bisecting cause commit starting from 7ddd09fc4b745fb1d8942f95389583e08412e0cd building syzkaller on 25a0186eba20ef6f4f657039ff02eff52a838b1c testing commit 7ddd09fc4b745fb1d8942f95389583e08412e0cd with gcc (GCC) 8.1.0 kernel signature: 49d86d399246651ea2ec9be9d2ae5eb5fb43295e run #0: crashed: possible deadlock in seq_read run #1: crashed: possible deadlock in do_io_accounting run #2: crashed: possible deadlock in seq_read run #3: crashed: possible deadlock in seq_read run #4: crashed: possible deadlock in do_io_accounting run #5: crashed: possible deadlock in seq_read run #6: crashed: possible deadlock in seq_read run #7: crashed: possible deadlock in seq_read run #8: crashed: possible deadlock in seq_read run #9: crashed: possible deadlock in seq_read testing release v5.4 testing commit 219d54332a09e8d8741c1e1982f5eae56099de85 with gcc (GCC) 8.1.0 kernel signature: 4b3dd2f20a1709faab22c629826c5c8a753d48fc run #0: crashed: possible deadlock in do_io_accounting run #1: crashed: possible deadlock in seq_read run #2: crashed: possible deadlock in do_io_accounting run #3: crashed: possible deadlock in do_io_accounting run #4: crashed: possible deadlock in seq_read run #5: crashed: possible deadlock in seq_read run #6: crashed: possible deadlock in do_io_accounting run #7: crashed: possible deadlock in do_io_accounting run #8: crashed: possible deadlock in seq_read run #9: crashed: possible deadlock in seq_read testing release v5.3 testing commit 4d856f72c10ecb060868ed10ff1b1453943fc6c8 with gcc (GCC) 8.1.0 kernel signature: cc16dcc4534ca5de9383c20b6bcafec592403c73 all runs: OK # git bisect start 219d54332a09e8d8741c1e1982f5eae56099de85 4d856f72c10ecb060868ed10ff1b1453943fc6c8 Bisecting: 7882 revisions left to test after this (roughly 13 steps) [a9f8b38a071b468276a243ea3ea5a0636e848cf2] Merge tag 'for-linus-5.4-1' of git://github.com/cminyard/linux-ipmi testing commit a9f8b38a071b468276a243ea3ea5a0636e848cf2 with gcc (GCC) 8.1.0 kernel signature: c0a303e2610bd1b893a7a7c615de669f0cb66966 run #0: crashed: possible deadlock in do_io_accounting run #1: crashed: possible deadlock in seq_read run #2: crashed: possible deadlock in seq_read run #3: crashed: possible deadlock in seq_read run #4: crashed: possible deadlock in do_io_accounting run #5: crashed: possible deadlock in do_io_accounting run #6: crashed: possible deadlock in seq_read run #7: crashed: possible deadlock in seq_read run #8: crashed: possible deadlock in seq_read run #9: crashed: possible deadlock in do_io_accounting # git bisect bad a9f8b38a071b468276a243ea3ea5a0636e848cf2 Bisecting: 3920 revisions left to test after this (roughly 12 steps) [fe38bd6862074c0a2b9be7f31f043aaa70b2af5f] Merge tag 'for-linus' of git://git.kernel.org/pub/scm/virt/kvm/kvm testing commit fe38bd6862074c0a2b9be7f31f043aaa70b2af5f with gcc (GCC) 8.1.0 kernel signature: 90feb560c4800777f1496dd063d1ac81aa3c7474 run #0: crashed: KASAN: stack-out-of-bounds Read in finish_writeback_work run #1: crashed: KASAN: stack-out-of-bounds Read in finish_writeback_work run #2: OK run #3: OK run #4: OK run #5: OK run #6: OK run #7: OK run #8: OK run #9: OK # git bisect bad fe38bd6862074c0a2b9be7f31f043aaa70b2af5f Bisecting: 1970 revisions left to test after this (roughly 11 steps) [fc6fd1392a8f3d5f3d722ad9c92314477c1a2a35] Merge branch 'x86-build-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip testing commit fc6fd1392a8f3d5f3d722ad9c92314477c1a2a35 with gcc (GCC) 8.1.0 kernel signature: ad3dbac82070c1534967031ffa0d02e1230fb66f all runs: OK # git bisect good fc6fd1392a8f3d5f3d722ad9c92314477c1a2a35 Bisecting: 1254 revisions left to test after this (roughly 10 steps) [ea982ba7f79141d86eb7a440fcba6796ed718b9b] Merge tag 'mmc-v5.4' of git://git.kernel.org/pub/scm/linux/kernel/git/ulfh/mmc testing commit ea982ba7f79141d86eb7a440fcba6796ed718b9b with gcc (GCC) 8.1.0 kernel signature: 80655aaf5cc17e60a4ff4b53a2b4ffc898d954a3 all runs: OK # git bisect good ea982ba7f79141d86eb7a440fcba6796ed718b9b Bisecting: 713 revisions left to test after this (roughly 9 steps) [6ab8ad31601f29470eb895fd95e5c963e125aa1b] Merge tag 'sound-5.4-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/tiwai/sound testing commit 6ab8ad31601f29470eb895fd95e5c963e125aa1b with gcc (GCC) 8.1.0 kernel signature: 4b303e57a5f98e7840cd798bde53a3680b28eec7 all runs: OK # git bisect good 6ab8ad31601f29470eb895fd95e5c963e125aa1b Bisecting: 388 revisions left to test after this (roughly 9 steps) [e7345f92c27af003f219ad026d0e629a50b41e5c] Merge tag 'media/v5.4-1' of git://git.kernel.org/pub/scm/linux/kernel/git/mchehab/linux-media testing commit e7345f92c27af003f219ad026d0e629a50b41e5c with gcc (GCC) 8.1.0 kernel signature: 3630727a1158adf692e91fcd6b02588cc7a2d6f1 all runs: OK # git bisect good e7345f92c27af003f219ad026d0e629a50b41e5c Bisecting: 247 revisions left to test after this (roughly 8 steps) [fc6763a2d7e0a7f49ccec97a46e92e9fb1f3f9dd] Merge branches 'pm-opp', 'pm-qos', 'acpi-pm', 'pm-domains' and 'pm-tools' testing commit fc6763a2d7e0a7f49ccec97a46e92e9fb1f3f9dd with gcc (GCC) 8.1.0 kernel signature: 4ccf69bd0896ec5dbec8f9e8b38d714b79487c5a all runs: OK # git bisect good fc6763a2d7e0a7f49ccec97a46e92e9fb1f3f9dd Bisecting: 117 revisions left to test after this (roughly 7 steps) [04cbfba6208592999d7bfe6609ec01dc3fde73f5] Merge tag 'dmaengine-5.4-rc1' of git://git.infradead.org/users/vkoul/slave-dma testing commit 04cbfba6208592999d7bfe6609ec01dc3fde73f5 with gcc (GCC) 8.1.0 kernel signature: bbad9d3332fd4c26760925516510ae6ddac15a0c all runs: OK # git bisect good 04cbfba6208592999d7bfe6609ec01dc3fde73f5 Bisecting: 58 revisions left to test after this (roughly 6 steps) [7396d337cfadc7c0b32dfd46581e9daff6666e84] KVM: x86: Return to userspace with internal error on unexpected exit reason testing commit 7396d337cfadc7c0b32dfd46581e9daff6666e84 with gcc (GCC) 8.1.0 kernel signature: 51607db723870a4112c520512641d8f8de52b848 all runs: OK # git bisect good 7396d337cfadc7c0b32dfd46581e9daff6666e84 Bisecting: 30 revisions left to test after this (roughly 5 steps) [d2aaa49e281959828370667edbc1cdcc7fc4026a] Merge tag 'acpi-5.4-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/rafael/linux-pm testing commit d2aaa49e281959828370667edbc1cdcc7fc4026a with gcc (GCC) 8.1.0 kernel signature: 323c26cc5267abb71eaf4142ef0acde029916c89 all runs: OK # git bisect good d2aaa49e281959828370667edbc1cdcc7fc4026a Bisecting: 13 revisions left to test after this (roughly 4 steps) [17a81bdb4ee441bcbf09ec76f530197c3788d610] Merge tag 'kvm-s390-next-5.4-1' of git://git.kernel.org/pub/scm/linux/kernel/git/kvms390/linux into HEAD testing commit 17a81bdb4ee441bcbf09ec76f530197c3788d610 with gcc (GCC) 8.1.0 kernel signature: e4610da02c534dd2f89340f8944474419d7c0ffe all runs: OK # git bisect good 17a81bdb4ee441bcbf09ec76f530197c3788d610 Bisecting: 6 revisions left to test after this (roughly 3 steps) [016049a816774edc9c3cd81afa7724d7ab001585] software node: Initialize the return value in software_node_find_by_name() testing commit 016049a816774edc9c3cd81afa7724d7ab001585 with gcc (GCC) 8.1.0 kernel signature: 5735b97cf38c90230c3b0d93871ebccd80bc3a8f all runs: OK # git bisect good 016049a816774edc9c3cd81afa7724d7ab001585 Bisecting: 3 revisions left to test after this (roughly 2 steps) [404e634fdb96a3c99c7517353bfafbd88e04ab41] Merge tag 'for-linus-urgent' of git://git.kernel.org/pub/scm/virt/kvm/kvm testing commit 404e634fdb96a3c99c7517353bfafbd88e04ab41 with gcc (GCC) 8.1.0 kernel signature: 610884fcfd8901c4ae09c4c991072ec92f0c27a2 all runs: OK # git bisect good 404e634fdb96a3c99c7517353bfafbd88e04ab41 Bisecting: 1 revision left to test after this (roughly 1 step) [4b9852f4f38909a9ca74e71afb35aafba0871aa1] KVM: x86: Fix INIT signal handling in various CPU states testing commit 4b9852f4f38909a9ca74e71afb35aafba0871aa1 with gcc (GCC) 8.1.0 kernel signature: e1d11077b833736c279aaf0adc073e8b35c8b950 all runs: OK # git bisect good 4b9852f4f38909a9ca74e71afb35aafba0871aa1 Bisecting: 0 revisions left to test after this (roughly 0 steps) [fb3925d06c285e1acb248addc5d80b33ea771b0f] KVM: X86: Use IPI shorthands in kvm guest when support testing commit fb3925d06c285e1acb248addc5d80b33ea771b0f with gcc (GCC) 8.1.0 kernel signature: fe2fd0b2270d1b900c12e05884c1f5e07a2825ee all runs: OK # git bisect good fb3925d06c285e1acb248addc5d80b33ea771b0f fe38bd6862074c0a2b9be7f31f043aaa70b2af5f is the first bad commit commit fe38bd6862074c0a2b9be7f31f043aaa70b2af5f Merge: 404e634fdb96 fb3925d06c28 Author: Linus Torvalds Date: Wed Sep 18 09:49:13 2019 -0700 Merge tag 'for-linus' of git://git.kernel.org/pub/scm/virt/kvm/kvm Pull KVM updates from Paolo Bonzini: "s390: - ioctl hardening - selftests ARM: - ITS translation cache - support for 512 vCPUs - various cleanups and bugfixes PPC: - various minor fixes and preparation x86: - bugfixes all over the place (posted interrupts, SVM, emulation corner cases, blocked INIT) - some IPI optimizations" * tag 'for-linus' of git://git.kernel.org/pub/scm/virt/kvm/kvm: (75 commits) KVM: X86: Use IPI shorthands in kvm guest when support KVM: x86: Fix INIT signal handling in various CPU states KVM: VMX: Introduce exit reason for receiving INIT signal on guest-mode KVM: VMX: Stop the preemption timer during vCPU reset KVM: LAPIC: Micro optimize IPI latency kvm: Nested KVM MMUs need PAE root too KVM: x86: set ctxt->have_exception in x86_decode_insn() KVM: x86: always stop emulation on page fault KVM: nVMX: trace nested VM-Enter failures detected by H/W KVM: nVMX: add tracepoint for failed nested VM-Enter x86: KVM: svm: Fix a check in nested_svm_vmrun() KVM: x86: Return to userspace with internal error on unexpected exit reason KVM: x86: Add kvm_emulate_{rd,wr}msr() to consolidate VXM/SVM code KVM: x86: Refactor up kvm_{g,s}et_msr() to simplify callers doc: kvm: Fix return description of KVM_SET_MSRS KVM: X86: Tune PLE Window tracepoint KVM: VMX: Change ple_window type to unsigned int KVM: X86: Remove tailing newline for tracepoints KVM: X86: Trace vcpu_id for vmexit KVM: x86: Manually calculate reserved bits when loading PDPTRS ... Documentation/virt/kvm/api.txt | 33 ++- Documentation/virt/kvm/mmu.txt | 4 +- arch/arm/include/uapi/asm/kvm.h | 4 +- arch/arm64/include/asm/pgtable-prot.h | 2 +- arch/arm64/include/uapi/asm/kvm.h | 4 +- arch/arm64/kvm/hyp/tlb.c | 14 +- arch/powerpc/include/asm/kvm_host.h | 22 +- arch/powerpc/include/asm/kvm_ppc.h | 1 + arch/powerpc/include/asm/xive.h | 9 + arch/powerpc/kvm/book3s.c | 8 +- arch/powerpc/kvm/book3s_hv.c | 24 +- arch/powerpc/kvm/book3s_hv_rm_mmu.c | 2 +- arch/powerpc/kvm/book3s_hv_rmhandlers.S | 38 ++- arch/powerpc/kvm/book3s_xive.c | 60 +++- arch/powerpc/kvm/book3s_xive.h | 2 + arch/powerpc/kvm/book3s_xive_native.c | 23 +- arch/powerpc/kvm/e500.c | 3 + arch/powerpc/kvm/emulate.c | 1 + arch/powerpc/kvm/emulate_loadstore.c | 6 - arch/powerpc/kvm/powerpc.c | 3 +- arch/powerpc/sysdev/xive/common.c | 87 ++++-- arch/powerpc/sysdev/xive/native.c | 7 + arch/s390/include/uapi/asm/kvm.h | 6 + arch/s390/kvm/kvm-s390.c | 6 +- arch/x86/include/asm/kvm_emulate.h | 3 +- arch/x86/include/asm/kvm_host.h | 19 +- arch/x86/include/asm/vmx.h | 14 + arch/x86/include/uapi/asm/vmx.h | 2 + arch/x86/kernel/kvm.c | 12 - arch/x86/kvm/cpuid.c | 27 +- arch/x86/kvm/emulate.c | 27 +- arch/x86/kvm/lapic.c | 20 +- arch/x86/kvm/mmu.c | 61 +++-- arch/x86/kvm/mmu.h | 2 +- arch/x86/kvm/svm.c | 198 +++++++------ arch/x86/kvm/trace.h | 74 +++-- arch/x86/kvm/vmx/nested.c | 305 +++++++++++---------- arch/x86/kvm/vmx/vmenter.S | 4 +- arch/x86/kvm/vmx/vmx.c | 94 +++---- arch/x86/kvm/vmx/vmx.h | 2 +- arch/x86/kvm/x86.c | 197 ++++++++----- arch/x86/kvm/x86.h | 2 +- include/kvm/arm_vgic.h | 4 +- include/uapi/linux/kvm.h | 3 + tools/testing/selftests/kvm/Makefile | 10 +- tools/testing/selftests/kvm/dirty_log_test.c | 61 ++++- tools/testing/selftests/kvm/include/kvm_util.h | 8 +- tools/testing/selftests/kvm/lib/aarch64/ucall.c | 112 ++++++++ tools/testing/selftests/kvm/lib/s390x/ucall.c | 56 ++++ tools/testing/selftests/kvm/lib/ucall.c | 157 ----------- tools/testing/selftests/kvm/lib/x86_64/ucall.c | 56 ++++ tools/testing/selftests/kvm/s390x/memop.c | 166 +++++++++++ tools/testing/selftests/kvm/s390x/sync_regs_test.c | 36 ++- virt/kvm/arm/arm.c | 2 + virt/kvm/arm/vgic/vgic-init.c | 8 +- virt/kvm/arm/vgic/vgic-irqfd.c | 36 ++- virt/kvm/arm/vgic/vgic-its.c | 207 ++++++++++++++ virt/kvm/arm/vgic/vgic-mmio-v3.c | 85 ++---- virt/kvm/arm/vgic/vgic-v2.c | 7 +- virt/kvm/arm/vgic/vgic-v3.c | 7 +- virt/kvm/arm/vgic/vgic.c | 26 +- virt/kvm/arm/vgic/vgic.h | 5 + virt/kvm/kvm_main.c | 7 +- 63 files changed, 1694 insertions(+), 797 deletions(-) create mode 100644 tools/testing/selftests/kvm/lib/aarch64/ucall.c create mode 100644 tools/testing/selftests/kvm/lib/s390x/ucall.c delete mode 100644 tools/testing/selftests/kvm/lib/ucall.c create mode 100644 tools/testing/selftests/kvm/lib/x86_64/ucall.c create mode 100644 tools/testing/selftests/kvm/s390x/memop.c revisions tested: 18, total time: 4h54m24.491911206s (build: 1h48m12.764863905s, test: 3h4m30.186682015s) first bad commit: fe38bd6862074c0a2b9be7f31f043aaa70b2af5f Merge tag 'for-linus' of git://git.kernel.org/pub/scm/virt/kvm/kvm cc: ["bp@alien8.de" "hpa@zytor.com" "jmattson@google.com" "joro@8bytes.org" "kvm@vger.kernel.org" "linux-kernel@vger.kernel.org" "mingo@redhat.com" "pbonzini@redhat.com" "rkrcmar@redhat.com" "sean.j.christopherson@intel.com" "tglx@linutronix.de" "torvalds@linux-foundation.org" "vkuznets@redhat.com" "wanpengli@tencent.com" "x86@kernel.org"] crash: KASAN: stack-out-of-bounds Read in finish_writeback_work ================================================================== BUG: KASAN: stack-out-of-bounds in finish_writeback_work.isra.53+0xcc/0xd0 fs/fs-writeback.c:168 Read of size 8 at addr ffff88808bd07b98 by task kworker/u4:0/7 CPU: 1 PID: 7 Comm: kworker/u4:0 Not tainted 5.3.0-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Workqueue: writeback wb_workfn (flush-8:0) Call Trace: __dump_stack lib/dump_stack.c:77 [inline] dump_stack+0x113/0x167 lib/dump_stack.c:113 print_address_description.cold.8+0x9/0x318 mm/kasan/report.c:351 __kasan_report.cold.9+0x1b/0x3f mm/kasan/report.c:482 kasan_report+0x12/0x17 mm/kasan/common.c:618 __asan_report_load8_noabort+0x14/0x20 mm/kasan/generic_report.c:132 finish_writeback_work.isra.53+0xcc/0xd0 fs/fs-writeback.c:168 wb_do_writeback fs/fs-writeback.c:2030 [inline] wb_workfn+0x358/0xfa0 fs/fs-writeback.c:2070 process_one_work+0x856/0x1630 kernel/workqueue.c:2269 worker_thread+0x85/0xb60 kernel/workqueue.c:2415 kthread+0x331/0x3f0 kernel/kthread.c:255 ret_from_fork+0x24/0x30 arch/x86/entry/entry_64.S:352 The buggy address belongs to the page: page:ffffea00022f41c0 refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 flags: 0xfffe0000000000() raw: 00fffe0000000000 0000000000000000 ffffffff022f0101 0000000000000000 raw: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000000 page dumped because: kasan: bad access detected Memory state around the buggy address: ffff88808bd07a80: f1 00 f2 f2 f2 00 00 00 00 00 00 00 00 00 00 00 ffff88808bd07b00: 00 00 00 00 00 00 00 00 00 00 f1 f1 f1 f1 00 00 >ffff88808bd07b80: f2 f2 f2 f2 f2 f2 00 00 f2 f2 f2 f2 f2 f2 00 00 ^ ffff88808bd07c00: 00 00 00 00 00 00 f3 f3 f3 f3 00 00 00 00 00 00 ffff88808bd07c80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ==================================================================