ci starts bisection 2024-05-09 14:39:01.877266352 +0000 UTC m=+102.049172996 bisecting cause commit starting from 443574b033876c85a35de4c65c14f7fe092222b2 building syzkaller on c8349e48534ea6d8f01515335d95de8ebf5da8df ensuring issue is reproducible on original commit 443574b033876c85a35de4c65c14f7fe092222b2 testing commit 443574b033876c85a35de4c65c14f7fe092222b2 gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: e4a1d6acbb524dbc9e285b9467dd7992765d783a14156a8053704f9a69375109 all runs: crashed: WARNING in stashed_dentry_prune representative crash: WARNING in stashed_dentry_prune, types: [WARNING] check whether we can drop unnecessary instrumentation disabling configs for [UBSAN KASAN LOCKDEP ATOMIC_SLEEP HANG LEAK], they are not needed testing commit 443574b033876c85a35de4c65c14f7fe092222b2 gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 5fda87a471b5db405eb2cfa9341411798ccac034033d63b0be8456fc26fe7830 all runs: crashed: WARNING in stashed_dentry_prune representative crash: WARNING in stashed_dentry_prune, types: [WARNING] the bug reproduces without the instrumentation disabling configs for [KASAN LOCKDEP ATOMIC_SLEEP HANG LEAK UBSAN], they are not needed kconfig minimization: base=3976 full=7972 leaves diff=2011 split chunks (needed=false): <2011> split chunk #0 of len 2011 into 5 parts testing without sub-chunk 1/5 disabling configs for [KASAN LOCKDEP ATOMIC_SLEEP HANG LEAK UBSAN], they are not needed testing commit 443574b033876c85a35de4c65c14f7fe092222b2 gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: ee860891dd6059af408aabd8a9e175ae0ad7944c982b2995f2919ea9f80ce4d6 all runs: crashed: WARNING in stashed_dentry_prune representative crash: WARNING in stashed_dentry_prune, types: [WARNING] the chunk can be dropped testing without sub-chunk 2/5 disabling configs for [ATOMIC_SLEEP HANG LEAK UBSAN KASAN LOCKDEP], they are not needed testing commit 443574b033876c85a35de4c65c14f7fe092222b2 gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 38ac32fb3d3f87c5664f952c91149050e9c87d84318970ab9d188dbaeac19763 all runs: crashed: WARNING in stashed_dentry_prune representative crash: WARNING in stashed_dentry_prune, types: [WARNING] the chunk can be dropped testing without sub-chunk 3/5 disabling configs for [HANG LEAK UBSAN KASAN LOCKDEP ATOMIC_SLEEP], they are not needed testing commit 443574b033876c85a35de4c65c14f7fe092222b2 gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: e28d7549fa100d5911a04b0df035c2f2c655f897bf85e32e7435af865ff4893a all runs: crashed: WARNING in stashed_dentry_prune representative crash: WARNING in stashed_dentry_prune, types: [WARNING] the chunk can be dropped testing without sub-chunk 4/5 disabling configs for [HANG LEAK UBSAN KASAN LOCKDEP ATOMIC_SLEEP], they are not needed testing commit 443574b033876c85a35de4c65c14f7fe092222b2 gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 9677da8f5619989781a11d3cba26458591143062233c528195eb8d104d372ff8 all runs: crashed: WARNING in stashed_dentry_prune representative crash: WARNING in stashed_dentry_prune, types: [WARNING] the chunk can be dropped testing without sub-chunk 5/5 disabling configs for [ATOMIC_SLEEP HANG LEAK UBSAN KASAN LOCKDEP], they are not needed testing commit 443574b033876c85a35de4c65c14f7fe092222b2 gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 1f560e0f6b2365156985af3995573002c8bbadf6bc85c857269f58aa695ed318 all runs: crashed: WARNING in stashed_dentry_prune representative crash: WARNING in stashed_dentry_prune, types: [WARNING] the chunk can be dropped disabling configs for [KASAN LOCKDEP ATOMIC_SLEEP HANG LEAK UBSAN], they are not needed picked [v6.8 v6.7 v6.6 v6.4 v6.2 v6.0 v5.18 v5.16 v5.13 v5.10 v5.7 v5.4 v5.1 v4.19] out of 31 release tags testing release v6.8 testing commit e8f897f4afef0031fe618a8e94127a0934896aba gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 762ba7aedc04e52409736d960228880d88c15c7fb6b1547d2844731d87347a42 all runs: OK false negative chance: 0.000 # git bisect start 443574b033876c85a35de4c65c14f7fe092222b2 e8f897f4afef0031fe618a8e94127a0934896aba Bisecting: 2622 revisions left to test after this (roughly 11 steps) [b32273ee89a866b01b316b9a8de407efde01090c] Merge tag 'execve-v6.9-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/kees/linux testing commit b32273ee89a866b01b316b9a8de407efde01090c gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: d5339eb4e19187481b5644a47bb8dba008d326a4da4d93e1ad1d7a5b30200611 all runs: crashed: WARNING in stashed_dentry_prune representative crash: WARNING in stashed_dentry_prune, types: [WARNING] # git bisect bad b32273ee89a866b01b316b9a8de407efde01090c Bisecting: 1276 revisions left to test after this (roughly 10 steps) [691632f0e86973604678d193ccfa47b9614581aa] Merge tag 's390-6.9-1' of git://git.kernel.org/pub/scm/linux/kernel/git/s390/linux testing commit 691632f0e86973604678d193ccfa47b9614581aa gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 484e037110f9ffe64ae9fa47f72bba76248481f06d4b09c9f1d1a7449cf366cf all runs: crashed: WARNING in stashed_dentry_prune representative crash: WARNING in stashed_dentry_prune, types: [WARNING] # git bisect bad 691632f0e86973604678d193ccfa47b9614581aa Bisecting: 687 revisions left to test after this (roughly 9 steps) [8ede842f669b6f78812349bbef4d1efd0fbdafce] Merge tag 'rust-6.9' of https://github.com/Rust-for-Linux/linux testing commit 8ede842f669b6f78812349bbef4d1efd0fbdafce gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 998c9c41d1b5f31982696edf4f4b106ad756ceade5e76110a147a56ee54c0ba2 all runs: crashed: WARNING in stashed_dentry_prune representative crash: WARNING in stashed_dentry_prune, types: [WARNING] # git bisect bad 8ede842f669b6f78812349bbef4d1efd0fbdafce Bisecting: 297 revisions left to test after this (roughly 8 steps) [d2c84bdce25a678c1e1f116d65b58790bd241af0] Merge tag 'for-6.9/io_uring-20240310' of git://git.kernel.dk/linux testing commit d2c84bdce25a678c1e1f116d65b58790bd241af0 gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 0e10c7c249453e9394fb6f5493342bbf3ef692199b4c03db0f53398af18f6637 all runs: crashed: WARNING in stashed_dentry_prune representative crash: WARNING in stashed_dentry_prune, types: [WARNING] # git bisect bad d2c84bdce25a678c1e1f116d65b58790bd241af0 Bisecting: 176 revisions left to test after this (roughly 8 steps) [54126fafea5249480f9962863cfd5ca2e7ba3150] Merge tag 'vfs-6.9.iomap' of git://git.kernel.org/pub/scm/linux/kernel/git/vfs/vfs testing commit 54126fafea5249480f9962863cfd5ca2e7ba3150 gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: dd4985807b7353356bbd966a32f3aed04528cce38dbd7420e3c96f9c86f47bea all runs: OK false negative chance: 0.000 # git bisect good 54126fafea5249480f9962863cfd5ca2e7ba3150 Bisecting: 99 revisions left to test after this (roughly 7 steps) [0c750012e8f30d26930ae13e815635258aee92b3] Merge tag 'vfs-6.9.file' of git://git.kernel.org/pub/scm/linux/kernel/git/vfs/vfs testing commit 0c750012e8f30d26930ae13e815635258aee92b3 gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 184926fc4ca307e3e864309091176dcfa65c33be7c30022318e658514e124432 all runs: crashed: WARNING in stashed_dentry_prune representative crash: WARNING in stashed_dentry_prune, types: [WARNING] # git bisect bad 0c750012e8f30d26930ae13e815635258aee92b3 Bisecting: 38 revisions left to test after this (roughly 5 steps) [a6bf23e18324d550f789637d469cca654c92fe86] gfs2: adapt to breakup of struct file_lock testing commit a6bf23e18324d550f789637d469cca654c92fe86 gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: bf82b9c3280c50869c8783724f69ad5654822afd628b4439a44cebcaec357900 all runs: OK false negative chance: 0.000 # git bisect good a6bf23e18324d550f789637d469cca654c92fe86 Bisecting: 19 revisions left to test after this (roughly 4 steps) [1fa08aece42512be072351f482096d5796edf7ca] nsfs: convert to path_from_stashed() helper testing commit 1fa08aece42512be072351f482096d5796edf7ca gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 4d46ac00be2f5ec500efc3cd08680c02cee6733ded851a73f9f2a5b491a99fc9 all runs: OK false negative chance: 0.000 # git bisect good 1fa08aece42512be072351f482096d5796edf7ca Bisecting: 9 revisions left to test after this (roughly 3 steps) [c4b3ffb508a0376643578365a4caacf681c5dc9e] Merge series 'filelock: split file leases out of struct file_lock' of https://lore.kernel.org/r/20240131-flsplit-v3-0-c6129007ee8d@kernel.org testing commit c4b3ffb508a0376643578365a4caacf681c5dc9e gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: d4f11124f66f10aae900c9a99f4d33e351f5a4540f28b1d8a8a3dd7f20cd2de1 all runs: OK false negative chance: 0.000 # git bisect good c4b3ffb508a0376643578365a4caacf681c5dc9e Bisecting: 4 revisions left to test after this (roughly 2 steps) [b5683a37c881e2e08065f1670086e281430ee19f] Merge tag 'vfs-6.9.pidfd' of git://git.kernel.org/pub/scm/linux/kernel/git/vfs/vfs testing commit b5683a37c881e2e08065f1670086e281430ee19f gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 28e474866cc32dd96799cab9103b6c90113b93d57aa877eac31a2f988f5edefc all runs: crashed: WARNING in stashed_dentry_prune representative crash: WARNING in stashed_dentry_prune, types: [WARNING] # git bisect bad b5683a37c881e2e08065f1670086e281430ee19f Bisecting: 2 revisions left to test after this (roughly 1 step) [159a0d9fd50b92cc48e4c82cde79c4cb34c85953] libfs: improve path_from_stashed() helper testing commit 159a0d9fd50b92cc48e4c82cde79c4cb34c85953 gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: bcc75819c58589ca9d02914c38d8e23adcb24a7c415ab70e2ccedc18be111df9 all runs: OK false negative chance: 0.000 # git bisect good 159a0d9fd50b92cc48e4c82cde79c4cb34c85953 Bisecting: 0 revisions left to test after this (roughly 1 step) [e9c5263ce16d96311c118111ac779f004be8b473] libfs: improve path_from_stashed() testing commit e9c5263ce16d96311c118111ac779f004be8b473 gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 27c2ad16a915ac5de982079e46c412e6588b018b73f94ac53a5c91d040ea9c0e all runs: crashed: WARNING in stashed_dentry_prune representative crash: WARNING in stashed_dentry_prune, types: [WARNING] # git bisect bad e9c5263ce16d96311c118111ac779f004be8b473 Bisecting: 0 revisions left to test after this (roughly 0 steps) [2558e3b23112adb82a558bab616890a790a38bc6] libfs: add stashed_dentry_prune() testing commit 2558e3b23112adb82a558bab616890a790a38bc6 gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 64c3d6c176acbd7eea68e5d03409e44c74c5cda202fbc913b588d4527079fc1a all runs: crashed: WARNING in stashed_dentry_prune representative crash: WARNING in stashed_dentry_prune, types: [WARNING] # git bisect bad 2558e3b23112adb82a558bab616890a790a38bc6 2558e3b23112adb82a558bab616890a790a38bc6 is the first bad commit commit 2558e3b23112adb82a558bab616890a790a38bc6 Author: Christian Brauner Date: Wed Feb 21 09:59:51 2024 +0100 libfs: add stashed_dentry_prune() Both pidfs and nsfs use a memory location to stash a dentry for reuse by concurrent openers. Right now two custom dentry->d_prune::{ns,pidfs}_prune_dentry() methods are needed that do the same thing. The only thing that differs is that they need to get to the memory location to store or retrieve the dentry from differently. Fix that by remember the stashing location for the dentry in dentry->d_fsdata which allows us to retrieve it in dentry->d_prune. That in turn makes it possible to add a common helper that pidfs and nsfs can both use. Link: https://lore.kernel.org/r/CAHk-=wg8cHY=i3m6RnXQ2Y2W8psicKWQEZq1=94ivUiviM-0OA@mail.gmail.com Signed-off-by: Christian Brauner fs/internal.h | 1 + fs/libfs.c | 29 +++++++++++++++++++++++++++-- fs/nsfs.c | 16 ++-------------- fs/pidfs.c | 13 +------------ 4 files changed, 31 insertions(+), 28 deletions(-) accumulated error probability: 0.00 culprit signature: 64c3d6c176acbd7eea68e5d03409e44c74c5cda202fbc913b588d4527079fc1a parent signature: bcc75819c58589ca9d02914c38d8e23adcb24a7c415ab70e2ccedc18be111df9 revisions tested: 21, total time: 5h7m28.849893387s (build: 2h36m53.62908205s, test: 2h2m45.105463794s) first bad commit: 2558e3b23112adb82a558bab616890a790a38bc6 libfs: add stashed_dentry_prune() recipients (to): ["brauner@kernel.org" "linux-kernel@vger.kernel.org"] recipients (cc): ["brauner@kernel.org" "jack@suse.cz" "linux-fsdevel@vger.kernel.org" "viro@zeniv.linux.org.uk"] crash: WARNING in stashed_dentry_prune R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000002 R13: 0000000000000006 R14: 00007f61fa5f4f80 R15: 00007ffc4e26bf58 ------------[ cut here ]------------ WARNING: CPU: 1 PID: 1866 at fs/libfs.c:2110 stashed_dentry_prune+0x27/0x30 fs/libfs.c:2110 Modules linked in: CPU: 1 PID: 1866 Comm: syz-executor.0 Not tainted 6.8.0-rc1-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/02/2024 RIP: 0010:stashed_dentry_prune+0x27/0x30 fs/libfs.c:2110 Code: 90 90 90 f3 0f 1e fa 48 8b 8f f8 00 00 00 48 85 c9 74 16 48 83 7f 68 00 74 0a 31 d2 48 89 f8 f0 48 0f b1 11 c3 cc cc cc cc 90 <0f> 0b 90 c3 cc cc cc cc 90 90 90 90 90 90 90 90 90 90 90 90 90 90 RSP: 0018:ffffc90000e67ad8 EFLAGS: 00010246 RAX: ffffffff8201f180 RBX: ffff8881106b7af8 RCX: 0000000000000000 RDX: f002853324f3be8d RSI: ffffffff823da128 RDI: ffff8881106b7af8 RBP: ffff8881006f24a0 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: ffffffff813497d0 R12: fffffffffffffff4 R13: ffffffff81349586 R14: ffff8881106b7b90 R15: ffffc90000e67bb0 FS: 00007f61fa0486c0(0000) GS:ffff888237d00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007f61fa047ff8 CR3: 0000000106f78000 CR4: 00000000003506f0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: __dentry_kill+0x2f/0x200 fs/dcache.c:594 dput+0x75/0xe0 fs/dcache.c:845 prepare_anon_dentry fs/libfs.c:2007 [inline] path_from_stashed+0x1bb/0x280 fs/libfs.c:2088 ns_get_path_cb fs/nsfs.c:59 [inline] ns_get_path+0x40/0x80 fs/nsfs.c:88 proc_ns_get_link+0x74/0x130 fs/proc/namespaces.c:61 pick_link+0x1d7/0x3a0 step_into+0x2d9/0x320 fs/namei.c:1871 open_last_lookups fs/namei.c:3588 [inline] path_openat+0x841/0xd60 fs/namei.c:3795 do_filp_open+0xac/0x150 fs/namei.c:3825 do_sys_openat2+0x7e/0xe0 fs/open.c:1404 do_sys_open fs/open.c:1419 [inline] __do_sys_openat fs/open.c:1435 [inline] __se_sys_openat fs/open.c:1430 [inline] __x64_sys_openat+0x7c/0xa0 fs/open.c:1430 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0xe6/0x200 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x6f/0x77 RIP: 0033:0x7f61fa4c5a60 Code: 48 89 44 24 20 75 93 44 89 54 24 0c e8 09 82 02 00 44 8b 54 24 0c 89 da 48 89 ee 41 89 c0 bf 9c ff ff ff b8 01 01 00 00 0f 05 <48> 3d 00 f0 ff ff 77 38 44 89 c7 89 44 24 0c e8 5c 82 02 00 8b 44 RSP: 002b:00007f61fa047fa0 EFLAGS: 00000293 ORIG_RAX: 0000000000000101 RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007f61fa4c5a60 RDX: 0000000000000002 RSI: 00007f61fa048030 RDI: 00000000ffffff9c RBP: 00007f61fa048030 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000002 R13: 0000000000000006 R14: 00007f61fa5f4f80 R15: 00007ffc4e26bf58