bisecting cause commit starting from 8ac91e6c6033ebc12c5c1e4aa171b81a662bd70f building syzkaller on a343ba6b077a3efe7feb57783dcbb7496d2c3572 testing commit 8ac91e6c6033ebc12c5c1e4aa171b81a662bd70f with gcc (GCC) 10.2.1 20210217 kernel signature: 2a9177bd9538e5294f9ddca30f72c3e320ddba19d1eaddea0ce002a25569238c all runs: crashed: WARNING in x86_emulate_instruction testing release v5.12 testing commit 9f4ad9e425a1d3b6a34617b8ea226d56a119a717 with gcc (GCC) 10.2.1 20210217 kernel signature: 20a3195b0c2adea39c30d2e9f830a6fa425a34f031f28cd84a5fc4bf09ce8f4d all runs: crashed: WARNING in x86_emulate_instruction testing release v5.11 testing commit f40ddce88593482919761f74910f42f4b84c004b with gcc (GCC) 10.2.1 20210217 kernel signature: 22b26ae1e3be417e2ad324e47433a262e845b6471dfc09f4fa2f647b3330df8e all runs: OK # git bisect start 9f4ad9e425a1d3b6a34617b8ea226d56a119a717 f40ddce88593482919761f74910f42f4b84c004b Bisecting: 6798 revisions left to test after this (roughly 13 steps) [d99676af540c2dc829999928fb81c58c80a1dce4] Merge tag 'drm-next-2021-02-19' of git://anongit.freedesktop.org/drm/drm testing commit d99676af540c2dc829999928fb81c58c80a1dce4 with gcc (GCC) 10.2.1 20210217 kernel signature: 7cd59bfe04b0d3e5946650143381ee5740879beddc7e6e99a0f0393131ddacb5 run #0: crashed: general protection fault in vmx_vcpu_run run #1: crashed: general protection fault in vmx_vcpu_run run #2: crashed: general protection fault in vmx_vcpu_run run #3: crashed: general protection fault in vmx_vcpu_run run #4: crashed: general protection fault in vmx_vcpu_run run #5: crashed: general protection fault in vmx_vcpu_run run #6: crashed: general protection fault in vmx_vcpu_run run #7: crashed: general protection fault in vmx_vcpu_run run #8: crashed: general protection fault in vmx_vcpu_run run #9: boot failed: WARNING in kvm_wait # git bisect bad d99676af540c2dc829999928fb81c58c80a1dce4 Bisecting: 3717 revisions left to test after this (roughly 12 steps) [f9d58de23152f2c16f326d7e014cfa2933b00304] Merge tag 'affs-for-5.12-tag' of git://git.kernel.org/pub/scm/linux/kernel/git/kdave/linux testing commit f9d58de23152f2c16f326d7e014cfa2933b00304 with gcc (GCC) 10.2.1 20210217 kernel signature: f117a544bd08721c24751d3c047f171fdb726cfc6568f62dfc097d4831349db5 run #0: basic kernel testing failed: timed out run #1: OK run #2: OK run #3: OK run #4: OK run #5: OK run #6: OK run #7: OK run #8: OK run #9: OK # git bisect good f9d58de23152f2c16f326d7e014cfa2933b00304 Bisecting: 1854 revisions left to test after this (roughly 11 steps) [de1617578849acab8e16c9ffdce39b91fb50639d] Merge tag 'media/v5.12-1' of git://git.kernel.org/pub/scm/linux/kernel/git/mchehab/linux-media testing commit de1617578849acab8e16c9ffdce39b91fb50639d with gcc (GCC) 10.2.1 20210217 kernel signature: 6d2dd1a671ee012a042a707ca8ffae153c996dff4a168913e67bae831d498d40 run #0: crashed: general protection fault in vmx_vcpu_run run #1: crashed: general protection fault in vmx_vcpu_run run #2: crashed: general protection fault in vmx_vcpu_run run #3: crashed: general protection fault in vmx_vcpu_run run #4: crashed: general protection fault in vmx_vcpu_run run #5: crashed: general protection fault in vmx_vcpu_run run #6: crashed: general protection fault in vmx_vcpu_run run #7: crashed: general protection fault in vmx_vcpu_run run #8: crashed: general protection fault in vmx_vcpu_run run #9: boot failed: WARNING in kvm_wait # git bisect bad de1617578849acab8e16c9ffdce39b91fb50639d Bisecting: 929 revisions left to test after this (roughly 10 steps) [4a037ad5d115b2cc79a5071a7854475f365476fa] Merge tag 'for-linus-5.12-rc1-tag' of git://git.kernel.org/pub/scm/linux/kernel/git/xen/tip testing commit 4a037ad5d115b2cc79a5071a7854475f365476fa with gcc (GCC) 10.2.1 20210217 kernel signature: 3c1f84ac0c25185982d41075bd0fc4f960e97c8ec881b8019db82b70209e4762 run #0: crashed: general protection fault in vmx_vcpu_run run #1: crashed: general protection fault in vmx_vcpu_run run #2: crashed: general protection fault in vmx_vcpu_run run #3: crashed: general protection fault in vmx_vcpu_run run #4: crashed: general protection fault in vmx_vcpu_run run #5: crashed: general protection fault in vmx_vcpu_run run #6: crashed: general protection fault in vmx_vcpu_run run #7: crashed: general protection fault in vmx_vcpu_run run #8: crashed: general protection fault in vmx_vcpu_run run #9: boot failed: WARNING in kvm_wait # git bisect bad 4a037ad5d115b2cc79a5071a7854475f365476fa Bisecting: 451 revisions left to test after this (roughly 9 steps) [582cd91f69de8e44857cb610ebca661dac8656b7] Merge tag 'for-5.12/block-2021-02-17' of git://git.kernel.dk/linux-block testing commit 582cd91f69de8e44857cb610ebca661dac8656b7 with gcc (GCC) 10.2.1 20210217 kernel signature: 23b17ebf96fbd32fe270fb39a2e2dcb5f111e16c490f23c0d6694bd3ee0e4e5d all runs: OK # git bisect good 582cd91f69de8e44857cb610ebca661dac8656b7 Bisecting: 247 revisions left to test after this (roughly 8 steps) [3f6ec19f2d05d800bbc42d95dece433da7697864] Merge tag 'timers-core-2021-02-15' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip testing commit 3f6ec19f2d05d800bbc42d95dece433da7697864 with gcc (GCC) 10.2.1 20210217 kernel signature: aac1b095b09af583e5eb36f6281fe2a1cb52f20bd24f90f298cb28da777468ab all runs: OK # git bisect good 3f6ec19f2d05d800bbc42d95dece433da7697864 Bisecting: 125 revisions left to test after this (roughly 7 steps) [85e853c5ec8486117182baab10c98b321daa6d47] Merge branch 'for-mingo-rcu' of git://git.kernel.org/pub/scm/linux/kernel/git/paulmck/linux-rcu into core/rcu testing commit 85e853c5ec8486117182baab10c98b321daa6d47 with gcc (GCC) 10.2.1 20210217 kernel signature: 9a06f299a5768e9da75bc034fdb8abc26b00fca7624b8e2fb266a1c4f9b2881d all runs: OK # git bisect good 85e853c5ec8486117182baab10c98b321daa6d47 Bisecting: 73 revisions left to test after this (roughly 6 steps) [c5e6fc08feb2b88dc5dac2f3c817e1c2a4cafda4] sched,x86: Allow !PREEMPT_DYNAMIC testing commit c5e6fc08feb2b88dc5dac2f3c817e1c2a4cafda4 with gcc (GCC) 10.2.1 20210217 kernel signature: 5623376ae6b8f796eb5e254d084fa57c0461979b2a2a6075b76cbe7f662e54f4 all runs: OK # git bisect good c5e6fc08feb2b88dc5dac2f3c817e1c2a4cafda4 Bisecting: 33 revisions left to test after this (roughly 5 steps) [9eef02334505411667a7b51a8f349f8c6c4f3b66] Merge tag 'locking-core-2021-02-17' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip testing commit 9eef02334505411667a7b51a8f349f8c6c4f3b66 with gcc (GCC) 10.2.1 20210217 kernel signature: 9288957972b89620b5caf487f7c7f4d1a7a3457805e0ee485b181d748c177cc8 all runs: OK # git bisect good 9eef02334505411667a7b51a8f349f8c6c4f3b66 Bisecting: 18 revisions left to test after this (roughly 4 steps) [8bcfdd7cad3dffdd340f9a79098cbf331eb2cd53] Merge branch 'perf/kprobes' into perf/core, to pick up finished branch testing commit 8bcfdd7cad3dffdd340f9a79098cbf331eb2cd53 with gcc (GCC) 10.2.1 20210217 kernel signature: e9b690a44d5ef283f92cef65e3d61c67814b1041aa1d613681e69b723f5a770b all runs: crashed: general protection fault in vmx_vcpu_run # git bisect bad 8bcfdd7cad3dffdd340f9a79098cbf331eb2cd53 Bisecting: 7 revisions left to test after this (roughly 3 steps) [1ab5f235c176e93adc4f75000aae6c50fea9db00] perf/x86/intel: Filter unsupported Topdown metrics event testing commit 1ab5f235c176e93adc4f75000aae6c50fea9db00 with gcc (GCC) 10.2.1 20210217 kernel signature: d9780e7c847670586439ca3fcb619f7fbae5b07be321fc6de5e13c935b718f5e all runs: crashed: general protection fault in vmx_vcpu_run # git bisect bad 1ab5f235c176e93adc4f75000aae6c50fea9db00 Bisecting: 3 revisions left to test after this (roughly 2 steps) [abd562df94d19d0a9769971a35801b3f4991715d] x86/perf: Use static_call for x86_pmu.guest_get_msrs testing commit abd562df94d19d0a9769971a35801b3f4991715d with gcc (GCC) 10.2.1 20210217 kernel signature: 4419b03a037779b5ea96489503d4272d0d12ad05ed69bb386b019f65be20a77b all runs: crashed: general protection fault in vmx_vcpu_run # git bisect bad abd562df94d19d0a9769971a35801b3f4991715d Bisecting: 0 revisions left to test after this (roughly 1 step) [9a7832ce3d920426a36cdd78eda4b3568d4d09e3] perf/x86/intel/uncore: With > 8 nodes, get pci bus die id from NUMA info testing commit 9a7832ce3d920426a36cdd78eda4b3568d4d09e3 with gcc (GCC) 10.2.1 20210217 kernel signature: f5c431fb16c3b8542fc96b393af0e8d337a95c48b3c8fc5e6e99fb6855810f66 run #0: crashed: BUG: spinlock bad magic in synchronize_srcu run #1: OK run #2: OK run #3: OK run #4: OK run #5: OK run #6: OK run #7: OK run #8: OK run #9: OK reproducer seems to be flaky # git bisect bad 9a7832ce3d920426a36cdd78eda4b3568d4d09e3 Bisecting: 0 revisions left to test after this (roughly 0 steps) [ba9506be4e402ee597b8f41204008b97989b5eef] perf/x86/intel/uncore: Store the logical die id instead of the physical die id. testing commit ba9506be4e402ee597b8f41204008b97989b5eef with gcc (GCC) 10.2.1 20210217 kernel signature: b5bb27b46e9843c975e937c3b0eeefea4678a5ddeb6916799ac3448a108e8404 all runs: OK # git bisect good ba9506be4e402ee597b8f41204008b97989b5eef 9a7832ce3d920426a36cdd78eda4b3568d4d09e3 is the first bad commit commit 9a7832ce3d920426a36cdd78eda4b3568d4d09e3 Author: Steve Wahl Date: Fri Jan 8 09:35:49 2021 -0600 perf/x86/intel/uncore: With > 8 nodes, get pci bus die id from NUMA info The registers used to determine which die a pci bus belongs to don't contain enough information to uniquely specify more than 8 dies, so when more than 8 dies are present, use NUMA information instead. Continue to use the previous method for 8 or fewer because it works there, and covers cases of NUMA being disabled. Signed-off-by: Steve Wahl Signed-off-by: Peter Zijlstra (Intel) Reviewed-by: Kan Liang Link: https://lkml.kernel.org/r/20210108153549.108989-3-steve.wahl@hpe.com arch/x86/events/intel/uncore_snbep.c | 93 +++++++++++++++++++++++++----------- 1 file changed, 65 insertions(+), 28 deletions(-) culprit signature: f5c431fb16c3b8542fc96b393af0e8d337a95c48b3c8fc5e6e99fb6855810f66 parent signature: b5bb27b46e9843c975e937c3b0eeefea4678a5ddeb6916799ac3448a108e8404 Reproducer flagged being flaky revisions tested: 17, total time: 4h6m41.24147698s (build: 1h54m14.668783942s, test: 2h10m13.085594706s) first bad commit: 9a7832ce3d920426a36cdd78eda4b3568d4d09e3 perf/x86/intel/uncore: With > 8 nodes, get pci bus die id from NUMA info recipients (to): ["kan.liang@linux.intel.com" "peterz@infradead.org" "steve.wahl@hpe.com"] recipients (cc): [] crash: BUG: spinlock bad magic in synchronize_srcu BUG: spinlock bad magic on CPU#0, syz-executor.2/22815 lock: 0xffff8880b9e00040, .magic: 00000000, .owner: /-1, .owner_cpu: 0 CPU: 0 PID: 22815 Comm: syz-executor.2 Not tainted 5.11.0-rc2-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:79 [inline] dump_stack+0x9a/0xcc lib/dump_stack.c:120 debug_spin_lock_before kernel/locking/spinlock_debug.c:83 [inline] do_raw_spin_lock+0x216/0x2b0 kernel/locking/spinlock_debug.c:112 __raw_spin_lock_irqsave include/linux/spinlock_api_smp.h:117 [inline] _raw_spin_lock_irqsave+0x41/0x50 kernel/locking/spinlock.c:159 srcu_might_be_idle kernel/rcu/srcutree.c:772 [inline] synchronize_srcu+0x4f/0x1c0 kernel/rcu/srcutree.c:999 kvm_mmu_uninit_vm+0x10/0x20 arch/x86/kvm/mmu/mmu.c:5476 kvm_arch_destroy_vm+0x42c/0x5f0 arch/x86/kvm/x86.c:10534 kvm_create_vm arch/x86/kvm/../../../virt/kvm/kvm_main.c:821 [inline] kvm_dev_ioctl_create_vm arch/x86/kvm/../../../virt/kvm/kvm_main.c:4038 [inline] kvm_dev_ioctl+0xc64/0x1100 arch/x86/kvm/../../../virt/kvm/kvm_main.c:4090 vfs_ioctl fs/ioctl.c:48 [inline] __do_sys_ioctl fs/ioctl.c:753 [inline] __se_sys_ioctl fs/ioctl.c:739 [inline] __x64_sys_ioctl+0x11f/0x190 fs/ioctl.c:739 do_syscall_64+0x2d/0x70 arch/x86/entry/common.c:46 entry_SYSCALL_64_after_hwframe+0x44/0xa9 RIP: 0033:0x4665d9 Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 RSP: 002b:00007f4565130188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 RAX: ffffffffffffffda RBX: 000000000056bf60 RCX: 00000000004665d9 RDX: 0000000000000000 RSI: 000000000000ae01 RDI: 0000000000000003 RBP: 00000000004bfcb9 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 000000000056bf60 R13: 00007ffe0b847e1f R14: 00007f4565130300 R15: 0000000000022000 general protection fault, probably for non-canonical address 0xdffffc0000000000: 0000 [#1] PREEMPT SMP KASAN KASAN: null-ptr-deref in range [0x0000000000000000-0x0000000000000007] CPU: 0 PID: 22815 Comm: syz-executor.2 Not tainted 5.11.0-rc2-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 RIP: 0010:rcu_segcblist_enqueue+0x90/0xf0 kernel/rcu/rcu_segcblist.c:250 Code: 00 00 00 00 00 fc ff df 48 89 fa 48 c1 ea 03 80 3c 02 00 75 4e 48 b8 00 00 00 00 00 fc ff df 48 8b 6b 20 48 89 ea 48 c1 ea 03 <80> 3c 02 00 75 21 48 89 75 00 48 89 73 20 48 83 c4 08 5b 5d c3 48 RSP: 0018:ffffc90001dcfc10 EFLAGS: 00010046 RAX: dffffc0000000000 RBX: ffff8880b9e00080 RCX: ffffffff8151dc10 RDX: 0000000000000000 RSI: ffffc90001dcfcf8 RDI: ffff8880b9e000a0 RBP: 0000000000000000 R08: 0000000000000001 R09: 0000000000000003 R10: fffff520003b9f74 R11: 6637303030302052 R12: ffffc90001dcfcf8 R13: 0000000000000000 R14: ffff8880b9e00080 R15: ffff8880b9e00040 FS: 00007f4565130700(0000) GS:ffff8880b9e00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 0000000000511f30 CR3: 00000000225dc000 CR4: 00000000001526f0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: __call_srcu+0x193/0xc50 kernel/rcu/srcutree.c:859 __synchronize_srcu+0x128/0x220 kernel/rcu/srcutree.c:923 kvm_mmu_uninit_vm+0x10/0x20 arch/x86/kvm/mmu/mmu.c:5476 kvm_arch_destroy_vm+0x42c/0x5f0 arch/x86/kvm/x86.c:10534 kvm_create_vm arch/x86/kvm/../../../virt/kvm/kvm_main.c:821 [inline] kvm_dev_ioctl_create_vm arch/x86/kvm/../../../virt/kvm/kvm_main.c:4038 [inline] kvm_dev_ioctl+0xc64/0x1100 arch/x86/kvm/../../../virt/kvm/kvm_main.c:4090 vfs_ioctl fs/ioctl.c:48 [inline] __do_sys_ioctl fs/ioctl.c:753 [inline] __se_sys_ioctl fs/ioctl.c:739 [inline] __x64_sys_ioctl+0x11f/0x190 fs/ioctl.c:739 do_syscall_64+0x2d/0x70 arch/x86/entry/common.c:46 entry_SYSCALL_64_after_hwframe+0x44/0xa9 RIP: 0033:0x4665d9 Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 RSP: 002b:00007f4565130188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 RAX: ffffffffffffffda RBX: 000000000056bf60 RCX: 00000000004665d9 RDX: 0000000000000000 RSI: 000000000000ae01 RDI: 0000000000000003 RBP: 00000000004bfcb9 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 000000000056bf60 R13: 00007ffe0b847e1f R14: 00007f4565130300 R15: 0000000000022000 Modules linked in: ---[ end trace cafdd245bffe4b2e ]--- RIP: 0010:rcu_segcblist_enqueue+0x90/0xf0 kernel/rcu/rcu_segcblist.c:250 Code: 00 00 00 00 00 fc ff df 48 89 fa 48 c1 ea 03 80 3c 02 00 75 4e 48 b8 00 00 00 00 00 fc ff df 48 8b 6b 20 48 89 ea 48 c1 ea 03 <80> 3c 02 00 75 21 48 89 75 00 48 89 73 20 48 83 c4 08 5b 5d c3 48 RSP: 0018:ffffc90001dcfc10 EFLAGS: 00010046 RAX: dffffc0000000000 RBX: ffff8880b9e00080 RCX: ffffffff8151dc10 RDX: 0000000000000000 RSI: ffffc90001dcfcf8 RDI: ffff8880b9e000a0 RBP: 0000000000000000 R08: 0000000000000001 R09: 0000000000000003 R10: fffff520003b9f74 R11: 6637303030302052 R12: ffffc90001dcfcf8 R13: 0000000000000000 R14: ffff8880b9e00080 R15: ffff8880b9e00040 FS: 00007f4565130700(0000) GS:ffff8880b9e00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 0000000000511f30 CR3: 00000000225dc000 CR4: 00000000001526f0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400