5.10.131-rc1 crash with int3: RIP 0010:xaddw_ax_dx+0x9/0x10 [kvm]

5.10.131-rc1 crash with int3: RIP 0010:xaddw_ax_dx+0x9/0x10 [kvm]

[Jinpu Wang]

Hi, all,

When I test with 5.10.131-rc1 with kvm-uint-tests on Intel Broadwell
and Skylake server, it panic also immediately with following call
trace:

[ 1867.769328] APIC base relocation is unsupported by KVM
[ 1895.977424] kvm: emulating exchange as write
[ 1895.979316] int3: 0000 [#1] SMP
[ 1895.979317] CPU: 40 PID: 14811 Comm: qemu-6.1 Kdump: loaded
Tainted: G           O      5.10.131-pserver
#5.10.131-1+feature+linux+5.10.y+20220712.1850+30f4172c~deb11
[ 1895.979317] Hardware name: Supermicro SBI-7228R-T2F2/B10DRT-IBF2,
BIOS 3.0a 03/05/2018
[ 1895.979318] RIP: 0010:xaddw_ax_dx+0x9/0x10 [kvm]
[ 1895.979318] Code: 00 0f bb d0 c3 cc cc cc cc 48 0f bb d0 c3 cc cc
cc cc 0f 1f 80 00 00 00 00 0f c0 d0 c3 cc cc cc cc 66 0f c1 d0 c3 cc
cc cc cc <0f> 1f 80 00 00 00 00 0f c1 d0 c3 cc cc cc cc 48 0f c1 d0 c3
cc cc
[ 1895.979319] RSP: 0018:ffffab6e63c6fd30 EFLAGS: 00000202
[ 1895.979320] RAX: 0000000089abcdef RBX: 0000000000000001 RCX: 0000000000000000
[ 1895.979321] RDX: 0000000076543210 RSI: ffffffffc0f3e4a0 RDI: 0000000000000200
[ 1895.979321] RBP: ffff997c29c214e0 R08: ffff997c29c214e0 R09: 0000000000000002
[ 1895.979321] R10: 0000000000000001 R11: 0000000000000000 R12: ffffffffc0f73540
[ 1895.979322] R13: 0000000000000000 R14: ffff997c29c214e0 R15: 0000000000000000
[ 1895.979322] FS:  00007fc44a5a3700(0000) GS:ffff999a7fc80000(0000)
knlGS:0000000000000000
[ 1895.979322] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 1895.979323] CR2: 0000000000000000 CR3: 000000012bf16004 CR4: 00000000003726e0
[ 1895.979324] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 1895.979324] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 1895.979325] Call Trace:
[ 1895.979325]  ? fastop+0x59/0xa0 [kvm]
[ 1895.979326]  ? x86_emulate_insn+0x73a/0xe00 [kvm]
[ 1895.979326]  ? x86_emulate_instruction+0x2d0/0x750 [kvm]
[ 1895.979326]  ? vmx_vcpu_load+0x21/0x70 [kvm_intel]
[ 1895.979327]  ? complete_emulated_mmio+0x236/0x310 [kvm]
[ 1895.979327]  ? kvm_arch_vcpu_ioctl_run+0x1744/0x1920 [kvm]
[ 1895.979327]  ? kvm_vcpu_ioctl+0x211/0x5a0 [kvm]
[ 1895.979328]  ? __fget_files+0x79/0xb0
[ 1895.979328]  ? __fget_files+0x79/0xb0
[ 1895.979328]  ? __x64_sys_ioctl+0x8b/0xc0
[ 1895.979329]  ? do_syscall_64+0x33/0x40
[ 1895.979329]  ? entry_SYSCALL_64_after_hwframe+0x61/0xc6
[ 1895.979329] Modules linked in: nfnetlink_cttimeout nft_nat
nft_counter nft_chain_nat nft_meta_bridge bridge openvswitch nsh
nf_conncount nf_nat dummy nf_log_ipv6 nf_log_ipv4 nf_log_common
nft_log nft_limit rnbd_client(O) intel_rapl_msr rtrs_client(O)
intel_rapl_common rtrs_core(O) ib_ipoib rdma_ucm rdma_cm iw_cm ib_cm
ib_umad sb_edac x86_pkg_temp_thermal coretemp kvm_intel mlx4_ib nft_ct
kvm nf_conntrack ib_uverbs nf_defrag_ipv6 ib_core nf_defrag_ipv4
irqbypass crc32_pclmul aesni_intel sd_mod libaes t10_pi crypto_simd
crc_t10dif nf_tables crct10dif_generic cryptd glue_helper
crct10dif_pclmul crct10dif_common vhost_net sg rapl intel_cstate
nfnetlink tun(O) ethoip6_pmtud(O) vhost vhost_iotlb ahci tap iTCO_wdt
libahci input_leds mei_me libata iTCO_vendor_support mlx4_core ioatdma
scsi_mod led_class watchdog evdev acpi_ipmi mei ipmi_si 8021q garp stp
mrp llc ipmi_devintf ipmi_msghandler acpi_power_meter acpi_pad button
fuse ip_tables x_tables autofs4 loop raid10 raid456 async_raid6_recov
[ 1895.979349]  async_memcpy async_pq async_xor async_tx xor raid6_pq
libcrc32c raid1 raid0 linear md_mod crc32c_intel igb i2c_i801
i2c_algo_bit i2c_smbus xhci_pci dca lpc_ich ptp i2c_core mfd_core
pps_core xhci_hcd

Is this bug known, any hint how to fix it?

Thanks!
Jinpu Wang @ IONOS

Re: 5.10.131-rc1 crash with int3: RIP 0010:xaddw_ax_dx+0x9/0x10 [kvm]

[Jinpu Wang]

On Wed, Jul 13, 2022 at 12:49 PM Jinpu Wang <jinpu.wang@ionos.com> wrote:
>
> Hi, all,
>
> When I test with 5.10.131-rc1 with kvm-uint-tests on Intel Broadwell
> and Skylake server, it panic also immediately with following call
> trace:
>
> [ 1867.769328] APIC base relocation is unsupported by KVM
> [ 1895.977424] kvm: emulating exchange as write
> [ 1895.979316] int3: 0000 [#1] SMP
> [ 1895.979317] CPU: 40 PID: 14811 Comm: qemu-6.1 Kdump: loaded
> Tainted: G           O      5.10.131-pserver
> #5.10.131-1+feature+linux+5.10.y+20220712.1850+30f4172c~deb11
> [ 1895.979317] Hardware name: Supermicro SBI-7228R-T2F2/B10DRT-IBF2,
> BIOS 3.0a 03/05/2018
> [ 1895.979318] RIP: 0010:xaddw_ax_dx+0x9/0x10 [kvm]
> [ 1895.979318] Code: 00 0f bb d0 c3 cc cc cc cc 48 0f bb d0 c3 cc cc
> cc cc 0f 1f 80 00 00 00 00 0f c0 d0 c3 cc cc cc cc 66 0f c1 d0 c3 cc
> cc cc cc <0f> 1f 80 00 00 00 00 0f c1 d0 c3 cc cc cc cc 48 0f c1 d0 c3
> cc cc
> [ 1895.979319] RSP: 0018:ffffab6e63c6fd30 EFLAGS: 00000202
> [ 1895.979320] RAX: 0000000089abcdef RBX: 0000000000000001 RCX: 0000000000000000
> [ 1895.979321] RDX: 0000000076543210 RSI: ffffffffc0f3e4a0 RDI: 0000000000000200
> [ 1895.979321] RBP: ffff997c29c214e0 R08: ffff997c29c214e0 R09: 0000000000000002
> [ 1895.979321] R10: 0000000000000001 R11: 0000000000000000 R12: ffffffffc0f73540
> [ 1895.979322] R13: 0000000000000000 R14: ffff997c29c214e0 R15: 0000000000000000
> [ 1895.979322] FS:  00007fc44a5a3700(0000) GS:ffff999a7fc80000(0000)
> knlGS:0000000000000000
> [ 1895.979322] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
> [ 1895.979323] CR2: 0000000000000000 CR3: 000000012bf16004 CR4: 00000000003726e0
> [ 1895.979324] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
> [ 1895.979324] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
> [ 1895.979325] Call Trace:
> [ 1895.979325]  ? fastop+0x59/0xa0 [kvm]
> [ 1895.979326]  ? x86_emulate_insn+0x73a/0xe00 [kvm]
> [ 1895.979326]  ? x86_emulate_instruction+0x2d0/0x750 [kvm]
> [ 1895.979326]  ? vmx_vcpu_load+0x21/0x70 [kvm_intel]
> [ 1895.979327]  ? complete_emulated_mmio+0x236/0x310 [kvm]
> [ 1895.979327]  ? kvm_arch_vcpu_ioctl_run+0x1744/0x1920 [kvm]
> [ 1895.979327]  ? kvm_vcpu_ioctl+0x211/0x5a0 [kvm]
> [ 1895.979328]  ? __fget_files+0x79/0xb0
> [ 1895.979328]  ? __fget_files+0x79/0xb0
> [ 1895.979328]  ? __x64_sys_ioctl+0x8b/0xc0
> [ 1895.979329]  ? do_syscall_64+0x33/0x40
> [ 1895.979329]  ? entry_SYSCALL_64_after_hwframe+0x61/0xc6
> [ 1895.979329] Modules linked in: nfnetlink_cttimeout nft_nat
> nft_counter nft_chain_nat nft_meta_bridge bridge openvswitch nsh
> nf_conncount nf_nat dummy nf_log_ipv6 nf_log_ipv4 nf_log_common
> nft_log nft_limit rnbd_client(O) intel_rapl_msr rtrs_client(O)
> intel_rapl_common rtrs_core(O) ib_ipoib rdma_ucm rdma_cm iw_cm ib_cm
> ib_umad sb_edac x86_pkg_temp_thermal coretemp kvm_intel mlx4_ib nft_ct
> kvm nf_conntrack ib_uverbs nf_defrag_ipv6 ib_core nf_defrag_ipv4
> irqbypass crc32_pclmul aesni_intel sd_mod libaes t10_pi crypto_simd
> crc_t10dif nf_tables crct10dif_generic cryptd glue_helper
> crct10dif_pclmul crct10dif_common vhost_net sg rapl intel_cstate
> nfnetlink tun(O) ethoip6_pmtud(O) vhost vhost_iotlb ahci tap iTCO_wdt
> libahci input_leds mei_me libata iTCO_vendor_support mlx4_core ioatdma
> scsi_mod led_class watchdog evdev acpi_ipmi mei ipmi_si 8021q garp stp
> mrp llc ipmi_devintf ipmi_msghandler acpi_power_meter acpi_pad button
> fuse ip_tables x_tables autofs4 loop raid10 raid456 async_raid6_recov
> [ 1895.979349]  async_memcpy async_pq async_xor async_tx xor raid6_pq
> libcrc32c raid1 raid0 linear md_mod crc32c_intel igb i2c_i801
> i2c_algo_bit i2c_smbus xhci_pci dca lpc_ich ptp i2c_core mfd_core
> pps_core xhci_hcd
>
> Is this bug known, any hint how to fix it?
I did more tests on different Servers, so far all the machine
checked(Skylake/Icelake/Haswell/Broadwell/EPYC) crash immediately
except AMD Opteron.
kvm-unit-tests succeeded without regression.


> Thanks!
> Jinpu Wang @ IONOS

Re: 5.10.131-rc1 crash with int3: RIP 0010:xaddw_ax_dx+0x9/0x10 [kvm]

[Greg Kroah-Hartman]

On Wed, Jul 13, 2022 at 02:26:44PM +0200, Jinpu Wang wrote:
> On Wed, Jul 13, 2022 at 12:49 PM Jinpu Wang <jinpu.wang@ionos.com> wrote:
> >
> > Hi, all,
> >
> > When I test with 5.10.131-rc1 with kvm-uint-tests on Intel Broadwell
> > and Skylake server, it panic also immediately with following call
> > trace:
> >
> > [ 1867.769328] APIC base relocation is unsupported by KVM
> > [ 1895.977424] kvm: emulating exchange as write
> > [ 1895.979316] int3: 0000 [#1] SMP
> > [ 1895.979317] CPU: 40 PID: 14811 Comm: qemu-6.1 Kdump: loaded
> > Tainted: G           O      5.10.131-pserver
> > #5.10.131-1+feature+linux+5.10.y+20220712.1850+30f4172c~deb11
> > [ 1895.979317] Hardware name: Supermicro SBI-7228R-T2F2/B10DRT-IBF2,
> > BIOS 3.0a 03/05/2018
> > [ 1895.979318] RIP: 0010:xaddw_ax_dx+0x9/0x10 [kvm]
> > [ 1895.979318] Code: 00 0f bb d0 c3 cc cc cc cc 48 0f bb d0 c3 cc cc
> > cc cc 0f 1f 80 00 00 00 00 0f c0 d0 c3 cc cc cc cc 66 0f c1 d0 c3 cc
> > cc cc cc <0f> 1f 80 00 00 00 00 0f c1 d0 c3 cc cc cc cc 48 0f c1 d0 c3
> > cc cc
> > [ 1895.979319] RSP: 0018:ffffab6e63c6fd30 EFLAGS: 00000202
> > [ 1895.979320] RAX: 0000000089abcdef RBX: 0000000000000001 RCX: 0000000000000000
> > [ 1895.979321] RDX: 0000000076543210 RSI: ffffffffc0f3e4a0 RDI: 0000000000000200
> > [ 1895.979321] RBP: ffff997c29c214e0 R08: ffff997c29c214e0 R09: 0000000000000002
> > [ 1895.979321] R10: 0000000000000001 R11: 0000000000000000 R12: ffffffffc0f73540
> > [ 1895.979322] R13: 0000000000000000 R14: ffff997c29c214e0 R15: 0000000000000000
> > [ 1895.979322] FS:  00007fc44a5a3700(0000) GS:ffff999a7fc80000(0000)
> > knlGS:0000000000000000
> > [ 1895.979322] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
> > [ 1895.979323] CR2: 0000000000000000 CR3: 000000012bf16004 CR4: 00000000003726e0
> > [ 1895.979324] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
> > [ 1895.979324] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
> > [ 1895.979325] Call Trace:
> > [ 1895.979325]  ? fastop+0x59/0xa0 [kvm]
> > [ 1895.979326]  ? x86_emulate_insn+0x73a/0xe00 [kvm]
> > [ 1895.979326]  ? x86_emulate_instruction+0x2d0/0x750 [kvm]
> > [ 1895.979326]  ? vmx_vcpu_load+0x21/0x70 [kvm_intel]
> > [ 1895.979327]  ? complete_emulated_mmio+0x236/0x310 [kvm]
> > [ 1895.979327]  ? kvm_arch_vcpu_ioctl_run+0x1744/0x1920 [kvm]
> > [ 1895.979327]  ? kvm_vcpu_ioctl+0x211/0x5a0 [kvm]
> > [ 1895.979328]  ? __fget_files+0x79/0xb0
> > [ 1895.979328]  ? __fget_files+0x79/0xb0
> > [ 1895.979328]  ? __x64_sys_ioctl+0x8b/0xc0
> > [ 1895.979329]  ? do_syscall_64+0x33/0x40
> > [ 1895.979329]  ? entry_SYSCALL_64_after_hwframe+0x61/0xc6
> > [ 1895.979329] Modules linked in: nfnetlink_cttimeout nft_nat
> > nft_counter nft_chain_nat nft_meta_bridge bridge openvswitch nsh
> > nf_conncount nf_nat dummy nf_log_ipv6 nf_log_ipv4 nf_log_common
> > nft_log nft_limit rnbd_client(O) intel_rapl_msr rtrs_client(O)
> > intel_rapl_common rtrs_core(O) ib_ipoib rdma_ucm rdma_cm iw_cm ib_cm
> > ib_umad sb_edac x86_pkg_temp_thermal coretemp kvm_intel mlx4_ib nft_ct
> > kvm nf_conntrack ib_uverbs nf_defrag_ipv6 ib_core nf_defrag_ipv4
> > irqbypass crc32_pclmul aesni_intel sd_mod libaes t10_pi crypto_simd
> > crc_t10dif nf_tables crct10dif_generic cryptd glue_helper
> > crct10dif_pclmul crct10dif_common vhost_net sg rapl intel_cstate
> > nfnetlink tun(O) ethoip6_pmtud(O) vhost vhost_iotlb ahci tap iTCO_wdt
> > libahci input_leds mei_me libata iTCO_vendor_support mlx4_core ioatdma
> > scsi_mod led_class watchdog evdev acpi_ipmi mei ipmi_si 8021q garp stp
> > mrp llc ipmi_devintf ipmi_msghandler acpi_power_meter acpi_pad button
> > fuse ip_tables x_tables autofs4 loop raid10 raid456 async_raid6_recov
> > [ 1895.979349]  async_memcpy async_pq async_xor async_tx xor raid6_pq
> > libcrc32c raid1 raid0 linear md_mod crc32c_intel igb i2c_i801
> > i2c_algo_bit i2c_smbus xhci_pci dca lpc_ich ptp i2c_core mfd_core
> > pps_core xhci_hcd
> >
> > Is this bug known, any hint how to fix it?
> I did more tests on different Servers, so far all the machine
> checked(Skylake/Icelake/Haswell/Broadwell/EPYC) crash immediately
> except AMD Opteron.
> kvm-unit-tests succeeded without regression.

Same issue on Linus's tree right now as well?  Or does that pass just
fine?

thanks,

greg k-h

Re: 5.10.131-rc1 crash with int3: RIP 0010:xaddw_ax_dx+0x9/0x10 [kvm]

[Jinpu Wang]

On Wed, Jul 13, 2022 at 3:01 PM Greg Kroah-Hartman
<gregkh@linuxfoundation.org> wrote:
>
> On Wed, Jul 13, 2022 at 02:26:44PM +0200, Jinpu Wang wrote:
> > On Wed, Jul 13, 2022 at 12:49 PM Jinpu Wang <jinpu.wang@ionos.com> wrote:
> > >
> > > Hi, all,
> > >
> > > When I test with 5.10.131-rc1 with kvm-uint-tests on Intel Broadwell
> > > and Skylake server, it panic also immediately with following call
> > > trace:
> > >
> > > [ 1867.769328] APIC base relocation is unsupported by KVM
> > > [ 1895.977424] kvm: emulating exchange as write
> > > [ 1895.979316] int3: 0000 [#1] SMP
> > > [ 1895.979317] CPU: 40 PID: 14811 Comm: qemu-6.1 Kdump: loaded
> > > Tainted: G           O      5.10.131-pserver
> > > #5.10.131-1+feature+linux+5.10.y+20220712.1850+30f4172c~deb11
> > > [ 1895.979317] Hardware name: Supermicro SBI-7228R-T2F2/B10DRT-IBF2,
> > > BIOS 3.0a 03/05/2018
> > > [ 1895.979318] RIP: 0010:xaddw_ax_dx+0x9/0x10 [kvm]
> > > [ 1895.979318] Code: 00 0f bb d0 c3 cc cc cc cc 48 0f bb d0 c3 cc cc
> > > cc cc 0f 1f 80 00 00 00 00 0f c0 d0 c3 cc cc cc cc 66 0f c1 d0 c3 cc
> > > cc cc cc <0f> 1f 80 00 00 00 00 0f c1 d0 c3 cc cc cc cc 48 0f c1 d0 c3
> > > cc cc
> > > [ 1895.979319] RSP: 0018:ffffab6e63c6fd30 EFLAGS: 00000202
> > > [ 1895.979320] RAX: 0000000089abcdef RBX: 0000000000000001 RCX: 0000000000000000
> > > [ 1895.979321] RDX: 0000000076543210 RSI: ffffffffc0f3e4a0 RDI: 0000000000000200
> > > [ 1895.979321] RBP: ffff997c29c214e0 R08: ffff997c29c214e0 R09: 0000000000000002
> > > [ 1895.979321] R10: 0000000000000001 R11: 0000000000000000 R12: ffffffffc0f73540
> > > [ 1895.979322] R13: 0000000000000000 R14: ffff997c29c214e0 R15: 0000000000000000
> > > [ 1895.979322] FS:  00007fc44a5a3700(0000) GS:ffff999a7fc80000(0000)
> > > knlGS:0000000000000000
> > > [ 1895.979322] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
> > > [ 1895.979323] CR2: 0000000000000000 CR3: 000000012bf16004 CR4: 00000000003726e0
> > > [ 1895.979324] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
> > > [ 1895.979324] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
> > > [ 1895.979325] Call Trace:
> > > [ 1895.979325]  ? fastop+0x59/0xa0 [kvm]
> > > [ 1895.979326]  ? x86_emulate_insn+0x73a/0xe00 [kvm]
> > > [ 1895.979326]  ? x86_emulate_instruction+0x2d0/0x750 [kvm]
> > > [ 1895.979326]  ? vmx_vcpu_load+0x21/0x70 [kvm_intel]
> > > [ 1895.979327]  ? complete_emulated_mmio+0x236/0x310 [kvm]
> > > [ 1895.979327]  ? kvm_arch_vcpu_ioctl_run+0x1744/0x1920 [kvm]
> > > [ 1895.979327]  ? kvm_vcpu_ioctl+0x211/0x5a0 [kvm]
> > > [ 1895.979328]  ? __fget_files+0x79/0xb0
> > > [ 1895.979328]  ? __fget_files+0x79/0xb0
> > > [ 1895.979328]  ? __x64_sys_ioctl+0x8b/0xc0
> > > [ 1895.979329]  ? do_syscall_64+0x33/0x40
> > > [ 1895.979329]  ? entry_SYSCALL_64_after_hwframe+0x61/0xc6
> > > [ 1895.979329] Modules linked in: nfnetlink_cttimeout nft_nat
> > > nft_counter nft_chain_nat nft_meta_bridge bridge openvswitch nsh
> > > nf_conncount nf_nat dummy nf_log_ipv6 nf_log_ipv4 nf_log_common
> > > nft_log nft_limit rnbd_client(O) intel_rapl_msr rtrs_client(O)
> > > intel_rapl_common rtrs_core(O) ib_ipoib rdma_ucm rdma_cm iw_cm ib_cm
> > > ib_umad sb_edac x86_pkg_temp_thermal coretemp kvm_intel mlx4_ib nft_ct
> > > kvm nf_conntrack ib_uverbs nf_defrag_ipv6 ib_core nf_defrag_ipv4
> > > irqbypass crc32_pclmul aesni_intel sd_mod libaes t10_pi crypto_simd
> > > crc_t10dif nf_tables crct10dif_generic cryptd glue_helper
> > > crct10dif_pclmul crct10dif_common vhost_net sg rapl intel_cstate
> > > nfnetlink tun(O) ethoip6_pmtud(O) vhost vhost_iotlb ahci tap iTCO_wdt
> > > libahci input_leds mei_me libata iTCO_vendor_support mlx4_core ioatdma
> > > scsi_mod led_class watchdog evdev acpi_ipmi mei ipmi_si 8021q garp stp
> > > mrp llc ipmi_devintf ipmi_msghandler acpi_power_meter acpi_pad button
> > > fuse ip_tables x_tables autofs4 loop raid10 raid456 async_raid6_recov
> > > [ 1895.979349]  async_memcpy async_pq async_xor async_tx xor raid6_pq
> > > libcrc32c raid1 raid0 linear md_mod crc32c_intel igb i2c_i801
> > > i2c_algo_bit i2c_smbus xhci_pci dca lpc_ich ptp i2c_core mfd_core
> > > pps_core xhci_hcd
> > >
> > > Is this bug known, any hint how to fix it?
> > I did more tests on different Servers, so far all the machine
> > checked(Skylake/Icelake/Haswell/Broadwell/EPYC) crash immediately
> > except AMD Opteron.
> > kvm-unit-tests succeeded without regression.
>
> Same issue on Linus's tree right now as well?  Or does that pass just
> fine?

Hi Greg,

I haven't try linus tree, but just tried 5.15.55-rc1 on Intel Skylake,
it crashed the same.

I will give Linus tree a try.

[  595.288068] int3: 0000 [#1] SMP
[  595.288071] CPU: 24 PID: 12867 Comm: qemu-6.1 Kdump: loaded Not
tainted 5.15.55-pserver
#5.15.55-1+feature+linux+5.15.y+20220713.1149+0bd5963c~deb11
[  595.288074] Hardware name: Supermicro Super Server/X11DDW-L, BIOS
3.3 02/21/2020
[  595.288075] RIP: 0010:xaddw_ax_dx+0x9/0x10 [kvm]
[  595.288122] Code: 00 0f bb d0 c3 cc cc cc cc 48 0f bb d0 c3 cc cc
cc cc 0f 1f 80 00 00 00 00 0f c0 d0 c3 cc cc cc cc 66 0f c1 d0 c3 cc
cc cc cc <0f> 1f 80 00 00 00 00 0f c1 d0 c3 cc cc cc cc 48 0f c1 d0 c3
cc cc
[  595.288124] RSP: 0018:ffffafeba44fbd18 EFLAGS: 00000202
[  595.288126] RAX: 0000000089abcdef RBX: 0000000000000001 RCX: 0000000000000000
[  595.288127] RDX: 0000000076543210 RSI: ffffffffc0d5fef0 RDI: 0000000000000200
[  595.288128] RBP: ffff8d9ddb230a70 R08: ffff8d9ddb230a70 R09: 0000000000000002
[  595.288129] R10: 0000000000000001 R11: 0000000000000000 R12: ffffffffc0d97e00
[  595.288129] R13: 0000000000000000 R14: 0000000000000000 R15: ffff8d9ddb230a70
[  595.288130] FS:  00007fa743dff700(0000) GS:ffff8dccff800000(0000)
knlGS:0000000000000000
[  595.288132] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  595.288133] CR2: 0000000000000000 CR3: 0000003061f2f002 CR4: 00000000007726e0
[  595.288134] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[  595.288134] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[  595.288135] PKRU: 55555554
[  595.288136] Call Trace:


>
> thanks,
>
> greg k-h

Thanks!

Re: 5.10.131-rc1 crash with int3: RIP 0010:xaddw_ax_dx+0x9/0x10 [kvm]

[Sean Christopherson]

On Wed, Jul 13, 2022, Jinpu Wang wrote:
> On Wed, Jul 13, 2022 at 3:01 PM Greg Kroah-Hartman
> <gregkh@linuxfoundation.org> wrote:
> >
> > On Wed, Jul 13, 2022 at 02:26:44PM +0200, Jinpu Wang wrote:
> > > On Wed, Jul 13, 2022 at 12:49 PM Jinpu Wang <jinpu.wang@ionos.com> wrote:
> > > > #5.10.131-1+feature+linux+5.10.y+20220712.1850+30f4172c~deb11

...

> > > > [ 1895.979325] Call Trace:
> > > > [ 1895.979325]  ? fastop+0x59/0xa0 [kvm]
> > > > [ 1895.979326]  ? x86_emulate_insn+0x73a/0xe00 [kvm]
> > > > [ 1895.979326]  ? x86_emulate_instruction+0x2d0/0x750 [kvm]
> > > > [ 1895.979326]  ? vmx_vcpu_load+0x21/0x70 [kvm_intel]
> > > > [ 1895.979327]  ? complete_emulated_mmio+0x236/0x310 [kvm]
> > > > [ 1895.979327]  ? kvm_arch_vcpu_ioctl_run+0x1744/0x1920 [kvm]
> > > > [ 1895.979327]  ? kvm_vcpu_ioctl+0x211/0x5a0 [kvm]
> > > > [ 1895.979328]  ? __fget_files+0x79/0xb0
> > > > [ 1895.979328]  ? __fget_files+0x79/0xb0
> > > > [ 1895.979328]  ? __x64_sys_ioctl+0x8b/0xc0
> > > > [ 1895.979329]  ? do_syscall_64+0x33/0x40
> > > > [ 1895.979329]  ? entry_SYSCALL_64_after_hwframe+0x61/0xc6

...

> > > > Is this bug known, any hint how to fix it?
> > > I did more tests on different Servers, so far all the machine
> > > checked(Skylake/Icelake/Haswell/Broadwell/EPYC) crash immediately
> > > except AMD Opteron.
> > > kvm-unit-tests succeeded without regression.
> >
> > Same issue on Linus's tree right now as well?  Or does that pass just
> > fine?
> 
> Hi Greg,
> 
> I haven't try linus tree, but just tried 5.15.55-rc1 on Intel Skylake,
> it crashed the same.
> 
> I will give Linus tree a try.

Looks like fastop() got broken by the retbleed mitigations, i.e. this isn't unique
to stable trees.

https://lore.kernel.org/all/20220713171241.184026-1-cascardo@canonical.com

Re: 5.10.131-rc1 crash with int3: RIP 0010:xaddw_ax_dx+0x9/0x10 [kvm]

[Jinpu Wang]

On Wed, Jul 13, 2022 at 11:11 PM Sean Christopherson <seanjc@google.com> wrote:
>
> On Wed, Jul 13, 2022, Jinpu Wang wrote:
> > On Wed, Jul 13, 2022 at 3:01 PM Greg Kroah-Hartman
> > <gregkh@linuxfoundation.org> wrote:
> > >
> > > On Wed, Jul 13, 2022 at 02:26:44PM +0200, Jinpu Wang wrote:
> > > > On Wed, Jul 13, 2022 at 12:49 PM Jinpu Wang <jinpu.wang@ionos.com> wrote:
> > > > > #5.10.131-1+feature+linux+5.10.y+20220712.1850+30f4172c~deb11
>
> ...
>
> > > > > [ 1895.979325] Call Trace:
> > > > > [ 1895.979325]  ? fastop+0x59/0xa0 [kvm]
> > > > > [ 1895.979326]  ? x86_emulate_insn+0x73a/0xe00 [kvm]
> > > > > [ 1895.979326]  ? x86_emulate_instruction+0x2d0/0x750 [kvm]
> > > > > [ 1895.979326]  ? vmx_vcpu_load+0x21/0x70 [kvm_intel]
> > > > > [ 1895.979327]  ? complete_emulated_mmio+0x236/0x310 [kvm]
> > > > > [ 1895.979327]  ? kvm_arch_vcpu_ioctl_run+0x1744/0x1920 [kvm]
> > > > > [ 1895.979327]  ? kvm_vcpu_ioctl+0x211/0x5a0 [kvm]
> > > > > [ 1895.979328]  ? __fget_files+0x79/0xb0
> > > > > [ 1895.979328]  ? __fget_files+0x79/0xb0
> > > > > [ 1895.979328]  ? __x64_sys_ioctl+0x8b/0xc0
> > > > > [ 1895.979329]  ? do_syscall_64+0x33/0x40
> > > > > [ 1895.979329]  ? entry_SYSCALL_64_after_hwframe+0x61/0xc6
>
> ...
>
> > > > > Is this bug known, any hint how to fix it?
> > > > I did more tests on different Servers, so far all the machine
> > > > checked(Skylake/Icelake/Haswell/Broadwell/EPYC) crash immediately
> > > > except AMD Opteron.
> > > > kvm-unit-tests succeeded without regression.
> > >
> > > Same issue on Linus's tree right now as well?  Or does that pass just
> > > fine?
> >
> > Hi Greg,
> >
> > I haven't try linus tree, but just tried 5.15.55-rc1 on Intel Skylake,
> > it crashed the same.
> >
> > I will give Linus tree a try.
>
> Looks like fastop() got broken by the retbleed mitigations, i.e. this isn't unique
> to stable trees.
>
> https://lore.kernel.org/all/20220713171241.184026-1-cascardo@canonical.com
Hi Sean,

Thanks for the link, I will give it a try, to apply to kernel  5.10, I
adapted it a bit to

diff --git a/arch/x86/kvm/emulate.c b/arch/x86/kvm/emulate.c
index 59e5d79f5c34..aa7b5adac633 100644
--- a/arch/x86/kvm/emulate.c
+++ b/arch/x86/kvm/emulate.c
@@ -189,7 +189,7 @@
 #define X16(x...) X8(x), X8(x)

 #define NR_FASTOP (ilog2(sizeof(ulong)) + 1)
-#define FASTOP_SIZE 8
+#define FASTOP_SIZE (8 * (1 + (IS_ENABLED(CONFIG_RETHUNK))))

 struct opcode {
        u64 flags : 56;

With it, kvm-unit-tests is working again, no gression found.

Thanks!