Received: by 2002:a25:c593:0:0:0:0:0 with SMTP id v141csp1112734ybe; Thu, 5 Sep 2019 10:28:08 -0700 (PDT) X-Google-Smtp-Source: APXvYqyfj7dJuYjtdzfZ7DJBMYa8pdNhpBKRVjaRRCktdrl/bkAeH/0jmOtyNgBAYgIpRlSWxBk6 X-Received: by 2002:a62:388f:: with SMTP id f137mr5339731pfa.131.1567704488793; Thu, 05 Sep 2019 10:28:08 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1567704488; cv=none; d=google.com; s=arc-20160816; b=GiY0WPfZowLT2/AQyg3ckReud13i2GGTMlKmuXZaK2Kuq2DoPWbDFp9jZvrWKlDs/o CnEm0d7bL5B463znHbIGIBpJQaIuToEz/7LHM21E2p2yjXfzKuMC8IWbObx7wLXbKo9P rkqvDBR00s9Fjo3IILSSRDa283erd4/hlrA6GNYTuu6gvIrHfPYPe7pKuDAkExJFnliv fIVrPrHiz/mWEFkbgPkcLF/94t2xnI0ld/gFmhB6M507nBd8liAl7X5bVoDyEqR3thUk Dh0Boh4g1CS4IpZYYxphFcuA8EvGbCF9J5xXJXARjFWgMci8St8IA0X6oRaLNHEZAWXP fO+A== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:mime-version:message-id:date:references :in-reply-to:subject:cc:to:from; bh=9ANyZ4dBkBOltXnKi+WoWQpmuFWiDil0u88wFq4AYQY=; b=qwT4sTAk+XNtF30wyFD6LZMd/bW0VOdFa0o++czlJs/FgpDkcVjgQ3CStDRlvGTo5S NQUIdyfeZCoMTZqz9V5rp/IFmbHYRAdjB4VnEjPYthLlJXgZX9/XtZcwL3eh7b1QfPBm 443jSYEPuuCTQjmPaTB0KG2LvPyQKCDVgqEftIssd3eUMsxxtpGAaVBs5zQuLnurNU35 Tq8MGYIgr+qPxpeBJ8W39BJ4oc+R4gtSlvbYp+A8IugQP7eHFX/5LvhX3zCDTgNuFO18 u7bsTKlmdSAw//rlL5Qv9aYrZkU+2v7cnClBhos9ZUP3Fg6UJMhrfZxQVXGkmlISu0Gt Jb/w== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=redhat.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id b62si2251038pgc.148.2019.09.05.10.27.52; Thu, 05 Sep 2019 10:28:08 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=redhat.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S2387666AbfIENLi (ORCPT + 99 others); Thu, 5 Sep 2019 09:11:38 -0400 Received: from mx1.redhat.com ([209.132.183.28]:42652 "EHLO mx1.redhat.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1730839AbfIENLh (ORCPT ); Thu, 5 Sep 2019 09:11:37 -0400 Received: from mail-wr1-f71.google.com (mail-wr1-f71.google.com [209.85.221.71]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id 0ECD183F4C for ; Thu, 5 Sep 2019 13:11:37 +0000 (UTC) Received: by mail-wr1-f71.google.com with SMTP id z2so980173wrt.6 for ; Thu, 05 Sep 2019 06:11:36 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:in-reply-to:references:date :message-id:mime-version; bh=9ANyZ4dBkBOltXnKi+WoWQpmuFWiDil0u88wFq4AYQY=; b=oE8LNOBZixsTSX544jFOLyKVR4WZCvCl6s0xf0DLVduDN+7NKTNgHe7kDN8BMhtvzT Le7WEesoinJDJBk6Vham0/lXFLEmftS0F24LswOkwT/9HlqBlZ7eFFXRVy+YrZECLdS6 lRrqp2H91Ph1xMoIvc1VdAuJsReXKB7NgC/7S6aX1EQvXhq930CEaOySHvi6Tt2JH1sc TynRfXMNAaYqqWUWQsDJTC5B3rRYF7MokZwLiwqvC3oehZR6ey5be+i0eBeBrC/1IUUQ RbEVfPAY3YxgqYB0WDyEuB2fguSHF5DXmpF6eMqcdr6N3jGvv7reGFCsmkhOHXOcyuFo ErRA== X-Gm-Message-State: APjAAAVkkkQv+Svdu3vGwVGA2iaVgIBK95ckUg/I1JD5eMVHXSyZCEsD PQyAYC5lA0w8OmwbBmHF8Gxo7gnkGyet9Hkp8GDbz1Ss1JCsorzEWN6UhBvAb40lHZTxr3TYWNn Va+CZbUREBPp4uhsOdGQbaI18 X-Received: by 2002:a1c:80ca:: with SMTP id b193mr2630526wmd.171.1567689095193; Thu, 05 Sep 2019 06:11:35 -0700 (PDT) X-Received: by 2002:a1c:80ca:: with SMTP id b193mr2630501wmd.171.1567689094909; Thu, 05 Sep 2019 06:11:34 -0700 (PDT) Received: from vitty.brq.redhat.com (nat-pool-brq-t.redhat.com. [213.175.37.10]) by smtp.gmail.com with ESMTPSA id x5sm3093960wrg.69.2019.09.05.06.11.33 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 05 Sep 2019 06:11:34 -0700 (PDT) From: Vitaly Kuznetsov To: Wanpeng Li , syzbot Cc: Borislav Petkov , devel@linuxdriverproject.org, Haiyang Zhang , "H. Peter Anvin" , Jim Mattson , Joerg Roedel , kvm , "K. Y. Srinivasan" , LKML , mikelley@microsoft.com, Ingo Molnar , Paolo Bonzini , Radim Krcmar , Sasha Levin , Sean Christopherson , Stephen Hemminger , syzkaller-bugs@googlegroups.com, Thomas Gleixner , Wanpeng Li , the arch/x86 maintainers Subject: Re: general protection fault in __apic_accept_irq In-Reply-To: References: <000000000000e3072b0591ca1937@google.com> Date: Thu, 05 Sep 2019 15:11:33 +0200 Message-ID: <87imq6khve.fsf@vitty.brq.redhat.com> MIME-Version: 1.0 Content-Type: text/plain Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Wanpeng Li writes: > On Thu, 5 Sep 2019 at 16:53, syzbot > wrote: >> >> Hello, >> >> syzbot found the following crash on: >> >> HEAD commit: 3b47fd5c Merge tag 'nfs-for-5.3-4' of git://git.linux-nfs... >> git tree: upstream >> console output: https://syzkaller.appspot.com/x/log.txt?x=124af12a600000 >> kernel config: https://syzkaller.appspot.com/x/.config?x=144488c6c6c6d2b6 >> dashboard link: https://syzkaller.appspot.com/bug?extid=dff25ee91f0c7d5c1695 >> compiler: clang version 9.0.0 (/home/glider/llvm/clang >> 80fee25776c2fb61e74c1ecb1a523375c2500b69) >> syz repro: https://syzkaller.appspot.com/x/repro.syz?x=10954676600000 >> C reproducer: https://syzkaller.appspot.com/x/repro.c?x=1752fe0a600000 >> >> The bug was bisected to: >> >> commit 0aa67255f54df192d29aec7ac6abb1249d45bda7 >> Author: Vitaly Kuznetsov >> Date: Mon Nov 26 15:47:29 2018 +0000 >> >> x86/hyper-v: move synic/stimer control structures definitions to >> hyperv-tlfs.h >> >> bisection log: https://syzkaller.appspot.com/x/bisect.txt?x=156128c1600000 >> console output: https://syzkaller.appspot.com/x/log.txt?x=136128c1600000 >> >> IMPORTANT: if you fix the bug, please add the following tag to the commit: >> Reported-by: syzbot+dff25ee91f0c7d5c1695@syzkaller.appspotmail.com >> Fixes: 0aa67255f54d ("x86/hyper-v: move synic/stimer control structures >> definitions to hyperv-tlfs.h") >> >> kvm [9347]: vcpu0, guest rIP: 0xcc Hyper-V uhandled wrmsr: 0x40000004 data >> 0x94 >> kvm [9347]: vcpu0, guest rIP: 0xcc Hyper-V uhandled wrmsr: 0x40000004 data >> 0x48c >> kvm [9347]: vcpu0, guest rIP: 0xcc Hyper-V uhandled wrmsr: 0x40000004 data >> 0x4ac >> kvm [9347]: vcpu0, guest rIP: 0xcc Hyper-V uhandled wrmsr: 0x40000005 data >> 0x1520 >> kvm [9347]: vcpu0, guest rIP: 0xcc Hyper-V uhandled wrmsr: 0x40000006 data >> 0x15d4 >> kvm [9347]: vcpu0, guest rIP: 0xcc Hyper-V uhandled wrmsr: 0x40000007 data >> 0x15c4 >> kasan: CONFIG_KASAN_INLINE enabled >> kasan: GPF could be caused by NULL-ptr deref or user memory access >> general protection fault: 0000 [#1] PREEMPT SMP KASAN >> CPU: 0 PID: 9347 Comm: syz-executor665 Not tainted 5.3.0-rc7+ #0 >> Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS >> Google 01/01/2011 >> RIP: 0010:__apic_accept_irq+0x46/0x740 arch/x86/kvm/lapic.c:1029 > > Thanks for the report, I found the root cause, will send a patch soon. > I'm really interested in how any issue can be caused by 0aa67255f54d as we just moved some definitions from a c file to a common header... (ok, we did more than that, some structures gained '__packed' but it all still seems legitimate to me and I can't recall any problems with genuine Hyper-V...) -- Vitaly