ci starts bisection 2023-02-27 07:33:39.87392894 +0000 UTC m=+73.599486727 bisecting cause commit starting from f3a2439f20d918930cc4ae8f76fe1c1afd26958f building syzkaller on ee50e71ca65deab5f014ff0481809c7b2afa5427 ensuring issue is reproducible on original commit f3a2439f20d918930cc4ae8f76fe1c1afd26958f testing commit f3a2439f20d918930cc4ae8f76fe1c1afd26958f gcc compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 9681f99658a071bae3e84156a77616a833332bd15dec556d9421e4e27f5b1abf all runs: crashed: WARNING in kvm_recalculate_apic_map testing release v6.2 testing commit c9c3395d5e3dcc6daee66c6908354d47bf98cb0c gcc compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: fe0e083fc89d3a94ec2f0d2996231e3d7e0bbce44f2149938e46295b7c256233 all runs: OK # git bisect start f3a2439f20d918930cc4ae8f76fe1c1afd26958f c9c3395d5e3dcc6daee66c6908354d47bf98cb0c Bisecting: 6243 revisions left to test after this (roughly 13 steps) [291a73a8e63a6a00f2f6863989cd1652a1f5b9a1] Merge tag 'landlock-6.3-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/mic/linux testing commit 291a73a8e63a6a00f2f6863989cd1652a1f5b9a1 gcc compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: fcda90be3dd03d248c077cce723623360db49fa92c07256432ae690bca3eb40e all runs: OK # git bisect good 291a73a8e63a6a00f2f6863989cd1652a1f5b9a1 Bisecting: 3000 revisions left to test after this (roughly 12 steps) [72bffe7e1eb6cb82b90aa14cd786f3f5ede9e0ae] Merge tag 'usb-6.3-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb testing commit 72bffe7e1eb6cb82b90aa14cd786f3f5ede9e0ae gcc compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 643dfce546a4984548a17c2904360258c79710a08909358db39b10ca02e77e2a all runs: OK # git bisect good 72bffe7e1eb6cb82b90aa14cd786f3f5ede9e0ae Bisecting: 1553 revisions left to test after this (roughly 11 steps) [5596c6adb04d00cad445641a35f1f1745de57119] Merge tag 'mips_6.3' of git://git.kernel.org/pub/scm/linux/kernel/git/mips/linux testing commit 5596c6adb04d00cad445641a35f1f1745de57119 gcc compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 61173f30dcaca4e4e1751a88526e7ac34894cece4f716b49c9f58f61ab128040 all runs: OK # git bisect good 5596c6adb04d00cad445641a35f1f1745de57119 Bisecting: 762 revisions left to test after this (roughly 10 steps) [60e2bf7d10e9cd5641f4a5183a19058d9a2c8782] Merge tag 'input-for-v6.3-rc0' of git://git.kernel.org/pub/scm/linux/kernel/git/dtor/input testing commit 60e2bf7d10e9cd5641f4a5183a19058d9a2c8782 gcc compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 871e56f234be93eaae81485af53d868fc6f728d46f97b1dba9a46a3220acd65e all runs: crashed: WARNING in kvm_recalculate_apic_map # git bisect bad 60e2bf7d10e9cd5641f4a5183a19058d9a2c8782 Bisecting: 438 revisions left to test after this (roughly 9 steps) [45dd9bc75d9adc9483f0c7d662ba6e73ed698a0b] KVM: SVM: hyper-v: placate modpost section mismatch error testing commit 45dd9bc75d9adc9483f0c7d662ba6e73ed698a0b gcc compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 679eca20d0ff848642adc29fcf4bc23852bbf6390e77432bd52602f86508fb72 all runs: crashed: WARNING in kvm_recalculate_apic_map # git bisect bad 45dd9bc75d9adc9483f0c7d662ba6e73ed698a0b Bisecting: 179 revisions left to test after this (roughly 8 steps) [4f2a5a6b96a00544a0d9e40863f492552fd953e7] Merge tag 'kvm-x86-misc-6.3' of https://github.com/kvm-x86/linux into HEAD testing commit 4f2a5a6b96a00544a0d9e40863f492552fd953e7 gcc compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 51f4e1dadfec9b96f7c8f76b78eb52351727ba025ee007fd0469303880109e85 all runs: crashed: WARNING in kvm_recalculate_apic_map # git bisect bad 4f2a5a6b96a00544a0d9e40863f492552fd953e7 Bisecting: 91 revisions left to test after this (roughly 7 steps) [dc7c31e922787466957cadf2c0ad21c0f9a4091f] Merge branch 'kvm-v6.2-rc4-fixes' into HEAD testing commit dc7c31e922787466957cadf2c0ad21c0f9a4091f gcc compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 7327dfddd304ec94093eaabb900e137089d2a7cd13fedf0561afc83c0627a682 all runs: OK # git bisect good dc7c31e922787466957cadf2c0ad21c0f9a4091f Bisecting: 45 revisions left to test after this (roughly 6 steps) [76e527509d37a15ff1714ddd003384f5f25fd3fc] KVM: x86: Skip redundant x2APIC logical mode optimized cluster setup testing commit 76e527509d37a15ff1714ddd003384f5f25fd3fc gcc compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 4507bcac6b825a0feca65fb66c95baf0d01aa98e4015760152c8a4dabe8a9d49 all runs: crashed: WARNING in kvm_recalculate_apic_map # git bisect bad 76e527509d37a15ff1714ddd003384f5f25fd3fc Bisecting: 22 revisions left to test after this (roughly 5 steps) [4e5bf89f2794e99d8d61b2fcb4a8f2d29963a532] KVM: x86: Hyper-V invariant TSC control testing commit 4e5bf89f2794e99d8d61b2fcb4a8f2d29963a532 gcc compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: d1a545229a5c49282f2dad26bc7dd8599236eb022ee1011a266e3c006600cf71 all runs: OK # git bisect good 4e5bf89f2794e99d8d61b2fcb4a8f2d29963a532 Bisecting: 11 revisions left to test after this (roughly 4 steps) [e0bead97e7590da888148feb9e9133bc278c534b] KVM: SVM: Don't put/load AVIC when setting virtual APIC mode testing commit e0bead97e7590da888148feb9e9133bc278c534b gcc compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 5b17e95498de9add87bd79a39d6e1f17733fe44c36ae36fac023cd3adf1b6056 all runs: OK # git bisect good e0bead97e7590da888148feb9e9133bc278c534b Bisecting: 5 revisions left to test after this (roughly 3 steps) [da3fb46d226a8c1b61d309f3b99056c18b8d93e2] KVM: SVM: Fix x2APIC Logical ID calculation for avic_kick_target_vcpus_fast testing commit da3fb46d226a8c1b61d309f3b99056c18b8d93e2 gcc compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 1e73b43932a6eae6ccf57c3c583de713435cf7e1d0dae4ad08d5e3e1efc1c64c all runs: OK # git bisect good da3fb46d226a8c1b61d309f3b99056c18b8d93e2 Bisecting: 2 revisions left to test after this (roughly 2 steps) [1d22a597b3e9fd4d0a7e921ce4d32321bcad8576] KVM: SVM: Add helper to perform final AVIC "kick" of single vCPU testing commit 1d22a597b3e9fd4d0a7e921ce4d32321bcad8576 gcc compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: d8876c5c964e8bc28d4c96182021de52342ceb737b06d5a65359d69cca90d262 all runs: OK # git bisect good 1d22a597b3e9fd4d0a7e921ce4d32321bcad8576 Bisecting: 0 revisions left to test after this (roughly 1 step) [35366901017ca20ccf72365d2922361459cb3121] KVM: x86: Explicitly track all possibilities for APIC map's logical modes testing commit 35366901017ca20ccf72365d2922361459cb3121 gcc compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 6e5af47000758a0f439c3bc5a8dfcd3a22f4f5c8e7c4f27e1e2c0626317484f6 all runs: OK # git bisect good 35366901017ca20ccf72365d2922361459cb3121 76e527509d37a15ff1714ddd003384f5f25fd3fc is the first bad commit commit 76e527509d37a15ff1714ddd003384f5f25fd3fc Author: Sean Christopherson Date: Fri Jan 6 01:12:52 2023 +0000 KVM: x86: Skip redundant x2APIC logical mode optimized cluster setup Skip the optimized cluster[] setup for x2APIC logical mode, as KVM reuses the optimized map's phys_map[] and doesn't actually need to insert the target apic into the cluster[]. The LDR is derived from the x2APIC ID, and both are read-only in KVM, thus the vCPU's cluster[ldr] is guaranteed to be the same entry as the vCPU's phys_map[x2apic_id] entry. Skipping the unnecessary setup will allow a future fix for aliased xAPIC logical IDs to simply require that cluster[ldr] is non-NULL, i.e. won't have to special case x2APIC. Alternatively, the future check could allow "cluster[ldr] == apic", but that ends up being terribly confusing because cluster[ldr] is only set at the very end, i.e. it's only possible due to x2APIC's shenanigans. Another alternative would be to send x2APIC down a separate path _after_ the calculation and then assert that all of the above, but the resulting code is rather messy, and it's arguably unnecessary since asserting that the actual LDR matches the expected LDR means that simply testing that interrupts are delivered correctly provides the same guarantees. Reported-by: Suravee Suthikulpanit Reviewed-by: Maxim Levitsky Signed-off-by: Sean Christopherson Message-Id: <20230106011306.85230-20-seanjc@google.com> Signed-off-by: Paolo Bonzini arch/x86/kvm/lapic.c | 22 +++++++++++++++++----- 1 file changed, 17 insertions(+), 5 deletions(-) culprit signature: 4507bcac6b825a0feca65fb66c95baf0d01aa98e4015760152c8a4dabe8a9d49 parent signature: 6e5af47000758a0f439c3bc5a8dfcd3a22f4f5c8e7c4f27e1e2c0626317484f6 revisions tested: 15, total time: 4h1m37.177261755s (build: 2h11m17.829732295s, test: 1h47m52.319427743s) first bad commit: 76e527509d37a15ff1714ddd003384f5f25fd3fc KVM: x86: Skip redundant x2APIC logical mode optimized cluster setup recipients (to): ["mlevitsk@redhat.com" "pbonzini@redhat.com" "seanjc@google.com"] recipients (cc): [] crash: WARNING in kvm_recalculate_apic_map L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details. ------------[ cut here ]------------ WARNING: CPU: 1 PID: 4170 at arch/x86/kvm/lapic.c:336 kvm_apic_map_get_logical_dest arch/x86/kvm/lapic.c:201 [inline] WARNING: CPU: 1 PID: 4170 at arch/x86/kvm/lapic.c:336 kvm_recalculate_apic_map+0xb62/0x1180 arch/x86/kvm/lapic.c:340 Modules linked in: CPU: 1 PID: 4170 Comm: syz-executor.0 Not tainted 6.1.0-rc4-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/16/2023 RIP: 0010:kvm_recalculate_apic_map+0xb62/0x1180 arch/x86/kvm/lapic.c:336 Code: e9 70 f5 ff ff bf 18 0a 00 00 41 bd ff 00 00 00 e9 6b f7 ff ff 0f 0b e9 82 fe ff ff 49 8d 74 24 18 45 0f b6 c0 e9 b2 fe ff ff <0f> 0b e9 85 fb ff ff 48 89 df e8 6f 46 a2 00 e9 11 f7 ff ff 48 89 RSP: 0018:ffffc90003227818 EFLAGS: 00010216 RAX: 0000000000000001 RBX: ffffc90003259ad0 RCX: 1ffff1100eb1905d RDX: ffff8880758c8040 RSI: 0000000000000000 RDI: 0000000000000d00 RBP: ffffc90003259000 R08: 0000000000082000 R09: ffff88801be31000 R10: 0000000000000400 R11: ffff88807d67e014 R12: ffff88807d67e000 R13: dffffc0000000000 R14: ffffc900032599d8 R15: ffffc900032278a8 FS: 00007ff814833700(0000) GS:ffff8880b9b00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007fb6199b5300 CR3: 000000006ff8a000 CR4: 00000000003526e0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: kvm_apic_set_state+0x3fd/0xdb0 arch/x86/kvm/lapic.c:2875 kvm_vcpu_ioctl_set_lapic arch/x86/kvm/x86.c:4845 [inline] kvm_arch_vcpu_ioctl+0x19c1/0x3450 arch/x86/kvm/x86.c:5581 kvm_vcpu_ioctl+0x752/0xc40 arch/x86/kvm/../../../virt/kvm/kvm_main.c:4234 vfs_ioctl fs/ioctl.c:51 [inline] __do_sys_ioctl fs/ioctl.c:870 [inline] __se_sys_ioctl fs/ioctl.c:856 [inline] __x64_sys_ioctl+0x123/0x190 fs/ioctl.c:856 do_syscall_x64 arch/x86/entry/common.c:50 [inline] do_syscall_64+0x39/0xb0 arch/x86/entry/common.c:80 entry_SYSCALL_64_after_hwframe+0x63/0xcd RIP: 0033:0x7ff813a8c0f9 Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 f1 19 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 RSP: 002b:00007ff814833168 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 RAX: ffffffffffffffda RBX: 00007ff813babf80 RCX: 00007ff813a8c0f9 RDX: 0000000020000880 RSI: 000000004400ae8f RDI: 0000000000000005 RBP: 00007ff813ae7ae9 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 R13: 00007ffd1fec932f R14: 00007ff814833300 R15: 0000000000022000