syzbot


INFO: task hung in synchronize_rcu

Status: fixed on 2019/11/29 15:48
Reported-by: syzbot+89a8060879fa0bd2db4f@syzkaller.appspotmail.com
Fix commit: 8a44119a98be KVM: Fix NULL-ptr deref after kvm_create_vm fails
First crash: 1065d, last: 1034d

Cause bisection: introduced by (bisect log) :
commit 9121923c457d1d8667a6e3a67302c29e5c5add6b
Author: Jim Mattson <jmattson@google.com>
Date: Thu Oct 24 23:03:26 2019 +0000

  kvm: Allocate memslots and buses before calling kvm_arch_init_vm

Crash: general protection fault in kvm_coalesced_mmio_init (log)
Repro: syz .config
similar bugs (6):
Kernel Title Repro Cause bisect Fix bisect Count Last Reported Patched Status
upstream INFO: task hung in synchronize_rcu (3) C done done 353 8d00h 798d 23/24 upstream: reported C repro on 2020/07/22 18:22
android-49 INFO: task hung in synchronize_rcu 1 1034d 1034d 0/3 auto-closed as invalid on 2020/03/28 16:57
linux-4.14 INFO: task hung in synchronize_rcu C error 158 17d 1056d 0/1 upstream: reported C repro on 2019/11/07 04:32
linux-4.19 INFO: task hung in synchronize_rcu syz 65 4d18h 1054d 0/1 upstream: reported syz repro on 2019/11/08 21:27
android-414 INFO: task hung in synchronize_rcu 1 1052d 1052d 0/1 auto-closed as invalid on 2020/03/10 10:42
upstream INFO: task hung in synchronize_rcu (2) 8 1033d 1033d 0/24 closed as invalid on 2019/11/30 16:54

Sample crash report:
INFO: task syz-executor.4:13809 blocked for more than 143 seconds.
      Not tainted 5.4.0-rc7+ #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
syz-executor.4  D28056 13809   9620 0x00004004
Call Trace:
 context_switch kernel/sched/core.c:3384 [inline]
 __schedule+0x909/0x1ee0 kernel/sched/core.c:4078
 schedule+0xd9/0x260 kernel/sched/core.c:4145
 schedule_timeout+0x717/0xc50 kernel/time/timer.c:1871
 do_wait_for_common kernel/sched/completion.c:83 [inline]
 __wait_for_common kernel/sched/completion.c:104 [inline]
 wait_for_common kernel/sched/completion.c:115 [inline]
 wait_for_completion+0x29c/0x440 kernel/sched/completion.c:136
 __synchronize_srcu+0x197/0x250 kernel/rcu/srcutree.c:921
 synchronize_srcu+0x2dc/0x3e8 kernel/rcu/srcutree.c:999
 kvm_page_track_unregister_notifier+0xe7/0x130 arch/x86/kvm/page_track.c:212
 kvm_mmu_uninit_vm+0x1e/0x30 arch/x86/kvm/mmu.c:5828
 kvm_arch_destroy_vm+0x4a2/0x5f0 arch/x86/kvm/x86.c:9579
 kvm_create_vm arch/x86/kvm/../../../virt/kvm/kvm_main.c:702 [inline]
 kvm_dev_ioctl_create_vm arch/x86/kvm/../../../virt/kvm/kvm_main.c:3444 [inline]
 kvm_dev_ioctl+0x11e6/0x1610 arch/x86/kvm/../../../virt/kvm/kvm_main.c:3496
 vfs_ioctl fs/ioctl.c:46 [inline]
 file_ioctl fs/ioctl.c:509 [inline]
 do_vfs_ioctl+0xdb6/0x13e0 fs/ioctl.c:696
 ksys_ioctl+0xab/0xd0 fs/ioctl.c:713
 __do_sys_ioctl fs/ioctl.c:720 [inline]
 __se_sys_ioctl fs/ioctl.c:718 [inline]
 __x64_sys_ioctl+0x73/0xb0 fs/ioctl.c:718
 do_syscall_64+0xfa/0x760 arch/x86/entry/common.c:290
 entry_SYSCALL_64_after_hwframe+0x49/0xbe
RIP: 0033:0x45a219
Code: 24 48 89 44 24 08 48 c7 44 24 10 08 00 00 00 e8 7d d0 fa ff 48 8b 44 24 18 48 89 44 24 40 48 8b 6c 24 20 48 83 c4 28 c3 e8 84 <af> ff ff eb 82 cc cc 48 8b 44 24 08 48 8b 08 48 8b 54 24 10 48 8b
RSP: 002b:00007f752bac8c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 000000000045a219
RDX: 0000000000000000 RSI: 000000000000ae01 RDI: 0000000000000003
RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 00007f752bac96d4
R13: 00000000004c348b R14: 00000000004d7708 R15: 00000000ffffffff

Showing all locks held in the system:
1 lock held by khungtaskd/1070:
 #0: ffffffff88fab340 (rcu_read_lock){....}, at: debug_show_all_locks+0x5f/0x27e kernel/locking/lockdep.c:5337
2 locks held by rsyslogd/9443:
 #0: ffff88809ed15e20 (&f->f_pos_lock){+.+.}, at: __fdget_pos+0xee/0x110 fs/file.c:801
 #1: ffffffff88fab340 (rcu_read_lock){....}, at: syslog_print kernel/printk/printk.c:1364 [inline]
 #1: ffffffff88fab340 (rcu_read_lock){....}, at: do_syslog kernel/printk/printk.c:1529 [inline]
 #1: ffffffff88fab340 (rcu_read_lock){....}, at: do_syslog+0x68e/0x1820 kernel/printk/printk.c:1503
2 locks held by getty/9565:
 #0: ffff88809c048090 (&tty->ldisc_sem){++++}, at: ldsem_down_read+0x33/0x40 drivers/tty/tty_ldsem.c:340
 #1: ffffc90005f2d2e0 (&ldata->atomic_read_lock){+.+.}, at: n_tty_read+0x232/0x1c10 drivers/tty/n_tty.c:2156
2 locks held by getty/9566:
 #0: ffff888085df9090 (&tty->ldisc_sem){++++}, at: ldsem_down_read+0x33/0x40 drivers/tty/tty_ldsem.c:340
 #1: ffffc90005f312e0 (&ldata->atomic_read_lock){+.+.}, at: n_tty_read+0x232/0x1c10 drivers/tty/n_tty.c:2156
2 locks held by getty/9567:
 #0: ffff88809cd46090 (&tty->ldisc_sem){++++}, at: ldsem_down_read+0x33/0x40 drivers/tty/tty_ldsem.c:340
 #1: ffffc90005f292e0 (&ldata->atomic_read_lock){+.+.}, at: n_tty_read+0x232/0x1c10 drivers/tty/n_tty.c:2156
2 locks held by getty/9568:
 #0: ffff8880a39f5090 (&tty->ldisc_sem){++++}, at: ldsem_down_read+0x33/0x40 drivers/tty/tty_ldsem.c:340
 #1: ffffc90005f352e0 (&ldata->atomic_read_lock){+.+.}, at: n_tty_read+0x232/0x1c10 drivers/tty/n_tty.c:2156
2 locks held by getty/9569:
 #0: ffff88809c53e090 (&tty->ldisc_sem){++++}, at: ldsem_down_read+0x33/0x40 drivers/tty/tty_ldsem.c:340
 #1: ffffc90005f192e0 (&ldata->atomic_read_lock){+.+.}, at: n_tty_read+0x232/0x1c10 drivers/tty/n_tty.c:2156
2 locks held by getty/9570:
 #0: ffff8880a9741090 (&tty->ldisc_sem){++++}, at: ldsem_down_read+0x33/0x40 drivers/tty/tty_ldsem.c:340
 #1: ffffc90005f152e0 (&ldata->atomic_read_lock){+.+.}, at: n_tty_read+0x232/0x1c10 drivers/tty/n_tty.c:2156
2 locks held by getty/9571:
 #0: ffff888086492090 (&tty->ldisc_sem){++++}, at: ldsem_down_read+0x33/0x40 drivers/tty/tty_ldsem.c:340
 #1: ffffc90005f052e0 (&ldata->atomic_read_lock){+.+.}, at: n_tty_read+0x232/0x1c10 drivers/tty/n_tty.c:2156

=============================================

NMI backtrace for cpu 1
CPU: 1 PID: 1070 Comm: khungtaskd Not tainted 5.4.0-rc7+ #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
 __dump_stack lib/dump_stack.c:77 [inline]
 dump_stack+0x197/0x210 lib/dump_stack.c:118
 nmi_cpu_backtrace.cold+0x70/0xb2 lib/nmi_backtrace.c:101
 nmi_trigger_cpumask_backtrace+0x23b/0x28b lib/nmi_backtrace.c:62
 arch_trigger_cpumask_backtrace+0x14/0x20 arch/x86/kernel/apic/hw_nmi.c:38
 trigger_all_cpu_backtrace include/linux/nmi.h:146 [inline]
 check_hung_uninterruptible_tasks kernel/hung_task.c:205 [inline]
 watchdog+0x9d0/0xef0 kernel/hung_task.c:289
 kthread+0x361/0x430 kernel/kthread.c:255
 ret_from_fork+0x24/0x30 arch/x86/entry/entry_64.S:352
Sending NMI from CPU 1 to CPUs 0:
NMI backtrace for cpu 0
CPU: 0 PID: 7 Comm: kworker/u4:0 Not tainted 5.4.0-rc7+ #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Workqueue: bat_events batadv_nc_worker
RIP: 0010:__rcu_read_lock+0x2a/0x90 kernel/rcu/tree_plugin.h:358
Code: 48 b8 00 00 00 00 00 fc ff df 55 48 89 e5 53 65 48 8b 1c 25 40 fe 01 00 48 8d bb 78 03 00 00 48 89 fa 48 c1 ea 03 0f b6 04 02 <84> c0 74 04 3c 03 7e 4f 83 83 78 03 00 00 01 48 b8 00 00 00 00 00
RSP: 0018:ffff8880a9897cc8 EFLAGS: 00000a02
RAX: 0000000000000000 RBX: ffff8880a987e1c0 RCX: ffffffff8733c697
RDX: 1ffff1101530fca7 RSI: ffffffff8733c526 RDI: ffff8880a987e538
RBP: ffff8880a9897cd0 R08: ffff8880a987e1c0 R09: ffff8880a987ea50
R10: fffffbfff138cdf0 R11: ffffffff89c66f87 R12: 0000000000000001
R13: 0000000000000023 R14: ffff8880938dc118 R15: dffffc0000000000
FS:  0000000000000000(0000) GS:ffff8880ae800000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: ffffffffff600400 CR3: 00000000a3f2d000 CR4: 00000000001406f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
 rcu_read_lock include/linux/rcupdate.h:597 [inline]
 batadv_nc_purge_orig_hash net/batman-adv/network-coding.c:407 [inline]
 batadv_nc_worker+0xf2/0x760 net/batman-adv/network-coding.c:718
 process_one_work+0x9af/0x1740 kernel/workqueue.c:2269
 worker_thread+0x98/0xe40 kernel/workqueue.c:2415
 kthread+0x361/0x430 kernel/kthread.c:255
 ret_from_fork+0x24/0x30 arch/x86/entry/entry_64.S:352

Crashes (1206):
Manager Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Title
ci-upstream-kasan-gce-selinux-root 2019/11/13 06:39 upstream 100d46bd72ec 048f2d49 .config log report syz
ci-upstream-kasan-gce-smack-root 2019/11/13 05:16 upstream 100d46bd72ec 048f2d49 .config log report syz
ci-upstream-kasan-gce-selinux-root 2019/11/13 04:42 upstream 100d46bd72ec 048f2d49 .config log report syz
ci-upstream-kasan-gce-selinux-root 2019/11/13 02:36 upstream 100d46bd72ec 048f2d49 .config log report syz
ci-upstream-kasan-gce-selinux-root 2019/11/13 00:34 upstream 100d46bd72ec 048f2d49 .config log report syz
ci-upstream-kasan-gce-smack-root 2019/11/11 03:28 upstream 9805a68371ce dc438b91 .config log report syz
ci-upstream-kasan-gce-selinux-root 2019/11/10 15:24 upstream 00aff6836241 dc438b91 .config log report syz
ci-upstream-kasan-gce-root 2019/11/10 13:14 upstream 00aff6836241 dc438b91 .config log report syz
ci-upstream-kasan-gce-smack-root 2019/11/10 11:45 upstream 00aff6836241 dc438b91 .config log report syz
ci-upstream-kasan-gce-selinux-root 2019/11/09 23:30 upstream 0058b0a506e4 dc438b91 .config log report syz
ci-upstream-kasan-gce-root 2019/11/09 19:21 upstream 0058b0a506e4 dc438b91 .config log report syz
ci-upstream-kasan-gce-selinux-root 2019/11/09 18:59 upstream 0058b0a506e4 dc438b91 .config log report syz
ci-upstream-kasan-gce-smack-root 2019/11/09 12:19 upstream 6737e7634951 dc438b91 .config log report syz
ci-upstream-kasan-gce-root 2019/11/09 11:20 upstream 6737e7634951 dc438b91 .config log report syz
ci-upstream-kasan-gce-root 2019/11/09 04:01 upstream 6737e7634951 dc438b91 .config log report syz
ci-upstream-kasan-gce-root 2019/11/08 19:45 upstream 847120f859cc 1e35461e .config log report syz
ci-upstream-kasan-gce-selinux-root 2019/11/08 19:05 upstream 847120f859cc 1e35461e .config log report syz
ci-upstream-kasan-gce-root 2019/11/08 03:56 upstream 847120f859cc f39aff9e .config log report syz
ci-upstream-kasan-gce-smack-root 2019/11/07 22:37 upstream 4dd58158254c f39aff9e .config log report syz
ci-upstream-kasan-gce-smack-root 2019/11/07 02:45 upstream 26bc67213424 da505f84 .config log report syz
ci-upstream-kasan-gce-root 2019/11/06 20:30 upstream 26bc67213424 da505f84 .config log report syz
ci-upstream-kasan-gce-smack-root 2019/11/06 10:20 upstream 26bc67213424 bc2c6e45 .config log report syz
ci-upstream-kasan-gce-root 2019/11/06 09:17 upstream 26bc67213424 bc2c6e45 .config log report syz
ci-upstream-kasan-gce-root 2019/11/05 22:50 upstream a99d8080aaf3 0f3ec414 .config log report syz
ci-upstream-kasan-gce-smack-root 2019/11/05 19:34 upstream a99d8080aaf3 0f3ec414 .config log report syz
ci-upstream-kasan-gce-smack-root 2019/11/05 11:39 upstream a99d8080aaf3 76630fc9 .config log report syz
ci-upstream-kasan-gce-smack-root 2019/11/05 10:12 upstream a99d8080aaf3 76630fc9 .config log report syz
ci-upstream-kasan-gce-root 2019/11/05 08:26 upstream a99d8080aaf3 76630fc9 .config log report syz
ci-upstream-kasan-gce-root 2019/11/05 02:36 upstream a99d8080aaf3 76630fc9 .config log report syz
ci-upstream-kasan-gce-smack-root 2019/11/04 12:16 upstream a99d8080aaf3 b35fad31 .config log report syz
ci-upstream-kasan-gce-root 2019/11/04 11:02 upstream a99d8080aaf3 b35fad31 .config log report syz
ci-upstream-kasan-gce-smack-root 2019/11/04 08:59 upstream a99d8080aaf3 b35fad31 .config log report syz
ci-upstream-kasan-gce-smack-root 2019/11/03 21:05 upstream 56cfd2507d3e c9610487 .config log report syz
ci-upstream-kasan-gce-root 2019/11/03 12:11 upstream 9d2345057538 a41ca8fa .config log report syz
ci-upstream-kasan-gce-root 2019/11/03 09:43 upstream 9d2345057538 a41ca8fa .config log report syz
ci-upstream-kasan-gce-smack-root 2019/11/03 09:12 upstream 9d2345057538 a41ca8fa .config log report syz
ci-upstream-kasan-gce-smack-root 2019/11/03 09:08 upstream 9d2345057538 a41ca8fa .config log report syz
ci-upstream-kasan-gce-selinux-root 2019/11/03 05:45 upstream 9d2345057538 a41ca8fa .config log report syz
ci-upstream-kasan-gce-386 2019/11/03 10:45 upstream 9d2345057538 a41ca8fa .config log report syz
ci-upstream-linux-next-kasan-gce-root 2019/11/07 22:34 linux-next c68c5373c504 f39aff9e .config log report syz
ci-upstream-linux-next-kasan-gce-root 2019/11/07 17:30 linux-next c68c5373c504 d797d201 .config log report syz
ci-upstream-linux-next-kasan-gce-root 2019/11/05 16:22 linux-next 51309b9d73f5 0f3ec414 .config log report syz
ci-qemu-upstream 2019/11/29 12:28 upstream 81b6b96475ac d29b9e84 .config log report
ci-upstream-kasan-gce-root 2019/11/25 21:53 upstream 219d54332a09 371caf77 .config log report
ci-upstream-kasan-gce 2019/11/23 07:37 upstream a6b0373ffcd8 598ca6c8 .config log report
ci-upstream-kasan-gce-smack-root 2019/11/18 23:11 upstream af42d3466bdc 1daed50a .config log report
ci-upstream-kasan-gce-root 2019/11/17 05:14 upstream fe30021c36fb d5696d51 .config log report
ci-upstream-kasan-gce 2019/11/13 08:09 upstream 100d46bd72ec 048f2d49 .config log report
ci-upstream-kasan-gce-root 2019/11/13 06:22 upstream eb094f06963b 048f2d49 .config log report
ci-upstream-kasan-gce 2019/11/13 04:05 upstream 100d46bd72ec 048f2d49 .config log report
ci-upstream-kasan-gce-smack-root 2019/11/13 02:25 upstream 100d46bd72ec 048f2d49 .config log report
ci-upstream-kasan-gce-selinux-root 2019/11/12 23:33 upstream 100d46bd72ec 048f2d49 .config log report
ci-upstream-kasan-gce 2019/11/12 23:16 upstream 100d46bd72ec 048f2d49 .config log report
ci-upstream-kasan-gce 2019/11/12 21:33 upstream 100d46bd72ec 048f2d49 .config log report
ci-upstream-kasan-gce-selinux-root 2019/11/12 20:32 upstream 100d46bd72ec 048f2d49 .config log report
ci-upstream-kasan-gce-selinux-root 2019/11/12 19:14 upstream de620fb99ef2 048f2d49 .config log report
ci-upstream-kasan-gce-root 2019/11/12 17:28 upstream de620fb99ef2 048f2d49 .config log report
ci-upstream-kasan-gce-selinux-root 2019/11/12 17:17 upstream de620fb99ef2 048f2d49 .config log report
ci-upstream-kasan-gce-root 2019/11/12 16:11 upstream de620fb99ef2 048f2d49 .config log report
ci-upstream-kasan-gce 2019/11/12 15:00 upstream de620fb99ef2 048f2d49 .config log report
ci-upstream-kasan-gce 2019/11/12 14:45 upstream de620fb99ef2 048f2d49 .config log report
ci-upstream-kasan-gce-smack-root 2019/11/12 13:43 upstream de620fb99ef2 048f2d49 .config log report
ci-upstream-kasan-gce-smack-root 2019/11/12 12:38 upstream de620fb99ef2 048f2d49 .config log report
ci-upstream-kasan-gce-smack-root 2019/11/12 10:31 upstream de620fb99ef2 048f2d49 .config log report
ci-upstream-kasan-gce 2019/11/12 09:28 upstream de620fb99ef2 048f2d49 .config log report
ci-upstream-kasan-gce-root 2019/11/12 09:06 upstream de620fb99ef2 048f2d49 .config log report
ci-upstream-kasan-gce-root 2019/11/12 07:46 upstream de620fb99ef2 048f2d49 .config log report
ci-upstream-kasan-gce-selinux-root 2019/11/12 06:07 upstream 31f4f5b495a6 048f2d49 .config log report
ci-upstream-kasan-gce 2019/11/12 03:15 upstream 31f4f5b495a6 048f2d49 .config log report
ci-upstream-kasan-gce-smack-root 2019/11/12 02:13 upstream 31f4f5b495a6 048f2d49 .config log report
ci-upstream-kasan-gce-smack-root 2019/11/12 00:58 upstream 31f4f5b495a6 048f2d49 .config log report
ci-upstream-kasan-gce 2019/11/11 23:53 upstream 31f4f5b495a6 048f2d49 .config log report
ci-upstream-kasan-gce-smack-root 2019/11/11 22:16 upstream 31f4f5b495a6 048f2d49 .config log report
ci-upstream-kasan-gce-root 2019/11/11 20:13 upstream 31f4f5b495a6 048f2d49 .config log report
ci-upstream-kasan-gce 2019/11/11 19:08 upstream 31f4f5b495a6 048f2d49 .config log report
ci-upstream-kasan-gce-smack-root 2019/11/11 18:06 upstream 31f4f5b495a6 048f2d49 .config log report
ci-upstream-kasan-gce-selinux-root 2019/11/11 16:17 upstream 9805a68371ce dc438b91 .config log report
ci-upstream-kasan-gce-smack-root 2019/11/11 15:06 upstream 9805a68371ce dc438b91 .config log report
ci-upstream-kasan-gce-smack-root 2019/11/11 15:06 upstream 9805a68371ce dc438b91 .config log report
ci-upstream-kasan-gce 2019/11/11 13:53 upstream 9805a68371ce dc438b91 .config log report
ci-upstream-kasan-gce-root 2019/11/11 12:43 upstream 9805a68371ce dc438b91 .config log report
ci-upstream-kasan-gce-root 2019/11/11 11:21 upstream 9805a68371ce dc438b91 .config log report
ci-upstream-kasan-gce-smack-root 2019/11/11 10:20 upstream 9805a68371ce dc438b91 .config log report
ci-upstream-kasan-gce 2019/11/11 08:53 upstream 9805a68371ce dc438b91 .config log report
ci-upstream-kasan-gce-386 2019/11/13 04:06 upstream eb094f06963b 048f2d49 .config log report
ci-upstream-kasan-gce-386 2019/11/12 01:03 upstream 31f4f5b495a6 048f2d49 .config log report
ci-upstream-kasan-gce-386 2019/11/11 21:15 upstream 31f4f5b495a6 048f2d49 .config log report
ci-upstream-bpf-kasan-gce 2019/11/19 04:29 bpf 34e59836565e 5bc70212 .config log report
ci-upstream-net-kasan-gce 2019/11/24 04:28 net-next 8dcdc9524cad 598ca6c8 .config log report
ci-upstream-net-kasan-gce 2019/10/29 08:01 net-next d5a721c96a44 5ea87a66 .config log report
ci-upstream-linux-next-kasan-gce-root 2019/11/12 11:35 linux-next fc6d6db1df2c 048f2d49 .config log report
ci-upstream-linux-next-kasan-gce-root 2019/11/12 04:41 linux-next 6980b7f6f9db 048f2d49 .config log report
ci-upstream-linux-next-kasan-gce-root 2019/11/12 03:25 linux-next 6980b7f6f9db 048f2d49 .config log report
* Struck through repros no longer work on HEAD.