bisecting cause commit starting from 3f018f4a019a1110527910bac52161e57107957c
building syzkaller on b0e8efcb4b0aac61f4647a76bbe54a5d38a370ba
testing commit 3f018f4a019a1110527910bac52161e57107957c with gcc (GCC) 8.1.0
all runs: crashed: general protection fault in fanotify_handle_event
testing release v5.0
testing commit 1c163f4c7b3f621efff9b28a47abb36f7378d783 with gcc (GCC) 8.1.0
all runs: OK
# git bisect start 3f018f4a019a1110527910bac52161e57107957c v5.0
Bisecting: 10990 revisions left to test after this (roughly 14 steps)
[92825b0298ca6822085ef483f914b6e0dea9bf66] Merge tag 'for-5.1-part2-tag' of git://git.kernel.org/pub/scm/linux/kernel/git/kdave/linux
testing commit 92825b0298ca6822085ef483f914b6e0dea9bf66 with gcc (GCC) 8.1.0
all runs: crashed: general protection fault in fanotify_handle_event
# git bisect bad 92825b0298ca6822085ef483f914b6e0dea9bf66
Bisecting: 5482 revisions left to test after this (roughly 13 steps)
[da2577fe63f865cd9dc785a42c29c0071f567a35] Merge tag 'sound-5.1-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/tiwai/sound
testing commit da2577fe63f865cd9dc785a42c29c0071f567a35 with gcc (GCC) 8.1.0
all runs: OK
# git bisect good da2577fe63f865cd9dc785a42c29c0071f567a35
Bisecting: 2735 revisions left to test after this (roughly 12 steps)
[851ca779d110f694b5d078bc4af06d3ad37169e8] Merge tag 'drm-next-2019-03-06' of git://anongit.freedesktop.org/drm/drm
testing commit 851ca779d110f694b5d078bc4af06d3ad37169e8 with gcc (GCC) 8.1.0
all runs: crashed: general protection fault in fanotify_handle_event
# git bisect bad 851ca779d110f694b5d078bc4af06d3ad37169e8
Bisecting: 1313 revisions left to test after this (roughly 11 steps)
[6c3ac1134371b51c9601171af2c32153ccb11100] Merge tag 'powerpc-5.1-1' of git://git.kernel.org/pub/scm/linux/kernel/git/powerpc/linux
testing commit 6c3ac1134371b51c9601171af2c32153ccb11100 with gcc (GCC) 8.1.0
all runs: crashed: general protection fault in fanotify_handle_event
# git bisect bad 6c3ac1134371b51c9601171af2c32153ccb11100
Bisecting: 712 revisions left to test after this (roughly 10 steps)
[67e79a6dc2664a3ef85113440e60f7aaca3c7815] Merge tag 'tty-5.1-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/tty
testing commit 67e79a6dc2664a3ef85113440e60f7aaca3c7815 with gcc (GCC) 8.1.0
all runs: OK
# git bisect good 67e79a6dc2664a3ef85113440e60f7aaca3c7815
Bisecting: 331 revisions left to test after this (roughly 9 steps)
[9e1fd794cb6bf813a40849a1fc236703bdcbc1a7] Merge tag 'xfs-5.1-merge-4' of git://git.kernel.org/pub/scm/fs/xfs/xfs-linux
testing commit 9e1fd794cb6bf813a40849a1fc236703bdcbc1a7 with gcc (GCC) 8.1.0
all runs: crashed: general protection fault in fanotify_handle_event
# git bisect bad 9e1fd794cb6bf813a40849a1fc236703bdcbc1a7
Bisecting: 189 revisions left to test after this (roughly 8 steps)
[a9913f23f39f4aa74956587a03e78b758a10c314] Merge tag 'fs_for_v5.1-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/jack/linux-fs
testing commit a9913f23f39f4aa74956587a03e78b758a10c314 with gcc (GCC) 8.1.0
all runs: OK
# git bisect good a9913f23f39f4aa74956587a03e78b758a10c314
Bisecting: 97 revisions left to test after this (roughly 7 steps)
[f65e25e343cfc0e6f4db9a687c4085fad268325d] btrfs: Remove unnecessary casts in btrfs_read_root_item
testing commit f65e25e343cfc0e6f4db9a687c4085fad268325d with gcc (GCC) 8.1.0
all runs: OK
# git bisect good f65e25e343cfc0e6f4db9a687c4085fad268325d
Bisecting: 48 revisions left to test after this (roughly 6 steps)
[c8b54673b30a9668d626a9e48d1659c21300f2a4] xfs: factor out two helpers from xfs_bmapi_write
testing commit c8b54673b30a9668d626a9e48d1659c21300f2a4 with gcc (GCC) 8.1.0
all runs: OK
# git bisect good c8b54673b30a9668d626a9e48d1659c21300f2a4
Bisecting: 24 revisions left to test after this (roughly 5 steps)
[fabf7f29b3e2ce5ed9741bf06f3583cd7e82ed1c] fanotify: Use interruptible wait when waiting for permission events
testing commit fabf7f29b3e2ce5ed9741bf06f3583cd7e82ed1c with gcc (GCC) 8.1.0
all runs: crashed: general protection fault in fanotify_handle_event
# git bisect bad fabf7f29b3e2ce5ed9741bf06f3583cd7e82ed1c
Bisecting: 11 revisions left to test after this (roughly 4 steps)
[73072283a249c798838e09813760db8bcdd9cd3a] fanotify: use vfs_get_fsid() helper instead of vfs_statfs()
testing commit 73072283a249c798838e09813760db8bcdd9cd3a with gcc (GCC) 8.1.0
all runs: crashed: general protection fault in fanotify_handle_event
# git bisect bad 73072283a249c798838e09813760db8bcdd9cd3a
Bisecting: 5 revisions left to test after this (roughly 3 steps)
[bb2f7b4542c7a1d023d516af37dc70bb49db0438] fanotify: open code fill_event_metadata()
testing commit bb2f7b4542c7a1d023d516af37dc70bb49db0438 with gcc (GCC) 8.1.0
all runs: OK
# git bisect good bb2f7b4542c7a1d023d516af37dc70bb49db0438
Bisecting: 2 revisions left to test after this (roughly 2 steps)
[a8b13aa20afb69161b5123b4f1acc7ea0a03d360] fanotify: enable FAN_REPORT_FID init flag
testing commit a8b13aa20afb69161b5123b4f1acc7ea0a03d360 with gcc (GCC) 8.1.0
all runs: OK
# git bisect good a8b13aa20afb69161b5123b4f1acc7ea0a03d360
Bisecting: 0 revisions left to test after this (roughly 1 step)
[ec86ff5689ff9605e2d57e016098764ad9a2fee5] vfs: add vfs_get_fsid() helper
testing commit ec86ff5689ff9605e2d57e016098764ad9a2fee5 with gcc (GCC) 8.1.0
all runs: crashed: general protection fault in fanotify_handle_event
# git bisect bad ec86ff5689ff9605e2d57e016098764ad9a2fee5
Bisecting: 0 revisions left to test after this (roughly 0 steps)
[77115225acc67d9ac4b15f04dd138006b9cd1ef2] fanotify: cache fsid in fsnotify_mark_connector
testing commit 77115225acc67d9ac4b15f04dd138006b9cd1ef2 with gcc (GCC) 8.1.0
all runs: crashed: general protection fault in fanotify_handle_event
# git bisect bad 77115225acc67d9ac4b15f04dd138006b9cd1ef2
77115225acc67d9ac4b15f04dd138006b9cd1ef2 is the first bad commit
commit 77115225acc67d9ac4b15f04dd138006b9cd1ef2
Author: Amir Goldstein <amir73il@gmail.com>
Date:   Thu Jan 10 19:04:37 2019 +0200

    fanotify: cache fsid in fsnotify_mark_connector
    
    For FAN_REPORT_FID, we need to encode fid with fsid of the filesystem on
    every event. To avoid having to call vfs_statfs() on every event to get
    fsid, we store the fsid in fsnotify_mark_connector on the first time we
    add a mark and on handle event we use the cached fsid.
    
    Subsequent calls to add mark on the same object are expected to pass the
    same fsid, so the call will fail on cached fsid mismatch.
    
    If an event is reported on several mark types (inode, mount, filesystem),
    all connectors should already have the same fsid, so we use the cached
    fsid from the first connector.
    
    [JK: Simplify code flow around fanotify_get_fid()
         make fsid argument of fsnotify_add_mark_locked() unconditional]
    
    Suggested-by: Jan Kara <jack@suse.cz>
    Signed-off-by: Amir Goldstein <amir73il@gmail.com>
    Signed-off-by: Jan Kara <jack@suse.cz>

:040000 040000 ffd3c8f7b5f56f7bbec6a2792e4e86309f10e9a1 c0597adb3fc5b5a8a645f76a04756efb492ac487 M	fs
:040000 040000 2bdc3ecc082331f5fb8e1e552c60e25274340ecf 0da8d9128b922867c09e7779c12fdb2224c0748e M	include
revisions tested: 17, total time: 4h20m15.466855399s (build: 1h39m29.465141817s, test: 2h34m55.746515605s)
first bad commit: 77115225acc67d9ac4b15f04dd138006b9cd1ef2 fanotify: cache fsid in fsnotify_mark_connector
cc: ["amir73il@gmail.com" "jack@suse.cz" "linux-fsdevel@vger.kernel.org" "linux-kernel@vger.kernel.org"]
crash: general protection fault in fanotify_handle_event
kasan: CONFIG_KASAN_INLINE enabled
kasan: GPF could be caused by NULL-ptr deref or user memory access
general protection fault: 0000 [#1] PREEMPT SMP KASAN
CPU: 1 PID: 11113 Comm: syz-executor.5 Not tainted 5.0.0-rc4+ #1
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
RIP: 0010:fanotify_get_fsid fs/notify/fanotify/fanotify.c:273 [inline]
RIP: 0010:fanotify_handle_event+0x50e/0xb27 fs/notify/fanotify/fanotify.c:325
Code: 00 00 4d 8b 30 49 8d 7e 68 48 89 f8 48 c1 e8 03 42 80 3c 28 00 0f 85 a2 05 00 00 4d 8b 76 68 49 8d 7e 3c 48 89 f8 48 c1 e8 03 <46> 0f b6 0c 28 48 89 f8 83 e0 07 83 c0 03 44 38 c8 7c 09 45 84 c9
RSP: 0018:ffff88807dddfb80 EFLAGS: 00010203
RAX: 0000000000000007 RBX: 0000000000000002 RCX: ffff88809993f5d0
RDX: 0000000000000002 RSI: ffff88809dfdb3b0 RDI: 000000000000003c
RBP: ffff88807dddfcc0 R08: ffff88807dddfd70 R09: 0000000000000002
R10: 0000000000000002 R11: 0000000000400000 R12: 0000000000000000
R13: dffffc0000000000 R14: 0000000000000000 R15: 0000000000000001
FS:  00007ffaa6036700(0000) GS:ffff8880aeb00000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007f5522b73000 CR3: 0000000091fc3000 CR4: 00000000001406e0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
 send_to_group fs/notify/fsnotify.c:243 [inline]
 fsnotify+0x53c/0xab0 fs/notify/fsnotify.c:381
 fsnotify_path include/linux/fsnotify.h:54 [inline]
 fsnotify_modify include/linux/fsnotify.h:247 [inline]
 vfs_write+0x38c/0x4e0 fs/read_write.c:551
 ksys_write+0xcd/0x1b0 fs/read_write.c:598
 __do_sys_write fs/read_write.c:610 [inline]
 __se_sys_write fs/read_write.c:607 [inline]
 __x64_sys_write+0x6e/0xb0 fs/read_write.c:607
 do_syscall_64+0xd6/0x4e0 arch/x86/entry/common.c:290
 entry_SYSCALL_64_after_hwframe+0x49/0xbe
RIP: 0033:0x458c29
Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00
RSP: 002b:00007ffaa6035c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000458c29
RDX: 0000000000000007 RSI: 0000000020000080 RDI: 0000000000000006
RBP: 000000000073bfa0 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffaa60366d4
R13: 00000000004c8386 R14: 00000000004de8b8 R15: 00000000ffffffff
Modules linked in:
---[ end trace 4c67a6de0e77bac3 ]---
RIP: 0010:fanotify_get_fsid fs/notify/fanotify/fanotify.c:273 [inline]
RIP: 0010:fanotify_handle_event+0x50e/0xb27 fs/notify/fanotify/fanotify.c:325
Code: 00 00 4d 8b 30 49 8d 7e 68 48 89 f8 48 c1 e8 03 42 80 3c 28 00 0f 85 a2 05 00 00 4d 8b 76 68 49 8d 7e 3c 48 89 f8 48 c1 e8 03 <46> 0f b6 0c 28 48 89 f8 83 e0 07 83 c0 03 44 38 c8 7c 09 45 84 c9
RSP: 0018:ffff88807dddfb80 EFLAGS: 00010203
RAX: 0000000000000007 RBX: 0000000000000002 RCX: ffff88809993f5d0
RDX: 0000000000000002 RSI: ffff88809dfdb3b0 RDI: 000000000000003c
RBP: ffff88807dddfcc0 R08: ffff88807dddfd70 R09: 0000000000000002
R10: 0000000000000002 R11: 0000000000400000 R12: 0000000000000000
R13: dffffc0000000000 R14: 0000000000000000 R15: 0000000000000001
FS:  00007ffaa6036700(0000) GS:ffff8880aeb00000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007f5522b73000 CR3: 0000000091fc3000 CR4: 00000000001406e0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400