From: syzbot <syzbot+2c95195d5d433f6ed6cb@syzkaller.appspotmail.com>
To: linux-fsdevel@vger.kernel.org, linux-kernel@vger.kernel.org,
syzkaller-bugs@googlegroups.com, viro@zeniv.linux.org.uk
Subject: BUG: Dentry still in use [unmount of nfsd nfsd]
Date: Sun, 11 Aug 2019 19:07:06 -0700 [thread overview]
Message-ID: <0000000000001097b6058fe1fb22@google.com> (raw)
Hello,
syzbot found the following crash on:
HEAD commit: f4eb1423 Merge branch 'for-linus' of git://git.kernel.org/..
git tree: upstream
console output: https://syzkaller.appspot.com/x/log.txt?x=11ab1c74600000
kernel config: https://syzkaller.appspot.com/x/.config?x=a4c9e9f08e9e8960
dashboard link: https://syzkaller.appspot.com/bug?extid=2c95195d5d433f6ed6cb
compiler: gcc (GCC) 9.0.0 20181231 (experimental)
Unfortunately, I don't have any reproducer for this crash yet.
IMPORTANT: if you fix the bug, please add the following tag to the commit:
Reported-by: syzbot+2c95195d5d433f6ed6cb@syzkaller.appspotmail.com
RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 00007fa0af7a86d4
R13: 00000000004c018f R14: 00000000004d2228 R15: 0000000000000004
BUG: Dentry 00000000117d3c54{i=0,n=clients} still in use (1) [unmount of
nfsd nfsd]
------------[ cut here ]------------
WARNING: CPU: 1 PID: 18817 at fs/dcache.c:1595 umount_check
fs/dcache.c:1595 [inline]
WARNING: CPU: 1 PID: 18817 at fs/dcache.c:1595 umount_check.cold+0xf5/0x116
fs/dcache.c:1576
Kernel panic - not syncing: panic_on_warn set ...
CPU: 1 PID: 18817 Comm: syz-executor.3 Not tainted 5.3.0-rc3+ #100
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS
Google 01/01/2011
Call Trace:
__dump_stack lib/dump_stack.c:77 [inline]
dump_stack+0x172/0x1f0 lib/dump_stack.c:113
panic+0x2dc/0x755 kernel/panic.c:219
__warn.cold+0x20/0x4c kernel/panic.c:576
report_bug+0x263/0x2b0 lib/bug.c:186
fixup_bug arch/x86/kernel/traps.c:179 [inline]
fixup_bug arch/x86/kernel/traps.c:174 [inline]
do_error_trap+0x11b/0x200 arch/x86/kernel/traps.c:272
do_invalid_op+0x37/0x50 arch/x86/kernel/traps.c:291
invalid_op+0x23/0x30 arch/x86/entry/entry_64.S:1028
RIP: 0010:umount_check fs/dcache.c:1595 [inline]
RIP: 0010:umount_check.cold+0xf5/0x116 fs/dcache.c:1576
Code: 00 00 45 89 e8 4c 89 e1 53 4d 8b 0f 4c 89 f2 4c 89 e6 48 c7 c7 80 97
96 87 e8 61 a6 9f ff 48 c7 c7 00 98 96 87 e8 55 a6 9f ff <0f> 0b 58 e9 b1
15 ff ff e8 24 1f f0 ff e9 1d ff ff ff 45 31 f6 e9
RSP: 0018:ffff888060187b88 EFLAGS: 00010282
RAX: 0000000000000024 RBX: ffff8880624f8bb8 RCX: 0000000000000000
RDX: 0000000000000000 RSI: ffffffff815c3ba6 RDI: ffffed100c030f63
RBP: ffff888060187bb8 R08: 0000000000000024 R09: fffffbfff11b42c5
R10: fffffbfff11b42c4 R11: ffffffff88da1623 R12: ffff88803f50fa20
R13: 0000000000000001 R14: 0000000000000000 R15: ffffffff88f75220
d_walk+0x283/0x950 fs/dcache.c:1305
do_one_tree+0x28/0x40 fs/dcache.c:1602
shrink_dcache_for_umount+0x72/0x170 fs/dcache.c:1618
generic_shutdown_super+0x6d/0x370 fs/super.c:443
kill_anon_super+0x3e/0x60 fs/super.c:1102
kill_litter_super+0x50/0x60 fs/super.c:1111
nfsd_umount+0x3f/0x90 fs/nfsd/nfsctl.c:1416
deactivate_locked_super+0x95/0x100 fs/super.c:331
vfs_get_super+0x210/0x270 fs/super.c:1185
nfsd_fs_get_tree+0x7a/0x90 fs/nfsd/nfsctl.c:1390
vfs_get_tree+0x8e/0x390 fs/super.c:1413
vfs_fsconfig_locked+0x236/0x3d0 fs/fsopen.c:232
__do_sys_fsconfig fs/fsopen.c:445 [inline]
__se_sys_fsconfig fs/fsopen.c:314 [inline]
__x64_sys_fsconfig+0x8e0/0xa40 fs/fsopen.c:314
do_syscall_64+0xfd/0x6a0 arch/x86/entry/common.c:296
entry_SYSCALL_64_after_hwframe+0x49/0xbe
RIP: 0033:0x459829
Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7
48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff
ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00
RSP: 002b:00007fa0af7a7c78 EFLAGS: 00000246 ORIG_RAX: 00000000000001af
RAX: ffffffffffffffda RBX: 00007fa0af7a7c90 RCX: 0000000000459829
RDX: 0000000000000000 RSI: 0000000000000006 RDI: 0000000000000003
RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 00007fa0af7a86d4
R13: 00000000004c018f R14: 00000000004d2228 R15: 0000000000000004
Kernel Offset: disabled
Rebooting in 86400 seconds..
---
This bug is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzkaller@googlegroups.com.
syzbot will keep track of this bug report. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
next reply other threads:[~2019-08-12 2:07 UTC|newest]
Thread overview: 6+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-08-12 2:07 syzbot [this message]
2019-08-12 2:16 ` [PATCH] nfsd: fix dentry leak upon mkdir failure Tetsuo Handa
2019-08-12 3:03 ` Al Viro
2019-08-15 20:23 ` J. Bruce Fields
2019-08-15 19:59 ` J. Bruce Fields
2019-08-15 20:53 ` Tetsuo Handa
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=0000000000001097b6058fe1fb22@google.com \
--to=syzbot+2c95195d5d433f6ed6cb@syzkaller.appspotmail.com \
--cc=linux-fsdevel@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=syzkaller-bugs@googlegroups.com \
--cc=viro@zeniv.linux.org.uk \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.