syzbot


KCSAN: data-race in vm_area_dup / vma_interval_tree_remove (2)

Status: fixed on 2020/09/16 22:51
Subsystems: mm
[Documentation on labels]
Reported-by: syzbot+02a535c1117e6d07b966@syzkaller.appspotmail.com
Fix commit: cda099b37d71 fork: Annotate a data race in vm_area_dup()
First crash: 1666d, last: 1434d
Similar bugs (1)
Kernel Title Repro Cause bisect Fix bisect Count Last Reported Patched Status
upstream KCSAN: data-race in vm_area_dup / vma_interval_tree_remove kernel 1 1683d 1683d 0/26 closed as invalid on 2019/10/18 14:11

Sample crash report:
==================================================================
BUG: KCSAN: data-race in vm_area_dup / vma_interval_tree_remove

write to 0xffff8880829a2da0 of 8 bytes by task 13763 on cpu 0:
 rb_set_parent include/linux/rbtree_augmented.h:159 [inline]
 __rb_erase_augmented include/linux/rbtree_augmented.h:279 [inline]
 rb_erase_augmented include/linux/rbtree_augmented.h:303 [inline]
 rb_erase_augmented_cached include/linux/rbtree_augmented.h:314 [inline]
 vma_interval_tree_remove+0x315/0x8e0 mm/interval_tree.c:23
 __remove_shared_vm_struct+0xa4/0xc0 mm/mmap.c:151
 unlink_file_vma+0x65/0x80 mm/mmap.c:166
 free_pgtables+0xb8/0x1f0 mm/memory.c:400
 unmap_region+0x1d9/0x230 mm/mmap.c:2614
 __do_munmap+0x62e/0xb20 mm/mmap.c:2833
 do_munmap mm/mmap.c:2844 [inline]
 mmap_region+0x16b/0xdd0 mm/mmap.c:1715
 do_mmap+0x717/0xc20 mm/mmap.c:1545
 do_mmap_pgoff include/linux/mm.h:2553 [inline]
 vm_mmap_pgoff+0x12f/0x190 mm/util.c:506
 ksys_mmap_pgoff+0x2db/0x420 mm/mmap.c:1595
 do_syscall_64+0xc7/0x3b0 arch/x86/entry/common.c:295
 entry_SYSCALL_64_after_hwframe+0x44/0xa9

read to 0xffff8880829a2d48 of 200 bytes by task 13764 on cpu 1:
 vm_area_dup+0x71/0x110 kernel/fork.c:362
 __split_vma+0x83/0x340 mm/mmap.c:2666
 __do_munmap+0xabb/0xb20 mm/mmap.c:2791
 do_munmap mm/mmap.c:2844 [inline]
 mmap_region+0x16b/0xdd0 mm/mmap.c:1715
 do_mmap+0x717/0xc20 mm/mmap.c:1545
 do_mmap_pgoff include/linux/mm.h:2553 [inline]
 vm_mmap_pgoff+0x12f/0x190 mm/util.c:506
 ksys_mmap_pgoff+0x2db/0x420 mm/mmap.c:1595
 do_syscall_64+0xc7/0x3b0 arch/x86/entry/common.c:295
 entry_SYSCALL_64_after_hwframe+0x44/0xa9

Reported by Kernel Concurrency Sanitizer on:
CPU: 1 PID: 13764 Comm: modprobe Not tainted 5.7.0-rc1-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
==================================================================

Crashes (70):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2020/06/14 12:10 https://github.com/google/ktsan.git kcsan 7c3cd68e5d38 2a22c77a .config console log report ci2-upstream-kcsan-gce
2020/06/04 22:22 https://github.com/google/ktsan.git kcsan 7c3cd68e5d38 6720fdef .config console log report ci2-upstream-kcsan-gce
2020/06/04 04:46 https://github.com/google/ktsan.git kcsan 7c3cd68e5d38 b0d1c0d5 .config console log report ci2-upstream-kcsan-gce
2020/06/03 00:40 https://github.com/google/ktsan.git kcsan 7c3cd68e5d38 f3ba1b5b .config console log report ci2-upstream-kcsan-gce
2020/05/31 13:14 https://github.com/google/ktsan.git kcsan 7c3cd68e5d38 a0331e89 .config console log report ci2-upstream-kcsan-gce
2020/05/28 10:56 https://github.com/google/ktsan.git kcsan 7c3cd68e5d38 9072c126 .config console log report ci2-upstream-kcsan-gce
2020/05/24 15:06 https://github.com/google/ktsan.git kcsan 7c3cd68e5d38 ce7ca010 .config console log report ci2-upstream-kcsan-gce
2020/05/20 00:01 https://github.com/google/ktsan.git kcsan 7c3cd68e5d38 6d882fd2 .config console log report ci2-upstream-kcsan-gce
2020/05/09 12:28 https://github.com/google/ktsan.git kcsan 7c3cd68e5d38 e97b06d3 .config console log report ci2-upstream-kcsan-gce
2020/05/08 00:12 https://github.com/google/ktsan.git kcsan 7c3cd68e5d38 6c70a1c2 .config console log report ci2-upstream-kcsan-gce
2020/05/07 13:19 https://github.com/google/ktsan.git kcsan 7c3cd68e5d38 98cbd87b .config console log report ci2-upstream-kcsan-gce
2020/05/07 09:17 https://github.com/google/ktsan.git kcsan 7c3cd68e5d38 4618eb2d .config console log report ci2-upstream-kcsan-gce
2020/05/06 05:11 https://github.com/google/ktsan.git kcsan 7c3cd68e5d38 35b8eb30 .config console log report ci2-upstream-kcsan-gce
2020/05/01 15:34 https://github.com/google/ktsan.git kcsan 7c3cd68e5d38 143a10e9 .config console log report ci2-upstream-kcsan-gce
2020/05/01 06:14 https://github.com/google/ktsan.git kcsan 7c3cd68e5d38 3698959a .config console log report ci2-upstream-kcsan-gce
2020/04/29 19:07 https://github.com/google/ktsan.git kcsan 7c3cd68e5d38 ba2806db .config console log report ci2-upstream-kcsan-gce
2020/04/24 11:00 https://github.com/google/ktsan.git kcsan 7c3cd68e5d38 03d97a1b .config console log report ci2-upstream-kcsan-gce
2020/04/21 05:35 https://github.com/google/ktsan.git kcsan 7c3cd68e5d38 98a9f9e6 .config console log report ci2-upstream-kcsan-gce
2020/04/20 08:43 https://github.com/google/ktsan.git kcsan 7c3cd68e5d38 347a5dc3 .config console log report ci2-upstream-kcsan-gce
2020/04/18 01:05 https://github.com/google/ktsan.git kcsan 7c3cd68e5d38 435c6d53 .config console log report ci2-upstream-kcsan-gce
2020/02/17 12:41 https://github.com/google/ktsan.git kcsan b12d66a6c34f 72bfa6f2 .config console log report ci2-upstream-kcsan-gce
2020/02/13 12:48 https://github.com/google/ktsan.git kcsan f60f0f543333 e6247653 .config console log report ci2-upstream-kcsan-gce
2020/02/12 05:10 https://github.com/google/ktsan.git kcsan f60f0f543333 a75b198c .config console log report ci2-upstream-kcsan-gce
2020/02/11 17:57 https://github.com/google/ktsan.git kcsan f60f0f543333 4d1ab643 .config console log report ci2-upstream-kcsan-gce
2020/02/11 08:28 https://github.com/google/ktsan.git kcsan f60f0f543333 084454ae .config console log report ci2-upstream-kcsan-gce
2020/02/10 20:59 https://github.com/google/ktsan.git kcsan f60f0f543333 d9e55b05 .config console log report ci2-upstream-kcsan-gce
2020/02/09 10:00 https://github.com/google/ktsan.git kcsan f60f0f543333 6ece2ea5 .config console log report ci2-upstream-kcsan-gce
2020/02/02 12:38 https://github.com/google/ktsan.git kcsan 245a43005292 93e5e335 .config console log report ci2-upstream-kcsan-gce
2020/02/01 11:00 https://github.com/google/ktsan.git kcsan 245a43005292 326d4c78 .config console log report ci2-upstream-kcsan-gce
2020/01/27 15:13 https://github.com/google/ktsan.git kcsan 245a43005292 56cd6c9b .config console log report ci2-upstream-kcsan-gce
2020/01/26 16:01 https://github.com/google/ktsan.git kcsan 245a43005292 dd56146d .config console log report ci2-upstream-kcsan-gce
2020/01/25 22:33 https://github.com/google/ktsan.git kcsan 245a43005292 f4e7270e .config console log report ci2-upstream-kcsan-gce
2020/01/20 10:55 https://github.com/google/ktsan.git kcsan 245a43005292 c40da18c .config console log report ci2-upstream-kcsan-gce
2020/01/18 21:58 https://github.com/google/ktsan.git kcsan 245a43005292 bc8bc756 .config console log report ci2-upstream-kcsan-gce
2020/01/15 18:58 https://github.com/google/ktsan.git kcsan 245a43005292 f9b69507 .config console log report ci2-upstream-kcsan-gce
2020/01/15 15:52 https://github.com/google/ktsan.git kcsan 245a43005292 069a5a44 .config console log report ci2-upstream-kcsan-gce
2020/01/13 10:58 https://github.com/google/ktsan.git kcsan 245a43005292 99565c1a .config console log report ci2-upstream-kcsan-gce
2020/01/11 04:16 https://github.com/google/ktsan.git kcsan 245a43005292 4c04afaa .config console log report ci2-upstream-kcsan-gce
2020/01/11 03:37 https://github.com/google/ktsan.git kcsan 245a43005292 4c04afaa .config console log report ci2-upstream-kcsan-gce
2020/01/10 15:04 https://github.com/google/ktsan.git kcsan 245a43005292 532ec44e .config console log report ci2-upstream-kcsan-gce
2020/01/07 22:11 https://github.com/google/ktsan.git kcsan 245a43005292 6738e0b3 .config console log report ci2-upstream-kcsan-gce
2020/01/06 00:36 https://github.com/google/ktsan.git kcsan 245a43005292 438e1227 .config console log report ci2-upstream-kcsan-gce
2020/01/05 12:23 https://github.com/google/ktsan.git kcsan 245a43005292 d646e21f .config console log report ci2-upstream-kcsan-gce
2020/01/03 21:45 https://github.com/google/ktsan.git kcsan 245a43005292 68256974 .config console log report ci2-upstream-kcsan-gce
2019/12/31 17:16 https://github.com/google/ktsan.git kcsan 245a43005292 25a0186e .config console log report ci2-upstream-kcsan-gce
2019/12/23 14:01 https://github.com/google/ktsan.git kcsan 245a43005292 be5c2c81 .config console log report ci2-upstream-kcsan-gce
2019/12/21 02:45 https://github.com/google/ktsan.git kcsan 245a43005292 bc586918 .config console log report ci2-upstream-kcsan-gce
2019/12/18 04:20 https://github.com/google/ktsan.git kcsan 245a43005292 64ca0a37 .config console log report ci2-upstream-kcsan-gce
2019/12/17 00:39 https://github.com/google/ktsan.git kcsan 245a43005292 d13d7958 .config console log report ci2-upstream-kcsan-gce
2019/12/16 10:15 https://github.com/google/ktsan.git kcsan 245a43005292 0ae38e44 .config console log report ci2-upstream-kcsan-gce
2019/12/13 13:15 https://github.com/google/ktsan.git kcsan 245a43005292 2a752b7c .config console log report ci2-upstream-kcsan-gce
2019/12/10 04:53 https://github.com/google/ktsan.git kcsan ef798c30ba4e 4b83c8fb .config console log report ci2-upstream-kcsan-gce
2019/12/07 20:15 https://github.com/google/ktsan.git kcsan ef798c30ba4e 1508f453 .config console log report ci2-upstream-kcsan-gce
2019/12/05 12:35 https://github.com/google/ktsan.git kcsan ef798c30ba4e 9fd5a512 .config console log report ci2-upstream-kcsan-gce
2019/12/03 19:25 https://github.com/google/ktsan.git kcsan ef798c30ba4e 0ecb9746 .config console log report ci2-upstream-kcsan-gce
2019/11/30 21:40 https://github.com/google/ktsan.git kcsan ef798c30ba4e a76bf83f .config console log report ci2-upstream-kcsan-gce
2019/11/28 22:27 https://github.com/google/ktsan.git kcsan ef798c30ba4e 76357d6f .config console log report ci2-upstream-kcsan-gce
2019/11/21 01:02 https://github.com/google/ktsan.git kcsan 5863cc791e4c 8098ea0f .config console log report ci2-upstream-kcsan-gce
2019/11/16 07:08 https://github.com/google/ktsan.git kcsan 5863cc791e4c cdac920b .config console log report ci2-upstream-kcsan-gce
2019/11/12 08:38 https://github.com/google/ktsan.git kcsan 7f2955e0d056 048f2d49 .config console log report ci2-upstream-kcsan-gce
2019/11/08 07:08 https://github.com/google/ktsan.git kcsan 94c006602e13 1e35461e .config console log report ci2-upstream-kcsan-gce
2019/11/06 02:34 https://github.com/google/ktsan.git kcsan 94c006602e13 bc2c6e45 .config console log report ci2-upstream-kcsan-gce
2019/11/05 15:11 https://github.com/google/ktsan.git kcsan 94c006602e13 af5c522d .config console log report ci2-upstream-kcsan-gce
2019/11/05 00:18 https://github.com/google/ktsan.git kcsan 94c006602e13 76630fc9 .config console log report ci2-upstream-kcsan-gce
2019/11/03 21:33 https://github.com/google/ktsan.git kcsan 05f2236801fe b35fad31 .config console log report ci2-upstream-kcsan-gce
2019/11/03 09:48 https://github.com/google/ktsan.git kcsan 05f2236801fe c9610487 .config console log report ci2-upstream-kcsan-gce
2019/10/30 21:23 https://github.com/google/ktsan.git kcsan 05f2236801fe a41ca8fa .config console log report ci2-upstream-kcsan-gce
2019/10/29 04:20 https://github.com/google/ktsan.git kcsan 05f2236801fe 5ea87a66 .config console log report ci2-upstream-kcsan-gce
2019/10/26 11:53 https://github.com/google/ktsan.git kcsan 05f2236801fe 25bb509e .config console log report ci2-upstream-kcsan-gce
* Struck through repros no longer work on HEAD.