Reminder: 18 open syzbot bugs in "fs/9p" subsystem
From: Eric Biggers
Date: Tue Jul 23 2019 - 21:46:10 EST
[This email was generated by a script. Let me know if you have any suggestions
to make it better, or if you want it re-generated with the latest status.]
Of the currently open syzbot reports against the upstream kernel, I've manually
marked 18 of them as possibly being bugs in the "fs/9p" subsystem. I've listed
these reports below, sorted by an algorithm that tries to list first the reports
most likely to be still valid, important, and actionable.
Of these 18 bugs, 1 was seen in mainline in the last week.
If you believe a bug is no longer valid, please close the syzbot report by
sending a '#syz fix', '#syz dup', or '#syz invalid' command in reply to the
original thread, as explained at https://goo.gl/tpsmEJ#status
If you believe I misattributed a bug to the "fs/9p" subsystem, please let me
know, and if possible forward the report to the correct people or mailing list.
Here are the bugs:
--------------------------------------------------------------------------------
Title: memory leak in v9fs_cache_session_get_cookie
Last occurred: 0 days ago
Reported: 63 days ago
Branches: Mainline
Dashboard link: https://syzkaller.appspot.com/bug?id=f012bdf297a7a4c860c38a88b44fbee43fd9bbf3
Original thread: https://lkml.kernel.org/lkml/0000000000001b266f058965f9a7@xxxxxxxxxx/T/#u
This bug has a C reproducer.
No one has replied to the original thread for this bug yet.
If you fix this bug, please add the following tag to the commit:
Reported-by: syzbot+3a030a73b6c1e9833815@xxxxxxxxxxxxxxxxxxxxxxxxx
If you send any email or patch for this bug, please consider replying to the
original thread. For the git send-email command to use, or tips on how to reply
if the thread isn't in your mailbox, see the "Reply instructions" at
https://lkml.kernel.org/r/0000000000001b266f058965f9a7@xxxxxxxxxx
--------------------------------------------------------------------------------
Title: KASAN: use-after-free Read in __queue_work (2)
Last occurred: 26 days ago
Reported: 379 days ago
Branches: Mainline and others
Dashboard link: https://syzkaller.appspot.com/bug?id=c14270323f22e896228f470164aac59114d388be
Original thread: https://lkml.kernel.org/lkml/000000000000f665a30570885589@xxxxxxxxxx/T/#u
This bug has a C reproducer.
No one replied to the original thread for this bug.
If you fix this bug, please add the following tag to the commit:
Reported-by: syzbot+1c9db6a163a4000d0765@xxxxxxxxxxxxxxxxxxxxxxxxx
If you send any email or patch for this bug, please consider replying to the
original thread. For the git send-email command to use, or tips on how to reply
if the thread isn't in your mailbox, see the "Reply instructions" at
https://lkml.kernel.org/r/000000000000f665a30570885589@xxxxxxxxxx
--------------------------------------------------------------------------------
Title: WARNING: refcount bug in p9_req_put
Last occurred: 22 days ago
Reported: 250 days ago
Branches: Mainline and others
Dashboard link: https://syzkaller.appspot.com/bug?id=af5bada8b8d40472d6cd6a34a9cc1dc4b46d03df
Original thread: https://lkml.kernel.org/lkml/000000000000eb6a8e057ab79f82@xxxxxxxxxx/T/#u
This bug has a syzkaller reproducer only.
The original thread for this bug received 1 reply, 248 days ago.
If you fix this bug, please add the following tag to the commit:
Reported-by: syzbot+edec7868af5997928fe9@xxxxxxxxxxxxxxxxxxxxxxxxx
If you send any email or patch for this bug, please consider replying to the
original thread. For the git send-email command to use, or tips on how to reply
if the thread isn't in your mailbox, see the "Reply instructions" at
https://lkml.kernel.org/r/000000000000eb6a8e057ab79f82@xxxxxxxxxx
--------------------------------------------------------------------------------
Title: KASAN: use-after-free Read in p9_fd_poll
Last occurred: 344 days ago
Reported: 377 days ago
Branches: Mainline and others
Dashboard link: https://syzkaller.appspot.com/bug?id=1b726e0a253ee75e902d090f68705da3d42d6ae0
Original thread: https://lkml.kernel.org/lkml/000000000000afbebb0570be9bf3@xxxxxxxxxx/T/#u
This bug has a C reproducer.
No one replied to the original thread for this bug.
If you fix this bug, please add the following tag to the commit:
Reported-by: syzbot+0442e6e2f7e1e33b1037@xxxxxxxxxxxxxxxxxxxxxxxxx
If you send any email or patch for this bug, please consider replying to the
original thread. For the git send-email command to use, or tips on how to reply
if the thread isn't in your mailbox, see the "Reply instructions" at
https://lkml.kernel.org/r/000000000000afbebb0570be9bf3@xxxxxxxxxx
--------------------------------------------------------------------------------
Title: KMSAN: uninit-value in unix_find_other
Last occurred: 378 days ago
Reported: 379 days ago
Branches: Mainline (with KMSAN patches)
Dashboard link: https://syzkaller.appspot.com/bug?id=a18dffaab644e1a6f8c7e85ff0e18b6293ba8af6
Original thread: https://lkml.kernel.org/lkml/0000000000004a927105708ab2d9@xxxxxxxxxx/T/#u
This bug has a C reproducer.
The original thread for this bug received 1 reply, 379 days ago.
If you fix this bug, please add the following tag to the commit:
Reported-by: syzbot+75d51fe5bf4ebe988518@xxxxxxxxxxxxxxxxxxxxxxxxx
If you send any email or patch for this bug, please consider replying to the
original thread. For the git send-email command to use, or tips on how to reply
if the thread isn't in your mailbox, see the "Reply instructions" at
https://lkml.kernel.org/r/0000000000004a927105708ab2d9@xxxxxxxxxx
--------------------------------------------------------------------------------
Title: KMSAN: uninit-value in p9_client_rpc
Last occurred: 376 days ago
Reported: 378 days ago
Branches: Mainline (with KMSAN patches)
Dashboard link: https://syzkaller.appspot.com/bug?id=a90ca45133088ce07550f7cee0be028ee079c3f4
Original thread: https://lkml.kernel.org/lkml/000000000000c541110570a978a4@xxxxxxxxxx/T/#u
This bug has a C reproducer.
The original thread for this bug received 1 reply, 376 days ago.
If you fix this bug, please add the following tag to the commit:
Reported-by: syzbot+4de40388f584432bf004@xxxxxxxxxxxxxxxxxxxxxxxxx
If you send any email or patch for this bug, please consider replying to the
original thread. For the git send-email command to use, or tips on how to reply
if the thread isn't in your mailbox, see the "Reply instructions" at
https://lkml.kernel.org/r/000000000000c541110570a978a4@xxxxxxxxxx
--------------------------------------------------------------------------------
Title: general protection fault in p9_conn_cancel
Last occurred: 359 days ago
Reported: 377 days ago
Branches: Mainline
Dashboard link: https://syzkaller.appspot.com/bug?id=914af3becc310b7a00c1107f0c97bc6a1834e81d
Original thread: https://lkml.kernel.org/lkml/000000000000ee4dab0570be896c@xxxxxxxxxx/T/#u
This bug has a C reproducer.
No one replied to the original thread for this bug.
If you fix this bug, please add the following tag to the commit:
Reported-by: syzbot+4d29d76a0da7a8c4d86c@xxxxxxxxxxxxxxxxxxxxxxxxx
If you send any email or patch for this bug, please consider replying to the
original thread. For the git send-email command to use, or tips on how to reply
if the thread isn't in your mailbox, see the "Reply instructions" at
https://lkml.kernel.org/r/000000000000ee4dab0570be896c@xxxxxxxxxx
--------------------------------------------------------------------------------
Title: KASAN: use-after-free Read in ep_scan_ready_list
Last occurred: 342 days ago
Reported: 377 days ago
Branches: Mainline and others
Dashboard link: https://syzkaller.appspot.com/bug?id=f668a9aa79ed08cc1f386be0930a529f285a4ec8
Original thread: https://lkml.kernel.org/lkml/0000000000005e2bf90570bbe2ab@xxxxxxxxxx/T/#u
This bug has a C reproducer.
No one replied to the original thread for this bug.
If you fix this bug, please add the following tag to the commit:
Reported-by: syzbot+78b902c73c69102cb767@xxxxxxxxxxxxxxxxxxxxxxxxx
If you send any email or patch for this bug, please consider replying to the
original thread. For the git send-email command to use, or tips on how to reply
if the thread isn't in your mailbox, see the "Reply instructions" at
https://lkml.kernel.org/r/0000000000005e2bf90570bbe2ab@xxxxxxxxxx
--------------------------------------------------------------------------------
Title: KASAN: use-after-free Read in p9_conn_cancel
Last occurred: 341 days ago
Reported: 379 days ago
Branches: Mainline and others
Dashboard link: https://syzkaller.appspot.com/bug?id=cc9f4ab3d1198237b0ee1f751ca02e21f8d46445
Original thread: https://lkml.kernel.org/lkml/000000000000d13b2e05708a9ca0@xxxxxxxxxx/T/#u
This bug has a C reproducer.
No one replied to the original thread for this bug.
If you fix this bug, please add the following tag to the commit:
Reported-by: syzbot+f0fdc967350bd580a80b@xxxxxxxxxxxxxxxxxxxxxxxxx
If you send any email or patch for this bug, please consider replying to the
original thread. For the git send-email command to use, or tips on how to reply
if the thread isn't in your mailbox, see the "Reply instructions" at
https://lkml.kernel.org/r/000000000000d13b2e05708a9ca0@xxxxxxxxxx
--------------------------------------------------------------------------------
Title: INFO: task hung in iterate_supers
Last occurred: 85 days ago
Reported: 378 days ago
Branches: Mainline and others
Dashboard link: https://syzkaller.appspot.com/bug?id=3c0c173ff55822aacb81ce7ae27a6676fba29a5c
Original thread: https://lkml.kernel.org/lkml/000000000000da8a9b0570a29c01@xxxxxxxxxx/T/#u
This bug has a C reproducer.
The original thread for this bug received 4 replies; the last was 375 days ago.
If you fix this bug, please add the following tag to the commit:
Reported-by: syzbot+2349f5067b1772c1d8a5@xxxxxxxxxxxxxxxxxxxxxxxxx
If you send any email or patch for this bug, please consider replying to the
original thread. For the git send-email command to use, or tips on how to reply
if the thread isn't in your mailbox, see the "Reply instructions" at
https://lkml.kernel.org/r/000000000000da8a9b0570a29c01@xxxxxxxxxx
--------------------------------------------------------------------------------
Title: BUG: corrupted list in p9_write_work
Last occurred: 302 days ago
Reported: 347 days ago
Branches: Mainline and others
Dashboard link: https://syzkaller.appspot.com/bug?id=151aa3d92ac4b94c54797bd48465387068b1fddd
Original thread: https://lkml.kernel.org/lkml/0000000000002a2fdf0573107004@xxxxxxxxxx/T/#u
This bug has a C reproducer.
No one replied to the original thread for this bug.
If you fix this bug, please add the following tag to the commit:
Reported-by: syzbot+1788bd5d4e051da6ec08@xxxxxxxxxxxxxxxxxxxxxxxxx
If you send any email or patch for this bug, please consider replying to the
original thread. For the git send-email command to use, or tips on how to reply
if the thread isn't in your mailbox, see the "Reply instructions" at
https://lkml.kernel.org/r/0000000000002a2fdf0573107004@xxxxxxxxxx
--------------------------------------------------------------------------------
Title: INFO: task hung in flush_work
Last occurred: 82 days ago
Reported: 442 days ago
Branches: Mainline and others
Dashboard link: https://syzkaller.appspot.com/bug?id=70f8f16aafb20820a026882ea1ab613b4bfa2216
Original thread: https://lkml.kernel.org/lkml/000000000000b15fb3056b9f94e7@xxxxxxxxxx/T/#u
This bug has a C reproducer.
No one replied to the original thread for this bug.
If you fix this bug, please add the following tag to the commit:
Reported-by: syzbot+2e7b6af5956e05e5cff7@xxxxxxxxxxxxxxxxxxxxxxxxx
If you send any email or patch for this bug, please consider replying to the
original thread. For the git send-email command to use, or tips on how to reply
if the thread isn't in your mailbox, see the "Reply instructions" at
https://lkml.kernel.org/r/000000000000b15fb3056b9f94e7@xxxxxxxxxx
--------------------------------------------------------------------------------
Title: BUG: corrupted list in p9_conn_cancel
Last occurred: 278 days ago
Reported: 379 days ago
Branches: Mainline and others
Dashboard link: https://syzkaller.appspot.com/bug?id=ed87cd63ebd6e82af690c83e59a3790276572fd1
Original thread: https://lkml.kernel.org/lkml/00000000000054395605708fbd13@xxxxxxxxxx/T/#u
This bug has a C reproducer.
No one replied to the original thread for this bug.
If you fix this bug, please add the following tag to the commit:
Reported-by: syzbot+ad0832746849421bba05@xxxxxxxxxxxxxxxxxxxxxxxxx
If you send any email or patch for this bug, please consider replying to the
original thread. For the git send-email command to use, or tips on how to reply
if the thread isn't in your mailbox, see the "Reply instructions" at
https://lkml.kernel.org/r/00000000000054395605708fbd13@xxxxxxxxxx
--------------------------------------------------------------------------------
Title: WARNING: ODEBUG bug in p9_fd_close
Last occurred: 340 days ago
Reported: 379 days ago
Branches: Mainline and others
Dashboard link: https://syzkaller.appspot.com/bug?id=751ed5b74aa9a00ac4b39c32881fd32d6f6b875c
Original thread: https://lkml.kernel.org/lkml/00000000000024f01405708aab83@xxxxxxxxxx/T/#u
This bug has a C reproducer.
No one replied to the original thread for this bug.
If you fix this bug, please add the following tag to the commit:
Reported-by: syzbot+d702a81aadeedd565723@xxxxxxxxxxxxxxxxxxxxxxxxx
If you send any email or patch for this bug, please consider replying to the
original thread. For the git send-email command to use, or tips on how to reply
if the thread isn't in your mailbox, see the "Reply instructions" at
https://lkml.kernel.org/r/00000000000024f01405708aab83@xxxxxxxxxx
--------------------------------------------------------------------------------
Title: BUG: corrupted list in p9_read_work (2)
Last occurred: 104 days ago
Reported: 242 days ago
Branches: Mainline and others
Dashboard link: https://syzkaller.appspot.com/bug?id=5df4f85d764ee89863d0294b4e0c87ef2fd2c624
Original thread: https://lkml.kernel.org/lkml/000000000000807fe4057b4f19c6@xxxxxxxxxx/T/#u
This bug has a syzkaller reproducer only.
No one replied to the original thread for this bug.
If you fix this bug, please add the following tag to the commit:
Reported-by: syzbot+77a25acfa0382e06ab23@xxxxxxxxxxxxxxxxxxxxxxxxx
If you send any email or patch for this bug, please consider replying to the
original thread. For the git send-email command to use, or tips on how to reply
if the thread isn't in your mailbox, see the "Reply instructions" at
https://lkml.kernel.org/r/000000000000807fe4057b4f19c6@xxxxxxxxxx
--------------------------------------------------------------------------------
Title: KASAN: use-after-free Read in generic_perform_write
Last occurred: 356 days ago
Reported: 369 days ago
Branches: linux-next
Dashboard link: https://syzkaller.appspot.com/bug?id=ffccb5b7eaae1bd46ec0bd18aa9923cee7cfdb60
Original thread: https://lkml.kernel.org/lkml/00000000000047116205715df655@xxxxxxxxxx/T/#u
This bug has a C reproducer.
The original thread for this bug received 3 replies; the last was 369 days ago.
If you fix this bug, please add the following tag to the commit:
Reported-by: syzbot+b173e77096a8ba815511@xxxxxxxxxxxxxxxxxxxxxxxxx
If you send any email or patch for this bug, please consider replying to the
original thread. For the git send-email command to use, or tips on how to reply
if the thread isn't in your mailbox, see the "Reply instructions" at
https://lkml.kernel.org/r/00000000000047116205715df655@xxxxxxxxxx
--------------------------------------------------------------------------------
Title: general protection fault in do_raw_spin_unlock
Last occurred: 372 days ago
Reported: 372 days ago
Branches: linux-next
Dashboard link: https://syzkaller.appspot.com/bug?id=ed176b6fd7180236cd56d904bd6dcabd6e2f318b
Original thread: https://lkml.kernel.org/lkml/000000000000fedc1105711f11fd@xxxxxxxxxx/T/#u
This bug has a syzkaller reproducer only.
No one replied to the original thread for this bug.
If you fix this bug, please add the following tag to the commit:
Reported-by: syzbot+83a25334ef203851dc81@xxxxxxxxxxxxxxxxxxxxxxxxx
If you send any email or patch for this bug, please consider replying to the
original thread. For the git send-email command to use, or tips on how to reply
if the thread isn't in your mailbox, see the "Reply instructions" at
https://lkml.kernel.org/r/000000000000fedc1105711f11fd@xxxxxxxxxx
--------------------------------------------------------------------------------
Title: general protection fault in p9_client_prepare_req
Last occurred: 300 days ago
Reported: 369 days ago
Branches: linux-next
Dashboard link: https://syzkaller.appspot.com/bug?id=993a3caa9e6efc13b53cd9531eeb9dc50d59a4e4
Original thread: https://lkml.kernel.org/lkml/0000000000007870ef0571590bb2@xxxxxxxxxx/T/#u
This bug has a C reproducer.
No one replied to the original thread for this bug.
If you fix this bug, please add the following tag to the commit:
Reported-by: syzbot+77a28a63a0ece0fbba97@xxxxxxxxxxxxxxxxxxxxxxxxx
If you send any email or patch for this bug, please consider replying to the
original thread. For the git send-email command to use, or tips on how to reply
if the thread isn't in your mailbox, see the "Reply instructions" at
https://lkml.kernel.org/r/0000000000007870ef0571590bb2@xxxxxxxxxx