Re: WARNING in free_loaded_vmcs

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Eric Biggers <ebiggers3@gmail.com>
To: syzbot
	<bot+f8b45b2617e7aabc787907f1d88e86468ceae220@syzkaller.appspotmail.com>
Cc: hpa@zytor.com, kvm@vger.kernel.org, linux-kernel@vger.kernel.org,
	mingo@redhat.com, pbonzini@redhat.com, rkrcmar@redhat.com,
	syzkaller-bugs@googlegroups.com, tglx@linutronix.de,
	x86@kernel.org
Subject: Re: WARNING in free_loaded_vmcs
Date: Wed, 24 Jan 2018 12:45:55 -0800	[thread overview]
Message-ID: <20180124204555.r4wogft7bpqusq7d@gmail.com> (raw)
In-Reply-To: <001a113a675025cc23055e7b440c@google.com>

On Tue, Nov 21, 2017 at 02:00:00AM -0800, syzbot wrote:
> Hello,
> 
> syzkaller hit the following crash on
> 5a3517e009e979f21977d362212b7729c5165d92
> git://git.kernel.org/pub/scm/linux/kernel/git/next/linux-next.git/master
> compiler: gcc (GCC) 7.1.1 20170620
> .config is attached
> Raw console output is attached.
> C reproducer is attached
> syzkaller reproducer is attached. See https://goo.gl/kgGztJ
> for information about syzkaller reproducers
> 
> 
> ------------[ cut here ]------------
> WARNING: CPU: 1 PID: 3224 at arch/x86/kvm/vmx.c:3844
> free_loaded_vmcs+0x10f/0x150 arch/x86/kvm/vmx.c:3844
> Kernel panic - not syncing: panic_on_warn set ...
> 
> CPU: 1 PID: 3224 Comm: syzkaller595060 Not tainted 4.14.0-rc7-next-20171103+
> #38
> Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS
> Google 01/01/2011
> Call Trace:
>  __dump_stack lib/dump_stack.c:17 [inline]
>  dump_stack+0x194/0x257 lib/dump_stack.c:53
>  panic+0x1e4/0x41c kernel/panic.c:183
>  __warn+0x1c4/0x1e0 kernel/panic.c:546
>  report_bug+0x211/0x2d0 lib/bug.c:184
>  fixup_bug+0x40/0x90 arch/x86/kernel/traps.c:177
>  do_trap_no_signal arch/x86/kernel/traps.c:211 [inline]
>  do_trap+0x260/0x390 arch/x86/kernel/traps.c:260
>  do_error_trap+0x120/0x390 arch/x86/kernel/traps.c:297
>  do_invalid_op+0x1b/0x20 arch/x86/kernel/traps.c:310
>  invalid_op+0x18/0x20 arch/x86/entry/entry_64.S:906
> RIP: 0010:free_loaded_vmcs+0x10f/0x150 arch/x86/kvm/vmx.c:3844
> RSP: 0018:ffff8801c7f8f470 EFLAGS: 00010293
> RAX: ffff8801c59a8080 RBX: ffff8801c5b3cdd8 RCX: ffffffff8119c79f
> RDX: 0000000000000000 RSI: 0000000000000001 RDI: ffff8801c5b3cde0
> RBP: ffff8801c7f8f488 R08: ffffea0007182460 R09: 0000000000000000
> R10: 0000000000000000 R11: 0000000000000000 R12: ffff8801c6091000
> R13: 0000000000000001 R14: dffffc0000000000 R15: ffffed0038ff1eb2
>  vmx_free_vcpu+0x1d3/0x2c0 arch/x86/kvm/vmx.c:9510
>  kvm_arch_vcpu_free arch/x86/kvm/x86.c:7730 [inline]
>  kvm_free_vcpus arch/x86/kvm/x86.c:8179 [inline]
>  kvm_arch_destroy_vm+0x4b4/0x990 arch/x86/kvm/x86.c:8278
>  kvm_destroy_vm arch/x86/kvm/../../../virt/kvm/kvm_main.c:726 [inline]
>  kvm_put_kvm+0x695/0xde0 arch/x86/kvm/../../../virt/kvm/kvm_main.c:747
>  kvm_vm_release+0x42/0x50 arch/x86/kvm/../../../virt/kvm/kvm_main.c:758
>  __fput+0x333/0x7f0 fs/file_table.c:210
>  ____fput+0x15/0x20 fs/file_table.c:244
>  task_work_run+0x199/0x270 kernel/task_work.c:113
>  exit_task_work include/linux/task_work.h:22 [inline]
>  do_exit+0x9b5/0x1ad0 kernel/exit.c:869
>  do_group_exit+0x149/0x400 kernel/exit.c:972
>  SYSC_exit_group kernel/exit.c:983 [inline]
>  SyS_exit_group+0x1d/0x20 kernel/exit.c:981
>  entry_SYSCALL_64_fastpath+0x1f/0xbe
> RIP: 0033:0x449099
> RSP: 002b:00007fffd06fde68 EFLAGS: 00000202 ORIG_RAX: 00000000000000e7
> RAX: ffffffffffffffda RBX: 0000000000000007 RCX: 0000000000449099
> RDX: 0000000000474231 RSI: 0000000000000000 RDI: 0000000000000000
> RBP: 0000000000000086 R08: 00000000006dd1c0 R09: 0000000000000000
> R10: 00000000006dd144 R11: 0000000000000202 R12: 0000000000000000
> R13: 00007fffd06fde0f R14: 00007fa36c8839c0 R15: 0000000000000000
> Dumping ftrace buffer:
>    (ftrace buffer empty)
> Kernel Offset: disabled
> Rebooting in 86400 seconds..
> 
[...]
> syzbot will keep track of this bug report.
> Once a fix for this bug is committed, please reply to this email with:
> #syz fix: exact-commit-title

Seems this was fixed a while ago (thanks Wanpeng!), so let's mark this fixed:

#syz fix: KVM: VMX: Fix vmx->nested freeing when no SMI handler

     prev parent reply	other threads:[~2018-01-24 20:45 UTC|newest]

Thread overview: 3+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2017-11-21 10:00 WARNING in free_loaded_vmcs syzbot
2017-11-21 10:09 ` Wanpeng Li
2018-01-24 20:45 ` Eric Biggers [this message]

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20180124204555.r4wogft7bpqusq7d@gmail.com \
    --to=ebiggers3@gmail.com \
    --cc=bot+f8b45b2617e7aabc787907f1d88e86468ceae220@syzkaller.appspotmail.com \
    --cc=hpa@zytor.com \
    --cc=kvm@vger.kernel.org \
    --cc=linux-kernel@vger.kernel.org \
    --cc=mingo@redhat.com \
    --cc=pbonzini@redhat.com \
    --cc=rkrcmar@redhat.com \
    --cc=syzkaller-bugs@googlegroups.com \
    --cc=tglx@linutronix.de \
    --cc=x86@kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.