Wanpeng Li <kernellwp@xxxxxxxxx> writes: > On Thu, 5 Sep 2019 at 16:53, syzbot > <syzbot+dff25ee91f0c7d5c1695@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote: >> >> Hello, >> >> syzbot found the following crash on: >> >> HEAD commit: 3b47fd5c Merge tag 'nfs-for-5.3-4' of git://git.linux-nfs... >> git tree: upstream >> console output: https://syzkaller.appspot.com/x/log.txt?x=124af12a600000 >> kernel config: https://syzkaller.appspot.com/x/.config?x=144488c6c6c6d2b6 >> dashboard link: https://syzkaller.appspot.com/bug?extid=dff25ee91f0c7d5c1695 >> compiler: clang version 9.0.0 (/home/glider/llvm/clang >> 80fee25776c2fb61e74c1ecb1a523375c2500b69) >> syz repro: https://syzkaller.appspot.com/x/repro.syz?x=10954676600000 >> C reproducer: https://syzkaller.appspot.com/x/repro.c?x=1752fe0a600000 >> >> The bug was bisected to: >> >> commit 0aa67255f54df192d29aec7ac6abb1249d45bda7 >> Author: Vitaly Kuznetsov <vkuznets@xxxxxxxxxx> >> Date: Mon Nov 26 15:47:29 2018 +0000 >> >> x86/hyper-v: move synic/stimer control structures definitions to >> hyperv-tlfs.h >> >> bisection log: https://syzkaller.appspot.com/x/bisect.txt?x=156128c1600000 >> console output: https://syzkaller.appspot.com/x/log.txt?x=136128c1600000 >> >> IMPORTANT: if you fix the bug, please add the following tag to the commit: >> Reported-by: syzbot+dff25ee91f0c7d5c1695@xxxxxxxxxxxxxxxxxxxxxxxxx >> Fixes: 0aa67255f54d ("x86/hyper-v: move synic/stimer control structures >> definitions to hyperv-tlfs.h") >> >> kvm [9347]: vcpu0, guest rIP: 0xcc Hyper-V uhandled wrmsr: 0x40000004 data >> 0x94 >> kvm [9347]: vcpu0, guest rIP: 0xcc Hyper-V uhandled wrmsr: 0x40000004 data >> 0x48c >> kvm [9347]: vcpu0, guest rIP: 0xcc Hyper-V uhandled wrmsr: 0x40000004 data >> 0x4ac >> kvm [9347]: vcpu0, guest rIP: 0xcc Hyper-V uhandled wrmsr: 0x40000005 data >> 0x1520 >> kvm [9347]: vcpu0, guest rIP: 0xcc Hyper-V uhandled wrmsr: 0x40000006 data >> 0x15d4 >> kvm [9347]: vcpu0, guest rIP: 0xcc Hyper-V uhandled wrmsr: 0x40000007 data >> 0x15c4 >> kasan: CONFIG_KASAN_INLINE enabled >> kasan: GPF could be caused by NULL-ptr deref or user memory access >> general protection fault: 0000 [#1] PREEMPT SMP KASAN >> CPU: 0 PID: 9347 Comm: syz-executor665 Not tainted 5.3.0-rc7+ #0 >> Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS >> Google 01/01/2011 >> RIP: 0010:__apic_accept_irq+0x46/0x740 arch/x86/kvm/lapic.c:1029 > > Thanks for the report, I found the root cause, will send a patch soon. > I'm really interested in how any issue can be caused by 0aa67255f54d as we just moved some definitions from a c file to a common header... (ok, we did more than that, some structures gained '__packed' but it all still seems legitimate to me and I can't recall any problems with genuine Hyper-V...) -- Vitaly