syzbot


KCSAN: data-race in direct_page_fault / kvm_mmu_notifier_invalidate_range_end (2)

Status: auto-closed as invalid on 2021/03/16 01:35
Subsystems: kvm
[Documentation on labels]
Reported-by: syzbot+4f34b53424bc41bb9ed0@syzkaller.appspotmail.com
First crash: 1369d, last: 1134d
Similar bugs (2)
Kernel Title Repro Cause bisect Fix bisect Count Last Reported Patched Status
upstream KCSAN: data-race in direct_page_fault / kvm_mmu_notifier_invalidate_range_end kvm 10 1370d 1478d 0/26 closed as invalid on 2020/06/18 14:24
upstream KCSAN: data-race in direct_page_fault / kvm_mmu_notifier_invalidate_range_end (3) kvm 5 1071d 1094d 0/26 auto-closed as invalid on 2021/05/17 12:39

Sample crash report:
==================================================================
BUG: KCSAN: data-race in direct_page_fault / kvm_mmu_notifier_invalidate_range_end

write to 0xffffc900031961b0 of 8 bytes by task 13826 on cpu 1:
 kvm_mmu_notifier_invalidate_range_end+0x39/0xa0 arch/x86/kvm/../../../virt/kvm/kvm_main.c:509
 mn_hlist_invalidate_end mm/mmu_notifier.c:560 [inline]
 __mmu_notifier_invalidate_range_end+0x18e/0x210 mm/mmu_notifier.c:580
 mmu_notifier_invalidate_range_end include/linux/mmu_notifier.h:479 [inline]
 unmap_vmas+0x11f/0x150 mm/memory.c:1517
 unmap_region+0x149/0x1e0 mm/mmap.c:2676
 __do_munmap+0xed2/0x1390 mm/mmap.c:2908
 do_munmap mm/mmap.c:2919 [inline]
 munmap_vma_range mm/mmap.c:600 [inline]
 mmap_region+0x58a/0x1480 mm/mmap.c:1752
 do_mmap+0x77d/0xc90 mm/mmap.c:1583
 vm_mmap_pgoff+0xf7/0x1d0 mm/util.c:519
 ksys_mmap_pgoff+0x2a8/0x380 mm/mmap.c:1634
 do_syscall_64+0x39/0x80 arch/x86/entry/common.c:46
 entry_SYSCALL_64_after_hwframe+0x44/0xa9

read to 0xffffc900031961b0 of 8 bytes by task 13804 on cpu 0:
 direct_page_fault+0x1c5/0x780 arch/x86/kvm/mmu/mmu.c:3717
 kvm_tdp_page_fault+0x92/0xa0 arch/x86/kvm/mmu/mmu.c:3805
 kvm_mmu_do_page_fault arch/x86/kvm/mmu.h:119 [inline]
 kvm_mmu_page_fault+0xca/0x3c0 arch/x86/kvm/mmu/mmu.c:5074
 handle_ept_violation+0x277/0x350 arch/x86/kvm/vmx/vmx.c:5337
 vmx_handle_exit+0x2fd/0x800 arch/x86/kvm/vmx/vmx.c:6048
 vcpu_enter_guest+0x1a2b/0x2470 arch/x86/kvm/x86.c:9089
 vcpu_run+0x24e/0x690 arch/x86/kvm/x86.c:9155
 kvm_arch_vcpu_ioctl_run+0x466/0x850 arch/x86/kvm/x86.c:9382
 kvm_vcpu_ioctl+0x562/0x8f0 arch/x86/kvm/../../../virt/kvm/kvm_main.c:3283
 vfs_ioctl fs/ioctl.c:48 [inline]
 __do_sys_ioctl fs/ioctl.c:753 [inline]
 __se_sys_ioctl+0xcb/0x140 fs/ioctl.c:739
 __x64_sys_ioctl+0x3f/0x50 fs/ioctl.c:739
 do_syscall_64+0x39/0x80 arch/x86/entry/common.c:46
 entry_SYSCALL_64_after_hwframe+0x44/0xa9

Reported by Kernel Concurrency Sanitizer on:
CPU: 0 PID: 13804 Comm: syz-executor.4 Not tainted 5.11.0-rc7-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
==================================================================

Crashes (42):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2021/02/09 01:34 upstream e0756cfc7d7c 2bd9619f .config console log report info ci2-upstream-kcsan-gce KCSAN: data-race in direct_page_fault / kvm_mmu_notifier_invalidate_range_end
2021/01/28 06:25 upstream 76c057c84d28 eefc07f2 .config console log report info ci2-upstream-kcsan-gce KCSAN: data-race in direct_page_fault / kvm_mmu_notifier_invalidate_range_end
2021/01/27 07:18 upstream 2ab38c17aac1 a0ebf917 .config console log report info ci2-upstream-kcsan-gce KCSAN: data-race in direct_page_fault / kvm_mmu_notifier_invalidate_range_end
2021/01/15 21:26 upstream 5ee88057889b 65a7a854 .config console log report info ci2-upstream-kcsan-gce
2020/12/28 04:18 upstream 5c8fe583cce5 2242f77f .config console log report info ci2-upstream-kcsan-gce
2020/12/27 04:13 upstream f838f8d2b694 821e0b09 .config console log report info ci2-upstream-kcsan-gce
2020/12/14 21:07 upstream fab0fca1da5c 97183ed7 .config console log report info ci2-upstream-kcsan-gce
2020/12/13 23:06 upstream ec6f5e0e5ca0 8f160dd5 .config console log report info ci2-upstream-kcsan-gce
2020/12/12 22:01 upstream 7b1b868e1d91 bca53db9 .config console log report info ci2-upstream-kcsan-gce
2020/12/07 02:11 upstream 8100a58044f8 c521566d .config console log report info ci2-upstream-kcsan-gce
2020/12/03 06:58 upstream 3bb61aa61828 8c9190ef .config console log report info ci2-upstream-kcsan-gce
2020/11/21 08:09 upstream 27bba9c532a8 68068804 .config console log report info ci2-upstream-kcsan-gce
2020/11/15 06:23 upstream e28c0d7c92c8 1bf9a662 .config console log report info ci2-upstream-kcsan-gce
2020/11/10 10:36 upstream 407ab579637c cca87986 .config console log report info ci2-upstream-kcsan-gce
2020/11/07 15:23 upstream 659caaf65dc9 cba33199 .config console log report info ci2-upstream-kcsan-gce
2020/10/27 13:58 upstream 4525c8781ec0 94942294 .config console log report info ci2-upstream-kcsan-gce
2020/10/22 04:00 upstream f804b3159482 be6b1582 .config console log report info ci2-upstream-kcsan-gce
2020/10/15 21:25 upstream 726eb70e0d34 6e262c73 .config console log report info ci2-upstream-kcsan-gce
2020/10/11 11:12 upstream da690031a5d6 4a77ae0b .config console log report info ci2-upstream-kcsan-gce
2020/09/30 06:46 upstream 02de58b24d2e 8516f6d3 .config console log report info ci2-upstream-kcsan-gce
2020/09/17 20:15 upstream 4cbffc461ec9 8247808b .config console log report info ci2-upstream-kcsan-gce
2020/09/10 12:48 upstream 7fe10096c150 ac7ca78e .config console log report ci2-upstream-kcsan-gce
2020/09/05 18:22 upstream 9322c47b21b9 abf9ba4f .config console log report ci2-upstream-kcsan-gce
2020/08/27 13:59 upstream 15bc20c6af4c 816e0689 .config console log report ci2-upstream-kcsan-gce
2020/08/26 23:27 upstream 2ac69819ba9e 318430cb .config console log report ci2-upstream-kcsan-gce
2020/08/21 13:01 upstream da2968ff879b 1d75fe45 .config console log report ci2-upstream-kcsan-gce
2020/08/08 02:05 upstream 30185b69a2d5 ff51e522 .config console log report ci2-upstream-kcsan-gce
2020/08/07 01:06 upstream d6efb3ac3e6c cb436c69 .config console log report ci2-upstream-kcsan-gce
2020/08/03 03:54 upstream 142c3326b055 96dd3623 .config console log report ci2-upstream-kcsan-gce
2020/07/21 03:52 upstream 4fa640dc5230 d88894e6 .config console log report ci2-upstream-kcsan-gce
2020/07/17 12:19 upstream 07a56bb875af 54b3c45e .config console log report ci2-upstream-kcsan-gce
2020/07/16 13:26 upstream f8456690ba8e b090c643 .config console log report ci2-upstream-kcsan-gce
2020/07/14 07:56 upstream 0dc589da873b ce4c95b3 .config console log report ci2-upstream-kcsan-gce
2020/07/12 09:19 upstream 0aea6d5c5be3 115e1930 .config console log report ci2-upstream-kcsan-gce
2020/07/12 03:12 upstream 0aea6d5c5be3 7ba05d2d .config console log report ci2-upstream-kcsan-gce
2020/07/09 10:05 upstream 0bddd227f3dc bc238812 .config console log report ci2-upstream-kcsan-gce
2020/07/01 00:44 upstream 7c30b859a947 c0383ebe .config console log report ci2-upstream-kcsan-gce
2020/06/29 09:12 upstream 9ebcfadb0610 0375051c .config console log report ci2-upstream-kcsan-gce
2020/06/27 23:55 upstream 6116dea80dfd a2cdad9d .config console log report ci2-upstream-kcsan-gce
2020/06/24 22:01 upstream 26e122e97a3d 9d60b18e .config console log report ci2-upstream-kcsan-gce
2020/06/23 21:47 upstream 3e08a95294a4 6930bbef .config console log report ci2-upstream-kcsan-gce
2020/06/18 15:30 upstream 1b5044021070 3ea11d3f .config console log report ci2-upstream-kcsan-gce
* Struck through repros no longer work on HEAD.