ci2 starts bisection 2023-05-23 09:38:07.729962341 +0000 UTC m=+256859.426866182 bisecting cause commit starting from 43c801dc3325b9f07f8869e95ad87b05a9f21eb6 building syzkaller on 4bce1a3e705a8b62de8194bdb28f5eef89c8feec ensuring issue is reproducible on original commit 43c801dc3325b9f07f8869e95ad87b05a9f21eb6 testing commit 43c801dc3325b9f07f8869e95ad87b05a9f21eb6 gcc compiler: Debian clang version 15.0.7, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: c9c6b0009f2d99046cc30ee6688b7f4fd95ddadaa6ca80d2500950fdde2cc6c1 run #0: crashed: SYZFAIL: failed to mkdtemp run #1: crashed: SYZFAIL: failed to mkdtemp run #2: crashed: SYZFAIL: failed to mkdtemp run #3: crashed: SYZFAIL: failed to mkdtemp run #4: crashed: SYZFAIL: failed to mkdtemp run #5: crashed: SYZFAIL: failed to mkdtemp run #6: crashed: SYZFAIL: failed to mkdtemp run #7: crashed: SYZFAIL: failed to mkdtemp run #8: crashed: SYZFAIL: failed to mkdtemp run #9: crashed: SYZFAIL: failed to mkdir run #10: crashed: SYZFAIL: failed to mkdtemp run #11: crashed: SYZFAIL: failed to mkdtemp run #12: crashed: SYZFAIL: failed to mkdtemp run #13: crashed: SYZFAIL: failed to mkdtemp run #14: crashed: SYZFAIL: failed to mkdtemp run #15: OK run #16: crashed: SYZFAIL: failed to mkdtemp run #17: OK run #18: OK run #19: OK testing release v5.10.178 testing commit 791a854ae5a5f5988f1291ae91168a149bd5ba57 gcc compiler: Debian clang version 15.0.7, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 0118d0cb7bced57902111870b35c3715aced070cdab29f00e657db4edbdc12d2 all runs: OK # git bisect start 43c801dc3325b9f07f8869e95ad87b05a9f21eb6 791a854ae5a5f5988f1291ae91168a149bd5ba57 Bisecting: 3977 revisions left to test after this (roughly 12 steps) [d3f36ae0bb11ff00a3dc86f755c863f090be3954] UPSTREAM: ARM: 9035/1: uncompress: Add be32tocpu macro testing commit d3f36ae0bb11ff00a3dc86f755c863f090be3954 gcc compiler: Debian clang version 15.0.7, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 8187cb1679ab11580ad6297ee25bdd3b908c568958bb13f82e939604e7247b21 run #0: basic kernel testing failed: KASAN: use-after-free Read in attach_pid run #1: basic kernel testing failed: KASAN: use-after-free Read in attach_pid run #2: basic kernel testing failed: KASAN: use-after-free Read in attach_pid run #3: basic kernel testing failed: KASAN: use-after-free Read in attach_pid run #4: basic kernel testing failed: KASAN: use-after-free Read in attach_pid run #5: basic kernel testing failed: KASAN: use-after-free Read in attach_pid run #6: basic kernel testing failed: KASAN: use-after-free Read in attach_pid run #7: basic kernel testing failed: KASAN: use-after-free Read in attach_pid run #8: basic kernel testing failed: KASAN: use-after-free Read in attach_pid run #9: basic kernel testing failed: KASAN: use-after-free Read in task_active_pid_ns # git bisect skip d3f36ae0bb11ff00a3dc86f755c863f090be3954 Bisecting: 3974 revisions left to test after this (roughly 12 steps) [9dd11f75e97c0bd2306579af6653451aecc3019d] FROMGIT: kbuild: update config_data.gz only when the content of .config is changed testing commit 9dd11f75e97c0bd2306579af6653451aecc3019d gcc compiler: Debian clang version 15.0.7, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 6f6a3d801e6294585f7af9c7b190fd4b0c263881b1ceb23738b7bce27da8d160 run #0: basic kernel testing failed: KASAN: use-after-free Read in attach_pid run #1: basic kernel testing failed: KASAN: use-after-free Read in attach_pid run #2: basic kernel testing failed: KASAN: use-after-free Read in attach_pid run #3: basic kernel testing failed: KASAN: use-after-free Read in attach_pid run #4: basic kernel testing failed: KASAN: use-after-free Read in task_active_pid_ns run #5: basic kernel testing failed: KASAN: use-after-free Read in task_active_pid_ns run #6: basic kernel testing failed: KASAN: use-after-free Read in attach_pid run #7: basic kernel testing failed: KASAN: use-after-free Read in attach_pid run #8: basic kernel testing failed: KASAN: use-after-free Read in attach_pid run #9: basic kernel testing failed: KASAN: use-after-free Read in attach_pid # git bisect skip 9dd11f75e97c0bd2306579af6653451aecc3019d Bisecting: 3974 revisions left to test after this (roughly 12 steps) [092c06519c20445a52127aab9852275859c604be] FROMLIST: kasan, fork: reset pointer tags of vmapped stacks testing commit 092c06519c20445a52127aab9852275859c604be gcc compiler: Debian clang version 15.0.7, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 8709ed81e5c297cc8eb6e0b276d27c61d814cfbf583db417679b27387f72a89a all runs: crashed: general protection fault in incfs_kill_sb # git bisect bad 092c06519c20445a52127aab9852275859c604be Bisecting: 3259 revisions left to test after this (roughly 12 steps) [b3498e7475d7d69ef85beb125a50044ad4fd0037] FROMLIST: firmware: arm_scmi: port GenPD driver to the new scmi_power_proto_ops interface testing commit b3498e7475d7d69ef85beb125a50044ad4fd0037 gcc compiler: Debian clang version 15.0.7, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 5fc73d2b3d0eb6fa4d723ab486ed8dd759c9c10958b88e9a84a2ceeac8ef520d run #0: basic kernel testing failed: KASAN: use-after-free Read in task_active_pid_ns run #1: basic kernel testing failed: KASAN: use-after-free Read in attach_pid run #2: basic kernel testing failed: KASAN: use-after-free Read in attach_pid run #3: basic kernel testing failed: KASAN: use-after-free Read in attach_pid run #4: basic kernel testing failed: KASAN: use-after-free Read in attach_pid run #5: basic kernel testing failed: KASAN: use-after-free Read in attach_pid run #6: basic kernel testing failed: KASAN: use-after-free Read in attach_pid run #7: basic kernel testing failed: KASAN: use-after-free Read in attach_pid run #8: basic kernel testing failed: KASAN: use-after-free Read in attach_pid run #9: basic kernel testing failed: KASAN: use-after-free Read in attach_pid # git bisect skip b3498e7475d7d69ef85beb125a50044ad4fd0037 Bisecting: 3259 revisions left to test after this (roughly 12 steps) [3db0cb29e95fd47c6cdf2cf0c5a4b8fb19621178] UPSTREAM: KVM: arm64: Declutter host PSCI 0.1 handling testing commit 3db0cb29e95fd47c6cdf2cf0c5a4b8fb19621178 gcc compiler: Debian clang version 15.0.7, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 4e1f6841245b13abd25c90525d2b4ead68579939de87a8363c6f56138d63f903 run #0: basic kernel testing failed: KASAN: use-after-free Read in attach_pid run #1: basic kernel testing failed: KASAN: use-after-free Read in attach_pid run #2: basic kernel testing failed: KASAN: use-after-free Read in task_active_pid_ns run #3: basic kernel testing failed: KASAN: use-after-free Read in attach_pid run #4: basic kernel testing failed: KASAN: use-after-free Read in attach_pid run #5: basic kernel testing failed: KASAN: use-after-free Read in attach_pid run #6: basic kernel testing failed: KASAN: use-after-free Read in attach_pid run #7: basic kernel testing failed: KASAN: use-after-free Read in attach_pid run #8: basic kernel testing failed: KASAN: use-after-free Read in attach_pid run #9: basic kernel testing failed: KASAN: use-after-free Read in attach_pid # git bisect skip 3db0cb29e95fd47c6cdf2cf0c5a4b8fb19621178 Bisecting: 3259 revisions left to test after this (roughly 12 steps) [0db85aae47c6408fb330a3863243e6bf8a47368a] FROMLIST: arm64: efi: restore x18 if it was corrupted testing commit 0db85aae47c6408fb330a3863243e6bf8a47368a gcc compiler: gcc version 8.4.1 20210217 (GCC) kernel signature: 8898054e8c9745f91ab25a56363068474aed54f375f618256ab523b062ac6801 run #0: basic kernel testing failed: KASAN: use-after-free Read in task_active_pid_ns run #1: basic kernel testing failed: KASAN: use-after-free Read in attach_pid run #2: basic kernel testing failed: KASAN: use-after-free Read in attach_pid run #3: basic kernel testing failed: KASAN: use-after-free Read in attach_pid run #4: basic kernel testing failed: KASAN: use-after-free Read in task_active_pid_ns run #5: basic kernel testing failed: KASAN: use-after-free Read in attach_pid run #6: basic kernel testing failed: KASAN: use-after-free Read in attach_pid run #7: basic kernel testing failed: KASAN: use-after-free Read in task_active_pid_ns run #8: basic kernel testing failed: KASAN: use-after-free Read in task_active_pid_ns run #9: basic kernel testing failed: KASAN: use-after-free Read in attach_pid # git bisect skip 0db85aae47c6408fb330a3863243e6bf8a47368a Bisecting: 3259 revisions left to test after this (roughly 12 steps) [a6edc4212b6e32427707ec56e1714bb3a8f6641b] FROMGIT: media: v4l2-ctrl: add controls for long term reference. testing commit a6edc4212b6e32427707ec56e1714bb3a8f6641b gcc compiler: Debian clang version 15.0.7, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: f1497e244a49f0f2ea31b0ba865fe7de5993a8a713672e34c433d2ade6e7d5cb run #0: basic kernel testing failed: KASAN: use-after-free Read in attach_pid run #1: basic kernel testing failed: KASAN: use-after-free Read in attach_pid run #2: basic kernel testing failed: KASAN: use-after-free Read in attach_pid run #3: basic kernel testing failed: KASAN: use-after-free Read in attach_pid run #4: basic kernel testing failed: KASAN: use-after-free Read in attach_pid run #5: basic kernel testing failed: KASAN: use-after-free Read in attach_pid run #6: basic kernel testing failed: KASAN: use-after-free Read in attach_pid run #7: basic kernel testing failed: KASAN: use-after-free Read in attach_pid run #8: basic kernel testing failed: KASAN: use-after-free Read in task_active_pid_ns run #9: basic kernel testing failed: KASAN: use-after-free Read in task_active_pid_ns # git bisect skip a6edc4212b6e32427707ec56e1714bb3a8f6641b Bisecting: 3259 revisions left to test after this (roughly 12 steps) [3d5941d2b4abc9f39047f74ce48c23d29bb182c1] FROMLIST: drm: msm: Quiet down plane errors in atomic_check testing commit 3d5941d2b4abc9f39047f74ce48c23d29bb182c1 gcc compiler: gcc version 8.4.1 20210217 (GCC) kernel signature: 05512066e31df75c3c7cf03a62402b5446e0e4346ebaa005ae66c2b7fcfbcca0 run #0: basic kernel testing failed: KASAN: use-after-free Read in attach_pid run #1: basic kernel testing failed: KASAN: use-after-free Read in attach_pid run #2: basic kernel testing failed: KASAN: use-after-free Read in attach_pid run #3: basic kernel testing failed: KASAN: use-after-free Read in attach_pid run #4: basic kernel testing failed: KASAN: use-after-free Read in attach_pid run #5: basic kernel testing failed: KASAN: use-after-free Read in attach_pid run #6: basic kernel testing failed: KASAN: use-after-free Read in attach_pid run #7: basic kernel testing failed: KASAN: use-after-free Read in attach_pid run #8: basic kernel testing failed: KASAN: use-after-free Read in task_active_pid_ns run #9: basic kernel testing failed: lost connection to test machine # git bisect skip 3d5941d2b4abc9f39047f74ce48c23d29bb182c1 Bisecting: 3259 revisions left to test after this (roughly 12 steps) [8d420888a4c8c495855d0a31c2a59eb5a6c7248b] ANDROID: sched: Add PELT cmdline arg testing commit 8d420888a4c8c495855d0a31c2a59eb5a6c7248b gcc compiler: Debian clang version 15.0.7, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 28f21e1dd6b7f2b7fff2c86a52b2e156c79a4f010cd2c8fca0c607a81fe37868 run #0: basic kernel testing failed: KASAN: use-after-free Read in attach_pid run #1: basic kernel testing failed: KASAN: use-after-free Read in attach_pid run #2: basic kernel testing failed: KASAN: use-after-free Read in task_active_pid_ns run #3: basic kernel testing failed: KASAN: use-after-free Read in attach_pid run #4: basic kernel testing failed: KASAN: use-after-free Read in attach_pid run #5: basic kernel testing failed: KASAN: use-after-free Read in attach_pid run #6: basic kernel testing failed: KASAN: use-after-free Read in attach_pid run #7: basic kernel testing failed: KASAN: use-after-free Read in attach_pid run #8: basic kernel testing failed: KASAN: use-after-free Read in attach_pid run #9: basic kernel testing failed: KASAN: use-after-free Read in attach_pid # git bisect skip 8d420888a4c8c495855d0a31c2a59eb5a6c7248b Bisecting: 3259 revisions left to test after this (roughly 12 steps) [d2ee0ef1e03fd3520b81d703838e35512432a7cc] FROMLIST: pwm: Convert period and duty cycle to u64 testing commit d2ee0ef1e03fd3520b81d703838e35512432a7cc gcc compiler: gcc version 8.4.1 20210217 (GCC) kernel signature: b638a21ba27330213937e6809ca68f31b6c386432ddb9e1c3606448aa9d3f609 run #0: basic kernel testing failed: KASAN: use-after-free Read in attach_pid run #1: basic kernel testing failed: KASAN: use-after-free Read in attach_pid run #2: basic kernel testing failed: KASAN: use-after-free Read in attach_pid run #3: basic kernel testing failed: KASAN: use-after-free Read in attach_pid run #4: basic kernel testing failed: KASAN: use-after-free Read in task_active_pid_ns run #5: basic kernel testing failed: KASAN: use-after-free Read in attach_pid run #6: basic kernel testing failed: KASAN: use-after-free Read in attach_pid run #7: basic kernel testing failed: KASAN: use-after-free Read in attach_pid run #8: basic kernel testing failed: KASAN: use-after-free Read in attach_pid run #9: basic kernel testing failed: KASAN: use-after-free Read in attach_pid # git bisect skip d2ee0ef1e03fd3520b81d703838e35512432a7cc Bisecting: 3259 revisions left to test after this (roughly 12 steps) [d15b326fe301bd503f45e19f14e7de24664f1471] FROMGIT: kfence: add test suite testing commit d15b326fe301bd503f45e19f14e7de24664f1471 gcc compiler: Debian clang version 15.0.7, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: f55dfe53534eb0e143a908d30c96fb9da1367252fc5cbba3dee7137f6fbd2c65 run #0: basic kernel testing failed: KASAN: use-after-free Read in attach_pid run #1: basic kernel testing failed: KASAN: use-after-free Read in task_active_pid_ns run #2: basic kernel testing failed: KASAN: use-after-free Read in attach_pid run #3: basic kernel testing failed: KASAN: use-after-free Read in attach_pid run #4: basic kernel testing failed: KASAN: use-after-free Read in attach_pid run #5: basic kernel testing failed: KASAN: use-after-free Read in attach_pid run #6: basic kernel testing failed: KASAN: use-after-free Read in task_active_pid_ns run #7: basic kernel testing failed: KASAN: use-after-free Read in attach_pid run #8: basic kernel testing failed: KASAN: use-after-free Read in task_active_pid_ns run #9: basic kernel testing failed: KASAN: use-after-free Read in attach_pid # git bisect skip d15b326fe301bd503f45e19f14e7de24664f1471 Bisecting: 3259 revisions left to test after this (roughly 12 steps) [d6905346b5a1b519ca7c833ac781851b3d9f92d0] UPSTREAM: KVM: arm64: Return early from read_id_reg() if register is RAZ testing commit d6905346b5a1b519ca7c833ac781851b3d9f92d0 gcc compiler: Debian clang version 15.0.7, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: c898f0668b278ec85dd7435a2510461246d13261fad8f97faf2ae1add140e677 all runs: OK # git bisect good d6905346b5a1b519ca7c833ac781851b3d9f92d0 Bisecting: 461 revisions left to test after this (roughly 9 steps) [b219d099aae2d2dc74a4ab9513d66d153e4cb228] Revert "ANDROID: mm: fix up removal of vm_total_pages problem" testing commit b219d099aae2d2dc74a4ab9513d66d153e4cb228 gcc compiler: Debian clang version 15.0.7, GNU ld (GNU Binutils for Debian) 2.35.2 failed building b219d099aae2d2dc74a4ab9513d66d153e4cb228: mm/page_alloc.c:8026:15: error: use of undeclared identifier 'vm_total_pages' # git bisect skip b219d099aae2d2dc74a4ab9513d66d153e4cb228 Bisecting: 461 revisions left to test after this (roughly 9 steps) [7fbb472eb091419cb4d8f177765184711048e5c9] ANDROID: KVM: arm64: Add __pkvm_hyp_donate_host() testing commit 7fbb472eb091419cb4d8f177765184711048e5c9 gcc compiler: Debian clang version 15.0.7, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 791abbf3e8e56921abf2b2c0022fa78e1935661722f68f1b564a8563cc9163a0 all runs: OK # git bisect good 7fbb472eb091419cb4d8f177765184711048e5c9 Bisecting: 193 revisions left to test after this (roughly 8 steps) [33078fb6fb824e0ab94515ef24c47419a331e106] ANDROID: incremental-fs: fix GPF in pending_reads_dispatch_ioctl testing commit 33078fb6fb824e0ab94515ef24c47419a331e106 gcc compiler: Debian clang version 15.0.7, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 7ffab8dc683e36e25975ac7902acc1df0ca981431cf4c883f3bedbc48a67f0ef all runs: OK # git bisect good 33078fb6fb824e0ab94515ef24c47419a331e106 Bisecting: 96 revisions left to test after this (roughly 7 steps) [6d6288c745b29f245fb34071655fc11e24692cdc] ANDROID: Update the ABI symbol list testing commit 6d6288c745b29f245fb34071655fc11e24692cdc gcc compiler: Debian clang version 15.0.7, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 7635e13fbba654ec5a88bdbc5e99f099fb5b17eabdc512cc26c834aefba17097 all runs: crashed: general protection fault in incfs_kill_sb # git bisect bad 6d6288c745b29f245fb34071655fc11e24692cdc Bisecting: 48 revisions left to test after this (roughly 6 steps) [60d19549ea55305bc2e3438e3408f07d53734235] UPSTREAM: firmware: arm_ffa: Setup in-kernel users of FFA partitions testing commit 60d19549ea55305bc2e3438e3408f07d53734235 gcc compiler: Debian clang version 15.0.7, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: b0a43eb34f0f5e4203a1efab3cc0a26bf1ef193335aa8ca1e5f63550010500d1 all runs: crashed: general protection fault in incfs_kill_sb # git bisect bad 60d19549ea55305bc2e3438e3408f07d53734235 Bisecting: 23 revisions left to test after this (roughly 5 steps) [55ee32da5ed34d8020c5340cf4c756032dad66d4] ANDROID: KVM: arm64: Don't remove shadow table entry twice on teardown testing commit 55ee32da5ed34d8020c5340cf4c756032dad66d4 gcc compiler: Debian clang version 15.0.7, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 3b283458bdfa7c893d492c79f548aa0fa764c9159bb0d9b575c6a2c4c9b179cd all runs: crashed: VFS: Busy inodes after unmount (use-after-free) # git bisect bad 55ee32da5ed34d8020c5340cf4c756032dad66d4 Bisecting: 11 revisions left to test after this (roughly 4 steps) [63e1ba88549d0ee75a16cd99c60612786e133053] UPSTREAM: binder: fix freeze race testing commit 63e1ba88549d0ee75a16cd99c60612786e133053 gcc compiler: Debian clang version 15.0.7, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: b2f3818c2c86582ebcb236bc6b9ddebbb7e21adc08f7640cba471f0864b2b77d all runs: crashed: VFS: Busy inodes after unmount (use-after-free) # git bisect bad 63e1ba88549d0ee75a16cd99c60612786e133053 Bisecting: 5 revisions left to test after this (roughly 3 steps) [93717b608dd30f9d41b15a72e809238807c68026] ANDROID: incremental-fs: fix mount_fs issue testing commit 93717b608dd30f9d41b15a72e809238807c68026 gcc compiler: Debian clang version 15.0.7, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 5741c79ba422af872cb444ae258a7bad84d2c71d1257a929d60e9242bf9d6865 all runs: crashed: VFS: Busy inodes after unmount (use-after-free) # git bisect bad 93717b608dd30f9d41b15a72e809238807c68026 Bisecting: 2 revisions left to test after this (roughly 2 steps) [841ee1fff741ce102b13889949160d1d47f4cda4] UPSTREAM: close_range: unshare all fds for CLOSE_RANGE_UNSHARE | CLOSE_RANGE_CLOEXEC testing commit 841ee1fff741ce102b13889949160d1d47f4cda4 gcc compiler: Debian clang version 15.0.7, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: b675b8eb2751118446ffcd9ba175467105d679ef38cabcf4c11992f2817c86ad run #0: basic kernel testing failed: general protection fault in do_swap_page run #1: OK run #2: OK run #3: OK run #4: OK run #5: OK run #6: OK run #7: OK run #8: OK run #9: OK # git bisect good 841ee1fff741ce102b13889949160d1d47f4cda4 Bisecting: 1 revision left to test after this (roughly 1 step) [10339b6da670a1809559f44bf3fb53376b868b1e] UPSTREAM: file: fix close_range() for unshare+cloexec testing commit 10339b6da670a1809559f44bf3fb53376b868b1e gcc compiler: Debian clang version 15.0.7, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 8b6dbc4d4689252b31f8fcd28eabd5250f4a97a065c5618c2bd6038ef6d23e35 all runs: OK # git bisect good 10339b6da670a1809559f44bf3fb53376b868b1e Bisecting: 0 revisions left to test after this (roughly 0 steps) [4094a44201db7a3fd95d216e01ec85d748968110] ANDROID: GKI: Update the ABI symbol list testing commit 4094a44201db7a3fd95d216e01ec85d748968110 gcc compiler: Debian clang version 15.0.7, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 620ef09f740ae90eacaf649f9606cf17dd311c97ff4c78654f063bb9ef2fdeaf all runs: OK # git bisect good 4094a44201db7a3fd95d216e01ec85d748968110 93717b608dd30f9d41b15a72e809238807c68026 is the first bad commit commit 93717b608dd30f9d41b15a72e809238807c68026 Author: Tadeusz Struk Date: Wed Jan 12 13:52:50 2022 -0800 ANDROID: incremental-fs: fix mount_fs issue Syzbot recently found a number of issues related to incremental-fs (see bug numbers below). All have to do with the fact that incr-fs allows mounts of the same source and target multiple times. The correct behavior for a file system is to allow only one such mount, and then every subsequent attempt should fail with a -EBUSY error code. In case of the issues listed below the common pattern is that the reproducer calls: mount("./file0", "./file0", "incremental-fs", 0, NULL) many times and then invokes a file operation like chmod, setxattr, or open on the ./file0. This causes a recursive call for all the mounted instances, which eventually causes a stack overflow and a kernel crash: BUG: stack guard page was hit at ffffc90000c0fff8 kernel stack overflow (double-fault): 0000 [#1] PREEMPT SMP KASAN The reason why many mounts with the same source and target are possible is because the incfs_mount_fs() as it is allocates a new super_block for every call, regardless of whether a given mount already exists or not. This happens every time the sget() function is called with a test param equal to NULL. The correct behavior for an FS mount implementation is to call appropriate mount vfs call for it's type, i.e. mount_bdev() for a block device backed FS, mount_single() for a pseudo file system, like sysfs that is mounted in a single, well know location, or mount_nodev() for other special purpose FS like overlayfs. In case of incremental-fs the open coded mount logic doesn't check for abusive mount attempts such as overlays. To fix this issue the logic needs to be changed to pass a proper test function to sget() call, which then checks if a super_block for a mount instance has already been allocated and also allows the VFS to properly verify invalid mount attempts. Bug: 211066171 Bug: 213140206 Bug: 213215835 Bug: 211914587 Bug: 211213635 Bug: 213137376 Bug: 211161296 Signed-off-by: Tadeusz Struk Change-Id: I66cfc3f1b5aaffb32b0845b2dad3ff26fe952e27 fs/incfs/data_mgmt.c | 1 + fs/incfs/vfs.c | 58 ++++++++++++++++++++++++++++++++++++++-------------- fs/incfs/vfs.h | 1 - 3 files changed, 44 insertions(+), 16 deletions(-) culprit signature: 5741c79ba422af872cb444ae258a7bad84d2c71d1257a929d60e9242bf9d6865 parent signature: 620ef09f740ae90eacaf649f9606cf17dd311c97ff4c78654f063bb9ef2fdeaf revisions tested: 24, total time: 7h24m18.133188526s (build: 5h16m5.6301455s, test: 2h1m41.608042623s) first bad commit: 93717b608dd30f9d41b15a72e809238807c68026 ANDROID: incremental-fs: fix mount_fs issue recipients (to): ["tadeusz.struk@linaro.org"] recipients (cc): [] crash: VFS: Busy inodes after unmount (use-after-free) VFS: Busy inodes after unmount of incremental-fs. Self-destruct in 5 seconds. Have a nice day... VFS: Busy inodes after unmount of incremental-fs. Self-destruct in 5 seconds. Have a nice day... VFS: Busy inodes after unmount of incremental-fs. Self-destruct in 5 seconds. Have a nice day... VFS: Busy inodes after unmount of incremental-fs. Self-destruct in 5 seconds. Have a nice day... VFS: Busy inodes after unmount of incremental-fs. Self-destruct in 5 seconds. Have a nice day... VFS: Busy inodes after unmount of incremental-fs. Self-destruct in 5 seconds. Have a nice day... VFS: Busy inodes after unmount of incremental-fs. Self-destruct in 5 seconds. Have a nice day... VFS: Busy inodes after unmount of incremental-fs. Self-destruct in 5 seconds. Have a nice day... VFS: Busy inodes after unmount of incremental-fs. Self-destruct in 5 seconds. Have a nice day... VFS: Busy inodes after unmount of incremental-fs. Self-destruct in 5 seconds. Have a nice day... VFS: Busy inodes after unmount of incremental-fs. Self-destruct in 5 seconds. Have a nice day... VFS: Busy inodes after unmount of incremental-fs. Self-destruct in 5 seconds. Have a nice day... VFS: Busy inodes after unmount of incremental-fs. Self-destruct in 5 seconds. Have a nice day... VFS: Busy inodes after unmount of incremental-fs. Self-destruct in 5 seconds. Have a nice day...