syzbot


memory leak in io_submit_sqes (3)

Status: upstream: reported C repro on 2021/05/29 06:33
Reported-by: syzbot+189b24ff132397acb8fd@syzkaller.appspotmail.com
First crash: 496d, last: 496d
similar bugs (2):
Kernel Title Repro Cause bisect Fix bisect Count Last Reported Patched Status
upstream memory leak in io_submit_sqes C 2 767d 786d 17/24 fixed on 2020/09/16 22:51
upstream memory leak in io_submit_sqes (2) C 1 583d 582d 22/24 fixed on 2021/04/09 19:46
Patch testing requests:
Created Duration User Patch Repo Result
2021/06/20 07:05 8m ayush@disroot.org upstream report log
2021/06/19 12:18 16m ayush@disroot.org linux-next error

Sample crash report:
executing program
BUG: memory leak
unreferenced object 0xffff888117747500 (size 232):
  comm "syz-executor793", pid 8437, jiffies 4294941760 (age 14.380s)
  hex dump (first 32 bytes):
    00 a2 11 02 81 88 ff ff 18 4e 6f 16 81 88 ff ff  .........No.....
    38 20 00 40 00 00 00 00 00 00 00 00 00 00 00 00  8 .@............
  backtrace:
    [<ffffffff81613299>] io_alloc_req fs/io_uring.c:1707 [inline]
    [<ffffffff81613299>] io_submit_sqes+0x6c9/0x23b0 fs/io_uring.c:6721
    [<ffffffff81615798>] __do_sys_io_uring_enter+0x818/0xf50 fs/io_uring.c:9319
    [<ffffffff8435309a>] do_syscall_64+0x3a/0xb0 arch/x86/entry/common.c:47
    [<ffffffff84400068>] entry_SYSCALL_64_after_hwframe+0x44/0xae

BUG: memory leak
unreferenced object 0xffff888117747400 (size 232):
  comm "syz-executor793", pid 8437, jiffies 4294941760 (age 14.380s)
  hex dump (first 32 bytes):
    00 a2 11 02 81 88 ff ff 18 4e 6f 16 81 88 ff ff  .........No.....
    38 20 00 40 00 00 00 00 00 00 00 00 00 00 00 00  8 .@............
  backtrace:
    [<ffffffff81613299>] io_alloc_req fs/io_uring.c:1707 [inline]
    [<ffffffff81613299>] io_submit_sqes+0x6c9/0x23b0 fs/io_uring.c:6721
    [<ffffffff81615798>] __do_sys_io_uring_enter+0x818/0xf50 fs/io_uring.c:9319
    [<ffffffff8435309a>] do_syscall_64+0x3a/0xb0 arch/x86/entry/common.c:47
    [<ffffffff84400068>] entry_SYSCALL_64_after_hwframe+0x44/0xae

BUG: memory leak
unreferenced object 0xffff888117747300 (size 232):
  comm "syz-executor793", pid 8437, jiffies 4294941760 (age 14.380s)
  hex dump (first 32 bytes):
    00 a2 11 02 81 88 ff ff 18 4e 6f 16 81 88 ff ff  .........No.....
    38 20 00 40 00 00 00 00 00 00 00 00 00 00 00 00  8 .@............
  backtrace:
    [<ffffffff81613299>] io_alloc_req fs/io_uring.c:1707 [inline]
    [<ffffffff81613299>] io_submit_sqes+0x6c9/0x23b0 fs/io_uring.c:6721
    [<ffffffff81615798>] __do_sys_io_uring_enter+0x818/0xf50 fs/io_uring.c:9319
    [<ffffffff8435309a>] do_syscall_64+0x3a/0xb0 arch/x86/entry/common.c:47
    [<ffffffff84400068>] entry_SYSCALL_64_after_hwframe+0x44/0xae

BUG: memory leak
unreferenced object 0xffff888117747200 (size 232):
  comm "syz-executor793", pid 8437, jiffies 4294941760 (age 14.380s)
  hex dump (first 32 bytes):
    00 a2 11 02 81 88 ff ff 18 4e 6f 16 81 88 ff ff  .........No.....
    38 20 00 40 00 00 00 00 00 00 00 00 00 00 00 00  8 .@............
  backtrace:
    [<ffffffff81613299>] io_alloc_req fs/io_uring.c:1707 [inline]
    [<ffffffff81613299>] io_submit_sqes+0x6c9/0x23b0 fs/io_uring.c:6721
    [<ffffffff81615798>] __do_sys_io_uring_enter+0x818/0xf50 fs/io_uring.c:9319
    [<ffffffff8435309a>] do_syscall_64+0x3a/0xb0 arch/x86/entry/common.c:47
    [<ffffffff84400068>] entry_SYSCALL_64_after_hwframe+0x44/0xae

BUG: memory leak
unreferenced object 0xffff888117747100 (size 232):
  comm "syz-executor793", pid 8437, jiffies 4294941760 (age 14.380s)
  hex dump (first 32 bytes):
    00 a2 11 02 81 88 ff ff 18 4e 6f 16 81 88 ff ff  .........No.....
    38 20 00 40 00 00 00 00 00 00 00 00 00 00 00 00  8 .@............
  backtrace:
    [<ffffffff81613299>] io_alloc_req fs/io_uring.c:1707 [inline]
    [<ffffffff81613299>] io_submit_sqes+0x6c9/0x23b0 fs/io_uring.c:6721
    [<ffffffff81615798>] __do_sys_io_uring_enter+0x818/0xf50 fs/io_uring.c:9319
    [<ffffffff8435309a>] do_syscall_64+0x3a/0xb0 arch/x86/entry/common.c:47
    [<ffffffff84400068>] entry_SYSCALL_64_after_hwframe+0x44/0xae

BUG: memory leak
unreferenced object 0xffff88811774acc0 (size 64):
  comm "syz-executor793", pid 8437, jiffies 4294941760 (age 14.380s)
  hex dump (first 32 bytes):
    00 00 00 00 00 00 00 00 00 4e 6f 16 81 88 ff ff  .........No.....
    38 20 00 40 00 00 00 00 00 00 00 00 00 00 00 00  8 .@............
  backtrace:
    [<ffffffff81607a9a>] kmalloc include/linux/slab.h:556 [inline]
    [<ffffffff81607a9a>] __io_queue_proc+0x10a/0x1b0 fs/io_uring.c:5027
    [<ffffffff824b8aa6>] poll_wait include/linux/poll.h:51 [inline]
    [<ffffffff824b8aa6>] n_tty_poll+0x76/0x3a0 drivers/tty/n_tty.c:2429
    [<ffffffff824b3319>] tty_poll+0x89/0xc0 drivers/tty/tty_io.c:2231
    [<ffffffff81600e79>] vfs_poll include/linux/poll.h:90 [inline]
    [<ffffffff81600e79>] __io_arm_poll_handler+0xb9/0x2b0 fs/io_uring.c:5118
    [<ffffffff81607137>] io_poll_add.constprop.0+0x47/0x180 fs/io_uring.c:5402
    [<ffffffff8160f6cf>] io_issue_sqe+0x19f/0x2880 fs/io_uring.c:6126
    [<ffffffff81611e4a>] __io_queue_sqe+0x9a/0x620 fs/io_uring.c:6414
    [<ffffffff81612a65>] io_queue_sqe+0x275/0x3e0 fs/io_uring.c:6463
    [<ffffffff81614bf8>] io_submit_sqe fs/io_uring.c:6626 [inline]
    [<ffffffff81614bf8>] io_submit_sqes+0x2028/0x23b0 fs/io_uring.c:6734
    [<ffffffff81615798>] __do_sys_io_uring_enter+0x818/0xf50 fs/io_uring.c:9319
    [<ffffffff8435309a>] do_syscall_64+0x3a/0xb0 arch/x86/entry/common.c:47
    [<ffffffff84400068>] entry_SYSCALL_64_after_hwframe+0x44/0xae


Crashes (1):
Manager Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Title
ci-upstream-gce-leak 2021/05/28 12:10 upstream 97e5bf604b7a 858ea628 .config log report syz C memory leak in io_submit_sqes
* Struck through repros no longer work on HEAD.