syzbot


KCSAN: data-race in kvm_mmu_notifier_invalidate_range_end / kvm_mmu_notifier_invalidate_range_end (5)

Status: auto-closed as invalid on 2021/01/12 10:00
Subsystems: kvm
[Documentation on labels]
First crash: 1206d, last: 1206d
Similar bugs (6)
Kernel Title Repro Cause bisect Fix bisect Count Last Reported Patched Status
upstream KCSAN: data-race in kvm_mmu_notifier_invalidate_range_end / kvm_mmu_notifier_invalidate_range_end (2) kvm 8 1395d 1522d 0/26 closed as invalid on 2020/06/18 14:24
upstream KCSAN: data-race in kvm_mmu_notifier_invalidate_range_end / kvm_mmu_notifier_invalidate_range_end (3) kvm 1 1371d 1371d 0/26 auto-closed as invalid on 2020/07/30 20:33
upstream KCSAN: data-race in kvm_mmu_notifier_invalidate_range_end / kvm_mmu_notifier_invalidate_range_end (6) kvm 4 1138d 1167d 0/26 auto-closed as invalid on 2021/03/21 16:27
upstream KCSAN: data-race in kvm_mmu_notifier_invalidate_range_end / kvm_mmu_notifier_invalidate_range_end (4) kvm 3 1277d 1312d 0/26 auto-closed as invalid on 2020/11/01 19:43
upstream KCSAN: data-race in kvm_mmu_notifier_invalidate_range_end / kvm_mmu_notifier_invalidate_range_end (7) kvm 1 1085d 1085d 0/26 auto-closed as invalid on 2021/05/17 10:12
upstream KCSAN: data-race in kvm_mmu_notifier_invalidate_range_end / kvm_mmu_notifier_invalidate_range_end kvm 2 1598d 1598d 0/26 auto-closed as invalid on 2020/01/21 09:46

Sample crash report:
==================================================================
BUG: KCSAN: data-race in kvm_mmu_notifier_invalidate_range_end / kvm_mmu_notifier_invalidate_range_end

read-write to 0xffffc900040b21b8 of 8 bytes by task 11620 on cpu 1:
 kvm_mmu_notifier_invalidate_range_end+0x45/0x90 arch/x86/kvm/../../../virt/kvm/kvm_main.c:514
 mn_hlist_invalidate_end mm/mmu_notifier.c:560 [inline]
 __mmu_notifier_invalidate_range_end+0x18e/0x210 mm/mmu_notifier.c:580
 mmu_notifier_invalidate_range_only_end include/linux/mmu_notifier.h:486 [inline]
 wp_page_copy+0x929/0x1490 mm/memory.c:2941
 do_wp_page+0x482/0x6c0 arch/x86/include/asm/atomic.h:95
 handle_pte_fault mm/memory.c:4392 [inline]
 __handle_mm_fault mm/memory.c:4509 [inline]
 handle_mm_fault+0x13d1/0x1770 mm/memory.c:4607
 faultin_page mm/gup.c:885 [inline]
 __get_user_pages+0x8ec/0xe50 mm/gup.c:1097
 populate_vma_page_range mm/gup.c:1430 [inline]
 __mm_populate+0x24d/0x340 mm/gup.c:1478
 mm_populate include/linux/mm.h:2590 [inline]
 __do_sys_mlockall mm/mlock.c:828 [inline]
 __se_sys_mlockall+0x22b/0x250 mm/mlock.c:804
 __x64_sys_mlockall+0x1b/0x20 mm/mlock.c:804
 do_syscall_64+0x39/0x80 arch/x86/entry/common.c:46
 entry_SYSCALL_64_after_hwframe+0x44/0xa9

read to 0xffffc900040b21b8 of 8 bytes by task 11590 on cpu 0:
 kvm_mmu_notifier_invalidate_range_end+0x59/0x90 arch/x86/kvm/../../../virt/kvm/kvm_main.c:517
 mn_hlist_invalidate_end mm/mmu_notifier.c:560 [inline]
 __mmu_notifier_invalidate_range_end+0x18e/0x210 mm/mmu_notifier.c:580
 mmu_notifier_invalidate_range_end include/linux/mmu_notifier.h:479 [inline]
 try_to_unmap_one+0x13b1/0x17a0 mm/rmap.c:1718
 rmap_walk_file+0x260/0x4f0 mm/rmap.c:1930
 rmap_walk mm/rmap.c:1948 [inline]
 try_to_munlock+0xe7/0x150 mm/rmap.c:1799
 __munlock_isolated_page mm/mlock.c:141 [inline]
 __munlock_pagevec+0x57d/0x830 mm/mlock.c:351
 munlock_vma_pages_range+0x581/0x760 mm/mlock.c:504
 munlock_vma_pages_all mm/internal.h:342 [inline]
 exit_mmap+0x128/0x3b0 mm/mmap.c:3204
 __mmput+0xa2/0x220 kernel/fork.c:1079
 mmput+0x38/0x40 kernel/fork.c:1100
 exit_mm+0x307/0x370 kernel/exit.c:486
 do_exit+0x3c8/0x1630 kernel/exit.c:796
 do_group_exit+0x16f/0x170 kernel/exit.c:906
 __do_sys_exit_group+0xb/0x10 kernel/exit.c:917
 __se_sys_exit_group+0x5/0x10 kernel/exit.c:915
 __x64_sys_exit_group+0x16/0x20 kernel/exit.c:915
 do_syscall_64+0x39/0x80 arch/x86/entry/common.c:46
 entry_SYSCALL_64_after_hwframe+0x44/0xa9

Reported by Kernel Concurrency Sanitizer on:
CPU: 0 PID: 11590 Comm: syz-executor.3 Not tainted 5.10.0-rc7-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
==================================================================

Crashes (1):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2020/12/08 09:50 upstream cd796ed33450 9af51e31 .config console log report info ci2-upstream-kcsan-gce
* Struck through repros no longer work on HEAD.