bisecting cause commit starting from a19944809fe9942e6a96292490717904d0690c21
building syzkaller on b17b2923e60fea9f22c4a2161742e16f41b84980
testing commit a19944809fe9942e6a96292490717904d0690c21
compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2
kernel signature: 3317aa70042233e0eac03685951b2778d987fc661323b197b35266f8b920b2b2
all runs: crashed: WARNING in fuse_writepages_fill
testing release v5.17
testing commit f443e374ae131c168a065ea1748feac6b2e76613
compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2
kernel signature: 17ad258b452cfb82cedb994c02407f25d3284f5401a9cbc53e7a6b5db1bde867
all runs: crashed: WARNING in fuse_writepages_fill
testing release v5.16
testing commit df0cc57e057f18e44dac8e6c18aba47ab53202f9
compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2
kernel signature: ac5509ad476ee4a9995228579d7321a86055cb1814ac858531b1f1a96261fa79
all runs: crashed: WARNING in fuse_writepages_fill
testing release v5.15
testing commit 8bb7eca972ad531c9b149c0a51ab43a417385813
compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2
kernel signature: 789bafed6b626ba8ee3ac11d22e5c6bedcd95acd7318081470ddaf1eac138440
all runs: OK
# git bisect start df0cc57e057f18e44dac8e6c18aba47ab53202f9 8bb7eca972ad531c9b149c0a51ab43a417385813
Bisecting: 7870 revisions left to test after this (roughly 13 steps)
[2219b0ceefe835b92a8a74a73fe964aa052742a2] Merge tag 'soc-5.16' of git://git.kernel.org/pub/scm/linux/kernel/git/soc/soc

testing commit 2219b0ceefe835b92a8a74a73fe964aa052742a2
compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2
kernel signature: 4ce850039d4cce8eed74332ae868232e244ac5c90a27ada6a3a8d16dafb45cb5
all runs: OK
# git bisect good 2219b0ceefe835b92a8a74a73fe964aa052742a2
Bisecting: 3942 revisions left to test after this (roughly 12 steps)
[206825f50f908771934e1fba2bfc2e1f1138b36a] Merge tag 'mtd/for-5.16' of git://git.kernel.org/pub/scm/linux/kernel/git/mtd/linux

testing commit 206825f50f908771934e1fba2bfc2e1f1138b36a
compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2
kernel signature: 1ad35768b9bb8a15202486bb17d542d1bc4a16d3b238ca03ddfc111a36f916b7
all runs: OK
# git bisect good 206825f50f908771934e1fba2bfc2e1f1138b36a
Bisecting: 1971 revisions left to test after this (roughly 11 steps)
[4e1fddc98d2585ddd4792b5e44433dcee7ece001] tcp_cubic: fix spurious Hystart ACK train detections for not-cwnd-limited flows

testing commit 4e1fddc98d2585ddd4792b5e44433dcee7ece001
compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2
kernel signature: 0969bf7f450ba4dec4242630a9a5802b6cba82e0cfdb888ca8820a453da997e7
all runs: crashed: WARNING in fuse_writepages_fill
# git bisect bad 4e1fddc98d2585ddd4792b5e44433dcee7ece001
Bisecting: 989 revisions left to test after this (roughly 10 steps)
[dbf49896187fd58c577fa1574a338e4f3672b4b2] Merge branch 'akpm' (patches from Andrew)

testing commit dbf49896187fd58c577fa1574a338e4f3672b4b2
compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2
kernel signature: adb5bc499f4d924f6174a245bed22e14f3db3a681bee65155e3972f94ea6db6d
all runs: crashed: WARNING in fuse_writepages_fill
# git bisect bad dbf49896187fd58c577fa1574a338e4f3672b4b2
Bisecting: 477 revisions left to test after this (roughly 9 steps)
[89d714ab6043bca7356b5c823f5335f5dce1f930] Merge tag 'linux-watchdog-5.16-rc1' of git://www.linux-watchdog.org/linux-watchdog

testing commit 89d714ab6043bca7356b5c823f5335f5dce1f930
compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2
kernel signature: ae3b4614dea15d2a10e84924bb4a162097d0864d5045afcd3fcfb0335e408089
all runs: crashed: WARNING in fuse_writepages_fill
# git bisect bad 89d714ab6043bca7356b5c823f5335f5dce1f930
Bisecting: 210 revisions left to test after this (roughly 8 steps)
[59a2ceeef6d6bb8f68550fdbd84246b74a99f06b] Merge branch 'akpm' (patches from Andrew)

testing commit 59a2ceeef6d6bb8f68550fdbd84246b74a99f06b
compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2
kernel signature: 8f5a7485b43935b4a800ba8e88e7151a1ec6bb283687c5a66924bc14fcefe3fd
all runs: OK
# git bisect good 59a2ceeef6d6bb8f68550fdbd84246b74a99f06b
Bisecting: 116 revisions left to test after this (roughly 7 steps)
[3e28850cbd359bed841b832200f9fc208a9ef040] Merge tag 'for-5.16/block-2021-11-09' of git://git.kernel.dk/linux-block

testing commit 3e28850cbd359bed841b832200f9fc208a9ef040
compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2
kernel signature: aec7bb3feba7822454752f113b7e7dccf9dc76444cc497f45ca3d95d09e0c4f1
all runs: crashed: WARNING in fuse_writepages_fill
# git bisect bad 3e28850cbd359bed841b832200f9fc208a9ef040
Bisecting: 47 revisions left to test after this (roughly 6 steps)
[1bdd629e5aa0e335504304be4208935948692549] Merge tag 'ovl-update-5.16' of git://git.kernel.org/pub/scm/linux/kernel/git/mszeredi/vfs

testing commit 1bdd629e5aa0e335504304be4208935948692549
compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2
kernel signature: cf7d108c3910454a240762440db23b0be28b3a7ccd316c060cc8639c12a026ea
all runs: crashed: WARNING in fuse_writepages_fill
# git bisect bad 1bdd629e5aa0e335504304be4208935948692549
Bisecting: 22 revisions left to test after this (roughly 5 steps)
[712a951025c0667ff00b25afc360f74e639dfabe] fuse: fix page stealing

testing commit 712a951025c0667ff00b25afc360f74e639dfabe
compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2
kernel signature: 3b57c9e3093c4f7413ef32149ede871daed3d4588613e592a020eb10e45aab30
all runs: crashed: WARNING in fuse_writepages_fill
# git bisect bad 712a951025c0667ff00b25afc360f74e639dfabe
Bisecting: 11 revisions left to test after this (roughly 4 steps)
[8c56e03d2e08d83776c89e4b6563ca8cfdf7da54] fuse: don't bump attr_version in cached write

testing commit 8c56e03d2e08d83776c89e4b6563ca8cfdf7da54
compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2
kernel signature: 83ba0790cf95d5dc95cc21ea45f8d0bf6c19af3fe4f120b6bbdd8db9ad1167b5
all runs: crashed: WARNING in fuse_writepages_fill
# git bisect bad 8c56e03d2e08d83776c89e4b6563ca8cfdf7da54
Bisecting: 5 revisions left to test after this (roughly 3 steps)
[b5d9758297858288f1d8cd9b24a4e2f899f169e0] fuse: delete redundant code

testing commit b5d9758297858288f1d8cd9b24a4e2f899f169e0
compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2
kernel signature: 2155eec7383628fdbb89e9d145a2658456f108f242c9be49f82c7cdff1f20553
all runs: crashed: WARNING in fuse_writepages_fill
# git bisect bad b5d9758297858288f1d8cd9b24a4e2f899f169e0
Bisecting: 2 revisions left to test after this (roughly 1 step)
[36ea23374d1f7b6a9d96a2b61d38830fdf23e45d] fuse: write inode in fuse_vma_close() instead of fuse_release()

testing commit 36ea23374d1f7b6a9d96a2b61d38830fdf23e45d
compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2
kernel signature: b35898b703a1026947b362361897ef6b282aa54727aeba940d5d66bdec9d433b
all runs: crashed: WARNING in fuse_writepages_fill
# git bisect bad 36ea23374d1f7b6a9d96a2b61d38830fdf23e45d
Bisecting: 0 revisions left to test after this (roughly 0 steps)
[5c791fe1e2a4f401f819065ea4fc0450849f1818] fuse: make sure reclaim doesn't write the inode

testing commit 5c791fe1e2a4f401f819065ea4fc0450849f1818
compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2
kernel signature: 37b12ce6e68a77ddd15683723b2671615bc13e7d4ac7947e41e1080f7ce7e602
all runs: OK
# git bisect good 5c791fe1e2a4f401f819065ea4fc0450849f1818
36ea23374d1f7b6a9d96a2b61d38830fdf23e45d is the first bad commit
commit 36ea23374d1f7b6a9d96a2b61d38830fdf23e45d
Author: Miklos Szeredi <mszeredi@redhat.com>
Date:   Fri Oct 22 17:03:01 2021 +0200

    fuse: write inode in fuse_vma_close() instead of fuse_release()
    
    Fuse ->release() is otherwise asynchronous for the reason that it can
    happen in contexts unrelated to close/munmap.
    
    Inode is already written back from fuse_flush().  Add it to
    fuse_vma_close() as well to make sure inode dirtying from mmaps also get
    written out before the file is released.
    
    Also add error handling.
    
    Signed-off-by: Miklos Szeredi <mszeredi@redhat.com>

 fs/fuse/file.c | 15 ++++++---------
 1 file changed, 6 insertions(+), 9 deletions(-)

culprit signature: b35898b703a1026947b362361897ef6b282aa54727aeba940d5d66bdec9d433b
parent  signature: 37b12ce6e68a77ddd15683723b2671615bc13e7d4ac7947e41e1080f7ce7e602
revisions tested: 17, total time: 3h24m5.894288592s (build: 2h25m7.489501317s, test: 57m15.46444893s)
first bad commit: 36ea23374d1f7b6a9d96a2b61d38830fdf23e45d fuse: write inode in fuse_vma_close() instead of fuse_release()
recipients (to): ["linux-fsdevel@vger.kernel.org" "miklos@szeredi.hu" "mszeredi@redhat.com"]
recipients (cc): ["linux-kernel@vger.kernel.org"]
crash: WARNING in fuse_writepages_fill
------------[ cut here ]------------
WARNING: CPU: 1 PID: 593 at fs/fuse/file.c:1835 spin_unlock include/linux/spinlock.h:403 [inline]
WARNING: CPU: 1 PID: 593 at fs/fuse/file.c:1835 __fuse_write_file_get fs/fuse/file.c:1827 [inline]
WARNING: CPU: 1 PID: 593 at fs/fuse/file.c:1835 fuse_write_file_get fs/fuse/file.c:1834 [inline]
WARNING: CPU: 1 PID: 593 at fs/fuse/file.c:1835 fuse_writepages_fill+0x1665/0x1e30 fs/fuse/file.c:2140
Modules linked in:
CPU: 1 PID: 593 Comm: kworker/u4:3 Not tainted 5.15.0-rc6-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Workqueue: writeback wb_workfn (flush-0:40)
RIP: 0010:fuse_write_file_get fs/fuse/file.c:1835 [inline]
RIP: 0010:fuse_write_file_get fs/fuse/file.c:1832 [inline]
RIP: 0010:fuse_writepages_fill+0x1665/0x1e30 fs/fuse/file.c:2140
Code: 91 c0 27 ff 4c 8b 44 24 20 e9 79 eb ff ff 4c 89 44 24 20 e8 7d c0 27 ff 4c 8b 44 24 20 e9 91 eb ff ff 4c 89 e7 e8 3b 9f e5 05 <0f> 0b 48 b8 00 00 00 00 00 fc ff df 48 8b 54 24 18 48 c1 ea 03 80
RSP: 0018:ffffc9000348f3c8 EFLAGS: 00010286
RAX: 0000000080000000 RBX: ffffc9000348f630 RCX: 0000000000000000
RDX: 0000000000000001 RSI: 0000000000000004 RDI: 0000000000000001
RBP: 0000000000000000 R08: 0000000000000000 R09: ffff888073a585e3
R10: ffffed100e74b0bc R11: 000000000007a089 R12: ffff888073a585e0
R13: ffff888073a584c8 R14: ffff88806f359000 R15: ffffc9000348f640
FS:  0000000000000000(0000) GS:ffff8880b9f00000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000000020005000 CR3: 0000000024a69000 CR4: 00000000003506e0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
 write_cache_pages+0x53d/0xd40 mm/page-writeback.c:2255
 fuse_writepages+0x1a5/0x2c0 fs/fuse/file.c:2242
 do_writepages+0x16c/0x6e0 mm/page-writeback.c:2364
 __writeback_single_inode+0xd6/0xaf0 fs/fs-writeback.c:1616
 writeback_sb_inodes+0x466/0xc50 fs/fs-writeback.c:1881
 __writeback_inodes_wb+0xb2/0x200 fs/fs-writeback.c:1950
 wb_writeback+0x5a6/0x8b0 fs/fs-writeback.c:2055
 wb_check_background_flush fs/fs-writeback.c:2121 [inline]
 wb_do_writeback fs/fs-writeback.c:2209 [inline]
 wb_workfn+0x72f/0xf30 fs/fs-writeback.c:2237
 process_one_work+0x85b/0x1430 kernel/workqueue.c:2297
 worker_thread+0x598/0x1040 kernel/workqueue.c:2444
 kthread+0x38b/0x460 kernel/kthread.c:319
 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:295