syzbot

 sign-in | mailing list | source | docs
🐞 Open [106]
🐞 Fixed [70]
🐞 Invalid [176]
Crashes
Kernel Health Bugs/Month Bug Lifetimes Fuzzing
💬 Send us feedback

kernel BUG in vhost_get_vq_desc

Status: fixed on 2022/05/13 02:56
Reported-by: syzbot+adc3cb32385586bec859@syzkaller.appspotmail.com
Fix commit: 698dc7d13c4e vhost/vsock: don't check owner in vhost_vsock_stop() while releasing
First crash: 1029d, last: 985d
Cause bisection: failed (error log, bisect log)
  
Fix bisection: fixed by (bisect log) :
commit 698dc7d13c4e972214458996455447651a657264
Author: Stefano Garzarella <sgarzare@redhat.com>
Date: Tue Feb 22 09:47:42 2022 +0000

  vhost/vsock: don't check owner in vhost_vsock_stop() while releasing

  
Discussions (2)
Title Replies (including bot) Last reply
[PATCH 1/1] vhost: Protect the virtqueue from being cleared whilst still in use 22 (22) 2022/03/09 18:52
[PATCH 1/1] vhost: Protect the virtqueue from being cleared whilst still in use 21 (21) 2022/03/04 16:56
Similar bugs (6)
Kernel Title Repro Cause bisect Fix bisect Count Last Reported Patched Status
linux-4.19 kernel BUG in vhost_get_vq_desc 2 754d 823d 0/1 auto-obsoleted due to no activity on 2023/02/28 01:46
android-54 kernel BUG in vhost_get_vq_desc C 4 969d 1009d 0/2 auto-obsoleted due to no activity on 2023/04/21 00:48
upstream kernel BUG in vhost_get_vq_desc kvm net virt C inconclusive 19 1001d 1014d 22/28 fixed on 2023/02/24 13:50
linux-4.14 kernel BUG in vhost_get_vq_desc C 1 642d 1004d 0/1 upstream: reported C repro on 2022/02/22 17:48
upstream kernel BUG at drivers/vhost/vhost.c:LINE! (2) kvm net virt C 139 2392d 2422d 5/28 fixed on 2018/05/08 18:30
upstream kernel BUG at drivers/vhost/vhost.c:LINE! kvm net virt C 152 2422d 2441d 5/28 fixed on 2018/04/06 16:37
Last patch testing requests (1)
Created Duration User Patch Repo Result
2022/03/02 11:10 11m sgarzare@redhat.com https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/ a58da53ffd70 OK

Sample crash report:
------------[ cut here ]------------
kernel BUG at drivers/vhost/vhost.c:2335!
invalid opcode: 0000 [#1] PREEMPT SMP KASAN
CPU: 1 PID: 575 Comm: vhost-574 Tainted: G        W         5.10.101-syzkaller-00961-gc194212a0332 #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
RIP: 0010:vhost_get_vq_desc+0x2083/0x2090 drivers/vhost/vhost.c:2335
Code: 80 e1 07 80 c1 03 38 c1 0f 8c af fd ff ff 48 8b 7d 10 e8 60 4c 09 fe 48 8b 55 10 e9 9d fd ff ff e8 32 51 fe 00 e8 ad 4f cf fd <0f> 0b 66 66 2e 0f 1f 84 00 00 00 00 00 55 48 89 e5 41 57 41 56 41
RSP: 0018:ffffc9000099f9a0 EFLAGS: 00010293
RAX: ffffffff839da8c3 RBX: 0000000000000000 RCX: ffff88810e4e4f00
RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
RBP: ffffc9000099fc08 R08: ffffffff839d9d57 R09: 0000000000000001
R10: fffff52000133f76 R11: 0000000000000000 R12: ffffc9000099fd80
R13: dffffc0000000000 R14: 0000000000000000 R15: 0000000000000000
FS:  0000000000000000(0000) GS:ffff8881f7100000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000000000000002 CR3: 000000010e6f4000 CR4: 00000000003506a0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
 vhost_vsock_handle_tx_kick+0x291/0xca0 drivers/vhost/vsock.c:464
 vhost_worker+0x27d/0x420 drivers/vhost/vhost.c:372
 kthread+0x371/0x390 kernel/kthread.c:313
 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:296
Modules linked in:
---[ end trace e51a2ecb89642435 ]---
RIP: 0010:vhost_get_vq_desc+0x2083/0x2090 drivers/vhost/vhost.c:2335
Code: 80 e1 07 80 c1 03 38 c1 0f 8c af fd ff ff 48 8b 7d 10 e8 60 4c 09 fe 48 8b 55 10 e9 9d fd ff ff e8 32 51 fe 00 e8 ad 4f cf fd <0f> 0b 66 66 2e 0f 1f 84 00 00 00 00 00 55 48 89 e5 41 57 41 56 41
RSP: 0018:ffffc9000099f9a0 EFLAGS: 00010293
RAX: ffffffff839da8c3 RBX: 0000000000000000 RCX: ffff88810e4e4f00
RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
RBP: ffffc9000099fc08 R08: ffffffff839d9d57 R09: 0000000000000001
R10: fffff52000133f76 R11: 0000000000000000 R12: ffffc9000099fd80
R13: dffffc0000000000 R14: 0000000000000000 R15: 0000000000000000
FS:  0000000000000000(0000) GS:ffff8881f7000000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007ffdf512aaf8 CR3: 000000010e6f4000 CR4: 00000000003506b0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400

Crashes (19):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2022/02/18 03:15 android12-5.10-lts c194212a0332 3cd800e4 .config console log report syz C ci2-android-5-10 kernel BUG in vhost_get_vq_desc
2022/03/14 03:08 android12-5.10-lts e1b86e7f5cbb 9e8eaa75 .config console log report info ci2-android-5-10 kernel BUG in vhost_get_vq_desc
2022/03/13 14:18 android12-5.10-lts e1b86e7f5cbb 9e8eaa75 .config console log report info ci2-android-5-10 kernel BUG in vhost_get_vq_desc
2022/03/12 17:52 android12-5.10-lts e1b86e7f5cbb 9e8eaa75 .config console log report info ci2-android-5-10 kernel BUG in vhost_get_vq_desc
2022/03/11 18:26 android12-5.10-lts e1b86e7f5cbb 9e8eaa75 .config console log report info ci2-android-5-10 kernel BUG in vhost_get_vq_desc
2022/03/10 05:47 android12-5.10-lts e1b86e7f5cbb 9e8eaa75 .config console log report info ci2-android-5-10 kernel BUG in vhost_get_vq_desc
2022/03/09 14:29 android12-5.10-lts e1b86e7f5cbb 9e8eaa75 .config console log report info ci2-android-5-10 kernel BUG in vhost_get_vq_desc
2022/03/08 14:21 android12-5.10-lts e1b86e7f5cbb 7bdd8b2c .config console log report info ci2-android-5-10 kernel BUG in vhost_get_vq_desc
2022/03/07 18:42 android12-5.10-lts e1b86e7f5cbb 7bdd8b2c .config console log report info ci2-android-5-10 kernel BUG in vhost_get_vq_desc
2022/03/03 16:16 android12-5.10-lts e1b86e7f5cbb 45a13a73 .config console log report info ci2-android-5-10 kernel BUG in vhost_get_vq_desc
2022/03/02 04:08 android12-5.10-lts e1b86e7f5cbb 45a13a73 .config console log report info ci2-android-5-10 kernel BUG in vhost_get_vq_desc
2022/03/01 06:03 android12-5.10-lts e1b86e7f5cbb 45a13a73 .config console log report info ci2-android-5-10 kernel BUG in vhost_get_vq_desc
2022/02/19 03:26 android12-5.10-lts c194212a0332 3cd800e4 .config console log report info ci2-android-5-10 kernel BUG in vhost_get_vq_desc
2022/02/17 13:01 android12-5.10-lts c194212a0332 2bea8a27 .config console log report info ci2-android-5-10 kernel BUG in vhost_get_vq_desc
2022/02/14 11:08 android12-5.10-lts 86e6176a4240 8b9ca619 .config console log report info ci2-android-5-10 kernel BUG in vhost_get_vq_desc
2022/02/14 01:41 android12-5.10-lts 86e6176a4240 8b9ca619 .config console log report info ci2-android-5-10 kernel BUG in vhost_get_vq_desc
2022/02/12 18:09 android12-5.10-lts 86e6176a4240 8b9ca619 .config console log report info ci2-android-5-10 kernel BUG in vhost_get_vq_desc
2022/02/09 07:48 android12-5.10-lts 26d02dc8ef49 0b33604d .config console log report info ci2-android-5-10 kernel BUG in vhost_get_vq_desc
2022/01/28 22:48 android12-5.10-lts 0347b1658399 495e00c5 .config console log report info ci2-android-5-10 kernel BUG in vhost_get_vq_desc
* Struck through repros no longer work on HEAD.