bisecting cause commit starting from ccaaaf6fe5a5e1fffca5cca0f3fc4ec84d7ae752
building syzkaller on c30117b2ace7866719409f4c11bf5433062b8169
testing commit ccaaaf6fe5a5e1fffca5cca0f3fc4ec84d7ae752 with gcc (GCC) 8.1.0
kernel signature: 66b7f19f9dfac2bdc9e56336b4a13e2064ea2e948f9042d4ab2315f06ecb92c3
run #0: crashed: general protection fault in path_openat
run #1: crashed: general protection fault in path_openat
run #2: crashed: general protection fault in path_openat
run #3: crashed: general protection fault in path_openat
run #4: crashed: general protection fault in path_openat
run #5: OK
run #6: OK
run #7: OK
run #8: OK
run #9: crashed: general protection fault in path_openat
testing release v5.5
testing commit d5226fa6dbae0569ee43ecfc08bdcd6770fc4755 with gcc (GCC) 8.1.0
kernel signature: 1f86fb9dfbb7aecca3f668e9e183f75adf1beb5d565bcb8139cd11ebd74707d1
run #0: crashed: general protection fault in path_openat
run #1: crashed: general protection fault in path_openat
run #2: crashed: general protection fault in path_openat
run #3: crashed: general protection fault in path_openat
run #4: OK
run #5: OK
run #6: OK
run #7: OK
run #8: OK
run #9: OK
testing release v5.4
testing commit 219d54332a09e8d8741c1e1982f5eae56099de85 with gcc (GCC) 8.1.0
kernel signature: b38a788463ca242ef25fe326f043d8f8091193c68ca94f26a93be658b8a6a08c
all runs: OK
# git bisect start d5226fa6dbae0569ee43ecfc08bdcd6770fc4755 219d54332a09e8d8741c1e1982f5eae56099de85
Bisecting: 8639 revisions left to test after this (roughly 13 steps)
[8c39f71ee2019e77ee14f88b1321b2348db51820] Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net
testing commit 8c39f71ee2019e77ee14f88b1321b2348db51820 with gcc (GCC) 8.1.0
kernel signature: a5b25192bbf6d65daa30a7b53273477de62bbe27433f1c29fd2567a701346a82
all runs: OK
# git bisect good 8c39f71ee2019e77ee14f88b1321b2348db51820
Bisecting: 4316 revisions left to test after this (roughly 12 steps)
[76bb8b05960c3d1668e6bee7624ed886cbd135ba] Merge tag 'kbuild-v5.5' of git://git.kernel.org/pub/scm/linux/kernel/git/masahiroy/linux-kbuild
testing commit 76bb8b05960c3d1668e6bee7624ed886cbd135ba with gcc (GCC) 8.1.0
kernel signature: 93f926abeb10b3b427b706dc6a1ef0fb26e032594c7850a2ebd756a2ecbdb629
all runs: OK
# git bisect good 76bb8b05960c3d1668e6bee7624ed886cbd135ba
Bisecting: 2158 revisions left to test after this (roughly 11 steps)
[018e0e3594f7dcd029d258e368c485e742fa9cdb] habanalabs: rate limit error msg on waiting for CS
testing commit 018e0e3594f7dcd029d258e368c485e742fa9cdb with gcc (GCC) 8.1.0
kernel signature: 8e9d5571b3cceef56421bbea6bcc731eca7e6ebbaac916506043ee209c5a1044
all runs: OK
# git bisect good 018e0e3594f7dcd029d258e368c485e742fa9cdb
Bisecting: 1079 revisions left to test after this (roughly 10 steps)
[ec34c0157580a68c10dccbdd18c7701f0b317172] Merge git://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf
testing commit ec34c0157580a68c10dccbdd18c7701f0b317172 with gcc (GCC) 8.1.0
kernel signature: c92a276653fff11f273a1d67a6e56cb7d69711690604bfdb9ab23e18fe6a6243
all runs: OK
# git bisect good ec34c0157580a68c10dccbdd18c7701f0b317172
Bisecting: 538 revisions left to test after this (roughly 9 steps)
[51d69817519f5f00041a1a039277f0367d76c82c] Merge tag 'platform-drivers-x86-v5.5-3' of git://git.infradead.org/linux-platform-drivers-x86
testing commit 51d69817519f5f00041a1a039277f0367d76c82c with gcc (GCC) 8.1.0
kernel signature: 8feb51fc9672481192353f650b377204b3e90e1a0a69f667a9063e1bc2d85ab4
all runs: OK
# git bisect good 51d69817519f5f00041a1a039277f0367d76c82c
Bisecting: 227 revisions left to test after this (roughly 8 steps)
[11a827294755ce3d07e14cfe257b3ec16ab56f34] Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net
testing commit 11a827294755ce3d07e14cfe257b3ec16ab56f34 with gcc (GCC) 8.1.0
kernel signature: d96328eab451a82b68b53f4cd8f5ae46a01e56bcdc8ecae318de3d5906fec6d4
all runs: OK
# git bisect good 11a827294755ce3d07e14cfe257b3ec16ab56f34
Bisecting: 114 revisions left to test after this (roughly 7 steps)
[722943a54de95343c97c2a9ad658253393632f97] Merge tag 'mlx5-fixes-2020-01-24' of git://git.kernel.org/pub/scm/linux/kernel/git/saeed/linux
testing commit 722943a54de95343c97c2a9ad658253393632f97 with gcc (GCC) 8.1.0
kernel signature: 502d09fd5e886778de66fea6ed731577e21ca2bb5fe47dca6018e254552cfe9e
all runs: OK
# git bisect good 722943a54de95343c97c2a9ad658253393632f97
Bisecting: 58 revisions left to test after this (roughly 6 steps)
[274adbff45e3c26c65b2e103581d2ab5834b0b7c] Merge tag 'drm-fixes-2020-01-24' of git://anongit.freedesktop.org/drm/drm
testing commit 274adbff45e3c26c65b2e103581d2ab5834b0b7c with gcc (GCC) 8.1.0
kernel signature: 05f7e3bec3f826914bb35e94e91a220a9de7cdc395b874b550b3da67172bafe4
all runs: OK
# git bisect good 274adbff45e3c26c65b2e103581d2ab5834b0b7c
Bisecting: 30 revisions left to test after this (roughly 5 steps)
[a075f23dd4b036ebaf918b3af477aa1f249ddfa0] Merge tag 'for-5.5-rc8-tag' of git://git.kernel.org/pub/scm/linux/kernel/git/kdave/linux
testing commit a075f23dd4b036ebaf918b3af477aa1f249ddfa0 with gcc (GCC) 8.1.0
kernel signature: 25105b8ae7297d4bbeaeeb592a42c6d829e413531c5138f111f94660d58c6bc7
all runs: OK
# git bisect good a075f23dd4b036ebaf918b3af477aa1f249ddfa0
Bisecting: 14 revisions left to test after this (roughly 4 steps)
[84809aaf78b5b4c2e6478dc6121a1c8fb439a024] Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net
testing commit 84809aaf78b5b4c2e6478dc6121a1c8fb439a024 with gcc (GCC) 8.1.0
kernel signature: 192a143de6c81758950ee8d7b5cd5e50261b89a3c3194e5411a68c7100f66157
all runs: OK
# git bisect good 84809aaf78b5b4c2e6478dc6121a1c8fb439a024
Bisecting: 8 revisions left to test after this (roughly 3 steps)
[b1b298914f3ae226e99c98042c1648f740015724] Merge branch 'fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs
testing commit b1b298914f3ae226e99c98042c1648f740015724 with gcc (GCC) 8.1.0
kernel signature: 45f243857f6b0cdbafd660e893802bcabf98543b90b3f3e49827c9e6c68008e3
run #0: crashed: general protection fault in path_openat
run #1: crashed: general protection fault in path_openat
run #2: OK
run #3: OK
run #4: OK
run #5: OK
run #6: OK
run #7: OK
run #8: OK
run #9: OK
# git bisect bad b1b298914f3ae226e99c98042c1648f740015724
Bisecting: 2 revisions left to test after this (roughly 2 steps)
[2821e26f3a0a3872184581caac8115bb02641941] Merge tag 'for-linus' of git://git.armlinux.org.uk/~rmk/linux-arm
testing commit 2821e26f3a0a3872184581caac8115bb02641941 with gcc (GCC) 8.1.0
kernel signature: 6066f5be473ebd3f54da992cd6b52dd3209bac7441381d96092355f3440fa65e
all runs: OK
# git bisect good 2821e26f3a0a3872184581caac8115bb02641941
Bisecting: 1 revision left to test after this (roughly 1 step)
[d0cb50185ae942b03c4327be322055d622dc79f6] do_last(): fetch directory ->i_mode and ->i_uid before it's too late
testing commit d0cb50185ae942b03c4327be322055d622dc79f6 with gcc (GCC) 8.1.0
kernel signature: cbb357f854ab7a668fd44dc213ef5fffca198f33573fc6f42ae6a75acfccf705
run #0: crashed: general protection fault in path_openat
run #1: crashed: general protection fault in path_openat
run #2: crashed: general protection fault in path_openat
run #3: OK
run #4: OK
run #5: OK
run #6: OK
run #7: OK
run #8: OK
run #9: OK
# git bisect bad d0cb50185ae942b03c4327be322055d622dc79f6
d0cb50185ae942b03c4327be322055d622dc79f6 is the first bad commit
commit d0cb50185ae942b03c4327be322055d622dc79f6
Author: Al Viro <viro@zeniv.linux.org.uk>
Date:   Sun Jan 26 09:29:34 2020 -0500

    do_last(): fetch directory ->i_mode and ->i_uid before it's too late
    
    may_create_in_sticky() call is done when we already have dropped the
    reference to dir.
    
    Fixes: 30aba6656f61e (namei: allow restricted O_CREAT of FIFOs and regular files)
    Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>

 fs/namei.c | 17 ++++++++++-------
 1 file changed, 10 insertions(+), 7 deletions(-)
parent commit 508c8772760d4ef9c1a044519b564710c3684fc5 wasn't tested
testing commit 508c8772760d4ef9c1a044519b564710c3684fc5 with gcc (GCC) 8.1.0
kernel signature: 202fc4e9dd895fea1737a72a56f3b8e5c56125dbdf1318019315d3130c84cb2e
culprit signature: cbb357f854ab7a668fd44dc213ef5fffca198f33573fc6f42ae6a75acfccf705
parent  signature: 202fc4e9dd895fea1737a72a56f3b8e5c56125dbdf1318019315d3130c84cb2e
revisions tested: 16, total time: 4h52m2.080308617s (build: 1h47m54.909788124s, test: 3h2m55.332761315s)
first bad commit: d0cb50185ae942b03c4327be322055d622dc79f6 do_last(): fetch directory ->i_mode and ->i_uid before it's too late
cc: ["linux-fsdevel@vger.kernel.org" "linux-kernel@vger.kernel.org" "viro@zeniv.linux.org.uk"]
crash: general protection fault in path_openat
kasan: CONFIG_KASAN_INLINE enabled
kasan: GPF could be caused by NULL-ptr deref or user memory access
general protection fault: 0000 [#1] PREEMPT SMP KASAN
CPU: 1 PID: 3718 Comm: udevd Not tainted 5.5.0-rc1-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
RIP: 0010:do_last fs/namei.c:3205 [inline]
RIP: 0010:path_openat+0x1ef/0x2d90 fs/namei.c:3476
Code: 4d 8b 56 08 4d 8d 5a 58 4c 89 d8 48 c1 e8 03 42 80 3c 28 00 0f 85 7b 1e 00 00 4d 8b 62 58 49 8d 7c 24 04 48 89 f8 48 c1 e8 03 <42> 0f b6 14 28 48 89 f8 83 e0 07 83 c0 03 38 d0 7c 08 84 d2 0f 85
RSP: 0018:ffffc900033c7798 EFLAGS: 00010247
RAX: 0000000000000000 RBX: ffffc900033c7b48 RCX: 0000000000000004
RDX: 0000000000000003 RSI: 0000001479334d54 RDI: 0000000000000004
RBP: ffffc900033c7950 R08: ffff8880a74865bb R09: ffffc900033c7990
R10: ffff8880a1cb3600 R11: ffff8880a1cb3658 R12: 0000000000000000
R13: dffffc0000000000 R14: ffffc900033c7990 R15: ffffc900033c7990
FS:  00007ff80325d7a0(0000) GS:ffff8880aeb00000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007fd787aeb110 CR3: 00000000a4f9d000 CR4: 00000000001406e0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
 do_filp_open+0x177/0x250 fs/namei.c:3506
 do_open_execat+0xe1/0x4f0 fs/exec.c:856
 open_exec+0x2e/0x50 fs/exec.c:888
 load_elf_binary+0x4af/0x4b70 fs/binfmt_elf.c:759
 search_binary_handler+0x11f/0x620 fs/exec.c:1658
 exec_binprm fs/exec.c:1701 [inline]
 __do_execve_file.isra.35+0x1288/0x1f90 fs/exec.c:1821
 do_execveat_common fs/exec.c:1867 [inline]
 do_execve fs/exec.c:1884 [inline]
 __do_sys_execve fs/exec.c:1960 [inline]
 __se_sys_execve fs/exec.c:1955 [inline]
 __x64_sys_execve+0x8a/0xb0 fs/exec.c:1955
 do_syscall_64+0xca/0x5f0 arch/x86/entry/common.c:294
 entry_SYSCALL_64_after_hwframe+0x49/0xbe
RIP: 0033:0x7ff802941207
Code: 77 19 f4 48 89 d7 44 89 c0 0f 05 48 3d 00 f0 ff ff 76 e0 f7 d8 64 41 89 01 eb d8 f7 d8 64 41 89 01 eb df b8 3b 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 02 f3 c3 48 8b 15 00 8c 2d 00 f7 d8 64 89 02
RSP: 002b:00007ffde3a06b18 EFLAGS: 00000206 ORIG_RAX: 000000000000003b
RAX: ffffffffffffffda RBX: 00000000ffffffff RCX: 00007ff802941207
RDX: 0000000000ac11d0 RSI: 00007ffde3a06c10 RDI: 00007ffde3a07c20
RBP: 0000000000625500 R08: 0000000000001f42 R09: 0000000000001f42
R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000ac11d0
R13: 0000000000000007 R14: 0000000000abc250 R15: 0000000000000005
Modules linked in:
---[ end trace 7a2b759e669d2c19 ]---
RIP: 0010:do_last fs/namei.c:3205 [inline]
RIP: 0010:path_openat+0x1ef/0x2d90 fs/namei.c:3476
Code: 4d 8b 56 08 4d 8d 5a 58 4c 89 d8 48 c1 e8 03 42 80 3c 28 00 0f 85 7b 1e 00 00 4d 8b 62 58 49 8d 7c 24 04 48 89 f8 48 c1 e8 03 <42> 0f b6 14 28 48 89 f8 83 e0 07 83 c0 03 38 d0 7c 08 84 d2 0f 85
RSP: 0018:ffffc900033c7798 EFLAGS: 00010247
RAX: 0000000000000000 RBX: ffffc900033c7b48 RCX: 0000000000000004
RDX: 0000000000000003 RSI: 0000001479334d54 RDI: 0000000000000004
RBP: ffffc900033c7950 R08: ffff8880a74865bb R09: ffffc900033c7990
R10: ffff8880a1cb3600 R11: ffff8880a1cb3658 R12: 0000000000000000
R13: dffffc0000000000 R14: ffffc900033c7990 R15: ffffc900033c7990
FS:  00007ff80325d7a0(0000) GS:ffff8880aeb00000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007fd787aeb110 CR3: 00000000a4f9d000 CR4: 00000000001406e0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400