ci2 starts bisection 2023-07-17 13:10:09.459329473 +0000 UTC m=+104.468870567 bisecting cause commit starting from f6707f352b54d12dcfb0b2b28110faebd03ee923 building syzkaller on 35d9ecc508aef508b67ee7986a7abb0864e74f8e ensuring issue is reproducible on original commit f6707f352b54d12dcfb0b2b28110faebd03ee923 testing commit f6707f352b54d12dcfb0b2b28110faebd03ee923 gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 4509b72a2f9e6b40cdc68241630188a54aedb77e793d418c57b508b817aaf6c5 all runs: crashed: general protection fault in fuse_atomic_open representative crash: general protection fault in fuse_atomic_open, types: [UNKNOWN] check whether we can drop unnecessary instrumentation disabling configs for [HANG LEAK UBSAN BUG KASAN LOCKDEP ATOMIC_SLEEP], they are not needed testing commit f6707f352b54d12dcfb0b2b28110faebd03ee923 gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 804e9afa56c3e7ada37f892d32b4700e730497f3d7f9bdf4fadab0127e03f34a all runs: crashed: BUG: unable to handle kernel NULL pointer dereference in fuse_atomic_open representative crash: BUG: unable to handle kernel NULL pointer dereference in fuse_atomic_open, types: [UNKNOWN] the bug reproduces without the instrumentation disabling configs for [HANG LEAK UBSAN BUG KASAN LOCKDEP ATOMIC_SLEEP], they are not needed kconfig minimization: base=5179 full=6485 leaves diff=248 split chunks (needed=false): <248> split chunk #0 of len 248 into 5 parts testing without sub-chunk 1/5 testing commit f6707f352b54d12dcfb0b2b28110faebd03ee923 gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: c59ec922e97feaf6876b6cb3dc83787130c1f4923a52e7727614a1bc3326b0f0 all runs: crashed: BUG: unable to handle kernel NULL pointer dereference in fuse_atomic_open representative crash: BUG: unable to handle kernel NULL pointer dereference in fuse_atomic_open, types: [UNKNOWN] the chunk can be dropped testing without sub-chunk 2/5 testing commit f6707f352b54d12dcfb0b2b28110faebd03ee923 gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: ed2708d89f66c122a8c36f7b0f863cf1df623b9cbe93c48e8ba48d250fb9be66 all runs: crashed: BUG: unable to handle kernel NULL pointer dereference in fuse_atomic_open representative crash: BUG: unable to handle kernel NULL pointer dereference in fuse_atomic_open, types: [UNKNOWN] the chunk can be dropped testing without sub-chunk 3/5 testing commit f6707f352b54d12dcfb0b2b28110faebd03ee923 gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 71e1e600c69703ea4efefe228abe4e768d0cf4dae355c78745fae7a935c4e2cb all runs: crashed: BUG: unable to handle kernel NULL pointer dereference in fuse_atomic_open representative crash: BUG: unable to handle kernel NULL pointer dereference in fuse_atomic_open, types: [UNKNOWN] the chunk can be dropped testing without sub-chunk 4/5 testing commit f6707f352b54d12dcfb0b2b28110faebd03ee923 gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 469d0f5dad8ff5dd2de674a61c12db8fc0988a54c25c383f4b123797d2faf6ec all runs: crashed: BUG: unable to handle kernel NULL pointer dereference in fuse_atomic_open representative crash: BUG: unable to handle kernel NULL pointer dereference in fuse_atomic_open, types: [UNKNOWN] the chunk can be dropped testing without sub-chunk 5/5 testing commit f6707f352b54d12dcfb0b2b28110faebd03ee923 gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 failed building f6707f352b54d12dcfb0b2b28110faebd03ee923: net/socket.c:1225: undefined reference to `wext_handle_ioctl' net/socket.c:3420: undefined reference to `compat_wext_handle_ioctl' net/core/net-procfs.c:329: undefined reference to `wext_proc_init' net/core/net-procfs.c:345: undefined reference to `wext_proc_exit' minimized to 48 configs; suspects: [HID_ZEROPLUS USB_NET_DM9601 USB_NET_GL620A USB_NET_MCS7830 USB_NET_NET1080 USB_NET_PLUSB USB_NET_RNDIS_HOST USB_NET_SMSC75XX USB_NET_SMSC95XX USB_NET_SR9700 USB_NET_SR9800 USB_NET_ZAURUS USB_OHCI_HCD USB_OHCI_HCD_PCI USB_OHCI_HCD_PLATFORM USB_OTG USB_OTG_FSM USB_PRINTER USB_SERIAL_GENERIC USB_SERIAL_PL2303 USB_STORAGE_ALAUDA USB_STORAGE_CYPRESS_ATACB USB_STORAGE_DATAFAB USB_STORAGE_FREECOM USB_STORAGE_ISD200 USB_STORAGE_JUMPSHOT USB_STORAGE_KARMA USB_STORAGE_ONETOUCH USB_STORAGE_SDDR09 USB_STORAGE_SDDR55 USB_STORAGE_USBAT USB_TRANCEVIBRATOR USB_U_AUDIO USB_U_ETHER USB_U_SERIAL USB_WDM WLAN WLAN_VENDOR_ATH WLAN_VENDOR_ATMEL WLAN_VENDOR_BROADCOM WLAN_VENDOR_INTERSIL WLAN_VENDOR_MARVELL WLAN_VENDOR_MEDIATEK WLAN_VENDOR_MICROCHIP WLAN_VENDOR_PURELIFI WLAN_VENDOR_RALINK WLAN_VENDOR_REALTEK WLAN_VENDOR_RSI WLAN_VENDOR_SILABS WLAN_VENDOR_ZYDAS X86_X32_ABI ZEROPLUS_FF] disabling configs for [BUG KASAN LOCKDEP ATOMIC_SLEEP HANG LEAK UBSAN], they are not needed testing release v6.1.25 testing commit f17b0ab65d17988d5e6d6fe22f708ef3721080bf gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 634d3143ead518ff3919d0bf8e4531a0e693cd0cc6a9550f52ffbe3779b0d382 all runs: OK false negative chance: 0.000 # git bisect start f6707f352b54d12dcfb0b2b28110faebd03ee923 f17b0ab65d17988d5e6d6fe22f708ef3721080bf Bisecting: 3029 revisions left to test after this (roughly 12 steps) [53f47613b58db826cfa26e076cb374dd52b5422d] Merge ff0700f03609 ("Merge tag 'sound-5.16-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/tiwai/sound") into android-mainline testing commit 53f47613b58db826cfa26e076cb374dd52b5422d gcc compiler: gcc (GCC) 10.2.1 20210217 failed building 53f47613b58db826cfa26e076cb374dd52b5422d: scripts/extract-cert.c:46:9: warning: 'ERR_get_error_line' is deprecated: Since OpenSSL 3.0 [-Wdeprecated-declarations] scripts/extract-cert.c:60:9: warning: 'ERR_get_error_line' is deprecated: Since OpenSSL 3.0 [-Wdeprecated-declarations] scripts/sign-file.c:89:9: warning: 'ERR_get_error_line' is deprecated: Since OpenSSL 3.0 [-Wdeprecated-declarations] scripts/sign-file.c:103:9: warning: 'ERR_get_error_line' is deprecated: Since OpenSSL 3.0 [-Wdeprecated-declarations] subcmd-util.h:56:23: error: pointer may be used after 'realloc' [-Werror=use-after-free] subcmd-util.h:58:31: error: pointer may be used after 'realloc' [-Werror=use-after-free] check.c:2836:58: error: '%d' directive output may be truncated writing between 1 and 10 bytes into a region of size 9 [-Werror=format-truncation=] # git bisect skip 53f47613b58db826cfa26e076cb374dd52b5422d Bisecting: 3027 revisions left to test after this (roughly 12 steps) [35dba11eb2a44ebb1e32feb0cc527af7968cb9d5] Merge e1fd0b2acde6 ("Merge tag 'trace-v5.16-2' of git://git.kernel.org/pub/scm/linux/kernel/git/rostedt/linux-trace") into android-mainline testing commit 35dba11eb2a44ebb1e32feb0cc527af7968cb9d5 gcc compiler: gcc (GCC) 10.2.1 20210217 failed building 35dba11eb2a44ebb1e32feb0cc527af7968cb9d5: scripts/extract-cert.c:46:9: warning: 'ERR_get_error_line' is deprecated: Since OpenSSL 3.0 [-Wdeprecated-declarations] scripts/extract-cert.c:60:9: warning: 'ERR_get_error_line' is deprecated: Since OpenSSL 3.0 [-Wdeprecated-declarations] scripts/sign-file.c:89:9: warning: 'ERR_get_error_line' is deprecated: Since OpenSSL 3.0 [-Wdeprecated-declarations] scripts/sign-file.c:103:9: warning: 'ERR_get_error_line' is deprecated: Since OpenSSL 3.0 [-Wdeprecated-declarations] subcmd-util.h:56:23: error: pointer may be used after 'realloc' [-Werror=use-after-free] subcmd-util.h:58:31: error: pointer may be used after 'realloc' [-Werror=use-after-free] check.c:2836:58: error: '%d' directive output may be truncated writing between 1 and 10 bytes into a region of size 9 [-Werror=format-truncation=] # git bisect skip 35dba11eb2a44ebb1e32feb0cc527af7968cb9d5 Bisecting: 3027 revisions left to test after this (roughly 12 steps) [04ddc7eec03f54c55b4f2e9cd3edd76f32b3c11b] ANDROID: KVM: arm64: Pre-populate host stage2 testing commit 04ddc7eec03f54c55b4f2e9cd3edd76f32b3c11b gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 64e63b17ab7c07e2e5c5908d111f8810542a5b19868c6ea08940ed07950e18fe all runs: crashed: BUG: unable to handle kernel NULL pointer dereference in fuse_atomic_open representative crash: BUG: unable to handle kernel NULL pointer dereference in fuse_atomic_open, types: [UNKNOWN] # git bisect bad 04ddc7eec03f54c55b4f2e9cd3edd76f32b3c11b Bisecting: 2945 revisions left to test after this (roughly 12 steps) [c26f08d1d450b51a2b5f83087daae7ffc68aa2db] ANDROID: block: add basic hardware-wrapped key support testing commit c26f08d1d450b51a2b5f83087daae7ffc68aa2db gcc compiler: gcc (GCC) 10.2.1 20210217 failed building c26f08d1d450b51a2b5f83087daae7ffc68aa2db: scripts/extract-cert.c:46:9: warning: 'ERR_get_error_line' is deprecated: Since OpenSSL 3.0 [-Wdeprecated-declarations] scripts/extract-cert.c:60:9: warning: 'ERR_get_error_line' is deprecated: Since OpenSSL 3.0 [-Wdeprecated-declarations] scripts/sign-file.c:89:9: warning: 'ERR_get_error_line' is deprecated: Since OpenSSL 3.0 [-Wdeprecated-declarations] scripts/sign-file.c:103:9: warning: 'ERR_get_error_line' is deprecated: Since OpenSSL 3.0 [-Wdeprecated-declarations] subcmd-util.h:56:23: error: pointer may be used after 'realloc' [-Werror=use-after-free] subcmd-util.h:58:31: error: pointer may be used after 'realloc' [-Werror=use-after-free] check.c:2836:58: error: '%d' directive output may be truncated writing between 1 and 10 bytes into a region of size 9 [-Werror=format-truncation=] # git bisect skip c26f08d1d450b51a2b5f83087daae7ffc68aa2db Bisecting: 2945 revisions left to test after this (roughly 12 steps) [9834c26bae732ca9ada454ba703b3bc5f1840b13] ANDROID: gki_defconfig: Enable RCU_BOOST config testing commit 9834c26bae732ca9ada454ba703b3bc5f1840b13 gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: f759ecaf1b67b4dadaccc134c615e2be5c51d9e73aabec5a65ee3eda1e64639a all runs: crashed: BUG: unable to handle kernel NULL pointer dereference in fuse_atomic_open representative crash: BUG: unable to handle kernel NULL pointer dereference in fuse_atomic_open, types: [UNKNOWN] # git bisect bad 9834c26bae732ca9ada454ba703b3bc5f1840b13 Bisecting: 2283 revisions left to test after this (roughly 11 steps) [69703c95d4652629c150f5aae23a971134574633] ANDROID: GKI: enable CONFIG_FAIR_GROUP_SCHED testing commit 69703c95d4652629c150f5aae23a971134574633 gcc compiler: gcc (GCC) 10.2.1 20210217 failed building 69703c95d4652629c150f5aae23a971134574633: scripts/extract-cert.c:46:9: warning: 'ERR_get_error_line' is deprecated: Since OpenSSL 3.0 [-Wdeprecated-declarations] scripts/extract-cert.c:60:9: warning: 'ERR_get_error_line' is deprecated: Since OpenSSL 3.0 [-Wdeprecated-declarations] scripts/sign-file.c:89:9: warning: 'ERR_get_error_line' is deprecated: Since OpenSSL 3.0 [-Wdeprecated-declarations] scripts/sign-file.c:102:9: warning: 'ERR_get_error_line' is deprecated: Since OpenSSL 3.0 [-Wdeprecated-declarations] subcmd-util.h:56:23: error: pointer may be used after 'realloc' [-Werror=use-after-free] subcmd-util.h:58:31: error: pointer may be used after 'realloc' [-Werror=use-after-free] # git bisect skip 69703c95d4652629c150f5aae23a971134574633 Bisecting: 2283 revisions left to test after this (roughly 11 steps) [92381c512b9d155d06cab0b014eb206353b765ef] ANDROID: x86/vdso: disable LTO only for VDSO testing commit 92381c512b9d155d06cab0b014eb206353b765ef gcc compiler: gcc version 8.4.1 20210217 (GCC) kernel signature: 563b5ab9b9e1a7f17bce34105e88cbac8425a9f6bf6cca42301ec934267b7645 run #0: basic kernel testing failed: BUG: unable to handle kernel paging request in pid_vnr run #1: basic kernel testing failed: BUG: unable to handle kernel paging request in task_active_pid_ns run #2: basic kernel testing failed: BUG: unable to handle kernel paging request in task_active_pid_ns run #3: basic kernel testing failed: BUG: unable to handle kernel paging request in pid_vnr run #4: basic kernel testing failed: BUG: unable to handle kernel paging request in pid_vnr run #5: basic kernel testing failed: BUG: unable to handle kernel paging request in pid_vnr run #6: basic kernel testing failed: BUG: unable to handle kernel paging request in pid_vnr run #7: basic kernel testing failed: BUG: unable to handle kernel paging request in pid_vnr run #8: basic kernel testing failed: BUG: unable to handle kernel paging request in pid_vnr run #9: basic kernel testing failed: BUG: unable to handle kernel paging request in pid_vnr unable to determine the verdict: 0 good runs (wanted 5), for bad wanted 5 in total, got 0 # git bisect skip 92381c512b9d155d06cab0b014eb206353b765ef Bisecting: 2283 revisions left to test after this (roughly 11 steps) [79f52095e720adc0ce8b009f7047a5f8a7bfd5a4] FROMGIT: usb: typec: tcpm: Clear send_discover in tcpm_check_send_discover testing commit 79f52095e720adc0ce8b009f7047a5f8a7bfd5a4 gcc compiler: gcc (GCC) 10.2.1 20210217 failed building 79f52095e720adc0ce8b009f7047a5f8a7bfd5a4: scripts/sign-file.c:89:9: warning: 'ERR_get_error_line' is deprecated: Since OpenSSL 3.0 [-Wdeprecated-declarations] scripts/sign-file.c:102:9: warning: 'ERR_get_error_line' is deprecated: Since OpenSSL 3.0 [-Wdeprecated-declarations] scripts/extract-cert.c:46:9: warning: 'ERR_get_error_line' is deprecated: Since OpenSSL 3.0 [-Wdeprecated-declarations] scripts/extract-cert.c:60:9: warning: 'ERR_get_error_line' is deprecated: Since OpenSSL 3.0 [-Wdeprecated-declarations] subcmd-util.h:56:23: error: pointer may be used after 'realloc' [-Werror=use-after-free] subcmd-util.h:58:31: error: pointer may be used after 'realloc' [-Werror=use-after-free] # git bisect skip 79f52095e720adc0ce8b009f7047a5f8a7bfd5a4 Bisecting: 2283 revisions left to test after this (roughly 11 steps) [d339efacc38c7670b06971d25d4f885fceb3a957] ANDROID: clang: update to 15.0.1 testing commit d339efacc38c7670b06971d25d4f885fceb3a957 gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 712a9b3cf44a492a75ac6cb6a7441865cc9e6bb25954642c03df6c829f725f2f all runs: OK false negative chance: 0.000 # git bisect good d339efacc38c7670b06971d25d4f885fceb3a957 Bisecting: 380 revisions left to test after this (roughly 9 steps) [a12648bd1e6da9bcdf3b6ac978c3fcfeaf3fca36] ANDROID: virtio_balloon: New module parameter "pkvm" testing commit a12648bd1e6da9bcdf3b6ac978c3fcfeaf3fca36 gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 9bbff7c4f49531fe5413c3788419c4eb7b22b6a58f03f2ed078bad539e350ee3 all runs: OK false negative chance: 0.000 # git bisect good a12648bd1e6da9bcdf3b6ac978c3fcfeaf3fca36 Bisecting: 169 revisions left to test after this (roughly 8 steps) [9deaf617bd5b68ceb0df201f45d401588090c8ca] Merge remote-tracking branch 'aosp/upstream-f2fs-stable-linux-6.1.y' into android14-6.1 testing commit 9deaf617bd5b68ceb0df201f45d401588090c8ca gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: f9282aadc9b3e188156f95a3ee88decd5866d85c87b5e1123d7d693aacb818bb all runs: OK false negative chance: 0.000 # git bisect good 9deaf617bd5b68ceb0df201f45d401588090c8ca Bisecting: 84 revisions left to test after this (roughly 6 steps) [f6d21159ccbd638ac6e9de50fb5085ce54fb3735] ANDROID: fuse-bpf: Make sure to declare functions testing commit f6d21159ccbd638ac6e9de50fb5085ce54fb3735 gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 756c3a64a5378a98c35156db55c8c6f0cf4bcdbc068b2b3007ab4cd9c3c3f559 all runs: crashed: BUG: unable to handle kernel NULL pointer dereference in fuse_atomic_open representative crash: BUG: unable to handle kernel NULL pointer dereference in fuse_atomic_open, types: [UNKNOWN] # git bisect bad f6d21159ccbd638ac6e9de50fb5085ce54fb3735 Bisecting: 39 revisions left to test after this (roughly 5 steps) [34d1cfdc4a71992542a18ed95f509803c8e1d8c7] Merge remote-tracking branch 'aosp/upstream-f2fs-stable-linux-6.1.y' into android14-6.1 testing commit 34d1cfdc4a71992542a18ed95f509803c8e1d8c7 gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: bd2e250c7552be4a0170c2aa53f89b9241aad389db0670c792c50d0cec239120 all runs: OK false negative chance: 0.000 # git bisect good 34d1cfdc4a71992542a18ed95f509803c8e1d8c7 Bisecting: 19 revisions left to test after this (roughly 4 steps) [510e65b2c19315a537f83649a6afd8e20dd31730] ANDROID: GKI: Remove usage of __GENKSYMS__ in vendor hooks source testing commit 510e65b2c19315a537f83649a6afd8e20dd31730 gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 47fff9c374f273cdf211b575d8c0747547bf6b19491279392dacadbee52bd351 all runs: OK false negative chance: 0.000 # git bisect good 510e65b2c19315a537f83649a6afd8e20dd31730 Bisecting: 9 revisions left to test after this (roughly 3 steps) [41d708af25a9fff133a94d80a35f71f2f0d26a88] ANDROID: fips140: add fips140_lab_util program testing commit 41d708af25a9fff133a94d80a35f71f2f0d26a88 gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 84d4a5da567432d85587bc3fadd33387dfffd853eb6f6583358a86e64caac064 all runs: OK false negative chance: 0.000 # git bisect good 41d708af25a9fff133a94d80a35f71f2f0d26a88 Bisecting: 4 revisions left to test after this (roughly 2 steps) [955a8699b86ac3576d26c1ad77cccb2f5199b5a9] ANDROID: KVM: arm64: Fix calculation for number of relocs in .hyp.reloc testing commit 955a8699b86ac3576d26c1ad77cccb2f5199b5a9 gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 4365331720d828c7f8f1d42bb80db5b7013a70ca6b30bfd7925a6dd18a39aaaf all runs: OK false negative chance: 0.000 # git bisect good 955a8699b86ac3576d26c1ad77cccb2f5199b5a9 Bisecting: 2 revisions left to test after this (roughly 1 step) [53b3a7721b7aec74d8fa2ee55c2480044cc7c1b8] Merge 6.1.1 into android14-6.1 testing commit 53b3a7721b7aec74d8fa2ee55c2480044cc7c1b8 gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 7b2a53d4ed81824b02415e25e3a5be5d15c291cfdf815a7660ec34c401a07ec0 all runs: OK false negative chance: 0.000 # git bisect good 53b3a7721b7aec74d8fa2ee55c2480044cc7c1b8 Bisecting: 0 revisions left to test after this (roughly 1 step) [57f3ff9648991998d008ecf32f2f9e78a08bfb8b] ANDROID: fuse-bpf v1.1 testing commit 57f3ff9648991998d008ecf32f2f9e78a08bfb8b gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 52d5d9ac3ca0538a1e5dbaa9e885fb166fa98312efc311897945f441a86f532c all runs: crashed: BUG: unable to handle kernel NULL pointer dereference in fuse_atomic_open representative crash: BUG: unable to handle kernel NULL pointer dereference in fuse_atomic_open, types: [UNKNOWN] # git bisect bad 57f3ff9648991998d008ecf32f2f9e78a08bfb8b Bisecting: 0 revisions left to test after this (roughly 0 steps) [fb5ea70e2e33932b5b35fedd7a30cf5d9170126c] ANDROID: KVM: arm64: Add helper for pKVM modules addr conversion testing commit fb5ea70e2e33932b5b35fedd7a30cf5d9170126c gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 5a195fa14669301088c3ed162aa5e28ddbeeaa3fcb0a054b94b2cfebc4387bee all runs: OK false negative chance: 0.000 # git bisect good fb5ea70e2e33932b5b35fedd7a30cf5d9170126c 57f3ff9648991998d008ecf32f2f9e78a08bfb8b is the first bad commit commit 57f3ff9648991998d008ecf32f2f9e78a08bfb8b Author: Daniel Rosenberg Date: Thu Dec 2 13:50:02 2021 -0800 ANDROID: fuse-bpf v1.1 This is a squash of these changes cherry-picked from common-android13-5.10 ANDROID: fuse-bpf: Make compile and pass test ANDROID: fuse-bpf: set error_in to ENOENT in negative lookup ANDROID: fuse-bpf: Add ability to run ranges of tests to fuse_test ANDROID: fuse-bpf: Add test for lookup postfilter ANDROID: fuse-bpf: readddir postfilter fixes ANDROID: fix kernelci error in fs/fuse/dir.c ANDROID: fuse-bpf: Fix RCU/reference issue ANDROID: fuse-bpf: Always call revalidate for backing ANDROID: fuse-bpf: Adjust backing handle funcs ANDROID: fuse-bpf: Fix revalidate error path and backing handling ANDROID: fuse-bpf: Fix use of get_fuse_inode ANDROID: fuse: Don't use readdirplus w/ nodeid 0 ANDROID: fuse-bpf: Introduce readdirplus test case for fuse bpf ANDROID: fuse-bpf: Make sure force_again flag is false by default ANDROID: fuse-bpf: Make inodes with backing_fd reachable for regular FUSE fuse_iget Revert "ANDROID: fuse-bpf: use target instead of parent inode to execute backing revalidate" ANDROID: fuse-bpf: use target instead of parent inode to execute backing revalidate ANDROID: fuse-bpf: Fix misuse of args.out_args ANDROID: fuse-bpf: Fix non-fusebpf build ANDROID: fuse-bpf: Use fuse_bpf_args in uapi ANDROID: fuse-bpf: Fix read_iter ANDROID: fuse-bpf: Use cache and refcount ANDROID: fuse-bpf: Rename iocb_fuse to iocb_orig ANDROID: fuse-bpf: Fix fixattr in rename ANDROID: fuse-bpf: Fix readdir ANDROID: fuse-bpf: Fix lseek return value for offset 0 ANDROID: fuse-bpf: fix read_iter and write_iter ANDROID: fuse-bpf: fix special devices ANDROID: fuse-bpf: support FUSE_LSEEK ANDROID: fuse-bpf: Add support for FUSE_COPY_FILE_RANGE ANDROID: fuse-bpf: Report errors to finalize ANDROID: fuse-bpf: Avoid reusing uint64_t for file ANDROID: fuse-bpf: Fix CONFIG_FUSE_BPF typo in FUSE_FSYNCDIR ANDROID: fuse-bpf: Move fd operations to be synchronous ANDROID: fuse-bpf: Invalidate if lower is unhashed ANDROID: fuse-bpf: Move bpf earlier in fuse_permission ANDROID: fuse-bpf: Update attributes on file write ANDROID: fuse: allow mounting with no userspace daemon ANDROID: fuse-bpf: Support FUSE_STATFS ANDROID: fuse-bpf: Fix filldir ANDROID: fuse-bpf: fix fuse_create_open_finalize ANDROID: fuse: add bpf support for removexattr ANDROID: fuse-bpf: Fix truncate ANDROID: fuse-bpf: Support inotify ANDROID: fuse-bpf: Make compile with CONFIG_FUSE but no CONFIG_FUSE_BPF ANDROID: fuse-bpf: Fix perms on readdir ANDROID: fuse: Fix umasking in backing ANDROID: fs/fuse: Backing move returns EXDEV if TO not backed ANDROID: bpf-fuse: Fix Setattr ANDROID: fuse-bpf: Check if mkdir dentry setup ANDROID: fuse-bpf: Close backing fds in fuse_dentry_revalidate ANDROID: fuse-bpf: Close backing-fd on both paths ANDROID: fuse-bpf: Partial fix for mmap'd files ANDROID: fuse-bpf: Restore a missing const ANDROID: Add fuse-bpf self tests ANDROID: Add FUSE_BPF to gki_defconfig ANDROID: fuse-bpf v1 ANDROID: fuse: Move functions in preparation for fuse-bpf Bug: 202785178 Bug: 265206112 Test: test_fuse passes on linux. On cuttlefish, atest android.scopedstorage.cts.host.ScopedStorageHostTest passes with fuse-bpf enabled and disabled Change-Id: Idb099c281f9b39ff2c46fa3ebc63e508758416ee Signed-off-by: Paul Lawrence Signed-off-by: Daniel Rosenberg arch/arm64/configs/gki_defconfig | 1 + arch/x86/configs/gki_defconfig | 1 + fs/fuse/Kconfig | 8 + fs/fuse/Makefile | 1 + fs/fuse/backing.c | 2468 ++++++++++++++++++++ fs/fuse/control.c | 2 +- fs/fuse/dev.c | 19 + fs/fuse/dir.c | 532 +++-- fs/fuse/file.c | 130 ++ fs/fuse/fuse_i.h | 720 +++++- fs/fuse/inode.c | 322 ++- fs/fuse/passthrough.c | 2 +- fs/fuse/readdir.c | 22 + fs/fuse/xattr.c | 40 + include/linux/bpf_types.h | 3 + include/uapi/linux/android_fuse.h | 95 + include/uapi/linux/bpf.h | 10 + kernel/bpf/Makefile | 3 + kernel/bpf/bpf_fuse.c | 128 + kernel/bpf/btf.c | 1 + .../testing/selftests/filesystems/fuse/.gitignore | 2 + tools/testing/selftests/filesystems/fuse/Makefile | 34 + tools/testing/selftests/filesystems/fuse/OWNERS | 2 + .../selftests/filesystems/fuse/bpf_loader.c | 791 +++++++ tools/testing/selftests/filesystems/fuse/fd.txt | 21 + tools/testing/selftests/filesystems/fuse/fd_bpf.c | 252 ++ .../selftests/filesystems/fuse/fuse_daemon.c | 294 +++ .../testing/selftests/filesystems/fuse/fuse_test.c | 2142 +++++++++++++++++ .../testing/selftests/filesystems/fuse/test_bpf.c | 507 ++++ .../selftests/filesystems/fuse/test_framework.h | 179 ++ .../testing/selftests/filesystems/fuse/test_fuse.h | 337 +++ .../selftests/filesystems/fuse/test_fuse_bpf.h | 65 + 32 files changed, 8929 insertions(+), 205 deletions(-) create mode 100644 fs/fuse/backing.c create mode 100644 include/uapi/linux/android_fuse.h create mode 100644 kernel/bpf/bpf_fuse.c create mode 100644 tools/testing/selftests/filesystems/fuse/.gitignore create mode 100644 tools/testing/selftests/filesystems/fuse/Makefile create mode 100644 tools/testing/selftests/filesystems/fuse/OWNERS create mode 100644 tools/testing/selftests/filesystems/fuse/bpf_loader.c create mode 100644 tools/testing/selftests/filesystems/fuse/fd.txt create mode 100644 tools/testing/selftests/filesystems/fuse/fd_bpf.c create mode 100644 tools/testing/selftests/filesystems/fuse/fuse_daemon.c create mode 100644 tools/testing/selftests/filesystems/fuse/fuse_test.c create mode 100644 tools/testing/selftests/filesystems/fuse/test_bpf.c create mode 100644 tools/testing/selftests/filesystems/fuse/test_framework.h create mode 100644 tools/testing/selftests/filesystems/fuse/test_fuse.h create mode 100644 tools/testing/selftests/filesystems/fuse/test_fuse_bpf.h accumulated error probability: 0.00 culprit signature: 52d5d9ac3ca0538a1e5dbaa9e885fb166fa98312efc311897945f441a86f532c parent signature: 5a195fa14669301088c3ed162aa5e28ddbeeaa3fcb0a054b94b2cfebc4387bee revisions tested: 21, total time: 12h28m53.030372246s (build: 8h0m29.027852698s, test: 3h19m40.029278228s) first bad commit: 57f3ff9648991998d008ecf32f2f9e78a08bfb8b ANDROID: fuse-bpf v1.1 recipients (to): ["drosen@google.com" "paullawrence@google.com"] recipients (cc): [] crash: BUG: unable to handle kernel NULL pointer dereference in fuse_atomic_open BUG: kernel NULL pointer dereference, address: 0000000000000039 #PF: supervisor read access in kernel mode #PF: error_code(0x0000) - not-present page PGD 10b36b067 P4D 10b36b067 PUD 10b2f8067 PMD 0 Oops: 0000 [#1] PREEMPT SMP CPU: 0 PID: 354 Comm: syz-executor.0 Not tainted 6.1.1-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/03/2023 RIP: 0010:d_really_is_positive include/linux/dcache.h:485 [inline] RIP: 0010:fuse_atomic_open+0x8c/0x140 fs/fuse/dir.c:858 Code: ff ff 49 89 c4 48 3d 01 f0 ff ff 72 05 45 89 e6 eb 2d 4d 85 e4 4d 0f 45 fc 4c 89 f2 48 8b 4d d0 44 8b 45 cc 41 f6 c5 40 74 07 <49> 83 7f 30 00 74 20 48 89 d7 4c 89 e6 e8 62 d8 e9 ff 41 89 c6 44 RSP: 0018:ffffc9000077fc98 EFLAGS: 00010202 RAX: 0000000000000009 RBX: ffff88810baf6300 RCX: ffff88810a7a3000 RDX: ffff88810b1b8b00 RSI: 0000000000000001 RDI: ffff88810baf6628 RBP: ffffc9000077fcd0 R08: 0000000000008000 R09: ffffffff8153156f R10: ffff888111e699c0 R11: ffff888100041400 R12: 0000000000000009 R13: 0000000000008241 R14: ffff88810b1b8b00 R15: 0000000000000009 FS: 00007f4a427ff6c0(0000) GS:ffff888237c00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 0000000000000039 CR3: 000000010b2d8000 CR4: 00000000003506b0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: atomic_open fs/namei.c:3276 [inline] lookup_open fs/namei.c:3384 [inline] open_last_lookups fs/namei.c:3481 [inline] path_openat+0x3e2/0xb60 fs/namei.c:3711 do_filp_open+0xad/0x150 fs/namei.c:3741 do_sys_openat2+0x8c/0x160 fs/open.c:1312 do_sys_open fs/open.c:1328 [inline] __do_sys_creat fs/open.c:1404 [inline] __se_sys_creat fs/open.c:1398 [inline] __x64_sys_creat+0x44/0x60 fs/open.c:1398 do_syscall_x64 arch/x86/entry/common.c:50 [inline] do_syscall_64+0x3d/0xb0 arch/x86/entry/common.c:80 entry_SYSCALL_64_after_hwframe+0x63/0xcd RIP: 0033:0x7f4a42c7cb29 Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 RSP: 002b:00007f4a427ff0c8 EFLAGS: 00000246 ORIG_RAX: 0000000000000055 RAX: ffffffffffffffda RBX: 00007f4a42d9c050 RCX: 00007f4a42c7cb29 RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000020000000 RBP: 00007f4a42cc847a R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 R13: 000000000000006e R14: 00007f4a42d9c050 R15: 00007ffc1af6b9d8 Modules linked in: CR2: 0000000000000039 ---[ end trace 0000000000000000 ]--- RIP: 0010:d_really_is_positive include/linux/dcache.h:485 [inline] RIP: 0010:fuse_atomic_open+0x8c/0x140 fs/fuse/dir.c:858 Code: ff ff 49 89 c4 48 3d 01 f0 ff ff 72 05 45 89 e6 eb 2d 4d 85 e4 4d 0f 45 fc 4c 89 f2 48 8b 4d d0 44 8b 45 cc 41 f6 c5 40 74 07 <49> 83 7f 30 00 74 20 48 89 d7 4c 89 e6 e8 62 d8 e9 ff 41 89 c6 44 RSP: 0018:ffffc9000077fc98 EFLAGS: 00010202 RAX: 0000000000000009 RBX: ffff88810baf6300 RCX: ffff88810a7a3000 RDX: ffff88810b1b8b00 RSI: 0000000000000001 RDI: ffff88810baf6628 RBP: ffffc9000077fcd0 R08: 0000000000008000 R09: ffffffff8153156f R10: ffff888111e699c0 R11: ffff888100041400 R12: 0000000000000009 R13: 0000000000008241 R14: ffff88810b1b8b00 R15: 0000000000000009 FS: 00007f4a427ff6c0(0000) GS:ffff888237c00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 0000000000000039 CR3: 000000010b2d8000 CR4: 00000000003506b0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 ---------------- Code disassembly (best guess), 2 bytes skipped: 0: 49 89 c4 mov %rax,%r12 3: 48 3d 01 f0 ff ff cmp $0xfffffffffffff001,%rax 9: 72 05 jb 0x10 b: 45 89 e6 mov %r12d,%r14d e: eb 2d jmp 0x3d 10: 4d 85 e4 test %r12,%r12 13: 4d 0f 45 fc cmovne %r12,%r15 17: 4c 89 f2 mov %r14,%rdx 1a: 48 8b 4d d0 mov -0x30(%rbp),%rcx 1e: 44 8b 45 cc mov -0x34(%rbp),%r8d 22: 41 f6 c5 40 test $0x40,%r13b 26: 74 07 je 0x2f * 28: 49 83 7f 30 00 cmpq $0x0,0x30(%r15) <-- trapping instruction 2d: 74 20 je 0x4f 2f: 48 89 d7 mov %rdx,%rdi 32: 4c 89 e6 mov %r12,%rsi 35: e8 62 d8 e9 ff call 0xffe9d89c 3a: 41 89 c6 mov %eax,%r14d 3d: 44 rex.R