syzbot


kernel BUG at arch/x86/kvm/x86.c:LINE! (2)

Status: closed as dup on 2018/10/11 14:32
Subsystems: kvm
[Documentation on labels]
Reported-by: syzbot+f9b42efadea9f5453100@syzkaller.appspotmail.com
First crash: 2248d, last: 2101d
Duplicate of
Title Repro Cause bisect Fix bisect Count Last Reported
WARNING: refcount bug in kvm_vm_ioctl kvm syz 13 2135d 2248d
Discussions (1)
Title Replies (including bot) Last reply
kernel BUG at arch/x86/kvm/x86.c:LINE! (2) 3 (6) 2018/10/11 18:05
Similar bugs (2)
Kernel Title Repro Cause bisect Fix bisect Count Last Reported Patched Status
upstream kernel BUG at arch/x86/kvm/x86.c:LINE! syz 20 2563d 2596d 4/28 fixed on 2018/03/12 10:10
upstream kernel BUG at arch/x86/kvm/x86.c:LINE! (3) kvm 1 2099d 2098d 0/28 auto-closed as invalid on 2019/09/04 07:38

Sample crash report:
audit: type=1400 audit(1550995132.442:37): avc:  denied  { associate } for  pid=8025 comm="syz-executor181" name="syz0" scontext=unconfined_u:object_r:unlabeled_t:s0 tcontext=system_u:object_r:unlabeled_t:s0 tclass=filesystem permissive=1
L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/l1tf.html for details.
------------[ cut here ]------------
kernel BUG at arch/x86/kvm/x86.c:357!
invalid opcode: 0000 [#1] PREEMPT SMP KASAN
CPU: 1 PID: 8041 Comm: syz-executor181 Not tainted 5.0.0-rc7+ #85
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
RIP: 0010:kvm_spurious_fault+0x9/0x10 arch/x86/kvm/x86.c:357
Code: e8 9c ce 65 00 41 bd 03 00 00 00 5b 44 89 e8 41 5c 41 5d 5d c3 66 90 66 2e 0f 1f 84 00 00 00 00 00 55 48 89 e5 e8 77 ce 65 00 <0f> 0b 0f 1f 44 00 00 55 48 89 e5 41 57 41 56 49 89 d6 41 55 41 54
RSP: 0018:ffff8880ae907e80 EFLAGS: 00010006
RAX: ffff8880935cc3c0 RBX: ffff88809838f810 RCX: ffffffff81329baa
RDX: 0000000000010000 RSI: ffffffff810a1309 RDI: 0000000000000007
RBP: ffff8880ae907e80 R08: ffff8880935cc3c0 R09: ffffed1015d25be9
R10: ffffed1015d25be8 R11: ffff8880ae92df47 R12: 1ffff11015d20fd3
R13: ffff888094f64000 R14: ffff8880ae907ef8 R15: 0000000000000001
FS:  0000000002584940(0000) GS:ffff8880ae900000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: ffff8880ae907eb8 CR3: 00000000a86c1000 CR4: 00000000001426e0
Call Trace:
 <IRQ>
 vmcs_clear arch/x86/kvm/vmx/ops.h:185 [inline]
 loaded_vmcs_init+0x95/0x250 arch/x86/kvm/vmx/vmx.c:566
 __loaded_vmcs_clear+0x229/0x360 arch/x86/kvm/vmx/vmx.c:633
 flush_smp_call_function_queue+0x14a/0x500 kernel/smp.c:243
 generic_smp_call_function_single_interrupt+0x13/0x2b kernel/smp.c:192
 smp_call_function_single_interrupt+0xa3/0x460 arch/x86/kernel/smp.c:296
 call_function_single_interrupt+0xf/0x20 arch/x86/entry/entry_64.S:829
 </IRQ>
RIP: 0010:arch_local_irq_restore arch/x86/include/asm/paravirt.h:766 [inline]
RIP: 0010:__raw_spin_unlock_irqrestore include/linux/spinlock_api_smp.h:160 [inline]
RIP: 0010:_raw_spin_unlock_irqrestore+0x95/0xe0 kernel/locking/spinlock.c:184
Code: 48 c7 c0 f0 82 92 88 48 ba 00 00 00 00 00 fc ff df 48 c1 e8 03 80 3c 10 00 75 39 48 83 3d 32 2e 8f 01 00 74 24 48 89 df 57 9d <0f> 1f 44 00 00 bf 01 00 00 00 e8 5c 5e 4a fa 65 8b 05 f5 98 fe 78
RSP: 0018:ffff8880934df9d0 EFLAGS: 00000286 ORIG_RAX: ffffffffffffff04
RAX: 1ffffffff112505e RBX: 0000000000000286 RCX: 0000000000000000
RDX: dffffc0000000000 RSI: 0000000000000001 RDI: 0000000000000286
RBP: ffff8880934df9e0 R08: ffff8880935cc3c0 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000000 R12: ffff888080986bc0
R13: ffff888080986400 R14: ffff8880ae82d000 R15: ffff8880ae82d018
 try_to_wake_up+0xc6/0xff0 kernel/sched/core.c:2074
 wake_up_process kernel/sched/core.c:2142 [inline]
 wake_up_q+0x99/0x100 kernel/sched/core.c:453
 futex_wake+0x429/0x4d0 kernel/futex.c:1624
 do_futex+0x34c/0x1d50 kernel/futex.c:3609
 __do_sys_futex kernel/futex.c:3665 [inline]
 __se_sys_futex kernel/futex.c:3633 [inline]
 __x64_sys_futex+0x3f7/0x590 kernel/futex.c:3633
 do_syscall_64+0x103/0x610 arch/x86/entry/common.c:290
 entry_SYSCALL_64_after_hwframe+0x49/0xbe
RIP: 0033:0x449b09
Code: e8 cc b2 02 00 48 83 c4 18 c3 0f 1f 80 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 3b ff fb ff c3 66 2e 0f 1f 84 00 00 00 00
RSP: 002b:00007ffe337b0278 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca
RAX: ffffffffffffffda RBX: 0000000000000006 RCX: 0000000000449b09
RDX: 0000000000449b09 RSI: 0000000000000081 RDI: 00000000006dfc48
RBP: 00000000006dfc4c R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 00000000006dfc60
R13: 0000000000000000 R14: 000000000000002d R15: 20c49ba5e353f7cf
Modules linked in:
---[ end trace 285e1020b1602a2c ]---
RIP: 0010:kvm_spurious_fault+0x9/0x10 arch/x86/kvm/x86.c:357
Code: e8 9c ce 65 00 41 bd 03 00 00 00 5b 44 89 e8 41 5c 41 5d 5d c3 66 90 66 2e 0f 1f 84 00 00 00 00 00 55 48 89 e5 e8 77 ce 65 00 <0f> 0b 0f 1f 44 00 00 55 48 89 e5 41 57 41 56 49 89 d6 41 55 41 54
RSP: 0018:ffff8880ae907e80 EFLAGS: 00010006
RAX: ffff8880935cc3c0 RBX: ffff88809838f810 RCX: ffffffff81329baa
RDX: 0000000000010000 RSI: ffffffff810a1309 RDI: 0000000000000007
RBP: ffff8880ae907e80 R08: ffff8880935cc3c0 R09: ffffed1015d25be9
R10: ffffed1015d25be8 R11: ffff8880ae92df47 R12: 1ffff11015d20fd3
R13: ffff888094f64000 R14: ffff8880ae907ef8 R15: 0000000000000001
FS:  0000000002584940(0000) GS:ffff8880ae900000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: ffff8880ae907eb8 CR3: 00000000a86c1000 CR4: 00000000001426e0

Crashes (193):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2019/02/24 08:02 upstream e60b5f79bd75 7a06e792 .config console log report syz C ci-upstream-kasan-gce-selinux-root
2019/01/20 03:35 upstream b0efca46b570 353f32ea .config console log report syz C ci-upstream-kasan-gce-selinux-root
2018/10/11 01:58 upstream b8db9e69dba9 5f818b4b .config console log report syz C ci-upstream-kasan-gce-smack-root
2018/10/10 20:33 upstream 3d647e62686f 5b11ac2c .config console log report syz C ci-upstream-kasan-gce-selinux-root
2019/02/24 08:22 linux-next 94a47529a645 7a06e792 .config console log report syz C ci-upstream-linux-next-kasan-gce-root
2019/02/24 21:03 upstream c3619a482e15 7a06e792 .config console log report syz ci-upstream-kasan-gce-smack-root
2019/02/24 16:20 upstream e60b5f79bd75 7a06e792 .config console log report syz ci-upstream-kasan-gce-smack-root
2019/02/24 14:31 upstream e60b5f79bd75 7a06e792 .config console log report syz ci-upstream-kasan-gce-smack-root
2019/02/24 01:19 upstream e60b5f79bd75 7a06e792 .config console log report syz ci-upstream-kasan-gce-smack-root
2019/02/23 19:41 upstream cb268d806972 18107ce0 .config console log report syz ci-upstream-kasan-gce-root
2019/02/20 20:40 upstream 2137397c92ae c95f0707 .config console log report syz ci-upstream-kasan-gce
2019/02/14 22:27 upstream 23e93c9b2cde 76dd003f .config console log report syz ci-upstream-kasan-gce-smack-root
2018/10/28 06:34 upstream 69d5b97c5973 8efba39a .config console log report syz ci-upstream-kasan-gce-smack-root
2018/10/27 22:01 upstream 345671ea0f92 8efba39a .config console log report syz ci-upstream-kasan-gce-root
2018/10/25 20:47 upstream bd6bf7c10484 a8292de9 .config console log report syz ci-upstream-kasan-gce-smack-root
2018/10/24 04:22 upstream 44786880df19 a8292de9 .config console log report syz ci-upstream-kasan-gce
2018/10/24 04:18 upstream 44786880df19 a8292de9 .config console log report syz ci-upstream-kasan-gce-root
2018/10/13 10:12 upstream bab5c80b2110 caf12900 .config console log report syz ci-upstream-kasan-gce
2018/10/13 07:28 upstream bab5c80b2110 caf12900 .config console log report syz ci-upstream-kasan-gce-root
2018/10/11 02:03 upstream 3d647e62686f 5f818b4b .config console log report syz ci-upstream-kasan-gce-root
2018/10/10 21:41 upstream 3d647e62686f 5b11ac2c .config console log report syz ci-upstream-kasan-gce
2018/10/10 20:06 upstream 3d647e62686f 5b11ac2c .config console log report syz ci-upstream-kasan-gce-386
2018/10/10 12:32 upstream 3d647e62686f 5b11ac2c .config console log report syz ci-upstream-kasan-gce-386
2019/02/25 02:38 linux-next 94a47529a645 7a06e792 .config console log report syz ci-upstream-linux-next-kasan-gce-root
2019/02/07 21:48 linux-next 1bd831d68d55 aa4feb03 .config console log report syz ci-upstream-linux-next-kasan-gce-root
2018/10/27 22:01 linux-next 8c60c36d0b8c 8efba39a .config console log report syz ci-upstream-linux-next-kasan-gce-root
2018/10/13 07:47 linux-next 774ea0551a29 caf12900 .config console log report syz ci-upstream-linux-next-kasan-gce-root
2018/10/10 20:28 linux-next 7f3049305d22 5b11ac2c .config console log report syz ci-upstream-linux-next-kasan-gce-root
2018/10/10 14:29 linux-next 7f3049305d22 5b11ac2c .config console log report syz ci-upstream-linux-next-kasan-gce-root
2019/03/05 11:38 upstream cd2a3bf02625 bb91cf81 .config console log report ci-upstream-kasan-gce-root
2019/03/04 02:41 upstream 1c163f4c7b3f 1c0e457a .config console log report ci-upstream-kasan-gce
2019/03/03 01:10 upstream c93d9218ea56 1c0e457a .config console log report ci-upstream-kasan-gce-smack-root
2019/03/01 12:02 upstream 7d762d69145a 8a4b3a6b .config console log report ci-upstream-kasan-gce-selinux-root
2019/02/28 09:07 upstream 7d762d69145a 34ec456b .config console log report ci-upstream-kasan-gce
2019/02/24 23:38 upstream c3619a482e15 7a06e792 .config console log report ci-upstream-kasan-gce-smack-root
2019/02/22 09:58 upstream 8a61716ff2ab 7ff74a98 .config console log report ci-upstream-kasan-gce-root
2019/02/20 17:00 upstream 40e196a906d9 c95f0707 .config console log report ci-upstream-kasan-gce-root
2019/02/18 08:16 upstream 2fee036af043 59f36113 .config console log report ci-upstream-kasan-gce
2019/02/14 12:19 upstream 1f947a7a011f 6a46f448 .config console log report ci-upstream-kasan-gce-smack-root
2019/02/06 20:45 upstream 8834f5600cf3 d25487bc .config console log report ci-upstream-kasan-gce-root
2019/02/04 11:06 upstream 8834f5600cf3 c198d5dd .config console log report ci-upstream-kasan-gce-smack-root
2019/01/31 04:16 upstream 1c0490ce9022 aa432daf .config console log report ci-upstream-kasan-gce-root
2019/01/29 14:11 upstream 4aa9fc2a435a aa432daf .config console log report ci-upstream-kasan-gce
2019/01/27 18:47 upstream ba6069759381 c73f090a .config console log report ci-upstream-kasan-gce-smack-root
2019/01/26 22:10 upstream ba6069759381 c73f090a .config console log report ci-upstream-kasan-gce-smack-root
2019/01/26 13:43 upstream ba6069759381 c73f090a .config console log report ci-upstream-kasan-gce
2019/01/26 06:28 upstream ba6069759381 ebf7a37c .config console log report ci-upstream-kasan-gce
2019/01/25 06:51 upstream c04e2a780caf bfab9cd8 .config console log report ci-upstream-kasan-gce-smack-root
2019/01/24 13:24 upstream 30bac164aca7 ce1ccf97 .config console log report ci-upstream-kasan-gce
2019/01/24 03:53 upstream 30bac164aca7 56558f63 .config console log report ci-upstream-kasan-gce-smack-root
2019/01/20 12:07 upstream b0efca46b570 353f32ea .config console log report ci-upstream-kasan-gce-smack-root
2019/01/19 14:39 upstream 2339e91d0e66 8aa587b0 .config console log report ci-upstream-kasan-gce-smack-root
2019/01/18 11:47 upstream a3a80255d58d 5bf17c30 .config console log report ci-upstream-kasan-gce-root
2019/01/18 07:51 upstream a3a80255d58d 5bf17c30 .config console log report ci-upstream-kasan-gce-root
2019/01/18 01:05 upstream 7fbfee7c80de 769e75ed .config console log report ci-upstream-kasan-gce-smack-root
2019/01/16 11:27 upstream 7939f8beecf1 b47fa78d .config console log report ci-upstream-kasan-gce-selinux-root
2019/01/14 15:46 upstream 1c7fc5cbc339 95485883 .config console log report ci-upstream-kasan-gce-smack-root
2019/01/14 12:51 upstream 1c7fc5cbc339 95485883 .config console log report ci-upstream-kasan-gce
2019/01/14 06:46 upstream 6b529fb0a3ea c3f3344c .config console log report ci-upstream-kasan-gce-root
2019/01/12 17:40 upstream 4b3c31c8d4dd c3f3344c .config console log report ci-upstream-kasan-gce
2019/01/12 13:15 upstream 4b3c31c8d4dd c3f3344c .config console log report ci-upstream-kasan-gce
2019/01/07 02:56 upstream 574823bfab82 ee332608 .config console log report ci-upstream-kasan-gce-root
2019/01/03 05:40 upstream 85f78456f286 06a2b89f .config console log report ci-upstream-kasan-gce-selinux-root
2019/01/02 09:53 upstream 28e8c4bc8eb4 3d85f48c .config console log report ci-upstream-kasan-gce
2019/01/01 09:10 upstream f12e840c819b 3d85f48c .config console log report ci-upstream-kasan-gce-root
2019/01/01 02:08 upstream f12e840c819b 3d85f48c .config console log report ci-upstream-kasan-gce-root
2018/12/30 05:40 upstream 195303136f19 35e3f847 .config console log report ci-upstream-kasan-gce-smack-root
2018/12/29 21:52 upstream 903b77c63167 a40793d7 .config console log report ci-upstream-kasan-gce
2019/01/01 18:57 upstream e1ef035d272e 3d85f48c .config console log report ci-upstream-kasan-gce-386
2018/10/10 03:22 upstream 64c5e530ac2c 8b311eaf .config console log report ci-upstream-kasan-gce-386
2019/02/22 19:36 linux-next 94a47529a645 6a5fcca4 .config console log report ci-upstream-linux-next-kasan-gce-root
2019/02/16 13:53 linux-next 7a92eb7cc1dc f42dee6d .config console log report ci-upstream-linux-next-kasan-gce-root
2019/01/26 04:12 linux-next 494367cb57c9 ebf7a37c .config console log report ci-upstream-linux-next-kasan-gce-root
2019/01/15 11:34 linux-next 5aa6589e17bd ebacf5cb .config console log report ci-upstream-linux-next-kasan-gce-root
2019/01/11 17:51 linux-next b808822a75a3 c3f3344c .config console log report ci-upstream-linux-next-kasan-gce-root
2018/12/28 04:28 linux-next 6a1d293238c1 af317504 .config console log report ci-upstream-linux-next-kasan-gce-root
* Struck through repros no longer work on HEAD.