syzbot


WARNING in kvm_handle_mmio_return

Status: upstream: reported C repro on 2024/11/14 17:35
Subsystems: kvmarm
[Documentation on labels]
Reported-by: syzbot+4727d10d6a805738b0f2@syzkaller.appspotmail.com
Fix commit: e735a5da6442 KVM: arm64: Don't retire aborted MMIO instruction
Patched on: [ci-qemu-gce-upstream-auto ci-qemu-native-arm64-kvm ci-qemu-upstream ci-qemu-upstream-386 ci-qemu2-arm64 ci-qemu2-arm64-compat ci-qemu2-arm64-mte ci-snapshot-upstream-root ci-upstream-bpf-kasan-gce ci-upstream-bpf-next-kasan-gce ci-upstream-gce-leak ci-upstream-kasan-badwrites-root ci-upstream-kasan-gce ci-upstream-kasan-gce-386 ci-upstream-kasan-gce-root ci-upstream-kasan-gce-selinux-root ci-upstream-kasan-gce-smack-root ci-upstream-kmsan-gce-386-root ci-upstream-kmsan-gce-root ci-upstream-linux-next-kasan-gce-root ci-upstream-net-kasan-gce ci-upstream-net-this-kasan-gce ci2-upstream-fs ci2-upstream-kcsan-gce ci2-upstream-usb], missing on: [ci-qemu2-arm32 ci-qemu2-riscv64 ci-upstream-gce-arm64]
First crash: 24d, last: 13d
Discussions (1)
Title Replies (including bot) Last reply
[syzbot] [kvmarm?] WARNING in kvm_handle_mmio_return 1 (2) 2024/11/14 23:41

Sample crash report:
------------[ cut here ]------------
WARNING: CPU: 0 PID: 3270 at arch/arm64/include/asm/kvm_emulate.h:536 kvm_handle_mmio_return+0x1b4/0x1f4 arch/arm64/kvm/mmio.c:99
Modules linked in:
CPU: 0 UID: 0 PID: 3270 Comm: syz-executor447 Not tainted 6.12.0-rc7-syzkaller #0
Hardware name: linux,dummy-virt (DT)
pstate: 61400009 (nZCv daif +PAN -UAO -TCO +DIT -SSBS BTYPE=--)
pc : kvm_incr_pc arch/arm64/include/asm/kvm_emulate.h:536 [inline]
pc : kvm_handle_mmio_return+0x1b4/0x1f4 arch/arm64/kvm/mmio.c:118
lr : kvm_arch_vcpu_ioctl_run+0x1ac/0x854 arch/arm64/kvm/arm.c:1135
sp : ffff800088e33ab0
x29: ffff800088e33ab0 x28: f6f0000005b35b40 x27: 0000000000000000
x26: 0000000000000000 x25: fbf00000073d8048 x24: fbf00000073d8000
x23: 0000000000000000 x22: 0000000000000000 x21: 0000000000000000
x20: f3f000000664a000 x19: fbf00000073d8000 x18: ffffffffffffffff
x17: 0000000000000000 x16: 0000000000000000 x15: ffff800088e33aa0
x14: ffff800088e33d88 x13: ffff800088e33d4a x12: 6d766b3a65646f6e
x11: 0000000000000000 x10: 0000000000000078 x9 : 000000000000000c
x8 : ffff800088e33d98 x7 : 0000000000000000 x6 : 0000000000005452
x5 : 0000000000000005 x4 : f0f00000060bd300 x3 : f6f0000005b35b40
x2 : 0000000000000000 x1 : 0000000093c18046 x0 : 0000000000000001
Call trace:
 kvm_handle_mmio_return+0x1b4/0x1f4 arch/arm64/kvm/mmio.c:99
 kvm_arch_vcpu_ioctl_run+0x1ac/0x854 arch/arm64/kvm/arm.c:1135
 kvm_vcpu_ioctl+0x294/0xa04 virt/kvm/kvm_main.c:4475
 vfs_ioctl fs/ioctl.c:51 [inline]
 __do_sys_ioctl fs/ioctl.c:907 [inline]
 __se_sys_ioctl fs/ioctl.c:893 [inline]
 __arm64_sys_ioctl+0xac/0xf0 fs/ioctl.c:893
 __invoke_syscall arch/arm64/kernel/syscall.c:35 [inline]
 invoke_syscall+0x48/0x110 arch/arm64/kernel/syscall.c:49
 el0_svc_common.constprop.0+0x40/0xe0 arch/arm64/kernel/syscall.c:132
 do_el0_svc+0x1c/0x28 arch/arm64/kernel/syscall.c:151
 el0_svc+0x30/0xdc arch/arm64/kernel/entry-common.c:712
 el0t_64_sync_handler+0x100/0x12c arch/arm64/kernel/entry-common.c:730
 el0t_64_sync+0x19c/0x1a0 arch/arm64/kernel/entry.S:598
---[ end trace 0000000000000000 ]---

Crashes (5):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2024/11/12 09:28 upstream 2d5404caa8c7 75bb1b32 .config console log report syz / log C [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu2-arm64-mte WARNING in kvm_handle_mmio_return
2024/11/21 15:08 upstream 43fb83c17ba2 4dfba277 .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu2-arm64-mte WARNING in kvm_handle_mmio_return
2024/11/21 15:07 upstream 43fb83c17ba2 4dfba277 .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu2-arm64-mte WARNING in kvm_handle_mmio_return
2024/11/10 17:27 upstream de2f378f2b77 6b856513 .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu2-arm64-mte WARNING in kvm_handle_mmio_return
2024/11/10 17:26 upstream de2f378f2b77 6b856513 .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu2-arm64-mte WARNING in kvm_handle_mmio_return
* Struck through repros no longer work on HEAD.