From: syzbot <syzbot+65454c239241d3d647da@syzkaller.appspotmail.com>
To: Qiang.Zhang@windriver.com, asml.silence@gmail.com,
axboe@kernel.dk, io-uring@vger.kernel.org,
linux-kernel@vger.kernel.org, syzkaller-bugs@googlegroups.com
Subject: Re: [syzbot] memory leak in create_io_worker
Date: Mon, 13 Sep 2021 01:04:32 -0700 [thread overview]
Message-ID: <000000000000463eb205cbdbea58@google.com> (raw)
In-Reply-To: <0000000000004fe6b105cb84cf1e@google.com>
syzbot has found a reproducer for the following issue on:
HEAD commit: f306b90c69ce Merge tag 'smp-urgent-2021-09-12' of git://gi..
git tree: upstream
console output: https://syzkaller.appspot.com/x/log.txt?x=14bc2715300000
kernel config: https://syzkaller.appspot.com/x/.config?x=bb1c2ff5ae428ca6
dashboard link: https://syzkaller.appspot.com/bug?extid=65454c239241d3d647da
compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.1
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=171d8963300000
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=15b9ccdd300000
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+65454c239241d3d647da@syzkaller.appspotmail.com
BUG: memory leak
unreferenced object 0xffff88811953fa80 (size 192):
comm "syz-executor248", pid 6847, jiffies 4294979550 (age 31.120s)
hex dump (first 32 bytes):
01 00 00 00 08 00 00 00 00 00 00 00 00 00 00 00 ................
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
backtrace:
[<ffffffff8162fbb1>] kmalloc_node include/linux/slab.h:609 [inline]
[<ffffffff8162fbb1>] kzalloc_node include/linux/slab.h:732 [inline]
[<ffffffff8162fbb1>] create_io_worker+0x41/0x1f0 fs/io-wq.c:741
[<ffffffff81630067>] io_wqe_create_worker fs/io-wq.c:267 [inline]
[<ffffffff81630067>] io_wqe_enqueue+0x217/0x3a0 fs/io-wq.c:873
[<ffffffff8161e3a4>] io_queue_async_work+0xc4/0x200 fs/io_uring.c:1473
[<ffffffff8162944c>] __io_queue_sqe+0x34c/0x510 fs/io_uring.c:6940
[<ffffffff8162a6e6>] io_queue_sqe fs/io_uring.c:6958 [inline]
[<ffffffff8162a6e6>] io_submit_sqe fs/io_uring.c:7134 [inline]
[<ffffffff8162a6e6>] io_submit_sqes+0xc36/0x2ec0 fs/io_uring.c:7240
[<ffffffff8162cf6f>] __do_sys_io_uring_enter+0x5ff/0xf80 fs/io_uring.c:9882
[<ffffffff843faa25>] do_syscall_x64 arch/x86/entry/common.c:50 [inline]
[<ffffffff843faa25>] do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80
[<ffffffff84600068>] entry_SYSCALL_64_after_hwframe+0x44/0xae
BUG: memory leak
unreferenced object 0xffff88811953fa80 (size 192):
comm "syz-executor248", pid 6847, jiffies 4294979550 (age 31.180s)
hex dump (first 32 bytes):
01 00 00 00 08 00 00 00 00 00 00 00 00 00 00 00 ................
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
backtrace:
[<ffffffff8162fbb1>] kmalloc_node include/linux/slab.h:609 [inline]
[<ffffffff8162fbb1>] kzalloc_node include/linux/slab.h:732 [inline]
[<ffffffff8162fbb1>] create_io_worker+0x41/0x1f0 fs/io-wq.c:741
[<ffffffff81630067>] io_wqe_create_worker fs/io-wq.c:267 [inline]
[<ffffffff81630067>] io_wqe_enqueue+0x217/0x3a0 fs/io-wq.c:873
[<ffffffff8161e3a4>] io_queue_async_work+0xc4/0x200 fs/io_uring.c:1473
[<ffffffff8162944c>] __io_queue_sqe+0x34c/0x510 fs/io_uring.c:6940
[<ffffffff8162a6e6>] io_queue_sqe fs/io_uring.c:6958 [inline]
[<ffffffff8162a6e6>] io_submit_sqe fs/io_uring.c:7134 [inline]
[<ffffffff8162a6e6>] io_submit_sqes+0xc36/0x2ec0 fs/io_uring.c:7240
[<ffffffff8162cf6f>] __do_sys_io_uring_enter+0x5ff/0xf80 fs/io_uring.c:9882
[<ffffffff843faa25>] do_syscall_x64 arch/x86/entry/common.c:50 [inline]
[<ffffffff843faa25>] do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80
[<ffffffff84600068>] entry_SYSCALL_64_after_hwframe+0x44/0xae
BUG: memory leak
unreferenced object 0xffff88811953fa80 (size 192):
comm "syz-executor248", pid 6847, jiffies 4294979550 (age 31.230s)
hex dump (first 32 bytes):
01 00 00 00 08 00 00 00 00 00 00 00 00 00 00 00 ................
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
backtrace:
[<ffffffff8162fbb1>] kmalloc_node include/linux/slab.h:609 [inline]
[<ffffffff8162fbb1>] kzalloc_node include/linux/slab.h:732 [inline]
[<ffffffff8162fbb1>] create_io_worker+0x41/0x1f0 fs/io-wq.c:741
[<ffffffff81630067>] io_wqe_create_worker fs/io-wq.c:267 [inline]
[<ffffffff81630067>] io_wqe_enqueue+0x217/0x3a0 fs/io-wq.c:873
[<ffffffff8161e3a4>] io_queue_async_work+0xc4/0x200 fs/io_uring.c:1473
[<ffffffff8162944c>] __io_queue_sqe+0x34c/0x510 fs/io_uring.c:6940
[<ffffffff8162a6e6>] io_queue_sqe fs/io_uring.c:6958 [inline]
[<ffffffff8162a6e6>] io_submit_sqe fs/io_uring.c:7134 [inline]
[<ffffffff8162a6e6>] io_submit_sqes+0xc36/0x2ec0 fs/io_uring.c:7240
[<ffffffff8162cf6f>] __do_sys_io_uring_enter+0x5ff/0xf80 fs/io_uring.c:9882
[<ffffffff843faa25>] do_syscall_x64 arch/x86/entry/common.c:50 [inline]
[<ffffffff843faa25>] do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80
[<ffffffff84600068>] entry_SYSCALL_64_after_hwframe+0x44/0xae
BUG: memory leak
unreferenced object 0xffff88811953fa80 (size 192):
comm "syz-executor248", pid 6847, jiffies 4294979550 (age 31.290s)
hex dump (first 32 bytes):
01 00 00 00 08 00 00 00 00 00 00 00 00 00 00 00 ................
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
backtrace:
[<ffffffff8162fbb1>] kmalloc_node include/linux/slab.h:609 [inline]
[<ffffffff8162fbb1>] kzalloc_node include/linux/slab.h:732 [inline]
[<ffffffff8162fbb1>] create_io_worker+0x41/0x1f0 fs/io-wq.c:741
[<ffffffff81630067>] io_wqe_create_worker fs/io-wq.c:267 [inline]
[<ffffffff81630067>] io_wqe_enqueue+0x217/0x3a0 fs/io-wq.c:873
[<ffffffff8161e3a4>] io_queue_async_work+0xc4/0x200 fs/io_uring.c:1473
[<ffffffff8162944c>] __io_queue_sqe+0x34c/0x510 fs/io_uring.c:6940
[<ffffffff8162a6e6>] io_queue_sqe fs/io_uring.c:6958 [inline]
[<ffffffff8162a6e6>] io_submit_sqe fs/io_uring.c:7134 [inline]
[<ffffffff8162a6e6>] io_submit_sqes+0xc36/0x2ec0 fs/io_uring.c:7240
[<ffffffff8162cf6f>] __do_sys_io_uring_enter+0x5ff/0xf80 fs/io_uring.c:9882
[<ffffffff843faa25>] do_syscall_x64 arch/x86/entry/common.c:50 [inline]
[<ffffffff843faa25>] do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80
[<ffffffff84600068>] entry_SYSCALL_64_after_hwframe+0x44/0xae
BUG: memory leak
unreferenced object 0xffff88811953fa80 (size 192):
comm "syz-executor248", pid 6847, jiffies 4294979550 (age 31.340s)
hex dump (first 32 bytes):
01 00 00 00 08 00 00 00 00 00 00 00 00 00 00 00 ................
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
backtrace:
[<ffffffff8162fbb1>] kmalloc_node include/linux/slab.h:609 [inline]
[<ffffffff8162fbb1>] kzalloc_node include/linux/slab.h:732 [inline]
[<ffffffff8162fbb1>] create_io_worker+0x41/0x1f0 fs/io-wq.c:741
[<ffffffff81630067>] io_wqe_create_worker fs/io-wq.c:267 [inline]
[<ffffffff81630067>] io_wqe_enqueue+0x217/0x3a0 fs/io-wq.c:873
[<ffffffff8161e3a4>] io_queue_async_work+0xc4/0x200 fs/io_uring.c:1473
[<ffffffff8162944c>] __io_queue_sqe+0x34c/0x510 fs/io_uring.c:6940
[<ffffffff8162a6e6>] io_queue_sqe fs/io_uring.c:6958 [inline]
[<ffffffff8162a6e6>] io_submit_sqe fs/io_uring.c:7134 [inline]
[<ffffffff8162a6e6>] io_submit_sqes+0xc36/0x2ec0 fs/io_uring.c:7240
[<ffffffff8162cf6f>] __do_sys_io_uring_enter+0x5ff/0xf80 fs/io_uring.c:9882
[<ffffffff843faa25>] do_syscall_x64 arch/x86/entry/common.c:50 [inline]
[<ffffffff843faa25>] do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80
[<ffffffff84600068>] entry_SYSCALL_64_after_hwframe+0x44/0xae
BUG: memory leak
unreferenced object 0xffff88811953fa80 (size 192):
comm "syz-executor248", pid 6847, jiffies 4294979550 (age 31.400s)
hex dump (first 32 bytes):
01 00 00 00 08 00 00 00 00 00 00 00 00 00 00 00 ................
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
backtrace:
[<ffffffff8162fbb1>] kmalloc_node include/linux/slab.h:609 [inline]
[<ffffffff8162fbb1>] kzalloc_node include/linux/slab.h:732 [inline]
[<ffffffff8162fbb1>] create_io_worker+0x41/0x1f0 fs/io-wq.c:741
[<ffffffff81630067>] io_wqe_create_worker fs/io-wq.c:267 [inline]
[<ffffffff81630067>] io_wqe_enqueue+0x217/0x3a0 fs/io-wq.c:873
[<ffffffff8161e3a4>] io_queue_async_work+0xc4/0x200 fs/io_uring.c:1473
[<ffffffff8162944c>] __io_queue_sqe+0x34c/0x510 fs/io_uring.c:6940
[<ffffffff8162a6e6>] io_queue_sqe fs/io_uring.c:6958 [inline]
[<ffffffff8162a6e6>] io_submit_sqe fs/io_uring.c:7134 [inline]
[<ffffffff8162a6e6>] io_submit_sqes+0xc36/0x2ec0 fs/io_uring.c:7240
[<ffffffff8162cf6f>] __do_sys_io_uring_enter+0x5ff/0xf80 fs/io_uring.c:9882
[<ffffffff843faa25>] do_syscall_x64 arch/x86/entry/common.c:50 [inline]
[<ffffffff843faa25>] do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80
[<ffffffff84600068>] entry_SYSCALL_64_after_hwframe+0x44/0xae
BUG: memory leak
unreferenced object 0xffff88811953fa80 (size 192):
comm "syz-executor248", pid 6847, jiffies 4294979550 (age 31.450s)
hex dump (first 32 bytes):
01 00 00 00 08 00 00 00 00 00 00 00 00 00 00 00 ................
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
backtrace:
[<ffffffff8162fbb1>] kmalloc_node include/linux/slab.h:609 [inline]
[<ffffffff8162fbb1>] kzalloc_node include/linux/slab.h:732 [inline]
[<ffffffff8162fbb1>] create_io_worker+0x41/0x1f0 fs/io-wq.c:741
[<ffffffff81630067>] io_wqe_create_worker fs/io-wq.c:267 [inline]
[<ffffffff81630067>] io_wqe_enqueue+0x217/0x3a0 fs/io-wq.c:873
[<ffffffff8161e3a4>] io_queue_async_work+0xc4/0x200 fs/io_uring.c:1473
[<ffffffff8162944c>] __io_queue_sqe+0x34c/0x510 fs/io_uring.c:6940
[<ffffffff8162a6e6>] io_queue_sqe fs/io_uring.c:6958 [inline]
[<ffffffff8162a6e6>] io_submit_sqe fs/io_uring.c:7134 [inline]
[<ffffffff8162a6e6>] io_submit_sqes+0xc36/0x2ec0 fs/io_uring.c:7240
[<ffffffff8162cf6f>] __do_sys_io_uring_enter+0x5ff/0xf80 fs/io_uring.c:9882
[<ffffffff843faa25>] do_syscall_x64 arch/x86/entry/common.c:50 [inline]
[<ffffffff843faa25>] do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80
[<ffffffff84600068>] entry_SYSCALL_64_after_hwframe+0x44/0xae
BUG: memory leak
unreferenced object 0xffff88811953fa80 (size 192):
comm "syz-executor248", pid 6847, jiffies 4294979550 (age 31.500s)
hex dump (first 32 bytes):
01 00 00 00 08 00 00 00 00 00 00 00 00 00 00 00 ................
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
backtrace:
[<ffffffff8162fbb1>] kmalloc_node include/linux/slab.h:609 [inline]
[<ffffffff8162fbb1>] kzalloc_node include/linux/slab.h:732 [inline]
[<ffffffff8162fbb1>] create_io_worker+0x41/0x1f0 fs/io-wq.c:741
[<ffffffff81630067>] io_wqe_create_worker fs/io-wq.c:267 [inline]
[<ffffffff81630067>] io_wqe_enqueue+0x217/0x3a0 fs/io-wq.c:873
[<ffffffff8161e3a4>] io_queue_async_work+0xc4/0x200 fs/io_uring.c:1473
[<ffffffff8162944c>] __io_queue_sqe+0x34c/0x510 fs/io_uring.c:6940
[<ffffffff8162a6e6>] io_queue_sqe fs/io_uring.c:6958 [inline]
[<ffffffff8162a6e6>] io_submit_sqe fs/io_uring.c:7134 [inline]
[<ffffffff8162a6e6>] io_submit_sqes+0xc36/0x2ec0 fs/io_uring.c:7240
[<ffffffff8162cf6f>] __do_sys_io_uring_enter+0x5ff/0xf80 fs/io_uring.c:9882
[<ffffffff843faa25>] do_syscall_x64 arch/x86/entry/common.c:50 [inline]
[<ffffffff843faa25>] do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80
[<ffffffff84600068>] entry_SYSCALL_64_after_hwframe+0x44/0xae
write to /proc/sys/kernel/hung_task_check_interval_secs failed: No such file or directory
write to /proc/sys/kernel/softlockup_all_cpu_backtrace failed: No such file or directory
write to /proc/sys/kernel/hung_task_check_interval_secs failed: No such file or directory
write to /proc/sys/kernel/softlockup_all_cpu_backtrace failed: No such file or directory
write to /proc/sys/kernel/hung_task_check_interval_secs failed: No such file or directory
write to /proc/sys/kernel/softlockup_all_cpu_backtrace failed: No such file or directory
write to /proc/sys/kernel/hung_task_check_interval_secs failed: No such file or directory
write to /proc/sys/kernel/softlockup_all_cpu_backtrace failed: No such file or directory
write to /proc/sys/kernel/hung_task_check_interval_secs failed: No such file or directory
write to /proc/sys/kernel/softlockup_all_cpu_backtrace failed: No such file or directory
write to /proc/sys/kernel/hung_task_check_interval_secs failed: No such file or directory
write to /proc/sys/kernel/softlockup_all_cpu_backtrace failed: No such file or directory
write to /proc/sys/kernel/hung_task_check_interval_secs failed: No such file or directory
write to /proc/sys/kernel/softlockup_all_cpu_backtrace failed: No such file or directory
write to /proc/sys/kernel/hung_task_check_interval_secs failed: No such file or directory
write to /proc/sys/kernel/softlockup_all_cpu_backtrace failed: No such file or directory
prev parent reply other threads:[~2021-09-13 8:04 UTC|newest]
Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-09-09 0:09 [syzbot] memory leak in create_io_worker syzbot
2021-09-09 11:12 ` Zhang, Qiang
2021-09-13 8:04 ` syzbot [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=000000000000463eb205cbdbea58@google.com \
--to=syzbot+65454c239241d3d647da@syzkaller.appspotmail.com \
--cc=Qiang.Zhang@windriver.com \
--cc=asml.silence@gmail.com \
--cc=axboe@kernel.dk \
--cc=io-uring@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=syzkaller-bugs@googlegroups.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.