bisecting cause commit starting from 60c1f89241d49bacf71035470684a8d7b4bb46ea building syzkaller on a4718693a3d9fcabb02299b2ec07c19d8208c539 testing commit 60c1f89241d49bacf71035470684a8d7b4bb46ea with gcc (GCC) 8.1.0 all runs: crashed: WARNING in enter_vmx_operation testing release v4.18 testing commit 94710cac0ef4ee177a63b5227664b38c95bbf703 with gcc (GCC) 8.1.0 all runs: OK # git bisect start 60c1f89241d49bacf71035470684a8d7b4bb46ea v4.18 Bisecting: 6383 revisions left to test after this (roughly 13 steps) [54dbe75bbf1e189982516de179147208e90b5e45] Merge tag 'drm-next-2018-08-15' of git://anongit.freedesktop.org/drm/drm testing commit 54dbe75bbf1e189982516de179147208e90b5e45 with gcc (GCC) 8.1.0 all runs: OK # git bisect good 54dbe75bbf1e189982516de179147208e90b5e45 Bisecting: 3066 revisions left to test after this (roughly 12 steps) [d5acba26bfa097a618be425522b1ec4269d3edaf] Merge tag 'char-misc-4.19-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/char-misc testing commit d5acba26bfa097a618be425522b1ec4269d3edaf with gcc (GCC) 8.1.0 all runs: OK # git bisect good d5acba26bfa097a618be425522b1ec4269d3edaf Bisecting: 1560 revisions left to test after this (roughly 11 steps) [9e259f9352d52053058a234f7c062c4e4f56dc85] Merge tag 'armsoc-soc' of git://git.kernel.org/pub/scm/linux/kernel/git/arm/arm-soc testing commit 9e259f9352d52053058a234f7c062c4e4f56dc85 with gcc (GCC) 8.1.0 all runs: crashed: WARNING in enter_vmx_operation # git bisect bad 9e259f9352d52053058a234f7c062c4e4f56dc85 Bisecting: 752 revisions left to test after this (roughly 10 steps) [002b343669c474151954266e7fcf727bf7faa851] fs/epoll: loosen irq safety in ep_scan_ready_list() testing commit 002b343669c474151954266e7fcf727bf7faa851 with gcc (GCC) 8.1.0 all runs: crashed: WARNING in enter_vmx_operation # git bisect bad 002b343669c474151954266e7fcf727bf7faa851 Bisecting: 388 revisions left to test after this (roughly 9 steps) [e61cf2e3a5b452cfefcb145021f5a8ea88735cc1] Merge tag 'for-linus' of git://git.kernel.org/pub/scm/virt/kvm/kvm testing commit e61cf2e3a5b452cfefcb145021f5a8ea88735cc1 with gcc (GCC) 8.1.0 all runs: crashed: WARNING in enter_vmx_operation # git bisect bad e61cf2e3a5b452cfefcb145021f5a8ea88735cc1 Bisecting: 177 revisions left to test after this (roughly 8 steps) [9a96d63aa83c629e0c71f377fea7066fcf66d765] Merge tag 'rpmsg-v4.19' of git://github.com/andersson/remoteproc testing commit 9a96d63aa83c629e0c71f377fea7066fcf66d765 with gcc (GCC) 8.1.0 all runs: OK # git bisect good 9a96d63aa83c629e0c71f377fea7066fcf66d765 Bisecting: 88 revisions left to test after this (roughly 7 steps) [28a1f3ac1d0c8558ee4453d9634dad891a6e922e] kvm: x86: Set highest physical address bits in non-present/reserved SPTEs testing commit 28a1f3ac1d0c8558ee4453d9634dad891a6e922e with gcc (GCC) 8.1.0 all runs: crashed: WARNING in enter_vmx_operation # git bisect bad 28a1f3ac1d0c8558ee4453d9634dad891a6e922e Bisecting: 44 revisions left to test after this (roughly 6 steps) [42522d08cdba6d8be4247e4f0770f39f4708b71f] KVM: MMU: drop vcpu param in gpte_access testing commit 42522d08cdba6d8be4247e4f0770f39f4708b71f with gcc (GCC) 8.1.0 all runs: crashed: WARNING in enter_vmx_operation # git bisect bad 42522d08cdba6d8be4247e4f0770f39f4708b71f Bisecting: 21 revisions left to test after this (roughly 5 steps) [2305339ee7129d9d56af3bdd4d59aff4d29ed390] kvm: selftests: create a GDT and TSS testing commit 2305339ee7129d9d56af3bdd4d59aff4d29ed390 with gcc (GCC) 8.1.0 all runs: OK # git bisect good 2305339ee7129d9d56af3bdd4d59aff4d29ed390 Bisecting: 10 revisions left to test after this (roughly 4 steps) [f792d2743ed4db9e96eff43bdc1e15dd441f19bf] KVM: nVMX: Introduce nested_cpu_has_shadow_vmcs() testing commit f792d2743ed4db9e96eff43bdc1e15dd441f19bf with gcc (GCC) 8.1.0 all runs: crashed: WARNING in free_loaded_vmcs # git bisect bad f792d2743ed4db9e96eff43bdc1e15dd441f19bf Bisecting: 5 revisions left to test after this (roughly 3 steps) [8fcc4b5923af5de58b80b53a069453b135693304] kvm: nVMX: Introduce KVM_CAP_NESTED_STATE testing commit 8fcc4b5923af5de58b80b53a069453b135693304 with gcc (GCC) 8.1.0 all runs: crashed: WARNING in free_loaded_vmcs # git bisect bad 8fcc4b5923af5de58b80b53a069453b135693304 Bisecting: 2 revisions left to test after this (roughly 1 step) [0a505fe6f272c5c1ceebbd266535ad79d9ca6920] kvm: selftests: ensure vcpu file is released testing commit 0a505fe6f272c5c1ceebbd266535ad79d9ca6920 with gcc (GCC) 8.1.0 all runs: OK # git bisect good 0a505fe6f272c5c1ceebbd266535ad79d9ca6920 Bisecting: 0 revisions left to test after this (roughly 1 step) [7f7f1ba33cf2c21d001821313088c231db42ff40] KVM: x86: do not load vmcs12 pages while still in SMM testing commit 7f7f1ba33cf2c21d001821313088c231db42ff40 with gcc (GCC) 8.1.0 all runs: OK # git bisect good 7f7f1ba33cf2c21d001821313088c231db42ff40 8fcc4b5923af5de58b80b53a069453b135693304 is the first bad commit commit 8fcc4b5923af5de58b80b53a069453b135693304 Author: Jim Mattson Date: Tue Jul 10 11:27:20 2018 +0200 kvm: nVMX: Introduce KVM_CAP_NESTED_STATE For nested virtualization L0 KVM is managing a bit of state for L2 guests, this state can not be captured through the currently available IOCTLs. In fact the state captured through all of these IOCTLs is usually a mix of L1 and L2 state. It is also dependent on whether the L2 guest was running at the moment when the process was interrupted to save its state. With this capability, there are two new vcpu ioctls: KVM_GET_NESTED_STATE and KVM_SET_NESTED_STATE. These can be used for saving and restoring a VM that is in VMX operation. Cc: Paolo Bonzini Cc: Radim Krčmář Cc: Thomas Gleixner Cc: Ingo Molnar Cc: H. Peter Anvin Cc: x86@kernel.org Cc: kvm@vger.kernel.org Cc: linux-kernel@vger.kernel.org Signed-off-by: Jim Mattson [karahmed@ - rename structs and functions and make them ready for AMD and address previous comments. - handle nested.smm state. - rebase & a bit of refactoring. - Merge 7/8 and 8/8 into one patch. ] Signed-off-by: KarimAllah Ahmed Signed-off-by: Paolo Bonzini :040000 040000 bebd2794f126798c6d96ae75a46e31951122400e 08957b9d318f822a2411e400e858725e3913a05a M Documentation :040000 040000 2b79a65cf06e4945a989b9526b8944230152c0c7 05543a51892598ffb73a3ab0cadee1dd023f2178 M arch :040000 040000 2d941a89cbd12a6b2a52456da84962d94e466dbe d817491cb9566552dae55cb943aeeccdb5ea985b M include revisions tested: 15, total time: 3h23m15.083684937s (build: 1h25m30.710863317s, test: 1h50m52.881876715s) first bad commit: 8fcc4b5923af5de58b80b53a069453b135693304 kvm: nVMX: Introduce KVM_CAP_NESTED_STATE cc: ["hpa@zytor.com" "jmattson@google.com" "karahmed@amazon.de" "kvm@vger.kernel.org" "linux-kernel@vger.kernel.org" "mingo@redhat.com" "pbonzini@redhat.com" "rkrcmar@redhat.com" "tglx@linutronix.de" "x86@kernel.org"] crash: WARNING in free_loaded_vmcs CR3 = 0x0000000000000000 RSP = 0x0000000000000f80 RIP = 0x0000000000008004 RFLAGS=0x00000002 DR7 = 0x0000000000000400 Sysenter RSP=0000000000000000 CS:RIP=0000:0000000000000000 CS: sel=0x0000, attr=0x08093, limit=0xffffffff, base=0x0000000000000000 WARNING: CPU: 1 PID: 8623 at arch/x86/kvm/vmx.c:4426 loaded_vmcs_clear arch/x86/kvm/vmx.c:1964 [inline] WARNING: CPU: 1 PID: 8623 at arch/x86/kvm/vmx.c:4426 free_loaded_vmcs+0x11b/0x160 arch/x86/kvm/vmx.c:4421 DS: sel=0x0000, attr=0x08093, limit=0xffffffff, base=0x0000000000000000 Kernel panic - not syncing: panic_on_warn set ... CPU: 1 PID: 8623 Comm: syz-executor2 Not tainted 4.18.0-rc6+ #1 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:77 [inline] dump_stack+0x16a/0x22a lib/dump_stack.c:113 panic+0x1c6/0x37d kernel/panic.c:184 SS: sel=0x0000, attr=0x08093, limit=0xffffffff, base=0x0000000000000000 __warn.cold.8+0x120/0x16c kernel/panic.c:536 ES: sel=0x0000, attr=0x08093, limit=0xffffffff, base=0x0000000000000000 report_bug+0x1a4/0x200 lib/bug.c:186 fixup_bug arch/x86/kernel/traps.c:178 [inline] do_error_trap+0x1fc/0x4d0 arch/x86/kernel/traps.c:296 FS: sel=0x0000, attr=0x08093, limit=0xffffffff, base=0x0000000000000000 GS: sel=0x0000, attr=0x08093, limit=0xffffffff, base=0x0000000000000000 do_invalid_op+0x1b/0x20 arch/x86/kernel/traps.c:316 invalid_op+0x14/0x20 arch/x86/entry/entry_64.S:992 RIP: 0010:free_loaded_vmcs+0x11b/0x160 arch/x86/kvm/vmx.c:4426 GDTR: limit=0x000007ff, base=0x0000000000001000 Code: c7 c6 90 ff 1a 81 e8 54 7c 4e 00 48 89 da 48 b8 00 00 00 00 00 fc ff df LDTR: sel=0x0008, attr=0x04082, limit=0x000007ff, base=0x0000000000001800 48 c1 ea 03 80 3c 02 00 75 3e 4c 8b 23 e9 IDTR: limit=0x00000000, base=0x0000000000000000 47 ff ff ff <0f> 0b eb c4 e8 8c 01 94 00 TR: sel=0x0000, attr=0x0008b, limit=0x0000ffff, base=0x0000000000000000 e9 2d ff ff ff e8 a2 01 94 00 e9 f2 fe EFER = 0x0000000000000000 PAT = 0x0007040600070406 RSP: 0018:ffff8801c249f358 EFLAGS: 00010286 RAX: dffffc0000000000 RBX: ffff8801c573de68 RCX: 0000000000000000 RDX: 1ffff10038ae7bce RSI: 0000000000000001 RDI: ffff8801c573de70 RBP: ffff8801c249f368 R08: ffffed0043fff5cd R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000000 R12: ffff8801c80c1000 R13: ffff8801c249f530 R14: ffffed0038493e8e R15: dffffc0000000000 DebugCtl = 0x0000000000000000 DebugExceptions = 0x0000000000000000 vmx_free_vcpu+0x19d/0x290 arch/x86/kvm/vmx.c:10304 kvm_arch_vcpu_free arch/x86/kvm/x86.c:8373 [inline] kvm_free_vcpus arch/x86/kvm/x86.c:8822 [inline] kvm_arch_destroy_vm+0x322/0x7e0 arch/x86/kvm/x86.c:8919 Interruptibility = 00000008 ActivityState = 00000000 *** Host State *** kvm_destroy_vm arch/x86/kvm/../../../virt/kvm/kvm_main.c:746 [inline] kvm_put_kvm+0x5b4/0xe00 arch/x86/kvm/../../../virt/kvm/kvm_main.c:767 RIP = 0xffffffff811d1805 RSP = 0xffff8801bc297350 CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040 FSBase=00007fdeca66f700 GSBase=ffff8801dae00000 TRBase=fffffe0000003000 kvm_vcpu_release+0x77/0xa0 arch/x86/kvm/../../../virt/kvm/kvm_main.c:2397 __fput+0x2eb/0x990 fs/file_table.c:209 GDTBase=fffffe0000001000 IDTBase=fffffe0000000000 ____fput+0x9/0x10 fs/file_table.c:243 CR0=0000000080050033 CR3=00000001bec64000 CR4=00000000001426f0 task_work_run+0x19f/0x250 kernel/task_work.c:113 get_signal+0x10e1/0x1490 kernel/signal.c:2298 Sysenter RSP=fffffe0000002200 CS:RIP=0010:ffffffff86a01380 EFER = 0x0000000000000d01 PAT = 0x0407050600070106 do_signal+0x9c/0x21c0 arch/x86/kernel/signal.c:816 *** Control State *** PinBased=0000003f CPUBased=b5986dfa SecondaryExec=000040ca exit_to_usermode_loop+0x1d1/0x310 arch/x86/entry/common.c:162 EntryControls=0000d1ff ExitControls=002fefff prepare_exit_to_usermode arch/x86/entry/common.c:197 [inline] syscall_return_slowpath arch/x86/entry/common.c:268 [inline] do_syscall_64+0x587/0x700 arch/x86/entry/common.c:293 ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000 entry_SYSCALL_64_after_hwframe+0x49/0xbe RIP: 0033:0x4571e9 VMEntry: intr_info=00000000 errcode=00000000 ilen=00000000 Code: fd b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 VMExit: intr_info=00000000 errcode=00000000 ilen=00000004 90 48 89 f8 48 89 f7 48 89 d6 48 89 reason=80000021 qualification=0000000000000000 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f IDTVectoring: info=00000000 errcode=00000000 05 <48> 3d 01 f0 ff ff 0f 83 cb b4 fb ff c3 TSC Offset = 0xffffffccbfad1988 66 2e 0f 1f 84 00 00 00 00 RSP: 002b:00007fd7cb213c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 EPT pointer = 0x00000001d087e01e RAX: fffffffffffffffc RBX: 00007fd7cb2146d4 RCX: 00000000004571e9 RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000005 RBP: 0000000000930140 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff R13: 00000000004cf500 R14: 00000000004c5826 R15: 0000000000000001 Kernel Offset: disabled Rebooting in 86400 seconds..