Re: [syzbot] [kvm?] WARNING in kvm_read_guest_offset_cached

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Sean Christopherson <seanjc@google.com>
To: Alexander Potapenko <glider@google.com>
Cc: syzbot <syzbot+bc0e18379a290e5edfe4@syzkaller.appspotmail.com>,
	 kvm@vger.kernel.org, linux-kernel@vger.kernel.org,
	pbonzini@redhat.com,  syzkaller-bugs@googlegroups.com
Subject: Re: [syzbot] [kvm?] WARNING in kvm_read_guest_offset_cached
Date: Wed, 25 Feb 2026 17:47:41 -0800	[thread overview]
Message-ID: <aZ-mPQ92D_hzpB8z@google.com> (raw)
In-Reply-To: <CAG_fn=VDPHArKRYDfpzipbWMQ9Zu1S8GCpAXmmOw=hGEyWnqeg@mail.gmail.com>

On Tue, Feb 10, 2026, Alexander Potapenko wrote:
> On Wed, Jul 16, 2025 at 5:23 PM 'Sean Christopherson' via
> syzkaller-bugs <syzkaller-bugs@googlegroups.com> wrote:
> >
> > On Tue, Jul 15, 2025, syzbot wrote:
> > > Hello,
> > >
> > > syzbot found the following issue on:
> > >
> > > HEAD commit:    155a3c003e55 Merge tag 'for-6.16/dm-fixes-2' of git://git...
> > > git tree:       upstream
> > > console output: https://syzkaller.appspot.com/x/log.txt?x=103e858c580000
> > > kernel config:  https://syzkaller.appspot.com/x/.config?x=8d5ef2da1e1c848
> > > dashboard link: https://syzkaller.appspot.com/bug?extid=bc0e18379a290e5edfe4
> > > compiler:       gcc (Debian 12.2.0-14) 12.2.0, GNU ld (GNU Binutils for Debian) 2.40
> > > syz repro:      https://syzkaller.appspot.com/x/repro.syz?x=153188f0580000
> > > C reproducer:   https://syzkaller.appspot.com/x/repro.c?x=16f6198c580000
> > >
> > > Downloadable assets:
> > > disk image (non-bootable): https://storage.googleapis.com/syzbot-assets/d900f083ada3/non_bootable_disk-155a3c00.raw.xz
> > > vmlinux: https://storage.googleapis.com/syzbot-assets/725a320dfe66/vmlinux-155a3c00.xz
> > > kernel image: https://storage.googleapis.com/syzbot-assets/9f06899bb6f3/bzImage-155a3c00.xz
> > >
> > > IMPORTANT: if you fix the issue, please add the following tag to the commit:
> > > Reported-by: syzbot+bc0e18379a290e5edfe4@syzkaller.appspotmail.com
> > >
> > > ------------[ cut here ]------------
> > > WARNING: CPU: 0 PID: 6107 at arch/x86/kvm/../../../virt/kvm/kvm_main.c:3459 kvm_read_guest_offset_cached+0x3f5/0x4b0 virt/kvm/kvm_main.c:3459
> > > Modules linked in:
> > > CPU: 0 UID: 0 PID: 6107 Comm: syz.0.16 Not tainted 6.16.0-rc6-syzkaller-00002-g155a3c003e55 #0 PREEMPT(full)
> > > Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
> > > RIP: 0010:kvm_read_guest_offset_cached+0x3f5/0x4b0 virt/kvm/kvm_main.c:3459
> > > Code: 0f 01 e8 3e 6c 61 00 e9 9b fc ff ff e8 14 25 85 00 48 8b 3c 24 31 d2 48 89 ee e8 16 bf fa 00 e9 2e fe ff ff e8 fc 24 85 00 90 <0f> 0b 90 bb ea ff ff ff e9 4d fe ff ff e8 e9 24 85 00 48 8b 74 24
> > > RSP: 0018:ffffc9000349f960 EFLAGS: 00010293
> > > RAX: 0000000000000000 RBX: ffff888050329898 RCX: ffffffff8136ca66
> > > RDX: ffff88803cfa8000 RSI: ffffffff8136cd84 RDI: 0000000000000006
> > > RBP: 0000000000000004 R08: 0000000000000006 R09: 0000000000000008
> > > R10: 0000000000000000 R11: 0000000000000001 R12: 0000000000000004
> > > R13: ffffc90003921000 R14: 0000000000000000 R15: ffffc900039215a0
> > > FS:  000055558378f500(0000) GS:ffff8880d6713000(0000) knlGS:0000000000000000
> > > CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
> > > CR2: 0000000000000000 CR3: 0000000025de6000 CR4: 0000000000352ef0
> > > Call Trace:
> > >  <TASK>
> > >  apf_pageready_slot_free arch/x86/kvm/x86.c:13452 [inline]
> >
> > kvm_pv_enable_async_pf() sets vcpu->arch.apf.msr_en_val even if the gpa is bad,
> > which leaves the cache in an empty state.  Something like so over a few patches
> > fixes the problem:
> 
> This bug is still occasionally reproducible on an Intel host running 6.19.

Gah, I never actually posted a series to fix this.  I'll try to get that done
this week.

next prev parent reply	other threads:[~2026-02-26  1:47 UTC|newest]

Thread overview: 8+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2025-07-16  5:05 [syzbot] [kvm?] WARNING in kvm_read_guest_offset_cached syzbot
2025-07-16 15:23 ` Sean Christopherson
2026-02-10  9:21   ` Alexander Potapenko
2026-02-26  1:47     ` Sean Christopherson [this message]
2026-04-03  3:11 ` [PATCH] KVM: x86: Don't leave APF half-enabled on bad APF data GPA Ethan Yang
2026-04-03  8:11   ` Xiaoyao Li
2026-04-03 10:01   ` [PATCH v2] " Ethan Yang
2026-04-06 16:18     ` Sean Christopherson

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=aZ-mPQ92D_hzpB8z@google.com \
    --to=seanjc@google.com \
    --cc=glider@google.com \
    --cc=kvm@vger.kernel.org \
    --cc=linux-kernel@vger.kernel.org \
    --cc=pbonzini@redhat.com \
    --cc=syzbot+bc0e18379a290e5edfe4@syzkaller.appspotmail.com \
    --cc=syzkaller-bugs@googlegroups.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.