ci2 starts bisection 2023-02-25 23:23:49.486940889 +0000 UTC m=+17376.481090148
bisecting cause commit starting from 416c4356f37295d6da2d7b290069f9adb349dc9f
building syzkaller on ee50e71ca65deab5f014ff0481809c7b2afa5427
ensuring issue is reproducible on original commit 416c4356f37295d6da2d7b290069f9adb349dc9f

testing commit 416c4356f37295d6da2d7b290069f9adb349dc9f gcc
compiler: Debian clang version 15.0.7, GNU ld (GNU Binutils for Debian) 2.35.2
kernel signature: b03cce0892582c79ba3c8e6d158ac94cce2bcdf9828767bb5b032a32c6b5b59e
all runs: crashed: VFS: Busy inodes after unmount (use-after-free)
testing release v5.10.161
testing commit 1a9148dfd8e03835dc7617cee696dd18c0000e99 gcc
compiler: Debian clang version 15.0.7, GNU ld (GNU Binutils for Debian) 2.35.2
kernel signature: 275b4d2ef564072e73aa7c06da1306d0613318350fa1be373ee7c79917b52ebb
all runs: OK
# git bisect start 416c4356f37295d6da2d7b290069f9adb349dc9f 1a9148dfd8e03835dc7617cee696dd18c0000e99
Bisecting: 3135 revisions left to test after this (roughly 12 steps)
[2280659fcaa1143d27e7cf7ab16e84b0061996fd] UPSTREAM: coresight: etm4x: Check for Software Lock

testing commit 2280659fcaa1143d27e7cf7ab16e84b0061996fd gcc
compiler: Debian clang version 15.0.7, GNU ld (GNU Binutils for Debian) 2.35.2
kernel signature: 077f66c5cf3de3e17696b29c15b03aa323b0109e7b5433225fd5e48d3fc09ffe
run #0: basic kernel testing failed: UBSAN: object-size-mismatch in wg_xmit
run #1: basic kernel testing failed: UBSAN: object-size-mismatch in wg_xmit
run #2: basic kernel testing failed: UBSAN: object-size-mismatch in wg_xmit
run #3: basic kernel testing failed: UBSAN: object-size-mismatch in wg_xmit
run #4: basic kernel testing failed: KASAN: use-after-free Read in task_active_pid_ns
run #5: basic kernel testing failed: UBSAN: object-size-mismatch in wg_xmit
run #6: basic kernel testing failed: UBSAN: object-size-mismatch in wg_xmit
run #7: basic kernel testing failed: UBSAN: object-size-mismatch in wg_xmit
run #8: basic kernel testing failed: UBSAN: object-size-mismatch in wg_xmit
run #9: basic kernel testing failed: UBSAN: object-size-mismatch in wg_xmit
# git bisect skip 2280659fcaa1143d27e7cf7ab16e84b0061996fd
Bisecting: 3133 revisions left to test after this (roughly 12 steps)
[263f3f5ac723466ef1b2259a8ac1a1b4e0129ff5] UPSTREAM: coresight: etm4x: Clean up exception level masks

testing commit 263f3f5ac723466ef1b2259a8ac1a1b4e0129ff5 gcc
compiler: Debian clang version 15.0.7, GNU ld (GNU Binutils for Debian) 2.35.2
kernel signature: b1215a47a20079a828012174c2c41b83c4f7a24f76b789640df53648c55f0453
run #0: basic kernel testing failed: UBSAN: object-size-mismatch in wg_xmit
run #1: basic kernel testing failed: UBSAN: object-size-mismatch in wg_xmit
run #2: basic kernel testing failed: UBSAN: object-size-mismatch in wg_xmit
run #3: basic kernel testing failed: UBSAN: object-size-mismatch in wg_xmit
run #4: basic kernel testing failed: KASAN: use-after-free Read in task_active_pid_ns
run #5: basic kernel testing failed: UBSAN: object-size-mismatch in wg_xmit
run #6: basic kernel testing failed: UBSAN: object-size-mismatch in wg_xmit
run #7: basic kernel testing failed: UBSAN: object-size-mismatch in wg_xmit
run #8: basic kernel testing failed: UBSAN: object-size-mismatch in wg_xmit
run #9: basic kernel testing failed: UBSAN: object-size-mismatch in wg_xmit
# git bisect skip 263f3f5ac723466ef1b2259a8ac1a1b4e0129ff5
Bisecting: 3133 revisions left to test after this (roughly 12 steps)
[01a0d1ea31c485ff434aa8d1cbcbfc89f724fff9] ANDROID: usb: host: Use old init scheme when hook unavailable

testing commit 01a0d1ea31c485ff434aa8d1cbcbfc89f724fff9 gcc
compiler: Debian clang version 15.0.7, GNU ld (GNU Binutils for Debian) 2.35.2
ERROR: modpost: Section mismatches detected.
# git bisect skip 01a0d1ea31c485ff434aa8d1cbcbfc89f724fff9
Bisecting: 3133 revisions left to test after this (roughly 12 steps)
[17867c11a27e498d7b49bbd9eadcfcb4b790c12f] UPSTREAM: arm64: entry.S: Add ventry overflow sanity checks

testing commit 17867c11a27e498d7b49bbd9eadcfcb4b790c12f gcc
compiler: Debian clang version 15.0.7, GNU ld (GNU Binutils for Debian) 2.35.2
kernel signature: 92cb00124bc96d64fd663047a4b2621e411e45e9cea8b9eb610200a7f53f6545
all runs: OK
# git bisect good 17867c11a27e498d7b49bbd9eadcfcb4b790c12f
Bisecting: 317 revisions left to test after this (roughly 8 steps)
[257d21b1848a8bfe8c25bd5800103144b4eced7c] UPSTREAM: usb: audio-v2: add ability to define feature unit descriptor

testing commit 257d21b1848a8bfe8c25bd5800103144b4eced7c gcc
compiler: Debian clang version 15.0.7, GNU ld (GNU Binutils for Debian) 2.35.2
kernel signature: bedf91b191737f8775505d2b753f07ebf70cec7f18362474b990c2e9f16ca21b
all runs: crashed: VFS: Busy inodes after unmount (use-after-free)
# git bisect bad 257d21b1848a8bfe8c25bd5800103144b4eced7c
Bisecting: 158 revisions left to test after this (roughly 7 steps)
[f37ab7f595356e673409201be6d80e104e2f1b21] UPSTREAM: mm/damon/core: use better timer mechanisms selection threshold

testing commit f37ab7f595356e673409201be6d80e104e2f1b21 gcc
compiler: Debian clang version 15.0.7, GNU ld (GNU Binutils for Debian) 2.35.2
kernel signature: 231d4de13de8f26612db742c2e6d5f136fcf39510c66adee72dda0558e83d9ce
all runs: crashed: VFS: Busy inodes after unmount (use-after-free)
# git bisect bad f37ab7f595356e673409201be6d80e104e2f1b21
Bisecting: 79 revisions left to test after this (roughly 6 steps)
[ceb6918d1d4a413e79bfcaea46d63721d53af632] ANDROID: vendor_hooks: Reduce pointless modversions CRC churn

testing commit ceb6918d1d4a413e79bfcaea46d63721d53af632 gcc
compiler: Debian clang version 15.0.7, GNU ld (GNU Binutils for Debian) 2.35.2
kernel signature: 33bf6364584795e9bbf7d76aabf236677bd986c1fb103a7311ac3249506807fb
all runs: OK
# git bisect good ceb6918d1d4a413e79bfcaea46d63721d53af632
Bisecting: 39 revisions left to test after this (roughly 5 steps)
[526b5029ad4a1857771326050c24a7a0e7255a2e] UPSTREAM: mm/damon/core: print kdamond start log in debug mode only

testing commit 526b5029ad4a1857771326050c24a7a0e7255a2e gcc
compiler: Debian clang version 15.0.7, GNU ld (GNU Binutils for Debian) 2.35.2
kernel signature: c6c79ab16f5ae5919eea91c7fd4e40fd6a8389563921cf906a86b47584e890c2
all runs: crashed: VFS: Busy inodes after unmount (use-after-free)
# git bisect bad 526b5029ad4a1857771326050c24a7a0e7255a2e
Bisecting: 19 revisions left to test after this (roughly 4 steps)
[e0513ed978569bbb8e9983c5208dcd9745f2815d] ANDROID: ABI: Update allowed list for galaxy

testing commit e0513ed978569bbb8e9983c5208dcd9745f2815d gcc
compiler: Debian clang version 15.0.7, GNU ld (GNU Binutils for Debian) 2.35.2
kernel signature: adfa1d319096c4c1c291fb5288c1e19e8794ec6183ecc80dcaa890b15b319fec
all runs: crashed: VFS: Busy inodes after unmount (use-after-free)
# git bisect bad e0513ed978569bbb8e9983c5208dcd9745f2815d
Bisecting: 9 revisions left to test after this (roughly 3 steps)
[0dcfc2c03655b59ec9581b712970ba07bd56930d] ANDROID: GKI: Update symbols to symbol list

testing commit 0dcfc2c03655b59ec9581b712970ba07bd56930d gcc
compiler: Debian clang version 15.0.7, GNU ld (GNU Binutils for Debian) 2.35.2
kernel signature: 28825eebfd1e3fc15883608dabc98d2fb270bf02aaaa6b9c7d34ea0ea5d6c23d
all runs: crashed: VFS: Busy inodes after unmount (use-after-free)
# git bisect bad 0dcfc2c03655b59ec9581b712970ba07bd56930d
Bisecting: 4 revisions left to test after this (roughly 2 steps)
[3c06a5ce5e5857a1dff88a784e58e32bbddaf759] ANDROID: Split ANDROID_STRUCT_PADDING into separate configs

testing commit 3c06a5ce5e5857a1dff88a784e58e32bbddaf759 gcc
compiler: Debian clang version 15.0.7, GNU ld (GNU Binutils for Debian) 2.35.2
kernel signature: 5d7c98ace47412c9950d900597e01ad07aeb677b04f7d3355dfdb95eb8f6e6f0
all runs: crashed: VFS: Busy inodes after unmount (use-after-free)
# git bisect bad 3c06a5ce5e5857a1dff88a784e58e32bbddaf759
Bisecting: 1 revision left to test after this (roughly 1 step)
[3b25a439ce056a09b5d8ed1b98759726bfb75209] ANDROID: selftests: incfs: Add -fno-omit-frame-pointer

testing commit 3b25a439ce056a09b5d8ed1b98759726bfb75209 gcc
compiler: Debian clang version 15.0.7, GNU ld (GNU Binutils for Debian) 2.35.2
kernel signature: a10e0ac3c65429db1711a963c38c5d4c505370d97e9e5982fde3dbb5eca91d25
all runs: crashed: VFS: Busy inodes after unmount (use-after-free)
# git bisect bad 3b25a439ce056a09b5d8ed1b98759726bfb75209
Bisecting: 0 revisions left to test after this (roughly 1 step)
[3e45af8a72c01c7e00c26e9df6089f7412ab3ec2] ANDROID: incremental-fs: limit mount stack depth

testing commit 3e45af8a72c01c7e00c26e9df6089f7412ab3ec2 gcc
compiler: Debian clang version 15.0.7, GNU ld (GNU Binutils for Debian) 2.35.2
kernel signature: 5e9f080e18e9eb2cfc58473087c9e779d055d0589bd090efc8c377770f71aad9
all runs: crashed: VFS: Busy inodes after unmount (use-after-free)
# git bisect bad 3e45af8a72c01c7e00c26e9df6089f7412ab3ec2
Bisecting: 0 revisions left to test after this (roughly 0 steps)
[d8fade2b40aaf421f46381cdba959cd650a87f2a] ANDROID: GKI: Update symbols to abi_gki_aarch64_oplus

testing commit d8fade2b40aaf421f46381cdba959cd650a87f2a gcc
compiler: Debian clang version 15.0.7, GNU ld (GNU Binutils for Debian) 2.35.2
kernel signature: 870eb91318043f35b6d7702daad49f2d97a8ac278c5d9a377565e26af6d325f4
all runs: OK
# git bisect good d8fade2b40aaf421f46381cdba959cd650a87f2a
3e45af8a72c01c7e00c26e9df6089f7412ab3ec2 is the first bad commit
commit 3e45af8a72c01c7e00c26e9df6089f7412ab3ec2
Author: Tadeusz Struk <tadeusz.struk@linaro.org>
Date:   Tue Mar 8 17:20:15 2022 -0800

    ANDROID: incremental-fs: limit mount stack depth
    
    Syzbot recently found a number of issues related to incremental-fs
    (see bug numbers below). All have to do with the fact that incr-fs
    allows mounts of the same source and target multiple times.
    This is a design decision and the user space component "Data Loader"
    expects this to work for app re-install use case.
    The mounting depth needs to be controlled, however, and only allowed
    to be two levels deep. In case of more than two mount attempts the
    driver needs to return an error.
    In case of the issues listed below the common pattern is that the
    reproducer calls:
    
    mount("./file0", "./file0", "incremental-fs", 0, NULL)
    
    many times and then invokes a file operation like chmod, setxattr,
    or open on the ./file0. This causes a recursive call for all the
    mounted instances, which eventually causes a stack overflow and
    a kernel crash:
    
    BUG: stack guard page was hit at ffffc90000c0fff8
    kernel stack overflow (double-fault): 0000 [#1] PREEMPT SMP KASAN
    
    This change also cleans up the mount error path to properly clean
    allocated resources and call deactivate_locked_super(), which
    causes the incfs_kill_sb() to be called, where the sb is freed.
    
    Bug: 211066171
    Bug: 213140206
    Bug: 213215835
    Bug: 211914587
    Bug: 211213635
    Bug: 213137376
    Bug: 211161296
    
    Signed-off-by: Tadeusz Struk <tadeusz.struk@linaro.org>
    Change-Id: I08d9b545a2715423296bf4beb67bdbbed78d1be1

 fs/incfs/data_mgmt.h |  6 ++++
 fs/incfs/vfs.c       | 79 ++++++++++++++++++++++++++++++++++++++--------------
 2 files changed, 64 insertions(+), 21 deletions(-)

culprit signature: 5e9f080e18e9eb2cfc58473087c9e779d055d0589bd090efc8c377770f71aad9
parent  signature: 870eb91318043f35b6d7702daad49f2d97a8ac278c5d9a377565e26af6d325f4
revisions tested: 15, total time: 3h44m19.510779717s (build: 2h17m27.5634311s, test: 1h13m8.56560012s)
first bad commit: 3e45af8a72c01c7e00c26e9df6089f7412ab3ec2 ANDROID: incremental-fs: limit mount stack depth
recipients (to): ["tadeusz.struk@linaro.org"]
recipients (cc): []
crash: VFS: Busy inodes after unmount (use-after-free)
VFS: Busy inodes after unmount of ramfs. Self-destruct in 5 seconds.  Have a nice day...