syzbot


BUG: unable to handle kernel paging request in vmx_vcpu_run

Status: fixed on 2020/09/20 14:43
Subsystems: kvm
[Documentation on labels]
Reported-by: syzbot+ef99b30646419e80cae3@syzkaller.appspotmail.com
Fix commit: 0447378a4a79 kvm: vmx: Nested VM-entry prereqs for event inj.
First crash: 2255d, last: 2140d
Cause bisection: failed (error log, bisect log)
  
Fix bisection: failed (error log, bisect log)
  
Duplicate bugs (2)
duplicates (2):
Title Repro Cause bisect Fix bisect Count Last Reported Patched Status
general protection fault in vmx_vcpu_run kvm C 34 2146d 2254d 0/28 closed as dup on 2018/06/28 05:27
KASAN: stack-out-of-bounds Read in vmx_vcpu_run kvm 1 2177d 2177d 0/28 closed as dup on 2018/06/28 05:26
Discussions (3)
Title Replies (including bot) Last reply
Reminder: 25 open syzbot bugs in kvm subsystem 1 (1) 2019/07/24 01:43
Reminder: 25 open syzbot bugs in kvm subsystem 1 (1) 2019/06/24 05:21
BUG: unable to handle kernel paging request in vmx_vcpu_run 0 (1) 2018/04/11 14:02
Last patch testing requests (1)
Created Duration User Patch Repo Result
2020/09/15 05:04 16m brookebasile@gmail.com upstream report log

Sample crash report:
BUG: unable to handle kernel paging request at 0000000041b5e1f3
PGD 1d08c3067 P4D 1d08c3067 PUD 0 
Oops: 0000 [#1] SMP KASAN
Dumping ftrace buffer:
   (ftrace buffer empty)
Modules linked in:
CPU: 1 PID: 4490 Comm: syzkaller772673 Not tainted 4.16.0+ #3
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
RIP: 0010:msr_write_intercepted arch/x86/kvm/vmx.c:2126 [inline]
RIP: 0010:vmx_vcpu_run+0xa3d/0x25f0 arch/x86/kvm/vmx.c:9884
RSP: 0018:ffff8801d8ea7380 EFLAGS: 00010046
==================================================================
BUG: KASAN: stack-out-of-bounds in __show_regs.cold.7+0x4e/0x54a arch/x86/kernel/process_64.c:79
Read of size 8 at addr ffff8801d8ea7300 by task syzkaller772673/4490

CPU: 1 PID: 4490 Comm: syzkaller772673 Not tainted 4.16.0+ #3
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:

The buggy address belongs to the page:
page:ffffea000763a9c0 count:0 mapcount:0 mapping:0000000000000000 index:0x0
flags: 0x2fffc0000000000()
raw: 02fffc0000000000 0000000000000000 0000000000000000 00000000ffffffff
raw: 0000000000000000 ffffea0007630101 0000000000000000 0000000000000000
page dumped because: kasan: bad access detected

Memory state around the buggy address:
 ffff8801d8ea7200: f2 f2 f2 f2 00 f2 f2 f2 f2 f2 f2 f2 00 f2 f2 f2
 ffff8801d8ea7280: f3 f3 f3 f3 f2 f2 f8 f2 f2 f2 f2 f2 f2 f2 00 00
>ffff8801d8ea7300: f2 f2 f3 f3 f3 f3 00 00 00 00 00 00 00 00 00 00
                   ^
 ffff8801d8ea7380: f1 f1 f1 f1 00 f2 f2 f2 f2 f2 f2 f2 00 f2 f2 f2
 ffff8801d8ea7400: f2 f2 f2 f2 00 f2 f2 f2 f3 f3 f3 f3 00 00 00 00
==================================================================

Crashes (194):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2018/04/15 18:27 upstream 18b7fd1c93e5 7a67784c .config console log report syz C ci-upstream-kasan-gce
2018/04/11 12:22 upstream b284d4d5a678 8b8de427 .config console log report syz C ci-upstream-kasan-gce
2018/04/11 13:43 upstream b284d4d5a678 8b8de427 .config console log report syz ci-upstream-kasan-gce-root
2018/07/25 13:44 linux-next d1e0b8e0cb7a 375a3e31 .config console log report syz ci-upstream-linux-next-kasan-gce-root
2018/08/02 05:49 upstream 44960f2a7b63 0a7cf4ec .config console log report ci-upstream-kasan-gce
2018/07/31 09:47 upstream 527838d470e3 1a381291 .config console log report ci-upstream-kasan-gce
2018/07/16 05:11 upstream 9d3cce1e8b85 92a49505 .config console log report ci-upstream-kasan-gce
2018/07/15 23:31 upstream 37b5dca2898d 92a49505 .config console log report ci-upstream-kasan-gce
2018/06/28 17:48 upstream f57494321cbf dba0b50e .config console log report ci-upstream-kasan-gce
2018/06/13 22:24 upstream be779f03d563 27c5f59f .config console log report ci-upstream-kasan-gce
2018/06/13 15:38 upstream f5b7769eb040 27c5f59f .config console log report ci-upstream-kasan-gce-root
2018/06/13 08:37 upstream f5b7769eb040 27c5f59f .config console log report ci-upstream-kasan-gce
2018/06/11 19:51 upstream f0dc7f9c6dd9 ae8bdb50 .config console log report ci-upstream-kasan-gce-root
2018/06/11 17:14 upstream f0dc7f9c6dd9 ae8bdb50 .config console log report ci-upstream-kasan-gce
2018/06/10 10:09 upstream a16afaf7928b 866118af .config console log report ci-upstream-kasan-gce
2018/06/06 23:53 upstream 0ad39cb3d70f e0e534c6 .config console log report ci-upstream-kasan-gce-root
2018/06/06 02:55 upstream 5037be168f0e 863a24bb .config console log report ci-upstream-kasan-gce
2018/06/05 18:43 upstream 716a685fdb89 a316ff92 .config console log report ci-upstream-kasan-gce-root
2018/06/05 04:56 upstream 910470e03f34 a50d873b .config console log report ci-upstream-kasan-gce
2018/06/05 02:10 upstream 910470e03f34 a50d873b .config console log report ci-upstream-kasan-gce
2018/06/04 18:27 upstream 29dcea88779c 6cbe7c26 .config console log report ci-upstream-kasan-gce
2018/06/04 15:25 upstream 29dcea88779c 6cbe7c26 .config console log report ci-upstream-kasan-gce
2018/06/04 01:11 upstream 325e14f97e0c 2f93b54f .config console log report ci-upstream-kasan-gce
2018/06/03 23:24 upstream 325e14f97e0c 2f93b54f .config console log report ci-upstream-kasan-gce
2018/06/03 18:56 upstream 918fe1b31579 2f93b54f .config console log report ci-upstream-kasan-gce
2018/06/03 14:24 upstream 918fe1b31579 2f93b54f .config console log report ci-upstream-kasan-gce
2018/06/03 13:16 upstream 918fe1b31579 2f93b54f .config console log report ci-upstream-kasan-gce
2018/06/03 05:22 upstream 4277e6b9fd44 2f93b54f .config console log report ci-upstream-kasan-gce
2018/06/02 17:23 upstream 0512e0134582 2f93b54f .config console log report ci-upstream-kasan-gce
2018/06/02 15:07 upstream 0512e0134582 2f93b54f .config console log report ci-upstream-kasan-gce
2018/06/02 07:39 upstream 0512e0134582 2f93b54f .config console log report ci-upstream-kasan-gce
2018/06/01 15:15 upstream 0512e0134582 2f93b54f .config console log report ci-upstream-kasan-gce
2018/06/01 06:05 upstream dd52cb879063 2f93b54f .config console log report ci-upstream-kasan-gce
2018/05/31 16:19 upstream 88a867653065 2f93b54f .config console log report ci-upstream-kasan-gce
2018/05/31 14:42 upstream 88a867653065 2f93b54f .config console log report ci-upstream-kasan-gce-root
2018/05/31 00:14 upstream d60d61f36b8f 2f93b54f .config console log report ci-upstream-kasan-gce
2018/05/30 17:15 upstream 0044cdeb7313 2f93b54f .config console log report ci-upstream-kasan-gce
2018/05/30 07:37 upstream 0044cdeb7313 2f93b54f .config console log report ci-upstream-kasan-gce
2018/05/30 06:16 upstream 0044cdeb7313 2f93b54f .config console log report ci-upstream-kasan-gce
2018/05/29 17:13 upstream 3d661e2a2d1c e276de77 .config console log report ci-upstream-kasan-gce
2018/05/29 04:29 upstream 786b71f5b754 f48c20b8 .config console log report ci-upstream-kasan-gce-root
2018/05/29 03:22 upstream 786b71f5b754 f48c20b8 .config console log report ci-upstream-kasan-gce-root
2018/05/29 00:31 upstream 786b71f5b754 f48c20b8 .config console log report ci-upstream-kasan-gce
2018/05/28 22:11 upstream 786b71f5b754 f48c20b8 .config console log report ci-upstream-kasan-gce
2018/05/28 15:50 upstream b04e217704b7 f48c20b8 .config console log report ci-upstream-kasan-gce
2018/04/10 23:32 upstream c18bb396d3d2 8b8de427 .config console log report ci-upstream-kasan-gce-root
2018/06/13 02:54 upstream 0725d4e1b8b0 6dcbc435 .config console log report ci-upstream-kasan-gce-386
2018/08/04 02:35 linux-next 116b181bb646 df7f6947 .config console log report ci-upstream-linux-next-kasan-gce-root
* Struck through repros no longer work on HEAD.