Re: [syzbot] kernel BUG in vhost_get_vq_desc

public inbox for linux-kernel@vger.kernel.org
 help / color / mirror / Atom feed

From: syzbot <syzbot+3140b17cb44a7b174008@syzkaller.appspotmail.com>
To: hdanton@sina.com, jasowang@redhat.com,
	linux-kernel@vger.kernel.org, mst@redhat.com,
	syzkaller-bugs@googlegroups.com
Subject: Re: [syzbot] kernel BUG in vhost_get_vq_desc
Date: Mon, 21 Feb 2022 16:26:20 -0800	[thread overview]
Message-ID: <000000000000ef576b05d8906592@google.com> (raw)
In-Reply-To: <20220222001455.1737-1-hdanton@sina.com>

Hello,

syzbot has tested the proposed patch but the reproducer is still triggering an issue:
BUG: sleeping function called from invalid context in vhost_vsock_handle_tx_kick

BUG: sleeping function called from invalid context at kernel/locking/mutex.c:577
in_atomic(): 1, irqs_disabled(): 1, non_block: 0, pid: 4050, name: vhost-4049
preempt_count: 1, expected: 0
RCU nest depth: 0, expected: 0
2 locks held by vhost-4049/4050:
 #0: ffff88806f3e4c20 (&vq->mutex){+.+.}-{3:3}, at: vhost_vsock_handle_tx_kick+0xbf/0xa10 drivers/vhost/vsock.c:508
 #1: ffff88806ee92f20 (&ctx->wqh){....}-{2:2}, at: eventfd_signal+0x77/0x1c0 fs/eventfd.c:75
irq event stamp: 158
hardirqs last  enabled at (157): [<ffffffff81ad847c>] lockless_pages_from_mm mm/gup.c:2851 [inline]
hardirqs last  enabled at (157): [<ffffffff81ad847c>] internal_get_user_pages_fast+0x17cc/0x2510 mm/gup.c:2893
hardirqs last disabled at (158): [<ffffffff8950a9ce>] __raw_spin_lock_irqsave include/linux/spinlock_api_smp.h:108 [inline]
hardirqs last disabled at (158): [<ffffffff8950a9ce>] _raw_spin_lock_irqsave+0x4e/0x50 kernel/locking/spinlock.c:162
softirqs last  enabled at (0): [<ffffffff8145328c>] copy_process+0x1eec/0x7300 kernel/fork.c:2109
softirqs last disabled at (0): [<0000000000000000>] 0x0
Preemption disabled at:
[<0000000000000000>] 0x0
CPU: 1 PID: 4050 Comm: vhost-4049 Not tainted 5.17.0-rc4-syzkaller-00054-gf71077a4d84b-dirty #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
 <TASK>
 __dump_stack lib/dump_stack.c:88 [inline]
 dump_stack_lvl+0xcd/0x134 lib/dump_stack.c:106
 __might_resched.cold+0x222/0x26b kernel/sched/core.c:9577
 __mutex_lock_common kernel/locking/mutex.c:577 [inline]
 __mutex_lock+0x9f/0x12f0 kernel/locking/mutex.c:733
 vhost_vsock_handle_tx_kick+0xbf/0xa10 drivers/vhost/vsock.c:508
 vhost_poll_wakeup+0xd5/0x130 drivers/vhost/vhost.c:174
 __wake_up_common+0x147/0x650 kernel/sched/wait.c:108
 eventfd_signal+0x129/0x1c0 fs/eventfd.c:81
 vhost_update_used_flags drivers/vhost/vhost.c:1979 [inline]
 vhost_update_used_flags+0x34c/0x3d0 drivers/vhost/vhost.c:1966
 vhost_disable_notify drivers/vhost/vhost.c:2560 [inline]
 vhost_disable_notify+0xbe/0x190 drivers/vhost/vhost.c:2552
 vhost_vsock_handle_tx_kick+0x187/0xa10 drivers/vhost/vsock.c:516
 vhost_worker+0x23d/0x3d0 drivers/vhost/vhost.c:372
 kthread+0x2e9/0x3a0 kernel/kthread.c:377
 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:295
 </TASK>

=============================
[ BUG: Invalid wait context ]
5.17.0-rc4-syzkaller-00054-gf71077a4d84b-dirty #0 Tainted: G        W        
-----------------------------
vhost-4049/4050 is trying to lock:
ffff88806f3e4c20 (&vq->mutex){+.+.}-{3:3}, at: vhost_vsock_handle_tx_kick+0xbf/0xa10 drivers/vhost/vsock.c:508
other info that might help us debug this:
context-{4:4}
2 locks held by vhost-4049/4050:
 #0: ffff88806f3e4c20 (&vq->mutex){+.+.}-{3:3}, at: vhost_vsock_handle_tx_kick+0xbf/0xa10 drivers/vhost/vsock.c:508
 #1: ffff88806ee92f20 (&ctx->wqh){....}-{2:2}, at: eventfd_signal+0x77/0x1c0 fs/eventfd.c:75
stack backtrace:
CPU: 1 PID: 4050 Comm: vhost-4049 Tainted: G        W         5.17.0-rc4-syzkaller-00054-gf71077a4d84b-dirty #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
 <TASK>
 __dump_stack lib/dump_stack.c:88 [inline]
 dump_stack_lvl+0xcd/0x134 lib/dump_stack.c:106
 print_lock_invalid_wait_context kernel/locking/lockdep.c:4678 [inline]
 check_wait_context kernel/locking/lockdep.c:4739 [inline]
 __lock_acquire.cold+0xc5/0x3a9 kernel/locking/lockdep.c:4977
 lock_acquire kernel/locking/lockdep.c:5639 [inline]
 lock_acquire+0x1ab/0x510 kernel/locking/lockdep.c:5604
 __mutex_lock_common kernel/locking/mutex.c:600 [inline]
 __mutex_lock+0x12f/0x12f0 kernel/locking/mutex.c:733
 vhost_vsock_handle_tx_kick+0xbf/0xa10 drivers/vhost/vsock.c:508
 vhost_poll_wakeup+0xd5/0x130 drivers/vhost/vhost.c:174
 __wake_up_common+0x147/0x650 kernel/sched/wait.c:108
 eventfd_signal+0x129/0x1c0 fs/eventfd.c:81
 vhost_update_used_flags drivers/vhost/vhost.c:1979 [inline]
 vhost_update_used_flags+0x34c/0x3d0 drivers/vhost/vhost.c:1966
 vhost_disable_notify drivers/vhost/vhost.c:2560 [inline]
 vhost_disable_notify+0xbe/0x190 drivers/vhost/vhost.c:2552
 vhost_vsock_handle_tx_kick+0x187/0xa10 drivers/vhost/vsock.c:516
 vhost_worker+0x23d/0x3d0 drivers/vhost/vhost.c:372
 kthread+0x2e9/0x3a0 kernel/kthread.c:377
 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:295
 </TASK>
BUG: scheduling while atomic: vhost-4049/4050/0x00000002
INFO: lockdep is turned off.
Modules linked in:
irq event stamp: 158
hardirqs last  enabled at (157): [<ffffffff81ad847c>] lockless_pages_from_mm mm/gup.c:2851 [inline]
hardirqs last  enabled at (157): [<ffffffff81ad847c>] internal_get_user_pages_fast+0x17cc/0x2510 mm/gup.c:2893
hardirqs last disabled at (158): [<ffffffff8950a9ce>] __raw_spin_lock_irqsave include/linux/spinlock_api_smp.h:108 [inline]
hardirqs last disabled at (158): [<ffffffff8950a9ce>] _raw_spin_lock_irqsave+0x4e/0x50 kernel/locking/spinlock.c:162
softirqs last  enabled at (0): [<ffffffff8145328c>] copy_process+0x1eec/0x7300 kernel/fork.c:2109
softirqs last disabled at (0): [<0000000000000000>] 0x0
Preemption disabled at:
[<0000000000000000>] 0x0


Tested on:

commit:         f71077a4 Merge tag 'mmc-v5.17-rc1-2' of git://git.kern..
git tree:       https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/
console output: https://syzkaller.appspot.com/x/log.txt?x=12c557bc700000
kernel config:  https://syzkaller.appspot.com/x/.config?x=a78b064590b9f912
dashboard link: https://syzkaller.appspot.com/bug?extid=3140b17cb44a7b174008
compiler:       gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2
patch:          https://syzkaller.appspot.com/x/patch.diff?x=1651ba96700000

next      parent reply	other threads:[~2022-02-22  0:26 UTC|newest]

Thread overview: 31+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
     [not found] <20220222001455.1737-1-hdanton@sina.com>
2022-02-22  0:26 ` syzbot [this message]
     [not found] <20220222031128.1850-1-hdanton@sina.com>
2022-02-22  4:07 ` [syzbot] kernel BUG in vhost_get_vq_desc syzbot
     [not found] <20220221140558.1618-1-hdanton@sina.com>
2022-02-21 14:14 ` syzbot
     [not found] <20220221054115.1270-1-hdanton@sina.com>
2022-02-21  5:51 ` syzbot
     [not found] <20220221040745.1177-1-hdanton@sina.com>
2022-02-21  4:18 ` syzbot
     [not found] ` <20220221085227.1356-1-hdanton@sina.com>
2022-02-21  9:17   ` Michael S. Tsirkin
     [not found]   ` <20220221101538.1415-1-hdanton@sina.com>
2022-02-21 10:48     ` Michael S. Tsirkin
     [not found]     ` <20220221130022.1494-1-hdanton@sina.com>
2022-02-21 13:58       ` Michael S. Tsirkin
2022-02-21 12:46   ` syzbot
     [not found] <20220221021208.1109-1-hdanton@sina.com>
2022-02-21  2:26 ` syzbot
     [not found] <20220219125100.835-1-hdanton@sina.com>
2022-02-19 13:01 ` syzbot
2022-02-21 13:09   ` Stefano Garzarella
     [not found]   ` <20220221133646.1551-1-hdanton@sina.com>
2022-02-21 13:45     ` Stefano Garzarella
2022-02-21 13:59       ` Michael S. Tsirkin
2022-02-21 14:04         ` Stefano Garzarella
     [not found] ` <20220220014715.921-1-hdanton@sina.com>
2022-02-20  2:10   ` syzbot
2022-02-21 14:09     ` Stefano Garzarella
2022-02-21 14:25       ` syzbot
2022-02-20 10:08   ` Michael S. Tsirkin
     [not found]   ` <20220220110941.980-1-hdanton@sina.com>
2022-02-20 12:16     ` Michael S. Tsirkin
2022-02-20 12:31       ` Dmitry Vyukov
2022-02-20 13:10         ` Michael S. Tsirkin
2022-02-20 13:20           ` syzbot
2022-02-20 13:29           ` Michael S. Tsirkin
     [not found] <20220219114936.747-1-hdanton@sina.com>
2022-02-19 12:00 ` syzbot
2022-02-12 22:47 syzbot
2022-02-18  1:21 ` syzbot
2022-02-18 11:37   ` Michael S. Tsirkin
2022-03-02  8:29     ` Lee Jones
2022-03-02  9:18       ` Stefano Garzarella
2022-03-02  9:23         ` Stefano Garzarella

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=000000000000ef576b05d8906592@google.com \
    --to=syzbot+3140b17cb44a7b174008@syzkaller.appspotmail.com \
    --cc=hdanton@sina.com \
    --cc=jasowang@redhat.com \
    --cc=linux-kernel@vger.kernel.org \
    --cc=mst@redhat.com \
    --cc=syzkaller-bugs@googlegroups.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox