syzbot


general protection fault in vmx_vcpu_run (2)
Status: upstream: reported C repro on 2021/02/05 15:20
Reported-by: syzbot+42a71c84ef04577f1aef@syzkaller.appspotmail.com
First crash: 481d, last: 374d

Cause bisection: introduced by (bisect log) :
commit 167dcfc08b0b1f964ea95d410aa496fd78adf475
Author: Lorenzo Stoakes <lstoakes@gmail.com>
Date: Tue Dec 15 20:56:41 2020 +0000

  x86/mm: Increase pgt_buf size for 5-level page tables

Crash: SYZFAIL: wrong response packet (log)
Repro: C syz .config

Fix bisection: fixed by (bisect log) [no-op commit]:
commit 292496767ad7e1aca4ed3ee103c21a656d77d139
Author: Wesley Chalmers <Wesley.Chalmers@amd.com>
Date: Wed Jan 27 20:22:55 2021 +0000

  Revert "drm/amd/display: New path for enabling DPG"

similar bugs (1):
Kernel Title Repro Cause bisect Fix bisect Count Last Reported Patched Status
upstream general protection fault in vmx_vcpu_run C 34 1399d 1507d 0/22 closed as dup on 2018/06/28 05:27

Sample crash report:
RBP: 0000000000402ed0 R08: 0000000000400488 R09: 0000000000400488
R10: 0000000000400488 R11: 0000000000000246 R12: 0000000000402f60
R13: 0000000000000000 R14: 00000000004ac018 R15: 0000000000400488
==================================================================
BUG: KASAN: global-out-of-bounds in atomic_switch_perf_msrs arch/x86/kvm/vmx/vmx.c:6589 [inline]
BUG: KASAN: global-out-of-bounds in vmx_vcpu_run+0x497/0x1370 arch/x86/kvm/vmx/vmx.c:6756
Read of size 8 at addr ffffffff89a000f1 by task syz-executor125/8363

CPU: 1 PID: 8363 Comm: syz-executor125 Not tainted 5.11.0-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
 __dump_stack lib/dump_stack.c:79 [inline]
 dump_stack+0x125/0x19e lib/dump_stack.c:120
 print_address_description+0x5f/0x3a0 mm/kasan/report.c:232
 __kasan_report mm/kasan/report.c:399 [inline]
 kasan_report+0x15e/0x210 mm/kasan/report.c:416
 atomic_switch_perf_msrs arch/x86/kvm/vmx/vmx.c:6589 [inline]
 vmx_vcpu_run+0x497/0x1370 arch/x86/kvm/vmx/vmx.c:6756
 vcpu_enter_guest+0x2ed9/0x8f80 arch/x86/kvm/x86.c:9085
 vcpu_run+0x316/0xb70 arch/x86/kvm/x86.c:9236
 kvm_arch_vcpu_ioctl_run+0x4e8/0xa40 arch/x86/kvm/x86.c:9464
 kvm_vcpu_ioctl+0x62a/0xa30 arch/x86/kvm/../../../virt/kvm/kvm_main.c:3316
 vfs_ioctl fs/ioctl.c:48 [inline]
 __do_sys_ioctl fs/ioctl.c:753 [inline]
 __se_sys_ioctl+0xfb/0x170 fs/ioctl.c:739
 do_syscall_64+0x2d/0x70 arch/x86/entry/common.c:46
 entry_SYSCALL_64_after_hwframe+0x44/0xae
RIP: 0033:0x43eee9
Code: 28 c3 e8 2a 14 00 00 66 2e 0f 1f 84 00 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007ffc2d0737a8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
RAX: ffffffffffffffda RBX: 0000000000400488 RCX: 000000000043eee9
RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000005
RBP: 0000000000402ed0 R08: 0000000000400488 R09: 0000000000400488
R10: 0000000000400488 R11: 0000000000000246 R12: 0000000000402f60
R13: 0000000000000000 R14: 00000000004ac018 R15: 0000000000400488

The buggy address belongs to the variable:
 str__initcall__trace_system_name+0x11/0x40

Memory state around the buggy address:
 ffffffff899fff80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
 ffffffff89a00000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
>ffffffff89a00080: 00 00 00 00 00 00 00 00 00 00 00 00 00 01 f9 f9
                                                             ^
 ffffffff89a00100: f9 f9 f9 f9 07 f9 f9 f9 f9 f9 f9 f9 00 03 f9 f9
 ffffffff89a00180: f9 f9 f9 f9 00 06 f9 f9 f9 f9 f9 f9 00 00 00 00
==================================================================

Crashes (43427):
Manager Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Title
ci-upstream-kasan-gce-smack-root 2021/02/28 04:52 upstream 5695e5161974 4c37c133 .config log report syz C KASAN: global-out-of-bounds Read in vmx_vcpu_run
ci-upstream-kasan-gce-smack-root 2021/02/23 09:00 upstream a99163e9e708 c26fb06b .config log report syz C KASAN: global-out-of-bounds Read in vmx_vcpu_run
ci-upstream-kasan-gce-smack-root 2021/02/23 08:55 upstream a99163e9e708 c26fb06b .config log report syz C KASAN: global-out-of-bounds Read in vmx_vcpu_run
ci-qemu-upstream 2021/03/19 23:16 upstream 280d542f6ffa 3d01c4de .config log report info general protection fault in vmx_vcpu_run
ci-qemu-upstream 2021/03/19 22:06 upstream 280d542f6ffa 3d01c4de .config log report info general protection fault in vmx_vcpu_run
ci-qemu-upstream 2021/03/19 21:53 upstream 280d542f6ffa 3d01c4de .config log report info general protection fault in vmx_vcpu_run
ci-qemu-upstream 2021/03/15 23:24 upstream 280d542f6ffa fdb2bb2c .config log report info general protection fault in vmx_vcpu_run
ci-qemu-upstream 2021/03/15 20:00 upstream 280d542f6ffa fdb2bb2c .config log report info general protection fault in vmx_vcpu_run
ci-qemu-upstream 2021/03/15 18:46 upstream 280d542f6ffa fdb2bb2c .config log report info general protection fault in vmx_vcpu_run
ci-qemu-upstream 2021/03/15 15:20 upstream 280d542f6ffa fdb2bb2c .config log report info general protection fault in vmx_vcpu_run
ci-qemu-upstream 2021/03/15 14:14 upstream 280d542f6ffa cc1cff8f .config log report info general protection fault in vmx_vcpu_run
ci-qemu-upstream 2021/03/15 13:11 upstream 280d542f6ffa cc1cff8f .config log report info general protection fault in vmx_vcpu_run
ci-qemu-upstream 2021/03/15 10:45 upstream 280d542f6ffa cc1cff8f .config log report info general protection fault in vmx_vcpu_run
ci-qemu-upstream 2021/03/15 09:27 upstream 280d542f6ffa cc1cff8f .config log report info general protection fault in vmx_vcpu_run
ci-qemu-upstream 2021/03/15 08:19 upstream 280d542f6ffa cc1cff8f .config log report info general protection fault in vmx_vcpu_run
ci-qemu-upstream 2021/03/15 07:13 upstream 280d542f6ffa cc1cff8f .config log report info general protection fault in vmx_vcpu_run
ci-qemu-upstream 2021/03/15 06:07 upstream 280d542f6ffa cc1cff8f .config log report info general protection fault in vmx_vcpu_run
ci-upstream-kasan-gce 2021/03/14 18:46 upstream 88fe49249c99 4a003785 .config log report info general protection fault in vmx_vcpu_run
ci-upstream-kasan-gce 2021/03/14 18:25 upstream 88fe49249c99 4a003785 .config log report info general protection fault in vmx_vcpu_run
ci-upstream-kasan-gce 2021/03/14 17:51 upstream 88fe49249c99 4a003785 .config log report info general protection fault in vmx_vcpu_run
ci-upstream-kasan-gce 2021/03/14 17:18 upstream 88fe49249c99 4a003785 .config log report info general protection fault in vmx_vcpu_run
ci-upstream-kasan-gce 2021/03/14 16:47 upstream 88fe49249c99 4a003785 .config log report info general protection fault in vmx_vcpu_run
ci-qemu-upstream 2021/03/14 13:31 upstream 280d542f6ffa 4a003785 .config log report info general protection fault in vmx_vcpu_run
ci-upstream-kasan-gce-selinux-root 2021/03/13 16:20 upstream f296bfd5cd04 4a003785 .config log report info general protection fault in vmx_vcpu_run
ci-qemu-upstream-386 2021/03/20 00:36 upstream 280d542f6ffa 3d01c4de .config log report info general protection fault in vmx_vcpu_run
ci-qemu-upstream-386 2021/03/19 20:53 upstream 280d542f6ffa 3d01c4de .config log report info general protection fault in vmx_vcpu_run
ci-qemu-upstream-386 2021/03/19 17:28 upstream 280d542f6ffa 3d01c4de .config log report info general protection fault in vmx_vcpu_run
ci-qemu-upstream-386 2021/03/16 03:54 upstream 280d542f6ffa fdb2bb2c .config log report info general protection fault in vmx_vcpu_run
ci-qemu-upstream-386 2021/03/16 02:18 upstream 280d542f6ffa fdb2bb2c .config log report info general protection fault in vmx_vcpu_run
ci-qemu-upstream-386 2021/03/16 00:48 upstream 280d542f6ffa fdb2bb2c .config log report info general protection fault in vmx_vcpu_run
ci-qemu-upstream-386 2021/03/15 12:41 upstream 280d542f6ffa cc1cff8f .config log report info general protection fault in vmx_vcpu_run
ci-qemu-upstream-386 2021/03/15 11:18 upstream 280d542f6ffa cc1cff8f .config log report info general protection fault in vmx_vcpu_run
ci-qemu-upstream-386 2021/03/15 09:20 upstream 280d542f6ffa cc1cff8f .config log report info general protection fault in vmx_vcpu_run
ci-qemu-upstream-386 2021/03/15 07:08 upstream 280d542f6ffa cc1cff8f .config log report info general protection fault in vmx_vcpu_run
ci-qemu-upstream-386 2021/03/15 00:50 upstream 280d542f6ffa cc1cff8f .config log report info general protection fault in vmx_vcpu_run
ci-qemu-upstream-386 2021/03/14 15:25 upstream 280d542f6ffa 4a003785 .config log report info general protection fault in vmx_vcpu_run
ci-qemu-upstream-386 2021/03/14 14:50 upstream 280d542f6ffa 4a003785 .config log report info general protection fault in vmx_vcpu_run
ci-qemu-upstream-386 2021/03/14 14:25 upstream 280d542f6ffa 4a003785 .config log report info general protection fault in vmx_vcpu_run
ci-upstream-kasan-gce-386 2021/03/13 18:25 upstream f296bfd5cd04 4a003785 .config log report info general protection fault in vmx_vcpu_run
ci-upstream-linux-next-kasan-gce-root 2021/03/15 03:49 linux-next d98f554b318f cc1cff8f .config log report info general protection fault in vmx_vcpu_run
ci-upstream-linux-next-kasan-gce-root 2021/03/14 23:33 linux-next d98f554b318f cc1cff8f .config log report info general protection fault in vmx_vcpu_run
ci-upstream-linux-next-kasan-gce-root 2021/03/14 16:21 linux-next d98f554b318f 4a003785 .config log report info general protection fault in vmx_vcpu_run
ci-upstream-linux-next-kasan-gce-root 2021/03/14 16:01 linux-next d98f554b318f 4a003785 .config log report info general protection fault in vmx_vcpu_run
ci-upstream-linux-next-kasan-gce-root 2021/03/14 12:35 linux-next d98f554b318f 4a003785 .config log report info general protection fault in vmx_vcpu_run
ci-upstream-linux-next-kasan-gce-root 2021/03/14 12:31 linux-next d98f554b318f 4a003785 .config log report info general protection fault in vmx_vcpu_run
ci-upstream-linux-next-kasan-gce-root 2021/03/14 11:23 linux-next d98f554b318f 4a003785 .config log report info general protection fault in vmx_vcpu_run
ci-upstream-linux-next-kasan-gce-root 2021/03/14 10:59 linux-next d98f554b318f 4a003785 .config log report info general protection fault in vmx_vcpu_run
ci-upstream-linux-next-kasan-gce-root 2021/03/14 09:55 linux-next d98f554b318f 4a003785 .config log report info general protection fault in vmx_vcpu_run
ci-upstream-linux-next-kasan-gce-root 2021/03/14 09:00 linux-next d98f554b318f 4a003785 .config log report info general protection fault in vmx_vcpu_run
ci-upstream-linux-next-kasan-gce-root 2021/03/14 08:23 linux-next d98f554b318f 4a003785 .config log report info general protection fault in vmx_vcpu_run
ci-upstream-linux-next-kasan-gce-root 2021/03/14 07:09 linux-next d98f554b318f 4a003785 .config log report info general protection fault in vmx_vcpu_run
ci-upstream-linux-next-kasan-gce-root 2021/02/05 14:51 linux-next aa2b88209686 23a562df .config log report info general protection fault in vmx_vcpu_run
ci-upstream-linux-next-kasan-gce-root 2021/02/01 15:15 linux-next fd821bf0ed9a e6b95f32 .config log report info general protection fault in vmx_vcpu_run
ci-upstream-kasan-gce-smack-root 2021/03/14 21:31 upstream 88fe49249c99 cc1cff8f .config log report info KASAN: global-out-of-bounds Read in vmx_vcpu_run
ci-upstream-kasan-gce-smack-root 2021/03/14 19:12 upstream 88fe49249c99 cc1cff8f .config log report info KASAN: global-out-of-bounds Read in vmx_vcpu_run