general protection fault in try_to_wake

general protection fault in try_to_wake_up (2)
Status: upstream: reported C repro on 2021/02/26 14:48
Reported-by: syzbot+b4a81dc8727e513f364d@syzkaller.appspotmail.com
First crash: 148d, last: 104d

Cause bisection: introduced by (bisect log) :
commit 7c25c0d16ef3c37e49c593ac92f69fa3884d4bb9
Author: Jens Axboe <axboe@kernel.dk>
Date: Tue Feb 16 14:17:00 2021 +0000

io_uring: remove the need for relying on an io-wq fallback worker

Crash: SYZFAIL: wrong response packet (log)
Repro: C syz .config

Fix bisection: fixed by (bisect log) :
commit 363eaa3a450abb4e63bd6e3ad79d1f7a0f717814
Author: Shuah Khan <skhan@linuxfoundation.org>
Date: Tue Mar 30 01:36:51 2021 +0000

usbip: synchronize event handler with sysfs code paths

similar bugs (4):
Kernel	Title	Repro	Cause bisect	Fix bisect	Count	Last	Reported	Patched	Status
linux-4.14	general protection fault in try_to_wake_up	C		done	707	99d	128d	1/1	fixed on 2021/05/17 08:49
upstream	KASAN: use-after-free Read in try_to_wake_up	C	unreliable		82	148d	148d	0/22	closed as invalid on 2021/02/25 16:53
linux-4.19	general protection fault in try_to_wake_up	syz		done	229	40d	128d	1/1	fixed on 2021/07/14 00:01
upstream	general protection fault in try_to_wake_up	syz			1	1216d	1212d	6/22	fixed on 2018/04/06 16:37

Patch testing requests:
Created	Duration	User	Patch	Repo	Result
2021/03/22 13:04	17m	alaaemadhossney.ae@gmail.com		linux-next	OK

Sample crash report:

general protection fault, probably for non-canonical address 0xdffffc000000011a: 0000 [#1] PREEMPT SMP KASAN
KASAN: null-ptr-deref in range [0x00000000000008d0-0x00000000000008d7]
CPU: 0 PID: 8677 Comm: iou-wrk-8423 Not tainted 5.11.0-next-20210225-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
RIP: 0010:__lock_acquire+0xcfe/0x54c0 kernel/locking/lockdep.c:4770
Code: 0c 0e 41 bf 01 00 00 00 0f 86 8c 00 00 00 89 05 08 41 0c 0e e9 81 00 00 00 48 b8 00 00 00 00 00 fc ff df 4c 89 f2 48 c1 ea 03 <80> 3c 02 00 0f 85 5b 31 00 00 49 81 3e 80 73 3a 8f 0f 84 d0 f3 ff
RSP: 0018:ffffc9000213f988 EFLAGS: 00010002
RAX: dffffc0000000000 RBX: 0000000000000000 RCX: 0000000000000000
RDX: 000000000000011a RSI: 1ffff92000427f42 RDI: 00000000000008d0
RBP: 0000000000000000 R08: 0000000000000001 R09: 0000000000000001
R10: 0000000000000001 R11: 0000000000000000 R12: ffff88801ae7d400
R13: 0000000000000000 R14: 00000000000008d0 R15: 0000000000000000
FS:  000000000088a400(0000) GS:ffff8880b9c00000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007fa46e8f46c0 CR3: 000000001be5b000 CR4: 00000000001506f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
 lock_acquire kernel/locking/lockdep.c:5510 [inline]
 lock_acquire+0x1ab/0x730 kernel/locking/lockdep.c:5475
 __raw_spin_lock_irqsave include/linux/spinlock_api_smp.h:110 [inline]
 _raw_spin_lock_irqsave+0x39/0x50 kernel/locking/spinlock.c:159
 try_to_wake_up+0x98/0x14a0 kernel/sched/core.c:3347
 io_wqe_wake_worker+0x51a/0x680 fs/io-wq.c:248
 io_wqe_dec_running.isra.0+0xe6/0x100 fs/io-wq.c:265
 __io_worker_busy fs/io-wq.c:296 [inline]
 io_worker_handle_work+0x34f/0x1950 fs/io-wq.c:449
 io_wqe_worker fs/io-wq.c:531 [inline]
 task_thread.isra.0+0xfa8/0x1340 fs/io-wq.c:608
 task_thread_bound+0x18/0x20 fs/io-wq.c:614
 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:294
Modules linked in:
---[ end trace 1ccdee97cc2e65dd ]---
RIP: 0010:__lock_acquire+0xcfe/0x54c0 kernel/locking/lockdep.c:4770
Code: 0c 0e 41 bf 01 00 00 00 0f 86 8c 00 00 00 89 05 08 41 0c 0e e9 81 00 00 00 48 b8 00 00 00 00 00 fc ff df 4c 89 f2 48 c1 ea 03 <80> 3c 02 00 0f 85 5b 31 00 00 49 81 3e 80 73 3a 8f 0f 84 d0 f3 ff
RSP: 0018:ffffc9000213f988 EFLAGS: 00010002
RAX: dffffc0000000000 RBX: 0000000000000000 RCX: 0000000000000000
RDX: 000000000000011a RSI: 1ffff92000427f42 RDI: 00000000000008d0
RBP: 0000000000000000 R08: 0000000000000001 R09: 0000000000000001
R10: 0000000000000001 R11: 0000000000000000 R12: ffff88801ae7d400
R13: 0000000000000000 R14: 00000000000008d0 R15: 0000000000000000
FS:  000000000088a400(0000) GS:ffff8880b9c00000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007fa46e8f46c0 CR3: 000000001be5b000 CR4: 00000000001506f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400

Crashes (3088):
Manager	Time	Kernel	Commit	Syzkaller	Config	Log	Report	Syz repro	C repro	VM info	Title
ci-upstream-linux-next-kasan-gce-root	2021/02/25 20:16	linux-next	7f206cf3ec2b	76f7fc95	.config	log	report	syz	C		general protection fault in try_to_wake_up
ci-upstream-kasan-gce	2021/04/10 23:57	upstream	d4961772226d	bfeda1b1	.config	log	report	syz			general protection fault in try_to_wake_up
ci-upstream-kasan-gce-selinux-root	2021/04/09 17:07	upstream	4fa56ad0d12e	6a81331a	.config	log	report	syz			general protection fault in try_to_wake_up
ci-upstream-kasan-gce	2021/04/08 05:29	upstream	3a22981230f9	6a81331a	.config	log	report	syz			general protection fault in try_to_wake_up
ci-upstream-kasan-gce-smack-root	2021/04/06 17:38	upstream	0a50438c8436	6a81331a	.config	log	report	syz			general protection fault in try_to_wake_up
ci-upstream-kasan-gce-root	2021/04/06 17:00	upstream	0a50438c8436	6a81331a	.config	log	report	syz			general protection fault in try_to_wake_up
ci-upstream-kasan-gce-smack-root	2021/04/06 13:00	upstream	0a50438c8436	6a81331a	.config	log	report	syz			general protection fault in try_to_wake_up
ci-upstream-kasan-gce-root	2021/04/06 06:39	upstream	0a50438c8436	6a81331a	.config	log	report	syz			general protection fault in try_to_wake_up
ci-upstream-kasan-gce	2021/04/05 12:20	upstream	e49d033bddf5	6a81331a	.config	log	report	syz			general protection fault in try_to_wake_up
ci-upstream-kasan-gce-smack-root	2021/04/05 10:04	upstream	e49d033bddf5	6a81331a	.config	log	report	syz			general protection fault in try_to_wake_up
ci-upstream-kasan-gce-root	2021/04/04 20:00	upstream	2023a53bdf41	6a81331a	.config	log	report	syz			general protection fault in try_to_wake_up
ci-upstream-kasan-gce-selinux-root	2021/04/03 09:46	upstream	d93a0d43e3d0	6a81331a	.config	log	report	syz			general protection fault in try_to_wake_up
ci-upstream-kasan-gce	2021/04/01 17:50	upstream	d19cc4bfbff1	6a81331a	.config	log	report	syz			general protection fault in try_to_wake_up
ci-upstream-kasan-gce	2021/04/01 08:50	upstream	d19cc4bfbff1	6a81331a	.config	log	report	syz			general protection fault in try_to_wake_up
ci-upstream-kasan-gce	2021/03/31 19:35	upstream	5e46d1b78a03	6a81331a	.config	log	report	syz			general protection fault in try_to_wake_up
ci-upstream-kasan-gce-smack-root	2021/03/30 15:28	upstream	1e43c377a79f	6a81331a	.config	log	report	syz			general protection fault in try_to_wake_up
ci-upstream-kasan-gce-root	2021/03/30 11:22	upstream	1e43c377a79f	6a81331a	.config	log	report	syz			general protection fault in try_to_wake_up
ci-upstream-kasan-gce-smack-root	2021/03/30 07:58	upstream	1e43c377a79f	6a81331a	.config	log	report	syz			general protection fault in try_to_wake_up
ci-upstream-kasan-gce-root	2021/03/29 07:26	upstream	81b1d39fd39a	a8529b82	.config	log	report	syz			general protection fault in try_to_wake_up
ci-upstream-kasan-gce	2021/03/28 10:52	upstream	0f4498cef9f5	a8529b82	.config	log	report	syz			general protection fault in try_to_wake_up
ci-upstream-kasan-gce	2021/03/21 12:37	upstream	812da4d39463	17810eae	.config	log	report	syz			general protection fault in try_to_wake_up
ci-upstream-kasan-gce-smack-root	2021/03/21 12:31	upstream	812da4d39463	17810eae	.config	log	report	syz			general protection fault in try_to_wake_up
ci-upstream-kasan-gce-smack-root	2021/03/21 12:20	upstream	812da4d39463	17810eae	.config	log	report	syz			general protection fault in try_to_wake_up
ci-upstream-kasan-gce-selinux-root	2021/03/20 20:08	upstream	1c273e10bc0c	17810eae	.config	log	report	syz			general protection fault in try_to_wake_up
ci-upstream-linux-next-kasan-gce-root	2021/03/30 15:16	linux-next	931294922e65	6a81331a	.config	log	report	syz			general protection fault in try_to_wake_up
ci-upstream-linux-next-kasan-gce-root	2021/03/23 23:18	linux-next	d949689e7383	e613994b	.config	log	report	syz			general protection fault in try_to_wake_up
ci-upstream-kasan-gce-smack-root	2021/04/11 02:02	upstream	d4961772226d	bfeda1b1	.config	log	report			info	general protection fault in try_to_wake_up
ci-upstream-kasan-gce-smack-root	2021/04/11 00:35	upstream	d4961772226d	bfeda1b1	.config	log	report			info	general protection fault in try_to_wake_up
ci-upstream-kasan-gce-smack-root	2021/04/10 23:54	upstream	d4961772226d	bfeda1b1	.config	log	report			info	general protection fault in try_to_wake_up
ci-upstream-kasan-gce-root	2021/04/10 22:29	upstream	d4961772226d	bfeda1b1	.config	log	report			info	general protection fault in try_to_wake_up
ci-upstream-kasan-gce-smack-root	2021/04/10 21:10	upstream	d4961772226d	bfeda1b1	.config	log	report			info	general protection fault in try_to_wake_up
ci-upstream-kasan-gce	2021/04/10 19:54	upstream	d4961772226d	bfeda1b1	.config	log	report			info	general protection fault in try_to_wake_up
ci-upstream-kasan-gce-smack-root	2021/04/10 18:49	upstream	d4961772226d	bfeda1b1	.config	log	report			info	general protection fault in try_to_wake_up
ci-upstream-kasan-gce	2021/04/10 17:48	upstream	d4961772226d	bfeda1b1	.config	log	report			info	general protection fault in try_to_wake_up
ci-upstream-kasan-gce	2021/04/10 16:17	upstream	d4961772226d	bfeda1b1	.config	log	report			info	general protection fault in try_to_wake_up
ci-upstream-kasan-gce-root	2021/04/10 15:35	upstream	d4961772226d	bfeda1b1	.config	log	report			info	general protection fault in try_to_wake_up
ci-upstream-kasan-gce	2021/04/10 13:24	upstream	d4961772226d	bfeda1b1	.config	log	report			info	general protection fault in try_to_wake_up
ci-upstream-kasan-gce-smack-root	2021/04/10 11:18	upstream	d4961772226d	bfeda1b1	.config	log	report			info	general protection fault in try_to_wake_up
ci-upstream-kasan-gce	2021/04/10 09:03	upstream	d4961772226d	bfeda1b1	.config	log	report			info	general protection fault in try_to_wake_up
ci-upstream-kasan-gce-selinux-root	2021/04/10 07:21	upstream	17e7124aad76	6a81331a	.config	log	report			info	general protection fault in try_to_wake_up
ci-upstream-kasan-gce-smack-root	2021/04/10 06:19	upstream	17e7124aad76	6a81331a	.config	log	report			info	general protection fault in try_to_wake_up
ci-upstream-kasan-gce-selinux-root	2021/04/10 02:40	upstream	17e7124aad76	6a81331a	.config	log	report			info	general protection fault in try_to_wake_up
ci-upstream-kasan-gce	2021/04/10 01:35	upstream	17e7124aad76	6a81331a	.config	log	report			info	general protection fault in try_to_wake_up
ci-upstream-kasan-gce-selinux-root	2021/04/10 00:25	upstream	17e7124aad76	6a81331a	.config	log	report			info	general protection fault in try_to_wake_up
ci-upstream-kasan-gce-smack-root	2021/04/09 23:21	upstream	17e7124aad76	6a81331a	.config	log	report			info	general protection fault in try_to_wake_up
ci-upstream-kasan-gce-smack-root	2021/04/09 20:51	upstream	17e7124aad76	6a81331a	.config	log	report			info	general protection fault in try_to_wake_up
ci-upstream-kasan-gce	2021/04/09 19:40	upstream	17e7124aad76	6a81331a	.config	log	report			info	general protection fault in try_to_wake_up
ci-upstream-kasan-gce	2021/04/09 17:38	upstream	4fa56ad0d12e	6a81331a	.config	log	report			info	general protection fault in try_to_wake_up
ci-upstream-kasan-gce-smack-root	2021/04/09 15:51	upstream	4fa56ad0d12e	6a81331a	.config	log	report			info	general protection fault in try_to_wake_up
ci-upstream-kasan-gce-selinux-root	2021/04/09 14:46	upstream	4fa56ad0d12e	6a81331a	.config	log	report			info	general protection fault in try_to_wake_up
ci-upstream-kasan-gce	2021/04/09 13:19	upstream	4fa56ad0d12e	6a81331a	.config	log	report			info	general protection fault in try_to_wake_up
ci-upstream-kasan-gce-root	2021/04/09 12:18	upstream	4fa56ad0d12e	6a81331a	.config	log	report			info	general protection fault in try_to_wake_up
ci-upstream-kasan-gce-smack-root	2021/04/09 11:04	upstream	4fa56ad0d12e	6a81331a	.config	log	report			info	general protection fault in try_to_wake_up
ci-upstream-kasan-gce-root	2021/04/09 10:02	upstream	4fa56ad0d12e	6a81331a	.config	log	report			info	general protection fault in try_to_wake_up
ci-upstream-kasan-gce-selinux-root	2021/04/09 09:39	upstream	4fa56ad0d12e	6a81331a	.config	log	report			info	general protection fault in try_to_wake_up
ci-upstream-kasan-gce	2021/04/09 07:00	upstream	4fa56ad0d12e	6a81331a	.config	log	report			info	general protection fault in try_to_wake_up
ci-upstream-kasan-gce-smack-root	2021/04/09 05:55	upstream	4fa56ad0d12e	6a81331a	.config	log	report			info	general protection fault in try_to_wake_up
ci-upstream-kasan-gce-selinux-root	2021/04/09 05:23	upstream	4fa56ad0d12e	6a81331a	.config	log	report			info	general protection fault in try_to_wake_up
ci-upstream-kasan-gce	2021/04/09 04:21	upstream	4fa56ad0d12e	6a81331a	.config	log	report			info	general protection fault in try_to_wake_up
ci-upstream-kasan-gce-root	2021/04/09 03:18	upstream	4fa56ad0d12e	6a81331a	.config	log	report			info	general protection fault in try_to_wake_up
ci-upstream-kasan-gce-selinux-root	2021/04/09 02:14	upstream	4fa56ad0d12e	6a81331a	.config	log	report			info	general protection fault in try_to_wake_up
ci-upstream-kasan-gce	2021/04/09 01:30	upstream	454859c552da	6a81331a	.config	log	report			info	general protection fault in try_to_wake_up
ci-upstream-kasan-gce-smack-root	2021/04/09 00:29	upstream	454859c552da	6a81331a	.config	log	report			info	general protection fault in try_to_wake_up
ci-upstream-kasan-gce	2021/04/08 23:26	upstream	454859c552da	6a81331a	.config	log	report			info	general protection fault in try_to_wake_up
ci-upstream-kasan-gce-selinux-root	2021/04/08 22:14	upstream	454859c552da	6a81331a	.config	log	report			info	general protection fault in try_to_wake_up
ci-qemu-upstream	2021/03/29 02:44	upstream	36a14638f7c0	a8529b82	.config	log	report			info	general protection fault in try_to_wake_up
ci-upstream-kasan-gce-386	2021/04/10 12:20	upstream	d4961772226d	bfeda1b1	.config	log	report			info	general protection fault in try_to_wake_up
ci-upstream-kasan-gce-386	2021/04/10 10:14	upstream	d4961772226d	bfeda1b1	.config	log	report			info	general protection fault in try_to_wake_up
ci-upstream-kasan-gce-386	2021/04/10 05:02	upstream	17e7124aad76	6a81331a	.config	log	report			info	general protection fault in try_to_wake_up
ci-upstream-kasan-gce-386	2021/04/09 22:02	upstream	17e7124aad76	6a81331a	.config	log	report			info	general protection fault in try_to_wake_up
ci-upstream-kasan-gce-386	2021/04/09 20:53	upstream	17e7124aad76	6a81331a	.config	log	report			info	general protection fault in try_to_wake_up
ci-upstream-kasan-gce-386	2021/04/09 18:39	upstream	17e7124aad76	6a81331a	.config	log	report			info	general protection fault in try_to_wake_up
ci-upstream-kasan-gce-386	2021/04/09 08:03	upstream	4fa56ad0d12e	6a81331a	.config	log	report			info	general protection fault in try_to_wake_up
ci-qemu-upstream-386	2021/03/25 22:25	upstream	002322402daf	6a383ecf	.config	log	report			info	general protection fault in try_to_wake_up
ci-upstream-linux-next-kasan-gce-root	2021/04/06 08:32	linux-next	454c576c3f5e	6a81331a	.config	log	report			info	general protection fault in try_to_wake_up
ci-upstream-linux-next-kasan-gce-root	2021/02/25 18:36	linux-next	7f206cf3ec2b	76f7fc95	.config	log	report			info	general protection fault in try_to_wake_up
ci-qemu2-arm32	2021/03/14 16:05	upstream	88fe49249c99	4a003785	.config	log	report			info	BUG: unable to handle kernel NULL pointer dereference in try_to_wake_up
ci-qemu2-arm32	2021/03/14 06:12	upstream	88fe49249c99	4a003785	.config	log	report			info	BUG: unable to handle kernel NULL pointer dereference in try_to_wake_up