syzbot


memory leak in create_io_worker

Status: fixed on 2021/11/10 00:50
Reported-by: syzbot+65454c239241d3d647da@syzkaller.appspotmail.com
Fix commit: 66e70be72288 io-wq: fix memory leak in create_io_worker()
First crash: 343d, last: 303d
similar bugs (1):
Kernel Title Repro Cause bisect Fix bisect Count Last Reported Patched Status
upstream memory leak in create_io_worker (2) C 3 17d 175d 0/23 upstream: reported C repro on 2022/02/22 23:40

Sample crash report:
write to /proc/sys/kernel/softlockup_all_cpu_backtrace failed: No such file or directory
BUG: memory leak
unreferenced object 0xffff88811d1e7f00 (size 192):
  comm "syz-executor116", pid 9229, jiffies 4295052887 (age 31.810s)
  hex dump (first 32 bytes):
    01 00 00 00 08 00 00 00 00 00 00 00 00 00 00 00  ................
    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
  backtrace:
    [<ffffffff8162fac1>] kmalloc_node include/linux/slab.h:609 [inline]
    [<ffffffff8162fac1>] kzalloc_node include/linux/slab.h:732 [inline]
    [<ffffffff8162fac1>] create_io_worker+0x41/0x1f0 fs/io-wq.c:736
    [<ffffffff8162ff77>] io_wqe_create_worker fs/io-wq.c:264 [inline]
    [<ffffffff8162ff77>] io_wqe_enqueue+0x217/0x3a0 fs/io-wq.c:868
    [<ffffffff8161e3d4>] io_queue_async_work+0xc4/0x200 fs/io_uring.c:1471
    [<ffffffff8162931c>] __io_queue_sqe+0x34c/0x510 fs/io_uring.c:6985
    [<ffffffff8162952b>] io_req_task_submit+0x4b/0xa0 fs/io_uring.c:2236
    [<ffffffff81623543>] tctx_task_work+0x1b3/0x3a0 fs/io_uring.c:2161
    [<ffffffff8126bbb3>] task_work_run+0x73/0xb0 kernel/task_work.c:164
    [<ffffffff812dedd1>] tracehook_notify_signal include/linux/tracehook.h:212 [inline]
    [<ffffffff812dedd1>] handle_signal_work kernel/entry/common.c:146 [inline]
    [<ffffffff812dedd1>] exit_to_user_mode_loop kernel/entry/common.c:172 [inline]
    [<ffffffff812dedd1>] exit_to_user_mode_prepare+0x151/0x180 kernel/entry/common.c:209
    [<ffffffff843ff87d>] __syscall_exit_to_user_mode_work kernel/entry/common.c:291 [inline]
    [<ffffffff843ff87d>] syscall_exit_to_user_mode+0x1d/0x40 kernel/entry/common.c:302
    [<ffffffff843faac2>] do_syscall_64+0x42/0xb0 arch/x86/entry/common.c:86
    [<ffffffff84600068>] entry_SYSCALL_64_after_hwframe+0x44/0xae

BUG: memory leak
unreferenced object 0xffff88811d1e7f00 (size 192):
  comm "syz-executor116", pid 9229, jiffies 4295052887 (age 34.730s)
  hex dump (first 32 bytes):
    01 00 00 00 08 00 00 00 00 00 00 00 00 00 00 00  ................
    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
  backtrace:
    [<ffffffff8162fac1>] kmalloc_node include/linux/slab.h:609 [inline]
    [<ffffffff8162fac1>] kzalloc_node include/linux/slab.h:732 [inline]
    [<ffffffff8162fac1>] create_io_worker+0x41/0x1f0 fs/io-wq.c:736
    [<ffffffff8162ff77>] io_wqe_create_worker fs/io-wq.c:264 [inline]
    [<ffffffff8162ff77>] io_wqe_enqueue+0x217/0x3a0 fs/io-wq.c:868
    [<ffffffff8161e3d4>] io_queue_async_work+0xc4/0x200 fs/io_uring.c:1471
    [<ffffffff8162931c>] __io_queue_sqe+0x34c/0x510 fs/io_uring.c:6985
    [<ffffffff8162952b>] io_req_task_submit+0x4b/0xa0 fs/io_uring.c:2236
    [<ffffffff81623543>] tctx_task_work+0x1b3/0x3a0 fs/io_uring.c:2161
    [<ffffffff8126bbb3>] task_work_run+0x73/0xb0 kernel/task_work.c:164
    [<ffffffff812dedd1>] tracehook_notify_signal include/linux/tracehook.h:212 [inline]
    [<ffffffff812dedd1>] handle_signal_work kernel/entry/common.c:146 [inline]
    [<ffffffff812dedd1>] exit_to_user_mode_loop kernel/entry/common.c:172 [inline]
    [<ffffffff812dedd1>] exit_to_user_mode_prepare+0x151/0x180 kernel/entry/common.c:209
    [<ffffffff843ff87d>] __syscall_exit_to_user_mode_work kernel/entry/common.c:291 [inline]
    [<ffffffff843ff87d>] syscall_exit_to_user_mode+0x1d/0x40 kernel/entry/common.c:302
    [<ffffffff843faac2>] do_syscall_64+0x42/0xb0 arch/x86/entry/common.c:86
    [<ffffffff84600068>] entry_SYSCALL_64_after_hwframe+0x44/0xae

BUG: memory leak
unreferenced object 0xffff88811d1e7f00 (size 192):
  comm "syz-executor116", pid 9229, jiffies 4295052887 (age 34.810s)
  hex dump (first 32 bytes):
    01 00 00 00 08 00 00 00 00 00 00 00 00 00 00 00  ................
    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
  backtrace:
    [<ffffffff8162fac1>] kmalloc_node include/linux/slab.h:609 [inline]
    [<ffffffff8162fac1>] kzalloc_node include/linux/slab.h:732 [inline]
    [<ffffffff8162fac1>] create_io_worker+0x41/0x1f0 fs/io-wq.c:736
    [<ffffffff8162ff77>] io_wqe_create_worker fs/io-wq.c:264 [inline]
    [<ffffffff8162ff77>] io_wqe_enqueue+0x217/0x3a0 fs/io-wq.c:868
    [<ffffffff8161e3d4>] io_queue_async_work+0xc4/0x200 fs/io_uring.c:1471
    [<ffffffff8162931c>] __io_queue_sqe+0x34c/0x510 fs/io_uring.c:6985
    [<ffffffff8162952b>] io_req_task_submit+0x4b/0xa0 fs/io_uring.c:2236
    [<ffffffff81623543>] tctx_task_work+0x1b3/0x3a0 fs/io_uring.c:2161
    [<ffffffff8126bbb3>] task_work_run+0x73/0xb0 kernel/task_work.c:164
    [<ffffffff812dedd1>] tracehook_notify_signal include/linux/tracehook.h:212 [inline]
    [<ffffffff812dedd1>] handle_signal_work kernel/entry/common.c:146 [inline]
    [<ffffffff812dedd1>] exit_to_user_mode_loop kernel/entry/common.c:172 [inline]
    [<ffffffff812dedd1>] exit_to_user_mode_prepare+0x151/0x180 kernel/entry/common.c:209
    [<ffffffff843ff87d>] __syscall_exit_to_user_mode_work kernel/entry/common.c:291 [inline]
    [<ffffffff843ff87d>] syscall_exit_to_user_mode+0x1d/0x40 kernel/entry/common.c:302
    [<ffffffff843faac2>] do_syscall_64+0x42/0xb0 arch/x86/entry/common.c:86
    [<ffffffff84600068>] entry_SYSCALL_64_after_hwframe+0x44/0xae

BUG: memory leak
unreferenced object 0xffff88811d1e7f00 (size 192):
  comm "syz-executor116", pid 9229, jiffies 4295052887 (age 34.880s)
  hex dump (first 32 bytes):
    01 00 00 00 08 00 00 00 00 00 00 00 00 00 00 00  ................
    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
  backtrace:
    [<ffffffff8162fac1>] kmalloc_node include/linux/slab.h:609 [inline]
    [<ffffffff8162fac1>] kzalloc_node include/linux/slab.h:732 [inline]
    [<ffffffff8162fac1>] create_io_worker+0x41/0x1f0 fs/io-wq.c:736
    [<ffffffff8162ff77>] io_wqe_create_worker fs/io-wq.c:264 [inline]
    [<ffffffff8162ff77>] io_wqe_enqueue+0x217/0x3a0 fs/io-wq.c:868
    [<ffffffff8161e3d4>] io_queue_async_work+0xc4/0x200 fs/io_uring.c:1471
    [<ffffffff8162931c>] __io_queue_sqe+0x34c/0x510 fs/io_uring.c:6985
    [<ffffffff8162952b>] io_req_task_submit+0x4b/0xa0 fs/io_uring.c:2236
    [<ffffffff81623543>] tctx_task_work+0x1b3/0x3a0 fs/io_uring.c:2161
    [<ffffffff8126bbb3>] task_work_run+0x73/0xb0 kernel/task_work.c:164
    [<ffffffff812dedd1>] tracehook_notify_signal include/linux/tracehook.h:212 [inline]
    [<ffffffff812dedd1>] handle_signal_work kernel/entry/common.c:146 [inline]
    [<ffffffff812dedd1>] exit_to_user_mode_loop kernel/entry/common.c:172 [inline]
    [<ffffffff812dedd1>] exit_to_user_mode_prepare+0x151/0x180 kernel/entry/common.c:209
    [<ffffffff843ff87d>] __syscall_exit_to_user_mode_work kernel/entry/common.c:291 [inline]
    [<ffffffff843ff87d>] syscall_exit_to_user_mode+0x1d/0x40 kernel/entry/common.c:302
    [<ffffffff843faac2>] do_syscall_64+0x42/0xb0 arch/x86/entry/common.c:86
    [<ffffffff84600068>] entry_SYSCALL_64_after_hwframe+0x44/0xae

BUG: memory leak
unreferenced object 0xffff88811d1e7f00 (size 192):
  comm "syz-executor116", pid 9229, jiffies 4295052887 (age 34.960s)
  hex dump (first 32 bytes):
    01 00 00 00 08 00 00 00 00 00 00 00 00 00 00 00  ................
    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
  backtrace:
    [<ffffffff8162fac1>] kmalloc_node include/linux/slab.h:609 [inline]
    [<ffffffff8162fac1>] kzalloc_node include/linux/slab.h:732 [inline]
    [<ffffffff8162fac1>] create_io_worker+0x41/0x1f0 fs/io-wq.c:736
    [<ffffffff8162ff77>] io_wqe_create_worker fs/io-wq.c:264 [inline]
    [<ffffffff8162ff77>] io_wqe_enqueue+0x217/0x3a0 fs/io-wq.c:868
    [<ffffffff8161e3d4>] io_queue_async_work+0xc4/0x200 fs/io_uring.c:1471
    [<ffffffff8162931c>] __io_queue_sqe+0x34c/0x510 fs/io_uring.c:6985
    [<ffffffff8162952b>] io_req_task_submit+0x4b/0xa0 fs/io_uring.c:2236
    [<ffffffff81623543>] tctx_task_work+0x1b3/0x3a0 fs/io_uring.c:2161
    [<ffffffff8126bbb3>] task_work_run+0x73/0xb0 kernel/task_work.c:164
    [<ffffffff812dedd1>] tracehook_notify_signal include/linux/tracehook.h:212 [inline]
    [<ffffffff812dedd1>] handle_signal_work kernel/entry/common.c:146 [inline]
    [<ffffffff812dedd1>] exit_to_user_mode_loop kernel/entry/common.c:172 [inline]
    [<ffffffff812dedd1>] exit_to_user_mode_prepare+0x151/0x180 kernel/entry/common.c:209
    [<ffffffff843ff87d>] __syscall_exit_to_user_mode_work kernel/entry/common.c:291 [inline]
    [<ffffffff843ff87d>] syscall_exit_to_user_mode+0x1d/0x40 kernel/entry/common.c:302
    [<ffffffff843faac2>] do_syscall_64+0x42/0xb0 arch/x86/entry/common.c:86
    [<ffffffff84600068>] entry_SYSCALL_64_after_hwframe+0x44/0xae

BUG: memory leak
unreferenced object 0xffff88811d1e7f00 (size 192):
  comm "syz-executor116", pid 9229, jiffies 4295052887 (age 35.040s)
  hex dump (first 32 bytes):
    01 00 00 00 08 00 00 00 00 00 00 00 00 00 00 00  ................
    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
  backtrace:
    [<ffffffff8162fac1>] kmalloc_node include/linux/slab.h:609 [inline]
    [<ffffffff8162fac1>] kzalloc_node include/linux/slab.h:732 [inline]
    [<ffffffff8162fac1>] create_io_worker+0x41/0x1f0 fs/io-wq.c:736
    [<ffffffff8162ff77>] io_wqe_create_worker fs/io-wq.c:264 [inline]
    [<ffffffff8162ff77>] io_wqe_enqueue+0x217/0x3a0 fs/io-wq.c:868
    [<ffffffff8161e3d4>] io_queue_async_work+0xc4/0x200 fs/io_uring.c:1471
    [<ffffffff8162931c>] __io_queue_sqe+0x34c/0x510 fs/io_uring.c:6985
    [<ffffffff8162952b>] io_req_task_submit+0x4b/0xa0 fs/io_uring.c:2236
    [<ffffffff81623543>] tctx_task_work+0x1b3/0x3a0 fs/io_uring.c:2161
    [<ffffffff8126bbb3>] task_work_run+0x73/0xb0 kernel/task_work.c:164
    [<ffffffff812dedd1>] tracehook_notify_signal include/linux/tracehook.h:212 [inline]
    [<ffffffff812dedd1>] handle_signal_work kernel/entry/common.c:146 [inline]
    [<ffffffff812dedd1>] exit_to_user_mode_loop kernel/entry/common.c:172 [inline]
    [<ffffffff812dedd1>] exit_to_user_mode_prepare+0x151/0x180 kernel/entry/common.c:209
    [<ffffffff843ff87d>] __syscall_exit_to_user_mode_work kernel/entry/common.c:291 [inline]
    [<ffffffff843ff87d>] syscall_exit_to_user_mode+0x1d/0x40 kernel/entry/common.c:302
    [<ffffffff843faac2>] do_syscall_64+0x42/0xb0 arch/x86/entry/common.c:86
    [<ffffffff84600068>] entry_SYSCALL_64_after_hwframe+0x44/0xae

write to /proc/sys/kernel/hung_task_check_interval_secs failed: No such file or directory
write to /proc/sys/kernel/softlockup_all_cpu_backtrace failed: No such file or directory
executing program
executing program
write to /proc/sys/kernel/hung_task_check_interval_secs failed: No such file or directory
write to /proc/sys/kernel/softlockup_all_cpu_backtrace failed: No such file or directory
write to /proc/sys/kernel/hung_task_check_interval_secs failed: No such file or directory
write to /proc/sys/kernel/softlockup_all_cpu_backtrace failed: No such file or directory
write to /proc/sys/kernel/hung_task_check_interval_secs failed: No such file or directory
write to /proc/sys/kernel/softlockup_all_cpu_backtrace failed: No such file or directory
write to /proc/sys/kernel/hung_task_check_interval_secs failed: No such file or directory
write to /proc/sys/kernel/softlockup_all_cpu_backtrace failed: No such file or directory
write to /proc/sys/kernel/hung_task_check_interval_secs failed: No such file or directory
write to /proc/sys/kernel/softlockup_all_cpu_backtrace failed: No such file or directory
write to /proc/sys/kernel/hung_task_check_interval_secs failed: No such file or directory
write to /proc/sys/kernel/softlockup_all_cpu_backtrace failed: No such file or directory
write to /proc/sys/kernel/hung_task_check_interval_secs failed: No such file or directory
write to /proc/sys/kernel/softlockup_all_cpu_backtrace failed: No such file or directory

Crashes (5):
Manager Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Title
ci-upstream-gce-leak 2021/09/18 19:54 upstream 4357f03d6611 70b76c1d .config log report syz C memory leak in create_io_worker
ci-upstream-gce-leak 2021/09/13 08:04 upstream f306b90c69ce 5ae8508a .config log report syz C memory leak in create_io_worker
ci-upstream-gce-leak 2021/10/17 22:38 upstream d999ade1cc86 0c5d9412 .config log report syz memory leak in create_io_worker
ci-upstream-gce-leak 2021/09/09 21:54 upstream a3fa7a101dcf e2776ee4 .config log report syz memory leak in create_io_worker
ci-upstream-gce-leak 2021/09/08 01:59 upstream 0bcfe68b8767 064c9eb7 .config log report syz memory leak in create_io_worker