From: syzbot <syzbot+0af00f6a2cba2058b5db@syzkaller.appspotmail.com>
To: clm@fb.com, dsterba@suse.com, josef@toxicpanda.com,
linux-btrfs@vger.kernel.org, linux-kernel@vger.kernel.org,
sunjunchao2870@gmail.com, syzkaller-bugs@googlegroups.com
Subject: Re: [syzbot] [ocfs2?] VFS: Busy inodes after unmount (use-after-free)
Date: Sun, 03 Nov 2024 22:57:03 -0800 [thread overview]
Message-ID: <6728703f.050a0220.35b515.01b1.GAE@google.com> (raw)
In-Reply-To: <3c01986b19c041931fe7bb542b1b00069b2e458a.camel@gmail.com>
Hello,
syzbot has tested the proposed patch but the reproducer is still triggering an issue:
VFS: Busy inodes after unmount (use-after-free)
ocfs2: Unmounting device (7,0) on (node local)
VFS: Busy inodes after unmount of loop0 (ocfs2)
------------[ cut here ]------------
kernel BUG at fs/super.c:652!
Oops: invalid opcode: 0000 [#1] PREEMPT SMP KASAN PTI
CPU: 0 UID: 0 PID: 6441 Comm: syz-executor Not tainted 6.12.0-rc6-syzkaller-g59b723cd2adb #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
RIP: 0010:generic_shutdown_super+0x2ca/0x2d0 fs/super.c:650
Code: 1b 48 89 d8 48 c1 e8 03 42 80 3c 28 00 74 08 48 89 df e8 f9 23 ed ff 48 8b 13 48 c7 c7 80 be 18 8c 4c 89 e6 e8 87 3f ad 09 90 <0f> 0b 0f 1f 40 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
RSP: 0018:ffffc9000354fd20 EFLAGS: 00010246
RAX: 000000000000002f RBX: ffffffff8ee531e0 RCX: e6b6b127fe74ba00
RDX: 0000000000000000 RSI: 0000000080000000 RDI: 0000000000000000
RBP: 1ffff1100f467cf0 R08: ffffffff8174a12c R09: fffffbfff1cf9fd0
R10: dffffc0000000000 R11: fffffbfff1cf9fd0 R12: ffff88807a33e668
R13: dffffc0000000000 R14: ffffffff8c49f718 R15: ffff88807a33e780
FS: 0000555593ff6500(0000) GS:ffff8880b8600000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 000000c00221c000 CR3: 0000000060ea2000 CR4: 00000000003526f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
<TASK>
kill_block_super+0x44/0x90 fs/super.c:1710
deactivate_locked_super+0xc4/0x130 fs/super.c:473
cleanup_mnt+0x41f/0x4b0 fs/namespace.c:1373
task_work_run+0x24f/0x310 kernel/task_work.c:239
resume_user_mode_work include/linux/resume_user_mode.h:50 [inline]
exit_to_user_mode_loop kernel/entry/common.c:114 [inline]
exit_to_user_mode_prepare include/linux/entry-common.h:328 [inline]
__syscall_exit_to_user_mode_work kernel/entry/common.c:207 [inline]
syscall_exit_to_user_mode+0x168/0x370 kernel/entry/common.c:218
do_syscall_64+0x100/0x230 arch/x86/entry/common.c:89
entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f8ed837fa47
Code: a8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 a8 ff ff ff f7 d8 64 89 02 b8
RSP: 002b:00007ffcdc5c5528 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6
RAX: 0000000000000000 RBX: 0000000000000000 RCX: 00007f8ed837fa47
RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffcdc5c55e0
RBP: 00007ffcdc5c55e0 R08: 0000000000000000 R09: 0000000000000000
R10: 00000000ffffffff R11: 0000000000000246 R12: 00007ffcdc5c6660
R13: 00007f8ed83f11cc R14: 000000000001b0d9 R15: 00007ffcdc5c66a0
</TASK>
Modules linked in:
---[ end trace 0000000000000000 ]---
RIP: 0010:generic_shutdown_super+0x2ca/0x2d0 fs/super.c:650
Code: 1b 48 89 d8 48 c1 e8 03 42 80 3c 28 00 74 08 48 89 df e8 f9 23 ed ff 48 8b 13 48 c7 c7 80 be 18 8c 4c 89 e6 e8 87 3f ad 09 90 <0f> 0b 0f 1f 40 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
RSP: 0018:ffffc9000354fd20 EFLAGS: 00010246
RAX: 000000000000002f RBX: ffffffff8ee531e0 RCX: e6b6b127fe74ba00
RDX: 0000000000000000 RSI: 0000000080000000 RDI: 0000000000000000
RBP: 1ffff1100f467cf0 R08: ffffffff8174a12c R09: fffffbfff1cf9fd0
R10: dffffc0000000000 R11: fffffbfff1cf9fd0 R12: ffff88807a33e668
R13: dffffc0000000000 R14: ffffffff8c49f718 R15: ffff88807a33e780
FS: 0000555593ff6500(0000) GS:ffff8880b8600000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000563a27431950 CR3: 0000000060ea2000 CR4: 00000000003526f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Tested on:
commit: 59b723cd Linux 6.12-rc6
git tree: upstream
console output: https://syzkaller.appspot.com/x/log.txt?x=10202d5f980000
kernel config: https://syzkaller.appspot.com/x/.config?x=dc23b43a0f2f7cf7
dashboard link: https://syzkaller.appspot.com/bug?extid=0af00f6a2cba2058b5db
compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40
Note: no patches were applied.
next prev parent reply other threads:[~2024-11-04 6:57 UTC|newest]
Thread overview: 4+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-01-25 10:43 [syzbot] [btrfs?] VFS: Busy inodes after unmount (use-after-free) syzbot
2024-11-04 6:21 ` Julian Sun
2024-11-04 6:57 ` syzbot [this message]
-- strict thread matches above, loose matches on Subject: below --
2024-11-23 11:03 Tetsuo Handa
2024-11-23 12:12 ` [syzbot] [ocfs2?] " syzbot
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=6728703f.050a0220.35b515.01b1.GAE@google.com \
--to=syzbot+0af00f6a2cba2058b5db@syzkaller.appspotmail.com \
--cc=clm@fb.com \
--cc=dsterba@suse.com \
--cc=josef@toxicpanda.com \
--cc=linux-btrfs@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=sunjunchao2870@gmail.com \
--cc=syzkaller-bugs@googlegroups.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.