bisecting fixing commit since 6ca2f514c57864e3085a65c5e9d2adca4144bc4c
building syzkaller on 6972b10616d785401dea17cec890cca8916424a7
testing commit 6ca2f514c57864e3085a65c5e9d2adca4144bc4c
compiler: gcc version 8.4.1 20210217 (GCC)
kernel signature: f3410155e3c1428cdd016eebec1db09e96b53682e7db515ce828bc912fd9f18e
run #0: crashed: kernel BUG in corrupted
run #1: crashed: kernel BUG in corrupted
run #2: crashed: kernel BUG in iput
run #3: crashed: kernel BUG in corrupted
run #4: crashed: kernel BUG in corrupted
run #5: crashed: BUG: Dentry ADDR{i=NUM,n=/} still in use (-NUM) [unmount of erofs loop1]
run #6: crashed: kernel BUG in corrupted
run #7: crashed: kernel BUG in corrupted
run #8: crashed: kernel BUG in corrupted
run #9: crashed: BUG: Dentry ADDR{i=NUM,n=/} still in use (-NUM) [unmount of erofs loop2]
run #10: crashed: kernel BUG in iput
run #11: crashed: BUG: Dentry ADDR{i=NUM,n=/} still in use (-NUM) [unmount of erofs loop3]
run #12: crashed: kernel BUG in iput
run #13: crashed: kernel BUG in corrupted
run #14: crashed: kernel BUG in corrupted
run #15: crashed: kernel BUG in corrupted
run #16: crashed: kernel BUG in corrupted
run #17: crashed: BUG: Dentry ADDR{i=NUM,n=/} still in use (-NUM) [unmount of erofs loop5]
run #18: crashed: kernel BUG in corrupted
run #19: crashed: BUG: Dentry ADDR{i=NUM,n=/} still in use (-NUM) [unmount of erofs loop3]
testing current HEAD b172b44fcb1771e083aad806fa96f3f60e2ddfac
testing commit b172b44fcb1771e083aad806fa96f3f60e2ddfac
compiler: gcc version 8.4.1 20210217 (GCC)
kernel signature: 3dece34f4b06c734fe230c4b78d5f1dc2e7308b377045761978f70c2afe897d2
run #0: crashed: BUG: Dentry ADDR{i=NUM,n=/} still in use (-NUM) [unmount of erofs loop0]
run #1: crashed: kernel BUG in iput
run #2: crashed: kernel BUG in iput
run #3: crashed: kernel BUG in corrupted
run #4: crashed: BUG: Dentry ADDR{i=NUM,n=/} still in use (-NUM) [unmount of erofs loop1]
run #5: crashed: kernel BUG in iput
run #6: crashed: BUG: Dentry ADDR{i=NUM,n=/} still in use (-NUM) [unmount of erofs loop2]
run #7: crashed: kernel BUG in corrupted
run #8: crashed: kernel BUG in corrupted
run #9: crashed: BUG: Dentry ADDR{i=NUM,n=/} still in use (-NUM) [unmount of erofs loop1]
revisions tested: 2, total time: 30m40.899051446s (build: 22m9.966605015s, test: 8m4.980075698s)
the crash still happens on HEAD
commit msg: Linux 4.19.206
crash: BUG: Dentry ADDR{i=NUM,n=/} still in use (-NUM) [unmount of erofs loop1]
RDX: 0000000020000000 RSI: 0000000020000100 RDI: 00007ff83eb84000
RBP: 00007ff83eb84040 R08: 00007ff83eb84040 R09: 0000000020000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000020000000
R13: 0000000020000100 R14: 00007ff83eb84000 R15: 0000000020010a00
CPU: 1 PID: 11369 Comm: syz-executor.0 Not tainted 4.19.206-syzkaller #0
BUG: Dentry 0000000058144b5f{i=0,n=/}  still in use (-128) [unmount of erofs loop1]
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
 __dump_stack lib/dump_stack.c:77 [inline]
 dump_stack+0x17c/0x226 lib/dump_stack.c:118
 fail_dump lib/fault-inject.c:51 [inline]
 should_fail.cold.2+0x5/0xa lib/fault-inject.c:149
 __should_failslab+0xba/0xf0 mm/failslab.c:32
 should_failslab+0x9/0x20 mm/slab_common.c:1590
 slab_pre_alloc_hook mm/slab.h:424 [inline]
 slab_alloc_node mm/slab.c:3304 [inline]
 kmem_cache_alloc_node_trace+0x256/0x3e0 mm/slab.c:3666
 __do_kmalloc_node mm/slab.c:3688 [inline]
 __kmalloc_node+0x3c/0x70 mm/slab.c:3696
 kmalloc_node include/linux/slab.h:557 [inline]
 kvmalloc_node+0x68/0x70 mm/util.c:423
 kvmalloc include/linux/mm.h:577 [inline]
 memcg_init_list_lru_node mm/list_lru.c:365 [inline]
 memcg_init_list_lru mm/list_lru.c:456 [inline]
 __list_lru_init+0x429/0x650 mm/list_lru.c:624
 alloc_super fs/super.c:269 [inline]
 sget_userns+0x64e/0xb70 fs/super.c:519
 sget+0xbe/0x100 fs/super.c:570
 mount_bdev+0xc9/0x330 fs/super.c:1131
 erofs_mount+0x6a/0x90 drivers/staging/erofs/super.c:512
 mount_fs+0x7f/0x2b0 fs/super.c:1261
 vfs_kern_mount.part.11+0x58/0x3d0 fs/namespace.c:961
 vfs_kern_mount fs/namespace.c:951 [inline]
 do_new_mount fs/namespace.c:2492 [inline]
 do_mount+0x376/0x2630 fs/namespace.c:2822
 ksys_mount+0xb1/0xd0 fs/namespace.c:3038
 __do_sys_mount fs/namespace.c:3052 [inline]
 __se_sys_mount fs/namespace.c:3049 [inline]
 __x64_sys_mount+0xb9/0x150 fs/namespace.c:3049
 do_syscall_64+0xd0/0x4e0 arch/x86/entry/common.c:293
 entry_SYSCALL_64_after_hwframe+0x49/0xbe
RIP: 0033:0x467b0a
Code: 48 c7 c2 bc ff ff ff f7 d8 64 89 02 b8 ff ff ff ff eb d2 e8 b8 04 00 00 0f 1f 84 00 00 00 00 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007fb34db88fa8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
RAX: ffffffffffffffda RBX: 0000000020000200 RCX: 0000000000467b0a
RDX: 0000000020000000 RSI: 0000000020000100 RDI: 00007fb34db89000
RBP: 00007fb34db89040 R08: 00007fb34db89040 R09: 0000000020000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000020000000
R13: 0000000020000100 R14: 00007fb34db89000 R15: 0000000020010a00
erofs: unmounted for /dev/loop3
------------[ cut here ]------------
WARNING: CPU: 0 PID: 11354 at fs/dcache.c:1518 umount_check fs/dcache.c:1518 [inline]
WARNING: CPU: 0 PID: 11354 at fs/dcache.c:1518 umount_check.cold.19+0xe0/0x149 fs/dcache.c:1499