ci2 starts bisection 2023-08-05 12:28:18.034845841 +0000 UTC m=+268.686708858
bisecting cause commit starting from 5e1d25ac2ab670561949d82de7b5027e5a9676d5
building syzkaller on cdae481e33658b7c827516ae5c7f16007c505832
ensuring issue is reproducible on original commit 5e1d25ac2ab670561949d82de7b5027e5a9676d5

testing commit 5e1d25ac2ab670561949d82de7b5027e5a9676d5 gcc
compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40
kernel signature: 12be963af7a2a383343e2ca63f71d54d0485d2af0cda589f976889c6d9cd4444
all runs: crashed: general protection fault in filename_create
representative crash: general protection fault in filename_create, types: [UNKNOWN]
check whether we can drop unnecessary instrumentation
disabling configs for [BUG KASAN LOCKDEP ATOMIC_SLEEP HANG LEAK UBSAN], they are not needed
testing commit 5e1d25ac2ab670561949d82de7b5027e5a9676d5 gcc
compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40
kernel signature: 1f0e0155edbdae425488e49f29a41c8253e4efeacd7e4fc4b5476cb2025d99a4
run #0: crashed: BUG: unable to handle kernel NULL pointer dereference in filename_create
run #1: crashed: BUG: unable to handle kernel NULL pointer dereference in filename_create
run #2: crashed: BUG: unable to handle kernel NULL pointer dereference in filename_create
run #3: crashed: BUG: unable to handle kernel NULL pointer dereference in filename_create
run #4: crashed: BUG: unable to handle kernel NULL pointer dereference in filename_create
run #5: crashed: BUG: unable to handle kernel NULL pointer dereference in filename_create
run #6: crashed: BUG: unable to handle kernel NULL pointer dereference in filename_create
run #7: crashed: BUG: unable to handle kernel NULL pointer dereference in filename_create
run #8: crashed: BUG: unable to handle kernel NULL pointer dereference in filename_create
run #9: crashed: BUG: unable to handle kernel NULL pointer dereference in filename_create
run #10: crashed: BUG: unable to handle kernel NULL pointer dereference in filename_create
run #11: crashed: BUG: unable to handle kernel NULL pointer dereference in filename_create
run #12: crashed: BUG: unable to handle kernel NULL pointer dereference in filename_create
run #13: crashed: BUG: unable to handle kernel NULL pointer dereference in filename_create
run #14: crashed: BUG: unable to handle kernel NULL pointer dereference in filename_create
run #15: crashed: BUG: unable to handle kernel NULL pointer dereference in filename_create
run #16: crashed: BUG: unable to handle kernel NULL pointer dereference in filename_create
run #17: crashed: BUG: unable to handle kernel NULL pointer dereference in filename_create
run #18: OK
representative crash: BUG: unable to handle kernel NULL pointer dereference in filename_create, types: [UNKNOWN]
the bug reproduces without the instrumentation
disabling configs for [UBSAN BUG KASAN LOCKDEP ATOMIC_SLEEP HANG LEAK], they are not needed
kconfig minimization: base=5179 full=6487 leaves diff=250
split chunks (needed=false): <250>
split chunk #0 of len 250 into 5 parts
testing without sub-chunk 1/5
disabling configs for [ATOMIC_SLEEP HANG LEAK UBSAN BUG KASAN LOCKDEP], they are not needed
testing commit 5e1d25ac2ab670561949d82de7b5027e5a9676d5 gcc
compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40
kernel signature: c24468d64d187cf239321350bc2c56c9e701ed7cd8665183227eaf7fac28382b
run #0: crashed: BUG: unable to handle kernel NULL pointer dereference in filename_create
run #1: crashed: BUG: unable to handle kernel NULL pointer dereference in filename_create
run #2: crashed: BUG: unable to handle kernel NULL pointer dereference in filename_create
run #3: crashed: BUG: unable to handle kernel NULL pointer dereference in filename_create
run #4: crashed: BUG: unable to handle kernel NULL pointer dereference in filename_create
run #5: crashed: BUG: unable to handle kernel NULL pointer dereference in filename_create
run #6: crashed: BUG: unable to handle kernel NULL pointer dereference in filename_create
run #7: crashed: BUG: unable to handle kernel NULL pointer dereference in filename_create
run #8: crashed: BUG: unable to handle kernel NULL pointer dereference in filename_create
run #9: crashed: BUG: unable to handle kernel NULL pointer dereference in filename_create
run #10: crashed: BUG: unable to handle kernel NULL pointer dereference in filename_create
run #11: crashed: BUG: unable to handle kernel NULL pointer dereference in filename_create
run #12: crashed: BUG: unable to handle kernel NULL pointer dereference in filename_create
run #13: crashed: BUG: unable to handle kernel NULL pointer dereference in filename_create
run #14: crashed: BUG: unable to handle kernel NULL pointer dereference in filename_create
run #15: crashed: BUG: unable to handle kernel NULL pointer dereference in filename_create
run #16: OK
run #17: OK
representative crash: BUG: unable to handle kernel NULL pointer dereference in filename_create, types: [UNKNOWN]
the chunk can be dropped
testing without sub-chunk 2/5
disabling configs for [KASAN LOCKDEP ATOMIC_SLEEP HANG LEAK UBSAN BUG], they are not needed
testing commit 5e1d25ac2ab670561949d82de7b5027e5a9676d5 gcc
compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40
kernel signature: 22b35907e4839f075248f6548cb27e7c03e6573e6e67d33b628c164758ec681a
run #0: crashed: BUG: unable to handle kernel NULL pointer dereference in filename_create
run #1: crashed: BUG: unable to handle kernel NULL pointer dereference in filename_create
run #2: crashed: BUG: unable to handle kernel NULL pointer dereference in filename_create
run #3: crashed: BUG: unable to handle kernel NULL pointer dereference in filename_create
run #4: crashed: BUG: unable to handle kernel NULL pointer dereference in filename_create
run #5: crashed: BUG: unable to handle kernel NULL pointer dereference in filename_create
run #6: crashed: BUG: unable to handle kernel NULL pointer dereference in filename_create
run #7: crashed: BUG: unable to handle kernel NULL pointer dereference in filename_create
run #8: crashed: BUG: unable to handle kernel NULL pointer dereference in filename_create
run #9: crashed: BUG: unable to handle kernel NULL pointer dereference in filename_create
run #10: crashed: BUG: unable to handle kernel NULL pointer dereference in filename_create
run #11: crashed: BUG: unable to handle kernel NULL pointer dereference in filename_create
run #12: crashed: BUG: unable to handle kernel NULL pointer dereference in filename_create
run #13: crashed: BUG: unable to handle kernel NULL pointer dereference in filename_create
run #14: OK
run #15: OK
run #16: OK
representative crash: BUG: unable to handle kernel NULL pointer dereference in filename_create, types: [UNKNOWN]
the chunk can be dropped
testing without sub-chunk 3/5
disabling configs for [LEAK UBSAN BUG KASAN LOCKDEP ATOMIC_SLEEP HANG], they are not needed
testing commit 5e1d25ac2ab670561949d82de7b5027e5a9676d5 gcc
compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40
kernel signature: 6db37d26c3c3ed00560601eb7b03b5f75860de3c3a13ea685b36951017e83597
run #0: crashed: BUG: unable to handle kernel NULL pointer dereference in filename_create
run #1: crashed: BUG: unable to handle kernel NULL pointer dereference in filename_create
run #2: crashed: BUG: unable to handle kernel NULL pointer dereference in filename_create
run #3: crashed: BUG: unable to handle kernel NULL pointer dereference in filename_create
run #4: crashed: BUG: unable to handle kernel NULL pointer dereference in filename_create
run #5: crashed: BUG: unable to handle kernel NULL pointer dereference in filename_create
run #6: crashed: BUG: unable to handle kernel NULL pointer dereference in filename_create
run #7: crashed: BUG: unable to handle kernel NULL pointer dereference in filename_create
run #8: crashed: BUG: unable to handle kernel NULL pointer dereference in filename_create
run #9: crashed: BUG: unable to handle kernel NULL pointer dereference in filename_create
run #10: OK
run #11: OK
run #12: OK
run #13: OK
run #14: OK
representative crash: BUG: unable to handle kernel NULL pointer dereference in filename_create, types: [UNKNOWN]
the chunk can be dropped
testing without sub-chunk 4/5
disabling configs for [LOCKDEP ATOMIC_SLEEP HANG LEAK UBSAN BUG KASAN], they are not needed
testing commit 5e1d25ac2ab670561949d82de7b5027e5a9676d5 gcc
compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40
kernel signature: 0d031801b111c2b53f3ba7bda0f3f0925160415bd022afa08093b18f8e286558
run #0: crashed: BUG: unable to handle kernel NULL pointer dereference in filename_create
run #1: crashed: BUG: unable to handle kernel NULL pointer dereference in filename_create
run #2: crashed: BUG: unable to handle kernel NULL pointer dereference in filename_create
run #3: crashed: BUG: unable to handle kernel NULL pointer dereference in filename_create
run #4: crashed: BUG: unable to handle kernel NULL pointer dereference in filename_create
run #5: crashed: BUG: unable to handle kernel NULL pointer dereference in filename_create
run #6: crashed: BUG: unable to handle kernel NULL pointer dereference in filename_create
run #7: crashed: BUG: unable to handle kernel NULL pointer dereference in filename_create
run #8: crashed: BUG: unable to handle kernel NULL pointer dereference in filename_create
run #9: crashed: BUG: unable to handle kernel NULL pointer dereference in filename_create
run #10: crashed: BUG: unable to handle kernel NULL pointer dereference in filename_create
run #11: crashed: BUG: unable to handle kernel NULL pointer dereference in filename_create
run #12: crashed: BUG: unable to handle kernel NULL pointer dereference in filename_create
run #13: crashed: BUG: unable to handle kernel NULL pointer dereference in filename_create
run #14: crashed: BUG: unable to handle kernel NULL pointer dereference in filename_create
run #15: crashed: BUG: unable to handle kernel NULL pointer dereference in filename_create
run #16: OK
run #17: OK
representative crash: BUG: unable to handle kernel NULL pointer dereference in filename_create, types: [UNKNOWN]
the chunk can be dropped
testing without sub-chunk 5/5
disabling configs for [HANG LEAK UBSAN BUG KASAN LOCKDEP ATOMIC_SLEEP], they are not needed
testing commit 5e1d25ac2ab670561949d82de7b5027e5a9676d5 gcc
compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40
failed building 5e1d25ac2ab670561949d82de7b5027e5a9676d5: net/socket.c:1225: undefined reference to `wext_handle_ioctl'
net/socket.c:3420: undefined reference to `compat_wext_handle_ioctl'
net/core/net-procfs.c:329: undefined reference to `wext_proc_init'
net/core/net-procfs.c:345: undefined reference to `wext_proc_exit'
minimized to 50 configs; suspects: [HID_ZEROPLUS USB_NET_CDC_MBIM USB_NET_CDC_SUBSET USB_NET_CDC_SUBSET_ENABLE USB_NET_DM9601 USB_NET_GL620A USB_NET_MCS7830 USB_NET_NET1080 USB_NET_PLUSB USB_NET_RNDIS_HOST USB_NET_SMSC75XX USB_NET_SMSC95XX USB_NET_SR9700 USB_NET_SR9800 USB_NET_ZAURUS USB_OHCI_HCD USB_OHCI_HCD_PCI USB_OHCI_HCD_PLATFORM USB_OTG USB_OTG_FSM USB_PRINTER USB_SERIAL_GENERIC USB_SERIAL_PL2303 USB_STORAGE_ALAUDA USB_STORAGE_CYPRESS_ATACB USB_STORAGE_DATAFAB USB_STORAGE_FREECOM USB_STORAGE_ISD200 USB_STORAGE_JUMPSHOT USB_STORAGE_KARMA USB_STORAGE_ONETOUCH USB_STORAGE_SDDR09 USB_STORAGE_SDDR55 USB_STORAGE_USBAT USB_TRANCEVIBRATOR USB_U_AUDIO USB_U_ETHER USB_U_SERIAL USB_WDM WLAN WLAN_VENDOR_ATH WLAN_VENDOR_ATMEL WLAN_VENDOR_BROADCOM WLAN_VENDOR_INTERSIL WLAN_VENDOR_MARVELL WLAN_VENDOR_MEDIATEK WLAN_VENDOR_MICROCHIP WLAN_VENDOR_PURELIFI WLAN_VENDOR_RALINK WLAN_VENDOR_REALTEK WLAN_VENDOR_RSI WLAN_VENDOR_SILABS WLAN_VENDOR_ZYDAS X86_X32_ABI ZEROPLUS_FF]
disabling configs for [HANG LEAK UBSAN BUG KASAN LOCKDEP ATOMIC_SLEEP], they are not needed
testing release v6.1.25
testing commit f17b0ab65d17988d5e6d6fe22f708ef3721080bf gcc
compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40
kernel signature: 30fb8b8fbf41461290ffd023d96a28e29fe56a4bf39b75c7a5ed607f8b6c53e0
all runs: OK
false negative chance: 0.000
# git bisect start 5e1d25ac2ab670561949d82de7b5027e5a9676d5 f17b0ab65d17988d5e6d6fe22f708ef3721080bf
Bisecting: 3080 revisions left to test after this (roughly 12 steps)
[d3ba98f27f44afad3095b295d7abbdce4009f35a] Revert "slab: add __alloc_size attributes for better bounds checking"

testing commit d3ba98f27f44afad3095b295d7abbdce4009f35a gcc
compiler: gcc (GCC) 10.2.1 20210217
failed building d3ba98f27f44afad3095b295d7abbdce4009f35a: scripts/sign-file.c:89:9: warning: 'ERR_get_error_line' is deprecated: Since OpenSSL 3.0 [-Wdeprecated-declarations]
scripts/sign-file.c:103:9: warning: 'ERR_get_error_line' is deprecated: Since OpenSSL 3.0 [-Wdeprecated-declarations]
scripts/extract-cert.c:46:9: warning: 'ERR_get_error_line' is deprecated: Since OpenSSL 3.0 [-Wdeprecated-declarations]
scripts/extract-cert.c:60:9: warning: 'ERR_get_error_line' is deprecated: Since OpenSSL 3.0 [-Wdeprecated-declarations]
check.c:2836:58: error: '%d' directive output may be truncated writing between 1 and 10 bytes into a region of size 9 [-Werror=format-truncation=]
# git bisect skip d3ba98f27f44afad3095b295d7abbdce4009f35a
Bisecting: 3077 revisions left to test after this (roughly 12 steps)
[205b00fd30883847cde53a952d88cf54cc4d41e0] Merge d20f7a09e5ee ("Merge tag 'gpio-updates-for-v5.16' of git://git.kernel.org/pub/scm/linux/kernel/git/brgl/linux") into android-mainline

testing commit 205b00fd30883847cde53a952d88cf54cc4d41e0 gcc
compiler: gcc (GCC) 10.2.1 20210217
failed building 205b00fd30883847cde53a952d88cf54cc4d41e0: scripts/extract-cert.c:46:9: warning: 'ERR_get_error_line' is deprecated: Since OpenSSL 3.0 [-Wdeprecated-declarations]
scripts/extract-cert.c:60:9: warning: 'ERR_get_error_line' is deprecated: Since OpenSSL 3.0 [-Wdeprecated-declarations]
scripts/sign-file.c:89:9: warning: 'ERR_get_error_line' is deprecated: Since OpenSSL 3.0 [-Wdeprecated-declarations]
scripts/sign-file.c:103:9: warning: 'ERR_get_error_line' is deprecated: Since OpenSSL 3.0 [-Wdeprecated-declarations]
check.c:2836:58: error: '%d' directive output may be truncated writing between 1 and 10 bytes into a region of size 9 [-Werror=format-truncation=]
# git bisect skip 205b00fd30883847cde53a952d88cf54cc4d41e0
Bisecting: 3077 revisions left to test after this (roughly 12 steps)
[ec8c8f6e331c2d3f9502c03f4a523a13e35b94de] ANDROID: vendor_hooks: add hook account_process_tick_gran

testing commit ec8c8f6e331c2d3f9502c03f4a523a13e35b94de gcc
compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40
kernel signature: d6875a2ea599e41e66d27053c977afbf7992e9e48a8f440b578971be945350c0
run #0: crashed: BUG: unable to handle kernel NULL pointer dereference in filename_create
run #1: crashed: BUG: unable to handle kernel NULL pointer dereference in filename_create
run #2: crashed: BUG: unable to handle kernel NULL pointer dereference in filename_create
run #3: crashed: BUG: unable to handle kernel NULL pointer dereference in filename_create
run #4: crashed: BUG: unable to handle kernel NULL pointer dereference in filename_create
run #5: crashed: BUG: unable to handle kernel NULL pointer dereference in filename_create
run #6: crashed: BUG: unable to handle kernel NULL pointer dereference in filename_create
run #7: crashed: BUG: unable to handle kernel NULL pointer dereference in filename_create
run #8: OK
run #9: crashed: BUG: unable to handle kernel NULL pointer dereference in filename_create
run #10: crashed: BUG: unable to handle kernel NULL pointer dereference in filename_create
run #11: OK
run #12: OK
run #13: OK
run #14: OK
representative crash: BUG: unable to handle kernel NULL pointer dereference in filename_create, types: [UNKNOWN]
# git bisect bad ec8c8f6e331c2d3f9502c03f4a523a13e35b94de
Bisecting: 2789 revisions left to test after this (roughly 12 steps)
[ab9ab647e5f65f9c099ee5be3aff7d15a8a5cef1] Merge 626bf91a292e ("Merge tag 'net-5.15-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net") into android-mainline

testing commit ab9ab647e5f65f9c099ee5be3aff7d15a8a5cef1 gcc
compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.40
kernel signature: fab5238abdd391393924cc1959c889c2eac5f8ee9aca14b68027ed70b61bcff4
all runs: OK
false negative chance: 0.000
# git bisect good ab9ab647e5f65f9c099ee5be3aff7d15a8a5cef1
Bisecting: 1394 revisions left to test after this (roughly 11 steps)
[15a4df5ad44253054a599efb599866f069abc6a4] ANDROID: KVM: arm64: Strictly check page type in MEM_RELINQUISH hypercall

testing commit 15a4df5ad44253054a599efb599866f069abc6a4 gcc
compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40
kernel signature: 40f45ea249e11e66c9cfb0f3948dda12a447314530abed48d5f21f0815fb2faa
all runs: OK
false negative chance: 0.000
# git bisect good 15a4df5ad44253054a599efb599866f069abc6a4
Bisecting: 654 revisions left to test after this (roughly 10 steps)
[a0bdc392de06a51adf8ae0aeb4a358c1ed7c1b87] Merge remote-tracking branch 'aosp/upstream-f2fs-stable-linux-6.1.y' into android14-6.1

testing commit a0bdc392de06a51adf8ae0aeb4a358c1ed7c1b87 gcc
compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40
kernel signature: dba391d31c6b7cab55ace62cedda23cb5b952ece0589de3002bb81dc74b519b9
run #0: crashed: BUG: unable to handle kernel NULL pointer dereference in filename_create
run #1: crashed: BUG: unable to handle kernel NULL pointer dereference in filename_create
run #2: crashed: BUG: unable to handle kernel NULL pointer dereference in filename_create
run #3: crashed: BUG: unable to handle kernel NULL pointer dereference in filename_create
run #4: crashed: BUG: unable to handle kernel NULL pointer dereference in filename_create
run #5: crashed: BUG: unable to handle kernel NULL pointer dereference in filename_create
run #6: crashed: BUG: unable to handle kernel NULL pointer dereference in filename_create
run #7: crashed: BUG: unable to handle kernel NULL pointer dereference in filename_create
run #8: crashed: BUG: unable to handle kernel NULL pointer dereference in filename_create
run #9: crashed: BUG: unable to handle kernel NULL pointer dereference in filename_create
run #10: crashed: BUG: unable to handle kernel NULL pointer dereference in filename_create
run #11: crashed: BUG: unable to handle kernel NULL pointer dereference in filename_create
run #12: crashed: BUG: unable to handle kernel NULL pointer dereference in filename_create
run #13: crashed: BUG: unable to handle kernel NULL pointer dereference in filename_create
run #14: OK
run #15: OK
run #16: OK
representative crash: BUG: unable to handle kernel NULL pointer dereference in filename_create, types: [UNKNOWN]
# git bisect bad a0bdc392de06a51adf8ae0aeb4a358c1ed7c1b87
Bisecting: 369 revisions left to test after this (roughly 9 steps)
[9b99000d9b6f859d30a1616dc5c15ebdc0c29de8] ANDROID: timekeeping: Export the boot clock in snapshots

testing commit 9b99000d9b6f859d30a1616dc5c15ebdc0c29de8 gcc
compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40
kernel signature: 8d79b3c5f97a2ec1c46162f28aa394e90041edefd93385ad1272edaf7c04c598
run #0: crashed: BUG: unable to handle kernel NULL pointer dereference in filename_create
run #1: crashed: BUG: unable to handle kernel NULL pointer dereference in filename_create
run #2: crashed: BUG: unable to handle kernel NULL pointer dereference in filename_create
run #3: crashed: BUG: unable to handle kernel NULL pointer dereference in filename_create
run #4: crashed: BUG: unable to handle kernel NULL pointer dereference in filename_create
run #5: crashed: BUG: unable to handle kernel NULL pointer dereference in filename_create
run #6: crashed: BUG: unable to handle kernel NULL pointer dereference in filename_create
run #7: crashed: BUG: unable to handle kernel NULL pointer dereference in filename_create
run #8: crashed: BUG: unable to handle kernel NULL pointer dereference in filename_create
run #9: crashed: BUG: unable to handle kernel NULL pointer dereference in filename_create
run #10: crashed: BUG: unable to handle kernel NULL pointer dereference in filename_create
run #11: crashed: BUG: unable to handle kernel NULL pointer dereference in filename_create
run #12: OK
run #13: crashed: BUG: unable to handle kernel NULL pointer dereference in filename_create
run #14: crashed: BUG: unable to handle kernel NULL pointer dereference in filename_create
run #15: OK
run #16: OK
representative crash: BUG: unable to handle kernel NULL pointer dereference in filename_create, types: [UNKNOWN]
# git bisect bad 9b99000d9b6f859d30a1616dc5c15ebdc0c29de8
Bisecting: 154 revisions left to test after this (roughly 8 steps)
[9deaf617bd5b68ceb0df201f45d401588090c8ca] Merge remote-tracking branch 'aosp/upstream-f2fs-stable-linux-6.1.y' into android14-6.1

testing commit 9deaf617bd5b68ceb0df201f45d401588090c8ca gcc
compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40
kernel signature: cfc5c43e775deb9648fb77e74702045881d28f713c80d9a268cbfc0d3f78ee85
all runs: OK
false negative chance: 0.000
# git bisect good 9deaf617bd5b68ceb0df201f45d401588090c8ca
Bisecting: 76 revisions left to test after this (roughly 6 steps)
[0ead19c440f79f82a7773c4d1001e03669f3c53a] Revert "ANDROID: KVM: arm64: Make gen-hyprel emit delimiters"

testing commit 0ead19c440f79f82a7773c4d1001e03669f3c53a gcc
compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40
kernel signature: cd5d1dee6f6cb866c3806caaf3e4b51b07c5806e21c6cf1686fa4ebe9bd3fc0b
all runs: OK
false negative chance: 0.000
# git bisect good 0ead19c440f79f82a7773c4d1001e03669f3c53a
Bisecting: 37 revisions left to test after this (roughly 5 steps)
[1868b049aece4614902b99e5bde04d0934019263] ANDROID: ABI: Update QCOM symbol list

testing commit 1868b049aece4614902b99e5bde04d0934019263 gcc
compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40
kernel signature: dff23bd3e21cefed2508573c6999211c10b3345d28938f39d592b692bbf31cf7
all runs: crashed: BUG: unable to handle kernel NULL pointer dereference in filename_create
representative crash: BUG: unable to handle kernel NULL pointer dereference in filename_create, types: [UNKNOWN]
# git bisect bad 1868b049aece4614902b99e5bde04d0934019263
Bisecting: 19 revisions left to test after this (roughly 4 steps)
[5d606fda6daf05fbf9747f8dac9cda302aa14180] ANDROID: arm64: kvm: iommu: Export IOMMU register and init functions.

testing commit 5d606fda6daf05fbf9747f8dac9cda302aa14180 gcc
compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40
kernel signature: a167dee584bbe50330968276add70329b051ed37ea106e67ad14bac1aab87abd
run #0: crashed: BUG: unable to handle kernel NULL pointer dereference in filename_create
run #1: crashed: BUG: unable to handle kernel NULL pointer dereference in filename_create
run #2: crashed: BUG: unable to handle kernel NULL pointer dereference in filename_create
run #3: crashed: BUG: unable to handle kernel NULL pointer dereference in filename_create
run #4: crashed: BUG: unable to handle kernel NULL pointer dereference in filename_create
run #5: crashed: BUG: unable to handle kernel NULL pointer dereference in filename_create
run #6: crashed: BUG: unable to handle kernel NULL pointer dereference in filename_create
run #7: crashed: BUG: unable to handle kernel NULL pointer dereference in filename_create
run #8: crashed: BUG: unable to handle kernel NULL pointer dereference in filename_create
run #9: crashed: BUG: unable to handle kernel NULL pointer dereference in filename_create
run #10: crashed: BUG: unable to handle kernel NULL pointer dereference in filename_create
run #11: crashed: BUG: unable to handle kernel NULL pointer dereference in filename_create
run #12: crashed: BUG: unable to handle kernel NULL pointer dereference in filename_create
run #13: crashed: BUG: unable to handle kernel NULL pointer dereference in filename_create
run #14: crashed: BUG: unable to handle kernel NULL pointer dereference in filename_create
run #15: crashed: BUG: unable to handle kernel NULL pointer dereference in filename_create
run #16: crashed: BUG: unable to handle kernel NULL pointer dereference in filename_create
run #17: crashed: BUG: unable to handle kernel NULL pointer dereference in filename_create
run #18: OK
representative crash: BUG: unable to handle kernel NULL pointer dereference in filename_create, types: [UNKNOWN]
# git bisect bad 5d606fda6daf05fbf9747f8dac9cda302aa14180
Bisecting: 9 revisions left to test after this (roughly 3 steps)
[1a11a5283818fddcd82993c39fb1d16a55dfa2a7] ANDROID: fuse-bpf: Fix crash from assuming iter is kvec

testing commit 1a11a5283818fddcd82993c39fb1d16a55dfa2a7 gcc
compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40
kernel signature: 7eb0f4a47742732b1d029ce269c46989221224d123a9af605706e2cb1bcee51f
run #0: crashed: BUG: unable to handle kernel NULL pointer dereference in filename_create
run #1: crashed: BUG: unable to handle kernel NULL pointer dereference in filename_create
run #2: crashed: BUG: unable to handle kernel NULL pointer dereference in filename_create
run #3: crashed: BUG: unable to handle kernel NULL pointer dereference in filename_create
run #4: crashed: BUG: unable to handle kernel NULL pointer dereference in filename_create
run #5: crashed: BUG: unable to handle kernel NULL pointer dereference in filename_create
run #6: crashed: BUG: unable to handle kernel NULL pointer dereference in filename_create
run #7: crashed: BUG: unable to handle kernel NULL pointer dereference in filename_create
run #8: crashed: BUG: unable to handle kernel NULL pointer dereference in filename_create
run #9: crashed: BUG: unable to handle kernel NULL pointer dereference in filename_create
run #10: OK
run #11: OK
run #12: crashed: BUG: unable to handle kernel NULL pointer dereference in filename_create
run #13: crashed: BUG: unable to handle kernel NULL pointer dereference in filename_create
run #14: OK
run #15: OK
representative crash: BUG: unable to handle kernel NULL pointer dereference in filename_create, types: [UNKNOWN]
# git bisect bad 1a11a5283818fddcd82993c39fb1d16a55dfa2a7
Bisecting: 4 revisions left to test after this (roughly 2 steps)
[53b3a7721b7aec74d8fa2ee55c2480044cc7c1b8] Merge 6.1.1 into android14-6.1

testing commit 53b3a7721b7aec74d8fa2ee55c2480044cc7c1b8 gcc
compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40
kernel signature: f7e95faa195d5e585998046f3abbf2fa17ffbbb73cc8ee8e08462f985064330e
all runs: OK
false negative chance: 0.000
# git bisect good 53b3a7721b7aec74d8fa2ee55c2480044cc7c1b8
Bisecting: 2 revisions left to test after this (roughly 1 step)
[57f3ff9648991998d008ecf32f2f9e78a08bfb8b] ANDROID: fuse-bpf v1.1

testing commit 57f3ff9648991998d008ecf32f2f9e78a08bfb8b gcc
compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40
kernel signature: eac70bfd581e31add454222c6c424fabfc3dccdb78d0eeda709a060f450642f1
run #0: crashed: BUG: unable to handle kernel NULL pointer dereference in filename_create
run #1: crashed: BUG: unable to handle kernel NULL pointer dereference in filename_create
run #2: crashed: BUG: unable to handle kernel NULL pointer dereference in filename_create
run #3: crashed: BUG: unable to handle kernel NULL pointer dereference in filename_create
run #4: crashed: BUG: unable to handle kernel NULL pointer dereference in filename_create
run #5: crashed: BUG: unable to handle kernel NULL pointer dereference in filename_create
run #6: crashed: BUG: unable to handle kernel NULL pointer dereference in filename_create
run #7: crashed: BUG: unable to handle kernel NULL pointer dereference in filename_create
run #8: crashed: BUG: unable to handle kernel NULL pointer dereference in filename_create
run #9: crashed: BUG: unable to handle kernel NULL pointer dereference in filename_create
run #10: crashed: BUG: unable to handle kernel NULL pointer dereference in filename_create
run #11: crashed: BUG: unable to handle kernel NULL pointer dereference in filename_create
run #12: OK
run #13: OK
run #14: OK
run #15: OK
representative crash: BUG: unable to handle kernel NULL pointer dereference in filename_create, types: [UNKNOWN]
# git bisect bad 57f3ff9648991998d008ecf32f2f9e78a08bfb8b
Bisecting: 0 revisions left to test after this (roughly 0 steps)
[fb5ea70e2e33932b5b35fedd7a30cf5d9170126c] ANDROID: KVM: arm64: Add helper for pKVM modules addr conversion

testing commit fb5ea70e2e33932b5b35fedd7a30cf5d9170126c gcc
compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40
kernel signature: f6623d5280ba57e3052523bb42f5f22adf60dbc01e7c6c7a3d5a9b750285d592
all runs: OK
false negative chance: 0.000
# git bisect good fb5ea70e2e33932b5b35fedd7a30cf5d9170126c
57f3ff9648991998d008ecf32f2f9e78a08bfb8b is the first bad commit
commit 57f3ff9648991998d008ecf32f2f9e78a08bfb8b
Author: Daniel Rosenberg <drosen@google.com>
Date:   Thu Dec 2 13:50:02 2021 -0800

    ANDROID: fuse-bpf v1.1
    
    This is a squash of these changes cherry-picked from common-android13-5.10
    
    ANDROID: fuse-bpf: Make compile and pass test
    ANDROID: fuse-bpf: set error_in to ENOENT in negative lookup
    ANDROID: fuse-bpf: Add ability to run ranges of tests to fuse_test
    ANDROID: fuse-bpf: Add test for lookup postfilter
    ANDROID: fuse-bpf: readddir postfilter fixes
    ANDROID: fix kernelci error in fs/fuse/dir.c
    ANDROID: fuse-bpf: Fix RCU/reference issue
    ANDROID: fuse-bpf: Always call revalidate for backing
    ANDROID: fuse-bpf: Adjust backing handle funcs
    ANDROID: fuse-bpf: Fix revalidate error path and backing handling
    ANDROID: fuse-bpf: Fix use of get_fuse_inode
    ANDROID: fuse: Don't use readdirplus w/ nodeid 0
    ANDROID: fuse-bpf: Introduce readdirplus test case for fuse bpf
    ANDROID: fuse-bpf: Make sure force_again flag is false by default
    ANDROID: fuse-bpf: Make inodes with backing_fd reachable for regular FUSE fuse_iget
    Revert "ANDROID: fuse-bpf: use target instead of parent inode to execute backing revalidate"
    ANDROID: fuse-bpf: use target instead of parent inode to execute backing revalidate
    ANDROID: fuse-bpf: Fix misuse of args.out_args
    ANDROID: fuse-bpf: Fix non-fusebpf build
    ANDROID: fuse-bpf: Use fuse_bpf_args in uapi
    ANDROID: fuse-bpf: Fix read_iter
    ANDROID: fuse-bpf: Use cache and refcount
    ANDROID: fuse-bpf: Rename iocb_fuse to iocb_orig
    ANDROID: fuse-bpf: Fix fixattr in rename
    ANDROID: fuse-bpf: Fix readdir
    ANDROID: fuse-bpf: Fix lseek return value for offset 0
    ANDROID: fuse-bpf: fix read_iter and write_iter
    ANDROID: fuse-bpf: fix special devices
    ANDROID: fuse-bpf: support FUSE_LSEEK
    ANDROID: fuse-bpf: Add support for FUSE_COPY_FILE_RANGE
    ANDROID: fuse-bpf: Report errors to finalize
    ANDROID: fuse-bpf: Avoid reusing uint64_t for file
    ANDROID: fuse-bpf: Fix CONFIG_FUSE_BPF typo in FUSE_FSYNCDIR
    ANDROID: fuse-bpf: Move fd operations to be synchronous
    ANDROID: fuse-bpf: Invalidate if lower is unhashed
    ANDROID: fuse-bpf: Move bpf earlier in fuse_permission
    ANDROID: fuse-bpf: Update attributes on file write
    ANDROID: fuse: allow mounting with no userspace daemon
    ANDROID: fuse-bpf: Support FUSE_STATFS
    ANDROID: fuse-bpf: Fix filldir
    ANDROID: fuse-bpf: fix fuse_create_open_finalize
    ANDROID: fuse: add bpf support for removexattr
    ANDROID: fuse-bpf: Fix truncate
    ANDROID: fuse-bpf: Support inotify
    ANDROID: fuse-bpf: Make compile with CONFIG_FUSE but no CONFIG_FUSE_BPF
    ANDROID: fuse-bpf: Fix perms on readdir
    ANDROID: fuse: Fix umasking in backing
    ANDROID: fs/fuse: Backing move returns EXDEV if TO not backed
    ANDROID: bpf-fuse: Fix Setattr
    ANDROID: fuse-bpf: Check if mkdir dentry setup
    ANDROID: fuse-bpf: Close backing fds in fuse_dentry_revalidate
    ANDROID: fuse-bpf: Close backing-fd on both paths
    ANDROID: fuse-bpf: Partial fix for mmap'd files
    ANDROID: fuse-bpf: Restore a missing const
    ANDROID: Add fuse-bpf self tests
    ANDROID: Add FUSE_BPF to gki_defconfig
    ANDROID: fuse-bpf v1
    ANDROID: fuse: Move functions in preparation for fuse-bpf
    
    Bug: 202785178
    Bug: 265206112
    Test: test_fuse passes on linux.
          On cuttlefish,
          atest android.scopedstorage.cts.host.ScopedStorageHostTest
          passes with fuse-bpf enabled and disabled
    Change-Id: Idb099c281f9b39ff2c46fa3ebc63e508758416ee
    Signed-off-by: Paul Lawrence <paullawrence@google.com>
    Signed-off-by: Daniel Rosenberg <drosen@google.com>

 arch/arm64/configs/gki_defconfig                   |    1 +
 arch/x86/configs/gki_defconfig                     |    1 +
 fs/fuse/Kconfig                                    |    8 +
 fs/fuse/Makefile                                   |    1 +
 fs/fuse/backing.c                                  | 2468 ++++++++++++++++++++
 fs/fuse/control.c                                  |    2 +-
 fs/fuse/dev.c                                      |   19 +
 fs/fuse/dir.c                                      |  532 +++--
 fs/fuse/file.c                                     |  130 ++
 fs/fuse/fuse_i.h                                   |  720 +++++-
 fs/fuse/inode.c                                    |  322 ++-
 fs/fuse/passthrough.c                              |    2 +-
 fs/fuse/readdir.c                                  |   22 +
 fs/fuse/xattr.c                                    |   40 +
 include/linux/bpf_types.h                          |    3 +
 include/uapi/linux/android_fuse.h                  |   95 +
 include/uapi/linux/bpf.h                           |   10 +
 kernel/bpf/Makefile                                |    3 +
 kernel/bpf/bpf_fuse.c                              |  128 +
 kernel/bpf/btf.c                                   |    1 +
 .../testing/selftests/filesystems/fuse/.gitignore  |    2 +
 tools/testing/selftests/filesystems/fuse/Makefile  |   34 +
 tools/testing/selftests/filesystems/fuse/OWNERS    |    2 +
 .../selftests/filesystems/fuse/bpf_loader.c        |  791 +++++++
 tools/testing/selftests/filesystems/fuse/fd.txt    |   21 +
 tools/testing/selftests/filesystems/fuse/fd_bpf.c  |  252 ++
 .../selftests/filesystems/fuse/fuse_daemon.c       |  294 +++
 .../testing/selftests/filesystems/fuse/fuse_test.c | 2142 +++++++++++++++++
 .../testing/selftests/filesystems/fuse/test_bpf.c  |  507 ++++
 .../selftests/filesystems/fuse/test_framework.h    |  179 ++
 .../testing/selftests/filesystems/fuse/test_fuse.h |  337 +++
 .../selftests/filesystems/fuse/test_fuse_bpf.h     |   65 +
 32 files changed, 8929 insertions(+), 205 deletions(-)
 create mode 100644 fs/fuse/backing.c
 create mode 100644 include/uapi/linux/android_fuse.h
 create mode 100644 kernel/bpf/bpf_fuse.c
 create mode 100644 tools/testing/selftests/filesystems/fuse/.gitignore
 create mode 100644 tools/testing/selftests/filesystems/fuse/Makefile
 create mode 100644 tools/testing/selftests/filesystems/fuse/OWNERS
 create mode 100644 tools/testing/selftests/filesystems/fuse/bpf_loader.c
 create mode 100644 tools/testing/selftests/filesystems/fuse/fd.txt
 create mode 100644 tools/testing/selftests/filesystems/fuse/fd_bpf.c
 create mode 100644 tools/testing/selftests/filesystems/fuse/fuse_daemon.c
 create mode 100644 tools/testing/selftests/filesystems/fuse/fuse_test.c
 create mode 100644 tools/testing/selftests/filesystems/fuse/test_bpf.c
 create mode 100644 tools/testing/selftests/filesystems/fuse/test_framework.h
 create mode 100644 tools/testing/selftests/filesystems/fuse/test_fuse.h
 create mode 100644 tools/testing/selftests/filesystems/fuse/test_fuse_bpf.h

accumulated error probability: 0.00
culprit signature: eac70bfd581e31add454222c6c424fabfc3dccdb78d0eeda709a060f450642f1
parent  signature: f6623d5280ba57e3052523bb42f5f22adf60dbc01e7c6c7a3d5a9b750285d592
revisions tested: 20, total time: 9h36m3.326186126s (build: 4h24m9.585959293s, test: 4h7m52.770763899s)
first bad commit: 57f3ff9648991998d008ecf32f2f9e78a08bfb8b ANDROID: fuse-bpf v1.1
recipients (to): ["drosen@google.com" "paullawrence@google.com"]
recipients (cc): []
crash: BUG: unable to handle kernel NULL pointer dereference in filename_create
BUG: kernel NULL pointer dereference, address: 000000000000000a
#PF: supervisor read access in kernel mode
#PF: error_code(0x0000) - not-present page
PGD 114d7c067 P4D 114d7c067 PUD 114d7a067 PMD 0 
Oops: 0000 [#1] PREEMPT SMP
CPU: 0 PID: 1296 Comm: syz-executor.0 Not tainted 6.1.1-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2023
RIP: 0010:d_is_miss include/linux/dcache.h:391 [inline]
RIP: 0010:d_is_negative include/linux/dcache.h:437 [inline]
RIP: 0010:d_is_positive include/linux/dcache.h:447 [inline]
RIP: 0010:filename_create+0xeb/0x1a0 fs/namei.c:3813
Code: 7d c0 44 89 f2 e8 05 11 00 00 49 89 c6 48 3d 00 f0 ff ff 76 05 8b 5d b4 eb 41 80 7d bb 00 0f 95 c0 41 f6 c5 02 0f 94 c1 20 c1 <41> 0f b6 56 02 f6 c2 70 0f 95 c0 08 c8 49 c7 c7 ef ff ff ff f6 c2
RSP: 0018:ffffc900021b3e58 EFLAGS: 00010246
RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000000
RDX: 0000000500000000 RSI: 0000000000000000 RDI: ffff8881113711c0
RBP: ffffc900021b3ea8 R08: 00000000ffffff9c R09: ffffffff8153156f
R10: ffff88810b38c1c0 R11: ffff888100041400 R12: ffffc900021b3ec0
R13: 0000000000000002 R14: 0000000000000008 R15: 00000000000000a0
FS:  00007f74a4e0b6c0(0000) GS:ffff888237c00000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 000000000000000a CR3: 0000000114d43000 CR4: 00000000003506b0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
 <TASK>
 do_mkdirat+0xb7/0x150 fs/namei.c:4051
 __do_sys_mkdirat fs/namei.c:4076 [inline]
 __se_sys_mkdirat fs/namei.c:4074 [inline]
 __x64_sys_mkdirat+0x2c/0x40 fs/namei.c:4074
 do_syscall_x64 arch/x86/entry/common.c:50 [inline]
 do_syscall_64+0x3d/0xb0 arch/x86/entry/common.c:80
 entry_SYSCALL_64_after_hwframe+0x63/0xcd
RIP: 0033:0x7f74a407b5e7
Code: 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 b8 02 01 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007f74a4e0aee8 EFLAGS: 00000246 ORIG_RAX: 0000000000000102
RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f74a407b5e7
RDX: 00000000000001ff RSI: 00000000200001c0 RDI: 00000000ffffff9c
RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 00000000200001c0
R13: 00007f74a4e0af40 R14: 0000000000000000 R15: 0000000000000000
 </TASK>
Modules linked in:
CR2: 000000000000000a
---[ end trace 0000000000000000 ]---
RIP: 0010:d_is_miss include/linux/dcache.h:391 [inline]
RIP: 0010:d_is_negative include/linux/dcache.h:437 [inline]
RIP: 0010:d_is_positive include/linux/dcache.h:447 [inline]
RIP: 0010:filename_create+0xeb/0x1a0 fs/namei.c:3813
Code: 7d c0 44 89 f2 e8 05 11 00 00 49 89 c6 48 3d 00 f0 ff ff 76 05 8b 5d b4 eb 41 80 7d bb 00 0f 95 c0 41 f6 c5 02 0f 94 c1 20 c1 <41> 0f b6 56 02 f6 c2 70 0f 95 c0 08 c8 49 c7 c7 ef ff ff ff f6 c2
RSP: 0018:ffffc900021b3e58 EFLAGS: 00010246
RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000000
RDX: 0000000500000000 RSI: 0000000000000000 RDI: ffff8881113711c0
RBP: ffffc900021b3ea8 R08: 00000000ffffff9c R09: ffffffff8153156f
R10: ffff88810b38c1c0 R11: ffff888100041400 R12: ffffc900021b3ec0
R13: 0000000000000002 R14: 0000000000000008 R15: 00000000000000a0
FS:  00007f74a4e0b6c0(0000) GS:ffff888237c00000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 000000000000000a CR3: 0000000114d43000 CR4: 00000000003506b0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
----------------
Code disassembly (best guess):
   0:	7d c0                	jge    0xffffffc2
   2:	44 89 f2             	mov    %r14d,%edx
   5:	e8 05 11 00 00       	call   0x110f
   a:	49 89 c6             	mov    %rax,%r14
   d:	48 3d 00 f0 ff ff    	cmp    $0xfffffffffffff000,%rax
  13:	76 05                	jbe    0x1a
  15:	8b 5d b4             	mov    -0x4c(%rbp),%ebx
  18:	eb 41                	jmp    0x5b
  1a:	80 7d bb 00          	cmpb   $0x0,-0x45(%rbp)
  1e:	0f 95 c0             	setne  %al
  21:	41 f6 c5 02          	test   $0x2,%r13b
  25:	0f 94 c1             	sete   %cl
  28:	20 c1                	and    %al,%cl
* 2a:	41 0f b6 56 02       	movzbl 0x2(%r14),%edx <-- trapping instruction
  2f:	f6 c2 70             	test   $0x70,%dl
  32:	0f 95 c0             	setne  %al
  35:	08 c8                	or     %cl,%al
  37:	49 c7 c7 ef ff ff ff 	mov    $0xffffffffffffffef,%r15
  3e:	f6                   	.byte 0xf6
  3f:	c2                   	.byte 0xc2