kernel BUG at arch/x86/kvm/mmu.c:LINE! (2)

Title	Repro	Cause bisect	Fix bisect	Count	Last	Reported
KASAN: slab-out-of-bounds Read in handle_vmptrld kvm	C	done	error	6	1678d	1678d

done

error

1678d

Title	Replies (including bot)	Last reply
kernel BUG at arch/x86/kvm/mmu.c:LINE! (2)	1 (2)	2019/11/08 19:42

Title

Replies (including bot)

Last reply

kernel BUG at arch/x86/kvm/mmu.c:LINE! (2)

1 (2)

2019/11/08 19:42

Kernel	Title	Repro	Cause bisect	Fix bisect	Count	Last	Reported	Patched	Status
linux-4.19	kernel BUG at arch/x86/kvm/mmu.c:LINE!	C	done	error	12	972d	1621d	0/1	upstream: reported C repro on 2019/11/07 21:27
linux-4.14	kernel BUG at arch/x86/kvm/mmu.c:LINE!	C			4	1351d	1621d	0/1	upstream: reported C repro on 2019/11/07 23:54
upstream	kernel BUG at arch/x86/kvm/mmu.c:LINE! kvm	C			695	2240d	2357d	4/26	fixed on 2018/03/06 13:29

L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details. ------------[ cut here ]------------ kernel BUG at arch/x86/kvm/mmu.c:3324! invalid opcode: 0000 [#1] PREEMPT SMP KASAN CPU: 1 PID: 9398 Comm: syz-executor266 Not tainted 5.4.0-rc7+ #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 RIP: 0010:transparent_hugepage_adjust+0x490/0x530 arch/x86/kvm/mmu.c:3324 Code: 63 00 48 8b 45 b8 48 83 e8 01 e9 19 fd ff ff e8 e6 3e 63 00 48 8b 45 b8 48 83 e8 01 48 89 45 c8 e9 a1 fd ff ff e8 d0 3e 63 00 <0f> 0b 48 89 df e8 36 a1 9e 00 e9 9f fb ff ff 4c 89 ff e8 29 a1 9e RSP: 0018:ffff8880942f7690 EFLAGS: 00010293 RAX: ffff888093148500 RBX: ffff8880942f7778 RCX: ffffffff810fe787 RDX: 0000000000000000 RSI: ffffffff810fe8c0 RDI: 0000000000000007 RBP: ffff8880942f76d8 R08: ffff888093148500 R09: ffffed1014809682 R10: ffffed1014809681 R11: ffff8880a404b40b R12: ffff8880942f7768 R13: 00000000000001a3 R14: 000000000008aba1 R15: 0000000000000000 FS: 000000000202d880(0000) GS:ffff8880ae900000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 0000000000000000 CR3: 00000000a9270000 CR4: 00000000001426e0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: tdp_page_fault+0x56e/0x650 arch/x86/kvm/mmu.c:4216 kvm_mmu_page_fault+0x1dd/0x1800 arch/x86/kvm/mmu.c:5439 handle_ept_violation+0x259/0x560 arch/x86/kvm/vmx/vmx.c:5185 vmx_handle_exit+0x29f/0x1730 arch/x86/kvm/vmx/vmx.c:5929 vcpu_enter_guest arch/x86/kvm/x86.c:8227 [inline] vcpu_run arch/x86/kvm/x86.c:8291 [inline] kvm_arch_vcpu_ioctl_run+0x1cb8/0x70d0 arch/x86/kvm/x86.c:8498 kvm_vcpu_ioctl+0x4dc/0xfc0 arch/x86/kvm/../../../virt/kvm/kvm_main.c:2772 vfs_ioctl fs/ioctl.c:46 [inline] file_ioctl fs/ioctl.c:509 [inline] do_vfs_ioctl+0xdb6/0x13e0 fs/ioctl.c:696 ksys_ioctl+0xab/0xd0 fs/ioctl.c:713 __do_sys_ioctl fs/ioctl.c:720 [inline] __se_sys_ioctl fs/ioctl.c:718 [inline] __x64_sys_ioctl+0x73/0xb0 fs/ioctl.c:718 do_syscall_64+0xfa/0x760 arch/x86/entry/common.c:290 entry_SYSCALL_64_after_hwframe+0x49/0xbe RIP: 0033:0x443f49 Code: 18 89 d0 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b d8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 RSP: 002b:00007ffd76f8f418 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 RAX: ffffffffffffffda RBX: 00000000004002e0 RCX: 0000000000443f49 RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000006 RBP: 00000000006ce018 R08: 00000000004002e0 R09: 00000000004002e0 R10: 00000000004002e0 R11: 0000000000000246 R12: 0000000000401c50 R13: 0000000000401ce0 R14: 0000000000000000 R15: 0000000000000000 Modules linked in: ---[ end trace a620bbd2bf29c775 ]--- RIP: 0010:transparent_hugepage_adjust+0x490/0x530 arch/x86/kvm/mmu.c:3324 Code: 63 00 48 8b 45 b8 48 83 e8 01 e9 19 fd ff ff e8 e6 3e 63 00 48 8b 45 b8 48 83 e8 01 48 89 45 c8 e9 a1 fd ff ff e8 d0 3e 63 00 <0f> 0b 48 89 df e8 36 a1 9e 00 e9 9f fb ff ff 4c 89 ff e8 29 a1 9e RSP: 0018:ffff8880942f7690 EFLAGS: 00010293 RAX: ffff888093148500 RBX: ffff8880942f7778 RCX: ffffffff810fe787 RDX: 0000000000000000 RSI: ffffffff810fe8c0 RDI: 0000000000000007 RBP: ffff8880942f76d8 R08: ffff888093148500 R09: ffffed1014809682 R10: ffffed1014809681 R11: ffff8880a404b40b R12: ffff8880942f7768 R13: 00000000000001a3 R14: 000000000008aba1 R15: 0000000000000000 FS: 000000000202d880(0000) GS:ffff8880ae900000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 0000000000000000 CR3: 00000000a9270000 CR4: 00000000001426e0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400

Crashes (5):
Time	Kernel	Commit	Syzkaller	Config	Log	Report	Syz repro	C repro	Manager
2019/11/13 07:46	upstream	100d46bd72ec	048f2d49	.config	console log	report	syz	C	ci-upstream-kasan-gce-selinux-root
2019/11/10 16:31	upstream	00aff6836241	dc438b91	.config	console log	report	syz	C	ci-upstream-kasan-gce-smack-root
2019/11/09 10:06	upstream	6737e7634951	dc438b91	.config	console log	report	syz	C	ci-upstream-kasan-gce-root
2019/11/08 01:06	upstream	847120f859cc	f39aff9e	.config	console log	report	syz	C	ci-upstream-kasan-gce
2019/11/09 20:13	upstream	0058b0a506e4	dc438b91	.config	console log	report	syz	C	ci-upstream-kasan-gce-386

Crashes (5):

Assets (help?)