Re: [syzbot] memory leak in xas_create

All of lore.kernel.org
 help / color / mirror / Atom feed

From: syzbot <syzbot+a785d07959bc94837d51@syzkaller.appspotmail.com>
To: akpm@linux-foundation.org, code@siddh.me, deyu@sz.edu.cn,
	 dvyukov@google.com, liam.howlett@oracle.com,
	linux-kernel@vger.kernel.org,  linux-mm@kvack.org,
	shy828301@gmail.com, syzkaller-bugs@googlegroups.com,
	 willy@infradead.org, zokeefe@google.com
Subject: Re: [syzbot] memory leak in xas_create
Date: Sun, 06 Nov 2022 15:26:40 -0800	[thread overview]
Message-ID: <0000000000009842e105ecd5a37e@google.com> (raw)
In-Reply-To: <000000000000eb2d6c05e35a0d73@google.com>

syzbot has found a reproducer for the following issue on:

HEAD commit:    2f5065a0bc9d Merge tag 'acpi-6.1-rc4' of git://git.kernel...
git tree:       upstream
console output: https://syzkaller.appspot.com/x/log.txt?x=12351e76880000
kernel config:  https://syzkaller.appspot.com/x/.config?x=7da85296f1024c6a
dashboard link: https://syzkaller.appspot.com/bug?extid=a785d07959bc94837d51
compiler:       gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2
syz repro:      https://syzkaller.appspot.com/x/repro.syz?x=110bbf39880000
C reproducer:   https://syzkaller.appspot.com/x/repro.c?x=12fff099880000

Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/2e34093711ff/disk-2f5065a0.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/73117023c3a9/vmlinux-2f5065a0.xz
kernel image: https://storage.googleapis.com/syzbot-assets/c708621825f8/bzImage-2f5065a0.xz

IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+a785d07959bc94837d51@syzkaller.appspotmail.com

write to /proc/sys/kernel/hung_task_check_interval_secs failed: No such file or directory
write to /proc/sys/kernel/softlockup_all_cpu_backtrace failed: No such file or directory
BUG: memory leak
unreferenced object 0xffff88810fd216c0 (size 576):
  comm "syz-executor159", pid 3686, jiffies 4295064650 (age 50.150s)
  hex dump (first 32 bytes):
    06 00 08 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
    20 85 98 0f 81 88 ff ff d8 16 d2 0f 81 88 ff ff   ...............
  backtrace:
    [<ffffffff844153c6>] xas_alloc+0xf6/0x120 lib/xarray.c:377
    [<ffffffff84418039>] xas_create+0x3b9/0x800 lib/xarray.c:679
    [<ffffffff84418520>] xas_create_range+0xa0/0x1c0 lib/xarray.c:719
    [<ffffffff8159f11c>] collapse_file+0x13c/0x2730 mm/khugepaged.c:1725
    [<ffffffff815a1b28>] hpage_collapse_scan_file+0x418/0x9a0 mm/khugepaged.c:2156
    [<ffffffff815a4001>] madvise_collapse+0x211/0x5e0 mm/khugepaged.c:2611
    [<ffffffff8153ba2d>] madvise_vma_behavior+0x5dd/0x1030 mm/madvise.c:1076
    [<ffffffff81537257>] madvise_walk_vmas+0x127/0x1d0 mm/madvise.c:1250
    [<ffffffff81537eb0>] do_madvise.part.0+0x1c0/0x2b0 mm/madvise.c:1429
    [<ffffffff8153c6e8>] do_madvise mm/madvise.c:1440 [inline]
    [<ffffffff8153c6e8>] __do_sys_madvise mm/madvise.c:1442 [inline]
    [<ffffffff8153c6e8>] __se_sys_madvise mm/madvise.c:1440 [inline]
    [<ffffffff8153c6e8>] __x64_sys_madvise+0x98/0xa0 mm/madvise.c:1440
    [<ffffffff84608225>] do_syscall_x64 arch/x86/entry/common.c:50 [inline]
    [<ffffffff84608225>] do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80
    [<ffffffff84800087>] entry_SYSCALL_64_after_hwframe+0x63/0xcd

BUG: memory leak
unreferenced object 0xffff88810fd21480 (size 576):
  comm "syz-executor159", pid 3686, jiffies 4295064650 (age 50.150s)
  hex dump (first 32 bytes):
    00 07 00 00 00 00 00 00 c0 16 d2 0f 81 88 ff ff  ................
    20 85 98 0f 81 88 ff ff 98 14 d2 0f 81 88 ff ff   ...............
  backtrace:
    [<ffffffff844153c6>] xas_alloc+0xf6/0x120 lib/xarray.c:377
    [<ffffffff84418039>] xas_create+0x3b9/0x800 lib/xarray.c:679
    [<ffffffff84418520>] xas_create_range+0xa0/0x1c0 lib/xarray.c:719
    [<ffffffff8159f11c>] collapse_file+0x13c/0x2730 mm/khugepaged.c:1725
    [<ffffffff815a1b28>] hpage_collapse_scan_file+0x418/0x9a0 mm/khugepaged.c:2156
    [<ffffffff815a4001>] madvise_collapse+0x211/0x5e0 mm/khugepaged.c:2611
    [<ffffffff8153ba2d>] madvise_vma_behavior+0x5dd/0x1030 mm/madvise.c:1076
    [<ffffffff81537257>] madvise_walk_vmas+0x127/0x1d0 mm/madvise.c:1250
    [<ffffffff81537eb0>] do_madvise.part.0+0x1c0/0x2b0 mm/madvise.c:1429
    [<ffffffff8153c6e8>] do_madvise mm/madvise.c:1440 [inline]
    [<ffffffff8153c6e8>] __do_sys_madvise mm/madvise.c:1442 [inline]
    [<ffffffff8153c6e8>] __se_sys_madvise mm/madvise.c:1440 [inline]
    [<ffffffff8153c6e8>] __x64_sys_madvise+0x98/0xa0 mm/madvise.c:1440
    [<ffffffff84608225>] do_syscall_x64 arch/x86/entry/common.c:50 [inline]
    [<ffffffff84608225>] do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80
    [<ffffffff84800087>] entry_SYSCALL_64_after_hwframe+0x63/0xcd

BUG: memory leak
unreferenced object 0xffff88810fd21240 (size 576):
  comm "syz-executor159", pid 3686, jiffies 4295064650 (age 50.150s)
  hex dump (first 32 bytes):
    00 06 00 00 00 00 00 00 c0 16 d2 0f 81 88 ff ff  ................
    20 85 98 0f 81 88 ff ff 58 12 d2 0f 81 88 ff ff   .......X.......
  backtrace:
    [<ffffffff844153c6>] xas_alloc+0xf6/0x120 lib/xarray.c:377
    [<ffffffff84418039>] xas_create+0x3b9/0x800 lib/xarray.c:679
    [<ffffffff84418520>] xas_create_range+0xa0/0x1c0 lib/xarray.c:719
    [<ffffffff8159f11c>] collapse_file+0x13c/0x2730 mm/khugepaged.c:1725
    [<ffffffff815a1b28>] hpage_collapse_scan_file+0x418/0x9a0 mm/khugepaged.c:2156
    [<ffffffff815a4001>] madvise_collapse+0x211/0x5e0 mm/khugepaged.c:2611
    [<ffffffff8153ba2d>] madvise_vma_behavior+0x5dd/0x1030 mm/madvise.c:1076
    [<ffffffff81537257>] madvise_walk_vmas+0x127/0x1d0 mm/madvise.c:1250
    [<ffffffff81537eb0>] do_madvise.part.0+0x1c0/0x2b0 mm/madvise.c:1429
    [<ffffffff8153c6e8>] do_madvise mm/madvise.c:1440 [inline]
    [<ffffffff8153c6e8>] __do_sys_madvise mm/madvise.c:1442 [inline]
    [<ffffffff8153c6e8>] __se_sys_madvise mm/madvise.c:1440 [inline]
    [<ffffffff8153c6e8>] __x64_sys_madvise+0x98/0xa0 mm/madvise.c:1440
    [<ffffffff84608225>] do_syscall_x64 arch/x86/entry/common.c:50 [inline]
    [<ffffffff84608225>] do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80
    [<ffffffff84800087>] entry_SYSCALL_64_after_hwframe+0x63/0xcd

BUG: memory leak
unreferenced object 0xffff88810fd24d80 (size 576):
  comm "syz-executor159", pid 3686, jiffies 4295064650 (age 50.150s)
  hex dump (first 32 bytes):
    00 05 00 00 00 00 00 00 c0 16 d2 0f 81 88 ff ff  ................
    20 85 98 0f 81 88 ff ff 98 4d d2 0f 81 88 ff ff   ........M......
  backtrace:
    [<ffffffff844153c6>] xas_alloc+0xf6/0x120 lib/xarray.c:377
    [<ffffffff84418039>] xas_create+0x3b9/0x800 lib/xarray.c:679
    [<ffffffff84418520>] xas_create_range+0xa0/0x1c0 lib/xarray.c:719
    [<ffffffff8159f11c>] collapse_file+0x13c/0x2730 mm/khugepaged.c:1725
    [<ffffffff815a1b28>] hpage_collapse_scan_file+0x418/0x9a0 mm/khugepaged.c:2156
    [<ffffffff815a4001>] madvise_collapse+0x211/0x5e0 mm/khugepaged.c:2611
    [<ffffffff8153ba2d>] madvise_vma_behavior+0x5dd/0x1030 mm/madvise.c:1076
    [<ffffffff81537257>] madvise_walk_vmas+0x127/0x1d0 mm/madvise.c:1250
    [<ffffffff81537eb0>] do_madvise.part.0+0x1c0/0x2b0 mm/madvise.c:1429
    [<ffffffff8153c6e8>] do_madvise mm/madvise.c:1440 [inline]
    [<ffffffff8153c6e8>] __do_sys_madvise mm/madvise.c:1442 [inline]
    [<ffffffff8153c6e8>] __se_sys_madvise mm/madvise.c:1440 [inline]
    [<ffffffff8153c6e8>] __x64_sys_madvise+0x98/0xa0 mm/madvise.c:1440
    [<ffffffff84608225>] do_syscall_x64 arch/x86/entry/common.c:50 [inline]
    [<ffffffff84608225>] do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80
    [<ffffffff84800087>] entry_SYSCALL_64_after_hwframe+0x63/0xcd

write to /proc/sys/kernel/hung_task_check_interval_secs failed: No such file or directory
write to /proc/sys/kernel/softlockup_all_cpu_backtrace failed: No such file or directory
write to /proc/sys/kernel/hung_task_check_interval_secs failed: No such file or directory
write to /proc/sys/kernel/softlockup_all_cpu_backtrace failed: No such file or directory

     prev parent reply	other threads:[~2022-11-06 23:26 UTC|newest]

Thread overview: 11+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2022-07-09  7:13 [syzbot] memory leak in xas_create syzbot
2022-07-11 20:38 ` Andrew Morton
2022-07-11 20:46   ` Matthew Wilcox
2022-07-12  6:54     ` Dmitry Vyukov
2022-07-12 12:40       ` Matthew Wilcox
2022-07-12 12:50         ` Dmitry Vyukov
2022-07-12 12:57           ` Matthew Wilcox
2022-07-12 13:29             ` Dmitry Vyukov
2022-07-14 16:27               ` Matthew Wilcox
2022-07-12 13:35             ` Matthew Wilcox
2022-11-06 23:26 ` syzbot [this message]

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=0000000000009842e105ecd5a37e@google.com \
    --to=syzbot+a785d07959bc94837d51@syzkaller.appspotmail.com \
    --cc=akpm@linux-foundation.org \
    --cc=code@siddh.me \
    --cc=deyu@sz.edu.cn \
    --cc=dvyukov@google.com \
    --cc=liam.howlett@oracle.com \
    --cc=linux-kernel@vger.kernel.org \
    --cc=linux-mm@kvack.org \
    --cc=shy828301@gmail.com \
    --cc=syzkaller-bugs@googlegroups.com \
    --cc=willy@infradead.org \
    --cc=zokeefe@google.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.