[<prev] [next>] [day] [month] [year] [list]
Message-ID: <000000000000645f00057a092b8c@google.com>
Date: Tue, 06 Nov 2018 17:38:04 -0800
From: syzbot <syzbot+e9a3960298616a5a5abc@...kaller.appspotmail.com>
To: bp@...en8.de, hpa@...or.com, kvm@...r.kernel.org,
linux-kernel@...r.kernel.org, mingo@...hat.com,
pbonzini@...hat.com, rkrcmar@...hat.com,
syzkaller-bugs@...glegroups.com, tglx@...utronix.de, x86@...nel.org
Subject: BUG: spinlock cpu recursion on CPU, syz-executor
Hello,
syzbot found the following crash on:
HEAD commit: 651022382c7f Linux 4.20-rc1
git tree: upstream
console output: https://syzkaller.appspot.com/x/log.txt?x=14d6ae33400000
kernel config: https://syzkaller.appspot.com/x/.config?x=8f559fee2fc3375a
dashboard link: https://syzkaller.appspot.com/bug?extid=e9a3960298616a5a5abc
compiler: gcc (GCC) 8.0.1 20180413 (experimental)
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=130d742b400000
IMPORTANT: if you fix the bug, please add the following tag to the commit:
Reported-by: syzbot+e9a3960298616a5a5abc@...kaller.appspotmail.com
IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
8021q: adding VLAN 0 to HW filter on device team0
8021q: adding VLAN 0 to HW filter on device team0
L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and
https://www.kernel.org/doc/html/latest/admin-guide/l1tf.html for details.
BUG: spinlock cpu recursion on CPU#0, syz-executor0/8023
lock: 0xffffc900045ea000, .magic: dead4ead, .owner: <none>/-1, .owner_cpu:
0
CPU: 0 PID: 8023 Comm: syz-executor0 Not tainted 4.20.0-rc1+ #99
kobject: 'kvm' (00000000968c974f): kobject_uevent_env
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS
Google 01/01/2011
kobject: 'kvm' (00000000968c974f): kobject_uevent_env
Call Trace:
__dump_stack lib/dump_stack.c:77 [inline]
dump_stack+0x244/0x39d lib/dump_stack.c:113
spin_dump.cold.3+0x81/0xe7 kernel/locking/spinlock_debug.c:67
kobject: 'kvm' (00000000968c974f): fill_kobj_path: path
= '/devices/virtual/misc/kvm'
spin_bug kernel/locking/spinlock_debug.c:75 [inline]
debug_spin_lock_before kernel/locking/spinlock_debug.c:85 [inline]
do_raw_spin_lock+0x26a/0x350 kernel/locking/spinlock_debug.c:112
kobject: 'loop2' (000000000bdb293a): kobject_uevent_env
__raw_spin_lock include/linux/spinlock_api_smp.h:143 [inline]
_raw_spin_lock+0x35/0x40 kernel/locking/spinlock.c:144
kobject: 'loop2' (000000000bdb293a): fill_kobj_path: path
= '/devices/virtual/block/loop2'
spin_lock include/linux/spinlock.h:329 [inline]
kvm_mmu_change_mmu_pages+0xf3/0x450 arch/x86/kvm/mmu.c:2717
kobject: 'kvm' (00000000968c974f): kobject_uevent_env
kvm_arch_commit_memory_region+0x289/0x2d0 arch/x86/kvm/x86.c:9322
kobject: 'kvm' (00000000968c974f): fill_kobj_path: path
= '/devices/virtual/misc/kvm'
__kvm_set_memory_region+0x1c99/0x2d50
arch/x86/kvm/../../../virt/kvm/kvm_main.c:1064
kobject: 'kvm' (00000000968c974f): kobject_uevent_env
kobject: 'kvm' (00000000968c974f): fill_kobj_path: path
= '/devices/virtual/misc/kvm'
kobject: 'kvm' (00000000968c974f): kobject_uevent_env
kvm_set_memory_region+0x2e/0x50
arch/x86/kvm/../../../virt/kvm/kvm_main.c:1085
kobject: 'kvm' (00000000968c974f): kobject_uevent_env
kvm_vm_ioctl_set_memory_region
arch/x86/kvm/../../../virt/kvm/kvm_main.c:1097 [inline]
kvm_vm_ioctl+0x652/0x1d60 arch/x86/kvm/../../../virt/kvm/kvm_main.c:2995
kobject: 'loop3' (0000000005b5310e): kobject_uevent_env
kobject: 'kvm' (00000000968c974f): kobject_uevent_env
kobject: 'kvm' (00000000968c974f): fill_kobj_path: path
= '/devices/virtual/misc/kvm'
kobject: 'kvm' (00000000968c974f): fill_kobj_path: path
= '/devices/virtual/misc/kvm'
kobject: 'kvm' (00000000968c974f): fill_kobj_path: path
= '/devices/virtual/misc/kvm'
kobject: 'kvm' (00000000968c974f): fill_kobj_path: path
= '/devices/virtual/misc/kvm'
vfs_ioctl fs/ioctl.c:46 [inline]
file_ioctl fs/ioctl.c:509 [inline]
do_vfs_ioctl+0x1de/0x1790 fs/ioctl.c:696
kobject: 'loop3' (0000000005b5310e): fill_kobj_path: path
= '/devices/virtual/block/loop3'
------------[ cut here ]------------
downgrading a read lock
WARNING: CPU: 1 PID: 5667 at kernel/locking/lockdep.c:3556 __lock_downgrade
kernel/locking/lockdep.c:3556 [inline]
WARNING: CPU: 1 PID: 5667 at kernel/locking/lockdep.c:3556
lock_downgrade+0x4d7/0x900 kernel/locking/lockdep.c:3819
---
This bug is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzkaller@...glegroups.com.
syzbot will keep track of this bug report. See:
https://goo.gl/tpsmEJ#bug-status-tracking for how to communicate with
syzbot.
syzbot can test patches for this bug, for details see:
https://goo.gl/tpsmEJ#testing-patches
Powered by blists - more mailing lists