ci2 starts bisection 2023-07-02 13:00:34.039404167 +0000 UTC m=+93985.005541650 bisecting cause commit starting from 28cc6246b5e756c8b9098ac213a761eac37692c4 building syzkaller on bfc478367b83b3fda580f54964aa9f3651beeb3d ensuring issue is reproducible on original commit 28cc6246b5e756c8b9098ac213a761eac37692c4 testing commit 28cc6246b5e756c8b9098ac213a761eac37692c4 gcc compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 4d7cd034634a2d10e46bbdc9bb6e75c5a0cad6c3915e07e9be792b05c7a9c78f all runs: crashed: general protection fault in do_unlinkat testing release v5.10.184 testing commit a1f0beb13d9b8955e00caa48f909462fb70e6f73 gcc compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 9e722aed1a4744a0a496836a3d1b4b154564ba92072feca6e6d4333591fc1165 all runs: OK # git bisect start 28cc6246b5e756c8b9098ac213a761eac37692c4 a1f0beb13d9b8955e00caa48f909462fb70e6f73 Bisecting: 4046 revisions left to test after this (roughly 12 steps) [17ba7dfe2008f33814ea1ce582aabd2bcf23150f] Revert "swiotlb: add a IO_TLB_SIZE define" testing commit 17ba7dfe2008f33814ea1ce582aabd2bcf23150f gcc compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: d9649702160ebe37d4bb06d04ac3ed89a8da98521fd5f7a529593367035f6859 all runs: basic kernel testing failed: KASAN: use-after-free Read in attach_pid unable to determine the verdict: 0 good runs (wanted 5), for bad wanted 5 in total, got 0 # git bisect skip 17ba7dfe2008f33814ea1ce582aabd2bcf23150f Bisecting: 4043 revisions left to test after this (roughly 12 steps) [36695d0e77f0b818515bac4aa3bdd86abd84e19f] FROMGIT: usb: dwc3: gadget: Enable suspend events testing commit 36695d0e77f0b818515bac4aa3bdd86abd84e19f gcc compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 21e9269894a612d7ced72e5affd95dc912e8cdce66224416415cd12d78910c18 all runs: basic kernel testing failed: KASAN: use-after-free Read in attach_pid unable to determine the verdict: 0 good runs (wanted 5), for bad wanted 5 in total, got 0 # git bisect skip 36695d0e77f0b818515bac4aa3bdd86abd84e19f Bisecting: 4043 revisions left to test after this (roughly 12 steps) [c0e217b1c0e7711fc64833aca273694c20e58792] FROMGIT: usb: typec: Fix num_altmodes kernel-doc error testing commit c0e217b1c0e7711fc64833aca273694c20e58792 gcc compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 86c95c990c954286a45003d86b356e89ed7224ff5d2aad365882f761284d00b9 run #0: basic kernel testing failed: KASAN: use-after-free Read in attach_pid run #1: basic kernel testing failed: KASAN: use-after-free Read in task_active_pid_ns run #2: basic kernel testing failed: KASAN: use-after-free Read in attach_pid run #3: basic kernel testing failed: KASAN: use-after-free Read in attach_pid run #4: basic kernel testing failed: KASAN: use-after-free Read in attach_pid run #5: basic kernel testing failed: KASAN: use-after-free Read in attach_pid run #6: basic kernel testing failed: KASAN: use-after-free Read in attach_pid run #7: basic kernel testing failed: KASAN: use-after-free Read in attach_pid run #8: basic kernel testing failed: KASAN: use-after-free Read in attach_pid run #9: basic kernel testing failed: KASAN: use-after-free Read in task_active_pid_ns unable to determine the verdict: 0 good runs (wanted 5), for bad wanted 5 in total, got 0 # git bisect skip c0e217b1c0e7711fc64833aca273694c20e58792 Bisecting: 4043 revisions left to test after this (roughly 12 steps) [2893baee79113d6786ac879484d539cf8220c5a3] Revert "Revert "swiotlb: factor out a nr_slots helper"" testing commit 2893baee79113d6786ac879484d539cf8220c5a3 gcc compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 6f5b49c5987a59cdaf09badb06e696061653e915a24cb8c6a91e70573e1450ce run #0: basic kernel testing failed: fatal error: sysMemStat overflow run #1: basic kernel testing failed: KASAN: use-after-free Read in task_active_pid_ns run #2: basic kernel testing failed: fatal error: sysMemStat overflow run #3: basic kernel testing failed: fatal error: sysMemStat overflow run #4: basic kernel testing failed: KASAN: use-after-free Read in attach_pid run #5: basic kernel testing failed: fatal error: runtime: cannot allocate memory run #6: basic kernel testing failed: lost connection to test machine run #7: basic kernel testing failed: KASAN: use-after-free Read in task_active_pid_ns run #8: basic kernel testing failed: lost connection to test machine run #9: basic kernel testing failed: lost connection to test machine unable to determine the verdict: 0 good runs (wanted 5), for bad wanted 5 in total, got 0 # git bisect skip 2893baee79113d6786ac879484d539cf8220c5a3 Bisecting: 4043 revisions left to test after this (roughly 12 steps) [6709f523251f77dc1e9ea643668c630db1f7db80] ANDROID: thermal: Add vendor hook to check power range testing commit 6709f523251f77dc1e9ea643668c630db1f7db80 gcc compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 2dbfc65e613b962d718ae12a92188d4120e2a13c513343d6b49e4a3352959e22 all runs: crashed: general protection fault in do_unlinkat # git bisect bad 6709f523251f77dc1e9ea643668c630db1f7db80 Bisecting: 3026 revisions left to test after this (roughly 12 steps) [49121c77df30ae75cbc9d74ad8fc1edc53344a44] ANDROID: GKI: Enable CONFIG_MODULE_SCMVERSION=y testing commit 49121c77df30ae75cbc9d74ad8fc1edc53344a44 gcc compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: d256d6a3adc006dcae436b1f5ffde38251a81d507fd3ea6dbce498ac832a84fc run #0: basic kernel testing failed: KASAN: use-after-free Read in attach_pid run #1: basic kernel testing failed: KASAN: use-after-free Read in attach_pid run #2: basic kernel testing failed: KASAN: use-after-free Read in attach_pid run #3: basic kernel testing failed: KASAN: use-after-free Read in attach_pid run #4: basic kernel testing failed: KASAN: use-after-free Read in attach_pid run #5: basic kernel testing failed: KASAN: use-after-free Read in attach_pid run #6: basic kernel testing failed: KASAN: use-after-free Read in attach_pid run #7: basic kernel testing failed: KASAN: use-after-free Read in task_active_pid_ns run #8: basic kernel testing failed: KASAN: use-after-free Read in attach_pid run #9: basic kernel testing failed: KASAN: use-after-free Read in attach_pid unable to determine the verdict: 0 good runs (wanted 5), for bad wanted 5 in total, got 0 # git bisect skip 49121c77df30ae75cbc9d74ad8fc1edc53344a44 Bisecting: 3026 revisions left to test after this (roughly 12 steps) [2daebf16f7c30636832a2a232d63e0f41706f38d] UPSTREAM: scsi: ufs: Un-inline ufshcd_vops_device_reset function testing commit 2daebf16f7c30636832a2a232d63e0f41706f38d gcc compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: bb28de00c22a2a9e4088d40a9f12323251e88ecc63ddfc2319caf9f5f7c78895 all runs: OK # git bisect good 2daebf16f7c30636832a2a232d63e0f41706f38d Bisecting: 209 revisions left to test after this (roughly 8 steps) [8095971426e4fe64d69594f587e11be66188f05e] Merge 5.10.80 into android13-5.10 testing commit 8095971426e4fe64d69594f587e11be66188f05e gcc compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 9e2efdd5597b569272c63476af6b40fea0b185c1dc5f61eeb8fc9a7f9656c513 all runs: OK # git bisect good 8095971426e4fe64d69594f587e11be66188f05e Bisecting: 104 revisions left to test after this (roughly 7 steps) [64999249d5fecc79805fd799bdf71bc5b554efc1] ANDROID: thermal: Add hook to enable/disable thermal power throttle testing commit 64999249d5fecc79805fd799bdf71bc5b554efc1 gcc compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 42800a8a490df0b63d9d60109eadcebe04ff20bd88d1ae2e4b4c5ae8931ea48e all runs: OK # git bisect good 64999249d5fecc79805fd799bdf71bc5b554efc1 Bisecting: 52 revisions left to test after this (roughly 6 steps) [e8a81778fed900c5b4c75cffffa149391f7733b2] FROMLIST: KVM: arm64: Use defined value for SCTLR_ELx_EE testing commit e8a81778fed900c5b4c75cffffa149391f7733b2 gcc compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 6b87049a254dd6c51dbbdcebd87c3232d50ef5049ccecccc2581ebd3a0c46dce all runs: OK # git bisect good e8a81778fed900c5b4c75cffffa149391f7733b2 Bisecting: 25 revisions left to test after this (roughly 5 steps) [88b7179fcdb59ade839972bb6042e2b986e7cd57] ANDROID: fuse: Move functions in preparation for fuse-bpf testing commit 88b7179fcdb59ade839972bb6042e2b986e7cd57 gcc compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 5f91a27335a1893975f0f9aa2b23671896ec6fb5fb57dc26f2536972ed0fa9fd all runs: OK # git bisect good 88b7179fcdb59ade839972bb6042e2b986e7cd57 Bisecting: 12 revisions left to test after this (roughly 4 steps) [b2ba9e798c657ff722d1a70e5e237b684b501b57] Merge 5.10.86 into android13-5.10 testing commit b2ba9e798c657ff722d1a70e5e237b684b501b57 gcc compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 18f1ead9374ec5fe5dc17e80f8431de834b94dcfd91b6e0a7693aafac00b8332 all runs: crashed: general protection fault in do_unlinkat # git bisect bad b2ba9e798c657ff722d1a70e5e237b684b501b57 Bisecting: 6 revisions left to test after this (roughly 3 steps) [0975fd934e9e34adabeca8205a672ff6346581bb] ANDROID: Add vendor hook for the sugov_get_util testing commit 0975fd934e9e34adabeca8205a672ff6346581bb gcc compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 43bf9002c2acebebfbdf1d4ecfd0783db6b3a7d161c0d444c098e35f14cffa8c all runs: crashed: general protection fault in do_unlinkat # git bisect bad 0975fd934e9e34adabeca8205a672ff6346581bb Bisecting: 2 revisions left to test after this (roughly 2 steps) [ee8015a3a26c98bdf76f31985d5f716fd19e9849] ANDROID: Add fuse-bpf self tests testing commit ee8015a3a26c98bdf76f31985d5f716fd19e9849 gcc compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 17e99598cc5d9ec3dea7926d35812474ccc1069dc356d64d61583088ce8b0143 all runs: crashed: general protection fault in do_unlinkat # git bisect bad ee8015a3a26c98bdf76f31985d5f716fd19e9849 Bisecting: 1 revision left to test after this (roughly 1 step) [6be5b06e4195b002c52a1c2c82573ea7a76ce111] ANDROID: fuse-bpf v1 testing commit 6be5b06e4195b002c52a1c2c82573ea7a76ce111 gcc compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 457cf4a69aa9a7621c5babb9bc54cf53a1cc1de80a7eb025643be46a49005b76 all runs: crashed: general protection fault in do_unlinkat # git bisect bad 6be5b06e4195b002c52a1c2c82573ea7a76ce111 6be5b06e4195b002c52a1c2c82573ea7a76ce111 is the first bad commit commit 6be5b06e4195b002c52a1c2c82573ea7a76ce111 Author: Daniel Rosenberg Date: Thu Dec 2 14:38:56 2021 -0800 ANDROID: fuse-bpf v1 Bug: 202785178 Test: test_fuse passes on linux, feature works on cuttlefish Signed-off-by: Paul Lawrence Signed-off-by: Daniel Rosenberg Change-Id: I987684b799b07391ccde350e98fde7976f5601aa fs/fuse/Kconfig | 8 + fs/fuse/Makefile | 4 +- fs/fuse/backing.c | 1924 +++++++++++++++++++++++++++++++++++++++++++++ fs/fuse/dev.c | 6 + fs/fuse/dir.c | 386 +++++++-- fs/fuse/file.c | 107 ++- fs/fuse/fuse_i.h | 519 +++++++++++- fs/fuse/inode.c | 179 ++++- fs/fuse/readdir.c | 15 + fs/fuse/xattr.c | 33 + include/linux/bpf_types.h | 3 + include/uapi/linux/bpf.h | 1 + include/uapi/linux/fuse.h | 25 +- kernel/bpf/Makefile | 3 + kernel/bpf/bpf_fuse.c | 72 ++ kernel/bpf/btf.c | 1 + 16 files changed, 3214 insertions(+), 72 deletions(-) create mode 100644 fs/fuse/backing.c create mode 100644 kernel/bpf/bpf_fuse.c culprit signature: 457cf4a69aa9a7621c5babb9bc54cf53a1cc1de80a7eb025643be46a49005b76 parent signature: 5f91a27335a1893975f0f9aa2b23671896ec6fb5fb57dc26f2536972ed0fa9fd revisions tested: 17, total time: 8h7m42.485449799s (build: 6h6m14.586297847s, test: 1h43m43.797869609s) first bad commit: 6be5b06e4195b002c52a1c2c82573ea7a76ce111 ANDROID: fuse-bpf v1 recipients (to): ["drosen@google.com" "paullawrence@google.com"] recipients (cc): [] crash: general protection fault in do_unlinkat general protection fault, probably for non-canonical address 0xdffffc0000000000: 0000 [#1] PREEMPT SMP KASAN KASAN: null-ptr-deref in range [0x0000000000000000-0x0000000000000007] CPU: 0 PID: 446 Comm: syz-executor.0 Not tainted 5.10.85-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/27/2023 RIP: 0010:__d_entry_type include/linux/dcache.h:400 [inline] RIP: 0010:d_is_miss include/linux/dcache.h:405 [inline] RIP: 0010:d_is_negative include/linux/dcache.h:451 [inline] RIP: 0010:do_unlinkat+0x251/0x5d0 fs/namei.c:3966 Code: 4c 89 e0 4c 89 e2 48 c1 e8 03 83 e2 07 42 0f b6 04 28 38 d0 7f 08 84 c0 0f 85 a9 02 00 00 4c 89 c0 45 0f b6 24 24 48 c1 e8 03 <42> 0f b6 04 28 84 c0 74 08 3c 03 0f 8e 71 02 00 00 41 8b 00 89 c2 RSP: 0018:ffffc900008f7e08 EFLAGS: 00010246 RAX: 0000000000000000 RBX: ffffc900008f7ee8 RCX: 0000000000000000 RDX: 0000000000000005 RSI: 0000000000000008 RDI: ffff88810b34ab0c RBP: ffffc900008f7f10 R08: 0000000000000002 R09: ffff88811c77df3f R10: ffffed10238efbe7 R11: ffff88810cbfc000 R12: 0000000000000000 R13: dffffc0000000000 R14: ffff88810cbf4400 R15: 0000000000000000 FS: 00007f5075a17700(0000) GS:ffff8881f7200000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 000000002000a000 CR3: 0000000121268000 CR4: 00000000003506b0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: __do_sys_unlink fs/namei.c:4018 [inline] __se_sys_unlink fs/namei.c:4016 [inline] __x64_sys_unlink+0xa5/0xe0 fs/namei.c:4016 do_syscall_64+0x32/0x80 arch/x86/entry/common.c:46 entry_SYSCALL_64_after_hwframe+0x44/0xa9 RIP: 0033:0x7f5075ea4389 Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 f1 19 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 RSP: 002b:00007f5075a17168 EFLAGS: 00000246 ORIG_RAX: 0000000000000057 RAX: ffffffffffffffda RBX: 00007f5075fc3f80 RCX: 00007f5075ea4389 RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000020000100 RBP: 00007f5075eef493 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 R13: 00007ffd704725df R14: 00007f5075a17300 R15: 0000000000022000 Modules linked in: ---[ end trace e3efe13a8e6525c2 ]--- RIP: 0010:__d_entry_type include/linux/dcache.h:400 [inline] RIP: 0010:d_is_miss include/linux/dcache.h:405 [inline] RIP: 0010:d_is_negative include/linux/dcache.h:451 [inline] RIP: 0010:do_unlinkat+0x251/0x5d0 fs/namei.c:3966 Code: 4c 89 e0 4c 89 e2 48 c1 e8 03 83 e2 07 42 0f b6 04 28 38 d0 7f 08 84 c0 0f 85 a9 02 00 00 4c 89 c0 45 0f b6 24 24 48 c1 e8 03 <42> 0f b6 04 28 84 c0 74 08 3c 03 0f 8e 71 02 00 00 41 8b 00 89 c2 RSP: 0018:ffffc900008f7e08 EFLAGS: 00010246 RAX: 0000000000000000 RBX: ffffc900008f7ee8 RCX: 0000000000000000 RDX: 0000000000000005 RSI: 0000000000000008 RDI: ffff88810b34ab0c RBP: ffffc900008f7f10 R08: 0000000000000002 R09: ffff88811c77df3f R10: ffffed10238efbe7 R11: ffff88810cbfc000 R12: 0000000000000000 R13: dffffc0000000000 R14: ffff88810cbf4400 R15: 0000000000000000 FS: 00007f5075a17700(0000) GS:ffff8881f7200000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 000000002000a000 CR3: 0000000121268000 CR4: 00000000003506b0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 ---------------- Code disassembly (best guess): 0: 4c 89 e0 mov %r12,%rax 3: 4c 89 e2 mov %r12,%rdx 6: 48 c1 e8 03 shr $0x3,%rax a: 83 e2 07 and $0x7,%edx d: 42 0f b6 04 28 movzbl (%rax,%r13,1),%eax 12: 38 d0 cmp %dl,%al 14: 7f 08 jg 0x1e 16: 84 c0 test %al,%al 18: 0f 85 a9 02 00 00 jne 0x2c7 1e: 4c 89 c0 mov %r8,%rax 21: 45 0f b6 24 24 movzbl (%r12),%r12d 26: 48 c1 e8 03 shr $0x3,%rax * 2a: 42 0f b6 04 28 movzbl (%rax,%r13,1),%eax <-- trapping instruction 2f: 84 c0 test %al,%al 31: 74 08 je 0x3b 33: 3c 03 cmp $0x3,%al 35: 0f 8e 71 02 00 00 jle 0x2ac 3b: 41 8b 00 mov (%r8),%eax 3e: 89 c2 mov %eax,%edx