f29e5659044d starts bisection 2026-03-19 05:28:37.549838905 +0000 UTC m=+76.007051939 bisecting cause commit starting from 5ee8dbf54602dc340d6235b1d6aa17c0f283f48c building syzkaller on HEAD ensuring issue is reproducible on original commit 5ee8dbf54602dc340d6235b1d6aa17c0f283f48c testing commit 5ee8dbf54602dc340d6235b1d6aa17c0f283f48c gcc compiler: gcc (Ubuntu 11.5.0-1ubuntu1~24.04) 11.5.0, GNU ld (GNU Binutils for Ubuntu) 2.42 kernel signature: c7a11c95bf09e6110c164e24028ec7e3c25ca6028a33ba77afa00cc77c9d0415 run #0: crashed: INFO: rcu detected stall in __run_timers run #1: crashed: INFO: rcu detected stall in call_timer_fn run #2: crashed: INFO: rcu detected stall in igmp_ifc_timer_expire run #3: crashed: INFO: rcu detected stall in garp_join_timer_arm representative crash: INFO: rcu detected stall in __run_timers, types: [HANG] check whether we can drop unnecessary instrumentation disabling configs for [kasan locking atomic_sleep memleak ubsan bug_or_warning], they are not needed testing commit 5ee8dbf54602dc340d6235b1d6aa17c0f283f48c gcc compiler: gcc (Ubuntu 11.5.0-1ubuntu1~24.04) 11.5.0, GNU ld (GNU Binutils for Ubuntu) 2.42 kernel signature: 6e43e2151750b6a78eb179f32df7a384f7aca67e0a8cee059b621a46d6645f13 all runs: OK false negative chance: 0.000 kconfig minimization: base=8051 full=8051 leaves diff=2 split chunks (needed=false): <2> split chunk #0 of len 2 into 3 parts testing without sub-chunk 1/2 testing commit 5ee8dbf54602dc340d6235b1d6aa17c0f283f48c gcc compiler: gcc (Ubuntu 11.5.0-1ubuntu1~24.04) 11.5.0, GNU ld (GNU Binutils for Ubuntu) 2.42 kernel signature: 0b27c94a1c6d33ef2b1c556e5ec17426b205225b1dcb1a1a764f3532d7a92594 run #0: crashed: INFO: rcu detected stall in smp_call_function run #1: crashed: INFO: rcu detected stall in __run_timers run #2: crashed: INFO: rcu detected stall in __run_timers run #3: crashed: INFO: rcu detected stall in igmp_ifc_timer_expire representative crash: INFO: rcu detected stall in smp_call_function, types: [HANG] the chunk can be dropped testing without sub-chunk 2/2 testing commit 5ee8dbf54602dc340d6235b1d6aa17c0f283f48c gcc compiler: gcc (Ubuntu 11.5.0-1ubuntu1~24.04) 11.5.0, GNU ld (GNU Binutils for Ubuntu) 2.42 kernel signature: 885cf027613bd36fea232f462a8853c453cec237c1d6c260f503133807352071 run #0: crashed: INFO: rcu detected stall in __run_timers run #1: crashed: INFO: rcu detected stall in smp_call_function run #2: crashed: INFO: rcu detected stall in __run_timers run #3: crashed: INFO: rcu detected stall in igmp_ifc_timer_expire representative crash: INFO: rcu detected stall in __run_timers, types: [HANG] the chunk can be dropped picked [v6.19 v6.18 v6.17 v6.15 v6.13 v6.11 v6.9 v6.7 v6.4 v6.1 v5.18 v5.15 v5.12 v5.9 v5.6 v5.3 v5.0 v4.19] out of 42 release tags testing release v6.19 testing commit 05f7e89ab9731565d8a62e3b5d1ec206485eeb0b gcc compiler: gcc (Ubuntu 11.5.0-1ubuntu1~24.04) 11.5.0, GNU ld (GNU Binutils for Ubuntu) 2.42 kernel signature: 9c12b2135ec1ea36305566cecb7bbb9e082f8b31b48bb0a9dec614c9ef3d60d5 run #0: crashed: INFO: rcu detected stall in try_to_wake_up run #1: crashed: INFO: rcu detected stall in igmp_ifc_timer_expire run #2: crashed: INFO: rcu detected stall in mrp_join_timer run #3: crashed: INFO: rcu detected stall in addrconf_rs_timer representative crash: INFO: rcu detected stall in try_to_wake_up, types: [HANG] testing release v6.18 testing commit 7d0a66e4bb9081d75c82ec4957c50034cb0ea449 gcc compiler: gcc (Ubuntu 11.5.0-1ubuntu1~24.04) 11.5.0, GNU ld (GNU Binutils for Ubuntu) 2.42 kernel signature: aeb4d4713bc8f2fb50cf0db1c0c817df050ae4531dbb4e1c1d724f4ffa66365f run #0: crashed: INFO: rcu detected stall in __run_timers run #1: crashed: INFO: rcu detected stall in smp_call_function run #2: crashed: INFO: rcu detected stall in mix_interrupt_randomness run #3: crashed: INFO: rcu detected stall in igmp_ifc_timer_expire representative crash: INFO: rcu detected stall in __run_timers, types: [HANG] testing release v6.17 testing commit e5f0a698b34ed76002dc5cff3804a61c80233a7a gcc compiler: gcc (Ubuntu 11.5.0-1ubuntu1~24.04) 11.5.0, GNU ld (GNU Binutils for Ubuntu) 2.42 kernel signature: e82444ae0246858c6dbf5f9c402333ff39b3321673d2146390fcd4fb96ef13d2 all runs: OK false negative chance: 0.000 # git bisect start 7d0a66e4bb9081d75c82ec4957c50034cb0ea449 e5f0a698b34ed76002dc5cff3804a61c80233a7a Bisecting: 8163 revisions left to test after this (roughly 13 steps) [f79e772258df311c2cb21594ca0996318e720d28] Merge tag 'media/v6.18-1' of git://git.kernel.org/pub/scm/linux/kernel/git/mchehab/linux-media testing commit f79e772258df311c2cb21594ca0996318e720d28 gcc compiler: gcc (Ubuntu 11.5.0-1ubuntu1~24.04) 11.5.0, GNU ld (GNU Binutils for Ubuntu) 2.42 kernel signature: b9ff10a4c511e92642c407fe88b810a4a1a5e74a92a9ee2714ec5fb38f257330 all runs: OK false negative chance: 0.000 # git bisect good f79e772258df311c2cb21594ca0996318e720d28 Bisecting: 4125 revisions left to test after this (roughly 12 steps) [59697e061f6aec86d5738cd4752e16520f1d60dc] Merge tag 'staging-6.18-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/staging testing commit 59697e061f6aec86d5738cd4752e16520f1d60dc gcc compiler: gcc (Ubuntu 11.5.0-1ubuntu1~24.04) 11.5.0, GNU ld (GNU Binutils for Ubuntu) 2.42 kernel signature: 40c1a5780418c1eae66fb7ddf943549a0a595ad922b74107a47c358ca5b71fb6 run #0: crashed: INFO: rcu detected stall in call_timer_fn run #1: crashed: INFO: rcu detected stall in call_timer_fn run #2: crashed: INFO: rcu detected stall in garp_join_timer run #3: crashed: INFO: rcu detected stall in mrp_join_timer representative crash: INFO: rcu detected stall in call_timer_fn, types: [HANG] # git bisect bad 59697e061f6aec86d5738cd4752e16520f1d60dc Bisecting: 1885 revisions left to test after this (roughly 11 steps) [8804d970fab45726b3c7cd7f240b31122aa94219] Merge tag 'mm-stable-2025-10-01-19-00' of git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm testing commit 8804d970fab45726b3c7cd7f240b31122aa94219 gcc compiler: gcc (Ubuntu 11.5.0-1ubuntu1~24.04) 11.5.0, GNU ld (GNU Binutils for Ubuntu) 2.42 kernel signature: 9e9e03fedbe7a8ea78c9f24bb3781eb7a0baa4905b954a6f6357030bead31000 all runs: OK false negative chance: 0.000 # git bisect good 8804d970fab45726b3c7cd7f240b31122aa94219 Bisecting: 923 revisions left to test after this (roughly 10 steps) [55a42f78ffd386e01a5404419f8c5ded7db70a21] Merge tag 'vfio-v6.18-rc1' of https://github.com/awilliam/linux-vfio testing commit 55a42f78ffd386e01a5404419f8c5ded7db70a21 gcc failed building 55a42f78ffd386e01a5404419f8c5ded7db70a21: failed to run ["make" "KERNELVERSION=syzkaller" "KERNELRELEASE=syzkaller" "LOCALVERSION=-syzkaller" "-j" "64" "ARCH=x86_64" "CC=gcc" "distclean"]: exit status 2 # git bisect skip 55a42f78ffd386e01a5404419f8c5ded7db70a21 Bisecting: 923 revisions left to test after this (roughly 10 steps) [26785cf28bb10bc94b2a52820c8ba1b3cfc534e5] KVM: arm64: nv: Expose FEAT_RASv1p1 via RAS_frac testing commit 26785cf28bb10bc94b2a52820c8ba1b3cfc534e5 gcc compiler: gcc (Ubuntu 11.5.0-1ubuntu1~24.04) 11.5.0, GNU ld (GNU Binutils for Ubuntu) 2.42 kernel signature: 046cc3ec85649cc0d3dfbaeb9380175efaf40e418d3c6643a800ed6540651026 all runs: OK false negative chance: 0.000 # git bisect good 26785cf28bb10bc94b2a52820c8ba1b3cfc534e5 Bisecting: 956 revisions left to test after this (roughly 10 steps) [cbf33b8e0b360f667b17106c15d9e2aac77a76a1] Merge tag 'bpf-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/bpf/bpf testing commit cbf33b8e0b360f667b17106c15d9e2aac77a76a1 gcc compiler: gcc (Ubuntu 11.5.0-1ubuntu1~24.04) 11.5.0, GNU ld (GNU Binutils for Ubuntu) 2.42 kernel signature: f23bba664b6dd091cdad11255463ca33e674ff002dc0694830f16d2bc5fb89b9 all runs: OK false negative chance: 0.000 # git bisect good cbf33b8e0b360f667b17106c15d9e2aac77a76a1 Bisecting: 475 revisions left to test after this (roughly 9 steps) [908057d185a41560a55890afa69c9676fc63e55c] Merge tag 'v6.18-p1' of git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6 testing commit 908057d185a41560a55890afa69c9676fc63e55c gcc compiler: gcc (Ubuntu 11.5.0-1ubuntu1~24.04) 11.5.0, GNU ld (GNU Binutils for Ubuntu) 2.42 kernel signature: 2aee4cd05b1839c74ff4617d2d8f225aef35e0faf6d13209484e3f8b69fd001e run #0: crashed: INFO: rcu detected stall in try_to_wake_up run #1: crashed: INFO: rcu detected stall in __run_timers run #2: crashed: INFO: rcu detected stall in __run_timers run #3: crashed: INFO: rcu detected stall in mrp_join_timer representative crash: INFO: rcu detected stall in try_to_wake_up, types: [HANG] # git bisect bad 908057d185a41560a55890afa69c9676fc63e55c Bisecting: 232 revisions left to test after this (roughly 8 steps) [f3826aa9962b4572d01083c84ac0f8345f121168] Merge tag 'for-linus' of git://git.kernel.org/pub/scm/virt/kvm/kvm testing commit f3826aa9962b4572d01083c84ac0f8345f121168 gcc compiler: gcc (Ubuntu 11.5.0-1ubuntu1~24.04) 11.5.0, GNU ld (GNU Binutils for Ubuntu) 2.42 kernel signature: 92ed0f2aa7f1f3a21adb7492419c75e424c9403c07d748799883bb8a927eab41 run #0: crashed: INFO: rcu detected stall in call_timer_fn run #1: crashed: INFO: rcu detected stall in perf_event_open run #2: crashed: INFO: rcu detected stall in igmp_ifc_timer_expire run #3: crashed: INFO: rcu detected stall in mrp_join_timer representative crash: INFO: rcu detected stall in call_timer_fn, types: [HANG] # git bisect bad f3826aa9962b4572d01083c84ac0f8345f121168 Bisecting: 128 revisions left to test after this (roughly 7 steps) [924ebaefcec28289c210cad92551ae900e8fc220] Merge tag 'kvmarm-6.18' of git://git.kernel.org/pub/scm/linux/kernel/git/kvmarm/kvmarm into HEAD testing commit 924ebaefcec28289c210cad92551ae900e8fc220 gcc compiler: gcc (Ubuntu 11.5.0-1ubuntu1~24.04) 11.5.0, GNU ld (GNU Binutils for Ubuntu) 2.42 failed building 924ebaefcec28289c210cad92551ae900e8fc220: failed to run ["make" "KERNELVERSION=syzkaller" "KERNELRELEASE=syzkaller" "LOCALVERSION=-syzkaller" "-j" "64" "ARCH=x86_64" "CC=gcc" "bzImage"]: exit status 2 # git bisect skip 924ebaefcec28289c210cad92551ae900e8fc220 Bisecting: 128 revisions left to test after this (roughly 7 steps) [ce5dc9aa72d9c3d6cb14b3a6aab900124999d8d0] tools headers: Import x86 MMIO helper overrides testing commit ce5dc9aa72d9c3d6cb14b3a6aab900124999d8d0 gcc compiler: gcc (Ubuntu 11.5.0-1ubuntu1~24.04) 11.5.0, GNU ld (GNU Binutils for Ubuntu) 2.42 kernel signature: 988cf3e3fe0ff6887ab86466b64cbadcefe2b32d110d4d3977665495f01cc71c all runs: OK false negative chance: 0.000 # git bisect good ce5dc9aa72d9c3d6cb14b3a6aab900124999d8d0 Bisecting: 108 revisions left to test after this (roughly 7 steps) [99cab80208809cb918d6e579e6165279096f058a] Merge tag 'kvm-x86-generic-6.18' of https://github.com/kvm-x86/linux into HEAD testing commit 99cab80208809cb918d6e579e6165279096f058a gcc compiler: gcc (Ubuntu 11.5.0-1ubuntu1~24.04) 11.5.0, GNU ld (GNU Binutils for Ubuntu) 2.42 kernel signature: 056e6df7b952fa3a3f231e05389b7a54921f726fcc5c1601b31cbf3998d7872a all runs: OK false negative chance: 0.000 # git bisect good 99cab80208809cb918d6e579e6165279096f058a Bisecting: 21 revisions left to test after this (roughly 5 steps) [801ca4ce0bce45aae1da2c8914d2f86cb68f8b55] vfio/platform: Mark reset drivers for removal testing commit 801ca4ce0bce45aae1da2c8914d2f86cb68f8b55 gcc compiler: gcc (Ubuntu 11.5.0-1ubuntu1~24.04) 11.5.0, GNU ld (GNU Binutils for Ubuntu) 2.42 kernel signature: 1c24beda8010b5c38649a857f8ca3f4262f618e671acb78fe0eb8dc55ecc933d all runs: OK false negative chance: 0.000 # git bisect good 801ca4ce0bce45aae1da2c8914d2f86cb68f8b55 Bisecting: 10 revisions left to test after this (roughly 4 steps) [0d16cc439f36355d04b17ac45c3001d90969aa44] vdpa: introduce map ops testing commit 0d16cc439f36355d04b17ac45c3001d90969aa44 gcc compiler: gcc (Ubuntu 11.5.0-1ubuntu1~24.04) 11.5.0, GNU ld (GNU Binutils for Ubuntu) 2.42 kernel signature: e509ae4a209c7fcba7d7ac7ac1aa1bc56588274222357efe2f6106cdd65b8c81 all runs: OK false negative chance: 0.000 # git bisect good 0d16cc439f36355d04b17ac45c3001d90969aa44 Bisecting: 5 revisions left to test after this (roughly 3 steps) [407aa63018d15c35a34938633868e61174d2ef6e] vfio/nvgrace-gpu: Add GB300 SKU to the devid table testing commit 407aa63018d15c35a34938633868e61174d2ef6e gcc compiler: gcc (Ubuntu 11.5.0-1ubuntu1~24.04) 11.5.0, GNU ld (GNU Binutils for Ubuntu) 2.42 kernel signature: a3f20ae2eb5959fcacaceabfa786274431029d6ef2e81e095ea03929af4e8a78 all runs: OK false negative chance: 0.000 # git bisect good 407aa63018d15c35a34938633868e61174d2ef6e Bisecting: 2 revisions left to test after this (roughly 2 steps) [ed9f3ab9f3d3655e7447239cac80e4e0388faea8] virtio-vdpa: Drop redundant conversion to bool testing commit ed9f3ab9f3d3655e7447239cac80e4e0388faea8 gcc compiler: gcc (Ubuntu 11.5.0-1ubuntu1~24.04) 11.5.0, GNU ld (GNU Binutils for Ubuntu) 2.42 kernel signature: 1e4cf4fef73ba8b1b497425d641b52246f0046012e9d7343db4294dff6cb2854 all runs: OK false negative chance: 0.000 # git bisect good ed9f3ab9f3d3655e7447239cac80e4e0388faea8 Bisecting: 1 revision left to test after this (roughly 1 step) [bf897d2626abe4559953342e2f7dda05d034c8c7] Merge tag 'for_linus' of git://git.kernel.org/pub/scm/linux/kernel/git/mst/vhost testing commit bf897d2626abe4559953342e2f7dda05d034c8c7 gcc compiler: gcc (Ubuntu 11.5.0-1ubuntu1~24.04) 11.5.0, GNU ld (GNU Binutils for Ubuntu) 2.42 kernel signature: abab3a31bc1fa385f585ae5955e8e72f26b505697ad5249d7d541888519586f7 all runs: OK false negative chance: 0.000 # git bisect good bf897d2626abe4559953342e2f7dda05d034c8c7 f3826aa9962b4572d01083c84ac0f8345f121168 is the first bad commit commit f3826aa9962b4572d01083c84ac0f8345f121168 Merge: bf897d2626ab 99cab8020880 Author: Linus Torvalds Date: Sat Oct 4 08:52:16 2025 -0700 Merge tag 'for-linus' of git://git.kernel.org/pub/scm/virt/kvm/kvm Pull kvm updates from Paolo Bonzini: "This excludes the bulk of the x86 changes, which I will send separately. They have two not complex but relatively unusual conflicts so I will wait for other dust to settle. guest_memfd: - Add support for host userspace mapping of guest_memfd-backed memory for VM types that do NOT use support KVM_MEMORY_ATTRIBUTE_PRIVATE (which isn't precisely the same thing as CoCo VMs, since x86's SEV-MEM and SEV-ES have no way to detect private vs. shared). This lays the groundwork for removal of guest memory from the kernel direct map, as well as for limited mmap() for guest_memfd-backed memory. For more information see: - commit a6ad54137af9 ("Merge branch 'guest-memfd-mmap' into HEAD") - guest_memfd in Firecracker: https://github.com/firecracker-microvm/firecracker/tree/feature/secret-hiding - direct map removal: https://lore.kernel.org/all/20250221160728.1584559-1-roypat@amazon.co.uk/ - mmap support: https://lore.kernel.org/all/20250328153133.3504118-1-tabba@google.com/ ARM: - Add support for FF-A 1.2 as the secure memory conduit for pKVM, allowing more registers to be used as part of the message payload. - Change the way pKVM allocates its VM handles, making sure that the privileged hypervisor is never tricked into using uninitialised data. - Speed up MMIO range registration by avoiding unnecessary RCU synchronisation, which results in VMs starting much quicker. - Add the dump of the instruction stream when panic-ing in the EL2 payload, just like the rest of the kernel has always done. This will hopefully help debugging non-VHE setups. - Add 52bit PA support to the stage-1 page-table walker, and make use of it to populate the fault level reported to the guest on failing to translate a stage-1 walk. - Add NV support to the GICv3-on-GICv5 emulation code, ensuring feature parity for guests, irrespective of the host platform. - Fix some really ugly architecture problems when dealing with debug in a nested VM. This has some bad performance impacts, but is at least correct. - Add enough infrastructure to be able to disable EL2 features and give effective values to the EL2 control registers. This then allows a bunch of features to be turned off, which helps cross-host migration. - Large rework of the selftest infrastructure to allow most tests to transparently run at EL2. This is the first step towards enabling NV testing. - Various fixes and improvements all over the map, including one BE fix, just in time for the removal of the feature. LoongArch: - Detect page table walk feature on new hardware - Add sign extension with kernel MMIO/IOCSR emulation - Improve in-kernel IPI emulation - Improve in-kernel PCH-PIC emulation - Move kvm_iocsr tracepoint out of generic code RISC-V: - Added SBI FWFT extension for Guest/VM with misaligned delegation and pointer masking PMLEN features - Added ONE_REG interface for SBI FWFT extension - Added Zicbop and bfloat16 extensions for Guest/VM - Enabled more common KVM selftests for RISC-V - Added SBI v3.0 PMU enhancements in KVM and perf driver s390: - Improve interrupt cpu for wakeup, in particular the heuristic to decide which vCPU to deliver a floating interrupt to. - Clear the PTE when discarding a swapped page because of CMMA; this bug was introduced in 6.16 when refactoring gmap code. x86 selftests: - Add #DE coverage in the fastops test (the only exception that's guest- triggerable in fastop-emulated instructions). - Fix PMU selftests errors encountered on Granite Rapids (GNR), Sierra Forest (SRF) and Clearwater Forest (CWF). - Minor cleanups and improvements x86 (guest side): - For the legacy PCI hole (memory between TOLUD and 4GiB) to UC when overriding guest MTRR for TDX/SNP to fix an issue where ACPI auto-mapping could map devices as WB and prevent the device drivers from mapping their devices with UC/UC-. - Make kvm_async_pf_task_wake() a local static helper and remove its export. - Use native qspinlocks when running in a VM with dedicated vCPU=>pCPU bindings even when PV_UNHALT is unsupported. Generic: - Remove a redundant __GFP_NOWARN from kvm_setup_async_pf() as __GFP_NOWARN is now included in GFP_NOWAIT. * tag 'for-linus' of git://git.kernel.org/pub/scm/virt/kvm/kvm: (178 commits) KVM: s390: Fix to clear PTE when discarding a swapped page KVM: arm64: selftests: Cover ID_AA64ISAR3_EL1 in set_id_regs KVM: arm64: selftests: Remove a duplicate register listing in set_id_regs KVM: arm64: selftests: Cope with arch silliness in EL2 selftest KVM: arm64: selftests: Add basic test for running in VHE EL2 KVM: arm64: selftests: Enable EL2 by default KVM: arm64: selftests: Initialize HCR_EL2 KVM: arm64: selftests: Use the vCPU attr for setting nr of PMU counters KVM: arm64: selftests: Use hyp timer IRQs when test runs at EL2 KVM: arm64: selftests: Select SMCCC conduit based on current EL KVM: arm64: selftests: Provide helper for getting default vCPU target KVM: arm64: selftests: Alias EL1 registers to EL2 counterparts KVM: arm64: selftests: Create a VGICv3 for 'default' VMs KVM: arm64: selftests: Add unsanitised helpers for VGICv3 creation KVM: arm64: selftests: Add helper to check for VGICv3 support KVM: arm64: selftests: Initialize VGICv3 only once KVM: arm64: selftests: Provide kvm_arch_vm_post_create() in library code KVM: selftests: Add ex_str() to print human friendly name of exception vectors selftests/kvm: remove stale TODO in xapic_state_test KVM: selftests: Handle Intel Atom errata that leads to PMU event overcount ... Documentation/virt/kvm/api.rst | 9 + arch/arm64/include/asm/kvm_asm.h | 2 + arch/arm64/include/asm/kvm_emulate.h | 34 +- arch/arm64/include/asm/kvm_host.h | 5 +- arch/arm64/include/asm/kvm_nested.h | 27 +- arch/arm64/include/asm/kvm_pkvm.h | 1 + arch/arm64/include/asm/traps.h | 1 + arch/arm64/include/asm/vncr_mapping.h | 2 + arch/arm64/kernel/cpufeature.c | 15 + arch/arm64/kernel/image-vars.h | 3 + arch/arm64/kernel/traps.c | 15 +- arch/arm64/kvm/Kconfig | 1 + arch/arm64/kvm/arm.c | 19 +- arch/arm64/kvm/at.c | 376 ++++++++++---- arch/arm64/kvm/config.c | 358 +++++++++----- arch/arm64/kvm/debug.c | 25 +- arch/arm64/kvm/emulate-nested.c | 1 + arch/arm64/kvm/handle_exit.c | 3 + arch/arm64/kvm/hyp/include/nvhe/pkvm.h | 4 +- arch/arm64/kvm/hyp/include/nvhe/trap_handler.h | 3 +- arch/arm64/kvm/hyp/nvhe/Makefile | 1 + arch/arm64/kvm/hyp/nvhe/ffa.c | 217 +++++--- arch/arm64/kvm/hyp/nvhe/hyp-main.c | 14 + arch/arm64/kvm/hyp/nvhe/mem_protect.c | 9 +- arch/arm64/kvm/hyp/nvhe/pkvm.c | 177 +++++-- arch/arm64/kvm/hyp/nvhe/setup.c | 12 +- arch/arm64/kvm/hyp/vgic-v3-sr.c | 25 +- arch/arm64/kvm/hyp/vhe/switch.c | 7 + arch/arm64/kvm/inject_fault.c | 27 +- arch/arm64/kvm/mmu.c | 212 +++++--- arch/arm64/kvm/nested.c | 121 ++++- arch/arm64/kvm/pkvm.c | 76 ++- arch/arm64/kvm/ptdump.c | 20 +- arch/arm64/kvm/sys_regs.c | 55 ++- arch/arm64/kvm/vgic/vgic-init.c | 14 +- arch/arm64/kvm/vgic/vgic-v3.c | 8 + arch/arm64/kvm/vgic/vgic-v5.c | 2 +- arch/arm64/tools/cpucaps | 1 + arch/loongarch/include/asm/kvm_pch_pic.h | 15 +- arch/loongarch/include/uapi/asm/kvm.h | 1 + arch/loongarch/kvm/exit.c | 19 +- arch/loongarch/kvm/intc/ipi.c | 80 +-- arch/loongarch/kvm/intc/pch_pic.c | 239 ++++----- arch/loongarch/kvm/trace.h | 35 ++ arch/loongarch/kvm/vcpu.c | 2 + arch/loongarch/kvm/vm.c | 4 + arch/riscv/include/asm/kvm_host.h | 4 + arch/riscv/include/asm/kvm_vcpu_pmu.h | 3 + arch/riscv/include/asm/kvm_vcpu_sbi.h | 25 +- arch/riscv/include/asm/kvm_vcpu_sbi_fwft.h | 34 ++ arch/riscv/include/asm/sbi.h | 13 + arch/riscv/include/uapi/asm/kvm.h | 21 + arch/riscv/kvm/Makefile | 1 + arch/riscv/kvm/gstage.c | 27 +- arch/riscv/kvm/main.c | 33 +- arch/riscv/kvm/vcpu.c | 3 +- arch/riscv/kvm/vcpu_onereg.c | 95 ++-- arch/riscv/kvm/vcpu_pmu.c | 74 ++- arch/riscv/kvm/vcpu_sbi.c | 176 ++++++- arch/riscv/kvm/vcpu_sbi_fwft.c | 544 +++++++++++++++++++++ arch/riscv/kvm/vcpu_sbi_pmu.c | 3 + arch/riscv/kvm/vcpu_sbi_sta.c | 72 +-- arch/riscv/kvm/vmid.c | 8 +- arch/s390/include/asm/kvm_host.h | 2 +- arch/s390/include/asm/pgtable.h | 22 + arch/s390/kvm/interrupt.c | 20 +- arch/s390/mm/gmap_helpers.c | 12 +- arch/s390/mm/pgtable.c | 23 +- arch/x86/include/asm/kvm-x86-ops.h | 2 +- arch/x86/include/asm/kvm_host.h | 6 +- arch/x86/include/asm/kvm_para.h | 2 - arch/x86/kernel/kvm.c | 44 +- arch/x86/kvm/Kconfig | 26 +- arch/x86/kvm/mmu/mmu.c | 142 +++--- arch/x86/kvm/mmu/mmu_internal.h | 2 +- arch/x86/kvm/mmu/tdp_mmu.c | 2 +- arch/x86/kvm/svm/sev.c | 6 +- arch/x86/kvm/svm/svm.c | 2 +- arch/x86/kvm/svm/svm.h | 4 +- arch/x86/kvm/vmx/main.c | 7 +- arch/x86/kvm/vmx/tdx.c | 5 +- arch/x86/kvm/vmx/vmx.c | 7 + arch/x86/kvm/vmx/x86_ops.h | 2 +- arch/x86/kvm/x86.c | 11 + drivers/irqchip/irq-gic-v5.c | 7 - drivers/perf/riscv_pmu_sbi.c | 191 ++++++-- include/kvm/arm_vgic.h | 2 +- include/linux/arm_ffa.h | 1 + include/linux/irqchip/arm-vgic-info.h | 2 - include/linux/kvm_host.h | 49 +- include/linux/perf/riscv_pmu.h | 1 + include/trace/events/kvm.h | 35 -- include/uapi/linux/kvm.h | 2 + tools/testing/selftests/kvm/Makefile.kvm | 8 + .../selftests/kvm/access_tracking_perf_test.c | 1 + tools/testing/selftests/kvm/arm64/arch_timer.c | 13 +- .../selftests/kvm/arm64/arch_timer_edge_cases.c | 13 +- .../testing/selftests/kvm/arm64/external_aborts.c | 42 ++ tools/testing/selftests/kvm/arm64/hello_el2.c | 71 +++ tools/testing/selftests/kvm/arm64/hypercalls.c | 2 +- tools/testing/selftests/kvm/arm64/kvm-uuid.c | 2 +- tools/testing/selftests/kvm/arm64/no-vgic-v3.c | 2 + tools/testing/selftests/kvm/arm64/psci_test.c | 13 +- tools/testing/selftests/kvm/arm64/set_id_regs.c | 44 +- tools/testing/selftests/kvm/arm64/smccc_filter.c | 17 +- tools/testing/selftests/kvm/arm64/vgic_init.c | 2 + tools/testing/selftests/kvm/arm64/vgic_irq.c | 4 +- .../testing/selftests/kvm/arm64/vgic_lpi_stress.c | 8 +- .../selftests/kvm/arm64/vpmu_counter_access.c | 75 ++- tools/testing/selftests/kvm/dirty_log_perf_test.c | 35 -- tools/testing/selftests/kvm/dirty_log_test.c | 1 + tools/testing/selftests/kvm/get-reg-list.c | 9 +- tools/testing/selftests/kvm/guest_memfd_test.c | 236 ++++++++- .../selftests/kvm/include/arm64/arch_timer.h | 24 + .../selftests/kvm/include/arm64/kvm_util_arch.h | 5 +- .../selftests/kvm/include/arm64/processor.h | 74 +++ tools/testing/selftests/kvm/include/arm64/vgic.h | 3 + tools/testing/selftests/kvm/include/kvm_util.h | 24 +- .../selftests/kvm/include/riscv/processor.h | 1 + tools/testing/selftests/kvm/include/x86/pmu.h | 26 + .../testing/selftests/kvm/include/x86/processor.h | 35 +- tools/testing/selftests/kvm/lib/arm64/processor.c | 104 +++- tools/testing/selftests/kvm/lib/arm64/vgic.c | 64 ++- tools/testing/selftests/kvm/lib/kvm_util.c | 57 +-- tools/testing/selftests/kvm/lib/x86/pmu.c | 49 ++ tools/testing/selftests/kvm/lib/x86/processor.c | 41 +- .../kvm/memslot_modification_stress_test.c | 1 + tools/testing/selftests/kvm/memslot_perf_test.c | 1 + tools/testing/selftests/kvm/riscv/get-reg-list.c | 60 +++ tools/testing/selftests/kvm/s390/cmma_test.c | 2 +- .../selftests/kvm/s390/cpumodel_subfuncs_test.c | 2 +- tools/testing/selftests/kvm/steal_time.c | 2 +- tools/testing/selftests/kvm/x86/fastops_test.c | 82 +++- tools/testing/selftests/kvm/x86/hyperv_cpuid.c | 2 +- tools/testing/selftests/kvm/x86/hyperv_features.c | 16 +- .../testing/selftests/kvm/x86/monitor_mwait_test.c | 8 +- .../testing/selftests/kvm/x86/pmu_counters_test.c | 67 ++- .../selftests/kvm/x86/pmu_event_filter_test.c | 4 +- .../testing/selftests/kvm/x86/vmx_pmu_caps_test.c | 7 +- tools/testing/selftests/kvm/x86/xapic_state_test.c | 4 +- tools/testing/selftests/kvm/x86/xcr0_cpuid_test.c | 12 +- tools/testing/selftests/rseq/rseq-riscv.h | 3 +- virt/kvm/Kconfig | 15 +- virt/kvm/Makefile.kvm | 2 +- virt/kvm/async_pf.c | 2 +- virt/kvm/guest_memfd.c | 81 ++- virt/kvm/kvm_main.c | 55 ++- virt/kvm/kvm_mm.h | 4 +- 148 files changed, 4120 insertions(+), 1489 deletions(-) create mode 100644 arch/riscv/include/asm/kvm_vcpu_sbi_fwft.h create mode 100644 arch/riscv/kvm/vcpu_sbi_fwft.c create mode 100644 tools/testing/selftests/kvm/arm64/hello_el2.c accumulated error probability: 0.00 revisions tested: 21, total time: 10h10m44.493640971s (build: 7h59m23.798777987s, test: 1h33m13.475902567s) first bad commit: f3826aa9962b4572d01083c84ac0f8345f121168 Merge tag 'for-linus' of git://git.kernel.org/pub/scm/virt/kvm/kvm recipients (to): ["aou@eecs.berkeley.edu" "atish.patra@linux.dev" "linux-arm-kernel@lists.infradead.org" "linux-perf-users@vger.kernel.org" "linux-riscv@lists.infradead.org" "mark.rutland@arm.com" "palmer@dabbelt.com" "pjw@kernel.org" "torvalds@linux-foundation.org" "will@kernel.org"] recipients (cc): ["alex@ghiti.fr" "anup@brainfault.org" "linux-kernel@vger.kernel.org"] crash: INFO: rcu detected stall in call_timer_fn rcu: INFO: rcu_preempt detected expedited stalls on CPUs/tasks: { 0-.... } 2680 jiffies s: 4877 root: 0x1/. rcu: blocking rcu_node structures (internal RCU debug): Sending NMI from CPU 1 to CPUs 0: NMI backtrace for cpu 0 CPU: 0 UID: 0 PID: 12464 Comm: syz-executor165 Not tainted syzkaller #0 PREEMPT(full) Hardware name: QEMU Ubuntu 24.04 PC (i440FX + PIIX, 1996), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 RIP: 0010:__lock_acquire+0x7c9/0x2750 kernel/locking/lockdep.c:5245 Code: 89 d6 25 00 80 04 00 3d 00 00 04 00 0f 84 23 06 00 00 44 8b 0d 6c 14 31 0e 45 85 c9 0f 84 fb fc ff ff 41 f6 44 24 22 10 75 2d <8b> 85 30 0b 00 00 4c 89 b5 28 0b 00 00 83 c0 01 89 85 30 0b 00 00 RSP: 0018:ffa0000000007020 EFLAGS: 00000046 RAX: 0000000000000000 RBX: ff1100017b43d4b8 RCX: 000000008d7d0970 RDX: c341416b85dfc9c2 RSI: 0000000093a929ee RDI: 00000000f9d3df82 RBP: ff1100017b43c980 R08: 0000000000000000 R09: 0000000000000001 R10: 0000000000000000 R11: 0000000000000005 R12: ff1100017b43d580 R13: 0000000000000000 R14: c341416b85dfc9c2 R15: 0000000000000000 FS: 0000555558a92480(0000) GS:ff110002c07cb000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 0000400000000178 CR3: 00000002caf31000 CR4: 0000000000753ef0 PKRU: 55555554 Call Trace: lock_acquire kernel/locking/lockdep.c:5868 [inline] lock_acquire+0x17b/0x340 kernel/locking/lockdep.c:5825 rcu_lock_acquire include/linux/rcupdate.h:331 [inline] rcu_read_lock include/linux/rcupdate.h:841 [inline] class_rcu_constructor include/linux/rcupdate.h:1169 [inline] unwind_next_frame+0xd3/0x20b0 arch/x86/kernel/unwind_orc.c:479 perf_callchain_kernel+0x42f/0x640 arch/x86/events/core.c:2800 get_perf_callchain+0x5b8/0x860 kernel/events/callchain.c:244 perf_callchain+0x222/0x2b0 kernel/events/core.c:8220 perf_sample_save_callchain include/linux/perf_event.h:1377 [inline] perf_prepare_sample+0xd1f/0x27c0 kernel/events/core.c:8264 __perf_event_output kernel/events/core.c:8495 [inline] perf_event_output_forward+0xd2/0x2c0 kernel/events/core.c:8516 __perf_event_overflow+0x2c8/0xfe0 kernel/events/core.c:10392 perf_swevent_overflow kernel/events/core.c:10467 [inline] perf_swevent_event+0x2c6/0x3f0 kernel/events/core.c:10495 perf_tp_event+0x3c2/0xcf0 kernel/events/core.c:11012 perf_trace_run_bpf_submit+0x116/0x1b0 kernel/events/core.c:10936 do_perf_trace_preemptirq_template include/trace/events/preemptirq.h:14 [inline] perf_trace_preemptirq_template+0x285/0x450 include/trace/events/preemptirq.h:14 __do_trace_irq_enable include/trace/events/preemptirq.h:40 [inline] trace_irq_enable.constprop.0+0xb8/0x120 include/trace/events/preemptirq.h:40 trace_hardirqs_on+0x26/0x40 kernel/trace/trace_preemptirq.c:73 asm_sysvec_apic_timer_interrupt+0x1a/0x20 arch/x86/include/asm/idtentry.h:702 RIP: 0010:__raw_spin_unlock_irqrestore include/linux/spinlock_api_smp.h:152 [inline] RIP: 0010:_raw_spin_unlock_irqrestore+0x3c/0x70 kernel/locking/spinlock.c:194 Code: 74 24 10 e8 d6 02 b1 f6 48 89 ef e8 6e 55 b1 f6 81 e3 00 02 00 00 75 29 9c 58 f6 c4 02 75 35 48 85 db 74 01 fb bf 01 00 00 00 6f 3b a1 f6 65 8b 05 58 c1 e0 07 85 c0 74 0e 5b 5d e9 3d 49 00 RSP: 0018:ffa0000000007c00 EFLAGS: 00000206 RAX: 0000000000000016 RBX: 0000000000000200 RCX: 0000000000000002 RDX: 0000000000000000 RSI: 0000000000000102 RDI: 0000000000000001 RBP: ff11000253425b00 R08: 0000000000000001 R09: 0000000000000001 R10: ffffffff8fc65397 R11: 0000000000000005 R12: ff11000253425b00 R13: 00000000ffffbd43 R14: 0000000000000000 R15: 00000000ffffffff __mod_timer+0x8b8/0xd10 kernel/time/timer.c:1139 call_timer_fn+0x1a2/0x610 kernel/time/timer.c:1747 expire_timers kernel/time/timer.c:1798 [inline] __run_timers+0x6d2/0xae0 kernel/time/timer.c:2372 __run_timer_base kernel/time/timer.c:2384 [inline] __run_timer_base kernel/time/timer.c:2376 [inline] run_timer_base+0xc5/0x120 kernel/time/timer.c:2393 run_timer_softirq+0x1a/0x40 kernel/time/timer.c:2403 handle_softirqs+0x1d4/0x900 kernel/softirq.c:622 __do_softirq kernel/softirq.c:656 [inline] invoke_softirq kernel/softirq.c:496 [inline] __irq_exit_rcu+0x109/0x170 kernel/softirq.c:723 irq_exit_rcu+0x9/0x30 kernel/softirq.c:739 instr_sysvec_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1052 [inline] sysvec_apic_timer_interrupt+0xa6/0xd0 arch/x86/kernel/apic/apic.c:1052 asm_sysvec_apic_timer_interrupt+0x1a/0x20 arch/x86/include/asm/idtentry.h:702 RIP: 0010:generic_exec_single+0xae/0x380 kernel/smp.c:452 Code: d8 30 19 0e 0f 92 c3 31 ff 89 de e8 fc 0c 0c 00 84 db 0f 84 28 02 00 00 e8 2f 12 0c 00 4c 89 e6 89 ef 45 31 e4 e8 52 fc ff ff 1d 12 0c 00 44 89 e0 5b 5d 41 5c 41 5d 41 5e c3 cc cc cc cc e8 RSP: 0018:ffa00000131c7a50 EFLAGS: 00000293 RAX: 0000000000000000 RBX: 0000000000000200 RCX: ffffffff81ad244a RDX: ff1100017b43c980 RSI: ffffffff81ad2458 RDI: 0000000000000007 RBP: 0000000000000000 R08: 0000000000000001 R09: 0000000000000001 R10: 0000000000000200 R11: 0000000000000004 R12: 0000000000000000 R13: ffa00000131c7c10 R14: ffa00000131c7b48 R15: ff1100017b43c994 smp_call_function_single+0x1eb/0x6d0 kernel/smp.c:684 task_function_call+0xe4/0x170 kernel/events/core.c:121 perf_install_in_context+0x2ca/0x560 kernel/events/core.c:3107 __do_sys_perf_event_open+0x19a0/0x2c30 kernel/events/core.c:13735 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline] do_syscall_64+0x72/0xfa0 arch/x86/entry/syscall_64.c:94 entry_SYSCALL_64_after_hwframe+0x76/0x7e RIP: 0033:0x7f9af976d52d Code: b3 66 2e 0f 1f 84 00 00 00 00 00 66 90 f3 0f 1e fa 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 RSP: 002b:00007ffe1ccb7418 EFLAGS: 00000246 ORIG_RAX: 000000000000012a RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007f9af976d52d RDX: 00000000ffffffff RSI: 0000000000000000 RDI: 0000400000000100 RBP: 00007ffe1ccb7430 R08: 0000000000000002 R09: 006e75745f7a7900 R10: 00000000ffffffff R11: 0000000000000246 R12: 00000000000f4240 R13: 00007f9af97d6489 R14: 00007ffe1ccb74e4 R15: 00007ffe1ccb74f0