bisecting cause commit starting from f80ef9e49fdfbfbc4197711230098b90e6b05a7e
building syzkaller on 0230ba3e7ee638765ace8e2c3b436e703017b46c
testing commit f80ef9e49fdfbfbc4197711230098b90e6b05a7e
compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2
kernel signature: a4b0a8997559174ef9cfbc3ab7452975a4540d29305304ed5605cd36028984fd
all runs: crashed: WARNING in nested_vmx_vmexit
testing release v5.15
testing commit 8bb7eca972ad531c9b149c0a51ab43a417385813
compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2
kernel signature: f022453079e48b0d1b235afa1df77c4f350bb0819401752f5af42ca0fa10a066
all runs: crashed: WARNING in nested_vmx_vmexit
testing release v5.14
testing commit 7d2a07b769330c34b4deabeed939325c77a7ec2f
compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2
kernel signature: be3d06891e11d648020dc3dac724dae7fa1f6a96d556ef5980ca0ab2b76a1a05
all runs: OK
# git bisect start 8bb7eca972ad531c9b149c0a51ab43a417385813 7d2a07b769330c34b4deabeed939325c77a7ec2f
Bisecting: 6693 revisions left to test after this (roughly 13 steps)
[477f70cd2a67904e04c2c2b9bd0fa2e95222f2f6] Merge tag 'drm-next-2021-08-31-1' of git://anongit.freedesktop.org/drm/drm

testing commit 477f70cd2a67904e04c2c2b9bd0fa2e95222f2f6
compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2
kernel signature: bb0528579eb5a764a66c7edc0d0eef2175f784cd7b409daa0d476b1ff2c376b4
run #0: OK
run #1: OK
run #2: OK
run #3: OK
run #4: OK
run #5: OK
run #6: OK
run #7: OK
run #8: OK
run #9: boot failed: possible deadlock in blktrans_open
# git bisect good 477f70cd2a67904e04c2c2b9bd0fa2e95222f2f6
Bisecting: 3317 revisions left to test after this (roughly 12 steps)
[626bf91a292e2035af5b9d9cce35c5c138dfe06d] Merge tag 'net-5.15-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net

testing commit 626bf91a292e2035af5b9d9cce35c5c138dfe06d
compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2
kernel signature: f7375017b30ff788bc827be8e5e3995cdfc64b28b379ae9bb71b2542ce0f5610
all runs: OK
# git bisect good 626bf91a292e2035af5b9d9cce35c5c138dfe06d
Bisecting: 1650 revisions left to test after this (roughly 11 steps)
[a3b397b4fffb799d25658defafd962f0fb3e9fe0] Merge branch 'akpm' (patches from Andrew)

testing commit a3b397b4fffb799d25658defafd962f0fb3e9fe0
compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2
kernel signature: 70782a662b11fde812fa390e566c53f06d9a793e04af4fbaf4294fedbc6f8cae
all runs: OK
# git bisect good a3b397b4fffb799d25658defafd962f0fb3e9fe0
Bisecting: 850 revisions left to test after this (roughly 10 steps)
[3ff6d64e68abc231955d216236615918797614ae] libperf tests: Fix test_stat_cpu

testing commit 3ff6d64e68abc231955d216236615918797614ae
compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2
kernel signature: 98f2d94855d98428401cace35f63df0f9fbfebfb8b68fad886fe3111ad8a7432
all runs: crashed: WARNING in nested_vmx_vmexit
# git bisect bad 3ff6d64e68abc231955d216236615918797614ae
Bisecting: 399 revisions left to test after this (roughly 9 steps)
[9e1ff307c779ce1f0f810c7ecce3d95bbae40896] Linux 5.15-rc4

testing commit 9e1ff307c779ce1f0f810c7ecce3d95bbae40896
compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2
kernel signature: 257d61ae69e09b87c089da195955ea6e55657bff99eacebfb2b775382e6080af
all runs: crashed: WARNING in nested_vmx_vmexit
# git bisect bad 9e1ff307c779ce1f0f810c7ecce3d95bbae40896
Bisecting: 213 revisions left to test after this (roughly 8 steps)
[115f6134a050bb098414f38555a5ab780ebbfef0] Merge tag 'gpio-fixes-for-v5.15-rc4' of git://git.kernel.org/pub/scm/linux/kernel/git/brgl/linux

testing commit 115f6134a050bb098414f38555a5ab780ebbfef0
compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2
kernel signature: cd8f20c850819805d28090822e61af0087a4efaf5a1d62e23302d4c7184f6c96
all runs: crashed: WARNING in nested_vmx_vmexit
# git bisect bad 115f6134a050bb098414f38555a5ab780ebbfef0
Bisecting: 95 revisions left to test after this (roughly 7 steps)
[9cccec2bf32fa2a8039cfcd228b9f3a4f0a4f5aa] Merge tag 'for-linus' of git://git.kernel.org/pub/scm/virt/kvm/kvm

testing commit 9cccec2bf32fa2a8039cfcd228b9f3a4f0a4f5aa
compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2
kernel signature: a319a42bd4bfc35fad097e08147c68e18b0ddc6313265afd382956c86b0af5af
all runs: crashed: WARNING in nested_vmx_vmexit
# git bisect bad 9cccec2bf32fa2a8039cfcd228b9f3a4f0a4f5aa
Bisecting: 44 revisions left to test after this (roughly 6 steps)
[e6609f2c07de03b948fd6c37c5eb4ade3a6d785c] Merge tag 'media/v5.15-2' of git://git.kernel.org/pub/scm/linux/kernel/git/mchehab/linux-media

testing commit e6609f2c07de03b948fd6c37c5eb4ade3a6d785c
compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2
kernel signature: f5f44a1d346490411c0ae21a4fa60a93949165a992092c29e98e36280a40c32e
all runs: OK
# git bisect good e6609f2c07de03b948fd6c37c5eb4ade3a6d785c
Bisecting: 22 revisions left to test after this (roughly 5 steps)
[85b640450ddcfa09cf72771b69a9c3daf0ddc772] KVM: Clean up benign vcpu->cpu data races when kicking vCPUs

testing commit 85b640450ddcfa09cf72771b69a9c3daf0ddc772
compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2
kernel signature: 6ca52442596327375240493ad0766903c7ac206186de7206ca5e30b71ad449cd
all runs: OK
# git bisect good 85b640450ddcfa09cf72771b69a9c3daf0ddc772
Bisecting: 11 revisions left to test after this (roughly 4 steps)
[aee77e1169c1900fe4248dc186962e745b479d9e] KVM: x86: nSVM: restore int_vector in svm_clear_vintr

testing commit aee77e1169c1900fe4248dc186962e745b479d9e
compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2
kernel signature: 085e38cc1b59cfa70abb31f283c7880addac8c71106834a0c488645ad7e4bbdd
all runs: crashed: WARNING in nested_vmx_vmexit
# git bisect bad aee77e1169c1900fe4248dc186962e745b479d9e
Bisecting: 5 revisions left to test after this (roughly 3 steps)
[e85d3e7b495bb6c0b847a693f5f6d4bd429fae55] KVM: x86: SVM: call KVM_REQ_GET_NESTED_STATE_PAGES on exit from SMM mode

testing commit e85d3e7b495bb6c0b847a693f5f6d4bd429fae55
compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2
kernel signature: cd19a7c53dfd029ac9b86a96128553f0a1cdc7b9978e7dae7c491a10e406fc74
all runs: OK
# git bisect good e85d3e7b495bb6c0b847a693f5f6d4bd429fae55
Bisecting: 2 revisions left to test after this (roughly 2 steps)
[c8607e4a086fae05efe5bffb47c5199c65e7216e] KVM: x86: nVMX: don't fail nested VM entry on invalid guest state if !from_vmentry

testing commit c8607e4a086fae05efe5bffb47c5199c65e7216e
compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2
kernel signature: 6994ffb7a70db66bea06f81fdb6fb38a5db6f47f0d87b004ac4167f8668d6e0f
all runs: crashed: WARNING in nested_vmx_vmexit
# git bisect bad c8607e4a086fae05efe5bffb47c5199c65e7216e
Bisecting: 0 revisions left to test after this (roughly 1 step)
[c42dec148b3e1a88835e275b675e5155f99abd43] KVM: x86: VMX: synthesize invalid VM exit when emulating invalid guest state

testing commit c42dec148b3e1a88835e275b675e5155f99abd43
compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2
kernel signature: b029be181a912f694c522c957c1e927987b0b17a4f3c7ecf1c44dd4ec8a19e0e
all runs: OK
# git bisect good c42dec148b3e1a88835e275b675e5155f99abd43
c8607e4a086fae05efe5bffb47c5199c65e7216e is the first bad commit
commit c8607e4a086fae05efe5bffb47c5199c65e7216e
Author: Maxim Levitsky <mlevitsk@redhat.com>
Date:   Mon Sep 13 17:09:53 2021 +0300

    KVM: x86: nVMX: don't fail nested VM entry on invalid guest state if !from_vmentry
    
    It is possible that when non root mode is entered via special entry
    (!from_vmentry), that is from SMM or from loading the nested state,
    the L2 state could be invalid in regard to non unrestricted guest mode,
    but later it can become valid.
    
    (for example when RSM emulation restores segment registers from SMRAM)
    
    Thus delay the check to VM entry, where we will check this and fail.
    
    Signed-off-by: Maxim Levitsky <mlevitsk@redhat.com>
    Message-Id: <20210913140954.165665-7-mlevitsk@redhat.com>
    Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>

 arch/x86/kvm/vmx/nested.c | 7 ++++++-
 arch/x86/kvm/vmx/vmx.c    | 5 ++++-
 2 files changed, 10 insertions(+), 2 deletions(-)

culprit signature: 6994ffb7a70db66bea06f81fdb6fb38a5db6f47f0d87b004ac4167f8668d6e0f
parent  signature: b029be181a912f694c522c957c1e927987b0b17a4f3c7ecf1c44dd4ec8a19e0e
revisions tested: 16, total time: 3h31m28.641181391s (build: 1h46m21.02722626s, test: 1h43m26.781926406s)
first bad commit: c8607e4a086fae05efe5bffb47c5199c65e7216e KVM: x86: nVMX: don't fail nested VM entry on invalid guest state if !from_vmentry
recipients (to): ["linux-kernel@vger.kernel.org" "mlevitsk@redhat.com" "pbonzini@redhat.com"]
recipients (cc): ["bp@alien8.de" "hpa@zytor.com" "jmattson@google.com" "joro@8bytes.org" "kvm@vger.kernel.org" "mingo@redhat.com" "pbonzini@redhat.com" "seanjc@google.com" "tglx@linutronix.de" "vkuznets@redhat.com" "wanpengli@tencent.com" "x86@kernel.org"]
crash: WARNING in nested_vmx_vmexit
------------[ cut here ]------------
WARNING: CPU: 1 PID: 9006 at arch/x86/kvm/vmx/nested.c:4563 nested_vmx_get_vmcs01_guest_efer arch/x86/kvm/vmx/nested.c:4381 [inline]
WARNING: CPU: 1 PID: 9006 at arch/x86/kvm/vmx/nested.c:4563 nested_vmx_restore_host_state arch/x86/kvm/vmx/nested.c:4411 [inline]
WARNING: CPU: 1 PID: 9006 at arch/x86/kvm/vmx/nested.c:4563 nested_vmx_vmexit+0x2c39/0x33f0 arch/x86/kvm/vmx/nested.c:4648
Modules linked in:
CPU: 1 PID: 9006 Comm: syz-executor.0 Not tainted 5.15.0-rc2-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
RIP: 0010:nested_vmx_vmexit+0x2c39/0x33f0 arch/x86/kvm/vmx/nested.c:4563
Code: 8c 48 ba 00 00 00 00 00 fc ff df 48 c1 e8 03 80 3c 10 00 0f 84 22 f2 ff ff 48 c7 c7 f8 b3 7b 8c e8 1c f9 88 00 e9 11 f2 ff ff <0f> 0b e9 be ef ff ff 0f 0b e9 1d ef ff ff 66 90 e9 dd f6 ff ff 48
RSP: 0018:ffffc9000d27f990 EFLAGS: 00010297
RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000001
RDX: 1ffff1100ce60c3d RSI: 1ffff110049c0c01 RDI: 0000000000000004
RBP: ffffc9000d27fae0 R08: 0000000000000000 R09: ffff88806730403f
R10: ffffed100ce60807 R11: 000000000007a089 R12: ffff888024e06000
R13: ffff888067304038 R14: 0000000000000000 R15: ffff888067304000
FS:  00007ff947e56700(0000) GS:ffff8880b9f00000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000559b8b3e6160 CR3: 0000000067075000 CR4: 00000000003526e0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
 vmx_leave_nested arch/x86/kvm/vmx/nested.c:6226 [inline]
 nested_vmx_free_vcpu+0x81/0xa0 arch/x86/kvm/vmx/nested.c:329
 vmx_free_vcpu+0x56/0x150 arch/x86/kvm/vmx/vmx.c:6810
 kvm_arch_vcpu_destroy+0xcf/0x3f0 arch/x86/kvm/x86.c:10795
 kvm_vcpu_destroy+0x18/0x90 arch/x86/kvm/../../../virt/kvm/kvm_main.c:439
 kvm_free_vcpus arch/x86/kvm/x86.c:11226 [inline]
 kvm_arch_destroy_vm+0x2ba/0x5e0 arch/x86/kvm/x86.c:11345
 kvm_destroy_vm arch/x86/kvm/../../../virt/kvm/kvm_main.c:1187 [inline]
 kvm_put_kvm+0x3fd/0xa50 arch/x86/kvm/../../../virt/kvm/kvm_main.c:1218
 kvm_vcpu_release+0x49/0x70 arch/x86/kvm/../../../virt/kvm/kvm_main.c:3547
 __fput+0x206/0x8d0 fs/file_table.c:280
 task_work_run+0xc0/0x160 kernel/task_work.c:164
 get_signal+0x14c0/0x1bf0 kernel/signal.c:2641
 arch_do_signal_or_restart+0x2a9/0x1c40 arch/x86/kernel/signal.c:865
 handle_signal_work kernel/entry/common.c:148 [inline]
 exit_to_user_mode_loop kernel/entry/common.c:172 [inline]
 exit_to_user_mode_prepare+0x17d/0x290 kernel/entry/common.c:207
 __syscall_exit_to_user_mode_work kernel/entry/common.c:289 [inline]
 syscall_exit_to_user_mode+0x19/0x60 kernel/entry/common.c:300
 do_syscall_64+0x42/0xb0 arch/x86/entry/common.c:86
 entry_SYSCALL_64_after_hwframe+0x44/0xae
RIP: 0033:0x7ff9486e0af9
Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007ff947e56188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
RAX: fffffffffffffffc RBX: 00007ff9487f3f60 RCX: 00007ff9486e0af9
RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000005
RBP: 00007ff94873aff7 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 00007ffcbdee535f R14: 00007ff947e56300 R15: 0000000000022000