general protection fault in nbd_disconnect_and

general protection fault in nbd_disconnect_and_put
Status: upstream: reported C repro on 2021/02/22 09:05
Reported-by: syzbot+db0c9917f71539bc4ad1@syzkaller.appspotmail.com
First crash: 8d20h, last: 4h19m

Cause bisection: introduced by (bisect log) [no-op commit]:
commit 298ed2b31f55280624417f80a09de0e28db8f786
Author: Victor Ding <victording@google.com>
Date: Tue Oct 27 07:23:54 2020 +0000

x86/msr-index: sort AMD RAPL MSRs by address

Crash: BUG: sleeping function called from invalid context in sta_info_move_state (log)
Repro: C syz .config

similar bugs (2):
Kernel	Title	Repro	Cause bisect	Fix bisect	Count	Last	Reported	Patched	Status
linux-4.19	general protection fault in nbd_disconnect_and_put	C			8	1d23h	14d	0/1	upstream: reported C repro on 2021/02/14 12:13
linux-4.14	general protection fault in nbd_disconnect_and_put	C			29	3h57m	14d	0/1	upstream: reported C repro on 2021/02/14 12:55

Sample crash report:

block nbd0: NBD_DISCONNECT
general protection fault, probably for non-canonical address 0xdffffc0000000027: 0000 [#1] PREEMPT SMP KASAN
KASAN: null-ptr-deref in range [0x0000000000000138-0x000000000000013f]
CPU: 0 PID: 8395 Comm: systemd-udevd Not tainted 5.11.0-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
RIP: 0010:__lock_acquire+0x8a/0x5e90 kernel/locking/lockdep.c:4702
Code: ff df 8a 04 30 84 c0 0f 85 3b 26 00 00 83 3d c0 40 58 0c 00 0f 84 b1 41 00 00 83 3d cf 7b 02 0b 00 74 2b 4c 89 f8 48 c1 e8 03 <80> 3c 30 00 74 12 4c 89 ff e8 78 ce 5f 00 48 be 00 00 00 00 00 fc
RSP: 0018:ffffc90001a2f8f0 EFLAGS: 00010006
RAX: 0000000000000027 RBX: 0000000000000000 RCX: 0000000000000000
RDX: 0000000000000000 RSI: dffffc0000000000 RDI: 0000000000000138
RBP: ffffc90001a2faa0 R08: 0000000000000001 R09: 0000000000000000
R10: fffffbfff1b6727e R11: 0000000000000000 R12: ffff888022c3d340
R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000138
FS:  00007fce26a608c0(0000) GS:ffff8880b9c00000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007ffd2589efe8 CR3: 0000000013a4a000 CR4: 00000000001506f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
 lock_acquire+0x114/0x5e0 kernel/locking/lockdep.c:5442
 flush_workqueue+0x120/0x1620 kernel/workqueue.c:2786
 nbd_disconnect_and_put+0x124/0x1f0 drivers/block/nbd.c:1995
 nbd_release+0xeb/0x120 drivers/block/nbd.c:1505
 __blkdev_put+0x516/0x670 fs/block_dev.c:1579
 blkdev_put+0x2cd/0x440 fs/block_dev.c:1632
 blkdev_close+0x7a/0xa0 fs/block_dev.c:1640
 __fput+0x34d/0x7a0 fs/file_table.c:280
 task_work_run+0x137/0x1c0 kernel/task_work.c:140
 tracehook_notify_resume include/linux/tracehook.h:189 [inline]
 exit_to_user_mode_loop kernel/entry/common.c:174 [inline]
 exit_to_user_mode_prepare+0x10b/0x1e0 kernel/entry/common.c:201
 __syscall_exit_to_user_mode_work kernel/entry/common.c:283 [inline]
 syscall_exit_to_user_mode+0x48/0x180 kernel/entry/common.c:294
 entry_SYSCALL_64_after_hwframe+0x44/0xa9
RIP: 0033:0x7fce25ba6270
Code: 73 01 c3 48 8b 0d 38 7d 20 00 f7 d8 64 89 01 48 83 c8 ff c3 66 0f 1f 44 00 00 83 3d 59 c1 20 00 00 75 10 b8 03 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 31 c3 48 83 ec 08 e8 ee fb ff ff 48 89 04 24
RSP: 002b:00007ffddcf33578 EFLAGS: 00000246
 ORIG_RAX: 0000000000000003
RAX: 0000000000000000 RBX: 0000000000000007 RCX: 00007fce25ba6270
RDX: 000000000aba9500 RSI: 0000000000000000 RDI: 0000000000000007
RBP: 00007fce26a60710 R08: 000000000000004a R09: 0000000000000008
R10: 000055ed6e37e9a8 R11: 0000000000000246 R12: 0000000000000000
R13: 000055ed6e390fd0 R14: 0000000000000003 R15: 000000000000000e
Modules linked in:

---[ end trace aae642bbdfc14982 ]---
RIP: 0010:__lock_acquire+0x8a/0x5e90 kernel/locking/lockdep.c:4702
Code: ff df 8a 04 30 84 c0 0f 85 3b 26 00 00 83 3d c0 40 58 0c 00 0f 84 b1 41 00 00 83 3d cf 7b 02 0b 00 74 2b 4c 89 f8 48 c1 e8 03 <80> 3c 30 00 74 12 4c 89 ff e8 78 ce 5f 00 48 be 00 00 00 00 00 fc
RSP: 0018:ffffc90001a2f8f0 EFLAGS: 00010006
RAX: 0000000000000027 RBX: 0000000000000000 RCX: 0000000000000000
RDX: 0000000000000000 RSI: dffffc0000000000 RDI: 0000000000000138
RBP: ffffc90001a2faa0 R08: 0000000000000001 R09: 0000000000000000
R10: fffffbfff1b6727e R11: 0000000000000000 R12: ffff888022c3d340
R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000138
FS:  00007fce26a608c0(0000) GS:ffff8880b9c00000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007ffd2589efe8 CR3: 0000000013a4a000 CR4: 00000000001506f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400

Crashes (23):
Manager	Time	Kernel	Commit	Syzkaller	Config	Log	Report	Syz repro	C repro	VM info	Title
ci-upstream-kasan-gce-smack-root	2021/02/21 00:19	upstream	f40ddce8	3e5ed8b4	.config	log	report	syz	C		general protection fault in nbd_disconnect_and_put
ci-upstream-net-this-kasan-gce	2021/02/21 07:55	net	3af409ca	3e5ed8b4	.config	log	report	syz			general protection fault in nbd_disconnect_and_put
ci-upstream-net-kasan-gce	2021/02/21 07:57	net-next	38b5133a	3e5ed8b4	.config	log	report	syz			general protection fault in nbd_disconnect_and_put
ci-upstream-kasan-gce-smack-root	2021/02/26 21:06	upstream	2c87f7a3	4c37c133	.config	log	report			info	general protection fault in nbd_disconnect_and_put
ci-upstream-kasan-gce-smack-root	2021/02/26 14:27	upstream	2c87f7a3	4c37c133	.config	log	report			info	general protection fault in nbd_disconnect_and_put
ci-upstream-kasan-gce-root	2021/02/26 06:26	upstream	29c395c7	76f7fc95	.config	log	report			info	general protection fault in nbd_disconnect_and_put
ci-upstream-kasan-gce-smack-root	2021/02/24 07:18	upstream	c03c21ba	fcc6d71b	.config	log	report			info	general protection fault in nbd_disconnect_and_put
ci-upstream-kasan-gce-smack-root	2021/02/21 22:31	upstream	55f62bc8	a659b3f1	.config	log	report			info	general protection fault in nbd_disconnect_and_put
ci-upstream-kasan-gce-root	2021/02/21 02:59	upstream	f40ddce8	3e5ed8b4	.config	log	report			info	general protection fault in nbd_disconnect_and_put
ci-upstream-kasan-gce-smack-root	2021/02/21 00:03	upstream	f40ddce8	3e5ed8b4	.config	log	report			info	general protection fault in nbd_disconnect_and_put
ci-upstream-net-this-kasan-gce	2021/02/28 19:36	net	eee7ede6	4c37c133	.config	log	report			info	general protection fault in nbd_disconnect_and_put
ci-upstream-net-this-kasan-gce	2021/02/20 03:25	net	3af409ca	f689d40a	.config	log	report			info	general protection fault in nbd_disconnect_and_put
ci-upstream-net-kasan-gce	2021/02/28 19:08	net-next	d310ec03	4c37c133	.config	log	report			info	general protection fault in nbd_disconnect_and_put
ci-upstream-net-kasan-gce	2021/02/28 18:27	net-next	d310ec03	4c37c133	.config	log	report			info	general protection fault in nbd_disconnect_and_put
ci-upstream-net-kasan-gce	2021/02/28 07:32	net-next	d310ec03	4c37c133	.config	log	report			info	general protection fault in nbd_disconnect_and_put
ci-upstream-net-kasan-gce	2021/02/28 04:20	net-next	d310ec03	4c37c133	.config	log	report			info	general protection fault in nbd_disconnect_and_put
ci-upstream-net-kasan-gce	2021/02/26 15:49	net-next	d310ec03	4c37c133	.config	log	report			info	general protection fault in nbd_disconnect_and_put
ci-upstream-net-kasan-gce	2021/02/24 17:33	net-next	d310ec03	fcc6d71b	.config	log	report			info	general protection fault in nbd_disconnect_and_put
ci-upstream-net-kasan-gce	2021/02/21 09:10	net-next	38b5133a	3e5ed8b4	.config	log	report			info	general protection fault in nbd_disconnect_and_put
ci-upstream-net-kasan-gce	2021/02/20 15:33	net-next	38b5133a	3e5ed8b4	.config	log	report			info	general protection fault in nbd_disconnect_and_put
ci-upstream-linux-next-kasan-gce-root	2021/02/27 23:00	linux-next	d01f2f7e	4c37c133	.config	log	report			info	general protection fault in nbd_disconnect_and_put
ci-upstream-linux-next-kasan-gce-root	2021/02/27 04:37	linux-next	d01f2f7e	4c37c133	.config	log	report			info	general protection fault in nbd_disconnect_and_put
ci-upstream-linux-next-kasan-gce-root	2021/02/26 19:35	linux-next	d01f2f7e	4c37c133	.config	log	report			info	general protection fault in nbd_disconnect_and_put