bisecting fixing commit since c98875d930e915d01e8c40c7d3c16f00b3c8abe1 building syzkaller on b0e8efcb4b0aac61f4647a76bbe54a5d38a370ba testing commit c98875d930e915d01e8c40c7d3c16f00b3c8abe1 with gcc (GCC) 8.1.0 kernel signature: bca8c80f809a33e2a3805e7a7b4be77a5d0a776862d57fbf20304ad7e750bbac all runs: crashed: INFO: task hung in p9_fd_close testing current HEAD c14d30dc9987047b439b03d6e6db7d54d9f7f180 testing commit c14d30dc9987047b439b03d6e6db7d54d9f7f180 with gcc (GCC) 8.1.0 kernel signature: a5e752d9470509099e8982b1959eddb838dbd2123c992408d51693af306040e6 all runs: OK # git bisect start c14d30dc9987047b439b03d6e6db7d54d9f7f180 c98875d930e915d01e8c40c7d3c16f00b3c8abe1 Bisecting: 5362 revisions left to test after this (roughly 12 steps) [9b1f6bde17d651aec810d1ead617691685de43c2] parisc: Fix HP SDC hpa address output testing commit 9b1f6bde17d651aec810d1ead617691685de43c2 with gcc (GCC) 8.1.0 kernel signature: e67f036b340097a37af01cfaf8de4e6171dbfbec8268beeefd89bef443a6ddce all runs: crashed: INFO: task hung in p9_fd_close # git bisect good 9b1f6bde17d651aec810d1ead617691685de43c2 Bisecting: 2681 revisions left to test after this (roughly 11 steps) [ec0237cb3621974af9ffe5aef452d1dbc4103ef8] NFC: port100: Convert cpu_to_le16(le16_to_cpu(E1) + E2) to use le16_add_cpu(). testing commit ec0237cb3621974af9ffe5aef452d1dbc4103ef8 with gcc (GCC) 8.1.0 kernel signature: c7b5337c0139f6160a5c5c1a89e723b7649628afdc3ed0ff4d5f027618ef3c42 all runs: crashed: INFO: task hung in p9_fd_close # git bisect good ec0237cb3621974af9ffe5aef452d1dbc4103ef8 Bisecting: 1340 revisions left to test after this (roughly 10 steps) [3d6322ab1b5cde17268ec801795bdf422e79a7d0] pppoe: only process PADT targeted at local interfaces testing commit 3d6322ab1b5cde17268ec801795bdf422e79a7d0 with gcc (GCC) 8.1.0 kernel signature: 3acf2f3b8fb44fcf437f664c7f23489886e1bde5c9582c0b8d0095f3e239ffa8 all runs: crashed: INFO: task hung in p9_fd_close # git bisect good 3d6322ab1b5cde17268ec801795bdf422e79a7d0 Bisecting: 670 revisions left to test after this (roughly 9 steps) [1a17c51d910b6b89825f1d22083e48ebc2da26e4] usb: gadget: fix potential double-free in m66592_probe. testing commit 1a17c51d910b6b89825f1d22083e48ebc2da26e4 with gcc (GCC) 8.1.0 kernel signature: d7e35fe9f1202a6be13560eed1b05862de147bef3428ab44d2e1e49a715f3b13 all runs: crashed: INFO: task hung in p9_fd_close # git bisect good 1a17c51d910b6b89825f1d22083e48ebc2da26e4 Bisecting: 335 revisions left to test after this (roughly 8 steps) [ee66c2d19cb4146193a7033ebabc0eca915b5c5f] tcp: md5: add missing memory barriers in tcp_md5_do_add()/tcp_md5_hash_key() testing commit ee66c2d19cb4146193a7033ebabc0eca915b5c5f with gcc (GCC) 8.1.0 kernel signature: b8cd961d8945a9dd3b6117c722c4096a772e811cd2cc50bbfb7eddd52d59c3cf all runs: crashed: INFO: task hung in p9_fd_close # git bisect good ee66c2d19cb4146193a7033ebabc0eca915b5c5f Bisecting: 167 revisions left to test after this (roughly 7 steps) [652af511538d46ea6e6359c78675363698dc49e9] HID: apple: Disable Fn-key key-re-mapping on clone keyboards testing commit 652af511538d46ea6e6359c78675363698dc49e9 with gcc (GCC) 8.1.0 kernel signature: f7bf17f9517ce0852049b17403ca7a118308707b5154f6b40cd032fd73f2aef4 all runs: crashed: INFO: task hung in p9_fd_close # git bisect good 652af511538d46ea6e6359c78675363698dc49e9 Bisecting: 83 revisions left to test after this (roughly 6 steps) [7846460c1d7d343e6996c00b9d12f61951cc1a93] selftests/net: psock_fanout: fix clang issues for target arch PowerPC testing commit 7846460c1d7d343e6996c00b9d12f61951cc1a93 with gcc (GCC) 8.1.0 kernel signature: f3ae9921c5b8b341136316955663b7d49b9c712cc03cb6f0dd89432f93ce4d12 all runs: crashed: INFO: task hung in p9_fd_close # git bisect good 7846460c1d7d343e6996c00b9d12f61951cc1a93 Bisecting: 41 revisions left to test after this (roughly 5 steps) [fbe7e878fea059fb536ac55a8ec7fe72433a95dd] staging: android: ashmem: Fix lockdep warning for write operation testing commit fbe7e878fea059fb536ac55a8ec7fe72433a95dd with gcc (GCC) 8.1.0 kernel signature: ef025837dd9edcf3d2e810308764315b639292849e63bcd84418e9af1e2cc6e7 all runs: crashed: INFO: task hung in p9_fd_close # git bisect good fbe7e878fea059fb536ac55a8ec7fe72433a95dd Bisecting: 20 revisions left to test after this (roughly 4 steps) [fea1298d57f0ddf05caee0b01c44f4a9b253526a] atm: fix atm_dev refcnt leaks in atmtcp_remove_persistent testing commit fea1298d57f0ddf05caee0b01c44f4a9b253526a with gcc (GCC) 8.1.0 kernel signature: 242539451b4d80201cfded8de21c547ad80c49d9e4143871615b3171d0d2f49a all runs: OK # git bisect bad fea1298d57f0ddf05caee0b01c44f4a9b253526a Bisecting: 10 revisions left to test after this (roughly 3 steps) [8334dd9adeee9ac322bd29c136afbadcba8ce49c] leds: lm3533: fix use-after-free on unbind testing commit 8334dd9adeee9ac322bd29c136afbadcba8ce49c with gcc (GCC) 8.1.0 kernel signature: cd5588dbe758b14fa91dfbfbfb28a32e2e85a8544100757757aee7ec489d0027 all runs: crashed: INFO: task hung in p9_fd_close # git bisect good 8334dd9adeee9ac322bd29c136afbadcba8ce49c Bisecting: 5 revisions left to test after this (roughly 3 steps) [c79c21c791fa073b05f0e6fc14539a6701bcc39f] i2c: slave: improve sanity check when registering testing commit c79c21c791fa073b05f0e6fc14539a6701bcc39f with gcc (GCC) 8.1.0 kernel signature: d331cb2a8a704429cab0a819f9b1cc761c98c2b856b91fcbb37da9eea06bdf07 all runs: OK # git bisect bad c79c21c791fa073b05f0e6fc14539a6701bcc39f Bisecting: 2 revisions left to test after this (roughly 1 step) [af224c2eeda2bd6679355f588766c5a8da8920a2] net/9p: validate fds in p9_fd_open testing commit af224c2eeda2bd6679355f588766c5a8da8920a2 with gcc (GCC) 8.1.0 kernel signature: 471b0701e38a39aec00541e541c140e1f3adff50c54432bbf14a8444b726ebcb all runs: OK # git bisect bad af224c2eeda2bd6679355f588766c5a8da8920a2 Bisecting: 0 revisions left to test after this (roughly 0 steps) [6ed56511407fcdba01f05f2228711dca2135b921] leds: 88pm860x: fix use-after-free on unbind testing commit 6ed56511407fcdba01f05f2228711dca2135b921 with gcc (GCC) 8.1.0 kernel signature: 97c8b77cd368ef16cbd2c30dfc8225f915d6d281c6f6ecccf7e42ec96deef3f2 all runs: crashed: INFO: task hung in p9_fd_close # git bisect good 6ed56511407fcdba01f05f2228711dca2135b921 af224c2eeda2bd6679355f588766c5a8da8920a2 is the first bad commit commit af224c2eeda2bd6679355f588766c5a8da8920a2 Author: Christoph Hellwig Date: Fri Jul 10 10:57:22 2020 +0200 net/9p: validate fds in p9_fd_open [ Upstream commit a39c46067c845a8a2d7144836e9468b7f072343e ] p9_fd_open just fgets file descriptors passed in from userspace, but doesn't verify that they are valid for read or writing. This gets cought down in the VFS when actually attempting a read or write, but a new warning added in linux-next upsets syzcaller. Fix this by just verifying the fds early on. Link: http://lkml.kernel.org/r/20200710085722.435850-1-hch@lst.de Reported-by: syzbot+e6f77e16ff68b2434a2c@syzkaller.appspotmail.com Signed-off-by: Christoph Hellwig [Dominique: amend goto as per Doug Nazar's review] Signed-off-by: Dominique Martinet Signed-off-by: Sasha Levin net/9p/trans_fd.c | 24 ++++++++++++++++-------- 1 file changed, 16 insertions(+), 8 deletions(-) culprit signature: 471b0701e38a39aec00541e541c140e1f3adff50c54432bbf14a8444b726ebcb parent signature: 97c8b77cd368ef16cbd2c30dfc8225f915d6d281c6f6ecccf7e42ec96deef3f2 revisions tested: 15, total time: 4h6m3.114625727s (build: 2h17m41.489690097s, test: 1h46m9.699915904s) first good commit: af224c2eeda2bd6679355f588766c5a8da8920a2 net/9p: validate fds in p9_fd_open recipients (to): ["asmadeus@codewreck.org" "hch@lst.de" "sashal@kernel.org"] recipients (cc): []