syzbot

 sign-in | mailing list | source | docs
🐞 Open [961] 🐞 Fixed [3806] 🐞 Invalid [8177] 📈 Kernel Health 📈 Bug Lifetimes 📈 Fuzzing 📈 Crashes

general protection fault in try_to_wake_up (2)
Status: upstream: reported C repro on 2021/02/26 14:48
Reported-by: syzbot+b4a81dc8727e513f364d@syzkaller.appspotmail.com
First crash: 455d, last: 136d

Cause bisection: introduced by (bisect log) :
commit 7c25c0d16ef3c37e49c593ac92f69fa3884d4bb9
Author: Jens Axboe <axboe@kernel.dk>
Date: Tue Feb 16 14:17:00 2021 +0000

  io_uring: remove the need for relying on an io-wq fallback worker

Crash: SYZFAIL: wrong response packet (log)
Repro: C syz .config

Fix bisection: fixed by (bisect log) :
commit 363eaa3a450abb4e63bd6e3ad79d1f7a0f717814
Author: Shuah Khan <skhan@linuxfoundation.org>
Date: Tue Mar 30 01:36:51 2021 +0000

  usbip: synchronize event handler with sysfs code paths

similar bugs (5):
Kernel Title Repro Cause bisect Fix bisect Count Last Reported Patched Status
linux-4.14 general protection fault in try_to_wake_up C done 707 405d 435d 1/1 fixed on 2021/05/17 08:49
upstream KASAN: use-after-free Read in try_to_wake_up C unreliable 82 455d 455d 0/22 closed as invalid on 2021/02/25 16:53
linux-4.19 general protection fault in try_to_wake_up syz done 229 347d 434d 1/1 fixed on 2021/07/14 00:01
upstream general protection fault in try_to_wake_up syz 1 1523d 1519d 6/22 fixed on 2018/04/06 16:37
upstream KMSAN: uninit-value in try_to_wake_up 1 1450d 1450d 0/22 closed as invalid on 2018/06/28 12:38
Patch testing requests:
Created Duration User Patch Repo Result
2021/03/22 13:04 17m alaaemadhossney.ae@gmail.com linux-next OK

Sample crash report:
general protection fault, probably for non-canonical address 0xdffffc000000011a: 0000 [#1] PREEMPT SMP KASAN
KASAN: null-ptr-deref in range [0x00000000000008d0-0x00000000000008d7]
CPU: 0 PID: 8677 Comm: iou-wrk-8423 Not tainted 5.11.0-next-20210225-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
RIP: 0010:__lock_acquire+0xcfe/0x54c0 kernel/locking/lockdep.c:4770
Code: 0c 0e 41 bf 01 00 00 00 0f 86 8c 00 00 00 89 05 08 41 0c 0e e9 81 00 00 00 48 b8 00 00 00 00 00 fc ff df 4c 89 f2 48 c1 ea 03 <80> 3c 02 00 0f 85 5b 31 00 00 49 81 3e 80 73 3a 8f 0f 84 d0 f3 ff
RSP: 0018:ffffc9000213f988 EFLAGS: 00010002
RAX: dffffc0000000000 RBX: 0000000000000000 RCX: 0000000000000000
RDX: 000000000000011a RSI: 1ffff92000427f42 RDI: 00000000000008d0
RBP: 0000000000000000 R08: 0000000000000001 R09: 0000000000000001
R10: 0000000000000001 R11: 0000000000000000 R12: ffff88801ae7d400
R13: 0000000000000000 R14: 00000000000008d0 R15: 0000000000000000
FS:  000000000088a400(0000) GS:ffff8880b9c00000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007fa46e8f46c0 CR3: 000000001be5b000 CR4: 00000000001506f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
 lock_acquire kernel/locking/lockdep.c:5510 [inline]
 lock_acquire+0x1ab/0x730 kernel/locking/lockdep.c:5475
 __raw_spin_lock_irqsave include/linux/spinlock_api_smp.h:110 [inline]
 _raw_spin_lock_irqsave+0x39/0x50 kernel/locking/spinlock.c:159
 try_to_wake_up+0x98/0x14a0 kernel/sched/core.c:3347
 io_wqe_wake_worker+0x51a/0x680 fs/io-wq.c:248
 io_wqe_dec_running.isra.0+0xe6/0x100 fs/io-wq.c:265
 __io_worker_busy fs/io-wq.c:296 [inline]
 io_worker_handle_work+0x34f/0x1950 fs/io-wq.c:449
 io_wqe_worker fs/io-wq.c:531 [inline]
 task_thread.isra.0+0xfa8/0x1340 fs/io-wq.c:608
 task_thread_bound+0x18/0x20 fs/io-wq.c:614
 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:294
Modules linked in:
---[ end trace 1ccdee97cc2e65dd ]---
RIP: 0010:__lock_acquire+0xcfe/0x54c0 kernel/locking/lockdep.c:4770
Code: 0c 0e 41 bf 01 00 00 00 0f 86 8c 00 00 00 89 05 08 41 0c 0e e9 81 00 00 00 48 b8 00 00 00 00 00 fc ff df 4c 89 f2 48 c1 ea 03 <80> 3c 02 00 0f 85 5b 31 00 00 49 81 3e 80 73 3a 8f 0f 84 d0 f3 ff
RSP: 0018:ffffc9000213f988 EFLAGS: 00010002
RAX: dffffc0000000000 RBX: 0000000000000000 RCX: 0000000000000000
RDX: 000000000000011a RSI: 1ffff92000427f42 RDI: 00000000000008d0
RBP: 0000000000000000 R08: 0000000000000001 R09: 0000000000000001
R10: 0000000000000001 R11: 0000000000000000 R12: ffff88801ae7d400
R13: 0000000000000000 R14: 00000000000008d0 R15: 0000000000000000
FS:  000000000088a400(0000) GS:ffff8880b9c00000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007fa46e8f46c0 CR3: 000000001be5b000 CR4: 00000000001506f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400

Crashes (3091):
Manager Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Title
ci-upstream-linux-next-kasan-gce-root 2021/02/25 20:16 linux-next 7f206cf3ec2b 76f7fc95 .config log report syz C general protection fault in try_to_wake_up
ci-upstream-kasan-gce 2021/04/10 23:57 upstream d4961772226d bfeda1b1 .config log report syz general protection fault in try_to_wake_up
ci-upstream-kasan-gce-selinux-root 2021/04/09 17:07 upstream 4fa56ad0d12e 6a81331a .config log report syz general protection fault in try_to_wake_up
ci-upstream-kasan-gce 2021/04/08 05:29 upstream 3a22981230f9 6a81331a .config log report syz general protection fault in try_to_wake_up
ci-upstream-kasan-gce-smack-root 2021/04/06 17:38 upstream 0a50438c8436 6a81331a .config log report syz general protection fault in try_to_wake_up
ci-upstream-kasan-gce-root 2021/04/06 17:00 upstream 0a50438c8436 6a81331a .config log report syz general protection fault in try_to_wake_up
ci-upstream-kasan-gce-smack-root 2021/04/06 13:00 upstream 0a50438c8436 6a81331a .config log report syz general protection fault in try_to_wake_up
ci-upstream-kasan-gce-root 2021/04/06 06:39 upstream 0a50438c8436 6a81331a .config log report syz general protection fault in try_to_wake_up
ci-upstream-kasan-gce 2021/04/05 12:20 upstream e49d033bddf5 6a81331a .config log report syz general protection fault in try_to_wake_up
ci-upstream-kasan-gce-smack-root 2021/04/05 10:04 upstream e49d033bddf5 6a81331a .config log report syz general protection fault in try_to_wake_up
ci-upstream-kasan-gce-root 2021/04/04 20:00 upstream 2023a53bdf41 6a81331a .config log report syz general protection fault in try_to_wake_up
ci-upstream-kasan-gce-selinux-root 2021/04/03 09:46 upstream d93a0d43e3d0 6a81331a .config log report syz general protection fault in try_to_wake_up
ci-upstream-kasan-gce 2021/04/01 17:50 upstream d19cc4bfbff1 6a81331a .config log report syz general protection fault in try_to_wake_up
ci-upstream-kasan-gce 2021/04/01 08:50 upstream d19cc4bfbff1 6a81331a .config log report syz general protection fault in try_to_wake_up
ci-upstream-kasan-gce 2021/03/31 19:35 upstream 5e46d1b78a03 6a81331a .config log report syz general protection fault in try_to_wake_up
ci-upstream-kasan-gce-smack-root 2021/03/30 15:28 upstream 1e43c377a79f 6a81331a .config log report syz general protection fault in try_to_wake_up
ci-upstream-kasan-gce-root 2021/03/30 11:22 upstream 1e43c377a79f 6a81331a .config log report syz general protection fault in try_to_wake_up
ci-upstream-kasan-gce-smack-root 2021/03/30 07:58 upstream 1e43c377a79f 6a81331a .config log report syz general protection fault in try_to_wake_up
ci-upstream-kasan-gce-root 2021/03/29 07:26 upstream 81b1d39fd39a a8529b82 .config log report syz general protection fault in try_to_wake_up
ci-upstream-kasan-gce 2021/03/28 10:52 upstream 0f4498cef9f5 a8529b82 .config log report syz general protection fault in try_to_wake_up
ci-upstream-kasan-gce 2021/03/21 12:37 upstream 812da4d39463 17810eae .config log report syz general protection fault in try_to_wake_up
ci-upstream-kasan-gce-smack-root 2021/03/21 12:31 upstream 812da4d39463 17810eae .config log report syz general protection fault in try_to_wake_up
ci-upstream-kasan-gce-smack-root 2021/03/21 12:20 upstream 812da4d39463 17810eae .config log report syz general protection fault in try_to_wake_up
ci-upstream-kasan-gce-selinux-root 2021/03/20 20:08 upstream 1c273e10bc0c 17810eae .config log report syz general protection fault in try_to_wake_up
ci-upstream-linux-next-kasan-gce-root 2021/03/30 15:16 linux-next 931294922e65 6a81331a .config log report syz general protection fault in try_to_wake_up
ci-upstream-linux-next-kasan-gce-root 2021/03/23 23:18 linux-next d949689e7383 e613994b .config log report syz general protection fault in try_to_wake_up
ci-upstream-kasan-gce-smack-root 2021/04/11 02:02 upstream d4961772226d bfeda1b1 .config log report info general protection fault in try_to_wake_up
ci-upstream-kasan-gce-smack-root 2021/04/11 00:35 upstream d4961772226d bfeda1b1 .config log report info general protection fault in try_to_wake_up
ci-upstream-kasan-gce-smack-root 2021/04/10 23:54 upstream d4961772226d bfeda1b1 .config log report info general protection fault in try_to_wake_up
ci-upstream-kasan-gce-root 2021/04/10 22:29 upstream d4961772226d bfeda1b1 .config log report info general protection fault in try_to_wake_up
ci-upstream-kasan-gce-smack-root 2021/04/10 21:10 upstream d4961772226d bfeda1b1 .config log report info general protection fault in try_to_wake_up
ci-upstream-kasan-gce 2021/04/10 19:54 upstream d4961772226d bfeda1b1 .config log report info general protection fault in try_to_wake_up
ci-upstream-kasan-gce-smack-root 2021/04/10 18:49 upstream d4961772226d bfeda1b1 .config log report info general protection fault in try_to_wake_up
ci-upstream-kasan-gce 2021/04/10 17:48 upstream d4961772226d bfeda1b1 .config log report info general protection fault in try_to_wake_up
ci-upstream-kasan-gce 2021/04/10 16:17 upstream d4961772226d bfeda1b1 .config log report info general protection fault in try_to_wake_up
ci-upstream-kasan-gce-root 2021/04/10 15:35 upstream d4961772226d bfeda1b1 .config log report info general protection fault in try_to_wake_up
ci-upstream-kasan-gce 2021/04/10 13:24 upstream d4961772226d bfeda1b1 .config log report info general protection fault in try_to_wake_up
ci-upstream-kasan-gce-smack-root 2021/04/10 11:18 upstream d4961772226d bfeda1b1 .config log report info general protection fault in try_to_wake_up
ci-upstream-kasan-gce 2021/04/10 09:03 upstream d4961772226d bfeda1b1 .config log report info general protection fault in try_to_wake_up
ci-upstream-kasan-gce-selinux-root 2021/04/10 07:21 upstream 17e7124aad76 6a81331a .config log report info general protection fault in try_to_wake_up
ci-upstream-kasan-gce-smack-root 2021/04/10 06:19 upstream 17e7124aad76 6a81331a .config log report info general protection fault in try_to_wake_up
ci-upstream-kasan-gce-selinux-root 2021/04/10 02:40 upstream 17e7124aad76 6a81331a .config log report info general protection fault in try_to_wake_up
ci-upstream-kasan-gce 2021/04/10 01:35 upstream 17e7124aad76 6a81331a .config log report info general protection fault in try_to_wake_up
ci-upstream-kasan-gce-selinux-root 2021/04/10 00:25 upstream 17e7124aad76 6a81331a .config log report info general protection fault in try_to_wake_up
ci-upstream-kasan-gce-smack-root 2021/04/09 23:21 upstream 17e7124aad76 6a81331a .config log report info general protection fault in try_to_wake_up
ci-upstream-kasan-gce-smack-root 2021/04/09 20:51 upstream 17e7124aad76 6a81331a .config log report info general protection fault in try_to_wake_up
ci-upstream-kasan-gce 2021/04/09 19:40 upstream 17e7124aad76 6a81331a .config log report info general protection fault in try_to_wake_up
ci-upstream-kasan-gce 2021/04/09 17:38 upstream 4fa56ad0d12e 6a81331a .config log report info general protection fault in try_to_wake_up
ci-upstream-kasan-gce-smack-root 2021/04/09 15:51 upstream 4fa56ad0d12e 6a81331a .config log report info general protection fault in try_to_wake_up
ci-upstream-kasan-gce-selinux-root 2021/04/09 14:46 upstream 4fa56ad0d12e 6a81331a .config log report info general protection fault in try_to_wake_up
ci-upstream-kasan-gce 2021/04/09 13:19 upstream 4fa56ad0d12e 6a81331a .config log report info general protection fault in try_to_wake_up
ci-upstream-kasan-gce-root 2021/04/09 12:18 upstream 4fa56ad0d12e 6a81331a .config log report info general protection fault in try_to_wake_up
ci-upstream-kasan-gce-smack-root 2021/04/09 11:04 upstream 4fa56ad0d12e 6a81331a .config log report info general protection fault in try_to_wake_up
ci-upstream-kasan-gce-root 2021/04/09 10:02 upstream 4fa56ad0d12e 6a81331a .config log report info general protection fault in try_to_wake_up
ci-upstream-kasan-gce-selinux-root 2021/04/09 09:39 upstream 4fa56ad0d12e 6a81331a .config log report info general protection fault in try_to_wake_up
ci-upstream-kasan-gce 2021/04/09 07:00 upstream 4fa56ad0d12e 6a81331a .config log report info general protection fault in try_to_wake_up
ci-upstream-kasan-gce-smack-root 2021/04/09 05:55 upstream 4fa56ad0d12e 6a81331a .config log report info general protection fault in try_to_wake_up
ci-upstream-kasan-gce-selinux-root 2021/04/09 05:23 upstream 4fa56ad0d12e 6a81331a .config log report info general protection fault in try_to_wake_up
ci-upstream-kasan-gce 2021/04/09 04:21 upstream 4fa56ad0d12e 6a81331a .config log report info general protection fault in try_to_wake_up
ci-upstream-kasan-gce-root 2021/04/09 03:18 upstream 4fa56ad0d12e 6a81331a .config log report info general protection fault in try_to_wake_up
ci-upstream-kasan-gce-selinux-root 2021/04/09 02:14 upstream 4fa56ad0d12e 6a81331a .config log report info general protection fault in try_to_wake_up
ci-upstream-kasan-gce 2021/04/09 01:30 upstream 454859c552da 6a81331a .config log report info general protection fault in try_to_wake_up
ci-upstream-kasan-gce-smack-root 2021/04/09 00:29 upstream 454859c552da 6a81331a .config log report info general protection fault in try_to_wake_up
ci-upstream-kasan-gce 2021/04/08 23:26 upstream 454859c552da 6a81331a .config log report info general protection fault in try_to_wake_up
ci-upstream-kasan-gce-selinux-root 2021/04/08 22:14 upstream 454859c552da 6a81331a .config log report info general protection fault in try_to_wake_up
ci-qemu-upstream 2021/03/29 02:44 upstream 36a14638f7c0 a8529b82 .config log report info general protection fault in try_to_wake_up
ci-upstream-kasan-gce-386 2021/04/10 12:20 upstream d4961772226d bfeda1b1 .config log report info general protection fault in try_to_wake_up
ci-upstream-kasan-gce-386 2021/04/10 10:14 upstream d4961772226d bfeda1b1 .config log report info general protection fault in try_to_wake_up
ci-upstream-kasan-gce-386 2021/04/10 05:02 upstream 17e7124aad76 6a81331a .config log report info general protection fault in try_to_wake_up
ci-upstream-kasan-gce-386 2021/04/09 22:02 upstream 17e7124aad76 6a81331a .config log report info general protection fault in try_to_wake_up
ci-upstream-kasan-gce-386 2021/04/09 20:53 upstream 17e7124aad76 6a81331a .config log report info general protection fault in try_to_wake_up
ci-upstream-kasan-gce-386 2021/04/09 18:39 upstream 17e7124aad76 6a81331a .config log report info general protection fault in try_to_wake_up
ci-upstream-kasan-gce-386 2021/04/09 08:03 upstream 4fa56ad0d12e 6a81331a .config log report info general protection fault in try_to_wake_up
ci-qemu-upstream-386 2021/03/25 22:25 upstream 002322402daf 6a383ecf .config log report info general protection fault in try_to_wake_up
ci2-upstream-usb 2022/01/10 02:00 https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing cbb4f5f43599 2ca0d385 .config log report info general protection fault in try_to_wake_up
ci-upstream-linux-next-kasan-gce-root 2021/04/06 08:32 linux-next 454c576c3f5e 6a81331a .config log report info general protection fault in try_to_wake_up
ci-upstream-linux-next-kasan-gce-root 2021/02/25 18:36 linux-next 7f206cf3ec2b 76f7fc95 .config log report info general protection fault in try_to_wake_up
ci-qemu2-arm32 2021/03/14 16:05 upstream 88fe49249c99 4a003785 .config log report info BUG: unable to handle kernel NULL pointer dereference in try_to_wake_up
ci-qemu2-arm32 2021/03/14 06:12 upstream 88fe49249c99 4a003785 .config log report info BUG: unable to handle kernel NULL pointer dereference in try_to_wake_up
ci-upstream-kmsan-gce 2021/11/05 20:44 https://github.com/google/kmsan.git master a3e5c559028e 4c1be0be .config log report info KMSAN: uninit-value in try_to_wake_up
ci-upstream-kmsan-gce 2021/09/26 04:46 https://github.com/google/kmsan.git master cd2c05533838 8cac236e .config log report info KMSAN: uninit-value in try_to_wake_up