ci starts bisection 2023-03-19 11:20:55.804670826 +0000 UTC m=+140739.084047936 bisecting cause commit starting from 6f08c1de13a9403341c18b66638a05588b2663ce building syzkaller on 7939252e4ddf50bbb9912069a40d32f6c83c4f8e ensuring issue is reproducible on original commit 6f08c1de13a9403341c18b66638a05588b2663ce testing commit 6f08c1de13a9403341c18b66638a05588b2663ce gcc compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: a0bff86f68bc2cf0315abfb5904f91c532b929129ecb44ea55be1be984effdf2 all runs: crashed: general protection fault in vhost_task_start testing release v6.2 testing commit c9c3395d5e3dcc6daee66c6908354d47bf98cb0c gcc compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 736ab32f4d29b048d193d2d787a07c434c49d4b93caa02a3b99b0baf3c85ca51 all runs: OK # git bisect start 6f08c1de13a9403341c18b66638a05588b2663ce c9c3395d5e3dcc6daee66c6908354d47bf98cb0c Bisecting: 9083 revisions left to test after this (roughly 13 steps) [3822a7c40997dc86b1458766a3f146d62393f084] Merge tag 'mm-stable-2023-02-20-13-37' of git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm testing commit 3822a7c40997dc86b1458766a3f146d62393f084 gcc compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: a13b5e366f92e168ce9d83dc8ac2415dda28d98e0a593ec70d1c6de188fd5ff2 all runs: OK # git bisect good 3822a7c40997dc86b1458766a3f146d62393f084 Bisecting: 4544 revisions left to test after this (roughly 12 steps) [a1eccc574f977bd21a4ec8ac54bd73a2756bd281] Merge drm/drm-next into drm-misc-next testing commit a1eccc574f977bd21a4ec8ac54bd73a2756bd281 gcc compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 966b900de7551e7a74d4af9ad72adecd3b480a4f9f5c8c07012422f2e3541564 all runs: OK # git bisect good a1eccc574f977bd21a4ec8ac54bd73a2756bd281 Bisecting: 2108 revisions left to test after this (roughly 11 steps) [01e73fa54e9ded38224f71ac1f27362acafa1e52] Merge branch 'main' of git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net-next.git testing commit 01e73fa54e9ded38224f71ac1f27362acafa1e52 gcc compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 231439ad43441f7c5a6345b7c32797c9aa69885d0b73dc2b29922224de831f67 all runs: crashed: general protection fault in vhost_task_start # git bisect bad 01e73fa54e9ded38224f71ac1f27362acafa1e52 Bisecting: 1249 revisions left to test after this (roughly 10 steps) [0cfdc9edc26ae3872e8263d9e4467470f9465a48] Merge branch 'for-next' of git://git.kernel.org/pub/scm/linux/kernel/git/tmlind/linux-omap.git testing commit 0cfdc9edc26ae3872e8263d9e4467470f9465a48 gcc compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 3b24e25dcba03be63de6d09442fc13e5622f0ecee8386c13c2a980f7c51b67bb all runs: OK # git bisect good 0cfdc9edc26ae3872e8263d9e4467470f9465a48 Bisecting: 631 revisions left to test after this (roughly 9 steps) [b3d33809a1fc7455f64c1110b79afef8973e3517] Merge branch 'for-next' of git://git.kernel.org/pub/scm/fs/xfs/xfs-linux.git testing commit b3d33809a1fc7455f64c1110b79afef8973e3517 gcc compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: c1a0f879e68dc065f1e5d1be9a9fcb2ac0b6719578f36a7d410a8ded73165896 all runs: crashed: general protection fault in vhost_task_start # git bisect bad b3d33809a1fc7455f64c1110b79afef8973e3517 Bisecting: 291 revisions left to test after this (roughly 8 steps) [3bf8c82d40ef54894eb76baa778061a7880c6c93] Merge branch 'for-next' of git://git.kernel.org/pub/scm/linux/kernel/git/krzk/linux.git testing commit 3bf8c82d40ef54894eb76baa778061a7880c6c93 gcc compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 7daafd2aa5704484a85ef89ed4e23a6f38786e0d9e3db924d48d888319147802 all runs: OK # git bisect good 3bf8c82d40ef54894eb76baa778061a7880c6c93 Bisecting: 145 revisions left to test after this (roughly 7 steps) [4773de4af9446c231e346e4943b3ded2cbd63850] Merge branch 'for-next' of git://git.kernel.org/pub/scm/linux/kernel/git/brauner/linux.git testing commit 4773de4af9446c231e346e4943b3ded2cbd63850 gcc compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: ee130c8a7d60299e6431f4a4bf7228172005b53c17391daa2a176014a62b90be all runs: crashed: general protection fault in vhost_task_start # git bisect bad 4773de4af9446c231e346e4943b3ded2cbd63850 Bisecting: 79 revisions left to test after this (roughly 6 steps) [c8eeff899604594265f2950d741ecf3b325ac2ed] Merge branch 'renesas-clk' of git://git.kernel.org/pub/scm/linux/kernel/git/geert/renesas-drivers.git testing commit c8eeff899604594265f2950d741ecf3b325ac2ed gcc compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 4877f80897c4740d0a11a7f3426a901b2c2f7f610c8635265cb1360fa426cfd1 all runs: OK # git bisect good c8eeff899604594265f2950d741ecf3b325ac2ed Bisecting: 33 revisions left to test after this (roughly 5 steps) [4ea2ae0996ecf9dbf303ae9dd6811841b68ddf1a] Merge branch 'next' of git://git.kernel.org/pub/scm/linux/kernel/git/powerpc/linux.git testing commit 4ea2ae0996ecf9dbf303ae9dd6811841b68ddf1a gcc compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: fbc0eca4e918026f27ae961d00d410c4413397d07da5e2fb097306ea1139adcf all runs: OK # git bisect good 4ea2ae0996ecf9dbf303ae9dd6811841b68ddf1a Bisecting: 21 revisions left to test after this (roughly 4 steps) [70cc5f4c53d5da9acadef91ecfb516295b7c61db] Merge branch 'features' into for-next testing commit 70cc5f4c53d5da9acadef91ecfb516295b7c61db gcc compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: e673ec32cc66919af2500d6acdc9e95bf57a997aa99cd4d13afb23cc38275b35 all runs: OK # git bisect good 70cc5f4c53d5da9acadef91ecfb516295b7c61db Bisecting: 10 revisions left to test after this (roughly 4 steps) [5ab18f4b061ef24a71eea9ffafebd1a82ae2f514] vhost: use vhost_tasks for worker threads testing commit 5ab18f4b061ef24a71eea9ffafebd1a82ae2f514 gcc compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 12fd7466ff1c1dfb8331621189cb69829e7efecfd7e4e526b7a68587cfce11ce all runs: crashed: general protection fault in vhost_task_start # git bisect bad 5ab18f4b061ef24a71eea9ffafebd1a82ae2f514 Bisecting: 5 revisions left to test after this (roughly 3 steps) [54e6842d0775ba76db65cbe21311c3ca466e663d] fork/vm: Move common PF_IO_WORKER behavior to new flag testing commit 54e6842d0775ba76db65cbe21311c3ca466e663d gcc compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 7fe2a1bac2e3011714d721eef4e838bbb0aab76421918a1e611e91dc2e2cdc7b all runs: OK # git bisect good 54e6842d0775ba76db65cbe21311c3ca466e663d Bisecting: 2 revisions left to test after this (roughly 2 steps) [89c8e98d8cfb0656dbeb648572df5b13e372247d] fork: allow kernel code to call copy_process testing commit 89c8e98d8cfb0656dbeb648572df5b13e372247d gcc compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: e6f26f162c6389afd19e97abe63b9592b8e477577c1f790eb637829e4fbae20a all runs: OK # git bisect good 89c8e98d8cfb0656dbeb648572df5b13e372247d Bisecting: 0 revisions left to test after this (roughly 1 step) [d45e2b73ead0daec350680fbf20144a2d3670186] vhost: move worker thread fields to new struct testing commit d45e2b73ead0daec350680fbf20144a2d3670186 gcc compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 5be1f8ea7aeb87a8683236377d716b53a02464737da7032e7a2da773a5795793 all runs: OK # git bisect good d45e2b73ead0daec350680fbf20144a2d3670186 5ab18f4b061ef24a71eea9ffafebd1a82ae2f514 is the first bad commit commit 5ab18f4b061ef24a71eea9ffafebd1a82ae2f514 Author: Mike Christie Date: Fri Mar 10 16:03:32 2023 -0600 vhost: use vhost_tasks for worker threads For vhost workers we use the kthread API which inherit's its values from and checks against the kthreadd thread. This results in the wrong RLIMITs being checked, so while tools like libvirt try to control the number of threads based on the nproc rlimit setting we can end up creating more threads than the user wanted. This patch has us use the vhost_task helpers which will inherit its values/checks from the thread that owns the device similar to if we did a clone in userspace. The vhost threads will now be counted in the nproc rlimits. And we get features like cgroups and mm sharing automatically, so we can remove those calls. Signed-off-by: Mike Christie Acked-by: Michael S. Tsirkin Signed-off-by: Christian Brauner (Microsoft) drivers/vhost/vhost.c | 60 +++++++++++---------------------------------------- drivers/vhost/vhost.h | 4 ++-- 2 files changed, 15 insertions(+), 49 deletions(-) culprit signature: 12fd7466ff1c1dfb8331621189cb69829e7efecfd7e4e526b7a68587cfce11ce parent signature: 5be1f8ea7aeb87a8683236377d716b53a02464737da7032e7a2da773a5795793 revisions tested: 16, total time: 5h4m7.979189629s (build: 2h40m12.006836546s, test: 2h20m54.654947508s) first bad commit: 5ab18f4b061ef24a71eea9ffafebd1a82ae2f514 vhost: use vhost_tasks for worker threads recipients (to): ["brauner@kernel.org" "michael.christie@oracle.com" "mst@redhat.com"] recipients (cc): [] crash: general protection fault in vhost_task_start Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 f1 19 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 RSP: 002b:00007f58e47cf168 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 RAX: ffffffffffffffda RBX: 00007f58e3babf80 RCX: 00007f58e3a8c0f9 RDX: 0000000000000000 RSI: 000000000000af01 RDI: 0000000000000003 RBP: 00007f58e47cf1d0 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 R13: 00007ffc55d61bff R14: 00007f58e47cf300 R15: 0000000000022000 general protection fault, probably for non-canonical address 0xdffffc000000000c: 0000 [#1] PREEMPT SMP KASAN KASAN: null-ptr-deref in range [0x0000000000000060-0x0000000000000067] CPU: 0 PID: 5866 Comm: syz-executor.0 Not tainted 6.3.0-rc1-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/02/2023 RIP: 0010:vhost_task_start+0x1d/0x40 kernel/vhost_task.c:115 Code: e8 38 c9 6f 00 eb d4 66 0f 1f 44 00 00 f3 0f 1e fa 48 b8 00 00 00 00 00 fc ff df 53 48 89 fb 48 83 c7 70 48 89 fa 48 c1 ea 03 <80> 3c 02 00 75 0a 48 8b 7b 70 5b e9 23 d1 02 00 e8 fe c8 6f 00 eb RSP: 0018:ffffc90004c87c58 EFLAGS: 00010207 RAX: dffffc0000000000 RBX: fffffffffffffff4 RCX: 0000000000000400 RDX: 000000000000000c RSI: 0000000000000000 RDI: 0000000000000064 RBP: ffff88806e610000 R08: 0000000000000dc0 R09: 00000000ffffffff R10: 00000000fffffff4 R11: 0000000000000000 R12: ffff88801d58e180 R13: fffffffffffffff4 R14: ffff88806e6100b0 R15: ffff88806e610000 FS: 00007f58e47cf700(0000) GS:ffff8880b9a00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007f3817135028 CR3: 0000000028c66000 CR4: 00000000003506f0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: vhost_worker_create drivers/vhost/vhost.c:582 [inline] vhost_dev_set_owner+0x2dd/0x940 drivers/vhost/vhost.c:605 vhost_dev_ioctl+0x909/0xc00 drivers/vhost/vhost.c:1766 vhost_vsock_dev_ioctl+0x2e9/0x9d0 drivers/vhost/vsock.c:862 vfs_ioctl fs/ioctl.c:51 [inline] __do_sys_ioctl fs/ioctl.c:870 [inline] __se_sys_ioctl fs/ioctl.c:856 [inline] __x64_sys_ioctl+0x123/0x190 fs/ioctl.c:856 do_syscall_x64 arch/x86/entry/common.c:50 [inline] do_syscall_64+0x39/0xb0 arch/x86/entry/common.c:80 entry_SYSCALL_64_after_hwframe+0x63/0xcd RIP: 0033:0x7f58e3a8c0f9 Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 f1 19 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 RSP: 002b:00007f58e47cf168 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 RAX: ffffffffffffffda RBX: 00007f58e3babf80 RCX: 00007f58e3a8c0f9 RDX: 0000000000000000 RSI: 000000000000af01 RDI: 0000000000000003 RBP: 00007f58e47cf1d0 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 R13: 00007ffc55d61bff R14: 00007f58e47cf300 R15: 0000000000022000 Modules linked in: ---[ end trace 0000000000000000 ]--- RIP: 0010:vhost_task_start+0x1d/0x40 kernel/vhost_task.c:115 Code: e8 38 c9 6f 00 eb d4 66 0f 1f 44 00 00 f3 0f 1e fa 48 b8 00 00 00 00 00 fc ff df 53 48 89 fb 48 83 c7 70 48 89 fa 48 c1 ea 03 <80> 3c 02 00 75 0a 48 8b 7b 70 5b e9 23 d1 02 00 e8 fe c8 6f 00 eb RSP: 0018:ffffc90004c87c58 EFLAGS: 00010207 RAX: dffffc0000000000 RBX: fffffffffffffff4 RCX: 0000000000000400 RDX: 000000000000000c RSI: 0000000000000000 RDI: 0000000000000064 RBP: ffff88806e610000 R08: 0000000000000dc0 R09: 00000000ffffffff R10: 00000000fffffff4 R11: 0000000000000000 R12: ffff88801d58e180 R13: fffffffffffffff4 R14: ffff88806e6100b0 R15: ffff88806e610000 FS: 00007f58e47cf700(0000) GS:ffff8880b9a00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007f3817135028 CR3: 0000000028c66000 CR4: 00000000003506f0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 ---------------- Code disassembly (best guess): 0: 28 00 sub %al,(%rax) 2: 00 00 add %al,(%rax) 4: 75 05 jne 0xb 6: 48 83 c4 28 add $0x28,%rsp a: c3 retq b: e8 f1 19 00 00 callq 0x1a01 10: 90 nop 11: 48 89 f8 mov %rdi,%rax 14: 48 89 f7 mov %rsi,%rdi 17: 48 89 d6 mov %rdx,%rsi 1a: 48 89 ca mov %rcx,%rdx 1d: 4d 89 c2 mov %r8,%r10 20: 4d 89 c8 mov %r9,%r8 23: 4c 8b 4c 24 08 mov 0x8(%rsp),%r9 28: 0f 05 syscall * 2a: 48 3d 01 f0 ff ff cmp $0xfffffffffffff001,%rax <-- trapping instruction 30: 73 01 jae 0x33 32: c3 retq 33: 48 c7 c1 b8 ff ff ff mov $0xffffffffffffffb8,%rcx 3a: f7 d8 neg %eax 3c: 64 89 01 mov %eax,%fs:(%rcx) 3f: 48 rex.W