5.10.99-syzkaller-00837-gca562bf79c65 #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
RIP: 0010:umount_check+0x18d/0x1d0 fs/dcache.c:1607
Code: 8b 0b 49 81 c6 f8 03 00 00 48 c7 c7 40 4e 2e 85 4c 89 e6 48 8b 55 d0 4c 89 e1 45 89 f8 31 c0 41 56 e8 de ab 9e ff 48 83 c4 08 <0f> 0b e9 f1 fe ff ff 89 d9 80 e1 07 80 c1 03 38 c1 0f 8c c9 fe ff
RSP: 0018:ffffc9000097fc88 EFLAGS: 00010286
RAX: 000000000000005a RBX: ffffffff8660f860 RCX: f8a67278db25fa00
RDX: 0000000000000000 RSI: 0000000080000002 RDI: 0000000000000000
RBP: ffffc9000097fcb8 R08: ffffffff815454a8 R09: ffffed103ee0a5d8
R10: ffffed103ee0a5d8 R11: 0000000000000000 R12: ffff88811a146bb0
R13: dffffc0000000000 R14: ffff8881063a03f8 R15: 0000000000000001
FS: 000055555619b300(0000) GS:ffff8881f7000000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007ffde8efbea8 CR3: 00000001077a8000 CR4: 00000000003506b0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
d_walk+0x309/0x540 fs/dcache.c:1326
do_one_tree fs/dcache.c:1623 [inline]
shrink_dcache_for_umount+0x8e/0x1b0 fs/dcache.c:1639
generic_shutdown_super+0x66/0x2c0 fs/super.c:447
kill_anon_super fs/super.c:1108 [inline]
kill_litter_super+0x75/0xa0 fs/super.c:1117
deactivate_locked_super+0xb0/0x100 fs/super.c:335
deactivate_super+0xa5/0xd0 fs/super.c:366
cleanup_mnt+0x45f/0x510 fs/namespace.c:1118
__cleanup_mnt+0x19/0x20 fs/namespace.c:1125
task_work_run+0x147/0x1b0 kernel/task_work.c:154
tracehook_notify_resume include/linux/tracehook.h:188 [inline]
exit_to_user_mode_loop kernel/entry/common.c:164 [inline]
exit_to_user_mode_prepare+0xc3/0xe0 kernel/entry/common.c:191
syscall_exit_to_user_mode+0x24/0x40 kernel/entry/common.c:266
do_syscall_64+0x3d/0x70 arch/x86/entry/common.c:56
entry_SYSCALL_64_after_hwframe+0x44/0xa9
RIP: 0033:0x7f53722630f7
Code: 07 00 48 83 c4 08 5b 5d c3 66 2e 0f 1f 84 00 00 00 00 00 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 b8 a6 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007ffde8efc5e8 EFLAGS: 00000206 ORIG_RAX: 00000000000000a6
RAX: 0000000000000000 RBX: 0000000000000000 RCX: 00007f53722630f7
RDX: 00007ffde8efc6a7 RSI: 000000000000000a RDI: 00007ffde8efc6a0
RBP: 00007ffde8efc6a0 R08: 00000000ffffffff R09: 00007ffde8efc480
R10: 000055555619c683 R11: 0000000000000206 R12: 00007ffde8efd710
R13: 000055555619c5f0 R14: 00007ffde8efc610 R15: 0000000000000001
---[ end trace ff508277f1a25db4 ]---
BUG: Dentry ffff88811a146330{i=3,n=.index} still in use (1) [unmount of tmpfs tmpfs]
------------[ cut here ]------------
WARNING: CPU: 0 PID: 378 at fs/dcache.c:1616 umount_check+0x18d/0x1d0 fs/dcache.c:1607
Modules linked in:
CPU: 0 PID: 378 Comm: syz-executor682 Tainted: G W 5.10.99-syzkaller-00837-gca562bf79c65 #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
RIP: 0010:umount_check+0x18d/0x1d0 fs/dcache.c:1607
Code: 8b 0b 49 81 c6 f8 03 00 00 48 c7 c7 40 4e 2e 85 4c 89 e6 48 8b 55 d0 4c 89 e1 45 89 f8 31 c0 41 56 e8 de ab 9e ff 48 83 c4 08 <0f> 0b e9 f1 fe ff ff 89 d9 80 e1 07 80 c1 03 38 c1 0f 8c c9 fe ff
RSP: 0018:ffffc9000097fc88 EFLAGS: 00010286
RAX: 0000000000000055 RBX: ffffffff8660f860 RCX: f8a67278db25fa00
RDX: 0000000000000000 RSI: 0000000000000002 RDI: 0000000000000000
RBP: ffffc9000097fcb8 R08: ffffffff815454a8 R09: fffff5200012febd
R10: fffff5200012febd R11: 0000000000000000 R12: ffff88811a146330
R13: dffffc0000000000 R14: ffff8881063a03f8 R15: 0000000000000001
FS: 000055555619b300(0000) GS:ffff8881f7000000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007ffde8efbea8 CR3: 00000001077a8000 CR4: 00000000003506b0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
d_walk+0x309/0x540 fs/dcache.c:1326
do_one_tree fs/dcache.c:1623 [inline]
shrink_dcache_for_umount+0x8e/0x1b0 fs/dcache.c:1639
generic_shutdown_super+0x66/0x2c0 fs/super.c:447
kill_anon_super fs/super.c:1108 [inline]
kill_litter_super+0x75/0xa0 fs/super.c:1117
deactivate_locked_super+0xb0/0x100 fs/super.c:335
deactivate_super+0xa5/0xd0 fs/super.c:366
cleanup_mnt+0x45f/0x510 fs/namespace.c:1118
__cleanup_mnt+0x19/0x20 fs/namespace.c:1125
task_work_run+0x147/0x1b0 kernel/task_work.c:154
tracehook_notify_resume include/linux/tracehook.h:188 [inline]
exit_to_user_mode_loop kernel/entry/common.c:164 [inline]
exit_to_user_mode_prepare+0xc3/0xe0 kernel/entry/common.c:191
syscall_exit_to_user_mode+0x24/0x40 kernel/entry/common.c:266
do_syscall_64+0x3d/0x70 arch/x86/entry/common.c:56
entry_SYSCALL_64_after_hwframe+0x44/0xa9
RIP: 0033:0x7f53722630f7
Code: 07 00 48 83 c4 08 5b 5d c3 66 2e 0f 1f 84 00 00 00 00 00 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 b8 a6 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007ffde8efc5e8 EFLAGS: 00000206 ORIG_RAX: 00000000000000a6
RAX: 0000000000000000 RBX: 0000000000000000 RCX: 00007f53722630f7
RDX: 00007ffde8efc6a7 RSI: 000000000000000a RDI: 00007ffde8efc6a0
RBP: 00007ffde8efc6a0 R08: 00000000ffffffff R09: 00007ffde8efc480
R10: 000055555619c683 R11: 0000000000000206 R12: 00007ffde8efd710
R13: 000055555619c5f0 R14: 00007ffde8efc610 R15: 0000000000000001
---[ end trace ff508277f1a25db5 ]---
BUG: Dentry ffff88811a146bb0{i=4,n=.incomplete} still in use (1) [unmount of tmpfs tmpfs]
------------[ cut here ]------------
WARNING: CPU: 0 PID: 378 at fs/dcache.c:1616 umount_check+0x18d/0x1d0 fs/dcache.c:1607
Modules linked in:
CPU: 0 PID: 378 Comm: syz-executor682 Tainted: G W 5.10.99-syzkaller-00837-gca562bf79c65 #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
RIP: 0010:umount_check+0x18d/0x1d0 fs/dcache.c:1607
Code: 8b 0b 49 81 c6 f8 03 00 00 48 c7 c7 40 4e 2e 85 4c 89 e6 48 8b 55 d0 4c 89 e1 45 89 f8 31 c0 41 56 e8 de ab 9e ff 48 83 c4 08 <0f> 0b e9 f1 fe ff ff 89 d9 80 e1 07 80 c1 03 38 c1 0f 8c c9 fe ff
RSP: 0018:ffffc9000097fc88 EFLAGS: 00010286
RAX: 000000000000005a RBX: ffffffff8660f860 RCX: f8a67278db25fa00
RDX: 0000000000000000 RSI: 0000000080000003 RDI: 0000000000000000
RBP: ffffc9000097fcb8 R08: ffffffff815454a8 R09: 0000000000000003
R10: fffff5200012fee5 R11: 0000000000000004 R12: ffff88811a146bb0
R13: dffffc0000000000 R14: ffff8881063a03f8 R15: 0000000000000001
FS: 000055555619b300(0000) GS:ffff8881f7000000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007ffde8efbea8 CR3: 00000001077a8000 CR4: 00000000003506b0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
d_walk+0x309/0x540 fs/dcache.c:1326
do_one_tree fs/dcache.c:1623 [inline]
shrink_dcache_for_umount+0x8e/0x1b0 fs/dcache.c:1639
generic_shutdown_super+0x66/0x2c0 fs/super.c:447
kill_anon_super fs/super.c:1108 [inline]
kill_litter_super+0x75/0xa0 fs/super.c:1117
deactivate_locked_super+0xb0/0x100 fs/super.c:335
deactivate_super+0xa5/0xd0 fs/super.c:366
cleanup_mnt+0x45f/0x510 fs/namespace.c:1118
__cleanup_mnt+0x19/0x20 fs/namespace.c:1125
task_work_run+0x147/0x1b0 kernel/task_work.c:154
tracehook_notify_resume include/linux/tracehook.h:188 [inline]
exit_to_user_mode_loop kernel/entry/common.c:164 [inline]
exit_to_user_mode_prepare+0xc3/0xe0 kernel/entry/common.c:191
syscall_exit_to_user_mode+0x24/0x40 kernel/entry/common.c:266
do_syscall_64+0x3d/0x70 arch/x86/entry/common.c:56
entry_SYSCALL_64_after_hwframe+0x44/0xa9
RIP: 0033:0x7f53722630f7
Code: 07 00 48 83 c4 08 5b 5d c3 66 2e 0f 1f 84 00 00 00 00 00 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 b8 a6 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007ffde8efc5e8 EFLAGS: 00000206
ORIG_RAX: 00000000000000a6
RAX: 0000000000000000 RBX: 0000000000000000 RCX: 00007f53722630f7
RDX: 00007ffde8efc6a7 RSI: 000000000000000a RDI: 00007ffde8efc6a0
RBP: 00007ffde8efc6a0 R08: 00000000ffffffff R09: 00007ffde8efc480
R10: 000055555619c683 R11: 0000000000000206 R12: 00007ffde8efd710
R13: 000055555619c5f0 R14: 00007ffde8efc610 R15: 0000000000000001
---[ end trace ff508277f1a25db7 ]---
BUG: Dentry ffff88811a146330{i=3,n=.index} still in use (1) [unmount of tmpfs tmpfs]
------------[ cut here ]------------
WARNING: CPU: 0 PID: 378 at fs/dcache.c:1616 umount_check+0x18d/0x1d0 fs/dcache.c:1607
Modules linked in:
CPU: 0 PID: 378 Comm: syz-executor682 Tainted: G W 5.10.99-syzkaller-00837-gca562bf79c65 #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
RIP: 0010:umount_check+0x18d/0x1d0 fs/dcache.c:1607
Code: 8b 0b 49 81 c6 f8 03 00 00 48 c7 c7 40 4e 2e 85 4c 89 e6 48 8b 55 d0 4c 89 e1 45 89 f8 31 c0 41 56 e8 de ab 9e ff 48 83 c4 08 <0f> 0b e9 f1 fe ff ff 89 d9 80 e1 07 80 c1 03 38 c1 0f 8c c9 fe ff
RSP: 0018:ffffc9000097fc88 EFLAGS: 00010286
RAX: 0000000000000055 RBX: ffffffff8660f860 RCX: f8a67278db25fa00
RDX: 0000000000000000 RSI: 0000000000000003 RDI: 0000000000000000
RBP: ffffc9000097fcb8 R08: ffffffff815454a8 R09: 0000000000000003
R10: fffff5200012ff35 R11: 0000000000000004 R12: ffff88811a146330
R13: dffffc0000000000 R14: ffff8881063a03f8 R15: 0000000000000001
FS: 000055555619b300(0000) GS:ffff8881f7000000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007ffde8efbea8 CR3: 00000001077a8000 CR4: 00000000003506b0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
d_walk+0x309/0x540 fs/dcache.c:1326
do_one_tree fs/dcache.c:1623 [inline]
shrink_dcache_for_umount+0x8e/0x1b0 fs/dcache.c:1639
generic_shutdown_super+0x66/0x2c0 fs/super.c:447
kill_anon_super fs/super.c:1108 [inline]
kill_litter_super+0x75/0xa0 fs/super.c:1117
deactivate_locked_super+0xb0/0x100 fs/super.c:335
deactivate_super+0xa5/0xd0 fs/super.c:366
cleanup_mnt+0x45f/0x510 fs/namespace.c:1118
__cleanup_mnt+0x19/0x20 fs/namespace.c:1125
task_work_run+0x147/0x1b0 kernel/task_work.c:154
tracehook_notify_resume include/linux/tracehook.h:188 [inline]
exit_to_user_mode_loop kernel/entry/common.c:164 [inline]
exit_to_user_mode_prepare+0xc3/0xe0 kernel/entry/common.c:191
syscall_exit_to_user_mode+0x24/0x40 kernel/entry/common.c:266
do_syscall_64+0x3d/0x70 arch/x86/entry/common.c:56
entry_SYSCALL_64_after_hwframe+0x44/0xa9
RIP: 0033:0x7f53722630f7
Code: 07 00 48 83 c4 08 5b 5d c3 66 2e 0f 1f 84 00 00 00 00 00 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 b8 a6 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007ffde8efc5e8 EFLAGS: 00000206 ORIG_RAX: 00000000000000a6
RAX: 0000000000000000 RBX: 0000000000000000 RCX: 00007f53722630f7
RDX: 00007ffde8efc6a7 RSI: 000000000000000a RDI: 00007ffde8efc6a0
RBP: 00007ffde8efc6a0 R08: 00000000ffffffff R09: 00007ffde8efc480
R10: 000055555619c683 R11: 0000000000000206 R12: 00007ffde8efd710
R13: 000055555619c5f0 R14: 00007ffde8efc610 R15: 0000000000000001
---[ end trace ff508277f1a25db9 ]---
VFS: Busy inodes after unmount of tmpfs. Self-destruct in 5 seconds. Have a nice day...
BUG: Dentry ffff88811a174ee0{i=4,n=.incomplete} still in use (1) [unmount of tmpfs tmpfs]
------------[ cut here ]------------
WARNING: CPU: 0 PID: 378 at fs/dcache.c:1616 umount_check+0x18d/0x1d0 fs/dcache.c:1607
Modules linked in:
CPU: 0 PID: 378 Comm: syz-executor682 Tainted: G W 5.10.99-syzkaller-00837-gca562bf79c65 #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
RIP: 0010:umount_check+0x18d/0x1d0 fs/dcache.c:1607
Code: 8b 0b 49 81 c6 f8 03 00 00 48 c7 c7 40 4e 2e 85 4c 89 e6 48 8b 55 d0 4c 89 e1 45 89 f8 31 c0 41 56 e8 de ab 9e ff 48 83 c4 08 <0f> 0b e9 f1 fe ff ff 89 d9 80 e1 07 80 c1 03 38 c1 0f 8c c9 fe ff
RSP: 0018:ffffc9000097fc88 EFLAGS: 00010286
RAX: 000000000000005a RBX: ffffffff8660f860 RCX: f8a67278db25fa00
RDX: 0000000000000000 RSI: 0000000000000002 RDI: 0000000000000000
RBP: ffffc9000097fcb8 R08: ffffffff815454a8 R09: 0000000000000003
R10: fffff5200012fee5 R11: 0000000000000004 R12: ffff88811a174ee0
R13: dffffc0000000000 R14: ffff8881055be3f8 R15: 0000000000000001
FS: 000055555619b300(0000) GS:ffff8881f7000000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007ffde8efbea8 CR3: 00000001077a8000 CR4: 00000000003506b0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
d_walk+0x309/0x540 fs/dcache.c:1326
do_one_tree fs/dcache.c:1623 [inline]
shrink_dcache_for_umount+0x8e/0x1b0 fs/dcache.c:1639
generic_shutdown_super+0x66/0x2c0 fs/super.c:447
kill_anon_super fs/super.c:1108 [inline]
kill_litter_super+0x75/0xa0 fs/super.c:1117
deactivate_locked_super+0xb0/0x100 fs/super.c:335
deactivate_super+0xa5/0xd0 fs/super.c:366
cleanup_mnt+0x45f/0x510 fs/namespace.c:1118
__cleanup_mnt+0x19/0x20 fs/namespace.c:1125
task_work_run+0x147/0x1b0 kernel/task_work.c:154
tracehook_notify_resume include/linux/tracehook.h:188 [inline]
exit_to_user_mode_loop kernel/entry/common.c:164 [inline]
exit_to_user_mode_prepare+0xc3/0xe0 kernel/entry/common.c:191
syscall_exit_to_user_mode+0x24/0x40 kernel/entry/common.c:266
do_syscall_64+0x3d/0x70 arch/x86/entry/common.c:56
entry_SYSCALL_64_after_hwframe+0x44/0xa9
RIP: 0033:0x7f53722630f7
Code: 07 00 48 83 c4 08 5b 5d c3 66 2e 0f 1f 84 00 00 00 00 00 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 b8 a6 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007ffde8efc5e8 EFLAGS: 00000206
ORIG_RAX: 00000000000000a6
RAX: 0000000000000000 RBX: 0000000000000000 RCX: 00007f53722630f7
RDX: 00007ffde8efc6a7 RSI: 000000000000000a RDI: 00007ffde8efc6a0
RBP: 00007ffde8efc6a0 R08: 00000000ffffffff R09: 00007ffde8efc480
R10: 000055555619c683 R11: 0000000000000206 R12: 00007ffde8efd710
R13: 000055555619c5f0 R14: 00007ffde8efc610 R15: 0000000000000002
---[ end trace ff508277f1a25dc3 ]---
BUG: Dentry ffff88811a174dd0{i=3,n=.index} still in use (1) [unmount of tmpfs tmpfs]
------------[ cut here ]------------
WARNING: CPU: 0 PID: 378 at fs/dcache.c:1616 umount_check+0x18d/0x1d0 fs/dcache.c:1607
Modules linked in:
CPU: 0 PID: 378 Comm: syz-executor682 Tainted: G W 5.10.99-syzkaller-00837-gca562bf79c65 #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
RIP: 0010:umount_check+0x18d/0x1d0 fs/dcache.c:1607
Code: 8b 0b 49 81 c6 f8 03 00 00 48 c7 c7 40 4e 2e 85 4c 89 e6 48 8b 55 d0 4c 89 e1 45 89 f8 31 c0 41 56 e8 de ab 9e ff 48 83 c4 08 <0f> 0b e9 f1 fe ff ff 89 d9 80 e1 07 80 c1 03 38 c1 0f 8c c9 fe ff
RSP: 0018:ffffc9000097fc88 EFLAGS: 00010286
RAX: 0000000000000055 RBX: ffffffff8660f860 RCX: f8a67278db25fa00
RDX: 0000000000000000 RSI: 0000000000000002 RDI: 0000000000000000
RBP: ffffc9000097fcb8 R08: ffffffff815454a8 R09: 0000000000000003
R10: fffff5200012fee5 R11: 0000000000000004 R12: ffff88811a174dd0
R13: dffffc0000000000 R14: ffff8881055be3f8 R15: 0000000000000001
FS: 000055555619b300(0000) GS:ffff8881f7000000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007ffde8efbea8 CR3: 00000001077a8000 CR4: 00000000003506b0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
d_walk+0x309/0x540 fs/dcache.c:1326
do_one_tree fs/dcache.c:1623 [inline]
shrink_dcache_for_umount+0x8e/0x1b0 fs/dcache.c:1639
generic_shutdown_super+0x66/0x2c0 fs/super.c:447
kill_anon_super fs/super.c:1108 [inline]
kill_litter_super+0x75/0xa0 fs/super.c:1117
deactivate_locked_super+0xb0/0x100 fs/super.c:335
deactivate_super+0xa5/0xd0 fs/super.c:366
cleanup_mnt+0x45f/0x510 fs/namespace.c:1118
__cleanup_mnt+0x19/0x20 fs/namespace.c:1125
task_work_run+0x147/0x1b0 kernel/task_work.c:154
tracehook_notify_resume include/linux/tracehook.h:188 [inline]
exit_to_user_mode_loop kernel/entry/common.c:164 [inline]
exit_to_user_mode_prepare+0xc3/0xe0 kernel/entry/common.c:191
syscall_exit_to_user_mode+0x24/0x40 kernel/entry/common.c:266
do_syscall_64+0x3d/0x70 arch/x86/entry/common.c:56
entry_SYSCALL_64_after_hwframe+0x44/0xa9
RIP: 0033:0x7f53722630f7
Code: 07 00 48 83 c4 08 5b 5d c3 66 2e 0f 1f 84 00 00 00 00 00 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 b8 a6 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007ffde8efc5e8 EFLAGS: 00000206
ORIG_RAX: 00000000000000a6
RAX: 0000000000000000 RBX: 0000000000000000 RCX: 00007f53722630f7
RDX: 00007ffde8efc6a7 RSI: 000000000000000a RDI: 00007ffde8efc6a0
RBP: 00007ffde8efc6a0 R08: 00000000ffffffff R09: 00007ffde8efc480
R10: 000055555619c683 R11: 0000000000000206 R12: 00007ffde8efd710
R13: 000055555619c5f0 R14: 00007ffde8efc610 R15: 0000000000000002
---[ end trace ff508277f1a25dc6 ]---
VFS: Busy inodes after unmount of tmpfs. Self-destruct in 5 seconds. Have a nice day...
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
syzbot can test patches for this issue, for details see:
https://goo.gl/tpsmEJ#testing-patches
syzbot found the following issue on:
HEAD commit: ca562bf79c65 Merge branch 'android12-5.10' into `android12..
git tree: android12-5.10-lts
console output: https://syzkaller.appspot.com/x/log.txt?x=17021574700000
kernel config: https://syzkaller.appspot.com/x/.config?x=807098b76927f238
dashboard link: https://syzkaller.appspot.com/bug?extid=1ef2d95db299942fba18
compiler: Debian clang version 11.0.1-2, GNU ld (GNU Binutils for Debian) 2.35.2
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=1198ef0c700000
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=108adbb4700000
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+1ef2d9...@syzkaller.appspotmail.com
BUG: Dentry ffff88811a146bb0{i=4,n=.incomplete} still in use (1) [unmount of tmpfs tmpfs]
------------[ cut here ]------------
WARNING: CPU: 0 PID: 378 at fs/dcache.c:1616 umount_check+0x18d/0x1d0 fs/dcache.c:1607
Modules linked in:
CPU: 0 PID: 378 Comm: syz-executor682 Not tainted 5.10.99-syzkaller-00837-gca562bf79c65 #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
RIP: 0010:umount_check+0x18d/0x1d0 fs/dcache.c:1607
Code: 8b 0b 49 81 c6 f8 03 00 00 48 c7 c7 40 4e 2e 85 4c 89 e6 48 8b 55 d0 4c 89 e1 45 89 f8 31 c0 41 56 e8 de ab 9e ff 48 83 c4 08 <0f> 0b e9 f1 fe ff ff 89 d9 80 e1 07 80 c1 03 38 c1 0f 8c c9 fe ff
RSP: 0018:ffffc9000097fc88 EFLAGS: 00010286
RAX: 000000000000005a RBX: ffffffff8660f860 RCX: f8a67278db25fa00
RDX: 0000000000000000 RSI: 0000000080000002 RDI: 0000000000000000
RBP: ffffc9000097fcb8 R08: ffffffff815454a8 R09: ffffed103ee0a5d8
R10: ffffed103ee0a5d8 R11: 0000000000000000 R12: ffff88811a146bb0
R13: dffffc0000000000 R14: ffff8881063a03f8 R15: 0000000000000001
FS: 000055555619b300(0000) GS:ffff8881f7000000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007ffde8efbea8 CR3: 00000001077a8000 CR4: 00000000003506b0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
d_walk+0x309/0x540 fs/dcache.c:1326
do_one_tree fs/dcache.c:1623 [inline]
shrink_dcache_for_umount+0x8e/0x1b0 fs/dcache.c:1639
generic_shutdown_super+0x66/0x2c0 fs/super.c:447
kill_anon_super fs/super.c:1108 [inline]
kill_litter_super+0x75/0xa0 fs/super.c:1117
deactivate_locked_super+0xb0/0x100 fs/super.c:335
deactivate_super+0xa5/0xd0 fs/super.c:366
cleanup_mnt+0x45f/0x510 fs/namespace.c:1118
__cleanup_mnt+0x19/0x20 fs/namespace.c:1125
task_work_run+0x147/0x1b0 kernel/task_work.c:154
tracehook_notify_resume include/linux/tracehook.h:188 [inline]
exit_to_user_mode_loop kernel/entry/common.c:164 [inline]
exit_to_user_mode_prepare+0xc3/0xe0 kernel/entry/common.c:191
syscall_exit_to_user_mode+0x24/0x40 kernel/entry/common.c:266
do_syscall_64+0x3d/0x70 arch/x86/entry/common.c:56
entry_SYSCALL_64_after_hwframe+0x44/0xa9
RIP: 0033:0x7f53722630f7
Code: 07 00 48 83 c4 08 5b 5d c3 66 2e 0f 1f 84 00 00 00 00 00 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 b8 a6 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007ffde8efc5e8 EFLAGS: 00000206 ORIG_RAX: 00000000000000a6
RAX: 0000000000000000 RBX: 0000000000000000 RCX: 00007f53722630f7
RDX: 00007ffde8efc6a7 RSI: 000000000000000a RDI: 00007ffde8efc6a0
RBP: 00007ffde8efc6a0 R08: 00000000ffffffff R09: 00007ffde8efc480
R10: 000055555619c683 R11: 0000000000000206 R12: 00007ffde8efd710
R13: 000055555619c5f0 R14: 00007ffde8efc610 R15: 0000000000000001
---[ end trace ff508277f1a25db4 ]---
BUG: Dentry ffff88811a146330{i=3,n=.index} still in use (1) [unmount of tmpfs tmpfs]
------------[ cut here ]------------
WARNING: CPU: 0 PID: 378 at fs/dcache.c:1616 umount_check+0x18d/0x1d0 fs/dcache.c:1607
Modules linked in:
CPU: 0 PID: 378 Comm: syz-executor682 Tainted: G W 5.10.99-syzkaller-00837-gca562bf79c65 #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
RIP: 0010:umount_check+0x18d/0x1d0 fs/dcache.c:1607
Code: 8b 0b 49 81 c6 f8 03 00 00 48 c7 c7 40 4e 2e 85 4c 89 e6 48 8b 55 d0 4c 89 e1 45 89 f8 31 c0 41 56 e8 de ab 9e ff 48 83 c4 08 <0f> 0b e9 f1 fe ff ff 89 d9 80 e1 07 80 c1 03 38 c1 0f 8c c9 fe ff
RSP: 0018:ffffc9000097fc88 EFLAGS: 00010286
RAX: 0000000000000055 RBX: ffffffff8660f860 RCX: f8a67278db25fa00
RDX: 0000000000000000 RSI: 0000000000000002 RDI: 0000000000000000
RBP: ffffc9000097fcb8 R08: ffffffff815454a8 R09: fffff5200012febd
R10: fffff5200012febd R11: 0000000000000000 R12: ffff88811a146330
R13: dffffc0000000000 R14: ffff8881063a03f8 R15: 0000000000000001
FS: 000055555619b300(0000) GS:ffff8881f7000000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007ffde8efbea8 CR3: 00000001077a8000 CR4: 00000000003506b0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
d_walk+0x309/0x540 fs/dcache.c:1326
do_one_tree fs/dcache.c:1623 [inline]
shrink_dcache_for_umount+0x8e/0x1b0 fs/dcache.c:1639
generic_shutdown_super+0x66/0x2c0 fs/super.c:447
kill_anon_super fs/super.c:1108 [inline]
kill_litter_super+0x75/0xa0 fs/super.c:1117
deactivate_locked_super+0xb0/0x100 fs/super.c:335
deactivate_super+0xa5/0xd0 fs/super.c:366
cleanup_mnt+0x45f/0x510 fs/namespace.c:1118
__cleanup_mnt+0x19/0x20 fs/namespace.c:1125
task_work_run+0x147/0x1b0 kernel/task_work.c:154
tracehook_notify_resume include/linux/tracehook.h:188 [inline]
exit_to_user_mode_loop kernel/entry/common.c:164 [inline]
exit_to_user_mode_prepare+0xc3/0xe0 kernel/entry/common.c:191
syscall_exit_to_user_mode+0x24/0x40 kernel/entry/common.c:266
do_syscall_64+0x3d/0x70 arch/x86/entry/common.c:56
entry_SYSCALL_64_after_hwframe+0x44/0xa9
RIP: 0033:0x7f53722630f7
Code: 07 00 48 83 c4 08 5b 5d c3 66 2e 0f 1f 84 00 00 00 00 00 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 b8 a6 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007ffde8efc5e8 EFLAGS: 00000206 ORIG_RAX: 00000000000000a6
RAX: 0000000000000000 RBX: 0000000000000000 RCX: 00007f53722630f7
RDX: 00007ffde8efc6a7 RSI: 000000000000000a RDI: 00007ffde8efc6a0
RBP: 00007ffde8efc6a0 R08: 00000000ffffffff R09: 00007ffde8efc480
R10: 000055555619c683 R11: 0000000000000206 R12: 00007ffde8efd710
R13: 000055555619c5f0 R14: 00007ffde8efc610 R15: 0000000000000001
---[ end trace ff508277f1a25db5 ]---
BUG: Dentry ffff88811a146bb0{i=4,n=.incomplete} still in use (1) [unmount of tmpfs tmpfs]
------------[ cut here ]------------
WARNING: CPU: 0 PID: 378 at fs/dcache.c:1616 umount_check+0x18d/0x1d0 fs/dcache.c:1607
Modules linked in:
CPU: 0 PID: 378 Comm: syz-executor682 Tainted: G W 5.10.99-syzkaller-00837-gca562bf79c65 #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
RIP: 0010:umount_check+0x18d/0x1d0 fs/dcache.c:1607
Code: 8b 0b 49 81 c6 f8 03 00 00 48 c7 c7 40 4e 2e 85 4c 89 e6 48 8b 55 d0 4c 89 e1 45 89 f8 31 c0 41 56 e8 de ab 9e ff 48 83 c4 08 <0f> 0b e9 f1 fe ff ff 89 d9 80 e1 07 80 c1 03 38 c1 0f 8c c9 fe ff
RSP: 0018:ffffc9000097fc88 EFLAGS: 00010286
RAX: 000000000000005a RBX: ffffffff8660f860 RCX: f8a67278db25fa00
RDX: 0000000000000000 RSI: 0000000080000003 RDI: 0000000000000000
RBP: ffffc9000097fcb8 R08: ffffffff815454a8 R09: 0000000000000003
R10: fffff5200012fee5 R11: 0000000000000004 R12: ffff88811a146bb0
R13: dffffc0000000000 R14: ffff8881063a03f8 R15: 0000000000000001
FS: 000055555619b300(0000) GS:ffff8881f7000000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007ffde8efbea8 CR3: 00000001077a8000 CR4: 00000000003506b0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
d_walk+0x309/0x540 fs/dcache.c:1326
do_one_tree fs/dcache.c:1623 [inline]
shrink_dcache_for_umount+0x8e/0x1b0 fs/dcache.c:1639
generic_shutdown_super+0x66/0x2c0 fs/super.c:447
kill_anon_super fs/super.c:1108 [inline]
kill_litter_super+0x75/0xa0 fs/super.c:1117
deactivate_locked_super+0xb0/0x100 fs/super.c:335
deactivate_super+0xa5/0xd0 fs/super.c:366
cleanup_mnt+0x45f/0x510 fs/namespace.c:1118
__cleanup_mnt+0x19/0x20 fs/namespace.c:1125
task_work_run+0x147/0x1b0 kernel/task_work.c:154
tracehook_notify_resume include/linux/tracehook.h:188 [inline]
exit_to_user_mode_loop kernel/entry/common.c:164 [inline]
exit_to_user_mode_prepare+0xc3/0xe0 kernel/entry/common.c:191
syscall_exit_to_user_mode+0x24/0x40 kernel/entry/common.c:266
do_syscall_64+0x3d/0x70 arch/x86/entry/common.c:56
entry_SYSCALL_64_after_hwframe+0x44/0xa9
RIP: 0033:0x7f53722630f7
Code: 07 00 48 83 c4 08 5b 5d c3 66 2e 0f 1f 84 00 00 00 00 00 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 b8 a6 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007ffde8efc5e8 EFLAGS: 00000206
ORIG_RAX: 00000000000000a6
RAX: 0000000000000000 RBX: 0000000000000000 RCX: 00007f53722630f7
RDX: 00007ffde8efc6a7 RSI: 000000000000000a RDI: 00007ffde8efc6a0
RBP: 00007ffde8efc6a0 R08: 00000000ffffffff R09: 00007ffde8efc480
R10: 000055555619c683 R11: 0000000000000206 R12: 00007ffde8efd710
R13: 000055555619c5f0 R14: 00007ffde8efc610 R15: 0000000000000001
---[ end trace ff508277f1a25db7 ]---
BUG: Dentry ffff88811a146330{i=3,n=.index} still in use (1) [unmount of tmpfs tmpfs]
------------[ cut here ]------------
WARNING: CPU: 0 PID: 378 at fs/dcache.c:1616 umount_check+0x18d/0x1d0 fs/dcache.c:1607
Modules linked in:
CPU: 0 PID: 378 Comm: syz-executor682 Tainted: G W 5.10.99-syzkaller-00837-gca562bf79c65 #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
RIP: 0010:umount_check+0x18d/0x1d0 fs/dcache.c:1607
Code: 8b 0b 49 81 c6 f8 03 00 00 48 c7 c7 40 4e 2e 85 4c 89 e6 48 8b 55 d0 4c 89 e1 45 89 f8 31 c0 41 56 e8 de ab 9e ff 48 83 c4 08 <0f> 0b e9 f1 fe ff ff 89 d9 80 e1 07 80 c1 03 38 c1 0f 8c c9 fe ff
RSP: 0018:ffffc9000097fc88 EFLAGS: 00010286
RAX: 0000000000000055 RBX: ffffffff8660f860 RCX: f8a67278db25fa00
RDX: 0000000000000000 RSI: 0000000000000003 RDI: 0000000000000000
RBP: ffffc9000097fcb8 R08: ffffffff815454a8 R09: 0000000000000003
R10: fffff5200012ff35 R11: 0000000000000004 R12: ffff88811a146330
R13: dffffc0000000000 R14: ffff8881063a03f8 R15: 0000000000000001
FS: 000055555619b300(0000) GS:ffff8881f7000000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007ffde8efbea8 CR3: 00000001077a8000 CR4: 00000000003506b0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
d_walk+0x309/0x540 fs/dcache.c:1326
do_one_tree fs/dcache.c:1623 [inline]
shrink_dcache_for_umount+0x8e/0x1b0 fs/dcache.c:1639
generic_shutdown_super+0x66/0x2c0 fs/super.c:447
kill_anon_super fs/super.c:1108 [inline]
kill_litter_super+0x75/0xa0 fs/super.c:1117
deactivate_locked_super+0xb0/0x100 fs/super.c:335
deactivate_super+0xa5/0xd0 fs/super.c:366
cleanup_mnt+0x45f/0x510 fs/namespace.c:1118
__cleanup_mnt+0x19/0x20 fs/namespace.c:1125
task_work_run+0x147/0x1b0 kernel/task_work.c:154
tracehook_notify_resume include/linux/tracehook.h:188 [inline]
exit_to_user_mode_loop kernel/entry/common.c:164 [inline]
exit_to_user_mode_prepare+0xc3/0xe0 kernel/entry/common.c:191
syscall_exit_to_user_mode+0x24/0x40 kernel/entry/common.c:266
do_syscall_64+0x3d/0x70 arch/x86/entry/common.c:56
entry_SYSCALL_64_after_hwframe+0x44/0xa9
RIP: 0033:0x7f53722630f7
Code: 07 00 48 83 c4 08 5b 5d c3 66 2e 0f 1f 84 00 00 00 00 00 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 b8 a6 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007ffde8efc5e8 EFLAGS: 00000206 ORIG_RAX: 00000000000000a6
RAX: 0000000000000000 RBX: 0000000000000000 RCX: 00007f53722630f7
RDX: 00007ffde8efc6a7 RSI: 000000000000000a RDI: 00007ffde8efc6a0
RBP: 00007ffde8efc6a0 R08: 00000000ffffffff R09: 00007ffde8efc480
R10: 000055555619c683 R11: 0000000000000206 R12: 00007ffde8efd710
R13: 000055555619c5f0 R14: 00007ffde8efc610 R15: 0000000000000001
---[ end trace ff508277f1a25db9 ]---
VFS: Busy inodes after unmount of tmpfs. Self-destruct in 5 seconds. Have a nice day...
BUG: Dentry ffff88811a174ee0{i=4,n=.incomplete} still in use (1) [unmount of tmpfs tmpfs]
------------[ cut here ]------------
WARNING: CPU: 0 PID: 378 at fs/dcache.c:1616 umount_check+0x18d/0x1d0 fs/dcache.c:1607
Modules linked in:
CPU: 0 PID: 378 Comm: syz-executor682 Tainted: G W 5.10.99-syzkaller-00837-gca562bf79c65 #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
RIP: 0010:umount_check+0x18d/0x1d0 fs/dcache.c:1607
Code: 8b 0b 49 81 c6 f8 03 00 00 48 c7 c7 40 4e 2e 85 4c 89 e6 48 8b 55 d0 4c 89 e1 45 89 f8 31 c0 41 56 e8 de ab 9e ff 48 83 c4 08 <0f> 0b e9 f1 fe ff ff 89 d9 80 e1 07 80 c1 03 38 c1 0f 8c c9 fe ff
RSP: 0018:ffffc9000097fc88 EFLAGS: 00010286
RAX: 000000000000005a RBX: ffffffff8660f860 RCX: f8a67278db25fa00
RDX: 0000000000000000 RSI: 0000000000000002 RDI: 0000000000000000
RBP: ffffc9000097fcb8 R08: ffffffff815454a8 R09: 0000000000000003
R10: fffff5200012fee5 R11: 0000000000000004 R12: ffff88811a174ee0
R13: dffffc0000000000 R14: ffff8881055be3f8 R15: 0000000000000001
FS: 000055555619b300(0000) GS:ffff8881f7000000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007ffde8efbea8 CR3: 00000001077a8000 CR4: 00000000003506b0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
d_walk+0x309/0x540 fs/dcache.c:1326
do_one_tree fs/dcache.c:1623 [inline]
shrink_dcache_for_umount+0x8e/0x1b0 fs/dcache.c:1639
generic_shutdown_super+0x66/0x2c0 fs/super.c:447
kill_anon_super fs/super.c:1108 [inline]
kill_litter_super+0x75/0xa0 fs/super.c:1117
deactivate_locked_super+0xb0/0x100 fs/super.c:335
deactivate_super+0xa5/0xd0 fs/super.c:366
cleanup_mnt+0x45f/0x510 fs/namespace.c:1118
__cleanup_mnt+0x19/0x20 fs/namespace.c:1125
task_work_run+0x147/0x1b0 kernel/task_work.c:154
tracehook_notify_resume include/linux/tracehook.h:188 [inline]
exit_to_user_mode_loop kernel/entry/common.c:164 [inline]
exit_to_user_mode_prepare+0xc3/0xe0 kernel/entry/common.c:191
syscall_exit_to_user_mode+0x24/0x40 kernel/entry/common.c:266
do_syscall_64+0x3d/0x70 arch/x86/entry/common.c:56
entry_SYSCALL_64_after_hwframe+0x44/0xa9
RIP: 0033:0x7f53722630f7
Code: 07 00 48 83 c4 08 5b 5d c3 66 2e 0f 1f 84 00 00 00 00 00 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 b8 a6 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007ffde8efc5e8 EFLAGS: 00000206
ORIG_RAX: 00000000000000a6
RAX: 0000000000000000 RBX: 0000000000000000 RCX: 00007f53722630f7
RDX: 00007ffde8efc6a7 RSI: 000000000000000a RDI: 00007ffde8efc6a0
RBP: 00007ffde8efc6a0 R08: 00000000ffffffff R09: 00007ffde8efc480
R10: 000055555619c683 R11: 0000000000000206 R12: 00007ffde8efd710
R13: 000055555619c5f0 R14: 00007ffde8efc610 R15: 0000000000000002
---[ end trace ff508277f1a25dc3 ]---
BUG: Dentry ffff88811a174dd0{i=3,n=.index} still in use (1) [unmount of tmpfs tmpfs]
------------[ cut here ]------------
WARNING: CPU: 0 PID: 378 at fs/dcache.c:1616 umount_check+0x18d/0x1d0 fs/dcache.c:1607
Modules linked in:
CPU: 0 PID: 378 Comm: syz-executor682 Tainted: G W 5.10.99-syzkaller-00837-gca562bf79c65 #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
RIP: 0010:umount_check+0x18d/0x1d0 fs/dcache.c:1607
Code: 8b 0b 49 81 c6 f8 03 00 00 48 c7 c7 40 4e 2e 85 4c 89 e6 48 8b 55 d0 4c 89 e1 45 89 f8 31 c0 41 56 e8 de ab 9e ff 48 83 c4 08 <0f> 0b e9 f1 fe ff ff 89 d9 80 e1 07 80 c1 03 38 c1 0f 8c c9 fe ff
RSP: 0018:ffffc9000097fc88 EFLAGS: 00010286
RAX: 0000000000000055 RBX: ffffffff8660f860 RCX: f8a67278db25fa00
RDX: 0000000000000000 RSI: 0000000000000002 RDI: 0000000000000000
RBP: ffffc9000097fcb8 R08: ffffffff815454a8 R09: 0000000000000003
R10: fffff5200012fee5 R11: 0000000000000004 R12: ffff88811a174dd0
R13: dffffc0000000000 R14: ffff8881055be3f8 R15: 0000000000000001
FS: 000055555619b300(0000) GS:ffff8881f7000000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007ffde8efbea8 CR3: 00000001077a8000 CR4: 00000000003506b0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
d_walk+0x309/0x540 fs/dcache.c:1326
do_one_tree fs/dcache.c:1623 [inline]
shrink_dcache_for_umount+0x8e/0x1b0 fs/dcache.c:1639
generic_shutdown_super+0x66/0x2c0 fs/super.c:447
kill_anon_super fs/super.c:1108 [inline]
kill_litter_super+0x75/0xa0 fs/super.c:1117
deactivate_locked_super+0xb0/0x100 fs/super.c:335
deactivate_super+0xa5/0xd0 fs/super.c:366
cleanup_mnt+0x45f/0x510 fs/namespace.c:1118
__cleanup_mnt+0x19/0x20 fs/namespace.c:1125
task_work_run+0x147/0x1b0 kernel/task_work.c:154
tracehook_notify_resume include/linux/tracehook.h:188 [inline]
exit_to_user_mode_loop kernel/entry/common.c:164 [inline]
exit_to_user_mode_prepare+0xc3/0xe0 kernel/entry/common.c:191
syscall_exit_to_user_mode+0x24/0x40 kernel/entry/common.c:266
do_syscall_64+0x3d/0x70 arch/x86/entry/common.c:56
entry_SYSCALL_64_after_hwframe+0x44/0xa9
RIP: 0033:0x7f53722630f7
Code: 07 00 48 83 c4 08 5b 5d c3 66 2e 0f 1f 84 00 00 00 00 00 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 b8 a6 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007ffde8efc5e8 EFLAGS: 00000206
ORIG_RAX: 00000000000000a6
RAX: 0000000000000000 RBX: 0000000000000000 RCX: 00007f53722630f7
RDX: 00007ffde8efc6a7 RSI: 000000000000000a RDI: 00007ffde8efc6a0
RBP: 00007ffde8efc6a0 R08: 00000000ffffffff R09: 00007ffde8efc480
R10: 000055555619c683 R11: 0000000000000206 R12: 00007ffde8efd710
R13: 000055555619c5f0 R14: 00007ffde8efc610 R15: 0000000000000002
---[ end trace ff508277f1a25dc6 ]---
VFS: Busy inodes after unmount of tmpfs. Self-destruct in 5 seconds. Have a nice day...
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
syzbot can test patches for this issue, for details see:
https://goo.gl/tpsmEJ#testing-patches
syzbot
Feb 10, 2022, 8:21:09 PM2/10/22
to syzkaller-a...@googlegroups.com
syzbot has bisected this issue to:
commit fd4c6594f5ce87eb3f6d53bd73eb14689305fdf1
Author: Tadeusz Struk <tadeus...@linaro.org>
Date: Wed Jan 12 21:52:50 2022 +0000
ANDROID: incremental-fs: fix mount_fs issue
bisection log: https://syzkaller.appspot.com/x/bisect.txt?x=110b9378700000
start commit: ca562bf79c65 Merge branch 'android12-5.10' into `android12..
git tree: android12-5.10-lts
final oops: https://syzkaller.appspot.com/x/report.txt?x=130b9378700000
console output: https://syzkaller.appspot.com/x/log.txt?x=150b9378700000
Fixes: fd4c6594f5ce ("ANDROID: incremental-fs: fix mount_fs issue")
For information about bisection process see: https://goo.gl/tpsmEJ#bisection
commit fd4c6594f5ce87eb3f6d53bd73eb14689305fdf1
Author: Tadeusz Struk <tadeus...@linaro.org>
Date: Wed Jan 12 21:52:50 2022 +0000
ANDROID: incremental-fs: fix mount_fs issue
bisection log: https://syzkaller.appspot.com/x/bisect.txt?x=110b9378700000
start commit: ca562bf79c65 Merge branch 'android12-5.10' into `android12..
git tree: android12-5.10-lts
final oops: https://syzkaller.appspot.com/x/report.txt?x=130b9378700000
console output: https://syzkaller.appspot.com/x/log.txt?x=150b9378700000
kernel config: https://syzkaller.appspot.com/x/.config?x=807098b76927f238
dashboard link: https://syzkaller.appspot.com/bug?extid=1ef2d95db299942fba18
dashboard link: https://syzkaller.appspot.com/bug?extid=1ef2d95db299942fba18
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=1198ef0c700000
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=108adbb4700000
Reported-by: syzbot+1ef2d9...@syzkaller.appspotmail.com
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=108adbb4700000
Fixes: fd4c6594f5ce ("ANDROID: incremental-fs: fix mount_fs issue")
For information about bisection process see: https://goo.gl/tpsmEJ#bisection
syzbot
Feb 16, 2022, 12:50:08 PM2/16/22
to syzkaller-a...@googlegroups.com, tadeus...@linaro.org
Hello,
syzbot has tested the proposed patch and the reproducer did not trigger any issue:
Reported-and-tested-by: syzbot+1ef2d9...@syzkaller.appspotmail.com
Tested on:
commit: c3daae52 UPSTREAM: rcu/exp: Mark current CPU as exp-QS..
git tree: https://android.googlesource.com/kernel/common android12-5.10
kernel config: https://syzkaller.appspot.com/x/.config?x=c346f7c7af5fc789
Note: testing is done by a robot and is best-effort only.
syzbot has tested the proposed patch and the reproducer did not trigger any issue:
Reported-and-tested-by: syzbot+1ef2d9...@syzkaller.appspotmail.com
Tested on:
commit: c3daae52 UPSTREAM: rcu/exp: Mark current CPU as exp-QS..
git tree: https://android.googlesource.com/kernel/common android12-5.10
kernel config: https://syzkaller.appspot.com/x/.config?x=c346f7c7af5fc789
dashboard link: https://syzkaller.appspot.com/bug?extid=1ef2d95db299942fba18
compiler: Debian clang version 11.0.1-2, GNU ld (GNU Binutils for Debian) 2.35.2
Note: no patches were applied.
compiler: Debian clang version 11.0.1-2, GNU ld (GNU Binutils for Debian) 2.35.2
Note: testing is done by a robot and is best-effort only.
syzbot
Feb 24, 2022, 3:36:00 PM2/24/22
to Tadeusz Struk, syzkaller-a...@googlegroups.com, tadeus...@linaro.org
> #syz fix
bad commit title: "--"
>
> --
> Thanks,
> Tadeusz
bad commit title: "--"
>
> --
> Thanks,
> Tadeusz
Tadeusz Struk
Feb 24, 2022, 3:36:00 PM2/24/22
to syzbot+1ef2d9...@syzkaller.appspotmail.com, syzkaller
#syz fix
--
Thanks,
Tadeusz
--
Thanks,
Tadeusz
syzbot
Feb 24, 2022, 3:36:02 PM2/24/22
to Tadeusz Struk, syzkaller-a...@googlegroups.com, tadeus...@linaro.org
> You received this message because you are subscribed to the Google Groups "syzkaller-android-bugs" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to syzkaller-android...@googlegroups.com.
> To view this discussion on the web visit https://groups.google.com/d/msgid/syzkaller-android-bugs/9df6adc2-1b77-2363-4244-9708d40c3086%40linaro.org.
Tadeusz Struk
Feb 24, 2022, 3:38:35 PM2/24/22
to syzbot+1ef2d9...@syzkaller.appspotmail.com, syzkaller
#syz fix: "ANDROID: incremental-fs: remove index and incomplete dir on umount"
Reply all
Reply to author
Forward
0 new messages