bisecting fixing commit since 778a33959a8ad4cb1ea2f4c5119f9e1e8b9f9d9b building syzkaller on 95b5c82b28c3107383df2cd38d9af8c7984bd31c testing commit 778a33959a8ad4cb1ea2f4c5119f9e1e8b9f9d9b with gcc (GCC) 8.1.0 run #0: crashed: KASAN: use-after-free Read in finish_task_switch run #1: crashed: general protection fault in finish_task_switch run #2: crashed: KASAN: use-after-free Read in finish_task_switch run #3: crashed: general protection fault in kvm_lapic_hv_timer_in_use run #4: crashed: KASAN: use-after-free Read in finish_task_switch run #5: crashed: KASAN: use-after-free Read in finish_task_switch run #6: crashed: KASAN: use-after-free Read in finish_task_switch run #7: crashed: KASAN: use-after-free Read in finish_task_switch run #8: crashed: KASAN: use-after-free Read in finish_task_switch run #9: crashed: general protection fault in finish_task_switch testing current HEAD e21a712a9685488f5ce80495b37b9fdbe96c230d testing commit e21a712a9685488f5ce80495b37b9fdbe96c230d with gcc (GCC) 8.1.0 all runs: OK # git bisect start e21a712a9685488f5ce80495b37b9fdbe96c230d 778a33959a8ad4cb1ea2f4c5119f9e1e8b9f9d9b Bisecting: 38344 revisions left to test after this (roughly 15 steps) [b6e88119f1edcdc1fa3fd3a168310ac2d433a873] Merge branches 'acpi-tables', 'acpi-debug', 'acpi-doc' and 'acpi-misc' testing commit b6e88119f1edcdc1fa3fd3a168310ac2d433a873 with gcc (GCC) 8.1.0 all runs: OK # git bisect bad b6e88119f1edcdc1fa3fd3a168310ac2d433a873 Bisecting: 19079 revisions left to test after this (roughly 14 steps) [b65bb777ef2237030f2802f2263ae9a0108f7acf] nvme-rdma: support separate queue maps for read and write testing commit b65bb777ef2237030f2802f2263ae9a0108f7acf with gcc (GCC) 8.1.0 all runs: OK # git bisect bad b65bb777ef2237030f2802f2263ae9a0108f7acf Bisecting: 9529 revisions left to test after this (roughly 13 steps) [d49f8a52b15bf35db778035340d8a673149f9f93] Merge tag 'scsi-misc' of git://git.kernel.org/pub/scm/linux/kernel/git/jejb/scsi testing commit d49f8a52b15bf35db778035340d8a673149f9f93 with gcc (GCC) 8.1.0 run #0: basic kernel testing failed: failed to copy test binary to VM: failed to run ["scp" "-P" "22" "-F" "/dev/null" "-o" "UserKnownHostsFile=/dev/null" "-o" "BatchMode=yes" "-o" "IdentitiesOnly=yes" "-o" "StrictHostKeyChecking=no" "-o" "ConnectTimeout=10" "-i" "/syzkaller/jobs/linux/workdir/image/key" "/tmp/syz-executor328497448" "root@10.128.15.197:./syz-executor328497448"]: exit status 1 ssh: connect to host 10.128.15.197 port 22: Connection timed out lost connection run #1: OK run #2: OK run #3: OK run #4: OK run #5: OK run #6: OK run #7: OK run #8: OK run #9: OK # git bisect bad d49f8a52b15bf35db778035340d8a673149f9f93 Bisecting: 4760 revisions left to test after this (roughly 12 steps) [5580d810560da33804053ae3bca13110c9a8d5e8] Merge tag 'mt76-for-kvalo-2018-10-05' of https://github.com/nbd168/wireless testing commit 5580d810560da33804053ae3bca13110c9a8d5e8 with gcc (GCC) 8.1.0 all runs: OK # git bisect bad 5580d810560da33804053ae3bca13110c9a8d5e8 Bisecting: 2394 revisions left to test after this (roughly 11 steps) [c15e3f19a6d5c89b1209dc94b40e568177cb0921] fs/cifs: don't translate SFM_SLASH (U+F026) to backslash testing commit c15e3f19a6d5c89b1209dc94b40e568177cb0921 with gcc (GCC) 8.1.0 all runs: crashed: KASAN: use-after-free Read in finish_task_switch # git bisect good c15e3f19a6d5c89b1209dc94b40e568177cb0921 Bisecting: 1197 revisions left to test after this (roughly 10 steps) [582d37bbb613b8ad86bf82845d3a74a02a5a0fa1] net: hns3: Check hdev state when getting link status testing commit 582d37bbb613b8ad86bf82845d3a74a02a5a0fa1 with gcc (GCC) 8.1.0 run #0: crashed: KASAN: use-after-free Read in finish_task_switch run #1: crashed: KASAN: use-after-free Read in finish_task_switch run #2: crashed: KASAN: use-after-free Read in finish_task_switch run #3: crashed: general protection fault in kvm_lapic_hv_timer_in_use run #4: crashed: KASAN: use-after-free Read in finish_task_switch run #5: crashed: KASAN: use-after-free Read in finish_task_switch run #6: crashed: general protection fault in kvm_lapic_hv_timer_in_use run #7: crashed: KASAN: use-after-free Read in finish_task_switch run #8: crashed: KASAN: use-after-free Read in finish_task_switch run #9: crashed: KASAN: use-after-free Read in finish_task_switch # git bisect good 582d37bbb613b8ad86bf82845d3a74a02a5a0fa1 Bisecting: 592 revisions left to test after this (roughly 9 steps) [3bd09b05b0689497d8f2e33ae983b1ee10d15eeb] Merge tag 'mlx5e-updates-2018-10-01' of git://git.kernel.org/pub/scm/linux/kernel/git/saeed/linux testing commit 3bd09b05b0689497d8f2e33ae983b1ee10d15eeb with gcc (GCC) 8.1.0 all runs: OK # git bisect bad 3bd09b05b0689497d8f2e33ae983b1ee10d15eeb Bisecting: 305 revisions left to test after this (roughly 8 steps) [846e8dd47c264e0b359afed28ea88e0acdee6818] Merge tag 'scsi-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/jejb/scsi testing commit 846e8dd47c264e0b359afed28ea88e0acdee6818 with gcc (GCC) 8.1.0 all runs: OK # git bisect bad 846e8dd47c264e0b359afed28ea88e0acdee6818 Bisecting: 143 revisions left to test after this (roughly 7 steps) [328c6333ba3df92d5ea7f2cee46379ed57882af6] Merge branch 'x86-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip testing commit 328c6333ba3df92d5ea7f2cee46379ed57882af6 with gcc (GCC) 8.1.0 all runs: OK # git bisect bad 328c6333ba3df92d5ea7f2cee46379ed57882af6 Bisecting: 88 revisions left to test after this (roughly 6 steps) [234b69e3e089d850a98e7b3145bd00e9b52b1111] ocfs2: fix ocfs2 read block panic testing commit 234b69e3e089d850a98e7b3145bd00e9b52b1111 with gcc (GCC) 8.1.0 run #0: crashed: KASAN: use-after-free Read in finish_task_switch run #1: crashed: KASAN: use-after-free Read in finish_task_switch run #2: crashed: KASAN: use-after-free Read in finish_task_switch run #3: crashed: KASAN: use-after-free Read in finish_task_switch run #4: crashed: KASAN: use-after-free Read in finish_task_switch run #5: crashed: KASAN: use-after-free Read in finish_task_switch run #6: crashed: KASAN: use-after-free Read in finish_task_switch run #7: crashed: KASAN: use-after-free Read in finish_task_switch run #8: crashed: KASAN: use-after-free Read in finish_task_switch run #9: crashed: general protection fault in finish_task_switch # git bisect good 234b69e3e089d850a98e7b3145bd00e9b52b1111 Bisecting: 52 revisions left to test after this (roughly 6 steps) [0eba8697bce15dc06e2b5c4c66d672c37ca43be0] Merge tag 'upstream-4.19-rc4' of git://git.infradead.org/linux-ubifs testing commit 0eba8697bce15dc06e2b5c4c66d672c37ca43be0 with gcc (GCC) 8.1.0 all runs: crashed: KASAN: use-after-free Read in finish_task_switch # git bisect good 0eba8697bce15dc06e2b5c4c66d672c37ca43be0 Bisecting: 26 revisions left to test after this (roughly 5 steps) [a27fb6d983c7b5bb0129ae4d7a7c81758173bfab] Merge tag 'for-linus' of git://git.kernel.org/pub/scm/virt/kvm/kvm testing commit a27fb6d983c7b5bb0129ae4d7a7c81758173bfab with gcc (GCC) 8.1.0 all runs: OK # git bisect bad a27fb6d983c7b5bb0129ae4d7a7c81758173bfab Bisecting: 12 revisions left to test after this (roughly 4 steps) [4c008127e4716d246b44b403f8a65ae9744d32c4] KVM: VMX: immediately mark preemption timer expired only for zero value testing commit 4c008127e4716d246b44b403f8a65ae9744d32c4 with gcc (GCC) 8.1.0 run #0: crashed: KASAN: use-after-free Read in finish_task_switch run #1: crashed: KASAN: use-after-free Read in finish_task_switch run #2: crashed: KASAN: use-after-free Read in finish_task_switch run #3: crashed: KASAN: use-after-free Read in finish_task_switch run #4: crashed: KASAN: use-after-free Read in finish_task_switch run #5: crashed: KASAN: use-after-free Read in finish_task_switch run #6: crashed: KASAN: use-after-free Read in finish_task_switch run #7: crashed: general protection fault in kvm_lapic_hv_timer_in_use run #8: crashed: KASAN: use-after-free Read in finish_task_switch run #9: crashed: KASAN: use-after-free Read in finish_task_switch # git bisect good 4c008127e4716d246b44b403f8a65ae9744d32c4 Bisecting: 6 revisions left to test after this (roughly 3 steps) [e6c67d8cf1173b229f0c4343d1cc7925eca11c11] KVM: nVMX: Wake blocked vCPU in guest-mode if pending interrupt in virtual APICv testing commit e6c67d8cf1173b229f0c4343d1cc7925eca11c11 with gcc (GCC) 8.1.0 run #0: crashed: KASAN: use-after-free Read in finish_task_switch run #1: crashed: general protection fault in kvm_lapic_hv_timer_in_use run #2: crashed: KASAN: use-after-free Read in finish_task_switch run #3: crashed: KASAN: use-after-free Read in finish_task_switch run #4: crashed: KASAN: use-after-free Read in finish_task_switch run #5: crashed: KASAN: use-after-free Read in finish_task_switch run #6: crashed: KASAN: use-after-free Read in finish_task_switch run #7: crashed: general protection fault in kvm_lapic_hv_timer_in_use run #8: crashed: KASAN: use-after-free Read in finish_task_switch run #9: crashed: KASAN: use-after-free Read in finish_task_switch # git bisect good e6c67d8cf1173b229f0c4343d1cc7925eca11c11 Bisecting: 3 revisions left to test after this (roughly 2 steps) [d84f1cff9028c00ee870f0293b0c7a3866071dfa] KVM: x86: Turbo bits in MSR_PLATFORM_INFO testing commit d84f1cff9028c00ee870f0293b0c7a3866071dfa with gcc (GCC) 8.1.0 all runs: crashed: KASAN: use-after-free Read in finish_task_switch # git bisect good d84f1cff9028c00ee870f0293b0c7a3866071dfa Bisecting: 1 revision left to test after this (roughly 1 step) [8b56ee91ffc88ea01400c012e10fe22a9d233265] kvm: selftests: Add platform_info_test testing commit 8b56ee91ffc88ea01400c012e10fe22a9d233265 with gcc (GCC) 8.1.0 run #0: crashed: general protection fault in finish_task_switch run #1: crashed: KASAN: use-after-free Read in finish_task_switch run #2: crashed: KASAN: use-after-free Read in finish_task_switch run #3: crashed: KASAN: use-after-free Read in finish_task_switch run #4: crashed: KASAN: use-after-free Read in finish_task_switch run #5: crashed: KASAN: use-after-free Read in finish_task_switch run #6: crashed: general protection fault in __schedule run #7: crashed: KASAN: use-after-free Read in finish_task_switch run #8: crashed: KASAN: use-after-free Read in finish_task_switch run #9: crashed: KASAN: use-after-free Read in finish_task_switch # git bisect good 8b56ee91ffc88ea01400c012e10fe22a9d233265 Bisecting: 0 revisions left to test after this (roughly 0 steps) [26b471c7e2f7befd0f59c35b257749ca57e0ed70] KVM: nVMX: Fix bad cleanup on error of get/set nested state IOCTLs testing commit 26b471c7e2f7befd0f59c35b257749ca57e0ed70 with gcc (GCC) 8.1.0 all runs: OK # git bisect bad 26b471c7e2f7befd0f59c35b257749ca57e0ed70 26b471c7e2f7befd0f59c35b257749ca57e0ed70 is the first bad commit commit 26b471c7e2f7befd0f59c35b257749ca57e0ed70 Author: Liran Alon Date: Sun Sep 16 14:28:20 2018 +0300 KVM: nVMX: Fix bad cleanup on error of get/set nested state IOCTLs The handlers of IOCTLs in kvm_arch_vcpu_ioctl() are expected to set their return value in "r" local var and break out of switch block when they encounter some error. This is because vcpu_load() is called before the switch block which have a proper cleanup of vcpu_put() afterwards. However, KVM_{GET,SET}_NESTED_STATE IOCTLs handlers just return immediately on error without performing above mentioned cleanup. Thus, change these handlers to behave as expected. Fixes: 8fcc4b5923af ("kvm: nVMX: Introduce KVM_CAP_NESTED_STATE") Reviewed-by: Mark Kanda Reviewed-by: Patrick Colp Signed-off-by: Liran Alon Signed-off-by: Paolo Bonzini :040000 040000 df46414f31b4d1213bd971a05d34bf6aa97277ec 1fc29d81484d4a21efc6da11f4a241d62b080e0e M arch revisions tested: 19, total time: 4h4m27.976628064s (build: 1h26m12.958743818s, test: 2h31m39.649453999s) first good commit: 26b471c7e2f7befd0f59c35b257749ca57e0ed70 KVM: nVMX: Fix bad cleanup on error of get/set nested state IOCTLs cc: ["liran.alon@oracle.com" "mark.kanda@oracle.com" "patrick.colp@oracle.com" "pbonzini@redhat.com"]