bisecting cause commit starting from b94ae8ad9fe79da61231999f347f79645b909bda
building syzkaller on f879db37f90dcefb681897d2e486c11d8298cb72
testing commit b94ae8ad9fe79da61231999f347f79645b909bda with gcc (GCC) 8.1.0
kernel signature: 89ed449f18b6b243c99d105490f4b776cf8ed53f
all runs: crashed: general protection fault in override_creds
testing release v5.4
testing commit 219d54332a09e8d8741c1e1982f5eae56099de85 with gcc (GCC) 8.1.0
kernel signature: ff1b164c4e83e424e451806b42c8fb56027d5320
all runs: OK
# git bisect start b94ae8ad9fe79da61231999f347f79645b909bda 219d54332a09e8d8741c1e1982f5eae56099de85
Bisecting: 4915 revisions left to test after this (roughly 12 steps)
[361b0d286afea0d867537536977a695b5557d133] Merge tag 'devprop-5.5-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/rafael/linux-pm
testing commit 361b0d286afea0d867537536977a695b5557d133 with gcc (GCC) 8.1.0
kernel signature: 8968a05072947531cccb69122dc8c588d632ac75
all runs: OK
# git bisect good 361b0d286afea0d867537536977a695b5557d133
Bisecting: 2468 revisions left to test after this (roughly 11 steps)
[8c39f71ee2019e77ee14f88b1321b2348db51820] Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net
testing commit 8c39f71ee2019e77ee14f88b1321b2348db51820 with gcc (GCC) 8.1.0
kernel signature: ea24ff60f635c88c34ffe2d83e7239efe77b1eca
all runs: OK
# git bisect good 8c39f71ee2019e77ee14f88b1321b2348db51820
Bisecting: 1215 revisions left to test after this (roughly 10 steps)
[60845e34f0c5c19a9e86af477b429993952f585b] Merge tag 'drm-next-5.5-2019-10-25' of git://people.freedesktop.org/~agd5f/linux into drm-next
testing commit 60845e34f0c5c19a9e86af477b429993952f585b with gcc (GCC) 8.1.0
kernel signature: cf3d01fa50533333d8e379e0571ffb35740c54aa
all runs: OK
# git bisect good 60845e34f0c5c19a9e86af477b429993952f585b
Bisecting: 607 revisions left to test after this (roughly 9 steps)
[17eee668b3cad423a47c090fe2275733c55db910] Merge tag 'drm-misc-next-fixes-2019-11-20' of git://anongit.freedesktop.org/drm/drm-misc into drm-next
testing commit 17eee668b3cad423a47c090fe2275733c55db910 with gcc (GCC) 8.1.0
kernel signature: 92e7d1de56e88ae0723e7e8b7ca399629dfede39
all runs: OK
# git bisect good 17eee668b3cad423a47c090fe2275733c55db910
Bisecting: 292 revisions left to test after this (roughly 8 steps)
[21b26d2679584c6a60e861aa3e5ca09a6bab0633] Merge tag '5.5-rc-smb3-fixes' of git://git.samba.org/sfrench/cifs-2.6
testing commit 21b26d2679584c6a60e861aa3e5ca09a6bab0633 with gcc (GCC) 8.1.0
kernel signature: 359e61f0d32d1c4a48b1547f7406f3f4a6b4e0b9
all runs: crashed: general protection fault in override_creds
# git bisect bad 21b26d2679584c6a60e861aa3e5ca09a6bab0633
Bisecting: 165 revisions left to test after this (roughly 7 steps)
[aa32f1169148beb90d71494e2f2a1999ba7b5366] Merge tag 'for-linus-hmm' of git://git.kernel.org/pub/scm/linux/kernel/git/rdma/rdma
testing commit aa32f1169148beb90d71494e2f2a1999ba7b5366 with gcc (GCC) 8.1.0
kernel signature: 558069d078503dc3d01de255540236248add74d8
all runs: crashed: general protection fault in override_creds
# git bisect bad aa32f1169148beb90d71494e2f2a1999ba7b5366
Bisecting: 76 revisions left to test after this (roughly 6 steps)
[05bd375b6bdede3748023e130990c9b6214fd46a] Merge tag 'for-5.5/io_uring-post-20191128' of git://git.kernel.dk/linux-block
testing commit 05bd375b6bdede3748023e130990c9b6214fd46a with gcc (GCC) 8.1.0
kernel signature: a9fde40cfdeff3081b812fcfba52bd8555f1f13c
all runs: crashed: general protection fault in override_creds
# git bisect bad 05bd375b6bdede3748023e130990c9b6214fd46a
Bisecting: 35 revisions left to test after this (roughly 5 steps)
[cc42e0ac17d3664a70e020dfe7897f14e7aa7453] io_uring: store timeout's sqe->off in proper place
testing commit cc42e0ac17d3664a70e020dfe7897f14e7aa7453 with gcc (GCC) 8.1.0
kernel signature: 2e101dd1557f7dc125af69eb62c9eed89030af72
all runs: crashed: general protection fault in override_creds
# git bisect bad cc42e0ac17d3664a70e020dfe7897f14e7aa7453
Bisecting: 17 revisions left to test after this (roughly 4 steps)
[b76da70fc3759df13e0991706451f1a2e06ba19e] io_uring: close lookup gap for dependent next work
testing commit b76da70fc3759df13e0991706451f1a2e06ba19e with gcc (GCC) 8.1.0
kernel signature: c7c163b71c3cf4fbe26e41407216db879efb68ed
all runs: OK
# git bisect good b76da70fc3759df13e0991706451f1a2e06ba19e
Bisecting: 8 revisions left to test after this (roughly 3 steps)
[c4a2ed72c9a61594b6afc23e1fbc78878d32b5a3] io_uring: only return -EBUSY for submit on non-flushed backlog
testing commit c4a2ed72c9a61594b6afc23e1fbc78878d32b5a3 with gcc (GCC) 8.1.0
kernel signature: d5a54ee7bde2247e4cc810c84a22d90f1b41e459
all runs: OK
# git bisect good c4a2ed72c9a61594b6afc23e1fbc78878d32b5a3
Bisecting: 4 revisions left to test after this (roughly 2 steps)
[576a347b7af8abfbddc80783fb6629c2894d036e] io-wq: have io_wq_create() take a 'data' argument
testing commit 576a347b7af8abfbddc80783fb6629c2894d036e with gcc (GCC) 8.1.0
kernel signature: 6da6a80abdff645c4dcee910087f48bce866dde6
all runs: OK
# git bisect good 576a347b7af8abfbddc80783fb6629c2894d036e
Bisecting: 2 revisions left to test after this (roughly 1 step)
[8042d6ce8c40df0abb0d91662a754d074a3d3f16] io_uring: remove superfluous check for sqe->off in io_accept()
testing commit 8042d6ce8c40df0abb0d91662a754d074a3d3f16 with gcc (GCC) 8.1.0
kernel signature: 8307f33ec0d4f62a30fde63af952181a69ecd564
all runs: crashed: general protection fault in override_creds
# git bisect bad 8042d6ce8c40df0abb0d91662a754d074a3d3f16
Bisecting: 0 revisions left to test after this (roughly 0 steps)
[181e448d8709e517c9c7b523fcd209f24eb38ca7] io_uring: async workers should inherit the user creds
testing commit 181e448d8709e517c9c7b523fcd209f24eb38ca7 with gcc (GCC) 8.1.0
kernel signature: 67c3040472a1ffbb8f917d2574f4cab96bb8ddcc
all runs: crashed: general protection fault in override_creds
# git bisect bad 181e448d8709e517c9c7b523fcd209f24eb38ca7
181e448d8709e517c9c7b523fcd209f24eb38ca7 is the first bad commit
commit 181e448d8709e517c9c7b523fcd209f24eb38ca7
Author: Jens Axboe <axboe@kernel.dk>
Date:   Mon Nov 25 08:52:30 2019 -0700

    io_uring: async workers should inherit the user creds
    
    If we don't inherit the original task creds, then we can confuse users
    like fuse that pass creds in the request header. See link below on
    identical aio issue.
    
    Link: https://lore.kernel.org/linux-fsdevel/26f0d78e-99ca-2f1b-78b9-433088053a61@scylladb.com/T/#u
    Signed-off-by: Jens Axboe <axboe@kernel.dk>

 fs/io-wq.c    | 10 ++++++++++
 fs/io-wq.h    |  1 +
 fs/io_uring.c |  8 ++++++++
 3 files changed, 19 insertions(+)
kernel signature:   67c3040472a1ffbb8f917d2574f4cab96bb8ddcc
previous signature: 6da6a80abdff645c4dcee910087f48bce866dde6
revisions tested: 15, total time: 3h30m38.985444013s (build: 1h38m48.384511197s, test: 1h47m3.080838431s)
first bad commit: 181e448d8709e517c9c7b523fcd209f24eb38ca7 io_uring: async workers should inherit the user creds
cc: ["axboe@kernel.dk" "linux-block@vger.kernel.org" "linux-fsdevel@vger.kernel.org" "linux-kernel@vger.kernel.org" "viro@zeniv.linux.org.uk"]
crash: general protection fault in override_creds
kasan: CONFIG_KASAN_INLINE enabled
kasan: GPF could be caused by NULL-ptr deref or user memory access
general protection fault: 0000 [#1] PREEMPT SMP KASAN
CPU: 1 PID: 7879 Comm: io_uring-sq Not tainted 5.4.0-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
RIP: 0010:creds_are_invalid kernel/cred.c:792 [inline]
RIP: 0010:__validate_creds include/linux/cred.h:187 [inline]
RIP: 0010:override_creds+0x86/0x150 kernel/cred.c:550
Code: 03 0f 8e b5 00 00 00 81 7b 10 64 65 73 43 0f 85 d7 2c 00 00 49 8d 7c 24 10 48 b8 00 00 00 00 00 fc ff df 48 89 fa 48 c1 ea 03 <0f> b6 04 02 84 c0 74 08 3c 03 0f 8e 8c 00 00 00 41 81 7c 24 10 64
RSP: 0018:ffff88808dacfd68 EFLAGS: 00010202
RAX: dffffc0000000000 RBX: ffff8880a0a7fc00 RCX: ffffffff81bba0d4
RDX: 0000000000000002 RSI: 0000000000000008 RDI: 0000000000000010
RBP: ffff88808dacfd80 R08: ffffed1012ece4a1 R09: ffffed1012ece4a1
R10: ffffed1012ece4a0 R11: ffff888097672507 R12: 0000000000000000
R13: ffff88808dacfed8 R14: ffff888097672500 R15: ffff8880a3a7f000
FS:  0000000000000000(0000) GS:ffff8880ae900000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00000000004eca80 CR3: 000000009437a000 CR4: 00000000001406e0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
 io_sq_thread+0x1c4/0x950 fs/io_uring.c:3283
 kthread+0x331/0x3f0 kernel/kthread.c:255
 ret_from_fork+0x24/0x30 arch/x86/entry/entry_64.S:352
Modules linked in:
---[ end trace fb661ba05a641bee ]---
RIP: 0010:creds_are_invalid kernel/cred.c:792 [inline]
RIP: 0010:__validate_creds include/linux/cred.h:187 [inline]
RIP: 0010:override_creds+0x86/0x150 kernel/cred.c:550
Code: 03 0f 8e b5 00 00 00 81 7b 10 64 65 73 43 0f 85 d7 2c 00 00 49 8d 7c 24 10 48 b8 00 00 00 00 00 fc ff df 48 89 fa 48 c1 ea 03 <0f> b6 04 02 84 c0 74 08 3c 03 0f 8e 8c 00 00 00 41 81 7c 24 10 64
RSP: 0018:ffff88808dacfd68 EFLAGS: 00010202
RAX: dffffc0000000000 RBX: ffff8880a0a7fc00 RCX: ffffffff81bba0d4
RDX: 0000000000000002 RSI: 0000000000000008 RDI: 0000000000000010
RBP: ffff88808dacfd80 R08: ffffed1012ece4a1 R09: ffffed1012ece4a1
R10: ffffed1012ece4a0 R11: ffff888097672507 R12: 0000000000000000
R13: ffff88808dacfed8 R14: ffff888097672500 R15: ffff8880a3a7f000
FS:  0000000000000000(0000) GS:ffff8880ae800000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000000001079e80 CR3: 000000009feb2000 CR4: 00000000001406f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400