bisecting cause commit starting from 00aff6836241ae5654895dcea10e6d4fc5878ca6 building syzkaller on dc438b91deb00a8ad5634a9c55903e0b1a537c61 testing commit 00aff6836241ae5654895dcea10e6d4fc5878ca6 with gcc (GCC) 8.1.0 run #0: crashed: INFO: task hung in synchronize_rcu run #1: crashed: INFO: task hung in synchronize_rcu run #2: crashed: INFO: task hung in synchronize_rcu run #3: crashed: INFO: task hung in synchronize_rcu run #4: OK run #5: OK run #6: OK run #7: OK run #8: OK run #9: OK testing release v5.3 testing commit 4d856f72c10ecb060868ed10ff1b1453943fc6c8 with gcc (GCC) 8.1.0 all runs: OK # git bisect start 00aff6836241ae5654895dcea10e6d4fc5878ca6 4d856f72c10ecb060868ed10ff1b1453943fc6c8 Bisecting: 7647 revisions left to test after this (roughly 13 steps) [ff175d0b0eab99f512b9afdb571f0ed18b63f533] netfilter: nf_tables_offload: fix always true policy is unset check testing commit ff175d0b0eab99f512b9afdb571f0ed18b63f533 with gcc (GCC) 8.1.0 all runs: OK # git bisect good ff175d0b0eab99f512b9afdb571f0ed18b63f533 Bisecting: 3848 revisions left to test after this (roughly 12 steps) [7ce1e15d9a85a2b589a68a04afb2b2ded109b680] Merge tag 'for_v5.4-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/jack/linux-fs testing commit 7ce1e15d9a85a2b589a68a04afb2b2ded109b680 with gcc (GCC) 8.1.0 all runs: OK # git bisect good 7ce1e15d9a85a2b589a68a04afb2b2ded109b680 Bisecting: 1922 revisions left to test after this (roughly 11 steps) [50dfd03d9579cde9150679e90f8f244c626b7a09] Merge tag 'for-linus-5.4-rc2-tag' of git://git.kernel.org/pub/scm/linux/kernel/git/xen/tip testing commit 50dfd03d9579cde9150679e90f8f244c626b7a09 with gcc (GCC) 8.1.0 all runs: OK # git bisect good 50dfd03d9579cde9150679e90f8f244c626b7a09 Bisecting: 961 revisions left to test after this (roughly 10 steps) [188768f3c0727d4cb95eaad6c67799449aebcc03] Merge branch 'timers-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip testing commit 188768f3c0727d4cb95eaad6c67799449aebcc03 with gcc (GCC) 8.1.0 all runs: OK # git bisect good 188768f3c0727d4cb95eaad6c67799449aebcc03 Bisecting: 478 revisions left to test after this (roughly 9 steps) [0821de28961d58df44ed390d2460f05c9b5195a9] Merge tag 'for-linus-20191101' of git://git.kernel.dk/linux-block testing commit 0821de28961d58df44ed390d2460f05c9b5195a9 with gcc (GCC) 8.1.0 run #0: crashed: general protection fault in kvm_coalesced_mmio_init run #1: crashed: general protection fault in kvm_coalesced_mmio_init run #2: crashed: INFO: task hung in synchronize_rcu run #3: crashed: INFO: task hung in synchronize_rcu run #4: crashed: INFO: task hung in synchronize_rcu run #5: crashed: INFO: task hung in synchronize_rcu run #6: crashed: INFO: task hung in synchronize_rcu run #7: OK run #8: OK run #9: OK # git bisect bad 0821de28961d58df44ed390d2460f05c9b5195a9 Bisecting: 240 revisions left to test after this (roughly 8 steps) [f877bee5ea0b56c39cd0a243e113a577b5a4ef92] Merge tag 's390-5.4-5' of git://git.kernel.org/pub/scm/linux/kernel/git/s390/linux testing commit f877bee5ea0b56c39cd0a243e113a577b5a4ef92 with gcc (GCC) 8.1.0 all runs: OK # git bisect good f877bee5ea0b56c39cd0a243e113a577b5a4ef92 Bisecting: 120 revisions left to test after this (roughly 7 steps) [23fdb198ae81f47a574296dab5167c5e136a02ba] Merge tag 'fuse-fixes-5.4-rc6' of git://git.kernel.org/pub/scm/linux/kernel/git/mszeredi/fuse testing commit 23fdb198ae81f47a574296dab5167c5e136a02ba with gcc (GCC) 8.1.0 all runs: OK # git bisect good 23fdb198ae81f47a574296dab5167c5e136a02ba Bisecting: 45 revisions left to test after this (roughly 6 steps) [146162449186f95bf123f59fa57a2c28a8a075e5] Merge tag 'drm-fixes-2019-11-01' of git://anongit.freedesktop.org/drm/drm testing commit 146162449186f95bf123f59fa57a2c28a8a075e5 with gcc (GCC) 8.1.0 all runs: OK # git bisect good 146162449186f95bf123f59fa57a2c28a8a075e5 Bisecting: 21 revisions left to test after this (roughly 5 steps) [355f83c1d098c27b3d912c7a397c13be17de6476] Merge branch 'perf-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip testing commit 355f83c1d098c27b3d912c7a397c13be17de6476 with gcc (GCC) 8.1.0 run #0: crashed: general protection fault in kvm_coalesced_mmio_init run #1: crashed: INFO: task hung in synchronize_rcu run #2: crashed: INFO: task hung in synchronize_rcu run #3: crashed: INFO: task hung in synchronize_rcu run #4: crashed: INFO: task hung in synchronize_rcu run #5: OK run #6: OK run #7: OK run #8: OK run #9: OK # git bisect bad 355f83c1d098c27b3d912c7a397c13be17de6476 Bisecting: 12 revisions left to test after this (roughly 4 steps) [d540c398db780271a81690eeb2bbc61876c37904] Merge tag 'arm64-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux testing commit d540c398db780271a81690eeb2bbc61876c37904 with gcc (GCC) 8.1.0 run #0: crashed: general protection fault in kvm_coalesced_mmio_init run #1: crashed: general protection fault in kvm_coalesced_mmio_init run #2: crashed: INFO: task hung in synchronize_rcu run #3: crashed: INFO: task hung in synchronize_rcu run #4: crashed: INFO: task hung in synchronize_rcu run #5: crashed: INFO: task hung in synchronize_rcu run #6: crashed: INFO: task hung in synchronize_rcu run #7: OK run #8: OK run #9: OK # git bisect bad d540c398db780271a81690eeb2bbc61876c37904 Bisecting: 5 revisions left to test after this (roughly 3 steps) [e059770cb1cdfbcbe3f1748f76005861cc79dd1a] arm64: Brahma-B53 is SSB and spectre v2 safe testing commit e059770cb1cdfbcbe3f1748f76005861cc79dd1a with gcc (GCC) 8.1.0 all runs: OK # git bisect good e059770cb1cdfbcbe3f1748f76005861cc79dd1a Bisecting: 2 revisions left to test after this (roughly 2 steps) [9167ab79936206118cc60e47dcb926c3489f3bd5] KVM: vmx, svm: always run with EFER.NXE=1 when shadow paging is active testing commit 9167ab79936206118cc60e47dcb926c3489f3bd5 with gcc (GCC) 8.1.0 run #0: crashed: INFO: task hung in synchronize_rcu run #1: crashed: INFO: task hung in synchronize_rcu run #2: crashed: INFO: task hung in synchronize_rcu run #3: crashed: INFO: task hung in synchronize_rcu run #4: crashed: general protection fault in kvm_coalesced_mmio_init run #5: crashed: INFO: task hung in synchronize_rcu run #6: OK run #7: OK run #8: OK run #9: OK # git bisect bad 9167ab79936206118cc60e47dcb926c3489f3bd5 Bisecting: 0 revisions left to test after this (roughly 1 step) [a97b0e773e492ae319a7e981e98962a1060215f9] kvm: call kvm_arch_destroy_vm if vm creation fails testing commit a97b0e773e492ae319a7e981e98962a1060215f9 with gcc (GCC) 8.1.0 run #0: crashed: INFO: task hung in synchronize_rcu run #1: crashed: INFO: task hung in synchronize_rcu run #2: crashed: INFO: task hung in synchronize_rcu run #3: crashed: INFO: task hung in synchronize_rcu run #4: crashed: INFO: task hung in synchronize_rcu run #5: crashed: general protection fault in kvm_coalesced_mmio_init run #6: OK run #7: OK run #8: OK run #9: OK # git bisect bad a97b0e773e492ae319a7e981e98962a1060215f9 Bisecting: 0 revisions left to test after this (roughly 0 steps) [9121923c457d1d8667a6e3a67302c29e5c5add6b] kvm: Allocate memslots and buses before calling kvm_arch_init_vm testing commit 9121923c457d1d8667a6e3a67302c29e5c5add6b with gcc (GCC) 8.1.0 run #0: crashed: general protection fault in kvm_coalesced_mmio_init run #1: crashed: general protection fault in kvm_coalesced_mmio_init run #2: crashed: general protection fault in kvm_coalesced_mmio_init run #3: crashed: general protection fault in kvm_coalesced_mmio_init run #4: crashed: general protection fault in kvm_coalesced_mmio_init run #5: crashed: general protection fault in kvm_coalesced_mmio_init run #6: crashed: general protection fault in kvm_coalesced_mmio_init run #7: OK run #8: OK run #9: OK # git bisect bad 9121923c457d1d8667a6e3a67302c29e5c5add6b 9121923c457d1d8667a6e3a67302c29e5c5add6b is the first bad commit commit 9121923c457d1d8667a6e3a67302c29e5c5add6b Author: Jim Mattson Date: Thu Oct 24 16:03:26 2019 -0700 kvm: Allocate memslots and buses before calling kvm_arch_init_vm This reorganization will allow us to call kvm_arch_destroy_vm in the event that kvm_create_vm fails after calling kvm_arch_init_vm. Suggested-by: Junaid Shahid Signed-off-by: Jim Mattson Reviewed-by: Junaid Shahid Signed-off-by: Paolo Bonzini :040000 040000 7f6dc6857c76fcd68095f116c77b51df7455fc7f 398831880e519dc087b95cbba734b838a7a01f37 M virt revisions tested: 16, total time: 4h24m30.45120472s (build: 1h39m19.168108169s, test: 2h40m5.59012243s) first bad commit: 9121923c457d1d8667a6e3a67302c29e5c5add6b kvm: Allocate memslots and buses before calling kvm_arch_init_vm cc: ["jmattson@google.com" "junaids@google.com" "kvm@vger.kernel.org" "linux-kernel@vger.kernel.org" "pbonzini@redhat.com" "rkrcmar@redhat.com"] crash: general protection fault in kvm_coalesced_mmio_init kasan: CONFIG_KASAN_INLINE enabled kasan: GPF could be caused by NULL-ptr deref or user memory access general protection fault: 0000 [#1] PREEMPT SMP KASAN CPU: 1 PID: 11174 Comm: syz-executor.3 Not tainted 5.4.0-rc4+ #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 RIP: 0010:kvm_coalesced_mmio_init+0x5d/0x110 arch/x86/kvm/../../../virt/kvm/coalesced_mmio.c:121 Code: 00 48 01 d0 48 ba 00 00 00 00 80 88 ff ff 48 c1 f8 06 48 89 f9 48 c1 e0 0c 48 c1 e9 03 48 01 d0 48 ba 00 00 00 00 00 fc ff df <80> 3c 11 00 0f 85 8e 00 00 00 48 89 83 d8 96 00 00 48 c7 c2 60 0a RSP: 0018:ffff88808f997c08 EFLAGS: 00010286 RAX: ffff88809853e000 RBX: 0000000000000000 RCX: 00000000000012db RDX: dffffc0000000000 RSI: 0000000000000000 RDI: 00000000000096d8 RBP: ffff88808f997c20 R08: ffffed1015d66b75 R09: ffffed1015d66b75 R10: ffffed1015d66b74 R11: ffff8880aeb35ba3 R12: ffffffff8828a220 R13: dffffc0000000000 R14: 1ffff11011f32f8f R15: 0000000000000000 FS: 00007ff142e5e700(0000) GS:ffff8880aeb00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007ffe3259bf00 CR3: 000000008168a000 CR4: 00000000001426e0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: kvm_dev_ioctl_create_vm arch/x86/kvm/../../../virt/kvm/kvm_main.c:3446 [inline] kvm_dev_ioctl+0x781/0x1490 arch/x86/kvm/../../../virt/kvm/kvm_main.c:3494 vfs_ioctl fs/ioctl.c:46 [inline] file_ioctl fs/ioctl.c:509 [inline] do_vfs_ioctl+0x196/0x1150 fs/ioctl.c:696 ksys_ioctl+0x62/0x90 fs/ioctl.c:713 __do_sys_ioctl fs/ioctl.c:720 [inline] __se_sys_ioctl fs/ioctl.c:718 [inline] __x64_sys_ioctl+0x6e/0xb0 fs/ioctl.c:718 do_syscall_64+0xca/0x5d0 arch/x86/entry/common.c:290 entry_SYSCALL_64_after_hwframe+0x49/0xbe RIP: 0033:0x45a219 Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 RSP: 002b:00007ff142e5dc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 000000000045a219 RDX: 0000000000000000 RSI: 000000000000ae01 RDI: 0000000000000004 RBP: 000000000075bfc8 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 00007ff142e5e6d4 R13: 00000000004c348b R14: 00000000004d7708 R15: 00000000ffffffff Modules linked in: ---[ end trace 1680266c6f6b83fe ]--- RIP: 0010:kvm_coalesced_mmio_init+0x5d/0x110 arch/x86/kvm/../../../virt/kvm/coalesced_mmio.c:121 Code: 00 48 01 d0 48 ba 00 00 00 00 80 88 ff ff 48 c1 f8 06 48 89 f9 48 c1 e0 0c 48 c1 e9 03 48 01 d0 48 ba 00 00 00 00 00 fc ff df <80> 3c 11 00 0f 85 8e 00 00 00 48 89 83 d8 96 00 00 48 c7 c2 60 0a RSP: 0018:ffff88808f997c08 EFLAGS: 00010286 RAX: ffff88809853e000 RBX: 0000000000000000 RCX: 00000000000012db RDX: dffffc0000000000 RSI: 0000000000000000 RDI: 00000000000096d8 RBP: ffff88808f997c20 R08: ffffed1015d66b75 R09: ffffed1015d66b75 R10: ffffed1015d66b74 R11: ffff8880aeb35ba3 R12: ffffffff8828a220 R13: dffffc0000000000 R14: 1ffff11011f32f8f R15: 0000000000000000 FS: 00007ff142e5e700(0000) GS:ffff8880aeb00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 0000000001d2ee80 CR3: 000000008168a000 CR4: 00000000001426e0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400