general protection fault in kvm_pv_send

[upstream] general protection fault in kvm_pv_send_ipi
Status: upstream: reported syz repro on 2018/08/29 10:00
Reported-by: syzbot+86c0a866f80d88349f1f@syzkaller.appspotmail.com
First: 25d, last: 1d03h

Sample crash report:

IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
8021q: adding VLAN 0 to HW filter on device team0
L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/l1tf.html for details.
kasan: CONFIG_KASAN_INLINE enabled
kasan: GPF could be caused by NULL-ptr deref or user memory access
general protection fault: 0000 [#1] SMP KASAN
CPU: 0 PID: 4743 Comm: syz-executor0 Not tainted 4.18.0+ #207
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
RIP: 0010:kvm_pv_send_ipi+0x582/0xaf0 arch/x86/kvm/lapic.c:582
Code: e0 07 83 c0 01 88 85 97 fe ff ff e8 48 0d 64 00 8b 85 b0 fe ff ff 44 01 e0 48 98 49 8d bc c7 18 02 00 00 48 89 fa 48 c1 ea 03 <42> 80 3c 32 00 0f 85 ed 03 00 00 49 8b 84 c7 18 02 00 00 48 8d b8
RSP: 0018:ffff8801d8bff028 EFLAGS: 00010206
RAX: 000000000000002f RBX: ffff8801d8bff190 RCX: ffffffff8118b074
RDX: 0000000000000072 RSI: ffffffff8118b0b8 RDI: 0000000000000390
RBP: ffff8801d8bff1b8 R08: ffff8801d8952640 R09: ffffed003b6046d6
R10: ffffed003b6046d6 R11: ffff8801db0236b3 R12: 000000000000000f
R13: ffff8801d8bff110 R14: dffffc0000000000 R15: 0000000000000000
FS:  0000000000fc0940(0000) GS:ffff8801db000000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000000000000000 CR3: 00000001bed89000 CR4: 00000000001426f0
Call Trace:
 kvm_emulate_hypercall+0x9d7/0xea0 arch/x86/kvm/x86.c:6838
 handle_vmcall+0x15/0x20 arch/x86/kvm/vmx.c:7478
 vmx_handle_exit+0x2dd/0x1760 arch/x86/kvm/vmx.c:10115
 vcpu_enter_guest+0x143c/0x61a0 arch/x86/kvm/x86.c:7630
 vcpu_run arch/x86/kvm/x86.c:7693 [inline]
 kvm_arch_vcpu_ioctl_run+0x373/0x16d0 arch/x86/kvm/x86.c:7870
 kvm_vcpu_ioctl+0x7b8/0x1280 arch/x86/kvm/../../../virt/kvm/kvm_main.c:2590
 vfs_ioctl fs/ioctl.c:46 [inline]
 file_ioctl fs/ioctl.c:501 [inline]
 do_vfs_ioctl+0x1de/0x1720 fs/ioctl.c:685
 ksys_ioctl+0xa9/0xd0 fs/ioctl.c:702
 __do_sys_ioctl fs/ioctl.c:709 [inline]
 __se_sys_ioctl fs/ioctl.c:707 [inline]
 __x64_sys_ioctl+0x73/0xb0 fs/ioctl.c:707
 do_syscall_64+0x1b9/0x820 arch/x86/entry/common.c:290
 entry_SYSCALL_64_after_hwframe+0x49/0xbe
RIP: 0033:0x457089
Code: fd b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00
RSP: 002b:00007fff3ceb8998 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
RAX: ffffffffffffffda RBX: 0000000000fc0914 RCX: 0000000000457089
RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000005
RBP: 00000000009300a0 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff
R13: 00000000004cedf0 R14: 00000000004c54c9 R15: 0000000000000000
Modules linked in:
Dumping ftrace buffer:
   (ftrace buffer empty)
---[ end trace c38044fa919274d9 ]---
RIP: 0010:kvm_pv_send_ipi+0x582/0xaf0 arch/x86/kvm/lapic.c:582
Code: e0 07 83 c0 01 88 85 97 fe ff ff e8 48 0d 64 00 8b 85 b0 fe ff ff 44 01 e0 48 98 49 8d bc c7 18 02 00 00 48 89 fa 48 c1 ea 03 <42> 80 3c 32 00 0f 85 ed 03 00 00 49 8b 84 c7 18 02 00 00 48 8d b8
RSP: 0018:ffff8801d8bff028 EFLAGS: 00010206
RAX: 000000000000002f RBX: ffff8801d8bff190 RCX: ffffffff8118b074
RDX: 0000000000000072 RSI: ffffffff8118b0b8 RDI: 0000000000000390
RBP: ffff8801d8bff1b8 R08: ffff8801d8952640 R09: ffffed003b6046d6
R10: ffffed003b6046d6 R11: ffff8801db0236b3 R12: 000000000000000f
R13: ffff8801d8bff110 R14: dffffc0000000000 R15: 0000000000000000
FS:  0000000000fc0940(0000) GS:ffff8801db000000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000000000000000 CR3: 00000001bed89000 CR4: 00000000001426f0

All crashes (36):
Manager	Time	Kernel	Commit	Syzkaller	Config	Log	Report	Syz repro	Maintainers
ci-upstream-kasan-gce	2018/08/25 12:39	upstream	0519359784328bfa92bf0931bf0cff3b58c16932	9be5aa1d051dea559961cb42d3fa750ca40e2d5e	.config	log	report	syz	["hpa@zytor.com" "kvm@vger.kernel.org" "linux-kernel@vger.kernel.org" "mingo@redhat.com" "pbonzini@redhat.com" "rkrcmar@redhat.com" "tglx@linutronix.de" "x86@kernel.org"]
ci-upstream-kasan-gce-smack-root	2018/09/12 01:16	upstream	11da3a7f84f19c26da6f86af878298694ede0804	4ae17b1f4c91cfe2de0b2b51b67622dd0ac366af	.config	log	report	syz	["hpa@zytor.com" "kvm@vger.kernel.org" "linux-kernel@vger.kernel.org" "mingo@redhat.com" "pbonzini@redhat.com" "rkrcmar@redhat.com" "tglx@linutronix.de" "x86@kernel.org"]
ci-upstream-kasan-gce-smack-root	2018/09/12 00:30	upstream	11da3a7f84f19c26da6f86af878298694ede0804	4ae17b1f4c91cfe2de0b2b51b67622dd0ac366af	.config	log	report	syz	["hpa@zytor.com" "kvm@vger.kernel.org" "linux-kernel@vger.kernel.org" "mingo@redhat.com" "pbonzini@redhat.com" "rkrcmar@redhat.com" "tglx@linutronix.de" "x86@kernel.org"]
ci-upstream-kasan-gce-smack-root	2018/09/12 00:01	upstream	11da3a7f84f19c26da6f86af878298694ede0804	4ae17b1f4c91cfe2de0b2b51b67622dd0ac366af	.config	log	report	syz	["hpa@zytor.com" "kvm@vger.kernel.org" "linux-kernel@vger.kernel.org" "mingo@redhat.com" "pbonzini@redhat.com" "rkrcmar@redhat.com" "tglx@linutronix.de" "x86@kernel.org"]
ci-upstream-kasan-gce-root	2018/09/11 10:06	upstream	11da3a7f84f19c26da6f86af878298694ede0804	8c88323f946850a91f696f8608dd2137247191b3	.config	log	report	syz	["hpa@zytor.com" "kvm@vger.kernel.org" "linux-kernel@vger.kernel.org" "mingo@redhat.com" "pbonzini@redhat.com" "rkrcmar@redhat.com" "tglx@linutronix.de" "x86@kernel.org"]
ci-upstream-kasan-gce-root	2018/09/11 09:10	upstream	11da3a7f84f19c26da6f86af878298694ede0804	8c88323f946850a91f696f8608dd2137247191b3	.config	log	report	syz	["hpa@zytor.com" "kvm@vger.kernel.org" "linux-kernel@vger.kernel.org" "mingo@redhat.com" "pbonzini@redhat.com" "rkrcmar@redhat.com" "tglx@linutronix.de" "x86@kernel.org"]
ci-upstream-kasan-gce-selinux-root	2018/09/10 23:05	upstream	11da3a7f84f19c26da6f86af878298694ede0804	f167cb6b0957d34f95b1067525aa87083f264035	.config	log	report	syz	["hpa@zytor.com" "kvm@vger.kernel.org" "linux-kernel@vger.kernel.org" "mingo@redhat.com" "pbonzini@redhat.com" "rkrcmar@redhat.com" "tglx@linutronix.de" "x86@kernel.org"]
ci-upstream-kasan-gce-selinux-root	2018/09/10 22:31	upstream	11da3a7f84f19c26da6f86af878298694ede0804	f167cb6b0957d34f95b1067525aa87083f264035	.config	log	report	syz	["hpa@zytor.com" "kvm@vger.kernel.org" "linux-kernel@vger.kernel.org" "mingo@redhat.com" "pbonzini@redhat.com" "rkrcmar@redhat.com" "tglx@linutronix.de" "x86@kernel.org"]
ci-upstream-kasan-gce	2018/09/10 10:56	upstream	11da3a7f84f19c26da6f86af878298694ede0804	6b5120a46407f0462e664e15fed3eae5da951c75	.config	log	report	syz	["hpa@zytor.com" "kvm@vger.kernel.org" "linux-kernel@vger.kernel.org" "mingo@redhat.com" "pbonzini@redhat.com" "rkrcmar@redhat.com" "tglx@linutronix.de" "x86@kernel.org"]
ci-upstream-kasan-gce	2018/09/10 05:39	upstream	9a5682765a2e5f93cf2fe7b612b8072b18f0c68a	6b5120a46407f0462e664e15fed3eae5da951c75	.config	log	report	syz	["hpa@zytor.com" "kvm@vger.kernel.org" "linux-kernel@vger.kernel.org" "mingo@redhat.com" "pbonzini@redhat.com" "rkrcmar@redhat.com" "tglx@linutronix.de" "x86@kernel.org"]
ci-upstream-kasan-gce-selinux-root	2018/09/09 10:51	upstream	f8f65382c98a28e3c2b20df9dd4231dca5a11682	6b5120a46407f0462e664e15fed3eae5da951c75	.config	log	report	syz	["hpa@zytor.com" "kvm@vger.kernel.org" "linux-kernel@vger.kernel.org" "mingo@redhat.com" "pbonzini@redhat.com" "rkrcmar@redhat.com" "tglx@linutronix.de" "x86@kernel.org"]
ci-upstream-kasan-gce	2018/09/09 07:09	upstream	f8f65382c98a28e3c2b20df9dd4231dca5a11682	6b5120a46407f0462e664e15fed3eae5da951c75	.config	log	report	syz	["hpa@zytor.com" "kvm@vger.kernel.org" "linux-kernel@vger.kernel.org" "mingo@redhat.com" "pbonzini@redhat.com" "rkrcmar@redhat.com" "tglx@linutronix.de" "x86@kernel.org"]
ci-upstream-kasan-gce-root	2018/09/09 06:48	upstream	f8f65382c98a28e3c2b20df9dd4231dca5a11682	6b5120a46407f0462e664e15fed3eae5da951c75	.config	log	report	syz	["hpa@zytor.com" "kvm@vger.kernel.org" "linux-kernel@vger.kernel.org" "mingo@redhat.com" "pbonzini@redhat.com" "rkrcmar@redhat.com" "tglx@linutronix.de" "x86@kernel.org"]
ci-upstream-kasan-gce-selinux-root	2018/09/06 01:02	upstream	b36fdc6853a38a6f8749897a33435635019e0647	873745f2ff183dcbc303a504683ccaa3a472a635	.config	log	report	syz	["hpa@zytor.com" "kvm@vger.kernel.org" "linux-kernel@vger.kernel.org" "mingo@redhat.com" "pbonzini@redhat.com" "rkrcmar@redhat.com" "tglx@linutronix.de" "x86@kernel.org"]
ci-upstream-kasan-gce	2018/09/05 22:58	upstream	0e9b10395018ab78bf6bffcb9561a703c7f82cee	196410e4f5665d4d2bf6c818d06f1c8d03cfa8cc	.config	log	report	syz	["hpa@zytor.com" "kvm@vger.kernel.org" "linux-kernel@vger.kernel.org" "mingo@redhat.com" "pbonzini@redhat.com" "rkrcmar@redhat.com" "tglx@linutronix.de" "x86@kernel.org"]
ci-upstream-kasan-gce-root	2018/09/05 22:29	upstream	0e9b10395018ab78bf6bffcb9561a703c7f82cee	196410e4f5665d4d2bf6c818d06f1c8d03cfa8cc	.config	log	report	syz	["hpa@zytor.com" "kvm@vger.kernel.org" "linux-kernel@vger.kernel.org" "mingo@redhat.com" "pbonzini@redhat.com" "rkrcmar@redhat.com" "tglx@linutronix.de" "x86@kernel.org"]
ci-upstream-kasan-gce	2018/08/31 23:52	upstream	420f51f4ab6bce6e580390729fadb89c31123636	a4718693a3d9fcabb02299b2ec07c19d8208c539	.config	log	report	syz	["hpa@zytor.com" "kvm@vger.kernel.org" "linux-kernel@vger.kernel.org" "mingo@redhat.com" "pbonzini@redhat.com" "rkrcmar@redhat.com" "tglx@linutronix.de" "x86@kernel.org"]
ci-upstream-kasan-gce-root	2018/08/25 13:00	upstream	0519359784328bfa92bf0931bf0cff3b58c16932	9be5aa1d051dea559961cb42d3fa750ca40e2d5e	.config	log	report	syz	["hpa@zytor.com" "kvm@vger.kernel.org" "linux-kernel@vger.kernel.org" "mingo@redhat.com" "pbonzini@redhat.com" "rkrcmar@redhat.com" "tglx@linutronix.de" "x86@kernel.org"]
ci-upstream-linux-next-kasan-gce-root	2018/09/05 22:56	linux-next	f2b6e66e9885a2eae12efd73cc6f859213f64c23	196410e4f5665d4d2bf6c818d06f1c8d03cfa8cc	.config	log	report	syz	["hpa@zytor.com" "kvm@vger.kernel.org" "linux-kernel@vger.kernel.org" "mingo@redhat.com" "pbonzini@redhat.com" "rkrcmar@redhat.com" "tglx@linutronix.de" "x86@kernel.org"]
ci-upstream-linux-next-kasan-gce-root	2018/08/31 10:36	linux-next	a880148cb2affc40b146ded651d1d38ae0d58da6	a4718693a3d9fcabb02299b2ec07c19d8208c539	.config	log	report	syz	["hpa@zytor.com" "kvm@vger.kernel.org" "linux-kernel@vger.kernel.org" "mingo@redhat.com" "pbonzini@redhat.com" "rkrcmar@redhat.com" "tglx@linutronix.de" "x86@kernel.org"]
ci-upstream-linux-next-kasan-gce-root	2018/08/26 09:16	linux-next	e27bc174c9c6c69f8af3bc84d04032921ae2bad9	758cd203cb82b2fd04496478a05650321520c099	.config	log	report	syz	["hpa@zytor.com" "kvm@vger.kernel.org" "linux-kernel@vger.kernel.org" "mingo@redhat.com" "pbonzini@redhat.com" "rkrcmar@redhat.com" "tglx@linutronix.de" "x86@kernel.org"]
ci-upstream-kasan-gce	2018/08/25 08:52	upstream	0519359784328bfa92bf0931bf0cff3b58c16932	9be5aa1d051dea559961cb42d3fa750ca40e2d5e	.config	log	report		["hpa@zytor.com" "kvm@vger.kernel.org" "linux-kernel@vger.kernel.org" "mingo@redhat.com" "pbonzini@redhat.com" "rkrcmar@redhat.com" "tglx@linutronix.de" "x86@kernel.org"]
ci-upstream-kasan-gce-selinux-root	2018/09/18 13:06	upstream	5211da9ca526a5adddee1ccd078e6e33a583ab36	7f125108ae79bbb6e5b3a4eedf3ab7fbcb845744	.config	log	report		["hpa@zytor.com" "kvm@vger.kernel.org" "linux-kernel@vger.kernel.org" "mingo@redhat.com" "pbonzini@redhat.com" "rkrcmar@redhat.com" "tglx@linutronix.de" "x86@kernel.org"]
ci-upstream-kasan-gce	2018/09/09 06:18	upstream	f8f65382c98a28e3c2b20df9dd4231dca5a11682	6b5120a46407f0462e664e15fed3eae5da951c75	.config	log	report		["hpa@zytor.com" "kvm@vger.kernel.org" "linux-kernel@vger.kernel.org" "mingo@redhat.com" "pbonzini@redhat.com" "rkrcmar@redhat.com" "tglx@linutronix.de" "x86@kernel.org"]
ci-upstream-kasan-gce	2018/09/09 05:30	upstream	f8f65382c98a28e3c2b20df9dd4231dca5a11682	6b5120a46407f0462e664e15fed3eae5da951c75	.config	log	report		["hpa@zytor.com" "kvm@vger.kernel.org" "linux-kernel@vger.kernel.org" "mingo@redhat.com" "pbonzini@redhat.com" "rkrcmar@redhat.com" "tglx@linutronix.de" "x86@kernel.org"]
ci-upstream-kasan-gce-selinux-root	2018/09/09 05:22	upstream	f8f65382c98a28e3c2b20df9dd4231dca5a11682	6b5120a46407f0462e664e15fed3eae5da951c75	.config	log	report		["hpa@zytor.com" "kvm@vger.kernel.org" "linux-kernel@vger.kernel.org" "mingo@redhat.com" "pbonzini@redhat.com" "rkrcmar@redhat.com" "tglx@linutronix.de" "x86@kernel.org"]
ci-upstream-kasan-gce-root	2018/09/09 05:05	upstream	f8f65382c98a28e3c2b20df9dd4231dca5a11682	6b5120a46407f0462e664e15fed3eae5da951c75	.config	log	report		["hpa@zytor.com" "kvm@vger.kernel.org" "linux-kernel@vger.kernel.org" "mingo@redhat.com" "pbonzini@redhat.com" "rkrcmar@redhat.com" "tglx@linutronix.de" "x86@kernel.org"]
ci-upstream-kasan-gce-root	2018/09/09 05:04	upstream	f8f65382c98a28e3c2b20df9dd4231dca5a11682	6b5120a46407f0462e664e15fed3eae5da951c75	.config	log	report		["hpa@zytor.com" "kvm@vger.kernel.org" "linux-kernel@vger.kernel.org" "mingo@redhat.com" "pbonzini@redhat.com" "rkrcmar@redhat.com" "tglx@linutronix.de" "x86@kernel.org"]
ci-upstream-kasan-gce-selinux-root	2018/09/09 04:50	upstream	f8f65382c98a28e3c2b20df9dd4231dca5a11682	6b5120a46407f0462e664e15fed3eae5da951c75	.config	log	report		["hpa@zytor.com" "kvm@vger.kernel.org" "linux-kernel@vger.kernel.org" "mingo@redhat.com" "pbonzini@redhat.com" "rkrcmar@redhat.com" "tglx@linutronix.de" "x86@kernel.org"]
ci-upstream-kasan-gce-root	2018/09/09 04:40	upstream	f8f65382c98a28e3c2b20df9dd4231dca5a11682	6b5120a46407f0462e664e15fed3eae5da951c75	.config	log	report		["hpa@zytor.com" "kvm@vger.kernel.org" "linux-kernel@vger.kernel.org" "mingo@redhat.com" "pbonzini@redhat.com" "rkrcmar@redhat.com" "tglx@linutronix.de" "x86@kernel.org"]
ci-upstream-kasan-gce-root	2018/09/09 04:36	upstream	f8f65382c98a28e3c2b20df9dd4231dca5a11682	6b5120a46407f0462e664e15fed3eae5da951c75	.config	log	report		["hpa@zytor.com" "kvm@vger.kernel.org" "linux-kernel@vger.kernel.org" "mingo@redhat.com" "pbonzini@redhat.com" "rkrcmar@redhat.com" "tglx@linutronix.de" "x86@kernel.org"]
ci-upstream-kasan-gce-root	2018/09/05 21:15	upstream	0e9b10395018ab78bf6bffcb9561a703c7f82cee	196410e4f5665d4d2bf6c818d06f1c8d03cfa8cc	.config	log	report		["hpa@zytor.com" "kvm@vger.kernel.org" "linux-kernel@vger.kernel.org" "mingo@redhat.com" "pbonzini@redhat.com" "rkrcmar@redhat.com" "tglx@linutronix.de" "x86@kernel.org"]
ci-upstream-linux-next-kasan-gce-root	2018/09/12 17:56	linux-next	7c1b097f27bf1809369ef3a9ec7ec748fc178cbe	71907dafdbb47df824e03665e5b9fffa0dd07a9e	.config	log	report		["hpa@zytor.com" "kvm@vger.kernel.org" "linux-kernel@vger.kernel.org" "mingo@redhat.com" "pbonzini@redhat.com" "rkrcmar@redhat.com" "tglx@linutronix.de" "x86@kernel.org"]
ci-upstream-linux-next-kasan-gce-root	2018/09/12 16:16	linux-next	7c1b097f27bf1809369ef3a9ec7ec748fc178cbe	71907dafdbb47df824e03665e5b9fffa0dd07a9e	.config	log	report		["hpa@zytor.com" "kvm@vger.kernel.org" "linux-kernel@vger.kernel.org" "mingo@redhat.com" "pbonzini@redhat.com" "rkrcmar@redhat.com" "tglx@linutronix.de" "x86@kernel.org"]
ci-upstream-linux-next-kasan-gce-root	2018/09/12 06:12	linux-next	7c1b097f27bf1809369ef3a9ec7ec748fc178cbe	3c88136c8a2afbcdb1be19786c0b66837f5f7cd6	.config	log	report		["hpa@zytor.com" "kvm@vger.kernel.org" "linux-kernel@vger.kernel.org" "mingo@redhat.com" "pbonzini@redhat.com" "rkrcmar@redhat.com" "tglx@linutronix.de" "x86@kernel.org"]
ci-upstream-linux-next-kasan-gce-root	2018/08/31 07:16	linux-next	a880148cb2affc40b146ded651d1d38ae0d58da6	a4718693a3d9fcabb02299b2ec07c19d8208c539	.config	log	report		["hpa@zytor.com" "kvm@vger.kernel.org" "linux-kernel@vger.kernel.org" "mingo@redhat.com" "pbonzini@redhat.com" "rkrcmar@redhat.com" "tglx@linutronix.de" "x86@kernel.org"]