syzbot


WARNING: suspicious RCU usage in kvm_dev_ioctl

Status: fixed on 2019/11/29 15:48
Reported-by: syzbot+75475908cd0910f141ee@syzkaller.appspotmail.com
Fix commit: e2d3fcaf939d KVM: fix placement of refcount initialization
First crash: 1857d, last: 1847d
Cause bisection: introduced by (bisect log) :
commit a97b0e773e492ae319a7e981e98962a1060215f9
Author: Jim Mattson <jmattson@google.com>
Date: Fri Oct 25 11:34:58 2019 +0000

  kvm: call kvm_arch_destroy_vm if vm creation fails

Crash: WARNING: suspicious RCU usage in kvm_dev_ioctl (log)
Repro: C syz .config
  
Discussions (3)
Title Replies (including bot) Last reply
[PATCH 0/2] KVM: fix issues with kvm_create_vm failures 6 (6) 2019/11/12 18:50
[PATCH 1/2] KVM: Fix NULL-ptr defer after kvm_create_vm fails 9 (9) 2019/11/06 08:29
WARNING: suspicious RCU usage in kvm_dev_ioctl 0 (3) 2019/11/03 04:36

Sample crash report:
=============================
WARNING: suspicious RCU usage
5.4.0-rc5+ #0 Not tainted
-----------------------------
include/linux/kvm_host.h:534 suspicious rcu_dereference_check() usage!

other info that might help us debug this:


rcu_scheduler_active = 2, debug_locks = 1
no locks held by syz-executor623/8946.

stack backtrace:
CPU: 1 PID: 8946 Comm: syz-executor623 Not tainted 5.4.0-rc5+ #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
 __dump_stack lib/dump_stack.c:77 [inline]
 dump_stack+0x172/0x1f0 lib/dump_stack.c:113
 lockdep_rcu_suspicious+0x153/0x15d kernel/locking/lockdep.c:5438
 kvm_get_bus include/linux/kvm_host.h:534 [inline]
 kvm_get_bus include/linux/kvm_host.h:532 [inline]
 kvm_create_vm arch/x86/kvm/../../../virt/kvm/kvm_main.c:706 [inline]
 kvm_dev_ioctl_create_vm arch/x86/kvm/../../../virt/kvm/kvm_main.c:3444 [inline]
 kvm_dev_ioctl+0x100c/0x1610 arch/x86/kvm/../../../virt/kvm/kvm_main.c:3496
 vfs_ioctl fs/ioctl.c:46 [inline]
 file_ioctl fs/ioctl.c:509 [inline]
 do_vfs_ioctl+0xdb6/0x13e0 fs/ioctl.c:696
 ksys_ioctl+0xab/0xd0 fs/ioctl.c:713
 __do_sys_ioctl fs/ioctl.c:720 [inline]
 __se_sys_ioctl fs/ioctl.c:718 [inline]
 __x64_sys_ioctl+0x73/0xb0 fs/ioctl.c:718
 do_syscall_64+0xfa/0x760 arch/x86/entry/common.c:290
 entry_SYSCALL_64_after_hwframe+0x49/0xbe
RIP: 0033:0x440149
Code: 18 89 d0 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 fb 13 fc ff c3 66 2e 0f 1f 84 00 00 00 00
RSP: 002b:00007ffce402f1f8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
RAX: ffffffffffffffda RBX: 00000000004002c8 RCX: 0000000000440149
RDX: 0000000000000002 RSI: 000000000000ae01 RDI: 0000000000000003
RBP: 00000000006ca018 R08: 0000000000000000 R09: 00000000004002c8
R10: 0000000000000000 R11: 0000000000000246 R12: 00000000004019d0
R13: 0000000000401a60 R14: 0000000000000000 R15: 0000000000000000

=============================
WARNING: suspicious RCU usage
5.4.0-rc5+ #0 Not tainted
-----------------------------
include/linux/kvm_host.h:629 suspicious rcu_dereference_check() usage!

other info that might help us debug this:


rcu_scheduler_active = 2, debug_locks = 1
no locks held by syz-executor623/8946.

stack backtrace:
CPU: 1 PID: 8946 Comm: syz-executor623 Not tainted 5.4.0-rc5+ #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
 __dump_stack lib/dump_stack.c:77 [inline]
 dump_stack+0x172/0x1f0 lib/dump_stack.c:113
 lockdep_rcu_suspicious+0x153/0x15d kernel/locking/lockdep.c:5438
 __kvm_memslots include/linux/kvm_host.h:629 [inline]
 __kvm_memslots include/linux/kvm_host.h:626 [inline]
 kvm_create_vm arch/x86/kvm/../../../virt/kvm/kvm_main.c:708 [inline]
 kvm_dev_ioctl_create_vm arch/x86/kvm/../../../virt/kvm/kvm_main.c:3444 [inline]
 kvm_dev_ioctl+0x116c/0x1610 arch/x86/kvm/../../../virt/kvm/kvm_main.c:3496
 vfs_ioctl fs/ioctl.c:46 [inline]
 file_ioctl fs/ioctl.c:509 [inline]
 do_vfs_ioctl+0xdb6/0x13e0 fs/ioctl.c:696
 ksys_ioctl+0xab/0xd0 fs/ioctl.c:713
 __do_sys_ioctl fs/ioctl.c:720 [inline]
 __se_sys_ioctl fs/ioctl.c:718 [inline]
 __x64_sys_ioctl+0x73/0xb0 fs/ioctl.c:718
 do_syscall_64+0xfa/0x760 arch/x86/entry/common.c:290
 entry_SYSCALL_64_after_hwframe+0x49/0xbe
RIP: 0033:0x440149
Code: 18 89 d0 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 fb 13 fc ff c3 66 2e 0f 1f 84 00 00 00 00
RSP: 002b:00007ffce402f1f8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
RAX: fffffffff

Crashes (333):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2019/11/03 23:55 upstream 56cfd2507d3e c9610487 .config console log report syz C ci-upstream-kasan-gce
2019/11/03 23:49 upstream 56cfd2507d3e c9610487 .config console log report syz C ci-upstream-kasan-gce-root
2019/11/03 19:16 upstream 56cfd2507d3e c9610487 .config console log report syz C ci-upstream-kasan-gce-root
2019/11/03 17:23 upstream 56cfd2507d3e c9610487 .config console log report syz C ci-upstream-kasan-gce-root
2019/11/03 16:35 upstream 56cfd2507d3e c9610487 .config console log report syz C ci-upstream-kasan-gce-root
2019/11/03 03:12 upstream 9d2345057538 a41ca8fa .config console log report syz C ci-upstream-kasan-gce-root
2019/11/03 02:25 upstream 9d2345057538 a41ca8fa .config console log report syz C ci-upstream-kasan-gce-smack-root
2019/11/03 01:34 upstream 9d2345057538 a41ca8fa .config console log report syz C ci-upstream-kasan-gce
2019/11/03 00:26 upstream 9d2345057538 a41ca8fa .config console log report syz C ci-upstream-kasan-gce-selinux-root
2019/11/13 08:10 upstream 100d46bd72ec 048f2d49 .config console log report ci-upstream-kasan-gce-selinux-root
2019/11/13 06:40 upstream 100d46bd72ec 048f2d49 .config console log report ci-upstream-kasan-gce
2019/11/13 04:28 upstream 100d46bd72ec 048f2d49 .config console log report ci-upstream-kasan-gce
2019/11/13 03:18 upstream 100d46bd72ec 048f2d49 .config console log report ci-upstream-kasan-gce
2019/11/13 01:53 upstream 100d46bd72ec 048f2d49 .config console log report ci-upstream-kasan-gce-selinux-root
2019/11/12 22:31 upstream eb094f06963b 048f2d49 .config console log report ci-upstream-kasan-gce-root
2019/11/12 21:25 upstream 100d46bd72ec 048f2d49 .config console log report ci-upstream-kasan-gce
2019/11/12 19:23 upstream 100d46bd72ec 048f2d49 .config console log report ci-upstream-kasan-gce
2019/11/12 15:54 upstream de620fb99ef2 048f2d49 .config console log report ci-upstream-kasan-gce-smack-root
2019/11/12 10:26 upstream de620fb99ef2 048f2d49 .config console log report ci-upstream-kasan-gce-selinux-root
2019/11/12 06:51 upstream de620fb99ef2 048f2d49 .config console log report ci-upstream-kasan-gce-root
2019/11/12 06:44 upstream de620fb99ef2 048f2d49 .config console log report ci-upstream-kasan-gce
2019/11/12 00:54 upstream 31f4f5b495a6 048f2d49 .config console log report ci-upstream-kasan-gce-root
2019/11/11 23:39 upstream 31f4f5b495a6 048f2d49 .config console log report ci-upstream-kasan-gce-smack-root
2019/11/11 22:32 upstream 31f4f5b495a6 048f2d49 .config console log report ci-upstream-kasan-gce
2019/11/11 20:50 upstream 31f4f5b495a6 048f2d49 .config console log report ci-upstream-kasan-gce-smack-root
2019/11/11 19:19 upstream 31f4f5b495a6 048f2d49 .config console log report ci-upstream-kasan-gce-selinux-root
2019/11/11 19:05 upstream 31f4f5b495a6 048f2d49 .config console log report ci-upstream-kasan-gce
2019/11/11 17:59 upstream 31f4f5b495a6 048f2d49 .config console log report ci-upstream-kasan-gce
2019/11/11 16:23 upstream 9805a68371ce dc438b91 .config console log report ci-upstream-kasan-gce
2019/11/11 13:54 upstream 9805a68371ce dc438b91 .config console log report ci-upstream-kasan-gce-smack-root
2019/11/11 08:58 upstream 9805a68371ce dc438b91 .config console log report ci-upstream-kasan-gce-root
2019/11/11 07:56 upstream 9805a68371ce dc438b91 .config console log report ci-upstream-kasan-gce-selinux-root
2019/11/11 04:57 upstream 9805a68371ce dc438b91 .config console log report ci-upstream-kasan-gce-smack-root
2019/11/11 00:56 upstream 9805a68371ce dc438b91 .config console log report ci-upstream-kasan-gce
2019/11/10 23:33 upstream 9805a68371ce dc438b91 .config console log report ci-upstream-kasan-gce
2019/11/10 16:45 upstream 00aff6836241 dc438b91 .config console log report ci-upstream-kasan-gce-root
2019/11/10 09:02 upstream 00aff6836241 dc438b91 .config console log report ci-upstream-kasan-gce
2019/11/10 08:34 upstream 00aff6836241 dc438b91 .config console log report ci-upstream-kasan-gce-smack-root
2019/11/10 05:07 upstream 00aff6836241 dc438b91 .config console log report ci-upstream-kasan-gce-selinux-root
2019/11/10 03:40 upstream 0058b0a506e4 dc438b91 .config console log report ci-upstream-kasan-gce
2019/11/10 01:10 upstream 0058b0a506e4 dc438b91 .config console log report ci-upstream-kasan-gce-selinux-root
2019/11/09 22:16 upstream 0058b0a506e4 dc438b91 .config console log report ci-upstream-kasan-gce
2019/11/09 20:20 upstream 0058b0a506e4 dc438b91 .config console log report ci-upstream-kasan-gce
2019/11/09 16:30 upstream 0058b0a506e4 dc438b91 .config console log report ci-upstream-kasan-gce-selinux-root
2019/11/09 16:16 upstream 0058b0a506e4 dc438b91 .config console log report ci-upstream-kasan-gce
2019/11/09 15:16 upstream 0058b0a506e4 dc438b91 .config console log report ci-upstream-kasan-gce
2019/11/09 09:26 upstream 6737e7634951 dc438b91 .config console log report ci-upstream-kasan-gce-root
2019/11/09 06:45 upstream 6737e7634951 dc438b91 .config console log report ci-upstream-kasan-gce-selinux-root
2019/11/09 02:54 upstream 6737e7634951 dc438b91 .config console log report ci-upstream-kasan-gce-root
2019/11/02 22:58 upstream 9d2345057538 a41ca8fa .config console log report ci-upstream-kasan-gce-selinux-root
2019/11/12 07:56 upstream de620fb99ef2 048f2d49 .config console log report ci-upstream-kasan-gce-386
2019/11/11 10:58 linux-next 6980b7f6f9db dc438b91 .config console log report ci-upstream-linux-next-kasan-gce-root
2019/11/11 06:33 linux-next 5591cf003452 dc438b91 .config console log report ci-upstream-linux-next-kasan-gce-root
2019/11/11 02:20 linux-next 5591cf003452 dc438b91 .config console log report ci-upstream-linux-next-kasan-gce-root
2019/11/10 02:18 linux-next 5591cf003452 dc438b91 .config console log report ci-upstream-linux-next-kasan-gce-root
2019/11/09 05:27 linux-next 5591cf003452 dc438b91 .config console log report ci-upstream-linux-next-kasan-gce-root
* Struck through repros no longer work on HEAD.