ci starts bisection 2022-12-31 00:25:11.492533461 +0000 UTC m=+15590.353161761
bisecting fixing commit since e0dccc3b76fb35bb257b4118367a883073d7390e
building syzkaller on 34795c51ab3f8f36aaa7daca93071df2d02ade82
ensuring issue is reproducible on original commit e0dccc3b76fb35bb257b4118367a883073d7390e

testing commit e0dccc3b76fb35bb257b4118367a883073d7390e gcc
compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2
kernel signature: f98fe286b38559bfd0ac61e6f05b35270e437e5296a62b5cba3a7f619d8a4691
run #0: crashed: SYZFATAL: executor failed NUM times: executor NUM: failed to write control pipe: write |NUM: broken pipe
run #1: crashed: SYZFATAL: executor failed NUM times: executor NUM: failed to write control pipe: write |NUM: broken pipe
run #2: crashed: SYZFATAL: executor failed NUM times: executor NUM: exit status NUM
run #3: crashed: SYZFATAL: executor failed NUM times: executor NUM: failed to write control pipe: write |NUM: broken pipe
run #4: crashed: SYZFATAL: executor failed NUM times: executor NUM: failed to write control pipe: write |NUM: broken pipe
run #5: crashed: WARNING in p9_client_destroy
run #6: OK
run #7: OK
run #8: OK
run #9: OK
run #10: OK
run #11: OK
run #12: OK
run #13: OK
run #14: OK
run #15: OK
run #16: OK
run #17: OK
run #18: OK
run #19: OK
reproducer seems to be flaky
testing current HEAD c8451c141e07a8d05693f6c8d0e418fbb4b68bb7
testing commit c8451c141e07a8d05693f6c8d0e418fbb4b68bb7 gcc
compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2
kernel signature: 62477fc2ab8d607bd5a693623805447334201ddaf4fbeeea5061eaf86868eeb0
run #0: basic kernel testing failed: BUG: program execution failed: executor NUM: exit status NUM
run #1: basic kernel testing failed: BUG: program execution failed: executor NUM: exit status NUM
run #2: basic kernel testing failed: BUG: program execution failed: executor NUM: failed to write control pipe: write |NUM: broken pipe
run #3: basic kernel testing failed: BUG: program execution failed: executor NUM: failed to write control pipe: write |NUM: broken pipe
run #4: OK
run #5: OK
run #6: OK
run #7: OK
run #8: OK
run #9: OK
run #10: OK
run #11: OK
run #12: OK
run #13: OK
run #14: OK
run #15: OK
run #16: OK
run #17: OK
run #18: OK
run #19: OK
# git bisect start c8451c141e07a8d05693f6c8d0e418fbb4b68bb7 e0dccc3b76fb35bb257b4118367a883073d7390e
Bisecting: 23287 revisions left to test after this (roughly 15 steps)
[9f4b9beeb9cf46c4b172fca06de5bd6831108641] Merge tag '6.1-rc-ksmbd-fixes' of git://git.samba.org/ksmbd

testing commit 9f4b9beeb9cf46c4b172fca06de5bd6831108641 gcc
compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2
kernel signature: d39946b196289b37eb3e2a67c98a05cbe60eb3c463f9022f70bcf4925d52c520
all runs: crashed: possible deadlock in p9_req_put
# git bisect good 9f4b9beeb9cf46c4b172fca06de5bd6831108641
Bisecting: 11754 revisions left to test after this (roughly 14 steps)
[97971df811b8854882c0f6c6631e23ab8cdcc44f] Merge tag 'dlm-6.2' of git://git.kernel.org/pub/scm/linux/kernel/git/teigland/linux-dlm

testing commit 97971df811b8854882c0f6c6631e23ab8cdcc44f gcc
compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2
kernel signature: 3a4b27041f7ef32b92306e893e5c903a2b559ce2705781900f7345f278b8bba5
all runs: OK
# git bisect bad 97971df811b8854882c0f6c6631e23ab8cdcc44f
Bisecting: 5777 revisions left to test after this (roughly 13 steps)
[2df76606db9de579bc96725981db4e8daa281993] Merge tag 'kbuild-fixes-v6.1' of git://git.kernel.org/pub/scm/linux/kernel/git/masahiroy/linux-kbuild

testing commit 2df76606db9de579bc96725981db4e8daa281993 gcc
compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2
kernel signature: 2e95217709d2f0d028e5ae4d24def57a309f34a35d6a564a6a86b5aea708138d
all runs: boot failed: WARNING in __netif_set_xps_queue
# git bisect skip 2df76606db9de579bc96725981db4e8daa281993
Bisecting: 5777 revisions left to test after this (roughly 13 steps)
[11c84a38fcff30197f6e8af29e65531a5734ee05] clk: Add our request boundaries in clk_core_init_rate_req

testing commit 11c84a38fcff30197f6e8af29e65531a5734ee05 gcc
compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2
kernel signature: ebfcad50d1216b1e6753a6a6b07474ba5c30b52536a130d1e6dff0c09ac500a1
run #0: boot failed: can't ssh into the instance
run #1: boot failed: can't ssh into the instance
run #2: boot failed: can't ssh into the instance
run #3: boot failed: can't ssh into the instance
run #4: boot failed: can't ssh into the instance
run #5: boot failed: can't ssh into the instance
run #6: boot failed: can't ssh into the instance
run #7: boot failed: can't ssh into the instance
run #8: boot failed: can't ssh into the instance
run #9: boot failed: can't ssh into the instance
run #10: boot failed: can't ssh into the instance
run #11: boot failed: can't ssh into the instance
run #12: boot failed: can't ssh into the instance
run #13: boot failed: can't ssh into the instance
run #14: boot failed: can't ssh into the instance
run #15: boot failed: can't ssh into the instance
run #16: boot failed: kernel BUG in __phys_addr
run #17: boot failed: kernel BUG in __phys_addr
run #18: boot failed: kernel BUG in __phys_addr
run #19: boot failed: kernel BUG in __phys_addr
# git bisect skip 11c84a38fcff30197f6e8af29e65531a5734ee05
Bisecting: 5777 revisions left to test after this (roughly 13 steps)
[fc1e3980044f0f812252f5f164a8350376d62eb7] selftests/seccomp: Check CAP_SYS_ADMIN capability in the test mode_filter_without_nnp

testing commit fc1e3980044f0f812252f5f164a8350376d62eb7 gcc
compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2
kernel signature: eef57ad719e77d786c754d10e711d4a9442c479f8d5aa92cc74c806ed100fe71
all runs: crashed: KASAN: slab-out-of-bounds Write in _copy_to_iter
# git bisect good fc1e3980044f0f812252f5f164a8350376d62eb7
Bisecting: 2679 revisions left to test after this (roughly 11 steps)
[164f59000c19fa1ee5d09327a8055ec9f9b9905a] Merge tag 'microblaze-v6.2' of git://git.monstr.eu/linux-2.6-microblaze

testing commit 164f59000c19fa1ee5d09327a8055ec9f9b9905a gcc
compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2
kernel signature: 0c44fdbc0db7a498687ec912089a034c93fa3461ca2f4fa1bc713516e91acdfa
all runs: OK
# git bisect bad 164f59000c19fa1ee5d09327a8055ec9f9b9905a
Bisecting: 1317 revisions left to test after this (roughly 10 steps)
[cc675d22e422442f6d230654a55a5fc5682ea018] Merge tag 'for-linus-6.1-rc6-tag' of git://git.kernel.org/pub/scm/linux/kernel/git/xen/tip

testing commit cc675d22e422442f6d230654a55a5fc5682ea018 gcc
compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2
kernel signature: c2bb32002d557102e8fec1d0d9b393cef873a7c74491d3086b05adef9d70dd07
all runs: crashed: KASAN: slab-out-of-bounds Write in _copy_to_iter
# git bisect good cc675d22e422442f6d230654a55a5fc5682ea018
Bisecting: 657 revisions left to test after this (roughly 9 steps)
[5afcab22179e4b4668e2df4759cfd71f09d2b503] Merge tag 'perf_urgent_for_v6.1_rc7' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip

testing commit 5afcab22179e4b4668e2df4759cfd71f09d2b503 gcc
compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2
kernel signature: 84ea92178c4f3a0f8e7181638480853e54d71da063c05803f5b6a5bcbbccad36
all runs: OK
# git bisect bad 5afcab22179e4b4668e2df4759cfd71f09d2b503
Bisecting: 329 revisions left to test after this (roughly 8 steps)
[91abf28a636291135ea5cab9af40f017cff6afce] drm/amd/amdgpu: reserve vm invalidation engine for firmware

testing commit 91abf28a636291135ea5cab9af40f017cff6afce gcc
compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2
kernel signature: c8aa2258f12aa211a69eefbc77f4925e38e9020558352657c45070cd403fd5a2
all runs: crashed: KASAN: slab-out-of-bounds Write in _copy_to_iter
# git bisect good 91abf28a636291135ea5cab9af40f017cff6afce
Bisecting: 153 revisions left to test after this (roughly 7 steps)
[08ad43d554bacb9769c6a69d5f771f02f5ba411c] Merge tag 'net-6.1-rc7' of git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net

testing commit 08ad43d554bacb9769c6a69d5f771f02f5ba411c gcc
compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2
kernel signature: 9fd99221bb7a40bff88ddd2827a03e480ad73e2c61fbf4efca6f0eaccb3bab14
all runs: OK
# git bisect bad 08ad43d554bacb9769c6a69d5f771f02f5ba411c
Bisecting: 87 revisions left to test after this (roughly 7 steps)
[0830b1effdf92b488c24aa03bc277090c8447527] Merge git://git.kernel.org/pub/scm/linux/kernel/git/netfilter/nf

testing commit 0830b1effdf92b488c24aa03bc277090c8447527 gcc
compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2
kernel signature: 38f376960f09330174e0e334d7f1ca02dc5d988a1b3a0d4a315287bfe436d1af
all runs: crashed: KASAN: slab-out-of-bounds Write in _copy_to_iter
# git bisect good 0830b1effdf92b488c24aa03bc277090c8447527
Bisecting: 50 revisions left to test after this (roughly 6 steps)
[b10dbd6fbd7d097afa1ffa5f94a74b355a4e4743] Merge tag 'v6.2-rockchip-dts32-1' of git://git.kernel.org/pub/scm/linux/kernel/git/mmind/linux-rockchip into arm/fixes

testing commit b10dbd6fbd7d097afa1ffa5f94a74b355a4e4743 gcc
compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2
kernel signature: eb39ac1005f26c40a80435438e742835c7bca5382c6d5d3980be2541e64532e1
all runs: crashed: KASAN: slab-out-of-bounds Write in _copy_to_iter
# git bisect good b10dbd6fbd7d097afa1ffa5f94a74b355a4e4743
Bisecting: 23 revisions left to test after this (roughly 5 steps)
[3bfd8fcab548659e3a77000b2302c62a47ab2824] Merge tag 'loongarch-fixes-6.1-2' of git://git.kernel.org/pub/scm/linux/kernel/git/chenhuacai/linux-loongson

testing commit 3bfd8fcab548659e3a77000b2302c62a47ab2824 gcc
compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2
kernel signature: c426211193e6fe6f3501870f8e6a424b8e45b3f46d4143955b6654b993b86966
all runs: OK
# git bisect bad 3bfd8fcab548659e3a77000b2302c62a47ab2824
Bisecting: 14 revisions left to test after this (roughly 4 steps)
[4312098baf37ee17a8350725e6e0d0e8590252d4] Merge tag 'spi-fix-v6.1-rc6' of git://git.kernel.org/pub/scm/linux/kernel/git/broonie/spi

testing commit 4312098baf37ee17a8350725e6e0d0e8590252d4 gcc
compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2
kernel signature: 5d7b5a39520964c6010729705e4c7763b1703033f44956601c418ee17ece8b4c
all runs: OK
# git bisect bad 4312098baf37ee17a8350725e6e0d0e8590252d4
Bisecting: 5 revisions left to test after this (roughly 3 steps)
[fd64898dfed510a55b66080f8ab5c9b06982bbce] Merge tag '9p-for-6.1-rc7' of https://github.com/martinetd/linux

testing commit fd64898dfed510a55b66080f8ab5c9b06982bbce gcc
compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2
kernel signature: da67bcc5263f01573735e06a8b62dab0ca58a99fc84bb3b27e3bbc3d67e98f48
all runs: OK
# git bisect bad fd64898dfed510a55b66080f8ab5c9b06982bbce
Bisecting: 2 revisions left to test after this (roughly 2 steps)
[6854fadbeee10891ed74246bdc05031906b6c8cf] 9p/fd: Use P9_HDRSZ for header size

testing commit 6854fadbeee10891ed74246bdc05031906b6c8cf gcc
compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2
kernel signature: fd792763791956d338c257e110f6884ec7cba59c149863495584dfd5f0619892
all runs: OK
# git bisect bad 6854fadbeee10891ed74246bdc05031906b6c8cf
Bisecting: 1 revision left to test after this (roughly 1 step)
[11c10956515b8ec44cf4f2a7b9d8bf8b9dc05ec4] 9p/fd: fix issue of list_del corruption in p9_fd_cancel()

testing commit 11c10956515b8ec44cf4f2a7b9d8bf8b9dc05ec4 gcc
compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2
kernel signature: 3b7d464bb8887f2e92998a261163722f97687382ed1acc4e7dc235ee13416d50
all runs: crashed: KASAN: slab-out-of-bounds Write in _copy_to_iter
# git bisect good 11c10956515b8ec44cf4f2a7b9d8bf8b9dc05ec4
Bisecting: 0 revisions left to test after this (roughly 0 steps)
[578b565b240afdfe0596d183f473f333eb9d3008] 9p/fd: Fix write overflow in p9_read_work

testing commit 578b565b240afdfe0596d183f473f333eb9d3008 gcc
compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2
kernel signature: e507aa4d05bed15516d5f20a5d950960dc30002807d9fb0fc6bf7c3931c498c0
all runs: OK
# git bisect bad 578b565b240afdfe0596d183f473f333eb9d3008
578b565b240afdfe0596d183f473f333eb9d3008 is the first bad commit
commit 578b565b240afdfe0596d183f473f333eb9d3008
Author: GUO Zihua <guozihua@huawei.com>
Date:   Thu Nov 17 17:11:57 2022 +0800

    9p/fd: Fix write overflow in p9_read_work
    
    This error was reported while fuzzing:
    
    BUG: KASAN: slab-out-of-bounds in _copy_to_iter+0xd35/0x1190
    Write of size 4043 at addr ffff888008724eb1 by task kworker/1:1/24
    
    CPU: 1 PID: 24 Comm: kworker/1:1 Not tainted 6.1.0-rc5-00002-g1adf73218daa-dirty #223
    Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.15.0-0-g2dd4b9b3f840-prebuilt.qemu.org 04/01/2014
    Workqueue: events p9_read_work
    Call Trace:
     <TASK>
     dump_stack_lvl+0x4c/0x64
     print_report+0x178/0x4b0
     kasan_report+0xae/0x130
     kasan_check_range+0x179/0x1e0
     memcpy+0x38/0x60
     _copy_to_iter+0xd35/0x1190
     copy_page_to_iter+0x1d5/0xb00
     pipe_read+0x3a1/0xd90
     __kernel_read+0x2a5/0x760
     kernel_read+0x47/0x60
     p9_read_work+0x463/0x780
     process_one_work+0x91d/0x1300
     worker_thread+0x8c/0x1210
     kthread+0x280/0x330
     ret_from_fork+0x22/0x30
     </TASK>
    
    Allocated by task 457:
     kasan_save_stack+0x1c/0x40
     kasan_set_track+0x21/0x30
     __kasan_kmalloc+0x7e/0x90
     __kmalloc+0x59/0x140
     p9_fcall_init.isra.11+0x5d/0x1c0
     p9_tag_alloc+0x251/0x550
     p9_client_prepare_req+0x162/0x350
     p9_client_rpc+0x18d/0xa90
     p9_client_create+0x670/0x14e0
     v9fs_session_init+0x1fd/0x14f0
     v9fs_mount+0xd7/0xaf0
     legacy_get_tree+0xf3/0x1f0
     vfs_get_tree+0x86/0x2c0
     path_mount+0x885/0x1940
     do_mount+0xec/0x100
     __x64_sys_mount+0x1a0/0x1e0
     do_syscall_64+0x3a/0x90
     entry_SYSCALL_64_after_hwframe+0x63/0xcd
    
    This BUG pops up when trying to reproduce
    https://syzkaller.appspot.com/bug?id=6c7cd46c7bdd0e86f95d26ec3153208ad186f9fa
    The callstack is different but the issue is valid and re-producable with
    the same re-producer in the link.
    
    The root cause of this issue is that we check the size of the message
    received against the msize of the client in p9_read_work. However, it
    turns out that capacity is no longer consistent with msize. Thus,
    the message size should be checked against sdata capacity.
    
    As the msize is non-consistant with the capacity of the tag and as we
    are now checking message size against capacity directly, there is no
    point checking message size against msize. So remove it.
    
    Link: https://lkml.kernel.org/r/20221117091159.31533-2-guozihua@huawei.com
    Link: https://lkml.kernel.org/r/20221117091159.31533-3-guozihua@huawei.com
    Reported-by: syzbot+0f89bd13eaceccc0e126@syzkaller.appspotmail.com
    Fixes: 60ece0833b6c ("net/9p: allocate appropriate reduced message buffers")
    Signed-off-by: GUO Zihua <guozihua@huawei.com>
    Reviewed-by: Christian Schoenebeck <linux_oss@crudebyte.com>
    [Dominique: squash patches 1 & 2 and fix size including header part]
    Signed-off-by: Dominique Martinet <asmadeus@codewreck.org>

 net/9p/trans_fd.c | 16 ++++++++--------
 1 file changed, 8 insertions(+), 8 deletions(-)

culprit signature: e507aa4d05bed15516d5f20a5d950960dc30002807d9fb0fc6bf7c3931c498c0
parent  signature: 3b7d464bb8887f2e92998a261163722f97687382ed1acc4e7dc235ee13416d50
Reproducer flagged being flaky
revisions tested: 20, total time: 5h4m9.887704583s (build: 2h27m6.187509571s, test: 2h34m34.630599129s)
first good commit: 578b565b240afdfe0596d183f473f333eb9d3008 9p/fd: Fix write overflow in p9_read_work
recipients (to): ["asmadeus@codewreck.org" "guozihua@huawei.com" "linux_oss@crudebyte.com"]
recipients (cc): []