This patch try to fix bug reported by syzkaller:
BUG: memory leak
unreferenced object 0xffff888112a84a28 (size 104):
comm "kworker/u4:3", pid 948, jiffies 4294943272 (age 473.370s)
hex dump (first 32 bytes):
c0 53 8a 12 81 88 ff ff 22 01 00 00 00 00 ad de .S......".......
00 01 00 00 00 00 ad de 22 01 00 00 00 00 ad de ........".......
backtrace:
[<ffffffff817773cb>] kmem_cache_zalloc include/linux/slab.h:711 [inline]
[<ffffffff817773cb>] ext4_mb_pa_alloc fs/ext4/mballoc.c:5046 [inline]
[<ffffffff817773cb>] ext4_mb_new_blocks+0xd5b/0x18b0 fs/ext4/mballoc.c:5581
[<ffffffff81731d2d>] ext4_ext_map_blocks+0xdfd/0x2940 fs/ext4/extents.c:4250
[<ffffffff81754a03>] ext4_map_blocks+0x333/0xb10 fs/ext4/inode.c:637
[<ffffffff8175c22b>] mpage_map_one_extent fs/ext4/inode.c:2393 [inline]
[<ffffffff8175c22b>] mpage_map_and_submit_extent fs/ext4/inode.c:2446 [inline]
[<ffffffff8175c22b>] ext4_writepages+0xc8b/0x19c0 fs/ext4/inode.c:2798
[<ffffffff8145d19a>] do_writepages+0xfa/0x2a0 mm/page-writeback.c:2364
[<ffffffff815cbdbe>] __writeback_single_inode+0x6e/0x520 fs/fs-writeback.c:1616
[<ffffffff815cc924>] writeback_sb_inodes+0x2d4/0x710 fs/fs-writeback.c:1881
[<ffffffff815ccdbb>] __writeback_inodes_wb+0x5b/0x150 fs/fs-writeback.c:1950
[<ffffffff815cd2af>] wb_writeback+0x3ff/0x470 fs/fs-writeback.c:2055
[<ffffffff815ced0a>] wb_check_old_data_flush fs/fs-writeback.c:2155 [inline]
[<ffffffff815ced0a>] wb_do_writeback fs/fs-writeback.c:2208 [inline]
[<ffffffff815ced0a>] wb_workfn+0x3fa/0x760 fs/fs-writeback.c:2237
[<ffffffff81265d0f>] process_one_work+0x2cf/0x620 kernel/workqueue.c:2297
[<ffffffff81266619>] worker_thread+0x59/0x5d0 kernel/workqueue.c:2444
[<ffffffff8126fb18>] kthread+0x188/0x1d0 kernel/kthread.c:319
[<ffffffff810022cf>] ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:295
BUG: memory leak
unreferenced object 0xffff888112a84a90 (size 104):
comm "kworker/u4:3", pid 948, jiffies 4294943272 (age 473.370s)
hex dump (first 32 bytes):
98 98 8a 12 81 88 ff ff 22 01 00 00 00 00 ad de ........".......
00 01 00 00 00 00 ad de 22 01 00 00 00 00 ad de ........".......
backtrace:
[<ffffffff817773cb>] kmem_cache_zalloc include/linux/slab.h:711 [inline]
[<ffffffff817773cb>] ext4_mb_pa_alloc fs/ext4/mballoc.c:5046 [inline]
[<ffffffff817773cb>] ext4_mb_new_blocks+0xd5b/0x18b0 fs/ext4/mballoc.c:5581
[<ffffffff81731d2d>] ext4_ext_map_blocks+0xdfd/0x2940 fs/ext4/extents.c:4250
[<ffffffff81754a03>] ext4_map_blocks+0x333/0xb10 fs/ext4/inode.c:637
[<ffffffff8175c22b>] mpage_map_one_extent fs/ext4/inode.c:2393 [inline]
[<ffffffff8175c22b>] mpage_map_and_submit_extent fs/ext4/inode.c:2446 [inline]
[<ffffffff8175c22b>] ext4_writepages+0xc8b/0x19c0 fs/ext4/inode.c:2798
[<ffffffff8145d19a>] do_writepages+0xfa/0x2a0 mm/page-writeback.c:2364
[<ffffffff815cbdbe>] __writeback_single_inode+0x6e/0x520 fs/fs-writeback.c:1616
[<ffffffff815cc924>] writeback_sb_inodes+0x2d4/0x710 fs/fs-writeback.c:1881
[<ffffffff815ccdbb>] __writeback_inodes_wb+0x5b/0x150 fs/fs-writeback.c:1950
[<ffffffff815cd2af>] wb_writeback+0x3ff/0x470 fs/fs-writeback.c:2055
[<ffffffff815ced0a>] wb_check_old_data_flush fs/fs-writeback.c:2155 [inline]
[<ffffffff815ced0a>] wb_do_writeback fs/fs-writeback.c:2208 [inline]
[<ffffffff815ced0a>] wb_workfn+0x3fa/0x760 fs/fs-writeback.c:2237
[<ffffffff81265d0f>] process_one_work+0x2cf/0x620 kernel/workqueue.c:2297
[<ffffffff81266619>] worker_thread+0x59/0x5d0 kernel/workqueue.c:2444
[<ffffffff8126fb18>] kthread+0x188/0x1d0 kernel/kthread.c:319
[<ffffffff810022cf>] ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:295
The full link:
https://syzkaller.appspot.com/bug?id=6b3fa085566c7c8c64e32a6747c0a2b2c039e364
Signed-off-by: Bernard Zhao <[email protected]>
---
fs/ext4/mballoc.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/fs/ext4/mballoc.c b/fs/ext4/mballoc.c
index 72bfac2d6dce..e767aacebdf0 100644
--- a/fs/ext4/mballoc.c
+++ b/fs/ext4/mballoc.c
@@ -5439,6 +5439,7 @@ static int ext4_mb_release_context(struct ext4_allocation_context *ac)
}
ext4_mb_put_pa(ac, ac->ac_sb, pa);
+ ext4_mb_pa_free(ac);
}
if (ac->ac_bitmap_page)
put_page(ac->ac_bitmap_page);
--
2.31.0
Greeting,
FYI, we noticed the following commit (built with gcc-9):
commit: cdf6cd7ffc6c325daee11df540e5dda624d5bc18 ("[PATCH] fs/ext4:bug fix of memory leak in ext4_mb_pa_alloc")
url: https://github.com/0day-ci/linux/commits/Bernard-Zhao/fs-ext4-bug-fix-of-memory-leak-in-ext4_mb_pa_alloc/20211018-212517
base: https://git.kernel.org/cgit/linux/kernel/git/tytso/ext4.git dev
patch link: https://lore.kernel.org/linux-ext4/[email protected]
in testcase: nvml
version: nvml-x86_64-ff6f0f125-1_20211017
with following parameters:
test: pmem
group: libpmempool
nr_pmem: 1
fs: ext4
mount_option: dax
bp_memmap: 32G!4G
ucode: 0x7000019
on test machine: 16 threads 1 sockets Intel(R) Xeon(R) CPU D-1541 @ 2.10GHz with 48G memory
caused below changes (please refer to attached dmesg/kmsg for entire log/backtrace):
If you fix the issue, kindly add following tag
Reported-by: kernel test robot <[email protected]>
[ 218.462250][T21377] ------------[ cut here ]------------
[ 218.467648][T21377] WARNING: CPU: 4 PID: 21377 at fs/ext4/mballoc.c:5060 ext4_mb_pa_free+0x28/0x40
[ 218.477324][T21377] Modules linked in: dm_mod xfs btrfs blake2b_generic intel_rapl_msr xor intel_rapl_common zstd_compress raid6_pq libcrc32c sb_edac x8
6_pkg_temp_thermal intel_powerclamp sd_mod t10_pi sg coretemp ipmi_ssif kvm_intel kvm ast drm_vram_helper drm_ttm_helper ttm drm_kms_helper syscopyarea irq
bypass crct10dif_pclmul nd_pmem crc32_pclmul sysfillrect dax_pmem_compat crc32c_intel device_dax nd_btt ghash_clmulni_intel dax_pmem_core ahci acpi_ipmi sy
simgblt fb_sys_fops nd_e820 rapl libahci mei_me intel_cstate ipmi_si ioatdma drm mxm_wmi libnvdimm intel_uncore libata gpio_ich intel_pch_thermal ipmi_devi
ntf mei joydev dca ipmi_msghandler wmi acpi_pad ip_tables
[ 218.536613][T21377] CPU: 4 PID: 21377 Comm: cp Not tainted 5.15.0-rc4-00010-gcdf6cd7ffc6c #1
[ 218.545151][T21377] Hardware name: Supermicro SYS-5018D-FN4T/X10SDV-8C-TLN4F, BIOS 1.1 03/02/2016
[ 218.554148][T21377] RIP: 0010:ext4_mb_pa_free+0x28/0x40
[ 218.560083][T21377] Code: 1f 00 0f 1f 44 00 00 48 8b 37 48 85 f6 74 19 48 c7 07 00 00 00 00 f0 ff 4e 34 75 0e 48 8b 3d 8f 94 2f 02 e9 5a 02 ec ff 0f 0b
<0f> 0b eb ee 66 66 2e 0f 1f 84 00 00 00 00 00 66 0f 1f 84 00 00 00
[ 218.579690][T21377] RSP: 0018:ffffc90003b7b9d8 EFLAGS: 00010296
[ 218.585695][T21377] RAX: 0000000000000000 RBX: ffff888c79e10000 RCX: 0000000000000000
[ 218.593624][T21377] RDX: 0000000000000001 RSI: ffff8889b762ac30 RDI: ffff888987d0a8f0
[ 218.601554][T21377] RBP: ffff88896f751c78 R08: ffff88896f751f10 R09: ffff88896f751f10
[ 218.609484][T21377] R10: 0000000000000000 R11: ffff88894b8cfff0 R12: ffff8889b762ac60
[ 218.617431][T21377] R13: ffff88896f751f10 R14: ffff8889b762ac30 R15: ffff888987d0a870
[ 218.633151][T21377] FS: 00007f120fded800(0000) GS:ffff888c49700000(0000) knlGS:0000000000000000
[ 218.642060][T21377] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 218.648605][T21377] CR2: 00007f120fdeb000 CR3: 0000000a30686002 CR4: 00000000003706e0
[ 218.656535][T21377] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 218.664465][T21377] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 218.672412][T21377] Call Trace:
[ 218.675656][T21377] ext4_mb_release_context+0x3fb/0x780
[ 218.681053][T21377] ? ext4_mb_mark_diskspace_used+0x9e/0x400
[ 218.686903][T21377] ext4_mb_new_blocks+0x4de/0x880
[ 218.691886][T21377] ? ext4_find_extent+0x335/0x3c0
[ 218.696870][T21377] ext4_ext_map_blocks+0x774/0xc80
[ 218.701931][T21377] ext4_map_blocks+0x191/0x5c0
[ 218.706655][T21377] ext4_iomap_begin+0x171/0x2c0
[ 218.711446][T21377] iomap_iter+0x15f/0x340
[ 218.715736][T21377] dax_iomap_rw+0xa5/0x3c0
[ 218.720086][T21377] ? __wake_up_common_lock+0x8a/0xc0
[ 218.725330][T21377] ext4_file_write_iter+0x18e/0x240
[ 218.730479][T21377] new_sync_write+0x122/0x1c0
[ 218.735116][T21377] vfs_write+0x1e6/0x2c0
[ 218.739317][T21377] ksys_write+0x5f/0x100
[ 218.743531][T21377] do_syscall_64+0x3b/0xc0
[ 218.747890][T21377] entry_SYSCALL_64_after_hwframe+0x44/0xae
[ 218.753739][T21377] RIP: 0033:0x7f120ff76504
[ 218.758089][T21377] Code: 00 f7 d8 64 89 02 48 c7 c0 ff ff ff ff eb b3 0f 1f 80 00 00 00 00 48 8d 05 f9 61 0d 00 8b 00 85 c0 75 13 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 54 c3 0f 1f 00 41 54 49 89 d4 55 48 89 f5 53
[ 218.777694][T21377] RSP: 002b:00007ffca1485a68 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[ 218.786057][T21377] RAX: ffffffffffffffda RBX: 0000000000020000 RCX: 00007f120ff76504
[ 218.794004][T21377] RDX: 0000000000020000 RSI: 00007f120fdcc000 RDI: 0000000000000005
[ 218.801951][T21377] RBP: 00007f120fdcc000 R08: 0000000000020000 R09: 0000000000000000
[ 218.809899][T21377] R10: fffffffffffffaf8 R11: 0000000000000246 R12: 00007f120fdcc000
[ 218.817846][T21377] R13: 0000000000000005 R14: 0000000000000000 R15: 0000000000020000
[ 218.825810][T21377] ---[ end trace f35dc46231817762 ]---
To reproduce:
#build kernel with attached config file
git clone https://github.com/intel/lkp-tests.git
cd lkp-tests
sudo bin/lkp install job.yaml # job file is attached in this email
bin/lkp split-job --compatible job.yaml # generate the yaml file for lkp run
sudo bin/lkp run generated-yaml-file
# if come across any failure that blocks the test,
# please remove ~/.lkp and /lkp dir to run from a clean state.
---
0DAY/LKP+ Test Infrastructure Open Source Technology Center
https://lists.01.org/hyperkitty/list/[email protected] Intel Corporation
Thanks,
Oliver Sang