linux-kernel.vger.kernel.org archive mirror
 help / color / mirror / Atom feed
* memory leak in rds_send_probe
@ 2019-07-23 16:18 syzbot
  2019-07-23 16:19 ` Dmitry Vyukov
  2019-07-23 22:17 ` syzbot
  0 siblings, 2 replies; 6+ messages in thread
From: syzbot @ 2019-07-23 16:18 UTC (permalink / raw)
  To: linux-kernel, syzkaller-bugs

Hello,

syzbot found the following crash on:

HEAD commit:    c6dd78fc Merge branch 'x86-urgent-for-linus' of git://git...
git tree:       upstream
console output: https://syzkaller.appspot.com/x/log.txt?x=14be98c8600000
kernel config:  https://syzkaller.appspot.com/x/.config?x=8de7d700ea5ac607
dashboard link: https://syzkaller.appspot.com/bug?extid=5134cdf021c4ed5aaa5f
compiler:       gcc (GCC) 9.0.0 20181231 (experimental)
syz repro:      https://syzkaller.appspot.com/x/repro.syz?x=145df0c8600000
C reproducer:   https://syzkaller.appspot.com/x/repro.c?x=170001f4600000

IMPORTANT: if you fix the bug, please add the following tag to the commit:
Reported-by: syzbot+5134cdf021c4ed5aaa5f@syzkaller.appspotmail.com

BUG: memory leak
unreferenced object 0xffff8881234e9c00 (size 512):
   comm "kworker/u4:2", pid 286, jiffies 4294948041 (age 7.750s)
   hex dump (first 32 bytes):
     01 00 00 00 00 00 00 00 08 9c 4e 23 81 88 ff ff  ..........N#....
     08 9c 4e 23 81 88 ff ff 18 9c 4e 23 81 88 ff ff  ..N#......N#....
   backtrace:
     [<0000000032e378fa>] kmemleak_alloc_recursive  
/./include/linux/kmemleak.h:43 [inline]
     [<0000000032e378fa>] slab_post_alloc_hook /mm/slab.h:522 [inline]
     [<0000000032e378fa>] slab_alloc /mm/slab.c:3319 [inline]
     [<0000000032e378fa>] __do_kmalloc /mm/slab.c:3653 [inline]
     [<0000000032e378fa>] __kmalloc+0x16d/0x2d0 /mm/slab.c:3664
     [<0000000015bc9536>] kmalloc /./include/linux/slab.h:557 [inline]
     [<0000000015bc9536>] kzalloc /./include/linux/slab.h:748 [inline]
     [<0000000015bc9536>] rds_message_alloc+0x3e/0xc0 /net/rds/message.c:291
     [<00000000a806d18d>] rds_send_probe.constprop.0+0x42/0x2f0  
/net/rds/send.c:1419
     [<00000000794a00cc>] rds_send_pong+0x1e/0x23 /net/rds/send.c:1482
     [<00000000b2a248d0>] rds_recv_incoming+0x27e/0x460 /net/rds/recv.c:343
     [<00000000ea1503db>] rds_loop_xmit+0x86/0x100 /net/rds/loop.c:96
     [<00000000a9857f5a>] rds_send_xmit+0x524/0x9a0 /net/rds/send.c:355
     [<00000000557b0101>] rds_send_worker+0x3c/0xd0 /net/rds/threads.c:200
     [<000000004ba94868>] process_one_work+0x23f/0x490  
/kernel/workqueue.c:2269
     [<00000000e793f811>] worker_thread+0x195/0x580 /kernel/workqueue.c:2415
     [<000000003ee8c1a1>] kthread+0x13e/0x160 /kernel/kthread.c:255
     [<000000004cd53c81>] ret_from_fork+0x1f/0x30  
/arch/x86/entry/entry_64.S:352



---
This bug is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzkaller@googlegroups.com.

syzbot will keep track of this bug report. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
syzbot can test patches for this bug, for details see:
https://goo.gl/tpsmEJ#testing-patches

^ permalink raw reply	[flat|nested] 6+ messages in thread
* Re: memory leak in rds_send_probe
  2019-07-23 16:18 memory leak in rds_send_probe syzbot
@ 2019-07-23 16:19 ` Dmitry Vyukov
  2019-07-23 16:48   ` santosh.shilimkar
  2019-07-23 22:17 ` syzbot
  1 sibling, 1 reply; 6+ messages in thread
From: Dmitry Vyukov @ 2019-07-23 16:19 UTC (permalink / raw)
  To: syzbot, Santosh Shilimkar, David Miller, netdev, linux-rdma, rds-devel
  Cc: LKML, syzkaller-bugs

On Tue, Jul 23, 2019 at 6:18 PM syzbot
<syzbot+5134cdf021c4ed5aaa5f@syzkaller.appspotmail.com> wrote:
>
> Hello,
>
> syzbot found the following crash on:
>
> HEAD commit:    c6dd78fc Merge branch 'x86-urgent-for-linus' of git://git...
> git tree:       upstream
> console output: https://syzkaller.appspot.com/x/log.txt?x=14be98c8600000
> kernel config:  https://syzkaller.appspot.com/x/.config?x=8de7d700ea5ac607
> dashboard link: https://syzkaller.appspot.com/bug?extid=5134cdf021c4ed5aaa5f
> compiler:       gcc (GCC) 9.0.0 20181231 (experimental)
> syz repro:      https://syzkaller.appspot.com/x/repro.syz?x=145df0c8600000
> C reproducer:   https://syzkaller.appspot.com/x/repro.c?x=170001f4600000

+net/rds/message.c maintainers

> IMPORTANT: if you fix the bug, please add the following tag to the commit:
> Reported-by: syzbot+5134cdf021c4ed5aaa5f@syzkaller.appspotmail.com
>
> BUG: memory leak
> unreferenced object 0xffff8881234e9c00 (size 512):
>    comm "kworker/u4:2", pid 286, jiffies 4294948041 (age 7.750s)
>    hex dump (first 32 bytes):
>      01 00 00 00 00 00 00 00 08 9c 4e 23 81 88 ff ff  ..........N#....
>      08 9c 4e 23 81 88 ff ff 18 9c 4e 23 81 88 ff ff  ..N#......N#....
>    backtrace:
>      [<0000000032e378fa>] kmemleak_alloc_recursive
> /./include/linux/kmemleak.h:43 [inline]
>      [<0000000032e378fa>] slab_post_alloc_hook /mm/slab.h:522 [inline]
>      [<0000000032e378fa>] slab_alloc /mm/slab.c:3319 [inline]
>      [<0000000032e378fa>] __do_kmalloc /mm/slab.c:3653 [inline]
>      [<0000000032e378fa>] __kmalloc+0x16d/0x2d0 /mm/slab.c:3664
>      [<0000000015bc9536>] kmalloc /./include/linux/slab.h:557 [inline]
>      [<0000000015bc9536>] kzalloc /./include/linux/slab.h:748 [inline]
>      [<0000000015bc9536>] rds_message_alloc+0x3e/0xc0 /net/rds/message.c:291
>      [<00000000a806d18d>] rds_send_probe.constprop.0+0x42/0x2f0
> /net/rds/send.c:1419
>      [<00000000794a00cc>] rds_send_pong+0x1e/0x23 /net/rds/send.c:1482
>      [<00000000b2a248d0>] rds_recv_incoming+0x27e/0x460 /net/rds/recv.c:343
>      [<00000000ea1503db>] rds_loop_xmit+0x86/0x100 /net/rds/loop.c:96
>      [<00000000a9857f5a>] rds_send_xmit+0x524/0x9a0 /net/rds/send.c:355
>      [<00000000557b0101>] rds_send_worker+0x3c/0xd0 /net/rds/threads.c:200
>      [<000000004ba94868>] process_one_work+0x23f/0x490
> /kernel/workqueue.c:2269
>      [<00000000e793f811>] worker_thread+0x195/0x580 /kernel/workqueue.c:2415
>      [<000000003ee8c1a1>] kthread+0x13e/0x160 /kernel/kthread.c:255
>      [<000000004cd53c81>] ret_from_fork+0x1f/0x30
> /arch/x86/entry/entry_64.S:352
>
>
>
> ---
> This bug is generated by a bot. It may contain errors.
> See https://goo.gl/tpsmEJ for more information about syzbot.
> syzbot engineers can be reached at syzkaller@googlegroups.com.
>
> syzbot will keep track of this bug report. See:
> https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
> syzbot can test patches for this bug, for details see:
> https://goo.gl/tpsmEJ#testing-patches
>
> --
> You received this message because you are subscribed to the Google Groups "syzkaller-bugs" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to syzkaller-bugs+unsubscribe@googlegroups.com.
> To view this discussion on the web visit https://groups.google.com/d/msgid/syzkaller-bugs/000000000000ad1dfe058e5b89ab%40google.com.

^ permalink raw reply	[flat|nested] 6+ messages in thread
* Re: memory leak in rds_send_probe
  2019-07-23 16:19 ` Dmitry Vyukov
@ 2019-07-23 16:48   ` santosh.shilimkar
  0 siblings, 0 replies; 6+ messages in thread
From: santosh.shilimkar @ 2019-07-23 16:48 UTC (permalink / raw)
  To: Dmitry Vyukov, syzbot, David Miller, netdev, linux-rdma, rds-devel
  Cc: LKML, syzkaller-bugs



On 7/23/19 9:19 AM, Dmitry Vyukov wrote:
> On Tue, Jul 23, 2019 at 6:18 PM syzbot
> <syzbot+5134cdf021c4ed5aaa5f@syzkaller.appspotmail.com> wrote:
>>
>> Hello,
>>
>> syzbot found the following crash on:
>>
>> HEAD commit:    c6dd78fc Merge branch 'x86-urgent-for-linus' of git://git...
>> git tree:       upstream
>> console output: https://syzkaller.appspot.com/x/log.txt?x=14be98c8600000
>> kernel config:  https://syzkaller.appspot.com/x/.config?x=8de7d700ea5ac607
>> dashboard link: https://syzkaller.appspot.com/bug?extid=5134cdf021c4ed5aaa5f
>> compiler:       gcc (GCC) 9.0.0 20181231 (experimental)
>> syz repro:      https://syzkaller.appspot.com/x/repro.syz?x=145df0c8600000
>> C reproducer:   https://syzkaller.appspot.com/x/repro.c?x=170001f4600000
> 
> +net/rds/message.c maintainers
> 
>> IMPORTANT: if you fix the bug, please add the following tag to the commit:
>> Reported-by: syzbot+5134cdf021c4ed5aaa5f@syzkaller.appspotmail.com
>>
>> BUG: memory leak
>> unreferenced object 0xffff8881234e9c00 (size 512):

Thanks for reporting. We will look into it.

>>     comm "kworker/u4:2", pid 286, jiffies 4294948041 (age 7.750s)
>>     hex dump (first 32 bytes):
>>       01 00 00 00 00 00 00 00 08 9c 4e 23 81 88 ff ff  ..........N#....
>>       08 9c 4e 23 81 88 ff ff 18 9c 4e 23 81 88 ff ff  ..N#......N#....
>>     backtrace:
>>       [<0000000032e378fa>] kmemleak_alloc_recursive
>> /./include/linux/kmemleak.h:43 [inline]
>>       [<0000000032e378fa>] slab_post_alloc_hook /mm/slab.h:522 [inline]
>>       [<0000000032e378fa>] slab_alloc /mm/slab.c:3319 [inline]
>>       [<0000000032e378fa>] __do_kmalloc /mm/slab.c:3653 [inline]
>>       [<0000000032e378fa>] __kmalloc+0x16d/0x2d0 /mm/slab.c:3664
>>       [<0000000015bc9536>] kmalloc /./include/linux/slab.h:557 [inline]
>>       [<0000000015bc9536>] kzalloc /./include/linux/slab.h:748 [inline]
>>       [<0000000015bc9536>] rds_message_alloc+0x3e/0xc0 /net/rds/message.c:291
>>       [<00000000a806d18d>] rds_send_probe.constprop.0+0x42/0x2f0
>> /net/rds/send.c:1419
>>       [<00000000794a00cc>] rds_send_pong+0x1e/0x23 /net/rds/send.c:1482
>>       [<00000000b2a248d0>] rds_recv_incoming+0x27e/0x460 /net/rds/recv.c:343
>>       [<00000000ea1503db>] rds_loop_xmit+0x86/0x100 /net/rds/loop.c:96
>>       [<00000000a9857f5a>] rds_send_xmit+0x524/0x9a0 /net/rds/send.c:355
>>       [<00000000557b0101>] rds_send_worker+0x3c/0xd0 /net/rds/threads.c:200
>>       [<000000004ba94868>] process_one_work+0x23f/0x490
>> /kernel/workqueue.c:2269
>>       [<00000000e793f811>] worker_thread+0x195/0x580 /kernel/workqueue.c:2415
>>       [<000000003ee8c1a1>] kthread+0x13e/0x160 /kernel/kthread.c:255
>>       [<000000004cd53c81>] ret_from_fork+0x1f/0x30
>> /arch/x86/entry/entry_64.S:352
>>
>>
>>
>> ---
>> This bug is generated by a bot. It may contain errors.
>> See https://goo.gl/tpsmEJ for more information about syzbot.
>> syzbot engineers can be reached at syzkaller@googlegroups.com.
>>
>> syzbot will keep track of this bug report. See:
>> https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
>> syzbot can test patches for this bug, for details see:
>> https://goo.gl/tpsmEJ#testing-patches
>>
>> --
>> You received this message because you are subscribed to the Google Groups "syzkaller-bugs" group.
>> To unsubscribe from this group and stop receiving emails from it, send an email to syzkaller-bugs+unsubscribe@googlegroups.com.
>> To view this discussion on the web visit https://groups.google.com/d/msgid/syzkaller-bugs/000000000000ad1dfe058e5b89ab%40google.com.

^ permalink raw reply	[flat|nested] 6+ messages in thread
* Re: memory leak in rds_send_probe
  2019-07-23 16:18 memory leak in rds_send_probe syzbot
  2019-07-23 16:19 ` Dmitry Vyukov
@ 2019-07-23 22:17 ` syzbot
  2019-07-23 22:23   ` Andrew Morton
  1 sibling, 1 reply; 6+ messages in thread
From: syzbot @ 2019-07-23 22:17 UTC (permalink / raw)
  To: akpm, catalin.marinas, davem, dvyukov, jack, kirill.shutemov,
	koct9i, linux-kernel, linux-mm, linux-rdma, neilb, netdev,
	rds-devel, ross.zwisler, santosh.shilimkar, syzkaller-bugs,
	torvalds, willy

syzbot has bisected this bug to:

commit af49a63e101eb62376cc1d6bd25b97eb8c691d54
Author: Matthew Wilcox <willy@linux.intel.com>
Date:   Sat May 21 00:03:33 2016 +0000

     radix-tree: change naming conventions in radix_tree_shrink

bisection log:  https://syzkaller.appspot.com/x/bisect.txt?x=176528c8600000
start commit:   c6dd78fc Merge branch 'x86-urgent-for-linus' of git://git...
git tree:       upstream
final crash:    https://syzkaller.appspot.com/x/report.txt?x=14e528c8600000
console output: https://syzkaller.appspot.com/x/log.txt?x=10e528c8600000
kernel config:  https://syzkaller.appspot.com/x/.config?x=8de7d700ea5ac607
dashboard link: https://syzkaller.appspot.com/bug?extid=5134cdf021c4ed5aaa5f
syz repro:      https://syzkaller.appspot.com/x/repro.syz?x=145df0c8600000
C reproducer:   https://syzkaller.appspot.com/x/repro.c?x=170001f4600000

Reported-by: syzbot+5134cdf021c4ed5aaa5f@syzkaller.appspotmail.com
Fixes: af49a63e101e ("radix-tree: change naming conventions in  
radix_tree_shrink")

For information about bisection process see: https://goo.gl/tpsmEJ#bisection

^ permalink raw reply	[flat|nested] 6+ messages in thread
* Re: memory leak in rds_send_probe
  2019-07-23 22:17 ` syzbot
@ 2019-07-23 22:23   ` Andrew Morton
  2019-07-23 23:25     ` Eric Biggers
  0 siblings, 1 reply; 6+ messages in thread
From: Andrew Morton @ 2019-07-23 22:23 UTC (permalink / raw)
  To: syzbot
  Cc: catalin.marinas, davem, dvyukov, jack, kirill.shutemov, koct9i,
	linux-kernel, linux-mm, linux-rdma, neilb, netdev, rds-devel,
	ross.zwisler, santosh.shilimkar, syzkaller-bugs, torvalds, willy

On Tue, 23 Jul 2019 15:17:00 -0700 syzbot <syzbot+5134cdf021c4ed5aaa5f@syzkaller.appspotmail.com> wrote:

> syzbot has bisected this bug to:
> 
> commit af49a63e101eb62376cc1d6bd25b97eb8c691d54
> Author: Matthew Wilcox <willy@linux.intel.com>
> Date:   Sat May 21 00:03:33 2016 +0000
> 
>      radix-tree: change naming conventions in radix_tree_shrink
> 
> bisection log:  https://syzkaller.appspot.com/x/bisect.txt?x=176528c8600000
> start commit:   c6dd78fc Merge branch 'x86-urgent-for-linus' of git://git...
> git tree:       upstream
> final crash:    https://syzkaller.appspot.com/x/report.txt?x=14e528c8600000
> console output: https://syzkaller.appspot.com/x/log.txt?x=10e528c8600000
> kernel config:  https://syzkaller.appspot.com/x/.config?x=8de7d700ea5ac607
> dashboard link: https://syzkaller.appspot.com/bug?extid=5134cdf021c4ed5aaa5f
> syz repro:      https://syzkaller.appspot.com/x/repro.syz?x=145df0c8600000
> C reproducer:   https://syzkaller.appspot.com/x/repro.c?x=170001f4600000
> 
> Reported-by: syzbot+5134cdf021c4ed5aaa5f@syzkaller.appspotmail.com
> Fixes: af49a63e101e ("radix-tree: change naming conventions in  
> radix_tree_shrink")
> 
> For information about bisection process see: https://goo.gl/tpsmEJ#bisection

That's rather hard to believe.  af49a63e101eb6237 simply renames a
couple of local variables.


^ permalink raw reply	[flat|nested] 6+ messages in thread
* Re: memory leak in rds_send_probe
  2019-07-23 22:23   ` Andrew Morton
@ 2019-07-23 23:25     ` Eric Biggers
  0 siblings, 0 replies; 6+ messages in thread
From: Eric Biggers @ 2019-07-23 23:25 UTC (permalink / raw)
  To: Andrew Morton
  Cc: syzbot, catalin.marinas, davem, dvyukov, jack, kirill.shutemov,
	koct9i, linux-kernel, linux-mm, linux-rdma, neilb, netdev,
	rds-devel, ross.zwisler, santosh.shilimkar, syzkaller-bugs,
	torvalds, willy

On Tue, Jul 23, 2019 at 03:23:36PM -0700, Andrew Morton wrote:
> On Tue, 23 Jul 2019 15:17:00 -0700 syzbot <syzbot+5134cdf021c4ed5aaa5f@syzkaller.appspotmail.com> wrote:
> 
> > syzbot has bisected this bug to:
> > 
> > commit af49a63e101eb62376cc1d6bd25b97eb8c691d54
> > Author: Matthew Wilcox <willy@linux.intel.com>
> > Date:   Sat May 21 00:03:33 2016 +0000
> > 
> >      radix-tree: change naming conventions in radix_tree_shrink
> > 
> > bisection log:  https://syzkaller.appspot.com/x/bisect.txt?x=176528c8600000
> > start commit:   c6dd78fc Merge branch 'x86-urgent-for-linus' of git://git...
> > git tree:       upstream
> > final crash:    https://syzkaller.appspot.com/x/report.txt?x=14e528c8600000
> > console output: https://syzkaller.appspot.com/x/log.txt?x=10e528c8600000
> > kernel config:  https://syzkaller.appspot.com/x/.config?x=8de7d700ea5ac607
> > dashboard link: https://syzkaller.appspot.com/bug?extid=5134cdf021c4ed5aaa5f
> > syz repro:      https://syzkaller.appspot.com/x/repro.syz?x=145df0c8600000
> > C reproducer:   https://syzkaller.appspot.com/x/repro.c?x=170001f4600000
> > 
> > Reported-by: syzbot+5134cdf021c4ed5aaa5f@syzkaller.appspotmail.com
> > Fixes: af49a63e101e ("radix-tree: change naming conventions in  
> > radix_tree_shrink")
> > 
> > For information about bisection process see: https://goo.gl/tpsmEJ#bisection
> 
> That's rather hard to believe.  af49a63e101eb6237 simply renames a
> couple of local variables.
> 

It's been known for months (basically ever since bisection was added) that about
50% of syzbot bisection results are obviously incorrect, often a commit selected
at random.  Unfortunately, the people actually funded to work on syzbot
apparently don't consider fixing this to be high priority issue, so we have to
live with it for now.  Or until someone volunteers to fix it themselves; source
is at https://github.com/google/syzkaller.

So for now, please don't waste much time on bisection results that look wonky.

But please do pay attention to any bisection results in reminders I've been
sending like "Reminder: 10 open syzbot bugs in foo subsystem", since I've
manually reviewed those to exclude the obviously wrong results...

- Eric

^ permalink raw reply	[flat|nested] 6+ messages in thread
end of thread, other threads:[~2019-07-23 23:25 UTC | newest]

Thread overview: 6+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2019-07-23 16:18 memory leak in rds_send_probe syzbot
2019-07-23 16:19 ` Dmitry Vyukov
2019-07-23 16:48   ` santosh.shilimkar
2019-07-23 22:17 ` syzbot
2019-07-23 22:23   ` Andrew Morton
2019-07-23 23:25     ` Eric Biggers

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).