bisecting fixing commit since 811218eceeaa7618652e1b8d11caeff67ab42072
building syzkaller on 624dad51316f9973e1349b6c71e789737d1e00d9
testing commit 811218eceeaa7618652e1b8d11caeff67ab42072
compiler: gcc version 8.4.1 20210217 (GCC)
kernel signature: e06b6b52b267e56bf168d68f445dadd6e08efa96df5b874afbe9d8c8cb1d6da5
run #0: crashed: BUG: Dentry ADDR{i=NUM,n=/} still in use (-NUM) [unmount of erofs loop2]
run #1: crashed: BUG: Dentry ADDR{i=NUM,n=/} still in use (-NUM) [unmount of erofs loop5]
run #2: crashed: kernel BUG in iput
run #3: crashed: kernel BUG in iput
run #4: crashed: kernel BUG in corrupted
run #5: crashed: BUG: Dentry ADDR{i=NUM,n=/} still in use (-NUM) [unmount of erofs loop1]
run #6: crashed: kernel BUG in iput
run #7: crashed: kernel BUG in iput
run #8: crashed: kernel BUG in corrupted
run #9: crashed: BUG: Dentry ADDR{i=NUM,n=/} still in use (-NUM) [unmount of erofs loop5]
run #10: crashed: kernel BUG in corrupted
run #11: crashed: kernel BUG in corrupted
run #12: crashed: kernel BUG in iput
run #13: crashed: BUG: Dentry ADDR{i=NUM,n=/} still in use (-NUM) [unmount of erofs loop2]
run #14: crashed: kernel BUG in iput
run #15: crashed: kernel BUG in iput
run #16: crashed: BUG: Dentry ADDR{i=NUM,n=/} still in use (-NUM) [unmount of erofs loop4]
run #17: crashed: kernel BUG in corrupted
run #18: crashed: kernel BUG in corrupted
run #19: crashed: BUG: Dentry ADDR{i=NUM,n=/} still in use (-NUM) [unmount of erofs loop4]
testing current HEAD b172b44fcb1771e083aad806fa96f3f60e2ddfac
testing commit b172b44fcb1771e083aad806fa96f3f60e2ddfac
compiler: gcc version 8.4.1 20210217 (GCC)
kernel signature: 3bcb5bdab4c865ef2b69a60d5bd23fb536d9f6f2e6bbc2d438fb6320e3d67580
run #0: crashed: kernel BUG in iput
run #1: crashed: kernel BUG in iput
run #2: crashed: BUG: Dentry ADDR{i=NUM,n=/} still in use (-NUM) [unmount of erofs loop5]
run #3: crashed: kernel BUG in iput
run #4: crashed: BUG: Dentry ADDR{i=NUM,n=/} still in use (-NUM) [unmount of erofs loop3]
run #5: crashed: BUG: Dentry ADDR{i=NUM,n=/} still in use (-NUM) [unmount of erofs loop1]
run #6: crashed: BUG: Dentry ADDR{i=NUM,n=/} still in use (-NUM) [unmount of erofs loop0]
run #7: crashed: BUG: Dentry ADDR{i=NUM,n=/} still in use (-NUM) [unmount of erofs loop4]
run #8: crashed: BUG: Dentry ADDR{i=NUM,n=/} still in use (-NUM) [unmount of erofs loop4]
run #9: crashed: BUG: Dentry ADDR{i=NUM,n=/} still in use (-NUM) [unmount of erofs loop1]
revisions tested: 2, total time: 26m17.247015947s (build: 18m45.369406697s, test: 6m57.593356912s)
the crash still happens on HEAD
commit msg: Linux 4.19.206
crash: BUG: Dentry ADDR{i=NUM,n=/} still in use (-NUM) [unmount of erofs loop1]
 __d_alloc+0x28/0xa30 fs/dcache.c:1612
 d_alloc_anon fs/dcache.c:1715 [inline]
 d_make_root+0x38/0x70 fs/dcache.c:1909
 erofs_read_super drivers/staging/erofs/super.c:407 [inline]
 erofs_fill_super+0xf02/0x1168 drivers/staging/erofs/super.c:499
BUG: Dentry 000000006a02086e{i=0,n=/}  still in use (-128) [unmount of erofs loop1]
 mount_bdev+0x26f/0x330 fs/super.c:1158
 erofs_mount+0x6a/0x90 drivers/staging/erofs/super.c:512
 mount_fs+0x7f/0x2b0 fs/super.c:1261
 vfs_kern_mount.part.11+0x58/0x3d0 fs/namespace.c:961
 vfs_kern_mount fs/namespace.c:951 [inline]
 do_new_mount fs/namespace.c:2492 [inline]
 do_mount+0x376/0x2630 fs/namespace.c:2822
 ksys_mount+0xb1/0xd0 fs/namespace.c:3038
 __do_sys_mount fs/namespace.c:3052 [inline]
 __se_sys_mount fs/namespace.c:3049 [inline]
 __x64_sys_mount+0xb9/0x150 fs/namespace.c:3049
 do_syscall_64+0xd0/0x4e0 arch/x86/entry/common.c:293
 entry_SYSCALL_64_after_hwframe+0x49/0xbe
RIP: 0033:0x46702a
Code: 48 c7 c2 bc ff ff ff f7 d8 64 89 02 b8 ff ff ff ff eb d2 e8 b8 04 00 00 0f 1f 84 00 00 00 00 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007f584d8c8fa8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
RAX: ffffffffffffffda RBX: 0000000020000200 RCX: 000000000046702a
RDX: 0000000020000000 RSI: 0000000020000100 RDI: 00007f584d8c9000
RBP: 00007f584d8c9040 R08: 00007f584d8c9040 R09: 0000000020000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000020000000
R13: 0000000020000100 R14: 00007f584d8c9000 R15: 0000000020000140
FAULT_INJECTION: forcing a failure.
name fail_page_alloc, interval 1, probability 0, space 0, times 0
------------[ cut here ]------------
WARNING: CPU: 0 PID: 10028 at fs/dcache.c:1518 umount_check fs/dcache.c:1518 [inline]
WARNING: CPU: 0 PID: 10028 at fs/dcache.c:1518 umount_check.cold.19+0xe0/0x149 fs/dcache.c:1499