bisecting cause commit starting from 9d2345057538bb97b1e556508ad69983f446462f
building syzkaller on a41ca8fa8285754d8561dcc3ed54cca2da60eed7
testing commit 9d2345057538bb97b1e556508ad69983f446462f with gcc (GCC) 8.1.0
all runs: crashed: WARNING: suspicious RCU usage in kvm_dev_ioctl
testing release v5.3
testing commit 4d856f72c10ecb060868ed10ff1b1453943fc6c8 with gcc (GCC) 8.1.0
all runs: OK
# git bisect start 9d2345057538bb97b1e556508ad69983f446462f v5.3
Bisecting: 7562 revisions left to test after this (roughly 13 steps)
[0bb73e42f027db64054fff4c3b3203c1626b9dc1] Merge tag 'afs-next-20190915' of git://git.kernel.org/pub/scm/linux/kernel/git/dhowells/linux-fs
testing commit 0bb73e42f027db64054fff4c3b3203c1626b9dc1 with gcc (GCC) 8.1.0
all runs: OK
# git bisect good 0bb73e42f027db64054fff4c3b3203c1626b9dc1
Bisecting: 3741 revisions left to test after this (roughly 12 steps)
[10fd71780f7d155f4e35fecfad0ebd4a725a244b] Merge tag 'scsi-misc' of git://git.kernel.org/pub/scm/linux/kernel/git/jejb/scsi
testing commit 10fd71780f7d155f4e35fecfad0ebd4a725a244b with gcc (GCC) 8.1.0
all runs: OK
# git bisect good 10fd71780f7d155f4e35fecfad0ebd4a725a244b
Bisecting: 1823 revisions left to test after this (roughly 11 steps)
[02dc96ef6c25f990452c114c59d75c368a1f4c8f] Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net
testing commit 02dc96ef6c25f990452c114c59d75c368a1f4c8f with gcc (GCC) 8.1.0
all runs: OK
# git bisect good 02dc96ef6c25f990452c114c59d75c368a1f4c8f
Bisecting: 915 revisions left to test after this (roughly 10 steps)
[8eb4b3b0dd9ae3e5399ff902da87d13740a2b70f] Merge tag 'copy-struct-from-user-v5.4-rc4' of gitolite.kernel.org:pub/scm/linux/kernel/git/brauner/linux
testing commit 8eb4b3b0dd9ae3e5399ff902da87d13740a2b70f with gcc (GCC) 8.1.0
all runs: OK
# git bisect good 8eb4b3b0dd9ae3e5399ff902da87d13740a2b70f
Bisecting: 455 revisions left to test after this (roughly 9 steps)
[9e2dd2ca85d211a6ef2a1e95ba9239ec69959b1e] Merge tag 'modules-for-v5.4-rc5' of git://git.kernel.org/pub/scm/linux/kernel/git/jeyu/linux
testing commit 9e2dd2ca85d211a6ef2a1e95ba9239ec69959b1e with gcc (GCC) 8.1.0
all runs: OK
# git bisect good 9e2dd2ca85d211a6ef2a1e95ba9239ec69959b1e
Bisecting: 228 revisions left to test after this (roughly 8 steps)
[d540c398db780271a81690eeb2bbc61876c37904] Merge tag 'arm64-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux
testing commit d540c398db780271a81690eeb2bbc61876c37904 with gcc (GCC) 8.1.0
all runs: crashed: WARNING: suspicious RCU usage in kvm_dev_ioctl
# git bisect bad d540c398db780271a81690eeb2bbc61876c37904
Bisecting: 115 revisions left to test after this (roughly 7 steps)
[9e5eefba3d098d66defa1ce59a34a41a96f49771] Merge tag 'for_linus' of git://git.kernel.org/pub/scm/linux/kernel/git/mst/vhost
testing commit 9e5eefba3d098d66defa1ce59a34a41a96f49771 with gcc (GCC) 8.1.0
all runs: OK
# git bisect good 9e5eefba3d098d66defa1ce59a34a41a96f49771
Bisecting: 62 revisions left to test after this (roughly 6 steps)
[2858598006961cd1ec06ebcc0549e7b3bd83f58c] Merge tag 'sound-5.4-rc6' of git://git.kernel.org/pub/scm/linux/kernel/git/tiwai/sound
testing commit 2858598006961cd1ec06ebcc0549e7b3bd83f58c with gcc (GCC) 8.1.0
all runs: OK
# git bisect good 2858598006961cd1ec06ebcc0549e7b3bd83f58c
Bisecting: 29 revisions left to test after this (roughly 5 steps)
[e54de91a24753da713b9bcf9fcd93eec246e45e7] Merge tag 'drm-fixes-5.4-2019-10-30' of git://people.freedesktop.org/~agd5f/linux into drm-fixes
testing commit e54de91a24753da713b9bcf9fcd93eec246e45e7 with gcc (GCC) 8.1.0
all runs: OK
# git bisect good e54de91a24753da713b9bcf9fcd93eec246e45e7
Bisecting: 14 revisions left to test after this (roughly 4 steps)
[4252a1a9b01f3757481f08b4775d27f90d422b23] Merge tag 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/rdma/rdma
testing commit 4252a1a9b01f3757481f08b4775d27f90d422b23 with gcc (GCC) 8.1.0
all runs: OK
# git bisect good 4252a1a9b01f3757481f08b4775d27f90d422b23
Bisecting: 6 revisions left to test after this (roughly 3 steps)
[b88866b60d98f2fe1f66f2a4e1a181d9f2b36b5d] Merge tag 'for-linus' of git://git.kernel.org/pub/scm/virt/kvm/kvm
testing commit b88866b60d98f2fe1f66f2a4e1a181d9f2b36b5d with gcc (GCC) 8.1.0
all runs: crashed: WARNING: suspicious RCU usage in kvm_dev_ioctl
# git bisect bad b88866b60d98f2fe1f66f2a4e1a181d9f2b36b5d
Bisecting: 3 revisions left to test after this (roughly 2 steps)
[146162449186f95bf123f59fa57a2c28a8a075e5] Merge tag 'drm-fixes-2019-11-01' of git://anongit.freedesktop.org/drm/drm
testing commit 146162449186f95bf123f59fa57a2c28a8a075e5 with gcc (GCC) 8.1.0
all runs: OK
# git bisect good 146162449186f95bf123f59fa57a2c28a8a075e5
Bisecting: 1 revision left to test after this (roughly 1 step)
[a97b0e773e492ae319a7e981e98962a1060215f9] kvm: call kvm_arch_destroy_vm if vm creation fails
testing commit a97b0e773e492ae319a7e981e98962a1060215f9 with gcc (GCC) 8.1.0
all runs: crashed: WARNING: suspicious RCU usage in kvm_dev_ioctl
# git bisect bad a97b0e773e492ae319a7e981e98962a1060215f9
Bisecting: 0 revisions left to test after this (roughly 0 steps)
[9121923c457d1d8667a6e3a67302c29e5c5add6b] kvm: Allocate memslots and buses before calling kvm_arch_init_vm
testing commit 9121923c457d1d8667a6e3a67302c29e5c5add6b with gcc (GCC) 8.1.0
all runs: OK
# git bisect good 9121923c457d1d8667a6e3a67302c29e5c5add6b
a97b0e773e492ae319a7e981e98962a1060215f9 is the first bad commit
commit a97b0e773e492ae319a7e981e98962a1060215f9
Author: Jim Mattson <jmattson@google.com>
Date:   Fri Oct 25 13:34:58 2019 +0200

    kvm: call kvm_arch_destroy_vm if vm creation fails
    
    In kvm_create_vm(), if we've successfully called kvm_arch_init_vm(), but
    then fail later in the function, we need to call kvm_arch_destroy_vm()
    so that it can do any necessary cleanup (like freeing memory).
    
    Fixes: 44a95dae1d229a ("KVM: x86: Detect and Initialize AVIC support")
    
    Signed-off-by: John Sperbeck <jsperbeck@google.com>
    Signed-off-by: Jim Mattson <jmattson@google.com>
    Reviewed-by: Junaid Shahid <junaids@google.com>
    [Remove dependency on "kvm: Don't clear reference count on
     kvm_create_vm() error path" which was not committed. - Paolo]
    Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>

:040000 040000 398831880e519dc087b95cbba734b838a7a01f37 17a5d699fead59e9aa9c4b1b76012294b22dd736 M	virt
revisions tested: 16, total time: 4h8m35.63164274s (build: 1h34m53.547214662s, test: 2h28m57.057980983s)
first bad commit: a97b0e773e492ae319a7e981e98962a1060215f9 kvm: call kvm_arch_destroy_vm if vm creation fails
cc: ["jmattson@google.com" "jsperbeck@google.com" "junaids@google.com" "pbonzini@redhat.com"]
crash: WARNING: suspicious RCU usage in kvm_dev_ioctl
=============================
WARNING: suspicious RCU usage
5.4.0-rc4+ #0 Not tainted
-----------------------------
include/linux/kvm_host.h:536 suspicious rcu_dereference_check() usage!

other info that might help us debug this:


rcu_scheduler_active = 2, debug_locks = 1
no locks held by syz-executor.2/8298.

stack backtrace:
CPU: 1 PID: 8298 Comm: syz-executor.2 Not tainted 5.4.0-rc4+ #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
 __dump_stack lib/dump_stack.c:77 [inline]
 dump_stack+0x113/0x167 lib/dump_stack.c:113
 lockdep_rcu_suspicious+0x14a/0x153 kernel/locking/lockdep.c:5438
 kvm_get_bus include/linux/kvm_host.h:534 [inline]
 kvm_create_vm arch/x86/kvm/../../../virt/kvm/kvm_main.c:706 [inline]
 kvm_dev_ioctl_create_vm arch/x86/kvm/../../../virt/kvm/kvm_main.c:3444 [inline]
 kvm_dev_ioctl+0xc1c/0x1470 arch/x86/kvm/../../../virt/kvm/kvm_main.c:3496
 vfs_ioctl fs/ioctl.c:46 [inline]
 file_ioctl fs/ioctl.c:509 [inline]
 do_vfs_ioctl+0x196/0x1150 fs/ioctl.c:696
 ksys_ioctl+0x62/0x90 fs/ioctl.c:713
 __do_sys_ioctl fs/ioctl.c:720 [inline]
 __se_sys_ioctl fs/ioctl.c:718 [inline]
 __x64_sys_ioctl+0x6e/0xb0 fs/ioctl.c:718
 do_syscall_64+0xca/0x5d0 arch/x86/entry/common.c:290
 entry_SYSCALL_64_after_hwframe+0x49/0xbe
RIP: 0033:0x459f49
Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00
RSP: 002b:00007f7184bc5c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000459f49
RDX: 0000000000000002 RSI: 000000000000ae01 RDI: 0000000000000003
RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 00007f7184bc66d4
R13: 00000000004c30a8 R14: 00000000004d7018 R15: 00000000ffffffff

=============================
WARNING: suspicious RCU usage
5.4.0-rc4+ #0 Not tainted
-----------------------------
include/linux/kvm_host.h:631 suspicious rcu_dereference_check() usage!

other info that might help us debug this:


rcu_scheduler_active = 2, debug_locks = 1
no locks held by syz-executor.2/8298.

stack backtrace:
CPU: 0 PID: 8298 Comm: syz-executor.2 Not tainted 5.4.0-rc4+ #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
 __dump_stack lib/dump_stack.c:77 [inline]
 dump_stack+0x113/0x167 lib/dump_stack.c:113
 lockdep_rcu_suspicious+0x14a/0x153 kernel/locking/lockdep.c:5438
 __kvm_memslots include/linux/kvm_host.h:629 [inline]
 kvm_create_vm arch/x86/kvm/../../../virt/kvm/kvm_main.c:708 [inline]
 kvm_dev_ioctl_create_vm arch/x86/kvm/../../../virt/kvm/kvm_main.c:3444 [inline]
 kvm_dev_ioctl+0xed2/0x1470 arch/x86/kvm/../../../virt/kvm/kvm_main.c:3496
 vfs_ioctl fs/ioctl.c:46 [inline]
 file_ioctl fs/ioctl.c:509 [inline]
 do_vfs_ioctl+0x196/0x1150 fs/ioctl.c:696
 ksys_ioctl+0x62/0x90 fs/ioctl.c:713
 __do_sys_ioctl fs/ioctl.c:720 [inline]
 __se_sys_ioctl fs/ioctl.c:718 [inline]
 __x64_sys_ioctl+0x6e/0xb0 fs/ioctl.c:718
 do_syscall_64+0xca/0x5d0 arch/x86/entry/common.c:290
 entry_SYSCALL_64_after_hwframe+0x49/0xbe
RIP: 0033:0x459f49
Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00
RSP: 002b:00007f7184bc5c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000459f49
RDX: 0000000000000002 RSI: 000000000000ae01 RDI: 0000000000000003
RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 00007f7184bc66d4
R13: 00000000004c30a8 R14: 00000000004d7018 R15: 00000000ffffffff