WARNING in kvm_arch_vcpu_ioctl

WARNING in kvm_arch_vcpu_ioctl_run (3)
Status: upstream: reported C repro on 2018/03/28 07:13
Reported-by: syzbot+760a73552f47a8cd0fd9@syzkaller.appspotmail.com
First crash: 1078d, last: 208d

Cause bisection: introduced by (bisect log) :
commit 706249c222f68471b6f8e9e8e9b77665c404b226
Author: Peter Zijlstra <peterz@infradead.org>
Date: Fri Jul 24 13:06:37 2015 +0000

locking/static_keys: Rework update logic

Crash: BUG: unable to handle kernel NULL pointer dereference in kvm_apic_set_version (log)
Repro: syz .config

Fix bisection: failed (bisect log)

similar bugs (4):
Kernel	Title	Repro	Fix bisect	Count	Last	Reported	Patched	Status
upstream	WARNING in kvm_arch_vcpu_ioctl_run (2)	C		61018	1132d	1221d	4/21	fixed on 2018/03/13 09:44
upstream	WARNING in kvm_arch_vcpu_ioctl_run	C		20284	1258d	1323d	3/21	fixed on 2017/09/26 01:38
linux-4.14	WARNING in kvm_arch_vcpu_ioctl_run	C	inconclusive	4	282d	620d	0/1	upstream: reported C repro on 2019/06/25 23:07
linux-4.19	WARNING in kvm_arch_vcpu_ioctl_run	C	error	6	177d	628d	0/1	upstream: reported C repro on 2019/06/17 10:07

Patch testing requests:
Created	Duration	User	Patch	Repo	Result
2020/09/15 17:51	10m	brookebasile@gmail.com		upstream	report log

Sample crash report:

------------[ cut here ]------------
WARNING: CPU: 1 PID: 7245 at arch/x86/kvm/x86.c:8766 kvm_arch_vcpu_ioctl_run+0x1d3/0x16e0 arch/x86/kvm/x86.c:8766
Kernel panic - not syncing: panic_on_warn set ...
CPU: 1 PID: 7245 Comm: syz-executor076 Not tainted 5.7.0-rc5-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
 __dump_stack lib/dump_stack.c:77 [inline]
 dump_stack+0x188/0x20d lib/dump_stack.c:118
 panic+0x2e3/0x75c kernel/panic.c:221
 __warn.cold+0x2f/0x35 kernel/panic.c:582
 report_bug+0x27b/0x2f0 lib/bug.c:195
 fixup_bug arch/x86/kernel/traps.c:175 [inline]
 fixup_bug arch/x86/kernel/traps.c:170 [inline]
 do_error_trap+0x12b/0x220 arch/x86/kernel/traps.c:267
 do_invalid_op+0x32/0x40 arch/x86/kernel/traps.c:286
 invalid_op+0x23/0x30 arch/x86/entry/entry_64.S:1027
RIP: 0010:kvm_arch_vcpu_ioctl_run+0x1d3/0x16e0 arch/x86/kvm/x86.c:8766
Code: 03 80 3c 02 00 0f 85 f0 13 00 00 4c 8b a5 28 0d 00 00 31 ff 4c 89 e6 e8 cb 6e 64 00 4d 85 e4 0f 84 2a 0c 00 00 e8 2d 6d 64 00 <0f> 0b e8 26 6d 64 00 48 8d 7b 01 48 b8 00 00 00 00 00 fc ff df 48
RSP: 0018:ffffc90001a87ce0 EFLAGS: 00010293
RAX: ffff88808e8bc340 RBX: ffff88809974e000 RCX: ffffffff810ed2a6
RDX: 0000000000000000 RSI: ffffffff810ec643 RDI: 0000000000000005
RBP: ffff8880949f8040 R08: ffff88808e8bc340 R09: ffffed1015ce7104
R10: ffff8880ae73881b R11: ffffed1015ce7103 R12: 0000000000000001
R13: 0000000000000000 R14: ffff8880a68ab480 R15: ffff8880949f8130
 kvm_vcpu_ioctl+0x493/0xe60 arch/x86/kvm/../../../virt/kvm/kvm_main.c:3138
 vfs_ioctl fs/ioctl.c:47 [inline]
 ksys_ioctl+0x11a/0x180 fs/ioctl.c:771
 __do_sys_ioctl fs/ioctl.c:780 [inline]
 __se_sys_ioctl fs/ioctl.c:778 [inline]
 __x64_sys_ioctl+0x6f/0xb0 fs/ioctl.c:778
 do_syscall_64+0xf6/0x7d0 arch/x86/entry/common.c:295
 entry_SYSCALL_64_after_hwframe+0x49/0xb3
RIP: 0033:0x449b99
Code: e8 8c b0 02 00 48 83 c4 18 c3 0f 1f 80 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 4b 0a fc ff c3 66 2e 0f 1f 84 00 00 00 00
RSP: 002b:00007ff8efc56ce8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
RAX: ffffffffffffffda RBX: 00000000006dfc58 RCX: 0000000000449b99
RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000005
RBP: 00000000006dfc50 R08: 00007ff8efc57700 R09: 0000000000000000
R10: 00007ff8efc57700 R11: 0000000000000246 R12: 00000000006dfc5c
R13: 00007ffcc23d754f R14: 00007ff8efc579c0 R15: 20c49ba5e353f7cf
Kernel Offset: disabled
Rebooting in 86400 seconds..

Crashes (15845):
Manager	Time	Kernel	Commit	Syzkaller	Config	Log	Report	Syz repro	C repro
ci-upstream-kasan-gce-selinux-root	2020/05/14 06:34	upstream	24085f70	a885920d	.config	log	report	syz	C
ci-upstream-kasan-gce-root	2020/05/13 06:51	upstream	24085f70	a44eb8f7	.config	log	report	syz	C
ci-upstream-kasan-gce-smack-root	2020/05/13 04:07	upstream	24085f70	a44eb8f7	.config	log	report	syz	C
ci-upstream-kasan-gce	2020/04/28 05:35	upstream	51184ae3	0ce7569e	.config	log	report	syz	C
ci-upstream-kasan-gce-smack-root	2019/06/17 09:00	upstream	963172d9	442206d7	.config	log	report	syz	C
ci-upstream-kasan-gce-selinux-root	2019/06/17 06:24	upstream	963172d9	442206d7	.config	log	report	syz	C
ci-upstream-kasan-gce-root	2019/06/17 05:57	upstream	963172d9	442206d7	.config	log	report	syz	C
ci-upstream-kasan-gce	2019/06/17 02:54	upstream	963172d9	442206d7	.config	log	report	syz	C
ci-upstream-linux-next-kasan-gce-root	2020/08/03 22:27	linux-next	01830e6c	196277c4	.config	log	report	syz	C
ci-upstream-linux-next-kasan-gce-root	2020/08/01 07:23	linux-next	01830e6c	d895b3be	.config	log	report	syz	C
ci-upstream-linux-next-kasan-gce-root	2020/07/30 12:04	linux-next	04b45717	233283a1	.config	log	report	syz	C
ci-upstream-linux-next-kasan-gce-root	2020/05/13 01:34	linux-next	ac935d22	a44eb8f7	.config	log	report	syz	C
ci-upstream-kasan-gce-root	2018/10/02 22:06	upstream	1d2ba7fe	a316a2af	.config	log	report	syz
ci-upstream-kasan-gce-smack-root	2018/10/02 22:05	upstream	1d2ba7fe	a316a2af	.config	log	report	syz
ci-upstream-kasan-gce-selinux-root	2018/10/02 21:59	upstream	1d2ba7fe	a316a2af	.config	log	report	syz
ci-upstream-kasan-gce	2018/10/02 21:06	upstream	1d2ba7fe	a316a2af	.config	log	report	syz
ci-upstream-kasan-gce-root	2020/07/06 09:44	upstream	7cc2a8ea	51095195	.config	log	report
ci-upstream-kasan-gce	2020/06/26 23:12	upstream	4a21185c	aea82c00	.config	log	report
ci-upstream-kasan-gce-386	2019/11/19 04:04	upstream	af42d346	5bc70212	.config	log	report
ci-upstream-kasan-gce-386	2018/03/24 06:26	upstream	99fec39e	2e9d9054	.config	log	report
ci-upstream-linux-next-kasan-gce-root	2020/08/10 09:37	linux-next	01830e6c	70301872	.config	log	report
ci-upstream-linux-next-kasan-gce-root	2020/08/10 09:17	linux-next	01830e6c	70301872	.config	log	report
ci-upstream-linux-next-kasan-gce-root	2020/08/10 08:57	linux-next	01830e6c	70301872	.config	log	report
ci-upstream-linux-next-kasan-gce-root	2020/08/10 08:39	linux-next	01830e6c	70301872	.config	log	report
ci-upstream-linux-next-kasan-gce-root	2020/08/10 08:11	linux-next	01830e6c	70301872	.config	log	report
ci-upstream-linux-next-kasan-gce-root	2020/08/10 07:53	linux-next	01830e6c	70301872	.config	log	report
ci-upstream-linux-next-kasan-gce-root	2020/08/10 07:29	linux-next	01830e6c	70301872	.config	log	report
ci-upstream-linux-next-kasan-gce-root	2020/08/10 07:13	linux-next	01830e6c	70301872	.config	log	report
ci-upstream-linux-next-kasan-gce-root	2020/08/10 06:59	linux-next	01830e6c	70301872	.config	log	report
ci-upstream-linux-next-kasan-gce-root	2020/08/10 06:47	linux-next	01830e6c	70301872	.config	log	report
ci-upstream-linux-next-kasan-gce-root	2020/08/10 06:30	linux-next	01830e6c	70301872	.config	log	report
ci-upstream-linux-next-kasan-gce-root	2020/08/10 06:11	linux-next	01830e6c	70301872	.config	log	report
ci-upstream-linux-next-kasan-gce-root	2020/08/10 05:54	linux-next	01830e6c	70301872	.config	log	report
ci-upstream-linux-next-kasan-gce-root	2020/08/10 05:39	linux-next	01830e6c	70301872	.config	log	report
ci-upstream-linux-next-kasan-gce-root	2020/08/10 05:25	linux-next	01830e6c	70301872	.config	log	report
ci-upstream-linux-next-kasan-gce-root	2020/08/10 05:10	linux-next	01830e6c	70301872	.config	log	report
ci-upstream-linux-next-kasan-gce-root	2020/08/10 04:54	linux-next	01830e6c	70301872	.config	log	report
ci-upstream-linux-next-kasan-gce-root	2020/08/10 04:44	linux-next	01830e6c	70301872	.config	log	report
ci-upstream-linux-next-kasan-gce-root	2020/08/10 04:29	linux-next	01830e6c	70301872	.config	log	report
ci-upstream-linux-next-kasan-gce-root	2020/08/10 04:08	linux-next	01830e6c	70301872	.config	log	report
ci-upstream-linux-next-kasan-gce-root	2020/08/10 03:54	linux-next	01830e6c	70301872	.config	log	report
ci-upstream-linux-next-kasan-gce-root	2020/08/10 03:42	linux-next	01830e6c	70301872	.config	log	report
ci-upstream-linux-next-kasan-gce-root	2020/08/10 03:26	linux-next	01830e6c	70301872	.config	log	report
ci-upstream-linux-next-kasan-gce-root	2020/08/10 02:51	linux-next	01830e6c	70301872	.config	log	report
ci-upstream-linux-next-kasan-gce-root	2020/08/10 02:28	linux-next	01830e6c	70301872	.config	log	report
ci-upstream-linux-next-kasan-gce-root	2020/08/10 02:07	linux-next	01830e6c	70301872	.config	log	report
ci-upstream-linux-next-kasan-gce-root	2020/08/10 01:46	linux-next	01830e6c	70301872	.config	log	report
ci-upstream-linux-next-kasan-gce-root	2020/08/10 01:27	linux-next	01830e6c	70301872	.config	log	report
ci-upstream-linux-next-kasan-gce-root	2020/08/10 01:08	linux-next	01830e6c	70301872	.config	log	report
ci-upstream-linux-next-kasan-gce-root	2020/08/10 00:48	linux-next	01830e6c	70301872	.config	log	report
ci-upstream-linux-next-kasan-gce-root	2020/08/10 00:26	linux-next	01830e6c	70301872	.config	log	report
ci-upstream-linux-next-kasan-gce-root	2020/08/10 00:09	linux-next	01830e6c	70301872	.config	log	report
ci-upstream-linux-next-kasan-gce-root	2020/08/09 23:54	linux-next	01830e6c	70301872	.config	log	report
ci-upstream-linux-next-kasan-gce-root	2020/08/09 23:38	linux-next	01830e6c	70301872	.config	log	report
ci-upstream-linux-next-kasan-gce-root	2020/08/09 23:25	linux-next	01830e6c	70301872	.config	log	report
ci-upstream-linux-next-kasan-gce-root	2020/08/09 23:08	linux-next	01830e6c	70301872	.config	log	report
ci-upstream-linux-next-kasan-gce-root	2020/08/09 22:51	linux-next	01830e6c	70301872	.config	log	report
ci-upstream-linux-next-kasan-gce-root	2020/08/09 22:42	linux-next	01830e6c	70301872	.config	log	report
ci-upstream-linux-next-kasan-gce-root	2020/08/09 22:25	linux-next	01830e6c	70301872	.config	log	report
ci-upstream-linux-next-kasan-gce-root	2020/08/09 22:11	linux-next	01830e6c	70301872	.config	log	report
ci-upstream-linux-next-kasan-gce-root	2020/08/09 21:55	linux-next	01830e6c	70301872	.config	log	report