ci starts bisection 2025-10-11 19:53:11.301385873 +0000 UTC m=+140116.840445547 bisecting fixing commit since 64980441d26995ea5599958740dbf6d791e81e27 building syzkaller on 6b6b5f21aadcc3fc3ccd91da0b782a4307229d70 ensuring issue is reproducible on original commit 64980441d26995ea5599958740dbf6d791e81e27 testing commit 64980441d26995ea5599958740dbf6d791e81e27 gcc compiler: Debian clang version 20.1.8 (++20250708063551+0c9f909b7976-1~exp1~20250708183702.136), Debian LLD 20.1.8 kernel signature: 24846d5ccce3c3c0577c5d6054685a993a5ef81c37e493eecb75beba7adfd50d all runs: crashed: WARNING in kvm_apic_accept_events representative crash: WARNING in kvm_apic_accept_events, types: [WARNING] check whether we can drop unnecessary instrumentation disabling configs for [atomic_sleep hang memleak ubsan kasan locking], they are not needed testing commit 64980441d26995ea5599958740dbf6d791e81e27 gcc compiler: Debian clang version 20.1.8 (++20250708063551+0c9f909b7976-1~exp1~20250708183702.136), Debian LLD 20.1.8 kernel signature: a1f49c84c3025127a30e1f0157c00f42c839a2a98d0107da5fdbb9f14a663d6e all runs: crashed: WARNING in kvm_apic_accept_events representative crash: WARNING in kvm_apic_accept_events, types: [WARNING] the bug reproduces without the instrumentation disabling configs for [hang memleak ubsan kasan locking atomic_sleep], they are not needed kconfig minimization: base=4108 full=8353 leaves diff=2146 split chunks (needed=false): <2146> split chunk #0 of len 2146 into 5 parts testing without sub-chunk 1/5 disabling configs for [atomic_sleep hang memleak ubsan kasan locking], they are not needed testing commit 64980441d26995ea5599958740dbf6d791e81e27 gcc compiler: Debian clang version 20.1.8 (++20250708063551+0c9f909b7976-1~exp1~20250708183702.136), Debian LLD 20.1.8 kernel signature: c2621f31242073dd563b6c163ef9084a221ffac76fc71526bea2e871faaef03f all runs: crashed: WARNING in kvm_apic_accept_events representative crash: WARNING in kvm_apic_accept_events, types: [WARNING] the chunk can be dropped testing without sub-chunk 2/5 disabling configs for [memleak ubsan kasan locking atomic_sleep hang], they are not needed testing commit 64980441d26995ea5599958740dbf6d791e81e27 gcc compiler: Debian clang version 20.1.8 (++20250708063551+0c9f909b7976-1~exp1~20250708183702.136), Debian LLD 20.1.8 kernel signature: 7aa1a902b67370e6ed5fa555de968224727e54d7553c160d0e3a6dec4223ffd2 all runs: crashed: WARNING in kvm_apic_accept_events representative crash: WARNING in kvm_apic_accept_events, types: [WARNING] the chunk can be dropped testing without sub-chunk 3/5 disabling configs for [hang memleak ubsan kasan locking atomic_sleep], they are not needed testing commit 64980441d26995ea5599958740dbf6d791e81e27 gcc compiler: Debian clang version 20.1.8 (++20250708063551+0c9f909b7976-1~exp1~20250708183702.136), Debian LLD 20.1.8 kernel signature: 597bfbfcb2adb808addcce25ccfdb6c0eecff9d19013de484e9712856d2c5856 all runs: crashed: WARNING in kvm_apic_accept_events representative crash: WARNING in kvm_apic_accept_events, types: [WARNING] the chunk can be dropped testing without sub-chunk 4/5 disabling configs for [hang memleak ubsan kasan locking atomic_sleep], they are not needed testing commit 64980441d26995ea5599958740dbf6d791e81e27 gcc compiler: Debian clang version 20.1.8 (++20250708063551+0c9f909b7976-1~exp1~20250708183702.136), Debian LLD 20.1.8 kernel signature: 699ac70df982c466e0d5fb319120c6707f2d79353d6ca3606c8feab9413376c6 all runs: crashed: WARNING in kvm_apic_accept_events representative crash: WARNING in kvm_apic_accept_events, types: [WARNING] the chunk can be dropped testing without sub-chunk 5/5 disabling configs for [locking atomic_sleep hang memleak ubsan kasan], they are not needed testing commit 64980441d26995ea5599958740dbf6d791e81e27 gcc compiler: Debian clang version 20.1.8 (++20250708063551+0c9f909b7976-1~exp1~20250708183702.136), Debian LLD 20.1.8 kernel signature: bc38f513308c7bc715fb84fc3e883a77ec95e7495cd3a5dcc11e84e6b14c11e4 all runs: OK false negative chance: 0.000 minimized to 426 configs; suspects: [ARCH_ENABLE_MEMORY_HOTREMOVE ATM BCMA BLK_DEV_ZONED BPF_SYSCALL CARDBUS CFG80211 CFG80211_WEXT CMA COMMON_CLK CONTIG_ALLOC DVB_CORE EXTCON GPIOLIB HID_ZEROPLUS I2C_MUX IIO IOMMUFD IRQ_REMAP KVM KVM_INTEL LIBNVDIMM MEDIA_ANALOG_TV_SUPPORT MEDIA_CAMERA_SUPPORT MEDIA_CEC_SUPPORT MEDIA_CONTROLLER MEDIA_DIGITAL_TV_SUPPORT MEDIA_RADIO_SUPPORT MEDIA_SDR_SUPPORT MEDIA_SUPPORT MEDIA_TEST_SUPPORT MEDIA_USB_SUPPORT MEMORY_HOTPLUG MEMORY_HOTREMOVE MFD_VIPERBOARD NOP_USB_XCEIV PARPORT PCCARD PCMCIA PHONET RADIO_ADAPTERS RADIO_SI470X RADIO_SI4713 RC_CORE RFKILL SND SOUND SPI SSB TAP TARGET_CORE TUN USB_AMD5536UDC USB_ATM USB_BELKIN USB_C67X00_HCD USB_CATC USB_CDC_PHONET USB_CDNS2_UDC USB_CDNS3 USB_CDNS3_GADGET USB_CDNS3_HOST USB_CDNS3_PCI_WRAP USB_CDNSP_GADGET USB_CDNSP_HOST USB_CDNSP_PCI USB_CDNS_HOST USB_CDNS_SUPPORT USB_CHAOSKEY USB_CHIPIDEA USB_CHIPIDEA_GENERIC USB_CHIPIDEA_HOST USB_CHIPIDEA_MSM USB_CHIPIDEA_NPCM USB_CHIPIDEA_PCI USB_CHIPIDEA_UDC USB_CONFIGFS USB_CONFIGFS_ACM USB_CONFIGFS_ECM USB_CONFIGFS_ECM_SUBSET USB_CONFIGFS_EEM USB_CONFIGFS_F_FS USB_CONFIGFS_F_HID USB_CONFIGFS_F_LB_SS USB_CONFIGFS_F_MIDI USB_CONFIGFS_F_MIDI2 USB_CONFIGFS_F_PRINTER USB_CONFIGFS_F_TCM USB_CONFIGFS_F_UAC1 USB_CONFIGFS_F_UAC1_LEGACY USB_CONFIGFS_F_UAC2 USB_CONFIGFS_F_UVC USB_CONFIGFS_MASS_STORAGE USB_CONFIGFS_NCM USB_CONFIGFS_OBEX USB_CONFIGFS_PHONET USB_CONFIGFS_RNDIS USB_CONFIGFS_SERIAL USB_CONN_GPIO USB_CXACRU USB_CYPRESS_CY7C63 USB_CYTHERM USB_DSBR USB_DUMMY_HCD USB_DWC2 USB_DWC2_HOST USB_DWC2_PCI USB_DWC3 USB_DWC3_GADGET USB_DWC3_HAPS USB_DWC3_OF_SIMPLE USB_DWC3_PCI USB_DWC3_ULPI USB_DYNAMIC_MINORS USB_EG20T USB_EHCI_FSL USB_EHCI_HCD_PLATFORM USB_EHCI_ROOT_HUB_TT USB_EHSET_TEST_FIXTURE USB_EMI26 USB_EMI62 USB_EPSON2888 USB_EZUSB_FX2 USB_FEW_INIT_RETRIES USB_F_ACM USB_F_ECM USB_F_EEM USB_F_FS USB_F_HID USB_F_MASS_STORAGE USB_F_MIDI USB_F_MIDI2 USB_F_NCM USB_F_OBEX USB_F_PHONET USB_F_PRINTER USB_F_RNDIS USB_F_SERIAL USB_F_SS_LB USB_F_SUBSET USB_F_TCM USB_F_UAC1 USB_F_UAC1_LEGACY USB_F_UAC2 USB_F_UVC USB_GADGET USB_GADGETFS USB_GADGET_DEBUG_FILES USB_GADGET_DEBUG_FS USB_GL860 USB_GOKU USB_GR_UDC USB_GSPCA USB_GSPCA_BENQ USB_GSPCA_CONEX USB_GSPCA_CPIA1 USB_GSPCA_DTCS033 USB_GSPCA_ETOMS USB_GSPCA_FINEPIX USB_GSPCA_JEILINJ USB_GSPCA_JL2005BCD USB_GSPCA_KINECT USB_GSPCA_KONICA USB_GSPCA_MARS USB_GSPCA_MR97310A USB_GSPCA_NW80X USB_GSPCA_OV519 USB_GSPCA_OV534 USB_GSPCA_OV534_9 USB_GSPCA_PAC207 USB_GSPCA_PAC7302 USB_GSPCA_PAC7311 USB_GSPCA_SE401 USB_GSPCA_SN9C2028 USB_GSPCA_SN9C20X USB_GSPCA_SONIXB USB_GSPCA_SONIXJ USB_GSPCA_SPCA1528 USB_GSPCA_SPCA500 USB_GSPCA_SPCA501 USB_GSPCA_SPCA505 USB_GSPCA_SPCA506 USB_GSPCA_SPCA508 USB_GSPCA_SPCA561 USB_GSPCA_SQ905 USB_GSPCA_SQ905C USB_GSPCA_SQ930X USB_GSPCA_STK014 USB_GSPCA_STK1135 USB_GSPCA_STV0680 USB_GSPCA_SUNPLUS USB_GSPCA_T613 USB_GSPCA_TOPRO USB_GSPCA_TOUPTEK USB_GSPCA_TV8532 USB_GSPCA_VC032X USB_GSPCA_VICAM USB_GSPCA_XIRLINK_CIT USB_GSPCA_ZC3XX USB_HACKRF USB_HCD_BCMA USB_HCD_SSB USB_HSIC_USB3503 USB_HSIC_USB4604 USB_HSO USB_HUB_USB251XB USB_IDMOUSE USB_IOWARRIOR USB_IPHETH USB_ISIGHTFW USB_ISP116X_HCD USB_ISP1301 USB_ISP1760 USB_ISP1760_DUAL_ROLE USB_ISP1760_HCD USB_ISP1761_UDC USB_KAWETH USB_KC2190 USB_KEENE USB_LAN78XX USB_LCD USB_LD USB_LEDS_TRIGGER_USBPORT USB_LED_TRIG USB_LEGOTOWER USB_LGM_PHY USB_LIBCOMPOSITE USB_LINK_LAYER_TEST USB_M5602 USB_MA901 USB_MAX3420_UDC USB_MAX3421_HCD USB_MDC800 USB_MICROTEK USB_MR800 USB_MSI2500 USB_MUSB_DUAL_ROLE USB_MUSB_HDRC USB_NET2280 USB_NET_AQC111 USB_NET_AX88179_178A USB_NET_AX8817X USB_NET_CDCETHER USB_NET_CDC_EEM USB_NET_CDC_MBIM USB_NET_CDC_NCM USB_NET_CDC_SUBSET USB_NET_CDC_SUBSET_ENABLE USB_NET_CH9200 USB_NET_CX82310_ETH USB_NET_DM9601 USB_NET_GL620A USB_NET_HUAWEI_CDC_NCM USB_NET_INT51X1 USB_NET_KALMIA USB_NET_MCS7830 USB_NET_NET1080 USB_NET_PLUSB USB_NET_QMI_WWAN USB_NET_RNDIS_HOST USB_NET_SMSC75XX USB_NET_SMSC95XX USB_NET_SR9700 USB_NET_SR9800 USB_NET_ZAURUS USB_OHCI_HCD_PLATFORM USB_OTG USB_OTG_FSM USB_OXU210HP_HCD USB_PEGASUS USB_PULSE8_CEC USB_PWC USB_PWC_INPUT_EVDEV USB_PXA27X USB_R8A66597 USB_R8A66597_HCD USB_RAINSHADOW_CEC USB_RAREMONO USB_RAW_GADGET USB_RTL8150 USB_RTL8152 USB_RTL8153_ECM USB_S2255 USB_SERIAL USB_SERIAL_AIRCABLE USB_SERIAL_ARK3116 USB_SERIAL_BELKIN USB_SERIAL_CH341 USB_SERIAL_CONSOLE USB_SERIAL_CP210X USB_SERIAL_CYBERJACK USB_SERIAL_CYPRESS_M8 USB_SERIAL_DEBUG USB_SERIAL_DIGI_ACCELEPORT USB_SERIAL_EDGEPORT USB_SERIAL_EDGEPORT_TI USB_SERIAL_EMPEG USB_SERIAL_F81232 USB_SERIAL_F8153X USB_SERIAL_FTDI_SIO USB_SERIAL_GARMIN USB_SERIAL_GENERIC USB_SERIAL_IPAQ USB_SERIAL_IPW USB_SERIAL_IR USB_SERIAL_IUU USB_SERIAL_KEYSPAN USB_SERIAL_KEYSPAN_PDA USB_SERIAL_KLSI USB_SERIAL_KOBIL_SCT USB_SERIAL_MCT_U232 USB_SERIAL_METRO USB_SERIAL_MOS7715_PARPORT USB_SERIAL_MOS7720 USB_SERIAL_MOS7840 USB_SERIAL_MXUPORT USB_SERIAL_NAVMAN USB_SERIAL_OMNINET USB_SERIAL_OPTICON USB_SERIAL_OPTION USB_SERIAL_OTI6858 USB_SERIAL_PL2303 USB_SERIAL_QCAUX USB_SERIAL_QT2 USB_SERIAL_QUALCOMM USB_SERIAL_SAFE USB_SERIAL_SIERRAWIRELESS USB_SERIAL_SIMPLE USB_SERIAL_SPCP8X5 USB_SERIAL_SSU100 USB_SERIAL_SYMBOL USB_SERIAL_TI USB_SERIAL_UPD78F0730 USB_SERIAL_VISOR USB_SERIAL_WHITEHEAT USB_SERIAL_WISHBONE USB_SERIAL_WWAN USB_SERIAL_XR USB_SERIAL_XSENS_MT USB_SEVSEG USB_SI470X USB_SI4713 USB_SIERRA_NET USB_SISUSBVGA USB_SL811_CS USB_SL811_HCD USB_SL811_HCD_ISO USB_SNP_CORE USB_SPEEDTOUCH USB_STORAGE_ALAUDA USB_STORAGE_CYPRESS_ATACB USB_STORAGE_DATAFAB USB_STORAGE_ENE_UB6250 USB_STORAGE_FREECOM USB_STORAGE_ISD200 USB_STORAGE_JUMPSHOT USB_STORAGE_KARMA USB_STORAGE_ONETOUCH USB_STORAGE_SDDR09 USB_STORAGE_SDDR55 USB_STORAGE_USBAT USB_STV06XX USB_TEST USB_TMC USB_TRANCEVIBRATOR USB_UAS USB_UEAGLEATM USB_ULPI_BUS USB_USBNET USB_USS720 USB_U_AUDIO USB_U_ETHER USB_U_SERIAL USB_VIDEO_CLASS USB_VIDEO_CLASS_INPUT_EVDEV USB_VL600 USB_WDM USB_XHCI_DBGCAP USB_XHCI_PCI_RENESAS USB_XHCI_PLATFORM USB_XUSBATM USB_YUREX USERFAULTFD USERIO USERMODE_DRIVER USER_RETURN_NOTIFIER UVC_COMMON U_SERIAL_CONSOLE V4L2_MEM2MEM_DEV V4L_TEST_DRIVERS VALIDATE_FS_PARSER VDPA VDPA_SIM VDPA_SIM_BLOCK VDPA_SIM_NET VETH VFIO VFIO_DEVICE_CDEV VFIO_PCI VFIO_PCI_CORE VFIO_PCI_INTX VFIO_VIRQFD VGASTATE VHOST VHOST_CROSS_ENDIAN_LEGACY VHOST_IOTLB VHOST_NET VHOST_RING VHOST_TASK VHOST_VDPA VHOST_VSOCK VIDEO VIDEOBUF2_CORE VIDEOBUF2_DMA_CONTIG VIDEOBUF2_DMA_SG VIDEOBUF2_MEMOPS VIDEOBUF2_V4L2 VIDEOBUF2_VMALLOC VIDEOMODE_HELPERS VIDEO_AU0828 VIDEO_AU0828_RC VIDEO_AU0828_V4L2 VIDEO_CS53L32A VIDEO_CX231XX VIDEO_CX231XX_ALSA VIDEO_CX231XX_DVB VIDEO_CX231XX_RC VIDEO_CX2341X VIDEO_CX25840 VIDEO_DEV VIDEO_EM28XX VIDEO_EM28XX_ALSA VIDEO_EM28XX_DVB VIDEO_EM28XX_RC VIDEO_EM28XX_V4L2 VIDEO_GO7007 VIDEO_GO7007_LOADER VIDEO_GO7007_USB VIDEO_GO7007_USB_S2250_BOARD VIDEO_HDPVR VIDEO_MSP3400 VIDEO_PVRUSB2 VIDEO_PVRUSB2_DVB VIDEO_PVRUSB2_SYSFS VIDEO_SAA711X VIDEO_STK1160 VIDEO_TUNER VIDEO_TVEEPROM VIDEO_USBTV VIDEO_V4L2_I2C VIDEO_V4L2_SUBDEV_API VIDEO_V4L2_TPG VIDEO_VICODEC VIDEO_VIM2M VIDEO_VIMC VIDEO_VIVID VIDEO_VIVID_CEC VIDEO_WM8775 VIPERBOARD_ADC VIRTIO_BALLOON VIRTIO_DMA_SHARED_BUFFER VIRTIO_MEM VIRTIO_MMIO VIRTIO_MMIO_CMDLINE_DEVICES VIRTIO_PMEM VIRTIO_VDPA VIRTIO_VSOCKETS VIRTIO_VSOCKETS_COMMON VIRT_WIFI VLAN_8021Q VLAN_8021Q_GVRP VLAN_8021Q_MVRP VMAP_PFN VMWARE_VMCI VMXNET3 VP_VDPA VSOCKETS VSOCKETS_DIAG VSOCKETS_LOOPBACK VSOCKMON VT_HW_CONSOLE_BINDING VXFS_FS WANT_DEV_COREDUMP WEXT_CORE WEXT_PROC WIREGUARD WIRELESS WLAN WLAN_VENDOR_ADMTEK WLAN_VENDOR_SILABS X86_64_SMP X86_SGX X86_SGX_KVM X86_USER_SHADOW_STACK XDP_SOCKETS XDP_SOCKETS_DIAG XFRM_ESPINTCP XFRM_INTERFACE XFRM_IPCOMP XFRM_MIGRATE XFRM_OFFLOAD XFRM_STATISTICS XFRM_SUB_POLICY XFRM_USER_COMPAT XFS_FS XFS_POSIX_ACL XFS_QUOTA XFS_RT XILLYBUS_CLASS XILLYUSB XOR_BLOCKS YENTA YENTA_ENE_TUNE YENTA_O2 YENTA_RICOH YENTA_TI YENTA_TOSHIBA ZEROPLUS_FF ZLIB_DEFLATE ZONEFS_FS ZPOOL ZRAM ZRAM_BACKEND_FORCE_LZO ZRAM_BACKEND_LZO ZRAM_DEF_COMP_LZO ZSMALLOC ZSTD_COMPRESS ZSWAP ZSWAP_COMPRESSOR_DEFAULT_842 ZSWAP_DEFAULT_ON ZSWAP_SHRINKER_DEFAULT_ON ZSWAP_ZPOOL_DEFAULT_ZSMALLOC] disabling configs for [kasan locking atomic_sleep hang memleak ubsan], they are not needed testing current HEAD 98906f9d850e4882004749eccb8920649dc98456 testing commit 98906f9d850e4882004749eccb8920649dc98456 gcc compiler: Debian clang version 20.1.8 (++20250708063551+0c9f909b7976-1~exp1~20250708183702.136), Debian LLD 20.1.8 kernel signature: f171105c10e2c22eaebf78a9080aff45e1c46ce5b6321459443b57609f06f9c8 all runs: OK false negative chance: 0.000 # git bisect start 98906f9d850e4882004749eccb8920649dc98456 64980441d26995ea5599958740dbf6d791e81e27 Bisecting: 15536 revisions left to test after this (roughly 14 steps) [0974f486f3dde9df1ad979d4ff341dc9c2d545f5] Merge tag 'f2fs-for-6.17-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/jaegeuk/f2fs determine whether the revision contains the guilty commit revision 64980441d26995ea5599958740dbf6d791e81e27 crashed and is reachable testing commit 0974f486f3dde9df1ad979d4ff341dc9c2d545f5 gcc compiler: Debian clang version 20.1.8 (++20250708063551+0c9f909b7976-1~exp1~20250708183702.136), Debian LLD 20.1.8 kernel signature: 390c843d14fcfbea9d0951048a0e6d5cb4e538e53b644cdd3e3d3819b83821d6 all runs: OK false negative chance: 0.000 # git bisect bad 0974f486f3dde9df1ad979d4ff341dc9c2d545f5 Bisecting: 7756 revisions left to test after this (roughly 13 steps) [02dc9d15d7784afb42ffde0ae3d8156dd09c2ff7] Merge tag 'timers-ptp-2025-07-27' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip determine whether the revision contains the guilty commit revision 64980441d26995ea5599958740dbf6d791e81e27 crashed and is reachable testing commit 02dc9d15d7784afb42ffde0ae3d8156dd09c2ff7 gcc compiler: Debian clang version 20.1.8 (++20250708063551+0c9f909b7976-1~exp1~20250708183702.136), Debian LLD 20.1.8 kernel signature: 080edbf2731ff02e55a17dfbca258cc3babbc1b0146b108a642349d81756057d all runs: crashed: WARNING in kvm_apic_accept_events representative crash: WARNING in kvm_apic_accept_events, types: [WARNING] # git bisect good 02dc9d15d7784afb42ffde0ae3d8156dd09c2ff7 Bisecting: 4513 revisions left to test after this (roughly 12 steps) [63eb28bb1402891b1ad2be02a530f29a9dd7f1cd] Merge tag 'for-linus' of git://git.kernel.org/pub/scm/virt/kvm/kvm determine whether the revision contains the guilty commit revision 64980441d26995ea5599958740dbf6d791e81e27 crashed and is reachable testing commit 63eb28bb1402891b1ad2be02a530f29a9dd7f1cd gcc compiler: Debian clang version 20.1.8 (++20250708063551+0c9f909b7976-1~exp1~20250708183702.136), Debian LLD 20.1.8 kernel signature: 7f3efa908077ad7e15090cad6867d1d4704fd798f51472b3dedee394b35e44a1 all runs: OK false negative chance: 0.000 # git bisect bad 63eb28bb1402891b1ad2be02a530f29a9dd7f1cd Bisecting: 1663 revisions left to test after this (roughly 11 steps) [55c172c13718b93300d3808b65ec326b5287c766] ssb: use new GPIO line value setter callbacks for the second GPIO chip determine whether the revision contains the guilty commit revision 64980441d26995ea5599958740dbf6d791e81e27 crashed and is reachable testing commit 55c172c13718b93300d3808b65ec326b5287c766 gcc compiler: Debian clang version 20.1.8 (++20250708063551+0c9f909b7976-1~exp1~20250708183702.136), Debian LLD 20.1.8 kernel signature: 449728be585a59f92cd49d394403e738cf640f358815536c6c29c71a4543bb04 all runs: crashed: WARNING in kvm_apic_accept_events representative crash: WARNING in kvm_apic_accept_events, types: [WARNING] # git bisect good 55c172c13718b93300d3808b65ec326b5287c766 Bisecting: 823 revisions left to test after this (roughly 10 steps) [8be4d31cb8aaeea27bde4b7ddb26e28a89062ebf] Merge tag 'net-next-6.17' of git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net-next determine whether the revision contains the guilty commit revision 64980441d26995ea5599958740dbf6d791e81e27 crashed and is reachable testing commit 8be4d31cb8aaeea27bde4b7ddb26e28a89062ebf gcc compiler: Debian clang version 20.1.8 (++20250708063551+0c9f909b7976-1~exp1~20250708183702.136), Debian LLD 20.1.8 kernel signature: 0251b8b340baec1ebb507aadcf4e0b9c6925d0f912eea79493a26952f8f99c21 all runs: crashed: WARNING in kvm_apic_accept_events representative crash: WARNING in kvm_apic_accept_events, types: [WARNING] # git bisect good 8be4d31cb8aaeea27bde4b7ddb26e28a89062ebf Bisecting: 433 revisions left to test after this (roughly 9 steps) [d50b07d05ca53fdb6c6d1581b9084c09d4e98f54] Merge tag 'trace-ringbuffer-v6.17' of git://git.kernel.org/pub/scm/linux/kernel/git/trace/linux-trace determine whether the revision contains the guilty commit revision 55c172c13718b93300d3808b65ec326b5287c766 crashed and is reachable testing commit d50b07d05ca53fdb6c6d1581b9084c09d4e98f54 gcc compiler: Debian clang version 20.1.8 (++20250708063551+0c9f909b7976-1~exp1~20250708183702.136), Debian LLD 20.1.8 kernel signature: b6a485baacb88889e53025aad9a75e60d1e4480726cc9c0a16752e001a99ca76 all runs: crashed: WARNING in kvm_apic_accept_events representative crash: WARNING in kvm_apic_accept_events, types: [WARNING] # git bisect good d50b07d05ca53fdb6c6d1581b9084c09d4e98f54 Bisecting: 215 revisions left to test after this (roughly 8 steps) [89400f0687a44f6fabacd10e9aa5cad0e15803c9] Merge tag 'kvm-x86-apic-6.17' of https://github.com/kvm-x86/linux into HEAD determine whether the revision contains the guilty commit revision 64980441d26995ea5599958740dbf6d791e81e27 crashed and is reachable testing commit 89400f0687a44f6fabacd10e9aa5cad0e15803c9 gcc compiler: Debian clang version 20.1.8 (++20250708063551+0c9f909b7976-1~exp1~20250708183702.136), Debian LLD 20.1.8 kernel signature: 3285d535be0cce4364dea6e70cceafee27e8918289cfcab2a4c159be98b923be all runs: OK false negative chance: 0.000 # git bisect bad 89400f0687a44f6fabacd10e9aa5cad0e15803c9 Bisecting: 111 revisions left to test after this (roughly 7 steps) [bbc13ae593e0ea47357ff6e4740c533c16c2ae1e] VFIO: KVM: x86: Drop kvm_arch_{start,end}_assignment() determine whether the revision contains the guilty commit revision 64980441d26995ea5599958740dbf6d791e81e27 crashed and is reachable testing commit bbc13ae593e0ea47357ff6e4740c533c16c2ae1e gcc compiler: Debian clang version 20.1.8 (++20250708063551+0c9f909b7976-1~exp1~20250708183702.136), Debian LLD 20.1.8 kernel signature: d5923defcce3a639c1141ddedc826aa5131e225bbf0db4b1af239159195382e2 all runs: crashed: WARNING in kvm_apic_accept_events representative crash: WARNING in kvm_apic_accept_events, types: [WARNING] # git bisect good bbc13ae593e0ea47357ff6e4740c533c16c2ae1e Bisecting: 57 revisions left to test after this (roughly 6 steps) [dcbe5a466c123a475bb66492749549f09b5cab00] KVM: x86: Reject KVM_SET_TSC_KHZ VM ioctl when vCPUs have been created determine whether the revision contains the guilty commit revision 64980441d26995ea5599958740dbf6d791e81e27 crashed and is reachable testing commit dcbe5a466c123a475bb66492749549f09b5cab00 gcc compiler: Debian clang version 20.1.8 (++20250708063551+0c9f909b7976-1~exp1~20250708183702.136), Debian LLD 20.1.8 kernel signature: 72b6ce616db5fb213c8b364060c847eb87dfb9c5ca8f253a559ba65adb647275 all runs: OK false negative chance: 0.000 # git bisect bad dcbe5a466c123a475bb66492749549f09b5cab00 Bisecting: 26 revisions left to test after this (roughly 5 steps) [160f143cc1317a599ef44c8d35a1328f2dd7a14d] KVM: SVM: Manually recalc all MSR intercepts on userspace MSR filter change determine whether the revision contains the guilty commit revision 64980441d26995ea5599958740dbf6d791e81e27 crashed and is reachable testing commit 160f143cc1317a599ef44c8d35a1328f2dd7a14d gcc compiler: Debian clang version 20.1.8 (++20250708063551+0c9f909b7976-1~exp1~20250708183702.136), Debian LLD 20.1.8 kernel signature: 6bfb242628018a2901cacfa24d7b8796c997b469c3fee0c5350a6b91549ce601 all runs: crashed: WARNING in kvm_apic_accept_events representative crash: WARNING in kvm_apic_accept_events, types: [WARNING] # git bisect good 160f143cc1317a599ef44c8d35a1328f2dd7a14d Bisecting: 13 revisions left to test after this (roughly 4 steps) [0792c71c1c94964952339f3251818b6dcf66c19b] KVM: selftests: Verify KVM disable interception (for userspace) on filter change determine whether the revision contains the guilty commit revision 64980441d26995ea5599958740dbf6d791e81e27 crashed and is reachable testing commit 0792c71c1c94964952339f3251818b6dcf66c19b gcc compiler: Debian clang version 20.1.8 (++20250708063551+0c9f909b7976-1~exp1~20250708183702.136), Debian LLD 20.1.8 kernel signature: 7c4dc095173a2409db60699cd5b5ac2d7296ea9011f761fd67f54b4afb58768f all runs: crashed: WARNING in kvm_apic_accept_events representative crash: WARNING in kvm_apic_accept_events, types: [WARNING] # git bisect good 0792c71c1c94964952339f3251818b6dcf66c19b Bisecting: 6 revisions left to test after this (roughly 3 steps) [e1ef1c57ff70751a62b93d513e7009155ea0b0c1] KVM: VMX: Add a macro to track which DEBUGCTL bits are host-owned determine whether the revision contains the guilty commit revision 160f143cc1317a599ef44c8d35a1328f2dd7a14d crashed and is reachable testing commit e1ef1c57ff70751a62b93d513e7009155ea0b0c1 gcc compiler: Debian clang version 20.1.8 (++20250708063551+0c9f909b7976-1~exp1~20250708183702.136), Debian LLD 20.1.8 kernel signature: 00de9b85ca29d495246758eed82ea6bc87d244c7c1cb6c8c4498f5f3dd9d579d all runs: OK false negative chance: 0.000 # git bisect bad e1ef1c57ff70751a62b93d513e7009155ea0b0c1 Bisecting: 3 revisions left to test after this (roughly 2 steps) [0fe3e8d804fdcc09ef44fbffcad8c39261a03470] KVM: x86: Move INIT_RECEIVED vs. INIT/SIPI blocked check to KVM_RUN determine whether the revision contains the guilty commit revision 64980441d26995ea5599958740dbf6d791e81e27 crashed and is reachable testing commit 0fe3e8d804fdcc09ef44fbffcad8c39261a03470 gcc compiler: Debian clang version 20.1.8 (++20250708063551+0c9f909b7976-1~exp1~20250708183702.136), Debian LLD 20.1.8 kernel signature: 09de87ce31d6c11878ae409d1c3ea3abd07a2750e7ca664d032593e1ab376312 all runs: OK false negative chance: 0.000 # git bisect bad 0fe3e8d804fdcc09ef44fbffcad8c39261a03470 Bisecting: 0 revisions left to test after this (roughly 1 step) [16777ebded414bbf5c351343e25b98da74bb48c2] KVM: x86: WARN and reject KVM_RUN if vCPU's MP_STATE is SIPI_RECEIVED determine whether the revision contains the guilty commit revision 64980441d26995ea5599958740dbf6d791e81e27 crashed and is reachable testing commit 16777ebded414bbf5c351343e25b98da74bb48c2 gcc compiler: Debian clang version 20.1.8 (++20250708063551+0c9f909b7976-1~exp1~20250708183702.136), Debian LLD 20.1.8 kernel signature: 47fdc935ee4fbb1408d5fef117f2ad34f95bc17b7e5856a6a2116648e2aa4fee all runs: crashed: WARNING in kvm_apic_accept_events representative crash: WARNING in kvm_apic_accept_events, types: [WARNING] # git bisect good 16777ebded414bbf5c351343e25b98da74bb48c2 0fe3e8d804fdcc09ef44fbffcad8c39261a03470 is the first bad commit commit 0fe3e8d804fdcc09ef44fbffcad8c39261a03470 Author: Sean Christopherson Date: Thu Jun 5 12:50:17 2025 -0700 KVM: x86: Move INIT_RECEIVED vs. INIT/SIPI blocked check to KVM_RUN Check for the should-be-impossible scenario of a vCPU being in Wait-For-SIPI with INIT/SIPI blocked during KVM_RUN instead of trying to detect and prevent illegal combinations in every ioctl that sets relevant state. Attempting to handle every possible "set" path is a losing game of whack-a-mole, and risks breaking userspace. E.g. INIT/SIPI are blocked on Intel if the vCPU is in VMX Root mode (post-VMXON), and on AMD if GIF=0. Handling those scenarios would require potentially breaking changes to {vmx,svm}_set_nested_state(). Moving the check to KVM_RUN fixes a syzkaller-induced splat due to the aforementioned VMXON case, and in theory should close the hole once and for all. Note, kvm_x86_vcpu_pre_run() already handles SIPI_RECEIVED, only the WFS case needs additional attention. Reported-by: syzbot+c1cbaedc2613058d5194@syzkaller.appspotmail.com Closes: https://syzkaller.appspot.com/bug?id=490ae63d8d89cb82c5d462d16962cf371df0e476 Link: https://lore.kernel.org/r/20250605195018.539901-4-seanjc@google.com Signed-off-by: Sean Christopherson arch/x86/kvm/x86.c | 24 ++++++++---------------- 1 file changed, 8 insertions(+), 16 deletions(-) accumulated error probability: 0.00 culprit signature: 09de87ce31d6c11878ae409d1c3ea3abd07a2750e7ca664d032593e1ab376312 parent signature: 47fdc935ee4fbb1408d5fef117f2ad34f95bc17b7e5856a6a2116648e2aa4fee revisions tested: 22, total time: 6h59m37.271989682s (build: 4h12m23.732462276s, test: 2h17m16.519687642s) first good commit: 0fe3e8d804fdcc09ef44fbffcad8c39261a03470 KVM: x86: Move INIT_RECEIVED vs. INIT/SIPI blocked check to KVM_RUN recipients (to): ["linux-kernel@vger.kernel.org" "seanjc@google.com"] recipients (cc): ["bp@alien8.de" "dave.hansen@linux.intel.com" "hpa@zytor.com" "kvm@vger.kernel.org" "mingo@redhat.com" "pbonzini@redhat.com" "seanjc@google.com" "tglx@linutronix.de" "x86@kernel.org"]