bisecting fixing commit since 59456c9cc40c8f75b5a7efa0fe1f211d9c6fcaf1
building syzkaller on b599f2fcc734e2183016a340d4f6fc2891d8e41f
testing commit 59456c9cc40c8f75b5a7efa0fe1f211d9c6fcaf1
compiler: gcc version 8.4.1 20210217 (GCC)
kernel signature: 609dc38ecacdbf6122ec857d088c17bf6dfdb4c14ce067935f4f3a01c9648dda
run #0: crashed: kernel BUG in iput
run #1: crashed: BUG: Dentry ADDR{i=NUM,n=/} still in use (-NUM) [unmount of erofs loop2]
run #2: crashed: kernel BUG in corrupted
run #3: crashed: kernel BUG in iput
run #4: crashed: kernel BUG in corrupted
run #5: crashed: kernel BUG in iput
run #6: crashed: BUG: Dentry ADDR{i=NUM,n=/} still in use (-NUM) [unmount of erofs loop3]
run #7: crashed: kernel BUG in corrupted
run #8: crashed: kernel BUG in iput
run #9: crashed: kernel BUG in iput
run #10: crashed: kernel BUG in corrupted
run #11: crashed: kernel BUG in corrupted
run #12: crashed: BUG: Dentry ADDR{i=NUM,n=/} still in use (-NUM) [unmount of erofs loop5]
run #13: crashed: kernel BUG in iput
run #14: crashed: kernel BUG in corrupted
run #15: crashed: kernel BUG in iput
run #16: crashed: kernel BUG in iput
run #17: crashed: BUG: Dentry ADDR{i=NUM,n=/} still in use (-NUM) [unmount of erofs loop5]
run #18: crashed: kernel BUG in iput
run #19: crashed: kernel BUG in iput
testing current HEAD b172b44fcb1771e083aad806fa96f3f60e2ddfac
testing commit b172b44fcb1771e083aad806fa96f3f60e2ddfac
compiler: gcc version 8.4.1 20210217 (GCC)
kernel signature: 77238fbe7c711780f3449abb7a0cb262467903b4d1ad212a0a7ed53bfad357f1
run #0: crashed: BUG: Dentry ADDR{i=NUM,n=/} still in use (-NUM) [unmount of erofs loop1]
run #1: crashed: kernel BUG in iput
run #2: crashed: BUG: Dentry ADDR{i=NUM,n=/} still in use (-NUM) [unmount of erofs loop2]
run #3: crashed: BUG: Dentry ADDR{i=NUM,n=/} still in use (-NUM) [unmount of erofs loop1]
run #4: crashed: kernel BUG in corrupted
run #5: crashed: kernel BUG in iput
run #6: crashed: kernel BUG in iput
run #7: crashed: kernel BUG in iput
run #8: crashed: BUG: Dentry ADDR{i=NUM,n=/} still in use (-NUM) [unmount of erofs loop5]
run #9: crashed: BUG: Dentry ADDR{i=NUM,n=/} still in use (-NUM) [unmount of erofs loop3]
revisions tested: 2, total time: 22m24.621858057s (build: 15m42.543795768s, test: 6m21.112994129s)
the crash still happens on HEAD
commit msg: Linux 4.19.206
crash: BUG: Dentry ADDR{i=NUM,n=/} still in use (-NUM) [unmount of erofs loop3]
 should_failslab+0x9/0x20 mm/slab_common.c:1590
 slab_pre_alloc_hook mm/slab.h:424 [inline]
 slab_alloc mm/slab.c:3383 [inline]
 kmem_cache_alloc+0x28e/0x390 mm/slab.c:3557
 erofs_read_super drivers/staging/erofs/super.c:414 [inline]
 erofs_fill_super+0xf63/0x1168 drivers/staging/erofs/super.c:499
 mount_bdev+0x26f/0x330 fs/super.c:1158
 erofs_mount+0x6a/0x90 drivers/staging/erofs/super.c:512
BUG: Dentry 00000000fde8c67a{i=0,n=/}  still in use (-128) [unmount of erofs loop3]
 mount_fs+0x7f/0x2b0 fs/super.c:1261
 vfs_kern_mount.part.11+0x58/0x3d0 fs/namespace.c:961
 vfs_kern_mount fs/namespace.c:951 [inline]
 do_new_mount fs/namespace.c:2492 [inline]
 do_mount+0x376/0x2630 fs/namespace.c:2822
 ksys_mount+0xb1/0xd0 fs/namespace.c:3038
 __do_sys_mount fs/namespace.c:3052 [inline]
 __se_sys_mount fs/namespace.c:3049 [inline]
 __x64_sys_mount+0xb9/0x150 fs/namespace.c:3049
 do_syscall_64+0xd0/0x4e0 arch/x86/entry/common.c:293
 entry_SYSCALL_64_after_hwframe+0x49/0xbe
RIP: 0033:0x467b0a
Code: 48 c7 c2 bc ff ff ff f7 d8 64 89 02 b8 ff ff ff ff eb d2 e8 b8 04 00 00 0f 1f 84 00 00 00 00 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007ff0f33e4fa8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
RAX: ffffffffffffffda RBX: 0000000020000200 RCX: 0000000000467b0a
RDX: 0000000020000000 RSI: 0000000020000100 RDI: 00007ff0f33e5000
RBP: 00007ff0f33e5040 R08: 00007ff0f33e5040 R09: 0000000020000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000020000000
R13: 0000000020000100 R14: 00007ff0f33e5000 R15: 0000000020010a00
CPU: 0 PID: 9986 Comm: syz-executor.4 Not tainted 4.19.206-syzkaller #0
------------[ cut here ]------------
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
WARNING: CPU: 1 PID: 9997 at fs/dcache.c:1518 umount_check fs/dcache.c:1518 [inline]
WARNING: CPU: 1 PID: 9997 at fs/dcache.c:1518 umount_check.cold.19+0xe0/0x149 fs/dcache.c:1499
Call Trace:
Kernel panic - not syncing: panic_on_warn set ...

 __dump_stack lib/dump_stack.c:77 [inline]
 dump_stack+0x17c/0x226 lib/dump_stack.c:118
 fail_dump lib/fault-inject.c:51 [inline]
 should_fail.cold.2+0x5/0xa lib/fault-inject.c:149
 __should_failslab+0xba/0xf0 mm/failslab.c:32
 should_failslab+0x9/0x20 mm/slab_common.c:1590
 slab_pre_alloc_hook mm/slab.h:424 [inline]
 slab_alloc mm/slab.c:3383 [inline]
 kmem_cache_alloc+0x47/0x390 mm/slab.c:3557
 mempool_alloc_slab+0x3a/0x50 mm/mempool.c:505
 mempool_alloc+0x118/0x320 mm/mempool.c:385
 bio_alloc_bioset+0x1a5/0x520 block/bio.c:493
 bio_alloc include/linux/bio.h:437 [inline]
 prepare_bio drivers/staging/erofs/internal.h:457 [inline]
 erofs_get_meta_page+0x1e8/0x9e0 drivers/staging/erofs/data.c:63
 read_inode drivers/staging/erofs/inode.c:41 [inline]
 fill_inode drivers/staging/erofs/inode.c:232 [inline]
 erofs_iget+0x1bc/0x2280 drivers/staging/erofs/inode.c:305
 erofs_read_super drivers/staging/erofs/super.c:394 [inline]
 erofs_fill_super+0xe6c/0x1168 drivers/staging/erofs/super.c:499
 mount_bdev+0x26f/0x330 fs/super.c:1158
 erofs_mount+0x6a/0x90 drivers/staging/erofs/super.c:512
 mount_fs+0x7f/0x2b0 fs/super.c:1261
 vfs_kern_mount.part.11+0x58/0x3d0 fs/namespace.c:961
 vfs_kern_mount fs/namespace.c:951 [inline]
 do_new_mount fs/namespace.c:2492 [inline]
 do_mount+0x376/0x2630 fs/namespace.c:2822
 ksys_mount+0xb1/0xd0 fs/namespace.c:3038
 __do_sys_mount fs/namespace.c:3052 [inline]
 __se_sys_mount fs/namespace.c:3049 [inline]
 __x64_sys_mount+0xb9/0x150 fs/namespace.c:3049
 do_syscall_64+0xd0/0x4e0 arch/x86/entry/common.c:293
 entry_SYSCALL_64_after_hwframe+0x49/0xbe
RIP: 0033:0x467b0a
Code: 48 c7 c2 bc ff ff ff f7 d8 64 89 02 b8 ff ff ff ff eb d2 e8 b8 04 00 00 0f 1f 84 00 00 00 00 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007f4da574ffa8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
RAX: ffffffffffffffda RBX: 0000000020000200 RCX: 0000000000467b0a
RDX: 0000000020000000 RSI: 0000000020000100 RDI: 00007f4da5750000
RBP: 00007f4da5750040 R08: 00007f4da5750040 R09: 0000000020000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000020000000
R13: 0000000020000100 R14: 00007f4da5750000 R15: 0000000020010a00
CPU: 1 PID: 9997 Comm: syz-executor.3 Not tainted 4.19.206-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
 __dump_stack lib/dump_stack.c:77 [inline]
 dump_stack+0x17c/0x226 lib/dump_stack.c:118
 panic+0x1cd/0x375 kernel/panic.c:186
 __warn.cold.7+0x1b/0x36 kernel/panic.c:541
 report_bug+0x1a1/0x200 lib/bug.c:183
 fixup_bug arch/x86/kernel/traps.c:178 [inline]
 fixup_bug arch/x86/kernel/traps.c:173 [inline]
 do_error_trap+0x200/0x350 arch/x86/kernel/traps.c:296
 do_invalid_op+0x1b/0x20 arch/x86/kernel/traps.c:316
 invalid_op+0x14/0x20 arch/x86/entry/entry_64.S:1038
RIP: 0010:umount_check fs/dcache.c:1518 [inline]
RIP: 0010:umount_check.cold.19+0xe0/0x149 fs/dcache.c:1499
Code: 75 7f 49 8b 54 24 40 41 55 4d 89 f1 41 89 d8 48 89 f1 48 c7 c7 60 8b 13 88 e8 87 05 ff ff 48 c7 c7 a0 8a 13 88 e8 7b 05 ff ff <0f> 0b 58 e9 12 86 16 fa 48 89 75 d8 e8 fd 10 08 fa 48 8b 75 d8 e9
RSP: 0018:ffff88809ee6fa60 EFLAGS: 00010286
RAX: 0000000000000024 RBX: 00000000ffffff80 RCX: 0000000000000000
RDX: 0000000000000000 RSI: ffffffff885023e0 RDI: ffffffff8bad9720
RBP: ffff88809ee6fa90 R08: ffffed1017464ea9 R09: ffffed1017464ea8
R10: ffffed1017464ea8 R11: ffff8880ba327547 R12: 0000000000000000
BUG: Dentry 00000000ab2c626f{i=0,n=/}  still in use (-128) [unmount of erofs loop2]
R13: ffff88809618e950 R14: ffffffff88d2b860 R15: ffff8880ab1611c0
 d_walk.part.6+0x151/0x6e0 fs/dcache.c:1253
 d_walk fs/dcache.c:1246 [inline]
 do_one_tree+0x1f/0x40 fs/dcache.c:1525
 shrink_dcache_for_umount+0x56/0x120 fs/dcache.c:1541
 generic_shutdown_super+0x61/0x330 fs/super.c:441
 kill_block_super+0x96/0xe0 fs/super.c:1185
 erofs_kill_sb+0x9/0x10 drivers/staging/erofs/super.c:518
 deactivate_locked_super+0x77/0xd0 fs/super.c:329
 mount_bdev+0x2cb/0x330 fs/super.c:1160
 erofs_mount+0x6a/0x90 drivers/staging/erofs/super.c:512
 mount_fs+0x7f/0x2b0 fs/super.c:1261
 vfs_kern_mount.part.11+0x58/0x3d0 fs/namespace.c:961
 vfs_kern_mount fs/namespace.c:951 [inline]
 do_new_mount fs/namespace.c:2492 [inline]
 do_mount+0x376/0x2630 fs/namespace.c:2822
 ksys_mount+0xb1/0xd0 fs/namespace.c:3038
 __do_sys_mount fs/namespace.c:3052 [inline]
 __se_sys_mount fs/namespace.c:3049 [inline]
 __x64_sys_mount+0xb9/0x150 fs/namespace.c:3049
 do_syscall_64+0xd0/0x4e0 arch/x86/entry/common.c:293
 entry_SYSCALL_64_after_hwframe+0x49/0xbe
RIP: 0033:0x467b0a
Code: 48 c7 c2 bc ff ff ff f7 d8 64 89 02 b8 ff ff ff ff eb d2 e8 b8 04 00 00 0f 1f 84 00 00 00 00 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007f790d68dfa8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
RAX: ffffffffffffffda RBX: 0000000020000200 RCX: 0000000000467b0a
RDX: 0000000020000000 RSI: 0000000020000100 RDI: 00007f790d68e000
RBP: 00007f790d68e040 R08: 00007f790d68e040 R09: 0000000020000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000020000000
R13: 0000000020000100 R14: 00007f790d68e000 R15: 0000000020010a00
Kernel Offset: disabled
Rebooting in 86400 seconds..