syzbot

 sign-in | mailing list | source | docs
🐞 Open [1454]
Subsystems
🐞 Fixed [6830]
🐞 Invalid [17706]
Missing Backports [227]
Crashes
Kernel Health Bugs/Month Bug Lifetimes Fuzzing
Total Repo Heatmap Subsystems Heatmap
💬 Send us feedback

VFS: Busy inodes after unmount (use-after-free) (4)

Status: upstream: reported C repro on 2025/12/25 14:06
Subsystems: jfs
[Documentation on labels]
Reported-by: syzbot+d569e274f46ca86f78fa@syzkaller.appspotmail.com
First crash: 35d, last: 8d22h
Cause bisection: failed (error log, bisect log)
  
Discussions (2)
Title Replies (including bot) Last reply
[PATCH] jfs: Check for discrepancies between iag and inomap iagctl 1 (1) 2026/01/02 18:48
[syzbot] [jfs?] VFS: Busy inodes after unmount (use-after-free) (4) 0 (3) 2025/12/29 20:43
Similar bugs (9)
Kernel Title Rank 🛈 Repro Cause bisect Fix bisect Count Last Reported Patched Status
android-54 VFS: Busy inodes after unmount (use-after-free) 2 C 4 989d 1045d 0/2 auto-obsoleted due to no activity on 2023/08/20 15:35
upstream VFS: Busy inodes after unmount (use-after-free) (2) btrfs 2 C error 277 128d 239d 29/29 fixed on 2025/09/04 16:57
linux-6.1 VFS: Busy inodes after unmount (use-after-free) origin:lts-only 2 C inconclusive 1823 12h04m 1024d 0/3 upstream: reported C repro on 2023/03/18 09:53
android-5-15 VFS: Busy inodes after unmount (use-after-free) origin:downstream 2 C error done 2 943d 1045d 0/2 auto-obsoleted due to no activity on 2023/09/15 20:27
android-5-10 VFS: Busy inodes after unmount (use-after-free) 2 C done inconclusive 1 1045d 1045d 0/2 auto-obsoleted due to no activity on 2023/06/25 23:02
linux-6.6 VFS: Busy inodes after unmount (use-after-free) origin:upstream missing-backport 2 C inconclusive 50 10d 160d 0/2 upstream: reported C repro on 2025/07/29 23:52
upstream VFS: Busy inodes after unmount (use-after-free) (3) isofs 2 C error 85 67d 97d 29/29 fixed on 2025/11/18 08:45
upstream VFS: Busy inodes after unmount (use-after-free) bcachefs 2 C error 55684 245d 1076d 28/29 fixed on 2025/05/06 15:33
linux-5.15 VFS: Busy inodes after unmount (use-after-free) missing-backport origin:lts-only 2 C unreliable 2392 3h55m 1023d 0/3 upstream: reported C repro on 2023/03/19 11:46
Last patch testing requests (2)
Created Duration User Patch Repo Result
2025/12/29 20:43 24m zlatistiv@gmail.com patch upstream OK log
2025/12/27 16:54 21m zlatistiv@gmail.com patch upstream OK log

Sample crash report:
tblock:ffffc900031d9420: ffffffff ffffffff 98be3920 ffffffff
tblock:ffffc900031d9430: 00000000 00000000 00000000 00000000
tblock:ffffc900031d9440: 8aeb3a20 ffffffff 00000200 00000000
tblock:ffffc900031d9450: 00000000 00000000 00000000 00000000
tblock:ffffc900031d9460: 00000000 00000000 98da0d80 ffffffff
tblock:ffffc900031d9470: 00000000 00000000 00000000 00000000
tblock:ffffc900031d9480: 8b252b20 ffffffff 00000300 00000000
tblock:ffffc900031d9490: 031d9490 ffffc900 031d9490 ffffc900
tblock:ffffc900031d94a0: 5a2a2b40 ffff8880 00000000 00000000
VFS: Busy inodes after unmount of loop3 (jfs)
------------[ cut here ]------------
kernel BUG at fs/super.c:653!
Oops: invalid opcode: 0000 [#1] SMP KASAN PTI
CPU: 1 UID: 0 PID: 5940 Comm: syz-executor Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
RIP: 0010:generic_shutdown_super+0x2bc/0x2c0 fs/super.c:651
Code: 03 42 80 3c 28 00 74 08 4c 89 f7 e8 ee e4 f2 ff 49 8b 16 48 81 c3 c8 07 00 00 48 c7 c7 20 2e f9 8a 48 89 de e8 95 55 f8 fe 90 <0f> 0b 66 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 0f 1f
RSP: 0018:ffffc9000522fd00 EFLAGS: 00010246
RAX: 000000000000002d RBX: ffff8880237107c8 RCX: c4ed90b584a6ed00
RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
RBP: 1ffff110046e211a R08: 0000000000000000 R09: 0000000000000000
R10: dffffc0000000000 R11: fffff52000a45f51 R12: 0000000000000000
R13: dffffc0000000000 R14: ffffffff8d9ef560 R15: ffff8880237108d0
FS:  0000555563a75500(0000) GS:ffff888126def000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007f9506f8b000 CR3: 000000003a252000 CR4: 00000000003526f0
Call Trace:
 <TASK>
 kill_block_super+0x44/0x90 fs/super.c:1722
 deactivate_locked_super+0xbc/0x130 fs/super.c:474
 cleanup_mnt+0x425/0x4c0 fs/namespace.c:1318
 task_work_run+0x1d4/0x260 kernel/task_work.c:233
 resume_user_mode_work include/linux/resume_user_mode.h:50 [inline]
 __exit_to_user_mode_loop kernel/entry/common.c:44 [inline]
 exit_to_user_mode_loop+0xef/0x4e0 kernel/entry/common.c:75
 __exit_to_user_mode_prepare include/linux/irq-entry-common.h:226 [inline]
 syscall_exit_to_user_mode_prepare include/linux/irq-entry-common.h:256 [inline]
 syscall_exit_to_user_mode_work include/linux/entry-common.h:159 [inline]
 syscall_exit_to_user_mode include/linux/entry-common.h:194 [inline]
 do_syscall_64+0x2b7/0xf80 arch/x86/entry/syscall_64.c:100
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7fda2a450a77
Code: a8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 a8 ff ff ff f7 d8 64 89 02 b8
RSP: 002b:00007ffd9e375fd8 EFLAGS: 00000206 ORIG_RAX: 00000000000000a6
RAX: 0000000000000000 RBX: 0000000000000064 RCX: 00007fda2a450a77
RDX: 0000000000000200 RSI: 0000000000000009 RDI: 00007ffd9e377180
RBP: 00007fda2a4d3d7d R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000100 R11: 0000000000000206 R12: 00007ffd9e377180
R13: 00007fda2a4d3d7d R14: 0000555563a754a8 R15: 00007ffd9e378250
 </TASK>
Modules linked in:
---[ end trace 0000000000000000 ]---
RIP: 0010:generic_shutdown_super+0x2bc/0x2c0 fs/super.c:651
Code: 03 42 80 3c 28 00 74 08 4c 89 f7 e8 ee e4 f2 ff 49 8b 16 48 81 c3 c8 07 00 00 48 c7 c7 20 2e f9 8a 48 89 de e8 95 55 f8 fe 90 <0f> 0b 66 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 0f 1f
RSP: 0018:ffffc9000522fd00 EFLAGS: 00010246
RAX: 000000000000002d RBX: ffff8880237107c8 RCX: c4ed90b584a6ed00
RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
RBP: 1ffff110046e211a R08: 0000000000000000 R09: 0000000000000000
R10: dffffc0000000000 R11: fffff52000a45f51 R12: 0000000000000000
R13: dffffc0000000000 R14: ffffffff8d9ef560 R15: ffff8880237108d0
FS:  0000555563a75500(0000) GS:ffff888126def000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007f9506f8b000 CR3: 000000003a252000 CR4: 00000000003526f0

Crashes (7):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2025/12/25 22:49 upstream ccd1cdca5cd4 d6526ea3 .config console log report syz / log C [disk image] [vmlinux] [kernel image] [mounted in repro (corrupt fs)] ci2-upstream-fs VFS: Busy inodes after unmount (use-after-free)
2025/12/25 14:05 upstream ccd1cdca5cd4 d6526ea3 .config console log report syz / log C [disk image] [vmlinux] [kernel image] [mounted in repro (corrupt fs)] ci-upstream-kasan-gce-root VFS: Busy inodes after unmount (use-after-free)
2025/12/28 10:15 upstream d26143bb38e2 d6526ea3 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs VFS: Busy inodes after unmount (use-after-free)
2025/12/25 08:19 upstream ccd1cdca5cd4 d6526ea3 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-root VFS: Busy inodes after unmount (use-after-free)
2025/12/24 18:02 upstream b927546677c8 d6526ea3 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-root VFS: Busy inodes after unmount (use-after-free)
2025/12/21 22:43 upstream 9094662f6707 d6526ea3 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-root VFS: Busy inodes after unmount (use-after-free)
2025/12/01 13:24 linux-next 7d31f578f323 d6526ea3 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-linux-next-kasan-gce-root VFS: Busy inodes after unmount (use-after-free)
* Struck through repros no longer work on HEAD.