syzbot


memory leak in io_submit_sqes

Status: fixed on 2020/09/16 22:51
Subsystems: fs io-uring
[Documentation on labels]
Reported-by: syzbot+a730016dc0bdce4f6ff5@syzkaller.appspotmail.com
Fix commit: a36da65c4656 io_uring: fail poll arm on queue proc failure
First crash: 1408d, last: 1385d
Discussions (4)
Title Replies (including bot) Last reply
[PATCH 5.8 000/464] 5.8.2-rc1 review 475 (475) 2020/08/19 06:11
[PATCH 5.7 000/393] 5.7.16-rc1 review 398 (398) 2020/08/18 22:36
[PATCH] io_uring: fail poll arm on queue proc failure 3 (3) 2020/08/12 14:30
memory leak in io_submit_sqes 3 (4) 2020/08/11 15:49
Similar bugs (3)
Kernel Title Repro Cause bisect Fix bisect Count Last Reported Patched Status
upstream memory leak in io_submit_sqes (2) fs io-uring C 1 1201d 1200d 20/27 fixed on 2021/04/09 19:46
upstream memory leak in io_submit_sqes (4) io-uring C 1 525d 524d 22/27 fixed on 2023/06/08 14:41
upstream memory leak in io_submit_sqes (3) fs io-uring C 1 1115d 1114d 0/27 auto-obsoleted due to no activity on 2022/10/10 15:32

Sample crash report:
executing program
executing program
executing program
executing program
executing program
BUG: memory leak
unreferenced object 0xffff888124949100 (size 256):
  comm "syz-executor808", pid 6480, jiffies 4294949911 (age 33.960s)
  hex dump (first 32 bytes):
    00 78 74 2a 81 88 ff ff 00 00 00 00 00 00 00 00  .xt*............
    90 b0 51 81 ff ff ff ff 00 00 00 00 00 00 00 00  ..Q.............
  backtrace:
    [<0000000084e46f34>] io_alloc_req fs/io_uring.c:1503 [inline]
    [<0000000084e46f34>] io_submit_sqes+0x5dc/0xc00 fs/io_uring.c:6306
    [<000000006d4e19eb>] __do_sys_io_uring_enter+0x582/0x830 fs/io_uring.c:8036
    [<00000000a4116b07>] do_syscall_64+0x2d/0x70 arch/x86/entry/common.c:46
    [<0000000067b2aefc>] entry_SYSCALL_64_after_hwframe+0x44/0xa9

BUG: memory leak
unreferenced object 0xffff88811751d200 (size 96):
  comm "syz-executor808", pid 6480, jiffies 4294949911 (age 33.960s)
  hex dump (first 32 bytes):
    00 78 74 2a 81 88 ff ff 00 00 00 00 00 00 00 00  .xt*............
    0e 01 00 00 00 00 75 22 00 00 00 00 00 0f 1f 04  ......u"........
  backtrace:
    [<00000000073ea2ba>] kmalloc include/linux/slab.h:555 [inline]
    [<00000000073ea2ba>] io_arm_poll_handler fs/io_uring.c:4773 [inline]
    [<00000000073ea2ba>] __io_queue_sqe+0x445/0x6b0 fs/io_uring.c:5988
    [<000000001551bde0>] io_queue_sqe+0x309/0x550 fs/io_uring.c:6060
    [<000000002dfb908f>] io_submit_sqe fs/io_uring.c:6130 [inline]
    [<000000002dfb908f>] io_submit_sqes+0x8b8/0xc00 fs/io_uring.c:6327
    [<000000006d4e19eb>] __do_sys_io_uring_enter+0x582/0x830 fs/io_uring.c:8036
    [<00000000a4116b07>] do_syscall_64+0x2d/0x70 arch/x86/entry/common.c:46
    [<0000000067b2aefc>] entry_SYSCALL_64_after_hwframe+0x44/0xa9


Crashes (2):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2020/08/07 13:49 upstream d6efb3ac3e6c cb436c69 .config console log report syz C ci-upstream-gce-leak
2020/08/30 14:43 upstream 1127b219ce94 d5a3ae1f .config console log report syz ci-upstream-gce-leak
* Struck through repros no longer work on HEAD.