syzbot

 sign-in | mailing list | source | docs
🐞 Open [976] Subsystems 🐞 Fixed [5235] 🐞 Invalid [12491] Missing Backports [83] 📈 Kernel Health 📈 Bug Lifetimes 📈 Fuzzing 📈 Crashes 💬 Send us feedback

KCSAN: data-race in ion_page_pool_alloc / ion_page_pool_shrink

Status: auto-closed as invalid on 2020/11/30 04:37
Subsystems: staging
[Documentation on labels]
First crash: 1275d, last: 1275d

Sample crash report:
==================================================================
BUG: KCSAN: data-race in ion_page_pool_alloc / ion_page_pool_shrink

write to 0xffff888105ab8584 of 4 bytes by task 1835 on cpu 0:
 ion_page_pool_remove drivers/staging/android/ion/ion_page_pool.c:55 [inline]
 ion_page_pool_alloc+0xb1/0x260 drivers/staging/android/ion/ion_page_pool.c:74
 alloc_buffer_page drivers/staging/android/ion/ion_system_heap.c:53 [inline]
 alloc_largest_available drivers/staging/android/ion/ion_system_heap.c:87 [inline]
 ion_system_heap_allocate+0x1e0/0x6b0 drivers/staging/android/ion/ion_system_heap.c:118
 ion_buffer_create drivers/staging/android/ion/ion.c:50 [inline]
 ion_alloc drivers/staging/android/ion/ion.c:366 [inline]
 ion_ioctl+0x2d2/0x9b0 drivers/staging/android/ion/ion.c:492
 vfs_ioctl fs/ioctl.c:48 [inline]
 __do_sys_ioctl fs/ioctl.c:753 [inline]
 __se_sys_ioctl+0xcb/0x140 fs/ioctl.c:739
 __x64_sys_ioctl+0x3f/0x50 fs/ioctl.c:739
 do_syscall_64+0x39/0x80 arch/x86/entry/common.c:46
 entry_SYSCALL_64_after_hwframe+0x44/0xa9

read to 0xffff888105ab8584 of 4 bytes by task 1842 on cpu 1:
 ion_page_pool_total drivers/staging/android/ion/ion_page_pool.c:92 [inline]
 ion_page_pool_shrink+0x2b3/0x320 drivers/staging/android/ion/ion_page_pool.c:112
 ion_system_heap_shrink+0x109/0x130 drivers/staging/android/ion/ion_system_heap.c:189
 ion_heap_shrink_count+0x72/0x90 drivers/staging/android/ion/ion_heap.c:244
 do_shrink_slab+0x85/0x550 mm/vmscan.c:431
 shrink_slab+0xea/0x1c0 mm/vmscan.c:674
 shrink_node_memcgs+0x27a/0x410 mm/vmscan.c:2655
 shrink_node+0x9d2/0x11d0 mm/vmscan.c:2770
 shrink_zones+0x29f/0x470 mm/vmscan.c:2973
 do_try_to_free_pages+0x193/0x6e0 mm/vmscan.c:3028
 try_to_free_pages+0x399/0x870 mm/vmscan.c:3267
 __perform_reclaim mm/page_alloc.c:4330 [inline]
 __alloc_pages_direct_reclaim mm/page_alloc.c:4351 [inline]
 __alloc_pages_slowpath+0x52f/0x9c0 mm/page_alloc.c:4755
 __alloc_pages_nodemask+0x269/0x350 mm/page_alloc.c:4965
 alloc_pages_current+0x21d/0x310 mm/mempolicy.c:2271
 alloc_pages include/linux/gfp.h:547 [inline]
 ion_page_pool_alloc_pages drivers/staging/android/ion/ion_page_pool.c:19 [inline]
 ion_page_pool_alloc+0x230/0x260 drivers/staging/android/ion/ion_page_pool.c:78
 alloc_buffer_page drivers/staging/android/ion/ion_system_heap.c:53 [inline]
 alloc_largest_available drivers/staging/android/ion/ion_system_heap.c:87 [inline]
 ion_system_heap_allocate+0x18a/0x6b0 drivers/staging/android/ion/ion_system_heap.c:118
 ion_buffer_create drivers/staging/android/ion/ion.c:50 [inline]
 ion_alloc drivers/staging/android/ion/ion.c:366 [inline]
 ion_ioctl+0x2d2/0x9b0 drivers/staging/android/ion/ion.c:492
 vfs_ioctl fs/ioctl.c:48 [inline]
 __do_sys_ioctl fs/ioctl.c:753 [inline]
 __se_sys_ioctl+0xcb/0x140 fs/ioctl.c:739
 __x64_sys_ioctl+0x3f/0x50 fs/ioctl.c:739
 do_syscall_64+0x39/0x80 arch/x86/entry/common.c:46
 entry_SYSCALL_64_after_hwframe+0x44/0xa9

Reported by Kernel Concurrency Sanitizer on:
CPU: 1 PID: 1842 Comm: syz-executor.3 Not tainted 5.9.0-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
==================================================================

Crashes (1):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2020/10/26 04:27 upstream 986b9eacb259 a1839e81 .config console log report info ci2-upstream-kcsan-gce
* Struck through repros no longer work on HEAD.