bisecting fixing commit since c194212a033217426dda6e86b5b351f1fb9894c9 building syzkaller on 3cd800e43d452c348a66ba475143831d94969a24 testing commit c194212a033217426dda6e86b5b351f1fb9894c9 compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 744a4fc2731e88b852c9637776c6e6ce20c74869d9e5d93a67d3e323120f65ea all runs: crashed: kernel BUG in vhost_get_vq_desc testing current HEAD 681997eca1433aa9b3d669a43375cb086df9a2ee testing commit 681997eca1433aa9b3d669a43375cb086df9a2ee compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 4d87ed10c8a15e246f59150c2bddbb52ecbfc007ae7fcfd89bc4b2aaf91ba488 all runs: OK # git bisect start 681997eca1433aa9b3d669a43375cb086df9a2ee c194212a033217426dda6e86b5b351f1fb9894c9 Bisecting: 912 revisions left to test after this (roughly 10 steps) [a70d5dbe2e4ead2f9ddce9895ea3b08d76b4a3ff] soundwire: intel: fix wrong register name in intel_shim_wake testing commit a70d5dbe2e4ead2f9ddce9895ea3b08d76b4a3ff compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: bc4db08a645dad6b9797310eecde55936fa15a4d8e0d9916ac06e6d1b8d24979 all runs: OK # git bisect bad a70d5dbe2e4ead2f9ddce9895ea3b08d76b4a3ff Bisecting: 456 revisions left to test after this (roughly 9 steps) [2fad5b6948963bac235eac8261d4cd9165eaf1c2] tcp: make tcp_read_sock() more robust testing commit 2fad5b6948963bac235eac8261d4cd9165eaf1c2 compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 3cc7f0768899ed448e1fe995f498b3726ac49bc931a9e0a696ab80c919e8c0bf all runs: OK # git bisect bad 2fad5b6948963bac235eac8261d4cd9165eaf1c2 Bisecting: 227 revisions left to test after this (roughly 8 steps) [7211aab2881b0a8b6a002ec2eb341b2d3cb9f003] riscv: Fix config KASAN && SPARSEMEM && !SPARSE_VMEMMAP testing commit 7211aab2881b0a8b6a002ec2eb341b2d3cb9f003 compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 7cacd823cece7d8df21d709c9567bd5b425e69080b65004fccab2ea128c7a85c all runs: OK # git bisect bad 7211aab2881b0a8b6a002ec2eb341b2d3cb9f003 Bisecting: 113 revisions left to test after this (roughly 7 steps) [2c35c95d3640979d0f0118b640ddd4b326cf4d81] dmaengine: stm32-dmamux: Fix PM disable depth imbalance in stm32_dmamux_probe testing commit 2c35c95d3640979d0f0118b640ddd4b326cf4d81 compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 770aa1e105c8279841c17156f4ca1a2a2050b5a64d779d70dc589f53f378aef6 all runs: crashed: kernel BUG in vhost_get_vq_desc # git bisect good 2c35c95d3640979d0f0118b640ddd4b326cf4d81 Bisecting: 56 revisions left to test after this (roughly 6 steps) [99eb8d694174c777558dc902d575d1997d5ca650] RDMA/ib_srp: Fix a deadlock testing commit 99eb8d694174c777558dc902d575d1997d5ca650 compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 60a501badfcf672f741332c09f18281bb0dfef372c3988fb7cdf4d53c808208d all runs: OK # git bisect bad 99eb8d694174c777558dc902d575d1997d5ca650 Bisecting: 28 revisions left to test after this (roughly 5 steps) [d8b78314c5ba09e17a0df652c68a7be59511f999] bnxt_en: Fix active FEC reporting to ethtool testing commit d8b78314c5ba09e17a0df652c68a7be59511f999 compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 73dedefd92625e460e768c566346380adcd59bfbe094a1e16e9e8cf357b3bb75 all runs: OK # git bisect bad d8b78314c5ba09e17a0df652c68a7be59511f999 Bisecting: 13 revisions left to test after this (roughly 4 steps) [646b532f32eafff0e3cda1ece4da1091b936cf88] parisc/unaligned: Fix ldw() and stw() unalignment handlers testing commit 646b532f32eafff0e3cda1ece4da1091b936cf88 compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: dfedeb2401097a974752c1cf1d32ec69ecdd2bd1c398b678dd0dc09f73d3bb69 all runs: OK # git bisect bad 646b532f32eafff0e3cda1ece4da1091b936cf88 Bisecting: 6 revisions left to test after this (roughly 3 steps) [47667effb7d2f54dab3be33749c5a05152c07db0] Linux 5.10.102 testing commit 47667effb7d2f54dab3be33749c5a05152c07db0 compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 634b75441be21f8c56480c658389a191ccfc709181a633f1551041c81ee8c67d all runs: crashed: kernel BUG in vhost_get_vq_desc # git bisect good 47667effb7d2f54dab3be33749c5a05152c07db0 Bisecting: 3 revisions left to test after this (roughly 2 steps) [72a5b01875b279196b30af9cca737318fbf3f634] btrfs: tree-checker: check item_size for dev_item testing commit 72a5b01875b279196b30af9cca737318fbf3f634 compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 944302a97a4030c17ea5a315501150058ca916b5b728fec0ad3d11551a9de870 all runs: crashed: kernel BUG in vhost_get_vq_desc # git bisect good 72a5b01875b279196b30af9cca737318fbf3f634 Bisecting: 1 revision left to test after this (roughly 1 step) [698dc7d13c4e972214458996455447651a657264] vhost/vsock: don't check owner in vhost_vsock_stop() while releasing testing commit 698dc7d13c4e972214458996455447651a657264 compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 68662873781be14897050f61c9260bad9231f8f32f4c03f323e0f9e2a7939140 all runs: OK # git bisect bad 698dc7d13c4e972214458996455447651a657264 Bisecting: 0 revisions left to test after this (roughly 0 steps) [84e303b4d53fb348cb9179d35ddac3c71d7cfbf5] clk: jz4725b: fix mmc0 clock gating testing commit 84e303b4d53fb348cb9179d35ddac3c71d7cfbf5 compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: b2e6c14e822973dc339393e9623ae83e1ef87f799284ee916e69d474929cdca2 all runs: crashed: kernel BUG in vhost_get_vq_desc # git bisect good 84e303b4d53fb348cb9179d35ddac3c71d7cfbf5 698dc7d13c4e972214458996455447651a657264 is the first bad commit commit 698dc7d13c4e972214458996455447651a657264 Author: Stefano Garzarella Date: Tue Feb 22 10:47:42 2022 +0100 vhost/vsock: don't check owner in vhost_vsock_stop() while releasing commit a58da53ffd70294ebea8ecd0eb45fd0d74add9f9 upstream. vhost_vsock_stop() calls vhost_dev_check_owner() to check the device ownership. It expects current->mm to be valid. vhost_vsock_stop() is also called by vhost_vsock_dev_release() when the user has not done close(), so when we are in do_exit(). In this case current->mm is invalid and we're releasing the device, so we should clean it anyway. Let's check the owner only when vhost_vsock_stop() is called by an ioctl. When invoked from release we can not fail so we don't check return code of vhost_vsock_stop(). We need to stop vsock even if it's not the owner. Fixes: 433fc58e6bf2 ("VSOCK: Introduce vhost_vsock.ko") Cc: stable@vger.kernel.org Reported-by: syzbot+1e3ea63db39f2b4440e0@syzkaller.appspotmail.com Reported-and-tested-by: syzbot+3140b17cb44a7b174008@syzkaller.appspotmail.com Signed-off-by: Stefano Garzarella Acked-by: Jason Wang Signed-off-by: David S. Miller Signed-off-by: Greg Kroah-Hartman drivers/vhost/vsock.c | 21 ++++++++++++++------- 1 file changed, 14 insertions(+), 7 deletions(-) culprit signature: 68662873781be14897050f61c9260bad9231f8f32f4c03f323e0f9e2a7939140 parent signature: b2e6c14e822973dc339393e9623ae83e1ef87f799284ee916e69d474929cdca2 revisions tested: 13, total time: 2h42m56.490114569s (build: 1h0m33.624769855s, test: 1h41m11.046352543s) first good commit: 698dc7d13c4e972214458996455447651a657264 vhost/vsock: don't check owner in vhost_vsock_stop() while releasing recipients (to): ["davem@davemloft.net" "gregkh@linuxfoundation.org" "jasowang@redhat.com" "sgarzare@redhat.com" "syzbot+3140b17cb44a7b174008@syzkaller.appspotmail.com"] recipients (cc): []