bisecting fixing commit since 78e709522d2c012cb0daad2e668506637bffb7c2 building syzkaller on 5ae8508a2dd5f8e16a2b9830ae9a6f37d54ec8e7 testing commit 78e709522d2c012cb0daad2e668506637bffb7c2 compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: a9ee8b045e5ead72fbe14b5ba3f27f4e7dade83d639c18306638c2a676910138 run #0: basic kernel testing failed: KFENCE: use-after-free in kvm_fastop_exception run #1: crashed: BUG: spinlock bad magic in synchronize_srcu run #2: crashed: BUG: spinlock bad magic in synchronize_srcu run #3: crashed: BUG: spinlock bad magic in synchronize_srcu run #4: crashed: BUG: spinlock bad magic in synchronize_srcu run #5: crashed: BUG: spinlock bad magic in synchronize_srcu run #6: crashed: BUG: spinlock bad magic in synchronize_srcu run #7: crashed: BUG: spinlock bad magic in synchronize_srcu run #8: crashed: BUG: spinlock bad magic in synchronize_srcu run #9: crashed: BUG: spinlock bad magic in synchronize_srcu run #10: crashed: BUG: spinlock bad magic in synchronize_srcu run #11: crashed: BUG: spinlock bad magic in synchronize_srcu run #12: crashed: BUG: spinlock bad magic in synchronize_srcu run #13: crashed: BUG: spinlock bad magic in synchronize_srcu run #14: crashed: BUG: spinlock bad magic in synchronize_srcu run #15: crashed: BUG: spinlock bad magic in synchronize_srcu run #16: crashed: BUG: spinlock bad magic in synchronize_srcu run #17: crashed: BUG: spinlock bad magic in synchronize_srcu run #18: crashed: BUG: spinlock bad magic in synchronize_srcu run #19: boot failed: KFENCE: use-after-free in kvm_fastop_exception testing current HEAD 1fc596a56b334f4d593a2b49e5ff55af6aaa0816 testing commit 1fc596a56b334f4d593a2b49e5ff55af6aaa0816 compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 643f89d0ba7d22960a022c6ff37ef74ade831614c7baec96ef2c332f4b2c78ef all runs: OK # git bisect start 1fc596a56b334f4d593a2b49e5ff55af6aaa0816 78e709522d2c012cb0daad2e668506637bffb7c2 Bisecting: 1067 revisions left to test after this (roughly 10 steps) [7fab1c12bde926c5a8c7d5984c551d0854d7e0b3] objtool: print out the symbol type when complaining about it testing commit 7fab1c12bde926c5a8c7d5984c551d0854d7e0b3 compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 32fb5babc39d9f40bf0b93fd6183db228ae453438dea3285d35fa5207f1f6b1d all runs: OK # git bisect bad 7fab1c12bde926c5a8c7d5984c551d0854d7e0b3 Bisecting: 526 revisions left to test after this (roughly 9 steps) [4ccb9f03fee7b20484187ba7e25a7b9b79fe63d5] Merge git://git.kernel.org/pub/scm/linux/kernel/git/bpf/bpf testing commit 4ccb9f03fee7b20484187ba7e25a7b9b79fe63d5 compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 6b7cb0646e6f86610ae85f378f90eadc5f096f06fcfa8ba64741ca32af724e3e all runs: crashed: BUG: spinlock bad magic in synchronize_srcu # git bisect good 4ccb9f03fee7b20484187ba7e25a7b9b79fe63d5 Bisecting: 264 revisions left to test after this (roughly 8 steps) [78ea81417944fe03f48648eddeb8e8a8e513c4ad] Merge tag 'exynos-drm-fixes-for-v5.15-rc4' of git://git.kernel.org/pub/scm/linux/kernel/git/daeinki/drm-exynos into drm-fixes testing commit 78ea81417944fe03f48648eddeb8e8a8e513c4ad compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 736cb9bb4a6e846c675cf7791deb67343a9ed846f33e83075f22ffb512ed5a72 all runs: crashed: BUG: spinlock bad magic in synchronize_srcu # git bisect good 78ea81417944fe03f48648eddeb8e8a8e513c4ad Bisecting: 129 revisions left to test after this (roughly 7 steps) [02d5e016800d082058b3d3b7c3ede136cdc6ddcb] Merge tag 'sound-5.15-rc4' of git://git.kernel.org/pub/scm/linux/kernel/git/tiwai/sound testing commit 02d5e016800d082058b3d3b7c3ede136cdc6ddcb compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: ea45a2d4086f0666dfc4d043f5026db7f880532489be50fba9cabfcfc265206a all runs: OK # git bisect bad 02d5e016800d082058b3d3b7c3ede136cdc6ddcb Bisecting: 66 revisions left to test after this (roughly 6 steps) [0513e464f9007b70b96740271a948ca5ab6e7dd7] Merge tag 'perf-tools-fixes-for-v5.15-2021-09-27' of git://git.kernel.org/pub/scm/linux/kernel/git/acme/linux testing commit 0513e464f9007b70b96740271a948ca5ab6e7dd7 compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: b75233018d0a5fa6c647f09fbc085903d77c0501aa0e7aad9da1f0ac2fb32472 all runs: OK # git bisect bad 0513e464f9007b70b96740271a948ca5ab6e7dd7 Bisecting: 33 revisions left to test after this (roughly 5 steps) [1ad32105d78e4b5da60688eca014bcd45271318f] KVM: x86: selftests: test simultaneous uses of V_IRQ from L1 and L0 testing commit 1ad32105d78e4b5da60688eca014bcd45271318f compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 6165e0d5bd05188d7e2c5dcd85e6185d9df17963b7be265a02c15e7205b6e20f all runs: OK # git bisect bad 1ad32105d78e4b5da60688eca014bcd45271318f Bisecting: 16 revisions left to test after this (roughly 4 steps) [5b92b6ca92b65bef811048c481e4446f4828500a] KVM: SEV: Allow some commands for mirror VM testing commit 5b92b6ca92b65bef811048c481e4446f4828500a compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 2907fcf12df386b401477b117f6937c091f67635fdaaced871a0c0a989ff5a89 all runs: OK # git bisect bad 5b92b6ca92b65bef811048c481e4446f4828500a Bisecting: 8 revisions left to test after this (roughly 3 steps) [ae232ea460888dc5a8b37e840c553b02521fbf18] KVM: do not shrink halt_poll_ns below grow_start testing commit ae232ea460888dc5a8b37e840c553b02521fbf18 compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 224f8b6a0ef36cc7d5843927722576858919ee3a15431f016294c916c79e9580 all runs: OK # git bisect bad ae232ea460888dc5a8b37e840c553b02521fbf18 Bisecting: 3 revisions left to test after this (roughly 2 steps) [01f91acb55be7aac3950b89c458bcea9ef6e4f49] selftests: KVM: Align SMCCC call with the spec in steal_time testing commit 01f91acb55be7aac3950b89c458bcea9ef6e4f49 compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: c148b170498b619db4c7f1015f3774a24bc274c13b5988368859eb8ffbf4df90 all runs: crashed: BUG: spinlock bad magic in synchronize_srcu # git bisect good 01f91acb55be7aac3950b89c458bcea9ef6e4f49 Bisecting: 1 revision left to test after this (roughly 1 step) [eb7511bf9182292ef1df1082d23039e856d1ddfb] KVM: x86: Handle SRCU initialization failure during page track init testing commit eb7511bf9182292ef1df1082d23039e856d1ddfb compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: e1a2943e9730193dce72486dec66cc8e73591083acea8b337b2c7611bcbe1590 all runs: OK # git bisect bad eb7511bf9182292ef1df1082d23039e856d1ddfb Bisecting: 0 revisions left to test after this (roughly 0 steps) [cd36ae8761775e78154ba6bd7a3bd2ab538c589f] KVM: VMX: Remove defunct "nr_active_uret_msrs" field testing commit cd36ae8761775e78154ba6bd7a3bd2ab538c589f compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 283a025bac66dbbdeb910ea8ec635c07be423ba1c30a6219c83db257dbfcd703 all runs: crashed: BUG: spinlock bad magic in synchronize_srcu # git bisect good cd36ae8761775e78154ba6bd7a3bd2ab538c589f eb7511bf9182292ef1df1082d23039e856d1ddfb is the first bad commit commit eb7511bf9182292ef1df1082d23039e856d1ddfb Author: Haimin Zhang Date: Fri Sep 3 10:37:06 2021 +0800 KVM: x86: Handle SRCU initialization failure during page track init Check the return of init_srcu_struct(), which can fail due to OOM, when initializing the page track mechanism. Lack of checking leads to a NULL pointer deref found by a modified syzkaller. Reported-by: TCS Robot Signed-off-by: Haimin Zhang Message-Id: <1630636626-12262-1-git-send-email-tcs_kernel@tencent.com> [Move the call towards the beginning of kvm_arch_init_vm. - Paolo] Signed-off-by: Paolo Bonzini arch/x86/include/asm/kvm_page_track.h | 2 +- arch/x86/kvm/mmu/page_track.c | 4 ++-- arch/x86/kvm/x86.c | 7 ++++++- 3 files changed, 9 insertions(+), 4 deletions(-) culprit signature: e1a2943e9730193dce72486dec66cc8e73591083acea8b337b2c7611bcbe1590 parent signature: 283a025bac66dbbdeb910ea8ec635c07be423ba1c30a6219c83db257dbfcd703 revisions tested: 13, total time: 3h25m47.906663547s (build: 1h26m32.439231717s, test: 1h57m56.85620081s) first good commit: eb7511bf9182292ef1df1082d23039e856d1ddfb KVM: x86: Handle SRCU initialization failure during page track init recipients (to): ["linux-kernel@vger.kernel.org" "pbonzini@redhat.com" "tcs_kernel@tencent.com"] recipients (cc): ["bp@alien8.de" "dave.hansen@linux.intel.com" "hpa@zytor.com" "jmattson@google.com" "joro@8bytes.org" "kvm@vger.kernel.org" "mingo@redhat.com" "pbonzini@redhat.com" "seanjc@google.com" "tglx@linutronix.de" "vkuznets@redhat.com" "wanpengli@tencent.com" "x86@kernel.org"]