syzbot


kernel BUG at arch/x86/kvm/mmu.c:LINE!

Status: upstream: reported C repro on 2019/11/07 23:54
Reported-by: syzbot+9ebec1e01f085a293e28@syzkaller.appspotmail.com
First crash: 1688d, last: 1418d
Similar bugs (3)
Kernel Title Repro Cause bisect Fix bisect Count Last Reported Patched Status
linux-4.19 kernel BUG at arch/x86/kvm/mmu.c:LINE! C done error 12 1038d 1688d 0/1 upstream: reported C repro on 2019/11/07 21:27
upstream kernel BUG at arch/x86/kvm/mmu.c:LINE! kvm C 695 2307d 2424d 4/27 fixed on 2018/03/06 13:29
upstream kernel BUG at arch/x86/kvm/mmu.c:LINE! (2) kvm C done 5 1683d 1687d 0/27 closed as dup on 2019/11/08 19:42
Last patch testing requests (2)
Created Duration User Patch Repo Result
2023/01/29 18:32 14m retest repro linux-4.14.y report log
2022/09/09 23:27 12m retest repro linux-4.14.y report log
Fix bisection attempts (7)
Created Duration User Patch Repo Result
2020/06/24 18:05 29m (4) bisect fix linux-4.14.y job log (2)
marked invalid by web-security-scanner@google.com
2020/05/22 17:02 23m (2) bisect fix linux-4.14.y job log (0) log
marked invalid by web-security-scanner@google.com
2020/04/22 16:38 24m bisect fix linux-4.14.y job log (0) log
marked invalid by web-security-scanner@google.com
2020/03/23 16:14 24m bisect fix linux-4.14.y job log (0) log
marked invalid by web-security-scanner@google.com
2020/02/22 15:38 23m bisect fix linux-4.14.y job log (0) log
marked invalid by web-security-scanner@google.com
2020/01/23 15:12 25m bisect fix linux-4.14.y job log (0) log
2019/12/14 18:50 23m bisect fix linux-4.14.y job log (0) log
Cause bisection attempts (1)
Created Duration User Patch Repo Result
2019/11/08 13:43 1d08h bisect linux-4.14.y job log (1) log
marked invalid by web-security-scanner@google.com

Sample crash report:
audit: type=1400 audit(1573166999.461:36): avc:  denied  { map } for  pid=6827 comm="syz-executor701" path="/root/syz-executor701560650" dev="sda1" ino=16483 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1
L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details.
audit: type=1400 audit(1573166999.471:37): avc:  denied  { map } for  pid=6828 comm="syz-executor701" path="/dev/bus/usb/007/001" dev="devtmpfs" ino=299 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:usb_device_t:s0 tclass=chr_file permissive=1
------------[ cut here ]------------
kernel BUG at arch/x86/kvm/mmu.c:3104!
invalid opcode: 0000 [#1] PREEMPT SMP KASAN
Modules linked in:
CPU: 1 PID: 6828 Comm: syz-executor701 Not tainted 4.14.152 #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
task: ffff8880a881a380 task.stack: ffff8880a89d0000
RIP: 0010:transparent_hugepage_adjust+0x285/0x300 arch/x86/kvm/mmu.c:3104
RSP: 0018:ffff8880a89d7888 EFLAGS: 00010297
RAX: ffff8880a881a380 RBX: ffff8880a89d7958 RCX: 0000000000000009
RDX: 0000000000000000 RSI: ffff888085eeb708 RDI: ffff888085ee0390
RBP: ffff8880a89d78c0 R08: ffff888081c80200 R09: ffffffff88c916e8
R10: ffff8880a881ac50 R11: ffff8880a881a380 R12: ffff8880a89d7948
R13: ffff8880a89d7978 R14: ffff8880a4fa0040 R15: 000000000008db61
FS:  0000000001b43880(0000) GS:ffff8880aef00000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000000000000000 CR3: 0000000091f58000 CR4: 00000000001426e0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
 tdp_page_fault+0x47b/0x5b0 arch/x86/kvm/mmu.c:3963
 kvm_mmu_page_fault+0x10d/0x300 arch/x86/kvm/mmu.c:4972
 handle_ept_violation+0x157/0x440 arch/x86/kvm/vmx.c:6926
 vmx_handle_exit+0x20d/0x1330 arch/x86/kvm/vmx.c:9199
 vcpu_enter_guest+0xf28/0x5220 arch/x86/kvm/x86.c:7264
 vcpu_run arch/x86/kvm/x86.c:7327 [inline]
 kvm_arch_vcpu_ioctl_run+0x318/0x1000 arch/x86/kvm/x86.c:7494
 kvm_vcpu_ioctl+0x401/0xd10 arch/x86/kvm/../../../virt/kvm/kvm_main.c:2611
 vfs_ioctl fs/ioctl.c:46 [inline]
 file_ioctl fs/ioctl.c:500 [inline]
 do_vfs_ioctl+0x7ae/0x1060 fs/ioctl.c:684
 SYSC_ioctl fs/ioctl.c:701 [inline]
 SyS_ioctl+0x8f/0xc0 fs/ioctl.c:692
 do_syscall_64+0x1e8/0x640 arch/x86/entry/common.c:292
 entry_SYSCALL_64_after_hwframe+0x42/0xb7
RIP: 0033:0x444f29
RSP: 002b:00007ffcef49dce8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 0000000000444f29
RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000006
RBP: 00000000006cf018 R08: 00000000004002e0 R09: 00000000004002e0
R10: 00000000004002e0 R11: 0000000000000246 R12: 0000000000402170
R13: 0000000000402200 R14: 0000000000000000 R15: 0000000000000000
Code: ea 03 80 3c 02 00 75 66 48 8b 41 20 a8 01 0f 85 aa fe ff ff e9 dc fd ff ff 4c 89 e7 e8 55 ab 79 00 e9 35 fe ff ff e8 5b f8 4f 00 <0f> 0b 48 89 df e8 61 ab 79 00 e9 a9 fd ff ff 4c 89 ef e8 54 ab 
RIP: transparent_hugepage_adjust+0x285/0x300 arch/x86/kvm/mmu.c:3104 RSP: ffff8880a89d7888
---[ end trace b6e9bbef55f0fa4e ]---

Crashes (4):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2019/11/07 22:53 linux-4.14.y c9fda4f22428 f39aff9e .config console log report syz C ci2-linux-4-14
2020/08/04 01:27 linux-4.14.y 7f2c5eb458b8 96dd3623 .config console log report ci2-linux-4-14
2020/08/01 23:01 linux-4.14.y 7f2c5eb458b8 8df85ed9 .config console log report ci2-linux-4-14
2019/12/24 14:48 linux-4.14.y e1f7d50ae3a3 be5c2c81 .config console log report ci2-linux-4-14
* Struck through repros no longer work on HEAD.