bisecting fixing commit since 459e3a21535ae3c7a9a123650e54f5c882b8fcbf building syzkaller on 7516d9fa9301d2dfa5beaf49d93563f8048694aa testing commit 459e3a21535ae3c7a9a123650e54f5c882b8fcbf with gcc (GCC) 8.1.0 kernel signature: a876cbe1f954030a9f3a1416740688f556bc224db88f55cdb903d996e520781c run #0: crashed: WARNING: refcount bug in p9_req_put run #1: crashed: WARNING: refcount bug in p9_req_put run #2: crashed: no output from test machine run #3: crashed: no output from test machine run #4: crashed: no output from test machine run #5: crashed: no output from test machine run #6: crashed: no output from test machine run #7: crashed: no output from test machine run #8: crashed: no output from test machine run #9: crashed: no output from test machine testing current HEAD c9c9735c46f589b9877b7fc00c89ef1b61a31e18 testing commit c9c9735c46f589b9877b7fc00c89ef1b61a31e18 with gcc (GCC) 8.1.0 kernel signature: 2ab69d439e768030ff72334af3d0205ac18e7d95cca1249291dbf58c0f7185af all runs: OK # git bisect start c9c9735c46f589b9877b7fc00c89ef1b61a31e18 459e3a21535ae3c7a9a123650e54f5c882b8fcbf Bisecting: 60977 revisions left to test after this (roughly 16 steps) [7d6292ab11199ef596cbe6c87180e49510c8b7c7] Merge tag 'sunxi-dt-for-5.6-2' of https://git.kernel.org/pub/scm/linux/kernel/git/sunxi/linux into arm/dt testing commit 7d6292ab11199ef596cbe6c87180e49510c8b7c7 with gcc (GCC) 8.1.0 kernel signature: e058022cd88c5a99b74526aa67603cd34bbd37e0d47007e3ba7f196df4c8b2fc all runs: boot failed: general protection fault in do_mount_root # git bisect skip 7d6292ab11199ef596cbe6c87180e49510c8b7c7 Bisecting: 60977 revisions left to test after this (roughly 16 steps) [5f39dd232723a76aa7865de0b5be8373490355ef] arm64: dts: allwinner: a64: pinetab: Fix cpvdd supply name testing commit 5f39dd232723a76aa7865de0b5be8373490355ef with gcc (GCC) 8.1.0 kernel signature: 969b939c2254ceb8242bb216dd2b08c204fa074ff073d2ac9605ad4f3bf715fc run #0: crashed: WARNING: refcount bug in p9_tag_lookup run #1: crashed: WARNING: refcount bug in p9_req_put run #2: crashed: WARNING: refcount bug in p9_tag_lookup run #3: crashed: no output from test machine run #4: crashed: no output from test machine run #5: crashed: no output from test machine run #6: crashed: no output from test machine run #7: crashed: no output from test machine run #8: crashed: no output from test machine run #9: crashed: no output from test machine # git bisect good 5f39dd232723a76aa7865de0b5be8373490355ef Bisecting: 16604 revisions left to test after this (roughly 14 steps) [b791d1bdf9212d944d749a5c7ff6febdba241771] Merge tag 'locking-kcsan-2020-06-11' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip testing commit b791d1bdf9212d944d749a5c7ff6febdba241771 with gcc (GCC) 8.1.0 kernel signature: 7426a25c4484ffb9fa9a421877ba4045cf1892ff6965ae9724b24b8ebe384263 all runs: basic kernel testing failed: BUG: using smp_processor_id() in preemptible code in ext4_mb_new_blocks # git bisect skip b791d1bdf9212d944d749a5c7ff6febdba241771 Bisecting: 16604 revisions left to test after this (roughly 14 steps) [1bdcc35f7767988d49e55c6e44b80da666067f8b] drm/amd/display: reduce sr_xxx_time by 3 us when ppt disable testing commit 1bdcc35f7767988d49e55c6e44b80da666067f8b with gcc (GCC) 8.1.0 kernel signature: a0325de06047ba131fd4ccaa4f9ab427c15e4c33d880da06d909736cde199779 run #0: crashed: WARNING: refcount bug in p9_tag_lookup run #1: crashed: WARNING: refcount bug in p9_req_put run #2: crashed: WARNING: refcount bug in p9_req_put run #3: crashed: WARNING: refcount bug in p9_tag_lookup run #4: crashed: no output from test machine run #5: crashed: no output from test machine run #6: crashed: no output from test machine run #7: crashed: no output from test machine run #8: crashed: no output from test machine run #9: OK # git bisect good 1bdcc35f7767988d49e55c6e44b80da666067f8b Bisecting: 7429 revisions left to test after this (roughly 13 steps) [8186749621ed6b8fc42644c399e8c755a2b6f630] Merge tag 'drm-next-2020-08-06' of git://anongit.freedesktop.org/drm/drm testing commit 8186749621ed6b8fc42644c399e8c755a2b6f630 with gcc (GCC) 8.1.0 kernel signature: 8f452463d25acfa31de145831ba3f9fb9a04319854968550a3286b541a030160 all runs: OK # git bisect bad 8186749621ed6b8fc42644c399e8c755a2b6f630 Bisecting: 3831 revisions left to test after this (roughly 12 steps) [92c59e126b21fd212195358a0d296e787e444087] Merge tag 'arm-defconfig-5.9' of git://git.kernel.org/pub/scm/linux/kernel/git/soc/soc testing commit 92c59e126b21fd212195358a0d296e787e444087 with gcc (GCC) 8.1.0 kernel signature: b7a19f061360c65ed29ac8936df84b5a9c6ca7efa4d44d2c9c5bbea6b8bb7ece all runs: OK # git bisect bad 92c59e126b21fd212195358a0d296e787e444087 Bisecting: 1706 revisions left to test after this (roughly 11 steps) [1f68f31b51507e1ad647aa3a43c295eb024490ad] Merge tag 'io_uring-5.8-2020-07-24' of git://git.kernel.dk/linux-block into master testing commit 1f68f31b51507e1ad647aa3a43c295eb024490ad with gcc (GCC) 8.1.0 kernel signature: 970e10f2dc06de8e1a4eb22b4da638afb0ea77eba2d01d0607fc0d2d52716b41 all runs: crashed: WARNING in __kernel_write # git bisect good 1f68f31b51507e1ad647aa3a43c295eb024490ad Bisecting: 906 revisions left to test after this (roughly 10 steps) [99f6cf61f175c1239ed8e86d4a1757c380da52d1] Merge branch 'mtd/fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/mtd/linux testing commit 99f6cf61f175c1239ed8e86d4a1757c380da52d1 with gcc (GCC) 8.1.0 kernel signature: 414dc9e00760bbb92fe96192cb57d478131cefb52b4831a7ad79ea183013a7be all runs: OK # git bisect bad 99f6cf61f175c1239ed8e86d4a1757c380da52d1 Bisecting: 416 revisions left to test after this (roughly 9 steps) [5e548b32018d96c377fda4bdac2bf511a448ca67] btrfs: do not set the full sync flag on the inode during page release testing commit 5e548b32018d96c377fda4bdac2bf511a448ca67 with gcc (GCC) 8.1.0 kernel signature: 01b5deb6b4fcd969d7af839bb998bc194c9ed825707ba20bdfaf38326134a70a all runs: crashed: WARNING in __kernel_write # git bisect good 5e548b32018d96c377fda4bdac2bf511a448ca67 Bisecting: 209 revisions left to test after this (roughly 8 steps) [ac3a0c8472969a03c0496ae774b3a29eb26c8d5a] Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net testing commit ac3a0c8472969a03c0496ae774b3a29eb26c8d5a with gcc (GCC) 8.1.0 kernel signature: b95c305b3a8e10710a81683a902cb4b3358373977b8ad6be6a9bc8029e134260 all runs: OK # git bisect bad ac3a0c8472969a03c0496ae774b3a29eb26c8d5a Bisecting: 101 revisions left to test after this (roughly 7 steps) [bf121a0bda29daa67a1fcedbdf479f6b03c9f977] Merge tag 'perf-tools-fixes-2020-08-01' of git://git.kernel.org/pub/scm/linux/kernel/git/acme/linux testing commit bf121a0bda29daa67a1fcedbdf479f6b03c9f977 with gcc (GCC) 8.1.0 kernel signature: 1b4bd91422b79ce7df4a2498a08fad0a9d196dd7f3ab16ade7d828010c8f3217 all runs: OK # git bisect bad bf121a0bda29daa67a1fcedbdf479f6b03c9f977 Bisecting: 52 revisions left to test after this (roughly 6 steps) [aa54ea903abb02303bf55855fb51e3fcee135d70] ARM: percpu.h: fix build error testing commit aa54ea903abb02303bf55855fb51e3fcee135d70 with gcc (GCC) 8.1.0 kernel signature: 40ac3883ac0056545be7be2291db328b6f3f8910d64a2d0c3a9f83f0615388e7 all runs: OK # git bisect bad aa54ea903abb02303bf55855fb51e3fcee135d70 Bisecting: 17 revisions left to test after this (roughly 5 steps) [c2f3850df7f95537e79c561f7be49df2e4ad8060] Merge tag 'drm-fixes-2020-07-29' of git://anongit.freedesktop.org/drm/drm into master testing commit c2f3850df7f95537e79c561f7be49df2e4ad8060 with gcc (GCC) 8.1.0 kernel signature: 4534169e2ba6f50bd26a4d9042e9dc9ec170f6d0e8b86e4c93e254c459415ad6 all runs: crashed: WARNING in __kernel_write # git bisect good c2f3850df7f95537e79c561f7be49df2e4ad8060 Bisecting: 7 revisions left to test after this (roughly 3 steps) [0513b9d75c07cbcdfda3778b636d3d131d679eb1] Merge tag 'io_uring-5.8-2020-07-30' of git://git.kernel.dk/linux-block testing commit 0513b9d75c07cbcdfda3778b636d3d131d679eb1 with gcc (GCC) 8.1.0 kernel signature: 347e057c7b6f8b3f572177a006a538d5f986c8348d90a3934284966121f24d3b all runs: OK # git bisect bad 0513b9d75c07cbcdfda3778b636d3d131d679eb1 Bisecting: 4 revisions left to test after this (roughly 2 steps) [d3590ebf6f91350192737dd1d1b219c05277f067] Merge tag 'audit-pr-20200729' of git://git.kernel.org/pub/scm/linux/kernel/git/pcmoore/audit testing commit d3590ebf6f91350192737dd1d1b219c05277f067 with gcc (GCC) 8.1.0 kernel signature: ee83047664b809ffcb633c80ff881e11982f5f07e509ecaaad097d97a708110f run #0: OK run #1: OK run #2: OK run #3: OK run #4: OK run #5: OK run #6: OK run #7: OK run #8: OK run #9: boot failed: can't ssh into the instance # git bisect bad d3590ebf6f91350192737dd1d1b219c05277f067 Bisecting: 1 revision left to test after this (roughly 1 step) [21391520cbb597823050ac1bc343a0df3222ac90] Merge tag '9p-for-5.8-2' of git://github.com/martinetd/linux into master testing commit 21391520cbb597823050ac1bc343a0df3222ac90 with gcc (GCC) 8.1.0 kernel signature: 5d43b93bb19be61973326587529f8fbccf0c7cc293a8dbe6744a8a17ff72a998 all runs: OK # git bisect bad 21391520cbb597823050ac1bc343a0df3222ac90 Bisecting: 0 revisions left to test after this (roughly 1 step) [74d6a5d5662975aed7f25952f62efbb6f6dadd29] 9p/trans_fd: Fix concurrency del of req_list in p9_fd_cancelled/p9_read_work testing commit 74d6a5d5662975aed7f25952f62efbb6f6dadd29 with gcc (GCC) 8.1.0 kernel signature: d7ac3b1eab5da54b34e57a617b4649f34bbb618befc1e8af6907e15a08be3b4c all runs: OK # git bisect bad 74d6a5d5662975aed7f25952f62efbb6f6dadd29 Bisecting: 0 revisions left to test after this (roughly 0 steps) [a39c46067c845a8a2d7144836e9468b7f072343e] net/9p: validate fds in p9_fd_open testing commit a39c46067c845a8a2d7144836e9468b7f072343e with gcc (GCC) 8.1.0 kernel signature: 5001532cd6f593c66634308719410da0120536b199879b87e0f0accac38fd5f5 all runs: OK # git bisect bad a39c46067c845a8a2d7144836e9468b7f072343e a39c46067c845a8a2d7144836e9468b7f072343e is the first bad commit commit a39c46067c845a8a2d7144836e9468b7f072343e Author: Christoph Hellwig Date: Fri Jul 10 10:57:22 2020 +0200 net/9p: validate fds in p9_fd_open p9_fd_open just fgets file descriptors passed in from userspace, but doesn't verify that they are valid for read or writing. This gets cought down in the VFS when actually attempting a read or write, but a new warning added in linux-next upsets syzcaller. Fix this by just verifying the fds early on. Link: http://lkml.kernel.org/r/20200710085722.435850-1-hch@lst.de Reported-by: syzbot+e6f77e16ff68b2434a2c@syzkaller.appspotmail.com Signed-off-by: Christoph Hellwig [Dominique: amend goto as per Doug Nazar's review] Signed-off-by: Dominique Martinet net/9p/trans_fd.c | 24 ++++++++++++++++-------- 1 file changed, 16 insertions(+), 8 deletions(-) parent commit 11ba468877bb23f28956a35e896356252d63c983 wasn't tested testing commit 11ba468877bb23f28956a35e896356252d63c983 with gcc (GCC) 8.1.0 kernel signature: d0de3c6fa33905b11b2d9fe82e807e0a05a8725af2931f3655c78ec2bf9ec579 culprit signature: 5001532cd6f593c66634308719410da0120536b199879b87e0f0accac38fd5f5 parent signature: d0de3c6fa33905b11b2d9fe82e807e0a05a8725af2931f3655c78ec2bf9ec579 revisions tested: 20, total time: 4h33m22.323285291s (build: 1h41m7.153276778s, test: 2h49m6.730595491s) first good commit: a39c46067c845a8a2d7144836e9468b7f072343e net/9p: validate fds in p9_fd_open recipients (to): ["asmadeus@codewreck.org" "asmadeus@codewreck.org" "davem@davemloft.net" "ericvh@gmail.com" "hch@lst.de" "kuba@kernel.org" "lucho@ionkov.net" "netdev@vger.kernel.org" "v9fs-developer@lists.sourceforge.net"] recipients (cc): ["linux-kernel@vger.kernel.org"]