KASAN: out-of-bounds Write in nested_sync_vmcs12_to

KASAN: out-of-bounds Write in nested_sync_vmcs12_to_shadow
Status: closed as dup on 2020/08/16 03:59
Reported-by: syzbot+6ad11779184a3afe9f7e@syzkaller.appspotmail.com
First crash: 282d, last: 282d

Cause bisection: the issue happens on the oldest tested release (bisect log)
Crash: WARNING in sysfs_warn_dup (log)
Repro: syz .config

Fix bisection: failed (bisect log)

Duplicate of (1):
Title	Repro	Cause bisect	Fix bisect	Count	Last	Reported
general protection fault in syscall_return_slowpath	syz	inconclusive	done	1	235d	322d

Sample crash report:

==================================================================
BUG: KASAN: out-of-bounds in copy_vmcs12_to_enlightened arch/x86/kvm/vmx/nested.c:1820 [inline]
BUG: KASAN: out-of-bounds in nested_sync_vmcs12_to_shadow+0x49e3/0x4a60 arch/x86/kvm/vmx/nested.c:2000
Write of size 2 at addr ffffc90004db72e8 by task syz-executor.4/8294

CPU: 1 PID: 8294 Comm: syz-executor.4 Not tainted 5.7.0-rc1-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
 <IRQ>
 __dump_stack lib/dump_stack.c:77 [inline]
 dump_stack+0x188/0x20d lib/dump_stack.c:118
 print_address_description.constprop.0.cold+0x5/0x315 mm/kasan/report.c:382
 __kasan_report.cold+0x35/0x4d mm/kasan/report.c:511
 kasan_report+0x33/0x50 mm/kasan/common.c:625
 copy_vmcs12_to_enlightened arch/x86/kvm/vmx/nested.c:1820 [inline]
 nested_sync_vmcs12_to_shadow+0x49e3/0x4a60 arch/x86/kvm/vmx/nested.c:2000
 </IRQ>


Memory state around the buggy address:
 ffffc90004db7180: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
 ffffc90004db7200: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
>ffffc90004db7280: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                             ^
 ffffc90004db7300: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
 ffffc90004db7380: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
==================================================================

Crashes (1):
Manager	Time	Kernel	Commit	Syzkaller	Config	Log	Report	Syz repro	C repro	VM info	Maintainers
ci-upstream-kasan-gce-386	2020/04/17 00:08	upstream	9786cab6	c743fcb3	.config	log	report	syz			bp@alien8.de, hpa@zytor.com, jmattson@google.com, joro@8bytes.org, kvm@vger.kernel.org, linux-kernel@vger.kernel.org, mingo@redhat.com, pbonzini@redhat.com, sean.j.christopherson@intel.com, tglx@linutronix.de, vkuznets@redhat.com, wanpengli@tencent.com, x86@kernel.org