Re: [syzbot] [overlayfs?] WARNING in fast_dput

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Al Viro <viro@zeniv.linux.org.uk>
To: Amir Goldstein <amir73il@gmail.com>
Cc: syzbot <syzbot+b74150fd2ef40e716ca2@syzkaller.appspotmail.com>,
	NeilBrown <neil@brown.name>,
	brauner@kernel.org, jack@suse.cz, linux-fsdevel@vger.kernel.org,
	linux-kernel@vger.kernel.org, linux-unionfs@vger.kernel.org,
	miklos@szeredi.hu, syzkaller-bugs@googlegroups.com
Subject: Re: [syzbot] [overlayfs?] WARNING in fast_dput
Date: Mon, 1 Dec 2025 09:06:52 +0000	[thread overview]
Message-ID: <20251201090652.GE3538@ZenIV> (raw)
In-Reply-To: <CAOQ4uxhPEt76ij9zBtdKf0qYwSjeXquGGkLHeArO5t1LhdTHOg@mail.gmail.com>

On Mon, Dec 01, 2025 at 09:58:00AM +0100, Amir Goldstein wrote:
> On Sat, Nov 29, 2025 at 2:05 PM syzbot
> <syzbot+b74150fd2ef40e716ca2@syzkaller.appspotmail.com> wrote:
> >
> > Hello,
> >
> > syzbot found the following issue on:
> >
> > HEAD commit:    7d31f578f323 Add linux-next specific files for 20251128
> > git tree:       linux-next
> > console output: https://syzkaller.appspot.com/x/log.txt?x=14db5f42580000
> > kernel config:  https://syzkaller.appspot.com/x/.config?x=6336d8e94a7c517d
> > dashboard link: https://syzkaller.appspot.com/bug?extid=b74150fd2ef40e716ca2
> > compiler:       Debian clang version 20.1.8 (++20250708063551+0c9f909b7976-1~exp1~20250708183702.136), Debian LLD 20.1.8
> > syz repro:      https://syzkaller.appspot.com/x/repro.syz?x=1780a112580000
> > C reproducer:   https://syzkaller.appspot.com/x/repro.c?x=10f6be92580000
> >
> > Downloadable assets:
> > disk image: https://storage.googleapis.com/syzbot-assets/6b49d8ad90de/disk-7d31f578.raw.xz
> > vmlinux: https://storage.googleapis.com/syzbot-assets/dbe2d4988ca7/vmlinux-7d31f578.xz
> > kernel image: https://storage.googleapis.com/syzbot-assets/fc0448ab2411/bzImage-7d31f578.xz
> >
> > IMPORTANT: if you fix the issue, please add the following tag to the commit:
> > Reported-by: syzbot+b74150fd2ef40e716ca2@syzkaller.appspotmail.com
> >
> > ------------[ cut here ]------------
> > WARNING: fs/dcache.c:829 at fast_dput+0x334/0x430 fs/dcache.c:829, CPU#1: syz.0.17/6053
> > Modules linked in:
> > CPU: 1 UID: 0 PID: 6053 Comm: syz.0.17 Not tainted syzkaller #0 PREEMPT(full)
> > Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
> > RIP: 0010:fast_dput+0x334/0x430 fs/dcache.c:829
> > Code: e3 81 ff 48 b8 00 00 00 00 00 fc ff df 41 0f b6 44 05 00 84 c0 0f 85 e2 00 00 00 41 80 0e 40 e9 fd fe ff ff e8 4d e3 81 ff 90 <0f> 0b 90 e9 ef fe ff ff 44 89 e6 81 e6 00 00 04 00 31 ff e8 74 e7
> > RSP: 0018:ffffc90003407cd8 EFLAGS: 00010293
> > RAX: ffffffff823fcfe3 RBX: ffff88806c44ac78 RCX: ffff88802e41bd00
> > RDX: 0000000000000000 RSI: 00000000ffffff80 RDI: 0000000000000001
> > RBP: 00000000ffffff80 R08: 0000000000000003 R09: 0000000000000004
> > R10: dffffc0000000000 R11: fffff52000680f8c R12: dffffc0000000000
> > R13: 1ffff1100d889597 R14: ffff88806c44abc0 R15: ffff88806c44acb8
> > FS:  00005555820e4500(0000) GS:ffff888125f4f000(0000) knlGS:0000000000000000
> > CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
> > CR2: 0000001b31b63fff CR3: 0000000072c78000 CR4: 00000000003526f0
> > Call Trace:
> >  <TASK>
> >  dput+0xe8/0x1a0 fs/dcache.c:924
> >  __fput+0x68e/0xa70 fs/file_table.c:476
> >  task_work_run+0x1d4/0x260 kernel/task_work.c:233
> >  resume_user_mode_work include/linux/resume_user_mode.h:50 [inline]
> >  __exit_to_user_mode_loop kernel/entry/common.c:44 [inline]
> >  exit_to_user_mode_loop+0xff/0x4f0 kernel/entry/common.c:75
> >  __exit_to_user_mode_prepare include/linux/irq-entry-common.h:226 [inline]
> >  syscall_exit_to_user_mode_prepare include/linux/irq-entry-common.h:256 [inline]
> >  syscall_exit_to_user_mode_work include/linux/entry-common.h:159 [inline]
> >  syscall_exit_to_user_mode include/linux/entry-common.h:194 [inline]
> >  do_syscall_64+0x2e3/0xf80 arch/x86/entry/syscall_64.c:100
> >  entry_SYSCALL_64_after_hwframe+0x77/0x7f
> > RIP: 0033:0x7f4966f8f749
> > Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
> > RSP: 002b:00007ffc01c51258 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4
> > RAX: 0000000000000000 RBX: 000000000001a7a1 RCX: 00007f4966f8f749
> > RDX: 0000000000000000 RSI: 000000000000001e RDI: 0000000000000003
> > RBP: 0000000000000000 R08: 0000000000000001 R09: 0000000201c5154f
> > R10: 0000001b30f20000 R11: 0000000000000246 R12: 00007f49671e5fac
> > R13: 00007f49671e5fa0 R14: ffffffffffffffff R15: 0000000000000004
> >  </TASK>
> >
> 
> Any idea why this was tagged as overlayfs?
> I do not see overlayfs anywhere in the repro, logs, or stack trace.
> 
> Neil thinks this might be already fixed upstream, but
> given the recency of this report, I doubt it.

Sigh...  It's not in mainline at all.  It's in vfs/vfs.git #vfs.all,
and yes, it had been fixed there as of
commit d6ea5537c1a66a54d34f50d51ad201b1a2319ccf
Merge: 80019251fa80 65c2c221846e
Author: Christian Brauner <brauner@kernel.org>
Date:   Fri Nov 28 17:32:43 2025 +0100
 
     Merge tag 'vfs-6.19-rc1.fd_prepare' of gitolite.kernel.org:pub/scm/linux/kernel/git/vfs/vfs into vfs.all

Wait for Monday, hopefully -next will pick it...

next prev parent reply	other threads:[~2025-12-01  9:06 UTC|newest]

Thread overview: 17+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2025-11-29 13:05 [syzbot] [overlayfs?] WARNING in fast_dput syzbot
2025-11-29 21:58 ` Hillf Danton
2025-11-29 22:18   ` syzbot
2025-11-30  7:11 ` Forwarded: [PATCH] ipc/mqueue: fix dentry refcount imbalance in prepare_open() syzbot
2025-11-30  7:30   ` Al Viro
2025-11-30  8:46     ` Al Viro
2025-11-30  9:10       ` Al Viro
2025-11-30 10:52 ` [syzbot] [overlayfs?] WARNING in fast_dput Hillf Danton
2025-11-30 11:41   ` syzbot
2025-12-01  8:58 ` Amir Goldstein
2025-12-01  9:06   ` Al Viro [this message]
2025-12-01  9:07   ` Aleksandr Nogikh
2025-12-01 11:05     ` Amir Goldstein
2025-12-01 11:07       ` Aleksandr Nogikh
2025-12-01 12:11         ` Amir Goldstein
2025-12-01 10:18   ` syzbot
     [not found] <20251130071116.724635-1-kartikey406@gmail.com>
2025-11-30  8:54 ` syzbot

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20251201090652.GE3538@ZenIV \
    --to=viro@zeniv.linux.org.uk \
    --cc=amir73il@gmail.com \
    --cc=brauner@kernel.org \
    --cc=jack@suse.cz \
    --cc=linux-fsdevel@vger.kernel.org \
    --cc=linux-kernel@vger.kernel.org \
    --cc=linux-unionfs@vger.kernel.org \
    --cc=miklos@szeredi.hu \
    --cc=neil@brown.name \
    --cc=syzbot+b74150fd2ef40e716ca2@syzkaller.appspotmail.com \
    --cc=syzkaller-bugs@googlegroups.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.