syzbot


KCSAN: data-race in kvm_mmu_notifier_invalidate_range_end / kvm_mmu_notifier_invalidate_range_start (4)

Status: auto-closed as invalid on 2020/10/06 00:28
Reported-by: syzbot+@syzkaller.appspotmail.com
First crash: 755d, last: 755d
similar bugs (4):
Kernel Title Repro Cause bisect Fix bisect Count Last Reported Patched Status
upstream KCSAN: data-race in kvm_mmu_notifier_invalidate_range_end / kvm_mmu_notifier_invalidate_range_start (2) 5 854d 961d 0/24 closed as invalid on 2020/06/18 14:24
upstream KCSAN: data-race in kvm_mmu_notifier_invalidate_range_end / kvm_mmu_notifier_invalidate_range_start 7 1037d 1066d 0/24 auto-closed as invalid on 2020/02/01 21:57
upstream KCSAN: data-race in kvm_mmu_notifier_invalidate_range_end / kvm_mmu_notifier_invalidate_range_start (3) 4 790d 829d 0/24 auto-closed as invalid on 2020/08/31 17:17
upstream KCSAN: data-race in kvm_mmu_notifier_invalidate_range_end / kvm_mmu_notifier_invalidate_range_start (5) 17 529d 657d 0/24 auto-closed as invalid on 2021/05/19 10:43

Sample crash report:
==================================================================
BUG: KCSAN: data-race in kvm_mmu_notifier_invalidate_range_end / kvm_mmu_notifier_invalidate_range_start

write to 0xffffc90004eb6190 of 8 bytes by task 25 on cpu 0:
 kvm_mmu_notifier_invalidate_range_start+0x63/0x1e0 arch/x86/kvm/../../../virt/kvm/kvm_main.c:484
 mn_hlist_invalidate_range_start mm/mmu_notifier.c:493 [inline]
 __mmu_notifier_invalidate_range_start+0x23a/0x390 mm/mmu_notifier.c:525
 mmu_notifier_invalidate_range_start include/linux/mmu_notifier.h:453 [inline]
 page_mkclean_one+0x139/0x360 mm/rmap.c:916
 rmap_walk_file+0x260/0x4f0 mm/rmap.c:1928
 rmap_walk mm/rmap.c:1946 [inline]
 page_mkclean+0x17a/0x210 mm/rmap.c:998
 clear_page_dirty_for_io+0xd1/0x430 mm/page-writeback.c:2698
 mpage_submit_page fs/ext4/inode.c:2061 [inline]
 mpage_process_page_bufs+0x41e/0x600 fs/ext4/inode.c:2195
 mpage_prepare_extent_to_map+0x4ec/0x650 fs/ext4/inode.c:2607
 ext4_writepages+0x682/0x1ef0 fs/ext4/inode.c:2735
 do_writepages+0x7b/0x150 mm/page-writeback.c:2352
 __writeback_single_inode+0x84/0x600 fs/fs-writeback.c:1461
 writeback_sb_inodes+0x6c0/0xff0 fs/fs-writeback.c:1721
 __writeback_inodes_wb+0xb0/0x2b0 fs/fs-writeback.c:1790
 wb_writeback+0x2b0/0x6f0 fs/fs-writeback.c:1896
 wb_check_old_data_flush fs/fs-writeback.c:1998 [inline]
 wb_do_writeback+0x54a/0x5f0 fs/fs-writeback.c:2051
 wb_workfn+0xc8/0x470 fs/fs-writeback.c:2080
 process_one_work+0x3e1/0x9a0 kernel/workqueue.c:2269
 worker_thread+0x665/0xbe0 kernel/workqueue.c:2415
 kthread+0x20d/0x230 kernel/kthread.c:292
 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:294

read to 0xffffc90004eb6190 of 8 bytes by task 21111 on cpu 1:
 kvm_mmu_notifier_invalidate_range_end+0x6c/0xa0 arch/x86/kvm/../../../virt/kvm/kvm_main.c:519
 mn_hlist_invalidate_end mm/mmu_notifier.c:560 [inline]
 __mmu_notifier_invalidate_range_end+0x18e/0x210 mm/mmu_notifier.c:580
 mmu_notifier_invalidate_range_only_end include/linux/mmu_notifier.h:486 [inline]
 wp_page_copy+0x9c3/0x1710 mm/memory.c:2767
 do_wp_page+0x9b2/0xd80 arch/x86/include/asm/atomic.h:95
 handle_pte_fault mm/memory.c:4242 [inline]
 __handle_mm_fault mm/memory.c:4359 [inline]
 handle_mm_fault+0x1899/0x1af0 mm/memory.c:4457
 faultin_page mm/gup.c:887 [inline]
 __get_user_pages+0xac0/0x1080 mm/gup.c:1105
 populate_vma_page_range+0xaf/0xc0 mm/gup.c:1435
 mprotect_fixup+0x3c9/0x580 mm/mprotect.c:496
 do_mprotect_pkey+0x4bb/0x5f0 mm/mprotect.c:613
 __do_sys_mprotect mm/mprotect.c:638 [inline]
 __se_sys_mprotect mm/mprotect.c:635 [inline]
 __x64_sys_mprotect+0x44/0x50 mm/mprotect.c:635
 do_syscall_64+0x39/0x80 arch/x86/entry/common.c:46
 entry_SYSCALL_64_after_hwframe+0x44/0xa9

Reported by Kernel Concurrency Sanitizer on:
CPU: 1 PID: 21111 Comm: syz-executor.2 Not tainted 5.9.0-rc3-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
==================================================================

Crashes (1):
Manager Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Title
ci2-upstream-kcsan-gce 2020/09/01 00:19 upstream b51594df17d0 d5a3ae1f .config log report
* Struck through repros no longer work on HEAD.