syzbot

==================================================================
BUG: KCSAN: data-race in virtqueue_disable_cb / vring_interrupt

write to 0xffff88810329d952 of 1 bytes by interrupt on cpu 1:
 vring_interrupt+0x128/0x170 drivers/virtio/virtio_ring.c:2497
 __handle_irq_event_percpu+0x91/0x490 kernel/irq/handle.c:158
 handle_irq_event_percpu kernel/irq/handle.c:193 [inline]
 handle_irq_event+0x64/0xf0 kernel/irq/handle.c:210
 handle_edge_irq+0x167/0x590 kernel/irq/chip.c:819
 generic_handle_irq_desc include/linux/irqdesc.h:158 [inline]
 handle_irq arch/x86/kernel/irq.c:231 [inline]
 __common_interrupt+0x3c/0xb0 arch/x86/kernel/irq.c:250
 common_interrupt+0x7a/0x90 arch/x86/kernel/irq.c:240
 asm_common_interrupt+0x26/0x40 arch/x86/include/asm/idtentry.h:636
 kcsan_setup_watchpoint+0x3fe/0x410 kernel/kcsan/core.c:705
 __get_unaligned_cpu32 include/linux/unaligned/packed_struct.h:19 [inline]
 jhash+0x63/0x310 include/linux/jhash.h:82
 htab_map_hash+0x1c6/0x1d0 kernel/bpf/hashtab.c:612
 __htab_lru_percpu_map_update_elem+0x8c/0x560 kernel/bpf/hashtab.c:1324
 bpf_percpu_hash_update+0x5e/0x90 kernel/bpf/hashtab.c:2372
 bpf_map_update_value+0x2ae/0x370 kernel/bpf/syscall.c:204
 generic_map_update_batch+0x3ae/0x4f0 kernel/bpf/syscall.c:1702
 bpf_map_do_batch+0x2d9/0x3d0 kernel/bpf/syscall.c:4563
 __sys_bpf+0x317/0x800
 __do_sys_bpf kernel/bpf/syscall.c:5171 [inline]
 __se_sys_bpf kernel/bpf/syscall.c:5169 [inline]
 __x64_sys_bpf+0x43/0x50 kernel/bpf/syscall.c:5169
 do_syscall_x64 arch/x86/entry/common.c:50 [inline]
 do_syscall_64+0x41/0xc0 arch/x86/entry/common.c:80
 entry_SYSCALL_64_after_hwframe+0x63/0xcd

read to 0xffff88810329d952 of 1 bytes by task 4631 on cpu 0:
 virtqueue_disable_cb_split drivers/virtio/virtio_ring.c:862 [inline]
 virtqueue_disable_cb+0x92/0x180 drivers/virtio/virtio_ring.c:2352
 start_xmit+0xf0/0xae0 drivers/net/virtio_net.c:2040
 __netdev_start_xmit include/linux/netdevice.h:4918 [inline]
 netdev_start_xmit include/linux/netdevice.h:4932 [inline]
 xmit_one net/core/dev.c:3578 [inline]
 dev_hard_start_xmit+0x11b/0x3f0 net/core/dev.c:3594
 sch_direct_xmit+0x1b0/0x570 net/sched/sch_generic.c:342
 __dev_xmit_skb net/core/dev.c:3805 [inline]
 __dev_queue_xmit+0xe5f/0x1d10 net/core/dev.c:4210
 dev_queue_xmit include/linux/netdevice.h:3088 [inline]
 neigh_hh_output include/net/neighbour.h:528 [inline]
 neigh_output include/net/neighbour.h:542 [inline]
 ip_finish_output2+0x700/0x840 net/ipv4/ip_output.c:229
 ip_finish_output+0xf4/0x240 net/ipv4/ip_output.c:317
 NF_HOOK_COND include/linux/netfilter.h:292 [inline]
 ip_output+0xe5/0x1b0 net/ipv4/ip_output.c:431
 dst_output include/net/dst.h:458 [inline]
 ip_local_out net/ipv4/ip_output.c:126 [inline]
 __ip_queue_xmit+0xa4d/0xa70 net/ipv4/ip_output.c:533
 ip_queue_xmit+0x38/0x40 net/ipv4/ip_output.c:547
 __tcp_transmit_skb+0x1194/0x16e0 net/ipv4/tcp_output.c:1399
 __tcp_send_ack+0x1de/0x2d0 net/ipv4/tcp_output.c:3983
 tcp_send_ack+0x27/0x30 net/ipv4/tcp_output.c:3989
 __tcp_cleanup_rbuf+0x149/0x260 net/ipv4/tcp.c:1621
 tcp_cleanup_rbuf net/ipv4/tcp.c:1632 [inline]
 tcp_recvmsg_locked+0x109d/0x1540 net/ipv4/tcp.c:2645
 tcp_recvmsg+0x13b/0x490 net/ipv4/tcp.c:2675
 inet_recvmsg+0xa2/0x210 net/ipv4/af_inet.c:861
 sock_recvmsg_nosec net/socket.c:1019 [inline]
 sock_recvmsg net/socket.c:1040 [inline]
 sock_read_iter+0x1a0/0x210 net/socket.c:1118
 call_read_iter include/linux/fs.h:1862 [inline]
 new_sync_read fs/read_write.c:389 [inline]
 vfs_read+0x3b7/0x580 fs/read_write.c:470
 ksys_read+0xeb/0x1a0 fs/read_write.c:613
 __do_sys_read fs/read_write.c:623 [inline]
 __se_sys_read fs/read_write.c:621 [inline]
 __x64_sys_read+0x42/0x50 fs/read_write.c:621
 do_syscall_x64 arch/x86/entry/common.c:50 [inline]
 do_syscall_64+0x41/0xc0 arch/x86/entry/common.c:80
 entry_SYSCALL_64_after_hwframe+0x63/0xcd

value changed: 0x00 -> 0x01

Reported by Kernel Concurrency Sanitizer on:
CPU: 0 PID: 4631 Comm: syz-fuzzer Not tainted 6.4.0-rc5-syzkaller-00178-g33f2b5785a2b #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/25/2023
==================================================================