ci2 starts bisection 2023-10-29 07:20:53.123541253 +0000 UTC m=+149508.799159869 bisecting fixing commit since c2611a04b92f0e6a38f718c50605300a325b7c7b building syzkaller on d216d8a03b50bef82eac746d227230835f061640 ensuring issue is reproducible on original commit c2611a04b92f0e6a38f718c50605300a325b7c7b testing commit c2611a04b92f0e6a38f718c50605300a325b7c7b gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: bc6b8505346505f97fa5edd6bcdd825ad1c97ce0c841a1242b78d90f6c4d62fb all runs: crashed: KASAN: null-ptr-deref Write in backing_data_changed representative crash: KASAN: null-ptr-deref Write in backing_data_changed, types: [KASAN] check whether we can drop unnecessary instrumentation disabling configs for [ATOMIC_SLEEP HANG LEAK UBSAN BUG LOCKDEP], they are not needed testing commit c2611a04b92f0e6a38f718c50605300a325b7c7b gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 95ea381153eaf5451cf66f6783f6234577e08f015bb6bba45dfa77b03cf2c8b9 all runs: crashed: KASAN: null-ptr-deref Write in backing_data_changed representative crash: KASAN: null-ptr-deref Write in backing_data_changed, types: [KASAN] the bug reproduces without the instrumentation disabling configs for [LOCKDEP ATOMIC_SLEEP HANG LEAK UBSAN BUG], they are not needed kconfig minimization: base=5179 full=6487 leaves diff=250 split chunks (needed=false): <250> split chunk #0 of len 250 into 5 parts testing without sub-chunk 1/5 disabling configs for [UBSAN BUG LOCKDEP ATOMIC_SLEEP HANG LEAK], they are not needed testing commit c2611a04b92f0e6a38f718c50605300a325b7c7b gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: e9be662616b3c4388c7732cead9e2d23b8129783cee9c27d22c8b9ce4685b32d all runs: crashed: KASAN: null-ptr-deref Write in backing_data_changed representative crash: KASAN: null-ptr-deref Write in backing_data_changed, types: [KASAN] the chunk can be dropped testing without sub-chunk 2/5 disabling configs for [UBSAN BUG LOCKDEP ATOMIC_SLEEP HANG LEAK], they are not needed testing commit c2611a04b92f0e6a38f718c50605300a325b7c7b gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 8df3255dcffee03a6d5533d987257241a5c9b3b1b8ea95a9ae39f2690bbba4b8 all runs: crashed: KASAN: null-ptr-deref Write in backing_data_changed representative crash: KASAN: null-ptr-deref Write in backing_data_changed, types: [KASAN] the chunk can be dropped testing without sub-chunk 3/5 disabling configs for [LOCKDEP ATOMIC_SLEEP HANG LEAK UBSAN BUG], they are not needed testing commit c2611a04b92f0e6a38f718c50605300a325b7c7b gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: eecb5a7ea872194d745cf5fb50576148e48e2fd176ad3d48e9bc7609bbd22c28 all runs: crashed: KASAN: null-ptr-deref Write in backing_data_changed representative crash: KASAN: null-ptr-deref Write in backing_data_changed, types: [KASAN] the chunk can be dropped testing without sub-chunk 4/5 disabling configs for [LOCKDEP ATOMIC_SLEEP HANG LEAK UBSAN BUG], they are not needed testing commit c2611a04b92f0e6a38f718c50605300a325b7c7b gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 5104c84fc393b82b6f6ea947cf0fe539fbec7c6c55cb29bee5310ab070eb7a84 all runs: crashed: KASAN: null-ptr-deref Write in backing_data_changed representative crash: KASAN: null-ptr-deref Write in backing_data_changed, types: [KASAN] the chunk can be dropped testing without sub-chunk 5/5 disabling configs for [LOCKDEP ATOMIC_SLEEP HANG LEAK UBSAN BUG], they are not needed testing commit c2611a04b92f0e6a38f718c50605300a325b7c7b gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 failed building c2611a04b92f0e6a38f718c50605300a325b7c7b: net/socket.c:1225: undefined reference to `wext_handle_ioctl' net/socket.c:3420: undefined reference to `compat_wext_handle_ioctl' net/core/net-procfs.c:329: undefined reference to `wext_proc_init' net/core/net-procfs.c:345: undefined reference to `wext_proc_exit' minimized to 50 configs; suspects: [HID_ZEROPLUS USB_NET_CDC_MBIM USB_NET_CDC_SUBSET USB_NET_CDC_SUBSET_ENABLE USB_NET_DM9601 USB_NET_GL620A USB_NET_MCS7830 USB_NET_NET1080 USB_NET_PLUSB USB_NET_RNDIS_HOST USB_NET_SMSC75XX USB_NET_SMSC95XX USB_NET_SR9700 USB_NET_SR9800 USB_NET_ZAURUS USB_OHCI_HCD USB_OHCI_HCD_PCI USB_OHCI_HCD_PLATFORM USB_OTG USB_OTG_FSM USB_PRINTER USB_SERIAL_GENERIC USB_SERIAL_PL2303 USB_STORAGE_ALAUDA USB_STORAGE_CYPRESS_ATACB USB_STORAGE_DATAFAB USB_STORAGE_FREECOM USB_STORAGE_ISD200 USB_STORAGE_JUMPSHOT USB_STORAGE_KARMA USB_STORAGE_ONETOUCH USB_STORAGE_SDDR09 USB_STORAGE_SDDR55 USB_STORAGE_USBAT USB_TRANCEVIBRATOR USB_U_AUDIO USB_U_ETHER USB_U_SERIAL USB_WDM WLAN WLAN_VENDOR_ATH WLAN_VENDOR_ATMEL WLAN_VENDOR_BROADCOM WLAN_VENDOR_INTERSIL WLAN_VENDOR_MARVELL WLAN_VENDOR_MEDIATEK WLAN_VENDOR_MICROCHIP WLAN_VENDOR_PURELIFI WLAN_VENDOR_RALINK WLAN_VENDOR_REALTEK WLAN_VENDOR_RSI WLAN_VENDOR_SILABS WLAN_VENDOR_ZYDAS X86_X32_ABI ZEROPLUS_FF] disabling configs for [LOCKDEP ATOMIC_SLEEP HANG LEAK UBSAN BUG], they are not needed testing current HEAD 5418491fa533316d91f14193f7cde2845982ebe2 testing commit 5418491fa533316d91f14193f7cde2845982ebe2 gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 0174464d49f43efc02b954a7bc5c6bf49c95095e2950c334df911c2888ef396c all runs: OK false negative chance: 0.000 # git bisect start 5418491fa533316d91f14193f7cde2845982ebe2 c2611a04b92f0e6a38f718c50605300a325b7c7b Bisecting: 1818 revisions left to test after this (roughly 11 steps) [b4a3cae58cd86371293a6e504c4a10a31ea51ae2] iavf: remove mask from iavf_irq_enable_queues() determine whether the revision contains the guilty commit checking the merge base b1644a0031cfb3ca2cbd84c92f771f8ebb62302d no existing result, test the revision testing commit b1644a0031cfb3ca2cbd84c92f771f8ebb62302d gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 113cb2da7031417a4218c838fb1df8258c596d706a1d3c36ae565a3dd0ddd196 all runs: OK false negative chance: 0.000 the bug was not introduced yet; pretend that kernel crashed # git bisect good b4a3cae58cd86371293a6e504c4a10a31ea51ae2 Bisecting: 909 revisions left to test after this (roughly 10 steps) [f1e746aedd7dfbdea84b690c56154a11b68dc4de] drm/i915: Don't preserve dpll_hw_state for slave crtc in Bigjoiner determine whether the revision contains the guilty commit checking the merge base b1644a0031cfb3ca2cbd84c92f771f8ebb62302d the bug was not introduced yet; pretend that kernel crashed # git bisect good f1e746aedd7dfbdea84b690c56154a11b68dc4de Bisecting: 454 revisions left to test after this (roughly 9 steps) [51aea7e9d5212adb8a3d198510cfcde4125988f9] tcp: Reduce chance of collisions in inet6_hashfn(). determine whether the revision contains the guilty commit checking the merge base b1644a0031cfb3ca2cbd84c92f771f8ebb62302d the bug was not introduced yet; pretend that kernel crashed # git bisect good 51aea7e9d5212adb8a3d198510cfcde4125988f9 Bisecting: 227 revisions left to test after this (roughly 8 steps) [debc1e04860e76d85cbb68385437246371395b35] ANDROID: Update the ABI symbol list determine whether the revision contains the guilty commit revision c2611a04b92f0e6a38f718c50605300a325b7c7b crashed and is reachable testing commit debc1e04860e76d85cbb68385437246371395b35 gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 238fc33ae983fb3178fef97e88ff69afad8edac2e3fb97ce19c83232c2d7078d all runs: crashed: KASAN: null-ptr-deref Write in backing_data_changed representative crash: KASAN: null-ptr-deref Write in backing_data_changed, types: [KASAN] # git bisect good debc1e04860e76d85cbb68385437246371395b35 Bisecting: 113 revisions left to test after this (roughly 7 steps) [8ab9ad163804522d2d469a424aa7a4cbd3b96225] PM: sleep: wakeirq: fix wake irq arming determine whether the revision contains the guilty commit checking the merge base b1644a0031cfb3ca2cbd84c92f771f8ebb62302d the bug was not introduced yet; pretend that kernel crashed # git bisect good 8ab9ad163804522d2d469a424aa7a4cbd3b96225 Bisecting: 56 revisions left to test after this (roughly 6 steps) [8b02e8901dd8398818ad9a2c78d4e23b0afe4b10] Merge branch 'android14-6.1' into 'android14-6.1-lts' determine whether the revision contains the guilty commit revision c2611a04b92f0e6a38f718c50605300a325b7c7b crashed and is reachable testing commit 8b02e8901dd8398818ad9a2c78d4e23b0afe4b10 gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: adf3e25b0eeb8ba169b2face8a8429a87a733cf7b62d77cc748a46940b70b304 all runs: crashed: KASAN: null-ptr-deref Write in backing_data_changed representative crash: KASAN: null-ptr-deref Write in backing_data_changed, types: [KASAN] # git bisect good 8b02e8901dd8398818ad9a2c78d4e23b0afe4b10 Bisecting: 37 revisions left to test after this (roughly 5 steps) [52a953d0934b17a88f403b4135eb3cdf83d19f91] Linux 6.1.43 determine whether the revision contains the guilty commit checking the merge base b1644a0031cfb3ca2cbd84c92f771f8ebb62302d the bug was not introduced yet; pretend that kernel crashed # git bisect good 52a953d0934b17a88f403b4135eb3cdf83d19f91 Bisecting: 18 revisions left to test after this (roughly 4 steps) [f5aa90efe86474e7ccb4155fae36eb0ee83207f2] FROMLIST: Revert "fuse: Apply flags2 only when userspace set the FUSE_INIT_EXT" determine whether the revision contains the guilty commit revision 8b02e8901dd8398818ad9a2c78d4e23b0afe4b10 crashed and is reachable testing commit f5aa90efe86474e7ccb4155fae36eb0ee83207f2 gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: c04fdae16a9ef4a0c89112167e7cdf08b23b9dd120c197639129a8d3e422ea3e all runs: crashed: KASAN: null-ptr-deref Write in backing_data_changed representative crash: KASAN: null-ptr-deref Write in backing_data_changed, types: [KASAN] # git bisect good f5aa90efe86474e7ccb4155fae36eb0ee83207f2 Bisecting: 9 revisions left to test after this (roughly 3 steps) [09474646338fa48bb410eee0c3681cb8c77dfa3b] ANDROID: power: Add vendor hook for suspend determine whether the revision contains the guilty commit revision debc1e04860e76d85cbb68385437246371395b35 crashed and is reachable testing commit 09474646338fa48bb410eee0c3681cb8c77dfa3b gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 34a255a46ea025f92113c5fa0450af0fe4a3db09c5cffbaeb95e11b93313423a all runs: OK false negative chance: 0.000 # git bisect bad 09474646338fa48bb410eee0c3681cb8c77dfa3b Bisecting: 4 revisions left to test after this (roughly 2 steps) [63d4231d85e23d4eb29ab2ac10d5eccd0d41e7a9] ANDROID: fuse-bpf: Add NULL pointer check in fuse_entry_revalidate determine whether the revision contains the guilty commit revision c2611a04b92f0e6a38f718c50605300a325b7c7b crashed and is reachable testing commit 63d4231d85e23d4eb29ab2ac10d5eccd0d41e7a9 gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 48c8d6d9cf6bca6c700b122303b1636994b3c2dc8cb5e1950dbe52f99b2f5c5a all runs: OK false negative chance: 0.000 # git bisect bad 63d4231d85e23d4eb29ab2ac10d5eccd0d41e7a9 Bisecting: 1 revision left to test after this (roughly 1 step) [0b200357782495594d8f5cc94f76efe905e34832] ANDROID: vendor_hooks: Add hooks for adjusting alloc_flags determine whether the revision contains the guilty commit revision c2611a04b92f0e6a38f718c50605300a325b7c7b crashed and is reachable testing commit 0b200357782495594d8f5cc94f76efe905e34832 gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 916c32cf0b0bc7ed055fbd08b826179520e12444f6a059e8f3e9f2c99f7a666a all runs: crashed: KASAN: null-ptr-deref Write in backing_data_changed representative crash: KASAN: null-ptr-deref Write in backing_data_changed, types: [KASAN] # git bisect good 0b200357782495594d8f5cc94f76efe905e34832 Bisecting: 0 revisions left to test after this (roughly 0 steps) [09641ca77fa025206c17935c8b210a0c80bf027d] ANDROID: GKI: Update oplus symbol list update oplus symbol list for Addding hooks for adjusting alloc_flags determine whether the revision contains the guilty commit revision debc1e04860e76d85cbb68385437246371395b35 crashed and is reachable testing commit 09641ca77fa025206c17935c8b210a0c80bf027d gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: e7c0ac30ba9b47214b5d85d48a53071c1f4216d774e2219766e0b67c1d0a9c77 all runs: crashed: KASAN: null-ptr-deref Write in backing_data_changed representative crash: KASAN: null-ptr-deref Write in backing_data_changed, types: [KASAN] # git bisect good 09641ca77fa025206c17935c8b210a0c80bf027d 63d4231d85e23d4eb29ab2ac10d5eccd0d41e7a9 is the first bad commit commit 63d4231d85e23d4eb29ab2ac10d5eccd0d41e7a9 Author: liujinbao1 Date: Thu Oct 12 12:28:06 2023 +0800 ANDROID: fuse-bpf: Add NULL pointer check in fuse_entry_revalidate If userspace tried to add a backing file in a fuse_dentry_revalidate where there wasn't one originally, this would trigger a crash. Disallow this operation for now. Bug: 296013218 Fixes: 57f3ff964899 ("ANDROID: fuse-bpf v1.1") Test: fuse_test passes, following script no longer crashes: adb shell su root setenforce 0 adb shell su root chmod ug+w /data/media adb shell su root rm /data/media/Android -rf adb shell su root mkdir -p /storage/emulated/Android/data/test adb shell su root ls -l /storage/emulated/Android/data/test Change-Id: Id8a67c43d1edfa010403d5f17e31109b796998cf Signed-off-by: liujinbao1 fs/fuse/dir.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) accumulated error probability: 0.00 culprit signature: 48c8d6d9cf6bca6c700b122303b1636994b3c2dc8cb5e1950dbe52f99b2f5c5a parent signature: e7c0ac30ba9b47214b5d85d48a53071c1f4216d774e2219766e0b67c1d0a9c77 revisions tested: 15, total time: 2h2m13.796435131s (build: 38m29.530729449s, test: 1h13m16.684450269s) first good commit: 63d4231d85e23d4eb29ab2ac10d5eccd0d41e7a9 ANDROID: fuse-bpf: Add NULL pointer check in fuse_entry_revalidate recipients (to): ["liujinbao1@xiaomi.corp-partner.google.com"] recipients (cc): []