BUG: spinlock cpu recursion on CPU, syz-executor

BUG: spinlock cpu recursion on CPU, syz-executor
Status: upstream: reported syz repro on 2018/11/07 01:38
Reported-by: syzbot+e9a3960298616a5a5abc@syzkaller.appspotmail.com
First crash: 232d, last: 232d

Bisection: error (bisect log)
Tree: upstream
Repro: syz .config

Sample crash report:

IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
8021q: adding VLAN 0 to HW filter on device team0
8021q: adding VLAN 0 to HW filter on device team0
L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/l1tf.html for details.
BUG: spinlock cpu recursion on CPU#0, syz-executor0/8023
 lock: 0xffffc900045ea000, .magic: dead4ead, .owner: <none>/-1, .owner_cpu: 0
CPU: 0 PID: 8023 Comm: syz-executor0 Not tainted 4.20.0-rc1+ #99
kobject: 'kvm' (00000000968c974f): kobject_uevent_env
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
kobject: 'kvm' (00000000968c974f): kobject_uevent_env
Call Trace:
 __dump_stack lib/dump_stack.c:77 [inline]
 dump_stack+0x244/0x39d lib/dump_stack.c:113
 spin_dump.cold.3+0x81/0xe7 kernel/locking/spinlock_debug.c:67
kobject: 'kvm' (00000000968c974f): fill_kobj_path: path = '/devices/virtual/misc/kvm'
 spin_bug kernel/locking/spinlock_debug.c:75 [inline]
 debug_spin_lock_before kernel/locking/spinlock_debug.c:85 [inline]
 do_raw_spin_lock+0x26a/0x350 kernel/locking/spinlock_debug.c:112
kobject: 'loop2' (000000000bdb293a): kobject_uevent_env
 __raw_spin_lock include/linux/spinlock_api_smp.h:143 [inline]
 _raw_spin_lock+0x35/0x40 kernel/locking/spinlock.c:144
kobject: 'loop2' (000000000bdb293a): fill_kobj_path: path = '/devices/virtual/block/loop2'
 spin_lock include/linux/spinlock.h:329 [inline]
 kvm_mmu_change_mmu_pages+0xf3/0x450 arch/x86/kvm/mmu.c:2717
kobject: 'kvm' (00000000968c974f): kobject_uevent_env
 kvm_arch_commit_memory_region+0x289/0x2d0 arch/x86/kvm/x86.c:9322
kobject: 'kvm' (00000000968c974f): fill_kobj_path: path = '/devices/virtual/misc/kvm'
 __kvm_set_memory_region+0x1c99/0x2d50 arch/x86/kvm/../../../virt/kvm/kvm_main.c:1064
kobject: 'kvm' (00000000968c974f): kobject_uevent_env
kobject: 'kvm' (00000000968c974f): fill_kobj_path: path = '/devices/virtual/misc/kvm'
kobject: 'kvm' (00000000968c974f): kobject_uevent_env
 kvm_set_memory_region+0x2e/0x50 arch/x86/kvm/../../../virt/kvm/kvm_main.c:1085
kobject: 'kvm' (00000000968c974f): kobject_uevent_env
 kvm_vm_ioctl_set_memory_region arch/x86/kvm/../../../virt/kvm/kvm_main.c:1097 [inline]
 kvm_vm_ioctl+0x652/0x1d60 arch/x86/kvm/../../../virt/kvm/kvm_main.c:2995
kobject: 'loop3' (0000000005b5310e): kobject_uevent_env
kobject: 'kvm' (00000000968c974f): kobject_uevent_env
kobject: 'kvm' (00000000968c974f): fill_kobj_path: path = '/devices/virtual/misc/kvm'
kobject: 'kvm' (00000000968c974f): fill_kobj_path: path = '/devices/virtual/misc/kvm'
kobject: 'kvm' (00000000968c974f): fill_kobj_path: path = '/devices/virtual/misc/kvm'
kobject: 'kvm' (00000000968c974f): fill_kobj_path: path = '/devices/virtual/misc/kvm'
 vfs_ioctl fs/ioctl.c:46 [inline]
 file_ioctl fs/ioctl.c:509 [inline]
 do_vfs_ioctl+0x1de/0x1790 fs/ioctl.c:696
kobject: 'loop3' (0000000005b5310e): fill_kobj_path: path = '/devices/virtual/block/loop3'
------------[ cut here ]------------
downgrading a read lock
WARNING: CPU: 1 PID: 5667 at kernel/locking/lockdep.c:3556 __lock_downgrade kernel/locking/lockdep.c:3556 [inline]
WARNING: CPU: 1 PID: 5667 at kernel/locking/lockdep.c:3556 lock_downgrade+0x4d7/0x900 kernel/locking/lockdep.c:3819

All crashes (1):
Manager	Time	Kernel	Commit	Syzkaller	Config	Log	Report	Syz repro	C repro	Maintainers
ci-upstream-kasan-gce-smack-root	2018/11/05 22:14	upstream	65102238	8bd6bd63	.config	log	report	syz		bp@alien8.de, hpa@zytor.com, kvm@vger.kernel.org, linux-kernel@vger.kernel.org, mingo@redhat.com, pbonzini@redhat.com, rkrcmar@redhat.com, tglx@linutronix.de, x86@kernel.org