Hello, syzbot found the following issue on: HEAD commit: afead42fdfca Merge tag 'perf-tools-fixes-for-v6.4-2-2023-0.. git tree: upstream console output: https://syzkaller.appspot.com/x/log.txt?x=13acfcd1280000 kernel config: https://syzkaller.appspot.com/x/.config?x=21fde9f7601f218f dashboard link: https://syzkaller.appspot.com/bug?extid=ea01ee90cdba474c187b compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2 syz repro: https://syzkaller.appspot.com/x/repro.syz?x=15160fb9280000 Downloadable assets: disk image: https://storage.googleapis.com/syzbot-assets/b5acaa3b8518/disk-afead42f.raw.xz vmlinux: https://storage.googleapis.com/syzbot-assets/041db64527a2/vmlinux-afead42f.xz kernel image: https://storage.googleapis.com/syzbot-assets/cd4f6f1744e4/bzImage-afead42f.xz IMPORTANT: if you fix the issue, please add the following tag to the commit: Reported-by: syzbot+ea01ee90cdba474c187b@xxxxxxxxxxxxxxxxxxxxxxxxx BUG: memory leak unreferenced object 0xffff88810a5cd958 (size 776): comm "syslogd", pid 4424, jiffies 4294938531 (age 1177.910s) hex dump (first 32 bytes): 00 00 00 00 01 00 00 00 00 00 20 00 00 00 00 00 .......... ..... 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ backtrace: [<ffffffff8152a817>] alloc_inode_sb include/linux/fs.h:2705 [inline] [<ffffffff8152a817>] shmem_alloc_inode+0x27/0x50 mm/shmem.c:3907 [<ffffffff8168f979>] alloc_inode+0x29/0x110 fs/inode.c:260 [<ffffffff8168fa87>] new_inode_pseudo fs/inode.c:1018 [inline] [<ffffffff8168fa87>] new_inode+0x27/0xf0 fs/inode.c:1046 [<ffffffff8152b944>] shmem_get_inode+0xd4/0x560 mm/shmem.c:2370 [<ffffffff8152bf12>] shmem_mknod+0x42/0x150 mm/shmem.c:2942 [<ffffffff81676fd5>] lookup_open fs/namei.c:3492 [inline] [<ffffffff81676fd5>] open_last_lookups fs/namei.c:3560 [inline] [<ffffffff81676fd5>] path_openat+0x1725/0x1b10 fs/namei.c:3788 [<ffffffff81679175>] do_filp_open+0xc5/0x1b0 fs/namei.c:3818 [<ffffffff81653dbd>] do_sys_openat2+0xed/0x260 fs/open.c:1356 [<ffffffff81654863>] do_sys_open fs/open.c:1372 [inline] [<ffffffff81654863>] __do_sys_openat fs/open.c:1388 [inline] [<ffffffff81654863>] __se_sys_openat fs/open.c:1383 [inline] [<ffffffff81654863>] __x64_sys_openat+0x83/0xe0 fs/open.c:1383 [<ffffffff84a15749>] do_syscall_x64 arch/x86/entry/common.c:50 [inline] [<ffffffff84a15749>] do_syscall_64+0x39/0xb0 arch/x86/entry/common.c:80 [<ffffffff84c0008b>] entry_SYSCALL_64_after_hwframe+0x63/0xcd BUG: memory leak unreferenced object 0xffff888109473080 (size 32): comm "syslogd", pid 4424, jiffies 4294938531 (age 1177.910s) hex dump (first 32 bytes): 18 db 5c 0a 81 88 ff ff b0 65 2d 82 ff ff ff ff ..\......e-..... 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ backtrace: [<ffffffff822d7cae>] kmem_cache_zalloc include/linux/slab.h:670 [inline] [<ffffffff822d7cae>] lsm_inode_alloc security/security.c:632 [inline] [<ffffffff822d7cae>] security_inode_alloc+0x2e/0xb0 security/security.c:1479 [<ffffffff8168cfa8>] inode_init_always+0x1f8/0x240 fs/inode.c:231 [<ffffffff8168f996>] alloc_inode+0x46/0x110 fs/inode.c:267 [<ffffffff8168fa87>] new_inode_pseudo fs/inode.c:1018 [inline] [<ffffffff8168fa87>] new_inode+0x27/0xf0 fs/inode.c:1046 [<ffffffff8152b944>] shmem_get_inode+0xd4/0x560 mm/shmem.c:2370 [<ffffffff8152bf12>] shmem_mknod+0x42/0x150 mm/shmem.c:2942 [<ffffffff81676fd5>] lookup_open fs/namei.c:3492 [inline] [<ffffffff81676fd5>] open_last_lookups fs/namei.c:3560 [inline] [<ffffffff81676fd5>] path_openat+0x1725/0x1b10 fs/namei.c:3788 [<ffffffff81679175>] do_filp_open+0xc5/0x1b0 fs/namei.c:3818 [<ffffffff81653dbd>] do_sys_openat2+0xed/0x260 fs/open.c:1356 [<ffffffff81654863>] do_sys_open fs/open.c:1372 [inline] [<ffffffff81654863>] __do_sys_openat fs/open.c:1388 [inline] [<ffffffff81654863>] __se_sys_openat fs/open.c:1383 [inline] [<ffffffff81654863>] __x64_sys_openat+0x83/0xe0 fs/open.c:1383 [<ffffffff84a15749>] do_syscall_x64 arch/x86/entry/common.c:50 [inline] [<ffffffff84a15749>] do_syscall_64+0x39/0xb0 arch/x86/entry/common.c:80 [<ffffffff84c0008b>] entry_SYSCALL_64_after_hwframe+0x63/0xcd BUG: memory leak unreferenced object 0xffff88810e027d80 (size 576): comm "syslogd", pid 4424, jiffies 4294939014 (age 1173.100s) hex dump (first 32 bytes): 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 01 00 00 00 00 00 00 00 80 30 47 09 81 88 ff ff .........0G..... backtrace: [<ffffffff84a0a6d6>] xas_alloc+0xf6/0x120 lib/xarray.c:377 [<ffffffff84a0d10d>] xas_expand lib/xarray.c:584 [inline] [<ffffffff84a0d10d>] xas_create+0x13d/0x800 lib/xarray.c:655 [<ffffffff84a0dbcb>] xas_store+0x7b/0xbd0 lib/xarray.c:789 [<ffffffff8152ce89>] shmem_add_to_page_cache+0x2c9/0x500 mm/shmem.c:735 [<ffffffff81530785>] shmem_get_folio_gfp+0x3a5/0xcf0 mm/shmem.c:1978 [<ffffffff81531ba8>] shmem_get_folio mm/shmem.c:2079 [inline] [<ffffffff81531ba8>] shmem_write_begin+0x88/0x1a0 mm/shmem.c:2573 [<ffffffff814eefb3>] generic_perform_write+0x103/0x2b0 mm/filemap.c:3923 [<ffffffff814f3bd3>] __generic_file_write_iter+0x173/0x290 mm/filemap.c:4051 [<ffffffff814f3d72>] generic_file_write_iter+0x82/0x160 mm/filemap.c:4083 [<ffffffff81658e33>] call_write_iter include/linux/fs.h:1868 [inline] [<ffffffff81658e33>] new_sync_write fs/read_write.c:491 [inline] [<ffffffff81658e33>] vfs_write+0x413/0x530 fs/read_write.c:584 [<ffffffff81659191>] ksys_write+0xa1/0x160 fs/read_write.c:637 [<ffffffff84a15749>] do_syscall_x64 arch/x86/entry/common.c:50 [inline] [<ffffffff84a15749>] do_syscall_64+0x39/0xb0 arch/x86/entry/common.c:80 [<ffffffff84c0008b>] entry_SYSCALL_64_after_hwframe+0x63/0xcd BUG: memory leak unreferenced object 0xffff888103efe280 (size 128): comm "syz-execprog", pid 5049, jiffies 4295044860 (age 114.650s) hex dump (first 32 bytes): f0 7b 88 0d 81 88 ff ff 70 7d 6e 81 ff ff ff ff .{......p}n..... 00 eb 6d 0a 81 88 ff ff 98 e2 ef 03 81 88 ff ff ..m............. backtrace: [<ffffffff816ea897>] kmem_cache_zalloc include/linux/slab.h:670 [inline] [<ffffffff816ea897>] ep_insert fs/eventpoll.c:1504 [inline] [<ffffffff816ea897>] do_epoll_ctl+0x5c7/0x1220 fs/eventpoll.c:2223 [<ffffffff816eb57a>] __do_sys_epoll_ctl fs/eventpoll.c:2280 [inline] [<ffffffff816eb57a>] __se_sys_epoll_ctl fs/eventpoll.c:2271 [inline] [<ffffffff816eb57a>] __x64_sys_epoll_ctl+0x8a/0xd0 fs/eventpoll.c:2271 [<ffffffff84a15749>] do_syscall_x64 arch/x86/entry/common.c:50 [inline] [<ffffffff84a15749>] do_syscall_64+0x39/0xb0 arch/x86/entry/common.c:80 [<ffffffff84c0008b>] entry_SYSCALL_64_after_hwframe+0x63/0xcd BUG: memory leak unreferenced object 0xffff8881052da600 (size 128): comm "syz-execprog", pid 5049, jiffies 4295044862 (age 114.630s) hex dump (first 32 bytes): 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ backtrace: [<ffffffff812b4e5a>] alloc_pid+0x6a/0x550 kernel/pid.c:180 [<ffffffff81277c3b>] copy_process+0x18fb/0x26c0 kernel/fork.c:2526 [<ffffffff81278b87>] kernel_clone+0xf7/0x610 kernel/fork.c:2918 [<ffffffff8127911c>] __do_sys_clone+0x7c/0xb0 kernel/fork.c:3061 [<ffffffff84a15749>] do_syscall_x64 arch/x86/entry/common.c:50 [inline] [<ffffffff84a15749>] do_syscall_64+0x39/0xb0 arch/x86/entry/common.c:80 [<ffffffff84c0008b>] entry_SYSCALL_64_after_hwframe+0x63/0xcd --- This report is generated by a bot. It may contain errors. See https://goo.gl/tpsmEJ for more information about syzbot. syzbot engineers can be reached at syzkaller@xxxxxxxxxxxxxxxx. syzbot will keep track of this issue. See: https://goo.gl/tpsmEJ#status for how to communicate with syzbot. If the bug is already fixed, let syzbot know by replying with: #syz fix: exact-commit-title If you want syzbot to run the reproducer, reply with: #syz test: git://repo/address.git branch-or-commit-hash If you attach or paste a git patch, syzbot will apply it before testing. If you want to change bug's subsystems, reply with: #syz set subsystems: new-subsystem (See the list of subsystem names on the web dashboard) If the bug is a duplicate of another bug, reply with: #syz dup: exact-subject-of-another-report If you want to undo deduplication, reply with: #syz undup
