bisecting cause commit starting from c6dd78fcb8eefa15dd861889e0f59d301cb5230c building syzkaller on de453f342be9edcca7de5a41e153ced8ad7f1a70 testing commit c6dd78fcb8eefa15dd861889e0f59d301cb5230c with gcc (GCC) 8.1.0 all runs: crashed: WARNING in ovl_real_fdget_meta testing release v5.2 testing commit 0ecfebd2b52404ae0c54a878c872bb93363ada36 with gcc (GCC) 8.1.0 run #0: basic kernel testing failed: failed to copy test binary to VM: failed to run ["scp" "-P" "22" "-F" "/dev/null" "-o" "UserKnownHostsFile=/dev/null" "-o" "BatchMode=yes" "-o" "IdentitiesOnly=yes" "-o" "StrictHostKeyChecking=no" "-o" "ConnectTimeout=10" "-i" "/syzkaller/jobs/linux/workdir/image/key" "/tmp/syz-executor082713175" "root@10.128.10.51:./syz-executor082713175"]: exit status 1 ssh: connect to host 10.128.10.51 port 22: Connection timed out lost connection run #1: OK run #2: OK run #3: OK run #4: OK run #5: OK run #6: OK run #7: OK run #8: OK run #9: OK # git bisect start c6dd78fcb8eefa15dd861889e0f59d301cb5230c v5.2 Bisecting: 6613 revisions left to test after this (roughly 13 steps) [e786741ff1b52769b044b7f4407f39cd13ee5d2d] Merge tag 'staging-5.3-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/staging testing commit e786741ff1b52769b044b7f4407f39cd13ee5d2d with gcc (GCC) 8.1.0 all runs: crashed: WARNING in ovl_real_fdget_meta # git bisect bad e786741ff1b52769b044b7f4407f39cd13ee5d2d Bisecting: 3396 revisions left to test after this (roughly 12 steps) [8f6ccf6159aed1f04c6d179f61f6fb2691261e84] Merge tag 'clone3-v5.3' of git://git.kernel.org/pub/scm/linux/kernel/git/brauner/linux testing commit 8f6ccf6159aed1f04c6d179f61f6fb2691261e84 with gcc (GCC) 8.1.0 all runs: crashed: WARNING in ovl_real_fdget_meta # git bisect bad 8f6ccf6159aed1f04c6d179f61f6fb2691261e84 Bisecting: 1595 revisions left to test after this (roughly 11 steps) [ed63b9c873601ca113da5c7b1745e3946493e9f3] Merge tag 'media/v5.3-1' of git://git.kernel.org/pub/scm/linux/kernel/git/mchehab/linux-media testing commit ed63b9c873601ca113da5c7b1745e3946493e9f3 with gcc (GCC) 8.1.0 all runs: OK # git bisect good ed63b9c873601ca113da5c7b1745e3946493e9f3 Bisecting: 798 revisions left to test after this (roughly 10 steps) [4b4704520d97b74e045154fc3b844b73ae4e7ebd] Merge tag 'acpi-5.3-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/rafael/linux-pm testing commit 4b4704520d97b74e045154fc3b844b73ae4e7ebd with gcc (GCC) 8.1.0 all runs: OK # git bisect good 4b4704520d97b74e045154fc3b844b73ae4e7ebd Bisecting: 345 revisions left to test after this (roughly 9 steps) [608745f12462e2d8d94d5cc5dc94bf0960a881e3] Merge branch 'perf-core-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip testing commit 608745f12462e2d8d94d5cc5dc94bf0960a881e3 with gcc (GCC) 8.1.0 all runs: OK # git bisect good 608745f12462e2d8d94d5cc5dc94bf0960a881e3 Bisecting: 175 revisions left to test after this (roughly 8 steps) [988052f47adc5c3b0b004180b59bb3761d91b752] Merge tag 'locks-v5.3-1' of git://git.kernel.org/pub/scm/linux/kernel/git/jlayton/linux testing commit 988052f47adc5c3b0b004180b59bb3761d91b752 with gcc (GCC) 8.1.0 all runs: crashed: WARNING in ovl_real_fdget_meta # git bisect bad 988052f47adc5c3b0b004180b59bb3761d91b752 Bisecting: 84 revisions left to test after this (roughly 6 steps) [329f00415a424063c23f75ff77f7d9c67916324d] docs: ptp.txt: convert to ReST and move to driver-api testing commit 329f00415a424063c23f75ff77f7d9c67916324d with gcc (GCC) 8.1.0 all runs: OK # git bisect good 329f00415a424063c23f75ff77f7d9c67916324d Bisecting: 42 revisions left to test after this (roughly 5 steps) [9159ba14285c5432063a0ad83e50afb95674d9b1] Doc : doc-guide : Fix a typo testing commit 9159ba14285c5432063a0ad83e50afb95674d9b1 with gcc (GCC) 8.1.0 all runs: OK # git bisect good 9159ba14285c5432063a0ad83e50afb95674d9b1 Bisecting: 23 revisions left to test after this (roughly 5 steps) [565eb5f8c5d379b6a6a3134c76b2fcfecdd007d3] Merge branch 'x86-kdump-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip testing commit 565eb5f8c5d379b6a6a3134c76b2fcfecdd007d3 with gcc (GCC) 8.1.0 run #0: basic kernel testing failed: failed to copy test binary to VM: failed to run ["scp" "-P" "22" "-F" "/dev/null" "-o" "UserKnownHostsFile=/dev/null" "-o" "BatchMode=yes" "-o" "IdentitiesOnly=yes" "-o" "StrictHostKeyChecking=no" "-o" "ConnectTimeout=10" "-i" "/syzkaller/jobs/linux/workdir/image/key" "/tmp/syz-executor789499358" "root@10.128.1.48:./syz-executor789499358"]: exit status 1 ssh: connect to host 10.128.1.48 port 22: Connection timed out lost connection run #1: OK run #2: OK run #3: OK run #4: OK run #5: OK run #6: OK run #7: OK run #8: OK run #9: OK # git bisect good 565eb5f8c5d379b6a6a3134c76b2fcfecdd007d3 Bisecting: 12 revisions left to test after this (roughly 4 steps) [9d22167f34305280c5dd57a74c21651da3c23015] Merge branch 'next-lsm' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security testing commit 9d22167f34305280c5dd57a74c21651da3c23015 with gcc (GCC) 8.1.0 all runs: OK # git bisect good 9d22167f34305280c5dd57a74c21651da3c23015 Bisecting: 7 revisions left to test after this (roughly 3 steps) [454f96f2b738374da4b0a703b1e2e7aed82c4486] docs: automarkup.py: ignore exceptions when seeking for xrefs testing commit 454f96f2b738374da4b0a703b1e2e7aed82c4486 with gcc (GCC) 8.1.0 all runs: OK # git bisect good 454f96f2b738374da4b0a703b1e2e7aed82c4486 Bisecting: 3 revisions left to test after this (roughly 2 steps) [e9a83bd2322035ed9d7dcf35753d3f984d76c6a5] Merge tag 'docs-5.3' of git://git.lwn.net/linux testing commit e9a83bd2322035ed9d7dcf35753d3f984d76c6a5 with gcc (GCC) 8.1.0 all runs: OK # git bisect good e9a83bd2322035ed9d7dcf35753d3f984d76c6a5 Bisecting: 1 revision left to test after this (roughly 1 step) [387e3746d01c34457d6a73688acd90428725070b] locks: eliminate false positive conflicts for write lease testing commit 387e3746d01c34457d6a73688acd90428725070b with gcc (GCC) 8.1.0 all runs: crashed: WARNING in ovl_real_fdget_meta # git bisect bad 387e3746d01c34457d6a73688acd90428725070b Bisecting: 0 revisions left to test after this (roughly 0 steps) [d51f527f44f96276a94c191bc160de051f64aeea] locks: Add trace_leases_conflict testing commit d51f527f44f96276a94c191bc160de051f64aeea with gcc (GCC) 8.1.0 all runs: OK # git bisect good d51f527f44f96276a94c191bc160de051f64aeea 387e3746d01c34457d6a73688acd90428725070b is the first bad commit commit 387e3746d01c34457d6a73688acd90428725070b Author: Amir Goldstein Date: Fri Jun 7 17:24:38 2019 +0300 locks: eliminate false positive conflicts for write lease check_conflicting_open() is checking for existing fd's open for read or for write before allowing to take a write lease. The check that was implemented using i_count and d_count is an approximation that has several false positives. For example, overlayfs since v4.19, takes an extra reference on the dentry; An open with O_PATH takes a reference on the dentry although the file cannot be read nor written. Change the implementation to use i_readcount and i_writecount to eliminate the false positive conflicts and allow a write lease to be taken on an overlayfs file. The change of behavior with existing fd's open with O_PATH is symmetric w.r.t. current behavior of lease breakers - an open with O_PATH currently does not break a write lease. This increases the size of struct inode by 4 bytes on 32bit archs when CONFIG_FILE_LOCKING is defined and CONFIG_IMA was not already defined. Signed-off-by: Amir Goldstein Signed-off-by: Jeff Layton :040000 040000 35b98bfc0d5c295bca8d88eb98704d4fb7357ff8 de948d323ecda23eb736bff0f581a319f3739c5c M fs :040000 040000 663322cf33685bdf709a4304aa948ba831a16b39 746abb73226e8a248335e58d2a99830abc2d1a9f M include revisions tested: 16, total time: 4h1m24.345721764s (build: 1h31m19.791272562s, test: 2h25m3.040358633s) first bad commit: 387e3746d01c34457d6a73688acd90428725070b locks: eliminate false positive conflicts for write lease cc: ["amir73il@gmail.com" "bfields@fieldses.org" "jlayton@kernel.org" "linux-fsdevel@vger.kernel.org" "linux-kernel@vger.kernel.org" "viro@zeniv.linux.org.uk"] crash: WARNING in ovl_real_fdget_meta WARNING: CPU: 1 PID: 7313 at fs/overlayfs/file.c:58 ovl_real_fdget_meta+0x3ce/0x480 fs/overlayfs/file.c:101 Kernel panic - not syncing: panic_on_warn set ... CPU: 1 PID: 7313 Comm: syz-executor.3 Not tainted 5.2.0-rc5+ #1 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:77 [inline] dump_stack+0x115/0x167 lib/dump_stack.c:113 panic+0x212/0x4cb kernel/panic.c:219 __warn.cold.8+0x1b/0x38 kernel/panic.c:576 report_bug+0x1a4/0x200 lib/bug.c:186 fixup_bug arch/x86/kernel/traps.c:179 [inline] do_error_trap+0x11b/0x200 arch/x86/kernel/traps.c:272 do_invalid_op+0x36/0x40 arch/x86/kernel/traps.c:291 invalid_op+0x14/0x20 arch/x86/entry/entry_64.S:986 RIP: 0010:ovl_change_flags fs/overlayfs/file.c:58 [inline] RIP: 0010:ovl_real_fdget_meta+0x3ce/0x480 fs/overlayfs/file.c:109 Code: 5a 61 ff e9 84 fd ff ff 4c 89 f7 e8 bc 5a 61 ff e9 a1 fd ff ff 4c 89 f7 48 89 45 d0 e8 4b 5b 61 ff 48 8b 45 d0 e9 79 ff ff ff <0f> 0b b8 fb ff ff ff e9 93 fd ff ff 48 89 df 48 89 45 d0 e8 aa 5a RSP: 0018:ffff88808cbafdc0 EFLAGS: 00010206 RAX: 0000000004048000 RBX: ffff88808cbafe48 RCX: 1ffff1100f3c6f0c RDX: 0000000000002000 RSI: ffff88808cbafe48 RDI: ffff888079e37b38 RBP: ffff88808cbafdf0 R08: ffffed100f3c6f69 R09: ffffed100f3c6f68 R10: ffff88808cbafe88 R11: ffff888079e37b47 R12: 000000000000a000 R13: ffff888079e37840 R14: ffff888079e378b8 R15: ffff888091c058c0 ovl_real_fdget fs/overlayfs/file.c:116 [inline] ovl_llseek+0xbf/0x360 fs/overlayfs/file.c:166 vfs_llseek fs/read_write.c:300 [inline] ksys_lseek+0xc8/0x150 fs/read_write.c:313 __do_sys_lseek fs/read_write.c:324 [inline] __se_sys_lseek fs/read_write.c:322 [inline] __x64_sys_lseek+0x6e/0xb0 fs/read_write.c:322 do_syscall_64+0xd0/0x530 arch/x86/entry/common.c:301 entry_SYSCALL_64_after_hwframe+0x49/0xbe RIP: 0033:0x459829 Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 RSP: 002b:00007f80bdf10c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000008 RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000459829 RDX: 0000000000000000 RSI: 0000000000000004 RDI: 0000000000000003 RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 00007f80bdf116d4 R13: 00000000004c5a8b R14: 00000000004da0c0 R15: 00000000ffffffff Kernel Offset: disabled Rebooting in 86400 seconds..