Received: by 10.223.164.202 with SMTP id h10csp4943616wrb;
        Tue, 21 Nov 2017 02:10:48 -0800 (PST)
X-Google-Smtp-Source: AGs4zMYTzr9NwnKEoVRQBCaSTFGz6jZcX7pCGXMUqW3Uop/0WS49kiOKgj1+iEw7x8OJv1pQV4zu
X-Received: by 10.84.215.2 with SMTP id k2mr16832338pli.60.1511259048503;
        Tue, 21 Nov 2017 02:10:48 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; t=1511259048; cv=none;
        d=google.com; s=arc-20160816;
        b=PJ3tKxxkx1i9r8I+4/mRT4J1vJm1E5bABQ76x8vJtpJ3Ni9zhh+FKEUjug3pREUl+G
         du9fNiUU1KXb5LeVuX4EiFKkPS3ClIduidEiAZVr3ubKZEAfljUqN5GX7n/+IfHMVucg
         +n962Y4+aTm8az2NymEs7dxn1XSoaCUnXk66bogXDIE7aDWnBnHbQEwGzlIiRjAJuyN0
         mEVW9kljdf+g7QHzS7NL2XqRyRUmKOFa0OXJHXLCpNkfCr8+pTQJZ+gmI21QLhDn6wYL
         wEGk1vi0QWfQ5u4iykpEfM1m0p6XYYANg9E5IvzFvhKGR1ALROan+lzNyrASrWuSINdc
         28QA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:sender:cc:to:subject:message-id:date:from
         :references:in-reply-to:mime-version:dkim-signature
         :arc-authentication-results;
        bh=44XSiD5+iXt2gSfFpfMSW7DZi/ojFq6FLdRWrAlT+CQ=;
        b=hq15sxHdnmNkW53QQepkVR4LHiWMQzn7hF9POFk0sDeWjUD80fg5SwN4esKOZezAbo
         OnkBAVPdcu5KaORrR2YhlJbgwwVPFGXB5sh3e05jDnR7vK0ascWPqc9sUt0FVu4OyZro
         FZIAbedONYaRC36pHOjK2kGcMIGtGMjcExpnOXvbemD+Ppr6oEKIbmJO9ss1x64MjCo1
         JFMmuobasuP5UYyu5KHkE/Lb2x+qAJsXyPcZhyro+gVLkGp6QlDXwNbIy06QvdjWp8fo
         zPnsE44PZ9FpNaTUdOP1Y8e/HfKHejN2Gtj//3FvDn3VHcou3CKOVFLamZwzjIflf2H/
         p5Xg==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@gmail.com header.s=20161025 header.b=PmFxluVS;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=gmail.com
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67])
        by mx.google.com with ESMTP id w62si11536146pfb.133.2017.11.21.02.10.37;
        Tue, 21 Nov 2017 02:10:48 -0800 (PST)
Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@gmail.com header.s=20161025 header.b=PmFxluVS;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=gmail.com
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1751799AbdKUKJz (ORCPT <rfc822;mahoosoft4you@gmail.com>
        + 74 others); Tue, 21 Nov 2017 05:09:55 -0500
Received: from mail-oi0-f65.google.com ([209.85.218.65]:38679 "EHLO
        mail-oi0-f65.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S1751420AbdKUKJx (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Tue, 21 Nov 2017 05:09:53 -0500
Received: by mail-oi0-f65.google.com with SMTP id b189so8154283oia.5;
        Tue, 21 Nov 2017 02:09:53 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20161025;
        h=mime-version:in-reply-to:references:from:date:message-id:subject:to
         :cc;
        bh=44XSiD5+iXt2gSfFpfMSW7DZi/ojFq6FLdRWrAlT+CQ=;
        b=PmFxluVS+NaocQjAAx0lKfGxn/3QjH7nPBAJigqZCIowwPeVli/98D/1vk57M8OPQ4
         Lqzv2JY5GK/u6aTCqHHtRW8Me7A2ISFK2VTs0iBWVJCXevwRlTuHy6DCeql4jumDxXDY
         qJUXP9Kbd5BkRc/fiJ92k0Fbyco9LOBCSUZcxgJPz3qjSor/UAExRSCl9pU1sf6ttfnY
         DWKZ7jU09I6YTXd490OYfzmfmGxNEPRIglSqk9Nh96au4Wf46vou1NgdePrIRemd3YGp
         GCSoiEfQzjSNxkM2zh0oVu4ecvBLD5Q9Ermk6zhXw6j3cBNwxIR9FlLFTdaWKmRQ8LuD
         2FxQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20161025;
        h=x-gm-message-state:mime-version:in-reply-to:references:from:date
         :message-id:subject:to:cc;
        bh=44XSiD5+iXt2gSfFpfMSW7DZi/ojFq6FLdRWrAlT+CQ=;
        b=dZewsj9bnjmznZmXhLs7eXJ1+YUc3ilzSDQ8llnHCKh2A5b6a3QnPLbPYTnMU/A7I/
         q0FPeqjaGwkrSqpj9yN8jdwy+aCOlack/uh9sjymZMvEKyhoOlPVmetsdzuQs9GrYC+v
         5+5ljPMMkqF3tS1EYj3CLkZDdjdt1hWDfgcaydxst4P054ETcNIZYl57Xk1lrx1dTVJP
         ci7gX9znM+zW3+NAhizaL0pf8MCncqhgXVucJA4OdckLPhIrODqNy/6zZ+tt2skjAMZ1
         cTO9XDu+wUr2pA5gtgsvYZbD0xPhKm9H1SM/m3cHZW01dJTGT4JZl1iZqQoQAcpLWhHJ
         Z9ww==
X-Gm-Message-State: AJaThX5a7Ane9YdzxvGg11ig2t5L7zF8SU6hz8wowFxfqhAH56jQkP7+
        JrxyaxwcJ2aCr616uNTk5Fj4CVGwHJhIf0qo0DI=
X-Received: by 10.202.87.139 with SMTP id l133mr925085oib.151.1511258993136;
 Tue, 21 Nov 2017 02:09:53 -0800 (PST)
MIME-Version: 1.0
Received: by 10.74.182.67 with HTTP; Tue, 21 Nov 2017 02:09:52 -0800 (PST)
In-Reply-To: <001a113a675025cc23055e7b440c@google.com>
References: <001a113a675025cc23055e7b440c@google.com>
From:   Wanpeng Li <kernellwp@gmail.com>
Date:   Tue, 21 Nov 2017 18:09:52 +0800
Message-ID: <CANRm+Cy6FgRUHvrQnR0XD5kq=RbKrQJUmR4eXcPdkJyN1QQadw@mail.gmail.com>
Subject: Re: WARNING in free_loaded_vmcs
To:     syzbot 
        <bot+f8b45b2617e7aabc787907f1d88e86468ceae220@syzkaller.appspotmail.com>
Cc:     "H. Peter Anvin" <hpa@zytor.com>, kvm <kvm@vger.kernel.org>,
        "linux-kernel@vger.kernel.org" <linux-kernel@vger.kernel.org>,
        Ingo Molnar <mingo@redhat.com>,
        Paolo Bonzini <pbonzini@redhat.com>,
        Radim Krcmar <rkrcmar@redhat.com>,
        syzkaller-bugs@googlegroups.com,
        Thomas Gleixner <tglx@linutronix.de>,
        "the arch/x86 maintainers" <x86@kernel.org>
Content-Type: text/plain; charset="UTF-8"
Sender: linux-kernel-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

2017-11-21 18:00 GMT+08:00 syzbot
<bot+f8b45b2617e7aabc787907f1d88e86468ceae220@syzkaller.appspotmail.com>:
> Hello,
>
> syzkaller hit the following crash on
> 5a3517e009e979f21977d362212b7729c5165d92
> git://git.kernel.org/pub/scm/linux/kernel/git/next/linux-next.git/master
> compiler: gcc (GCC) 7.1.1 20170620
> .config is attached
> Raw console output is attached.
> C reproducer is attached
> syzkaller reproducer is attached. See https://goo.gl/kgGztJ
> for information about syzkaller reproducers
>
>
> ------------[ cut here ]------------
> WARNING: CPU: 1 PID: 3224 at arch/x86/kvm/vmx.c:3844
> free_loaded_vmcs+0x10f/0x150 arch/x86/kvm/vmx.c:3844
> Kernel panic - not syncing: panic_on_warn set ...
>
> CPU: 1 PID: 3224 Comm: syzkaller595060 Not tainted 4.14.0-rc7-next-20171103+
> #38
> Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS
> Google 01/01/2011
> Call Trace:
>  __dump_stack lib/dump_stack.c:17 [inline]
>  dump_stack+0x194/0x257 lib/dump_stack.c:53
>  panic+0x1e4/0x41c kernel/panic.c:183
>  __warn+0x1c4/0x1e0 kernel/panic.c:546
>  report_bug+0x211/0x2d0 lib/bug.c:184
>  fixup_bug+0x40/0x90 arch/x86/kernel/traps.c:177
>  do_trap_no_signal arch/x86/kernel/traps.c:211 [inline]
>  do_trap+0x260/0x390 arch/x86/kernel/traps.c:260
>  do_error_trap+0x120/0x390 arch/x86/kernel/traps.c:297
>  do_invalid_op+0x1b/0x20 arch/x86/kernel/traps.c:310
>  invalid_op+0x18/0x20 arch/x86/entry/entry_64.S:906
> RIP: 0010:free_loaded_vmcs+0x10f/0x150 arch/x86/kvm/vmx.c:3844
> RSP: 0018:ffff8801c7f8f470 EFLAGS: 00010293
> RAX: ffff8801c59a8080 RBX: ffff8801c5b3cdd8 RCX: ffffffff8119c79f
> RDX: 0000000000000000 RSI: 0000000000000001 RDI: ffff8801c5b3cde0
> RBP: ffff8801c7f8f488 R08: ffffea0007182460 R09: 0000000000000000
> R10: 0000000000000000 R11: 0000000000000000 R12: ffff8801c6091000
> R13: 0000000000000001 R14: dffffc0000000000 R15: ffffed0038ff1eb2
>  vmx_free_vcpu+0x1d3/0x2c0 arch/x86/kvm/vmx.c:9510
>  kvm_arch_vcpu_free arch/x86/kvm/x86.c:7730 [inline]
>  kvm_free_vcpus arch/x86/kvm/x86.c:8179 [inline]
>  kvm_arch_destroy_vm+0x4b4/0x990 arch/x86/kvm/x86.c:8278
>  kvm_destroy_vm arch/x86/kvm/../../../virt/kvm/kvm_main.c:726 [inline]
>  kvm_put_kvm+0x695/0xde0 arch/x86/kvm/../../../virt/kvm/kvm_main.c:747
>  kvm_vm_release+0x42/0x50 arch/x86/kvm/../../../virt/kvm/kvm_main.c:758
>  __fput+0x333/0x7f0 fs/file_table.c:210
>  ____fput+0x15/0x20 fs/file_table.c:244
>  task_work_run+0x199/0x270 kernel/task_work.c:113
>  exit_task_work include/linux/task_work.h:22 [inline]
>  do_exit+0x9b5/0x1ad0 kernel/exit.c:869
>  do_group_exit+0x149/0x400 kernel/exit.c:972
>  SYSC_exit_group kernel/exit.c:983 [inline]
>  SyS_exit_group+0x1d/0x20 kernel/exit.c:981
>  entry_SYSCALL_64_fastpath+0x1f/0xbe
> RIP: 0033:0x449099
> RSP: 002b:00007fffd06fde68 EFLAGS: 00000202 ORIG_RAX: 00000000000000e7
> RAX: ffffffffffffffda RBX: 0000000000000007 RCX: 0000000000449099
> RDX: 0000000000474231 RSI: 0000000000000000 RDI: 0000000000000000
> RBP: 0000000000000086 R08: 00000000006dd1c0 R09: 0000000000000000
> R10: 00000000006dd144 R11: 0000000000000202 R12: 0000000000000000
> R13: 00007fffd06fde0f R14: 00007fa36c8839c0 R15: 0000000000000000
> Dumping ftrace buffer:
>    (ftrace buffer empty)
> Kernel Offset: disabled
> Rebooting in 86400 seconds..

I can reproduce, will have a look.

Regards,
Wanpeng Li

From 1584669357655913818@xxx Tue Nov 21 10:01:06 +0000 2017
X-GM-THRID: 1584669357655913818
X-Gmail-Labels: Inbox,Category Forums,HistoricalUnread