bisecting cause commit starting from 963172d9c7e862654d3d24cbcafb33f33ae697a8 building syzkaller on 442206d76b974cca2d83ec763d4cf5ee829eb7d6 testing commit 963172d9c7e862654d3d24cbcafb33f33ae697a8 with gcc (GCC) 8.1.0 all runs: crashed: WARNING in fanotify_handle_event testing release v5.1 testing commit e93c9c99a629c61837d5a7fc2120cd2b6c70dbdd with gcc (GCC) 8.1.0 all runs: crashed: WARNING in fanotify_handle_event testing release v5.0 testing commit 1c163f4c7b3f621efff9b28a47abb36f7378d783 with gcc (GCC) 8.1.0 all runs: OK # git bisect start v5.1 v5.0 Bisecting: 7074 revisions left to test after this (roughly 13 steps) [b5dd0c658c31b469ccff1b637e5124851e7a4a1c] Merge branch 'akpm' (patches from Andrew) testing commit b5dd0c658c31b469ccff1b637e5124851e7a4a1c with gcc (GCC) 8.1.0 all runs: crashed: WARNING in fanotify_handle_event # git bisect bad b5dd0c658c31b469ccff1b637e5124851e7a4a1c Bisecting: 3569 revisions left to test after this (roughly 12 steps) [3478588b5136966c80c571cf0006f08e9e5b8f04] Merge branch 'locking-core-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip testing commit 3478588b5136966c80c571cf0006f08e9e5b8f04 with gcc (GCC) 8.1.0 all runs: OK # git bisect good 3478588b5136966c80c571cf0006f08e9e5b8f04 Bisecting: 1580 revisions left to test after this (roughly 11 steps) [da2577fe63f865cd9dc785a42c29c0071f567a35] Merge tag 'sound-5.1-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/tiwai/sound testing commit da2577fe63f865cd9dc785a42c29c0071f567a35 with gcc (GCC) 8.1.0 all runs: OK # git bisect good da2577fe63f865cd9dc785a42c29c0071f567a35 Bisecting: 860 revisions left to test after this (roughly 10 steps) [67e79a6dc2664a3ef85113440e60f7aaca3c7815] Merge tag 'tty-5.1-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/tty testing commit 67e79a6dc2664a3ef85113440e60f7aaca3c7815 with gcc (GCC) 8.1.0 all runs: OK # git bisect good 67e79a6dc2664a3ef85113440e60f7aaca3c7815 Bisecting: 462 revisions left to test after this (roughly 9 steps) [1fc1cd8399ab5541a488a7e47b2f21537dd76c2d] Merge branch 'for-5.1' of git://git.kernel.org/pub/scm/linux/kernel/git/tj/cgroup testing commit 1fc1cd8399ab5541a488a7e47b2f21537dd76c2d with gcc (GCC) 8.1.0 all runs: crashed: WARNING in fanotify_handle_event # git bisect bad 1fc1cd8399ab5541a488a7e47b2f21537dd76c2d Bisecting: 206 revisions left to test after this (roughly 8 steps) [a9913f23f39f4aa74956587a03e78b758a10c314] Merge tag 'fs_for_v5.1-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/jack/linux-fs testing commit a9913f23f39f4aa74956587a03e78b758a10c314 with gcc (GCC) 8.1.0 all runs: OK # git bisect good a9913f23f39f4aa74956587a03e78b758a10c314 Bisecting: 114 revisions left to test after this (roughly 7 steps) [f65e25e343cfc0e6f4db9a687c4085fad268325d] btrfs: Remove unnecessary casts in btrfs_read_root_item testing commit f65e25e343cfc0e6f4db9a687c4085fad268325d with gcc (GCC) 8.1.0 all runs: OK # git bisect good f65e25e343cfc0e6f4db9a687c4085fad268325d Bisecting: 57 revisions left to test after this (roughly 6 steps) [16be1433737ee46f88da57d47f594c4fc1376538] xfs: make xfs_bmbt_to_iomap more useful testing commit 16be1433737ee46f88da57d47f594c4fc1376538 with gcc (GCC) 8.1.0 all runs: OK # git bisect good 16be1433737ee46f88da57d47f594c4fc1376538 Bisecting: 30 revisions left to test after this (roughly 5 steps) [b1e243957e9b3ba8e820fb8583bdf18e7c737aa2] Merge tag 'for-5.1-part1-tag' of git://git.kernel.org/pub/scm/linux/kernel/git/kdave/linux testing commit b1e243957e9b3ba8e820fb8583bdf18e7c737aa2 with gcc (GCC) 8.1.0 all runs: crashed: WARNING in fanotify_handle_event # git bisect bad b1e243957e9b3ba8e820fb8583bdf18e7c737aa2 Bisecting: 13 revisions left to test after this (roughly 4 steps) [0a20df7ed3349dfa3260ddee2efa919df44d0ad5] fsnotify: report FS_ISDIR flag with MOVE_SELF and DELETE_SELF events testing commit 0a20df7ed3349dfa3260ddee2efa919df44d0ad5 with gcc (GCC) 8.1.0 all runs: crashed: WARNING in fanotify_handle_event # git bisect bad 0a20df7ed3349dfa3260ddee2efa919df44d0ad5 Bisecting: 6 revisions left to test after this (roughly 3 steps) [bb2f7b4542c7a1d023d516af37dc70bb49db0438] fanotify: open code fill_event_metadata() testing commit bb2f7b4542c7a1d023d516af37dc70bb49db0438 with gcc (GCC) 8.1.0 all runs: OK # git bisect good bb2f7b4542c7a1d023d516af37dc70bb49db0438 Bisecting: 3 revisions left to test after this (roughly 2 steps) [a8b13aa20afb69161b5123b4f1acc7ea0a03d360] fanotify: enable FAN_REPORT_FID init flag testing commit a8b13aa20afb69161b5123b4f1acc7ea0a03d360 with gcc (GCC) 8.1.0 all runs: OK # git bisect good a8b13aa20afb69161b5123b4f1acc7ea0a03d360 Bisecting: 1 revision left to test after this (roughly 1 step) [ec86ff5689ff9605e2d57e016098764ad9a2fee5] vfs: add vfs_get_fsid() helper testing commit ec86ff5689ff9605e2d57e016098764ad9a2fee5 with gcc (GCC) 8.1.0 all runs: crashed: WARNING in fanotify_handle_event # git bisect bad ec86ff5689ff9605e2d57e016098764ad9a2fee5 Bisecting: 0 revisions left to test after this (roughly 0 steps) [77115225acc67d9ac4b15f04dd138006b9cd1ef2] fanotify: cache fsid in fsnotify_mark_connector testing commit 77115225acc67d9ac4b15f04dd138006b9cd1ef2 with gcc (GCC) 8.1.0 all runs: crashed: WARNING in fanotify_handle_event # git bisect bad 77115225acc67d9ac4b15f04dd138006b9cd1ef2 77115225acc67d9ac4b15f04dd138006b9cd1ef2 is the first bad commit commit 77115225acc67d9ac4b15f04dd138006b9cd1ef2 Author: Amir Goldstein Date: Thu Jan 10 19:04:37 2019 +0200 fanotify: cache fsid in fsnotify_mark_connector For FAN_REPORT_FID, we need to encode fid with fsid of the filesystem on every event. To avoid having to call vfs_statfs() on every event to get fsid, we store the fsid in fsnotify_mark_connector on the first time we add a mark and on handle event we use the cached fsid. Subsequent calls to add mark on the same object are expected to pass the same fsid, so the call will fail on cached fsid mismatch. If an event is reported on several mark types (inode, mount, filesystem), all connectors should already have the same fsid, so we use the cached fsid from the first connector. [JK: Simplify code flow around fanotify_get_fid() make fsid argument of fsnotify_add_mark_locked() unconditional] Suggested-by: Jan Kara Signed-off-by: Amir Goldstein Signed-off-by: Jan Kara :040000 040000 ffd3c8f7b5f56f7bbec6a2792e4e86309f10e9a1 c0597adb3fc5b5a8a645f76a04756efb492ac487 M fs :040000 040000 2bdc3ecc082331f5fb8e1e552c60e25274340ecf 0da8d9128b922867c09e7779c12fdb2224c0748e M include revisions tested: 17, total time: 4h6m42.021352411s (build: 1h31m48.680731944s, test: 2h30m20.205938828s) first bad commit: 77115225acc67d9ac4b15f04dd138006b9cd1ef2 fanotify: cache fsid in fsnotify_mark_connector cc: ["amir73il@gmail.com" "jack@suse.cz" "linux-fsdevel@vger.kernel.org" "linux-kernel@vger.kernel.org"] crash: WARNING in fanotify_handle_event IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready bridge0: port 2(bridge_slave_1) entered blocking state bridge0: port 2(bridge_slave_1) entered forwarding state IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready WARNING: CPU: 1 PID: 7302 at fs/notify/fanotify/fanotify.c:274 fanotify_handle_event+0x564/0xb27 fs/notify/fanotify/fanotify.c:325 Kernel panic - not syncing: panic_on_warn set ... CPU: 1 PID: 7302 Comm: rs:main Q:Reg Not tainted 5.0.0-rc4+ #1 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:77 [inline] dump_stack+0x113/0x167 lib/dump_stack.c:113 panic+0x212/0x40b kernel/panic.c:214 __warn.cold.8+0x1b/0x38 kernel/panic.c:571 report_bug+0x1a4/0x200 lib/bug.c:186 fixup_bug arch/x86/kernel/traps.c:178 [inline] do_error_trap+0x11b/0x200 arch/x86/kernel/traps.c:271 do_invalid_op+0x36/0x40 arch/x86/kernel/traps.c:290 invalid_op+0x14/0x20 arch/x86/entry/entry_64.S:973 RIP: 0010:fanotify_get_fsid fs/notify/fanotify/fanotify.c:274 [inline] RIP: 0010:fanotify_handle_event+0x564/0xb27 fs/notify/fanotify/fanotify.c:325 Code: 0f b6 0c 29 45 84 c9 74 0a 41 80 f9 03 0f 8e 4e 04 00 00 41 8b 7e 40 41 89 c2 41 09 fa 74 0b 89 45 98 89 7d 9c e9 09 fd ff ff <0f> 0b 41 83 c7 01 49 83 c0 08 41 83 ff 03 0f 85 52 ff ff ff 31 ff RSP: 0018:ffff888082967b80 EFLAGS: 00010246 RAX: 0000000000000000 RBX: 0000000000000002 RCX: ffff888096834850 RDX: 0000000000000004 RSI: ffff88807c142830 RDI: 0000000000000000 RBP: ffff888082967cc0 R08: ffff888082967d78 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000400000 R12: 0000000000000000 R13: dffffc0000000000 R14: ffff88808215cd98 R15: 0000000000000002 send_to_group fs/notify/fsnotify.c:243 [inline] fsnotify+0x537/0xab0 fs/notify/fsnotify.c:381 fsnotify_path include/linux/fsnotify.h:54 [inline] fsnotify_modify include/linux/fsnotify.h:247 [inline] vfs_write+0x38c/0x4e0 fs/read_write.c:551 ksys_write+0xcd/0x1b0 fs/read_write.c:598 __do_sys_write fs/read_write.c:610 [inline] __se_sys_write fs/read_write.c:607 [inline] __x64_sys_write+0x6e/0xb0 fs/read_write.c:607 do_syscall_64+0xd0/0x4d0 arch/x86/entry/common.c:290 entry_SYSCALL_64_after_hwframe+0x49/0xbe RIP: 0033:0x7f5e5b8b319d Code: d1 20 00 00 75 10 b8 01 00 00 00 0f 05 48 3d 01 f0 ff ff 73 31 c3 48 83 ec 08 e8 be fa ff ff 48 89 04 24 b8 01 00 00 00 0f 05 <48> 8b 3c 24 48 89 c2 e8 07 fb ff ff 48 89 d0 48 83 c4 08 48 3d 01 RSP: 002b:00007f5e59e54000 EFLAGS: 00000293 ORIG_RAX: 0000000000000001 RAX: ffffffffffffffda RBX: 00000000000000e4 RCX: 00007f5e5b8b319d RDX: 00000000000000e4 RSI: 00000000014d7a90 RDI: 0000000000000005 RBP: 00000000014d7a90 R08: 31203731206e754a R09: 2030343a30333a31 R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 R13: 00007f5e59e54480 R14: 0000000000000002 R15: 00000000014d7890 Kernel Offset: disabled Rebooting in 86400 seconds..