syzbot


KCSAN: data-race in kvm_mmu_notifier_invalidate_range_end / kvm_mmu_notifier_invalidate_range_start (5)

Status: auto-closed as invalid on 2021/05/19 10:43
Subsystems: kvm
[Documentation on labels]
Reported-by: syzbot+7a5a25f380e667b89a9b@syzkaller.appspotmail.com
First crash: 1199d, last: 1069d
Similar bugs (4)
Kernel Title Repro Cause bisect Fix bisect Count Last Reported Patched Status
upstream KCSAN: data-race in kvm_mmu_notifier_invalidate_range_end / kvm_mmu_notifier_invalidate_range_start (2) kvm 5 1394d 1501d 0/26 closed as invalid on 2020/06/18 14:24
upstream KCSAN: data-race in kvm_mmu_notifier_invalidate_range_end / kvm_mmu_notifier_invalidate_range_start kvm 7 1577d 1606d 0/26 auto-closed as invalid on 2020/02/01 21:57
upstream KCSAN: data-race in kvm_mmu_notifier_invalidate_range_end / kvm_mmu_notifier_invalidate_range_start (3) kvm 4 1330d 1369d 0/26 auto-closed as invalid on 2020/08/31 17:17
upstream KCSAN: data-race in kvm_mmu_notifier_invalidate_range_end / kvm_mmu_notifier_invalidate_range_start (4) kvm 1 1295d 1295d 0/26 auto-closed as invalid on 2020/10/06 00:28

Sample crash report:
==================================================================
BUG: KCSAN: data-race in kvm_mmu_notifier_invalidate_range_end / kvm_mmu_notifier_invalidate_range_start

write to 0xffffc90000ec6078 of 8 bytes by task 29077 on cpu 0:
 kvm_mmu_notifier_invalidate_range_start+0x67/0x300 arch/x86/kvm/../../../virt/kvm/kvm_main.c:488
 mn_hlist_invalidate_range_start mm/mmu_notifier.c:493 [inline]
 __mmu_notifier_invalidate_range_start+0x24a/0x440 mm/mmu_notifier.c:548
 mmu_notifier_invalidate_range_start include/linux/mmu_notifier.h:453 [inline]
 try_to_unmap_one+0x3b7/0x1770 mm/rmap.c:1440
 rmap_walk_anon+0x26b/0x5a0 mm/rmap.c:1882
 try_to_unmap+0x230/0x310 mm/rmap.c:1963
 __unmap_and_move+0x376/0x6a0 mm/migrate.c:1128
 unmap_and_move+0x131/0x690 mm/migrate.c:1200
 migrate_pages+0x2f7/0xfb0 mm/migrate.c:1472
 do_mbind+0xe47/0x1030 mm/mempolicy.c:1357
 kernel_mbind mm/mempolicy.c:1478 [inline]
 __do_sys_mbind mm/mempolicy.c:1485 [inline]
 __se_sys_mbind mm/mempolicy.c:1481 [inline]
 __x64_sys_mbind+0x142/0x170 mm/mempolicy.c:1481
 do_syscall_64+0x39/0x80 arch/x86/entry/common.c:46
 entry_SYSCALL_64_after_hwframe+0x44/0xae

read to 0xffffc90000ec6078 of 8 bytes by task 29043 on cpu 1:
 kvm_mmu_notifier_invalidate_range_end+0x6c/0xa0 arch/x86/kvm/../../../virt/kvm/kvm_main.c:540
 mn_hlist_invalidate_end mm/mmu_notifier.c:583 [inline]
 __mmu_notifier_invalidate_range_end+0x18e/0x210 mm/mmu_notifier.c:603
 mmu_notifier_invalidate_range_end include/linux/mmu_notifier.h:479 [inline]
 try_to_unmap_one+0x12e4/0x1770 mm/rmap.c:1729
 rmap_walk_file+0x260/0x4f0 mm/rmap.c:1936
 rmap_walk mm/rmap.c:1954 [inline]
 try_to_munlock+0xe7/0x150 mm/rmap.c:1805
 __munlock_isolated_page mm/mlock.c:121 [inline]
 __munlock_pagevec+0x9ad/0xc60 mm/mlock.c:321
 munlock_vma_pages_range+0x5a6/0x780 mm/mlock.c:474
 munlock_vma_pages_all mm/internal.h:362 [inline]
 exit_mmap+0x128/0x400 mm/mmap.c:3202
 __mmput+0xa2/0x220 kernel/fork.c:1090
 mmput+0x3d/0x50 kernel/fork.c:1111
 exit_mm+0x344/0x430 kernel/exit.c:501
 do_exit+0x3fc/0x15e0 kernel/exit.c:812
 do_group_exit+0x17d/0x180 kernel/exit.c:922
 __do_sys_exit_group+0xb/0x10 kernel/exit.c:933
 __se_sys_exit_group+0x5/0x10 kernel/exit.c:931
 __x64_sys_exit_group+0x16/0x20 kernel/exit.c:931
 do_syscall_64+0x39/0x80 arch/x86/entry/common.c:46
 entry_SYSCALL_64_after_hwframe+0x44/0xae

Reported by Kernel Concurrency Sanitizer on:
CPU: 1 PID: 29043 Comm: syz-executor.1 Tainted: G        W         5.12.0-rc7-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
==================================================================

Crashes (17):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2021/04/14 10:42 upstream 50987beca096 3134b37f .config console log report info ci2-upstream-kcsan-gce KCSAN: data-race in kvm_mmu_notifier_invalidate_range_end / kvm_mmu_notifier_invalidate_range_start
2021/04/13 09:03 upstream 89698becf06d 6a81331a .config console log report info ci2-upstream-kcsan-gce KCSAN: data-race in kvm_mmu_notifier_invalidate_range_end / kvm_mmu_notifier_invalidate_range_start
2021/03/18 10:50 upstream 6417f03132a6 7216542e .config console log report info ci2-upstream-kcsan-gce KCSAN: data-race in kvm_mmu_notifier_invalidate_range_end / kvm_mmu_notifier_invalidate_range_start
2021/03/15 09:34 upstream 75013c6c52d8 cc1cff8f .config console log report info ci2-upstream-kcsan-gce KCSAN: data-race in kvm_mmu_notifier_invalidate_range_end / kvm_mmu_notifier_invalidate_range_start
2021/03/11 22:05 upstream 28806e4d9b97 429d8a6b .config console log report info ci2-upstream-kcsan-gce KCSAN: data-race in kvm_mmu_notifier_invalidate_range_end / kvm_mmu_notifier_invalidate_range_start
2021/02/08 12:09 upstream 92bf22614b21 2ce644fc .config console log report info ci2-upstream-kcsan-gce KCSAN: data-race in kvm_mmu_notifier_invalidate_range_end / kvm_mmu_notifier_invalidate_range_start
2021/02/07 09:03 upstream 825b5991a46e 2ce644fc .config console log report info ci2-upstream-kcsan-gce KCSAN: data-race in kvm_mmu_notifier_invalidate_range_end / kvm_mmu_notifier_invalidate_range_start
2021/01/31 16:55 upstream 6642d600b541 fc9fd31e .config console log report info ci2-upstream-kcsan-gce KCSAN: data-race in kvm_mmu_notifier_invalidate_range_end / kvm_mmu_notifier_invalidate_range_start
2021/01/29 01:46 upstream e5ff2cb9cf67 7df34f59 .config console log report info ci2-upstream-kcsan-gce KCSAN: data-race in kvm_mmu_notifier_invalidate_range_end / kvm_mmu_notifier_invalidate_range_start
2021/01/23 12:08 upstream fe75a21824e7 52e37319 .config console log report info ci2-upstream-kcsan-gce KCSAN: data-race in kvm_mmu_notifier_invalidate_range_end / kvm_mmu_notifier_invalidate_range_start
2021/01/15 05:12 upstream 146620506274 65a7a854 .config console log report info ci2-upstream-kcsan-gce
2021/01/12 21:04 upstream e609571b5ffa 0cdd6185 .config console log report info ci2-upstream-kcsan-gce
2020/12/30 05:29 upstream 139711f033f6 0fa352f2 .config console log report info ci2-upstream-kcsan-gce
2020/12/21 23:45 upstream 8653b778e454 04201c06 .config console log report info ci2-upstream-kcsan-gce
2020/12/18 00:36 upstream d64c6f96ba86 04201c06 .config console log report info ci2-upstream-kcsan-gce
2020/12/16 12:09 upstream d01e7f10dae2 649595c6 .config console log report info ci2-upstream-kcsan-gce
2020/12/05 23:48 upstream 32f741b02f1a 50503117 .config console log report info ci2-upstream-kcsan-gce
* Struck through repros no longer work on HEAD.