syzbot


KCSAN: data-race in kvm_mmu_notifier_invalidate_range_end / kvm_mmu_notifier_invalidate_range_start

Status: auto-closed as invalid on 2020/02/01 21:57
Reported-by: syzbot+@syzkaller.appspotmail.com
First crash: 1066d, last: 1037d
similar bugs (4):
Kernel Title Repro Cause bisect Fix bisect Count Last Reported Patched Status
upstream KCSAN: data-race in kvm_mmu_notifier_invalidate_range_end / kvm_mmu_notifier_invalidate_range_start (2) 5 854d 961d 0/24 closed as invalid on 2020/06/18 14:24
upstream KCSAN: data-race in kvm_mmu_notifier_invalidate_range_end / kvm_mmu_notifier_invalidate_range_start (3) 4 790d 828d 0/24 auto-closed as invalid on 2020/08/31 17:17
upstream KCSAN: data-race in kvm_mmu_notifier_invalidate_range_end / kvm_mmu_notifier_invalidate_range_start (4) 1 755d 755d 0/24 auto-closed as invalid on 2020/10/06 00:28
upstream KCSAN: data-race in kvm_mmu_notifier_invalidate_range_end / kvm_mmu_notifier_invalidate_range_start (5) 17 529d 657d 0/24 auto-closed as invalid on 2021/05/19 10:43

Sample crash report:
==================================================================
BUG: KCSAN: data-race in kvm_mmu_notifier_invalidate_range_end / kvm_mmu_notifier_invalidate_range_start

write to 0xffffc90014eee158 of 8 bytes by task 31559 on cpu 0:
 kvm_mmu_notifier_invalidate_range_start+0x6b/0x170 arch/x86/kvm/../../../virt/kvm/kvm_main.c:404
 __mmu_notifier_invalidate_range_start+0xc8/0x170 mm/mmu_notifier.c:175
 mmu_notifier_invalidate_range_start include/linux/mmu_notifier.h:351 [inline]
 mmu_notifier_invalidate_range_start include/linux/mmu_notifier.h:344 [inline]
 wp_page_copy+0xe1a/0x1120 mm/memory.c:2341
 do_wp_page+0x192/0x11f0 mm/memory.c:2628
 handle_pte_fault mm/memory.c:3865 [inline]
 __handle_mm_fault+0x1ab1/0x2c70 mm/memory.c:3973
 handle_mm_fault+0x21b/0x530 mm/memory.c:4010
 do_user_addr_fault arch/x86/mm/fault.c:1441 [inline]
 __do_page_fault+0x456/0x8d0 arch/x86/mm/fault.c:1506
 do_page_fault+0x38/0x194 arch/x86/mm/fault.c:1530
 page_fault+0x34/0x40 arch/x86/entry/entry_64.S:1202

read to 0xffffc90014eee158 of 8 bytes by task 31553 on cpu 1:
 kvm_mmu_notifier_invalidate_range_end+0x7b/0xb0 arch/x86/kvm/../../../virt/kvm/kvm_main.c:443
 __mmu_notifier_invalidate_range_end+0x144/0x1e0 mm/mmu_notifier.c:222
 mmu_notifier_invalidate_range_only_end include/linux/mmu_notifier.h:384 [inline]
 wp_page_copy+0x1023/0x1120 mm/memory.c:2418
 do_wp_page+0x192/0x11f0 mm/memory.c:2628
 handle_pte_fault mm/memory.c:3865 [inline]
 __handle_mm_fault+0x1ab1/0x2c70 mm/memory.c:3973
 handle_mm_fault+0x21b/0x530 mm/memory.c:4010
 do_user_addr_fault arch/x86/mm/fault.c:1441 [inline]
 __do_page_fault+0x456/0x8d0 arch/x86/mm/fault.c:1506
 do_page_fault+0x38/0x194 arch/x86/mm/fault.c:1530
 page_fault+0x34/0x40 arch/x86/entry/entry_64.S:1202

Reported by Kernel Concurrency Sanitizer on:
CPU: 1 PID: 31553 Comm: syz-executor.4 Not tainted 5.4.0-rc7+ #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
==================================================================

Crashes (7):
Manager Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Title
ci2-upstream-kcsan-gce 2019/11/23 21:57 https://github.com/google/ktsan.git kcsan 5863cc791e4c 598ca6c8 .config log report
ci2-upstream-kcsan-gce 2019/11/18 05:08 https://github.com/google/ktsan.git kcsan 5863cc791e4c d5696d51 .config log report
ci2-upstream-kcsan-gce 2019/11/07 17:46 https://github.com/google/ktsan.git kcsan 94c006602e13 f39aff9e .config log report
ci2-upstream-kcsan-gce 2019/11/06 04:12 https://github.com/google/ktsan.git kcsan 94c006602e13 bc2c6e45 .config log report
ci2-upstream-kcsan-gce 2019/11/03 00:35 https://github.com/google/ktsan.git kcsan 05f2236801fe d603afc9 .config log report
ci2-upstream-kcsan-gce 2019/10/26 03:16 https://github.com/google/ktsan.git kcsan 05f2236801fe 413926c5 .config log report
ci2-upstream-kcsan-gce 2019/10/25 18:54 https://github.com/google/ktsan.git kcsan 05f2236801fe 04ca72cd .config log report
* Struck through repros no longer work on HEAD.