bisecting cause commit starting from c11d28ab4a691736e30b49813fb801847bd44e83
building syzkaller on bd28eb9d7873a6a3232f8c5011e3175e2c9e8319
testing commit c11d28ab4a691736e30b49813fb801847bd44e83 with gcc (GCC) 8.1.0
kernel signature: e4b3c0eed3200959d74485e001866da032c9379a3ace6b1eae58673d9f752792
all runs: crashed: general protection fault in start_creating
testing release v5.6
testing commit 7111951b8d4973bda27ff663f2cf18b663d15b48 with gcc (GCC) 8.1.0
kernel signature: 55043815e1139200532dc3ec859b502452bb609bc4617d20608ecd2ff179e70e
all runs: OK
# git bisect start c11d28ab4a691736e30b49813fb801847bd44e83 7111951b8d4973bda27ff663f2cf18b663d15b48
Bisecting: 13326 revisions left to test after this (roughly 14 steps)
[74cd3984f13381049627cfa260fd87e6fcd31add] media: imx: utils: Split find|enum_format into fourcc and mbus functions
testing commit 74cd3984f13381049627cfa260fd87e6fcd31add with gcc (GCC) 8.1.0
kernel signature: f41967670941718273f6674e8d4d8d39ed1a08c909737d7710c1e8458611c5db
all runs: OK
# git bisect good 74cd3984f13381049627cfa260fd87e6fcd31add
Bisecting: 6630 revisions left to test after this (roughly 13 steps)
[8bf9e28a25c6bbff58513b8175620e096368ede4] Merge remote-tracking branch 'net-next/master'
testing commit 8bf9e28a25c6bbff58513b8175620e096368ede4 with gcc (GCC) 8.1.0
kernel signature: 97f710d9f936e1c3c7304ded2219963e7e7a7581ac45f63894719b6f294bd454
all runs: OK
# git bisect good 8bf9e28a25c6bbff58513b8175620e096368ede4
Bisecting: 3403 revisions left to test after this (roughly 12 steps)
[27e0b188b775a88574d0c86793b8a4ae2a2be5fe] Merge remote-tracking branch 'spi/for-next'
testing commit 27e0b188b775a88574d0c86793b8a4ae2a2be5fe with gcc (GCC) 8.1.0
kernel signature: bd5c679e4b9cd8fccba0461e5c7188757c06030b2661ebf9ee0a8e512afc78c7
all runs: OK
# git bisect good 27e0b188b775a88574d0c86793b8a4ae2a2be5fe
Bisecting: 1934 revisions left to test after this (roughly 11 steps)
[10f5f72ec20bee1fce20f701826cd5f816cfbfbc] Merge remote-tracking branch 'thunderbolt/next'
testing commit 10f5f72ec20bee1fce20f701826cd5f816cfbfbc with gcc (GCC) 8.1.0
kernel signature: 75021907bb52296026126c1c3d8c04948c52f6d263ba14e786333ec0050e384e
all runs: crashed: general protection fault in start_creating
# git bisect bad 10f5f72ec20bee1fce20f701826cd5f816cfbfbc
Bisecting: 781 revisions left to test after this (roughly 10 steps)
[f2d8ef2c95ea717894cd059f725524bf6176ce11] next-20200519/rcu
testing commit f2d8ef2c95ea717894cd059f725524bf6176ce11 with gcc (GCC) 8.1.0
kernel signature: 9e7c8ab9a673116c2be0226dd621d90d06a1bb09b886b12783bf0924d65117c9
all runs: OK
# git bisect good f2d8ef2c95ea717894cd059f725524bf6176ce11
Bisecting: 409 revisions left to test after this (roughly 9 steps)
[8579b345bb924fecc6b8c75e55aee8569d2b5eae] Merge remote-tracking branch 'usb/usb-next'
testing commit 8579b345bb924fecc6b8c75e55aee8569d2b5eae with gcc (GCC) 8.1.0
kernel signature: 8c362d76d59910063c0146273cb143a5476daa1c5515b28bc9747101a476aad2
all runs: crashed: general protection fault in start_creating
# git bisect bad 8579b345bb924fecc6b8c75e55aee8569d2b5eae
Bisecting: 186 revisions left to test after this (roughly 8 steps)
[77158bd537ac5a9fea6831d22e8b5a22be4856a6] Merge remote-tracking branch 'kvms390/next'
testing commit 77158bd537ac5a9fea6831d22e8b5a22be4856a6 with gcc (GCC) 8.1.0
kernel signature: 872fdea6ae63fdabc183cf7bed857544a86b7941e59fc8e86fa96beffdf4fe1e
run #0: crashed: general protection fault in start_creating
run #1: crashed: general protection fault in start_creating
run #2: crashed: general protection fault in start_creating
run #3: crashed: general protection fault in start_creating
run #4: crashed: general protection fault in start_creating
run #5: crashed: general protection fault in start_creating
run #6: crashed: general protection fault in start_creating
run #7: crashed: general protection fault in start_creating
run #8: crashed: general protection fault in start_creating
run #9: boot failed: can't ssh into the instance
# git bisect bad 77158bd537ac5a9fea6831d22e8b5a22be4856a6
Bisecting: 92 revisions left to test after this (roughly 7 steps)
[6e085cbfb0f0c7de4ca0f370adb572b0e07a818c] KVM: SVM: immediately inject INTR vmexit
testing commit 6e085cbfb0f0c7de4ca0f370adb572b0e07a818c with gcc (GCC) 8.1.0
kernel signature: b16225a30e25474615ce6886c140dbdf73338fd04bce47fd77983885e6abf471
all runs: crashed: general protection fault in start_creating
# git bisect bad 6e085cbfb0f0c7de4ca0f370adb572b0e07a818c
Bisecting: 45 revisions left to test after this (roughly 6 steps)
[4a632ac6ca66fb29b94a16495624c58f4d313f2f] KVM: x86/mmu: Add separate override for MMU sync during fast CR3 switch
testing commit 4a632ac6ca66fb29b94a16495624c58f4d313f2f with gcc (GCC) 8.1.0
kernel signature: 0641051e433a13cd05719db49f29683fbf73158b013515728c7abfbb4ffdc36b
all runs: OK
# git bisect good 4a632ac6ca66fb29b94a16495624c58f4d313f2f
Bisecting: 22 revisions left to test after this (roughly 5 steps)
[8791585837f659943936b8e1cce9d039436ad1ca] KVM: VMX: Cache vmcs.EXIT_INTR_INFO using arch avail_reg flags
testing commit 8791585837f659943936b8e1cce9d039436ad1ca with gcc (GCC) 8.1.0
kernel signature: 6817646df6fcb0e50400ff1c6a4c183f15062d8be3ede6428c3a2e320cc87b1c
all runs: crashed: general protection fault in start_creating
# git bisect bad 8791585837f659943936b8e1cce9d039436ad1ca
Bisecting: 11 revisions left to test after this (roughly 4 steps)
[7b7bd87dbd6aa8c09d5e8a8028bda69c3ab13969] KVM: nVMX: Uninline nested_vmx_reflect_vmexit(), i.e. move it to nested.c
testing commit 7b7bd87dbd6aa8c09d5e8a8028bda69c3ab13969 with gcc (GCC) 8.1.0
kernel signature: 53c449892c72f8376b1f9334961a44a44181a6f228b4551701369182fc34d5ce
all runs: crashed: general protection fault in start_creating
# git bisect bad 7b7bd87dbd6aa8c09d5e8a8028bda69c3ab13969
Bisecting: 5 revisions left to test after this (roughly 3 steps)
[be01e8e2c632c41c69bb30e7196661ec6e8fdc10] KVM: x86: Replace "cr3" with "pgd" in "new cr3/pgd" related code
testing commit be01e8e2c632c41c69bb30e7196661ec6e8fdc10 with gcc (GCC) 8.1.0
kernel signature: cb010805cd08f6c0e89f51d98c749cab08aad4c4f708a53650f527c3fc2a98d2
all runs: OK
# git bisect good be01e8e2c632c41c69bb30e7196661ec6e8fdc10
Bisecting: 2 revisions left to test after this (roughly 2 steps)
[63d04348371b7ea4a134bcf47c79763d969e9168] KVM: x86: move kvm_create_vcpu_debugfs after last failure point
testing commit 63d04348371b7ea4a134bcf47c79763d969e9168 with gcc (GCC) 8.1.0
kernel signature: 5255118ee270405cd2d2b8e0fb833e331446043b56d5d55a39c8976f193718b3
all runs: crashed: general protection fault in start_creating
# git bisect bad 63d04348371b7ea4a134bcf47c79763d969e9168
Bisecting: 0 revisions left to test after this (roughly 1 step)
[1c164cb3ffd084e5359a56abde715acf121e69a4] KVM: SVM: Use do_machine_check to pass MCE to the host
testing commit 1c164cb3ffd084e5359a56abde715acf121e69a4 with gcc (GCC) 8.1.0
kernel signature: e3624c0a619276faa741179b7c57acab94a3b5662d970d1d8b8d6ff68e338331
all runs: OK
# git bisect good 1c164cb3ffd084e5359a56abde715acf121e69a4
63d04348371b7ea4a134bcf47c79763d969e9168 is the first bad commit
commit 63d04348371b7ea4a134bcf47c79763d969e9168
Author: Paolo Bonzini <pbonzini@redhat.com>
Date:   Wed Apr 1 00:42:22 2020 +0200

    KVM: x86: move kvm_create_vcpu_debugfs after last failure point
    
    The placement of kvm_create_vcpu_debugfs is more or less irrelevant, since
    it cannot fail and userspace should not care about the debugfs entries until
    it knows the vcpu has been created.  Moving it after the last failure
    point removes the need to remove the directory when unwinding the creation.
    
    Reviewed-by: Emanuele Giuseppe Esposito <eesposit@redhat.com>
    Message-Id: <20200331224222.393439-1-pbonzini@redhat.com>
    Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>

 virt/kvm/kvm_main.c | 4 +---
 1 file changed, 1 insertion(+), 3 deletions(-)
culprit signature: 5255118ee270405cd2d2b8e0fb833e331446043b56d5d55a39c8976f193718b3
parent  signature: e3624c0a619276faa741179b7c57acab94a3b5662d970d1d8b8d6ff68e338331
revisions tested: 16, total time: 3h51m30.471143247s (build: 1h32m57.270277701s, test: 2h17m22.220258289s)
first bad commit: 63d04348371b7ea4a134bcf47c79763d969e9168 KVM: x86: move kvm_create_vcpu_debugfs after last failure point
cc: ["eesposit@redhat.com" "kvm@vger.kernel.org" "linux-kernel@vger.kernel.org" "pbonzini@redhat.com"]
crash: general protection fault in start_creating
general protection fault, probably for non-canonical address 0xdffffc000000002a: 0000 [#1] PREEMPT SMP KASAN
KASAN: null-ptr-deref in range [0x0000000000000150-0x0000000000000157]
CPU: 0 PID: 1468 Comm: syz-executor.1 Not tainted 5.6.0-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
RIP: 0010:__lock_acquire+0xde0/0x3740 kernel/locking/lockdep.c:4214
Code: c7 44 24 04 01 00 00 00 0f 86 de 00 00 00 89 05 26 53 bc 09 e9 d3 00 00 00 48 b8 00 00 00 00 00 fc ff df 48 89 ea 48 c1 ea 03 <80> 3c 02 00 0f 85 83 21 00 00 48 81 7d 00 80 b8 e2 8a 0f 84 e4 f2
RSP: 0018:ffffc900051777b8 EFLAGS: 00010002
RAX: dffffc0000000000 RBX: ffff8880938da540 RCX: 0000000000000000
RDX: 000000000000002a RSI: 0000000000000000 RDI: 0000000000000150
RBP: 0000000000000150 R08: 0000000000000001 R09: 0000000000000000
R10: ffffffff89bcec87 R11: fffffbfff1379d90 R12: 0000000000000000
R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
FS:  00007fbbdfa13700(0000) GS:ffff8880ae800000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 000000000078c000 CR3: 000000009315b000 CR4: 00000000001426f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
 lock_acquire+0x1e3/0x970 kernel/locking/lockdep.c:4923
 down_write+0x8e/0x150 kernel/locking/rwsem.c:1531
 inode_lock include/linux/fs.h:797 [inline]
 start_creating+0x7f/0x1f0 fs/debugfs/inode.c:334
 __debugfs_create_file+0x33/0x380 fs/debugfs/inode.c:383
 kvm_arch_create_vcpu_debugfs+0x49/0x1c0 arch/x86/kvm/debugfs.c:48
 kvm_create_vcpu_debugfs arch/x86/kvm/../../../virt/kvm/kvm_main.c:2985 [inline]
 kvm_vm_ioctl_create_vcpu arch/x86/kvm/../../../virt/kvm/kvm_main.c:3062 [inline]
 kvm_vm_ioctl+0x15bf/0x1eb0 arch/x86/kvm/../../../virt/kvm/kvm_main.c:3582
 vfs_ioctl fs/ioctl.c:47 [inline]
 ksys_ioctl+0xb8/0x110 fs/ioctl.c:763
 __do_sys_ioctl fs/ioctl.c:772 [inline]
 __se_sys_ioctl fs/ioctl.c:770 [inline]
 __x64_sys_ioctl+0x6a/0xb0 fs/ioctl.c:770
 do_syscall_64+0xc6/0x620 arch/x86/entry/common.c:295
 entry_SYSCALL_64_after_hwframe+0x49/0xb3
RIP: 0033:0x45ca29
Code: 0d b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 db b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00
RSP: 002b:00007fbbdfa12c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
RAX: ffffffffffffffda RBX: 00000000004e73c0 RCX: 000000000045ca29
RDX: 0000000000000000 RSI: 000000000000ae41 RDI: 0000000000000005
RBP: 000000000078bf00 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff
R13: 0000000000000396 R14: 00000000004c62c6 R15: 00007fbbdfa136d4
Modules linked in:
---[ end trace 06190bc8f7d30643 ]---
RIP: 0010:__lock_acquire+0xde0/0x3740 kernel/locking/lockdep.c:4214
Code: c7 44 24 04 01 00 00 00 0f 86 de 00 00 00 89 05 26 53 bc 09 e9 d3 00 00 00 48 b8 00 00 00 00 00 fc ff df 48 89 ea 48 c1 ea 03 <80> 3c 02 00 0f 85 83 21 00 00 48 81 7d 00 80 b8 e2 8a 0f 84 e4 f2
RSP: 0018:ffffc900051777b8 EFLAGS: 00010002
RAX: dffffc0000000000 RBX: ffff8880938da540 RCX: 0000000000000000
RDX: 000000000000002a RSI: 0000000000000000 RDI: 0000000000000150
RBP: 0000000000000150 R08: 0000000000000001 R09: 0000000000000000
R10: ffffffff89bcec87 R11: fffffbfff1379d90 R12: 0000000000000000
R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
FS:  00007fbbdfa13700(0000) GS:ffff8880ae800000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 000000000078c000 CR3: 000000009315b000 CR4: 00000000001426f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400