Reminder: 18 open syzbot bugs in "fs/9p" subsystem

From: Eric Biggers
Date: Tue Jul 02 2019 - 02:29:41 EST

[This email was generated by a script. Let me know if you have any suggestions
to make it better, or if you want it re-generated with the latest status.]

Of the currently open syzbot reports against the upstream kernel, I've manually
marked 18 of them as possibly being bugs in the "fs/9p" subsystem. I've listed
these reports below, sorted by an algorithm that tries to list first the reports
most likely to be still valid, important, and actionable.

Of these 18 bugs, 3 were seen in mainline in the last week.

If you believe a bug is no longer valid, please close the syzbot report by
sending a '#syz fix', '#syz dup', or '#syz invalid' command in reply to the
original thread, as explained at https://goo.gl/tpsmEJ#status

If you believe I misattributed a bug to the "fs/9p" subsystem, please let me
know, and if possible forward the report to the correct people or mailing list.

Here are the bugs:

--------------------------------------------------------------------------------
Title: KASAN: use-after-free Read in __queue_work (2)
Last occurred: 4 days ago
Reported: 358 days ago
Branches: Mainline and others
Dashboard link: https://syzkaller.appspot.com/bug?id=c14270323f22e896228f470164aac59114d388be
Original thread: https://lkml.kernel.org/lkml/000000000000f665a30570885589@xxxxxxxxxx/T/#u

This bug has a C reproducer.

No one replied to the original thread for this bug.

If you fix this bug, please add the following tag to the commit:
Reported-by: syzbot+1c9db6a163a4000d0765@xxxxxxxxxxxxxxxxxxxxxxxxx

If you send any email or patch for this bug, please consider replying to the
original thread. For the git send-email command to use, or tips on how to reply
if the thread isn't in your mailbox, see the "Reply instructions" at
https://lkml.kernel.org/r/000000000000f665a30570885589@xxxxxxxxxx

--------------------------------------------------------------------------------
Title: WARNING: refcount bug in p9_req_put
Last occurred: 0 days ago
Reported: 228 days ago
Branches: Mainline and others
Dashboard link: https://syzkaller.appspot.com/bug?id=af5bada8b8d40472d6cd6a34a9cc1dc4b46d03df
Original thread: https://lkml.kernel.org/lkml/000000000000eb6a8e057ab79f82@xxxxxxxxxx/T/#u

This bug has a syzkaller reproducer only.

The original thread for this bug received 1 reply, 226 days ago.

If you fix this bug, please add the following tag to the commit:
Reported-by: syzbot+edec7868af5997928fe9@xxxxxxxxxxxxxxxxxxxxxxxxx

If you send any email or patch for this bug, please consider replying to the
original thread. For the git send-email command to use, or tips on how to reply
if the thread isn't in your mailbox, see the "Reply instructions" at
https://lkml.kernel.org/r/000000000000eb6a8e057ab79f82@xxxxxxxxxx

--------------------------------------------------------------------------------
Title: memory leak in v9fs_cache_session_get_cookie
Last occurred: 0 days ago
Reported: 41 days ago
Branches: Mainline
Dashboard link: https://syzkaller.appspot.com/bug?id=f012bdf297a7a4c860c38a88b44fbee43fd9bbf3
Original thread: https://lkml.kernel.org/lkml/0000000000001b266f058965f9a7@xxxxxxxxxx/T/#u

This bug has a C reproducer.

No one has replied to the original thread for this bug yet.

If you fix this bug, please add the following tag to the commit:
Reported-by: syzbot+3a030a73b6c1e9833815@xxxxxxxxxxxxxxxxxxxxxxxxx

If you send any email or patch for this bug, please consider replying to the
original thread. For the git send-email command to use, or tips on how to reply
if the thread isn't in your mailbox, see the "Reply instructions" at
https://lkml.kernel.org/r/0000000000001b266f058965f9a7@xxxxxxxxxx

--------------------------------------------------------------------------------
Title: KASAN: use-after-free Read in p9_fd_poll
Last occurred: 323 days ago
Reported: 355 days ago
Branches: Mainline and others
Dashboard link: https://syzkaller.appspot.com/bug?id=1b726e0a253ee75e902d090f68705da3d42d6ae0
Original thread: https://lkml.kernel.org/lkml/000000000000afbebb0570be9bf3@xxxxxxxxxx/T/#u

This bug has a C reproducer.

No one replied to the original thread for this bug.

If you fix this bug, please add the following tag to the commit:
Reported-by: syzbot+0442e6e2f7e1e33b1037@xxxxxxxxxxxxxxxxxxxxxxxxx

If you send any email or patch for this bug, please consider replying to the
original thread. For the git send-email command to use, or tips on how to reply
if the thread isn't in your mailbox, see the "Reply instructions" at
https://lkml.kernel.org/r/000000000000afbebb0570be9bf3@xxxxxxxxxx

--------------------------------------------------------------------------------
Title: KMSAN: uninit-value in unix_find_other
Last occurred: 356 days ago
Reported: 358 days ago
Branches: Mainline (with KMSAN patches)
Dashboard link: https://syzkaller.appspot.com/bug?id=a18dffaab644e1a6f8c7e85ff0e18b6293ba8af6
Original thread: https://lkml.kernel.org/lkml/0000000000004a927105708ab2d9@xxxxxxxxxx/T/#u

This bug has a C reproducer.

The original thread for this bug received 1 reply, 357 days ago.

If you fix this bug, please add the following tag to the commit:
Reported-by: syzbot+75d51fe5bf4ebe988518@xxxxxxxxxxxxxxxxxxxxxxxxx

If you send any email or patch for this bug, please consider replying to the
original thread. For the git send-email command to use, or tips on how to reply
if the thread isn't in your mailbox, see the "Reply instructions" at
https://lkml.kernel.org/r/0000000000004a927105708ab2d9@xxxxxxxxxx

--------------------------------------------------------------------------------
Title: KMSAN: uninit-value in p9_client_rpc
Last occurred: 354 days ago
Reported: 356 days ago
Branches: Mainline (with KMSAN patches)
Dashboard link: https://syzkaller.appspot.com/bug?id=a90ca45133088ce07550f7cee0be028ee079c3f4
Original thread: https://lkml.kernel.org/lkml/000000000000c541110570a978a4@xxxxxxxxxx/T/#u

This bug has a C reproducer.

The original thread for this bug received 1 reply, 354 days ago.

If you fix this bug, please add the following tag to the commit:
Reported-by: syzbot+4de40388f584432bf004@xxxxxxxxxxxxxxxxxxxxxxxxx

If you send any email or patch for this bug, please consider replying to the
original thread. For the git send-email command to use, or tips on how to reply
if the thread isn't in your mailbox, see the "Reply instructions" at
https://lkml.kernel.org/r/000000000000c541110570a978a4@xxxxxxxxxx

--------------------------------------------------------------------------------
Title: general protection fault in p9_conn_cancel
Last occurred: 337 days ago
Reported: 355 days ago
Branches: Mainline
Dashboard link: https://syzkaller.appspot.com/bug?id=914af3becc310b7a00c1107f0c97bc6a1834e81d
Original thread: https://lkml.kernel.org/lkml/000000000000ee4dab0570be896c@xxxxxxxxxx/T/#u

This bug has a C reproducer.

No one replied to the original thread for this bug.

If you fix this bug, please add the following tag to the commit:
Reported-by: syzbot+4d29d76a0da7a8c4d86c@xxxxxxxxxxxxxxxxxxxxxxxxx

If you send any email or patch for this bug, please consider replying to the
original thread. For the git send-email command to use, or tips on how to reply
if the thread isn't in your mailbox, see the "Reply instructions" at
https://lkml.kernel.org/r/000000000000ee4dab0570be896c@xxxxxxxxxx

--------------------------------------------------------------------------------
Title: KASAN: use-after-free Read in ep_scan_ready_list
Last occurred: 320 days ago
Reported: 355 days ago
Branches: Mainline and others
Dashboard link: https://syzkaller.appspot.com/bug?id=f668a9aa79ed08cc1f386be0930a529f285a4ec8
Original thread: https://lkml.kernel.org/lkml/0000000000005e2bf90570bbe2ab@xxxxxxxxxx/T/#u

This bug has a C reproducer.

No one replied to the original thread for this bug.

If you fix this bug, please add the following tag to the commit:
Reported-by: syzbot+78b902c73c69102cb767@xxxxxxxxxxxxxxxxxxxxxxxxx

If you send any email or patch for this bug, please consider replying to the
original thread. For the git send-email command to use, or tips on how to reply
if the thread isn't in your mailbox, see the "Reply instructions" at
https://lkml.kernel.org/r/0000000000005e2bf90570bbe2ab@xxxxxxxxxx

--------------------------------------------------------------------------------
Title: KASAN: use-after-free Read in p9_conn_cancel
Last occurred: 319 days ago
Reported: 358 days ago
Branches: Mainline and others
Dashboard link: https://syzkaller.appspot.com/bug?id=cc9f4ab3d1198237b0ee1f751ca02e21f8d46445
Original thread: https://lkml.kernel.org/lkml/000000000000d13b2e05708a9ca0@xxxxxxxxxx/T/#u

This bug has a C reproducer.

No one replied to the original thread for this bug.

If you fix this bug, please add the following tag to the commit:
Reported-by: syzbot+f0fdc967350bd580a80b@xxxxxxxxxxxxxxxxxxxxxxxxx

If you send any email or patch for this bug, please consider replying to the
original thread. For the git send-email command to use, or tips on how to reply
if the thread isn't in your mailbox, see the "Reply instructions" at
https://lkml.kernel.org/r/000000000000d13b2e05708a9ca0@xxxxxxxxxx

--------------------------------------------------------------------------------
Title: INFO: task hung in iterate_supers
Last occurred: 63 days ago
Reported: 356 days ago
Branches: Mainline and others
Dashboard link: https://syzkaller.appspot.com/bug?id=3c0c173ff55822aacb81ce7ae27a6676fba29a5c
Original thread: https://lkml.kernel.org/lkml/000000000000da8a9b0570a29c01@xxxxxxxxxx/T/#u

This bug has a C reproducer.

The original thread for this bug received 4 replies; the last was 353 days ago.

If you fix this bug, please add the following tag to the commit:
Reported-by: syzbot+2349f5067b1772c1d8a5@xxxxxxxxxxxxxxxxxxxxxxxxx

If you send any email or patch for this bug, please consider replying to the
original thread. For the git send-email command to use, or tips on how to reply
if the thread isn't in your mailbox, see the "Reply instructions" at
https://lkml.kernel.org/r/000000000000da8a9b0570a29c01@xxxxxxxxxx

--------------------------------------------------------------------------------
Title: INFO: task hung in flush_work
Last occurred: 60 days ago
Reported: 420 days ago
Branches: Mainline and others
Dashboard link: https://syzkaller.appspot.com/bug?id=70f8f16aafb20820a026882ea1ab613b4bfa2216
Original thread: https://lkml.kernel.org/lkml/000000000000b15fb3056b9f94e7@xxxxxxxxxx/T/#u

This bug has a C reproducer.

No one replied to the original thread for this bug.

If you fix this bug, please add the following tag to the commit:
Reported-by: syzbot+2e7b6af5956e05e5cff7@xxxxxxxxxxxxxxxxxxxxxxxxx

If you send any email or patch for this bug, please consider replying to the
original thread. For the git send-email command to use, or tips on how to reply
if the thread isn't in your mailbox, see the "Reply instructions" at
https://lkml.kernel.org/r/000000000000b15fb3056b9f94e7@xxxxxxxxxx

--------------------------------------------------------------------------------
Title: BUG: corrupted list in p9_write_work
Last occurred: 280 days ago
Reported: 325 days ago
Branches: Mainline and others
Dashboard link: https://syzkaller.appspot.com/bug?id=151aa3d92ac4b94c54797bd48465387068b1fddd
Original thread: https://lkml.kernel.org/lkml/0000000000002a2fdf0573107004@xxxxxxxxxx/T/#u

This bug has a C reproducer.

No one replied to the original thread for this bug.

If you fix this bug, please add the following tag to the commit:
Reported-by: syzbot+1788bd5d4e051da6ec08@xxxxxxxxxxxxxxxxxxxxxxxxx

If you send any email or patch for this bug, please consider replying to the
original thread. For the git send-email command to use, or tips on how to reply
if the thread isn't in your mailbox, see the "Reply instructions" at
https://lkml.kernel.org/r/0000000000002a2fdf0573107004@xxxxxxxxxx

--------------------------------------------------------------------------------
Title: BUG: corrupted list in p9_conn_cancel
Last occurred: 257 days ago
Reported: 357 days ago
Branches: Mainline and others
Dashboard link: https://syzkaller.appspot.com/bug?id=ed87cd63ebd6e82af690c83e59a3790276572fd1
Original thread: https://lkml.kernel.org/lkml/00000000000054395605708fbd13@xxxxxxxxxx/T/#u

This bug has a C reproducer.

No one replied to the original thread for this bug.

If you fix this bug, please add the following tag to the commit:
Reported-by: syzbot+ad0832746849421bba05@xxxxxxxxxxxxxxxxxxxxxxxxx

If you send any email or patch for this bug, please consider replying to the
original thread. For the git send-email command to use, or tips on how to reply
if the thread isn't in your mailbox, see the "Reply instructions" at
https://lkml.kernel.org/r/00000000000054395605708fbd13@xxxxxxxxxx

--------------------------------------------------------------------------------
Title: BUG: corrupted list in p9_read_work (2)
Last occurred: 82 days ago
Reported: 220 days ago
Branches: Mainline and others
Dashboard link: https://syzkaller.appspot.com/bug?id=5df4f85d764ee89863d0294b4e0c87ef2fd2c624
Original thread: https://lkml.kernel.org/lkml/000000000000807fe4057b4f19c6@xxxxxxxxxx/T/#u

This bug has a syzkaller reproducer only.

No one replied to the original thread for this bug.

If you fix this bug, please add the following tag to the commit:
Reported-by: syzbot+77a25acfa0382e06ab23@xxxxxxxxxxxxxxxxxxxxxxxxx

If you send any email or patch for this bug, please consider replying to the
original thread. For the git send-email command to use, or tips on how to reply
if the thread isn't in your mailbox, see the "Reply instructions" at
https://lkml.kernel.org/r/000000000000807fe4057b4f19c6@xxxxxxxxxx

--------------------------------------------------------------------------------
Title: WARNING: ODEBUG bug in p9_fd_close
Last occurred: 318 days ago
Reported: 358 days ago
Branches: Mainline and others
Dashboard link: https://syzkaller.appspot.com/bug?id=751ed5b74aa9a00ac4b39c32881fd32d6f6b875c
Original thread: https://lkml.kernel.org/lkml/00000000000024f01405708aab83@xxxxxxxxxx/T/#u

This bug has a C reproducer.

No one replied to the original thread for this bug.

If you fix this bug, please add the following tag to the commit:
Reported-by: syzbot+d702a81aadeedd565723@xxxxxxxxxxxxxxxxxxxxxxxxx

If you send any email or patch for this bug, please consider replying to the
original thread. For the git send-email command to use, or tips on how to reply
if the thread isn't in your mailbox, see the "Reply instructions" at
https://lkml.kernel.org/r/00000000000024f01405708aab83@xxxxxxxxxx

--------------------------------------------------------------------------------
Title: KASAN: use-after-free Read in generic_perform_write
Last occurred: 335 days ago
Reported: 347 days ago
Branches: linux-next
Dashboard link: https://syzkaller.appspot.com/bug?id=ffccb5b7eaae1bd46ec0bd18aa9923cee7cfdb60
Original thread: https://lkml.kernel.org/lkml/00000000000047116205715df655@xxxxxxxxxx/T/#u

This bug has a C reproducer.

The original thread for this bug received 3 replies; the last was 346 days ago.

If you fix this bug, please add the following tag to the commit:
Reported-by: syzbot+b173e77096a8ba815511@xxxxxxxxxxxxxxxxxxxxxxxxx

If you send any email or patch for this bug, please consider replying to the
original thread. For the git send-email command to use, or tips on how to reply
if the thread isn't in your mailbox, see the "Reply instructions" at
https://lkml.kernel.org/r/00000000000047116205715df655@xxxxxxxxxx

--------------------------------------------------------------------------------
Title: general protection fault in do_raw_spin_unlock
Last occurred: 350 days ago
Reported: 350 days ago
Branches: linux-next
Dashboard link: https://syzkaller.appspot.com/bug?id=ed176b6fd7180236cd56d904bd6dcabd6e2f318b
Original thread: https://lkml.kernel.org/lkml/000000000000fedc1105711f11fd@xxxxxxxxxx/T/#u

This bug has a syzkaller reproducer only.

No one replied to the original thread for this bug.

If you fix this bug, please add the following tag to the commit:
Reported-by: syzbot+83a25334ef203851dc81@xxxxxxxxxxxxxxxxxxxxxxxxx

If you send any email or patch for this bug, please consider replying to the
original thread. For the git send-email command to use, or tips on how to reply
if the thread isn't in your mailbox, see the "Reply instructions" at
https://lkml.kernel.org/r/000000000000fedc1105711f11fd@xxxxxxxxxx

--------------------------------------------------------------------------------
Title: general protection fault in p9_client_prepare_req
Last occurred: 278 days ago
Reported: 347 days ago
Branches: linux-next
Dashboard link: https://syzkaller.appspot.com/bug?id=993a3caa9e6efc13b53cd9531eeb9dc50d59a4e4
Original thread: https://lkml.kernel.org/lkml/0000000000007870ef0571590bb2@xxxxxxxxxx/T/#u

This bug has a C reproducer.

No one replied to the original thread for this bug.

If you fix this bug, please add the following tag to the commit:
Reported-by: syzbot+77a28a63a0ece0fbba97@xxxxxxxxxxxxxxxxxxxxxxxxx

If you send any email or patch for this bug, please consider replying to the
original thread. For the git send-email command to use, or tips on how to reply
if the thread isn't in your mailbox, see the "Reply instructions" at
https://lkml.kernel.org/r/0000000000007870ef0571590bb2@xxxxxxxxxx