[syzbot] [gfs2?] memory leak in __kthread_create_on_node

[syzbot] [gfs2?] memory leak in __kthread_create_on_node

[syzbot]

Hello,

syzbot found the following issue on:

HEAD commit:    8dfce8991b95 Merge tag 'pinctrl-v6.19-3' of git://git.kern..
git tree:       upstream
console output: https://syzkaller.appspot.com/x/log.txt?x=14361322580000
kernel config:  https://syzkaller.appspot.com/x/.config?x=9d7d0fbecb37bff8
dashboard link: https://syzkaller.appspot.com/bug?extid=aac438d7a1c44071e04b
compiler:       gcc (Debian 14.2.0-19) 14.2.0, GNU ld (GNU Binutils for Debian) 2.44
syz repro:      https://syzkaller.appspot.com/x/repro.syz?x=1409c644580000
C reproducer:   https://syzkaller.appspot.com/x/repro.c?x=16121694580000

Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/5812cc8b60db/disk-8dfce899.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/47a4b40e4e44/vmlinux-8dfce899.xz
kernel image: https://storage.googleapis.com/syzbot-assets/18e043c20056/bzImage-8dfce899.xz
mounted in repro: https://storage.googleapis.com/syzbot-assets/ebd5c2300445/mount_0.gz
  fsck result: failed (log: https://syzkaller.appspot.com/x/fsck.log?x=15765d8a580000)

IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+aac438d7a1c44071e04b@syzkaller.appspotmail.com

BUG: memory leak
unreferenced object 0xffff888125a2dec0 (size 32):
  comm "syz.4.75", pid 6411, jiffies 4294948981
  hex dump (first 32 bytes):
    67 66 73 32 5f 6c 6f 67 64 2f 73 79 7a 3a 73 79  gfs2_logd/syz:sy
    7a 2e 30 00 00 00 00 00 00 00 00 00 00 00 00 00  z.0.............
  backtrace (crc d543dd03):
    kmemleak_alloc_recursive include/linux/kmemleak.h:44 [inline]
    slab_post_alloc_hook mm/slub.c:4958 [inline]
    slab_alloc_node mm/slub.c:5263 [inline]
    __do_kmalloc_node mm/slub.c:5656 [inline]
    __kmalloc_node_track_caller_noprof+0x47b/0x690 mm/slub.c:5768
    kvasprintf+0x6e/0xf0 lib/kasprintf.c:25
    __kthread_create_on_node+0x9e/0x1c0 kernel/kthread.c:519
    kthread_create_on_node+0x73/0xa0 kernel/kthread.c:587
    init_threads fs/gfs2/ops_fstype.c:1065 [inline]
    gfs2_fill_super+0xdf8/0x1210 fs/gfs2/ops_fstype.c:1265
    get_tree_bdev_flags+0x1c0/0x290 fs/super.c:1691
    gfs2_get_tree+0x26/0xd0 fs/gfs2/ops_fstype.c:1332
    vfs_get_tree+0x30/0x120 fs/super.c:1751
    fc_mount fs/namespace.c:1199 [inline]
    do_new_mount_fc fs/namespace.c:3636 [inline]
    do_new_mount fs/namespace.c:3712 [inline]
    path_mount+0x5a9/0x1350 fs/namespace.c:4022
    do_mount fs/namespace.c:4035 [inline]
    __do_sys_mount fs/namespace.c:4224 [inline]
    __se_sys_mount fs/namespace.c:4201 [inline]
    __x64_sys_mount+0x1a3/0x1e0 fs/namespace.c:4201
    do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
    do_syscall_64+0xa4/0xf80 arch/x86/entry/syscall_64.c:94
    entry_SYSCALL_64_after_hwframe+0x77/0x7f

BUG: memory leak
unreferenced object 0xffff888126a2a300 (size 4480):
  comm "kthreadd", pid 2, jiffies 4294948981
  hex dump (first 32 bytes):
    00 00 08 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
    00 00 00 00 01 00 00 00 80 00 00 00 00 00 00 00  ................
  backtrace (crc 4b33760e):
    kmemleak_alloc_recursive include/linux/kmemleak.h:44 [inline]
    slab_post_alloc_hook mm/slub.c:4958 [inline]
    slab_alloc_node mm/slub.c:5263 [inline]
    kmem_cache_alloc_node_noprof+0x422/0x590 mm/slub.c:5315
    alloc_task_struct_node kernel/fork.c:184 [inline]
    dup_task_struct kernel/fork.c:915 [inline]
    copy_process+0x286/0x2870 kernel/fork.c:2052
    kernel_clone+0xac/0x6e0 kernel/fork.c:2651
    kernel_thread+0x80/0xb0 kernel/fork.c:2712
    create_kthread kernel/kthread.c:486 [inline]
    kthreadd+0x196/0x260 kernel/kthread.c:844
    ret_from_fork+0x23c/0x320 arch/x86/kernel/process.c:158
    ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:246

BUG: memory leak
unreferenced object 0xffff888109c85180 (size 184):
  comm "kthreadd", pid 2, jiffies 4294948981
  hex dump (first 32 bytes):
    02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
  backtrace (crc c5f4f48b):
    kmemleak_alloc_recursive include/linux/kmemleak.h:44 [inline]
    slab_post_alloc_hook mm/slub.c:4958 [inline]
    slab_alloc_node mm/slub.c:5263 [inline]
    kmem_cache_alloc_noprof+0x412/0x580 mm/slub.c:5270
    prepare_creds+0x22/0x600 kernel/cred.c:185
    copy_creds+0x44/0x290 kernel/cred.c:286
    copy_process+0x7a7/0x2870 kernel/fork.c:2086
    kernel_clone+0xac/0x6e0 kernel/fork.c:2651
    kernel_thread+0x80/0xb0 kernel/fork.c:2712
    create_kthread kernel/kthread.c:486 [inline]
    kthreadd+0x196/0x260 kernel/kthread.c:844
    ret_from_fork+0x23c/0x320 arch/x86/kernel/process.c:158
    ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:246

BUG: memory leak
unreferenced object 0xffff888102bd9780 (size 32):
  comm "kthreadd", pid 2, jiffies 4294948981
  hex dump (first 32 bytes):
    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
    f8 52 86 00 81 88 ff ff 00 00 00 00 00 00 00 00  .R..............
  backtrace (crc 336e1c5f):
    kmemleak_alloc_recursive include/linux/kmemleak.h:44 [inline]
    slab_post_alloc_hook mm/slub.c:4958 [inline]
    slab_alloc_node mm/slub.c:5263 [inline]
    __do_kmalloc_node mm/slub.c:5656 [inline]
    __kmalloc_noprof+0x465/0x680 mm/slub.c:5669
    kmalloc_noprof include/linux/slab.h:961 [inline]
    kzalloc_noprof include/linux/slab.h:1094 [inline]
    lsm_blob_alloc+0x4d/0x80 security/security.c:192
    lsm_cred_alloc security/security.c:209 [inline]
    security_prepare_creds+0x2d/0x290 security/security.c:2763
    prepare_creds+0x395/0x600 kernel/cred.c:215
    copy_creds+0x44/0x290 kernel/cred.c:286
    copy_process+0x7a7/0x2870 kernel/fork.c:2086
    kernel_clone+0xac/0x6e0 kernel/fork.c:2651
    kernel_thread+0x80/0xb0 kernel/fork.c:2712
    create_kthread kernel/kthread.c:486 [inline]
    kthreadd+0x196/0x260 kernel/kthread.c:844
    ret_from_fork+0x23c/0x320 arch/x86/kernel/process.c:158
    ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:246

BUG: memory leak
unreferenced object 0xffff8881098abc00 (size 192):
  comm "kthreadd", pid 2, jiffies 4294948981
  hex dump (first 32 bytes):
    00 00 00 00 00 00 00 00 00 00 00 00 ff ff ff ff  ................
    01 00 00 00 00 00 00 00 80 d5 78 82 ff ff ff ff  ..........x.....
  backtrace (crc 1df624ea):
    kmemleak_alloc_recursive include/linux/kmemleak.h:44 [inline]
    slab_post_alloc_hook mm/slub.c:4958 [inline]
    slab_alloc_node mm/slub.c:5263 [inline]
    __kmalloc_cache_noprof+0x41a/0x590 mm/slub.c:5775
    kmalloc_noprof include/linux/slab.h:957 [inline]
    kzalloc_noprof include/linux/slab.h:1094 [inline]
    set_kthread_struct+0x58/0x150 kernel/kthread.c:125
    copy_process+0x1569/0x2870 kernel/fork.c:2150
    kernel_clone+0xac/0x6e0 kernel/fork.c:2651
    kernel_thread+0x80/0xb0 kernel/fork.c:2712
    create_kthread kernel/kthread.c:486 [inline]
    kthreadd+0x196/0x260 kernel/kthread.c:844
    ret_from_fork+0x23c/0x320 arch/x86/kernel/process.c:158
    ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:246

BUG: memory leak
unreferenced object 0xffff88812baec5c0 (size 64):
  comm "kthreadd", pid 2, jiffies 4294948981
  hex dump (first 32 bytes):
    e0 35 8f 89 ff ff ff ff 00 00 00 00 00 00 00 00  .5..............
    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
  backtrace (crc 8e7806b9):
    kmemleak_alloc_recursive include/linux/kmemleak.h:44 [inline]
    slab_post_alloc_hook mm/slub.c:4958 [inline]
    slab_alloc_node mm/slub.c:5263 [inline]
    __do_kmalloc_node mm/slub.c:5656 [inline]
    __kmalloc_noprof+0x465/0x680 mm/slub.c:5669
    kmalloc_noprof include/linux/slab.h:961 [inline]
    kzalloc_noprof include/linux/slab.h:1094 [inline]
    lsm_blob_alloc+0x4d/0x80 security/security.c:192
    lsm_task_alloc security/security.c:244 [inline]
    security_task_alloc+0x2a/0x260 security/security.c:2682
    copy_process+0xf07/0x2870 kernel/fork.c:2203
    kernel_clone+0xac/0x6e0 kernel/fork.c:2651
    kernel_thread+0x80/0xb0 kernel/fork.c:2712
    create_kthread kernel/kthread.c:486 [inline]
    kthreadd+0x196/0x260 kernel/kthread.c:844
    ret_from_fork+0x23c/0x320 arch/x86/kernel/process.c:158
    ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:246

BUG: memory leak
unreferenced object 0xffff888101e37a80 (size 1152):
  comm "kthreadd", pid 2, jiffies 4294948981
  hex dump (first 32 bytes):
    01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
    90 7a e3 01 81 88 ff ff 90 7a e3 01 81 88 ff ff  .z.......z......
  backtrace (crc 1d024e88):
    kmemleak_alloc_recursive include/linux/kmemleak.h:44 [inline]
    slab_post_alloc_hook mm/slub.c:4958 [inline]
    slab_alloc_node mm/slub.c:5263 [inline]
    kmem_cache_alloc_noprof+0x412/0x580 mm/slub.c:5270
    copy_signal kernel/fork.c:1699 [inline]
    copy_process+0x1102/0x2870 kernel/fork.c:2218
    kernel_clone+0xac/0x6e0 kernel/fork.c:2651
    kernel_thread+0x80/0xb0 kernel/fork.c:2712
    create_kthread kernel/kthread.c:486 [inline]
    kthreadd+0x196/0x260 kernel/kthread.c:844
    ret_from_fork+0x23c/0x320 arch/x86/kernel/process.c:158
    ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:246

connection error: failed to recv *flatrpc.ExecutorMessageRawT: EOF


---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzkaller@googlegroups.com.

syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.

If the report is already addressed, let syzbot know by replying with:
#syz fix: exact-commit-title

If you want syzbot to run the reproducer, reply with:
#syz test: git://repo/address.git branch-or-commit-hash
If you attach or paste a git patch, syzbot will apply it before testing.

If you want to overwrite report's subsystems, reply with:
#syz set subsystems: new-subsystem
(See the list of subsystem names on the web dashboard)

If the report is a duplicate of another one, reply with:
#syz dup: exact-subject-of-another-report

If you want to undo deduplication, reply with:
#syz undup

Forwarded: [PATCH] gfs2: fix memory leak of kernel threads on mount failure

[syzbot]

For archival purposes, forwarding an incoming command email to
linux-kernel@vger.kernel.org, syzkaller-bugs@googlegroups.com.

***

Subject: [PATCH] gfs2: fix memory leak of kernel threads on mount failure
Author: kartikey406@gmail.com

#syz test: git://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git master

Syzbot reported a memory leak in GFS2 when mounting fails after
init_threads() has successfully created kernel threads. The issue
occurs when gfs2_freeze_lock_shared() fails - the error path jumps
to fail_per_node without cleaning up the threads created by
init_threads().

The leak includes the thread name string, task_struct, credentials,
and other thread-related allocations that are never freed when the
mount operation fails at this point.

Fix this by ensuring gfs2_destroy_threads() is called in the
fail_per_node error path for read-write mounts, matching the
condition used when creating the threads.

Reported-by: syzbot+aac438d7a1c44071e04b@syzkaller.appspotmail.com
Closes: https://syzkaller.appspot.com/bug?extid=aac438d7a1c44071e04b
Signed-off-by: Deepanshu Kartikey <kartikey406@gmail.com>
---
 fs/gfs2/ops_fstype.c | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/fs/gfs2/ops_fstype.c b/fs/gfs2/ops_fstype.c
index e7a88b717991..163dd7132957 100644
--- a/fs/gfs2/ops_fstype.c
+++ b/fs/gfs2/ops_fstype.c
@@ -1286,6 +1286,8 @@ static int gfs2_fill_super(struct super_block *sb, struct fs_context *fc)
 
 fail_per_node:
 	init_per_node(sdp, UNDO);
+	if (!sb_rdonly(sb))
+		gfs2_destroy_threads(sdp);
 fail_inodes:
 	init_inodes(sdp, UNDO);
 fail_sb:
-- 
2.43.0

Forwarded: [PATCH] gfs2: fix memory leaks in gfs2_fill_super error path

[syzbot]

For archival purposes, forwarding an incoming command email to
linux-kernel@vger.kernel.org, syzkaller-bugs@googlegroups.com.

***

Subject: [PATCH] gfs2: fix memory leaks in gfs2_fill_super error path
Author: kartikey406@gmail.com

#syz test: git://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git master

Fix two memory leaks in the gfs2_fill_super() error handling path when
transitioning a filesystem to read-write mode fails.

First leak: kthread objects (thread_struct, task_struct, etc.)
When gfs2_freeze_lock_shared() fails after init_threads() succeeds,
the created kernel threads (logd and quotad) are never destroyed.
This occurs because the fail_per_node label doesn't call
gfs2_destroy_threads().

Second leak: quota bitmap buffer (8192 bytes)
When gfs2_make_fs_rw() fails after gfs2_quota_init() succeeds but
before other operations complete, the allocated quota bitmap is never
freed. The error path destroyed threads but didn't cleanup quota
structures.

The fix consolidates thread cleanup at the fail_per_node label for all
error paths, which is safe because gfs2_destroy_threads() checks for
NULL pointers before calling kthread_stop_put(). Quota cleanup is added
specifically to the gfs2_make_fs_rw() error path where quota structures
were initialized.

Syzbot detected these leaks with the following signatures:

Thread leak (PATH 3: gfs2_freeze_lock_shared failure):
  unreferenced object 0xffff88801d7bca80 (size 4480):
    copy_process+0x3a1/0x4670 kernel/fork.c:2422
    kernel_clone+0xf3/0x6e0 kernel/fork.c:2779
    kthread_create_on_node+0x100/0x150 kernel/kthread.c:478
    init_threads+0xab/0x350 fs/gfs2/ops_fstype.c:611
    gfs2_fill_super+0xe5c/0x1240 fs/gfs2/ops_fstype.c:1265

Quota leak (PATH 4: gfs2_make_fs_rw failure):
  unreferenced object 0xffff88812de7c000 (size 8192):
    gfs2_quota_init+0xe5/0x820 fs/gfs2/quota.c:1409
    gfs2_make_fs_rw+0x7a/0xe0 fs/gfs2/super.c:149
    gfs2_fill_super+0xfbb/0x1240 fs/gfs2/ops_fstype.c:1275

Reported-by: syzbot+aac438d7a1c44071e04b@syzkaller.appspotmail.com
Closes: https://syzkaller.appspot.com/bug?extid=aac438d7a1c44071e04b
Signed-off-by: Deepanshu Kartikey <Kartikey406@gmail.com>
---
 fs/gfs2/ops_fstype.c | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/fs/gfs2/ops_fstype.c b/fs/gfs2/ops_fstype.c
index e7a88b717991..fdc70189e4f1 100644
--- a/fs/gfs2/ops_fstype.c
+++ b/fs/gfs2/ops_fstype.c
@@ -1276,7 +1276,7 @@ static int gfs2_fill_super(struct super_block *sb, struct fs_context *fc)
 
 	if (error) {
 		gfs2_freeze_unlock(sdp);
-		gfs2_destroy_threads(sdp);
+		gfs2_quota_cleanup(sdp);
 		fs_err(sdp, "can't make FS RW: %d\n", error);
 		goto fail_per_node;
 	}
@@ -1286,6 +1286,8 @@ static int gfs2_fill_super(struct super_block *sb, struct fs_context *fc)
 
 fail_per_node:
 	init_per_node(sdp, UNDO);
+	if (!sb_rdonly(sb))
+		gfs2_destroy_threads(sdp);
 fail_inodes:
 	init_inodes(sdp, UNDO);
 fail_sb:
-- 
2.43.0

Re: [syzbot] [gfs2?] memory leak in __kthread_create_on_node

[Andreas Gruenbacher]

#syz test: git://git.kernel.org/pub/scm/linux/kernel/git/gfs2/linux-gfs2.git
for-next

Re: [syzbot] [gfs2?] memory leak in __kthread_create_on_node

[syzbot]

Hello,

syzbot tried to test the proposed patch but the build/boot failed:

: port 1(bridge_slave_0) entered blocking state
[   49.569526][ T5894] bridge0: port 1(bridge_slave_0) entered disabled state
[   49.577272][ T5894] bridge_slave_0: entered allmulticast mode
[   49.583706][ T5894] bridge_slave_0: entered promiscuous mode
[   49.596953][ T5894] bridge0: port 2(bridge_slave_1) entered blocking state
[   49.604391][ T5894] bridge0: port 2(bridge_slave_1) entered disabled state
[   49.611600][ T5894] bridge_slave_1: entered allmulticast mode
[   49.618015][ T5894] bridge_slave_1: entered promiscuous mode
[   49.628063][ T5894] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   49.638158][ T5894] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   49.651127][ T5894] team0: Port device team_slave_0 added
[   49.657258][ T5894] team0: Port device team_slave_1 added
[   49.666478][ T5894] batman_adv: batadv0: Adding interface: batadv_slave_0
[   49.673408][ T5894] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[   49.699306][ T5894] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   49.710247][ T5894] batman_adv: batadv0: Adding interface: batadv_slave_1
[   49.717331][ T5894] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[   49.743223][ T5894] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   49.761247][ T5894] hsr_slave_0: entered promiscuous mode
[   49.767053][ T5894] hsr_slave_1: entered promiscuous mode
[   49.796552][ T5894] netdevsim netdevsim5 netdevsim0: renamed from eth0
[   49.806103][ T5894] netdevsim netdevsim5 netdevsim1: renamed from eth1
[   49.813706][ T5894] netdevsim netdevsim5 netdevsim2: renamed from eth2
[   49.821484][ T5894] netdevsim netdevsim5 netdevsim3: renamed from eth3
[   49.833675][ T5894] bridge0: port 2(bridge_slave_1) entered blocking state
[   49.840885][ T5894] bridge0: port 2(bridge_slave_1) entered forwarding state
[   49.848233][ T5894] bridge0: port 1(bridge_slave_0) entered blocking state
[   49.855361][ T5894] bridge0: port 1(bridge_slave_0) entered forwarding state
[   49.874093][ T5894] 8021q: adding VLAN 0 to HW filter on device bond0
[   49.883306][   T31] bridge0: port 1(bridge_slave_0) entered disabled state
[   49.890757][   T31] bridge0: port 2(bridge_slave_1) entered disabled state
[   49.899998][ T5894] 8021q: adding VLAN 0 to HW filter on device team0
[   49.908475][ T4273] bridge0: port 1(bridge_slave_0) entered blocking state
[   49.915629][ T4273] bridge0: port 1(bridge_slave_0) entered forwarding state
[   49.926439][   T31] bridge0: port 2(bridge_slave_1) entered blocking state
[   49.933487][   T31] bridge0: port 2(bridge_slave_1) entered forwarding state
[   49.976870][ T5894] 8021q: adding VLAN 0 to HW filter on device batadv0
[   50.019341][ T5894] veth0_vlan: entered promiscuous mode
[   50.027485][ T5894] veth1_vlan: entered promiscuous mode
[   50.037907][ T5894] veth0_macvtap: entered promiscuous mode
[   50.045065][ T5894] veth1_macvtap: entered promiscuous mode
[   50.053367][ T5894] batman_adv: batadv0: Interface activated: batadv_slave_0
[   50.062517][ T5894] batman_adv: batadv0: Interface activated: batadv_slave_1
2026/02/03 13:34:00 executed programs: 0
[   50.071587][   T31] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   50.080766][   T31] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   50.089873][   T31] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   50.098962][   T31] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   50.146631][   T51] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[   50.153698][   T51] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[   50.161549][   T51] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[   50.169537][   T51] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[   50.176954][   T51] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[   50.211055][ T5935] chnl_net:caif_netlink_parms(): no params data found
[   50.232507][ T5935] bridge0: port 1(bridge_slave_0) entered blocking state
[   50.239849][ T5935] bridge0: port 1(bridge_slave_0) entered disabled state
[   50.247221][ T5935] bridge_slave_0: entered allmulticast mode
[   50.253454][ T5935] bridge_slave_0: entered promiscuous mode
[   50.260028][ T5935] bridge0: port 2(bridge_slave_1) entered blocking state
[   50.267129][ T5935] bridge0: port 2(bridge_slave_1) entered disabled state
[   50.274406][ T5935] bridge_slave_1: entered allmulticast mode
[   50.280561][ T5935] bridge_slave_1: entered promiscuous mode
[   50.291387][ T5935] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   50.301433][ T5935] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   50.315273][ T5935] team0: Port device team_slave_0 added
[   50.321623][ T5935] team0: Port device team_slave_1 added
[   50.331276][ T5935] batman_adv: batadv0: Adding interface: batadv_slave_0
[   50.338331][ T5935] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[   50.364309][ T5935] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   50.375554][ T5935] batman_adv: batadv0: Adding interface: batadv_slave_1
[   50.382485][ T5935] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[   50.408696][ T5935] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   50.426057][ T5935] hsr_slave_0: entered promiscuous mode
[   50.431913][ T5935] hsr_slave_1: entered promiscuous mode
[   50.437731][ T5935] debugfs: 'hsr0' already exists in 'hsr'
[   50.443458][ T5935] Cannot create hsr debugfs directory
[   50.471333][ T5935] netdevsim netdevsim0 netdevsim0: renamed from eth0
[   50.479234][ T5935] netdevsim netdevsim0 netdevsim1: renamed from eth1
[   50.486892][ T5935] netdevsim netdevsim0 netdevsim2: renamed from eth2
[   50.494636][ T5935] netdevsim netdevsim0 netdevsim3: renamed from eth3
[   50.506883][ T5935] bridge0: port 2(bridge_slave_1) entered blocking state
[   50.513937][ T5935] bridge0: port 2(bridge_slave_1) entered forwarding state
[   50.521151][ T5935] bridge0: port 1(bridge_slave_0) entered blocking state
[   50.528314][ T5935] bridge0: port 1(bridge_slave_0) entered forwarding state
[   50.546104][ T5935] 8021q: adding VLAN 0 to HW filter on device bond0
[   50.555923][ T1028] bridge0: port 1(bridge_slave_0) entered disabled state
[   50.563234][ T1028] bridge0: port 2(bridge_slave_1) entered disabled state
[   50.572397][ T5935] 8021q: adding VLAN 0 to HW filter on device team0
[   50.580932][ T4273] bridge0: port 1(bridge_slave_0) entered blocking state
[   50.587999][ T4273] bridge0: port 1(bridge_slave_0) entered forwarding state
[   50.597473][ T1028] bridge0: port 2(bridge_slave_1) entered blocking state
[   50.604528][ T1028] bridge0: port 2(bridge_slave_1) entered forwarding state
[   50.647463][ T5935] 8021q: adding VLAN 0 to HW filter on device batadv0
[   50.662929][ T5935] veth0_vlan: entered promiscuous mode
[   50.670959][ T5935] veth1_vlan: entered promiscuous mode
[   50.681606][ T5935] veth0_macvtap: entered promiscuous mode
[   50.688740][ T5935] veth1_macvtap: entered promiscuous mode
[   50.697748][ T5935] batman_adv: batadv0: Interface activated: batadv_slave_0
[   50.707515][ T5935] batman_adv: batadv0: Interface activated: batadv_slave_1
[   50.716544][ T4273] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   50.725515][ T4273] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   50.734628][ T4273] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   50.744542][ T4273] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   50.762892][ T4273] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   50.771050][ T4273] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   50.781621][   T31] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   50.789850][   T31] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   50.879037][   T31] netdevsim netdevsim5 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   50.915713][   T31] netdevsim netdevsim5 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   51.004863][   T31] netdevsim netdevsim5 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   51.074863][   T31] netdevsim netdevsim5 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   52.016178][   T31] bridge_slave_1: left allmulticast mode
[   52.021837][   T31] bridge_slave_1: left promiscuous mode
[   52.027571][   T31] bridge0: port 2(bridge_slave_1) entered disabled state
[   52.035331][   T31] bridge_slave_0: left allmulticast mode
[   52.040954][   T31] bridge_slave_0: left promiscuous mode
[   52.046653][   T31] bridge0: port 1(bridge_slave_0) entered disabled state
[   52.106207][   T31] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[   52.115467][   T31] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[   52.125163][   T31] bond0 (unregistering): Released all slaves
[   52.193847][   T31] hsr_slave_0: left promiscuous mode
[   52.200333][   T31] hsr_slave_1: left promiscuous mode
[   52.206079][   T31] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[   52.213540][   T31] batman_adv: batadv0: Removing interface: batadv_slave_0
[   52.221223][   T31] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[   52.228932][   T31] batman_adv: batadv0: Removing interface: batadv_slave_1
[   52.237267][   T31] veth1_macvtap: left promiscuous mode
[   52.242816][   T31] veth0_macvtap: left promiscuous mode
[   52.248610][   T31] veth1_vlan: left promiscuous mode
[   52.253921][   T31] veth0_vlan: left promiscuous mode
[   52.277608][   T31] team0 (unregistering): Port device team_slave_1 removed
[   52.286132][   T31] team0 (unregistering): Port device team_slave_0 removed
[   52.766136][ T1028] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   54.465080][ T1028] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   54.525147][ T1028] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   54.565331][ T1028] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   54.639649][ T1028] bridge_slave_1: left allmulticast mode
[   54.645358][ T1028] bridge_slave_1: left promiscuous mode
[   54.651032][ T1028] bridge0: port 2(bridge_slave_1) entered disabled state
[   54.658760][ T1028] bridge_slave_0: left allmulticast mode
[   54.664566][ T1028] bridge_slave_0: left promiscuous mode
[   54.670254][ T1028] bridge0: port 1(bridge_slave_0) entered disabled state
[   54.726139][ T1028] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[   54.735307][ T1028] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[   54.744759][ T1028] bond0 (unregistering): Released all slaves
[   54.858073][ T1028] hsr_slave_0: left promiscuous mode
[   54.865227][ T1028] hsr_slave_1: left promiscuous mode
[   54.870765][ T1028] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[   54.878359][ T1028] batman_adv: batadv0: Removing interface: batadv_slave_0
[   54.886112][ T1028] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[   54.893489][ T1028] batman_adv: batadv0: Removing interface: batadv_slave_1
[   54.903185][ T1028] veth1_macvtap: left promiscuous mode
[   54.908932][ T1028] veth0_macvtap: left promiscuous mode
[   54.914513][ T1028] veth1_vlan: left promiscuous mode
[   54.919924][ T1028] veth0_vlan: left promiscuous mode
[   54.943530][ T1028] team0 (unregistering): Port device team_slave_1 removed
[   54.952050][ T1028] team0 (unregistering): Port device team_slave_0 removed


syzkaller build log:
go env (err=<nil>)
AR='ar'
CC='gcc'
CGO_CFLAGS='-O2 -g'
CGO_CPPFLAGS=''
CGO_CXXFLAGS='-O2 -g'
CGO_ENABLED='1'
CGO_FFLAGS='-O2 -g'
CGO_LDFLAGS='-O2 -g'
CXX='g++'
GCCGO='gccgo'
GO111MODULE='auto'
GOAMD64='v1'
GOARCH='amd64'
GOAUTH='netrc'
GOBIN=''
GOCACHE='/syzkaller/.cache/go-build'
GOCACHEPROG=''
GODEBUG=''
GOENV='/syzkaller/.config/go/env'
GOEXE=''
GOEXPERIMENT=''
GOFIPS140='off'
GOFLAGS=''
GOGCCFLAGS='-fPIC -m64 -pthread -Wl,--no-gc-sections -fmessage-length=0 -ffile-prefix-map=/tmp/go-build3933183977=/tmp/go-build -gno-record-gcc-switches'
GOHOSTARCH='amd64'
GOHOSTOS='linux'
GOINSECURE=''
GOMOD='/syzkaller/jobs-2/linux/gopath/src/github.com/google/syzkaller/go.mod'
GOMODCACHE='/syzkaller/jobs-2/linux/gopath/pkg/mod'
GONOPROXY=''
GONOSUMDB=''
GOOS='linux'
GOPATH='/syzkaller/jobs-2/linux/gopath'
GOPRIVATE=''
GOPROXY='https://proxy.golang.org,direct'
GOROOT='/usr/local/go'
GOSUMDB='sum.golang.org'
GOTELEMETRY='local'
GOTELEMETRYDIR='/syzkaller/.config/go/telemetry'
GOTMPDIR=''
GOTOOLCHAIN='auto'
GOTOOLDIR='/usr/local/go/pkg/tool/linux_amd64'
GOVCS=''
GOVERSION='go1.24.4'
GOWORK=''
PKG_CONFIG='pkg-config'

git status (err=<nil>)
HEAD detached at b78a734197
nothing to commit, working tree clean


tput: No value for $TERM and no -T specified
tput: No value for $TERM and no -T specified
Makefile:31: run command via tools/syz-env for best compatibility, see:
Makefile:32: https://github.com/google/syzkaller/blob/master/docs/contributing.md#using-syz-env
go list -f '{{.Stale}}' -ldflags="-s -w -X github.com/google/syzkaller/prog.GitRevision=b78a7341979245ec72840af68695cb23b98dc2cb -X github.com/google/syzkaller/prog.gitRevisionDate=20260128-224926"  ./sys/syz-sysgen | grep -q false || go install -ldflags="-s -w -X github.com/google/syzkaller/prog.GitRevision=b78a7341979245ec72840af68695cb23b98dc2cb -X github.com/google/syzkaller/prog.gitRevisionDate=20260128-224926"  ./sys/syz-sysgen
make .descriptions
tput: No value for $TERM and no -T specified
tput: No value for $TERM and no -T specified
Makefile:31: run command via tools/syz-env for best compatibility, see:
Makefile:32: https://github.com/google/syzkaller/blob/master/docs/contributing.md#using-syz-env
bin/syz-sysgen
touch .descriptions
GOOS=linux GOARCH=amd64 go build -ldflags="-s -w -X github.com/google/syzkaller/prog.GitRevision=b78a7341979245ec72840af68695cb23b98dc2cb -X github.com/google/syzkaller/prog.gitRevisionDate=20260128-224926"  -o ./bin/linux_amd64/syz-execprog github.com/google/syzkaller/tools/syz-execprog
mkdir -p ./bin/linux_amd64
g++ -o ./bin/linux_amd64/syz-executor executor/executor.cc \
	-m64 -O2 -pthread -Wall -Werror -Wparentheses -Wunused-const-variable -Wframe-larger-than=16384 -Wno-stringop-overflow -Wno-array-bounds -Wno-format-overflow -Wno-unused-but-set-variable -Wno-unused-command-line-argument -static-pie -std=c++17 -I. -Iexecutor/_include   -DGOOS_linux=1 -DGOARCH_amd64=1 \
	-DHOSTGOOS_linux=1 -DGIT_REVISION=\"b78a7341979245ec72840af68695cb23b98dc2cb\"
/usr/bin/ld: /tmp/ccJgQDSd.o: in function `Connection::Connect(char const*, char const*)':
executor.cc:(.text._ZN10Connection7ConnectEPKcS1_[_ZN10Connection7ConnectEPKcS1_]+0x386): warning: Using 'gethostbyname' in statically linked applications requires at runtime the shared libraries from the glibc version used for linking
./tools/check-syzos.sh 2>/dev/null


Error text is too large and was truncated, full error text is at:
https://syzkaller.appspot.com/x/error.txt?x=10e0c402580000


Tested on:

commit:         da6f5bbc gfs2: fix memory leaks in gfs2_fill_super err..
git tree:       git://git.kernel.org/pub/scm/linux/kernel/git/gfs2/linux-gfs2.git for-next
kernel config:  https://syzkaller.appspot.com/x/.config?x=9d7d0fbecb37bff8
dashboard link: https://syzkaller.appspot.com/bug?extid=aac438d7a1c44071e04b
compiler:       gcc (Debian 14.2.0-19) 14.2.0, GNU ld (GNU Binutils for Debian) 2.44

Note: no patches were applied.

Forwarded: Re: [syzbot] [gfs2?] memory leak in __kthread_create_on_node

[syzbot]

For archival purposes, forwarding an incoming command email to
linux-kernel@vger.kernel.org, syzkaller-bugs@googlegroups.com.

***

Subject: Re: [syzbot] [gfs2?] memory leak in __kthread_create_on_node
Author: agruenba@redhat.com

#syz test: git://git.kernel.org/pub/scm/linux/kernel/git/gfs2/linux-gfs2.git
for-next

Forwarded: Re: [syzbot] [gfs2?] memory leak in __kthread_create_on_node

[syzbot]

For archival purposes, forwarding an incoming command email to
linux-kernel@vger.kernel.org, syzkaller-bugs@googlegroups.com.

***

Subject: Re: [syzbot] [gfs2?] memory leak in __kthread_create_on_node
Author: agruenba@redhat.com

#syz test: git://git.kernel.org/pub/scm/linux/kernel/git/gfs2/linux-gfs2.git
for-next