ci2 starts bisection 2023-07-01 22:35:09.475931355 +0000 UTC m=+42060.442068849 bisecting cause commit starting from 241da2ad56013ea077895b8498d7fcbbe770ae4c building syzkaller on bfc478367b83b3fda580f54964aa9f3651beeb3d ensuring issue is reproducible on original commit 241da2ad56013ea077895b8498d7fcbbe770ae4c testing commit 241da2ad56013ea077895b8498d7fcbbe770ae4c gcc compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: aeb30f69014419e1a6e00efe2945d03854a4f04b849cdc93835d51c6ab71f243 all runs: crashed: general protection fault in do_unlinkat testing release v5.15.118 testing commit f67653019430833d5003f16817d7fa85272a6a76 gcc compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 075ab0edbdb4fe0219c4316cf1fbeaa41ee59c333ce0b8318d56fcf50d7ed46f all runs: OK # git bisect start 241da2ad56013ea077895b8498d7fcbbe770ae4c f67653019430833d5003f16817d7fa85272a6a76 Bisecting: 3019 revisions left to test after this (roughly 12 steps) [81030382f3774d799ba366fea17393b2a3f2746c] UPSTREAM: KVM: arm64: pkvm: Preserve pending SError on exit from AArch32 testing commit 81030382f3774d799ba366fea17393b2a3f2746c gcc compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 09142de2172363be7d3387f3c79bf9b847ffd3611db595803aa12aa2ee4b20df all runs: OK # git bisect good 81030382f3774d799ba366fea17393b2a3f2746c Bisecting: 1509 revisions left to test after this (roughly 11 steps) [75cd98366d18691b6698d4f9784769a777447d91] UPSTREAM: btrfs: fallback to blocking mode when doing async dio over multiple extents testing commit 75cd98366d18691b6698d4f9784769a777447d91 gcc compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 548627d772f5b87e3e2e79918b3ec89d3482b194512e290acf411b6fdad77eca all runs: OK # git bisect good 75cd98366d18691b6698d4f9784769a777447d91 Bisecting: 754 revisions left to test after this (roughly 10 steps) [f3f123ebb5ce3a606b524003e362460b91675e93] BACKPORT: mm: x86: add CONFIG_ARCH_HAS_NONLEAF_PMD_YOUNG testing commit f3f123ebb5ce3a606b524003e362460b91675e93 gcc compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 519cdb2005763a7fa3ecc4533d831a01dfc056b545ccc1001cc4cc5e8bbab952 all runs: OK # git bisect good f3f123ebb5ce3a606b524003e362460b91675e93 Bisecting: 377 revisions left to test after this (roughly 9 steps) [16bb33d7efcf5dab00733d43234985ac32c7547c] ANDROID: ABI: Update allowed list for QCOM testing commit 16bb33d7efcf5dab00733d43234985ac32c7547c gcc compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: f73f3dc34f014871c11deda17db4c083a28529bd7411794ce3c675322a757fd6 all runs: crashed: general protection fault in do_unlinkat # git bisect bad 16bb33d7efcf5dab00733d43234985ac32c7547c Bisecting: 188 revisions left to test after this (roughly 8 steps) [e80bb466946c410d9aa504db493a103a89523c70] ANDROID: Revert "ANDROID: allmodconfig: disable WERROR" testing commit e80bb466946c410d9aa504db493a103a89523c70 gcc compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: af3fea71bdcc68dc2667cc24e23f5f853448ea160fb123b157435e7d777858fc all runs: OK # git bisect good e80bb466946c410d9aa504db493a103a89523c70 Bisecting: 101 revisions left to test after this (roughly 7 steps) [0c8a58469bba51493c04fd3f0ab3ebbd3cd8dfa9] UPSTREAM: usb: gadget: uvc: Prevent buffer overflow in setup handler testing commit 0c8a58469bba51493c04fd3f0ab3ebbd3cd8dfa9 gcc compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 5e4e8c414708e17771b8cfc3f7e2d423dfd5913b1494d692993d30bf859f9cad all runs: OK # git bisect good 0c8a58469bba51493c04fd3f0ab3ebbd3cd8dfa9 Bisecting: 50 revisions left to test after this (roughly 6 steps) [b607fae9000f02380ab2e1dd935bc33e5052a0ac] UPSTREAM: f2fs: fix to invalidate dcc->f2fs_issue_discard in error path testing commit b607fae9000f02380ab2e1dd935bc33e5052a0ac gcc compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 3469ff9f8c63ed6bb9be44a966e2a04fee4290758a4935c3220eb0b29d8e68a3 all runs: OK # git bisect good b607fae9000f02380ab2e1dd935bc33e5052a0ac Bisecting: 25 revisions left to test after this (roughly 5 steps) [bd82038474ec1dd2ada0326612c5c4a1fd794ccc] Revert "BACKPORT: FROMGIT: sched: Enforce user requested affinity" testing commit bd82038474ec1dd2ada0326612c5c4a1fd794ccc gcc compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 5d213cf0197517591e344784901ee7d49500a04aeb088aaaa4e2758c6194a9fd all runs: OK # git bisect good bd82038474ec1dd2ada0326612c5c4a1fd794ccc Bisecting: 12 revisions left to test after this (roughly 4 steps) [89eccb84959fc3b288fd872726e0cb8d3823033f] UPSTREAM: ext4: add inode table check in __ext4_get_inode_loc to aovid possible infinite loop testing commit 89eccb84959fc3b288fd872726e0cb8d3823033f gcc compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: e457716313413e0f97172443ae14c98a7cb28e31d38a549090fa2628f9edf49e all runs: crashed: general protection fault in do_unlinkat # git bisect bad 89eccb84959fc3b288fd872726e0cb8d3823033f Bisecting: 6 revisions left to test after this (roughly 3 steps) [af8dfb011fd0e434de7f0287e561a67757fb9346] FROMLIST: input: Add KEY_CAMERA_FOCUS event in HID testing commit af8dfb011fd0e434de7f0287e561a67757fb9346 gcc compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 32997f0a1a23f4909dad0e24db1ebafd60130ac1d7591cbcb80d3eb4490725fc all runs: OK # git bisect good af8dfb011fd0e434de7f0287e561a67757fb9346 Bisecting: 3 revisions left to test after this (roughly 2 steps) [f5f4199c102aa676998b42abff60d071385c1c0c] ANDROID: fuse-bpf v1.1 testing commit f5f4199c102aa676998b42abff60d071385c1c0c gcc compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: a5cc0f0bb89c64de4734bdaa53abdb62e9e2d90e6b57224f8c6f650a5bb61c8c all runs: crashed: general protection fault in do_unlinkat # git bisect bad f5f4199c102aa676998b42abff60d071385c1c0c Bisecting: 0 revisions left to test after this (roughly 1 step) [bff9debefdec7aa9e5c6390a7623c12a83796f30] ANDROID: GKI: update xiaomi symbol list testing commit bff9debefdec7aa9e5c6390a7623c12a83796f30 gcc compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 9f7ecffb0540ae704068e63861f3df03bdb220a27c057b825cd6c7d9361373a8 all runs: OK # git bisect good bff9debefdec7aa9e5c6390a7623c12a83796f30 f5f4199c102aa676998b42abff60d071385c1c0c is the first bad commit commit f5f4199c102aa676998b42abff60d071385c1c0c Author: Daniel Rosenberg Date: Thu Dec 2 13:50:02 2021 -0800 ANDROID: fuse-bpf v1.1 These patches extend FUSE to be able to act as a stacked filesystem. This allows pure passthrough, where the fuse file system simply reflects the lower filesystem, and also allows optional pre and post filtering in BPF and/or the userspace daemon as needed. This can dramatically reduce or even eliminate transitions to and from userspace. See https://lwn.net/Articles/915717/ Note that this patch set has been extensively tested in common-android13-5.10 This is a squash of these changes cherry-picked from common-android13-5.10 ANDROID: fuse-bpf: Make compile and pass test ANDROID: fuse-bpf: set error_in to ENOENT in negative lookup ANDROID: fuse-bpf: Add ability to run ranges of tests to fuse_test ANDROID: fuse-bpf: Add test for lookup postfilter ANDROID: fuse-bpf: readddir postfilter fixes ANDROID: fix kernelci error in fs/fuse/dir.c ANDROID: fuse-bpf: Fix RCU/reference issue ANDROID: fuse-bpf: Always call revalidate for backing ANDROID: fuse-bpf: Adjust backing handle funcs ANDROID: fuse-bpf: Fix revalidate error path and backing handling ANDROID: fuse-bpf: Fix use of get_fuse_inode ANDROID: fuse: Don't use readdirplus w/ nodeid 0 ANDROID: fuse-bpf: Introduce readdirplus test case for fuse bpf ANDROID: fuse-bpf: Make sure force_again flag is false by default ANDROID: fuse-bpf: Make inodes with backing_fd reachable for regular FUSE fuse_iget Revert "ANDROID: fuse-bpf: use target instead of parent inode to execute backing revalidate" ANDROID: fuse-bpf: use target instead of parent inode to execute backing revalidate ANDROID: fuse-bpf: Fix misuse of args.out_args ANDROID: fuse-bpf: Fix non-fusebpf build ANDROID: fuse-bpf: Use fuse_bpf_args in uapi ANDROID: fuse-bpf: Fix read_iter ANDROID: fuse-bpf: Use cache and refcount ANDROID: fuse-bpf: Rename iocb_fuse to iocb_orig ANDROID: fuse-bpf: Fix fixattr in rename ANDROID: fuse-bpf: Fix readdir ANDROID: fuse-bpf: Fix lseek return value for offset 0 ANDROID: fuse-bpf: fix read_iter and write_iter ANDROID: fuse-bpf: fix special devices ANDROID: fuse-bpf: support FUSE_LSEEK ANDROID: fuse-bpf: Add support for FUSE_COPY_FILE_RANGE ANDROID: fuse-bpf: Report errors to finalize ANDROID: fuse-bpf: Avoid reusing uint64_t for file ANDROID: fuse-bpf: Fix CONFIG_FUSE_BPF typo in FUSE_FSYNCDIR ANDROID: fuse-bpf: Move fd operations to be synchronous ANDROID: fuse-bpf: Invalidate if lower is unhashed ANDROID: fuse-bpf: Move bpf earlier in fuse_permission ANDROID: fuse-bpf: Update attributes on file write ANDROID: fuse: allow mounting with no userspace daemon ANDROID: fuse-bpf: Support FUSE_STATFS ANDROID: fuse-bpf: Fix filldir ANDROID: fuse-bpf: fix fuse_create_open_finalize ANDROID: fuse: add bpf support for removexattr ANDROID: fuse-bpf: Fix truncate ANDROID: fuse-bpf: Support inotify ANDROID: fuse-bpf: Make compile with CONFIG_FUSE but no CONFIG_FUSE_BPF ANDROID: fuse-bpf: Fix perms on readdir ANDROID: fuse: Fix umasking in backing ANDROID: fs/fuse: Backing move returns EXDEV if TO not backed ANDROID: bpf-fuse: Fix Setattr ANDROID: fuse-bpf: Check if mkdir dentry setup ANDROID: fuse-bpf: Close backing fds in fuse_dentry_revalidate ANDROID: fuse-bpf: Close backing-fd on both paths ANDROID: fuse-bpf: Partial fix for mmap'd files ANDROID: fuse-bpf: Restore a missing const ANDROID: Add fuse-bpf self tests ANDROID: Add FUSE_BPF to gki_defconfig ANDROID: fuse-bpf v1 ANDROID: fuse: Move functions in preparation for fuse-bpf Bug: 202785178 Test: test_fuse passes on linux. On cuttlefish, atest android.scopedstorage.cts.host.ScopedStorageHostTest passes with fuse-bpf enabled and disabled Change-Id: Idb099c281f9b39ff2c46fa3ebc63e508758416ee Signed-off-by: Paul Lawrence Signed-off-by: Daniel Rosenberg arch/arm64/configs/gki_defconfig | 1 + arch/x86/configs/gki_defconfig | 1 + fs/fuse/Kconfig | 8 + fs/fuse/Makefile | 1 + fs/fuse/backing.c | 2468 ++++++++++++++++++++ fs/fuse/control.c | 2 +- fs/fuse/dev.c | 19 + fs/fuse/dir.c | 530 +++-- fs/fuse/file.c | 130 ++ fs/fuse/fuse_i.h | 717 +++++- fs/fuse/inode.c | 324 ++- fs/fuse/passthrough.c | 2 +- fs/fuse/readdir.c | 22 + fs/fuse/xattr.c | 40 + include/linux/bpf_types.h | 3 + include/uapi/linux/android_fuse.h | 97 + include/uapi/linux/bpf.h | 12 + kernel/bpf/Makefile | 3 + kernel/bpf/bpf_fuse.c | 128 + kernel/bpf/btf.c | 1 + .../testing/selftests/filesystems/fuse/.gitignore | 2 + tools/testing/selftests/filesystems/fuse/Makefile | 34 + tools/testing/selftests/filesystems/fuse/OWNERS | 2 + .../selftests/filesystems/fuse/bpf_loader.c | 791 +++++++ tools/testing/selftests/filesystems/fuse/fd.txt | 21 + tools/testing/selftests/filesystems/fuse/fd_bpf.c | 252 ++ .../selftests/filesystems/fuse/fuse_daemon.c | 294 +++ .../testing/selftests/filesystems/fuse/fuse_test.c | 2142 +++++++++++++++++ .../testing/selftests/filesystems/fuse/test_bpf.c | 507 ++++ .../selftests/filesystems/fuse/test_framework.h | 181 ++ .../testing/selftests/filesystems/fuse/test_fuse.h | 337 +++ .../selftests/filesystems/fuse/test_fuse_bpf.h | 65 + 32 files changed, 8930 insertions(+), 207 deletions(-) create mode 100644 fs/fuse/backing.c create mode 100644 include/uapi/linux/android_fuse.h create mode 100644 kernel/bpf/bpf_fuse.c create mode 100644 tools/testing/selftests/filesystems/fuse/.gitignore create mode 100644 tools/testing/selftests/filesystems/fuse/Makefile create mode 100644 tools/testing/selftests/filesystems/fuse/OWNERS create mode 100644 tools/testing/selftests/filesystems/fuse/bpf_loader.c create mode 100644 tools/testing/selftests/filesystems/fuse/fd.txt create mode 100644 tools/testing/selftests/filesystems/fuse/fd_bpf.c create mode 100644 tools/testing/selftests/filesystems/fuse/fuse_daemon.c create mode 100644 tools/testing/selftests/filesystems/fuse/fuse_test.c create mode 100644 tools/testing/selftests/filesystems/fuse/test_bpf.c create mode 100644 tools/testing/selftests/filesystems/fuse/test_framework.h create mode 100644 tools/testing/selftests/filesystems/fuse/test_fuse.h create mode 100644 tools/testing/selftests/filesystems/fuse/test_fuse_bpf.h culprit signature: a5cc0f0bb89c64de4734bdaa53abdb62e9e2d90e6b57224f8c6f650a5bb61c8c parent signature: 9f7ecffb0540ae704068e63861f3df03bdb220a27c057b825cd6c7d9361373a8 revisions tested: 14, total time: 7h32m59.425060185s (build: 5h1m45.102014044s, test: 2h1m43.00456227s) first bad commit: f5f4199c102aa676998b42abff60d071385c1c0c ANDROID: fuse-bpf v1.1 recipients (to): ["drosen@google.com" "paullawrence@google.com"] recipients (cc): [] crash: general protection fault in do_unlinkat general protection fault, probably for non-canonical address 0xdffffc0000000000: 0000 [#1] PREEMPT SMP KASAN KASAN: null-ptr-deref in range [0x0000000000000000-0x0000000000000007] CPU: 0 PID: 360 Comm: syz-executor.0 Not tainted 5.15.78-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/27/2023 RIP: 0010:__d_entry_type include/linux/dcache.h:404 [inline] RIP: 0010:d_is_miss include/linux/dcache.h:409 [inline] RIP: 0010:d_is_negative include/linux/dcache.h:455 [inline] RIP: 0010:do_unlinkat+0x25a/0x5b0 fs/namei.c:4214 Code: 4c 89 e0 4c 89 e2 48 c1 e8 03 83 e2 07 42 0f b6 04 28 38 d0 7f 08 84 c0 0f 85 86 02 00 00 4c 89 c0 45 0f b6 24 24 48 c1 e8 03 <42> 0f b6 04 28 84 c0 74 08 3c 03 0f 8e 4e 02 00 00 41 8b 00 89 c2 RSP: 0018:ffffc90000707e00 EFLAGS: 00010246 RAX: 0000000000000000 RBX: ffffc90000707ee8 RCX: 0000000000000000 RDX: 0000000000000005 RSI: 0000000000000008 RDI: ffff88810bab97d0 RBP: ffffc90000707f10 R08: 0000000000000002 R09: ffff88811c7619ef R10: ffffed10238ec33d R11: ffff8881f7238260 R12: 0000000000000000 R13: dffffc0000000000 R14: 0000000000000000 R15: 0000000000000000 FS: 00007f31673aa700(0000) GS:ffff8881f7200000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007fffba9f9a88 CR3: 000000011bd18000 CR4: 00000000003506b0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: __do_sys_unlink fs/namei.c:4269 [inline] __se_sys_unlink fs/namei.c:4267 [inline] __x64_sys_unlink+0xa5/0xe0 fs/namei.c:4267 do_syscall_x64 arch/x86/entry/common.c:50 [inline] do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80 entry_SYSCALL_64_after_hwframe+0x61/0xcb RIP: 0033:0x7f3167837389 Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 f1 19 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 RSP: 002b:00007f31673aa168 EFLAGS: 00000246 ORIG_RAX: 0000000000000057 RAX: ffffffffffffffda RBX: 00007f3167956f80 RCX: 00007f3167837389 RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000020000100 RBP: 00007f3167882493 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 R13: 00007fffd165408f R14: 00007f31673aa300 R15: 0000000000022000 Modules linked in: ---[ end trace c090b10ef8e36dfc ]--- RIP: 0010:__d_entry_type include/linux/dcache.h:404 [inline] RIP: 0010:d_is_miss include/linux/dcache.h:409 [inline] RIP: 0010:d_is_negative include/linux/dcache.h:455 [inline] RIP: 0010:do_unlinkat+0x25a/0x5b0 fs/namei.c:4214 Code: 4c 89 e0 4c 89 e2 48 c1 e8 03 83 e2 07 42 0f b6 04 28 38 d0 7f 08 84 c0 0f 85 86 02 00 00 4c 89 c0 45 0f b6 24 24 48 c1 e8 03 <42> 0f b6 04 28 84 c0 74 08 3c 03 0f 8e 4e 02 00 00 41 8b 00 89 c2 RSP: 0018:ffffc90000707e00 EFLAGS: 00010246 RAX: 0000000000000000 RBX: ffffc90000707ee8 RCX: 0000000000000000 RDX: 0000000000000005 RSI: 0000000000000008 RDI: ffff88810bab97d0 RBP: ffffc90000707f10 R08: 0000000000000002 R09: ffff88811c7619ef R10: ffffed10238ec33d R11: ffff8881f7238260 R12: 0000000000000000 R13: dffffc0000000000 R14: 0000000000000000 R15: 0000000000000000 FS: 00007f31673aa700(0000) GS:ffff8881f7200000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007fffba9f9a88 CR3: 000000011bd18000 CR4: 00000000003506b0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 ---------------- Code disassembly (best guess): 0: 4c 89 e0 mov %r12,%rax 3: 4c 89 e2 mov %r12,%rdx 6: 48 c1 e8 03 shr $0x3,%rax a: 83 e2 07 and $0x7,%edx d: 42 0f b6 04 28 movzbl (%rax,%r13,1),%eax 12: 38 d0 cmp %dl,%al 14: 7f 08 jg 0x1e 16: 84 c0 test %al,%al 18: 0f 85 86 02 00 00 jne 0x2a4 1e: 4c 89 c0 mov %r8,%rax 21: 45 0f b6 24 24 movzbl (%r12),%r12d 26: 48 c1 e8 03 shr $0x3,%rax * 2a: 42 0f b6 04 28 movzbl (%rax,%r13,1),%eax <-- trapping instruction 2f: 84 c0 test %al,%al 31: 74 08 je 0x3b 33: 3c 03 cmp $0x3,%al 35: 0f 8e 4e 02 00 00 jle 0x289 3b: 41 8b 00 mov (%r8),%eax 3e: 89 c2 mov %eax,%edx