From: Sean Christopherson <seanjc@google.com>
To: syzbot <syzbot+fb0b6a7e8713aeb0319c@syzkaller.appspotmail.com>
Cc: bp@alien8.de, hpa@zytor.com, jmattson@google.com,
joro@8bytes.org, kvm@vger.kernel.org,
linux-kernel@vger.kernel.org, mingo@redhat.com,
pbonzini@redhat.com, rkrcmar@redhat.com,
sean.j.christopherson@intel.com, syzkaller-bugs@googlegroups.com,
tglx@linutronix.de, vkuznets@redhat.com, wanpengli@tencent.com,
x86@kernel.org
Subject: Re: [syzbot] general protection fault in gfn_to_rmap (2)
Date: Tue, 8 Jun 2021 16:48:15 +0000 [thread overview]
Message-ID: <YL+fTwfphU1Al3d8@google.com> (raw)
In-Reply-To: <0000000000006ac02a05c44397fb@google.com>
On Tue, Jun 08, 2021, syzbot wrote:
> Hello,
>
> syzbot found the following issue on:
>
> HEAD commit: 614124be Linux 5.13-rc5
> git tree: upstream
> console output: https://syzkaller.appspot.com/x/log.txt?x=14a62298300000
> kernel config: https://syzkaller.appspot.com/x/.config?x=547a5e42ca601229
> dashboard link: https://syzkaller.appspot.com/bug?extid=fb0b6a7e8713aeb0319c
> compiler: Debian clang version 11.0.1-2
> syz repro: https://syzkaller.appspot.com/x/repro.syz?x=11395057d00000
> C reproducer: https://syzkaller.appspot.com/x/repro.c?x=12d2b797d00000
>
> The issue was bisected to:
>
> commit 9ec19493fb86d6d5fbf9286b94ff21e56ef66376
> Author: Sean Christopherson <sean.j.christopherson@intel.com>
> Date: Tue Apr 2 15:03:11 2019 +0000
>
> KVM: x86: clear SMM flags before loading state while leaving SMM
>
> bisection log: https://syzkaller.appspot.com/x/bisect.txt?x=1437f9bbd00000
> final oops: https://syzkaller.appspot.com/x/report.txt?x=1637f9bbd00000
> console output: https://syzkaller.appspot.com/x/log.txt?x=1237f9bbd00000
>
> IMPORTANT: if you fix the issue, please add the following tag to the commit:
> Reported-by: syzbot+fb0b6a7e8713aeb0319c@syzkaller.appspotmail.com
> Fixes: 9ec19493fb86 ("KVM: x86: clear SMM flags before loading state while leaving SMM")
>
> L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details.
> general protection fault, probably for non-canonical address 0xdffffc0000000000: 0000 [#1] PREEMPT SMP KASAN
> KASAN: null-ptr-deref in range [0x0000000000000000-0x0000000000000007]
> CPU: 1 PID: 8410 Comm: syz-executor382 Not tainted 5.13.0-rc5-syzkaller #0
> Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
> RIP: 0010:__gfn_to_rmap arch/x86/kvm/mmu/mmu.c:935 [inline]
Oh joy. SMM, rmaps, and memslots. I'll take this one...
prev parent reply other threads:[~2021-06-08 16:48 UTC|newest]
Thread overview: 2+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-06-08 16:24 [syzbot] general protection fault in gfn_to_rmap (2) syzbot
2021-06-08 16:48 ` Sean Christopherson [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=YL+fTwfphU1Al3d8@google.com \
--to=seanjc@google.com \
--cc=bp@alien8.de \
--cc=hpa@zytor.com \
--cc=jmattson@google.com \
--cc=joro@8bytes.org \
--cc=kvm@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=mingo@redhat.com \
--cc=pbonzini@redhat.com \
--cc=rkrcmar@redhat.com \
--cc=sean.j.christopherson@intel.com \
--cc=syzbot+fb0b6a7e8713aeb0319c@syzkaller.appspotmail.com \
--cc=syzkaller-bugs@googlegroups.com \
--cc=tglx@linutronix.de \
--cc=vkuznets@redhat.com \
--cc=wanpengli@tencent.com \
--cc=x86@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.