ci2 starts bisection 2023-07-02 21:13:07.264807373 +0000 UTC m=+123538.230944880 bisecting cause commit starting from ed2a228522b98300ecccd958506a9a2833eca780 building syzkaller on bfc478367b83b3fda580f54964aa9f3651beeb3d ensuring issue is reproducible on original commit ed2a228522b98300ecccd958506a9a2833eca780 testing commit ed2a228522b98300ecccd958506a9a2833eca780 gcc compiler: Debian clang version 15.0.7, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 194f9eb29a4a9c4a614959e388a2cdc65c9e5dc8060bd3d6811f77ac2f261a1d all runs: crashed: general protection fault in fuse_file_put testing release v6.1.25 testing commit f17b0ab65d17988d5e6d6fe22f708ef3721080bf gcc compiler: Debian clang version 15.0.7, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: f91884ef8bae8ebce87ecf21c958d70fb6772fbec34bfa597f44f2e764828459 all runs: OK # git bisect start ed2a228522b98300ecccd958506a9a2833eca780 f17b0ab65d17988d5e6d6fe22f708ef3721080bf Bisecting: 3005 revisions left to test after this (roughly 12 steps) [f1332888c84277a6d9d46eb2b5b731d0c7cf90d1] Merge 7d1be0a09fa6 ("drm/edid: Fix EDID quirk compile error on older compilers") into android-mainline testing commit f1332888c84277a6d9d46eb2b5b731d0c7cf90d1 gcc compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: dc33846f9edfa79169411d7f66cade70e046897f8d3c5cc5571b5744ea8528b4 all runs: OK # git bisect good f1332888c84277a6d9d46eb2b5b731d0c7cf90d1 Bisecting: 1502 revisions left to test after this (roughly 11 steps) [9d7d7ea7e3ef42bc60cb05103ce3c02f0b8ce823] ANDROID: softirq: Export irq_handler_exit tracepoint testing commit 9d7d7ea7e3ef42bc60cb05103ce3c02f0b8ce823 gcc compiler: Debian clang version 15.0.7, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: c854fbb0e9fadaa5fd4b0195996f8d6ec0c0cdc96043f9918a8034926778baa1 all runs: OK # git bisect good 9d7d7ea7e3ef42bc60cb05103ce3c02f0b8ce823 Bisecting: 751 revisions left to test after this (roughly 10 steps) [88153d9a99c354e3b657665d003e463cdbdc78a6] ANDROID: vmscan: Support multiple kswapd threads per node testing commit 88153d9a99c354e3b657665d003e463cdbdc78a6 gcc compiler: Debian clang version 15.0.7, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: f78621295d402cb14c99b6a104803111c499cadf04b444ad03915476be5fcd87 all runs: OK # git bisect good 88153d9a99c354e3b657665d003e463cdbdc78a6 Bisecting: 375 revisions left to test after this (roughly 9 steps) [94b540c38dd4b4e4c52c1ed3eedcef1aee4cd46e] ANDROID: mm: create vendor hooks for do_shrink_slab() testing commit 94b540c38dd4b4e4c52c1ed3eedcef1aee4cd46e gcc compiler: Debian clang version 15.0.7, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 3710c3cb342b011fe25b832a26f613f8476d3f63125c72ca481a007b9a37bb9a all runs: OK # git bisect good 94b540c38dd4b4e4c52c1ed3eedcef1aee4cd46e Bisecting: 187 revisions left to test after this (roughly 8 steps) [a80f228e593c09f7eba56de05a8200b45fb548f4] ANDROID: vendor_hooks: add a field in mem_cgroup testing commit a80f228e593c09f7eba56de05a8200b45fb548f4 gcc compiler: Debian clang version 15.0.7, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: e2e0d23c5da04311dfe4f8968276a785c6d792dc43a55a78f7828d2b48906b63 all runs: OK # git bisect good a80f228e593c09f7eba56de05a8200b45fb548f4 Bisecting: 93 revisions left to test after this (roughly 7 steps) [dadb40b436c6c71665c037de6e2a8117e27f87dc] UPSTREAM: Revert "binder_alloc: add missing mmap_lock calls when using the VMA" testing commit dadb40b436c6c71665c037de6e2a8117e27f87dc gcc compiler: Debian clang version 15.0.7, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 37ab8d781e7d485f2ea7a6946f754e74a0a96cdf79078e856bbe20244e74c14a all runs: OK # git bisect good dadb40b436c6c71665c037de6e2a8117e27f87dc Bisecting: 46 revisions left to test after this (roughly 6 steps) [7668cef283864085203848eb486b1e1de4debb68] ANDROID: HID: Only utilise UHID provided exports if UHID is enabled testing commit 7668cef283864085203848eb486b1e1de4debb68 gcc compiler: Debian clang version 15.0.7, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: b394bfdfb7a9a82a3017bbad748c217c24c89ac66ea8fb6a518c99cb10e87a92 all runs: OK # git bisect good 7668cef283864085203848eb486b1e1de4debb68 Bisecting: 23 revisions left to test after this (roughly 5 steps) [5af5006061ec85dd4c382798c2b4a8026c69bd24] FROMGIT: usb: dwc3: gadget: Bail out in pullup if soft reset timeout happens testing commit 5af5006061ec85dd4c382798c2b4a8026c69bd24 gcc compiler: Debian clang version 15.0.7, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 12a5cbc37d6816504952460f6caddb89e3d734412eb9a54f6ea47358ee69d5d3 all runs: crashed: general protection fault in fuse_file_put # git bisect bad 5af5006061ec85dd4c382798c2b4a8026c69bd24 Bisecting: 11 revisions left to test after this (roughly 4 steps) [947e7c1d72c09f7d0a12727adcd579f4405babe6] ANDROID: GKI: Update symbols to symbol list testing commit 947e7c1d72c09f7d0a12727adcd579f4405babe6 gcc compiler: Debian clang version 15.0.7, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 0bd33b624a86a92fc3f3ee5006f92cfb2f73d4d846809450d9a15e7dc330559e all runs: crashed: general protection fault in fuse_file_put # git bisect bad 947e7c1d72c09f7d0a12727adcd579f4405babe6 Bisecting: 5 revisions left to test after this (roughly 3 steps) [9ea87136d184cb4747e6fef7f9cac152687c566f] ANDROID: fuse-bpf: Move FUSE_RELEASE to correct place testing commit 9ea87136d184cb4747e6fef7f9cac152687c566f gcc compiler: Debian clang version 15.0.7, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 35636648ac7853012a625801371fe3039d22581e88692f819b6cce586f2e539a all runs: crashed: general protection fault in fuse_file_put # git bisect bad 9ea87136d184cb4747e6fef7f9cac152687c566f Bisecting: 2 revisions left to test after this (roughly 1 step) [d28f02c47b770834498ad556ed17c9450e03e5ff] ANDROID: Delete MODULES_LIST from build configs. testing commit d28f02c47b770834498ad556ed17c9450e03e5ff gcc compiler: Debian clang version 15.0.7, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: f2735931ba56ff7bb8d2a321cf7e0989ded3d40895e2d3800a2c85846c3fdb3b all runs: OK # git bisect good d28f02c47b770834498ad556ed17c9450e03e5ff Bisecting: 0 revisions left to test after this (roughly 1 step) [b8ef5bfbee8ca7fa98b3acf8ef4a70cce616b336] ANDROID: fuse-bpf: Ensure bpf field can never be nulled testing commit b8ef5bfbee8ca7fa98b3acf8ef4a70cce616b336 gcc compiler: Debian clang version 15.0.7, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: af71d460d47866bae1e39bc8de8198ec1389efea5dfec42efaee69e0ed9a0f9e all runs: OK # git bisect good b8ef5bfbee8ca7fa98b3acf8ef4a70cce616b336 9ea87136d184cb4747e6fef7f9cac152687c566f is the first bad commit commit 9ea87136d184cb4747e6fef7f9cac152687c566f Author: Paul Lawrence Date: Wed Jun 14 11:55:53 2023 -0700 ANDROID: fuse-bpf: Move FUSE_RELEASE to correct place The existing fuse-bpf freeing logic would free the fuse_file struct immediately. However, this would break readahead. Move freeing logic to the same place as done in classic fuse. Bug: 286287652 Test: fuse_test passes, android boots, cts tests run Change-Id: If13519f0e956a8da0dc98e7ac4aed2036070e969 Signed-off-by: Paul Lawrence fs/fuse/backing.c | 40 ++++++------------------------ fs/fuse/dir.c | 11 --------- fs/fuse/file.c | 74 ++++++++++++++++++++++++++++++------------------------- fs/fuse/fuse_i.h | 9 +++---- 4 files changed, 50 insertions(+), 84 deletions(-) culprit signature: 35636648ac7853012a625801371fe3039d22581e88692f819b6cce586f2e539a parent signature: af71d460d47866bae1e39bc8de8198ec1389efea5dfec42efaee69e0ed9a0f9e revisions tested: 14, total time: 6h15m0.772014156s (build: 3h16m18.867476475s, test: 2h38m21.566223709s) first bad commit: 9ea87136d184cb4747e6fef7f9cac152687c566f ANDROID: fuse-bpf: Move FUSE_RELEASE to correct place recipients (to): ["paullawrence@google.com"] recipients (cc): [] crash: general protection fault in fuse_file_put RBP: 00007f051c2161d0 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 R13: 00007ffffba1ed4f R14: 00007f051c216300 R15: 0000000000022000 general protection fault, probably for non-canonical address 0xdffffc0000000005: 0000 [#1] PREEMPT SMP KASAN KASAN: null-ptr-deref in range [0x0000000000000028-0x000000000000002f] CPU: 1 PID: 369 Comm: syz-executor.0 Not tainted 6.1.25-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/27/2023 RIP: 0010:get_fuse_mount fs/fuse/fuse_i.h:965 [inline] RIP: 0010:fuse_file_put+0x10a/0x1eb0 fs/fuse/file.c:119 Code: f8 01 0f 85 62 03 00 00 4c 89 6c 24 70 4c 89 7c 24 40 48 89 9c 24 98 00 00 00 48 8b 44 24 48 48 8d 58 28 48 89 d8 48 c1 e8 03 <42> 80 3c 20 00 74 08 48 89 df e8 c7 f4 b1 ff 4c 8d bc 24 c0 00 00 RSP: 0018:ffffc90000e26ea0 EFLAGS: 00010206 RAX: 0000000000000005 RBX: 0000000000000028 RCX: ffffffff81f26ac4 RDX: 0000000000000001 RSI: 0000000000000004 RDI: ffff8881104fe828 RBP: ffffc90000e27240 R08: dffffc0000000000 R09: ffffed102209fd06 R10: 0000000000000000 R11: dffffc0000000001 R12: dffffc0000000000 R13: ffff8881104ff000 R14: ffff8881104fe828 R15: ffff8881104fe800 FS: 00007f051c216700(0000) GS:ffff8881f7300000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 0000000020001140 CR3: 00000001105cf000 CR4: 00000000003506a0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: fuse_sync_release+0x6a/0x90 fs/fuse/file.c:400 fuse_create_open+0x211d/0x2de0 fs/fuse/dir.c:813 fuse_atomic_open+0x207/0x370 fs/fuse/dir.c:875 atomic_open fs/namei.c:3276 [inline] lookup_open fs/namei.c:3384 [inline] open_last_lookups fs/namei.c:3481 [inline] path_openat+0xd72/0x2450 fs/namei.c:3711 do_filp_open+0x226/0x430 fs/namei.c:3741 do_sys_openat2+0x103/0x6c0 fs/open.c:1333 do_sys_open fs/open.c:1349 [inline] __do_sys_creat fs/open.c:1425 [inline] __se_sys_creat fs/open.c:1419 [inline] __x64_sys_creat+0x11a/0x160 fs/open.c:1419 do_syscall_x64 arch/x86/entry/common.c:50 [inline] do_syscall_64+0x3d/0xb0 arch/x86/entry/common.c:80 entry_SYSCALL_64_after_hwframe+0x63/0xcd RIP: 0033:0x7f051b48c389 Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 f1 19 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 RSP: 002b:00007f051c216168 EFLAGS: 00000246 ORIG_RAX: 0000000000000055 RAX: ffffffffffffffda RBX: 00007f051b5abf80 RCX: 00007f051b48c389 RDX: 0000000000000000 RSI: 0000000000000000 RDI: 00000000200002c0 RBP: 00007f051c2161d0 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 R13: 00007ffffba1ed4f R14: 00007f051c216300 R15: 0000000000022000 Modules linked in: ---[ end trace 0000000000000000 ]--- RIP: 0010:get_fuse_mount fs/fuse/fuse_i.h:965 [inline] RIP: 0010:fuse_file_put+0x10a/0x1eb0 fs/fuse/file.c:119 Code: f8 01 0f 85 62 03 00 00 4c 89 6c 24 70 4c 89 7c 24 40 48 89 9c 24 98 00 00 00 48 8b 44 24 48 48 8d 58 28 48 89 d8 48 c1 e8 03 <42> 80 3c 20 00 74 08 48 89 df e8 c7 f4 b1 ff 4c 8d bc 24 c0 00 00 RSP: 0018:ffffc90000e26ea0 EFLAGS: 00010206 RAX: 0000000000000005 RBX: 0000000000000028 RCX: ffffffff81f26ac4 RDX: 0000000000000001 RSI: 0000000000000004 RDI: ffff8881104fe828 RBP: ffffc90000e27240 R08: dffffc0000000000 R09: ffffed102209fd06 R10: 0000000000000000 R11: dffffc0000000001 R12: dffffc0000000000 R13: ffff8881104ff000 R14: ffff8881104fe828 R15: ffff8881104fe800 FS: 00007f051c216700(0000) GS:ffff8881f7300000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 0000000020001140 CR3: 00000001105cf000 CR4: 00000000003506a0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 ---------------- Code disassembly (best guess): 0: f8 clc 1: 01 0f add %ecx,(%rdi) 3: 85 62 03 test %esp,0x3(%rdx) 6: 00 00 add %al,(%rax) 8: 4c 89 6c 24 70 mov %r13,0x70(%rsp) d: 4c 89 7c 24 40 mov %r15,0x40(%rsp) 12: 48 89 9c 24 98 00 00 mov %rbx,0x98(%rsp) 19: 00 1a: 48 8b 44 24 48 mov 0x48(%rsp),%rax 1f: 48 8d 58 28 lea 0x28(%rax),%rbx 23: 48 89 d8 mov %rbx,%rax 26: 48 c1 e8 03 shr $0x3,%rax * 2a: 42 80 3c 20 00 cmpb $0x0,(%rax,%r12,1) <-- trapping instruction 2f: 74 08 je 0x39 31: 48 89 df mov %rbx,%rdi 34: e8 c7 f4 b1 ff callq 0xffb1f500 39: 4c rex.WR 3a: 8d .byte 0x8d 3b: bc 24 c0 00 00 mov $0xc024,%esp