ci starts bisection 2024-03-12 23:17:34.241999812 +0000 UTC m=+39165.510281290 bisecting cause commit starting from 0f1a876682f0979d6a1e5f86861dd562d1758936 building syzkaller on 6ee49f2e61b06b3d64c676dd2232a5ac362902a6 ensuring issue is reproducible on original commit 0f1a876682f0979d6a1e5f86861dd562d1758936 testing commit 0f1a876682f0979d6a1e5f86861dd562d1758936 gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: bbc7d99c73797477bcf4096dce67b6b87f112c3780c7173905c7d418262ebd41 all runs: crashed: WARNING in stashed_dentry_prune representative crash: WARNING in stashed_dentry_prune, types: [WARNING] check whether we can drop unnecessary instrumentation disabling configs for [HANG LEAK UBSAN KASAN LOCKDEP ATOMIC_SLEEP], they are not needed testing commit 0f1a876682f0979d6a1e5f86861dd562d1758936 gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: f99ebd992d7334ba2b6ee601c84b32d810b9a1c9066ae1d9c07b25061a90131c all runs: crashed: WARNING in stashed_dentry_prune representative crash: WARNING in stashed_dentry_prune, types: [WARNING] the bug reproduces without the instrumentation disabling configs for [KASAN LOCKDEP ATOMIC_SLEEP HANG LEAK UBSAN], they are not needed kconfig minimization: base=3937 full=7963 leaves diff=2022 split chunks (needed=false): <2022> split chunk #0 of len 2022 into 5 parts testing without sub-chunk 1/5 disabling configs for [KASAN LOCKDEP ATOMIC_SLEEP HANG LEAK UBSAN], they are not needed testing commit 0f1a876682f0979d6a1e5f86861dd562d1758936 gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 76917135c435bd6701ccec0dde0a3af519b3a339be0197688a0c8a65a3277ed1 all runs: crashed: WARNING in stashed_dentry_prune representative crash: WARNING in stashed_dentry_prune, types: [WARNING] the chunk can be dropped testing without sub-chunk 2/5 disabling configs for [KASAN LOCKDEP ATOMIC_SLEEP HANG LEAK UBSAN], they are not needed testing commit 0f1a876682f0979d6a1e5f86861dd562d1758936 gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 296ae3f16ef6d6cecef520b4244d5ea91fe979ed10d46e0f5fd3a1b8e3bd9cbe all runs: crashed: WARNING in stashed_dentry_prune representative crash: WARNING in stashed_dentry_prune, types: [WARNING] the chunk can be dropped testing without sub-chunk 3/5 disabling configs for [HANG LEAK UBSAN KASAN LOCKDEP ATOMIC_SLEEP], they are not needed testing commit 0f1a876682f0979d6a1e5f86861dd562d1758936 gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 90b1814836dbcd34bd75b8327e9f1999cce60dcbaedf69732c556beed34f1632 all runs: crashed: WARNING in stashed_dentry_prune representative crash: WARNING in stashed_dentry_prune, types: [WARNING] the chunk can be dropped testing without sub-chunk 4/5 disabling configs for [ATOMIC_SLEEP HANG LEAK UBSAN KASAN LOCKDEP], they are not needed testing commit 0f1a876682f0979d6a1e5f86861dd562d1758936 gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 953375c24d28147899b923eb8c87d1bf44c22e549a99ff6cece61efd9f06b2ed all runs: crashed: WARNING in stashed_dentry_prune representative crash: WARNING in stashed_dentry_prune, types: [WARNING] the chunk can be dropped testing without sub-chunk 5/5 disabling configs for [LOCKDEP ATOMIC_SLEEP HANG LEAK UBSAN KASAN], they are not needed testing commit 0f1a876682f0979d6a1e5f86861dd562d1758936 gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 022682ad8216036237dc9f1f78f5aa82441f73aa078993407e1190e6e641ed10 all runs: crashed: WARNING in stashed_dentry_prune representative crash: WARNING in stashed_dentry_prune, types: [WARNING] the chunk can be dropped disabling configs for [KASAN LOCKDEP ATOMIC_SLEEP HANG LEAK UBSAN], they are not needed picked [v6.8 v6.7 v6.6 v6.4 v6.2 v6.0 v5.18 v5.16 v5.13 v5.10 v5.7 v5.4 v5.1 v4.19] out of 31 release tags testing release v6.8 testing commit e8f897f4afef0031fe618a8e94127a0934896aba gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 850be8ef0b23c4c1ff644cbea170c5ffd016bfc5e6df4d5af5134680eca1abd5 all runs: OK false negative chance: 0.000 # git bisect start 0f1a876682f0979d6a1e5f86861dd562d1758936 e8f897f4afef0031fe618a8e94127a0934896aba Bisecting: 148 revisions left to test after this (roughly 7 steps) [7ea65c89d864f1e9aa892eec85625a96fa9acee6] Merge tag 'vfs-6.9.misc' of git://git.kernel.org/pub/scm/linux/kernel/git/vfs/vfs testing commit 7ea65c89d864f1e9aa892eec85625a96fa9acee6 gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: bc2b61a3a11cf5dc2fbecfae9981be16b79317a687179c837b39ec5790409fe4 all runs: OK false negative chance: 0.000 # git bisect good 7ea65c89d864f1e9aa892eec85625a96fa9acee6 Bisecting: 96 revisions left to test after this (roughly 6 steps) [14786d949a3b8cf00cc32456363b7db22894a0e6] filelock: fix deadlock detection in POSIX locking testing commit 14786d949a3b8cf00cc32456363b7db22894a0e6 gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 3cf22a34c85973fb2ea8741ac34d2725f7b2f268d7dfab6690a9f7b53229cd53 all runs: OK false negative chance: 0.000 # git bisect good 14786d949a3b8cf00cc32456363b7db22894a0e6 Bisecting: 45 revisions left to test after this (roughly 6 steps) [b5683a37c881e2e08065f1670086e281430ee19f] Merge tag 'vfs-6.9.pidfd' of git://git.kernel.org/pub/scm/linux/kernel/git/vfs/vfs testing commit b5683a37c881e2e08065f1670086e281430ee19f gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: f68c710021939d3b2f878ff0771cfa70dec80b1351123aa26b838925ae5b33e1 all runs: crashed: WARNING in stashed_dentry_prune representative crash: WARNING in stashed_dentry_prune, types: [WARNING] # git bisect bad b5683a37c881e2e08065f1670086e281430ee19f Bisecting: 23 revisions left to test after this (roughly 5 steps) [54126fafea5249480f9962863cfd5ca2e7ba3150] Merge tag 'vfs-6.9.iomap' of git://git.kernel.org/pub/scm/linux/kernel/git/vfs/vfs testing commit 54126fafea5249480f9962863cfd5ca2e7ba3150 gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 044a89e40c687321e1bf630451a4bfe4ca85f9fd4f2c06be2616340d04f06ca7 all runs: OK false negative chance: 0.000 # git bisect good 54126fafea5249480f9962863cfd5ca2e7ba3150 Bisecting: 11 revisions left to test after this (roughly 4 steps) [f0ece18e994144b7daa025b68ead97de26a2df1f] selftests: add ESRCH tests for pidfd_getfd() testing commit f0ece18e994144b7daa025b68ead97de26a2df1f gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: b8aad8251f36474687c8087be27003a0cfa7e857480d79e34a96a8bac0cdbd77 all runs: OK false negative chance: 0.000 # git bisect good f0ece18e994144b7daa025b68ead97de26a2df1f Bisecting: 5 revisions left to test after this (roughly 3 steps) [07fd7c329839cf0b8c7766883d830a1a0d12d1dd] libfs: add path_from_stashed() testing commit 07fd7c329839cf0b8c7766883d830a1a0d12d1dd gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 49d8a03fbeea3aa1958bcc509ab0561381cebe9e3ba5a75c5d090c04bd05422a all runs: OK false negative chance: 0.000 # git bisect good 07fd7c329839cf0b8c7766883d830a1a0d12d1dd Bisecting: 2 revisions left to test after this (roughly 2 steps) [159a0d9fd50b92cc48e4c82cde79c4cb34c85953] libfs: improve path_from_stashed() helper testing commit 159a0d9fd50b92cc48e4c82cde79c4cb34c85953 gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 8afe3895c67e9cd7b0798c6094f069278fe1e389f281605b7f600a91b84af3d0 all runs: OK false negative chance: 0.000 # git bisect good 159a0d9fd50b92cc48e4c82cde79c4cb34c85953 Bisecting: 0 revisions left to test after this (roughly 1 step) [e9c5263ce16d96311c118111ac779f004be8b473] libfs: improve path_from_stashed() testing commit e9c5263ce16d96311c118111ac779f004be8b473 gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: cec180c0d2be91259adff9cf58eccc6e57fa7b1ebb29970c30431ffe956a0ec3 all runs: crashed: WARNING in stashed_dentry_prune representative crash: WARNING in stashed_dentry_prune, types: [WARNING] # git bisect bad e9c5263ce16d96311c118111ac779f004be8b473 Bisecting: 0 revisions left to test after this (roughly 0 steps) [2558e3b23112adb82a558bab616890a790a38bc6] libfs: add stashed_dentry_prune() testing commit 2558e3b23112adb82a558bab616890a790a38bc6 gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 6e954d24efa9043c6be2ad78f5d67d6890ca47abcadf5cfb52975b2fee08299f all runs: crashed: WARNING in stashed_dentry_prune representative crash: WARNING in stashed_dentry_prune, types: [WARNING] # git bisect bad 2558e3b23112adb82a558bab616890a790a38bc6 2558e3b23112adb82a558bab616890a790a38bc6 is the first bad commit commit 2558e3b23112adb82a558bab616890a790a38bc6 Author: Christian Brauner Date: Wed Feb 21 09:59:51 2024 +0100 libfs: add stashed_dentry_prune() Both pidfs and nsfs use a memory location to stash a dentry for reuse by concurrent openers. Right now two custom dentry->d_prune::{ns,pidfs}_prune_dentry() methods are needed that do the same thing. The only thing that differs is that they need to get to the memory location to store or retrieve the dentry from differently. Fix that by remember the stashing location for the dentry in dentry->d_fsdata which allows us to retrieve it in dentry->d_prune. That in turn makes it possible to add a common helper that pidfs and nsfs can both use. Link: https://lore.kernel.org/r/CAHk-=wg8cHY=i3m6RnXQ2Y2W8psicKWQEZq1=94ivUiviM-0OA@mail.gmail.com Signed-off-by: Christian Brauner fs/internal.h | 1 + fs/libfs.c | 29 +++++++++++++++++++++++++++-- fs/nsfs.c | 16 ++-------------- fs/pidfs.c | 13 +------------ 4 files changed, 31 insertions(+), 28 deletions(-) accumulated error probability: 0.00 culprit signature: 6e954d24efa9043c6be2ad78f5d67d6890ca47abcadf5cfb52975b2fee08299f parent signature: 8afe3895c67e9cd7b0798c6094f069278fe1e389f281605b7f600a91b84af3d0 revisions tested: 17, total time: 6h2m11.738808295s (build: 3h57m5.937906794s, test: 1h54m16.4153246s) first bad commit: 2558e3b23112adb82a558bab616890a790a38bc6 libfs: add stashed_dentry_prune() recipients (to): ["brauner@kernel.org" "linux-kernel@vger.kernel.org"] recipients (cc): ["brauner@kernel.org" "jack@suse.cz" "linux-fsdevel@vger.kernel.org" "viro@zeniv.linux.org.uk"] crash: WARNING in stashed_dentry_prune WARNING: CPU: 1 PID: 3285 at fs/libfs.c:2110 stashed_dentry_prune+0x27/0x30 fs/libfs.c:2110 Modules linked in: CPU: 1 PID: 3285 Comm: syz-executor.2 Not tainted 6.8.0-rc1-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/29/2024 RIP: 0010:stashed_dentry_prune+0x27/0x30 fs/libfs.c:2110 Code: 90 90 90 f3 0f 1e fa 48 8b 8f f8 00 00 00 48 85 c9 74 16 48 83 7f 68 00 74 0a 31 d2 48 89 f8 f0 48 0f b1 11 c3 cc cc cc cc 90 <0f> 0b 90 c3 cc cc cc cc 90 90 90 90 90 90 90 90 90 90 90 90 90 90 RSP: 0018:ffffc900017e7db8 EFLAGS: 00010246 RAX: ffffffff8201f980 RBX: ffff888111492c30 RCX: 0000000000000000 RDX: f002853324f3be8d RSI: ffffffff823d8e33 RDI: ffff888111492c30 RBP: ffff8881006f2620 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: ffffffff813497d0 R12: fffffffffffffff4 R13: ffffffff81349586 R14: ffff888111492cc8 R15: ffffc900017e7e70 FS: 00007f1c4bfdd6c0(0000) GS:ffff888237d00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007f1c4bfdcff8 CR3: 000000010f6b2000 CR4: 00000000003506f0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: __dentry_kill+0x2f/0x200 fs/dcache.c:594 dput+0x75/0xe0 fs/dcache.c:845 prepare_anon_dentry fs/libfs.c:2007 [inline] path_from_stashed+0x1bb/0x280 fs/libfs.c:2088 pidfs_alloc_file+0x8d/0x110 fs/pidfs.c:227 __pidfd_prepare kernel/fork.c:2026 [inline] pidfd_prepare+0x4c/0x80 kernel/fork.c:2074 pidfd_create kernel/pid.c:614 [inline] __do_sys_pidfd_open kernel/pid.c:650 [inline] __se_sys_pidfd_open+0x54/0xe0 kernel/pid.c:635 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0xe6/0x200 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x6f/0x77 RIP: 0033:0x7f1c4c45bda9 Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 RSP: 002b:00007f1c4bfdd0b8 EFLAGS: 00000246 ORIG_RAX: 00000000000001b2 RAX: ffffffffffffffda RBX: 00007f1c4c589f80 RCX: 00007f1c4c45bda9 RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000005 RBP: 00007f1c4bfdd120 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 R13: 0000000000000006 R14: 00007f1c4c589f80 R15: 00007ffcf7e6d408