From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 0A2CBC433FE for ; Tue, 11 Oct 2022 16:11:13 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 4AAC26B0071; Tue, 11 Oct 2022 12:11:13 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id 433F56B0073; Tue, 11 Oct 2022 12:11:13 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 286456B0074; Tue, 11 Oct 2022 12:11:13 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0016.hostedemail.com [216.40.44.16]) by kanga.kvack.org (Postfix) with ESMTP id 104296B0071 for ; Tue, 11 Oct 2022 12:11:13 -0400 (EDT) Received: from smtpin21.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay07.hostedemail.com (Postfix) with ESMTP id BACEC16107E for ; Tue, 11 Oct 2022 16:11:12 +0000 (UTC) X-FDA: 80009157984.21.DF22AE6 Received: from mail-yb1-f174.google.com (mail-yb1-f174.google.com [209.85.219.174]) by imf07.hostedemail.com (Postfix) with ESMTP id 60D2740033 for ; Tue, 11 Oct 2022 16:11:12 +0000 (UTC) Received: by mail-yb1-f174.google.com with SMTP id n74so17020666yba.11 for ; Tue, 11 Oct 2022 09:11:12 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=vx/i4FLHOiBcikAiz6lqx8qMyGl3xkt/GHSt8Bt/HGc=; b=coynS7KDkLZtM73+brpkJwrc2Gva+Eqcb/OYXg1s7sbirsQT3iUoZt2Z/8Ytc0ZnTm 9bRkY2UXJ3vGiUX/Ywwm5/3uK9hS13ykS+XYPLdqeVJ0IKnHNrJm4aV/GpSrC+14Z8uf vTjvJY9sB20dWEMsB7TveF4nYYO8xWtHHnSF4AxxluCb3KHeY+xnxf2cFoNeJml1eLcu j7bNNFXs6IlcrkiS1cdckyAQn6vguIdDtekuvw8/kvy9d9EZAaL7dgbu2jNQv2e9g95A YzQ89L1eVzxdNA0AEmZkf/cGjLRfx3J622/+Jup2IKGjhYJi00WICSEoMe9UDOPpn4lW umlg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=vx/i4FLHOiBcikAiz6lqx8qMyGl3xkt/GHSt8Bt/HGc=; b=0QV90//KvvfFbaAaigfyMg8ekIO1HGan3mecy1CrVgY1ayl63uH+cgf5pMmYbHrTAA IeAuGI0r1slpFj2pfEPwig8NmO0ZrMkqmhQJf9yq9l7Lxb3FgoDb1AP3niSjGS0nR1CS jjXkyquZunBxjkIa+guFF0y9e6i8qPPEa7kbBBJImuPD4PYtWqrBCSDl1b0MZ4yjs9n6 pdzqbh0S4iyts1IFlodfTwOO/B+IYU/Q/wOMdxGUaAoYyxeL/2pzYdH6J56+P71zKRgA Gq5VOxUJ+ozxBWcpWx+mkP8o/FW4SpN9bbbDwR9JxSJXwJ3CzSlWLSNSlHyQ8L+njr3l xs6g== X-Gm-Message-State: ACrzQf2qz0nfJzg72VeILfKYhiBQ1i5n12f/Cy5mEqNO2rI+9cBMatWr QxWQIRhnNrLFh+SE7qFOfLhWNznQcvH3LjUK/v8= X-Google-Smtp-Source: AMsMyM5fNSUzBEHycwQI5TfHiowXIh/3AO2kHM+sV2vQkDppfu0eXQgf9ZOtb40G9XbPbjrpP7yei5trSoP1ahno2PU= X-Received: by 2002:a05:6902:1146:b0:6bd:f92b:b014 with SMTP id p6-20020a056902114600b006bdf92bb014mr24330713ybu.175.1665504671479; Tue, 11 Oct 2022 09:11:11 -0700 (PDT) MIME-Version: 1.0 References: <20221011155051.qgwfbbeeshvoaotj@revolver> In-Reply-To: <20221011155051.qgwfbbeeshvoaotj@revolver> From: Lukas Bulwahn Date: Tue, 11 Oct 2022 18:11:00 +0200 Message-ID: Subject: Re: Observed recent memory leak in __anon_vma_prepare To: Liam Howlett Cc: Andrew Morton , Linux-MM , kernel-janitors , Linux Kernel Mailing List , "maple-tree@lists.infradead.org" , Matthew Wilcox Content-Type: text/plain; charset="UTF-8" ARC-Authentication-Results: i=1; imf07.hostedemail.com; dkim=pass header.d=gmail.com header.s=20210112 header.b=coynS7KD; spf=pass (imf07.hostedemail.com: domain of lukas.bulwahn@gmail.com designates 209.85.219.174 as permitted sender) smtp.mailfrom=lukas.bulwahn@gmail.com; dmarc=pass (policy=none) header.from=gmail.com ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1665504672; a=rsa-sha256; cv=none; b=EWiLrJrUoUYZgjudavDgrTIAmQxohRaCeZsddXebQlK7FrkuudFOlVLA6dLefYrutF+23/ 9hoK8dWPWIlTRY1ogy/q2Tan1JtnZOgjd8qFFXwJpKXYBI9ddbZIxu5yWOrqYON+8BMdQY Zr2wt1MfIPA8YpRiTJT6VZzsbr477B4= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1665504672; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=vx/i4FLHOiBcikAiz6lqx8qMyGl3xkt/GHSt8Bt/HGc=; b=R9YoPpngrlyRuAje10fBOj23Fq6mW3e9L/A060xchUl9mucHI9Ry0zrzShYfF9xf0FbBi5 kSxfCWuMZtyOr0SHbv5zBTkysAfTxe5SUW/zXLDCbCVMcCAF6K9KZArlWEB/8EWqQriO+1 7xT0zuslUFe3xFcJjT4Uz70CeTca+A0= X-Rspamd-Queue-Id: 60D2740033 X-Rspam-User: Authentication-Results: imf07.hostedemail.com; dkim=pass header.d=gmail.com header.s=20210112 header.b=coynS7KD; spf=pass (imf07.hostedemail.com: domain of lukas.bulwahn@gmail.com designates 209.85.219.174 as permitted sender) smtp.mailfrom=lukas.bulwahn@gmail.com; dmarc=pass (policy=none) header.from=gmail.com X-Rspamd-Server: rspam10 X-Stat-Signature: tf1rxrrnp7gfcdi7oattqacgrhaac871 X-HE-Tag: 1665504672-209876 X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: On Tue, Oct 11, 2022 at 5:51 PM Liam Howlett wrote: > > * Lukas Bulwahn [221011 12:35]: > > Dear Liam, dear Matthew, dear all, > > > > The reproducer for the 'memory leak in __anon_vma_prepare' bug (see > > https://elisa-builder-00.iol.unh.edu/syzkaller-next/report?id=3113810b9abd3dfeb581759df93d3171d1a90f18) > > is reproducible, it is triggering the memory leak on the current > > mainline (commit 60bb8154d1d7), and it was not triggering on v6.0. My > > build config is a x86_64 defconfig. > > > > My git bisection showed that: > > > > 524e00b36e8c547f5582eef3fb645a8d9fc5e3df is the first bad commit > > commit 524e00b36e8c547f5582eef3fb645a8d9fc5e3df > > Author: Liam R. Howlett > > Date: Tue Sep 6 19:48:48 2022 +0000 > > > > The git bisect log is below, note that the commits 7fdbd37da5c6, > > d0cf3dd47f0d and 0c563f148043 are marked good in the git bisect as > > they caused bugs "BUG: Bad rss-counter state mm: ... type:MM_ANONPAGES > > val:2". This bug report might have overshadowed the actual issue, and > > hence the bug might have been introduced earlier, but was only visible > > once the Bad rss-counter state bug disappeared. > > > > > > ... > > > # first bad commit: [524e00b36e8c547f5582eef3fb645a8d9fc5e3df] mm: > > remove rb tree. > > > > > > If there is more information needed or other bisection to be done, > > please let me know. > > > Lukas, > > Thanks for the report. I am trying to reproduce this issue and have not > been able to trigger a memory leak. So far I have built using the > defconfig from arch/x86/configs/x86_64_defconfig and run the C code from > the end of your report above. It also produces some output that is not > captured in your report. Are you sure it's the defconfig being used? > > ------ > # ./repro > write to /proc/sys/kernel/hung_task_check_interval_secs failed: No such > file or directory > write to /proc/sys/net/core/bpf_jit_kallsyms failed: No such file or > directory > write to /proc/sys/net/core/bpf_jit_harden failed: No such file or > directory > write to /proc/sys/kernel/softlockup_all_cpu_backtrace failed: No such > file or directory > ------ > > Note your output does not mention softlockup or hung_task issues. This > is on 6.0.0-rc3-00207-g524e00b36e8c. It is also worth noting that the > resulting kernel does not have /sys/kernel/debug/kmemleak. > > I have also tested your reproducer with my own config which does have > the kmemleak debug file, but it did not trigger a memory leak either. I > suspect I am missing a config option? Are you using gcc or clang? > Liam, This is how I am building the kernel: make O=$BUILD defconfig && make O=$BUILD kvm_guest.config && \ ./scripts/kconfig/merge_config.sh -O $BUILD -r $BUILD/.config kernel/configs/syzkaller-recommended.config && \ make O=$BUILD -j`nproc` My syzkaller-recommended.config is: CONFIG_KCOV=y CONFIG_KCOV_INSTRUMENT_ALL=y CONFIG_KCOV_ENABLE_COMPARISONS=y CONFIG_DEBUG_FS=y CONFIG_DEBUG_KMEMLEAK=y CONFIG_DEBUG_INFO=y CONFIG_DEBUG_INFO_DWARF_TOOLCHAIN_DEFAULT=y CONFIG_KALLSYMS=y CONFIG_KALLSYMS_ALL=y CONFIG_CONFIGFS_FS=y CONFIG_SECURITYFS=y # CONFIG_RANDOMIZE_BASE is not set CONFIG_KASAN=y CONFIG_KASAN_INLINE=y CONFIG_FAULT_INJECTION=y CONFIG_FAULT_INJECTION_DEBUG_FS=y CONFIG_FAULT_INJECTION_USERCOPY=y CONFIG_FAILSLAB=y CONFIG_FAIL_PAGE_ALLOC=y CONFIG_FAIL_MAKE_REQUEST=y CONFIG_FAIL_IO_TIMEOUT=y CONFIG_FAIL_FUTEX=y CONFIG_LOCKDEP=y CONFIG_PROVE_LOCKING=y CONFIG_DEBUG_ATOMIC_SLEEP=y CONFIG_PROVE_RCU=y CONFIG_DEBUG_VM=y CONFIG_FORTIFY_SOURCE=y CONFIG_HARDENED_USERCOPY=y CONFIG_LOCKUP_DETECTOR=y CONFIG_SOFTLOCKUP_DETECTOR=y CONFIG_HARDLOCKUP_DETECTOR=y CONFIG_BOOTPARAM_HARDLOCKUP_PANIC=y CONFIG_DETECT_HUNG_TASK=y CONFIG_WQ_WATCHDOG=y CONFIG_DEFAULT_HUNG_TASK_TIMEOUT=140 CONFIG_RCU_CPU_STALL_TIMEOUT=100 So, it is "defconfig" + syzkaller debug features; sorry for being a bit too brief in my first report. The gcc version is: gcc (Debian 8.3.0-6) 8.3.0 Copyright (C) 2018 Free Software Foundation, Inc. This is free software; see the source for copying conditions. There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. But I doubt that the gcc version is really relevant. I am running this in a pretty simple qemu instance. I can provide more information on my qemu setup if needed. Lukas