syzbot

 sign-in | mailing list | source | docs
🐞 Open [982] Subsystems 🐞 Fixed [5216] 🐞 Invalid [12474] Missing Backports [82] 📈 Kernel Health 📈 Bug Lifetimes 📈 Fuzzing 📈 Crashes 💬 Send us feedback

kernel BUG at arch/x86/kvm/mmu.c:LINE!

Status: fixed on 2018/03/06 13:29
Subsystems: kvm
[Documentation on labels]
Reported-by: syzbot+65daf4c780913c8a66e29f92f9fa9dc97a700038@syzkaller.appspotmail.com
Fix commit: b28676bb8ae4 KVM: mmu: Fix overlap between public and private memslots
First crash: 2460d, last: 2243d
Similar bugs (3)
Kernel Title Repro Cause bisect Fix bisect Count Last Reported Patched Status
linux-4.19 kernel BUG at arch/x86/kvm/mmu.c:LINE! C done error 12 974d 1624d 0/1 upstream: reported C repro on 2019/11/07 21:27
linux-4.14 kernel BUG at arch/x86/kvm/mmu.c:LINE! C 4 1354d 1624d 0/1 upstream: reported C repro on 2019/11/07 23:54
upstream kernel BUG at arch/x86/kvm/mmu.c:LINE! (2) kvm C done 5 1619d 1623d 0/26 closed as dup on 2019/11/08 19:42

Sample crash report:
pte_list_remove: 00000000d36e76e5 0->BUG
------------[ cut here ]------------
kernel BUG at arch/x86/kvm/mmu.c:1209!
invalid opcode: 0000 [#1] SMP KASAN
Dumping ftrace buffer:
   (ftrace buffer empty)
Modules linked in:
CPU: 1 PID: 4201 Comm: syzkaller635184 Not tainted 4.16.0-rc1+ #317
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
RIP: 0010:pte_list_remove+0x3ae/0x3c0 arch/x86/kvm/mmu.c:1208
RSP: 0018:ffff8801b014f260 EFLAGS: 00010286
RAX: 0000000000000028 RBX: ffff8801ad8eeed0 RCX: 0000000000000000
RDX: 0000000000000028 RSI: 1ffff10036029e01 RDI: ffffed0036029e40
RBP: ffff8801b014f2a0 R08: 1ffff10036029d98 R09: 0000000000000000
R10: ffff8801b014f438 R11: 0000000000000000 R12: ffff8801af82f078
R13: 0000000000000000 R14: ffff8801ce73a868 R15: ffff8801ce73a890
FS:  00007f3f27b78700(0000) GS:ffff8801db500000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007f4e0d63c000 CR3: 00000001b32ed003 CR4: 00000000001626e0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
 rmap_remove arch/x86/kvm/mmu.c:1285 [inline]
 drop_spte+0x15a/0x250 arch/x86/kvm/mmu.c:1367
 kvm_zap_rmapp+0x7e/0xd0 arch/x86/kvm/mmu.c:1621
 kvm_unmap_rmapp+0x1d/0x30 arch/x86/kvm/mmu.c:1632
 kvm_handle_hva_range+0x3ed/0x6e0 arch/x86/kvm/mmu.c:1786
 kvm_unmap_hva_range+0x2e/0x40 arch/x86/kvm/mmu.c:1812
 kvm_mmu_notifier_invalidate_range_start+0xa1/0x140 arch/x86/kvm/../../../virt/kvm/kvm_main.c:355
 __mmu_notifier_invalidate_range_start+0x1cd/0x2d0 mm/mmu_notifier.c:186
 mmu_notifier_invalidate_range_start include/linux/mmu_notifier.h:284 [inline]
 unmap_vmas+0x14b/0x1b0 mm/memory.c:1585
 unmap_region+0x2b9/0x4f0 mm/mmap.c:2511
 do_munmap+0x726/0xdf0 mm/mmap.c:2726
 mmap_region+0x59e/0x15a0 mm/mmap.c:1646
 do_mmap+0x6c0/0xe00 mm/mmap.c:1483
 do_mmap_pgoff include/linux/mm.h:2223 [inline]
 vm_mmap_pgoff+0x1de/0x280 mm/util.c:355
 SYSC_mmap_pgoff mm/mmap.c:1533 [inline]
 SyS_mmap_pgoff+0x23b/0x5f0 mm/mmap.c:1491
 SYSC_mmap arch/x86/kernel/sys_x86_64.c:100 [inline]
 SyS_mmap+0x16/0x20 arch/x86/kernel/sys_x86_64.c:91
 do_syscall_64+0x280/0x940 arch/x86/entry/common.c:287
 entry_SYSCALL_64_after_hwframe+0x42/0xb7
RIP: 0033:0x448939
RSP: 002b:00007f3f27b77d98 EFLAGS: 00000212 ORIG_RAX: 0000000000000009
RAX: ffffffffffffffda RBX: 00000000006ddc3c RCX: 0000000000448939
RDX: 0000000000000003 RSI: 0000000000fff000 RDI: 0000000020000000
RBP: 0000000000000000 R08: 00000000ffffffff R09: 0000000000000000
R10: 0000000000000032 R11: 0000000000000212 R12: 00000000006ddc38
R13: 6d766b2f7665642f R14: 00007f3f27b789c0 R15: 0000000000000001
Code: d9 e4 61 00 48 8b 75 d0 48 c7 c7 00 6a e2 85 e8 f1 88 4b 00 0f 0b e8 c2 e4 61 00 48 8b 75 d0 48 c7 c7 c0 69 e2 85 e8 da 88 4b 00 <0f> 0b 4c 89 ef e8 28 37 9a 00 e9 01 fe ff ff 0f 1f 00 55 48 89 
RIP: pte_list_remove+0x3ae/0x3c0 arch/x86/kvm/mmu.c:1208 RSP: ffff8801b014f260
---[ end trace eec49554649c629e ]---

Crashes (695):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2018/02/18 06:58 upstream ee78ad7848a7 833f78c7 .config console log report syz C ci-upstream-kasan-gce
2018/02/08 19:19 upstream 581e400ff935 9fb5ec43 .config console log report syz C ci-upstream-kasan-gce
2018/02/07 11:22 upstream cbd7b8a76b79 66c15deb .config console log report syz C ci-upstream-kasan-gce
2017/12/09 03:37 upstream 3625de4b2872 5ad0ce95 .config console log report syz C ci-upstream-kasan-gce
2017/12/12 07:30 mmots 82bcf1def3b5 da131727 .config console log report syz C ci-upstream-mmots-kasan-gce
2017/12/11 15:59 mmots 82bcf1def3b5 27f5dfef .config console log report syz C ci-upstream-mmots-kasan-gce
2017/12/09 18:50 linux-next ad4dac17f9d5 5ad0ce95 .config console log report syz C ci-upstream-next-kasan-gce
2017/12/09 05:09 linux-next ad4dac17f9d5 5ad0ce95 .config console log report syz C ci-upstream-next-kasan-gce
2017/08/21 07:14 linux-next bb70832dd42b f238fbd4 .config console log report syz C ci-upstream-next-kasan-gce
2017/07/30 13:48 upstream 0a07b238e5f4 fe8ced11 .config console log report syz ci-upstream-kasan-gce
2017/08/13 20:07 linux-next 91dfed74eabc 6a0246bf .config console log report syz skylake-linux-next-kasan-qemu
2017/08/13 18:27 linux-next 91dfed74eabc 6a0246bf .config console log report syz skylake-linux-next-kasan-qemu
2017/08/12 14:17 linux-next 91dfed74eabc 360f0528 .config console log report syz ci-upstream-next-kasan-gce
2018/02/27 00:09 upstream 4a3928c6f8a5 b370d4a7 .config console log report ci-upstream-kasan-gce
2018/02/26 12:05 upstream c89be5242607 9fe8aa42 .config console log report ci-upstream-kasan-gce
2018/02/26 10:10 upstream c89be5242607 9fe8aa42 .config console log report ci-upstream-kasan-gce
2018/02/26 07:47 upstream c89be5242607 9fe8aa42 .config console log report ci-upstream-kasan-gce
2018/02/26 04:43 upstream c89be5242607 9fe8aa42 .config console log report ci-upstream-kasan-gce
2018/02/26 04:42 upstream c89be5242607 9fe8aa42 .config console log report ci-upstream-kasan-gce
2018/02/26 03:36 upstream c89be5242607 9fe8aa42 .config console log report ci-upstream-kasan-gce
2018/02/25 23:08 upstream 3664ce2d9309 9fe8aa42 .config console log report ci-upstream-kasan-gce
2018/02/25 20:24 upstream 3664ce2d9309 9fe8aa42 .config console log report ci-upstream-kasan-gce
2018/02/25 19:39 upstream 3664ce2d9309 9fe8aa42 .config console log report ci-upstream-kasan-gce
2018/02/25 15:27 upstream 3664ce2d9309 5c1e0207 .config console log report ci-upstream-kasan-gce
2018/02/25 13:57 upstream 3664ce2d9309 5c1e0207 .config console log report ci-upstream-kasan-gce
2018/02/25 10:52 upstream 3664ce2d9309 5c1e0207 .config console log report ci-upstream-kasan-gce
2018/02/25 10:15 upstream 3664ce2d9309 5c1e0207 .config console log report ci-upstream-kasan-gce
2018/02/25 07:57 upstream 3664ce2d9309 5c1e0207 .config console log report ci-upstream-kasan-gce
2018/02/25 05:42 upstream 3664ce2d9309 5c1e0207 .config console log report ci-upstream-kasan-gce
2018/02/25 05:14 upstream 3664ce2d9309 5c1e0207 .config console log report ci-upstream-kasan-gce
2018/02/25 03:07 upstream 3664ce2d9309 5c1e0207 .config console log report ci-upstream-kasan-gce
2018/02/25 01:51 upstream 9cb9c07d6b0c 5c1e0207 .config console log report ci-upstream-kasan-gce
2018/02/24 23:52 upstream 9cb9c07d6b0c 5c1e0207 .config console log report ci-upstream-kasan-gce
2018/02/24 20:35 upstream 9cb9c07d6b0c 5c1e0207 .config console log report ci-upstream-kasan-gce
2018/02/24 18:14 upstream 9cb9c07d6b0c 5c1e0207 .config console log report ci-upstream-kasan-gce
2018/02/24 06:42 upstream 938e1426e262 5c1e0207 .config console log report ci-upstream-kasan-gce
2018/02/23 19:51 upstream 0f9da844d877 33464158 .config console log report ci-upstream-kasan-gce
2018/02/21 02:15 upstream af3e79d29555 04cbdbd1 .config console log report ci-upstream-kasan-gce
2018/02/20 02:25 upstream 91ab883eb213 c1f526e3 .config console log report ci-upstream-kasan-gce
2018/02/20 00:59 upstream 91ab883eb213 c1f526e3 .config console log report ci-upstream-kasan-gce
2018/02/19 08:44 upstream 0e06fb5b9ac8 833f78c7 .config console log report ci-upstream-kasan-gce
2018/02/19 01:19 upstream 0e06fb5b9ac8 833f78c7 .config console log report ci-upstream-kasan-gce
2018/02/17 23:58 upstream ee78ad7848a7 833f78c7 .config console log report ci-upstream-kasan-gce
2018/02/17 06:05 upstream 1a2a7d3ee659 c8b3f7c1 .config console log report ci-upstream-kasan-gce
2018/02/17 01:58 upstream 1a2a7d3ee659 c8b3f7c1 .config console log report ci-upstream-kasan-gce
2018/02/16 06:34 upstream 1388c80438e6 c8b3f7c1 .config console log report ci-upstream-kasan-gce
2018/02/16 04:45 upstream 1388c80438e6 c8b3f7c1 .config console log report ci-upstream-kasan-gce
2018/02/16 00:29 upstream 1388c80438e6 c8b3f7c1 .config console log report ci-upstream-kasan-gce
2018/02/15 05:03 upstream 6556677a8040 17061fc0 .config console log report ci-upstream-kasan-gce
2018/02/14 12:19 upstream 61f14c015f5b 88bc17df .config console log report ci-upstream-kasan-gce
2018/02/14 11:00 upstream 61f14c015f5b 88bc17df .config console log report ci-upstream-kasan-gce
2018/02/14 02:31 upstream 61f14c015f5b 88bc17df .config console log report ci-upstream-kasan-gce
2018/02/13 16:53 upstream 178e834c47b0 88bc17df .config console log report ci-upstream-kasan-gce
2018/02/13 11:08 upstream 178e834c47b0 88bc17df .config console log report ci-upstream-kasan-gce
2018/02/12 03:57 upstream 7928b2cbe55b 4e9b726d .config console log report ci-upstream-kasan-gce
2018/02/26 16:30 upstream 4a3928c6f8a5 9fe8aa42 .config console log report ci-upstream-kasan-gce-386
* Struck through repros no longer work on HEAD.