general protection fault in kvm_pv_send

general protection fault in kvm_pv_send_ipi
Status: upstream: reported syz repro on 2018/08/29 10:00
Reported-by: syzbot+86c0a866f80d88349f1f@syzkaller.appspotmail.com
First crash: 1120d, last: 1016d

Cause bisection: introduced by (bisect log) :
commit 653cd284a8a857ddfcf24f5bc3bd204a229f6c9f
Author: Vlad Buslov <vladbu@mellanox.com>
Date: Tue Aug 14 18:46:16 2018 +0000

net: sched: always disable bh when taking tcf_lock

Crash: INFO: rcu detected stall in kvm_vcpu_ioctl (log)
Repro: syz .config

Fix bisection: fixed by (bisect log) [no-op commit]:
commit d55bda1b3e7c5a87f10da54fdda866a9a9cef30b
Author: Christian Hoff <christian_hoff@gmx.net>
Date: Mon Nov 12 19:11:29 2018 +0000

Input: matrix_keypad - check for errors from of_get_named_gpio()

Sample crash report:

IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
8021q: adding VLAN 0 to HW filter on device team0
L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/l1tf.html for details.
kasan: CONFIG_KASAN_INLINE enabled
kasan: GPF could be caused by NULL-ptr deref or user memory access
general protection fault: 0000 [#1] PREEMPT SMP KASAN
CPU: 0 PID: 5556 Comm: syz-executor0 Not tainted 4.19.0-rc8+ #285
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
RIP: 0010:kvm_pv_send_ipi+0x364/0xdd0 arch/x86/kvm/lapic.c:574
Code: 45 84 ed 0f 84 da 07 00 00 e8 58 ad 65 00 48 8d 4b 14 48 b8 00 00 00 00 00 fc ff df 48 89 ca 48 89 8d 70 fe ff ff 48 c1 ea 03 <0f> b6 14 02 48 89 c8 83 e0 07 83 c0 03 38 d0 7c 08 84 d2 0f 85 f5
RSP: 0018:ffff8801b92a7028 EFLAGS: 00010203
RAX: dffffc0000000000 RBX: 0000000000000000 RCX: 0000000000000014
RDX: 0000000000000002 RSI: ffffffff8118fbf8 RDI: 0000000000000005
RBP: ffff8801b92a71c8 R08: ffff8801b91f6080 R09: 1ffffffff1273955
R10: ffffed003b5c4732 R11: ffff8801dae23993 R12: ffff8801b92a71a0
R13: 0000000000000001 R14: 0000000000000000 R15: ffff8801b92a7120
FS:  00007f3e3bdc6700(0000) GS:ffff8801dae00000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000000000000000 CR3: 00000001cbf3f000 CR4: 00000000001426f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
 kvm_emulate_hypercall+0xa1a/0xf20 arch/x86/kvm/x86.c:6869
 handle_vmcall+0x15/0x20 arch/x86/kvm/vmx.c:7487
 vmx_handle_exit+0x2f7/0x17e0 arch/x86/kvm/vmx.c:10128
 vcpu_enter_guest+0x14a9/0x6380 arch/x86/kvm/x86.c:7667
 vcpu_run arch/x86/kvm/x86.c:7730 [inline]
 kvm_arch_vcpu_ioctl_run+0x375/0x16e0 arch/x86/kvm/x86.c:7930
 kvm_vcpu_ioctl+0x72b/0x1150 arch/x86/kvm/../../../virt/kvm/kvm_main.c:2590
 vfs_ioctl fs/ioctl.c:46 [inline]
 file_ioctl fs/ioctl.c:501 [inline]
 do_vfs_ioctl+0x1de/0x1720 fs/ioctl.c:685
 ksys_ioctl+0xa9/0xd0 fs/ioctl.c:702
 __do_sys_ioctl fs/ioctl.c:709 [inline]
 __se_sys_ioctl fs/ioctl.c:707 [inline]
 __x64_sys_ioctl+0x73/0xb0 fs/ioctl.c:707
 do_syscall_64+0x1b9/0x820 arch/x86/entry/common.c:290
 entry_SYSCALL_64_after_hwframe+0x49/0xbe
RIP: 0033:0x457569
Code: fd b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00
RSP: 002b:00007f3e3bdc5c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000457569
RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000007
RBP: 000000000072bfa0 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 00007f3e3bdc66d4
R13: 00000000004c0027 R14: 00000000004d0108 R15: 00000000ffffffff
Modules linked in:
kobject: 'kvm' (00000000af64627b): kobject_uevent_env
kobject: 'kvm' (00000000af64627b): fill_kobj_path: path = '/devices/virtual/misc/kvm'
---[ end trace dd36b70cd0d7584f ]---
RIP: 0010:kvm_pv_send_ipi+0x364/0xdd0 arch/x86/kvm/lapic.c:574
Code: 45 84 ed 0f 84 da 07 00 00 e8 58 ad 65 00 48 8d 4b 14 48 b8 00 00 00 00 00 fc ff df 48 89 ca 48 89 8d 70 fe ff ff 48 c1 ea 03 <0f> b6 14 02 48 89 c8 83 e0 07 83 c0 03 38 d0 7c 08 84 d2 0f 85 f5
RSP: 0018:ffff8801b92a7028 EFLAGS: 00010203
RAX: dffffc0000000000 RBX: 0000000000000000 RCX: 0000000000000014
RDX: 0000000000000002 RSI: ffffffff8118fbf8 RDI: 0000000000000005
RBP: ffff8801b92a71c8 R08: ffff8801b91f6080 R09: 1ffffffff1273955
R10: ffffed003b5c4732 R11: ffff8801dae23993 R12: ffff8801b92a71a0
R13: 0000000000000001 R14: 0000000000000000 R15: ffff8801b92a7120
FS:  00007f3e3bdc6700(0000) GS:ffff8801daf00000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007fbf0b287000 CR3: 00000001cbf3f000 CR4: 00000000001426e0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400

Crashes (170):
Manager	Time	Kernel	Commit	Syzkaller	Config	Log	Report	Syz repro
ci-upstream-kasan-gce-root	2018/10/16 15:28	upstream	f0a7d1883d9f	1ba7fd7e	.config	log	report	syz
ci-upstream-kasan-gce-smack-root	2018/10/16 15:02	upstream	f0a7d1883d9f	1ba7fd7e	.config	log	report	syz
ci-upstream-kasan-gce	2018/10/16 15:00	upstream	f0a7d1883d9f	1ba7fd7e	.config	log	report	syz
ci-upstream-kasan-gce-selinux-root	2018/10/16 14:25	upstream	f0a7d1883d9f	1ba7fd7e	.config	log	report	syz
ci-upstream-kasan-gce-smack-root	2018/09/12 01:16	upstream	11da3a7f84f1	4ae17b1f	.config	log	report	syz
ci-upstream-kasan-gce-smack-root	2018/09/12 00:30	upstream	11da3a7f84f1	4ae17b1f	.config	log	report	syz
ci-upstream-kasan-gce-smack-root	2018/09/12 00:01	upstream	11da3a7f84f1	4ae17b1f	.config	log	report	syz
ci-upstream-kasan-gce-root	2018/09/11 10:06	upstream	11da3a7f84f1	8c88323f	.config	log	report	syz
ci-upstream-kasan-gce-root	2018/09/11 09:10	upstream	11da3a7f84f1	8c88323f	.config	log	report	syz
ci-upstream-kasan-gce-selinux-root	2018/09/10 23:05	upstream	11da3a7f84f1	f167cb6b	.config	log	report	syz
ci-upstream-kasan-gce-selinux-root	2018/09/10 22:31	upstream	11da3a7f84f1	f167cb6b	.config	log	report	syz
ci-upstream-kasan-gce	2018/09/10 10:56	upstream	11da3a7f84f1	6b5120a4	.config	log	report	syz
ci-upstream-kasan-gce	2018/09/10 05:39	upstream	9a5682765a2e	6b5120a4	.config	log	report	syz
ci-upstream-kasan-gce-selinux-root	2018/09/09 10:51	upstream	f8f65382c98a	6b5120a4	.config	log	report	syz
ci-upstream-kasan-gce	2018/09/09 07:09	upstream	f8f65382c98a	6b5120a4	.config	log	report	syz
ci-upstream-kasan-gce-root	2018/09/09 06:48	upstream	f8f65382c98a	6b5120a4	.config	log	report	syz
ci-upstream-kasan-gce-selinux-root	2018/09/06 01:02	upstream	b36fdc6853a3	873745f2	.config	log	report	syz
ci-upstream-kasan-gce	2018/09/05 22:58	upstream	0e9b10395018	196410e4	.config	log	report	syz
ci-upstream-kasan-gce-root	2018/09/05 22:29	upstream	0e9b10395018	196410e4	.config	log	report	syz
ci-upstream-kasan-gce	2018/08/31 23:52	upstream	420f51f4ab6b	a4718693	.config	log	report	syz
ci-upstream-kasan-gce-root	2018/08/25 13:00	upstream	051935978432	9be5aa1d	.config	log	report	syz
ci-upstream-kasan-gce	2018/08/25 12:39	upstream	051935978432	9be5aa1d	.config	log	report	syz
ci-upstream-linux-next-kasan-gce-root	2018/10/16 17:27	linux-next	6d5d82417dd6	1ba7fd7e	.config	log	report	syz
ci-upstream-linux-next-kasan-gce-root	2018/09/05 22:56	linux-next	f2b6e66e9885	196410e4	.config	log	report	syz
ci-upstream-linux-next-kasan-gce-root	2018/08/31 10:36	linux-next	a880148cb2af	a4718693	.config	log	report	syz
ci-upstream-linux-next-kasan-gce-root	2018/08/26 09:16	linux-next	e27bc174c9c6	758cd203	.config	log	report	syz
ci-upstream-kasan-gce-root	2018/11/27 04:28	upstream	6f8b52ba442c	ac912200	.config	log	report
ci-upstream-kasan-gce-root	2018/11/26 02:30	upstream	d6d460b89378	3d3ec907	.config	log	report
ci-upstream-kasan-gce-smack-root	2018/11/24 11:35	upstream	7c98a4261827	ecc7c870	.config	log	report
ci-upstream-kasan-gce-selinux-root	2018/11/24 00:42	upstream	e6005d3c4233	eb9ed731	.config	log	report
ci-upstream-kasan-gce-smack-root	2018/11/22 21:44	upstream	edeca3a769ad	87815d9d	.config	log	report
ci-upstream-kasan-gce	2018/11/22 10:16	upstream	92b419289cee	2ee77802	.config	log	report
ci-upstream-kasan-gce-smack-root	2018/11/22 02:01	upstream	92b419289cee	9db828b5	.config	log	report
ci-upstream-kasan-gce-root	2018/11/21 14:22	upstream	c8ce94b8fe53	5d9a3924	.config	log	report
ci-upstream-kasan-gce-smack-root	2018/11/21 03:20	upstream	06e68fed3282	9aca6b52	.config	log	report
ci-upstream-kasan-gce-selinux-root	2018/11/20 18:50	upstream	06e68fed3282	9aca6b52	.config	log	report
ci-upstream-kasan-gce-root	2018/11/20 10:05	upstream	f2ce1065e767	9bc2a903	.config	log	report
ci-upstream-kasan-gce-smack-root	2018/11/20 06:35	upstream	f2ce1065e767	9bc2a903	.config	log	report
ci-upstream-kasan-gce	2018/11/19 17:28	upstream	9ff01193a20d	adf636a8	.config	log	report
ci-upstream-kasan-gce-smack-root	2018/11/19 06:53	upstream	c67a98c00ea3	adf636a8	.config	log	report
ci-upstream-kasan-gce-root	2018/11/19 05:44	upstream	c67a98c00ea3	adf636a8	.config	log	report
ci-upstream-kasan-gce-selinux-root	2018/11/18 22:53	upstream	c67a98c00ea3	adf636a8	.config	log	report
ci-upstream-kasan-gce	2018/11/18 11:14	upstream	1ce80e0fe98e	adf636a8	.config	log	report
ci-upstream-kasan-gce-selinux-root	2018/11/17 14:12	upstream	1ce80e0fe98e	b08ee62a	.config	log	report
ci-upstream-kasan-gce-selinux-root	2018/11/16 02:36	upstream	da5322e65940	3a41052e	.config	log	report
ci-upstream-kasan-gce-smack-root	2018/11/15 09:32	upstream	d41217aac0a5	5f5f6d14	.config	log	report
ci-upstream-kasan-gce	2018/11/14 09:10	upstream	ccda4af0f4b9	5f5f6d14	.config	log	report
ci-upstream-kasan-gce	2018/11/13 12:23	upstream	ccda4af0f4b9	5f5f6d14	.config	log	report
ci-upstream-kasan-gce-smack-root	2018/11/12 16:37	upstream	ccda4af0f4b9	7b5f8621	.config	log	report
ci-upstream-kasan-gce	2018/11/11 13:38	upstream	e255aee5b66c	f3c4e618	.config	log	report
ci-upstream-kasan-gce-root	2018/11/11 04:47	upstream	ab6e1f378f54	f3c4e618	.config	log	report
ci-upstream-kasan-gce	2018/11/10 04:34	upstream	3541833fd1f2	f9815aaf	.config	log	report
ci-upstream-kasan-gce-selinux-root	2018/11/09 23:08	upstream	3541833fd1f2	f9815aaf	.config	log	report
ci-upstream-kasan-gce-selinux-root	2018/11/09 20:38	upstream	3541833fd1f2	f9815aaf	.config	log	report
ci-upstream-kasan-gce-root	2018/11/08 18:39	upstream	85758777c2a2	e85d2a61	.config	log	report
ci-upstream-kasan-gce-selinux-root	2018/11/08 14:52	upstream	85758777c2a2	e85d2a61	.config	log	report
ci-upstream-kasan-gce-selinux-root	2018/11/08 00:33	upstream	e09d51adfbb1	e85d2a61	.config	log	report
ci-upstream-kasan-gce-smack-root	2018/11/07 02:53	upstream	8053e5b93eca	8bd6bd63	.config	log	report
ci-upstream-kasan-gce	2018/11/06 16:23	upstream	163c8d54a997	8bd6bd63	.config	log	report
ci-upstream-kasan-gce	2018/11/04 08:28	upstream	d2ff0ff2c23f	8bd6bd63	.config	log	report
ci-upstream-kasan-gce	2018/11/04 04:41	upstream	d2ff0ff2c23f	8bd6bd63	.config	log	report
ci-upstream-kasan-gce-smack-root	2018/11/04 02:16	upstream	d2ff0ff2c23f	8bd6bd63	.config	log	report
ci-upstream-kasan-gce-smack-root	2018/11/03 01:09	upstream	d81f50bd3464	8bd6bd63	.config	log	report
ci-upstream-kasan-gce	2018/08/25 08:52	upstream	051935978432	9be5aa1d	.config	log	report
ci-upstream-linux-next-kasan-gce-root	2018/12/06 17:12	linux-next	442b8cea2477	3ab38479	.config	log	report
ci-upstream-linux-next-kasan-gce-root	2018/12/05 09:53	linux-next	442b8cea2477	f162ad97	.config	log	report
ci-upstream-linux-next-kasan-gce-root	2018/12/04 21:06	linux-next	442b8cea2477	6ad0ae61	.config	log	report
ci-upstream-linux-next-kasan-gce-root	2018/12/03 08:29	linux-next	442b8cea2477	7dcaeaf3	.config	log	report
ci-upstream-linux-next-kasan-gce-root	2018/12/02 12:36	linux-next	442b8cea2477	e0d8c853	.config	log	report
ci-upstream-linux-next-kasan-gce-root	2018/11/29 06:22	linux-next	442b8cea2477	4b6d14f2	.config	log	report
ci-upstream-linux-next-kasan-gce-root	2018/11/27 08:18	linux-next	442b8cea2477	ac912200	.config	log	report
ci-upstream-linux-next-kasan-gce-root	2018/11/22 12:44	linux-next	442b8cea2477	2ee77802	.config	log	report
ci-upstream-linux-next-kasan-gce-root	2018/11/22 06:51	linux-next	442b8cea2477	9db828b5	.config	log	report
ci-upstream-linux-next-kasan-gce-root	2018/11/19 19:47	linux-next	442b8cea2477	adf636a8	.config	log	report
ci-upstream-linux-next-kasan-gce-root	2018/11/12 23:42	linux-next	442b8cea2477	74dbb806	.config	log	report
ci-upstream-linux-next-kasan-gce-root	2018/11/07 20:36	linux-next	d881de30d29e	e85d2a61	.config	log	report
ci-upstream-linux-next-kasan-gce-root	2018/11/05 20:06	linux-next	55e5059cb572	8bd6bd63	.config	log	report
ci-upstream-linux-next-kasan-gce-root	2018/11/04 18:35	linux-next	25e9471b6a27	8bd6bd63	.config	log	report
ci-upstream-linux-next-kasan-gce-root	2018/11/03 22:48	linux-next	25e9471b6a27	8bd6bd63	.config	log	report
ci-upstream-linux-next-kasan-gce-root	2018/11/03 14:59	linux-next	25e9471b6a27	8bd6bd63	.config	log	report