syzbot


kernel BUG at drivers/vhost/vhost.c:LINE! (2)

Status: fixed on 2018/05/08 18:30
Subsystems: kvm net virt
[Documentation on labels]
Reported-by: syzbot+65a84dde0214b0387ccd@syzkaller.appspotmail.com
Fix commit: d14d2b78090c vhost: fix vhost_vq_access_ok() log check
First crash: 2210d, last: 2179d
Discussions (8)
Title Replies (including bot) Last reply
[PATCH 4.9 00/66] 4.9.95-stable review 82 (82) 2018/09/05 20:08
[PATCH 4.16 00/68] 4.16.3-stable review 77 (77) 2018/04/19 06:40
[PATCH 4.15 00/53] 4.15.18-stable review 58 (58) 2018/04/18 15:39
[PATCH 4.14 00/49] 4.14.35-stable review 54 (54) 2018/04/18 15:38
[PATCH v3 0/2] vhost: fix vhost_vq_access_ok() log check 8 (8) 2018/04/11 14:55
[PATCH v2 0/2] vhost: fix vhost_vq_access_ok() log check 9 (9) 2018/04/11 01:21
[PATCH] vhost: fix vhost_vq_access_ok() log check 6 (6) 2018/04/10 01:05
kernel BUG at drivers/vhost/vhost.c:LINE! (2) 4 (5) 2018/04/09 13:17
Similar bugs (6)
Kernel Title Repro Cause bisect Fix bisect Count Last Reported Patched Status
android-5-10 kernel BUG in vhost_get_vq_desc C error done 19 772d 816d 2/2 fixed on 2022/05/13 02:56
linux-4.19 kernel BUG in vhost_get_vq_desc 2 541d 610d 0/1 auto-obsoleted due to no activity on 2023/02/28 01:46
android-54 kernel BUG in vhost_get_vq_desc C 4 756d 796d 0/2 auto-obsoleted due to no activity on 2023/04/21 00:48
upstream kernel BUG in vhost_get_vq_desc kvm net virt C inconclusive 19 789d 801d 22/26 fixed on 2023/02/24 13:50
linux-4.14 kernel BUG in vhost_get_vq_desc C 1 430d 792d 0/1 upstream: reported C repro on 2022/02/22 17:48
upstream kernel BUG at drivers/vhost/vhost.c:LINE! kvm net virt C 152 2210d 2228d 5/26 fixed on 2018/04/06 16:37

Sample crash report:
------------[ cut here ]------------
kernel BUG at drivers/vhost/vhost.c:1652!
invalid opcode: 0000 [#1] SMP KASAN
------------[ cut here ]------------
Dumping ftrace buffer:
kernel BUG at drivers/vhost/vhost.c:1652!
   (ftrace buffer empty)
Modules linked in:
CPU: 0 PID: 4465 Comm: syzkaller816695 Not tainted 4.16.0+ #1
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
RIP: 0010:set_bit_to_user drivers/vhost/vhost.c:1652 [inline]
RIP: 0010:log_write+0x42a/0x4d0 drivers/vhost/vhost.c:1676
RSP: 0018:ffff8801b0a4f920 EFLAGS: 00010293
RAX: ffff8801b1f8e6c0 RBX: dffffc0000000000 RCX: ffffffff8597ac3f
RDX: 0000000000000000 RSI: ffffffff8597af1a RDI: 0000000000000005
RBP: ffff8801b0a4fa58 R08: ffff8801b1f8e6c0 R09: ffffed0039858125
R10: ffff8801b0a4fad8 R11: ffff8801cc2c092f R12: 0001ffffffffffff
R13: ffffed0036149f36 R14: 0000000000000000 R15: ffff8801b0a4fa30
FS:  00007f967c404700(0000) GS:ffff8801db000000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00000000207cb000 CR3: 00000001b0bee000 CR4: 00000000001406f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
 vhost_update_used_flags+0x3af/0x4a0 drivers/vhost/vhost.c:1723
 vhost_vq_init_access+0x117/0x590 drivers/vhost/vhost.c:1763
 vhost_vsock_start drivers/vhost/vsock.c:446 [inline]
 vhost_vsock_dev_ioctl+0x751/0x920 drivers/vhost/vsock.c:678
 vfs_ioctl fs/ioctl.c:46 [inline]
 file_ioctl fs/ioctl.c:500 [inline]
 do_vfs_ioctl+0x1cf/0x1650 fs/ioctl.c:684
 ksys_ioctl+0xa9/0xd0 fs/ioctl.c:701
 SYSC_ioctl fs/ioctl.c:708 [inline]
 SyS_ioctl+0x24/0x30 fs/ioctl.c:706
 do_syscall_64+0x29e/0x9d0 arch/x86/entry/common.c:287
 entry_SYSCALL_64_after_hwframe+0x42/0xb7
RIP: 0033:0x4456c9
RSP: 002b:00007f967c403da8 EFLAGS: 00000297 ORIG_RAX: 0000000000000010
RAX: ffffffffffffffda RBX: 00000000006dac24 RCX: 00000000004456c9
RDX: 0000000020f82ffc RSI: 000000004004af61 RDI: 000000000000001a
RBP: 00000000006dac20 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000297 R12: 6b636f73762d7473
R13: 6f68762f7665642f R14: fffffffffffffffc R15: 0000000000000007
Code: e8 0c 82 df fb 4c 89 ef e8 34 23 01 fc 48 8d 85 58 ff ff ff 48 c1 e8 03 c6 04 18 f8 e9 46 ff ff ff 45 31 f6 eb 91 e8 e6 81 df fb <0f> 0b e8 df 81 df fb 48 c7 c6 00 50 25 88 4c 89 ef e8 20 bf 0b 
RIP: set_bit_to_user drivers/vhost/vhost.c:1652 [inline] RSP: ffff8801b0a4f920
RIP: log_write+0x42a/0x4d0 drivers/vhost/vhost.c:1676 RSP: ffff8801b0a4f920
invalid opcode: 0000 [#2] SMP KASAN
---[ end trace ca383e742f11ff00 ]---
Dumping ftrace buffer:
   (ftrace buffer empty)
Modules linked in:
CPU: 1 PID: 4468 Comm: syzkaller816695 Tainted: G      D           4.16.0+ #1

Crashes (139):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2018/04/13 02:21 upstream c17b0aadb7d8 eb2295de .config console log report syz C ci-upstream-kasan-gce
2018/04/06 17:35 upstream 38c23685b273 4f1152d4 .config console log report syz C ci-upstream-kasan-gce
2018/04/28 06:50 https://github.com/google/kmsan.git master d2d741e5d189 d5a5d045 .config console log report syz C ci-upstream-kmsan-gce
2018/04/13 05:41 upstream c17b0aadb7d8 eb2295de .config console log report ci-upstream-kasan-gce
2018/04/12 22:54 upstream c17b0aadb7d8 eb2295de .config console log report ci-upstream-kasan-gce-root
2018/04/12 12:56 upstream b284d4d5a678 9cd56d71 .config console log report ci-upstream-kasan-gce-root
2018/04/12 10:05 upstream b284d4d5a678 9cd56d71 .config console log report ci-upstream-kasan-gce-root
2018/04/12 08:36 upstream b284d4d5a678 9cd56d71 .config console log report ci-upstream-kasan-gce-root
2018/04/12 05:49 upstream b284d4d5a678 9cd56d71 .config console log report ci-upstream-kasan-gce-root
2018/04/12 02:29 upstream b284d4d5a678 9cd56d71 .config console log report ci-upstream-kasan-gce
2018/04/11 23:05 upstream b284d4d5a678 9cd56d71 .config console log report ci-upstream-kasan-gce-root
2018/04/11 21:50 upstream b284d4d5a678 9cd56d71 .config console log report ci-upstream-kasan-gce
2018/04/11 17:43 upstream b284d4d5a678 8b8de427 .config console log report ci-upstream-kasan-gce-root
2018/04/11 12:26 upstream b284d4d5a678 8b8de427 .config console log report ci-upstream-kasan-gce
2018/04/11 09:59 upstream b284d4d5a678 8b8de427 .config console log report ci-upstream-kasan-gce
2018/04/11 06:25 upstream c18bb396d3d2 8b8de427 .config console log report ci-upstream-kasan-gce-root
2018/04/11 01:49 upstream c18bb396d3d2 8b8de427 .config console log report ci-upstream-kasan-gce
2018/04/10 13:23 upstream c18bb396d3d2 8e873e9d .config console log report ci-upstream-kasan-gce-root
2018/04/10 07:44 upstream fd40ffc72e2f b9f65507 .config console log report ci-upstream-kasan-gce-root
2018/04/09 19:30 upstream 3fd14cdcc05a f13fb445 .config console log report ci-upstream-kasan-gce
2018/04/09 16:31 upstream 3fd14cdcc05a f13fb445 .config console log report ci-upstream-kasan-gce
2018/04/09 11:15 upstream 3fd14cdcc05a f13fb445 .config console log report ci-upstream-kasan-gce
2018/04/09 07:35 upstream 3fd14cdcc05a 77bd5117 .config console log report ci-upstream-kasan-gce-root
2018/04/09 03:41 upstream 3fd14cdcc05a 77bd5117 .config console log report ci-upstream-kasan-gce
2018/04/08 21:43 upstream 3fd14cdcc05a 77bd5117 .config console log report ci-upstream-kasan-gce
2018/04/08 19:07 upstream 3fd14cdcc05a 77bd5117 .config console log report ci-upstream-kasan-gce-root
2018/04/08 17:05 upstream 3fd14cdcc05a 77bd5117 .config console log report ci-upstream-kasan-gce
2018/04/08 15:22 upstream 3fd14cdcc05a 77bd5117 .config console log report ci-upstream-kasan-gce-root
2018/04/08 09:48 upstream 3fd14cdcc05a 66f22a7f .config console log report ci-upstream-kasan-gce
2018/04/08 07:43 upstream 3fd14cdcc05a 66f22a7f .config console log report ci-upstream-kasan-gce
2018/04/08 02:37 upstream 3fd14cdcc05a 66f22a7f .config console log report ci-upstream-kasan-gce
2018/04/08 02:02 upstream 3fd14cdcc05a 66f22a7f .config console log report ci-upstream-kasan-gce
2018/04/08 01:39 upstream 3fd14cdcc05a 66f22a7f .config console log report ci-upstream-kasan-gce
2018/04/08 01:07 upstream 3fd14cdcc05a 66f22a7f .config console log report ci-upstream-kasan-gce
2018/04/10 23:13 upstream f2d285669aae 8b8de427 .config console log report ci-upstream-kasan-gce-386
2018/04/10 17:41 upstream f2d285669aae 8e873e9d .config console log report ci-upstream-kasan-gce-386
2018/04/10 01:28 upstream f2d285669aae b9f65507 .config console log report ci-upstream-kasan-gce-386
2018/04/10 00:21 upstream f2d285669aae b9f65507 .config console log report ci-upstream-kasan-gce-386
2018/04/09 12:43 upstream f2d285669aae f13fb445 .config console log report ci-upstream-kasan-gce-386
2018/04/09 06:01 upstream f2d285669aae 77bd5117 .config console log report ci-upstream-kasan-gce-386
2018/04/09 01:53 upstream f2d285669aae 77bd5117 .config console log report ci-upstream-kasan-gce-386
2018/04/08 20:42 upstream f2d285669aae 77bd5117 .config console log report ci-upstream-kasan-gce-386
2018/04/08 03:02 upstream f2d285669aae 66f22a7f .config console log report ci-upstream-kasan-gce-386
2018/05/07 11:05 https://github.com/google/kmsan.git master d2d741e5d189 a211da1a .config console log report ci-upstream-kmsan-gce
2018/05/03 21:06 https://github.com/google/kmsan.git master d2d741e5d189 9ce14f4b .config console log report ci-upstream-kmsan-gce
2018/05/03 11:36 https://github.com/google/kmsan.git master d2d741e5d189 9ce14f4b .config console log report ci-upstream-kmsan-gce
2018/05/02 19:55 https://github.com/google/kmsan.git master d2d741e5d189 d5b114b4 .config console log report ci-upstream-kmsan-gce
2018/04/30 10:06 https://github.com/google/kmsan.git master d2d741e5d189 06db3cec .config console log report ci-upstream-kmsan-gce
2018/04/29 15:27 https://github.com/google/kmsan.git master d2d741e5d189 d5a5d045 .config console log report ci-upstream-kmsan-gce
2018/04/26 14:39 https://github.com/google/kmsan.git master d2d741e5d189 73417389 .config console log report ci-upstream-kmsan-gce
2018/04/25 00:17 https://github.com/google/kmsan.git master d2d741e5d189 37e76fe2 .config console log report ci-upstream-kmsan-gce
* Struck through repros no longer work on HEAD.