syzbot

==================================================================
BUG: KCSAN: data-race in detach_buf_split / virtqueue_add

read to 0xffff88810143522c of 4 bytes by task 26560 on cpu 0:
 virtqueue_add_split drivers/virtio/virtio_ring.c:575 [inline]
 virtqueue_add+0x760/0x2130 drivers/virtio/virtio_ring.c:2117
 virtqueue_add_inbuf+0x53/0x80 drivers/virtio/virtio_ring.c:2196
 request_entropy drivers/char/hw_random/virtio-rng.c:61 [inline]
 copy_data drivers/char/hw_random/virtio-rng.c:74 [inline]
 virtio_read+0x1c5/0x3f0 drivers/char/hw_random/virtio-rng.c:92
 rng_get_data drivers/char/hw_random/core.c:197 [inline]
 rng_dev_read+0x1a7/0x5e0 drivers/char/hw_random/core.c:234
 do_iter_read+0x2e5/0x6d0 fs/read_write.c:798
 vfs_readv fs/read_write.c:916 [inline]
 do_preadv+0x159/0x230 fs/read_write.c:1008
 __do_sys_preadv fs/read_write.c:1058 [inline]
 __se_sys_preadv fs/read_write.c:1053 [inline]
 __x64_sys_preadv+0x58/0x60 fs/read_write.c:1053
 do_syscall_x64 arch/x86/entry/common.c:50 [inline]
 do_syscall_64+0x41/0xc0 arch/x86/entry/common.c:80
 entry_SYSCALL_64_after_hwframe+0x63/0xcd

read-write to 0xffff88810143522c of 4 bytes by interrupt on cpu 1:
 detach_buf_split+0x316/0x570 drivers/virtio/virtio_ring.c:760
 virtqueue_get_buf_ctx_split drivers/virtio/virtio_ring.c:835 [inline]
 virtqueue_get_buf_ctx+0x3c8/0x5c0 drivers/virtio/virtio_ring.c:2311
 virtqueue_get_buf+0x1f/0x30 drivers/virtio/virtio_ring.c:2317
 random_recv_done+0x4c/0x90 drivers/char/hw_random/virtio-rng.c:42
 vring_interrupt+0x150/0x170 drivers/virtio/virtio_ring.c:2491
 __handle_irq_event_percpu+0x91/0x490 kernel/irq/handle.c:158
 handle_irq_event_percpu kernel/irq/handle.c:193 [inline]
 handle_irq_event+0x64/0xf0 kernel/irq/handle.c:210
 handle_edge_irq+0x17f/0x5a0 kernel/irq/chip.c:819
 generic_handle_irq_desc include/linux/irqdesc.h:158 [inline]
 handle_irq arch/x86/kernel/irq.c:231 [inline]
 __common_interrupt+0x64/0x100 arch/x86/kernel/irq.c:250
 common_interrupt+0x9e/0xc0 arch/x86/kernel/irq.c:240
 asm_common_interrupt+0x26/0x40 arch/x86/include/asm/idtentry.h:636
 should_resched arch/x86/include/asm/preempt.h:104 [inline]
 __cond_resched+0x5/0x90 kernel/sched/core.c:8471
 might_resched include/linux/kernel.h:110 [inline]
 dput+0x28/0x1f0 fs/dcache.c:897
 path_umount+0xdc/0x9a0 fs/namespace.c:1807
 ksys_umount fs/namespace.c:1827 [inline]
 __do_sys_umount fs/namespace.c:1832 [inline]
 __se_sys_umount fs/namespace.c:1830 [inline]
 __x64_sys_umount+0xb9/0xe0 fs/namespace.c:1830
 do_syscall_x64 arch/x86/entry/common.c:50 [inline]
 do_syscall_64+0x41/0xc0 arch/x86/entry/common.c:80
 entry_SYSCALL_64_after_hwframe+0x63/0xcd

value changed: 0x00000100 -> 0x000000ff

Reported by Kernel Concurrency Sanitizer on:
CPU: 1 PID: 3131 Comm: syz-executor.4 Not tainted 6.3.0-rc4-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/02/2023
==================================================================
==================================================================
BUG: KCSAN: data-race in detach_buf_split / virtqueue_add

read to 0xffff888101435250 of 4 bytes by task 26698 on cpu 0:
 virtqueue_add_split drivers/virtio/virtio_ring.c:553 [inline]
 virtqueue_add+0x4b9/0x2130 drivers/virtio/virtio_ring.c:2117
 virtqueue_add_inbuf+0x53/0x80 drivers/virtio/virtio_ring.c:2196
 request_entropy drivers/char/hw_random/virtio-rng.c:61 [inline]
 copy_data drivers/char/hw_random/virtio-rng.c:74 [inline]
 virtio_read+0x1c5/0x3f0 drivers/char/hw_random/virtio-rng.c:92
 rng_get_data drivers/char/hw_random/core.c:197 [inline]
 rng_dev_read+0x1a7/0x5e0 drivers/char/hw_random/core.c:234
 do_iter_read+0x2e5/0x6d0 fs/read_write.c:798
 vfs_readv fs/read_write.c:916 [inline]
 do_preadv+0x159/0x230 fs/read_write.c:1008
 __do_sys_preadv fs/read_write.c:1058 [inline]
 __se_sys_preadv fs/read_write.c:1053 [inline]
 __x64_sys_preadv+0x58/0x60 fs/read_write.c:1053
 do_syscall_x64 arch/x86/entry/common.c:50 [inline]
 do_syscall_64+0x41/0xc0 arch/x86/entry/common.c:80
 entry_SYSCALL_64_after_hwframe+0x63/0xcd

read-write to 0xffff888101435250 of 4 bytes by interrupt on cpu 1:
 detach_buf_split+0x2fc/0x570 drivers/virtio/virtio_ring.c:757
 virtqueue_get_buf_ctx_split drivers/virtio/virtio_ring.c:835 [inline]
 virtqueue_get_buf_ctx+0x3c8/0x5c0 drivers/virtio/virtio_ring.c:2311
 virtqueue_get_buf+0x1f/0x30 drivers/virtio/virtio_ring.c:2317
 random_recv_done+0x4c/0x90 drivers/char/hw_random/virtio-rng.c:42
 vring_interrupt+0x150/0x170 drivers/virtio/virtio_ring.c:2491
 __handle_irq_event_percpu+0x91/0x490 kernel/irq/handle.c:158
 handle_irq_event_percpu kernel/irq/handle.c:193 [inline]
 handle_irq_event+0x64/0xf0 kernel/irq/handle.c:210
 handle_edge_irq+0x17f/0x5a0 kernel/irq/chip.c:819
 generic_handle_irq_desc include/linux/irqdesc.h:158 [inline]
 handle_irq arch/x86/kernel/irq.c:231 [inline]
 __common_interrupt+0x64/0x100 arch/x86/kernel/irq.c:250
 common_interrupt+0x49/0xc0 arch/x86/kernel/irq.c:240
 asm_common_interrupt+0x26/0x40 arch/x86/include/asm/idtentry.h:636

value changed: 0x00000001 -> 0x00000000

Reported by Kernel Concurrency Sanitizer on:
CPU: 1 PID: 19312 Comm: udevd Not tainted 6.3.0-rc4-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/02/2023
==================================================================