ci2 starts bisection 2023-07-30 07:44:41.121249889 +0000 UTC m=+239940.890949196 bisecting cause commit starting from 748fd0d9ca0facefe5ec81770f620981fe280489 building syzkaller on 924768299f97ac88b84f09eb979919305c8af5bb ensuring issue is reproducible on original commit 748fd0d9ca0facefe5ec81770f620981fe280489 testing commit 748fd0d9ca0facefe5ec81770f620981fe280489 gcc compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 6b14fc32ff37b0d5af3f1276991410a0de86f905fb5c90c45d57eb8a8ac4e7c0 all runs: crashed: general protection fault in fuse_atomic_open representative crash: general protection fault in fuse_atomic_open, types: [UNKNOWN] check whether we can drop unnecessary instrumentation disabling configs for [UBSAN BUG KASAN LOCKDEP ATOMIC_SLEEP HANG LEAK], they are not needed testing commit 748fd0d9ca0facefe5ec81770f620981fe280489 gcc compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 0cc0ee6f0bbb0757a5b23e7b850121cd40aed517c78ba6b1278292dda8e61b57 all runs: crashed: BUG: unable to handle kernel NULL pointer dereference in fuse_atomic_open representative crash: BUG: unable to handle kernel NULL pointer dereference in fuse_atomic_open, types: [UNKNOWN] the bug reproduces without the instrumentation disabling configs for [UBSAN BUG KASAN LOCKDEP ATOMIC_SLEEP HANG LEAK], they are not needed kconfig minimization: base=4920 full=6161 leaves diff=240 split chunks (needed=false): <240> split chunk #0 of len 240 into 5 parts testing without sub-chunk 1/5 disabling configs for [BUG KASAN LOCKDEP ATOMIC_SLEEP HANG LEAK UBSAN], they are not needed testing commit 748fd0d9ca0facefe5ec81770f620981fe280489 gcc compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 8720d035b3718f1420dc30adaaa3dfcefd5350c575eb79d118ab2bcc813e8285 all runs: crashed: BUG: unable to handle kernel NULL pointer dereference in fuse_atomic_open representative crash: BUG: unable to handle kernel NULL pointer dereference in fuse_atomic_open, types: [UNKNOWN] the chunk can be dropped testing without sub-chunk 2/5 disabling configs for [ATOMIC_SLEEP HANG LEAK UBSAN BUG KASAN LOCKDEP], they are not needed testing commit 748fd0d9ca0facefe5ec81770f620981fe280489 gcc compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: ef593f8273ea1b5efdcc0616796c68788ed8fc5b72d3bc903c6ca0cd902fa14f all runs: crashed: BUG: unable to handle kernel NULL pointer dereference in fuse_atomic_open representative crash: BUG: unable to handle kernel NULL pointer dereference in fuse_atomic_open, types: [UNKNOWN] the chunk can be dropped testing without sub-chunk 3/5 disabling configs for [BUG KASAN LOCKDEP ATOMIC_SLEEP HANG LEAK UBSAN], they are not needed testing commit 748fd0d9ca0facefe5ec81770f620981fe280489 gcc compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 7097cfcfad365e1cda4c4ef8803ecc0ffb1aad6e2d961f2699146fbb87effc44 all runs: crashed: BUG: unable to handle kernel NULL pointer dereference in fuse_atomic_open representative crash: BUG: unable to handle kernel NULL pointer dereference in fuse_atomic_open, types: [UNKNOWN] the chunk can be dropped testing without sub-chunk 4/5 disabling configs for [BUG KASAN LOCKDEP ATOMIC_SLEEP HANG LEAK UBSAN], they are not needed testing commit 748fd0d9ca0facefe5ec81770f620981fe280489 gcc compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 07d9b443d510e7b92cc59e3a98d7f759e75480eb186d6fa046f45f4613d5669e all runs: crashed: BUG: unable to handle kernel NULL pointer dereference in fuse_atomic_open representative crash: BUG: unable to handle kernel NULL pointer dereference in fuse_atomic_open, types: [UNKNOWN] the chunk can be dropped testing without sub-chunk 5/5 disabling configs for [LOCKDEP ATOMIC_SLEEP HANG LEAK UBSAN BUG KASAN], they are not needed testing commit 748fd0d9ca0facefe5ec81770f620981fe280489 gcc compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.40 failed building 748fd0d9ca0facefe5ec81770f620981fe280489: net/socket.c:1172: undefined reference to `wext_handle_ioctl' net/socket.c:3366: undefined reference to `compat_wext_handle_ioctl' net/core/net-procfs.c:343: undefined reference to `wext_proc_exit' net/core/net-procfs.c:327: undefined reference to `wext_proc_init' minimized to 48 configs; suspects: [HID_ZEROPLUS USB_NET_CDC_SUBSET USB_NET_CDC_SUBSET_ENABLE USB_NET_DM9601 USB_NET_GL620A USB_NET_MCS7830 USB_NET_NET1080 USB_NET_PLUSB USB_NET_RNDIS_HOST USB_NET_SMSC75XX USB_NET_SMSC95XX USB_NET_SR9700 USB_NET_SR9800 USB_NET_ZAURUS USB_OHCI_HCD USB_OHCI_HCD_PCI USB_OHCI_HCD_PLATFORM USB_OTG USB_OTG_FSM USB_PRINTER USB_SERIAL USB_SERIAL_FTDI_SIO USB_SERIAL_GENERIC USB_SERIAL_PL2303 USB_STORAGE_ALAUDA USB_STORAGE_CYPRESS_ATACB USB_STORAGE_DATAFAB USB_STORAGE_FREECOM USB_STORAGE_ISD200 USB_STORAGE_JUMPSHOT USB_STORAGE_KARMA USB_STORAGE_ONETOUCH USB_STORAGE_SDDR09 USB_STORAGE_SDDR55 USB_STORAGE_USBAT USB_TRANCEVIBRATOR USB_U_AUDIO USB_U_ETHER USB_U_SERIAL USB_WDM WLAN WLAN_VENDOR_ATH WLAN_VENDOR_ATMEL WLAN_VENDOR_BROADCOM WLAN_VENDOR_INTERSIL WLAN_VENDOR_MARVELL WLAN_VENDOR_MEDIATEK WLAN_VENDOR_MICROCHIP WLAN_VENDOR_RALINK WLAN_VENDOR_REALTEK WLAN_VENDOR_RSI WLAN_VENDOR_ZYDAS X86_X32 ZEROPLUS_FF] disabling configs for [HANG LEAK UBSAN BUG KASAN LOCKDEP ATOMIC_SLEEP], they are not needed testing release v5.15.120 testing commit d54cfc420586425d418a53871290cc4a59d33501 gcc compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 3fddec25512742e877ca313daeda2f17d8d73d56aeaf1d55a9e3f1beb3eee047 all runs: OK false negative chance: 0.000 # git bisect start 748fd0d9ca0facefe5ec81770f620981fe280489 d54cfc420586425d418a53871290cc4a59d33501 Bisecting: 3127 revisions left to test after this (roughly 12 steps) [b0f186eadfbb5e66b540356424a13bca902776f4] FROMGIT: KVM: arm64: Move kvm_arch_vcpu_run_pid_change() out of line testing commit b0f186eadfbb5e66b540356424a13bca902776f4 gcc compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 13ff6a55e68b974ee9e1a147a6a0a43c31f7a38c0b67833fbbadd1b32ddf07dd all runs: OK false negative chance: 0.000 # git bisect good b0f186eadfbb5e66b540356424a13bca902776f4 Bisecting: 1564 revisions left to test after this (roughly 11 steps) [43074ecaf6ed77d0754a22fdbed63b325c2a379f] ANDROID: Fix kernelci build break due to typo testing commit 43074ecaf6ed77d0754a22fdbed63b325c2a379f gcc compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 60247cfad24dc12592eb096c8afcf4440beb350345cb514948255c1d0446c76c all runs: OK false negative chance: 0.000 # git bisect good 43074ecaf6ed77d0754a22fdbed63b325c2a379f Bisecting: 782 revisions left to test after this (roughly 10 steps) [0667e5dfa3fd2be974ed17e12f1c0a042b437f84] BACKPORT: Kconfig.debug: provide a little extra FRAME_WARN leeway when KASAN is enabled testing commit 0667e5dfa3fd2be974ed17e12f1c0a042b437f84 gcc compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: c646782af9f430a06c2eee4d302c6cbaa0203c30a5bd258400fc5598bc30936b all runs: OK false negative chance: 0.000 # git bisect good 0667e5dfa3fd2be974ed17e12f1c0a042b437f84 Bisecting: 391 revisions left to test after this (roughly 9 steps) [e269893a9b54320ae93e2e5577fd5399cddbf41f] ANDROID: GKI: Update symbol list for mtk testing commit e269893a9b54320ae93e2e5577fd5399cddbf41f gcc compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 43e52b87d03fea6784b2fa1021b1d195465c28812d0356a404979d494e97e5f7 all runs: crashed: BUG: unable to handle kernel NULL pointer dereference in fuse_atomic_open representative crash: BUG: unable to handle kernel NULL pointer dereference in fuse_atomic_open, types: [UNKNOWN] # git bisect bad e269893a9b54320ae93e2e5577fd5399cddbf41f Bisecting: 195 revisions left to test after this (roughly 8 steps) [048ad5d37537464d0401856b76faf896b5e7a4b2] UPSTREAM: wifi: cfg80211: Extend cfg80211_new_sta() for MLD AP testing commit 048ad5d37537464d0401856b76faf896b5e7a4b2 gcc compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 70e3a667d3c3f0476db9f977cc5ea378003b7859950bb95ea5e47d2ddfd9f8d8 all runs: crashed: BUG: unable to handle kernel NULL pointer dereference in fuse_atomic_open representative crash: BUG: unable to handle kernel NULL pointer dereference in fuse_atomic_open, types: [UNKNOWN] # git bisect bad 048ad5d37537464d0401856b76faf896b5e7a4b2 Bisecting: 105 revisions left to test after this (roughly 7 steps) [0c8a58469bba51493c04fd3f0ab3ebbd3cd8dfa9] UPSTREAM: usb: gadget: uvc: Prevent buffer overflow in setup handler testing commit 0c8a58469bba51493c04fd3f0ab3ebbd3cd8dfa9 gcc compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 2c46342a1d0e4cc5099ff9e0baab8b8526332430da972574c469333ab04cee4c all runs: OK false negative chance: 0.000 # git bisect good 0c8a58469bba51493c04fd3f0ab3ebbd3cd8dfa9 Bisecting: 52 revisions left to test after this (roughly 6 steps) [6a9193a0ff9685a87a93cf5341730e63d1c1cafa] UPSTREAM: 9p/fd: fix issue of list_del corruption in p9_fd_cancel() testing commit 6a9193a0ff9685a87a93cf5341730e63d1c1cafa gcc compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: d8cde6a0c2db61b0d768f124b33cb0af12b79840380c5a324b066767726e56d4 all runs: OK false negative chance: 0.000 # git bisect good 6a9193a0ff9685a87a93cf5341730e63d1c1cafa Bisecting: 26 revisions left to test after this (roughly 5 steps) [5767bdca07c59c670aaabe7cbc307181da9394f6] Revert "BACKPORT: FROMGIT: sched: Introduce affinity_context" testing commit 5767bdca07c59c670aaabe7cbc307181da9394f6 gcc compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 98911dfc804a7efb30fe4775421a893af99baeb0440621db3c1b68ddd5431661 all runs: OK false negative chance: 0.000 # git bisect good 5767bdca07c59c670aaabe7cbc307181da9394f6 Bisecting: 13 revisions left to test after this (roughly 4 steps) [0502554803f0747d19d95d1df5171bc17361cd72] UPSTREAM: binder: defer copies of pre-patched txn data testing commit 0502554803f0747d19d95d1df5171bc17361cd72 gcc compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 1ab4c887bce46a609579e5e402b942ebaea5771bfcea09714af653bf63b14b24 all runs: crashed: BUG: unable to handle kernel NULL pointer dereference in fuse_atomic_open representative crash: BUG: unable to handle kernel NULL pointer dereference in fuse_atomic_open, types: [UNKNOWN] # git bisect bad 0502554803f0747d19d95d1df5171bc17361cd72 Bisecting: 6 revisions left to test after this (roughly 3 steps) [f5f4199c102aa676998b42abff60d071385c1c0c] ANDROID: fuse-bpf v1.1 testing commit f5f4199c102aa676998b42abff60d071385c1c0c gcc compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 3e31e20b16027a1ee887ba130e5ba987d0c62d7f35f9f37ee4e7c57590be378b all runs: crashed: BUG: unable to handle kernel NULL pointer dereference in fuse_atomic_open representative crash: BUG: unable to handle kernel NULL pointer dereference in fuse_atomic_open, types: [UNKNOWN] # git bisect bad f5f4199c102aa676998b42abff60d071385c1c0c Bisecting: 2 revisions left to test after this (roughly 2 steps) [af8dfb011fd0e434de7f0287e561a67757fb9346] FROMLIST: input: Add KEY_CAMERA_FOCUS event in HID testing commit af8dfb011fd0e434de7f0287e561a67757fb9346 gcc compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 2a91ae174168af913d83ea014d1fc77faa86a950b8d0d623fab2ef4b12b5f7ca all runs: OK false negative chance: 0.000 # git bisect good af8dfb011fd0e434de7f0287e561a67757fb9346 Bisecting: 0 revisions left to test after this (roughly 1 step) [bff9debefdec7aa9e5c6390a7623c12a83796f30] ANDROID: GKI: update xiaomi symbol list testing commit bff9debefdec7aa9e5c6390a7623c12a83796f30 gcc compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 974d44db72ab3e547b5949187154849fdc99644478ef8e1d84f415ca5c7d867f all runs: OK false negative chance: 0.000 # git bisect good bff9debefdec7aa9e5c6390a7623c12a83796f30 f5f4199c102aa676998b42abff60d071385c1c0c is the first bad commit commit f5f4199c102aa676998b42abff60d071385c1c0c Author: Daniel Rosenberg Date: Thu Dec 2 13:50:02 2021 -0800 ANDROID: fuse-bpf v1.1 These patches extend FUSE to be able to act as a stacked filesystem. This allows pure passthrough, where the fuse file system simply reflects the lower filesystem, and also allows optional pre and post filtering in BPF and/or the userspace daemon as needed. This can dramatically reduce or even eliminate transitions to and from userspace. See https://lwn.net/Articles/915717/ Note that this patch set has been extensively tested in common-android13-5.10 This is a squash of these changes cherry-picked from common-android13-5.10 ANDROID: fuse-bpf: Make compile and pass test ANDROID: fuse-bpf: set error_in to ENOENT in negative lookup ANDROID: fuse-bpf: Add ability to run ranges of tests to fuse_test ANDROID: fuse-bpf: Add test for lookup postfilter ANDROID: fuse-bpf: readddir postfilter fixes ANDROID: fix kernelci error in fs/fuse/dir.c ANDROID: fuse-bpf: Fix RCU/reference issue ANDROID: fuse-bpf: Always call revalidate for backing ANDROID: fuse-bpf: Adjust backing handle funcs ANDROID: fuse-bpf: Fix revalidate error path and backing handling ANDROID: fuse-bpf: Fix use of get_fuse_inode ANDROID: fuse: Don't use readdirplus w/ nodeid 0 ANDROID: fuse-bpf: Introduce readdirplus test case for fuse bpf ANDROID: fuse-bpf: Make sure force_again flag is false by default ANDROID: fuse-bpf: Make inodes with backing_fd reachable for regular FUSE fuse_iget Revert "ANDROID: fuse-bpf: use target instead of parent inode to execute backing revalidate" ANDROID: fuse-bpf: use target instead of parent inode to execute backing revalidate ANDROID: fuse-bpf: Fix misuse of args.out_args ANDROID: fuse-bpf: Fix non-fusebpf build ANDROID: fuse-bpf: Use fuse_bpf_args in uapi ANDROID: fuse-bpf: Fix read_iter ANDROID: fuse-bpf: Use cache and refcount ANDROID: fuse-bpf: Rename iocb_fuse to iocb_orig ANDROID: fuse-bpf: Fix fixattr in rename ANDROID: fuse-bpf: Fix readdir ANDROID: fuse-bpf: Fix lseek return value for offset 0 ANDROID: fuse-bpf: fix read_iter and write_iter ANDROID: fuse-bpf: fix special devices ANDROID: fuse-bpf: support FUSE_LSEEK ANDROID: fuse-bpf: Add support for FUSE_COPY_FILE_RANGE ANDROID: fuse-bpf: Report errors to finalize ANDROID: fuse-bpf: Avoid reusing uint64_t for file ANDROID: fuse-bpf: Fix CONFIG_FUSE_BPF typo in FUSE_FSYNCDIR ANDROID: fuse-bpf: Move fd operations to be synchronous ANDROID: fuse-bpf: Invalidate if lower is unhashed ANDROID: fuse-bpf: Move bpf earlier in fuse_permission ANDROID: fuse-bpf: Update attributes on file write ANDROID: fuse: allow mounting with no userspace daemon ANDROID: fuse-bpf: Support FUSE_STATFS ANDROID: fuse-bpf: Fix filldir ANDROID: fuse-bpf: fix fuse_create_open_finalize ANDROID: fuse: add bpf support for removexattr ANDROID: fuse-bpf: Fix truncate ANDROID: fuse-bpf: Support inotify ANDROID: fuse-bpf: Make compile with CONFIG_FUSE but no CONFIG_FUSE_BPF ANDROID: fuse-bpf: Fix perms on readdir ANDROID: fuse: Fix umasking in backing ANDROID: fs/fuse: Backing move returns EXDEV if TO not backed ANDROID: bpf-fuse: Fix Setattr ANDROID: fuse-bpf: Check if mkdir dentry setup ANDROID: fuse-bpf: Close backing fds in fuse_dentry_revalidate ANDROID: fuse-bpf: Close backing-fd on both paths ANDROID: fuse-bpf: Partial fix for mmap'd files ANDROID: fuse-bpf: Restore a missing const ANDROID: Add fuse-bpf self tests ANDROID: Add FUSE_BPF to gki_defconfig ANDROID: fuse-bpf v1 ANDROID: fuse: Move functions in preparation for fuse-bpf Bug: 202785178 Test: test_fuse passes on linux. On cuttlefish, atest android.scopedstorage.cts.host.ScopedStorageHostTest passes with fuse-bpf enabled and disabled Change-Id: Idb099c281f9b39ff2c46fa3ebc63e508758416ee Signed-off-by: Paul Lawrence Signed-off-by: Daniel Rosenberg arch/arm64/configs/gki_defconfig | 1 + arch/x86/configs/gki_defconfig | 1 + fs/fuse/Kconfig | 8 + fs/fuse/Makefile | 1 + fs/fuse/backing.c | 2468 ++++++++++++++++++++ fs/fuse/control.c | 2 +- fs/fuse/dev.c | 19 + fs/fuse/dir.c | 530 +++-- fs/fuse/file.c | 130 ++ fs/fuse/fuse_i.h | 717 +++++- fs/fuse/inode.c | 324 ++- fs/fuse/passthrough.c | 2 +- fs/fuse/readdir.c | 22 + fs/fuse/xattr.c | 40 + include/linux/bpf_types.h | 3 + include/uapi/linux/android_fuse.h | 97 + include/uapi/linux/bpf.h | 12 + kernel/bpf/Makefile | 3 + kernel/bpf/bpf_fuse.c | 128 + kernel/bpf/btf.c | 1 + .../testing/selftests/filesystems/fuse/.gitignore | 2 + tools/testing/selftests/filesystems/fuse/Makefile | 34 + tools/testing/selftests/filesystems/fuse/OWNERS | 2 + .../selftests/filesystems/fuse/bpf_loader.c | 791 +++++++ tools/testing/selftests/filesystems/fuse/fd.txt | 21 + tools/testing/selftests/filesystems/fuse/fd_bpf.c | 252 ++ .../selftests/filesystems/fuse/fuse_daemon.c | 294 +++ .../testing/selftests/filesystems/fuse/fuse_test.c | 2142 +++++++++++++++++ .../testing/selftests/filesystems/fuse/test_bpf.c | 507 ++++ .../selftests/filesystems/fuse/test_framework.h | 181 ++ .../testing/selftests/filesystems/fuse/test_fuse.h | 337 +++ .../selftests/filesystems/fuse/test_fuse_bpf.h | 65 + 32 files changed, 8930 insertions(+), 207 deletions(-) create mode 100644 fs/fuse/backing.c create mode 100644 include/uapi/linux/android_fuse.h create mode 100644 kernel/bpf/bpf_fuse.c create mode 100644 tools/testing/selftests/filesystems/fuse/.gitignore create mode 100644 tools/testing/selftests/filesystems/fuse/Makefile create mode 100644 tools/testing/selftests/filesystems/fuse/OWNERS create mode 100644 tools/testing/selftests/filesystems/fuse/bpf_loader.c create mode 100644 tools/testing/selftests/filesystems/fuse/fd.txt create mode 100644 tools/testing/selftests/filesystems/fuse/fd_bpf.c create mode 100644 tools/testing/selftests/filesystems/fuse/fuse_daemon.c create mode 100644 tools/testing/selftests/filesystems/fuse/fuse_test.c create mode 100644 tools/testing/selftests/filesystems/fuse/test_bpf.c create mode 100644 tools/testing/selftests/filesystems/fuse/test_framework.h create mode 100644 tools/testing/selftests/filesystems/fuse/test_fuse.h create mode 100644 tools/testing/selftests/filesystems/fuse/test_fuse_bpf.h accumulated error probability: 0.00 culprit signature: 3e31e20b16027a1ee887ba130e5ba987d0c62d7f35f9f37ee4e7c57590be378b parent signature: 974d44db72ab3e547b5949187154849fdc99644478ef8e1d84f415ca5c7d867f revisions tested: 19, total time: 4h15m27.334951908s (build: 2h10m45.332619845s, test: 1h45m44.703565339s) first bad commit: f5f4199c102aa676998b42abff60d071385c1c0c ANDROID: fuse-bpf v1.1 recipients (to): ["drosen@google.com" "paullawrence@google.com"] recipients (cc): [] crash: BUG: unable to handle kernel NULL pointer dereference in fuse_atomic_open BUG: kernel NULL pointer dereference, address: 0000000000000039 #PF: supervisor read access in kernel mode #PF: error_code(0x0000) - not-present page PGD 1017e9067 P4D 1017e9067 PUD 10138f067 PMD 0 Oops: 0000 [#1] PREEMPT SMP CPU: 0 PID: 349 Comm: syz-executor.0 Not tainted 5.15.78-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2023 RIP: 0010:fuse_atomic_open+0x49/0x120 fs/fuse/dir.c:847 Code: 89 e5 41 57 45 89 c7 41 56 49 89 d6 41 55 49 89 fd 41 54 49 89 f4 53 31 db 48 83 ec 10 f7 06 00 00 00 10 75 7a f6 c1 40 74 08 <49> 83 7c 24 30 00 74 1a 48 89 de 4c 89 f7 e8 e4 81 e9 ff 48 83 c4 RSP: 0018:ffffc9000039bca8 EFLAGS: 00010202 RAX: 0000000000000009 RBX: 0000000000000009 RCX: 0000000000008241 RDX: 0000000000000000 RSI: ffff8881015db780 RDI: ffff88810ad88b88 RBP: ffffc9000039bce0 R08: 0000000000000009 R09: ffff8881108c9000 R10: 0000000000000000 R11: 0000000000000001 R12: 0000000000000009 R13: ffff88810ad88800 R14: ffff888102594640 R15: 0000000000008000 FS: 00007feea5c976c0(0000) GS:ffff888237c00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 0000000000000039 CR3: 000000010e46d000 CR4: 00000000003506b0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: atomic_open fs/namei.c:3196 [inline] lookup_open fs/namei.c:3305 [inline] open_last_lookups fs/namei.c:3404 [inline] path_openat+0x78b/0x11e0 fs/namei.c:3612 do_filp_open+0xb1/0x150 fs/namei.c:3642 do_sys_openat2+0x96/0x160 fs/open.c:1234 do_sys_open fs/open.c:1250 [inline] __do_sys_creat fs/open.c:1324 [inline] __se_sys_creat fs/open.c:1318 [inline] __x64_sys_creat+0x46/0x60 fs/open.c:1318 do_syscall_x64 arch/x86/entry/common.c:50 [inline] do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80 entry_SYSCALL_64_after_hwframe+0x61/0xcb RIP: 0033:0x7feea6135b29 Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 RSP: 002b:00007feea5c970c8 EFLAGS: 00000246 ORIG_RAX: 0000000000000055 RAX: ffffffffffffffda RBX: 00007feea6255050 RCX: 00007feea6135b29 RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000020000000 RBP: 00007feea618147a R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 R13: 000000000000006e R14: 00007feea6255050 R15: 00007ffdc5a337f8 Modules linked in: CR2: 0000000000000039 ---[ end trace bf005c767dc13cb4 ]--- RIP: 0010:fuse_atomic_open+0x49/0x120 fs/fuse/dir.c:847 Code: 89 e5 41 57 45 89 c7 41 56 49 89 d6 41 55 49 89 fd 41 54 49 89 f4 53 31 db 48 83 ec 10 f7 06 00 00 00 10 75 7a f6 c1 40 74 08 <49> 83 7c 24 30 00 74 1a 48 89 de 4c 89 f7 e8 e4 81 e9 ff 48 83 c4 RSP: 0018:ffffc9000039bca8 EFLAGS: 00010202 RAX: 0000000000000009 RBX: 0000000000000009 RCX: 0000000000008241 RDX: 0000000000000000 RSI: ffff8881015db780 RDI: ffff88810ad88b88 RBP: ffffc9000039bce0 R08: 0000000000000009 R09: ffff8881108c9000 R10: 0000000000000000 R11: 0000000000000001 R12: 0000000000000009 R13: ffff88810ad88800 R14: ffff888102594640 R15: 0000000000008000 FS: 00007feea5c976c0(0000) GS:ffff888237c00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 0000000000000039 CR3: 000000010e46d000 CR4: 00000000003506b0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 ---------------- Code disassembly (best guess): 0: 89 e5 mov %esp,%ebp 2: 41 57 push %r15 4: 45 89 c7 mov %r8d,%r15d 7: 41 56 push %r14 9: 49 89 d6 mov %rdx,%r14 c: 41 55 push %r13 e: 49 89 fd mov %rdi,%r13 11: 41 54 push %r12 13: 49 89 f4 mov %rsi,%r12 16: 53 push %rbx 17: 31 db xor %ebx,%ebx 19: 48 83 ec 10 sub $0x10,%rsp 1d: f7 06 00 00 00 10 testl $0x10000000,(%rsi) 23: 75 7a jne 0x9f 25: f6 c1 40 test $0x40,%cl 28: 74 08 je 0x32 * 2a: 49 83 7c 24 30 00 cmpq $0x0,0x30(%r12) <-- trapping instruction 30: 74 1a je 0x4c 32: 48 89 de mov %rbx,%rsi 35: 4c 89 f7 mov %r14,%rdi 38: e8 e4 81 e9 ff call 0xffe98221 3d: 48 rex.W 3e: 83 .byte 0x83 3f: c4 .byte 0xc4