bisecting fixing commit since 234b69e3e089d850a98e7b3145bd00e9b52b1111 building syzkaller on 370797126e9ba28a49317bf099076a5ca06e4501 testing commit 234b69e3e089d850a98e7b3145bd00e9b52b1111 with gcc (GCC) 8.1.0 run #0: crashed: KASAN: use-after-free Read in finish_task_switch run #1: crashed: KASAN: use-after-free Read in finish_task_switch run #2: crashed: general protection fault in finish_task_switch run #3: crashed: KASAN: use-after-free Read in finish_task_switch run #4: crashed: KASAN: use-after-free Read in finish_task_switch run #5: crashed: KASAN: use-after-free Read in finish_task_switch run #6: crashed: KASAN: use-after-free Read in finish_task_switch run #7: crashed: KASAN: use-after-free Read in finish_task_switch run #8: crashed: KASAN: use-after-free Read in finish_task_switch run #9: crashed: KASAN: use-after-free Read in finish_task_switch testing current HEAD d45331b00ddb179e291766617259261c112db872 testing commit d45331b00ddb179e291766617259261c112db872 with gcc (GCC) 8.1.0 run #0: basic kernel testing failed: failed to copy test binary to VM: failed to run ["scp" "-P" "22" "-F" "/dev/null" "-o" "UserKnownHostsFile=/dev/null" "-o" "BatchMode=yes" "-o" "IdentitiesOnly=yes" "-o" "StrictHostKeyChecking=no" "-o" "ConnectTimeout=10" "-i" "/syzkaller/jobs/linux/workdir/image/key" "/tmp/syz-executor369442879" "root@10.128.0.222:./syz-executor369442879"]: exit status 1 ssh: connect to host 10.128.0.222 port 22: Connection timed out lost connection run #1: OK run #2: OK run #3: OK run #4: OK run #5: OK run #6: OK run #7: OK run #8: OK run #9: OK # git bisect start d45331b00ddb179e291766617259261c112db872 234b69e3e089d850a98e7b3145bd00e9b52b1111 Bisecting: 36936 revisions left to test after this (roughly 15 steps) [bcd49c3dd172c38e14faf151adca63c8db4c9557] Merge branch 'x86-cleanups-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip testing commit bcd49c3dd172c38e14faf151adca63c8db4c9557 with gcc (GCC) 8.1.0 all runs: OK # git bisect bad bcd49c3dd172c38e14faf151adca63c8db4c9557 Bisecting: 18485 revisions left to test after this (roughly 14 steps) [79f20778fb228ae372cd7602745382fd4543ef31] Merge tag 'regulator-v4.21' of git://git.kernel.org/pub/scm/linux/kernel/git/broonie/regulator testing commit 79f20778fb228ae372cd7602745382fd4543ef31 with gcc (GCC) 8.1.0 all runs: OK # git bisect bad 79f20778fb228ae372cd7602745382fd4543ef31 Bisecting: 9437 revisions left to test after this (roughly 13 steps) [746bb4ed6d626f3f9e431a7f9b20504538e62ded] Merge tag 'vla-v4.20-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/kees/linux testing commit 746bb4ed6d626f3f9e431a7f9b20504538e62ded with gcc (GCC) 8.1.0 all runs: OK # git bisect bad 746bb4ed6d626f3f9e431a7f9b20504538e62ded Bisecting: 3734 revisions left to test after this (roughly 12 steps) [50b825d7e87f4cff7070df6eb26390152bb29537] Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-next testing commit 50b825d7e87f4cff7070df6eb26390152bb29537 with gcc (GCC) 8.1.0 all runs: OK # git bisect bad 50b825d7e87f4cff7070df6eb26390152bb29537 Bisecting: 2620 revisions left to test after this (roughly 11 steps) [d864991b220b7c62e81d21209e1fd978fd67352c] Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net testing commit d864991b220b7c62e81d21209e1fd978fd67352c with gcc (GCC) 8.1.0 all runs: OK # git bisect bad d864991b220b7c62e81d21209e1fd978fd67352c Bisecting: 1301 revisions left to test after this (roughly 10 steps) [d793fb46822ff7408a1767313ef6b12e811baa55] Merge tag 'wireless-drivers-next-for-davem-2018-10-02' of git://git.kernel.org/pub/scm/linux/kernel/git/kvalo/wireless-drivers-next testing commit d793fb46822ff7408a1767313ef6b12e811baa55 with gcc (GCC) 8.1.0 all runs: OK # git bisect bad d793fb46822ff7408a1767313ef6b12e811baa55 Bisecting: 748 revisions left to test after this (roughly 9 steps) [3ab52af58fa481324bb7c839a2187c54c4af912b] i40e: disallow changing the number of descriptors when AF_XDP is on testing commit 3ab52af58fa481324bb7c839a2187c54c4af912b with gcc (GCC) 8.1.0 all runs: crashed: KASAN: use-after-free Read in finish_task_switch # git bisect good 3ab52af58fa481324bb7c839a2187c54c4af912b Bisecting: 374 revisions left to test after this (roughly 9 steps) [6e9feb33911f59e03684941f089115b58429fe79] Merge branch 'tipc-next' testing commit 6e9feb33911f59e03684941f089115b58429fe79 with gcc (GCC) 8.1.0 all runs: OK # git bisect bad 6e9feb33911f59e03684941f089115b58429fe79 Bisecting: 177 revisions left to test after this (roughly 8 steps) [2dd68cc7fd8c3ae9c151c0565824b5ef42e3806b] Merge gitolite.kernel.org:/pub/scm/linux/kernel/git/davem/net testing commit 2dd68cc7fd8c3ae9c151c0565824b5ef42e3806b with gcc (GCC) 8.1.0 all runs: OK # git bisect bad 2dd68cc7fd8c3ae9c151c0565824b5ef42e3806b Bisecting: 97 revisions left to test after this (roughly 7 steps) [6bf4ca7fbc85d80446ac01c0d1d77db4d91a6d84] Linux 4.19-rc5 testing commit 6bf4ca7fbc85d80446ac01c0d1d77db4d91a6d84 with gcc (GCC) 8.1.0 run #0: basic kernel testing failed: failed to copy test binary to VM: failed to run ["scp" "-P" "22" "-F" "/dev/null" "-o" "UserKnownHostsFile=/dev/null" "-o" "BatchMode=yes" "-o" "IdentitiesOnly=yes" "-o" "StrictHostKeyChecking=no" "-o" "ConnectTimeout=10" "-i" "/syzkaller/jobs/linux/workdir/image/key" "/tmp/syz-executor721606723" "root@10.128.15.222:./syz-executor721606723"]: exit status 1 ssh: connect to host 10.128.15.222 port 22: Connection timed out lost connection run #1: OK run #2: OK run #3: OK run #4: OK run #5: OK run #6: OK run #7: OK run #8: OK run #9: OK # git bisect bad 6bf4ca7fbc85d80446ac01c0d1d77db4d91a6d84 Bisecting: 61 revisions left to test after this (roughly 6 steps) [0eba8697bce15dc06e2b5c4c66d672c37ca43be0] Merge tag 'upstream-4.19-rc4' of git://git.infradead.org/linux-ubifs testing commit 0eba8697bce15dc06e2b5c4c66d672c37ca43be0 with gcc (GCC) 8.1.0 all runs: crashed: KASAN: use-after-free Read in finish_task_switch # git bisect good 0eba8697bce15dc06e2b5c4c66d672c37ca43be0 Bisecting: 29 revisions left to test after this (roughly 5 steps) [ea092676b0d9c13f20a3bc02c5b0bf537c27346e] Merge branch 'efi-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip testing commit ea092676b0d9c13f20a3bc02c5b0bf537c27346e with gcc (GCC) 8.1.0 all runs: OK # git bisect bad ea092676b0d9c13f20a3bc02c5b0bf537c27346e Bisecting: 15 revisions left to test after this (roughly 4 steps) [a1efa9b70097a7ebb7c0a10bb72648776771b281] x86/hyper-v: rename ipi_arg_{ex,non_ex} structures testing commit a1efa9b70097a7ebb7c0a10bb72648776771b281 with gcc (GCC) 8.1.0 run #0: crashed: KASAN: use-after-free Read in finish_task_switch run #1: crashed: KASAN: use-after-free Read in finish_task_switch run #2: crashed: KASAN: use-after-free Read in finish_task_switch run #3: crashed: KASAN: use-after-free Read in finish_task_switch run #4: crashed: KASAN: use-after-free Read in finish_task_switch run #5: crashed: KASAN: use-after-free Read in __schedule run #6: crashed: KASAN: use-after-free Read in finish_task_switch run #7: crashed: general protection fault in kvm_lapic_hv_timer_in_use run #8: crashed: KASAN: use-after-free Read in finish_task_switch run #9: crashed: KASAN: use-after-free Read in finish_task_switch # git bisect good a1efa9b70097a7ebb7c0a10bb72648776771b281 Bisecting: 7 revisions left to test after this (roughly 3 steps) [8b56ee91ffc88ea01400c012e10fe22a9d233265] kvm: selftests: Add platform_info_test testing commit 8b56ee91ffc88ea01400c012e10fe22a9d233265 with gcc (GCC) 8.1.0 run #0: crashed: KASAN: use-after-free Read in finish_task_switch run #1: crashed: KASAN: use-after-free Read in finish_task_switch run #2: crashed: KASAN: use-after-free Read in finish_task_switch run #3: crashed: general protection fault in __schedule run #4: crashed: KASAN: use-after-free Read in finish_task_switch run #5: crashed: KASAN: use-after-free Read in finish_task_switch run #6: crashed: general protection fault in kvm_lapic_hv_timer_in_use run #7: crashed: KASAN: use-after-free Read in finish_task_switch run #8: crashed: KASAN: use-after-free Read in finish_task_switch run #9: crashed: KASAN: use-after-free Read in finish_task_switch # git bisect good 8b56ee91ffc88ea01400c012e10fe22a9d233265 Bisecting: 2 revisions left to test after this (roughly 2 steps) [10dc890d4228cd17ddfd09ba9aaa9221627e29b2] Merge tag 'pinctrl-v4.19-3' of git://git.kernel.org/pub/scm/linux/kernel/git/linusw/linux-pinctrl testing commit 10dc890d4228cd17ddfd09ba9aaa9221627e29b2 with gcc (GCC) 8.1.0 all runs: OK # git bisect bad 10dc890d4228cd17ddfd09ba9aaa9221627e29b2 Bisecting: 2 revisions left to test after this (roughly 1 step) [96147db1e1dff83679e71ac92193cbcab761a14c] pinctrl: intel: Do pin translation in other GPIO operations as well testing commit 96147db1e1dff83679e71ac92193cbcab761a14c with gcc (GCC) 8.1.0 run #0: crashed: KASAN: use-after-free Read in finish_task_switch run #1: crashed: KASAN: use-after-free Read in finish_task_switch run #2: crashed: KASAN: use-after-free Read in finish_task_switch run #3: crashed: KASAN: use-after-free Read in finish_task_switch run #4: crashed: KASAN: use-after-free Read in finish_task_switch run #5: crashed: KASAN: use-after-free Read in finish_task_switch run #6: crashed: KASAN: use-after-free Read in finish_task_switch run #7: crashed: KASAN: use-after-free Read in finish_task_switch run #8: crashed: general protection fault in finish_task_switch run #9: crashed: KASAN: use-after-free Read in finish_task_switch # git bisect good 96147db1e1dff83679e71ac92193cbcab761a14c Bisecting: 0 revisions left to test after this (roughly 1 step) [a27fb6d983c7b5bb0129ae4d7a7c81758173bfab] Merge tag 'for-linus' of git://git.kernel.org/pub/scm/virt/kvm/kvm testing commit a27fb6d983c7b5bb0129ae4d7a7c81758173bfab with gcc (GCC) 8.1.0 all runs: OK # git bisect bad a27fb6d983c7b5bb0129ae4d7a7c81758173bfab Bisecting: 0 revisions left to test after this (roughly 0 steps) [26b471c7e2f7befd0f59c35b257749ca57e0ed70] KVM: nVMX: Fix bad cleanup on error of get/set nested state IOCTLs testing commit 26b471c7e2f7befd0f59c35b257749ca57e0ed70 with gcc (GCC) 8.1.0 all runs: OK # git bisect bad 26b471c7e2f7befd0f59c35b257749ca57e0ed70 26b471c7e2f7befd0f59c35b257749ca57e0ed70 is the first bad commit commit 26b471c7e2f7befd0f59c35b257749ca57e0ed70 Author: Liran Alon Date: Sun Sep 16 14:28:20 2018 +0300 KVM: nVMX: Fix bad cleanup on error of get/set nested state IOCTLs The handlers of IOCTLs in kvm_arch_vcpu_ioctl() are expected to set their return value in "r" local var and break out of switch block when they encounter some error. This is because vcpu_load() is called before the switch block which have a proper cleanup of vcpu_put() afterwards. However, KVM_{GET,SET}_NESTED_STATE IOCTLs handlers just return immediately on error without performing above mentioned cleanup. Thus, change these handlers to behave as expected. Fixes: 8fcc4b5923af ("kvm: nVMX: Introduce KVM_CAP_NESTED_STATE") Reviewed-by: Mark Kanda Reviewed-by: Patrick Colp Signed-off-by: Liran Alon Signed-off-by: Paolo Bonzini :040000 040000 df46414f31b4d1213bd971a05d34bf6aa97277ec 1fc29d81484d4a21efc6da11f4a241d62b080e0e M arch revisions tested: 20, total time: 4h55m50.798087346s (build: 1h52m9.574090843s, test: 2h56m52.020515784s) first good commit: 26b471c7e2f7befd0f59c35b257749ca57e0ed70 KVM: nVMX: Fix bad cleanup on error of get/set nested state IOCTLs cc: ["liran.alon@oracle.com" "mark.kanda@oracle.com" "patrick.colp@oracle.com" "pbonzini@redhat.com"]