bisecting cause commit starting from 45af60e7ced07ae3def41368c3d260dbf496fbce building syzkaller on 3c7fef3361a6007112b26adc1c5a550189ef43fe testing commit 45af60e7ced07ae3def41368c3d260dbf496fbce with gcc (GCC) 10.2.1 20210217 kernel signature: 0f1bbc8957e0e1bfaf4534e12e474a10338b36efa4adebf7bad02fe3664b1455 all runs: crashed: WARNING in ex_handler_fprestore testing release v5.12 testing commit 9f4ad9e425a1d3b6a34617b8ea226d56a119a717 with gcc (GCC) 10.2.1 20210217 kernel signature: d440b4cda7d2ab4e7a9fb717e84bf516b6131e0226170a2accac2a704eba3a26 all runs: crashed: WARNING in ex_handler_fprestore testing release v5.11 testing commit f40ddce88593482919761f74910f42f4b84c004b with gcc (GCC) 10.2.1 20210217 kernel signature: 765cd1540c326c0950c950fbd0fec8db62a5661f5639cb7fd27d9b0db4d90c60 all runs: crashed: WARNING in ex_handler_fprestore testing release v5.10 testing commit 2c85ebc57b3e1817b6ce1a6b703928e113a90442 with gcc (GCC) 10.2.1 20210217 kernel signature: df7feb4d91f8944dbc6f04c6ce0d62cee0e23c247a3d664c8d09e4380a1d4db4 all runs: crashed: WARNING in ex_handler_fprestore testing release v5.9 testing commit bbf5c979011a099af5dc76498918ed7df445635b with gcc (GCC) 10.2.1 20210217 kernel signature: 729377365c17b92d66ed1bdf532053d69e13d473b5ea80ef6b5eacb7eb88528b all runs: crashed: WARNING in ex_handler_fprestore testing release v5.8 testing commit bcf876870b95592b52519ed4aafcf9d95999bc9c with gcc (GCC) 8.4.1 20210217 kernel signature: fe4cf10963fe22623041f7dd2621a870da3a6c1c0337ee4720a2074a1ed96570 all runs: crashed: WARNING in ex_handler_fprestore testing release v5.7 testing commit 3d77e6a8804abcc0504c904bd6e5cdf3a5cf8162 with gcc (GCC) 8.4.1 20210217 kernel signature: 2c6056a2dfdd16b432db0590dcf44d9466ab6d94a2975fdc54052aff1a1c3cf4 all runs: OK # git bisect start bcf876870b95592b52519ed4aafcf9d95999bc9c 3d77e6a8804abcc0504c904bd6e5cdf3a5cf8162 Bisecting: 8752 revisions left to test after this (roughly 13 steps) [694b5a5d313f3997764b67d52bab66ec7e59e714] Merge tag 'arm-soc-5.8' of git://git.kernel.org/pub/scm/linux/kernel/git/soc/soc testing commit 694b5a5d313f3997764b67d52bab66ec7e59e714 with gcc (GCC) 8.4.1 20210217 kernel signature: a7ceaf28f7a8328a1f12a4cc687652040979d39c1533e238c8d7cfcd0538fdc3 all runs: crashed: WARNING in ex_handler_fprestore # git bisect bad 694b5a5d313f3997764b67d52bab66ec7e59e714 Bisecting: 4417 revisions left to test after this (roughly 12 steps) [2e63f6ce7ed2c4ff83ba30ad9ccad422289a6c63] Merge branch 'uaccess.comedi' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs testing commit 2e63f6ce7ed2c4ff83ba30ad9ccad422289a6c63 with gcc (GCC) 8.4.1 20210217 kernel signature: 2247158bceb8ea628efeec06e32b94e3f12f8969b636586bda6fab556acda9bc all runs: crashed: WARNING in ex_handler_fprestore # git bisect bad 2e63f6ce7ed2c4ff83ba30ad9ccad422289a6c63 Bisecting: 2658 revisions left to test after this (roughly 11 steps) [cfa3b8068b09f25037146bfd5eed041b78878bee] Merge tag 'for-linus-hmm' of git://git.kernel.org/pub/scm/linux/kernel/git/rdma/rdma testing commit cfa3b8068b09f25037146bfd5eed041b78878bee with gcc (GCC) 8.4.1 20210217 kernel signature: adc518cd48d1142c3ea63ac99b7bbd1b04a8db4225f373b6246f01e21f26d150 all runs: crashed: WARNING in ex_handler_fprestore # git bisect bad cfa3b8068b09f25037146bfd5eed041b78878bee Bisecting: 885 revisions left to test after this (roughly 10 steps) [17e0a7cb6a254c6d086562e7adf8b7ac24d267f3] Merge tag 'x86-cleanups-2020-06-01' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip testing commit 17e0a7cb6a254c6d086562e7adf8b7ac24d267f3 with gcc (GCC) 8.4.1 20210217 kernel signature: f071d0333331fd2758f201b4b8bda06ab048c3278c4a7b2496889d991d2ce57b all runs: OK # git bisect good 17e0a7cb6a254c6d086562e7adf8b7ac24d267f3 Bisecting: 458 revisions left to test after this (roughly 9 steps) [17839856fd588f4ab6b789f482ed3ffd7c403e1f] gup: document and work around "COW can break either way" issue testing commit 17839856fd588f4ab6b789f482ed3ffd7c403e1f with gcc (GCC) 8.4.1 20210217 kernel signature: 54ce79d6898e9297c29627859c48bbbe4247aa1bc2a01c2f7be8d65162887544 all runs: crashed: WARNING in ex_handler_fprestore # git bisect bad 17839856fd588f4ab6b789f482ed3ffd7c403e1f Bisecting: 208 revisions left to test after this (roughly 8 steps) [c2b0fc847f3122e5a4176c3772626a7a8facced0] Merge tag 'for-linus' of git://git.armlinux.org.uk/~rmk/linux-arm testing commit c2b0fc847f3122e5a4176c3772626a7a8facced0 with gcc (GCC) 8.4.1 20210217 kernel signature: 605814a9d6d68e89227ca985d1b3e68f42f6cb8af6d23bb2ee3462e224cfc33c all runs: crashed: WARNING in ex_handler_fprestore # git bisect bad c2b0fc847f3122e5a4176c3772626a7a8facced0 Bisecting: 128 revisions left to test after this (roughly 7 steps) [342403bcb4dfe41324a0f6f4cb5a8d324f31c725] Merge branches 'for-next/acpi', 'for-next/bpf', 'for-next/cpufeature', 'for-next/docs', 'for-next/kconfig', 'for-next/misc', 'for-next/perf', 'for-next/ptr-auth', 'for-next/sdei', 'for-next/smccc' and 'for-next/vdso' into for-next/core testing commit 342403bcb4dfe41324a0f6f4cb5a8d324f31c725 with gcc (GCC) 8.4.1 20210217 kernel signature: daa9e36f9da42388b144925d75519d35cc0a1829bd0a997d931584e614162451 all runs: OK # git bisect good 342403bcb4dfe41324a0f6f4cb5a8d324f31c725 Bisecting: 62 revisions left to test after this (roughly 6 steps) [082af5ec5080b028f7d0846a6c27cbb87f288205] Merge branch 'for-next/scs' into for-next/core testing commit 082af5ec5080b028f7d0846a6c27cbb87f288205 with gcc (GCC) 8.4.1 20210217 kernel signature: 0d0100182c047dc1fc70cccd551c3ca5226eab33fae9c218b540e618c7a02843 all runs: OK # git bisect good 082af5ec5080b028f7d0846a6c27cbb87f288205 Bisecting: 30 revisions left to test after this (roughly 5 steps) [88bc1de11cf5b5fa14dbeff7c613ce62fdfae7f6] Merge tag 'x86-platform-2020-06-01' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip testing commit 88bc1de11cf5b5fa14dbeff7c613ce62fdfae7f6 with gcc (GCC) 8.4.1 20210217 kernel signature: 46137e576528e47a236c86aabc019e3dce6ba8c180090573ad478116f1f3529d all runs: crashed: WARNING in ex_handler_fprestore # git bisect bad 88bc1de11cf5b5fa14dbeff7c613ce62fdfae7f6 Bisecting: 12 revisions left to test after this (roughly 4 steps) [0a319ef75d931de0b21882ec17d8d70ece0aa871] Merge tag 'x86-fpu-2020-06-01' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip testing commit 0a319ef75d931de0b21882ec17d8d70ece0aa871 with gcc (GCC) 8.4.1 20210217 kernel signature: 907a421493ed882c0a52ede30282d07c083b8ba6ba34adb86f8b7c41c48ba5f3 all runs: crashed: WARNING in ex_handler_fprestore # git bisect bad 0a319ef75d931de0b21882ec17d8d70ece0aa871 Bisecting: 9 revisions left to test after this (roughly 3 steps) [98265c17efa9f2279c59262cd27679aca12e0bb8] x86/fpu/xstate: Preserve supervisor states for the slow path in __fpu__restore_sig() testing commit 98265c17efa9f2279c59262cd27679aca12e0bb8 with gcc (GCC) 8.4.1 20210217 kernel signature: 6e43cf4a45d389f98b6f6949ce89a2c5c192e76a1098bc4f67f15cbd00cc705c all runs: crashed: WARNING in ex_handler_fprestore # git bisect bad 98265c17efa9f2279c59262cd27679aca12e0bb8 Bisecting: 4 revisions left to test after this (roughly 2 steps) [71581eefd7a0a81b1af7d7c93641925a01d70a9a] x86/fpu/xstate: Introduce XSAVES supervisor states testing commit 71581eefd7a0a81b1af7d7c93641925a01d70a9a with gcc (GCC) 8.4.1 20210217 kernel signature: 253a32783f645cf7d3ca6dc35cd58110a679c68316f9aee61e9c5732acc13746 all runs: OK # git bisect good 71581eefd7a0a81b1af7d7c93641925a01d70a9a Bisecting: 2 revisions left to test after this (roughly 1 step) [5d6b6a6f9b5ce7ac42273efd75d61ec63b463c18] x86/fpu/xstate: Update sanitize_restored_xstate() for supervisor xstates testing commit 5d6b6a6f9b5ce7ac42273efd75d61ec63b463c18 with gcc (GCC) 8.4.1 20210217 kernel signature: cf9fbc4dccf63bf8c853dd291139b7e2ef427c51fa8cb63bda27028f9a699575 all runs: crashed: WARNING in ex_handler_fprestore # git bisect bad 5d6b6a6f9b5ce7ac42273efd75d61ec63b463c18 Bisecting: 0 revisions left to test after this (roughly 0 steps) [b860eb8dce5906b14e3a7f3c771e0b3d6ef61b94] x86/fpu/xstate: Define new functions for clearing fpregs and xstates testing commit b860eb8dce5906b14e3a7f3c771e0b3d6ef61b94 with gcc (GCC) 8.4.1 20210217 kernel signature: 189f4d60bc910e3be07705474e430672816be8786c9d978d3109e1a9c777f740 all runs: crashed: WARNING in ex_handler_fprestore # git bisect bad b860eb8dce5906b14e3a7f3c771e0b3d6ef61b94 b860eb8dce5906b14e3a7f3c771e0b3d6ef61b94 is the first bad commit commit b860eb8dce5906b14e3a7f3c771e0b3d6ef61b94 Author: Fenghua Yu Date: Tue May 12 07:54:39 2020 -0700 x86/fpu/xstate: Define new functions for clearing fpregs and xstates Currently, fpu__clear() clears all fpregs and xstates. Once XSAVES supervisor states are introduced, supervisor settings (e.g. CET xstates) must remain active for signals; It is necessary to have separate functions: - Create fpu__clear_user_states(): clear only user settings for signals; - Create fpu__clear_all(): clear both user and supervisor settings in flush_thread(). Also modify copy_init_fpstate_to_fpregs() to take a mask from above two functions. Remove obvious side-comment in fpu__clear(), while at it. [ bp: Make the second argument of fpu__clear() bool after requesting it a bunch of times during review. - Add a comment about copy_init_fpstate_to_fpregs() locking needs. ] Co-developed-by: Yu-cheng Yu Signed-off-by: Fenghua Yu Signed-off-by: Yu-cheng Yu Signed-off-by: Borislav Petkov Reviewed-by: Dave Hansen Reviewed-by: Tony Luck Link: https://lkml.kernel.org/r/20200512145444.15483-6-yu-cheng.yu@intel.com arch/x86/include/asm/fpu/internal.h | 3 ++- arch/x86/kernel/fpu/core.c | 53 ++++++++++++++++++++++++------------- arch/x86/kernel/fpu/signal.c | 4 +-- arch/x86/kernel/process.c | 2 +- arch/x86/kernel/signal.c | 2 +- 5 files changed, 41 insertions(+), 23 deletions(-) culprit signature: 189f4d60bc910e3be07705474e430672816be8786c9d978d3109e1a9c777f740 parent signature: 253a32783f645cf7d3ca6dc35cd58110a679c68316f9aee61e9c5732acc13746 revisions tested: 21, total time: 3h53m10.23755556s (build: 2h13m46.251054985s, test: 1h36m37.129230216s) first bad commit: b860eb8dce5906b14e3a7f3c771e0b3d6ef61b94 x86/fpu/xstate: Define new functions for clearing fpregs and xstates recipients (to): ["bp@suse.de" "dave.hansen@linux.intel.com" "fenghua.yu@intel.com" "tony.luck@intel.com" "yu-cheng.yu@intel.com"] recipients (cc): [] crash: WARNING in ex_handler_fprestore ------------[ cut here ]------------ Bad FPU state detected at copy_kernel_to_xregs arch/x86/include/asm/fpu/internal.h:344 [inline], reinitializing FPU registers. Bad FPU state detected at __copy_kernel_to_fpregs arch/x86/include/asm/fpu/internal.h:449 [inline], reinitializing FPU registers. Bad FPU state detected at copy_kernel_to_fpregs arch/x86/include/asm/fpu/internal.h:473 [inline], reinitializing FPU registers. Bad FPU state detected at __fpregs_load_activate arch/x86/include/asm/fpu/internal.h:544 [inline], reinitializing FPU registers. Bad FPU state detected at switch_fpu_return+0xdd/0x380 arch/x86/kernel/fpu/core.c:360, reinitializing FPU registers. WARNING: CPU: 1 PID: 10967 at arch/x86/mm/extable.c:65 ex_handler_fprestore+0xe2/0x110 arch/x86/mm/extable.c:64 Kernel panic - not syncing: panic_on_warn set ... CPU: 1 PID: 10967 Comm: syz-executor.3 Not tainted 5.7.0-rc5-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:77 [inline] dump_stack+0x96/0xe0 lib/dump_stack.c:118 panic+0x2a1/0x52a kernel/panic.c:221 __warn.cold.10+0x25/0x2f kernel/panic.c:582 report_bug+0x1aa/0x260 lib/bug.c:195 fixup_bug arch/x86/kernel/traps.c:175 [inline] fixup_bug arch/x86/kernel/traps.c:170 [inline] do_error_trap+0x12d/0x1e0 arch/x86/kernel/traps.c:267 do_invalid_op+0x31/0x40 arch/x86/kernel/traps.c:286 invalid_op+0x2d/0x40 arch/x86/entry/entry_64.S:1027 RIP: 0010:ex_handler_fprestore+0xe2/0x110 arch/x86/mm/extable.c:64 Code: 4d 0b 01 48 b8 00 00 00 00 00 fc ff df 48 c1 ea 03 80 3c 02 00 75 31 48 8b b5 80 00 00 00 48 c7 c7 00 09 88 88 e8 da 6b 10 00 <0f> 0b eb 98 48 89 df e8 e2 55 75 00 e9 45 ff ff ff 4c 89 e7 e8 65 RSP: 0018:ffffc900029ffc58 EFLAGS: 00010082 RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000000 RDX: 1ffff1101280445c RSI: 0000000000000000 RDI: ffff8880940222e0 RBP: ffffc900029ffde8 R08: fffffbfff149e9b1 R09: fffffbfff149e9b1 R10: ffffffff8a4f4d83 R11: fffffbfff149e9b0 R12: ffffc900029ffe68 R13: 0000000000000000 R14: 0000000000000000 R15: ffffc900029ffe70 fixup_exception+0x8b/0xc6 arch/x86/mm/extable.c:166 do_general_protection+0x16e/0x450 arch/x86/kernel/traps.c:547 general_protection+0x37/0x40 arch/x86/entry/entry_64.S:1202 RIP: 0010:fpregs_activate arch/x86/include/asm/fpu/internal.h:528 [inline] RIP: 0010:__fpregs_load_activate arch/x86/include/asm/fpu/internal.h:545 [inline] RIP: 0010:switch_fpu_return+0xdd/0x380 arch/x86/kernel/fpu/core.c:360 Code: 00 48 8d bd c0 15 00 00 48 89 7c 24 28 eb 0b 0f 1f 00 db e2 0f 77 db 44 24 28 0f 1f 44 00 00 b8 ff ff ff ff 89 c2 48 0f ae 2f <65> 4c 89 2d 8b 6b de 7e 0f 1f 44 00 00 65 8b 1d 0f 0f de 7e 83 fb RSP: 0018:ffffc900029ffe90 EFLAGS: 00010006 RAX: 00000000ffffffff RBX: dffffc0000000000 RCX: ffffffff8123979b RDX: 00000000ffffffff RSI: 0000000000000008 RDI: ffff888094022fc0 RBP: ffff888094021a00 R08: ffffed1012804341 R09: ffffed1012804341 R10: ffff888094021a07 R11: ffffed1012804340 R12: 1ffff9200053ffd3 R13: ffff888094022f80 R14: 0000000000000001 R15: 0000000000000000 prepare_exit_to_usermode arch/x86/entry/common.c:206 [inline] syscall_return_slowpath arch/x86/entry/common.c:279 [inline] do_syscall_64+0x49a/0x560 arch/x86/entry/common.c:305 entry_SYSCALL_64_after_hwframe+0x49/0xb3 RIP: 0033:0x4665d9 Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 RSP: 002b:00007efec231e218 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca RAX: 0000000000000000 RBX: 000000000056bf88 RCX: 00000000004665d9 RDX: 0000000000000000 RSI: 0000000000000080 RDI: 000000000056bf88 RBP: 000000000056bf80 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 000000000056bf8c R13: 00007ffc9102bf9f R14: 00007efec231e300 R15: 0000000000022000 Kernel Offset: disabled Rebooting in 86400 seconds..