lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <000000000000645f00057a092b8c@google.com>
Date:   Tue, 06 Nov 2018 17:38:04 -0800
From:   syzbot <syzbot+e9a3960298616a5a5abc@...kaller.appspotmail.com>
To:     bp@...en8.de, hpa@...or.com, kvm@...r.kernel.org,
        linux-kernel@...r.kernel.org, mingo@...hat.com,
        pbonzini@...hat.com, rkrcmar@...hat.com,
        syzkaller-bugs@...glegroups.com, tglx@...utronix.de, x86@...nel.org
Subject: BUG: spinlock cpu recursion on CPU, syz-executor

Hello,

syzbot found the following crash on:

HEAD commit:    651022382c7f Linux 4.20-rc1
git tree:       upstream
console output: https://syzkaller.appspot.com/x/log.txt?x=14d6ae33400000
kernel config:  https://syzkaller.appspot.com/x/.config?x=8f559fee2fc3375a
dashboard link: https://syzkaller.appspot.com/bug?extid=e9a3960298616a5a5abc
compiler:       gcc (GCC) 8.0.1 20180413 (experimental)
syz repro:      https://syzkaller.appspot.com/x/repro.syz?x=130d742b400000

IMPORTANT: if you fix the bug, please add the following tag to the commit:
Reported-by: syzbot+e9a3960298616a5a5abc@...kaller.appspotmail.com

IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
8021q: adding VLAN 0 to HW filter on device team0
8021q: adding VLAN 0 to HW filter on device team0
L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and  
https://www.kernel.org/doc/html/latest/admin-guide/l1tf.html for details.
BUG: spinlock cpu recursion on CPU#0, syz-executor0/8023
  lock: 0xffffc900045ea000, .magic: dead4ead, .owner: <none>/-1, .owner_cpu:  
0
CPU: 0 PID: 8023 Comm: syz-executor0 Not tainted 4.20.0-rc1+ #99
kobject: 'kvm' (00000000968c974f): kobject_uevent_env
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS  
Google 01/01/2011
kobject: 'kvm' (00000000968c974f): kobject_uevent_env
Call Trace:
  __dump_stack lib/dump_stack.c:77 [inline]
  dump_stack+0x244/0x39d lib/dump_stack.c:113
  spin_dump.cold.3+0x81/0xe7 kernel/locking/spinlock_debug.c:67
kobject: 'kvm' (00000000968c974f): fill_kobj_path: path  
= '/devices/virtual/misc/kvm'
  spin_bug kernel/locking/spinlock_debug.c:75 [inline]
  debug_spin_lock_before kernel/locking/spinlock_debug.c:85 [inline]
  do_raw_spin_lock+0x26a/0x350 kernel/locking/spinlock_debug.c:112
kobject: 'loop2' (000000000bdb293a): kobject_uevent_env
  __raw_spin_lock include/linux/spinlock_api_smp.h:143 [inline]
  _raw_spin_lock+0x35/0x40 kernel/locking/spinlock.c:144
kobject: 'loop2' (000000000bdb293a): fill_kobj_path: path  
= '/devices/virtual/block/loop2'
  spin_lock include/linux/spinlock.h:329 [inline]
  kvm_mmu_change_mmu_pages+0xf3/0x450 arch/x86/kvm/mmu.c:2717
kobject: 'kvm' (00000000968c974f): kobject_uevent_env
  kvm_arch_commit_memory_region+0x289/0x2d0 arch/x86/kvm/x86.c:9322
kobject: 'kvm' (00000000968c974f): fill_kobj_path: path  
= '/devices/virtual/misc/kvm'
  __kvm_set_memory_region+0x1c99/0x2d50  
arch/x86/kvm/../../../virt/kvm/kvm_main.c:1064
kobject: 'kvm' (00000000968c974f): kobject_uevent_env
kobject: 'kvm' (00000000968c974f): fill_kobj_path: path  
= '/devices/virtual/misc/kvm'
kobject: 'kvm' (00000000968c974f): kobject_uevent_env
  kvm_set_memory_region+0x2e/0x50  
arch/x86/kvm/../../../virt/kvm/kvm_main.c:1085
kobject: 'kvm' (00000000968c974f): kobject_uevent_env
  kvm_vm_ioctl_set_memory_region  
arch/x86/kvm/../../../virt/kvm/kvm_main.c:1097 [inline]
  kvm_vm_ioctl+0x652/0x1d60 arch/x86/kvm/../../../virt/kvm/kvm_main.c:2995
kobject: 'loop3' (0000000005b5310e): kobject_uevent_env
kobject: 'kvm' (00000000968c974f): kobject_uevent_env
kobject: 'kvm' (00000000968c974f): fill_kobj_path: path  
= '/devices/virtual/misc/kvm'
kobject: 'kvm' (00000000968c974f): fill_kobj_path: path  
= '/devices/virtual/misc/kvm'
kobject: 'kvm' (00000000968c974f): fill_kobj_path: path  
= '/devices/virtual/misc/kvm'
kobject: 'kvm' (00000000968c974f): fill_kobj_path: path  
= '/devices/virtual/misc/kvm'
  vfs_ioctl fs/ioctl.c:46 [inline]
  file_ioctl fs/ioctl.c:509 [inline]
  do_vfs_ioctl+0x1de/0x1790 fs/ioctl.c:696
kobject: 'loop3' (0000000005b5310e): fill_kobj_path: path  
= '/devices/virtual/block/loop3'
------------[ cut here ]------------
downgrading a read lock
WARNING: CPU: 1 PID: 5667 at kernel/locking/lockdep.c:3556 __lock_downgrade  
kernel/locking/lockdep.c:3556 [inline]
WARNING: CPU: 1 PID: 5667 at kernel/locking/lockdep.c:3556  
lock_downgrade+0x4d7/0x900 kernel/locking/lockdep.c:3819


---
This bug is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzkaller@...glegroups.com.

syzbot will keep track of this bug report. See:
https://goo.gl/tpsmEJ#bug-status-tracking for how to communicate with  
syzbot.
syzbot can test patches for this bug, for details see:
https://goo.gl/tpsmEJ#testing-patches

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ