ci2 starts bisection 2023-07-02 06:46:56.36496266 +0000 UTC m=+71567.331100150 bisecting cause commit starting from ed2a228522b98300ecccd958506a9a2833eca780 building syzkaller on bfc478367b83b3fda580f54964aa9f3651beeb3d ensuring issue is reproducible on original commit ed2a228522b98300ecccd958506a9a2833eca780 testing commit ed2a228522b98300ecccd958506a9a2833eca780 gcc compiler: Debian clang version 15.0.7, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 7f4188d99f89927fe62835095cf19336fb4eb5692ac5eb27ad66b387a7ec7656 all runs: crashed: general protection fault in do_unlinkat testing release v6.1.25 testing commit f17b0ab65d17988d5e6d6fe22f708ef3721080bf gcc compiler: Debian clang version 15.0.7, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 339ede5d0d0793f1c2ab4422f9e83b7afd865d3d08dd111ae46b17f975d4e930 all runs: OK # git bisect start ed2a228522b98300ecccd958506a9a2833eca780 f17b0ab65d17988d5e6d6fe22f708ef3721080bf Bisecting: 3005 revisions left to test after this (roughly 12 steps) [f1332888c84277a6d9d46eb2b5b731d0c7cf90d1] Merge 7d1be0a09fa6 ("drm/edid: Fix EDID quirk compile error on older compilers") into android-mainline testing commit f1332888c84277a6d9d46eb2b5b731d0c7cf90d1 gcc compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 2f26cb21fbe4c143ed80e54f9e069329750ea10818fcb836e7d0326c04b412ff all runs: OK # git bisect good f1332888c84277a6d9d46eb2b5b731d0c7cf90d1 Bisecting: 1502 revisions left to test after this (roughly 11 steps) [9d7d7ea7e3ef42bc60cb05103ce3c02f0b8ce823] ANDROID: softirq: Export irq_handler_exit tracepoint testing commit 9d7d7ea7e3ef42bc60cb05103ce3c02f0b8ce823 gcc compiler: Debian clang version 15.0.7, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: e8d761b52e7b08bd589160b2893c6e3f468d61ef4893677c5166ad1dcfa0d191 all runs: crashed: general protection fault in do_unlinkat # git bisect bad 9d7d7ea7e3ef42bc60cb05103ce3c02f0b8ce823 Bisecting: 751 revisions left to test after this (roughly 10 steps) [caa58e2b367d99975369a11e1a815b0f8f4a2e8e] Merge ddd1949f585e ("Merge tag 'pstore-v5.20-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/kees/linux") into android-mainline testing commit caa58e2b367d99975369a11e1a815b0f8f4a2e8e gcc compiler: Debian clang version 15.0.7, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 267e919fac4d26d09d1eac2ff52c79fff2ea7b42d3f990972ba0ba7cbceeb6e1 all runs: OK # git bisect good caa58e2b367d99975369a11e1a815b0f8f4a2e8e Bisecting: 375 revisions left to test after this (roughly 9 steps) [34289140d06f935950c230f0fb5f9cc93064ee68] ANDROID: KVM: arm64: Refactor kvm_vcpu_enable_ptrauth() for hyp use testing commit 34289140d06f935950c230f0fb5f9cc93064ee68 gcc compiler: Debian clang version 15.0.7, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: c5f375d423751b31ecf94b788910fcde09ac41ebd69cce58e2774f4d5daffbd3 all runs: OK # git bisect good 34289140d06f935950c230f0fb5f9cc93064ee68 Bisecting: 187 revisions left to test after this (roughly 8 steps) [8c54209f4a5ed5db16813a4164fec9afe133b4a8] UPSTREAM: crypto: algboss - optimize registration of internal algorithms testing commit 8c54209f4a5ed5db16813a4164fec9afe133b4a8 gcc compiler: Debian clang version 15.0.7, GNU ld (GNU Binutils for Debian) 2.35.2 failed building 8c54209f4a5ed5db16813a4164fec9afe133b4a8: crypto/algboss.c:181:7: error: use of undeclared label 'skiptest' # git bisect skip 8c54209f4a5ed5db16813a4164fec9afe133b4a8 Bisecting: 187 revisions left to test after this (roughly 8 steps) [39c484f30110fd4dd704b1204dec7a45bcf52894] ANDROID: KVM: arm64: Correctly flag MMIO pages as PKVM_PAGE_RESTRICTED_PROT testing commit 39c484f30110fd4dd704b1204dec7a45bcf52894 gcc compiler: Debian clang version 15.0.7, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: d984469ff533256fb62398acf174138e739357e3ac5df48a36193adf33c2d31e all runs: OK # git bisect good 39c484f30110fd4dd704b1204dec7a45bcf52894 Bisecting: 25 revisions left to test after this (roughly 5 steps) [1c28907d7396680dbbfcb341340369e69aa670f4] ANDROID: timer: Add vendor hook for timer calc index testing commit 1c28907d7396680dbbfcb341340369e69aa670f4 gcc compiler: Debian clang version 15.0.7, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 94d0ed90669f61fe88f642a8d5ecdc0314290d050c867c95e57462f750696933 all runs: OK # git bisect good 1c28907d7396680dbbfcb341340369e69aa670f4 Bisecting: 12 revisions left to test after this (roughly 4 steps) [e3f640939107e348446a648271550b5e186f68e8] ANDROID: arm64: kvm: s2mpu: Remove S2MPU pKVM driver testing commit e3f640939107e348446a648271550b5e186f68e8 gcc compiler: Debian clang version 15.0.7, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 03b94f0b615ad78207b8dc560fdb21099ae655319fb0224dab3c1a56e5e490ea all runs: crashed: general protection fault in do_unlinkat # git bisect bad e3f640939107e348446a648271550b5e186f68e8 Bisecting: 6 revisions left to test after this (roughly 3 steps) [1a11a5283818fddcd82993c39fb1d16a55dfa2a7] ANDROID: fuse-bpf: Fix crash from assuming iter is kvec testing commit 1a11a5283818fddcd82993c39fb1d16a55dfa2a7 gcc compiler: Debian clang version 15.0.7, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 58fd20c954789ae21449c2409c3c199ea5a9db6ae2132859e2b90f2edae64940 all runs: crashed: general protection fault in do_unlinkat # git bisect bad 1a11a5283818fddcd82993c39fb1d16a55dfa2a7 Bisecting: 2 revisions left to test after this (roughly 2 steps) [57f3ff9648991998d008ecf32f2f9e78a08bfb8b] ANDROID: fuse-bpf v1.1 testing commit 57f3ff9648991998d008ecf32f2f9e78a08bfb8b gcc compiler: Debian clang version 15.0.7, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 0b537708affcf9cc8197fd7e2856f3183da111166fb5c32885051617bb0aee05 all runs: crashed: general protection fault in do_unlinkat # git bisect bad 57f3ff9648991998d008ecf32f2f9e78a08bfb8b Bisecting: 1 revision left to test after this (roughly 1 step) [53b3a7721b7aec74d8fa2ee55c2480044cc7c1b8] Merge 6.1.1 into android14-6.1 testing commit 53b3a7721b7aec74d8fa2ee55c2480044cc7c1b8 gcc compiler: Debian clang version 15.0.7, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 762aaae5267b218097196ada553ba6ae9d54f95a940ae9546769dd0e2bc9a1c4 all runs: OK # git bisect good 53b3a7721b7aec74d8fa2ee55c2480044cc7c1b8 Bisecting: 0 revisions left to test after this (roughly 0 steps) [fb5ea70e2e33932b5b35fedd7a30cf5d9170126c] ANDROID: KVM: arm64: Add helper for pKVM modules addr conversion testing commit fb5ea70e2e33932b5b35fedd7a30cf5d9170126c gcc compiler: Debian clang version 15.0.7, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 0352840e1c37421454731a7472a82ab8c69a9a1017c9c3719479a699b605aed1 all runs: OK # git bisect good fb5ea70e2e33932b5b35fedd7a30cf5d9170126c 57f3ff9648991998d008ecf32f2f9e78a08bfb8b is the first bad commit commit 57f3ff9648991998d008ecf32f2f9e78a08bfb8b Author: Daniel Rosenberg Date: Thu Dec 2 13:50:02 2021 -0800 ANDROID: fuse-bpf v1.1 This is a squash of these changes cherry-picked from common-android13-5.10 ANDROID: fuse-bpf: Make compile and pass test ANDROID: fuse-bpf: set error_in to ENOENT in negative lookup ANDROID: fuse-bpf: Add ability to run ranges of tests to fuse_test ANDROID: fuse-bpf: Add test for lookup postfilter ANDROID: fuse-bpf: readddir postfilter fixes ANDROID: fix kernelci error in fs/fuse/dir.c ANDROID: fuse-bpf: Fix RCU/reference issue ANDROID: fuse-bpf: Always call revalidate for backing ANDROID: fuse-bpf: Adjust backing handle funcs ANDROID: fuse-bpf: Fix revalidate error path and backing handling ANDROID: fuse-bpf: Fix use of get_fuse_inode ANDROID: fuse: Don't use readdirplus w/ nodeid 0 ANDROID: fuse-bpf: Introduce readdirplus test case for fuse bpf ANDROID: fuse-bpf: Make sure force_again flag is false by default ANDROID: fuse-bpf: Make inodes with backing_fd reachable for regular FUSE fuse_iget Revert "ANDROID: fuse-bpf: use target instead of parent inode to execute backing revalidate" ANDROID: fuse-bpf: use target instead of parent inode to execute backing revalidate ANDROID: fuse-bpf: Fix misuse of args.out_args ANDROID: fuse-bpf: Fix non-fusebpf build ANDROID: fuse-bpf: Use fuse_bpf_args in uapi ANDROID: fuse-bpf: Fix read_iter ANDROID: fuse-bpf: Use cache and refcount ANDROID: fuse-bpf: Rename iocb_fuse to iocb_orig ANDROID: fuse-bpf: Fix fixattr in rename ANDROID: fuse-bpf: Fix readdir ANDROID: fuse-bpf: Fix lseek return value for offset 0 ANDROID: fuse-bpf: fix read_iter and write_iter ANDROID: fuse-bpf: fix special devices ANDROID: fuse-bpf: support FUSE_LSEEK ANDROID: fuse-bpf: Add support for FUSE_COPY_FILE_RANGE ANDROID: fuse-bpf: Report errors to finalize ANDROID: fuse-bpf: Avoid reusing uint64_t for file ANDROID: fuse-bpf: Fix CONFIG_FUSE_BPF typo in FUSE_FSYNCDIR ANDROID: fuse-bpf: Move fd operations to be synchronous ANDROID: fuse-bpf: Invalidate if lower is unhashed ANDROID: fuse-bpf: Move bpf earlier in fuse_permission ANDROID: fuse-bpf: Update attributes on file write ANDROID: fuse: allow mounting with no userspace daemon ANDROID: fuse-bpf: Support FUSE_STATFS ANDROID: fuse-bpf: Fix filldir ANDROID: fuse-bpf: fix fuse_create_open_finalize ANDROID: fuse: add bpf support for removexattr ANDROID: fuse-bpf: Fix truncate ANDROID: fuse-bpf: Support inotify ANDROID: fuse-bpf: Make compile with CONFIG_FUSE but no CONFIG_FUSE_BPF ANDROID: fuse-bpf: Fix perms on readdir ANDROID: fuse: Fix umasking in backing ANDROID: fs/fuse: Backing move returns EXDEV if TO not backed ANDROID: bpf-fuse: Fix Setattr ANDROID: fuse-bpf: Check if mkdir dentry setup ANDROID: fuse-bpf: Close backing fds in fuse_dentry_revalidate ANDROID: fuse-bpf: Close backing-fd on both paths ANDROID: fuse-bpf: Partial fix for mmap'd files ANDROID: fuse-bpf: Restore a missing const ANDROID: Add fuse-bpf self tests ANDROID: Add FUSE_BPF to gki_defconfig ANDROID: fuse-bpf v1 ANDROID: fuse: Move functions in preparation for fuse-bpf Bug: 202785178 Bug: 265206112 Test: test_fuse passes on linux. On cuttlefish, atest android.scopedstorage.cts.host.ScopedStorageHostTest passes with fuse-bpf enabled and disabled Change-Id: Idb099c281f9b39ff2c46fa3ebc63e508758416ee Signed-off-by: Paul Lawrence Signed-off-by: Daniel Rosenberg arch/arm64/configs/gki_defconfig | 1 + arch/x86/configs/gki_defconfig | 1 + fs/fuse/Kconfig | 8 + fs/fuse/Makefile | 1 + fs/fuse/backing.c | 2468 ++++++++++++++++++++ fs/fuse/control.c | 2 +- fs/fuse/dev.c | 19 + fs/fuse/dir.c | 532 +++-- fs/fuse/file.c | 130 ++ fs/fuse/fuse_i.h | 720 +++++- fs/fuse/inode.c | 322 ++- fs/fuse/passthrough.c | 2 +- fs/fuse/readdir.c | 22 + fs/fuse/xattr.c | 40 + include/linux/bpf_types.h | 3 + include/uapi/linux/android_fuse.h | 95 + include/uapi/linux/bpf.h | 10 + kernel/bpf/Makefile | 3 + kernel/bpf/bpf_fuse.c | 128 + kernel/bpf/btf.c | 1 + .../testing/selftests/filesystems/fuse/.gitignore | 2 + tools/testing/selftests/filesystems/fuse/Makefile | 34 + tools/testing/selftests/filesystems/fuse/OWNERS | 2 + .../selftests/filesystems/fuse/bpf_loader.c | 791 +++++++ tools/testing/selftests/filesystems/fuse/fd.txt | 21 + tools/testing/selftests/filesystems/fuse/fd_bpf.c | 252 ++ .../selftests/filesystems/fuse/fuse_daemon.c | 294 +++ .../testing/selftests/filesystems/fuse/fuse_test.c | 2142 +++++++++++++++++ .../testing/selftests/filesystems/fuse/test_bpf.c | 507 ++++ .../selftests/filesystems/fuse/test_framework.h | 179 ++ .../testing/selftests/filesystems/fuse/test_fuse.h | 337 +++ .../selftests/filesystems/fuse/test_fuse_bpf.h | 65 + 32 files changed, 8929 insertions(+), 205 deletions(-) create mode 100644 fs/fuse/backing.c create mode 100644 include/uapi/linux/android_fuse.h create mode 100644 kernel/bpf/bpf_fuse.c create mode 100644 tools/testing/selftests/filesystems/fuse/.gitignore create mode 100644 tools/testing/selftests/filesystems/fuse/Makefile create mode 100644 tools/testing/selftests/filesystems/fuse/OWNERS create mode 100644 tools/testing/selftests/filesystems/fuse/bpf_loader.c create mode 100644 tools/testing/selftests/filesystems/fuse/fd.txt create mode 100644 tools/testing/selftests/filesystems/fuse/fd_bpf.c create mode 100644 tools/testing/selftests/filesystems/fuse/fuse_daemon.c create mode 100644 tools/testing/selftests/filesystems/fuse/fuse_test.c create mode 100644 tools/testing/selftests/filesystems/fuse/test_bpf.c create mode 100644 tools/testing/selftests/filesystems/fuse/test_framework.h create mode 100644 tools/testing/selftests/filesystems/fuse/test_fuse.h create mode 100644 tools/testing/selftests/filesystems/fuse/test_fuse_bpf.h culprit signature: 0b537708affcf9cc8197fd7e2856f3183da111166fb5c32885051617bb0aee05 parent signature: 0352840e1c37421454731a7472a82ab8c69a9a1017c9c3719479a699b605aed1 revisions tested: 13, total time: 6h6m2.24902321s (build: 4h7m5.47577403s, test: 1h39m52.159474738s) first bad commit: 57f3ff9648991998d008ecf32f2f9e78a08bfb8b ANDROID: fuse-bpf v1.1 recipients (to): ["drosen@google.com" "paullawrence@google.com"] recipients (cc): [] crash: general protection fault in do_unlinkat general protection fault, probably for non-canonical address 0xdffffc0000000006: 0000 [#1] PREEMPT SMP KASAN KASAN: null-ptr-deref in range [0x0000000000000030-0x0000000000000037] CPU: 1 PID: 369 Comm: syz-executor.0 Not tainted 6.1.1-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/27/2023 RIP: 0010:do_unlinkat+0x3ac/0x850 fs/namei.c:4312 Code: 00 00 60 00 31 c9 3d 00 00 20 00 0f 94 c1 41 be ec ff ff ff 41 29 ce e9 b8 00 00 00 4c 89 eb 49 8d 7d 30 48 89 f8 48 c1 e8 03 <42> 80 3c 38 00 74 05 e8 58 9f f5 ff 4c 8b 7b 30 48 89 d8 48 c1 e8 RSP: 0018:ffffc90000e07da0 EFLAGS: 00010206 RAX: 0000000000000006 RBX: 0000000000000002 RCX: 0000000300000000 RDX: ffff88810e26b858 RSI: 0000000000000008 RDI: 0000000000000032 RBP: ffffc90000e07f08 R08: dffffc0000000000 R09: fffff520001c0f93 R10: 0000000000000000 R11: dffffc0000000001 R12: 1ffff11021c4d706 R13: 0000000000000002 R14: ffff88810e26b830 R15: dffffc0000000000 FS: 00007fbddd85c700(0000) GS:ffff8881f7300000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007f9e61cd4ae0 CR3: 0000000111d45000 CR4: 00000000003506a0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: __do_sys_unlink fs/namei.c:4368 [inline] __se_sys_unlink fs/namei.c:4366 [inline] __x64_sys_unlink+0x44/0x50 fs/namei.c:4366 do_syscall_x64 arch/x86/entry/common.c:50 [inline] do_syscall_64+0x3d/0xb0 arch/x86/entry/common.c:80 entry_SYSCALL_64_after_hwframe+0x63/0xcd RIP: 0033:0x7fbddca8c389 Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 f1 19 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 RSP: 002b:00007fbddd85c168 EFLAGS: 00000246 ORIG_RAX: 0000000000000057 RAX: ffffffffffffffda RBX: 00007fbddcbabf80 RCX: 00007fbddca8c389 RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000020000100 RBP: 00007fbddcad7493 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 R13: 00007ffd1612ac3f R14: 00007fbddd85c300 R15: 0000000000022000 Modules linked in: ---[ end trace 0000000000000000 ]--- RIP: 0010:do_unlinkat+0x3ac/0x850 fs/namei.c:4312 Code: 00 00 60 00 31 c9 3d 00 00 20 00 0f 94 c1 41 be ec ff ff ff 41 29 ce e9 b8 00 00 00 4c 89 eb 49 8d 7d 30 48 89 f8 48 c1 e8 03 <42> 80 3c 38 00 74 05 e8 58 9f f5 ff 4c 8b 7b 30 48 89 d8 48 c1 e8 RSP: 0018:ffffc90000e07da0 EFLAGS: 00010206 RAX: 0000000000000006 RBX: 0000000000000002 RCX: 0000000300000000 RDX: ffff88810e26b858 RSI: 0000000000000008 RDI: 0000000000000032 RBP: ffffc90000e07f08 R08: dffffc0000000000 R09: fffff520001c0f93 R10: 0000000000000000 R11: dffffc0000000001 R12: 1ffff11021c4d706 R13: 0000000000000002 R14: ffff88810e26b830 R15: dffffc0000000000 FS: 00007fbddd85c700(0000) GS:ffff8881f7300000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007f9e61cd4ae0 CR3: 0000000111d45000 CR4: 00000000003506a0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 ---------------- Code disassembly (best guess), 1 bytes skipped: 0: 00 60 00 add %ah,0x0(%rax) 3: 31 c9 xor %ecx,%ecx 5: 3d 00 00 20 00 cmp $0x200000,%eax a: 0f 94 c1 sete %cl d: 41 be ec ff ff ff mov $0xffffffec,%r14d 13: 41 29 ce sub %ecx,%r14d 16: e9 b8 00 00 00 jmpq 0xd3 1b: 4c 89 eb mov %r13,%rbx 1e: 49 8d 7d 30 lea 0x30(%r13),%rdi 22: 48 89 f8 mov %rdi,%rax 25: 48 c1 e8 03 shr $0x3,%rax * 29: 42 80 3c 38 00 cmpb $0x0,(%rax,%r15,1) <-- trapping instruction 2e: 74 05 je 0x35 30: e8 58 9f f5 ff callq 0xfff59f8d 35: 4c 8b 7b 30 mov 0x30(%rbx),%r15 39: 48 89 d8 mov %rbx,%rax 3c: 48 rex.W 3d: c1 .byte 0xc1 3e: e8 .byte 0xe8