Greeting, FYI, we noticed the following commit (built with gcc-9): commit: 54244a5dd79183120f8c5f26d3a89f3966b48022 ("[PATCH 7/7] KVM: x86/pmu: Setup the {inte|amd}_event_mapping[] when hardware_setup") url: https://github.com/0day-ci/linux/commits/Like-Xu/KVM-x86-pmu-Four-functional-fixes/20211112-175332 base: https://git.kernel.org/cgit/virt/kvm/kvm.git queue patch link: https://lore.kernel.org/kvm/20211112095139.21775-8-likexu@tencent.com in testcase: kvm-unit-tests version: kvm-unit-tests-x86_64-49934b5-1_20211109 with following parameters: ucode: 0x28 on test machine: 8 threads 1 sockets Intel(R) Core(TM) i7-4790T CPU @ 2.70GHz with 16G memory caused below changes (please refer to attached dmesg/kmsg for entire log/backtrace): If you fix the issue, kindly add following tag Reported-by: kernel test robot [ 84.771702][ T4365] BUG: KASAN: stack-out-of-bounds in _find_first_bit (lib/find_bit.c:83) [ 84.780637][ T4365] Read of size 8 at addr ffffc9000c60f8f8 by task qemu-system-x86/4365 [ 84.790296][ T4365] [ 84.794004][ T4365] CPU: 0 PID: 4365 Comm: qemu-system-x86 Not tainted 5.15.0-rc2-00208-g54244a5dd791 #1 [ 84.805011][ T4365] Hardware name: Gigabyte Technology Co., Ltd. Z97X-UD5H/Z97X-UD5H, BIOS F9 04/21/2015 [ 84.816034][ T4365] Call Trace: [ 84.820699][ T4365] dump_stack_lvl (lib/dump_stack.c:107) [ 84.826539][ T4365] print_address_description+0x21/0x140 [ 84.834470][ T4365] ? _find_first_bit (lib/find_bit.c:83) [ 84.840512][ T4365] kasan_report.cold (mm/kasan/report.c:443 mm/kasan/report.c:459) [ 84.846572][ T4365] ? _find_first_bit (lib/find_bit.c:83) [ 84.852560][ T4365] _find_first_bit (lib/find_bit.c:83) [ 84.858377][ T4365] intel_pmu_refresh (arch/x86/kvm/vmx/pmu_intel.c:513 (discriminator 3) arch/x86/kvm/vmx/pmu_intel.c:553 (discriminator 3)) kvm_intel [ 84.865539][ T4365] ? __kernel_text_address (kernel/extable.c:105) [ 84.871885][ T4365] ? vmemdup_user (mm/util.c:200) [ 84.877581][ T4365] ? intel_msr_idx_to_pmc (arch/x86/kvm/vmx/pmu_intel.c:518) kvm_intel [ 84.885068][ T4365] ? arch_stack_walk (arch/x86/kernel/stacktrace.c:26) [ 84.890932][ T4365] ? kasan_unpoison (mm/kasan/shadow.c:108 mm/kasan/shadow.c:142) [ 84.896629][ T4365] kvm_vcpu_after_set_cpuid (arch/x86/kvm/cpuid.c:1125 arch/x86/kvm/cpuid.h:77 arch/x86/kvm/cpuid.h:89 arch/x86/kvm/cpuid.c:204) kvm [ 84.903810][ T4365] kvm_vcpu_ioctl_set_cpuid2 (arch/x86/kvm/cpuid.c:327) kvm [ 84.910961][ T4365] kvm_arch_vcpu_ioctl (arch/x86/kvm/x86.c:5208) kvm [ 84.917710][ T4365] ? kmem_cache_alloc (mm/slab.h:520 mm/slub.c:3206 mm/slub.c:3214 mm/slub.c:3219) [ 84.923632][ T4365] ? vm_area_alloc (kernel/fork.c:349) [ 84.929232][ T4365] ? mmap_region (mm/mmap.c:1767) [ 84.934827][ T4365] ? do_mmap (mm/mmap.c:1575) [ 84.939958][ T4365] ? vm_mmap_pgoff (mm/util.c:519) [ 84.945616][ T4365] ? ksys_mmap_pgoff (mm/mmap.c:1624) [ 84.951437][ T4365] ? kvm_arch_vcpu_put (arch/x86/kvm/x86.c:5124) kvm [ 84.957991][ T4365] ? rmqueue_bulk (mm/page_alloc.c:3677) [ 84.963736][ T4365] ? kernel_init_free_pages+0xc7/0x1c0 [ 84.970700][ T4365] ? prep_new_page (mm/page_alloc.c:1267 mm/page_alloc.c:2414 mm/page_alloc.c:2424) [ 84.976358][ T4365] ? get_page_from_freelist (mm/page_alloc.c:4159) [ 84.982821][ T4365] ? mem_cgroup_oom_trylock (mm/memcontrol.c:2531) [ 84.989391][ T4365] ? __alloc_pages_slowpath+0x1fc0/0x1fc0 [ 84.997091][ T4365] ? __mod_memcg_lruvec_state (mm/memcontrol.c:684) [ 85.003658][ T4365] ? __mod_lruvec_page_state (arch/x86/include/asm/preempt.h:85 include/linux/rcupdate.h:73 include/linux/rcupdate.h:719 mm/memcontrol.c:729) [ 85.010244][ T4365] ? pagevec_add_and_need_flush (arch/x86/include/asm/atomic.h:29 include/linux/atomic/atomic-instrumented.h:28 include/linux/swap.h:355 mm/swap.c:223 mm/swap.c:218) [ 85.016966][ T4365] ? mutex_lock_killable (arch/x86/include/asm/atomic64_64.h:190 include/linux/atomic/atomic-long.h:443 include/linux/atomic/atomic-instrumented.h:1669 kernel/locking/mutex.c:165 kernel/locking/mutex.c:949) [ 85.023061][ T4365] ? __mutex_lock_killable_slowpath (kernel/locking/mutex.c:946) [ 85.030041][ T4365] kvm_vcpu_ioctl (arch/x86/kvm/../../../virt/kvm/kvm_main.c:3747) kvm [ 85.036224][ T4365] ? fiemap_prep (fs/ioctl.c:778) [ 85.041714][ T4365] ? kvm_set_memory_region (arch/x86/kvm/../../../virt/kvm/kvm_main.c:3743) kvm [ 85.048494][ T4365] ? copy_page_range (mm/memory.c:4609) [ 85.054537][ T4365] ? __might_fault (mm/memory.c:5263) [ 85.060056][ T4365] ? down_read_trylock (arch/x86/include/asm/atomic64_64.h:34 include/linux/atomic/atomic-long.h:41 include/linux/atomic/atomic-instrumented.h:1198 kernel/locking/rwsem.c:171 kernel/locking/rwsem.c:176 kernel/locking/rwsem.c:1249 kernel/locking/rwsem.c:1503) [ 85.066011][ T4365] ? __fget_files (fs/file.c:865) [ 85.071629][ T4365] __x64_sys_ioctl (fs/ioctl.c:52 fs/ioctl.c:874 fs/ioctl.c:860 fs/ioctl.c:860) [ 85.077309][ T4365] do_syscall_64 (arch/x86/entry/common.c:50 arch/x86/entry/common.c:80) [ 85.082620][ T4365] entry_SYSCALL_64_after_hwframe (arch/x86/entry/entry_64.S:113) [ 85.089453][ T4365] RIP: 0033:0x7f06dc8f1427 [ 85.094794][ T4365] Code: 00 00 90 48 8b 05 69 aa 0c 00 64 c7 00 26 00 00 00 48 c7 c0 ff ff ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 b8 10 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 8b 0d 39 aa 0c 00 f7 d8 64 89 01 48 All code ======== 0: 00 00 add %al,(%rax) 2: 90 nop 3: 48 8b 05 69 aa 0c 00 mov 0xcaa69(%rip),%rax # 0xcaa73 a: 64 c7 00 26 00 00 00 movl $0x26,%fs:(%rax) 11: 48 c7 c0 ff ff ff ff mov $0xffffffffffffffff,%rax 18: c3 retq 19: 66 2e 0f 1f 84 00 00 nopw %cs:0x0(%rax,%rax,1) 20: 00 00 00 23: b8 10 00 00 00 mov $0x10,%eax 28: 0f 05 syscall 2a:* 48 3d 01 f0 ff ff cmp $0xfffffffffffff001,%rax <-- trapping instruction 30: 73 01 jae 0x33 32: c3 retq 33: 48 8b 0d 39 aa 0c 00 mov 0xcaa39(%rip),%rcx # 0xcaa73 3a: f7 d8 neg %eax 3c: 64 89 01 mov %eax,%fs:(%rcx) 3f: 48 rex.W Code starting with the faulting instruction =========================================== 0: 48 3d 01 f0 ff ff cmp $0xfffffffffffff001,%rax 6: 73 01 jae 0x9 8: c3 retq 9: 48 8b 0d 39 aa 0c 00 mov 0xcaa39(%rip),%rcx # 0xcaa49 10: f7 d8 neg %eax 12: 64 89 01 mov %eax,%fs:(%rcx) 15: 48 rex.W [ 85.116510][ T4365] RSP: 002b:00007f06d9f6c558 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 85.125943][ T4365] RAX: ffffffffffffffda RBX: 000000004008ae90 RCX: 00007f06dc8f1427 [ 85.134961][ T4365] RDX: 00007f06d9f6c6d0 RSI: 000000004008ae90 RDI: 000000000000000e [ 85.143958][ T4365] RBP: 00007f06d9f6c6d0 R08: 000000000000000c R09: 0000000000000000 [ 85.152953][ T4365] R10: 0000000000000000 R11: 0000000000000246 R12: 000055b6978d4620 [ 85.161952][ T4365] R13: 0000000000000020 R14: 000055b6978d4620 R15: 0000000000000022 [ 85.170960][ T4365] [ 85.174322][ T4365] [ 85.177658][ T4365] addr ffffc9000c60f8f8 is located in stack of task qemu-system-x86/4365 at offset 48 in frame: [ 85.189115][ T4365] intel_pmu_refresh (arch/x86/kvm/vmx/pmu_intel.c:518) kvm_intel [ 85.195987][ T4365] [ 85.199373][ T4365] this frame has 2 objects: [ 85.204920][ T4365] [48, 52) 'avail_cpuid_events' [ 85.204922][ T4365] [64, 92) 'x86_pmu' [ 85.210898][ T4365] [ 85.219235][ T4365] Memory state around the buggy address: [ 85.225867][ T4365] ffffc9000c60f780: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 85.234910][ T4365] ffffc9000c60f800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 85.243951][ T4365] >ffffc9000c60f880: 00 00 00 00 00 00 00 00 00 f1 f1 f1 f1 f1 f1 04 [ 85.252982][ T4365] ^ [ 85.261951][ T4365] ffffc9000c60f900: f2 00 00 00 04 f3 f3 f3 f3 00 00 00 00 00 00 00 [ 85.270999][ T4365] ffffc9000c60f980: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 85.280044][ T4365] ================================================================== [ 85.289098][ T4365] Disabling lock debugging due to kernel taint [ 95.394905][ T375] IPMI BMC is not supported on this machine, skip bmc-watchdog setup! [ 95.394916][ T375] [ 97.539025][ T375] [ 97.555987][ T375] [ 99.429527][ T375] [ 101.300244][ T375] [ 103.169726][ T375] [ 105.510268][ T375] [ 107.393317][ T5543] kvm: emulating exchange as write [ 107.481028][ T375] [ 109.383408][ T375] [ 111.259366][ T375] [ 113.128375][ T375] [ 115.008256][ T375] [ 116.886251][ T375] [ 119.219491][ T375] [ 122.445594][ T375] [ 124.341055][ T375] [ 126.072608][ T375] [ 129.915795][ T375] [ 131.824177][ T375] [ 138.705573][ T375] [ 140.580108][ T375] [ 142.455213][ T375] [ 144.326085][ T375] [ 146.221456][ T375] [ 148.105465][ T375] [ 150.001780][ T375] [ 150.013556][ T375] [ 150.024507][ T375] [ 155.625268][ T375] [ 157.506774][ T375] [ 159.384324][ T375] [ 161.257915][ T375] [ 163.132870][ T375] [ 165.008923][ T375] [ 165.020671][ T375] [ 167.307168][T10789] kvm [10786]: vcpu0, guest rIP: 0x4091d8 vmx_set_msr: BTF|LBR in IA32_DEBUGCTLMSR 0x3, nop [ 167.320146][T10789] kvm [10786]: vcpu0, guest rIP: 0x409277 vmx_set_msr: BTF|LBR in IA32_DEBUGCTLMSR 0x3, nop [ 179.394522][ T375] [ 181.402357][ T375] [ 183.369745][ T375] [ 185.345571][ T375] [ 187.293076][ T375] [ 189.262862][ T375] [ 191.364860][ T375] [ 193.434728][ T375] To reproduce: git clone https://github.com/intel/lkp-tests.git cd lkp-tests sudo bin/lkp install job.yaml # job file is attached in this email bin/lkp split-job --compatible job.yaml # generate the yaml file for lkp run sudo bin/lkp run generated-yaml-file # if come across any failure that blocks the test, # please remove ~/.lkp and /lkp dir to run from a clean state. --- 0DAY/LKP+ Test Infrastructure Open Source Technology Center https://lists.01.org/hyperkitty/list/lkp@lists.01.org Intel Corporation Thanks, Oliver Sang