From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 27D40C433EF for ; Sat, 28 May 2022 03:20:24 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 6FE808D0003; Fri, 27 May 2022 23:20:23 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id 6AF518D0002; Fri, 27 May 2022 23:20:23 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 59D6E8D0003; Fri, 27 May 2022 23:20:23 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0016.hostedemail.com [216.40.44.16]) by kanga.kvack.org (Postfix) with ESMTP id 4B6508D0002 for ; Fri, 27 May 2022 23:20:23 -0400 (EDT) Received: from smtpin27.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay11.hostedemail.com (Postfix) with ESMTP id 0370980741 for ; Sat, 28 May 2022 03:20:22 +0000 (UTC) X-FDA: 79513698726.27.A5A9BD1 Received: from mail-io1-f71.google.com (mail-io1-f71.google.com [209.85.166.71]) by imf12.hostedemail.com (Postfix) with ESMTP id BE1CE40040 for ; Sat, 28 May 2022 03:19:44 +0000 (UTC) Received: by mail-io1-f71.google.com with SMTP id t1-20020a056602140100b0065393cc1dc3so3754993iov.5 for ; Fri, 27 May 2022 20:20:22 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:mime-version:date:message-id:subject:from:to; bh=zSbiaklTWP4e9f9tYKPsl7ZSpO4EGSqD2E3JZK3Al8Y=; b=MjW+RbiBgiCBftZ0XHxD35yGtbGNq/mLZHH4otGIvOhQNZbBCQ2iA59QfJ3YTN+Gob vkX39UuZfA7ItgiDrxHr2K9JUbOymj210ipm511inT4V8pvWs4tWNxh8dfS1I8AWprxH CJuiciyiJL6ntrH5cH27HsEM5fIzX6sMD3bjxJ9pADbSqdPwB8oqT+skKNcEgsIL/YP4 DbrOgMoGzMs/eMkoCN37WUROiVQivR9c7saJEbaPQ+2iYz77mSqlZgHz1orfbzl3Ke5j JRb8bFLKrz9hDQElMvK4sThYpSsc4Bdzy42KsJ1Zo2qxV2URDzxvxaD9f7XAdlxvn3Eq 0oVA== X-Gm-Message-State: AOAM532ynqRlkNCSTMOhyiYwbgKrRyVsp+TtW+3pXdz0cYbXWIBbHB9R sSw9wdGKQmIypyIsvJ8oVy/Hq97V5reKGdxdp5XUj4sGjvEz X-Google-Smtp-Source: ABdhPJyjsjToOBbPFRuXB2o9n2D6plUd72qrVbj3/5tO1fZt2ziR/PL0btjmn+ooxfiqgSuhYeqRiudLtbzScN419pwjYoyeSIHf MIME-Version: 1.0 X-Received: by 2002:a05:6638:40a5:b0:331:d3:c282 with SMTP id m37-20020a05663840a500b0033100d3c282mr1889620jam.107.1653708021997; Fri, 27 May 2022 20:20:21 -0700 (PDT) Date: Fri, 27 May 2022 20:20:21 -0700 X-Google-Appengine-App-Id: s~syzkaller X-Google-Appengine-App-Id-Alias: syzkaller Message-ID: <00000000000036af2005e009e7e6@google.com> Subject: [syzbot] memory leak in xas_nomem From: syzbot To: akpm@linux-foundation.org, linux-kernel@vger.kernel.org, linux-mm@kvack.org, syzkaller-bugs@googlegroups.com Content-Type: text/plain; charset="UTF-8" X-Stat-Signature: xmf4gz8xt91n6ktyj1pfw86n8x37wqs8 X-Rspam-User: Authentication-Results: imf12.hostedemail.com; dkim=none; spf=pass (imf12.hostedemail.com: domain of 39ZSRYgkbAIAw23oeppivettmh.ksskpiywivgsrxirx.gsq@M3KW2WVRGUFZ5GODRSRYTGD7.apphosting.bounces.google.com designates 209.85.166.71 as permitted sender) smtp.mailfrom=39ZSRYgkbAIAw23oeppivettmh.ksskpiywivgsrxirx.gsq@M3KW2WVRGUFZ5GODRSRYTGD7.apphosting.bounces.google.com; dmarc=fail reason="SPF not aligned (relaxed), No valid DKIM" header.from=appspotmail.com (policy=none) X-Rspamd-Server: rspam10 X-Rspamd-Queue-Id: BE1CE40040 X-HE-Tag: 1653707984-868485 X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: Hello, syzbot found the following issue on: HEAD commit: 1e57930e9f40 Merge tag 'rcu.2022.05.19a' of git://git.kern.. git tree: upstream console output: https://syzkaller.appspot.com/x/log.txt?x=17afc423f00000 kernel config: https://syzkaller.appspot.com/x/.config?x=5757003cb23a31a7 dashboard link: https://syzkaller.appspot.com/bug?extid=9e27a75a8c24f3fe75c1 compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2 syz repro: https://syzkaller.appspot.com/x/repro.syz?x=16bc056ef00000 C reproducer: https://syzkaller.appspot.com/x/repro.c?x=116b7d9df00000 IMPORTANT: if you fix the issue, please add the following tag to the commit: Reported-by: syzbot+9e27a75a8c24f3fe75c1@syzkaller.appspotmail.com BUG: memory leak unreferenced object 0xffff88810cb35d80 (size 576): comm "syz-executor883", pid 3623, jiffies 4294954631 (age 23.510s) hex dump (first 32 bytes): 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 18 48 36 04 81 88 ff ff 98 5d b3 0c 81 88 ff ff .H6......]...... backtrace: [] xas_nomem lib/xarray.c:307 [inline] [] xas_nomem+0x4a/0xd0 lib/xarray.c:299 [] split_huge_page_to_list+0x26d0/0x29f0 mm/huge_memory.c:2626 [] split_huge_page include/linux/huge_mm.h:191 [inline] [] truncate_inode_partial_folio+0x3e4/0x5f0 mm/truncate.c:243 [] shmem_undo_range+0x3d0/0xbe0 mm/shmem.c:966 [] shmem_truncate_range mm/shmem.c:1044 [inline] [] shmem_fallocate+0x1e1/0x910 mm/shmem.c:2671 [] vfs_fallocate+0x31c/0x670 fs/open.c:308 [] madvise_remove mm/madvise.c:965 [inline] [] madvise_vma_behavior+0x7d3/0x1000 mm/madvise.c:989 [] madvise_walk_vmas+0x11c/0x1d0 mm/madvise.c:1221 [] do_madvise mm/madvise.c:1399 [inline] [] do_madvise+0x23b/0x320 mm/madvise.c:1357 [] __do_sys_madvise mm/madvise.c:1412 [inline] [] __se_sys_madvise mm/madvise.c:1410 [inline] [] __x64_sys_madvise+0x2a/0x30 mm/madvise.c:1410 [] do_syscall_x64 arch/x86/entry/common.c:50 [inline] [] do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80 [] entry_SYSCALL_64_after_hwframe+0x44/0xae BUG: memory leak unreferenced object 0xffff88810cb39d80 (size 576): comm "syz-executor883", pid 3622, jiffies 4294954659 (age 23.230s) hex dump (first 32 bytes): 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 98 f8 cd 0d 81 88 ff ff 98 9d b3 0c 81 88 ff ff ................ backtrace: [] xas_nomem lib/xarray.c:307 [inline] [] xas_nomem+0x4a/0xd0 lib/xarray.c:299 [] split_huge_page_to_list+0x26d0/0x29f0 mm/huge_memory.c:2626 [] split_huge_page include/linux/huge_mm.h:191 [inline] [] truncate_inode_partial_folio+0x3e4/0x5f0 mm/truncate.c:243 [] shmem_undo_range+0x3d0/0xbe0 mm/shmem.c:966 [] shmem_truncate_range mm/shmem.c:1044 [inline] [] shmem_fallocate+0x1e1/0x910 mm/shmem.c:2671 [] vfs_fallocate+0x31c/0x670 fs/open.c:308 [] madvise_remove mm/madvise.c:965 [inline] [] madvise_vma_behavior+0x7d3/0x1000 mm/madvise.c:989 [] madvise_walk_vmas+0x11c/0x1d0 mm/madvise.c:1221 [] do_madvise mm/madvise.c:1399 [inline] [] do_madvise+0x23b/0x320 mm/madvise.c:1357 [] __do_sys_madvise mm/madvise.c:1412 [inline] [] __se_sys_madvise mm/madvise.c:1410 [inline] [] __x64_sys_madvise+0x2a/0x30 mm/madvise.c:1410 [] do_syscall_x64 arch/x86/entry/common.c:50 [inline] [] do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80 [] entry_SYSCALL_64_after_hwframe+0x44/0xae BUG: memory leak unreferenced object 0xffff88810cb35d80 (size 576): comm "syz-executor883", pid 3623, jiffies 4294954631 (age 29.410s) hex dump (first 32 bytes): 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 18 48 36 04 81 88 ff ff 98 5d b3 0c 81 88 ff ff .H6......]...... backtrace: [] xas_nomem lib/xarray.c:307 [inline] [] xas_nomem+0x4a/0xd0 lib/xarray.c:299 [] split_huge_page_to_list+0x26d0/0x29f0 mm/huge_memory.c:2626 [] split_huge_page include/linux/huge_mm.h:191 [inline] [] truncate_inode_partial_folio+0x3e4/0x5f0 mm/truncate.c:243 [] shmem_undo_range+0x3d0/0xbe0 mm/shmem.c:966 [] shmem_truncate_range mm/shmem.c:1044 [inline] [] shmem_fallocate+0x1e1/0x910 mm/shmem.c:2671 [] vfs_fallocate+0x31c/0x670 fs/open.c:308 [] madvise_remove mm/madvise.c:965 [inline] [] madvise_vma_behavior+0x7d3/0x1000 mm/madvise.c:989 [] madvise_walk_vmas+0x11c/0x1d0 mm/madvise.c:1221 [] do_madvise mm/madvise.c:1399 [inline] [] do_madvise+0x23b/0x320 mm/madvise.c:1357 [] __do_sys_madvise mm/madvise.c:1412 [inline] [] __se_sys_madvise mm/madvise.c:1410 [inline] [] __x64_sys_madvise+0x2a/0x30 mm/madvise.c:1410 [] do_syscall_x64 arch/x86/entry/common.c:50 [inline] [] do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80 [] entry_SYSCALL_64_after_hwframe+0x44/0xae BUG: memory leak unreferenced object 0xffff88810cb39d80 (size 576): comm "syz-executor883", pid 3622, jiffies 4294954659 (age 29.130s) hex dump (first 32 bytes): 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 98 f8 cd 0d 81 88 ff ff 98 9d b3 0c 81 88 ff ff ................ backtrace: [] xas_nomem lib/xarray.c:307 [inline] [] xas_nomem+0x4a/0xd0 lib/xarray.c:299 [] split_huge_page_to_list+0x26d0/0x29f0 mm/huge_memory.c:2626 [] split_huge_page include/linux/huge_mm.h:191 [inline] [] truncate_inode_partial_folio+0x3e4/0x5f0 mm/truncate.c:243 [] shmem_undo_range+0x3d0/0xbe0 mm/shmem.c:966 [] shmem_truncate_range mm/shmem.c:1044 [inline] [] shmem_fallocate+0x1e1/0x910 mm/shmem.c:2671 [] vfs_fallocate+0x31c/0x670 fs/open.c:308 [] madvise_remove mm/madvise.c:965 [inline] [] madvise_vma_behavior+0x7d3/0x1000 mm/madvise.c:989 [] madvise_walk_vmas+0x11c/0x1d0 mm/madvise.c:1221 [] do_madvise mm/madvise.c:1399 [inline] [] do_madvise+0x23b/0x320 mm/madvise.c:1357 [] __do_sys_madvise mm/madvise.c:1412 [inline] [] __se_sys_madvise mm/madvise.c:1410 [inline] [] __x64_sys_madvise+0x2a/0x30 mm/madvise.c:1410 [] do_syscall_x64 arch/x86/entry/common.c:50 [inline] [] do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80 [] entry_SYSCALL_64_after_hwframe+0x44/0xae BUG: memory leak unreferenced object 0xffff88810cb35d80 (size 576): comm "syz-executor883", pid 3623, jiffies 4294954631 (age 29.450s) hex dump (first 32 bytes): 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 18 48 36 04 81 88 ff ff 98 5d b3 0c 81 88 ff ff .H6......]...... backtrace: [] xas_nomem lib/xarray.c:307 [inline] [] xas_nomem+0x4a/0xd0 lib/xarray.c:299 [] split_huge_page_to_list+0x26d0/0x29f0 mm/huge_memory.c:2626 [] split_huge_page include/linux/huge_mm.h:191 [inline] [] truncate_inode_partial_folio+0x3e4/0x5f0 mm/truncate.c:243 [] shmem_undo_range+0x3d0/0xbe0 mm/shmem.c:966 [] shmem_truncate_range mm/shmem.c:1044 [inline] [] shmem_fallocate+0x1e1/0x910 mm/shmem.c:2671 [] vfs_fallocate+0x31c/0x670 fs/open.c:308 [] madvise_remove mm/madvise.c:965 [inline] [] madvise_vma_behavior+0x7d3/0x1000 mm/madvise.c:989 [] madvise_walk_vmas+0x11c/0x1d0 mm/madvise.c:1221 [] do_madvise mm/madvise.c:1399 [inline] [] do_madvise+0x23b/0x320 mm/madvise.c:1357 [] __do_sys_madvise mm/madvise.c:1412 [inline] [] __se_sys_madvise mm/madvise.c:1410 [inline] [] __x64_sys_madvise+0x2a/0x30 mm/madvise.c:1410 [] do_syscall_x64 arch/x86/entry/common.c:50 [inline] [] do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80 [] entry_SYSCALL_64_after_hwframe+0x44/0xae BUG: memory leak unreferenced object 0xffff88810cb39d80 (size 576): comm "syz-executor883", pid 3622, jiffies 4294954659 (age 29.170s) hex dump (first 32 bytes): 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 98 f8 cd 0d 81 88 ff ff 98 9d b3 0c 81 88 ff ff ................ backtrace: [] xas_nomem lib/xarray.c:307 [inline] [] xas_nomem+0x4a/0xd0 lib/xarray.c:299 [] split_huge_page_to_list+0x26d0/0x29f0 mm/huge_memory.c:2626 [] split_huge_page include/linux/huge_mm.h:191 [inline] [] truncate_inode_partial_folio+0x3e4/0x5f0 mm/truncate.c:243 [] shmem_undo_range+0x3d0/0xbe0 mm/shmem.c:966 [] shmem_truncate_range mm/shmem.c:1044 [inline] [] shmem_fallocate+0x1e1/0x910 mm/shmem.c:2671 [] vfs_fallocate+0x31c/0x670 fs/open.c:308 [] madvise_remove mm/madvise.c:965 [inline] [] madvise_vma_behavior+0x7d3/0x1000 mm/madvise.c:989 [] madvise_walk_vmas+0x11c/0x1d0 mm/madvise.c:1221 [] do_madvise mm/madvise.c:1399 [inline] [] do_madvise+0x23b/0x320 mm/madvise.c:1357 [] __do_sys_madvise mm/madvise.c:1412 [inline] [] __se_sys_madvise mm/madvise.c:1410 [inline] [] __x64_sys_madvise+0x2a/0x30 mm/madvise.c:1410 [] do_syscall_x64 arch/x86/entry/common.c:50 [inline] [] do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80 [] entry_SYSCALL_64_after_hwframe+0x44/0xae BUG: memory leak unreferenced object 0xffff88810cb35d80 (size 576): comm "syz-executor883", pid 3623, jiffies 4294954631 (age 29.490s) hex dump (first 32 bytes): 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 18 48 36 04 81 88 ff ff 98 5d b3 0c 81 88 ff ff .H6......]...... backtrace: [] xas_nomem lib/xarray.c:307 [inline] [] xas_nomem+0x4a/0xd0 lib/xarray.c:299 [] split_huge_page_to_list+0x26d0/0x29f0 mm/huge_memory.c:2626 [] split_huge_page include/linux/huge_mm.h:191 [inline] [] truncate_inode_partial_folio+0x3e4/0x5f0 mm/truncate.c:243 [] shmem_undo_range+0x3d0/0xbe0 mm/shmem.c:966 [] shmem_truncate_range mm/shmem.c:1044 [inline] [] shmem_fallocate+0x1e1/0x910 mm/shmem.c:2671 [] vfs_fallocate+0x31c/0x670 fs/open.c:308 [] madvise_remove mm/madvise.c:965 [inline] [] madvise_vma_behavior+0x7d3/0x1000 mm/madvise.c:989 [] madvise_walk_vmas+0x11c/0x1d0 mm/madvise.c:1221 [] do_madvise mm/madvise.c:1399 [inline] [] do_madvise+0x23b/0x320 mm/madvise.c:1357 [] __do_sys_madvise mm/madvise.c:1412 [inline] [] __se_sys_madvise mm/madvise.c:1410 [inline] [] __x64_sys_madvise+0x2a/0x30 mm/madvise.c:1410 [] do_syscall_x64 arch/x86/entry/common.c:50 [inline] [] do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80 [] entry_SYSCALL_64_after_hwframe+0x44/0xae BUG: memory leak unreferenced object 0xffff88810cb39d80 (size 576): comm "syz-executor883", pid 3622, jiffies 4294954659 (age 29.210s) hex dump (first 32 bytes): 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 98 f8 cd 0d 81 88 ff ff 98 9d b3 0c 81 88 ff ff ................ backtrace: [] xas_nomem lib/xarray.c:307 [inline] [] xas_nomem+0x4a/0xd0 lib/xarray.c:299 [] split_huge_page_to_list+0x26d0/0x29f0 mm/huge_memory.c:2626 [] split_huge_page include/linux/huge_mm.h:191 [inline] [] truncate_inode_partial_folio+0x3e4/0x5f0 mm/truncate.c:243 [] shmem_undo_range+0x3d0/0xbe0 mm/shmem.c:966 [] shmem_truncate_range mm/shmem.c:1044 [inline] [] shmem_fallocate+0x1e1/0x910 mm/shmem.c:2671 [] vfs_fallocate+0x31c/0x670 fs/open.c:308 [] madvise_remove mm/madvise.c:965 [inline] [] madvise_vma_behavior+0x7d3/0x1000 mm/madvise.c:989 [] madvise_walk_vmas+0x11c/0x1d0 mm/madvise.c:1221 [] do_madvise mm/madvise.c:1399 [inline] [] do_madvise+0x23b/0x320 mm/madvise.c:1357 [] __do_sys_madvise mm/madvise.c:1412 [inline] [] __se_sys_madvise mm/madvise.c:1410 [inline] [] __x64_sys_madvise+0x2a/0x30 mm/madvise.c:1410 [] do_syscall_x64 arch/x86/entry/common.c:50 [inline] [] do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80 [] entry_SYSCALL_64_after_hwframe+0x44/0xae executing program executing program executing program executing program --- This report is generated by a bot. It may contain errors. See https://goo.gl/tpsmEJ for more information about syzbot. syzbot engineers can be reached at syzkaller@googlegroups.com. syzbot will keep track of this issue. See: https://goo.gl/tpsmEJ#status for how to communicate with syzbot. syzbot can test patches for this issue, for details see: https://goo.gl/tpsmEJ#testing-patches