ci2 starts bisection 2023-08-18 22:12:27.027152898 +0000 UTC m=+141.554729938 bisecting fixing commit since 9d6bde853685609a631871d7c12be94fdf8d912e building syzkaller on f325deb023e4e2fb9197004be1b3da738680429c ensuring issue is reproducible on original commit 9d6bde853685609a631871d7c12be94fdf8d912e testing commit 9d6bde853685609a631871d7c12be94fdf8d912e gcc compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: d568d104cae8b936e643bbdbe99b04ce796ea2141c418f8aab81d14e70cbdd5c all runs: crashed: WARNING in vmx_queue_exception representative crash: WARNING in vmx_queue_exception, types: [WARNING] check whether we can drop unnecessary instrumentation disabling configs for [HANG LEAK UBSAN KASAN LOCKDEP ATOMIC_SLEEP], they are not needed testing commit 9d6bde853685609a631871d7c12be94fdf8d912e gcc compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: c2fe7958c2c967c8d69c6c76c68e1d241315723a5cd13762addf2176d832e192 all runs: crashed: WARNING in vmx_queue_exception representative crash: WARNING in vmx_queue_exception, types: [WARNING] the bug reproduces without the instrumentation disabling configs for [HANG LEAK UBSAN KASAN LOCKDEP ATOMIC_SLEEP], they are not needed kconfig minimization: base=3703 full=7269 leaves diff=1979 split chunks (needed=false): <1979> split chunk #0 of len 1979 into 5 parts testing without sub-chunk 1/5 disabling configs for [ATOMIC_SLEEP HANG LEAK UBSAN KASAN LOCKDEP], they are not needed testing commit 9d6bde853685609a631871d7c12be94fdf8d912e gcc compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: c008f5590946f863fdd701d29f562f56fbab5063b18d7f7dead4b814dc0b3462 all runs: crashed: WARNING in vmx_queue_exception representative crash: WARNING in vmx_queue_exception, types: [WARNING] the chunk can be dropped testing without sub-chunk 2/5 disabling configs for [ATOMIC_SLEEP HANG LEAK UBSAN KASAN LOCKDEP], they are not needed testing commit 9d6bde853685609a631871d7c12be94fdf8d912e gcc compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: c2e0eaf0ce099128e43a5617ae1c0468032064b55ad4deaed848ccfa4ee12091 all runs: crashed: WARNING in vmx_queue_exception representative crash: WARNING in vmx_queue_exception, types: [WARNING] the chunk can be dropped testing without sub-chunk 3/5 disabling configs for [HANG LEAK UBSAN KASAN LOCKDEP ATOMIC_SLEEP], they are not needed testing commit 9d6bde853685609a631871d7c12be94fdf8d912e gcc compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 0d45b32ac93f5c573e45cda27cd28df434e9d0fce8273d3ce416d33b22657af5 all runs: OK false negative chance: 0.000 testing without sub-chunk 4/5 disabling configs for [HANG LEAK UBSAN KASAN LOCKDEP ATOMIC_SLEEP], they are not needed testing commit 9d6bde853685609a631871d7c12be94fdf8d912e gcc compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: ea48f9a29920c6f36f8203bed87c76f1622141d50f5bb40b5caeaf7d3d97daea all runs: crashed: WARNING in vmx_queue_exception representative crash: WARNING in vmx_queue_exception, types: [WARNING] the chunk can be dropped testing without sub-chunk 5/5 disabling configs for [KASAN LOCKDEP ATOMIC_SLEEP HANG LEAK UBSAN], they are not needed testing commit 9d6bde853685609a631871d7c12be94fdf8d912e gcc compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 29ddd34ee5e98a3eec5da371047f6d660517b44788ee1684b05b2bcfa6669bc8 all runs: crashed: WARNING in vmx_queue_exception representative crash: WARNING in vmx_queue_exception, types: [WARNING] the chunk can be dropped minimized to 396 configs; suspects: [ATM AX25 BRIDGE BRIDGE_NETFILTER CAN CFG80211 CHECKPOINT_RESTORE DVB_CORE FB FSCACHE HAMRADIO HSR INFINIBAND INFINIBAND_ADDR_TRANS INFINIBAND_USER_ACCESS INPUT_JOYSTICK INPUT_MOUSE IP6_NF_RAW IPV6_MULTIPLE_TABLES IP_NF_RAW IP_SET IP_VS ISDN JFFS2_FS JFFS2_FS_SECURITY JFFS2_FS_WRITEBUFFER JFFS2_FS_XATTR JFFS2_LZO JFFS2_RTIME JFFS2_RUBIN JFFS2_SUMMARY JFFS2_ZLIB JFS_DEBUG JFS_FS JFS_POSIX_ACL JFS_SECURITY JOYSTICK_IFORCE JOYSTICK_IFORCE_USB JOYSTICK_XPAD JOYSTICK_XPAD_FF JOYSTICK_XPAD_LEDS KARMA_PARTITION KCOV KCOV_ENABLE_COMPARISONS KCOV_INSTRUMENT_ALL KEYS_REQUEST_CACHE KEY_DH_OPERATIONS KEY_NOTIFICATIONS KSM KVM KVM_AMD KVM_ASYNC_PF KVM_COMPAT KVM_GENERIC_DIRTYLOG_READ_PROTECT KVM_INTEL KVM_MMIO KVM_VFIO KVM_XEN KVM_XFER_TO_GUEST_WORK L2TP L2TP_ETH L2TP_IP L2TP_V3 LAPB LAPBETHER LDM_PARTITION LEDS_TRIGGER_AUDIO LEGACY_PTYS LIBNVDIMM LINEAR_RANGES LLC LLC2 LOGIG940_FF LOGIRUMBLEPAD2_FF LOGO LOGO_LINUX_MONO LOGO_LINUX_VGA16 LPC_ICH LWTUNNEL LWTUNNEL_BPF LZ4HC_COMPRESS LZ4_COMPRESS MAC80211 MAC80211_DEBUGFS MAC80211_HAS_RC MAC80211_HWSIM MAC80211_MESH MAC80211_RC_DEFAULT_MINSTREL MAC80211_RC_MINSTREL MACSEC MACVLAN MACVTAP MAC_PARTITION MAPPING_DIRTY_HELPERS MD_LINEAR MD_MULTIPATH MD_RAID0 MD_RAID1 MD_RAID10 MD_RAID456 MEDIA_ANALOG_TV_SUPPORT MEDIA_ATTACH MEDIA_CONTROLLER MEDIA_CONTROLLER_DVB MEDIA_CONTROLLER_REQUEST_API MEDIA_DIGITAL_TV_SUPPORT MEDIA_RADIO_SUPPORT MEDIA_SDR_SUPPORT MEDIA_SUPPORT MEDIA_SUPPORT_FILTER MEDIA_TUNER MEDIA_TUNER_MSI001 MEDIA_TUNER_XC2028 MEDIA_TUNER_XC5000 MEMORY_BALLOON MEMORY_HOTPLUG MEMORY_HOTPLUG_DEFAULT_ONLINE MEMORY_ISOLATION MEMREGION MEMSTICK MEMSTICK_REALTEK_USB MEM_SOFT_DIRTY MFD_CORE MFD_SYSCON MHI_BUS MHI_WWAN_CTRL MHP_MEMMAP_ON_MEMORY MICROCHIP_PHY MINIX_FS MINIX_SUBPARTITION MISC_RTSX MISC_RTSX_USB MISDN MISDN_DSP MISDN_HFCUSB MISDN_L1OIP MKISS MLX4_CORE MLX4_INFINIBAND MMC MMC_REALTEK_USB MMC_USHC MMC_VUB300 MMU_NOTIFIER MODULE_SRCVERSION_ALL MODVERSIONS MOST MOUSE_APPLETOUCH MOUSE_BCM5974 MOUSE_PS2 MOUSE_PS2_ALPS MOUSE_PS2_BYD MOUSE_PS2_CYPRESS MOUSE_PS2_FOCALTECH MOUSE_PS2_LIFEBOOK MOUSE_PS2_LOGIPS2PP MOUSE_PS2_SMBUS MOUSE_PS2_SYNAPTICS MOUSE_PS2_SYNAPTICS_SMBUS MOUSE_PS2_TRACKPOINT MOUSE_SYNAPTICS_USB MPLS MPLS_IPTUNNEL MPLS_ROUTING MPTCP MPTCP_IPV6 MRP MTD MTD_BLKDEVS MTD_BLOCK MTD_BLOCK2MTD MTD_CFI_I1 MTD_CFI_I2 MTD_MAP_BANK_WIDTH_1 MTD_MAP_BANK_WIDTH_2 MTD_MAP_BANK_WIDTH_4 MTD_MTDRAM MTD_PHRAM MTD_SLRAM MUSB_PIO_ONLY ND_BLK ND_BTT ND_CLAIM ND_PFN NETDEVSIM NETFILTER_ADVANCED NETFILTER_FAMILY_ARP NETFILTER_FAMILY_BRIDGE NETFILTER_NETLINK_ACCT NETFILTER_NETLINK_GLUE_CT NETFILTER_NETLINK_OSF NETFILTER_NETLINK_QUEUE NETFILTER_SYNPROXY NETFILTER_XT_CONNMARK NETFILTER_XT_MATCH_BPF NETFILTER_XT_MATCH_CGROUP NETFILTER_XT_MATCH_CLUSTER NETFILTER_XT_MATCH_COMMENT NETFILTER_XT_MATCH_CONNBYTES NETFILTER_XT_MATCH_CONNLABEL NETFILTER_XT_MATCH_CONNLIMIT NETFILTER_XT_MATCH_CONNMARK NETFILTER_XT_MATCH_CPU NETFILTER_XT_MATCH_DCCP NETFILTER_XT_MATCH_DEVGROUP NETFILTER_XT_MATCH_DSCP NETFILTER_XT_MATCH_ECN NETFILTER_XT_MATCH_ESP NETFILTER_XT_MATCH_HASHLIMIT NETFILTER_XT_MATCH_HELPER NETFILTER_XT_MATCH_HL NETFILTER_XT_MATCH_IPCOMP NETFILTER_XT_MATCH_IPRANGE NETFILTER_XT_MATCH_IPVS NETFILTER_XT_MATCH_L2TP NETFILTER_XT_MATCH_LENGTH NETFILTER_XT_MATCH_LIMIT NETFILTER_XT_MATCH_MAC NETFILTER_XT_MATCH_MARK NETFILTER_XT_MATCH_MULTIPORT NETFILTER_XT_MATCH_NFACCT NETFILTER_XT_MATCH_OSF NETFILTER_XT_MATCH_OWNER NETFILTER_XT_MATCH_PHYSDEV NETFILTER_XT_MATCH_PKTTYPE NETFILTER_XT_MATCH_QUOTA NETFILTER_XT_MATCH_RATEEST NETFILTER_XT_MATCH_REALM NETFILTER_XT_MATCH_RECENT NETFILTER_XT_MATCH_SCTP NETFILTER_XT_MATCH_SOCKET NETFILTER_XT_MATCH_STATISTIC NETFILTER_XT_MATCH_STRING NETFILTER_XT_MATCH_TCPMSS NETFILTER_XT_MATCH_TIME NETFILTER_XT_MATCH_U32 NETFILTER_XT_SET NETFILTER_XT_TARGET_AUDIT NETFILTER_XT_TARGET_CHECKSUM NETFILTER_XT_TARGET_CLASSIFY NETFILTER_XT_TARGET_CONNMARK NETFILTER_XT_TARGET_CT NETFILTER_XT_TARGET_DSCP NETFILTER_XT_TARGET_HL NETFILTER_XT_TARGET_HMARK NETFILTER_XT_TARGET_IDLETIMER NETFILTER_XT_TARGET_LED NETFILTER_XT_TARGET_MARK NETFILTER_XT_TARGET_NETMAP NETFILTER_XT_TARGET_NFQUEUE NETFILTER_XT_TARGET_NOTRACK NETFILTER_XT_TARGET_RATEEST NETFILTER_XT_TARGET_REDIRECT NETFILTER_XT_TARGET_TCPOPTSTRIP NETFILTER_XT_TARGET_TEE NETFILTER_XT_TARGET_TPROXY NETFILTER_XT_TARGET_TRACE NETFS_SUPPORT NETLABEL NETLINK_DIAG NETROM NET_9P_RDMA NET_ACT_BPF NET_ACT_CONNMARK NET_ACT_CSUM NET_ACT_CT NET_ACT_CTINFO NET_ACT_GATE NET_ACT_IFE NET_ACT_IPT NET_ACT_MPLS NET_ACT_NAT NET_ACT_PEDIT NET_ACT_POLICE NET_ACT_SAMPLE NET_ACT_SIMP NET_ACT_SKBEDIT NET_ACT_SKBMOD NET_ACT_TUNNEL_KEY NET_ACT_VLAN NET_CLS_BASIC NET_CLS_BPF NET_CLS_CGROUP NET_CLS_FLOW NET_CLS_FLOWER NET_CLS_FW NET_CLS_MATCHALL NET_CLS_ROUTE4 NET_CLS_RSVP NET_CLS_RSVP6 NET_DEVLINK NET_DROP_MONITOR NET_DSA NET_DSA_TAG_BRCM NET_DSA_TAG_BRCM_COMMON NET_DSA_TAG_BRCM_PREPEND NET_DSA_TAG_MTK NET_DSA_TAG_QCA NET_DSA_TAG_RTL4_A NET_EGRESS NET_EMATCH_CANID NET_EMATCH_CMP NET_EMATCH_IPSET NET_EMATCH_IPT NET_EMATCH_META NET_EMATCH_NBYTE NET_EMATCH_TEXT NET_EMATCH_U32 NET_FC NET_FOU NET_FOU_IP_TUNNELS NET_IFE NET_IFE_SKBMARK NET_IFE_SKBPRIO NET_IFE_SKBTCINDEX NET_IPGRE NET_IPGRE_BROADCAST NET_IPGRE_DEMUX NET_IPIP NET_IPVTI NET_KEY NET_KEY_MIGRATE NET_L3_MASTER_DEV NET_MPLS_GSO NET_NCSI NET_NSH NET_REDIRECT NET_SCH_ATM NET_SCH_CAKE NET_SCH_CBQ NET_SCH_CBS NET_SCH_CHOKE NET_SCH_CODEL NET_SCH_DRR NET_SCH_DSMARK NET_SCH_ETF NET_SCH_ETS NET_SCH_FQ NET_SCH_FQ_CODEL NET_SCH_FQ_PIE NET_SCH_GRED NET_SCH_HFSC NET_SCH_HHF NET_SCH_HTB NET_SCH_INGRESS NET_SCH_MQPRIO NET_SCH_MULTIQ NET_SCH_NETEM NET_SCH_PIE NET_SCH_PLUG NET_SCH_PRIO NET_SCH_QFQ NET_SCH_RED NET_SCH_SFB NET_SCH_SFQ NET_SCH_SKBPRIO NET_SCH_TAPRIO NET_SCH_TBF NET_SCH_TEQL NET_SOCK_MSG NET_SWITCHDEV NET_TC_SKB_EXT NET_TEAM NET_TEAM_MODE_ACTIVEBACKUP NET_TEAM_MODE_BROADCAST NET_TEAM_MODE_LOADBALANCE NET_TEAM_MODE_RANDOM NET_TEAM_MODE_ROUNDROBIN NET_UDP_TUNNEL NET_VRF NFC NFC_DIGITAL NFC_FDP NFC_HCI NFC_MRVL NFC_MRVL_USB NFC_NCI NFC_NCI_UART NFC_PN533 NFC_PN533_USB NFC_PORT100 NFC_SHDLC NFC_SIM NFC_VIRTUAL_NCI NFSD NFSD_BLOCKLAYOUT NFSD_FLEXFILELAYOUT NFSD_PNFS NFSD_SCSILAYOUT NFSD_V2_ACL NFSD_V3 NFSD_V3_ACL NFSD_V4 NFSD_V4_2_INTER_SSC NFSD_V4_SECURITY_LABEL NFS_FSCACHE NFS_V4_1 NFS_V4_2 NFS_V4_2_READ_PLUS NFS_V4_2_SSC_HELPER NFS_V4_SECURITY_LABEL NFT_BRIDGE_META NFT_BRIDGE_REJECT NFT_COMPAT NFT_CONNLIMIT NFT_COUNTER NFT_CT NFT_DUP_IPV4 NFT_DUP_IPV6 NFT_DUP_NETDEV NFT_FIB NFT_FIB_INET NFT_FIB_IPV4 NFT_FIB_IPV6 NFT_FIB_NETDEV NFT_FLOW_OFFLOAD NFT_HASH NFT_LIMIT NFT_LOG NFT_MASQ NFT_NAT NFT_NUMGEN NFT_OBJREF NFT_OSF NFT_QUEUE NFT_QUOTA NFT_REDIR NFT_REJECT NFT_REJECT_INET NFT_REJECT_IPV4 NFT_REJECT_IPV6 NFT_REJECT_NETDEV NFT_SOCKET NFT_SYNPROXY NFT_TPROXY NFT_TUNNEL NFT_XFRM NF_CONNTRACK_AMANDA NF_CONNTRACK_BRIDGE NF_CONNTRACK_BROADCAST NF_CONNTRACK_EVENTS NF_CONNTRACK_H323 NF_CONNTRACK_LABELS NF_CONNTRACK_MARK NF_CONNTRACK_NETBIOS_NS NF_CONNTRACK_PPTP NF_CONNTRACK_SANE NF_CONNTRACK_SNMP NF_CONNTRACK_TFTP NF_CONNTRACK_TIMEOUT NF_CONNTRACK_TIMESTAMP NF_CONNTRACK_ZONES NF_CT_NETLINK_HELPER NF_CT_NETLINK_TIMEOUT NF_CT_PROTO_DCCP NF_CT_PROTO_GRE NF_CT_PROTO_SCTP NF_CT_PROTO_UDPLITE NF_DUP_IPV4 NF_DUP_IPV6 NF_DUP_NETDEV NF_FLOW_TABLE NF_FLOW_TABLE_INET NF_FLOW_TABLE_IPV4 NF_FLOW_TABLE_IPV6 NF_NAT_AMANDA NF_NAT_H323 NF_NAT_PPTP NF_NAT_REDIRECT NF_NAT_SNMP_BASIC NF_NAT_TFTP NF_SOCKET_IPV4 NF_SOCKET_IPV6 NF_TABLES NF_TABLES_ARP NF_TABLES_BRIDGE NF_TABLES_INET NF_TABLES_IPV4 NF_TABLES_IPV6 NF_TABLES_NETDEV NF_TPROXY_IPV4 NF_TPROXY_IPV6 NILFS2_FS NLMON NLS_CODEPAGE_1250 NLS_CODEPAGE_1251 NLS_CODEPAGE_737 NLS_CODEPAGE_775 NLS_CODEPAGE_850 PARTITION_ADVANCED PSAMPLE RFKILL SPI USB_GADGET USB_MUSB_HDRC VIDEO_DEV VIDEO_V4L2 WAN WATCH_QUEUE WIRELESS WLAN WWAN X25 X86_X32] disabling configs for [LEAK UBSAN KASAN LOCKDEP ATOMIC_SLEEP HANG], they are not needed determining the merge base between 9d6bde853685609a631871d7c12be94fdf8d912e and d4ddefee5160dc477d0e30c9d7a10ce8861c3007 8bb7eca972ad531c9b149c0a51ab43a417385813/Linux 5.15 is a merge base testing current HEAD d4ddefee5160dc477d0e30c9d7a10ce8861c3007 testing commit d4ddefee5160dc477d0e30c9d7a10ce8861c3007 gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: bf16992573090e047610fc22399664fa2712809f4cae4a3e891338a9f266d68f all runs: OK false negative chance: 0.000 # git bisect start d4ddefee5160dc477d0e30c9d7a10ce8861c3007 8bb7eca972ad531c9b149c0a51ab43a417385813 Bisecting: 78452 revisions left to test after this (roughly 16 steps) [5ba3522cf8b9f3a9f6cbbde1d1e9217e518e0e0a] ASoC: SOF: start using tracing instead of dev_dbg determine whether the revision contains the guilty commit checking the merge base 8bb7eca972ad531c9b149c0a51ab43a417385813 no existing result, test the revision testing commit 8bb7eca972ad531c9b149c0a51ab43a417385813 gcc compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: ba3e75dc254f173b129b1b41f75e564263b84112cc77c826085ea6a9e69b5d2f all runs: crashed: WARNING in vmx_queue_exception representative crash: WARNING in vmx_queue_exception, types: [WARNING] testing commit 5ba3522cf8b9f3a9f6cbbde1d1e9217e518e0e0a gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 35170c328e842ce8930a4a20a430c4ae32b54248276b0dfb12934805bc83fe5d all runs: OK false negative chance: 0.000 # git bisect bad 5ba3522cf8b9f3a9f6cbbde1d1e9217e518e0e0a Bisecting: 39067 revisions left to test after this (roughly 15 steps) [6f2689a7662809ff39f2b24e452d11569c21ea2f] Merge tag 'scsi-misc' of git://git.kernel.org/pub/scm/linux/kernel/git/jejb/scsi determine whether the revision contains the guilty commit revision 8bb7eca972ad531c9b149c0a51ab43a417385813 crashed and is reachable testing commit 6f2689a7662809ff39f2b24e452d11569c21ea2f gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 failed building 6f2689a7662809ff39f2b24e452d11569c21ea2f: scripts/sign-file.c:89:9: warning: 'ERR_get_error_line' is deprecated: Since OpenSSL 3.0 [-Wdeprecated-declarations] scripts/sign-file.c:102:9: warning: 'ERR_get_error_line' is deprecated: Since OpenSSL 3.0 [-Wdeprecated-declarations] certs/extract-cert.c:46:9: warning: 'ERR_get_error_line' is deprecated: Since OpenSSL 3.0 [-Wdeprecated-declarations] certs/extract-cert.c:59:9: warning: 'ERR_get_error_line' is deprecated: Since OpenSSL 3.0 [-Wdeprecated-declarations] arch/x86/kvm/cpuid.c:739:2: error: unannotated fall-through between switch labels [-Werror,-Wimplicit-fallthrough] # git bisect skip 6f2689a7662809ff39f2b24e452d11569c21ea2f Bisecting: 39067 revisions left to test after this (roughly 15 steps) [34af78c4e616c359ed428d79fe4758a35d2c5473] Merge tag 'iommu-updates-v5.18' of git://git.kernel.org/pub/scm/linux/kernel/git/joro/iommu determine whether the revision contains the guilty commit revision 8bb7eca972ad531c9b149c0a51ab43a417385813 crashed and is reachable testing commit 34af78c4e616c359ed428d79fe4758a35d2c5473 gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 failed building 34af78c4e616c359ed428d79fe4758a35d2c5473: scripts/sign-file.c:89:9: warning: 'ERR_get_error_line' is deprecated: Since OpenSSL 3.0 [-Wdeprecated-declarations] scripts/sign-file.c:102:9: warning: 'ERR_get_error_line' is deprecated: Since OpenSSL 3.0 [-Wdeprecated-declarations] certs/extract-cert.c:46:9: warning: 'ERR_get_error_line' is deprecated: Since OpenSSL 3.0 [-Wdeprecated-declarations] certs/extract-cert.c:59:9: warning: 'ERR_get_error_line' is deprecated: Since OpenSSL 3.0 [-Wdeprecated-declarations] arch/x86/kvm/cpuid.c:739:2: error: unannotated fall-through between switch labels [-Werror,-Wimplicit-fallthrough] # git bisect skip 34af78c4e616c359ed428d79fe4758a35d2c5473 Bisecting: 39067 revisions left to test after this (roughly 15 steps) [246c03dd899164d0186b6d685d6387f228c28d93] random: introduce drain_entropy() helper to declutter crng_reseed() determine whether the revision contains the guilty commit revision 8bb7eca972ad531c9b149c0a51ab43a417385813 crashed and is reachable testing commit 246c03dd899164d0186b6d685d6387f228c28d93 gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 89e80583dde8b75d10204d712a257d92e51ae02b34ffa6e712b0439f6dbd35de all runs: OK false negative chance: 0.000 # git bisect bad 246c03dd899164d0186b6d685d6387f228c28d93 Bisecting: 14345 revisions left to test after this (roughly 14 steps) [0770bd4187c555e6df087f7abc252eeacb0842ec] afs: Skip truncation on the server of data we haven't written yet determine whether the revision contains the guilty commit revision 8bb7eca972ad531c9b149c0a51ab43a417385813 crashed and is reachable testing commit 0770bd4187c555e6df087f7abc252eeacb0842ec gcc compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 2358a87bcdcd0a796d88067f31663039636e7712a41cdab32997bce32cfc9ecd all runs: crashed: WARNING in vmx_queue_exception representative crash: WARNING in vmx_queue_exception, types: [WARNING] # git bisect good 0770bd4187c555e6df087f7abc252eeacb0842ec Bisecting: 7202 revisions left to test after this (roughly 13 steps) [1151e3cd5a7375ebc839ad3e6c51d87700fe019e] Merge tag 'mmc-v5.17' of git://git.kernel.org/pub/scm/linux/kernel/git/ulfh/mmc determine whether the revision contains the guilty commit revision 8bb7eca972ad531c9b149c0a51ab43a417385813 crashed and is reachable testing commit 1151e3cd5a7375ebc839ad3e6c51d87700fe019e gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: d3f31866918e8bc0cf02e256280030cfab3245073f7d6f3c31b143bfa4b6cf59 all runs: crashed: WARNING in vmx_queue_exception representative crash: WARNING in vmx_queue_exception, types: [WARNING] # git bisect good 1151e3cd5a7375ebc839ad3e6c51d87700fe019e Bisecting: 3634 revisions left to test after this (roughly 12 steps) [a33f5c380c4bd3fa5278d690421b72052456d9fe] Merge tag 'xfs-5.17-merge-3' of git://git.kernel.org/pub/scm/fs/xfs/xfs-linux determine whether the revision contains the guilty commit revision 8bb7eca972ad531c9b149c0a51ab43a417385813 crashed and is reachable testing commit a33f5c380c4bd3fa5278d690421b72052456d9fe gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 236d7ba8a46c75e6ce15d1e4d3e3ed157a0b9c3d598aaa98f8577d5d5858932f all runs: crashed: WARNING in vmx_queue_exception representative crash: WARNING in vmx_queue_exception, types: [WARNING] # git bisect good a33f5c380c4bd3fa5278d690421b72052456d9fe Bisecting: 1816 revisions left to test after this (roughly 11 steps) [1f40caa080474d0420e0b0e6c896e455acb6e236] Merge tag 'sound-fix-5.17-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/tiwai/sound determine whether the revision contains the guilty commit revision 0770bd4187c555e6df087f7abc252eeacb0842ec crashed and is reachable testing commit 1f40caa080474d0420e0b0e6c896e455acb6e236 gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: d0c411cf35fca32a20fc3188b613f5b8ebbac2d0d6e5062ddd24b7e718c3e341 all runs: crashed: WARNING in vmx_queue_exception representative crash: WARNING in vmx_queue_exception, types: [WARNING] # git bisect good 1f40caa080474d0420e0b0e6c896e455acb6e236 Bisecting: 877 revisions left to test after this (roughly 10 steps) [eb2eb5161cdbd4f0acc574ef1c3ce799b980544b] Merge tag 'net-5.17-rc3' of git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net determine whether the revision contains the guilty commit revision 1f40caa080474d0420e0b0e6c896e455acb6e236 crashed and is reachable testing commit eb2eb5161cdbd4f0acc574ef1c3ce799b980544b gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: f98c2dbeab37c31901bfb390bf09992ef98c0540182fd5bcf0b2f6b161a206ac all runs: OK false negative chance: 0.000 # git bisect bad eb2eb5161cdbd4f0acc574ef1c3ce799b980544b Bisecting: 431 revisions left to test after this (roughly 9 steps) [23a46422c56144939c091c76cf389aa863ce9c18] Merge tag 'net-5.17-rc2' of git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net determine whether the revision contains the guilty commit revision 1f40caa080474d0420e0b0e6c896e455acb6e236 crashed and is reachable testing commit 23a46422c56144939c091c76cf389aa863ce9c18 gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 66f4b1a892e91886fceb5132eade185b3d22d62862732ba5541b6e242c4aea66 all runs: OK false negative chance: 0.000 # git bisect bad 23a46422c56144939c091c76cf389aa863ce9c18 Bisecting: 228 revisions left to test after this (roughly 8 steps) [1c52283265a462a100ae63ddf58b4e5884acde86] Merge branch 'akpm' (patches from Andrew) determine whether the revision contains the guilty commit revision 1f40caa080474d0420e0b0e6c896e455acb6e236 crashed and is reachable testing commit 1c52283265a462a100ae63ddf58b4e5884acde86 gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 56dcd7780a8c9fbb71e8c7a4f99939e13905abef35b12b9ba547a5f874ec6d77 all runs: OK false negative chance: 0.000 # git bisect bad 1c52283265a462a100ae63ddf58b4e5884acde86 Bisecting: 136 revisions left to test after this (roughly 7 steps) [0809edbae347a224ca1b59fb8be1c2d54389c2c6] Merge tag 'devicetree-fixes-for-5.17-1' of git://git.kernel.org/pub/scm/linux/kernel/git/robh/linux determine whether the revision contains the guilty commit revision 0770bd4187c555e6df087f7abc252eeacb0842ec crashed and is reachable testing commit 0809edbae347a224ca1b59fb8be1c2d54389c2c6 gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 6d22df20cdce113bbecad1d86bd51857c268388e1704b42479c8c91511fecca5 all runs: OK false negative chance: 0.000 # git bisect bad 0809edbae347a224ca1b59fb8be1c2d54389c2c6 Bisecting: 68 revisions left to test after this (roughly 6 steps) [dc5341f41dc81bd497828e562da135bcff9c876c] Merge tag 'for-5.17/parisc-2' of git://git.kernel.org/pub/scm/linux/kernel/git/deller/parisc-linux determine whether the revision contains the guilty commit revision 0770bd4187c555e6df087f7abc252eeacb0842ec crashed and is reachable testing commit dc5341f41dc81bd497828e562da135bcff9c876c gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 8d98034b0e4d4e280ff66c8ee2667893f2988c23cd20a85780cdf51e58ef5e3b all runs: crashed: WARNING in vmx_queue_exception representative crash: WARNING in vmx_queue_exception, types: [WARNING] # git bisect good dc5341f41dc81bd497828e562da135bcff9c876c Bisecting: 33 revisions left to test after this (roughly 5 steps) [0f65a9d337676b966316db17374fbef910ab8e4a] KVM: VMX: Don't do full kick when triggering posted interrupt "fails" determine whether the revision contains the guilty commit revision 8bb7eca972ad531c9b149c0a51ab43a417385813 crashed and is reachable testing commit 0f65a9d337676b966316db17374fbef910ab8e4a gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 212ea21c765472f513dffc80d5034ebb325a528f44fc4bdf6197876d3521610c all runs: OK false negative chance: 0.000 # git bisect bad 0f65a9d337676b966316db17374fbef910ab8e4a Bisecting: 17 revisions left to test after this (roughly 4 steps) [2ba9047424fc7243c63ac57f5fdfa754aa895e3c] selftests: kvm/x86: Introduce x86_model() determine whether the revision contains the guilty commit revision 8bb7eca972ad531c9b149c0a51ab43a417385813 crashed and is reachable testing commit 2ba9047424fc7243c63ac57f5fdfa754aa895e3c gcc compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 0ab3c052ca6f686f4fbfac3836f9d014503d17612c36e9b3754a67780adababc all runs: crashed: WARNING in vmx_queue_exception representative crash: WARNING in vmx_queue_exception, types: [WARNING] # git bisect good 2ba9047424fc7243c63ac57f5fdfa754aa895e3c Bisecting: 8 revisions left to test after this (roughly 3 steps) [12a8eee5686ef3ea7d8db90cd664f11e4a39e349] KVM: Move x86 VMX's posted interrupt list_head to vcpu_vmx determine whether the revision contains the guilty commit revision 8bb7eca972ad531c9b149c0a51ab43a417385813 crashed and is reachable testing commit 12a8eee5686ef3ea7d8db90cd664f11e4a39e349 gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 50f95dc9ce58b377c35bf8332b91d88cf1756a43372e57b7009af3ac4d898e8b all runs: OK false negative chance: 0.000 # git bisect bad 12a8eee5686ef3ea7d8db90cd664f11e4a39e349 Bisecting: 4 revisions left to test after this (roughly 2 steps) [e09fccb5435d7b9ab3fd5dfeada8ae40cfa56e08] KVM: avoid warning on s390 in mark_page_dirty determine whether the revision contains the guilty commit revision 8bb7eca972ad531c9b149c0a51ab43a417385813 crashed and is reachable testing commit e09fccb5435d7b9ab3fd5dfeada8ae40cfa56e08 gcc compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: d60916d51435d6bdc68c9faec2388d04ee73876d00c3c0138582e6bfd4865883 all runs: OK false negative chance: 0.000 # git bisect bad e09fccb5435d7b9ab3fd5dfeada8ae40cfa56e08 Bisecting: 1 revision left to test after this (roughly 1 step) [fc4fad79fc3d8841562e2a85808079da5b4835f6] KVM: VMX: Reject KVM_RUN if emulation is required with pending exception determine whether the revision contains the guilty commit revision 8bb7eca972ad531c9b149c0a51ab43a417385813 crashed and is reachable testing commit fc4fad79fc3d8841562e2a85808079da5b4835f6 gcc compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: cc89e4c152b88c733d9813b53b7fda188ed29f0f498b14ed2c19e6cdcc35d36e all runs: OK false negative chance: 0.000 # git bisect bad fc4fad79fc3d8841562e2a85808079da5b4835f6 Bisecting: 0 revisions left to test after this (roughly 0 steps) [bef9a701f3ebfb60da259b04778d24128505a96c] selftests: kvm/x86: Add test for KVM_SET_PMU_EVENT_FILTER determine whether the revision contains the guilty commit revision 8bb7eca972ad531c9b149c0a51ab43a417385813 crashed and is reachable testing commit bef9a701f3ebfb60da259b04778d24128505a96c gcc compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 0ab3c052ca6f686f4fbfac3836f9d014503d17612c36e9b3754a67780adababc all runs: crashed: WARNING in vmx_queue_exception representative crash: WARNING in vmx_queue_exception, types: [WARNING] # git bisect good bef9a701f3ebfb60da259b04778d24128505a96c fc4fad79fc3d8841562e2a85808079da5b4835f6 is the first bad commit commit fc4fad79fc3d8841562e2a85808079da5b4835f6 Author: Sean Christopherson Date: Tue Dec 28 23:24:36 2021 +0000 KVM: VMX: Reject KVM_RUN if emulation is required with pending exception Reject KVM_RUN if emulation is required (because VMX is running without unrestricted guest) and an exception is pending, as KVM doesn't support emulating exceptions except when emulating real mode via vm86. The vCPU is hosed either way, but letting KVM_RUN proceed triggers a WARN due to the impossible condition. Alternatively, the WARN could be removed, but then userspace and/or KVM bugs would result in the vCPU silently running in a bad state, which isn't very friendly to users. Originally, the bug was hit by syzkaller with a nested guest as that doesn't require kvm_intel.unrestricted_guest=0. That particular flavor is likely fixed by commit cd0e615c49e5 ("KVM: nVMX: Synthesize TRIPLE_FAULT for L2 if emulation is required"), but it's trivial to trigger the WARN with a non-nested guest, and userspace can likely force bad state via ioctls() for a nested guest as well. Checking for the impossible condition needs to be deferred until KVM_RUN because KVM can't force specific ordering between ioctls. E.g. clearing exception.pending in KVM_SET_SREGS doesn't prevent userspace from setting it in KVM_SET_VCPU_EVENTS, and disallowing KVM_SET_VCPU_EVENTS with emulation_required would prevent userspace from queuing an exception and then stuffing sregs. Note, if KVM were to try and detect/prevent the condition prior to KVM_RUN, handle_invalid_guest_state() and/or handle_emulation_failure() would need to be modified to clear the pending exception prior to exiting to userspace. ------------[ cut here ]------------ WARNING: CPU: 6 PID: 137812 at arch/x86/kvm/vmx/vmx.c:1623 vmx_queue_exception+0x14f/0x160 [kvm_intel] CPU: 6 PID: 137812 Comm: vmx_invalid_nes Not tainted 5.15.2-7cc36c3e14ae-pop #279 Hardware name: ASUS Q87M-E/Q87M-E, BIOS 1102 03/03/2014 RIP: 0010:vmx_queue_exception+0x14f/0x160 [kvm_intel] Code: <0f> 0b e9 fd fe ff ff 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 RSP: 0018:ffffa45c83577d38 EFLAGS: 00010202 RAX: 0000000000000003 RBX: 0000000080000006 RCX: 0000000000000006 RDX: 0000000000000000 RSI: 0000000000010002 RDI: ffff9916af734000 RBP: ffff9916af734000 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000001 R12: 0000000000000006 R13: 0000000000000000 R14: ffff9916af734038 R15: 0000000000000000 FS: 00007f1e1a47c740(0000) GS:ffff99188fb80000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007f1e1a6a8008 CR3: 000000026f83b005 CR4: 00000000001726e0 Call Trace: kvm_arch_vcpu_ioctl_run+0x13a2/0x1f20 [kvm] kvm_vcpu_ioctl+0x279/0x690 [kvm] __x64_sys_ioctl+0x83/0xb0 do_syscall_64+0x3b/0xc0 entry_SYSCALL_64_after_hwframe+0x44/0xae Reported-by: syzbot+82112403ace4cbd780d8@syzkaller.appspotmail.com Signed-off-by: Sean Christopherson Message-Id: <20211228232437.1875318-2-seanjc@google.com> Signed-off-by: Paolo Bonzini arch/x86/include/asm/kvm-x86-ops.h | 1 + arch/x86/include/asm/kvm_host.h | 1 + arch/x86/kvm/svm/svm.c | 6 ++++++ arch/x86/kvm/vmx/vmx.c | 22 ++++++++++++++++++++-- arch/x86/kvm/x86.c | 12 +++++++++--- 5 files changed, 37 insertions(+), 5 deletions(-) accumulated error probability: 0.00 culprit signature: cc89e4c152b88c733d9813b53b7fda188ed29f0f498b14ed2c19e6cdcc35d36e parent signature: 0ab3c052ca6f686f4fbfac3836f9d014503d17612c36e9b3754a67780adababc revisions tested: 26, total time: 8h32m49.182452635s (build: 5h5m33.820037778s, test: 2h30m47.750402523s) first good commit: fc4fad79fc3d8841562e2a85808079da5b4835f6 KVM: VMX: Reject KVM_RUN if emulation is required with pending exception recipients (to): ["pbonzini@redhat.com" "seanjc@google.com"] recipients (cc): []