kvm: BUG in kvm_unload_vcpu_mmu
16 views
Skip to first unread message
Dmitry Vyukov
Dec 27, 2016, 9:56:04 AM12/27/16
to Paolo Bonzini, Radim Krčmář, KVM list, LKML, Steve Rutherford, syzkaller
Hello,
I am hitting BUG in kvm_unload_vcpu_mmu while running syzkaller fuzzer:
kernel BUG at arch/x86/kvm/x86.c:7928!
invalid opcode: 0000 [#1] SMP KASAN
Dumping ftrace buffer:
(ftrace buffer empty)
Modules linked in:
CPU: 1 PID: 6310 Comm: syz-executor0 Not tainted 4.9.0+ #105
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS Bochs 01/01/2011
task: ffff88003c9ce500 task.stack: ffff88003bef0000
RIP: 0010:kvm_free_vcpus arch/x86/kvm/x86.c:7928 [inline]
RIP: 0010:kvm_arch_destroy_vm+0x7ee/0xa00 arch/x86/kvm/x86.c:8047
RSP: 0018:ffff88003bef7260 EFLAGS: 00010246
RAX: 0000000000004000 RBX: ffff88006bab27c0 RCX: ffffc90000cc8000
RDX: 0000000000004000 RSI: 0000000000000000 RDI: ffffed00077dee40
RBP: ffff88003bef7418 R08: ffffed00077dee3c R09: 0000000000000001
R10: 0000000000000000 R11: ffffed00077dee3b R12: ffff88006bab3460
R13: ffff88003bef73f0 R14: ffff880065eb1c40 R15: 0000000000000000
FS: 00007fb475b18700(0000) GS:ffff88003fd00000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 000000002000effc CR3: 000000003b544000 CR4: 00000000000026e0
Call Trace:
kvm_destroy_vm arch/x86/kvm/../../../virt/kvm/kvm_main.c:736 [inline]
kvm_put_kvm+0x4ee/0x990 arch/x86/kvm/../../../virt/kvm/kvm_main.c:757
kvm_vcpu_release+0x7b/0xa0 arch/x86/kvm/../../../virt/kvm/kvm_main.c:2390
__fput+0x332/0x7f0 fs/file_table.c:208
____fput+0x15/0x20 fs/file_table.c:244
task_work_run+0x18a/0x260 kernel/task_work.c:116
get_signal+0x148f/0x1820 kernel/signal.c:2143
do_signal+0xd2/0x2190 arch/x86/kernel/signal.c:807
exit_to_usermode_loop+0x170/0x200 arch/x86/entry/common.c:156
prepare_exit_to_usermode arch/x86/entry/common.c:190 [inline]
syscall_return_slowpath+0x3d3/0x420 arch/x86/entry/common.c:259
entry_SYSCALL_64_fastpath+0xc0/0xc2
RIP: 0033:0x4421e9
RSP: 002b:00007fb475b17b58 EFLAGS: 00000286 ORIG_RAX: 0000000000000010
RAX: fffffffffffffffc RBX: 00000000007001f8 RCX: 00000000004421e9
RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 000000000000001a
RBP: 0000000000001a60 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000286 R12: 00000000006dbb20
R13: 000000000000001a R14: 000000000000ae80 R15: 0000000000000000
Code: 00 00 48 83 e7 f8 48 29 f8 8d 48 2c 31 c0 c1 e9 03 f3 48 ab 48
81 c4 90 01 00 00 5b 41 5c 41 5d 41 5e 41 5f 5d c3 e8 02 c0 5a 00 <0f>
0b e8 fb bf 5a 00 31 c9 31 d2 48 89 df be fe 01 00 00 e8 7a
RIP: kvm_free_vcpus arch/x86/kvm/x86.c:7928 [inline] RSP: ffff88003bef7260
RIP: kvm_arch_destroy_vm+0x7ee/0xa00 arch/x86/kvm/x86.c:8047 RSP:
ffff88003bef7260
---[ end trace 3cdfda62e3da09f8 ]---
Kernel panic - not syncing: Fatal exception
Dumping ftrace buffer:
(ftrace buffer empty)
Kernel Offset: disabled
It is this BUG:
static void kvm_unload_vcpu_mmu(struct kvm_vcpu *vcpu)
{
int r;
r = vcpu_load(vcpu);
BUG_ON(r);
kvm_mmu_unload(vcpu);
vcpu_put(vcpu);
}
Unfortunately it is not reproducible.
On commit e93b1cc8a8965da137ffea0b88e5f62fa1d2a9e6 (Dec 19)
I am hitting BUG in kvm_unload_vcpu_mmu while running syzkaller fuzzer:
kernel BUG at arch/x86/kvm/x86.c:7928!
invalid opcode: 0000 [#1] SMP KASAN
Dumping ftrace buffer:
(ftrace buffer empty)
Modules linked in:
CPU: 1 PID: 6310 Comm: syz-executor0 Not tainted 4.9.0+ #105
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS Bochs 01/01/2011
task: ffff88003c9ce500 task.stack: ffff88003bef0000
RIP: 0010:kvm_free_vcpus arch/x86/kvm/x86.c:7928 [inline]
RIP: 0010:kvm_arch_destroy_vm+0x7ee/0xa00 arch/x86/kvm/x86.c:8047
RSP: 0018:ffff88003bef7260 EFLAGS: 00010246
RAX: 0000000000004000 RBX: ffff88006bab27c0 RCX: ffffc90000cc8000
RDX: 0000000000004000 RSI: 0000000000000000 RDI: ffffed00077dee40
RBP: ffff88003bef7418 R08: ffffed00077dee3c R09: 0000000000000001
R10: 0000000000000000 R11: ffffed00077dee3b R12: ffff88006bab3460
R13: ffff88003bef73f0 R14: ffff880065eb1c40 R15: 0000000000000000
FS: 00007fb475b18700(0000) GS:ffff88003fd00000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 000000002000effc CR3: 000000003b544000 CR4: 00000000000026e0
Call Trace:
kvm_destroy_vm arch/x86/kvm/../../../virt/kvm/kvm_main.c:736 [inline]
kvm_put_kvm+0x4ee/0x990 arch/x86/kvm/../../../virt/kvm/kvm_main.c:757
kvm_vcpu_release+0x7b/0xa0 arch/x86/kvm/../../../virt/kvm/kvm_main.c:2390
__fput+0x332/0x7f0 fs/file_table.c:208
____fput+0x15/0x20 fs/file_table.c:244
task_work_run+0x18a/0x260 kernel/task_work.c:116
get_signal+0x148f/0x1820 kernel/signal.c:2143
do_signal+0xd2/0x2190 arch/x86/kernel/signal.c:807
exit_to_usermode_loop+0x170/0x200 arch/x86/entry/common.c:156
prepare_exit_to_usermode arch/x86/entry/common.c:190 [inline]
syscall_return_slowpath+0x3d3/0x420 arch/x86/entry/common.c:259
entry_SYSCALL_64_fastpath+0xc0/0xc2
RIP: 0033:0x4421e9
RSP: 002b:00007fb475b17b58 EFLAGS: 00000286 ORIG_RAX: 0000000000000010
RAX: fffffffffffffffc RBX: 00000000007001f8 RCX: 00000000004421e9
RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 000000000000001a
RBP: 0000000000001a60 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000286 R12: 00000000006dbb20
R13: 000000000000001a R14: 000000000000ae80 R15: 0000000000000000
Code: 00 00 48 83 e7 f8 48 29 f8 8d 48 2c 31 c0 c1 e9 03 f3 48 ab 48
81 c4 90 01 00 00 5b 41 5c 41 5d 41 5e 41 5f 5d c3 e8 02 c0 5a 00 <0f>
0b e8 fb bf 5a 00 31 c9 31 d2 48 89 df be fe 01 00 00 e8 7a
RIP: kvm_free_vcpus arch/x86/kvm/x86.c:7928 [inline] RSP: ffff88003bef7260
RIP: kvm_arch_destroy_vm+0x7ee/0xa00 arch/x86/kvm/x86.c:8047 RSP:
ffff88003bef7260
---[ end trace 3cdfda62e3da09f8 ]---
Kernel panic - not syncing: Fatal exception
Dumping ftrace buffer:
(ftrace buffer empty)
Kernel Offset: disabled
It is this BUG:
static void kvm_unload_vcpu_mmu(struct kvm_vcpu *vcpu)
{
int r;
r = vcpu_load(vcpu);
BUG_ON(r);
kvm_mmu_unload(vcpu);
vcpu_put(vcpu);
}
Unfortunately it is not reproducible.
On commit e93b1cc8a8965da137ffea0b88e5f62fa1d2a9e6 (Dec 19)
Reply all
Reply to author
Forward
0 new messages