ci starts bisection 2023-07-09 15:20:59.43627918 +0000 UTC m=+146826.625165745
bisecting cause commit starting from 1c7873e3364570ec89343ff4877e0f27a7b21a61
building syzkaller on 668cb1fa42960ece96b7da8d9204e486ba6dcdf6
ensuring issue is reproducible on original commit 1c7873e3364570ec89343ff4877e0f27a7b21a61

testing commit 1c7873e3364570ec89343ff4877e0f27a7b21a61 gcc
compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2
kernel signature: 5941da5551f048425cddf8c1621a53681e4262a9f785c759e2f104cec3126bb5
all runs: crashed: WARNING in __load_segment_descriptor
representative crash: WARNING in __load_segment_descriptor, types: [WARNING]
check whether we can drop unnecessary instrumentation
disabling configs for [UBSAN KASAN LOCKDEP ATOMIC_SLEEP HANG LEAK], they are not needed
testing commit 1c7873e3364570ec89343ff4877e0f27a7b21a61 gcc
compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2
kernel signature: cfbd5443319df3a1977f728591f85025366aadfae0fa97d2ca3f8943c01fb3c0
all runs: crashed: WARNING in __load_segment_descriptor
representative crash: WARNING in __load_segment_descriptor, types: [WARNING]
the bug reproduces without the instrumentation
disabling configs for [KASAN LOCKDEP ATOMIC_SLEEP HANG LEAK UBSAN], they are not needed
testing release v6.4
testing commit 6995e2de6891c724bfeb2db33d7b87775f913ad1 gcc
compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2
kernel signature: 5862f11f22afd1f70b99365993bac00fcb02e35726a0a00e42fbd9c6295ff1b6
all runs: crashed: WARNING in __load_segment_descriptor
representative crash: WARNING in __load_segment_descriptor, types: [WARNING]
testing release v6.3
testing commit 457391b0380335d5e9a5babdec90ac53928b23b4 gcc
compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2
kernel signature: e2869cd786eefc9c256f2cf1748c9364dde06d02871df05b52655776ad717f4e
all runs: OK
# git bisect start 6995e2de6891c724bfeb2db33d7b87775f913ad1 457391b0380335d5e9a5babdec90ac53928b23b4
Bisecting: 8012 revisions left to test after this (roughly 13 steps)
[d42b1c47570eb2ed818dc3fe94b2678124af109d] Merge tag 'devicetree-for-6.4-1' of git://git.kernel.org/pub/scm/linux/kernel/git/robh/linux

testing commit d42b1c47570eb2ed818dc3fe94b2678124af109d gcc
compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2
kernel signature: 0149adfef3fdf7edd60ed914674f529a73363c7428edda606879130206927bd1
all runs: OK
# git bisect good d42b1c47570eb2ed818dc3fe94b2678124af109d
Bisecting: 3963 revisions left to test after this (roughly 12 steps)
[58390c8ce1bddb6c623f62e7ed36383e7fa5c02f] Merge tag 'iommu-updates-v6.4' of git://git.kernel.org/pub/scm/linux/kernel/git/joro/iommu

testing commit 58390c8ce1bddb6c623f62e7ed36383e7fa5c02f gcc
compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2
kernel signature: bef7e212692de5203af6ba982962fc6fa0d16217cb9f4a71ce4fa5830b746bd6
all runs: OK
# git bisect good 58390c8ce1bddb6c623f62e7ed36383e7fa5c02f
Bisecting: 1979 revisions left to test after this (roughly 11 steps)
[adfbf653a3ba6bb8bbb84ed90bf4f1533db545d3] Merge tag 'fbdev-for-6.4-rc2' of git://git.kernel.org/pub/scm/linux/kernel/git/deller/linux-fbdev

testing commit adfbf653a3ba6bb8bbb84ed90bf4f1533db545d3 gcc
compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2
kernel signature: 162c5370df8e0a015397b1bdf6602b538a9d14a7d31c097292dbe8dfad0db63a
all runs: crashed: WARNING in __load_segment_descriptor
representative crash: WARNING in __load_segment_descriptor, types: [WARNING]
# git bisect bad adfbf653a3ba6bb8bbb84ed90bf4f1533db545d3
Bisecting: 992 revisions left to test after this (roughly 10 steps)
[d4fba4dfdcce1e23bc769591bc2e993118391b53] Merge tag 'kvm-riscv-6.4-1' of https://github.com/kvm-riscv/linux into HEAD

testing commit d4fba4dfdcce1e23bc769591bc2e993118391b53 gcc
compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2
kernel signature: cd3facef8902598de7f6785d76bba82cf776fc17b4b9642e90bfafbacd9a8087
all runs: crashed: WARNING in __load_segment_descriptor
representative crash: WARNING in __load_segment_descriptor, types: [WARNING]
# git bisect bad d4fba4dfdcce1e23bc769591bc2e993118391b53
Bisecting: 496 revisions left to test after this (roughly 9 steps)
[3af49062b0115b55a54615109172b44f618daf97] Merge tag 'mfd-next-6.4' of git://git.kernel.org/pub/scm/linux/kernel/git/lee/mfd

testing commit 3af49062b0115b55a54615109172b44f618daf97 gcc
compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2
kernel signature: 2cb5bd18bce145f8139be5c3812dac535a8cf72154a11677b4144f0291c2c176
all runs: crashed: WARNING in __load_segment_descriptor
representative crash: WARNING in __load_segment_descriptor, types: [WARNING]
# git bisect bad 3af49062b0115b55a54615109172b44f618daf97
Bisecting: 267 revisions left to test after this (roughly 8 steps)
[b3c98052d46948a8d65d2778c7f306ff38366aac] Merge tag 'kvm-x86-vmx-6.4' of https://github.com/kvm-x86/linux into HEAD

testing commit b3c98052d46948a8d65d2778c7f306ff38366aac gcc
compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2
kernel signature: cab0ced70c0b62738e784c95c3079f9229c2c4839dea647c3d85ca76df887432
all runs: crashed: WARNING in __load_segment_descriptor
representative crash: WARNING in __load_segment_descriptor, types: [WARNING]
# git bisect bad b3c98052d46948a8d65d2778c7f306ff38366aac
Bisecting: 118 revisions left to test after this (roughly 7 steps)
[a1c288f87de7aff94e87724127eabb6cdb38b120] Merge tag 'kvm-x86-misc-6.4' of https://github.com/kvm-x86/linux into HEAD

testing commit a1c288f87de7aff94e87724127eabb6cdb38b120 gcc
compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2
kernel signature: 6763162188cf8cb88d51e50f194de9aaec872764d3b5b9bc84c8de582813e7eb
all runs: crashed: WARNING in __load_segment_descriptor
representative crash: WARNING in __load_segment_descriptor, types: [WARNING]
# git bisect bad a1c288f87de7aff94e87724127eabb6cdb38b120
Bisecting: 52 revisions left to test after this (roughly 6 steps)
[6dcf7316e05eccded11fc640813c8a8879f271a6] Merge branch kvm-arm64/smccc-filtering into kvmarm-master/next

testing commit 6dcf7316e05eccded11fc640813c8a8879f271a6 gcc
compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2
kernel signature: e490592530c37f76af11c5eb05a265c7739d6377f9e9cddb1ec702c4e5b5eb7b
all runs: OK
# git bisect good 6dcf7316e05eccded11fc640813c8a8879f271a6
Bisecting: 26 revisions left to test after this (roughly 5 steps)
[65966aaca18a5cbf42ac22234cb9cbbf60a4d33c] KVM: x86: Assert that the emulator doesn't load CS with garbage in !RM

testing commit 65966aaca18a5cbf42ac22234cb9cbbf60a4d33c gcc
compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2
kernel signature: 706821d566a98a72586b453fb33d792c6a4fdde27a606f09067fd8d51a34fdf6
all runs: crashed: WARNING in __load_segment_descriptor
representative crash: WARNING in __load_segment_descriptor, types: [WARNING]
# git bisect bad 65966aaca18a5cbf42ac22234cb9cbbf60a4d33c
Bisecting: 12 revisions left to test after this (roughly 4 steps)
[2def950c63e3f976af87a2606dabe0c9e21c605b] KVM: arm64: Limit length in kvm_vm_ioctl_mte_copy_tags() to INT_MAX

testing commit 2def950c63e3f976af87a2606dabe0c9e21c605b gcc
compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2
kernel signature: 076b189d8f5c8171a2d138cf633b958068ed5506d19f64687729351824e6913e
all runs: OK
# git bisect good 2def950c63e3f976af87a2606dabe0c9e21c605b
Bisecting: 6 revisions left to test after this (roughly 3 steps)
[fb509f76acc8d42bed11bca308404f81c2be856a] KVM: VMX: Make CR0.WP a guest owned bit

testing commit fb509f76acc8d42bed11bca308404f81c2be856a gcc
compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2
kernel signature: 74cebbbe15bf9f29321282b7ef907ccbccfae840d3fcf7596b6ba925ada980e2
all runs: OK
# git bisect good fb509f76acc8d42bed11bca308404f81c2be856a
Bisecting: 3 revisions left to test after this (roughly 2 steps)
[bede6eb4db19424477c36dace426ae12255f4a0d] KVM: x86: Use boolean return value for is_{pae,pse,paging}()

testing commit bede6eb4db19424477c36dace426ae12255f4a0d gcc
compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2
kernel signature: 91110211c3430f88aa8e257a1de64902717f38a197c8a19d6126738fc67b7e93
all runs: OK
# git bisect good bede6eb4db19424477c36dace426ae12255f4a0d
Bisecting: 1 revision left to test after this (roughly 1 step)
[68f7c82ab1b8c7057b0c241907ff7906c7407e6d] KVM: x86: Change return type of is_long_mode() to bool

testing commit 68f7c82ab1b8c7057b0c241907ff7906c7407e6d gcc
compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2
kernel signature: c5b30e1847ae4c406369614faed8a20d9e651f93caa81beccc4314d64d8a2cd7
all runs: OK
# git bisect good 68f7c82ab1b8c7057b0c241907ff7906c7407e6d
Bisecting: 0 revisions left to test after this (roughly 0 steps)
[3d8f61bf8bcd69bcd397276d53aa18f7ca8347f9] x86: KVM: Add common feature flag for AMD's PSFD

testing commit 3d8f61bf8bcd69bcd397276d53aa18f7ca8347f9 gcc
compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2
kernel signature: ba8c3666d6d299f056b3981d4e9b4eae9dfaae0efc6f17ac2359fd809f54e862
all runs: OK
# git bisect good 3d8f61bf8bcd69bcd397276d53aa18f7ca8347f9
65966aaca18a5cbf42ac22234cb9cbbf60a4d33c is the first bad commit
commit 65966aaca18a5cbf42ac22234cb9cbbf60a4d33c
Author: Sean Christopherson <seanjc@google.com>
Date:   Thu Feb 16 12:22:54 2023 -0800

    KVM: x86: Assert that the emulator doesn't load CS with garbage in !RM
    
    Yell loudly if KVM attempts to load CS outside of Real Mode without an
    accompanying control transfer type, i.e. on X86_TRANSFER_NONE.  KVM uses
    X86_TRANSFER_NONE when emulating IRET and exceptions/interrupts for Real
    Mode, but IRET emulation for Protected Mode is non-existent.  WARN instead
    of trying to pass in a less-wrong type, e.g. X86_TRANSFER_RET, as
    emulating IRET goes even beyond emulating FAR RET (which KVM also doesn't
    fully support).
    
    Reported-by: Hou Wenlong <houwenlong.hwl@antgroup.com>
    Link: https://lore.kernel.org/r/20230216202254.671772-1-seanjc@google.com
    Signed-off-by: Sean Christopherson <seanjc@google.com>

 arch/x86/kvm/emulate.c | 8 ++++++++
 1 file changed, 8 insertions(+)

culprit signature: 706821d566a98a72586b453fb33d792c6a4fdde27a606f09067fd8d51a34fdf6
parent  signature: ba8c3666d6d299f056b3981d4e9b4eae9dfaae0efc6f17ac2359fd809f54e862
revisions tested: 18, total time: 6h10m10.054119493s (build: 4h20m55.863054843s, test: 1h43m24.561031053s)
first bad commit: 65966aaca18a5cbf42ac22234cb9cbbf60a4d33c KVM: x86: Assert that the emulator doesn't load CS with garbage in !RM
recipients (to): ["seanjc@google.com"]
recipients (cc): []
crash: WARNING in __load_segment_descriptor
kvm_intel: L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details.
kvm_intel: KVM_SET_TSS_ADDR needs to be called before running vCPU
kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
------------[ cut here ]------------
WARNING: CPU: 0 PID: 5471 at arch/x86/kvm/emulate.c:1648 emulate_exception arch/x86/kvm/emulate.c:587 [inline]
WARNING: CPU: 0 PID: 5471 at arch/x86/kvm/emulate.c:1648 __load_segment_descriptor+0x59f/0x5e0 arch/x86/kvm/emulate.c:1753
Modules linked in:
CPU: 0 PID: 5471 Comm: syz-executor.0 Not tainted 6.3.0-rc2-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/03/2023
RIP: 0010:__load_segment_descriptor+0x59f/0x5e0 arch/x86/kvm/emulate.c:1648
Code: 00 f6 44 24 39 04 0f b6 54 24 35 48 8b 3c 24 8b 4c 24 08 44 8b 54 24 10 4c 8b 44 24 18 0f 84 c9 fe ff ff 89 c8 e9 f2 fa ff ff <0f> 0b 89 c8 e9 e9 fa ff ff 44 38 de 0f 84 a0 fe ff ff 89 c8 e9 d9
RSP: 0018:ffffc9000394bc98 EFLAGS: 00010246
RAX: 0000000000000000 RBX: 0000000000000050 RCX: 000000000000000d
RDX: 000000000000009b RSI: 0000000000000000 RDI: ffff888120930000
RBP: 0000000000000001 R08: ffff888120930030 R09: 00000000ffffffff
R10: 0000000000000050 R11: 0000000000000000 R12: 0000000000000000
R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000050
FS:  00007ff3b338c700(0000) GS:ffff88813bc00000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000000020032008 CR3: 0000000121a5b000 CR4: 00000000003526f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
 <TASK>
 __emulate_int_real+0x16b/0x190 arch/x86/kvm/emulate.c:2061
 emulate_int_real+0x18/0x40 arch/x86/kvm/emulate.c:2075
 kvm_inject_realmode_interrupt+0x42/0xc0 arch/x86/kvm/x86.c:8360
 kvm_check_and_inject_events+0x34/0x3e0 arch/x86/kvm/x86.c:9994
 vcpu_enter_guest arch/x86/kvm/x86.c:10545 [inline]
 vcpu_run arch/x86/kvm/x86.c:10847 [inline]
 kvm_arch_vcpu_ioctl_run+0x488/0x1d10 arch/x86/kvm/x86.c:11068
 kvm_vcpu_ioctl+0x278/0x730 arch/x86/kvm/../../../virt/kvm/kvm_main.c:4099
 vfs_ioctl fs/ioctl.c:51 [inline]
 __do_sys_ioctl fs/ioctl.c:870 [inline]
 __se_sys_ioctl fs/ioctl.c:856 [inline]
 __x64_sys_ioctl+0x7f/0xb0 fs/ioctl.c:856
 do_syscall_x64 arch/x86/entry/common.c:50 [inline]
 do_syscall_64+0x39/0xb0 arch/x86/entry/common.c:80
 entry_SYSCALL_64_after_hwframe+0x63/0xcd
RIP: 0033:0x7ff3b268c389
Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 f1 19 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007ff3b338c168 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
RAX: ffffffffffffffda RBX: 00007ff3b27abf80 RCX: 00007ff3b268c389
RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000005
RBP: 00007ff3b26d7493 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 00007ffed382a8ff R14: 00007ff3b338c300 R15: 0000000000022000
 </TASK>